Change default DH group chosen by TLS server to 2048 bits

TLS client will not accept < 1024 bits DH group by default

5 files changed, 36 insertions, 16 deletions

diff --git a/crypto/src/crypto/tls/DefaultTlsServer.cs b/crypto/src/crypto/tls/DefaultTlsServer.cs

index b12c43e1c..77cd5f1cc 100644
--- a/crypto/src/crypto/tls/DefaultTlsServer.cs
+++ b/crypto/src/crypto/tls/DefaultTlsServer.cs
@@ -42,7 +42,7 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         protected virtual DHParameters GetDHParameters()
         {
-            return DHStandardGroups.rfc5114_1024_160;
+            return DHStandardGroups.rfc5114_2048_256;
         }
 
         protected override int[] GetCipherSuites()
diff --git a/crypto/src/crypto/tls/PskTlsServer.cs b/crypto/src/crypto/tls/PskTlsServer.cs

index 27d2b8119..85f3055fb 100644
--- a/crypto/src/crypto/tls/PskTlsServer.cs
+++ b/crypto/src/crypto/tls/PskTlsServer.cs
@@ -28,7 +28,7 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         protected virtual DHParameters GetDHParameters()
         {
-            return DHStandardGroups.rfc5114_1024_160;
+            return DHStandardGroups.rfc5114_2048_256;
         }
 
         protected override int[] GetCipherSuites()
diff --git a/crypto/src/crypto/tls/TlsDHKeyExchange.cs b/crypto/src/crypto/tls/TlsDHKeyExchange.cs

index 211249fcc..93ef1fa4a 100644
--- a/crypto/src/crypto/tls/TlsDHKeyExchange.cs
+++ b/crypto/src/crypto/tls/TlsDHKeyExchange.cs
@@ -81,6 +81,7 @@ namespace Org.BouncyCastle.Crypto.Tls
                 try
                 {
                     this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey((DHPublicKeyParameters)this.mServerPublicKey);
+                    this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters);
                 }
                 catch (InvalidCastException e)
                 {
@@ -171,8 +172,12 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         public override void ProcessClientCertificate(Certificate clientCertificate)
         {
-            // TODO Extract the public key
-            // TODO If the certificate is 'fixed', take the public key as dhAgreeClientPublicKey
+            // TODO Extract the public key and validate
+
+            /*
+             * TODO If the certificate is 'fixed', take the public key as dhAgreePublicKey and check
+             * that the parameters match the server's (see 'areCompatibleParameters').
+             */
         }
 
         public override void ProcessClientKeyExchange(Stream input)
@@ -202,5 +207,18 @@ namespace Org.BouncyCastle.Crypto.Tls
 
             throw new TlsFatalAlert(AlertDescription.internal_error);
         }
+
+        protected virtual int MinimumPrimeBits
+        {
+            get { return 1024; }
+        }
+
+        protected virtual DHParameters ValidateDHParameters(DHParameters parameters)
+        {
+            if (parameters.P.BitLength < MinimumPrimeBits)
+                throw new TlsFatalAlert(AlertDescription.insufficient_security);
+
+            return TlsDHUtilities.ValidateDHParameters(parameters);
+        }
     }
 }
diff --git a/crypto/src/crypto/tls/TlsDHUtilities.cs b/crypto/src/crypto/tls/TlsDHUtilities.cs

index b29f75e30..727587135 100644
--- a/crypto/src/crypto/tls/TlsDHUtilities.cs
+++ b/crypto/src/crypto/tls/TlsDHUtilities.cs
@@ -435,26 +435,28 @@ namespace Org.BouncyCastle.Crypto.Tls
 
             return (DHPrivateKeyParameters)kp.Private;
         }
-        
-        public static DHPublicKeyParameters ValidateDHPublicKey(DHPublicKeyParameters key)
+
+        public static DHParameters ValidateDHParameters(DHParameters parameters)
         {
-            BigInteger Y = key.Y;
-            DHParameters parameters = key.Parameters;
             BigInteger p = parameters.P;
             BigInteger g = parameters.G;
 
             if (!p.IsProbablePrime(2))
-            {
                 throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-            }
             if (g.CompareTo(Two) < 0 || g.CompareTo(p.Subtract(Two)) > 0)
-            {
                 throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-            }
-            if (Y.CompareTo(Two) < 0 || Y.CompareTo(p.Subtract(Two)) > 0)
-            {
+
+
+            return parameters;
+        }
+
+        public static DHPublicKeyParameters ValidateDHPublicKey(DHPublicKeyParameters key)
+        {
+            DHParameters parameters = ValidateDHParameters(key.Parameters);
+
+            BigInteger Y = key.Y;
+            if (Y.CompareTo(Two) < 0 || Y.CompareTo(parameters.P.Subtract(Two)) > 0)
                 throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-            }
 
             // TODO See RFC 2631 for more discussion of Diffie-Hellman validation
 
diff --git a/crypto/src/crypto/tls/TlsDheKeyExchange.cs b/crypto/src/crypto/tls/TlsDheKeyExchange.cs

index 419d4e442..9831e8cd7 100644
--- a/crypto/src/crypto/tls/TlsDheKeyExchange.cs
+++ b/crypto/src/crypto/tls/TlsDheKeyExchange.cs
@@ -79,7 +79,7 @@ namespace Org.BouncyCastle.Crypto.Tls
                 throw new TlsFatalAlert(AlertDescription.decrypt_error);
 
             this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(dhParams.PublicKey);
-            this.mDHParameters = mDHAgreePublicKey.Parameters;
+            this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters);
         }
 
         protected virtual ISigner InitVerifyer(TlsSigner tlsSigner, SignatureAndHashAlgorithm algorithm,