264 lines
8.1 KiB
C
264 lines
8.1 KiB
C
/**
|
|
* @file matrixsslSecConfig.c
|
|
* @version $Format:%h%d$
|
|
*
|
|
* Functions for changing MatrixSSL's security configuration.
|
|
*/
|
|
/*
|
|
* Copyright (c) 2013-2018 Rambus Inc.
|
|
* Copyright (c) PeerSec Networks, 2002-2011
|
|
* All Rights Reserved
|
|
*
|
|
* The latest version of this code is available at http://www.matrixssl.org
|
|
*
|
|
* This software is open source; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This General Public License does NOT permit incorporating this software
|
|
* into proprietary programs. If you are unable to comply with the GPL, a
|
|
* commercial license for this software may be purchased from Rambus at
|
|
* http://www.rambus.com/
|
|
*
|
|
* This program is distributed in WITHOUT ANY WARRANTY; without even the
|
|
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
* See the GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
*/
|
|
/******************************************************************************/
|
|
|
|
#include "matrixsslImpl.h"
|
|
|
|
# ifdef USE_SEC_CONFIG
|
|
|
|
# ifdef USE_SEC_CONFIG_WPA3_1_0
|
|
|
|
/* WPA3 1.0 only allows these three ciphersuites. */
|
|
static
|
|
psCipher16_t cipherlist_wpa3_1_0_enterprise_192[] =
|
|
{
|
|
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
|
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
|
};
|
|
static psSize_t cipherlist_wpa3_1_0_enterprise_192_len = 3;
|
|
static uint32_t ec_flags_wpa3_1_0_enterprise_192 = SSL_OPT_SECP384R1;
|
|
|
|
/* We use the psSecConfig_t to restrict the RSA/ECDSA/DH sizes.
|
|
WPA3 1.0 Enterprise claims to require "192 bits" of security.
|
|
In reality, this is not quite true; it would need a much
|
|
larger RSA key in that case.
|
|
|
|
Note that we shall use this only in the TLS layer. So setting
|
|
min_rsa_bits to 3072 does not restrict the use of RSA sigs
|
|
in certificates as the X.509 lib is separate. */
|
|
static
|
|
psSecConfig_t secconfig_wpa3_1_0_enterprise_192 =
|
|
{
|
|
.min_symmetric_key_bits = 192,
|
|
.min_rsa_bits = 3072,
|
|
.min_rsa_verify_bits = 3072,
|
|
.min_dh_key_bits = 3072,
|
|
.min_dh_group_bits = 3072,
|
|
.min_ec_curve_bits = 384,
|
|
.min_ec_verify_curve_bits = 384,
|
|
.min_hmac_bits = 384,
|
|
.min_signature_hash_bits = 0,
|
|
.min_signature_verify_hash_bits = 0,
|
|
.allow_pkcs1_sigs_in_handshake = PS_TRUE,
|
|
.allow_pkcs1_sigs_in_certs = PS_TRUE,
|
|
.allow_rsa_key_transport = PS_FALSE, /* Only (EC)DHE-RSA allowed. */
|
|
.require_sig_hash_group_match = PS_FALSE,
|
|
.min_tls_version = v_tls_1_0
|
|
};
|
|
# endif /* USE_SEC_CONFIG_WPA3_1_0 */
|
|
|
|
psRes_t matrixSslSetSecurityProfile(ssl_t *ssl,
|
|
psPreDefinedSecProfile_t profile)
|
|
{
|
|
psCipher16_t *cipherList = NULL;
|
|
psSize_t cipherListLen = 0;
|
|
uint32_t ecFlags = 0;
|
|
|
|
# ifndef USE_SEC_CONFIG
|
|
psTraceErrr("Need USE_SEC_CONFIG for matrixSslSetSecurityProfile\n");
|
|
return PS_UNSUPPORTED_FAIL;
|
|
# else
|
|
if (ssl == NULL)
|
|
{
|
|
return PS_ARG_FAIL;
|
|
}
|
|
|
|
switch (profile)
|
|
{
|
|
case secprofile_default:
|
|
break;
|
|
# ifdef USE_SEC_CONFIG_WPA3_1_0
|
|
case secprofile_wpa3_1_0_enterprise_192:
|
|
cipherList = cipherlist_wpa3_1_0_enterprise_192;
|
|
cipherListLen = cipherlist_wpa3_1_0_enterprise_192_len;
|
|
ecFlags = ec_flags_wpa3_1_0_enterprise_192;
|
|
ssl->secConfig = secconfig_wpa3_1_0_enterprise_192;
|
|
break;
|
|
# endif /* USE_SEC_CONFIG_WPA3_1_0 */
|
|
default:
|
|
psTraceErrr("Invalid profile in matrixSslSetSecurityProfile\n");
|
|
return PS_FAILURE;
|
|
}
|
|
|
|
if (cipherList != NULL)
|
|
{
|
|
ssl->supportedCiphers = cipherList;
|
|
ssl->supportedCiphersLen = cipherListLen;
|
|
}
|
|
|
|
ssl->ecFlagsOverride = ecFlags;
|
|
ssl->secProfile = profile;
|
|
psTraceStrInfo("Using security profile: %s\n",
|
|
SECPROFILE_TO_STR(profile));
|
|
|
|
return PS_SUCCESS;
|
|
# endif /* USE_SEC_CONFIG */
|
|
}
|
|
|
|
void matrixSslRegisterSecurityCallback(
|
|
ssl_t *ssl,
|
|
securityCb_t cb)
|
|
{
|
|
if (ssl == NULL)
|
|
{
|
|
return;
|
|
}
|
|
ssl->secCb = cb;
|
|
}
|
|
|
|
/** MatrixSSL's default TLS security callback.
