From patchwork Fri Dec 20 14:49:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "ralf_lici (Code Review)" X-Patchwork-Id: 4007 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:998b:b0:5e7:b9eb:58e8 with SMTP id d11csp2380274mav; Fri, 20 Dec 2024 06:50:52 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVQwBRGEXGGtbo0+HrVc5rIzPJ/s0Sp32jUnO7arD9Iv22NSMKRTuDupAXdFVWZEJLpT9oMVVrcZRw=@openvpn.net X-Google-Smtp-Source: AGHT+IFO6vYesdn3xu+BPIvcCFQBWg4QbyDCjyV8VoR1kcJqKAZe+ZzQrUwMg2+ghlgAXJ7Xnxlt X-Received: by 2002:a05:6808:1598:b0:3e7:b644:e4ec with SMTP id 5614622812f47-3ed8908ff41mr1700213b6e.26.1734706252047; Fri, 20 Dec 2024 06:50:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1734706252; cv=none; d=google.com; s=arc-20240605; b=MRm7ybJhfkJE4BrrusxUJiEtjZLg+9ebVqTLCH3E25NPALP9e9jKsg/9qaoC/AjR+t mBo7t6QnoVlj5GExeYbg06U51jrXLLA5+YlVAMC0PQaJYXjxjhgb71kyti+HVbOqI960 9UVQSd6kl4GX38s2s1bvdmMN4cqsFA+ZeQqprj/Tdy8XyoN/ZlMVZ8PnWxyqb96qRl+/ 1TuiE3p1pEZITQDpqbI8Al+243WwOiJB2rsBPIqj+zPuUd3LeIqOsKBWl5QWxjw278t+ 4K0IdfAqAU1rIxkWCR/E0+cSFAKQrImtQT/PJ9o3mTDyPSBmttd7YplJ9VMawwG9lKgn LInA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=9YAr7MCE0rQGvxNjgIhh1eg6ts025woe7dGE18Ape/I=; fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=; b=LvWK5M1F5C1HDiNL+Tr/qPJNFFWc+lCY3bCMgRGJDJGZRUyU0U+w9wN5aPbKa8/QMw 4HxbjaNUsMHXJgmKgK5RAJu6PfN0rVlH7a+Za9ylP/1+Ncjpcm+q8YfeRE8eolPZA940 dQ6A0a5qVcznRCgiqFfxmsfI/1+X4FS8ls9yGw49v00Mab/Zx+OzvK0fVWQxMD7+kdFq YoAIut8mLtSYUhMd921onCfiTe8v7rTJh6+vai4qUZNQocvXSn+PbamSkTuaQT7LJLvv pILykOfw6UoIj6l9EgdhgZlGRyIcTIVydQ6IYs503IJ/QXkcQSRRhzd5w7+ZOQZB34tb oJ2A==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=eQ6n7NzT; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=CflDTXs6; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=ZdWIz7en; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3ece2632f9esi2689549b6e.148.2024.12.20.06.50.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 Dec 2024 06:50:52 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=eQ6n7NzT; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=CflDTXs6; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=ZdWIz7en; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tOeL2-0002dP-1X; Fri, 20 Dec 2024 14:50:48 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tOeKT-0002cs-3T for openvpn-devel@lists.sourceforge.net; Fri, 20 Dec 2024 14:50:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=LvUp0WotNPPugK2RhvpUEDxr8iNTbX9nzT2F0tHcVys=; b=eQ6n7NzTFIej5eUSNUnVmy8o7x atI7DjdZtmB1p06rYWnDBTQ3O59lnAnzsIdtKy9aKdWgcUNpJys2xyE/EEqKeAWErLccloN1uELXk 7OMeGvMqmX7xhuVQJYCuqVkWLDFSXGcM6SizZcC80efB/ylhOPnS/KntaAME/0C1fxWw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=LvUp0WotNPPugK2RhvpUEDxr8iNTbX9nzT2F0tHcVys=; b=C flDTXs6tNeYt56HTwoqTQD1RMHExIna5256ckmvuStajaRd7qpAxPBriakYHHdBl1W9wsisPj8eg3 r9wg6D8l/p2uL1XPv8nFndBZqSHj8lNknLleFSdtaOrjQTLKAj0ijkUiNySOoseSxZnBb8bAhq+PX Sj1oGaC4dqI3PgI0=; Received: from mail-wm1-f47.google.com ([209.85.128.47]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1tOeKR-0004yu-VD for openvpn-devel@lists.sourceforge.net; Fri, 20 Dec 2024 14:50:13 +0000 Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-436202dd7f6so21735995e9.0 for ; Fri, 20 Dec 2024 06:50:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1734706200; x=1735311000; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=LvUp0WotNPPugK2RhvpUEDxr8iNTbX9nzT2F0tHcVys=; b=ZdWIz7enum5GynIrSIQ3w3/Mzb1+/tSOXbm954m6NG+wJHpOwECH0EtVo3FZOGFxDF tqd/HGCvSRCi5aLHvnSW5zaMddS/Y56dU2SV/Kx+mlMA1wwloDwbuQXJfoN7Kn+34trb 0A8v7XOg/bX0cnwSa+jZRBOOmXA/mKbEuBpHLGqhZtdIFou/nTbzYeBCb77V/F6RSLri Ac2f2QGnGzE4yE5/VIt2Hu2HatuhVoaC2m3IKdO38tLSkxSeZ7QKUEo5sl/e+K8wYBal g1LOjf4agnHlppyMfDxsTqqqoSm1BqXdX0MyBOz6yNanWIMc+OAjHogIJTO4M9Vx5OY5 bg6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734706200; x=1735311000; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=LvUp0WotNPPugK2RhvpUEDxr8iNTbX9nzT2F0tHcVys=; b=ijzgCv6FYubKTg906VHCPJiWpQAlO46zekwrgln7zgTHH7xLxkmw3qb3kZFqdSrHKV JLjdEyCXDnY1T3GpxuNgKvjyQdBvVuKfrKQNGcTRgFDAaDnrAFu+IfgLuVt+MdVBGUFD ZHUyy/sl5FNc0gf14Q7Vmp+tcmdOdTASWeMr19F4hXLkQiHsWbtZKFKTIBZbvoJAgg85 IDwtgBbn85ordVbS2UC4lyuqt7T8veTM0PYT3fkQDOvEbIce+ZKk+EfLaMrpMdJwdFbN TAZfZoWHQ+rFARHeJCnWdL7LiWJOgISBA+NKKiuYFTPei7fzzH+0MaYOjJoEHMvxjuzO gzSA== X-Gm-Message-State: AOJu0YyVbakMz1KIsvVAYE64IYogfSWQ/eQL2Eo6LeddhNzX3n7FieD6 8QxUl1V9xszSfWjIKkKtuOCG2wE/QZe6yTuNaBD7OLqAphO1vWyWwhThiG1NkvveguV+3mi5PDt o X-Gm-Gg: ASbGncsTQ8jnohbAeXXSjHlFIb5d/PbUPJTO0vgISoehD3I4Zz1WY2gFL1vWWghDqUA 5Sksyru9zDKzic7LFAW/7OhrJQft7Rqhw5DwcFn8kduvwWoGlGnaTtKktPU2mRyAtJ/4XXCi737 A3+JxHAA3vW+nBlfIWmTCdb2l2Xi1d+nCdZR5+l2Qx+RlXzC66XCsN4nIF8y8fQ/JVw4t4jtApa pe5Eqpa8rYKv9vvX8gH3YKMx2aMpMoPZ4/f0F8spznbWn3KuoGD5ZJdEMR4tsQQSCnlgXbUYMOb q9XnQhQbfF0Uim+edM9c9Cvs0dbSTsSoSbd7m++dqpDoEXjJ X-Received: by 2002:a05:600c:511d:b0:434:ff25:19a0 with SMTP id 5b1f17b1804b1-43668b7864cmr24666825e9.21.1734706200089; Fri, 20 Dec 2024 06:50:00 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4366128a44fsm47343925e9.43.2024.12.20.06.49.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Dec 2024 06:49:59 -0800 (PST) From: "plaisthos (Code Review)" X-Google-Original-From: "plaisthos (Code Review)" X-Gerrit-PatchSet: 1 Date: Fri, 20 Dec 2024 14:49:59 +0000 To: flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I81440ac28a1ad553652e201234e5ddfe03a8c190 X-Gerrit-Change-Number: 843 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 1dcb32d9b8589f941b4510cb14b3d43edac26338 References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -1.3 (-) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-1.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.47 listed in list.dnswl.org] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.47 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.128.47 listed in bl.score.senderscore.com] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -1.1 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.47 listed in wl.mailspike.net] 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1tOeKR-0004yu-VD Subject: [Openvpn-devel] [S] Change in openvpn[master]: Do not attempt to decrypt packets anymore after 2**36 failed decryptions X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1818971343067365655?