feat(fips): restrict supported tls curve types in fips mode (#294)

kruskall · web-flow · commit 034952aa3a97 · 2025-03-11T16:40:00.000+01:00
* feat(fips): restrict supported tls curve types in fips mode

match NIST SP 800-52r2 approved list

* Update types_test.go

* Update tls_test.go

* Update server_config_test.go
diff --git a/transport/tlscommon/config.go b/transport/tlscommon/config.go
@@ -103,6 +103,11 @@ func (c *Config) Validate() error {
 			return err
 		}
 	}
+	for _, ct := range c.CurveTypes {
+		if err := ct.Validate(); err != nil {
+			return err
+		}
+	}
 	return c.Certificate.Validate()
 }
 
diff --git a/transport/tlscommon/server_config_test.go b/transport/tlscommon/server_config_test.go
@@ -113,7 +113,7 @@ func Test_ServerConfig_Repack(t *testing.T) {
     certificate: /path/to/cert.cry
     key: /path/to/key/crt
     curve_types:
-      - P-521
+      - P-384
     client_authentication: optional
     ca_sha256:
       - example`,
@@ -131,7 +131,7 @@ func Test_ServerConfig_Repack(t *testing.T) {
     certificate: /path/to/cert.cry
     key: /path/to/key/crt
     curve_types:
-      - P-521
+      - P-384
     ca_sha256:
       - example`,
 		auth: &required,
@@ -146,7 +146,7 @@ func Test_ServerConfig_Repack(t *testing.T) {
     certificate: /path/to/cert.cry
     key: /path/to/key/crt
     curve_types:
-      - P-521
+      - P-384
     ca_sha256:
       - example`,
 		auth: nil,
@@ -190,7 +190,7 @@ func Test_ServerConfig_RepackJSON(t *testing.T) {
     "certificate_authorities": ["/path/to/ca.crt"],
     "certificate": "/path/to/cert.crt",
     "key": "/path/to/key.crt",
-    "curve_types": "P-521",
+    "curve_types": "P-384",
     "renegotiation": "freely",
     "ca_sha256": ["example"],
     "ca_trusted_fingerprint": "fingerprint",
@@ -207,7 +207,7 @@ func Test_ServerConfig_RepackJSON(t *testing.T) {
     "certificate_authorities": ["/path/to/ca.crt"],
     "certificate": "/path/to/cert.crt",
     "key": "/path/to/key.crt",
-    "curve_types": "P-521",
+    "curve_types": "P-384",
     "renegotiation": "freely",
     "ca_sha256": ["example"],
     "ca_trusted_fingerprint": "fingerprint"
@@ -222,7 +222,7 @@ func Test_ServerConfig_RepackJSON(t *testing.T) {
     "cipher_suites": ["RSA-AES-256-CBC-SHA"],
     "certificate": "/path/to/cert.crt",
     "key": "/path/to/key.crt",
-    "curve_types": "P-521",
+    "curve_types": "P-384",
     "renegotiation": "freely",
     "ca_sha256": ["example"]
     }`,
diff --git a/transport/tlscommon/tls_test.go b/transport/tlscommon/tls_test.go
@@ -78,7 +78,7 @@ func TestValuesSet(t *testing.T) {
       - ECDHE-ECDSA-AES-256-GCM-SHA384
     supported_protocols: [TLSv1.3]
     curve_types:
-      - P-521
+      - P-384
     renegotiation: freely
   `)
 
diff --git a/transport/tlscommon/types.go b/transport/tlscommon/types.go
@@ -96,6 +96,7 @@ func init() {
 	}
 }
 
+var supportedCurveTypes = make(map[tlsCurveType]string, len(tlsCurveTypes))
 var tlsCurveTypes = map[string]tlsCurveType{
 	"P-256":  tlsCurveType(tls.CurveP256),
 	"P-384":  tlsCurveType(tls.CurveP384),
@@ -292,6 +293,13 @@ func (ct *tlsCurveType) Unpack(i interface{}) error {
 	return nil
 }
 
+func (ct *tlsCurveType) Validate() error {
+	if _, ok := supportedCurveTypes[*ct]; !ok {
+		return fmt.Errorf("unsupported curve type: %s", tls.CurveID(*ct).String())
+	}
+	return nil
+}
+
 type TLSRenegotiationSupport tls.RenegotiationSupport
 
