Address some issues with PR 492

Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit for the changes in 7c7fcecbe6a and 6d327f879c Add Policy::check_peer_key_acceptable which lets the app set an arbitrary callback for examining keys - both the end entity signature keys from certificates and the peer PFS public keys. Default impl checks that the algorithm size matches the min keylength. This centralizes this logic and lets the application do interesting things. Adds a policy for ECDSA group size checks. Increases default policy minimums to 2048 RSA and 256 ECC. (Maybe I'm an optimist after all.)
author: Jack Lloyd <[email protected]> 2016-08-13 11:13:49 -0400
committer: Jack Lloyd <[email protected]> 2016-08-13 11:13:49 -0400
commit: e29024608fca1b811aa72a7aafd930a42740b968 (patch)
tree: 729cadf57f8418af74c4abf9ec653f05c27d0774 /src/lib/tls/msg_server_kex.cpp
parent: 7dd73a96bbea879a6d7107bf4b23a44ba527a134 (diff)
1 files changed, 7 insertions, 13 deletions
diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp
index 99f0d0f09..10581fe45 100644
--- a/src/lib/tls/msg_server_kex.cpp
+++ b/src/lib/tls/msg_server_kex.cpp
@@ -147,7 +147,6 @@ Server_Key_Exchange::Server_Key_Exchange(Handshake_IO& io,
 Server_Key_Exchange::Server_Key_Exchange(const std::vector<byte>& buf,
                                          const std::string& kex_algo,
                                          const std::string& sig_algo,
-                                         const Policy& policy,
                                          Protocol_Version version)
    {
    TLS_Data_Reader reader("ServerKeyExchange", buf);
@@ -166,18 +165,11 @@ Server_Key_Exchange::Server_Key_Exchange(const std::vector<byte>& buf,
    if(kex_algo == "DH" || kex_algo == "DHE_PSK")
       {
       // 3 bigints, DH p, g, Y
-      std::vector<byte> p = reader.get_range<byte>(2, 1, 65535);
-      reader.get_range<byte>(2, 1, 65535);
-      reader.get_range<byte>(2, 1, 65535);
-      
-      // protection against the LOGJAM attack
-      int key_size = p.size() * 8;
-      if(key_size < policy.minimum_dh_group_size())
-         throw TLS_Exception(Alert::INSUFFICIENT_SECURITY,
-                                "Server sent DH group of " +
-                                std::to_string(key_size) +
-                                " bits, policy requires at least " +
-                                std::to_string(policy.minimum_dh_group_size()));
+
+      for(size_t i = 0; i != 3; ++i)
+         {
+         reader.get_range<byte>(2, 1, 65535);
+         }
       }
    else if(kex_algo == "ECDH" || kex_algo == "ECDHE_PSK")
       {
@@ -244,6 +236,8 @@ bool Server_Key_Exchange::verify(const Public_Key& server_key,
                                  const Handshake_State& state,
                                  const Policy& policy) const
    {
+   policy.check_peer_key_acceptable(server_key);
+
    std::pair<std::string, Signature_Format> format =
       state.parse_sig_format(server_key, m_hash_algo, m_sig_algo,
                              false, policy);
author	Jack Lloyd <[email protected]>	2016-08-13 11:13:49 -0400
committer	Jack Lloyd <[email protected]>	2016-08-13 11:13:49 -0400
commit	e29024608fca1b811aa72a7aafd930a42740b968 (patch)
tree	729cadf57f8418af74c4abf9ec653f05c27d0774 /src/lib/tls/msg_server_kex.cpp
parent	7dd73a96bbea879a6d7107bf4b23a44ba527a134 (diff)