From 15eae9d56401d349be35dd2565ee72364d92cc38 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Mon, 25 May 2015 16:29:31 +0700 Subject: Change default DH group chosen by TLS server to 2048 bits TLS client will not accept < 1024 bits DH group by default --- crypto/src/crypto/tls/DefaultTlsServer.cs | 2 +- crypto/src/crypto/tls/PskTlsServer.cs | 2 +- crypto/src/crypto/tls/TlsDHKeyExchange.cs | 22 ++++++++++++++++++++-- crypto/src/crypto/tls/TlsDHUtilities.cs | 24 +++++++++++++----------- crypto/src/crypto/tls/TlsDheKeyExchange.cs | 2 +- 5 files changed, 36 insertions(+), 16 deletions(-) (limited to 'crypto/src') diff --git a/crypto/src/crypto/tls/DefaultTlsServer.cs b/crypto/src/crypto/tls/DefaultTlsServer.cs index b12c43e1c..77cd5f1cc 100644 --- a/crypto/src/crypto/tls/DefaultTlsServer.cs +++ b/crypto/src/crypto/tls/DefaultTlsServer.cs @@ -42,7 +42,7 @@ namespace Org.BouncyCastle.Crypto.Tls protected virtual DHParameters GetDHParameters() { - return DHStandardGroups.rfc5114_1024_160; + return DHStandardGroups.rfc5114_2048_256; } protected override int[] GetCipherSuites() diff --git a/crypto/src/crypto/tls/PskTlsServer.cs b/crypto/src/crypto/tls/PskTlsServer.cs index 27d2b8119..85f3055fb 100644 --- a/crypto/src/crypto/tls/PskTlsServer.cs +++ b/crypto/src/crypto/tls/PskTlsServer.cs @@ -28,7 +28,7 @@ namespace Org.BouncyCastle.Crypto.Tls protected virtual DHParameters GetDHParameters() { - return DHStandardGroups.rfc5114_1024_160; + return DHStandardGroups.rfc5114_2048_256; } protected override int[] GetCipherSuites() diff --git a/crypto/src/crypto/tls/TlsDHKeyExchange.cs b/crypto/src/crypto/tls/TlsDHKeyExchange.cs index 211249fcc..93ef1fa4a 100644 --- a/crypto/src/crypto/tls/TlsDHKeyExchange.cs +++ b/crypto/src/crypto/tls/TlsDHKeyExchange.cs @@ -81,6 +81,7 @@ namespace Org.BouncyCastle.Crypto.Tls try { this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey((DHPublicKeyParameters)this.mServerPublicKey); + this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters); } catch (InvalidCastException e) { @@ -171,8 +172,12 @@ namespace Org.BouncyCastle.Crypto.Tls public override void ProcessClientCertificate(Certificate clientCertificate) { - // TODO Extract the public key - // TODO If the certificate is 'fixed', take the public key as dhAgreeClientPublicKey + // TODO Extract the public key and validate + + /* + * TODO If the certificate is 'fixed', take the public key as dhAgreePublicKey and check + * that the parameters match the server's (see 'areCompatibleParameters'). + */ } public override void ProcessClientKeyExchange(Stream input) @@ -202,5 +207,18 @@ namespace Org.BouncyCastle.Crypto.Tls throw new TlsFatalAlert(AlertDescription.internal_error); } + + protected virtual int MinimumPrimeBits + { + get { return 1024; } + } + + protected virtual DHParameters ValidateDHParameters(DHParameters parameters) + { + if (parameters.P.BitLength < MinimumPrimeBits) + throw new TlsFatalAlert(AlertDescription.insufficient_security); + + return TlsDHUtilities.ValidateDHParameters(parameters); + } } } diff --git a/crypto/src/crypto/tls/TlsDHUtilities.cs b/crypto/src/crypto/tls/TlsDHUtilities.cs index b29f75e30..727587135 100644 --- a/crypto/src/crypto/tls/TlsDHUtilities.cs +++ b/crypto/src/crypto/tls/TlsDHUtilities.cs @@ -435,26 +435,28 @@ namespace Org.BouncyCastle.Crypto.Tls return (DHPrivateKeyParameters)kp.Private; } - - public static DHPublicKeyParameters ValidateDHPublicKey(DHPublicKeyParameters key) + + public static DHParameters ValidateDHParameters(DHParameters parameters) { - BigInteger Y = key.Y; - DHParameters parameters = key.Parameters; BigInteger p = parameters.P; BigInteger g = parameters.G; if (!p.IsProbablePrime(2)) - { throw new TlsFatalAlert(AlertDescription.illegal_parameter); - } if (g.CompareTo(Two) < 0 || g.CompareTo(p.Subtract(Two)) > 0) - { throw new TlsFatalAlert(AlertDescription.illegal_parameter); - } - if (Y.CompareTo(Two) < 0 || Y.CompareTo(p.Subtract(Two)) > 0) - { + + + return parameters; + } + + public static DHPublicKeyParameters ValidateDHPublicKey(DHPublicKeyParameters key) + { + DHParameters parameters = ValidateDHParameters(key.Parameters); + + BigInteger Y = key.Y; + if (Y.CompareTo(Two) < 0 || Y.CompareTo(parameters.P.Subtract(Two)) > 0) throw new TlsFatalAlert(AlertDescription.illegal_parameter); - } // TODO See RFC 2631 for more discussion of Diffie-Hellman validation diff --git a/crypto/src/crypto/tls/TlsDheKeyExchange.cs b/crypto/src/crypto/tls/TlsDheKeyExchange.cs index 419d4e442..9831e8cd7 100644 --- a/crypto/src/crypto/tls/TlsDheKeyExchange.cs +++ b/crypto/src/crypto/tls/TlsDheKeyExchange.cs @@ -79,7 +79,7 @@ namespace Org.BouncyCastle.Crypto.Tls throw new TlsFatalAlert(AlertDescription.decrypt_error); this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey(dhParams.PublicKey); - this.mDHParameters = mDHAgreePublicKey.Parameters; + this.mDHParameters = ValidateDHParameters(mDHAgreePublicKey.Parameters); } protected virtual ISigner InitVerifyer(TlsSigner tlsSigner, SignatureAndHashAlgorithm algorithm, -- cgit 1.4.1