From patchwork Tue Aug 23 23:37:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2716 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 2Nu4OLfxBWNIaAAAIUCqbw (envelope-from ) for ; Wed, 24 Aug 2022 05:39:03 -0400 Received: from proxy2.mail.ord1d.rsapps.net ([172.30.191.6]) by director12.mail.ord1d.rsapps.net with LMTP id 6GBWOLfxBWPXUwAAIasKDg (envelope-from ) for ; Wed, 24 Aug 2022 05:39:03 -0400 Received: from smtp33.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy2.mail.ord1d.rsapps.net with LMTPS id gFRNOLfxBWNQPAAAfawv4w (envelope-from ) for ; Wed, 24 Aug 2022 05:39:03 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp33.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 969ab382-2390-11ed-ae30-54520067fec4-1-1 Received: from [216.105.38.7] ([216.105.38.7:32834] helo=lists.sourceforge.net) by smtp33.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id FC/BB-32305-7B1F5036; Wed, 24 Aug 2022 05:39:03 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oQmpo-0003xD-D6; Wed, 24 Aug 2022 09:38:04 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oQmpR-0003wh-JY for openvpn-devel@lists.sourceforge.net; Wed, 24 Aug 2022 09:37:41 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ts9iLVrAKZ0T9MjuPZuIkd18XWTMgD2pGl5MpMlTkGA=; b=Hp/mwOh+z5pZWvVt/RfDnQi0vl Vwqv8laQZYBXA1RoG2pC1hRoDLPGkyu2M5qwHZe1rRDPMTdGLgjIIZev0WjrN7HXWmPmLSFp1Q3/5 ndQWtmQ/5/t2XmIGfcywXobUfXqZD92Q64Iu1B17L3txWEPM835Bc+WT9IFukLx7IKRU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=ts9iLVrAKZ0T9MjuPZuIkd18XWTMgD2pGl5MpMlTkGA=; b=k jvqdrXV7zez2XSdJsvCsZF2XeaYPrxItt1+qJsAU4K5V05dgKSEcT8aVE05bZl4V68GDsvXayJ+dx vFm5kkPT/T4hkDwoUAWGJV+WtT8Scg70I2c4/NPtvx9DcgtmVgeiBcJhnWPOPy1kzqH1AuAYdOO9D S5aD7UmW8trSnQk8=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1oQmpH-00FXj4-3T for openvpn-devel@lists.sourceforge.net; Wed, 24 Aug 2022 09:37:36 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1oQmp9-0003sL-KR for openvpn-devel@lists.sourceforge.net; Wed, 24 Aug 2022 11:37:23 +0200 Received: (nullmailer pid 64664 invoked by uid 10006); Wed, 24 Aug 2022 09:37:23 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 24 Aug 2022 11:37:23 +0200 Message-Id: <20220824093723.64618-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: With delayed data key generation now with deferred auth, NCP and similar mechanism the "TLS Error: local/remote TLS keys are out of sync" is shown much too frequent and confuses a lot of people. This also removes the dead code of printing multi not ready keys and replace it with an assert. Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1oQmpH-00FXj4-3T Subject: [Openvpn-devel] [PATCH] Improve data key id not found error message X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox With delayed data key generation now with deferred auth, NCP and similar mechanism the "TLS Error: local/remote TLS keys are out of sync" is shown much too frequent and confuses a lot of people. This also removes the dead code of printing multi not ready keys and replace it with an assert. Factor out printing of error messages into an extra function to make the code easier to understand and also to only call into that function in the case that a key is not found and avoid the overhead. Signed-off-by: Arne Schwabe --- src/openvpn/ssl.c | 74 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 56 insertions(+), 18 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 33e145b3f..6a3473944 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -3202,11 +3202,61 @@ nohard: return (tas == TLS_AUTHENTICATION_FAILED) ? TLSMP_KILL : active; } -/* - * Pre and post-process the encryption & decryption buffers in order - * to implement a multiplexed TLS channel over the TCP/UDP port. +/** + * We have not found a matching key to decrypt data channel packet, + * try to generate a sensible error message and print it */ +static void +print_key_id_not_found_reason(struct tls_multi *multi, + const struct link_socket_actual *from, int key_id) +{ + struct gc_arena gc = gc_new(); + const char *source = print_link_socket_actual(from, &gc); + + + for (int i = 0; i < KEY_SCAN_SIZE; ++i) + { + struct key_state *ks = get_key_scan(multi, i); + /* + * Our key state has been progressed far enough to be part of an valid + * session but has not generated keys. Since there can + * be multiple valid/semi valid key states with key id 0 (especially in + * p2p mode when a client reconnects), we still need + * to loop through all keys and only remember here that there is at + * least one key that is not ready yet*/ + if (ks->state >= S_INITIAL && key_id < S_GENERATED_KEYS) + { + msg(D_MULTI_DROPPED, + "Key %s [%d] not initialized (yet), dropping packet.", + source, key_id); + gc_free(&gc); + return; + } + if (ks->state >= S_ACTIVE && ks->authenticated == KS_AUTH_FALSE) + { + msg(D_MULTI_DROPPED, + "Key %s [%d] no longer authorized (yet), dropping packet.", + source, key_id); + gc_free(&gc); + return; + } + } + msg(D_TLS_ERRORS, + "TLS Error: local/remote TLS keys are out of sync: %s " + "(received key id: %d, known key ids: %s)", + source, key_id, + print_key_id(multi, &gc)); + gc_free(&gc); +} + +/** + * Check the keyid of the an incoming data channel packet and + * return the matching crypto parameters in \c opt if found. + * Also move the \c buf to the start of the encrypted data, skipping + * the opcode and peer id header and setting also set \c ad_start for + * AEAD ciphers to the start of the authenticated data. + */ static inline void handle_data_channel_packet(struct tls_multi *multi, const struct link_socket_actual *from, @@ -3221,7 +3271,6 @@ handle_data_channel_packet(struct tls_multi *multi, int op = c >> P_OPCODE_SHIFT; int key_id = c & P_KEY_ID_MASK; - /* data channel packet */ for (int i = 0; i < KEY_SCAN_SIZE; ++i) { struct key_state *ks = get_key_scan(multi, i); @@ -3243,14 +3292,7 @@ handle_data_channel_packet(struct tls_multi *multi, && ks->authenticated == KS_AUTH_TRUE && (floated || link_socket_actual_match(from, &ks->remote_addr))) { - if (!ks->crypto_options.key_ctx_bi.initialized) - { - msg(D_MULTI_DROPPED, - "Key %s [%d] not initialized (yet), dropping packet.", - print_link_socket_actual(from, &gc), key_id); - goto done; - } - + ASSERT(ks->crypto_options.key_ctx_bi.initialized); /* return appropriate data channel decrypt key in opt */ *opt = &ks->crypto_options; if (op == P_DATA_V2) @@ -3284,17 +3326,13 @@ handle_data_channel_packet(struct tls_multi *multi, } } - msg(D_TLS_ERRORS, - "TLS Error: local/remote TLS keys are out of sync: %s " - "(received key id: %d, known key ids: %s)", - print_link_socket_actual(from, &gc), key_id, - print_key_id(multi, &gc)); + print_key_id_not_found_reason(multi, from, key_id); done: + gc_free(&gc); tls_clear_error(); buf->len = 0; *opt = NULL; - gc_free(&gc); } /*