diff --git a/Dockerfile b/Dockerfile index 151fa345..b21da622 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,6 +21,7 @@ RUN \ export CGO_ENABLED=0 && \ export GOOS=linux && \ export GOARCH=amd64 && \ + export GOEXPERIMENT=boringcrypto && \ go build -v -trimpath -ldflags "$(hack/get-ldflags.sh) -w -s" -o /usr/local/bin/pinniped-concierge-kube-cert-agent ./cmd/pinniped-concierge-kube-cert-agent/... && \ go build -v -trimpath -ldflags "$(hack/get-ldflags.sh) -w -s" -o /usr/local/bin/pinniped-server ./cmd/pinniped-server/... && \ ln -s /usr/local/bin/pinniped-server /usr/local/bin/pinniped-concierge && \ diff --git a/ciphers.txt b/ciphers.txt new file mode 100644 index 00000000..d573f98a --- /dev/null +++ b/ciphers.txt @@ -0,0 +1,73 @@ +Obtaining cipher list from LibreSSL 3.3.6. +Testing AEAD-AES256-GCM-SHA384...YES +Testing AEAD-CHACHA20-POLY1305-SHA256...YES +Testing AEAD-AES128-GCM-SHA256...YES +Testing ECDHE-RSA-AES256-GCM-SHA384...YES +Testing ECDHE-ECDSA-AES256-GCM-SHA384...YES +Testing ECDHE-RSA-AES256-SHA384...YES +Testing ECDHE-ECDSA-AES256-SHA384...YES +Testing ECDHE-RSA-AES256-SHA...YES +Testing ECDHE-ECDSA-AES256-SHA...YES +Testing DHE-RSA-AES256-GCM-SHA384...YES +Testing DHE-RSA-AES256-SHA256...YES +Testing DHE-RSA-AES256-SHA...YES +Testing ECDHE-ECDSA-CHACHA20-POLY1305...YES +Testing ECDHE-RSA-CHACHA20-POLY1305...YES +Testing DHE-RSA-CHACHA20-POLY1305...YES +Testing GOST2012256-GOST89-GOST89...YES +Testing DHE-RSA-CAMELLIA256-SHA256...YES +Testing DHE-RSA-CAMELLIA256-SHA...YES +Testing GOST2001-GOST89-GOST89...YES +Testing AECDH-AES256-SHA...YES +Testing ADH-AES256-GCM-SHA384...YES +Testing ADH-AES256-SHA256...YES +Testing ADH-AES256-SHA...YES +Testing ADH-CAMELLIA256-SHA256...YES +Testing ADH-CAMELLIA256-SHA...YES +Testing AES256-GCM-SHA384...YES +Testing AES256-SHA256...YES +Testing AES256-SHA...YES +Testing CAMELLIA256-SHA256...YES +Testing CAMELLIA256-SHA...YES +Testing ECDHE-RSA-AES128-GCM-SHA256...YES +Testing ECDHE-ECDSA-AES128-GCM-SHA256...YES +Testing ECDHE-RSA-AES128-SHA256...YES +Testing ECDHE-ECDSA-AES128-SHA256...YES +Testing ECDHE-RSA-AES128-SHA...YES +Testing ECDHE-ECDSA-AES128-SHA...YES +Testing DHE-RSA-AES128-GCM-SHA256...YES +Testing DHE-RSA-AES128-SHA256...YES +Testing DHE-RSA-AES128-SHA...YES +Testing DHE-RSA-CAMELLIA128-SHA256...YES +Testing DHE-RSA-CAMELLIA128-SHA...YES +Testing AECDH-AES128-SHA...YES +Testing ADH-AES128-GCM-SHA256...YES +Testing ADH-AES128-SHA256...YES +Testing ADH-AES128-SHA...YES +Testing ADH-CAMELLIA128-SHA256...YES +Testing ADH-CAMELLIA128-SHA...YES +Testing AES128-GCM-SHA256...YES +Testing AES128-SHA256...YES +Testing AES128-SHA...YES +Testing CAMELLIA128-SHA256...YES +Testing CAMELLIA128-SHA...YES +Testing ECDHE-RSA-RC4-SHA...YES +Testing ECDHE-ECDSA-RC4-SHA...YES +Testing AECDH-RC4-SHA...YES +Testing ADH-RC4-MD5...YES +Testing RC4-SHA...YES +Testing RC4-MD5...YES +Testing ECDHE-RSA-DES-CBC3-SHA...YES +Testing ECDHE-ECDSA-DES-CBC3-SHA...YES +Testing EDH-RSA-DES-CBC3-SHA...YES +Testing AECDH-DES-CBC3-SHA...YES +Testing ADH-DES-CBC3-SHA...YES +Testing DES-CBC3-SHA...YES +Testing ECDHE-RSA-NULL-SHA...YES +Testing ECDHE-ECDSA-NULL-SHA...YES +Testing GOST2012256-NULL-STREEBOG256...YES +Testing GOST2001-NULL-GOST94...YES +Testing AECDH-NULL-SHA...YES +Testing NULL-SHA256...YES +Testing NULL-SHA...YES +Testing NULL-MD5...YES diff --git a/fips-ciphers.txt b/fips-ciphers.txt new file mode 100644 index 00000000..e6f3cdcf --- /dev/null +++ b/fips-ciphers.txt @@ -0,0 +1,73 @@ +Obtaining cipher list from LibreSSL 3.3.6. +Testing AEAD-AES256-GCM-SHA384...NO (sslv3 alert handshake failure) +Testing AEAD-CHACHA20-POLY1305-SHA256...NO (sslv3 alert handshake failure) +Testing AEAD-AES128-GCM-SHA256...NO (sslv3 alert handshake failure) +Testing ECDHE-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure) +Testing ECDHE-ECDSA-AES256-GCM-SHA384...YES +Testing ECDHE-RSA-AES256-SHA384...NO (sslv3 alert handshake failure) +Testing ECDHE-ECDSA-AES256-SHA384...NO (sslv3 alert handshake failure) +Testing ECDHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure) +Testing ECDHE-ECDSA-AES256-SHA...NO (sslv3 alert handshake failure) +Testing DHE-RSA-AES256-GCM-SHA384...NO (sslv3 alert handshake failure) +Testing DHE-RSA-AES256-SHA256...NO (sslv3 alert handshake failure) +Testing DHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure) +Testing ECDHE-ECDSA-CHACHA20-POLY1305...NO (sslv3 alert handshake failure) +Testing ECDHE-RSA-CHACHA20-POLY1305...NO (sslv3 alert handshake failure) +Testing DHE-RSA-CHACHA20-POLY1305...NO (sslv3 alert handshake failure) +Testing GOST2012256-GOST89-GOST89...NO (sslv3 alert handshake failure) +Testing DHE-RSA-CAMELLIA256-SHA256...NO (sslv3 alert handshake failure) +Testing DHE-RSA-CAMELLIA256-SHA...NO (sslv3 alert handshake failure) +Testing GOST2001-GOST89-GOST89...NO (sslv3 alert handshake failure) +Testing AECDH-AES256-SHA...NO (sslv3 alert handshake failure) +Testing ADH-AES256-GCM-SHA384...NO (sslv3 alert handshake failure) +Testing ADH-AES256-SHA256...NO (sslv3 alert handshake failure) +Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure) +Testing ADH-CAMELLIA256-SHA256...NO (sslv3 alert handshake failure) +Testing ADH-CAMELLIA256-SHA...NO (sslv3 alert handshake failure) +Testing AES256-GCM-SHA384...NO (sslv3 alert handshake failure) +Testing AES256-SHA256...NO (sslv3 alert handshake failure) +Testing AES256-SHA...NO (sslv3 alert handshake failure) +Testing CAMELLIA256-SHA256...NO (sslv3 alert handshake failure) +Testing CAMELLIA256-SHA...NO (sslv3 alert handshake failure) +Testing ECDHE-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure) +Testing ECDHE-ECDSA-AES128-GCM-SHA256...YES +Testing ECDHE-RSA-AES128-SHA256...NO (sslv3 alert handshake failure) +Testing ECDHE-ECDSA-AES128-SHA256...NO (sslv3 alert handshake failure) +Testing ECDHE-RSA-AES128-SHA...NO (sslv3 alert handshake failure) +Testing ECDHE-ECDSA-AES128-SHA...NO (sslv3 alert handshake failure) +Testing DHE-RSA-AES128-GCM-SHA256...NO (sslv3 alert handshake failure) +Testing DHE-RSA-AES128-SHA256...NO (sslv3 alert handshake failure) +Testing DHE-RSA-AES128-SHA...NO (sslv3 alert handshake failure) +Testing DHE-RSA-CAMELLIA128-SHA256...NO (sslv3 alert handshake failure) +Testing DHE-RSA-CAMELLIA128-SHA...NO (sslv3 alert handshake failure) +Testing AECDH-AES128-SHA...NO (sslv3 alert handshake failure) +Testing ADH-AES128-GCM-SHA256...NO (sslv3 alert handshake failure) +Testing ADH-AES128-SHA256...NO (sslv3 alert handshake failure) +Testing ADH-AES128-SHA...NO (sslv3 alert handshake failure) +Testing ADH-CAMELLIA128-SHA256...NO (sslv3 alert handshake failure) +Testing ADH-CAMELLIA128-SHA...NO (sslv3 alert handshake failure) +Testing AES128-GCM-SHA256...NO (sslv3 alert handshake failure) +Testing AES128-SHA256...NO (sslv3 alert handshake failure) +Testing AES128-SHA...NO (sslv3 alert handshake failure) +Testing CAMELLIA128-SHA256...NO (sslv3 alert handshake failure) +Testing CAMELLIA128-SHA...NO (sslv3 alert handshake failure) +Testing ECDHE-RSA-RC4-SHA...NO (sslv3 alert handshake failure) +Testing ECDHE-ECDSA-RC4-SHA...NO (sslv3 alert handshake failure) +Testing