summaryrefslogtreecommitdiff
path: root/src/irmd/oap/cli.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/irmd/oap/cli.c')
-rw-r--r--src/irmd/oap/cli.c29
1 files changed, 28 insertions, 1 deletions
diff --git a/src/irmd/oap/cli.c b/src/irmd/oap/cli.c
index ea2a25d1..9472e331 100644
--- a/src/irmd/oap/cli.c
+++ b/src/irmd/oap/cli.c
@@ -439,10 +439,16 @@ static int do_client_kex_complete(struct oap_cli_ctx * s,
{
struct sec_config * kcfg = &s->kcfg;
uint8_t * id = s->id.data;
+ int cipher_nid;
+ int kdf_nid;
if (!IS_KEX_ALGO_SET(kcfg))
return 0;
+ /* Save client's configured minimums */
+ cipher_nid = kcfg->c.nid;
+ kdf_nid = kcfg->k.nid;
+
/* Accept server's cipher choice */
if (peer_hdr->cipher_str == NULL) {
log_err_id(id, "Server did not provide cipher.");
@@ -456,7 +462,28 @@ static int do_client_kex_complete(struct oap_cli_ctx * s,
return -ENOTSUP;
}
- log_dbg_id(id, "Accepted server cipher %s.", peer_hdr->cipher_str);
+ /* Verify server cipher >= client's minimum */
+ if (crypt_cipher_rank(kcfg->c.nid) < crypt_cipher_rank(cipher_nid)) {
+ log_err_id(id, "Server cipher %s too weak.",
+ peer_hdr->cipher_str);
+ return -ECRYPT;
+ }
+
+ log_dbg_id(id, "Accepted server cipher %s.",
+ peer_hdr->cipher_str);
+
+ /* Accept server's KDF for non-client-encap modes */
+ if (kcfg->x.mode != KEM_MODE_CLIENT_ENCAP
+ && peer_hdr->kdf_nid != NID_undef) {
+ if (crypt_kdf_rank(peer_hdr->kdf_nid)
+ < crypt_kdf_rank(kdf_nid)) {
+ log_err_id(id, "Server KDF too weak.");
+ return -ECRYPT;
+ }
+ SET_KEX_KDF_NID(kcfg, peer_hdr->kdf_nid);
+ log_dbg_id(id, "Accepted server KDF %s.",
+ md_nid_to_str(kcfg->k.nid));
+ }
/* Derive shared secret */
if (IS_KEM_ALGORITHM(kcfg->x.str))
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-18 21:18:45 +0000