From patchwork Fri Aug 18 13:16:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3328 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:c39e:b0:d7:3b0f:3938 with SMTP id fx30csp2705569dyb; Fri, 18 Aug 2023 06:16:56 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEc+d8+oJLoqI7FHuPv24B+eYUKdbEokwbX9VYW4zMNGJ+/K2Q9JgnmDk3xKfudEwhcFn41 X-Received: by 2002:a17:903:244e:b0:1bd:a0cd:1860 with SMTP id l14-20020a170903244e00b001bda0cd1860mr2846842pls.64.1692364616048; Fri, 18 Aug 2023 06:16:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692364616; cv=none; d=google.com; s=arc-20160816; b=Gp5h0ldzT/l8efRWp8uxCpluWjV7fTcd8897fCG2rASppfZuT/Hsi84UwJ7C6nYg9a 3xCo8DRbsGLhIBhtlas+V+D3i4pJ9lZJEjgf+TcgsTfB20ela5chHsrAXaw5zvRqW9UA a9M99b889Z8q7RvxjGx22uAm112ZQAflD0b8kZWOXYmJpfNK9a+5UWK23R+IxZomnRNR cbT6CFHnnQZmmSa3EsXxF8Wfs5bGm2XG3sNvJDe1z70I4fQa+vtoQFPndyLQU8IGJHjd 1XWtDvOmA+EKUhJPPwwqSfeJFlFlrRc1czuNXU6gx99jI42OUUNMX4XguUxSAvx4XUSG +ZHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:in-reply-to:auto-submitted:to :date:from:dkim-signature:dkim-signature:dkim-signature; bh=O4dkZbRlo+LVkTIoOIjMe/kHnkCHR0cTGxiUDO14FPg=; fh=XUHH3psBF7pnwKR61wKzp3qdqX242Q9j1R+vh1Xo5ao=; b=XBAFZmflMA0YFd4euvnyWhotqqlGZKV6zoKpF+x4IUcYJUxohJcPU4JpcrYtrEwBEc If9PfXmNd02+RNtpt0KNImst8brCDvq+rU46BeyTYqdbQKKSaha10pwf4/agutCPLkh/ DAIKSI82Z/LmwYz4a7n16+eVFxiFfRVGsCRsyKr0zOWKTIHkujDeWGTJ2SLQSGPZyh5p Vp7sLDp48+VTlXuoFvybN1JaayY3lX2LfJi/8gUUGpHp+QJIfNfIxA4xSj8Af3nbtOpu v6tEHCvle2Dvzm/5ZTfzy1TPOxM7+mn+MTBWLn4VtYgg9bFFzmgyy0+yqT9z3wtSqxX2 ocGA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="f/jKwOKb"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ZbFvGizN; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b="SVU/Z6ih"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id lg4-20020a170902fb8400b001b5395382a0si1413395plb.212.2023.08.18.06.16.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 18 Aug 2023 06:16:56 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="f/jKwOKb"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ZbFvGizN; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b="SVU/Z6ih"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1qWzL3-0000Jj-AY; Fri, 18 Aug 2023 13:16:29 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1qWzL1-0000Jd-So for openvpn-devel@lists.sourceforge.net; Fri, 18 Aug 2023 13:16:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:In-Reply-To:Subject:List-Unsubscribe:List-Id: Cc:To:Date:From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From :Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Help:List-Subscribe :List-Post:List-Owner:List-Archive; bh=7GbNn4AzvyQW/jvvfD/5YnTRWh9lmjIDmp2WVSdIEGs=; b=f/jKwOKbPcj7iMQN7/3WEj3lzY RMpulAV5bt6PraKb2NmxPWxqVlphfdkFhEMXgGOxis7gwbvCkOJ9g7sER11KmagrEWxScR4wK3+cb B/6vM6cozR/1aD35BQ61jo5iibnNSbH8V4aoDZfvNVZ43W+V1Aiffok+QkmcUEebCbRc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:In-Reply-To:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From: Sender:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=7GbNn4AzvyQW/jvvfD/5YnTRWh9lmjIDmp2WVSdIEGs=; b=Z bFvGizNBWiy2+8w1deEQJBPGcOBGZJCSSHrMzmkwx/OAb7sBuFa/JLjPmYVk0DdGWDUcLwtgY8FM5 hLhByA9sQVIGe0P+UHbap33sKoPnju3rHCrg3xqTzQ+cIz6Wf9+Z2LT7a/6cWtn7U+EvQ2Njaqrdi KOxrdls0gjdp6mO0=; Received: from mail-wm1-f46.google.com ([209.85.128.46]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1qWzL0-0007xC-04 for openvpn-devel@lists.sourceforge.net; Fri, 18 Aug 2023 13:16:28 +0000 Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-3fe1fc8768aso8550395e9.1 for ; Fri, 18 Aug 2023 06:16:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1692364579; x=1692969379; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:in-reply-to:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=7GbNn4AzvyQW/jvvfD/5YnTRWh9lmjIDmp2WVSdIEGs=; b=SVU/Z6ihwdivjipFESqpJjBQtkL9YumOVtWlITtCxJnzqD/gW9du/PcqvOGIsLCshS GicE2ABIaplXOqXHynLW0YFA6PsBqemkM0y40LuRddUM2EsDQAZUpyRJhDT8bVLk1gSE fNAA+e4ski60k/KflhkSjft7ctoXZOnIEmKENOf1OMCbpJv4cEiQVNbUEXIL+MtvuGJV oscARd/InJKnBIuzpWaobaOK5jAu/Lc7Gl6Cl6r+kIC6HGBRN4lM4FSN+mt7XyP7/FO9 IWfO2qRiQfjEC8+RbiBEfVKVCMawIsG7WnELTkgoRC3r7KrehPKwTTCqpXH3mDLOP2BS