From patchwork Thu Jan 4 14:02:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3548 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7301:2791:b0:100:d2e5:60d with SMTP id hm17csp3174803dyb; Thu, 4 Jan 2024 06:02:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IFV5FGIcbeSZbaVMul//sdoZf0hAEXqYecFeiboxgix4outjiHsbRvzBYjN2svI7V7dMYQS X-Received: by 2002:a05:6a20:5105:b0:18c:198a:469b with SMTP id a5-20020a056a20510500b0018c198a469bmr702421pzc.6.1704376972624; Thu, 04 Jan 2024 06:02:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704376972; cv=none; d=google.com; s=arc-20160816; b=kJXlVAAqoIG6M71GYngWyBAyZNR1B97n2k3/3kStSyNiiSN0AD6EGQP+bK/1DufZsG 7HNsyzmDsxT0PxV5kRYdPY3ioPm+ATiFdfmKI0E3MNl+XUxaDpWNdXX8TMiWYnKkrpl8 8O1ExAshMhV8PgwZg0faQrYnUTFCx/v++hF1rbg1YVnpTeuziYAaY7wMc+lhoswRppaW Q5y2A4iS2O93Joo3RfzE1nYtUhEe0UwRrrrinorhUh4z1eLZ4jomPQZMSgvAAntH/eDi gkn8rvpc0rLYV7dTuSxVUZ9EXMPQl/XR77RSFRTDqQRjrCH4z428SDkfr4J51/MrWG8Y 7z0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=RfVsYgD++p1TIfx8/9rc4F75hZdMNDwBxlDn1UGt2bk=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=lUv41+zkexKPA0LsjgSx1MeLaMNnSLZ3rY724mV2epsObFq0rHlwuOzjyD5Ep/QdVK vkuDYSwIFDBpzhwZ35kBaM7ZnjDeAJXw8KnXrBT5PRY+50WK45Rq74e6Kx7gQcXSkByd K5+Du+6mzovY5MYsTA+A22UuoMY3kE4r0zHNrzTzO9C4L4no+l94rYUZ4IQ2Wz0jIQ2G oOuYL21VE5dfLmT4XJPpqveOZzG4ccq4YaDTmUmKkzRuM1uCDA/0F4vUVkhGfg0DVFvl Hos5wFsAYj7OlmFByw8C/XXJwsulz73IIFv429zzeoP/jTHdf4nneOQRHD9RjeKuo1X/ HFxw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=BmPRapzj; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=nTMWWesx; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id v22-20020a63f216000000b005cdf88fbc10si21149943pgh.591.2024.01.04.06.02.52 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Jan 2024 06:02:52 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=BmPRapzj; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=nTMWWesx; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rLOIn-0006eb-HE; Thu, 04 Jan 2024 14:02:30 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rLOIl-0006eQ-Qs for openvpn-devel@lists.sourceforge.net; Thu, 04 Jan 2024 14:02:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=euu1GbEKkZMnwQpRIn6lacB/YCq0C4OV6KxSaLdi1lU=; b=BmPRapzjvd8DvDWKYpTueTK3In CjMxg0HS7trwrARt9JwZ1OwvFdhyAset6kue8PJkDE+h20r0qf40cVsUFJr/FbPWEAhxcP2S2WMJR 7r+zdATUUvYUX78KKhniyrWYntI6NuNYkoVC+vYd49Nw50DtJfKZ4i1tm1swqWNngqVI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=euu1GbEKkZMnwQpRIn6lacB/YCq0C4OV6KxSaLdi1lU=; b=nTMWWesxST4eUsDkbG83YwpoyS qpHjlEWwtZilatP4HARurZtfyuaeF9bll2azuvGi2M1zK+nBi697TFDR1JXhqNcI9jj0c5FtMIbPX CiCU8O/BjZ9B1hlaYgIjI4hzf1HsxFAkb7StkxX1tc39Y+jCyHNnBf+3gvRawL30h0qE=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1rLOIk-0005Zf-I7 for openvpn-devel@lists.sourceforge.net; Thu, 04 Jan 2024 14:02:28 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 404E2Gbh032249 for ; Thu, 4 Jan 2024 15:02:16 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 404E2GvV032247 for openvpn-devel@lists.sourceforge.net; Thu, 4 Jan 2024 15:02:16 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 4 Jan 2024 15:02:14 +0100 Message-ID: <20240104140214.32196-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe We now warn a user if the TLS 1.0 PRF is not supported by the cryptographic library of the system. Also add the option --force-tls-key-material-export that automatically rejects clients that do not su [...] Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rLOIk-0005Zf-I7 Subject: [Openvpn-devel] [PATCH v9] Check PRF availability on initialisation and add --force-tls-key-material-export X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1785005944973651088?= X-GMAIL-MSGID: =?utf-8?q?1787168788255288788?= From: Arne Schwabe We now warn a user if the TLS 1.0 PRF is not supported by the cryptographic library of the system. Also add the option --force-tls-key-material-export that automatically rejects clients that do not support TLS Keying Material Export and automatically enable it when TLS 1.0 PRF support is not available. Change-Id: I04f8c7c413e7cb62c726262feee6ca89c7e86c70 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/460 This mail reflects revision 9 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index 948c0c8..8b061d2 100644 --- a/doc/man-sections/protocol-options.rst +++ b/doc/man-sections/protocol-options.rst @@ -242,3 +242,11 @@ a key renegotiation begins (default :code:`3600` seconds). This feature allows for a graceful transition from old to new key, and removes the key renegotiation sequence from the critical path of tunnel data forwarding. + +--force-tls-key-material-export + This option is only available in --mode server and forces to use + Keying Material Exporters (RFC 