diff --git a/policies/modules/OSPP.pmod b/policies/modules/OSPP.pmod index d93d1c7..3d5ea43 100644 --- a/policies/modules/OSPP.pmod +++ b/policies/modules/OSPP.pmod @@ -1,24 +1,43 @@ # Restrict FIPS policy for the Common Criteria OSPP profile. -# Hashes: only SHA1, SHA2-256, SHA2-384, and SHA2-512 -# MACs: HMAC with only SHA1, SHA2-256, SHA2-384, and SHA2-512 -# Curves: only P-256, P-384, and P-521 -# SSH ciphers: only AES in CTR, CBC, and GCM modes -# TLS ciphers: only AES in CBC and GCM modes -# SSH MACs: only hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha2-512 -# SSH key exchange: only diffie-hellman-group14-sha1, ecdh-sha2-nistp256, -# ecdh-sha2-nistp384, ecdh-sha2-nistp521 -# TLS protocols: TLS = 1.2, DTLS = 1.2 +# SSH (upper limit) +# Ciphers: aes128-ctr, aes256-ctr, aes128-cbc, aes256-cbc, aes128-gcm@openssh.com, aes256-gcm@openssh.com +# PubkeyAcceptedKeyTypes: rsa-sha2-256, rsa‑sha2‑512, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384 +# MACs: hmac-sha2-256, hmac-sha2-512, implicit for aes128-gcm@openssh.com, aes256-gcm@openssh.com +# KexAlgorithms: ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521 + +# TLS ciphers (suggested minimal set for openssl) +# * TLS_RSA_WITH_AES_128_CBC_SHA - excluded by FIPS, uses RSA key exchange +# * TLS_RSA_WITH_AES_256_CBC_SHA - excluded by FIPS, uses RSA key exchange +# * TLS_RSA_WITH_AES_128_CBC_SHA256 - excluded by FIPS, uses RSA key exchange +# * TLS_RSA_WITH_AES_256_CBC_SHA256 - excluded by FIPS, uses RSA key exchange +# * TLS_RSA_WITH_AES_128_GCM_SHA256 - excluded by FIPS, uses RSA key exchange +# * TLS_RSA_WITH_AES_256_GCM_SHA384 - excluded by FIPS, uses RSA key exchange +# * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 +# * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 +# * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 +# * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 +# * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 +# * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +# * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - disabled in openssl itself +# * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +# * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 +# * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +# * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - disabled in openssl itself +# * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +# Supported Groups Extension in ClientHello: secp256r1, secp384r1, secp521r1 + +mac = -HMAC-SHA1 # see above, both SSH and TLS ended up not using it hash = -SHA2-224 -SHA3-256 -SHA3-384 -SHA3-512 -ssh_group = -FFDHE-4096 -FFDHE-8192 +sign = -ECDSA-SHA2-512 -cipher = -AES-256-CTR -AES-128-CTR -AES-256-CCM -AES-128-CCM - -ssh_cipher = -AES-256-CCM -AES-128-CCM +ssh_group = -FFDHE-2048 -FFDHE-4096 -FFDHE-8192 +cipher = -AES-256-CCM -AES-128-CCM -AES-256-CTR -AES-128-CTR tls_cipher = -AES-256-CCM -AES-128-CCM +ssh_cipher = -AES-256-CCM -AES-128-CCM ssh_certs = 0 ssh_etm = 0 diff --git a/python/policygenerators/libssh.py b/python/policygenerators/libssh.py index aa2afa6..7590853 100644 --- a/python/policygenerators/libssh.py +++ b/python/policygenerators/libssh.py @@ -64,14 +64,25 @@ class LibsshGenerator(ConfigGenerator): } sign_map = { - 'RSA-SHA1':'ssh-rsa,ssh-rsa-cert-v01@openssh.com', - 'DSA-SHA1':'ssh-dss,ssh-dss-cert-v01@openssh.com', - 'RSA-SHA2-256':'rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com', - 'RSA-SHA2-512':'rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com', - 'ECDSA-SHA2-256':'ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com', - 'ECDSA-SHA2-384':'ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com', - 'ECDSA-SHA2-512':'ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com', - 'EDDSA-ED25519':'ssh-ed25519,ssh-ed25519-cert-v01@openssh.com', + 'RSA-SHA1':'ssh-rsa', + 'DSA-SHA1':'ssh-dss', + 'RSA-SHA2-256':'rsa-sha2-256', + 'RSA-SHA2-512':'rsa-sha2-512', + 'ECDSA-SHA2-256':'ecdsa-sha2-nistp256', + 'ECDSA-SHA2-384':'ecdsa-sha2-nistp384', + 'ECDSA-SHA2-512':'ecdsa-sha2-nistp521', + 'EDDSA-ED25519':'ssh-ed25519', + } + + sign_map_certs = { + 