M/Rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692364579; x=1692969379; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:in-reply-to:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=7GbNn4AzvyQW/jvvfD/5YnTRWh9lmjIDmp2WVSdIEGs=; b=WagGThUFL+O+zgMVXSpHG6W4vYdM4j9EW0zu4Vl13+ZfOvLlmMg542kR3NySNtcuL9 Fcp+aaApS4hyzbF1KkMLfdu1R672MuR+BzQQK+dkrwBCNNjpts2VelwhXqD0APB6rM2X t/yhXZbFPWQ9NMa1r63MBDX2xsSXPrBlxhET111TR1CB7G3EkY754lAg6yirlZSdeTPB lYvmqYx2FVtvZQoKpDTEwivn3rdwqQTTJqT+8aPlH3nkABinMKb4uXgpGBglxox7pkHx scy4IKHoGduw6re2IsWNydGzGRsc133+TX4vbGWv5rkrVlPzfT6DTlFRmv6qiWLSuGDS qKbQ== X-Gm-Message-State: AOJu0YyLlL4az1J8/EroitxZLTSx2gFSWmfMFdrmiD8Cxqt/nuTr0Qt7 AxQhyioWeNt2q6eGiCB5NDDtneoC1SdX3nHs8J8= X-Received: by 2002:a7b:cc13:0:b0:3fc:f9c:a3ed with SMTP id f19-20020a7bcc13000000b003fc0f9ca3edmr2115685wmh.22.1692364578937; Fri, 18 Aug 2023 06:16:18 -0700 (PDT) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id 13-20020a05600c22cd00b003fa98908014sm6338494wmg.8.2023.08.18.06.16.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Aug 2023 06:16:18 -0700 (PDT) From: "plaisthos (Code Review)" X-Google-Original-From: "plaisthos (Code Review)" X-Gerrit-PatchSet: 2 Date: Fri, 18 Aug 2023 13:16:17 +0000 To: flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newpatchset X-Gerrit-Change-Id: I4f29953b91cf8e8daf2c9503da44073ad96d0ff5 X-Gerrit-Change-Number: 325 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 6d1c4046f16727b9925abc46b2a12ca383fadf12 In-Reply-To: References: Message-ID: <26073300ad28c5433cc5c2a125b91a3e40eac0d9-EmailReplacePatchSet-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to reexamine a change. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.46 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.46 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1qWzL0-0007xC-04 Subject: [Openvpn-devel] [M] Change in openvpn[master]: Remove ability to use configurations without TLS by default X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1774572918599575866?= X-GMAIL-MSGID: =?utf-8?q?1774572919464637025?= Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/325?usp=email to look at the new patch set (#2). Change subject: Remove ability to use configurations without TLS by default ...................................................................... Remove ability to use configurations without TLS by default OpenVPN 2.6 already warned about this feature being removed. OpenVPN 2.7 will with this change no longer accept these configurations without having a --allow-deprecated-insecure-static-crypto added to the command line or the configuration itself. This will server as a last and final warning for people who missed the warning message in OpenVPN 2.6. This commit also removes the documentation for --secret and the static key mode. Change-Id: I4f29953b91cf8e8daf2c9503da44073ad96d0ff5 Signed-off-by: Arne Schwabe --- M Changes.rst M doc/man-sections/encryption-options.rst M doc/man-sections/inline-files.rst M doc/man-sections/link-options.rst M doc/man-sections/protocol-options.rst M doc/man-sections/server-options.rst M doc/man-sections/tls-options.rst M src/openvpn/options.c M src/openvpn/options.h M tests/t_lpback.sh 10 files changed, 64 insertions(+), 83 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/25/325/2 diff --git a/Changes.rst b/Changes.rst index 77bcef2..3676dce 100644 --- a/Changes.rst +++ b/Changes.rst @@ -1,3 +1,15 @@ +Overview of changes in 2.7 +========================== +``secret`` support has been removed by default. + static key mode (non-TLS) is no longer considered "good and secure enough" + for today's requirements. Use TLS mode instead. If deploying a PKI CA + is considered "too complicated", using ``--peer-fingerprint`` makes + TLS mode about as easy as using ``--secret``. + + This mode can still be enabled by using + ``--allow-deprecated-insecure-static-crypto`` but will be removed in + OpenVPN 2.8. + Overview of changes in 2.6 ========================== diff --git a/doc/man-sections/encryption-options.rst b/doc/man-sections/encryption-options.rst index abc73d9..3b26782 100644 --- a/doc/man-sections/encryption-options.rst +++ b/doc/man-sections/encryption-options.rst @@ -69,20 +69,20 @@ $ openvpn --tls-crypt-v2 v2crypt-server.key --genkey tls-crypt-v2-client v2crypt-client-1.key * Generating *Shared Secret Keys* - Generate a shared secret, for use with the ``--secret``, ``--tls-auth`` + Generate a shared secret, for use with the ``--tls-auth`` or ``--tls-crypt`` options. Syntax: :: - $ openvpn --genkey secret|tls-crypt|tls-auth keyfile + $ openvpn --genkey tls-crypt|tls-auth keyfile - The key is saved in ``keyfile``. All three variants (``--secret``, - ``tls-crypt`` and ``tls-auth``) generate the same type of key. The - aliases are added for convenience. + The key is saved in ``keyfile``. Both variants (``tls-crypt`` and + ``tls-auth``) generate the same type of key. The aliases are added for + convenience. - If using this for ``--secret``, this file must be shared with the peer - over a pre-existing secure channel such as ``scp``\(1). + This file must be shared with the peer over a pre-existing secure + channel such as ``scp``\(1). * Generating *TLS Crypt v2 Server key* Generate a ``--tls-crypt-v2`` key to be used by an OpenVPN server. diff --git a/doc/man-sections/inline-files.rst b/doc/man-sections/inline-files.rst index 01e4a84..f46301e 100644 --- a/doc/man-sections/inline-files.rst +++ b/doc/man-sections/inline-files.rst @@ -3,7 +3,7 @@ OpenVPN allows including files in the main configuration for the ``--ca``, ``--cert``, ``--dh``, ``--extra-certs``, ``--key``, ``--pkcs12``, -``--secret``, ``--crl-verify``, ``--http-proxy-user-pass``, ``--tls-auth``, +``--crl-verify``, ``--http-proxy-user-pass``, ``--tls-auth``, ``--auth-gen-token-secret``, ``--peer-fingerprint``, ``--tls-crypt``, ``--tls-crypt-v2`` and ``--verify-hash`` options. diff --git a/doc/man-sections/link-options.rst b/doc/man-sections/link-options.rst index 14e76b4..c3d35b1 100644 --- a/doc/man-sections/link-options.rst +++ b/doc/man-sections/link-options.rst @@ -226,10 +226,7 @@ Ping remote over the TCP/UDP control channel if no packets have been sent for at least ``n`` seconds (specify ``--ping`` on both peers to cause ping packets to be sent in both directions since OpenVPN ping - packets are not echoed like IP ping packets). When used in one of - OpenVPN's secure modes (where ``--secret``, ``--tls-server`` or - ``--tls-client`` is specified), the ping packet will be - cryptographically secure. + packets are not echoed like IP ping packets). This option has two intended uses: @@ -428,8 +425,7 @@ received by the prior session. This option only makes sense when replay protection is enabled (the - default) and you are using either ``--secret`` (shared-secret key mode) - or TLS mode with ``--tls-auth``. + default) and you are using TLS mode with ``--tls-auth``. --session-timeout n Raises :code:`SIGTERM` for the client instance after ``n`` seconds since diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index 8134157..cac09e4 100644 --- a/doc/man-sections/protocol-options.rst +++ b/doc/man-sections/protocol-options.rst @@ -73,9 +73,7 @@ configured on the data channel, however, later versions usually ignored this directive in favour of a negotiated cipher. Starting with 2.6.0, this option is always ignored in TLS mode - when it comes to configuring the cipher and will only control the - cipher for ``--secret`` pre-shared-key mode (note: this mode is - deprecated and strictly not recommended). + when it comes to configuring the cipher. If you wish to specify the cipher to use on the data channel, please see ``--data-ciphers`` (for regular negotiation) and @@ -182,7 +180,7 @@ --key-direction Alternative way of specifying the optional direction parameter for the - ``--tls-auth`` and ``--secret`` options. Useful when using inline files + ``--tls-auth`` option. Useful when using inline files (See section on inline files). --data-ciphers cipher-list @@ -234,55 +232,6 @@ have been configured with ``--enable-small`` (typically used on routers or other embedded devices). ---secret args - **DEPRECATED** Enable Static Key encryption mode (non-TLS). Use pre-shared secret - ``file`` which was generated with ``--genkey``. - - Valid