feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add check for min RSA key size at TLS/SSL level

Browse Source
This commit is contained in:
Jacob Barthelmeh
2016-04-14 13:35:49 -06:00
parent 4d38813b0c
commit c9891567e8
7 changed files with 192 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
examples/server/server.c
View File

@@ -276,7 +276,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
int loopIndefinitely = 0; int loopIndefinitely = 0;
int echoData = 0; int echoData = 0;
int throughput = 0; int throughput = 0;
int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS; int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
int minRsaKeyBits = DEFAULT_MIN_RSAKEY_BITS;
int doListen = 1; int doListen = 1;
int crlFlags = 0; int crlFlags = 0;
int ret; int ret;
@@ -327,6 +328,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
(void)useNtruKey; (void)useNtruKey;
(void)doCliCertCheck; (void)doCliCertCheck;
(void)minDhKeyBits; (void)minDhKeyBits;
(void)minRsaKeyBits;
(void)alpnList; (void)alpnList;
(void)alpn_opt; (void)alpn_opt;
(void)crlFlags; (void)crlFlags;
@@ -642,7 +644,14 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif #endif
#ifndef NO_DH #ifndef NO_DH
wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits); if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits) != SSL_SUCCESS) {
err_sys("Error setting minimum DH key size");
}
#endif
#ifndef NO_RSA
if (wolfSSL_CTX_SetMinRsaKey_Sz(ctx, (word16)minRsaKeyBits) != SSL_SUCCESS){
err_sys("Error setting minimum RSA key size");
}
#endif #endif
#ifdef HAVE_NTRU #ifdef HAVE_NTRU

