From patchwork Thu Jan 25 12:38:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3593 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7301:3b94:b0:101:b91e:57cc with SMTP id kh20csp1653575dyb; Thu, 25 Jan 2024 04:39:06 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCW+TDU/2H9nUvMJ5CQ9wRCww3bDvWGNQWNIrK1PU7sferHD7bwV2K3NRC3/umHxeJ2xloxwKjArW35km7mBHrF2H4FgvBE= X-Google-Smtp-Source: AGHT+IHT+6O+pQJguw9vYU1MonzqscvkUO+OPF1A2QmV1s9g9EK3beZyd07dKXxtBo12hLJ3Jc/R X-Received: by 2002:a17:902:e84c:b0:1d7:923:2731 with SMTP id t12-20020a170902e84c00b001d709232731mr1748317plg.5.1706186345814; Thu, 25 Jan 2024 04:39:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1706186345; cv=none; d=google.com; s=arc-20160816; b=rUY6QoZ26qWHq2nXMuvaw4RZIZojh7nF0zO8Cu4IFFfi905trV27jndBXxqQCDjePe 25btTu8MBvetuBE9dYxp5g++4wWVTjUV39RYgs5O0vqwAfzZw+sBZe3HEgUZ131BpSsK /ugjxoD9nWdI3e0xxBk4kUHbVxlbwS/pPzt4jn8i6BXkJk4/pGc8YeGMlZp8b1zf/ae7 U+Gds9wLfrtl2Nwk1zBPQvNmdWxa4CkHisc5vqHnEjottie50bEAM8xmM92HJbSSA4mD 2ubisNEICQZ+FAUyIPwUqm3KUJ3VsEew2WK+iM3Y09Mf2DHyJHiW4Gicki+UnbjQt3nk ha1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=oHEXJMwWD08o5uZqOcyFCpk5U7vZEvfMnKEVxQB2CKM=; fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=; b=uayMN7lnhvgCnEARxEEw8EwhvYbNtYOTMeKNQ163e9HvgNOLl1OgzxlqhGgdFmXFz5 ZWCeghB6ImNztItBNx5x8m6VmjbCPb7BBbo9bygmBxFBVVQCoisS9oLHssSxnW6IAymv 7dEV/olacwiNZGTyLTU7KOlQZaLSQxDDWi0bLkekaGJEsnMqR6gcHLdFNI1pkRKjPHD4 u7b3QxAOBMCsSu2WqAKhjXYLL0pgrReAVi3ZSaKxJq8rFnlm8EH6i7YP99ykggy8tm3w 4DPa2wttsNC+ZKY6z6+8Hq0IvqSN6SibTzrMgrIA528srH3izzLHvPrXzocDewAUA+Lp psVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=J4CxUMGf; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=VlkTlC0Y; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=bNi8k92f; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id f1-20020a170902e98100b001d72947497dsi10132444plb.277.2024.01.25.04.39.05 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Jan 2024 04:39:05 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=J4CxUMGf; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=VlkTlC0Y; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=bNi8k92f; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rSz04-0004TO-7k; Thu, 25 Jan 2024 12:38:33 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rSz03-0004TI-4K for openvpn-devel@lists.sourceforge.net; Thu, 25 Jan 2024 12:38:32 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ip6zB9KM8jQjwxQ13MKOXbi40fXjq7mGWZwc0Ue8jXA=; b=J4CxUMGf1aUXz2mt52tvwFOzM5 TbJ1AhI1peGNI5VJZ0imjxJZmvFsfIq3gqrmVCXt9Ch1E7935uukwUnBZLrfiIdzhGhVCU6jhxkVa lLU6aVxQ0LQ9hhn8jS9Ev3NXGgHYhqRdoWSoFXatviLIYRn8kJVTFF+pxoLrWaOYTFzU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=ip6zB9KM8jQjwxQ13MKOXbi40fXjq7mGWZwc0Ue8jXA=; b=V lkTlC0YbAb0jJzOaFN0fM+qlePwZapbXbZnRD0aCNzmeGkw8KhpVleBvHPZiEfPyHL0L84Cl4zfqi WdxxoJp+D1Ysc+3co8516uwUGVtjvJX56CrnPlVVuqH9Aabfa2phCc7L1NOpNG4G+VtbVxqtiGQhV Vc4xOxhUPiQcP6ms=; Received: from mail-wm1-f51.google.com ([209.85.128.51]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1rSyzy-0000KY-K1 for openvpn-devel@lists.sourceforge.net; Thu, 25 Jan 2024 12:38:32 +0000 Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-40eccf4a91dso12717755e9.2 for ; Thu, 25 Jan 2024 04:38:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1706186300; x=1706791100; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=ip6zB9KM8jQjwxQ13MKOXbi40fXjq7mGWZwc0Ue8jXA=; b=bNi8k92fbmgGKOTzPcCugZmCCqGVSjOImwjFufiDrbzbJwAWjLqg32p3qYGoC3ykpK 