syntaxes: - :: - - secret file - secret file direction - - The optional ``direction`` parameter enables the use of 4 distinct keys - (HMAC-send, cipher-encrypt, HMAC-receive, cipher-decrypt), so that each - data flow direction has a different set of HMAC and cipher keys. This - has a number of desirable security properties including eliminating - certain kinds of DoS and message replay attacks. - - When the ``direction`` parameter is omitted, 2 keys are used - bidirectionally, one for HMAC and the other for encryption/decryption. - - The ``direction`` parameter should always be complementary on either - side of the connection, i.e. one side should use :code:`0` and the other - should use :code:`1`, or both sides should omit it altogether. - - The ``direction`` parameter requires that ``file`` contains a 2048 bit - key. While pre-1.5 versions of OpenVPN generate 1024 bit key files, any - version of OpenVPN which supports the ``direction`` parameter, will also - support 2048 bit key file generation using the ``--genkey`` option. - - Static key encryption mode has certain advantages, the primary being - ease of configuration. - - There are no certificates or certificate authorities or complicated - negotiation handshakes and protocols. The only requirement is that you - have a pre-existing secure channel with your peer (such as ``ssh``) to - initially copy the key. This requirement, along with the fact that your - key never changes unless you manually generate a new one, makes it - somewhat less secure than TLS mode (see below). If an attacker manages - to steal your key, everything that was ever encrypted with it is - compromised. Contrast that to the perfect forward secrecy features of - TLS mode (using Diffie Hellman key exchange), where even if an attacker - was able to steal your private key, he would gain no information to help - him decrypt past sessions. - - Another advantageous aspect of Static Key encryption mode is that it is - a handshake-free protocol without any distinguishing signature or - feature (such as a header or protocol handshake sequence) that would - mark the ciphertext packets as being generated by OpenVPN. Anyone - eavesdropping on the wire would see nothing but random-looking data. - --tran-window n Transition window -- our old key can live this many seconds after a new a key renegotiation begins (default :code:`3600` seconds). This feature diff --git a/doc/man-sections/server-options.rst b/doc/man-sections/server-options.rst index 6b9ad21..c1d3dc8 100644 --- a/doc/man-sections/server-options.rst +++ b/doc/man-sections/server-options.rst @@ -406,7 +406,7 @@ Options that will be compared for compatibility include ``dev-type``, ``link-mtu``, ``tun-mtu``, ``proto``, ``ifconfig``, ``comp-lzo``, ``fragment``, ``keydir``, ``cipher``, - ``auth``, ``keysize``, ``secret``, ``no-replay``, + ``auth``, ``keysize``, ``no-replay``, ``tls-auth``, ``key-method``, ``tls-server`` and ``tls-client``. diff --git a/doc/man-sections/tls-options.rst b/doc/man-sections/tls-options.rst index d51aff7..908a42a 100644 --- a/doc/man-sections/tls-options.rst +++ b/doc/man-sections/tls-options.rst @@ -295,8 +295,24 @@ Older versions (up to OpenVPN 2.3) supported a freeform passphrase file. This is no longer supported in newer versions (v2.4+). - See the ``--secret`` option for more information on the optional - ``direction`` parameter. + The optional ``direction`` parameter enables the use of 2 distinct keys + (HMAC-send, HMAC-receive), so that each + data flow direction has a different HMAC key. This has a number of desirable + security properties including eliminating certain kinds of DoS and message + replay attacks. + + When the ``direction`` parameter is omitted, the same key is used + bidirectionally. + + The ``direction`` parameter should always be complementary on either + side of the connection, i.e. one side should use :code:`0` and the other + should use :code:`1`, or both sides should omit it altogether. + + The ``direction`` parameter requires that ``file`` contains a 2048 bit + key. While pre-1.5 versions of OpenVPN generate 1024 bit key files, any + version