From patchwork Wed Aug 18 11:33:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1914 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id WK3DEyV9HWGECAAAIUCqbw (envelope-from ) for ; Wed, 18 Aug 2021 17:35:33 -0400 Received: from proxy13.mail.ord1d.rsapps.net ([172.30.191.6]) by director9.mail.ord1d.rsapps.net with LMTP id 4HSmEyV9HWF7KAAAalYnBA (envelope-from ) for ; Wed, 18 Aug 2021 17:35:33 -0400 Received: from smtp35.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy13.mail.ord1d.rsapps.net with LMTPS id CAksEyV9HWF7SAAAgjf6aA (envelope-from ) for ; Wed, 18 Aug 2021 17:35:33 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp35.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 37231a72-006c-11ec-82c8-525400a7b7b4-1-1 Received: from [216.105.38.7] ([216.105.38.7:55624] helo=lists.sourceforge.net) by smtp35.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id C2/84-06640-42D7D116; Wed, 18 Aug 2021 17:35:32 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1mGTCQ-00070S-Kh; Wed, 18 Aug 2021 21:34:14 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1mGTCM-000708-3u for openvpn-devel@lists.sourceforge.net; Wed, 18 Aug 2021 21:34:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=RwjVgbnPmgOk+JCd8DiupihuE/c0zkDVveY43gWXW2w=; b=gUlfaw64OwA/9mvEnZO2fU94xV tFw3WX1QkMBq9H3EHJuGAmg4TM01pfP8Qe2YtBYo7J+W3kqZbwIhcCltMebzge64bOqdblaaw3VgB 3rtmvxhBawehaz7+Q7aKRQaRMUeDle1pkVt8/vxNsv4IhSmOuytHSzn2jFj1Tm5+04+Y=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=RwjVgbnPmgOk+JCd8DiupihuE/c0zkDVveY43gWXW2w=; b=iPkALM3FRuwBf2d41dE7drClbW yUl3df4q0fwfCzKQ2nY9GabcsiWQxBTjDhcWGZuV/+CEMr7D50ZVTFCwcsfmM5beIPgnheKf6Bdcx 450zTzkbYr+2IZDCviJgDWC69i9hAojOa2gGwTcN/vJaMKr77kJ7nKvSnfnryMVHQDtg=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mGTCK-00AtZ7-EB for openvpn-devel@lists.sourceforge.net; Wed, 18 Aug 2021 21:34:10 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1mGTC6-000MKS-Ea for openvpn-devel@lists.sourceforge.net; Wed, 18 Aug 2021 23:33:54 +0200 Received: (nullmailer pid 687785 invoked by uid 10006); Wed, 18 Aug 2021 21:33:54 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 18 Aug 2021 23:33:54 +0200 Message-Id: <20210818213354.687736-2-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210818213354.687736-1-arne@rfc2549.org> References: <20210818213354.687736-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Most TLS 1.3 libraries inlcude the Chacha20-Poly1305 based cipher suite beside the AES-GCM based ones int he list of default ciphers suites. Chacha20-Poly1305 is accepted as good alternative AEAD algo [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1mGTCK-00AtZ7-EB Subject: [Openvpn-devel] [PATCH 2/2] Include Chacha20-Poly1305 into default --data-ciphers when available X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Most TLS 1.3 libraries inlcude the Chacha20-Poly1305 based cipher suite beside the AES-GCM based ones int he list of default ciphers suites. Chacha20-Poly1305 is accepted as good alternative AEAD algorithm to the AES-GCM algorithm by crypto community. Follow this and include Chacha20-Poly1305 by default in data-ciphers when available. This makes picking Chacha20-Poly1305 easier as it only requires to change server (by changing priority) or client side (removing AES-GCM from data-ciphers) to change to Chacha20-Poly1305. Signed-off-by: Arne Schwabe Acked-by: Antonio Quartulli --- Changes.rst | 5 +++++ doc/man-sections/cipher-negotiation.rst | 3 ++- doc/man-sections/protocol-options.rst | 3 ++- src/openvpn/options.c | 25 ++++++++++++++++++++++++- 4 files changed, 33 insertions(+), 3 deletions(-) diff --git a/Changes.rst b/Changes.rst index 0323a7f7a..637ed97a6 100644 --- a/Changes.rst +++ b/Changes.rst @@ -65,6 +65,11 @@ Deprecated features This option mainly served a role as debug option when NCP was first introduced. It should now no longer be necessary. + +User-visible Changes +-------------------- +- CHACHA20-POLY1305 is included in the default of ``--data-ciphers`` when available. + Overview of changes in 2.5 ========================== diff --git a/doc/man-sections/cipher-negotiation.rst b/doc/man-sections/cipher-negotiation.rst index a2feb5f9c..423b5ab6a 100644 --- a/doc/man-sections/cipher-negotiation.rst +++ b/doc/man-sections/cipher-negotiation.rst @@ -18,7 +18,8 @@ with a AUTH_FAILED message (as seen in client log): OpenVPN 2.5 will only allow the ciphers specified in ``--data-ciphers``. To ensure backwards compatibility also if a cipher is specified using the ``--cipher`` option it is automatically added to this list. If both options are unset the default is -:code:`AES-256-GCM:AES-128-GCM`. +:code:`AES-256-GCM:AES-128-GCM`. In 2.6 and later the default is changed to +:code:`AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305` when Chacha20-Poly1305 is available. OpenVPN 2.4 clients ------------------- diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index 5ae780e1f..0fef90f7b 100644 --- a/doc/man-sections/protocol-options.rst +++ b/doc/man-sections/protocol-options.rst @@ -192,7 +192,8 @@ configured in a compatible way between both the local and remote side. --data-ciphers cipher-list Restrict the allowed ciphers to be negotiated to the ciphers in ``cipher-list``. ``cipher-list`` is a colon-separated list of ciphers, - and defaults to :code:`AES-256-GCM:AES-128-GCM`. + and defaults to :code:`AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305` when + Chacha20-Poly1305 is available and otherwise :code:`AES-256-GCM:AES-128-GCM`. For servers, the first cipher from ``cipher-list`` that is also supported by the client will be pushed to clients that support cipher diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 7e146db90..9c01d6a1d 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -842,7 +842,6 @@ init_options(struct options *o, const bool init_gc) o->stale_routes_check_interval = 0; o->ifconfig_pool_persist_refresh_freq = 600; o->scheduled_exit_interval = 5; - o->ncp_ciphers = "AES-256-GCM:AES-128-GCM"; o->authname = "SHA1"; o->prng_hash = "SHA1"; o->prng_nonce_secret_len = 16; @@ -3077,6 +3076,29 @@ options_postprocess_verify(const struct options *o) } } +/** + * Checks for availibility of Chacha20-Poly1305 and sets + * the ncp_cipher to either AES-256-GCM:AES-128-GCM or + * AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305. + */ +static void +options_postprocess_setdefault_ncpciphers(struct options *o) +{ + if (o->ncp_ciphers) + { + /* custom --data-ciphers set, keep list */ + return; + } + else if (cipher_kt_get("CHACHA20-POLY1305")) + { + o->ncp_ciphers = "AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305"; + } + else + { + o->ncp_ciphers = "AES-256-GCM:AES-128-GCM"; + } +} + static void options_postprocess_cipher(struct options *o) { @@ -3137,6 +3159,7 @@ options_postprocess_mutate(struct options *o) helper_keepalive(o); helper_tcp_nodelay(o); + options_postprocess_setdefault_ncpciphers(o); options_postprocess_cipher(o); options_postprocess_mutate_invariant(o);