= X-GMAIL-MSGID: =?utf-8?q?1818971343067365655?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/843?usp=email to review the following change. Change subject: Do not attempt to decrypt packets anymore after 2**36 failed decryptions ...................................................................... Do not attempt to decrypt packets anymore after 2**36 failed decryptions To avoid attacks (especially on Chacha20-Poly1305) we do not allow decryption anymore after 2**36 failed verifications. Change-Id: I81440ac28a1ad553652e201234e5ddfe03a8c190 Signed-off-by: Arne Schwabe --- M src/openvpn/crypto.c M src/openvpn/crypto.h M src/openvpn/ssl.c 3 files changed, 40 insertions(+), 1 deletion(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/43/843/1 diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index faf69fc..88a9f24 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -405,7 +405,13 @@ { static const char error_prefix[] = "AEAD Decrypt error"; struct packet_id_net pin = { 0 }; - const struct key_ctx *ctx = &opt->key_ctx_bi.decrypt; + struct key_ctx *ctx = &opt->key_ctx_bi.decrypt; + + if (cipher_decrypt_verify_fail_exceeded(ctx)) + { + CRYPT_DROP("Decryption failed verification limit reached."); + } + int outlen; struct gc_arena gc; @@ -416,6 +422,8 @@ ASSERT(buf->len > 0); ASSERT(ctx->cipher); + + dmsg(D_PACKET_CONTENT, "DECRYPT FROM: %s", format_hex(BPTR(buf), BLEN(buf), 80, &gc)); @@ -511,6 +519,7 @@ if (!cipher_ctx_final_check_tag(ctx->cipher, BPTR(&work) + outlen, &outlen, tag_ptr, tag_size)) { + ctx->failed_verifications++; CRYPT_DROP("packet tag authentication failed"); } ASSERT(buf_inc_len(&work, outlen)); diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 4579b65..bb417e1 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -181,6 +181,8 @@ * with the current key in number of 128 bit blocks (only used for * AEAD ciphers) */ uint64_t plaintext_blocks; + /** number of failed verification using this cipher */ + uint64_t failed_verifications; }; #define KEY_DIRECTION_BIDIRECTIONAL 0 /* same keys for both directions */ @@ -623,6 +625,29 @@ cipher_get_aead_limits(const char *ciphername); /** + * Check if the number of failed decryption is over the acceptable limit. + * We + */ +static inline bool +cipher_decrypt_verify_fail_exceeded(const struct key_ctx *ctx) +{ + /* Use 2**36, same as TLS 1.3 */ + return ctx->failed_verifications > (1ull << 36); +} + +/** + * Check if the number of failed decryption is approaching the limit and we + * should try to move to a new key + */ +static inline bool +cipher_decrypt_verify_fail_warn(const struct key_ctx *ctx) +{ + /* Use 2**35, half the amount after which we refuse to decrypt */ + return ctx->failed_verifications > (1ull << 35); +} + + +/** * Blocksize used for the AEAD limit caluclation * * Since cipher_ctx_block_size() is not reliable and will return 1 in many diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index c77c4ed..73201ef 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -3042,6 +3042,11 @@ return true; } + if (cipher_decrypt_verify_fail_warn(&key_ctx_bi->decrypt)) + { + return true; + } + return false; } /*