Skip to content

Commit c0ee6b4

Browse files
committed
TLS: Use DH group whitelisting
1 parent 9a5c191 commit c0ee6b4

15 files changed

+196
-143
lines changed

crypto/BouncyCastle.Android.csproj

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1002,6 +1002,7 @@
10021002
<Compile Include="src\crypto\tls\DefaultTlsAgreementCredentials.cs" />
10031003
<Compile Include="src\crypto\tls\DefaultTlsCipherFactory.cs" />
10041004
<Compile Include="src\crypto\tls\DefaultTlsClient.cs" />
1005+
<Compile Include="src\crypto\tls\DefaultTlsDHVerifier.cs" />
10051006
<Compile Include="src\crypto\tls\DefaultTlsEncryptionCredentials.cs" />
10061007
<Compile Include="src\crypto\tls\DefaultTlsServer.cs" />
10071008
<Compile Include="src\crypto\tls\DefaultTlsSignerCredentials.cs" />
@@ -1045,7 +1046,6 @@
10451046
<Compile Include="src\crypto\tls\PskTlsServer.cs" />
10461047
<Compile Include="src\crypto\tls\RecordStream.cs" />
10471048
<Compile Include="src\crypto\tls\SecurityParameters.cs" />
1048-
<Compile Include="src\crypto\tls\ServerDHParams.cs" />
10491049
<Compile Include="src\crypto\tls\ServerName.cs" />
10501050
<Compile Include="src\crypto\tls\ServerNameList.cs" />
10511051
<Compile Include="src\crypto\tls\ServerOnlyTlsAuthentication.cs" />
@@ -1076,6 +1076,7 @@
10761076
<Compile Include="src\crypto\tls\TlsCredentials.cs" />
10771077
<Compile Include="src\crypto\tls\TlsDHKeyExchange.cs" />
10781078
<Compile Include="src\crypto\tls\TlsDHUtilities.cs" />
1079+
<Compile Include="src\crypto\tls\TlsDHVerifier.cs" />
10791080
<Compile Include="src\crypto\tls\TlsDeflateCompression.cs" />
10801081
<Compile Include="src\crypto\tls\TlsDheKeyExchange.cs" />
10811082
<Compile Include="src\crypto\tls\TlsDsaSigner.cs" />

crypto/BouncyCastle.csproj

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -996,6 +996,7 @@
996996
<Compile Include="src\crypto\tls\DefaultTlsAgreementCredentials.cs" />
997997
<Compile Include="src\crypto\tls\DefaultTlsCipherFactory.cs" />
998998
<Compile Include="src\crypto\tls\DefaultTlsClient.cs" />
999+
<Compile Include="src\crypto\tls\DefaultTlsDHVerifier.cs" />
9991000
<Compile Include="src\crypto\tls\DefaultTlsEncryptionCredentials.cs" />
10001001
<Compile Include="src\crypto\tls\DefaultTlsServer.cs" />
10011002
<Compile Include="src\crypto\tls\DefaultTlsSignerCredentials.cs" />
@@ -1039,7 +1040,6 @@
10391040
<Compile Include="src\crypto\tls\PskTlsServer.cs" />
10401041
<Compile Include="src\crypto\tls\RecordStream.cs" />
10411042
<Compile Include="src\crypto\tls\SecurityParameters.cs" />
1042-
<Compile Include="src\crypto\tls\ServerDHParams.cs" />
10431043
<Compile Include="src\crypto\tls\ServerName.cs" />
10441044
<Compile Include="src\crypto\tls\ServerNameList.cs" />
10451045
<Compile Include="src\crypto\tls\ServerOnlyTlsAuthentication.cs" />
@@ -1070,6 +1070,7 @@
10701070
<Compile Include="src\crypto\tls\TlsCredentials.cs" />
10711071
<Compile Include="src\crypto\tls\TlsDHKeyExchange.cs" />
10721072
<Compile Include="src\crypto\tls\TlsDHUtilities.cs" />
1073+
<Compile Include="src\crypto\tls\TlsDHVerifier.cs" />
10731074
<Compile Include="src\crypto\tls\TlsDeflateCompression.cs" />
10741075
<Compile Include="src\crypto\tls\TlsDheKeyExchange.cs" />
10751076
<Compile Include="src\crypto\tls\TlsDsaSigner.cs" />

