diff options
-rw-r--r-- | man/ipsec.conf.5.in | 6 | ||||
-rw-r--r-- | src/libstrongswan/credentials/auth_cfg.c | 66 | ||||
-rw-r--r-- | src/libstrongswan/tests/suites/test_auth_cfg.c | 27 | ||||
-rw-r--r-- | src/swanctl/swanctl.opt | 11 |
4 files changed, 94 insertions, 16 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index 85340f2da..774df75ac 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -631,6 +631,12 @@ constraint (without ike: prefix) will also apply to IKEv2 authentication, unless this is disabled in .BR strongswan.conf (5). +To use or require RSASSA-PSS signatures use rsa/pss instead of rsa as in e.g. +.BR ike:rsa/pss-sha256 . +If \fBpubkey\fR or \fBrsa\fR constraints are configured RSASSA-PSS signatures +will only be used/accepted if enabled in +.BR strongswan.conf (5). + For .BR eap , an optional EAP method can be appended. Currently defined methods are diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index 4c29af1ef..d1be7b401 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -532,11 +532,35 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) } } +/** + * Create a constraint for RSA/PSS signatures + */ +static signature_params_t *create_rsa_pss_constraint(char *token) +{ + signature_params_t *params = NULL; + hash_algorithm_t hash; + + if (enum_from_name(hash_algorithm_short_names, token, &hash)) + { + rsa_pss_params_t pss = { + .hash = hash, + .mgf1_hash = hash, + .salt_len = RSA_PSS_SALT_LEN_DEFAULT, + }; + signature_params_t pss_params = { + .scheme = SIGN_RSA_EMSA_PSS, + .params = &pss, + }; + params = signature_params_clone(&pss_params); + } + return params; +} + METHOD(auth_cfg_t, add_pubkey_constraints, void, private_auth_cfg_t *this, char* constraints, bool ike) { enumerator_t *enumerator; - bool ike_added = FALSE; + bool ike_added = FALSE, rsa_pss; key_type_t expected_type = -1; auth_rule_t expected_strength = AUTH_RULE_MAX; signature_params_t *params; @@ -545,6 +569,9 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void, auth_rule_t type; void *value; + rsa_pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE, + lib->ns); + enumerator = enumerator_create_token(constraints, "-", ""); while (enumerator->enumerate(enumerator, &token)) { @@ -640,20 +667,10 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void, } if (key_token && streq(key_token + strlen(key_token) - 3, "pss")) - { /* these are not added automatically with 'pubkey' */ - hash_algorithm_t hash; - if (enum_from_name(hash_algorithm_short_names, token, &hash)) + { + params = create_rsa_pss_constraint(token); + if (params) { - rsa_pss_params_t pss = { - .hash = hash, - .mgf1_hash = hash, - .salt_len = RSA_PSS_SALT_LEN_DEFAULT, - }; - signature_params_t pss_params = { - .scheme = SIGN_RSA_EMSA_PSS, - .params = &pss, - }; - params = signature_params_clone(&pss_params); if (strpfx(key_token, "ike:")) { add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME, params); @@ -668,6 +685,27 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void, } else { + if (rsa_pss) + { + if (expected_type == KEY_ANY || + expected_type == KEY_RSA) + { + params = create_rsa_pss_constraint(token); + if (params) + { + if (strpfx(key_token, "ike:")) + { + add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME, params); + ike_added = TRUE; + } + else + { + add(this, AUTH_RULE_SIGNATURE_SCHEME, params); + } + found = TRUE; + } + } + } for (i = 0; i < countof(schemes); i++) { if (streq(schemes[i].name, token)) diff --git a/src/libstrongswan/tests/suites/test_auth_cfg.c b/src/libstrongswan/tests/suites/test_auth_cfg.c index 0c5baaf6b..d0fa8a045 100644 --- a/src/libstrongswan/tests/suites/test_auth_cfg.c +++ b/src/libstrongswan/tests/suites/test_auth_cfg.c @@ -176,6 +176,32 @@ START_TEST(test_sig_contraints_params) } END_TEST +struct { + char *constraints; + signature_scheme_t sig[6]; + signature_param_types_t p[6]; +} sig_constraints_rsa_pss_tests[] = { + { "pubkey-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, { + { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, {}, {}, {}, {}}}, + { "rsa-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, { + { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, {}}}, +}; + +START_TEST(test_sig_contraints_rsa_pss) +{ + auth_cfg_t *cfg; + + lib->settings->set_bool(lib->settings, "%s.rsa_pss", TRUE, lib->ns); + + cfg = auth_cfg_create(); + cfg->add_pubkey_constraints(cfg, sig_constraints_rsa_pss_tests[_i].constraints, TRUE); + check_sig_constraints_params(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME, + sig_constraints_rsa_pss_tests[_i].sig, + sig_constraints_rsa_pss_tests[_i].p); + cfg->destroy(cfg); +} +END_TEST + Suite *auth_cfg_suite_create() { Suite *s; @@ -190,6 +216,7 @@ Suite *auth_cfg_suite_create() tc = tcase_create("add_pubkey_constraints parameters"); tcase_add_loop_test(tc, test_sig_contraints_params, 0, countof(sig_constraints_params_tests)); + tcase_add_loop_test(tc, test_sig_contraints_rsa_pss, 0, countof(sig_constraints_rsa_pss_tests)); suite_add_tcase(s, tc); return s; diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index e5dbc921c..2dd9ea374 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -395,7 +395,11 @@ connections.<conn>.local<suffix>.auth = pubkey algorithm that matches or exceeds the strength of the signature key. If no constraints with _ike:_ prefix are configured any signature scheme constraint (without _ike:_ prefix) will also apply to IKEv2 authentication, - unless this is disabled in **strongswan.conf**(5). + unless this is disabled in **strongswan.conf**(5). To use RSASSA-PSS + signatures use _rsa/pss_ instead of _pubkey_ or _rsa_ as in e.g. + _ike:rsa/pss-sha256_. If _pubkey_ or _rsa_ constraints are configured + RSASSA-PSS signatures will only be used if enabled in + **strongswan.conf**(5). connections.<conn>.local<suffix>.id = IKE identity to use for authentication round. @@ -589,7 +593,10 @@ connections.<conn>.remote<suffix>.auth = pubkey constraints are configured (refer to the description of the **local** section's **auth** keyword for details), such key types and hash algorithms are also applied as constraints against IKEv2 signature authentication - schemes used by the remote side. + schemes used by the remote side. To require RSASSA-PSS signatures use + _rsa/pss_ instead of _pubkey_ or _rsa_ as in e.g. _rsa/pss-sha256_. If + _pubkey_ or _rsa_ constraints are configured RSASSA-PSS signatures will only + be accepted if enabled in **strongswan.conf**(5). To specify trust chain constraints for EAP-(T)TLS, append a colon to the EAP method, followed by the key type/size and hash algorithm as discussed |