'RSA-SHA1':'ssh-rsa-cert-v01@openssh.com', + 'DSA-SHA1':'ssh-dss-cert-v01@openssh.com', + 'RSA-SHA2-256':'rsa-sha2-256-cert-v01@openssh.com', + 'RSA-SHA2-512':'rsa-sha2-512-cert-v01@openssh.com', + 'ECDSA-SHA2-256':'ecdsa-sha2-nistp256-cert-v01@openssh.com', + 'ECDSA-SHA2-384':'ecdsa-sha2-nistp384-cert-v01@openssh.com', + 'ECDSA-SHA2-512':'ecdsa-sha2-nistp521-cert-v01@openssh.com', + 'EDDSA-ED25519':'ssh-ed25519-cert-v01@openssh.com', } @classmethod @@ -131,6 +142,11 @@ class LibsshGenerator(ConfigGenerator): s = cls.append(s, cls.sign_map[i], sep) except KeyError: pass + if p['ssh_certs'] == 1: + try: + s = cls.append(s, cls.sign_map_certs[i], sep) + except KeyError: + pass if s: cfg += 'HostKeyAlgorithms ' + s + '\n' diff --git a/tests/outputs/FIPS:OSPP-gnutls.txt b/tests/outputs/FIPS:OSPP-gnutls.txt index 3fee972..f5313c7 100644 --- a/tests/outputs/FIPS:OSPP-gnutls.txt +++ b/tests/outputs/FIPS:OSPP-gnutls.txt @@ -1 +1 @@ -SYSTEM=NONE:+MAC-ALL:-MD5:+GROUP-ALL:-GROUP-X25519:-GROUP-X448:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-RSA-SHA1:-SIGN-DSA-SHA1:-SIGN-ECDSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:-SIGN-EDDSA-ED25519:-SIGN-EDDSA-ED448:+CIPHER-ALL:-AES-256-CCM:-AES-128-CCM:-CHACHA20-POLY1305:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:-3DES-CBC:-ARCFOUR-128:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-RSA:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.3:-VERS-DTLS1.0:+COMP-NULL:%PROFILE_MEDIUM +SYSTEM=NONE:+MAC-ALL:-SHA1:-MD5:+GROUP-ALL:-GROUP-X25519:-GROUP-X448:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-RSA-SHA1:-SIGN-DSA-SHA1:-SIGN-ECDSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:-SIGN-ECDSA-SHA512:-SIGN-EDDSA-ED25519:-SIGN-EDDSA-ED448:+CIPHER-ALL:-AES-256-CCM:-AES-128-CCM:-CHACHA20-POLY1305:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:-3DES-CBC:-ARCFOUR-128:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-RSA:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.3:-VERS-DTLS1.0:+COMP-NULL:%PROFILE_MEDIUM diff --git a/tests/outputs/FIPS:OSPP-java.txt b/tests/outputs/FIPS:OSPP-java.txt index a1e0efb..cee6775 100644 --- a/tests/outputs/FIPS:OSPP-java.txt +++ b/tests/outputs/FIPS:OSPP-java.txt @@ -1,4 +1,4 @@ jdk.tls.ephemeralDHKeySize=2048 jdk.certpath.disabledAlgorithms=MD2, SHA3_256, SHA3_384, SHA3_512, SHA224, SHA1, MD5, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=DH keySize < 2048, SSLv2, SSLv3, TLSv1, TLSv1.1, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, AES_256_CCM, AES_128_CCM, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, HmacMD5 +jdk.tls.disabledAlgorithms=DH keySize < 2048, SSLv2, SSLv3, TLSv1, TLSv1.1, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, AES_256_CCM, AES_128_CCM, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, HmacSHA1, HmacMD5 jdk.tls.legacyAlgorithms= diff --git a/tests/outputs/FIPS:OSPP-libreswan.txt b/tests/outputs/FIPS:OSPP-libreswan.txt index d0abeb3..b124edb 100644 --- a/tests/outputs/FIPS:OSPP-libreswan.txt +++ b/tests/outputs/FIPS:OSPP-libreswan.txt @@ -2,4 +2,4 @@ conn %default ikev2=insist pfs=yes ike=aes_gcm256-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes_gcm128-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes128-sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18 - esp=aes_gcm256,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 + esp=aes_gcm256,aes256-sha2_512+sha2_256,aes_gcm128,aes128-sha2_256 diff --git a/tests/outputs/FIPS:OSPP-libssh.txt b/tests/outputs/FIPS:OSPP-libssh.txt index 268a7d9..9f2a500 100644 --- a/tests/outputs/FIPS:OSPP-libssh.txt +++ b/tests/outputs/FIPS:OSPP-libssh.txt @@ -1,5 +1,5 @@ Ciphers aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -MACs hmac-sha2-256,hmac-sha1,hmac-sha2-512 +MACs hmac-sha2-256,hmac-sha2-512 KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 -HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com -PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com +HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,rsa-sha2-256,rsa-sha2-512 +PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,rsa-sha2-256,rsa-sha2-512 diff --git a/tests/outputs/FIPS:OSPP-nss.txt