crypto/BouncyCastle.iOS.csproj

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -997,6 +997,7 @@
997997
<Compile Include="src\crypto\tls\DefaultTlsAgreementCredentials.cs" />
998998
<Compile Include="src\crypto\tls\DefaultTlsCipherFactory.cs" />
999999
<Compile Include="src\crypto\tls\DefaultTlsClient.cs" />
1000+
<Compile Include="src\crypto\tls\DefaultTlsDHVerifier.cs" />
10001001
<Compile Include="src\crypto\tls\DefaultTlsEncryptionCredentials.cs" />
10011002
<Compile Include="src\crypto\tls\DefaultTlsServer.cs" />
10021003
<Compile Include="src\crypto\tls\DefaultTlsSignerCredentials.cs" />
@@ -1040,7 +1041,6 @@
10401041
<Compile Include="src\crypto\tls\PskTlsServer.cs" />
10411042
<Compile Include="src\crypto\tls\RecordStream.cs" />
10421043
<Compile Include="src\crypto\tls\SecurityParameters.cs" />
1043-
<Compile Include="src\crypto\tls\ServerDHParams.cs" />
10441044
<Compile Include="src\crypto\tls\ServerName.cs" />
10451045
<Compile Include="src\crypto\tls\ServerNameList.cs" />
10461046
<Compile Include="src\crypto\tls\ServerOnlyTlsAuthentication.cs" />
@@ -1071,6 +1071,7 @@
10711071
<Compile Include="src\crypto\tls\TlsCredentials.cs" />
10721072
<Compile Include="src\crypto\tls\TlsDHKeyExchange.cs" />
10731073
<Compile Include="src\crypto\tls\TlsDHUtilities.cs" />
1074+
<Compile Include="src\crypto\tls\TlsDHVerifier.cs" />
10741075
<Compile Include="src\crypto\tls\TlsDeflateCompression.cs" />
10751076
<Compile Include="src\crypto\tls\TlsDheKeyExchange.cs" />
10761077
<Compile Include="src\crypto\tls\TlsDsaSigner.cs" />

crypto/crypto.csproj

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4868,6 +4868,11 @@
48684868
SubType = "Code"
48694869
BuildAction = "Compile"
48704870
/>
4871+
<File
4872+
RelPath = "src\crypto\tls\DefaultTlsDHVerifier.cs"
4873+
SubType = "Code"
4874+
BuildAction = "Compile"
4875+
/>
48714876
<File
48724877
RelPath = "src\crypto\tls\DefaultTlsEncryptionCredentials.cs"
48734878
SubType = "Code"
@@ -5083,11 +5088,6 @@
50835088
SubType = "Code"
50845089
BuildAction = "Compile"
50855090
/>
5086-
<File
5087-
RelPath = "src\crypto\tls\ServerDHParams.cs"
5088-
SubType = "Code"
5089-
BuildAction = "Compile"
5090-
/>
50915091
<File
50925092
RelPath = "src\crypto\tls\ServerSrpParams.cs"
50935093
SubType = "Code"
@@ -5248,6 +5248,11 @@
52485248
SubType = "Code"
52495249
BuildAction = "Compile"
52505250
/>
5251+
<File
5252+
RelPath = "src\crypto\tls\TlsDHVerifier.cs"
5253+
SubType = "Code"
5254+
BuildAction = "Compile"
5255+
/>
52515256
<File
52525257
RelPath = "src\crypto\tls\TlsDsaSigner.cs"
52535258
SubType = "Code"

crypto/src/crypto/tls/DefaultTlsClient.cs

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,14 +14,22 @@ namespace Org.BouncyCastle.Crypto.Tls
1414
public abstract class DefaultTlsClient
1515
: AbstractTlsClient
1616
{
17+
protected TlsDHVerifier mDHVerifier;
18+
1719
public DefaultTlsClient()
18-
: base()
20+
: this(new DefaultTlsCipherFactory())
1921
{
2022
}
2123

2224
public DefaultTlsClient(TlsCipherFactory cipherFactory)
23-
: base(cipherFactory)
25+
: this(cipherFactory, new DefaultTlsDHVerifier())
26+
{
27+
}
28+
29+
public DefaultTlsClient(TlsCipherFactory cipherFactory, TlsDHVerifier dhVerifier)
30+
: base(cipherFactory)
2431
{
32+
this.mDHVerifier = dhVerifier;
2533
}
2634

2735
public override int[] GetCipherSuites()
@@ -85,12 +93,12 @@ public override TlsKeyExchange GetKeyExchange()
8593

8694
protected virtual TlsKeyExchange CreateDHKeyExchange(int keyExchange)
8795
{
88-
return new TlsDHKeyExchange(keyExchange, mSupportedSignatureAlgorithms, null);
96+
return new TlsDHKeyExchange(keyExchange, mSupportedSignatureAlgorithms, mDHVerifier, null);
8997
}
9098

9199
protected virtual TlsKeyExchange CreateDheKeyExchange(int keyExchange)
92100
{
93-
return new TlsDheKeyExchange(keyExchange, mSupportedSignatureAlgorithms, null);
101+
return new TlsDheKeyExchange(keyExchange, mSupportedSignatureAlgorithms, mDHVerifier, null);
94102
}
95103

96104
protected virtual TlsKeyExchange CreateECDHKeyExchange(int keyExchange)
Lines changed: 101 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,101 @@
1+
using System;
2+
using System.Collections;
3+
4+
using Org.BouncyCastle.Crypto.Agreement;
5+
using Org.BouncyCastle.Crypto.Parameters;
6+
using Org.BouncyCastle.Math;
7+
using Org.BouncyCastle.Utilities;
8+
9+
namespace Org.BouncyCastle.Crypto.Tls
10+
{
11+
public class DefaultTlsDHVerifier
12+
: TlsDHVerifier
13+
{
14+
public static readonly int DefaultMinimumPrimeBits = 2048;
15+
16+
protected static readonly IList DefaultGroups = Platform.CreateArrayList();
17+
18+
private static void AddDefaultGroup(DHParameters dhParameters)
19+
{
20+
DefaultGroups.Add(dhParameters);
21+
}
22+
23+
static DefaultTlsDHVerifier()
24+
{
25+
AddDefaultGroup(DHStandardGroups.rfc7919_ffdhe2048);
26+
AddDefaultGroup(DHStandardGroups.rfc7919_ffdhe3072);
27+
AddDefaultGroup(DHStandardGroups.rfc7919_ffdhe4096);
28+
AddDefaultGroup(DHStandardGroups.rfc7919_ffdhe6144);
29+
AddDefaultGroup(DHStandardGroups.rfc7919_ffdhe8192);
30+
31+
AddDefaultGroup(DHStandardGroups.rfc3526_1536);
32+
AddDefaultGroup(DHStandardGroups.rfc3526_2048);
33+
AddDefaultGroup(DHStandardGroups.rfc3526_3072);
34+
AddDefaultGroup(DHStandardGroups.rfc3526_4096);
35+
AddDefaultGroup(DHStandardGroups.rfc3526_6144);
36+
AddDefaultGroup(DHStandardGroups.rfc3526_8192);
37+
}
38+
39+
// IList is (DHParameters)
40+
protected readonly IList mGroups;
41+
protected readonly int mMinimumPrimeBits;
42+
43+
/// <summary>Accept various standard DH groups with 'P' at least <c>DefaultMinimumPrimeBits</c> bits.</summary>
44+
public DefaultTlsDHVerifier()
45+
: this(DefaultMinimumPrimeBits)
46+
{
47+
}
48+
49+
/// <summary>Accept various standard DH groups with 'P' at least the specified number of bits.</summary>
50+
public DefaultTlsDHVerifier(int minimumPrimeBits)
51+
: this(DefaultGroups, minimumPrimeBits)
52+
{
53+
}
54+
55+
/// <summary>Accept a custom set of group parameters, subject to a minimum bitlength for 'P'.</summary>
56+
/// <param name="groups">An <c>IList</c> of acceptable <c>DHParameters</c>.</param>
57+
/// <param name="minimumPrimeBits">The minimum acceptable bitlength of the 'P' parameter.</param>
58+
public DefaultTlsDHVerifier(IList groups, int minimumPrimeBits)
59+
{
60+
this.mGroups = groups;
61+
this.mMinimumPrimeBits = minimumPrimeBits;
62+
}
63+
64+
public virtual bool Accept(DHParameters dhParameters)
65+
{
66+
return CheckMinimumPrimeBits(dhParameters) && CheckGroup(dhParameters);
67+
}
68+
69+
public virtual int MinimumPrimeBits
70+
{
71+
get { return mMinimumPrimeBits; }
72+
}
73+
74+
protected virtual bool AreGroupsEqual(DHParameters a, DHParameters b)
75+
{
76+
return a == b || (AreParametersEqual(a.P, b.P) && AreParametersEqual(a.G, b.G));
77+
}
78+
79+
protected virtual bool AreParametersEqual(BigInteger a, BigInteger b)
80+
{
81+
return a == b || a.Equals(b);
82+
}
83+
84+
protected virtual bool CheckGroup(DHParameters dhParameters)
85+
{
86+
foreach (DHParameters group in mGroups)
87+
{
88+
if (AreGroupsEqual(dhParameters, group))
89+
{
90+
return true;
91+
}
92+
}
93+
return false;
94+
}
95+
96+
protected virtual bool CheckMinimumPrimeBits(DHParameters dhParameters)
97+
{
98+
return dhParameters.P.BitLength >= MinimumPrimeBits;
99+
}
100+
}
101+
}

