From patchwork Wed Aug 24 00:46:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2717 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id oLRGD8oBBmNcQQAAIUCqbw (envelope-from ) for ; Wed, 24 Aug 2022 06:47:38 -0400 Received: from proxy3.mail.ord1c.rsapps.net ([172.28.255.1]) by director12.mail.ord1d.rsapps.net with LMTP id wNsOD8oBBmNDWwAAIasKDg (envelope-from ) for ; Wed, 24 Aug 2022 06:47:38 -0400 Received: from smtp7.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.ord1c.rsapps.net with LMTPS id KFKzDsoBBmOpXgAANIxBXg (envelope-from ) for ; Wed, 24 Aug 2022 06:47:38 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp7.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 2b01c1a6-239a-11ed-9348-bc305bf04148-1-1 Received: from [216.105.38.7] ([216.105.38.7:57176] helo=lists.sourceforge.net) by smtp7.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 2A/EF-11089-9C106036; Wed, 24 Aug 2022 06:47:37 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oQnuD-0006Df-UH; Wed, 24 Aug 2022 10:46:41 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oQnts-0006DK-8N for openvpn-devel@lists.sourceforge.net; Wed, 24 Aug 2022 10:46:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=7/yDrrpol+OsMIxL/IbxUm0vmZr9GWsTz3qTcwKEwws=; b=ci47hSvWIuLqZ91iLwvq+vjtJe iXmavzjnQ88x6UjO35OeEge75uyvJoJZdBW1HZFMCFzdjEOh0MBlZSnFjRT3Qu/1isM/ZtNLh9k9f G7wkvBGYoyAh01v/QDSiNpBAujdzspvv7/a6XDT3O57xqzhNflRn+qLKa9xDM+VZVyMM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=7/yDrrpol+OsMIxL/IbxUm0vmZr9GWsTz3qTcwKEwws=; b=PFWb1oshtL+Wh/Ef58edcn4pZ4 bwwZqrkl9gQmL0G2jO+I+SLrQB+zDpJJrv+twk/gZ3LbGwQJdcLB3pn+V0XaUGrJNRK41fec6IZ/c f51tkccmXPvQqhpvXGAhUqScNATJDlPqSw2PdNAxMxHainrQVIhOTmYrIMbyrwE1Qx7E=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1oQntm-00FbD9-DQ for openvpn-devel@lists.sourceforge.net; Wed, 24 Aug 2022 10:46:16 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.95 (FreeBSD)) (envelope-from ) id 1oQntf-0004Ba-1N for openvpn-devel@lists.sourceforge.net; Wed, 24 Aug 2022 12:46:07 +0200 Received: (nullmailer pid 70577 invoked by uid 10006); Wed, 24 Aug 2022 10:46:07 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 24 Aug 2022 12:46:07 +0200 Message-Id: <20220824104607.70531-1-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220824093723.64618-1-arne@rfc2549.org> References: <20220824093723.64618-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: With delayed data key generation now with deferred auth, NCP and similar mechanism the "TLS Error: local/remote TLS keys are out of sync" is shown much too frequent and confuses a lot of people. This also removes the dead code of printing multi not ready keys and replace it with an assert. Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1oQntm-00FbD9-DQ Subject: [Openvpn-devel] [PATCH v2] Improve data key id not found error message X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox With delayed data key generation now with deferred auth, NCP and similar mechanism the "TLS Error: local/remote TLS keys are out of sync" is shown much too frequent and confuses a lot of people. This also removes the dead code of printing multi not ready keys and replace it with an assert. Factor out printing of error messages into an extra function to make the code easier to understand and also to only call into that function in the case that a key is not found and avoid the overhead. Patch v2: fix comparing key_id to state value, improve message Signed-off-by: Arne Schwabe --- src/openvpn/ssl.c | 75 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 57 insertions(+), 18 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 33e145b3f..8c95a945f 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -3202,11 +3202,62 @@ nohard: return (tas == TLS_AUTHENTICATION_FAILED) ? TLSMP_KILL : active; } -/* - * Pre and post-process the encryption & decryption buffers in order - * to implement a multiplexed TLS channel over the TCP/UDP port. +/** + * We have not found a matching key to decrypt data channel packet, + * try to generate a sensible error message and print it */ +static void +print_key_id_not_found_reason(struct tls_multi *multi, + const struct link_socket_actual *from, int key_id) +{ + struct gc_arena gc = gc_new(); + const char *source = print_link_socket_actual(from, &gc); + + + for (int i = 0; i < KEY_SCAN_SIZE; ++i) + { + struct key_state *ks = get_key_scan(multi, i); + /* + * Our key state has been progressed far enough to be part of an valid + * session but has not generated keys. Since there can + * be multiple valid/semi valid key states with key id 0 (especially in + * p2p mode when a client reconnects), we still need + * to loop through all keys and only remember here that there is at + * least one key that is not ready yet*/ + if (ks->state >= S_INITIAL && ks->state < S_GENERATED_KEYS) + { + msg(D_MULTI_DROPPED, + "Key %s [%d] not initialized (yet), dropping packet.", + source, key_id); + gc_free(&gc); + return; + } + if (ks->state >= S_ACTIVE && ks->authenticated != KS_AUTH_TRUE) + { + msg(D_MULTI_DROPPED, + "Key %s [%d] not authorized%s, dropping packet.", + source, key_id, + (ks->authenticated == KS_AUTH_DEFERRED) ? " (deferred)" : ""); + gc_free(&gc); + return; + } + } + msg(D_TLS_ERRORS, + "TLS Error: local/remote TLS keys are out of sync: %s " + "(received key id: %d, known key ids: %s)", + source, key_id, + print_key_id(multi, &gc)); + gc_free(&gc); +} + +/** + * Check the keyid of the an incoming data channel packet and + * return the matching crypto parameters in \c opt if found. + * Also move the \c buf to the start of the encrypted data, skipping + * the opcode and peer id header and setting also set \c ad_start for + * AEAD ciphers to the start of the authenticated data. + */ static inline void handle_data_channel_packet(struct tls_multi *multi, const struct link_socket_actual *from, @@ -3221,7 +3272,6 @@ handle_data_channel_packet(struct tls_multi *multi, int op = c >> P_OPCODE_SHIFT; int key_id = c & P_KEY_ID_MASK; - /* data channel packet */ for (int i = 0; i < KEY_SCAN_SIZE; ++i) { struct key_state *ks = get_key_scan(multi, i); @@ -3243,14 +3293,7 @@ handle_data_channel_packet(struct tls_multi *multi, && ks->authenticated == KS_AUTH_TRUE && (floated || link_socket_actual_match(from, &ks->remote_addr))) { - if (!ks->crypto_options.key_ctx_bi.initialized) - { - msg(D_MULTI_DROPPED, - "Key %s [%d] not initialized (yet), dropping packet.", - print_link_socket_actual(from, &gc), key_id); - goto done; - } - + ASSERT(ks->crypto_options.key_ctx_bi.initialized); /* return appropriate data channel decrypt key in opt */ *opt = &ks->crypto_options; if (op == P_DATA_V2) @@ -3284,17 +3327,13 @@ handle_data_channel_packet(struct tls_multi *multi, } } - msg(D_TLS_ERRORS, - "TLS Error: local/remote TLS keys are out of sync: %s " - "(received key id: %d, known key ids: %s)", - print_link_socket_actual(from, &gc), key_id, - print_key_id(multi, &gc)); + print_key_id_not_found_reason(multi, from, key_id); done: + gc_free(&gc); tls_clear_error(); buf->len = 0; *opt = NULL; - gc_free(&gc); } /*