b/tests/outputs/FIPS:OSPP-nss.txt index 0ca1ab0..f57c78c 100644 --- a/tests/outputs/FIPS:OSPP-nss.txt +++ b/tests/outputs/FIPS:OSPP-nss.txt @@ -1,6 +1,6 @@ library= name=Policy NSS=flags=policyOnly,moduleDB -config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:aes256-cbc:aes128-gcm:aes128-cbc:SHA256:SHA384:SHA512:ECDHE-RSA:ECDHE-ECDSA:DHE-RSA:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048" +config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:aes256-cbc:aes128-gcm:aes128-cbc:SHA256:SHA384:SHA512:ECDHE-RSA:ECDHE-ECDSA:DHE-RSA:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048" diff --git a/tests/outputs/FIPS:OSPP-openssh.txt b/tests/outputs/FIPS:OSPP-openssh.txt index 0d4a306..d479fd9 100644 --- a/tests/outputs/FIPS:OSPP-openssh.txt +++ b/tests/outputs/FIPS:OSPP-openssh.txt @@ -1,6 +1,6 @@ Ciphers aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -MACs hmac-sha2-256,hmac-sha1,hmac-sha2-512 +MACs hmac-sha2-256,hmac-sha2-512 GSSAPIKeyExchange no -KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256 -PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 -CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 +KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 +PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,rsa-sha2-256,rsa-sha2-512 +CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,rsa-sha2-256,rsa-sha2-512 diff --git a/tests/outputs/FIPS:OSPP-opensshserver.txt b/tests/outputs/FIPS:OSPP-opensshserver.txt index 7b79afd..9dfe945 100644 --- a/tests/outputs/FIPS:OSPP-opensshserver.txt +++ b/tests/outputs/FIPS:OSPP-opensshserver.txt @@ -1 +1 @@ -CRYPTO_POLICY='-oCiphers=aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256,hmac-sha1,hmac-sha2-512 -oGSSAPIKeyExchange=no -oKexAlgorithms=ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512' \ No newline at end of file +CRYPTO_POLICY='-oCiphers=aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256,hmac-sha2-512 -oGSSAPIKeyExchange=no -oKexAlgorithms=ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,rsa-sha2-256,rsa-sha2-512 -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,rsa-sha2-256,rsa-sha2-512 -oCASignatureAlgorithms=ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,rsa-sha2-256,rsa-sha2-512' \ No newline at end of file diff --git a/tests/outputs/FIPS:OSPP-openssl.txt b/tests/outputs/FIPS:OSPP-openssl.txt index ab6781a..2fd0ca2 100644 --- a/tests/outputs/FIPS:OSPP-openssl.txt +++ b/tests/outputs/FIPS:OSPP-openssl.txt @@ -1 +1 @@ -@SECLEVEL=2:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK:-kRSA:-aDSS:-CHACHA20-POLY1305:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:-AESCCM:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 \ No newline at end of file +@SECLEVEL=2:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK:-kRSA:-aDSS:-CHACHA20-POLY1305:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:-AESCCM:-SHA1:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 \ No newline at end of file diff --git a/tests/outputs/FIPS:OSPP-opensslcnf.txt b/tests/outputs/FIPS:OSPP-opensslcnf.txt index 6d403a5..9f37b4b 100644 --- a/tests/outputs/FIPS:OSPP-opensslcnf.txt +++ b/tests/outputs/FIPS:OSPP-opensslcnf.txt @@ -1,5 +1,5 @@ -CipherString = @SECLEVEL=2:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK:-kRSA:-aDSS:-CHACHA20-POLY1305:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:-AESCCM:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 +CipherString = @SECLEVEL=2:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK:-kRSA:-aDSS:-CHACHA20-POLY1305:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:-AESCCM:-SHA1:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 MinProtocol = TLSv1.2 MaxProtocol = TLSv1.2 -SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:rsa_pss_pss_sha256:rsa_pss_rsae_sha256:rsa_pss_pss_sha384:rsa_pss_rsae_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 \ No newline at end of file +SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:rsa_pss_pss_sha256:rsa_pss_rsae_sha256:rsa_pss_pss_sha384:rsa_pss_rsae_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 \ No newline at end of file