63cXsSIQfvlhlGsCa/8tXeojRe0F9MYKjLIV0e+jy8M0W1Dq7F00Sq1aD5Y3h9gUopHU BDbt416z6Ly0u99ExNdVbD6RMPuCv4LVuLkTDaYo88Pn2IeWP5WJTas4smAjgyj2SzC1 h43M+BzYv+Kot492qvu4xq+nTk50dX5+oX574egMCZqA79k+gcAEfQ9BuntS1uhJZMTi uK/+RY79QHtHikwY2I2oBjxoZoHLxcb4NFBR7Ax8Bz6RqMIu2kXBTKeivmNIEPvvNN2A wuig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706186300; x=1706791100; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ip6zB9KM8jQjwxQ13MKOXbi40fXjq7mGWZwc0Ue8jXA=; b=pASiQ4wfDL/lxPKxu8pHdWXSsfXVu0wgRtbvDXxRZVzDI+YvAhARmy/YfT2mzJf1mb G4G+Ub3O/CzewVVX6q2YG2sAyL1FxZry0CXL49GFzmMNqJdCsZT56rqIuK+aXeRoCzcI DIdstiLL17D/WCQ0Ax/VT0/mrQ+pdXw6OTjizpTCAV3fFNN0cy6kJ+S+Ie4YVkO840i+ 2KnPFdGcqUC6OWsTXW2Wk/br6vBgRMGI4++Md0Bd9YIUT7Cl5T7Y4OKZ6qUNIy3DN6FU SinWf4L5wt48F5YGszB2SoyI3SNM0t5L4yqdQ3Q4TdUjrNho8qCD7LWryw/ii10ipBl0 WEvw== X-Gm-Message-State: AOJu0YwdhDXTzpm7PmTMfa7yXj00GWtVgbMtbuIIsyg6XhMBZeyanzvi ZV7yDhp5mfGHfDYLl5eefx9HavL0ikF1KvwJEtZZ+Hly2amb8/BWRB+gidldRHW46pTPv8qSIH4 K X-Received: by 2002:a05:600c:5789:b0:40e:596a:985b with SMTP id jx9-20020a05600c578900b0040e596a985bmr491246wmb.160.1706186300187; Thu, 25 Jan 2024 04:38:20 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id c2-20020a5d4cc2000000b003392d3dcf60sm11655119wrt.88.2024.01.25.04.38.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jan 2024 04:38:19 -0800 (PST) From: "plaisthos (Code Review)" X-Google-Original-From: "plaisthos (Code Review)" X-Gerrit-PatchSet: 1 Date: Thu, 25 Jan 2024 12:38:19 +0000 To: flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I01e258e97351b5aa4b9e561f5b35ddc2318569e2 X-Gerrit-Change-Number: 507 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: 1eb1412505aa7f7a52aa11adc1d2b9378485450d References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.51 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.51 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rSyzy-0000KY-K1 Subject: [Openvpn-devel] [M] Change in openvpn[master]: Implement support for larger packet counter sizes X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1789066053755314727?= X-GMAIL-MSGID: =?utf-8?q?1789066053755314727?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/507?usp=email to review the following change. Change subject: Implement support for larger packet counter sizes ...................................................................... Implement support for larger packet counter sizes With DCO and possible future hardware assisted OpenVPN acceleration we are approaching the point where 32 bit IVs are not cutting it any more. To illustrate the problem, some back of the envelope math here: If we want to keep the current 3600s renegotiation interval and have a safety margin of 25% (when we trigger renegotiation) we have about 3.2 million packets (2*32 * 0.7) to work with. That translates to about 835k packets per second. With 1300 Byte packets that translates into 8-9 Gbit/s. That is far from unrealistic any more. Current DCO implementations are already in spitting distance to that or might even reach (for a single client connection) that if you have extremely fast single core performance CPU. This introduces the 64bit packet counters for AEAD data channel ciphers in TLS mode ciphers. No effort has been made to support larger packet counters in any scenario since the other scenarios are all legacy. While we still keep the old --secret logic around we use the same weird