From patchwork Tue Jan 2 12:51:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3544 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7301:2791:b0:100:d2e5:60d with SMTP id hm17csp1975996dyb; Tue, 2 Jan 2024 04:52:32 -0800 (PST) X-Google-Smtp-Source: AGHT+IE9/rCjibEzClpbECB0ycqz1AcPKifTsrvoyz5PNeq5jGRw0qHzicJV87S+owf3T2gLJc/c X-Received: by 2002:a05:6a20:3207:b0:197:1c10:aa3 with SMTP id hl7-20020a056a20320700b001971c100aa3mr4058165pzc.2.1704199952656; Tue, 02 Jan 2024 04:52:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704199952; cv=none; d=google.com; s=arc-20160816; b=SL+7nNPRh4XcgfeyEQTC42BM9T37MYcT9jND0jtDdX2pYttHDKz7+t8iwa36DD6UrG MDbCeLPyt0XnYpWuJzWSOz7nsBzCaXzMOm3HWO+Ks4ZtRnHxDPIy9FahHqP5rzknj055 DwHKsEZGg/rWZQZqa+xl0GgoJYh/+Gl4UnCKlOMxOCa6LXnDaQ2dORMShfX7goYEr+fR ia13/o74473XB6Ujjx9h2PNf/bwPGx1VqKrDwt8innWJ4nJW21YECnAGXpjtQR0Fws9r TbPOCuoayyVEtejHW5XuDHLd7QnWRw4dGcdg74bufBcBIMaL+WqW8mlQ1K9SM8Jchus8 UxNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=Nc7E+sE9d1sK2tmH2uMiCkWNFknM02fc0rVBG/gLves=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=vxdyluKH0q5004KsFk93DUJgNvoGbcONWTnjytK8ay9DiReB7AFlv/szx1gq1f2Xbx XlwT8ymA7Yb2gzXPOcedPYhlZ+9/oIO/e+xe9brQupISRbas7XTJ62YLli/ZZzmpB0z+ BHpiyy8d77eR4EPwq3NTp7v3wxm2t1RAU0zSrbESugBxogHT4ykGoNBbQzWLYdclbDsu JvGk+Eho/pz2FJabMH7nJHjE8WQD2QdR7gsOZRCbGJPSBE3hOdY3CsbKJVv1pKL23Gl9 QE0eNlnnZxBefXPBgrHzWYfEf8dfOP+1DvYDZSAqyCPk6OmeAofBgj9Tr+kLjeZBT40L zghw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=kDHRn9QN; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=dBRAeJaG; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id a9-20020a170902ecc900b001d4ac76e4ffsi4489634plh.322.2024.01.02.04.52.32 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Jan 2024 04:52:32 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=kDHRn9QN; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=dBRAeJaG; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rKeFf-0005EN-2X; Tue, 02 Jan 2024 12:52:11 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rKeFd-0005E6-3y for openvpn-devel@lists.sourceforge.net; Tue, 02 Jan 2024 12:52:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=wqkaLYF/OUzpJKUg3RzbNmVf4xRQoxds1de3TKEBVdM=; b=kDHRn9QNk7UWG0OU490L4N+7UU 7SD04IaWcORuTCAhvrqeTr5l9ercbJ72Gt6qFyadI62D3Xbw8d2bJLr/43avsBtX7WE1cD0o7g2bm 5310V99IlB4E0XG1axJ8Mxk1vt11EkcrZ8FlbQH9gvSMWfeHt5niGhm76DEjw0sAzTyc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=wqkaLYF/OUzpJKUg3RzbNmVf4xRQoxds1de3TKEBVdM=; b=dBRAeJaGIPycgshb/CiEQoZB3x fliv5EcY7rJSoB8BXe/GxWcJqVH4b2MiJ1mCny+1DF3F0lfZfVeN/2rhcRnAEJxZTJWVgfJvUYTTa u786VWBdvKT4tMZxmsXWYn3ig0KmA98kipX9yqq708YuHYeJ4YCdYVrx1VDZPW3csWFw=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1rKeFZ-00086P-CK for openvpn-devel@lists.sourceforge.net; Tue, 02 Jan 2024 12:52:09 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 402CpotW004605 for ; Tue, 2 Jan 2024 13:51:50 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 402CpoXb004604 for openvpn-devel@lists.sourceforge.net; Tue, 2 Jan 2024 13:51:50 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 2 Jan 2024 13:51:49 +0100 Message-ID: <20240102125149.4595-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe We now warn a user if the TLS 1.0 PRF is not supported by the cryptographic library of the system. Also add the option --force-tls-key-material-export that automatically rejects clients that do not su [...] Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rKeFZ-00086P-CK Subject: [Openvpn-devel] [PATCH v8] Check PRF availability on initialisation and add --force-tls-key-material-export X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1785005944973651088?= X-GMAIL-MSGID: =?utf-8?q?1786983169617230382?= From: Arne Schwabe We now warn a user if the TLS 1.0 PRF is not supported by the cryptographic library of the system. Also add the option --force-tls-key-material-export that automatically rejects clients that do not support TLS Keying Material Export and automatically enable it when TLS 1.0 PRF support is not available. Change-Id: I04f8c7c413e7cb62c726262feee6ca89c7e86c70 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/460 This mail reflects revision 8 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index 948c0c8..8b061d2 100644 --- a/doc/man-sections/protocol-options.rst +++ b/doc/man-sections/protocol-options.rst @@ -242,3 +242,11 @@ a key renegotiation begins (default :code:`3600` seconds). This feature allows for a graceful transition from old to new key, and removes the key renegotiation sequence from the critical path of tunnel data forwarding. + +--force-tls-key-material-export + This option is only available in --mode server and forces to use + Keying Material Exporters (RFC 5705) for clients. This can be used to + simulate an environment where the cryptographic library does not support + the older method to generate data channel keys anymore. This option is + intended to be a test option and might be removed in a future OpenVPN + version without notice. diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index e4452d7..8c17f2a 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -1789,3 +1789,22 @@ gc_free(&gc); return ret; } + +bool +check_tls_prf_working(void) +{ + /* Modern TLS libraries might no longer support the TLS 1.0 PRF with + * MD5+SHA1. This allows us to establish connections only + * with other 2.6.0+ OpenVPN peers. + * Do a simple dummy test here to see if it works. */ + const char *seed = "tls1-prf-test"; + const char *secret = "tls1-prf-test-secret"; + uint8_t out[8]; + uint8_t expected_out[] = { 0xe0, 0x5f, 0x1f, 1, 0, 0, 0, 0}; + + int ret = ssl_tls1_PRF((uint8_t *)seed, (int) strlen(seed), + (uint8_t *)secret, (int) strlen(secret), + out, sizeof(out)); + + return (ret && memcmp(out, expected_out, sizeof(out)) != 0); +} diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 9255d38..4201524 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -593,4 +593,12 @@ return kt; } +/** + * Checks if the current TLS library supports the TLS 1.0 PRF with MD5+SHA1 + * that OpenVPN uses when TLS Keying Material Export is not available. + * + * @return true if supported, false otherwise. + */ +bool check_tls_prf_working(void); + #endif /* CRYPTO_H */ diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 8b490ed..35e8707 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1830,6 +1830,16 @@ { o->imported_protocol_flags |= CO_USE_TLS_KEY_MATERIAL_EXPORT; } + else if (o->force_key_material_export) + { + msg(M_INFO, "PUSH: client does not support TLS key material export" + "but --force-tls-key-material-export is enabled."); + auth_set_client_reason(tls_multi, "Client incompatible with this " + "server. Keying Material Exporters (RFC 5705) " + "support missing. Upgrade to a client that " + "supports this feature (OpenVPN 2.6.0+)."); + return false; + } if (proto & IV_PROTO_DYN_TLS_CRYPT) { o->imported_protocol_flags |= CO_USE_DYNAMIC_TLS_CRYPT; diff --git a/src/openvpn/options.c b/src/openvpn/options.c index e498114..1b28a19 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1561,6 +1561,7 @@ SHOW_STR(auth_user_pass_verify_script); SHOW_BOOL(auth_user_pass_verify_script_via_file); SHOW_BOOL(auth_token_generate); + SHOW_BOOL(force_key_material_export); SHOW_INT(auth_token_lifetime); SHOW_STR_INLINE(auth_token_secret_file); #if PORT_SHARE @@ -2802,6 +2803,11 @@ { msg(M_USAGE, "--vlan-tagging requires --mode server"); } + + if (options->force_key_material_export) + { + msg(M_USAGE, "--force-tls-key-material-export requires --mode server"); + } } /* @@ -3634,6 +3640,30 @@ } static void +options_process_mutate_prf(struct options *o) +{ + if (!check_tls_prf_working()) + { + msg(D_TLS_ERRORS, "Warning: TLS 1.0 PRF with MD5+SHA1 PRF is not " + "supported by the TLS library. Your system does not support this " + "calculation anymore or your security policy (e.g. FIPS 140-2) " + "forbids it. Connections will only work with peers running " + "OpenVPN 2.6.0 or higher)"); +#ifndef HAVE_EXPORT_KEYING_MATERIAL + msg(M_FATAL, "Keying Material Exporters (RFC 5705) not available either. " + "No way to generate data channel keys left."); +#endif + if (o->mode == MODE_SERVER) + { + msg(M_WARN, "Automatically enabling option " + "--force-tls-key-material-export"); + o->force_key_material_export = true; + } + + } +} + +static void options_postprocess_mutate(struct options *o, struct env_set *es) { int i; @@ -3647,6 +3677,7 @@ options_postprocess_setdefault_ncpciphers(o); options_set_backwards_compatible_options(o); + options_process_mutate_prf(o); options_postprocess_cipher(o); o->ncp_ciphers = mutate_ncp_cipher_list(o->ncp_ciphers, &o->gc); @@ -8642,6 +8673,11 @@ } } } + else if (streq(p[0], "force-tls-key-material-export")) + { + VERIFY_PERMISSION(OPT_P_GENERAL); + options->force_key_material_export = true; + } else if (streq(p[0], "prng") && p[1] && !p[3]) { msg(M_WARN, "NOTICE: --prng option ignored (SSL library PRNG is used)"); diff --git a/src/openvpn/options.h b/src/openvpn/options.h index c4514e1..cbfff18 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -687,6 +687,8 @@ const char *keying_material_exporter_label; int keying_material_exporter_length; #endif + /* force using TLS key material export for data channel key generation */ + bool force_key_material_export; bool vlan_tagging; enum vlan_acceptable_frames vlan_accept;