58
src/internal.c
View File

@@ -549,7 +549,10 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method)
} }
#ifndef NO_DH #ifndef NO_DH
ctx->minDhKeySz = MIN_DHKEY_SZ; ctx->minDhKeySz = MIN_DHKEY_SZ;
#endif
#ifndef NO_RSA
ctx->minRsaKeySz = MIN_RSAKEY_SZ;
#endif #endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
@@ -2234,6 +2237,9 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
#ifndef NO_DH #ifndef NO_DH
ssl->options.minDhKeySz = ctx->minDhKeySz; ssl->options.minDhKeySz = ctx->minDhKeySz;
#endif #endif
#ifndef NO_RSA
ssl->options.minRsaKeySz = ctx->minRsaKeySz;
#endif
ssl->options.sessionCacheOff = ctx->sessionCacheOff; ssl->options.sessionCacheOff = ctx->sessionCacheOff;
ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff; ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff;
@@ -5130,6 +5136,23 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
subjectHash = dCert->subjectHash; subjectHash = dCert->subjectHash;
#endif #endif
/* Check key sizes for certs. Is redundent check since ProcessBuffer
also performs this check. */
switch (dCert->keyOID) {
#ifndef NO_RSA
case RSAk:
if (dCert->pubKeySize < ssl->options.minRsaKeySz) {
WOLFSSL_MSG("RSA key in cert chain was too small");
ret = RSA_KEY_SIZE_E;
}
break;
#endif /* !NO_RSA */
default:
WOLFSSL_MSG("Key size not checked");
break; /* key is not being checked for size if not in switch */
}
if (ret == 0 && dCert->isCA == 0) { if (ret == 0 && dCert->isCA == 0) {
WOLFSSL_MSG("Chain cert is not a CA, not adding as one"); WOLFSSL_MSG("Chain cert is not a CA, not adding as one");
} }
@@ -5441,6 +5464,15 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif /* NO_RSA */ #endif /* NO_RSA */
#endif /*HAVE_PK_CALLBACKS */ #endif /*HAVE_PK_CALLBACKS */
} }
/* check size of peer RSA key */
if (ret == 0 && ssl->peerRsaKeyPresent &&
wc_RsaEncryptSize(ssl->peerRsaKey)
< ssl->options.minRsaKeySz) {
ret = RSA_KEY_SIZE_E;
WOLFSSL_MSG("Peer RSA key is too small");
}
} }
break; break;
#endif /* NO_RSA */ #endif /* NO_RSA */
@@ -10130,6 +10162,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
case ASYNC_NOT_PENDING: case ASYNC_NOT_PENDING:
return "Async operation not pending"; return "Async operation not pending";
case RSA_KEY_SIZE_E:
return "RSA key too small";
default : default :
return "unknown error number"; return "unknown error number";
} }
@@ -13919,8 +13954,13 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
if (ret == 0) if (ret == 0)
ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx, &key, ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx, &key,
ssl->buffers.key->length); ssl->buffers.key->length);
if (ret == 0) if (ret == 0) {
sigOutSz = wc_RsaEncryptSize(&key); sigOutSz = wc_RsaEncryptSize(&key);
if (sigOutSz < ssl->options.minRsaKeySz) {
WOLFSSL_MSG("RSA key size too small");
return RSA_KEY_SIZE_E;
}
}
else else
#endif #endif
{ {
@@ -14868,6 +14908,11 @@ int DoSessionTicket(WOLFSSL* ssl,
goto exit_sske; goto exit_sske;
} }
sigSz = wc_RsaEncryptSize((RsaKey*)ssl->sigKey); sigSz = wc_RsaEncryptSize((RsaKey*)ssl->sigKey);
if (sigSz < ssl->options.minRsaKeySz) {
WOLFSSL_MSG("RSA signature key size too small");
goto exit_sske;
}
break; break;
} }
#endif /* !NO_RSA */ #endif /* !NO_RSA */
@@ -15151,6 +15196,11 @@ int DoSessionTicket(WOLFSSL* ssl,
sigSz = wc_RsaEncryptSize((RsaKey*)ssl->sigKey); sigSz = wc_RsaEncryptSize((RsaKey*)ssl->sigKey);
length += sigSz; length += sigSz;
if (sigSz < ssl->options.minRsaKeySz) {
WOLFSSL_MSG("RSA key size too small");
goto exit_sske;
}
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
length += HASH_SIG_SIZE; length += HASH_SIG_SIZE;
} }
@@ -16971,6 +17021,10 @@ int DoSessionTicket(WOLFSSL* ssl,
goto exit_dcke; goto exit_dcke;
} }
length = wc_RsaEncryptSize((RsaKey*)ssl->sigKey); length = wc_RsaEncryptSize((RsaKey*)ssl->sigKey);
if (length < ssl->options.minRsaKeySz) {
WOLFSSL_MSG("Peer RSA key is too small");
goto exit_dcke;
}
ssl->arrays->preMasterSz = SECRET_LEN; ssl->arrays->preMasterSz = SECRET_LEN;
if (ssl->options.tls) { if (ssl->options.tls) {

