auth-cfg: Add RSA/PSS schemes for pubkey and rsa if enabled in strongswan.conf
authorTobias Brunner <tobias@strongswan.org>
Tue, 31 Oct 2017 13:20:28 +0000 (14:20 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 8 Nov 2017 15:48:10 +0000 (16:48 +0100)
Also document the rsa/pss prefix.

man/ipsec.conf.5.in
src/libstrongswan/credentials/auth_cfg.c
src/libstrongswan/tests/suites/test_auth_cfg.c
src/swanctl/swanctl.opt

index 85340f2..774df75 100644 (file)
@@ -631,6 +631,12 @@ constraint (without ike: prefix) will also apply to IKEv2 authentication, unless
 this is disabled in
 .BR strongswan.conf (5).
 
+To use or require RSASSA-PSS signatures use rsa/pss instead of rsa as in e.g.
+.BR ike:rsa/pss-sha256 .
+If \fBpubkey\fR or \fBrsa\fR constraints are configured RSASSA-PSS signatures
+will only be used/accepted if enabled in
+.BR strongswan.conf (5).
+
 For
 .BR eap ,
 an optional EAP method can be appended. Currently defined methods are
index 4c29af1..d1be7b4 100644 (file)
@@ -532,11 +532,35 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...)
        }
 }
 
+/**
+ * Create a constraint for RSA/PSS signatures
+ */
+static signature_params_t *create_rsa_pss_constraint(char *token)
+{
+       signature_params_t *params = NULL;
+       hash_algorithm_t hash;
+
+       if (enum_from_name(hash_algorithm_short_names, token, &hash))
+       {
+               rsa_pss_params_t pss = {
+                       .hash = hash,
+                       .mgf1_hash = hash,
+                       .salt_len = RSA_PSS_SALT_LEN_DEFAULT,
+               };
+               signature_params_t pss_params = {
+                       .scheme = SIGN_RSA_EMSA_PSS,
+                       .params = &pss,
+               };
+               params = signature_params_clone(&pss_params);
+       }
+       return params;
+}
+
 METHOD(auth_cfg_t, add_pubkey_constraints, void,
        private_auth_cfg_t *this, char* constraints, bool ike)
 {
        enumerator_t *enumerator;
-       bool ike_added = FALSE;
+       bool ike_added = FALSE, rsa_pss;
        key_type_t expected_type = -1;
        auth_rule_t expected_strength = AUTH_RULE_MAX;
        signature_params_t *params;
@@ -545,6 +569,9 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
        auth_rule_t type;
        void *value;
 
+       rsa_pss = lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE,
+                                                                         lib->ns);
+
        enumerator = enumerator_create_token(constraints, "-", "");
        while (enumerator->enumerate(enumerator, &token))
        {
@@ -640,20 +667,10 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
                }
 
                if (key_token && streq(key_token + strlen(key_token) - 3, "pss"))
-               {       /* these are not added automatically with 'pubkey' */
-                       hash_algorithm_t hash;
-                       if (enum_from_name(hash_algorithm_short_names, token, &hash))
+               {
+                       params = create_rsa_pss_constraint(token);
+                       if (params)
                        {
-                               rsa_pss_params_t pss = {
-                                       .hash = hash,
-                                       .mgf1_hash = hash,
-                                       .salt_len = RSA_PSS_SALT_LEN_DEFAULT,
-                               };
-                               signature_params_t pss_params = {
-                                       .scheme = SIGN_RSA_EMSA_PSS,
-                                       .params = &pss,
-                               };
-                               params = signature_params_clone(&pss_params);
                                if (strpfx(key_token, "ike:"))
                                {
                                        add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME, params);
@@ -668,6 +685,27 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
                }
                else
                {
+                       if (rsa_pss)
+                       {
+                               if (expected_type == KEY_ANY ||
+                                       expected_type == KEY_RSA)
+                               {
+                                       params = create_rsa_pss_constraint(token);
+                                       if (params)
+                                       {
+                                               if (strpfx(key_token, "ike:"))
+                                               {
+                                                       add(this, AUTH_RULE_IKE_SIGNATURE_SCHEME, params);
+                                                       ike_added = TRUE;
+                                               }
+                                               else
+                                               {
+                                                       add(this, AUTH_RULE_SIGNATURE_SCHEME, params);
+                                               }
+                                               found = TRUE;
+                                       }
+                               }
+                       }
                        for (i = 0; i < countof(schemes); i++)
                        {
                                if (streq(schemes[i].name, token))
index 0c5baaf..d0fa8a0 100644 (file)
@@ -176,6 +176,32 @@ START_TEST(test_sig_contraints_params)
 }
 END_TEST
 