5705) for clients. This can be used to + simulate an environment where the cryptographic library does not support + the older method to generate data channel keys anymore. This option is + intended to be a test option and might be removed in a future OpenVPN + version without notice. diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index e4452d7..2fca131 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -27,6 +27,7 @@ #endif #include "syshead.h" +#include #include "crypto.h" #include "error.h" @@ -1789,3 +1790,22 @@ gc_free(&gc); return ret; } + +bool +check_tls_prf_working(void) +{ + /* Modern TLS libraries might no longer support the TLS 1.0 PRF with + * MD5+SHA1. This allows us to establish connections only + * with other 2.6.0+ OpenVPN peers. + * Do a simple dummy test here to see if it works. */ + const char *seed = "tls1-prf-test"; + const char *secret = "tls1-prf-test-secret"; + uint8_t out[8]; + uint8_t expected_out[] = { 'q', 'D', '\xfe', '%', '@', 's', 'u', '\x95' }; + + int ret = ssl_tls1_PRF((uint8_t *)seed, (int) strlen(seed), + (uint8_t *)secret, (int) strlen(secret), + out, sizeof(out)); + + return (ret && memcmp(out, expected_out, sizeof(out)) == 0); +} diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 9255d38..4201524 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -593,4 +593,12 @@ return kt; } +/** + * Checks if the current TLS library supports the TLS 1.0 PRF with MD5+SHA1 + * that OpenVPN uses when TLS Keying Material Export is not available. + * + * @return true if supported, false otherwise. + */ +bool check_tls_prf_working(void); + #endif /* CRYPTO_H */ diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 8b490ed..f4f0b8a 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1830,6 +1830,16 @@ { o->imported_protocol_flags |= CO_USE_TLS_KEY_MATERIAL_EXPORT; } + else if (o->force_key_material_export) + { + msg(M_INFO, "PUSH: client does not support TLS Keying Material " + "Exporters but --force-tls-key-material-export is enabled."); + auth_set_client_reason(tls_multi, "Client incompatible with this " + "server. Keying Material Exporters (RFC 5705) " + "support missing. Upgrade to a client that " + "supports this feature (OpenVPN 2.6.0+)."); + return false; + } if (proto & IV_PROTO_DYN_TLS_CRYPT) { o->imported_protocol_flags |= CO_USE_DYNAMIC_TLS_CRYPT; diff --git a/src/openvpn/options.c b/src/openvpn/options.c index e498114..1b28a19 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1561,6 +1561,7 @@ SHOW_STR(auth_user_pass_verify_script); SHOW_BOOL(auth_user_pass_verify_script_via_file); SHOW_BOOL(auth_token_generate); + SHOW_BOOL(force_key_material_export); SHOW_INT(auth_token_lifetime); SHOW_STR_INLINE(auth_token_secret_file); #if PORT_SHARE @@ -2802,6 +2803,11 @@ { msg(M_USAGE, "--vlan-tagging requires --mode server"); } + + if (options->force_key_material_export) + { + msg(M_USAGE, "--force-tls-key-material-export requires --mode server"); + } } /* @@ -3634,6 +3640,30 @@ } static void +options_process_mutate_prf(struct options *o) +{ + if (!check_tls_prf_working()) + { + msg(D_TLS_ERRORS, "Warning: TLS 1.0 PRF with MD5+SHA1 PRF is not " + "supported by the TLS library. Your system does not support this " + "calculation anymore or your security policy (e.g. FIPS 140-2) " + "forbids it. Connections will only work with peers running " + "OpenVPN 2.6.0 or higher)"); +#ifndef HAVE_EXPORT_KEYING_MATERIAL + msg(M_FATAL, "Keying Material Exporters (RFC 5705) not available either. " + "No way to generate data channel keys left."); +#endif + if (o->mode == MODE_SERVER) + { + msg(M_WARN, "Automatically enabling option " + "--force-tls-key-material-export"); + o->force_key_material_export = true; + } + + } +} + +static void options_postprocess_mutate(struct options *o, struct env_set *es) { int i; @@ -3647,6 +3677,7 @@ options_postprocess_setdefault_ncpciphers(o); options_set_backwards_compatible_options(o); + options_process_mutate_prf(o); options_postprocess_cipher(o); o->ncp_ciphers = mutate_ncp_cipher_list(o->ncp_ciphers, &o->gc); @@ -8642,6 +8673,11 @@ } } } + else if (streq(p[0], "force-tls-key-material-export")) + { + VERIFY_PERMISSION(OPT_P_GENERAL); + options->force_key_material_export = true; + } else if (streq(p[0], "prng") && p[1] && !p[3]) { msg(M_WARN, "NOTICE: --prng option ignored (SSL library PRNG is used)"); diff --git a/src/openvpn/options.h b/src/openvpn/options.h index c4514e1..cbfff18 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -687,6 +687,8 @@ const char *keying_material_exporter_label; int keying_material_exporter_length; #endif + /* force using TLS key material export for data channel key generation */ + bool force_key_material_export; bool vlan_tagging; enum vlan_acceptable_frames vlan_accept;