summary refs log tree commit diff
path: root/crypto
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2015-05-25 16:29:31 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2015-05-25 16:29:31 +0700
commit15eae9d56401d349be35dd2565ee72364d92cc38 (patch)
treef72f6bc01bbab2559c4c398ead6fd882eda12385 /crypto
parentPort recent Java updates (diff)
downloadBouncyCastle.NET-ed25519-15eae9d56401d349be35dd2565ee72364d92cc38.tar.xz
Change default DH group chosen by TLS server to 2048 bits
TLS client will not accept < 1024 bits DH group by default
Diffstat (limited to 'crypto')
-rw-r--r--crypto/src/crypto/tls/DefaultTlsServer.cs2
-rw-r--r--crypto/src/crypto/tls/PskTlsServer.cs2
-rw-r--r--crypto/src/crypto/tls/TlsDHKeyExchange.cs22
-rw-r--r--crypto/src/crypto/tls/TlsDHUtilities.cs24
-rw-r--r--crypto/src/crypto/tls/TlsDheKeyExchange.cs2
5 files changed, 36 insertions, 16 deletions
diff --git a/crypto/src/crypto/tls/DefaultTlsServer.cs b/crypto/src/crypto/tls/DefaultTlsServer.cs
index b12c43e1c..77cd5f1cc 100644
--- a/crypto/src/crypto/tls/DefaultTlsServer.cs
+++ b/crypto/src/crypto/tls/DefaultTlsServer.cs
@@ -42,7 +42,7 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         protected virtual DHParameters GetDHParameters()
         {
-            return DHStandardGroups.rfc5114_1024_160;
+            return DHStandardGroups.rfc5114_2048_256;
         }
 
         protected override int[] GetCipherSuites()
diff --git a/crypto/src/crypto/tls/PskTlsServer.cs b/crypto/src/crypto/tls/PskTlsServer.cs
index 27d2b8119..85f3055fb 100644
--- a/crypto/src/crypto/tls/PskTlsServer.cs
+++ b/crypto/src/crypto/tls/PskTlsServer.cs
@@ -28,7 +28,7 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         protected virtual DHParameters GetDHParameters()
         {
-            return DHStandardGroups.rfc5114_1024_160;
+            return DHStandardGroups.rfc5114_2048_256;
         }
 
         protected override int[] GetCipherSuites()
diff --git a/crypto/src/crypto/tls/TlsDHKeyExchange.cs b/crypto/src/crypto/tls/TlsDHKeyExchange.cs
index 211249fcc..93ef1fa4a 100644
--- a/crypto/src/crypto/tls/TlsDHKeyExchange.cs
+++ b/crypto/src/crypto/tls/TlsDHKeyExchange.cs
@@ -81,6 +81,7 @@ namespace Org.BouncyCastle.Crypto.Tls
                 try
                 {
                     this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey((DHPublicKeyParameters)this.mServerPublicKey);
+                    this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters);
                 }
                 catch (InvalidCastException e)
                 {
@@ -171,8 +172,12 @@ namespace Org.BouncyCastle.Crypto.Tls
 
         public override void ProcessClientCertificate(Certificate clientCertificate)
         {
-            // TODO Extract the public key
-            // TODO If the certificate is 'fixed', take the public key as dhAgreeClientPublicKey
+            // TODO Extract the public key and validate
+
+            /*
+             * TODO If the certificate is 'fixed', take the public key as dhAgreePublicKey and check
+             * that the parameters match the server's (see 'areCompatibleParameters').
+             */
         }
 
         public override void ProcessClientKeyExchange(Stream input)
@@ -202,5 +207,18 @@ namespace Org.BouncyCastle.Crypto.Tls
 
             throw new TlsFatalAlert(AlertDescription.internal_error);
         }
+
+        protected virtual int MinimumPrimeBits
+        {
+            get { return 1024; }
+        }
+
+        protected virtual DHParameters ValidateDHParameters(DHParameters parameters)
+        {
+            if (parameters.P.BitLength < MinimumPrimeBits)
+                throw new TlsFatalAlert(AlertDescription.insufficient_security);
+
+            return TlsDHUtilities.ValidateDHParameters(parameters);
+        }
     }
 }
diff --git a/crypto/src/crypto/tls/TlsDHUtilities.cs b/crypto/src/crypto/tls/TlsDHUtilities.cs
index b29f75e30..727587135 100644
--- a/crypto/src/crypto/tls/TlsDHUtilities.cs
+++ b/crypto/src/crypto/tls/TlsDHUtilities.cs
@@ -435,26 +435,28 @@ namespace Org.BouncyCastle.Crypto.Tls
 
             return (DHPrivateKeyParameters)kp.Private;
         }
-        
-        public static DHPublicKeyParameters ValidateDHPublicKey(DHPublicKeyParameters key)
+
+        public static DHParameters ValidateDHParameters(DHParameters parameters)
         {
-            BigInteger Y = key.Y;
-            DHParameters parameters = key.Parameters;
             BigInteger p = parameters.P;
             BigInteger g = parameters.G;
 
             if (!p.IsProbablePrime(2))
-            {
                 throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-            }
             if (g.CompareTo(Two) < 0 || g.CompareTo(p.Subtract(Two)) > 0)
-            {
                 throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-            }
-            if (Y.CompareTo(Two) < 0 || Y.CompareTo(p.Subtract(Two)) > 0)
-            {
+
+
+            return parameters;
+        }
+
+        public static DHPublicKeyParameters ValidateDHPublicKey(DHPublicKeyParameters key)
+        {
+            DHParameters parameters = ValidateDHParameters(key.Parameters);
+
+            BigInteger Y = key.Y;
+            if (Y.CompareTo(Two) < 0 || Y.CompareTo(parameters.P.Subtract(Two)) > 0)
                 throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-            }
 
             // TODO See RFC 2631 for more discussion of Diffie-Hellman validation
 
diff --git a/crypto/src/crypto/tls/TlsDheKeyExchange.cs b/crypto/src/crypto/tls/TlsDheKeyExchange.cs
index 419d4e442..9831e8cd7 100644
--- a/crypto/src/crypto/tls/TlsDheKeyExchange.cs
+++ b/crypto/src/crypto/tls/TlsDheKeyExchange.cs
@@ -79,7 +79,7 @@ namespace Org.BouncyCastle.Crypto.Tls
                 throw new TlsFatalAlert(AlertDescription.decrypt_error);
 
             this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(dhParams.PublicKey);
-            this.mDHParameters = mDHAgreePublicKey.Parameters;
+            this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters);
         }
 
         protected virtual ISigner InitVerifyer(TlsSigner tlsSigner, SignatureAndHashAlgorithm algorithm,