 func (r TLSRenegotiationSupport) String() string {
diff --git a/transport/tlscommon/types_fips.go b/transport/tlscommon/types_fips.go
@@ -37,4 +37,11 @@ func init() {
 			supportedCipherSuites[i] = cipherName
 		}
 	}
+	// only allow P256, P384.
+	for name, curveType := range tlsCurveTypes {
+		switch tls.CurveID(curveType) {
+		case tls.CurveP256, tls.CurveP384:
+			supportedCurveTypes[curveType] = name
+		}
+	}
 }
diff --git a/transport/tlscommon/types_fips_test.go b/transport/tlscommon/types_fips_test.go
@@ -53,3 +53,19 @@ func TestLoadUnsupportedCiphers(t *testing.T) {
 	assert.ErrorContains(t, err, "unsupported tls cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA")
 	assert.Nil(t, cfg)
 }
+
+func TestLoadUnsupportedCurveTypes(t *testing.T) {
+	cfg, err := load(`
+    enabled: true
+    certificate: mycert.pem
+    key: mycert.key
+    verification_mode: ""
+    supported_protocols: [TLSv1.2, TLSv1.3]
+    curve_types:
+      - X25519
+    renegotiation: freely
+  `)
+
+	assert.ErrorContains(t, err, "unsupported curve type: X25519")
+	assert.Nil(t, cfg)
+}
diff --git a/transport/tlscommon/types_nofips.go b/transport/tlscommon/types_nofips.go
@@ -24,4 +24,7 @@ func init() {
 	for cipherName, i := range tlsCipherSuites {
 		supportedCipherSuites[i] = cipherName
 	}
+	for name, curveType := range tlsCurveTypes {
+		supportedCurveTypes[curveType] = name
+	}
 }
diff --git a/transport/tlscommon/types_test.go b/transport/tlscommon/types_test.go
@@ -78,7 +78,7 @@ func TestLoadWithEmptyVerificationMode(t *testing.T) {
     verification_mode:
     supported_protocols: [TLSv1.2, TLSv1.3]
     curve_types:
-      - P-521
+      - P-384
     renegotiation: freely
   `)
 
@@ -98,7 +98,7 @@ func TestRepackConfig(t *testing.T) {
     certificate: /path/to/cert.crt
     key: /path/to/key.crt
     curve_types:
-      - P-521
+      - P-384
     renegotiation: freely
     ca_sha256:
       - example
@@ -125,7 +125,7 @@ func TestRepackConfigFromJSON(t *testing.T) {
     "certificate_authorities": ["/path/to/ca.crt"],
     "certificate": "/path/to/cert.crt",
     "key": "/path/to/key.crt",
-    "curve_types": "P-521",
+    "curve_types": "P-384",
     "renegotiation": "freely",
     "ca_sha256": ["example"],
     "ca_trusted_fingerprint": "fingerprint"

Original file line number	Diff line number	Diff line change
`@@ -103,6 +103,11 @@ func (c *Config) Validate() error {`
`103`	`103`	`return err`
`104`	`104`	`}`
`105`	`105`	`}`
	`106`	`+ for _, ct := range c.CurveTypes {`
	`107`	`+ if err := ct.Validate(); err != nil {`
	`108`	`+ return err`
	`109`	`+ }`
	`110`	`+ }`
`106`	`111`	`return c.Certificate.Validate()`
`107`	`112`	`}`
`108`	`113`
Original file line number	Diff line number	Diff line change
`@@ -96,6 +96,7 @@ func init() {`
`96`	`96`	`}`
`97`	`97`	`}`
`98`	`98`
	`99`	`+var supportedCurveTypes = make(map[tlsCurveType]string, len(tlsCurveTypes))`
`99`	`100`	`var tlsCurveTypes = map[string]tlsCurveType{`
`100`	`101`	`"P-256": tlsCurveType(tls.CurveP256),`
`101`	`102`	`"P-384": tlsCurveType(tls.CurveP384),`
`@@ -292,6 +293,13 @@ func (ct *tlsCurveType) Unpack(i interface{}) error {`
`292`	`293`	`return nil`
`293`	`294`	`}`
`294`	`295`
	`296`	`+func (ct *tlsCurveType) Validate() error {`
	`297`	`+ if _, ok := supportedCurveTypes[*ct]; !ok {`
	`298`	`+ return fmt.Errorf("unsupported curve type: %s", tls.CurveID(*ct).String())`
	`299`	`+ }`
	`300`	`+ return nil`
	`301`	`+}`
	`302`	`+`
`295`	`303`	`type TLSRenegotiationSupport tls.RenegotiationSupport`
`296`	`304`
`297`	`305`	`func (r TLSRenegotiationSupport) String() string {`
Original file line number	Diff line number	Diff line change
`@@ -37,4 +37,11 @@ func init() {`
`37`	`37`	`supportedCipherSuites[i] = cipherName`
`38`	`38`	`}`
`39`	`39`	`}`
	`40`	`+ // only allow P256, P384.`
	`41`	`+ for name, curveType := range tlsCurveTypes {`
	`42`	`+ switch tls.CurveID(curveType) {`
	`43`	`+ case tls.CurveP256, tls.CurveP384:`
	`44`	`+ supportedCurveTypes[curveType] = name`
	`45`	`+ }`
	`46`	`+ }`
`40`	`47`	`}`
Original file line number	Diff line number	Diff line change
`@@ -24,4 +24,7 @@ func init() {`
`24`	`24`	`for cipherName, i := range tlsCipherSuites {`
`25`	`25`	`supportedCipherSuites[i] = cipherName`
`26`	`26`	`}`
	`27`	`+ for name, curveType := range tlsCurveTypes {`
	`28`	`+ supportedCurveTypes[curveType] = name`
	`29`	`+ }`
`27`	`30`	`}`