crypto/src/crypto/tls/DefaultTlsServer.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -138,12 +138,12 @@ public override TlsKeyExchange GetKeyExchange()
138138

139139
protected virtual TlsKeyExchange CreateDHKeyExchange(int keyExchange)
140140
{
141-
return new TlsDHKeyExchange(keyExchange, mSupportedSignatureAlgorithms, GetDHParameters());
141+
return new TlsDHKeyExchange(keyExchange, mSupportedSignatureAlgorithms, null, GetDHParameters());
142142
}
143143

144144
protected virtual TlsKeyExchange CreateDheKeyExchange(int keyExchange)
145145
{
146-
return new TlsDheKeyExchange(keyExchange, mSupportedSignatureAlgorithms, GetDHParameters());
146+
return new TlsDheKeyExchange(keyExchange, mSupportedSignatureAlgorithms, null, GetDHParameters());
147147
}
148148

149149
protected virtual TlsKeyExchange CreateECDHKeyExchange(int keyExchange)

crypto/src/crypto/tls/PskTlsClient.cs

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,16 +6,23 @@ namespace Org.BouncyCastle.Crypto.Tls
66
public class PskTlsClient
77
: AbstractTlsClient
88
{
9+
protected TlsDHVerifier mDHVerifier;
910
protected TlsPskIdentity mPskIdentity;
1011

1112
public PskTlsClient(TlsPskIdentity pskIdentity)
12-
: this(new DefaultTlsCipherFactory(), pskIdentity)
13+
: this(new DefaultTlsCipherFactory(), pskIdentity)
1314
{
1415
}
1516

1617
public PskTlsClient(TlsCipherFactory cipherFactory, TlsPskIdentity pskIdentity)
17-
: base(cipherFactory)
18+
: this(cipherFactory, new DefaultTlsDHVerifier(), pskIdentity)
1819
{
20+
}
21+
22+
public PskTlsClient(TlsCipherFactory cipherFactory, TlsDHVerifier dhVerifier, TlsPskIdentity pskIdentity)
23+
: base(cipherFactory)
24+
{
25+
this.mDHVerifier = dhVerifier;
1926
this.mPskIdentity = pskIdentity;
2027
}
2128

@@ -63,8 +70,8 @@ public override TlsAuthentication GetAuthentication()
6370

6471
protected virtual TlsKeyExchange CreatePskKeyExchange(int keyExchange)
6572
{
66-
return new TlsPskKeyExchange(keyExchange, mSupportedSignatureAlgorithms, mPskIdentity, null, null, mNamedCurves,
67-
mClientECPointFormats, mServerECPointFormats);
73+
return new TlsPskKeyExchange(keyExchange, mSupportedSignatureAlgorithms, mPskIdentity, null, mDHVerifier, null,
74+
mNamedCurves, mClientECPointFormats, mServerECPointFormats);
6875
}
6976
}
7077
}

crypto/src/crypto/tls/PskTlsServer.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@ public override TlsKeyExchange GetKeyExchange()
8787
protected virtual TlsKeyExchange CreatePskKeyExchange(int keyExchange)
8888
{
8989
return new TlsPskKeyExchange(keyExchange, mSupportedSignatureAlgorithms, null, mPskIdentityManager,
90-
GetDHParameters(), mNamedCurves, mClientECPointFormats, mServerECPointFormats);
90+
null, GetDHParameters(), mNamedCurves, mClientECPointFormats, mServerECPointFormats);
9191
}
9292
}
9393
}

crypto/src/crypto/tls/ServerDHParams.cs

Lines changed: 0 additions & 61 deletions
This file was deleted.

0 commit comments

Comments
 (0)