From patchwork Tue Dec 14 05:59:19 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Selva Nair <selva.nair@gmail.com>
X-Patchwork-Id: 2170
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director8.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend41.mail.ord1d.rsapps.net with LMTP
	id QO+bEeTNuGGvWAAAqwncew
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 14 Dec 2021 12:01:24 -0500
Received: from proxy3.mail.ord1d.rsapps.net ([172.30.191.6])
	by director8.mail.ord1d.rsapps.net with LMTP
	id uDTWMuTNuGFSVQAAfY0hYg
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 14 Dec 2021 12:01:24 -0500
Received: from smtp20.gate.ord1d ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy3.mail.ord1d.rsapps.net with LMTPS
	id EAjoMeTNuGE/eAAA7WKfLA
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	for <patchwork@openvpn.net>; Tue, 14 Dec 2021 12:01:24 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp20.gate.ord1d.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net;
 dkim=fail (signature verification failed) header.d=gmail.com;
 dmarc=fail (p=none; dis=none) header.from=gmail.com
X-Suspicious-Flag: YES
X-Classification-ID: 7707e718-5cff-11ec-84f6-525400b8bfda-1-1
Received: from [216.105.38.7] ([216.105.38.7:60334]
 helo=lists.sourceforge.net)
	by smtp20.gate.ord1d.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 41/88-20620-3EDC8B16; Tue, 14 Dec 2021 12:01:24 -0500
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1mxB9z-0003K2-2T; Tue, 14 Dec 2021 17:00:15 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2)
 (envelope-from <selva.nair@gmail.com>) id 1mxB9x-0003Jr-Kx
 for openvpn-devel@lists.sourceforge.net; Tue, 14 Dec 2021 17:00:13 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=emvVBgtaNNDYKGxrz41E2o00m1DNr29hvYjhoURPFbE=; b=m0mcaNLBrIYGmsqwvsIK55lm7e
 k9XG6J+jHtysFWiPSkd3ob5jQeACPow2apM0Ge86BCig/cHh+jHebi9cfShtGmkeGeSM4FIXgAjvO
 46xQovzXgKClLtgwWS55T3Qpc4EkxTvyjeWaGpxwOxwZD4dvlW6Y2glTXVTuX4EMTcaw=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id:
 Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=emvVBgtaNNDYKGxrz41E2o00m1DNr29hvYjhoURPFbE=; b=cja4mmK57vMmLxAs/5FSQ4GkF+
 0WFG0O2YRf//g7O3jGyODoHMizwYM1ScdaKPzj1ZzNSP1IqvG8jOEMh5C5aVYlaKQJ3tNYmpSlTJV
 im8V2MgdsBk9ONWeR41x71U9LlIznxR29AR2Gw/eXQZFWwWCMga82kOPlON67gXkxfg0=;
Received: from mail-io1-f44.google.com ([209.85.166.44])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3)
 id 1mxB9o-0000bD-51
 for openvpn-devel@lists.sourceforge.net; Tue, 14 Dec 2021 17:00:11 +0000
Received: by mail-io1-f44.google.com with SMTP id e128so25344635iof.1
 for <openvpn-devel@lists.sourceforge.net>;
 Tue, 14 Dec 2021 09:00:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=emvVBgtaNNDYKGxrz41E2o00m1DNr29hvYjhoURPFbE=;
 b=BdBkRg6xXe1MHB/tOKHJqgk9yGCVvHYzkiefZJmnPspjoyBW91Zrpg6PVAsBqmVQ/1
 g9JY0YysKKmN6kk+HtRGQuZfhBcKZzJ+zI30HP8pMHSoJM0ydk3CmiBU2DZjGx2EZrUN
 gxSzIbRJ4AcfS2f/nEKD4uzrSsDLveaOzPVkavLtM1XKqcXV86QXgK2e0s9iZhXbn+VD
 gKX4WQv3e0flu+FHtKuGfOeQbAPM8//alvblY0ni2RyBelmZ3vahspK8hqEpZgxguWBm
 yGnGWLjVJgq4oNYzcZRfthi+W1nJZfMcHLHEsjUOutkUL5vPjoiKJFUFFBNC9009yY7e
 UwjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=emvVBgtaNNDYKGxrz41E2o00m1DNr29hvYjhoURPFbE=;
 b=zssek9pNQNczMbAuj+j/gD9Law/gFcgrfIH73qRYRZRjrbMF6kFjr8Mc3LvNuKUdLM
 71WQeY6D3TGQx48vSZTywa/4aEtxb28DhqG7KIJLespHt9d1dk+hNPCyzZweStvevA8P
 jlBz3+fY9gFhVTc+7z6y6HbFypgw6BdfvrPG5nsd96v0GWztFQsVOjBhKkmqIBxDMavc
 pN39JD28QyVpWp25vitcLhw6bdRkd4LB5tencXBBUlpmzvRIvFJjmcIrWJiKjkI72AE9
 TTkwHIhIfva9I0PDxYUukJijH5wzlXBhQGR9u2VPi9e3ltjHfyxGeNEHv+Xz70QuCH8x
 fSwg==
X-Gm-Message-State: AOAM531a65hIOAy112aJI8M6SLeQ/WR1L0M7Qa5ZTI2ZMaTTEyf97+RT
 OAFwb5VjCPBxQzNlboGSdFR6/cJMoAc=
X-Google-Smtp-Source: 
 ABdhPJyxW8/2iVyUhz4NFWEjn5nbr2qSETXwOzJutr1+a8IG9shJyd22WBcxU/TwnF6sjkGY8LdLMg==
X-Received: by 2002:a05:6638:4101:: with SMTP id
 ay1mr3588547jab.180.1639501198360;
 Tue, 14 Dec 2021 08:59:58 -0800 (PST)
Received: from uranus.home.sansel.ca
 (bras-vprn-tnhlon4053w-lp130-02-70-51-223-8.dsl.bell.ca. [70.51.223.8])
 by smtp.gmail.com with ESMTPSA id e9sm178778ilm.44.2021.12.14.08.59.57
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 14 Dec 2021 08:59:58 -0800 (PST)
From: selva.nair@gmail.com
To: openvpn-devel@lists.sourceforge.net
Date: Tue, 14 Dec 2021 11:59:19 -0500
Message-Id: <20211214165928.30676-10-selva.nair@gmail.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20211214165928.30676-1-selva.nair@gmail.com>
References: <20211214165928.30676-1-selva.nair@gmail.com>
MIME-Version: 1.0
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  From: Selva Nair The --management-external-key option can
 currently indicate support for 'nopadding' or 'pkcs1' signatures in the
 client.
 Add 'pss' as an option to announce that PSS signing requests are accepted.
 Content analysis details:   (-0.2 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [209.85.166.44 listed in list.dnswl.org]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [selva.nair[at]gmail.com]
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
 [209.85.166.44 listed in wl.mailspike.net]
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1mxB9o-0000bD-51
Subject: [Openvpn-devel] [PATCH v3 09/18] Allow management client to
 announce pss padding support
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