AECDH-RC4-SHA...NO (sslv3 alert handshake failure) +Testing ADH-RC4-MD5...NO (sslv3 alert handshake failure) +Testing RC4-SHA...NO (sslv3 alert handshake failure) +Testing RC4-MD5...NO (sslv3 alert handshake failure) +Testing ECDHE-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure) +Testing ECDHE-ECDSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure) +Testing EDH-RSA-DES-CBC3-SHA...NO (sslv3 alert handshake failure) +Testing AECDH-DES-CBC3-SHA...NO (sslv3 alert handshake failure) +Testing ADH-DES-CBC3-SHA...NO (sslv3 alert handshake failure) +Testing DES-CBC3-SHA...NO (sslv3 alert handshake failure) +Testing ECDHE-RSA-NULL-SHA...NO (sslv3 alert handshake failure) +Testing ECDHE-ECDSA-NULL-SHA...NO (sslv3 alert handshake failure) +Testing GOST2012256-NULL-STREEBOG256...NO (sslv3 alert handshake failure) +Testing GOST2001-NULL-GOST94...NO (sslv3 alert handshake failure) +Testing AECDH-NULL-SHA...NO (sslv3 alert handshake failure) +Testing NULL-SHA256...NO (sslv3 alert handshake failure) +Testing NULL-SHA...NO (sslv3 alert handshake failure) +Testing NULL-MD5...NO (sslv3 alert handshake failure) diff --git a/internal/crypto/fips/fips_strict.go b/internal/crypto/fips/fips_strict.go deleted file mode 100644 index 827fd8b4..00000000 --- a/internal/crypto/fips/fips_strict.go +++ /dev/null @@ -1,12 +0,0 @@ -// Copyright 2023 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -//go:build goexperiment.boringcrypto -// +build goexperiment.boringcrypto - -package fips - -import ( - "C" // explicitly import cgo so that runtime/cgo gets linked into the kube-cert-agent - _ "crypto/tls/fipsonly" // restricts all TLS configuration to FIPS-approved settings. -) diff --git a/internal/crypto/ptls/default.go b/internal/crypto/ptls/default.go index 99fecfde..4cbddc2a 100644 --- a/internal/crypto/ptls/default.go +++ b/internal/crypto/ptls/default.go @@ -1,8 +1,8 @@ // Copyright 2021-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 -//go:build !boringcrypto -// +build !boringcrypto +//go:build !goexperiment.boringcrypto +// +build !goexperiment.boringcrypto package ptls diff --git a/internal/crypto/ptls/fips_strict.go b/internal/crypto/ptls/fips_strict.go deleted file mode 100644 index e1062923..00000000 --- a/internal/crypto/ptls/fips_strict.go +++ /dev/null @@ -1,80 +0,0 @@ -// Copyright 2022-2023 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -// The configurations here override the usual ptls.Secure, ptls.Default, and ptls.DefaultLDAP -// configs when Pinniped is built in fips-only mode. -// All of these are the same because FIPs is already so limited. -//go:build goexperiment.boringcrypto -// +build goexperiment.boringcrypto - -package ptls - -import ( - "crypto/tls" - "crypto/x509" - "os" - "path/filepath" - "runtime" - - "k8s.io/apiserver/pkg/server/options" - - // Cause fipsonly tls mode with this side effect import. - _ "go.pinniped.dev/internal/crypto/fips" - "go.pinniped.dev/internal/plog" -) - -// Always use TLS 1.2 for FIPs -const secureServingOptionsMinTLSVersion = "VersionTLS12" -const SecureTLSConfigMinTLSVersion = tls.VersionTLS12 - -func init() { - switch filepath.Base(os.Args[0]) { - case "pinniped-server", "pinniped-supervisor", "pinniped-concierge", "pinniped-concierge-kube-cert-agent": - default: - return // do not print FIPS logs if we cannot confirm that we are running a server binary - } - - // this init runs before we have parsed our config to determine our log level - // thus we must use a log statement that will always print instead of conditionally print - plog.Always("using boring