89
src/ssl.c
View File

@@ -480,6 +480,32 @@ int wolfSSL_GetObjectSize(void)
#endif #endif
#ifndef NO_RSA
int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX* ctx, word16 keySz)
{
if (ctx == NULL || keySz % 8 != 0) {
WOLFSSL_MSG("Key size must be divisable by 8 or ctx was null");
return BAD_FUNC_ARG;
}
ctx->minRsaKeySz = keySz / 8;
ctx->cm->minRsaKeySz = keySz / 8;
return SSL_SUCCESS;
}
int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, word16 keySz)
{
if (ssl == NULL || keySz % 8 != 0) {
WOLFSSL_MSG("Key size must be divisable by 8 or ssl was null");
return BAD_FUNC_ARG;
}
ssl->options.minRsaKeySz = keySz / 8;
return SSL_SUCCESS;
}
#endif /* !NO_RSA */
#ifndef NO_DH #ifndef NO_DH
/* server Diffie-Hellman parameters, SSL_SUCCESS on ok */ /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
@@ -1727,6 +1753,11 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void)
return NULL; return NULL;
} }
#endif #endif
/* set default minimum key size allowed */
#ifndef NO_RSA
cm->minRsaKeySz = MIN_RSAKEY_SZ;
#endif
} }
return cm; return cm;
@@ -2555,6 +2586,22 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
subjectHash = cert->subjectHash; subjectHash = cert->subjectHash;
#endif #endif
/* check CA key size */
switch (cert->keyOID) {
#ifndef NO_RSA
case RSAk:
if (cert->pubKeySize < cm->minRsaKeySz) {
ret = RSA_KEY_SIZE_E;
WOLFSSL_MSG(" CA RSA key is too small");
}
break;
#endif /* !NO_RSA */
default:
WOLFSSL_MSG(" No key size check done on CA");
break; /* no size check if key type is not in switch */
}
if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA) { if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA) {
WOLFSSL_MSG(" Can't add as CA if not actually one"); WOLFSSL_MSG(" Can't add as CA if not actually one");
ret = NOT_CA_ERROR; ret = NOT_CA_ERROR;
@@ -3428,6 +3475,20 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
if (!eccKey) if (!eccKey)
ret = SSL_BAD_FILE; ret = SSL_BAD_FILE;
} else { } else {
/* check that the size of the RSA key is enough */
int RsaSz = wc_RsaEncryptSize((RsaKey*)key);
if (ssl) {
if (RsaSz < ssl->options.minRsaKeySz) {
ret = RSA_KEY_SIZE_E;
WOLFSSL_MSG("Private Key size too small");
}
}
else if(ctx) {
if (RsaSz < ctx->minRsaKeySz) {
ret = RSA_KEY_SIZE_E;
WOLFSSL_MSG("Private Key size too small");
}
}
rsaKey = 1; rsaKey = 1;
(void)rsaKey; /* for no ecc builds */ (void)rsaKey; /* for no ecc builds */
} }
@@ -3527,10 +3588,38 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
} }
#endif #endif
/* check key size of cert */
switch (cert->keyOID) {
#ifndef NO_RSA
case RSAk:
if (ssl) {
if (cert->pubKeySize < ssl->options.minRsaKeySz) {
ret = RSA_KEY_SIZE_E;
WOLFSSL_MSG("Certificate RSA key size too small");
}
}
else if (ctx) {
if (cert->pubKeySize < ctx->minRsaKeySz) {
ret = RSA_KEY_SIZE_E;
WOLFSSL_MSG("Certificate RSA key size too small");
}
}
break;
#endif /* !NO_RSA */
default:
WOLFSSL_MSG("No key size check done on certificate");
break; /* do no check if not a case for the key */
}
FreeDecodedCert(cert); FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(cert, heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(cert, heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
if (ret != 0) {
return ret;
}
} }
return SSL_SUCCESS; return SSL_SUCCESS;

1
wolfssl/error-ssl.h
View File

@@ -144,6 +144,7 @@ enum wolfSSL_ErrorCodes {
OCSP_INVALID_STATUS = -407, /* Invalid OCSP Status */ OCSP_INVALID_STATUS = -407, /* Invalid OCSP Status */
ASYNC_NOT_PENDING = -408, /* Async operation not pending */ ASYNC_NOT_PENDING = -408, /* Async operation not pending */
RSA_KEY_SIZE_E = -409, /* RSA key too small */
/* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
/* begin negotiation parameter errors */ /* begin negotiation parameter errors */

