Suite B: Add tls_suiteb=1 parameter for RSA 3k key case

This adds phase1 parameter tls_suiteb=1 into wpa_supplicant
configuration to allow TLS library (only OpenSSL supported for now) to
use Suite B 192-bit level rules with RSA when using >= 3k (3072) keys.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2017-09-17 00:09:47 +03:00 committed by Jouni Malinen
parent 5030d7d9fd
commit 60ed2f24eb
4 changed files with 52 additions and 3 deletions

View File

@ -97,6 +97,7 @@ struct tls_config {
#define TLS_CONN_DISABLE_TLSv1_0 BIT(8) #define TLS_CONN_DISABLE_TLSv1_0 BIT(8)
#define TLS_CONN_EXT_CERT_CHECK BIT(9) #define TLS_CONN_EXT_CERT_CHECK BIT(9)
#define TLS_CONN_REQUIRE_OCSP_ALL BIT(10) #define TLS_CONN_REQUIRE_OCSP_ALL BIT(10)
#define TLS_CONN_SUITEB BIT(11)
/** /**
* struct tls_connection_params - Parameters for TLS connection * struct tls_connection_params - Parameters for TLS connection

View File

@ -2257,7 +2257,7 @@ static int tls_connection_set_subject_match(struct tls_connection *conn,
} }
static void tls_set_conn_flags(SSL *ssl, unsigned int flags) static int tls_set_conn_flags(SSL *ssl, unsigned int flags)
{ {
#ifdef SSL_OP_NO_TICKET #ifdef SSL_OP_NO_TICKET
if (flags & TLS_CONN_DISABLE_SESSION_TICKET) if (flags & TLS_CONN_DISABLE_SESSION_TICKET)
@ -2284,6 +2284,45 @@ static void tls_set_conn_flags(SSL *ssl, unsigned int flags)
else else
SSL_clear_options(ssl, SSL_OP_NO_TLSv1_2); SSL_clear_options(ssl, SSL_OP_NO_TLSv1_2);
#endif /* SSL_OP_NO_TLSv1_2 */ #endif /* SSL_OP_NO_TLSv1_2 */
#ifdef CONFIG_SUITEB
if (flags & TLS_CONN_SUITEB) {
EC_KEY *ecdh;
const char *ciphers =
"ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384";
if (SSL_set_cipher_list(ssl, ciphers) != 1) {
wpa_printf(MSG_INFO,
"OpenSSL: Failed to set Suite B ciphers");
return -1;
}
if (SSL_set1_curves_list(ssl, "P-384") != 1) {
wpa_printf(MSG_INFO,
"OpenSSL: Failed to set Suite B curves");
return -1;
}
/* ECDSA+SHA384 if need to add EC support here */
if (SSL_set1_sigalgs_list(ssl, "RSA+SHA384") != 1) {
wpa_printf(MSG_INFO,
"OpenSSL: Failed to set Suite B sigalgs");
return -1;
}
ecdh = EC_KEY_new_by_curve_name(NID_secp384r1);
if (!ecdh || SSL_set_tmp_ecdh(ssl, ecdh) != 1) {
EC_KEY_free(ecdh);
wpa_printf(MSG_INFO,
"OpenSSL: Failed to set ECDH parameter");
return -1;
}
EC_KEY_free(ecdh);
SSL_set_options(ssl, SSL_OP_NO_TLSv1);
SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);
}
#endif /* CONFIG_SUITEB */
return 0;
} }
@ -2307,7 +2346,8 @@ int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL); SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
} }
tls_set_conn_flags(conn->ssl, flags); if (tls_set_conn_flags(conn->ssl, flags) < 0)
return -1;
conn->flags = flags; conn->flags = flags;
SSL_set_accept_state(conn->ssl); SSL_set_accept_state(conn->ssl);
@ -4111,7 +4151,8 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
return -1; return -1;
} }
tls_set_conn_flags(conn->ssl, params->flags); if (tls_set_conn_flags(conn->ssl, params->flags) < 0)
return -1;
#ifdef OPENSSL_IS_BORINGSSL #ifdef OPENSSL_IS_BORINGSSL
if (params->flags & TLS_CONN_REQUEST_OCSP) { if (params->flags & TLS_CONN_REQUEST_OCSP) {

View File

@ -84,6 +84,10 @@ static void eap_tls_params_flags(struct tls_connection_params *params,
params->flags |= TLS_CONN_EXT_CERT_CHECK; params->flags |= TLS_CONN_EXT_CERT_CHECK;
if (os_strstr(txt, "tls_ext_cert_check=0")) if (os_strstr(txt, "tls_ext_cert_check=0"))
params->flags &= ~TLS_CONN_EXT_CERT_CHECK; params->flags &= ~TLS_CONN_EXT_CERT_CHECK;
if (os_strstr(txt, "tls_suiteb=1"))
params->flags |= TLS_CONN_SUITEB;
if (os_strstr(txt, "tls_suiteb=0"))
params->flags &= ~TLS_CONN_SUITEB;
} }

View File

@ -1164,6 +1164,9 @@ fast_reauth=1
# chain when receiving CTRL-RSP-EXT_CERT_CHECK event from the control # chain when receiving CTRL-RSP-EXT_CERT_CHECK event from the control
# interface and report the result of the validation with # interface and report the result of the validation with
# CTRL-RSP_EXT_CERT_CHECK. # CTRL-RSP_EXT_CERT_CHECK.
# tls_suiteb=0 - do not apply Suite B 192-bit constraints on TLS (default)
# tls_suiteb=1 - apply Suite B 192-bit constraints on TLS; this is used in
# particular when using Suite B with RSA keys of >= 3K (3072) bits
# #
# Following certificate/private key fields are used in inner Phase2 # Following certificate/private key fields are used in inner Phase2
# authentication when using EAP-TTLS or EAP-PEAP. # authentication when using EAP-TTLS or EAP-PEAP.