mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-23 18:49:54 +00:00
Code Issues Releases Wiki Activity

Make dnssec-keygen FIPS mode aware

Browse Source 
- Reject SHA1 based key generation
- Increase the minimum RSA key size to 2048 bits
This commit is contained in:
Mark Andrews 2021-12-17 17:43:58 +11:00
parent e7aa100e9b
commit 0a8f44a8f7
2 changed files with 54 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bin/dnssec/Makefile.am
View File

@ -12,7 +12,8 @@ noinst_LTLIBRARIES = libdnssectool.la
LDADD += \ LDADD += \
libdnssectool.la \ libdnssectool.la \
$(LIBISC_LIBS) \ $(LIBISC_LIBS) \
$(LIBDNS_LIBS) $(LIBDNS_LIBS) \
$(OPENSSL_LIBS)
bin_PROGRAMS = \ bin_PROGRAMS = \
dnssec-cds \ dnssec-cds \
@ -31,7 +32,8 @@ libdnssectool_la_SOURCES = \
dnssec_keygen_CPPFLAGS = \ dnssec_keygen_CPPFLAGS = \
$(AM_CPPFLAGS) \ $(AM_CPPFLAGS) \
$(LIBISCCFG_CFLAGS) $(LIBISCCFG_CFLAGS) \
$(OPENSSL_CFLAGS)
dnssec_keygen_LDADD = \ dnssec_keygen_LDADD = \
$(LDADD) \ $(LDADD) \