of OpenVPN which supports the ``direction`` parameter, will also + support 2048 bit key file generation using the ``--genkey`` option. + ``--tls-auth`` is recommended when you are running OpenVPN in a mode where it is listening for packets from any IP address, such as when diff --git a/src/openvpn/options.c b/src/openvpn/options.c index d168163..bce6846 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -532,12 +532,6 @@ "\n" "Data Channel Encryption Options (must be compatible between peers):\n" "(These options are meaningful for both Static Key & TLS-mode)\n" - "--secret f [d] : (DEPRECATED) Enable Static Key encryption mode (non-TLS).\n" - " Use shared secret file f, generate with --genkey.\n" - " The optional d parameter controls key directionality.\n" - " If d is specified, use separate keys for each\n" - " direction, set d=0 on one side of the connection,\n" - " and d=1 on the other side.\n" "--auth alg : Authenticate packets with HMAC using message\n" " digest algorithm alg (default=%s).\n" " (usually adds 16 or 20 bytes per packet)\n" @@ -622,13 +616,11 @@ " and DoS attacks.\n" " f (required) is a shared-secret key file.\n" " The optional d parameter controls key directionality,\n" - " see --secret option for more info.\n" "--tls-crypt key : Add an additional layer of authenticated encryption on top\n" " of the TLS control channel to hide the TLS certificate,\n" " provide basic post-quantum security and protect against\n" " attacks on the TLS stack and DoS attacks.\n" " key (required) provides the pre-shared key file.\n" - " see --secret option for more info.\n" "--tls-crypt-v2 key : For clients: use key as a client-specific tls-crypt key.\n" " For servers: use key to decrypt client-specific keys. For\n" " key generation (--genkey tls-crypt-v2-client): use key to\n" @@ -762,7 +754,7 @@ "\n" "Generate a new key :\n" "--genkey secret file : Generate a new random key of type and write to file\n" - " (for use with --secret, --tls-auth or --tls-crypt)." + " (for use with --tls-auth or --tls-crypt)." #ifdef ENABLE_FEATURE_TUN_PERSIST "\n" "Tun/tap config mode (available with linux 2.4+):\n" @@ -2837,11 +2829,20 @@ if (!options->tls_server && !options->tls_client) { - msg(M_INFO, "DEPRECATION: No tls-client or tls-server option in " - "configuration detected. OpenVPN 2.7 will remove the " + int msglevel = M_USAGE; + if (options->allow_deprecated_insecure_static_crypto) + { + msglevel = M_INFO; + } + + msg(msglevel, "DEPRECATION: No tls-client or tls-server option in " + "configuration detected. OpenVPN 2.8 will remove the " "functionality to run a VPN without TLS. " "See the examples section in the manual page for " - "examples of a similar quick setup with peer-fingerprint."); + "examples of a similar quick setup with peer-fingerprint." + "OpenVPN 2.7 allow using this configuration when using " + "--allow-deprecated-insecure-static-crypto but you should move" + "to proper configuration as soon as possible."); } if (options->ssl_flags & (SSLF_CLIENT_CERT_NOT_REQUIRED|SSLF_CLIENT_CERT_OPTIONAL)) @@ -8550,6 +8551,12 @@ } } } + else if (streq(p[0], "allow-deprecated-insecure-static-crypto")) + { + VERIFY_PERMISSION(OPT_P_GENERAL); + options->allow_deprecated_insecure_static_crypto = true; + + } else if (streq(p[0], "genkey") && !p[4]) { VERIFY_PERMISSION(OPT_P_GENERAL); diff --git a/src/openvpn/options.h b/src/openvpn/options.h index f5890b9..33d17ca 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -552,6 +552,7 @@ /* Cipher parms */ const char *shared_secret_file; bool shared_secret_file_inline; + bool allow_deprecated_insecure_static_crypto; int key_direction; const char *ciphername; bool enable_ncp_fallback; /**< If defined fall back to diff --git a/tests/t_lpback.sh b/tests/t_lpback.sh index 482016a..68df2a6 100755 --- a/tests/t_lpback.sh +++ b/tests/t_lpback.sh @@ -97,7 +97,7 @@ for cipher in ${CIPHERS} do test_start "Testing cipher ${cipher}... " - ( "${openvpn}" --test-crypto --secret key.$$ --cipher ${cipher} ) >log.$$ 2>&1 + ( "${openvpn}" --test-crypto --secret key.$$ --allow-deprecated-insecure-static-crypto --cipher ${cipher} ) >log.$$ 2>&1 test_end $? log.$$ done