radius_authz [2001:db8::123:45]
radius_acct [2001:db8::123:46]
+#
+# Quantum Computing Protection. When set, these flags assure that
+# TLS connections are only accepted when they are protected from
+# attacks with Quantum Computers. This is quite restrictive; the
+# algorithms known to fail include RSA, DSA, ECDSA and even plain
+# DH and ECDH.
+#
+# The level of protection in `quantum_proof_authentication` sets
+# the selection of any mechanisms usable for signatures proving
+# the identity of the client and/or server. This is the minimum
+# level, but it may already be steep in a transitioning phase.
+#
+# The level of protection in `quantum_proof_encryption` sets the
+# privacy of the connection, but applies to the application level
+# and not the handshake.
+#
+# The level of protection in `quantum_proof_names` adds privacy
+# for the identities exchanged during the handshake (and is quite
+# restrictive).
+#
+# Initially, these flags will be disabled by default while it is too early
+# to make the switch. However, as soon as it becomes practical,
+# any new releases of the TLS Pool will enable them by default.
+# The trigger for this will be when sufficient software supports
+# Quantum Proof cipher suites. Note that this is not the same
+# as every site administrator having rolled out this software; if
+# we wait for that to complete we create a new chicken/egg
+# problem, much like IPv6 which is hampered by continued use
+# or the "temporary" stop-gap measure NAT. The TLS Pool is
+# part of the ARPA2 mindset that wants to get over such
+# critical-mass problems.
+#
+# If you feel you need to actively disable any flags, overriding
+# the defaults, the suggestion is to plan a future date at which
+# this temporary setting will be undone, and announce it brightly
+# and clearly to all parties that you are in contact with. Plan to
+# change vendors if they don't seem to meet your deadlines.
+# Quantum Computing is a serious threat and must not wait
+# until every remote fool has gotten the point.
+#
+# quantum_proof_authentication = yes
+# quantum_proof_encryption = yes
+# quantum_proof_handshake = yes
char *cfg_krb_server_keytab (void);
char *cfg_krb_client_credcache (void);
char *cfg_krb_server_credcache (void);
+bool cfg_postquantum_auth (void);
+bool cfg_postquantum_encrypt (void);
+bool cfg_postquantum_handshake (void);
/* error.c -- Mapping various error code systems to others.
#include "whoami.h"
#include <stdlib.h>
+#include <stdbool.h>
#include <stdio.h>
#include <ctype.h>
#include <string.h>
CFGVAR_KRB_SERVER_KEYTAB,
CFGVAR_KRB_CLIENT_CREDCACHE,
CFGVAR_KRB_SERVER_CREDCACHE,
+ CFGVAR_POSTQUANTUM_AUTH,
+ CFGVAR_POSTQUANTUM_ENCRYPT,
+ CFGVAR_POSTQUANTUM_HANDSHAKE,
//
CFGVAR_LENGTH,
CFGVAR_NONE = -1
"kerberos_server_keytab", cfg_setvar, CFGVAR_KRB_SERVER_KEYTAB,
"kerberos_client_credcache",cfg_setvar, CFGVAR_KRB_CLIENT_CREDCACHE,
"kerberos_server_credcache",cfg_setvar, CFGVAR_KRB_SERVER_CREDCACHE,
+ "quantum_proof_authentication",cfg_setvar, CFGVAR_POSTQUANTUM_AUTH,
+ "quantum_proof_encryption",cfg_setvar, CFGVAR_POSTQUANTUM_ENCRYPT,
+ "quantum_proof_handshake",cfg_setvar, CFGVAR_POSTQUANTUM_HANDSHAKE,
//
NULL, NULL, CFGVAR_NONE
};
return configvars [CFGVAR_KRB_SERVER_CREDCACHE];
}
+static char *nope [] = { "NO", "No", "no", "FALSE", "False", "false", "NOPE", "Nope", "nope", "NAY", "Nay", "nay", "0", NULL };
+static char *yep [] = { "YES", "Yes", "yes", "TRUE", "True", "true", "YEP", "Yep", "yep", "AYE", "Aye", "aye", "1", NULL };
+
+/* Tactical phase 1. Default to no because we lack general algorithms */
+bool cfg_postquantum_auth (void) {
+ // Commemmorable selection:
+ static char **jawohl = yep;
+ if (configvars [CFGVAR_POSTQUANTUM_AUTH] != NULL) {
+ while (*jawohl) {
+ if (strstr (configvars [CFGVAR_POSTQUANTUM_AUTH], *jawohl)) {
+ return true;
+ }
+ jawohl++;
+ }
+ }
+ // No match; err on the forgiving side
+ return false;
+}
+
+/* Tactical phase 1. Default to no because we lack general algorithms */
+bool cfg_postquantum_encrypt (void) {
+ // Commemmorable selection:
+ static char **jawohl = yep;
+ if (configvars [CFGVAR_POSTQUANTUM_ENCRYPT] != NULL) {
+ while (*jawohl) {
+ if (strstr (configvars [CFGVAR_POSTQUANTUM_ENCRYPT], *jawohl)) {
+ return true;
+ }
+ jawohl++;
+ }
+ }
+ // No match; err on the forgiving side
+ return false;
+}
+
+/* Tactical phase 1. Default to no because we lack general algorithms */
+bool cfg_postquantum_handshake (void) {
+ // Commemmorable selection:
+ static char **jawohl = yep;
+ if (configvars [CFGVAR_POSTQUANTUM_HANDSHAKE] != NULL) {
+ while (*jawohl) {
+ if (strstr (configvars [CFGVAR_POSTQUANTUM_HANDSHAKE], *jawohl)) {
+ return true;
+ }
+ jawohl++;
+ }
+ }
+ // No match; err on the forgiving side
+ return false;
+}
// - CTYPEs, SRP, ANON-or-not --> fill in as + or - characters
if (gtls_errno == GNUTLS_E_SUCCESS) {
char priostr [512];
+ //
+ // Check for Post Quantum algorithm requests; except for
+ // TLS-KDH these are not available yet, so when any of them
+ // is set in this early stage, the handshake should fail.
+ bool pq_auth = cfg_postquantum_auth ();
+ bool pq_encr = cfg_postquantum_encrypt ();
+ bool pq_shak = cfg_postquantum_handshake ();
#ifdef HAVE_TLS_KDH
+ //
+ // With TLS-KDH we can achieve Post Quantum authentication
+ // and encryption. When using KXOVER though, mind the gap!
+ // The handshake cannot be protected; it may never be.
+ if (pq_shak) {
+ gtls_errno = GNUTLS_E_NO_CIPHER_SUITES;
+ }
snprintf (priostr, sizeof (priostr)-1,
// "NORMAL:-RSA:" -- also ECDH-RSA, ECDHE-RSA, ...DSA...
"NONE:"
#endif
);
#else
+ //
+ // Beyond TLS-KDH, the hopes for Post Quantum security
+ // are basically none. This will be remedied, and at
+ // that time we should update the generation of the
+ // priority string with the algorithm preferences.
+ if (pq_auth || pq_encr || pq_shak) {
+ gtls_errno = GNUTLS_E_NO_CIPHER_SUITES;
+ }
+ //
// It's not possible to make good decisions on certificate type
// for both sides based on knowledge of local authentication
// abilities. So we permit all (but would like to be subtler).
projects / tlspool / commitdiff