Address some issues with PR 492

Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit for the changes in 7c7fcecbe6a and 6d327f879c Add Policy::check_peer_key_acceptable which lets the app set an arbitrary callback for examining keys - both the end entity signature keys from certificates and the peer PFS public keys. Default impl checks that the algorithm size matches the min keylength. This centralizes this logic and lets the application do interesting things. Adds a policy for ECDSA group size checks. Increases default policy minimums to 2048 RSA and 256 ECC. (Maybe I'm an optimist after all.)
author: Jack Lloyd <[email protected]> 2016-08-13 11:13:49 -0400
committer: Jack Lloyd <[email protected]> 2016-08-13 11:13:49 -0400
commit: e29024608fca1b811aa72a7aafd930a42740b968 (patch)
tree: 729cadf57f8418af74c4abf9ec653f05c27d0774 /src/lib/tls/tls_policy.cpp
parent: 7dd73a96bbea879a6d7107bf4b23a44ba527a134 (diff)
1 files changed, 60 insertions, 9 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index fdc6ba862..592d4f572 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -1,6 +1,7 @@
 /*
 * Policies for TLS
 * (C) 2004-2010,2012,2015,2016 Jack Lloyd
+*     2016 Christian Mainka
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */
@@ -119,23 +120,73 @@ std::string Policy::choose_curve(const std::vector<std::string>& curve_names) co
 
 std::string Policy::dh_group() const
    {
+   // We offer 2048 bit DH because we can
    return "modp/ietf/2048";
    }
 
 size_t Policy::minimum_dh_group_size() const
    {
+   // Many servers still send 1024 bit
    return 1024;
    }
 
-size_t Policy::minimum_ecdh_group_size() const
+size_t Policy::minimum_ecdsa_group_size() const
    {
-   return 159;
+   // Here we are at the mercy of whatever the CA signed, but most certs should be 256 bit by now
+   return 256;
    }
 
+size_t Policy::minimum_ecdh_group_size() const
+   {
+   // P-256 is smallest curve currently supplrted for TLS key exchange (after 1.11.29)
+   return 256;
+   }
 
 size_t Policy::minimum_rsa_bits() const
    {
-   return 1000; // Not 1024, since some certificates use, e.g., only 1023 bits
+   /* Default assumption is all end-entity certificates should
+      be at least 2048 bits these days.
+
+      If you are connecting to arbitrary servers on the Internet
+      (ie as a web browser or SMTP client) you'll probably have to reduce this
+      to 1024 bits, or perhaps even lower.
+   */
+   return 2048;
+   }
+
+void Policy::check_peer_key_acceptable(const Public_Key& public_key) const
+   {
+   const std::string algo_name = public_key.algo_name();
+
+   // FIXME this is not really the right way to do this 
+   size_t keylength = public_key.max_input_bits();
+   size_t expected_keylength = 0;
+
+   if(algo_name == "RSA")
+      {
+      expected_keylength = minimum_rsa_bits();
+      keylength += 1; // fixup for use of max_input_bits above
+      }
+   else if(algo_name == "DH")
+      {
+      expected_keylength = minimum_dh_group_size();
+      }
+   else if(algo_name == "ECDH")
+      {
+      expected_keylength = minimum_ecdh_group_size();
+      }
+   else if(algo_name == "ECDSA")
+      {
+      expected_keylength = minimum_ecdsa_group_size();
+      }
+   // else some other algo, so leave expected_keylength as zero and the check is a no-op
+
+   if(keylength < expected_keylength)
+      throw TLS_Exception(Alert::INSUFFICIENT_SECURITY,
+                          "Peer sent " + 
+                           std::to_string(keylength) + " bit " + algo_name + " key"
+                           ", policy requires at least " +
+                           std::to_string(expected_keylength));
    }
 
 /*
@@ -158,13 +209,13 @@ bool Policy::send_fallback_scsv(Protocol_Version version) const
 
 bool Policy::acceptable_protocol_version(Protocol_Version version) const
    {
-        // Uses boolean optimization:
-        // First check the current version (left part), then if it is allowed 
-        // (right part)
-        // checks are ordered according to their probability
-        return (
-           ( ( version == Protocol_Version::TLS_V10)  && allow_tls10()  ) ||
+   // Uses boolean optimization:
+   // First check the current version (left part), then if it is allowed 
+   // (right part)
+   // checks are ordered according to their probability
+   return (
            ( ( version == Protocol_Version::TLS_V12)  && allow_tls12()  ) ||
+           ( ( version == Protocol_Version::TLS_V10)  && allow_tls10()  ) ||
            ( ( version == Protocol_Version::TLS_V11)  && allow_tls11()  ) ||
            ( ( version == Protocol_Version::DTLS_V12) && allow_dtls12() ) ||
            ( ( version == Protocol_Version::DTLS_V10) && allow_dtls10() )
author	Jack Lloyd <[email protected]>	2016-08-13 11:13:49 -0400
committer	Jack Lloyd <[email protected]>	2016-08-13 11:13:49 -0400
commit	e29024608fca1b811aa72a7aafd930a42740b968 (patch)
tree	729cadf57f8418af74c4abf9ec653f05c27d0774 /src/lib/tls/tls_policy.cpp
parent	7dd73a96bbea879a6d7107bf4b23a44ba527a134 (diff)