+struct {
+       char *constraints;
+       signature_scheme_t sig[6];
+       signature_param_types_t p[6];
+} sig_constraints_rsa_pss_tests[] = {
+       { "pubkey-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_256, SIGN_BLISS_WITH_SHA2_256, 0 }, {
+               { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, {}, {}, {}, {}}},
+       { "rsa-sha256", { SIGN_RSA_EMSA_PSS, SIGN_RSA_EMSA_PKCS1_SHA2_256, 0 }, {
+               { .pss = { .hash = HASH_SHA256, .mgf1_hash = HASH_SHA256, .salt_len = HASH_SIZE_SHA256, }}, {}}},
+};
+
+START_TEST(test_sig_contraints_rsa_pss)
+{
+       auth_cfg_t *cfg;
+
+       lib->settings->set_bool(lib->settings, "%s.rsa_pss", TRUE, lib->ns);
+
+       cfg = auth_cfg_create();
+       cfg->add_pubkey_constraints(cfg, sig_constraints_rsa_pss_tests[_i].constraints, TRUE);
+       check_sig_constraints_params(cfg, AUTH_RULE_IKE_SIGNATURE_SCHEME,
+                                                                sig_constraints_rsa_pss_tests[_i].sig,
+                                                                sig_constraints_rsa_pss_tests[_i].p);
+       cfg->destroy(cfg);
+}
+END_TEST
+
 Suite *auth_cfg_suite_create()
 {
        Suite *s;
@@ -190,6 +216,7 @@ Suite *auth_cfg_suite_create()
 
        tc = tcase_create("add_pubkey_constraints parameters");
        tcase_add_loop_test(tc, test_sig_contraints_params, 0, countof(sig_constraints_params_tests));
+       tcase_add_loop_test(tc, test_sig_contraints_rsa_pss, 0, countof(sig_constraints_rsa_pss_tests));
        suite_add_tcase(s, tc);
 
        return s;
index e5dbc92..2dd9ea3 100644 (file)
@@ -395,7 +395,11 @@ connections.<conn>.local<suffix>.auth = pubkey
        algorithm that matches or exceeds the strength of the signature key.
        If no constraints with _ike:_ prefix are configured any signature scheme
        constraint (without _ike:_ prefix) will also apply to IKEv2 authentication,
-       unless this is disabled in **strongswan.conf**(5).
+       unless this is disabled in **strongswan.conf**(5). To use RSASSA-PSS
+       signatures use _rsa/pss_ instead of _pubkey_ or _rsa_ as in e.g.
+       _ike:rsa/pss-sha256_. If _pubkey_ or _rsa_ constraints are configured
+       RSASSA-PSS signatures will only be used if enabled in
+       **strongswan.conf**(5).
 
 connections.<conn>.local<suffix>.id =
        IKE identity to use for authentication round.
@@ -589,7 +593,10 @@ connections.<conn>.remote<suffix>.auth = pubkey
        constraints are configured (refer to the description of the **local**
        section's **auth** keyword for details), such key types and hash algorithms
        are also applied as constraints against IKEv2 signature authentication
-       schemes used by the remote side.
+       schemes used by the remote side. To require RSASSA-PSS signatures use
+       _rsa/pss_ instead of _pubkey_ or _rsa_ as in e.g. _rsa/pss-sha256_. If
+       _pubkey_ or _rsa_ constraints are configured RSASSA-PSS signatures will only
+       be accepted if enabled in **strongswan.conf**(5).
 
        To specify trust chain constraints for EAP-(T)TLS, append a colon to the
        EAP method, followed by the key type/size and hash algorithm as discussed