From patchwork Mon Dec 11 17:04:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 3520 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:8d12:b0:fc:24ac:f0cb with SMTP id i18csp5307519dys; Mon, 11 Dec 2023 09:05:24 -0800 (PST) X-Google-Smtp-Source: AGHT+IEmK9PAwqGPUih1oCZv/0o2Qlg47onLFHTvUlT9bqiKQx8fA27uDdddp/qB8INgUpCqzo9I X-Received: by 2002:a17:90b:3909:b0:286:f169:79f1 with SMTP id ob9-20020a17090b390900b00286f16979f1mr8107203pjb.2.1702314324203; Mon, 11 Dec 2023 09:05:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702314324; cv=none; d=google.com; s=arc-20160816; b=j8JmgEoDOL7qDXboBIWlhzYX7Jur8+IvbzJtGmAYdc8qTxqkr8S7sHi2UlF+erJ/Or iXkkl9P5vWiYlSxCLT8UnCTrbUR6LhHZwGqVwJNeFadur20ltxhlOk5PrjDE+uo39Kt9 aBgG/VEx8sg1s2fqm2jDEbyAJsVIRO5dC2po0AzrJT4+oN7PfJc2xpw/SJQ3cd6Biouu en7f1ikIKVHYPB2Hq/FXKBuiTN/hj+6OzTUQNhWt2llxqJlFI7IgIpLax8UWmLo42PGZ 9Pz7mmIge9V3K/FBH00sIy+VHLxzUdj2nuroNM8SG0LQbV2zYQKaVcjAmAKKoJbtl6iV wvAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=lU2ym/+RxDJokvYrypcwMQqzJsML0Yv8phYegEJbYm0=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=tf1wrufqROBxB7YHrNNvjDlf2IbdNeVmEyLx4wZLX5OZsGOvUj54dPZdT5exZKaYdR SygyFw7JRccwpnqGYjuCcoMyhJ8/t8gLQ4xbIpmtDMUYQj8Yx03sdio8ra9etdhQJPxz maGxzsWFwVO8+YfDiIdI0rxksU3zFlkzN0vmX/pg6OZkthJkG3sQ/FLoTH7OaoGPD7kV Ji4L2J/U6oQ+eKHH6f5UDxDnwPhvBODrrYrNmRU/xCKIIaPCOkup2mN6LYo8tWC/W9rG 5J/9C6xPihlJZj0IRtEzPxETjrhmz+2TP90owPN2dqdMoM+osNxxkvC10mshjsKsNbJu d9uQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=LBkqw47D; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="j/Lnho0i"; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=rrkaTo+W; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id i6-20020a17090ad34600b0028a281c4e9esi6043591pjx.129.2023.12.11.09.05.24 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Dec 2023 09:05:24 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=LBkqw47D; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="j/Lnho0i"; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=rrkaTo+W; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rCjhs-0001IE-8H; Mon, 11 Dec 2023 17:04:36 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rCjhn-0001I5-Ub for openvpn-devel@lists.sourceforge.net; Mon, 11 Dec 2023 17:04:32 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ZcFazdVImX1XMAEIrE1RTQISfshenLMKerDMGq/FzEE=; b=LBkqw47DXpySSCbVjS+AtZMxor XGQvsuyuefxm5TsidB3EL6+036/TRMi1KshOitJV0dlcKiJz6CxwADZFxYnuif5yL6Fv0GeLFUeQW 7vEwGMNUU9pg7wsVwNVGMAcmCuwUoQnInI71apICRYIhai8R0CoA9hlcRPb34fozRWwY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ZcFazdVImX1XMAEIrE1RTQISfshenLMKerDMGq/FzEE=; b=j/Lnho0i+ciK+70TVOcAI9NucR aJAJUHmjnqpZN60CDowCILIhj4hdesgol3LseOMSlOd1RllhzavyHwvJwuQ4K4r+dfuvwx3qfDTTp nRM2bAfPkIpSmY/ZJwONeuMwErG+jxBdEaFVlGJSZ9HtRUHHVxp7edrDOB3alp1FXRgc=; Received: from mout-p-101.mailbox.org ([80.241.56.151]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1rCjhm-0004Kp-DC for openvpn-devel@lists.sourceforge.net; Mon, 11 Dec 2023 17:04:32 +0000 Received: from smtp202.mailbox.org (smtp202.mailbox.org [IPv6:2001:67c:2050:b231:465::202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4Spp4k19Xkz9t1Q; Mon, 11 Dec 2023 18:04:22 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com; s=MBO0001; t=1702314262; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZcFazdVImX1XMAEIrE1RTQISfshenLMKerDMGq/FzEE=; b=rrkaTo+WTntRdrxD1ODDlJcrviPxcI5iV6gGNbKPdwKCzHtkF5X6rolvVF90umL/b1QV/L