From: Selva Nair <selva.nair@gmail.com>

The --management-external-key option can currently indicate support
for 'nopadding' or 'pkcs1' signatures in the client. Add 'pss' as an
option to announce that PSS signing requests are accepted.

To match, extend the algorithm string in PK_SIGN request to
include the following format:

- RSA_PKCS1_PSS_PADDING,hashlag=name,saltlen=[max|digest]

Here 'name' is the short common name of the hash algorithm.
E.g., SHA1, SHA256 etc.

Existing formats 'ECDSA' and 'RSA_PKCS1_PADDING' are unchanged.

v2 changes: Fix typos and other sloppiness in documentation and
commit message.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-By: Arne Schwabe <arne@rfc2549.org>
---
 doc/man-sections/management-options.rst |  8 +++++++-
 doc/management-notes.txt                | 22 ++++++++++++++++++----
 src/openvpn/manage.h                    |  1 +
 src/openvpn/options.c                   | 11 ++++++++---
 4 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/doc/man-sections/management-options.rst b/doc/man-sections/management-options.rst
index de0d47e7..b173a1ea 100644
--- a/doc/man-sections/management-options.rst
+++ b/doc/man-sections/management-options.rst
@@ -90,9 +90,15 @@ server and client mode operations.
      management-external-key
      management-external-key nopadding
      management-external-key pkcs1
+     management-external-key pss
+
+  or any combination like:
+  ::
+
      management-external-key nopadding pkcs1
+     management-external-key pkcs1 pss
 