25
wolfssl/internal.h
View File

@@ -1063,7 +1063,22 @@ enum Misc {
/* 150 suites for now! */ /* 150 suites for now! */
#endif #endif
/* set minimum RSA key size allowed */
#ifndef WOLFSSL_MIN_RSA_BITS
#ifdef WOLFSSL_MAX_STRENGTH
#define WOLFSSL_MIN_RSA_BITS 2048
#else
#define WOLFSSL_MIN_RSA_BITS 1024
#endif
#endif /* WOLFSSL_MIN_RSA_BITS */
#if (WOLFSSL_MIN_RSA_BITS % 8)
/* This is to account for the example case of a min size of 2050 bits but
still allows 2049 bit key. So we need the measurment to be in bytes. */
#error RSA minimum bit size must be a multiple of 8
#endif
#define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8)
/* set minimum DH key size allowed */
#ifndef WOLFSSL_MIN_DHKEY_BITS #ifndef WOLFSSL_MIN_DHKEY_BITS
#ifdef WOLFSSL_MAX_STRENGTH #ifdef WOLFSSL_MAX_STRENGTH
#define WOLFSSL_MIN_DHKEY_BITS 2048 #define WOLFSSL_MIN_DHKEY_BITS 2048
@@ -1481,6 +1496,10 @@ struct WOLFSSL_CERT_MANAGER {
byte ocspSendNonce; /* send the OCSP nonce ? */ byte ocspSendNonce; /* send the OCSP nonce ? */
byte ocspUseOverrideURL; /* ignore cert's responder, override */ byte ocspUseOverrideURL; /* ignore cert's responder, override */
byte ocspStaplingEnabled; /* is OCSP Stapling on ? */ byte ocspStaplingEnabled; /* is OCSP Stapling on ? */
#ifndef NO_RSA
word16 minRsaKeySz; /* minimum allowed RSA key size */
#endif
}; };
WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*); WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*);
@@ -1876,6 +1895,9 @@ struct WOLFSSL_CTX {
byte minDowngrade; /* minimum downgrade version */ byte minDowngrade; /* minimum downgrade version */
#ifndef NO_DH #ifndef NO_DH
word16 minDhKeySz; /* minimum DH key size */ word16 minDhKeySz; /* minimum DH key size */
#endif
#ifndef NO_RSA
word16 minRsaKeySz; /* minimum RSA key size */
#endif #endif
CallbackIORecv CBIORecv; CallbackIORecv CBIORecv;
CallbackIOSend CBIOSend; CallbackIOSend CBIOSend;
@@ -2341,6 +2363,9 @@ typedef struct Options {
word16 minDhKeySz; /* minimum DH key size */ word16 minDhKeySz; /* minimum DH key size */
word16 dhKeySz; /* actual DH key size */ word16 dhKeySz; /* actual DH key size */
#endif #endif
#ifndef NO_RSA
word16 minRsaKeySz; /* minimum RSA key size */
#endif
} Options; } Options;

5
wolfssl/ssl.h
View File

@@ -938,6 +938,11 @@ WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL*, unsigned short);
WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL*); WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL*);
#endif /* NO_DH */ #endif /* NO_DH */
#ifndef NO_RSA
WOLFSSL_API int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX*, unsigned short);
WOLFSSL_API int wolfSSL_SetMinRsaKey_Sz(WOLFSSL*, unsigned short);
#endif /* NO_RSA */
WOLFSSL_API int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, unsigned short); WOLFSSL_API int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, unsigned short);
WOLFSSL_API int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, unsigned short); WOLFSSL_API int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, unsigned short);

5
wolfssl/test.h
View File

@@ -231,6 +231,11 @@
#else #else
#define DEFAULT_MIN_DHKEY_BITS 1024 #define DEFAULT_MIN_DHKEY_BITS 1024
#endif #endif
#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
#define DEFAULT_MIN_RSAKEY_BITS 2048
#else
#define DEFAULT_MIN_RSAKEY_BITS 1024
#endif
/* all certs relative to wolfSSL home directory now */ /* all certs relative to wolfSSL home directory now */
#if defined(WOLFSSL_NO_CURRDIR) || defined(WOLFSSL_MDK_SHELL) #if defined(WOLFSSL_NO_CURRDIR) || defined(WOLFSSL_MDK_SHELL)