From patchwork Wed Sep 14 07:25:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2755 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.27.255.51]) by backend30.mail.ord1d.rsapps.net with LMTP id uCItJbUOImN2UwAAIUCqbw (envelope-from ) for ; Wed, 14 Sep 2022 13:26:13 -0400 Received: from proxy14.mail.iad3a.rsapps.net ([172.27.255.51]) by director12.mail.ord1d.rsapps.net with LMTP id QC/GJLUOImPHWQAAIasKDg (envelope-from ) for ; Wed, 14 Sep 2022 13:26:13 -0400 Received: from smtp49.gate.iad3a ([172.27.255.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy14.mail.iad3a.rsapps.net with LMTPS id 2D8oAcEOImOMLgAA1+b4IQ (envelope-from ) for ; Wed, 14 Sep 2022 13:26:25 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp49.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 541a48b0-3452-11ed-8487-525400fffce0-1-1 Received: from [216.105.38.7] ([216.105.38.7:54466] helo=lists.sourceforge.net) by smtp49.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id A3/57-17675-4BE02236; Wed, 14 Sep 2022 13:26:12 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oYW8q-0006d7-Ma; Wed, 14 Sep 2022 17:25:40 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oYW8p-0006d1-0s for openvpn-devel@lists.sourceforge.net; Wed, 14 Sep 2022 17:25:39 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=S0X90ueqLQ4hNkM849gsaz2EGWBYEVn1Gvmznm65pB0=; b=MoiRhS+8YZ5xO7Tmx5/6S27HaU JE9hZQCDhV45QDE88UEriZ+xOiTdW/fnTySXzjmIBvloEXlvPx4LZMUecMoYSLBjbjxj1EmiidOtP r2WiogqEHD0RnkP7ferKC0uySt1+t1srogVZ0XNLV565DS8X/t+3KpvfL3Xih9Hw0tXk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=S0X90ueqLQ4hNkM849gsaz2EGWBYEVn1Gvmznm65pB0=; b=WIIO7E54h+Gnm+iFpbyGRSv/PV ILeR8T0Y5oyjnbni2UL5vIdMCT2i7MQU1WuHQTc75qPqh73i/zfcvZ9ppa05pqSabVDx7BRtrT4zk LvWopGgRglK1u6BaZqLiwRsMIk+r2/aHRtAtQx/ZVwLJo0RudY3UnOtXggu+Zmfy9Z5k=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1oYW8k-008Dqt-Jo for openvpn-devel@lists.sourceforge.net; Wed, 14 Sep 2022 17:25:38 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1oYW8e-00034S-0b for openvpn-devel@lists.sourceforge.net; Wed, 14 Sep 2022 19:25:28 +0200 Received: (nullmailer pid 2661575 invoked by uid 10006); Wed, 14 Sep 2022 17:25:27 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 14 Sep 2022 19:25:27 +0200 Message-Id: <20220914172527.2661529-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220824093723.64618-1-arne@rfc2549.org> References: <20220824093723.64618-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: With delayed data key generation now with deferred auth, NCP and similar mechanism the "TLS Error: local/remote TLS keys are out of sync" is shown much too frequent and confuses a lot of people. This also removes the dead code of printing multi not ready keys and replace it with an assert. Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1oYW8k-008Dqt-Jo Subject: [Openvpn-devel] [PATCH v3] Improve data key id not found error message X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox With delayed data key generation now with deferred auth, NCP and similar mechanism the "TLS Error: local/remote TLS keys are out of sync" is shown much too frequent and confuses a lot of people. This also removes the dead code of printing multi not ready keys and replace it with an assert. Factor out printing of error messages into an extra function to make the code easier to understand and also to only call into that function in the case that a key is not found and avoid the overhead. Patch v2: fix comparing key_id to state value, improve message Patch v3: also take key_id into account Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/ssl.c | 75 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 57 insertions(+), 18 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 672cd9c84..c0d8add97 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -3210,11 +3210,62 @@ nohard: return (tas == TLS_AUTHENTICATION_FAILED) ? TLSMP_KILL : active; } -/* - * Pre and post-process the encryption & decryption buffers in order - * to implement a multiplexed TLS channel over the TCP/UDP port. +/** + * We have not found a matching key to decrypt data channel packet, + * try to generate a sensible error message and print it */ +static void +print_key_id_not_found_reason(struct tls_multi *multi, + const struct link_socket_actual *from, int key_id) +{ + struct gc_arena gc = gc_new(); + const char *source = print_link_socket_actual(from, &gc); + + for (int i = 0; i < KEY_SCAN_SIZE; ++i) + { + struct key_state *ks = get_key_scan(multi, i); + if (ks->key_id != key_id) + { + continue; + } + + /* Our key state has been progressed far enough to be part of a valid + * session but has not generated keys. */ + if (ks->state >= S_INITIAL && ks->state < S_GENERATED_KEYS) + { + msg(D_MULTI_DROPPED, + "Key %s [%d] not initialized (yet), dropping packet.", + source, key_id); + gc_free(&gc); + return; + } + if (ks->state >= S_ACTIVE && ks->authenticated != KS_AUTH_TRUE) + { + msg(D_MULTI_DROPPED, + "Key %s [%d] not authorized%s, dropping packet.", + source, key_id, + (ks->authenticated == KS_AUTH_DEFERRED) ? " (deferred)" : ""); + gc_free(&gc); + return; + } + } + + msg(D_TLS_ERRORS, + "TLS Error: local/remote TLS keys are out of sync: %s " + "(received key id: %d, known key ids: %s)", + source, key_id, + print_key_id(multi, &gc)); + gc_free(&gc); +} + +/** + * Check the keyid of the an incoming data channel packet and + * return the matching crypto parameters in \c opt if found. + * Also move the \c buf to the start of the encrypted data, skipping + * the opcode and peer id header and setting also set \c ad_start for + * AEAD ciphers to the start of the authenticated data. + */ static inline void handle_data_channel_packet(struct tls_multi *multi, const struct link_socket_actual *from, @@ -3229,7 +3280,6 @@ handle_data_channel_packet(struct tls_multi *multi, int op = c >> P_OPCODE_SHIFT; int key_id = c & P_KEY_ID_MASK; - /* data channel packet */ for (int i = 0; i < KEY_SCAN_SIZE; ++i) { struct key_state *ks = get_key_scan(multi, i); @@ -3251,14 +3301,7 @@ handle_data_channel_packet(struct tls_multi *multi, && ks->authenticated == KS_AUTH_TRUE && (floated || link_socket_actual_match(from, &ks->remote_addr))) { - if (!ks->crypto_options.key_ctx_bi.initialized) - { - msg(D_MULTI_DROPPED, - "Key %s [%d] not initialized (yet), dropping packet.", - print_link_socket_actual(from, &gc), key_id); - goto done; - } - + ASSERT(ks->crypto_options.key_ctx_bi.initialized); /* return appropriate data channel decrypt key in opt */ *opt = &ks->crypto_options; if (op == P_DATA_V2) @@ -3292,17 +3335,13 @@ handle_data_channel_packet(struct tls_multi *multi, } } - msg(D_TLS_ERRORS, - "TLS Error: local/remote TLS keys are out of sync: %s " - "(received key id: %d, known key ids: %s)", - print_link_socket_actual(from, &gc), key_id, - print_key_id(multi, &gc)); + print_key_id_not_found_reason(multi, from, key_id); done: + gc_free(&gc); tls_clear_error(); buf->len = 0; *opt = NULL; - gc_free(&gc); } /*