From patchwork Fri Feb 17 04:20:23 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steffan Karger <steffan@karger.me>
X-Patchwork-Id: 92
Return-Path: <steffan@karger.me>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director6.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 nYPVCmnlFVrFVAAAgoeIoA
	for <patchwork@openvpn.net>; Wed, 22 Nov 2017 16:00:25 -0500
Received: from proxy14.mail.ord1d.rsapps.net ([172.30.191.6])
	by director6.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 UajVFmnlFVpneAAAhgvE6Q
	; Wed, 22 Nov 2017 16:00:25 -0500
Received: from smtp9.gate.ord1d ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy14.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 m5olDGnlFVpRZwAAtEH5vw
	; Wed, 22 Nov 2017 16:00:25 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
Authentication-Results: smtp9.gate.ord1d.rsapps.net
 x-tls.subject="/C=US/ST=California/L=Mountain View/O=Google
 Inc/CN=smtp.gmail.com"; auth=pass (cipher=AES128-GCM-SHA256)
X-Virus-Scanned: OK
X-Orig-To: patchwork@openvpn.net
X-Originating-Ip: [74.125.82.66]
Authentication-Results: smtp9.gate.ord1d.rsapps.net;
 iprev=pass policy.iprev="74.125.82.66";
 spf=pass smtp.mailfrom="steffan@karger.me"
 smtp.helo="mail-wm0-f66.google.com";
 dkim=pass header.d=karger-me.20150623.gappssmtp.com; dmarc=none (p=nil;
 dis=none) header.from=karger.me
X-Classification-ID: 2875d588-cfc8-11e7-99f5-525400bd3b1f-1-1
Received: from [74.125.82.66] ([74.125.82.66:38771]
 helo=mail-wm0-f66.google.com)
	by smtp9.gate.ord1d.rsapps.net (envelope-from <steffan@karger.me>)
	(ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS
 (cipher=AES128-GCM-SHA256
	subject="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com")
	id 83/69-25114-865E51A5; Wed, 22 Nov 2017 16:00:25 -0500
Received: by mail-wm0-f66.google.com with SMTP id 128so12758131wmo.3
        for <patchwork@openvpn.net>; Wed, 22 Nov 2017 13:00:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=karger-me.20150623.gappssmtp.com; s=20150623;
        h=resent-from:resent-date:resent-message-id:resent-to:from:to:cc
         :subject:date:message-id:in-reply-to:references;
        bh=lgBYaZeybqQ9EdhvM0C+hcWayXKZSyv/mh5h4wmiq98=;
        b=hmvVP6MPDLyWQbkrU6vFS3a2HOoUxgMc2Xes15ZbbkqFVXm/TT8Sr0J6HaUjsBRege
         flDXQZekF15BUMNq/DAn7DlMlNaSnPjKyX4N2pF1KmB5vk6aWWzGa3s2PGdA65Cp0gi6
         zKD5AxZYMPPnb8GRGL4kMCm9BEkt3aHMY+IWYdvtlXrfvmQaSQmL/jDPlfJq4x155BMg
         iD7V3oY1+99cgPBerpRis5m5AT5Tdb+Mfh9Yty0o+YaPITJ5rrTH2YC/9UOc4HXt8rOR
         X0fCXnNL1Mzh9HLrbqw8OFawzylkTp65y+UEGgEHH6BJ6+Obw2FTL+lJ1v5EZ7aT18to
         jCFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:resent-from:resent-date:resent-message-id
         :resent-to:from:to:cc:subject:date:message-id:in-reply-to:references;
        bh=lgBYaZeybqQ9EdhvM0C+hcWayXKZSyv/mh5h4wmiq98=;
        b=mmSKa4cdmozZC6V++MRsnysODS2ku3tyEbuEfyACuuQE2XkwsYu7D1KiZVhEO4Bjpt
         z4636X7Dwbgy1v8+H3dICdduiqTx3suuxrqoQtruIoF47Zeqml0sZRA1eqUrYvaHiqqX
         KhLQlZT+oP3IoDZKVTWhv5niAmSzXco1lt0LeIRm3QNpxEJbF0jafVLl+u5iXRPzUT5y
         67qqnBepAK2ptxk5RBQmrNVMWF6rSBOgiXOnEt3nFhv4M35kVQzmrY8ieODAEYJ68gZg
         NrMUvhFQjKXZqd9Nz7pyZvP8oH7HjkxtbEP6I2Y56tmMRY5LSqkeGtl2JKLZ5mGLGf+k
         2e8g==
X-Gm-Message-State: AJaThX4xLlgiFmz5YBHLk+537UB5wPs25dic/8sAo7Mp9z1cytMRpcTv
	J4Gx+2GInakEzrmvvp96ybIUQcQWIyk=
X-Google-Smtp-Source: 
 AGs4zMY5hGArtQpkdJVuJVsFCwFsRhCsfC/AH01c6UvLm78E3K31pg+xYiB9FK60Td/7J7vwdHruJg==
X-Received: by 10.80.169.78 with SMTP id m14mr31063300edc.118.1511384423144;
        Wed, 22 Nov 2017 13:00:23 -0800 (PST)
Received: from vesta ([2001:985:e54:1:49aa:20fb:8bc6:c39])
        by smtp.gmail.com with ESMTPSA id
 q55sm11714548eda.43.2017.11.22.13.00.22
        for <patchwork@openvpn.net>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Wed, 22 Nov 2017 13:00:22 -0800 (PST)
Resent-From: Steffan Karger <steffan@vesta>
Resent-Date: Wed, 22 Nov 2017 22:00:21 +0100
Resent-Message-ID: <20171122210021.uyyue2rny7hvlyiy@vesta>
Resent-To: patchwork@openvpn.net
Received: from vesta.fritz.box ([2001:985:e54:1:5c0e:bba4:27bc:c9f6])
        by smtp.gmail.com with ESMTPSA id r6sm2075959wmd.4.2017.02.17.07.20.25
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Fri, 17 Feb 2017 07:20:25 -0800 (PST)
From: Steffan Karger <steffan@karger.me>
To: openvpn-devel@lists.sourceforge.net
Cc: Steffan Karger <steffan@karger.me>
Subject: [PATCH v2] Allow changing cipher from a ccd file
Date: Fri, 17 Feb 2017 16:20:23 +0100
Message-Id: <1487344823-8125-1-git-send-email-steffan@karger.me>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1485290304-12292-1-git-send-email-steffan@karger.me>
References: <1485290304-12292-1-git-send-email-steffan@karger.me>
X-getmail-retrieved-from-mailbox: Inbox

