From 122754bf3dd27ffb81262affc16c78b5a513ed9e Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Fri, 30 Dec 2016 21:46:04 -0500
Subject: Increase default TLS DH min to 2048 bits, and add BSI policy class.

Moves BSI policy file to test data dir where it can be compared with
what the hardcoded class outputs.
---
 src/lib/tls/tls_policy.cpp             |  3 +-
 src/lib/tls/tls_policy.h               | 55 ++++++++++++++++++++++++++++++++++
 src/tests/data/tls-policy/bsi.txt      | 22 ++++++++++++++
 src/tests/data/tls-policy/datagram.txt |  2 +-
 src/tests/data/tls-policy/default.txt  |  2 +-
 src/tests/data/tls-policy/strict.txt   |  2 +-
 src/tests/data/tls-policy/suiteb.txt   |  2 +-
 src/tests/unit_tls.cpp                 |  4 ++-
 8 files changed, 85 insertions(+), 7 deletions(-)
 create mode 100644 src/tests/data/tls-policy/bsi.txt

(limited to 'src')

diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index ae200ff47..1fff936fa 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -140,8 +140,7 @@ std::string Policy::dh_group() const
 
 size_t Policy::minimum_dh_group_size() const
    {
-   // Many servers still send 1024 bit
-   return 1024;
+   return 2048;
    }
 
 size_t Policy::minimum_ecdsa_group_size() const
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index 9fd3561a3..6f617c673 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -333,6 +333,61 @@ class BOTAN_DLL NSA_Suite_B_128 : public Policy
       bool allow_dtls12() const override { return false; }
    };
 
