問題描述
SChannel 中的密碼套件選擇 (Cipher suite selection in SChannel)
我已經實現(Windows 10.0.17763.0/VS2017/C++)一個客戶端/服務器應用程序,它使用 schannel 進行安全通信。現在的要求是僅使用一組密碼套件進行某些客戶端和服務器之間的通信。
使用 BCryptAddContextFunction/BCryptRemoveContextFunction API 我可以更改 SChannel 中支持的密碼,但這是系統範圍的設置,而不是只是為了我的申請。為了以編程方式控制它,我嘗試在 AcquireCredentialsHandle 中使用 ALG_ID。下面是我的應用應該支持的唯一密碼套件。
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_2李> 問題是,
- 我如何允許 only AES_GCM 批量加密?當我將 CALG_AES 添加到列表中時,AES_GCM 和 AES_CBC 都被允許。
- 我該怎麼做控制簽名?添加 CALG_ECDH_EPHEM 啟用了 TLS_ECDHE_ECDSA 和 TLS_ECDHE_RSA,我只需要 TLS_ECDHE_RSA。將 CALG_RSA_SIGN 添加到 ALG_ID 刪除了 TLS_ECDHE_ECDSA 但它盯著允許 TLS_RSA_* 密碼套件。
- 如何控制簽名?添加 CALG_ECDH_EPHEM 啟用了 TLS_ECDHE_ECDSA 和 TLS_ECDHE_RSA,我只需要 TLS_ECDHE_RSA。將 CALG_RSA_SIGN 添加到 ALG_ID 刪除了 TLS_ECDHE_ECDSA 但它盯著允許 TLS_RSA_* 密碼套件。
- 如何控制簽名?添加 CALG_ECDH_EPHEM 啟用了 TLS_ECDHE_ECDSA 和 TLS_ECDHE_RSA,我只需要 TLS_ECDHE_RSA。將 CALG_RSA_SIGN 添加到 ALG_ID 刪除了 TLS_ECDHE_ECDSA 但它盯著允許 TLS_RSA_* 密碼套件。
參考解法
方法 1:
You can use the SCH_CREDENTIALS structure instead of the SCHANNEL_CRED when calling AcquireCredentialsHandle function.
You create TLS_PARAMETERS with an array of CRYPTO_SETTINGS structures. Each CRYPTO_SETTINGS structure define restrictions for key exchange, signature, digest, and bulk cipher algorithms . Then you can select a combination that satisfies your application requirements. This structure (SCH_CREDENTIALS) work with the SCHANNEL_USE_BLACKLIST flag /approach, disabling what you do not need for the specified TLS session. With the right combination of eAlgorithmUsage and strCngAlgId members of the CRYPTO_SETTINGS structures I think you achieve the desired behavior of the TLS session.
See https://docs.microsoft.com/en‑us/windows/win32/api/schannel/ns‑schannel‑sch_credentials
https://docs.microsoft.com/en‑us/windows/win32/api/schannel/ns‑schannel‑tls_parameters
For example, If you include AES_CBC in one of the restriction with the appropriate eAlgorithmUsage member value, in this case TlsParametersCngAlgUsageCipher, it should be excluded from the session as bulk encryption algorithm. Make sure to exclude AES_GCM from the restrictions with that eAlgorithmUsage.
Regarding controlling signature algorithms, the CRYPTO_SETTINGS structure eAlgorithmUsage member with the value of TlsParametersCngAlgUsageSignature restrict the use of the algorithm assigned to the strCngAlgId member as a signature algorithms for that session. You can also determine the minimum and maximum lengths to restrict.
Finally,
"The DisabledByDefault value in the registry keys under the Protocols key does not take precedence over the grbitEnabledProtocols value that is defined in the SCHANNEL_CRED structure that contains the data for an Schannel credential." (https://docs.microsoft.com/en‑us/troubleshoot/windows‑server/windows‑security/restrict‑cryptographic‑algorithms‑protocols‑schannel).
That is also to be true on the grbitDisabledProtocols member of the TLS_PARAMETER structure for that TLS session.
If you elaborate the right combination of restrictions for signature algorithms, key exchange, bulk encryption, and digest you can filter the undesired algorithms out of a specific position in the cipher suite.
(by user13987403、opena)