|
|
|
|
This callback uses information in the ssl->secConfig (a struct of
|
|
type psSecConfig_t) to check whether an operation is allowed
|
|
or not. */
|
|
static
|
|
psRes_t defaultTlsSecCb(void *ctx,
|
|
psSecOperation_t op,
|
|
psSizeL_t nbits,
|
|
void *extraData)
|
|
{
|
|
ssl_t *ssl = (ssl_t*)ctx;
|
|
|
|
psTraceStrInfo("Checking %s", SECOP_TO_STR(op));
|
|
psTraceIntInfo(" (%zu bits)", nbits);
|
|
psTraceInfo("...\n");
|
|
|
|
/* Check whether operation allowed or not. Key size will be
|
|
checked later. */
|
|
switch (op)
|
|
{
|
|
case secop_rsa_encrypt:
|
|
case secop_rsa_decrypt:
|
|
if (!ssl->secConfig.allow_rsa_key_transport)
|
|
{
|
|
psTraceErrr("RSA key transport not allowed by sec config\n");
|
|
return MATRIXSSL_ERROR;
|
|
}
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
|
|
/* Check that key size is over the minimum required. */
|
|
switch (op)
|
|
{
|
|
case secop_rsa_encrypt:
|
|
case secop_rsa_decrypt:
|
|
case secop_rsa_sign:
|
|
case secop_rsa_verify:
|
|
if (ssl->secConfig.min_rsa_bits > nbits)
|
|
{
|
|
psTraceErrr("RSA key size too low for security config\n");
|
|
psTraceIntInfo("Got: %zu, ", nbits);
|
|
psTraceIntInfo("want: >= %hu\n", ssl->secConfig.min_rsa_bits);
|
|
return MATRIXSSL_ERROR;
|
|
}
|
|
break;
|
|
case secop_ecdsa_sign:
|
|
case secop_ecdsa_verify:
|
|
if (ssl->secConfig.min_ec_curve_bits > nbits)
|
|
{
|
|
psTraceErrr("ECDSA curve size too low for security config\n");
|
|
psTraceInt("Got: %zu, ", nbits);
|
|
psTraceInt("want: >= %hu\n", ssl->secConfig.min_ec_curve_bits);
|
|
return MATRIXSSL_ERROR;
|
|
}
|
|
break;
|
|
case secop_dh_import_pub:
|
|
if (ssl->secConfig.min_dh_group_bits > nbits)
|
|
{
|
|
psTraceErrr("Peer DH group size too low for security config\n");
|
|
psTraceInt("Got: %zu, ", nbits);
|
|
psTraceInt("want: >= %hu\n", ssl->secConfig.min_dh_group_bits);
|
|
return MATRIXSSL_ERROR;
|
|
}
|
|
break;
|
|
case secop_ecdh_import_pub:
|
|
if (ssl->secConfig.min_ec_curve_bits > nbits)
|
|
{
|
|
psTraceErrr("Peer ECDH curve size too low for security config\n");
|
|
psTraceInt("Got: %zu, ", nbits);
|
|
psTraceInt("want: >= %hu\n", ssl->secConfig.min_ec_curve_bits);
|
|
return MATRIXSSL_ERROR;
|
|
}
|
|
break;
|
|
|
|
/* Warn if user tries to load too small keys. In the end, it is the
|
|
users responsibility to load the right keys, so do not issue
|
|
an error. */
|
|
case secop_rsa_load_key:
|
|
if (ssl->secConfig.min_rsa_bits > nbits)
|
|
{
|
|
psTraceErrr("Warning: loaded RSA key is below minimum size " \
|
|
"required by security config\n");
|
|
psTraceIntInfo("Got: %zu, ", nbits);
|
|
psTraceIntInfo("want: >= %hu\n", ssl->secConfig.min_rsa_bits);
|
|
}
|
|
break;
|
|
case secop_ecdsa_load_key:
|
|
if (ssl->secConfig.min_ec_curve_bits > nbits)
|
|
{
|
|
psTraceErrr("Warning: loaded EC key is below minimum size " \
|
|
"required by security config\n");
|
|
psTraceIntInfo("Got: %zu, ", nbits);
|
|
psTraceIntInfo("want: >= %hu\n", ssl->secConfig.min_ec_curve_bits);
|
|
}
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
|
|
/* Operation deemed as permissible if we got here. */
|
|
psTraceInfo("OK\n");
|
|
return MATRIXSSL_SUCCESS;
|
|
}
|
|
|
|
psRes_t matrixSslCallSecurityCallback(ssl_t *ssl,
|
|
psSecOperation_t op,
|
|
psSizeL_t nbits,
|
|
void *extraData)
|
|
{
|
|
if (ssl->secCb)
|
|
{
|
|
return ssl->secCb(ssl, op, nbits, extraData);
|
|
}
|
|
else
|
|
{
|
|
return defaultTlsSecCb(ssl, op, nbits, extraData);
|
|
}
|
|
}
|
|
|
|
|
|
# endif /* USE_SEC_CONFIG */
|