ksa7H8cnFcNjUNVytYxSs8xnX+N0gtxY3ex9KrEc0ByqIALn6SSvbR3nltzfkCaVkG5rd4 nFruZAhqitMvFjIa+Uv6g4GByIoobv2VIwLmYBI7uFjCYlvcef0CD/MSFeDzc6ZgX8+4JZ J1nQH7eZ1gdvygXUmzJz3vue1TFocUp2yNoAY0GVcBYX/Jk2GyfODZ/BOEbYR90CFjoEQR VXzmvyLM0vDy/urHAHVzwg6lUQz3J/UZtcPQmhauxAgfhSakMn9bGoqwklJqFw== From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Mon, 11 Dec 2023 18:04:21 +0100 Message-Id: <20231211170421.85600-1-frank@lichtenheld.com> In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Queue-Id: 4Spp4k19Xkz9t1Q X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe We now warn a user if the TLS 1.0 PRF is not supported by the cryptographic library of the system. Also add the option --force-tls-key-material-export that automatically rejects clients that do not su [...] Content analysis details: (-0.9 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [80.241.56.151 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rCjhm-0004Kp-DC Subject: [Openvpn-devel] [PATCH v5] Check PRF availability on initialisation and add --force-tls-key-material-export X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1785005944973651088?= X-GMAIL-MSGID: =?utf-8?q?1785005944973651088?= From: Arne Schwabe We now warn a user if the TLS 1.0 PRF is not supported by the cryptographic library of the system. Also add the option --force-tls-key-material-export that automatically rejects clients that do not support TLS Keying Material Export and automatically enable it when TLS 1.0 PRF support is not available. Change-Id: I04f8c7c413e7cb62c726262feee6ca89c7e86c70 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/460 This mail reflects revision 5 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index 948c0c8..8b061d2 100644 --- a/doc/man-sections/protocol-options.rst +++ b/doc/man-sections/protocol-options.rst @@ -242,3 +242,11 @@ a key renegotiation begins (default :code:`3600` seconds). This feature allows for a graceful transition from old to new key, and removes the key renegotiation sequence from the critical path of tunnel data forwarding. + +--force-tls-key-material-export + This option is only available in --mode server and forces to use + Keying Material Exporters (RFC 5705) for clients. This can be used to + simulate an environment where the cryptographic library does not support + the older method to generate data channel keys anymore. This option is + intended to be a test option and might be removed in a future OpenVPN + version without notice. diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index e4452d7..8c17f2a 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -1789,3 +1789,22 @@ gc_free(&gc); return ret; } + +bool +check_tls_prf_working(void) +{ + /* Modern TLS libraries might no longer support the TLS 1.0 PRF with + * MD5+SHA1. This allows us to establish connections only + * with other 2.6.0+ OpenVPN peers. + * Do a simple dummy test here to see if it works. */ + const char *seed = "tls1-prf-test"; + const char *secret = "tls1-prf-test-secret"; + uint8_t out[8]; + uint8_t expected_out[] = { 0xe0, 0x5f, 0x1f, 1, 0, 0, 0, 0}; + + int ret = ssl_tls1_PRF((uint8_t *)seed, (int) strlen(seed), + (uint8_t *)secret, (int) strlen(secret), + out, sizeof(out)); + + return (ret && memcmp(out, expected_out, sizeof(out)) != 0); +} diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 9255d38..4201524 