eIDClientConnection: Set only two cipher suites (RSA-PSK-AES...) for eID Client PAOS connection

BeID-lab / eIDClientCore

Präambel: Die Humboldt-Universität zu Berlin, Unter den Linden 6, 10099 Berlin, im Folgenden als Humboldt-Universität bezeichnet, stellt für die Anwendung im Zusammenhang mit deutschen hoheitlichen Dokumenten, wie beispielsweise den neuen Personalausweis und den elektronischen Aufenthaltstitel, eine clientseitige eID-Basis-Software zum Bereitstellen der sogenannten eID-Funktionalität, d.h. Ermöglichen eines elektronischen Identitätsnachweises, die sich an den Richtlinien des BSI TR-03110, TR-03112, TR-03130 orientiert, bereit, und zwar in dem Entwicklungszustand, in dem sie sich zum Zeitpunkt der Bereitstellung befindet. Diese Software, die im Folgenden als eIDClientCore bezeichnet wird, hat die Humboldt-Universität von der Bundesdruckerei GmbH, Oranienstraße 91, 10969 Berlin zur Verwendung in Lehre und Forschung sowie zur Bereitstellung an die Öffentlichkeit („Hosten“) für die allgemeine Prüfung und Verwendung durch jedermann erhalten.

15 stars 16 forks source link

eIDClientConnection: Set only two cipher suites (RSA-PSK-AES...) for eID Client PAOS connection #21

Closed psytester closed 9 years ago

psytester commented 9 years ago

As the eID Client has to use RSA-PSK cipher suite only for PAOS connection, please change the eIDClientConnection code in that way that we have a separated eIDClientConnectionStartHttp() function which will set the CURL cipher suite to those BOTH: "RSA-PSK-AES256-CBC-SHA:RSA-PSK-AES128-CBC-SHA256" only and not with additional ":HIGH" as seen: line 374: curlVal = curl_easy_setopt(curl, CURLOPT_SSL_CIPHER_LIST, "RSA-PSK-AES256-CBC-SHA:HIGH");

Why those both RSA-PSK? RSA-PSK-AES256-CBC-SHA RSA-PSK-AES128-CBC-SHA256

see references: BSI TR-03112 Teil 7 "eCard-API-Framework – Protocols", Version 1.1.4 chapter 2.4.1.2 "TLS with pre-shared keys" states: "Implementations MUST support TLS_RSA_PSK_WITH_AES_256_CBC_SHA. Additional PSK cipher suites according to [TR-03116], Part 4, MAY be supported"

BSI TR-03116- Teil 4 "Kryptographische Vorgaben für Projekte der Bundesregierung" 2.1.2.1Sonderfälle table 3 states: "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"

frankmorgner commented 9 years ago

:HIGH allows reusing this code also for standard SSL connections, e.g. for establishing the initial connection to the service provider. After all, I think we are complying with the TRs, because we are supporting what MUST be supported. I think the TRs do not exclude ciphers...

psytester commented 9 years ago

The code to change is in eIDClientCore.cpp at StartConnection() line 350 and 360 where another function call of eIDClientConnectionStartHttp() has to be used where this new ConnectionStartHttp will Setup only those both ciphers.

Code reusage with additional :HIGH is no way since TLS Handshake with the eID Service will give a list of Cipher Suite in TLS ClientHello and the eID Service is NOT choosing the RSA-PSK cipher and the Connection is finally rejected. It is because during the TLS handshake there is no payload to select the right TLS Settings. PAOS payload is done after successful TLS handshake, but that's too late.

frankmorgner commented 9 years ago

I see, looks like we need to work around this stupid behavior of the eID service...

frankmorgner commented 9 years ago

The fix is trivial: If psk is given in eIDClientConnectionStartHttp choose only the PSK cipher suites and HIGH otherwise.

wolfmueller commented 9 years ago

Fixed :-)