-  The optional parameters :code:`nopadding` and :code:`pkcs1` signal
+  The optional parameters :code:`nopadding` :code:`pkcs1` and :code:`pss` signal
   support for different padding algorithms. See
   :code:`doc/mangement-notes.txt` for a complete description of this
   feature.
diff --git a/doc/management-notes.txt b/doc/management-notes.txt
index 84e3d04b..169a5efe 100644
--- a/doc/management-notes.txt
+++ b/doc/management-notes.txt
@@ -1019,10 +1019,24 @@ can be indicated in the signing request only if the client version is > 2"
 
 The currently defined padding algorithms are:
 
- - RSA_PKCS1_PADDING  -  PKCS1 padding and RSA signature
- - RSA_NO_PADDING     -  No padding may be added for the signature
- - ECDSA              -  EC signature.
-
+ - RSA_PKCS1_PADDING            -  PKCS1 padding and RSA signature
+ - RSA_NO_PADDING               -  No padding may be added for the signature
+ - ECDSA                        -  EC signature.
+ - RSA_PKCS1_PSS_PADDING,params -  RSA signature with PSS padding
+
+   The params for PSS are specified as 'hashalg=name,saltlen=[max|digest]'.
+
+   The hashalg names are short common names such as SHA256, SHA224, etc.
+   PSS saltlen="digest" means use the same size as the hash to sign, while
+   "max" indicates maximum possible saltlen which is
+   '(nbits-1)/8 - hlen - 2'. Here 'nbits' is the number of bits in the
+   key modulus and 'hlen' the size in octets of the hash.
+   (See: RFC 8017 sec 8.1.1 and 9.1.1)
+
+   In the case of PKCS1_PADDING, when the hash algorithm is not legacy
+   MD5-SHA1, the hash is encoded with DigestInfo header before presenting
+   to the management interface. This is identical to CKM_RSA_PKCS in Cryptoki
+   as well as what RSA_private_encrypt() in OpenSSL expects.
 
 COMMAND -- certificate (OpenVPN 2.4 or higher)
 ----------------------------------------------
diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h
index 04dc98d1..5ed27c0c 100644
--- a/src/openvpn/manage.h
+++ b/src/openvpn/manage.h
@@ -339,6 +339,7 @@ struct management *management_init(void);
 #define MF_QUERY_REMOTE             (1<<13)
 #define MF_QUERY_PROXY              (1<<14)
 #define MF_EXTERNAL_CERT            (1<<15)
+#define MF_EXTERNAL_KEY_PSSPAD      (1<<16)
 
 bool management_open(struct management *man,
                      const char *addr,
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index fb427410..3ec9025b 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -60,6 +60,7 @@
 #include "forward.h"
 #include "ssl_verify.h"
 #include "platform.h"
+#include "xkey_common.h"
 #include <ctype.h>
 
 #include "memdbg.h"
@@ -2207,14 +2208,14 @@ options_postprocess_verify_ce(const struct options *options,
 
 #endif /* ifdef ENABLE_MANAGEMENT */
 
-#if  defined(ENABLE_MANAGEMENT)
+#if defined(ENABLE_MANAGEMENT) && !defined(HAVE_XKEY_PROVIDER)
     if ((tls_version_max() >= TLS_VER_1_3)
         && (options->management_flags & MF_EXTERNAL_KEY)
         && !(options->management_flags & (MF_EXTERNAL_KEY_NOPADDING))
         )
     {
-        msg(M_ERR, "management-external-key with OpenSSL 1.1.1 requires "
-            "the nopadding argument/support");
+        msg(M_FATAL, "management-external-key with TLS 1.3 or later requires "
+            "nopadding argument/support");
     }
 #endif
     /*
@@ -5571,6 +5572,10 @@ add_option(struct options *options,
             {
                 options->management_flags |= MF_EXTERNAL_KEY_PKCS1PAD;
             }
+            else if (streq(p[j], "pss"))
+            {
+                options->management_flags |= MF_EXTERNAL_KEY_PSSPAD;
+            }
             else
             {
                 msg(msglevel, "Unknown management-external-key flag: %s", p[j]);