As described in msg  <374a7eb7-f539-5231-623b-41f208ed856e@belkam.com> on
openvpn-devel@lists.sourceforge.net, clients that are compiled with
--disable-occ (included in --enable-small) won't send an options string.
Without the options string, the 2.4 server doesn't know which cipher to
use for poor man's NCP.

This patch allows working around that issue by allowing the 'cipher'
directive to be used in --client-config-dir files.  That way, a server
admin can add ccd files to specify per-client which cipher to use.

Because the ccd files are read after where we would normally generate keys,
this patch delays key generation for non-NCP p2mp servers until after
reading the ccd file.

Trac: #845

Signed-off-by: Steffan Karger <steffan@karger.me>
---
v2: postpone p2mp non-NCP key generation, such that setting cipher in
    a ccd file for a non-NCP client actually works.

 src/openvpn/multi.c   | 14 ++++++++++++++
 src/openvpn/options.c |  2 +-
 src/openvpn/options.h |  2 +-
 src/openvpn/ssl.c     |  9 ++++-----
 4 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 56009b7..4c81e9a 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -2086,6 +2086,20 @@ script_failed:
             mi->context.c2.context_auth = cc_succeeded_count ? CAS_PARTIAL : CAS_FAILED;
         }
 
+        /* Generate tunnel keys, unless IV_NCP >= 2 is negotiated. The first key
+         * generation is then postponed until after the pull/push, so we can
+         * process pushed cipher directives.
+         */
+        struct tls_session *session = &mi->context.c2.tls_multi->session[TM_ACTIVE];
+        struct key_state *ks = &session->key[KS_PRIMARY];
+        if (!session->opt->ncp_enabled && ks->authenticated
+            && !tls_session_update_crypto_params(session, &mi->context.options,
+                                                 &mi->context.c2.frame))
+        {
+            msg(D_TLS_ERRORS, "TLS Error: server generate_key_expansion failed");
+            cc_succeeded = false;
+        }
+
         /* set flag so we don't get called again */
         mi->connection_established_flag = true;
 
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index dde1f48..0e6b393 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -7536,7 +7536,7 @@ add_option(struct options *options,
     }
     else if (streq(p[0], "cipher") && p[1] && !p[2])
     {
-        VERIFY_PERMISSION(OPT_P_NCP);
+        VERIFY_PERMISSION(OPT_P_NCP|OPT_P_INSTANCE);
         options->ciphername = p[1];
     }
     else if (streq(p[0], "ncp-ciphers") && p[1] && !p[2])
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index a14f2ab..f4f0226 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -628,7 +628,7 @@ struct options
 #define OPT_P_MTU             (1<<14) /* TODO */
 #define OPT_P_NICE            (1<<15)
 #define OPT_P_PUSH            (1<<16)
-#define OPT_P_INSTANCE        (1<<17)
+#define OPT_P_INSTANCE        (1<<17) /**< Allow usage in ccd file */
 #define OPT_P_CONFIG          (1<<18)
 #define OPT_P_EXPLICIT_NOTIFY (1<<19)
 #define OPT_P_ECHO            (1<<20)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 8c724cb..1479c77 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -2401,12 +2401,11 @@ key_method_2_write(struct buffer *buf, struct tls_session *session)
     }
 
     /* Generate tunnel keys if we're a TLS server.
-     * If we're a p2mp server and IV_NCP >= 2 is negotiated, the first key
-     * generation is postponed until after the pull/push, so we can process pushed
-     * cipher directives.
+     * If we're a p2mp server, the first key generation is postponed so we can
+     * switch cipher during the connection setup phase.
      */
-    if (session->opt->server && !(session->opt->ncp_enabled
-                                  && session->opt->mode == MODE_SERVER && ks->key_id <= 0))
+    if (session->opt->server
+        && !(session->opt->mode == MODE_SERVER && ks->key_id <= 0))
     {
         if (ks->authenticated)
         {