59
bin/dnssec/dnssec-keygen.c
View File

@ -36,6 +36,7 @@
#include <isc/attributes.h> #include <isc/attributes.h>
#include <isc/buffer.h> #include <isc/buffer.h>
#include <isc/commandline.h> #include <isc/commandline.h>
#include <isc/fips.h>
#include <isc/mem.h> #include <isc/mem.h>
#include <isc/region.h> #include <isc/region.h>
#include <isc/result.h> #include <isc/result.h>
@ -61,9 +62,17 @@
#include "dnssectool.h" #include "dnssectool.h"
#define MAX_RSA 4096 /* should be long enough... */ #define MAX_RSA 4096 /* should be long enough... */
#define MAX_DH 4096 /* should be long enough... */
const char *program = "dnssec-keygen"; const char *program = "dnssec-keygen";
/*
* These are are set here for backwards compatibility. They are
* raised to 2048 in FIPS mode.
*/
static int min_rsa = 1024;
static int min_dh = 128;
isc_log_t *lctx = NULL; isc_log_t *lctx = NULL;
noreturn static void noreturn static void
@ -139,16 +148,22 @@ usage(void) {
fprintf(stderr, " -l <file>: configuration file with dnssec-policy " fprintf(stderr, " -l <file>: configuration file with dnssec-policy "
"statement\n"); "statement\n");
fprintf(stderr, " -a <algorithm>:\n"); fprintf(stderr, " -a <algorithm>:\n");
if (!isc_fips_mode()) {
fprintf(stderr, " RSASHA1 | NSEC3RSASHA1 |\n"); fprintf(stderr, " RSASHA1 | NSEC3RSASHA1 |\n");
}
fprintf(stderr, " RSASHA256 | RSASHA512 |\n"); fprintf(stderr, " RSASHA256 | RSASHA512 |\n");
fprintf(stderr, " ECDSAP256SHA256 | ECDSAP384SHA384 |\n"); fprintf(stderr, " ECDSAP256SHA256 | ECDSAP384SHA384 |\n");
fprintf(stderr, " ED25519 | ED448\n"); fprintf(stderr, " ED25519 | ED448\n");
fprintf(stderr, " -3: use NSEC3-capable algorithm\n"); fprintf(stderr, " -3: use NSEC3-capable algorithm\n");
fprintf(stderr, " -b <key size in bits>:\n"); fprintf(stderr, " -b <key size in bits>:\n");
fprintf(stderr, " RSASHA1:\t[1024..%d]\n", MAX_RSA); if (!isc_fips_mode()) {
fprintf(stderr, " NSEC3RSASHA1:\t[1024..%d]\n", MAX_RSA); fprintf(stderr, " RSASHA1:\t[%d..%d]\n", min_rsa,
fprintf(stderr, " RSASHA256:\t[1024..%d]\n", MAX_RSA); MAX_RSA);
fprintf(stderr, " RSASHA512:\t[1024..%d]\n", MAX_RSA); fprintf(stderr, " NSEC3RSASHA1:\t[%d..%d]\n", min_rsa,
MAX_RSA);
}
fprintf(stderr, " RSASHA256:\t[%d..%d]\n", min_rsa, MAX_RSA);
fprintf(stderr, " RSASHA512:\t[%d..%d]\n", min_rsa, MAX_RSA);
fprintf(stderr, " ECDSAP256SHA256:\tignored\n"); fprintf(stderr, " ECDSAP256SHA256:\tignored\n");
fprintf(stderr, " ECDSAP384SHA384:\tignored\n"); fprintf(stderr, " ECDSAP384SHA384:\tignored\n");
fprintf(stderr, " ED25519:\tignored\n"); fprintf(stderr, " ED25519:\tignored\n");
@ -318,6 +333,17 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) {
fatal("unsupported algorithm: %s", algstr); fatal("unsupported algorithm: %s", algstr);
} }
if (isc_fips_mode()) {
/* verify only in FIPS mode */
switch (ctx->alg) {
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
fatal("unsupported algorithm: %s", algstr);
default:
break;
}
}
if (ctx->use_nsec3) { if (ctx->use_nsec3) {
switch (ctx->alg) { switch (ctx->alg) {
case DST_ALG_RSASHA1: case DST_ALG_RSASHA1:
@ -360,6 +386,11 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) {
switch (ctx->alg) { switch (ctx->alg) {
case DST_ALG_RSASHA1: case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1: case DST_ALG_NSEC3RSASHA1:
if (isc_fips_mode()) {
fatal("key size not specified (-b "
"option)");
}
FALLTHROUGH;
case DST_ALG_RSASHA256: case DST_ALG_RSASHA256:
case DST_ALG_RSASHA512: case DST_ALG_RSASHA512:
ctx->size = 2048; ctx->size = 2048;
@ -515,14 +546,14 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) {
switch (ctx->alg) { switch (ctx->alg) {
case DNS_KEYALG_RSASHA1: case DNS_KEYALG_RSASHA1:
case DNS_KEYALG_NSEC3RSASHA1: case DNS_KEYALG_NSEC3RSASHA1:
case DNS_KEYALG_RSASHA256: if (isc_fips_mode()) {
if (ctx->size != 0 && (ctx->size < 1024 || ctx->size > MAX_RSA)) fatal("SHA1 based keys not supported in FIPS mode");
{
fatal("RSA key size %d out of range", ctx->size);
} }
break; FALLTHROUGH;
case DNS_KEYALG_RSASHA256:
case DNS_KEYALG_RSASHA512: case DNS_KEYALG_RSASHA512:
if (ctx->size != 0 && (ctx->size < 1024 || ctx->size > MAX_RSA)) if (ctx->size != 0 &&
(ctx->size < min_rsa || ctx->size > MAX_RSA))
{ {
fatal("RSA key size %d out of range", ctx->size); fatal("RSA key size %d out of range", ctx->size);
} }
@ -1106,6 +1137,14 @@ main(int argc, char **argv) {
fatal("could not initialize dst: %s", isc_result_totext(ret)); fatal("could not initialize dst: %s", isc_result_totext(ret));
} }
/*
* After dst_lib_init which will set FIPS mode if requested
* at build time. The minumums are both raised to 2048.
*/
if (isc_fips_mode()) {
min_rsa = min_dh = 2048;
}
setup_logging(mctx, &lctx); setup_logging(mctx, &lctx);
ctx.rdclass = strtoclass(classname); ctx.rdclass = strtoclass(classname);