From patchwork Thu Jan 25 08:45:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Selva Nair X-Patchwork-Id: 215 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director4.mail.ord1d.rsapps.net ([172.30.191.6]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id m5cXEhI0alo2AQAAgoeIoA for ; Thu, 25 Jan 2018 14:46:26 -0500 Received: from proxy10.mail.ord1d.rsapps.net ([172.30.191.6]) by director4.mail.ord1d.rsapps.net (Dovecot) with LMTP id eW6IGxI0aloKXAAAHDmxtw ; Thu, 25 Jan 2018 14:46:26 -0500 Received: from smtp33.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy10.mail.ord1d.rsapps.net (Dovecot) with LMTP id a5bCBxI0alptfAAAfSg8FQ ; Thu, 25 Jan 2018 14:46:26 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp33.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Classification-ID: 6de62e98-0208-11e8-ade5-525400041ef2-1-1 Received: from [216.34.181.88] ([216.34.181.88:61683] helo=lists.sourceforge.net) by smtp33.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 6A/56-11456-2143A6A5; Thu, 25 Jan 2018 14:46:26 -0500 Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1eenT0-00004q-4z; Thu, 25 Jan 2018 19:45:46 +0000 Received: from sfi-mx-1.v28.ch3.sourceforge.com ([172.29.28.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1eenSz-0008WP-Kb for openvpn-devel@lists.sourceforge.net; Thu, 25 Jan 2018 19:45:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Ou84Ej8Pre1KCqAhJVUVQlqioLPu0sc4c25Ll+6W1qU=; b=a9MsG3tS7LfEitUBzmelU7EV40 slglZ7iBOaZiQ7U52CoBpcbbyyNR/KhFqnafYf0jPAH3wPqs32Ch0fgZ614BuJpSqeOXrwpcs1PKO LJqLCa0w2nqjRW73SlhGD/nqyKBjdmgUjG/30Cjx7Zykaw2lA0Brty1h2TBAV0geqvuU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Ou84Ej8Pre1KCqAhJVUVQlqioLPu0sc4c25Ll+6W1qU=; b=lUFAN1jMQ6t2cvMNuBaduyoPbV I0Ql6Rkh8i0pWZJTTYh7meTGSUI4SI5i1eWV2UnPLAz5GKXTjDEG6EBnBRRHJ4dG0A9Nkzek89VoY gu8ffc463TV9VqyMXWa1nMsGVjNfM7RBIRqG8JsM4kIaxCupfJnsaYaHlrxgSDYddpr0=; Received: from mail-it0-f43.google.com ([209.85.214.43]) by sfi-mx-1.v28.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) id 1eenSy-0007CH-8V for openvpn-devel@lists.sourceforge.net; Thu, 25 Jan 2018 19:45:45 +0000 Received: by mail-it0-f43.google.com with SMTP id k131so58378ith.4 for ; Thu, 25 Jan 2018 11:45:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Ou84Ej8Pre1KCqAhJVUVQlqioLPu0sc4c25Ll+6W1qU=; b=uZ0RMYkvmHuKnuQpKHYg3dTHAAAOL8YCmkk7GhE9fhX9WZNrwnmRiw7upOK5k4+o49 gnNsvT64wJlcHWYWYf3NHAKk221EpjzW/WH50sDG+35GxnnvRHvRprK31XI2OdqvsCxm KUOpP7RBudNroyK309+3fTdhUy7my54iwMt1o9+pNci9ZLGZWn5oYSnbGrYYlVYAobeF V8+1diUCtnJF+ETshhZDMBgxBTlZ/5QEw6fX+GX4DdtE3Mny4RaEvvEiyT3FTUisB4kn teESnwPeCW3Q6AWzL3F3K4VlLLSU71+3mOiyH9i97A7jP75gTC/3sflX3eaypzCX354q DbMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Ou84Ej8Pre1KCqAhJVUVQlqioLPu0sc4c25Ll+6W1qU=; b=mMPy3fZbBklmswDEnyuLnU6RB69NQQHsEYcTV4QwWv4slAocJuiqD2tpo3+vHP0lP9 XgxGEwAM2OMgAHLpy147NToQQS53jPOcuboVwPwpllm/36Ow9JHyJOddTcuZgFiDVE3K t0BrK0YIVKKyUElyMm7TLyZKl5Mady9xQGc53XtbZQmeP7h46Nwk3X3b7BwAKrHFc8He pKMMW3Io6VHBh8xzy9TbNazXWMrz/toq/PVbjSW+GhPqsvGRkjgKJM0zzFDBciuh8n0d mVnry9AFoYr4p9TY/DXw6bA3wAYkXedS1L9+9XoxYJRp94k+u6t5jUbyPfKQr5kmVDCa OmaQ== X-Gm-Message-State: AKwxytfecFpNv1S94z+DguOpVHvyE8FrmXK9GlEVfD4Pur3GPuvnRnMv cXs/wPcJbCBNSVvlLw7icvJBUtmp X-Google-Smtp-Source: AH8x227ZWtPKsm+b36Q0BtZD1NPwIPhgbpZP1iy/YASBzfkPqn78IyoSFAfvjQU9VI+3obyf28eokQ== X-Received: by 10.36.29.142 with SMTP id 136mr14222564itj.126.1516909533860; Thu, 25 Jan 2018 11:45:33 -0800 (PST) Received: from saturn.home.sansel.ca (CPE40167ea0e1c2-CM788df74daaa0.cpe.net.cable.rogers.com. [99.228.215.92]) by smtp.gmail.com with ESMTPSA id c140sm1551554itc.1.2018.01.25.11.45.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 25 Jan 2018 11:45:32 -0800 (PST) From: selva.nair@gmail.com To: openvpn-devel@lists.sourceforge.net Date: Thu, 25 Jan 2018 14:45:13 -0500 Message-Id: <1516909513-31683-1-git-send-email-selva.nair@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1516301696-11308-1-git-send-email-selva.nair@gmail.com> References: <1516301696-11308-1-git-send-email-selva.nair@gmail.com> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (selva.nair[at]gmail.com) -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [209.85.214.43 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1eenSy-0007CH-8V Subject: [Openvpn-devel] [PATCH v3 2/3] Allow external EC key through --management-external-key X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Selva Nair - This automatically supports EC certificates through --management-external-cert - EC signature request from management is prompted by >PK_SIGN if the client supports it (or >RSA_SIGN) Response should be of the form 'pk-sig' (or rsa-sig by older clients) followed by DER encoded signature as base64 terminated by 'END' on a new line. v3: This is v2 adapted to the client_version capability Requires pacthes 1 and 2 of the series 147: https://patchwork.openvpn.net/project/openvpn2/list/?series=147 Signed-off-by: Selva Nair Acked-by: Arne Schwabe --- doc/management-notes.txt | 9 +- src/openvpn/ssl_openssl.c | 210 +++++++++++++++++++++++++++++++++++++--------- 2 files changed, 176 insertions(+), 43 deletions(-) diff --git a/doc/management-notes.txt b/doc/management-notes.txt index 070c2d6..96470d0 100644 --- a/doc/management-notes.txt +++ b/doc/management-notes.txt @@ -779,14 +779,14 @@ COMMAND -- rsa-sig (OpenVPN 2.3 or higher, management version <= 1) Provides support for external storage of the private key. Requires the --management-external-key option. This option can be used instead of "key" in client mode, and allows the client to run without the need to load the -actual private key. When the SSL protocol needs to perform an RSA sign +actual private key. When the SSL protocol needs to perform a sign operation, the data to be signed will be sent to the management interface via a notification as follows: >PK_SIGN:[BASE64_DATA] (if client announces support for management version > 1) >RSA_SIGN:[BASE64_DATA] (only older clients will be prompted like this) -The management interface client should then create a PKCS#1 v1.5 signature of +The management interface client should then create an appropriate signature of the (decoded) BASE64_DATA using the private key and return the SSL signature as follows: @@ -797,8 +797,9 @@ pk-sig (or rsa-sig) . END -Base64 encoded output of RSA_private_encrypt() (OpenSSL) or mbedtls_pk_sign() -(mbed TLS) will provide a correct signature. +Base64 encoded output of RSA_private_encrypt for RSA or ECDSA_sign() for EC +using OpenSSL or mbedtls_pk_sign() using mbed TLS will provide a correct +signature. This capability is intended to allow the use of arbitrary cryptographic service providers with OpenVPN via the management interface. diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 242b464..74ce596 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -1043,58 +1043,51 @@ openvpn_extkey_rsa_finish(RSA *rsa) return 1; } -/* sign arbitrary data */ +/* Pass the input hash in 'dgst' to management and get the signature back. + * On input siglen contains the capacity of the buffer 'sig'. + * On return signature is in sig. + * Return value is signature length or -1 on error. + */ static int -rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) +get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen, + unsigned char *sig, unsigned int siglen) { - /* optional app data in rsa->meth->app_data; */ char *in_b64 = NULL; char *out_b64 = NULL; - int ret = -1; - int len; + int len = -1; - if (padding != RSA_PKCS1_PADDING) - { - RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE); - goto done; - } - - /* convert 'from' to base64 */ - if (openvpn_base64_encode(from, flen, &in_b64) <= 0) - { - goto done; - } - - /* call MI for signature */ - if (management) + /* convert 'dgst' to base64 */ + if (management + && openvpn_base64_encode(dgst, dgstlen, &in_b64) > 0) { out_b64 = management_query_pk_sig(management, in_b64); } - if (!out_b64) + if (out_b64) { - goto done; + len = openvpn_base64_decode(out_b64, sig, siglen); } - /* decode base64 signature to binary */ - len = RSA_size(rsa); - ret = openvpn_base64_decode(out_b64, to, len); + free(in_b64); + free(out_b64); + return len; +} - /* verify length */ - if (ret != len) - { - ret = -1; - } +/* sign arbitrary data */ +static int +rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) +{ + unsigned int len = RSA_size(rsa); + int ret = -1; -done: - if (in_b64) - { - free(in_b64); - } - if (out_b64) + if (padding != RSA_PKCS1_PADDING) { - free(out_b64); + RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE); + return -1; } - return ret; + + ret = get_sig_from_man(from, flen, to, len); + + return (ret == len)? ret : -1; } static int @@ -1166,6 +1159,130 @@ err: return 0; } +#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) + +/* called when EC_KEY is destroyed */ +static void +openvpn_extkey_ec_finish(EC_KEY *ec) +{ + /* release the method structure */ + const EC_KEY_METHOD *ec_meth = EC_KEY_get_method(ec); + EC_KEY_METHOD_free((EC_KEY_METHOD *) ec_meth); +} + +/* EC_KEY_METHOD callback: sign(). + * Sign the hash using EC key and return DER encoded signature in sig, + * its length in siglen. Return value is 1 on success, 0 on error. + */ +static int +ecdsa_sign(int type, const unsigned char *dgst, int dgstlen, unsigned char *sig, + unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *ec) +{ + int capacity = ECDSA_size(ec); + int len = get_sig_from_man(dgst, dgstlen, sig, capacity); + + if (len > 0) + { + *siglen = len; + return 1; + } + return 0; +} + +/* EC_KEY_METHOD callback: sign_setup(). We do no precomputations */ +static int +ecdsa_sign_setup(EC_KEY *ec, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +{ + return 1; +} + +/* EC_KEY_METHOD callback: sign_sig(). + * Sign the hash and return the result as a newly allocated ECDS_SIG + * struct or NULL on error. + */ +static ECDSA_SIG * +ecdsa_sign_sig(const unsigned char *dgst, int dgstlen, const BIGNUM *in_kinv, + const BIGNUM *in_r, EC_KEY *ec) +{ + ECDSA_SIG *ecsig = NULL; + unsigned int len = ECDSA_size(ec); + struct gc_arena gc = gc_new(); + + unsigned char *buf = gc_malloc(len, false, &gc); + if (ecdsa_sign(0, dgst, dgstlen, buf, &len, NULL, NULL, ec) != 1) + { + goto out; + } + /* const char ** should be avoided: not up to us, so we cast our way through */ + ecsig = d2i_ECDSA_SIG(NULL, (const unsigned char **)&buf, len); + +out: + gc_free(&gc); + return ecsig; +} + +static int +tls_ctx_use_external_ec_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey) +{ + EC_KEY *ec = NULL; + EVP_PKEY *privkey = NULL; + EC_KEY_METHOD *ec_method; + + ASSERT(ctx); + + ec_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL()); + if (!ec_method) + { + goto err; + } + + /* Among init methods, we only need the finish method */ + EC_KEY_METHOD_set_init(ec_method, NULL, openvpn_extkey_ec_finish, NULL, NULL, NULL, NULL); + EC_KEY_METHOD_set_sign(ec_method, ecdsa_sign, ecdsa_sign_setup, ecdsa_sign_sig); + + ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(pkey)); + if (!ec) + { + EC_KEY_METHOD_free(ec_method); + goto err; + } + if (!EC_KEY_set_method(ec, ec_method)) + { + EC_KEY_METHOD_free(ec_method); + goto err; + } + /* from this point ec_method will get freed when ec is freed */ + + privkey = EVP_PKEY_new(); + if (!EVP_PKEY_assign_EC_KEY(privkey, ec)) + { + goto err; + } + /* from this point ec will get freed when privkey is freed */ + + if (!SSL_CTX_use_PrivateKey(ctx->ctx, privkey)) + { + ec = NULL; /* avoid double freeing it below */ + goto err; + } + + EVP_PKEY_free(privkey); /* this will down ref privkey and ec */ + return 1; + +err: + /* Reach here only when ec and privkey can be independenly freed */ + if (privkey) + { + EVP_PKEY_free(privkey); + } + if(ec) + { + EC_KEY_free(ec); + } + return 0; +} +#endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev */ + int tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, const char *cert_file, const char *cert_file_inline) @@ -1183,18 +1300,33 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, ASSERT(pkey); /* NULL before SSL_CTX_use_certificate() is called */ X509_free(cert); - if (EVP_PKEY_get0_RSA(pkey)) + if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { if (!tls_ctx_use_external_rsa_key(ctx, pkey)) { goto err; } } +#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) + else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) + { + if (!tls_ctx_use_external_ec_key(ctx, pkey)) + { + goto err; + } + } + else + { + crypto_msg(M_WARN, "management-external-key requires an RSA or EC certificate"); + goto err; + } +#else else { - crypto_msg(M_WARN, "management-external-key requires a RSA certificate"); + crypto_msg(M_WARN, "management-external-key requires an RSA certificate"); goto err; } +#endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev */ return 1; err: