From patchwork Thu Nov 23 12:40:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3481 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:3708:b0:f2:62eb:61c1 with SMTP id y8csp333601dyo; Thu, 23 Nov 2023 04:41:11 -0800 (PST) X-Google-Smtp-Source: AGHT+IExcNpr9Y5L015VXZA08117NXJ/l0BBFelfgIH/G++eLyS5fwAIvXFQFTQjUe//Xvu8BL3N X-Received: by 2002:a17:902:c942:b0:1cf:636f:1bbc with SMTP id i2-20020a170902c94200b001cf636f1bbcmr5992995pla.4.1700743271282; Thu, 23 Nov 2023 04:41:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700743271; cv=none; d=google.com; s=arc-20160816; b=KRABF+N8poyDzYMMiz1Y0Hy1TuyWKRS18nbretYSacECyHA8lcrJT2w2ECmQTPNZ5Z kibxKBzrQKzDy+7eEJ0QEhi+f0JSNjb9NQ4Pnh/GyexcOBTswW95QAFaoG1XcMjFIS7n n21XYsbbCOAhrCIboezYYTvTEx/a3/236GDxRLQp/p+58TR+eH5tN6ciimPN2o0VUxwS 6X4QQCb2GzN8+mc2YkyRqhqgxEs5C/RNjXYKymq7V79vYYIvgkM3AP/J4EPrBeO2fiAj KFgdtXQH2LuiCrQxZFrOK3wopb3z6PE749ouT46dQaT7Jyq77VjlQeucnNip7OGUHnU5 wrDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=SosG7sd4kminZGYfBIN00Hs1o+8xWIgEKjFMKbk/4LU=; fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=; b=0qvDw5CSpQwM4NqpLMCZYQcCD8L7TyuEgMyOFC+MNjCeAqH3ZPDl/mk/em66O4tq+U yezPnzUgV+LpqvAAcYUVNBKQYRVYp6Df2ISm1VVa27QMQmI0ALf+z5x6Rwq7BjxaW7RS lzZz4zWrXDGzo9dpaT8+PXJvicPtXIr3m2Lw862/JvbMOxjciGDnBVkVH1S50haCxnHw XEhMhQCwRKqXMJapNLAdUIvLwrtSqBgECbr8qubFGw6gVxVpzuCjCRjJV2mvs8UaW/9r mUqmKvxUp45WanAnsnJsXX2Dz4EI277xQte52pmouH/WC7hZ27mnqy+wLB6CCWjCsmR5 A8cg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Olzk+vIm; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="QOB4/h6n"; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=W0umRRhR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id i6-20020a170902c94600b001cf6a1be230si1082417pla.451.2023.11.23.04.41.11 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 23 Nov 2023 04:41:11 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Olzk+vIm; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="QOB4/h6n"; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=W0umRRhR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1r690B-0003l1-9f; Thu, 23 Nov 2023 12:40:15 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1r690A-0003kv-AL for openvpn-devel@lists.sourceforge.net; Thu, 23 Nov 2023 12:40:14 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=GgTJrHCY1uNaWkZpTm/C+rvzAZMFs+jpt/76+DN9Xz4=; b=Olzk+vIm0J6nDuT9pZZGVqVdMf EABzFmdVPSao1e4KYV9MVAUABarn/lo+2V+tKig7kUD7H6k0l765X1qUsbupB9ayT+UB6rKDIKI+s JJoJR/Cg/X0El0NEvC/CgIABQKnjkqjoemnL61BmOn1JOdwXhrAW3N8M7uwGLfq69Ugc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=GgTJrHCY1uNaWkZpTm/C+rvzAZMFs+jpt/76+DN9Xz4=; b=Q OB4/h6nKcsCZvYSmxwmr6hlstI8WIynSdspcOov8GeZj/Q3glN3gLPpneNOMR/q2SfWZ0hiFp36lA U2y9O0Ui2//IE131U3WBj9tOSD22KRFw2YQPKZ7EOL7wZNTI9QdNulhOl5cZXmHJbVriFvh5qa0mL 94sJ7T2LfrVCgWKI=; Received: from mail-wm1-f47.google.com ([209.85.128.47]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1r6904-00DYkt-Kl for openvpn-devel@lists.sourceforge.net; Thu, 23 Nov 2023 12:40:14 +0000 Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-40b27726369so5457655e9.0 for ; Thu, 23 Nov 2023 04:40:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1700743202; x=1701348002; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=GgTJrHCY1uNaWkZpTm/C+rvzAZMFs+jpt/76+DN9Xz4=; b=W0umRRhRJisMRA+BlCdggEq98Uhoohiv67NXGobb8KqAxHk63kwKfmpAF1Nas3D3av VvB2GIFJLU/nStcpAHqQDq3O05r/Y9GXaded7bm00oPnuMNd0dFIjqE0ci0qvhs0DS76 Pp3yKvqz4VC8taW5ms3Qx50QepXQnP/TDHk5RG9pdv5se4MU9f1EJsjuPvBHFOHF6/kr ziuILvhhRi7oXQNglIH0AdEHImJdGFB6ZsKFOYwh5C0BWaThjGDAa4Dq+Jf0nA9/qHEm S20y7fZnoxO8r7LLckA9gzS2TcFsZjKDKrXY07rd744ytaVAZrQTYWRl6YBp1IGmKXGG mSRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700743202; x=1701348002; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=GgTJrHCY1uNaWkZpTm/C+rvzAZMFs+jpt/76+DN9Xz4=; b=bpCwcnjUtcctgBrtZ5W0aI/xI8hVlfpIxDnMB9E2nHbgq44xRRQYrbq9eZx8yrkku9 bH7Wk8daFV2l947C856i5qiKZKtiIJ4ygIUpDBAhx+2dYSfLjIdUvd/HEr8+D8FzUB9R fb0wYov7zdvKiGlYHxW0kbNNO2C60hW0K1Y/tXmJ2ePZ+PgOnlOdKMgMzG/SzsquJicd GOsFpCSSuFiR7asbdU9bbJ+5cZMMlMngWI4ledszZU+NghemYyK+UkVfjgEWlS11902S Fi2vXEKl1QR4NWuf0KXXO1zg7YFzxlXuepK19pygqrZ6Sq5u2NE7Z5sNsfghRt1OjAhy 9grg== X-Gm-Message-State: AOJu0Yx4EIliCWzbVIIBfcjHUKwbGjLKiD/5y+xmGhGgBY+P5DZwzjUB pFOnjas9FrHlTnhk6vaMO0D9N+aBeB1Ow7rMjXU= X-Received: by 2002:adf:e952:0:b0:332:cbe8:2f57 with SMTP id m18-20020adfe952000000b00332cbe82f57mr3225822wrn.66.1700743201259; Thu, 23 Nov 2023 04:40:01 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id y11-20020adfe6cb000000b0032da87e32e2sm1563661wrm.4.2023.11.23.04.40.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Nov 2023 04:40:00 -0800 (PST) From: "plaisthos (Code Review)" X-Google-Original-From: "plaisthos (Code Review)" X-Gerrit-PatchSet: 1 Date: Thu, 23 Nov 2023 12:40:00 +0000 To: flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I04f8c7c413e7cb62c726262feee6ca89c7e86c70 X-Gerrit-Change-Number: 460 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: d93b06d54bc5291c0a6c8c142dc224e6ca3f1a06 References: Message-ID: <9d77544cc65c96d2f04fef225327581e7d0dcef3-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.47 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.47 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1r6904-00DYkt-Kl Subject: [Openvpn-devel] [M] Change in openvpn[master]: Check PRF availability on initialisation and add --force-tls-key-mate... X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1783358576473760082?= X-GMAIL-MSGID: =?utf-8?q?1783358576473760082?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/460?usp=email to review the following change. Change subject: Check PRF availability on initialisation and add --force-tls-key-material-export ...................................................................... Check PRF availability on initialisation and add --force-tls-key-material-export We now warn a user if the TLS 1.0 PRF is not supported by the cryptographic library of the system. Also add the option --force-tls-key-material-export that automatically rejects clients that do not support TLS Keying Material Export and automatically enable it when TLS 1.0 PRF support is not available. Change-Id: I04f8c7c413e7cb62c726262feee6ca89c7e86c70 Signed-off-by: Arne Schwabe --- M doc/man-sections/protocol-options.rst M src/openvpn/crypto.c M src/openvpn/crypto.h M src/openvpn/multi.c M src/openvpn/options.c M src/openvpn/options.h 6 files changed, 81 insertions(+), 0 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/60/460/1 diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index 948c0c8..8b061d2 100644 --- a/doc/man-sections/protocol-options.rst +++ b/doc/man-sections/protocol-options.rst @@ -242,3 +242,11 @@ a key renegotiation begins (default :code:`3600` seconds). This feature allows for a graceful transition from old to new key, and removes the key renegotiation sequence from the critical path of tunnel data forwarding. + +--force-tls-key-material-export + This option is only available in --mode server and forces to use + Keying Material Exporters (RFC 5705) for clients. This can be used to + simulate an environment where the cryptographic library does not support + the older method to generate data channel keys anymore. This option is + intended to be a test option and might be removed in a future OpenVPN + version without notice. diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index e4452d7..9667c74 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -1789,3 +1789,21 @@ gc_free(&gc); return ret; } + +bool +check_tls_prf_working(void) +{ + /* Modern TLS libraries might no longer support the TLS 1.0 PRF. This + * limits our compatibility to other 2.6.x+ OpernVPN peers. Do a simple + * dummy test here to see if it works. */ + const char *seed = "tls1-prf-test"; + const char *secret = "tls1-prf-test-secret"; + uint8_t out[8]; + uint8_t expected_out[] = { 0xe0, 0x5f, 0x1f, 1, 0, 0, 0, 0}; + + int ret = ssl_tls1_PRF((uint8_t *)seed, strlen(seed), + (uint8_t *)secret, strlen(secret), + out, sizeof(out)); + + return (ret && memcmp(out, expected_out, sizeof(out)) != 0); +} diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 9255d38..4201524 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -593,4 +593,12 @@ return kt; } +/** + * Checks if the current TLS library supports the TLS 1.0 PRF with MD5+SHA1 + * that OpenVPN uses when TLS Keying Material Export is not available. + * + * @return true if supported, false otherwise. + */ +bool check_tls_prf_working(void); + #endif /* CRYPTO_H */ diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 8b490ed..82122f5 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1830,6 +1830,16 @@ { o->imported_protocol_flags |= CO_USE_TLS_KEY_MATERIAL_EXPORT; } + else if (o->force_key_material_export) + { + msg(M_INFO, "PUSH: client does not support TLS key material export" + "but --force-tls-key-material-export is enabled."); + auth_set_client_reason(tls_multi, "Client incompatible with this" + "server. Keying Material Exporters (RFC 5705)" + "support missing. Upgrade to a client that " + "supports this feature (OpenVPN 2.6.0+)."); + return false; + } if (proto & IV_PROTO_DYN_TLS_CRYPT) { o->imported_protocol_flags |= CO_USE_DYNAMIC_TLS_CRYPT; diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 2594b66..170d5c7 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1564,6 +1564,7 @@ SHOW_STR(auth_user_pass_verify_script); SHOW_BOOL(auth_user_pass_verify_script_via_file); SHOW_BOOL(auth_token_generate); + SHOW_BOOL(force_key_material_export); SHOW_INT(auth_token_lifetime); SHOW_STR_INLINE(auth_token_secret_file); #if PORT_SHARE @@ -2579,6 +2580,10 @@ { msg(M_USAGE, "--mode server requires --tls-server"); } + if (options->force_key_material_export) + { + msg(M_USAGE, "--force-tls-key-material-export requires --mode server"); + } if (ce->remote) { msg(M_USAGE, "--remote cannot be used with --mode server"); @@ -3639,6 +3644,30 @@ } static void +options_process_mutate_prf(struct options *o) +{ + if (!check_tls_prf_working()) + { + + msg(D_TLS_ERRORS, "Warning: TLS 1.0 PRF with MD5+SHA1 PRF not supported " + "by TLS library. Your system does not support this calculation " + "anymore or your security policy (e.g. FIPS 140-2) forbids it. " + "Connections will only work with peers running OpenVPN 2.6.0 or " + "higher)"); +#ifndef HAVE_EXPORT_KEYING_MATERIAL + msg(M_FATAL, "Keying Material Exporters (RFC 5705) not available either. " + "No way to generate data channel keys left."); +#endif + if (o->mode == MODE_SERVER) + { + msg(M_WARN, "Automatically enabling option " + "--force-tls-key-material-export"); + } + + } +} + +static void options_postprocess_mutate(struct options *o, struct env_set *es) { int i; @@ -3652,6 +3681,7 @@ options_postprocess_setdefault_ncpciphers(o); options_set_backwards_compatible_options(o); + options_process_mutate_prf(o); options_postprocess_cipher(o); o->ncp_ciphers = mutate_ncp_cipher_list(o->ncp_ciphers, &o->gc); @@ -8650,6 +8680,11 @@ } } } + else if (streq(p[0], "force-tls-key-material-export")) + { + VERIFY_PERMISSION(OPT_P_GENERAL); + options->force_key_material_export = true; + } else if (streq(p[0], "prng") && p[1] && !p[3]) { msg(M_WARN, "NOTICE: --prng option ignored (SSL library PRNG is used)"); diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 5a37316..db7008a 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -688,6 +688,8 @@ const char *keying_material_exporter_label; int keying_material_exporter_length; #endif + /* force using TLS key material export for data channel key generation */ + bool force_key_material_export; bool vlan_tagging; enum vlan_acceptable_frames vlan_accept;