+/**
+* BSI TR-02102-2 Policy
+*/
+class BOTAN_DLL BSI_TR_02102_2 : public Policy
+   {
+   public:
+      std::vector<std::string> allowed_ciphers() const override
+         {
+         return std::vector<std::string>({"AES-256/GCM", "AES-128/GCM", "AES-256", "AES-128" });
+         }
+
+      std::vector<std::string> allowed_signature_hashes() const override
+         {
+         return std::vector<std::string>({"SHA-384", "SHA-256"});
+         }
+
+      std::vector<std::string> allowed_macs() const override
+         {
+         return std::vector<std::string>({"AEAD", "SHA-384", "SHA-256"});
+         }
+
+      std::vector<std::string> allowed_key_exchange_methods() const override
+         {
+         return std::vector<std::string>({"ECDH", "DH", "PSK", "ECDHE_PSK", "DHE_PSK"});
+         }
+
+      std::vector<std::string> allowed_signature_methods() const override
+         {
+         return std::vector<std::string>({"ECDSA", "RSA", "DSA"});
+         }
+
+      std::vector<std::string> allowed_ecc_curves() const override
+         {
+         return std::vector<std::string>({"brainpool512r1", "brainpool384r1", "brainpool256r1", "secp384r1", "secp256r1"});
+         }
+
+      bool allow_insecure_renegotiation() const override { return false; }
+      bool allow_server_initiated_renegotiation() const override { return true; }
+      bool server_uses_own_ciphersuite_preferences() const override { return true; }
+      bool negotiate_encrypt_then_mac() const override { return true; }
+
+      size_t minimum_rsa_bits() const override { return 2000; }
+      size_t minimum_dh_group_size() const override { return 2000; }
+      size_t minimum_dsa_group_size() const override { return 2000; }
+
+      size_t minimum_ecdh_group_size() const override { return 250; }
+      size_t minimum_ecdsa_group_size() const override { return 250; }
+
+      bool allow_tls10()  const override { return false; }
+      bool allow_tls11()  const override { return false; }
+      bool allow_tls12()  const override { return true;  }
+      bool allow_dtls10() const override { return false; }
+      bool allow_dtls12() const override { return false; }
+   };
+
 /**
 * Policy for DTLS. We require DTLS v1.2 and an AEAD mode.
 */
diff --git a/src/tests/data/tls-policy/bsi.txt b/src/tests/data/tls-policy/bsi.txt
new file mode 100644
index 000000000..763c05219
--- /dev/null
+++ b/src/tests/data/tls-policy/bsi.txt
@@ -0,0 +1,22 @@
+allow_tls10=false
+allow_tls11=false
+allow_tls12=true
+allow_dtls10=false
+allow_dtls12=false
+
+ciphers=AES-256/GCM AES-128/GCM AES-256 AES-128
+signature_hashes=SHA-384 SHA-256
+macs=AEAD SHA-384 SHA-256
+key_exchange_methods=ECDH DH PSK ECDHE_PSK DHE_PSK 
+signature_methods=ECDSA RSA DSA
+ecc_curves=brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1
+minimum_dh_group_size=2000
+minimum_dsa_group_size=2000
+minimum_ecdh_group_size=250
+minimum_ecdsa_group_size=250
+minimum_rsa_bits=2000
+
+allow_insecure_renegotiation=false
+allow_server_initiated_renegotiation=true
+server_uses_own_ciphersuite_preferences=true
+negotiate_encrypt_then_mac=true
diff --git a/src/tests/data/tls-policy/datagram.txt b/src/tests/data/tls-policy/datagram.txt
index e78429238..6a9819aff 100644
--- a/src/tests/data/tls-policy/datagram.txt
+++ b/src/tests/data/tls-policy/datagram.txt
@@ -17,7 +17,7 @@ server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 86400
 dh_group = modp/ietf/2048
-minimum_dh_group_size = 1024
+minimum_dh_group_size = 2048
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 2048
 minimum_signature_strength = 110
diff --git a/src/tests/data/tls-policy/default.txt b/src/tests/data/tls-policy/default.txt
index eb4ee245c..c96f91d96 100644
--- a/src/tests/data/tls-policy/default.txt
+++ b/src/tests/data/tls-policy/default.txt
@@ -17,7 +17,7 @@ server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 86400
 dh_group = modp/ietf/2048
-minimum_dh_group_size = 1024
+minimum_dh_group_size = 2048
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 2048
 minimum_signature_strength = 110
diff --git a/src/tests/data/tls-policy/strict.txt b/src/tests/data/tls-policy/strict.txt
index 2f8dfbb3d..f59aaf271 100644
--- a/src/tests/data/tls-policy/strict.txt
+++ b/src/tests/data/tls-policy/strict.txt
@@ -17,7 +17,7 @@ server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 86400
 dh_group = modp/ietf/2048
-minimum_dh_group_size = 1024
+minimum_dh_group_size = 2048
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 2048
 minimum_signature_strength = 110
diff --git a/src/tests/data/tls-policy/suiteb.txt b/src/tests/data/tls-policy/suiteb.txt
index 77e7ce5a0..51d8fec12 100644
--- a/src/tests/data/tls-policy/suiteb.txt
+++ b/src/tests/data/tls-policy/suiteb.txt
@@ -17,7 +17,7 @@ server_uses_own_ciphersuite_preferences = true
 negotiate_encrypt_then_mac = true
 session_ticket_lifetime = 86400
 dh_group = modp/ietf/2048
-minimum_dh_group_size = 1024
+minimum_dh_group_size = 2048
 minimum_ecdh_group_size = 255
 minimum_rsa_bits = 2048
 minimum_signature_strength = 128
diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp
index cb52b349b..6922dd2a8 100644
--- a/src/tests/unit_tls.cpp
+++ b/src/tests/unit_tls.cpp
@@ -918,6 +918,8 @@ std::string tls_policy_string(const std::string& policy_str)
       policy.reset(new Botan::TLS::Policy);
    else if(policy_str == "suiteb")
       policy.reset(new Botan::TLS::NSA_Suite_B_128);
+   else if(policy_str == "bsi")
+      policy.reset(new Botan::TLS::BSI_TR_02102_2);
    else if(policy_str == "strict")
       policy.reset(new Botan::TLS::Strict_Policy);
    else if(policy_str == "datagram")
@@ -932,7 +934,7 @@ Test::Result test_tls_policy()
    {
    Test::Result result("TLS Policy");
 
-   const std::vector<std::string> policies = { "default", "suiteb", "strict", "datagram" };
+   const std::vector<std::string> policies = { "default", "suiteb", "strict", "datagram", "bsi" };
 
    for(std::string policy : policies)
       {
-- 
cgit v1.2.3