From patchwork Mon Oct  8 07:16:18 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arne Schwabe <arne@rfc2549.org>
X-Patchwork-Id: 519
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director12.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend30.mail.ord1d.rsapps.net with LMTP id +BpILDGfu1u6FgAAIUCqbw
	for <patchwork@openvpn.net>; Mon, 08 Oct 2018 14:17:21 -0400
Received: from proxy4.mail.ord1d.rsapps.net ([172.30.191.6])
	by director12.mail.ord1d.rsapps.net with LMTP id kCtVKzGfu1vAXAAAIasKDg
	; Mon, 08 Oct 2018 14:17:21 -0400
Received: from smtp22.gate.ord1c ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy4.mail.ord1d.rsapps.net with LMTP id qIDeKjGfu1vYIwAAiYrejw
	; Mon, 08 Oct 2018 14:17:21 -0400
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.105.38.7]
Authentication-Results: smtp22.gate.ord1c.rsapps.net;
 iprev=pass policy.iprev="216.105.38.7";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=rfc2549.org
X-Suspicious-Flag: YES
X-Classification-ID: 651cb56a-cb26-11e8-9aa8-a0369f0d84d2-1-1
Received: from [216.105.38.7] ([216.105.38.7:50334]
 helo=lists.sourceforge.net)
	by smtp22.gate.ord1c.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384)
	id EA/A0-31982-03F9BBB5; Mon, 08 Oct 2018 14:17:20 -0400
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
	by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1g9a52-0005D5-66; Mon, 08 Oct 2018 18:16:32 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-4.v29.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 (envelope-from <arne@kamera.blinkt.de>) id 1g9a50-0005Cv-Oq
 for openvpn-devel@lists.sourceforge.NET; Mon, 08 Oct 2018 18:16:30 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To:
 From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=nqQpnl9RxRsIe0gK3GdRGEunV2JHhR5yvf62uuyMbik=; b=jTaXYNy4hpXY+96zs93Y5LutzU
 /U71K4CZLDJ0ytj6sTtg+bBdByRDM/ucvQ9qqPX/wVbF4ODfcle8M/eCbC7xRzgnP2HwPfoly6NfZ
 Qan65lW0T1Uz7EL6i4H9hQ/TD+tNo7GrrKyeWfhQw/F6OxEjsbMy1GjyRB2v5lNXvoVo=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=nqQpnl9RxRsIe0gK3GdRGEunV2JHhR5yvf62uuyMbik=; b=RvrGtb96NMCSed7EfmIEorPtbH
 mucmRofSPW5ONQeBwDtNGTUhUUmXAqKTPKSm9U9tEYaxHHE15PVv8N9t8pE3ErXtmpWYOjS9MPTsk
 yE12330B3byi5qfwhPqyvRboX0CMKoaZJL1w7Shekr58+aTbPk0/PxdXIdbxDKgMCpbc=;
Received: from mail.blinkt.de ([192.26.174.232])
 by sfi-mx-1.v28.lw.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1)
 id 1g9a4z-003OJr-F3
 for openvpn-devel@lists.sourceforge.NET; Mon, 08 Oct 2018 18:16:30 +0000
Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c])
 by mail.blinkt.de with smtp (Exim 4.91 (FreeBSD))
 (envelope-from <arne@kamera.blinkt.de>) id 1g9a4o-000AQ5-JO
 for openvpn-devel@lists.sourceforge.net; Mon, 08 Oct 2018 20:16:18 +0200
Received: (nullmailer pid 9029 invoked by uid 10006);
 Mon, 08 Oct 2018 18:16:18 -0000
From: Arne Schwabe <arne@rfc2549.org>
To: openvpn-devel@lists.sourceforge.net
Date: Mon,  8 Oct 2018 20:16:18 +0200
Message-Id: <20181008181618.8976-4-arne@rfc2549.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20181008181618.8976-1-arne@rfc2549.org>
References: <20181008181618.8976-1-arne@rfc2549.org>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
 domains are different
 0.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1g9a4z-003OJr-F3
Subject: [Openvpn-devel] [PATCH 4/4] Implement the nopadding option to
 management-external-key for mbed TLS
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

Although mbed TLS does not have a TLS 1.3 API yet and we do not really
know how mbed TLS will handle querying for TLS 1.3 signatures, being
able to use the same API with OpenSSL and mbed TLS is a nice feature.

Since mbed TLS does not expose a way to do pkcs1 padding, copy the
trimmed down version of the pkcs1 copy to the OpenVPN source code.
---
 src/openvpn/options.c     | 11 ++----
 src/openvpn/ssl_mbedtls.c | 72 ++++++++++++++++++++++++++++++++++++++-
 2 files changed, 73 insertions(+), 10 deletions(-)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 61762791..fb7d8333 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3025,11 +3025,11 @@ options_postprocess_verify(const struct options *o)
     }
 }
 
-#if defined(ENABLE_CRYPTOAPI) || (defined(ENABLE_CRYPTO_OPENSSL) && defined(ENABLE_MANAGEMENT))
+#if defined(ENABLE_CRYPTOAPI) || defined(ENABLE_MANAGEMENT)
 static void
 disable_tls13_if_avilable(struct options *o, const char* msg)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(ENABLE_CRYPTO_MBEDTLS)
     const int tls_version_max =
         (o->ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) &
             SSLF_TLS_VERSION_MAX_MASK;
@@ -3134,13 +3134,6 @@ options_postprocess_mutate(struct options *o)
     }
 #endif
 
-#if defined(ENABLE_CRYPTO_MBEDTLS) && defined(MANAGMENT_EXTERNAL_KEY)
-    if (o->management_flags & MF_EXTERNAL_KEY_NOPADDING)
-    {
-        msg(M_FATAL, "mbed TLS does not support the 'nopadding' argument for the --management-external-key option");
-    }
-#endif
-
 #if defined(ENABLE_CRYPTOAPI)
     if (o->cryptoapi_cert)
     {
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index 6b4ddaf4..bb7e954c 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -619,6 +619,59 @@ tls_ctx_use_external_signing_func(struct tls_root_ctx *ctx,
 }
 
 #ifdef ENABLE_MANAGEMENT
+/*
+ * Construct a PKCS v1.5 encoding of a hashed message.
+ *
+ * Taken and trimmed down version (only MBEDTLS_MD_NONE) of
+ * rsa_rsassa_pkcs1_v15_encode from mbedTLS 2.13.1 (53546ea0)
+ *
+ * This is used both for signature generation and verification.
+ *
+ * Parameters:
+ * - hashlen: Length of hash in case hashlen is MBEDTLS_MD_NONE.
+ * - hash:    Buffer containing the hashed message or the raw data.
+ * - dst_len: Length of the encoded message.
+ * - dst:     Buffer to hold the encoded message.
+ *
+ * Assumptions:
+ * - hash has size hashlen
+  * - dst points to a buffer of size at least dst_len.
+ *
+ */
+static int rsa_pkcs1_v15_pad(size_t hashlen, const unsigned char *hash,
+                             size_t dst_len, unsigned char *dst)
+{
+    size_t nb_pad    = dst_len;
+    unsigned char *p = dst;
+
+    if (nb_pad < hashlen)
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+
+    nb_pad -= hashlen;
+
+
+    /* Need space for signature header and padding delimiter (3 bytes),
+     * and 8 bytes for the minimal padding */
+    if (nb_pad < 3 + 8)
+    {
+        return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
+    }
+    nb_pad -= 3;
+
+    /* Now nb_pad is the amount of memory to be filled
+     * with padding, and at least 8 bytes long. */
+
+    /* Write signature header and padding */
+    *p++ = 0;
+    *p++ = MBEDTLS_RSA_SIGN;
+    memset(p, 0xFF, nb_pad);
+    p += nb_pad;
+    *p++ = 0;
+
+    /* we are signing raw data? */
+    memcpy(p, hash, hashlen);
+    return 0;
+}
 
 /** Query the management interface for a signature, see external_sign_func. */
 static bool
@@ -629,7 +682,24 @@ management_sign_func(void *sign_ctx, const void *src, size_t src_len,
     char *src_b64 = NULL;
     char *dst_b64 = NULL;
 
-    if (!management || (openvpn_base64_encode(src, src_len, &src_b64) <= 0))
+
+    if (!management)
+    {
+        goto cleanup;
+    }
+    if (management->settings.flags & MF_EXTERNAL_KEY_NOPADDING)
+    {
+        /*
+         * Add PKCS1 signature and replace input with it
+         * Use our output buffer also als temporary buffer
+         */
+        if ((!rsa_pkcs1_v15_pad(src_len, src, dst_len, dst))
+            || (openvpn_base64_encode(dst, dst_len, &src_b64) <= 0 ))
+        {
+            goto cleanup;
+        }
+    }
+    else if (openvpn_base64_encode(src, src_len, &src_b64) <= 0)
     {
         goto cleanup;
     }