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -593,4 +593,12 @@ return kt; } +/** + * Checks if the current TLS library supports the TLS 1.0 PRF with MD5+SHA1 + * that OpenVPN uses when TLS Keying Material Export is not available. + * + * @return true if supported, false otherwise. + */ +bool check_tls_prf_working(void); + #endif /* CRYPTO_H */ diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 8b490ed..82122f5 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1830,6 +1830,16 @@ { o->imported_protocol_flags |= CO_USE_TLS_KEY_MATERIAL_EXPORT; } + else if (o->force_key_material_export) + { + msg(M_INFO, "PUSH: client does not support TLS key material export" + "but --force-tls-key-material-export is enabled."); + auth_set_client_reason(tls_multi, "Client incompatible with this" + "server. Keying Material Exporters (RFC 5705)" + "support missing. Upgrade to a client that " + "supports this feature (OpenVPN 2.6.0+)."); + return false; + } if (proto & IV_PROTO_DYN_TLS_CRYPT) { o->imported_protocol_flags |= CO_USE_DYNAMIC_TLS_CRYPT; diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 1521872..fc0a5d5 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1561,6 +1561,7 @@ SHOW_STR(auth_user_pass_verify_script); SHOW_BOOL(auth_user_pass_verify_script_via_file); SHOW_BOOL(auth_token_generate); + SHOW_BOOL(force_key_material_export); SHOW_INT(auth_token_lifetime); SHOW_STR_INLINE(auth_token_secret_file); #if PORT_SHARE @@ -2802,6 +2803,11 @@ { msg(M_USAGE, "--vlan-tagging requires --mode server"); } + + if (options->force_key_material_export) + { + msg(M_USAGE, "--force-tls-key-material-export requires --mode server"); + } } /* @@ -3634,6 +3640,30 @@ } static void +options_process_mutate_prf(struct options *o) +{ + if (!check_tls_prf_working()) + { + + msg(D_TLS_ERRORS, "Warning: TLS 1.0 PRF with MD5+SHA1 PRF not supported " + "by TLS library. Your system does not support this calculation " + "anymore or your security policy (e.g. FIPS 140-2) forbids it. " + "Connections will only work with peers running OpenVPN 2.6.0 or " + "higher)"); +#ifndef HAVE_EXPORT_KEYING_MATERIAL + msg(M_FATAL, "Keying Material Exporters (RFC 5705) not available either. " + "No way to generate data channel keys left."); +#endif + if (o->mode == MODE_SERVER) + { + msg(M_WARN, "Automatically enabling option " + "--force-tls-key-material-export"); + } + + } +} + +static void options_postprocess_mutate(struct options *o, struct env_set *es) { int i; @@ -3647,6 +3677,7 @@ options_postprocess_setdefault_ncpciphers(o); options_set_backwards_compatible_options(o); + options_process_mutate_prf(o); options_postprocess_cipher(o); o->ncp_ciphers = mutate_ncp_cipher_list(o->ncp_ciphers, &o->gc); @@ -8643,6 +8674,11 @@ } } } + else if (streq(p[0], "force-tls-key-material-export")) + { + VERIFY_PERMISSION(OPT_P_GENERAL); + options->force_key_material_export = true; + } else if (streq(p[0], "prng") && p[1] && !p[3]) { msg(M_WARN, "NOTICE: --prng option ignored (SSL library PRNG is used)"); diff --git a/src/openvpn/options.h b/src/openvpn/options.h index c4514e1..cbfff18 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -687,6 +687,8 @@ const char *keying_material_exporter_label; int keying_material_exporter_length; #endif + /* force using TLS key material export for data channel key generation */ + bool force_key_material_export; bool vlan_tagging; enum vlan_acceptable_frames vlan_accept;