crypto in fips only mode", "go version", runtime.Version()) -} - -func Default(rootCAs *x509.CertPool) *tls.Config { - return &tls.Config{ - // goboring requires TLS 1.2 and only TLS 1.2 - MinVersion: SecureTLSConfigMinTLSVersion, - MaxVersion: SecureTLSConfigMinTLSVersion, - - // enable HTTP2 for go's 1.7 HTTP Server - // setting this explicitly is only required in very specific circumstances - // it is simpler to just set it here than to try and determine if we need to - NextProtos: []string{"h2", "http/1.1"}, - - // optional root CAs, nil means use the host's root CA set - RootCAs: rootCAs, - - // This is all of the fips-approved ciphers. - // The list is hard-coded for convenience of testing. - // This is kept in sync with the boring crypto compiler via TestFIPSCipherSuites. - CipherSuites: []uint16{ - tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - tls.TLS_RSA_WITH_AES_128_GCM_SHA256, - tls.TLS_RSA_WITH_AES_256_GCM_SHA384, - }, - } -} - -func Secure(rootCAs *x509.CertPool) *tls.Config { - return Default(rootCAs) -} - -func DefaultLDAP(rootCAs *x509.CertPool) *tls.Config { - return Default(rootCAs) -} - -func secureServing(opts *options.SecureServingOptionsWithLoopback) { - defaultServing(opts) -} diff --git a/internal/crypto/ptls/secure.go b/internal/crypto/ptls/secure.go index 4dbe4eeb..c6c2c78c 100644 --- a/internal/crypto/ptls/secure.go +++ b/internal/crypto/ptls/secure.go @@ -1,8 +1,8 @@ // Copyright 2021-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 -//go:build !boringcrypto -// +build !boringcrypto +//go:build !goexperiment.boringcrypto +// +build !goexperiment.boringcrypto package ptls diff --git a/test/testlib/securetls_preference_fips.go b/test/testlib/securetls_preference_fips.go deleted file mode 100644 index acf677b9..00000000 --- a/test/testlib/securetls_preference_fips.go +++ /dev/null @@ -1,13 +0,0 @@ -// Copyright 2022-2023 the Pinniped contributors. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 - -//go:build goexperiment.boringcrypto -// +build goexperiment.boringcrypto - -package testlib - -// Because of a bug in nmap, the cipher suite preference is -// incorrectly shown as 'client' in some cases. -// in fips-only mode, it correctly shows the cipher preference -// as 'server', while in non-fips mode it shows as 'client'. -const cipherSuitePreference = "server" diff --git a/test/testlib/securetls_preference_nonfips.go b/test/testlib/securetls_preference_nonfips.go index beb5659c..678d496d 100644 --- a/test/testlib/securetls_preference_nonfips.go +++ b/test/testlib/securetls_preference_nonfips.go @@ -1,8 +1,8 @@ // Copyright 2022-2023 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 -//go:build !boringcrypto -// +build !boringcrypto +//go:build !goexperiment.boringcrypto +// +build !goexperiment.boringcrypto package testlib diff --git a/test_ciphers.sh b/test_ciphers.sh new file mode 100755 index 00000000..64949f31 --- /dev/null +++ b/test_ciphers.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +# OpenSSL requires the port number. +SERVER=$1 +DELAY=1 +ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g') + +echo Obtaining cipher list from $(openssl version). + +for cipher in ${ciphers[@]} +do + echo -n Testing $cipher... + result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1) + if [[ "$result" =~ ":error:" ]] ; then + error=$(echo -n $result | cut -d':' -f6) + echo NO \($error\) + else + if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher :" ]] ; then + echo YES + else + echo UNKNOWN RESPONSE + echo $result + fi + fi + sleep $DELAY +done