diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2017-10-16 18:09:38 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2017-11-08 16:48:10 +0100 |
| commit | 6f97c0d50bad5f0d9868d4a8a91ae39c91f8cdac (patch) | |
| tree | 1ebf237771c949594e22cc479dcb660a0fcb7642 | |
| parent | 24b2ede283d6753ea6e2484607705f0a493d1f1e (diff) | |
| download | strongswan-6f97c0d50bad5f0d9868d4a8a91ae39c91f8cdac.tar.bz2 strongswan-6f97c0d50bad5f0d9868d4a8a91ae39c91f8cdac.tar.xz | |
ikev2: Enumerate RSA/PSS schemes and use them if enabled
| -rw-r--r-- | conf/options/charon.opt | 3 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c | 18 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/keys/public_key.c | 47 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/keys/public_key.h | 4 | ||||
| -rw-r--r-- | src/libstrongswan/tests/suites/test_utils.c | 27 | ||||
| -rw-r--r-- | src/pki/pki.c | 6 |
6 files changed, 67 insertions, 38 deletions
diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 900b9b46b..161ebb724 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -341,6 +341,9 @@ charon.routing_table charon.routing_table_prio Priority of the routing table. +charon.rsa_pss = no + Whether to use RSA with PSS padding instead of PKCS#1 padding by default. + charon.send_delay = 0 Delay in ms for sending packets, to simulate larger RTT. diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c index 08d15ef00..b34b5085f 100644 --- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c @@ -176,16 +176,20 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, * and supported by the other peer */ enumerator = signature_schemes_for_key(key_type, private->get_keysize(private)); - while (enumerator->enumerate(enumerator, &scheme)) + while (enumerator->enumerate(enumerator, &config)) { + if (config->scheme == SIGN_RSA_EMSA_PSS && + !lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE, + lib->ns)) + { + continue; + } if (keymat->hash_algorithm_supported(keymat, - hasher_from_signature_scheme(scheme, - NULL))) + hasher_from_signature_scheme(config->scheme, + config->params))) { - INIT(config, - .scheme = scheme, - ) - array_insert(selected, ARRAY_TAIL, config); + array_insert(selected, ARRAY_TAIL, + signature_params_clone(config)); } } enumerator->destroy(enumerator); diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c index 74a27d050..89fa9b348 100644 --- a/src/libstrongswan/credentials/keys/public_key.c +++ b/src/libstrongswan/credentials/keys/public_key.c @@ -18,6 +18,7 @@ #include <asn1/oid.h> #include "public_key.h" +#include "signature_params.h" ENUM(key_type_names, KEY_ANY, KEY_BLISS, "ANY", @@ -244,26 +245,42 @@ int signature_scheme_to_oid(signature_scheme_t scheme) } /** + * Parameters for RSA/PSS signature schemes + */ +#define PSS_PARAMS(bits) static rsa_pss_params_t pss_params_sha##bits = { \ + .hash = HASH_SHA##bits, \ + .mgf1_hash = HASH_SHA##bits, \ + .salt_len = RSA_PSS_SALT_LEN_DEFAULT, \ +} + +PSS_PARAMS(256); +PSS_PARAMS(384); +PSS_PARAMS(512); + +/** * Map for signature schemes to the key type and maximum key size allowed. * We only cover schemes with hash algorithms supported by IKEv2 signature * authentication. */ static struct { - signature_scheme_t scheme; key_type_t type; int max_keysize; + signature_params_t params; } scheme_map[] = { - { SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 }, - { SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 }, - { SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 }, - { SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 }, - { SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 }, - { SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 }, - { SIGN_ED25519, KEY_ED25519, 0 }, - { SIGN_ED448, KEY_ED448, 0 }, - { SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, 128 }, - { SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, 192 }, - { SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, 0 } + { KEY_RSA, 3072, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha256, }}, + { KEY_RSA, 7680, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha384, }}, + { KEY_RSA, 0, { .scheme = SIGN_RSA_EMSA_PSS, .params = &pss_params_sha512, }}, + { KEY_RSA, 3072, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256 }}, + { KEY_RSA, 7680, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384 }}, + { KEY_RSA, 0, { .scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512 }}, + { KEY_ECDSA, 256, { .scheme = SIGN_ECDSA_WITH_SHA256_DER }}, + { KEY_ECDSA, 384, { .scheme = SIGN_ECDSA_WITH_SHA384_DER }}, + { KEY_ECDSA, 0, { .scheme = SIGN_ECDSA_WITH_SHA512_DER }}, + { KEY_ED25519, 0, { .scheme = SIGN_ED25519 }}, + { KEY_ED448, 0, { .scheme = SIGN_ED448 }}, + { KEY_BLISS, 128, { .scheme = SIGN_BLISS_WITH_SHA2_256 }}, + { KEY_BLISS, 192, { .scheme = SIGN_BLISS_WITH_SHA2_384 }}, + { KEY_BLISS, 0, { .scheme = SIGN_BLISS_WITH_SHA2_512 }}, }; /** @@ -279,9 +296,9 @@ typedef struct { METHOD(enumerator_t, signature_schemes_enumerate, bool, private_enumerator_t *this, va_list args) { - signature_scheme_t *scheme; + signature_params_t **params; - VA_ARGS_VGET(args, scheme); + VA_ARGS_VGET(args, params); while (++this->index < countof(scheme_map)) { @@ -289,7 +306,7 @@ METHOD(enumerator_t, signature_schemes_enumerate, bool, (this->size <= scheme_map[this->index].max_keysize || !scheme_map[this->index].max_keysize)) { - *scheme = scheme_map[this->index].scheme; + *params = &scheme_map[this->index].params; return TRUE; } } diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index d6a0a7bc9..877ed20a2 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -281,11 +281,11 @@ int signature_scheme_to_oid(signature_scheme_t scheme); /** * Enumerate signature schemes that are appropriate for a key of the given type - * and size|strength. + * and size|strength ordered by increasing strength. * * @param type type of the key * @param size size or strength of the key - * @return enumerator over signature_scheme_t (increasing strength) + * @return enumerator over signature_params_t* (by strength) */ enumerator_t *signature_schemes_for_key(key_type_t type, int size); diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index 3428f237f..353010aaf 100644 --- a/src/libstrongswan/tests/suites/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -904,15 +904,20 @@ END_TEST static struct { key_type_t type; int size; - signature_scheme_t expected[4]; + signature_scheme_t expected[7]; } scheme_data[] = { - {KEY_RSA, 1024, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384, - SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }}, - {KEY_RSA, 2048, { SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_RSA_EMSA_PKCS1_SHA2_384, - SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }}, - {KEY_RSA, 4096, { SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512, + {KEY_RSA, 1024, { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PSS, + SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, + SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }}, - {KEY_RSA, 8192, { SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }}, + {KEY_RSA, 2048, { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PSS, + SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, + SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512, + SIGN_UNKNOWN }}, + {KEY_RSA, 4096, { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PSS, + SIGN_RSA_EMSA_PKCS1_SHA2_384, SIGN_RSA_EMSA_PKCS1_SHA2_512, + SIGN_UNKNOWN }}, + {KEY_RSA, 8192, { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_512, SIGN_UNKNOWN }}, {KEY_ECDSA, 256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }}, {KEY_ECDSA, 384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, @@ -928,16 +933,16 @@ static struct { START_TEST(test_signature_schemes_for_key) { enumerator_t *enumerator; - signature_scheme_t scheme; + signature_params_t *params; int i; enumerator = signature_schemes_for_key(scheme_data[_i].type, scheme_data[_i].size); for (i = 0; scheme_data[_i].expected[i] != SIGN_UNKNOWN; i++) { - ck_assert(enumerator->enumerate(enumerator, &scheme)); - ck_assert_int_eq(scheme_data[_i].expected[i], scheme); + ck_assert(enumerator->enumerate(enumerator, ¶ms)); + ck_assert_int_eq(scheme_data[_i].expected[i], params->scheme); } - ck_assert(!enumerator->enumerate(enumerator, &scheme)); + ck_assert(!enumerator->enumerate(enumerator, ¶ms)); enumerator->destroy(enumerator); } END_TEST diff --git a/src/pki/pki.c b/src/pki/pki.c index 44fe1f75d..805a79516 100644 --- a/src/pki/pki.c +++ b/src/pki/pki.c @@ -243,14 +243,14 @@ void set_file_mode(FILE *stream, cred_encoding_type_t enc) hash_algorithm_t get_default_digest(private_key_t *private) { enumerator_t *enumerator; - signature_scheme_t scheme; + signature_params_t *params; hash_algorithm_t alg = HASH_UNKNOWN; enumerator = signature_schemes_for_key(private->get_type(private), private->get_keysize(private)); - if (enumerator->enumerate(enumerator, &scheme)) + if (enumerator->enumerate(enumerator, ¶ms)) { - alg = hasher_from_signature_scheme(scheme, NULL); + alg = hasher_from_signature_scheme(params->scheme, params->params); } enumerator->destroy(enumerator); |