unix timestamp + packet counter format to avoid refactoring the code now and again when we remove --secret code but DCO implementations are free to use just a single 64 bit counter. One other small downside of this approach is that when rollover happens and we get reordering all the older packets are thrown away since the distance between the packet before and after the rollover is quite large as we probably jump forward more than 1s (or more than 2^32 packet ids) forward. But this is an obscure edge that we can (currently) live with. Change-Id: I01e258e97351b5aa4b9e561f5b35ddc2318569e2 --- M src/openvpn/crypto.c M src/openvpn/crypto.h M src/openvpn/init.c M src/openvpn/multi.c M src/openvpn/options.c M src/openvpn/push.c M src/openvpn/ssl.c M src/openvpn/ssl_common.h M src/openvpn/ssl_ncp.c M tests/unit_tests/openvpn/test_ssl.c 10 files changed, 105 insertions(+), 20 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/07/507/1 diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 9988ebe..81b33fe 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -68,6 +68,7 @@ const struct key_ctx *ctx = &opt->key_ctx_bi.encrypt; uint8_t *mac_out = NULL; const int mac_len = OPENVPN_AEAD_TAG_LENGTH; + bool longiv = opt->flags & CO_64_BIT_PKT_ID; /* IV, packet-ID and implicit IV required for this mode. */ ASSERT(ctx->cipher); @@ -86,7 +87,7 @@ buf_set_write(&iv_buffer, iv, iv_len); /* IV starts with packet id to make the IV unique for packet */ - if (!packet_id_write(&opt->packet_id.send, &iv_buffer, false, false)) + if (!packet_id_write(&opt->packet_id.send, &iv_buffer, longiv, false)) { msg(D_CRYPT_ERRORS, "ENCRYPT ERROR: packet ID roll over"); goto err; @@ -384,6 +385,8 @@ /* IV and Packet ID required for this mode */ ASSERT(packet_id_initialized(&opt->packet_id)); + bool longiv = opt->flags & CO_64_BIT_PKT_ID; + /* Combine IV from explicit part from packet and implicit part from context */ { uint8_t iv[OPENVPN_MAX_IV_LENGTH] = { 0 }; @@ -409,7 +412,7 @@ } /* Read packet ID from packet */ - if (!packet_id_read(&pin, buf, false)) + if (!packet_id_read(&pin, buf, longiv)) { CRYPT_ERROR("error reading packet-id"); } diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 95a5b31..0ef13e0 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -283,6 +283,11 @@ /**< Bit-flag indicating that the AEAD tag is at the end of the * packet. */ +#define CO_64_BIT_PKT_ID (1<<9) + /**< Bit-flag indicating that we should use a 64 bit (8 byte) packet + * counter instead of the 32 bit that we normally use. + */ + unsigned int flags; /**< Bit-flags determining behavior of * security operation functions. */ diff --git a/src/openvpn/init.c b/src/openvpn/init.c index cd37b36..7db8d06 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2327,6 +2327,10 @@ { buf_printf(&out, " aead-tag-end"); } + if (o->imported_protocol_flags & CO_64_BIT_PKT_ID) + { + buf_printf(&out, " pkt-id-64-bit"); + } } if (buf_len(&out) > strlen(header)) @@ -3297,6 +3301,16 @@ to.push_peer_info_detail = 1; } + /* Check if the DCO drivers support the new 64bit packet counter and + * AEAD tag at the end */ + if (dco_enabled(options)) + { + to.data_v3_features_supported = false; + } + else + { + to.data_v3_features_supported = true; + } /* should we not xmit any packets until we get an initial * response from client? */ diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 4344126..a80b9f4 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1851,6 +1851,13 @@ o->imported_protocol_flags |= CO_USE_CC_EXIT_NOTIFY; } + if (tls_multi->session[TM_ACTIVE].opt->data_v3_features_supported + && (proto & IV_PROTO_DATA_V3)) + { + o->imported_protocol_flags |= CO_AEAD_TAG_AT_THE_END; + o->imported_protocol_flags |= CO_64_BIT_PKT_ID; + } + /* Select cipher if client supports Negotiable Crypto Parameters */ /* if we have already created our key, we cannot *change* our own diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 39f00c0..3f8fccf 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -8690,6 +8690,10 @@ { options->imported_protocol_flags |= CO_AEAD_TAG_AT_THE_END; } + else if (streq(p[j], "pkt-id-64-bit")) + { + options->imported_protocol_flags |= CO_64_BIT_PKT_ID; + } else { msg(msglevel, "Unknown protocol-flags flag: %s", p[j]); diff --git a/src/openvpn/push.c b/src/openvpn/push.c index e4c122c..5766c97 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -691,6 +691,10 @@ { buf_printf(&proto_flags, " aead-tag-end"); } + if (o->imported_protocol_flags & CO_64_BIT_PKT_ID) + { + buf_printf(&proto_flags, " pkt-id-64-bit"); + } if (buf_len(&proto_flags) > 0) { diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 33c8670..6579ff9 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -105,9 +105,11 @@ * @param ctx Encrypt/decrypt key context * @param key HMAC key, used to calculate implicit IV * @param key_len HMAC key length + * @param long_pkt_id 64-bit packet counters are used */ static void -key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, size_t key_len); +key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, size_t key_len, + bool long_pkt_id); /** @@ -1369,13 +1371,15 @@ } else { + bool longiv = ks->crypto_options.flags & CO_64_BIT_PKT_ID; init_key_ctx_bi(key, key2, key_direction, key_type, "Data Channel"); /* Initialize implicit IVs */ - key_ctx_update_implicit_iv(&key->encrypt, key2->keys[(int)server].hmac, - MAX_HMAC_KEY_LENGTH); + key_ctx_update_implicit_iv(&key->encrypt, + key2->keys[(int)server].hmac, + MAX_HMAC_KEY_LENGTH, longiv); key_ctx_update_implicit_iv(&key->decrypt, key2->keys[1 - (int)server].hmac, - MAX_HMAC_KEY_LENGTH); + MAX_HMAC_KEY_LENGTH, longiv); } } @@ -1513,14 +1517,15 @@ } static void -key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, size_t key_len) +key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, + size_t key_len, bool longiv) { /* Only use implicit IV in AEAD cipher mode, where HMAC key is not used */ if (cipher_ctx_mode_aead(ctx->cipher)) { size_t impl_iv_len = 0; ASSERT(cipher_ctx_iv_length(ctx->cipher) >= OPENVPN_AEAD_MIN_IV_LEN); - impl_iv_len = cipher_ctx_iv_length(ctx->cipher) - sizeof(packet_id_type); + impl_iv_len = cipher_ctx_iv_length(ctx->cipher) - packet_id_size(longiv); ASSERT(impl_iv_len <= OPENVPN_MAX_IV_LENGTH); ASSERT(impl_iv_len <= key_len); memcpy(ctx->implicit_iv, key, impl_iv_len); @@ -1935,6 +1940,12 @@ iv_proto |= IV_PROTO_DYN_TLS_CRYPT; #endif + /* support for AEAD tag at the end and 8 byte IV */ + if (session->opt->data_v3_features_supported) + { + iv_proto |= IV_PROTO_DATA_V3; + } + buf_printf(&out, "IV_PROTO=%d\n", iv_proto); if (session->opt->push_peer_info_detail > 1) diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h index f085e0d..53bf763 100644 --- a/src/openvpn/ssl_common.h +++ b/src/openvpn/ssl_common.h @@ -311,7 +311,6 @@ /* from command line */ bool single_session; - bool disable_occ; int mode; bool pull; /** @@ -361,6 +360,8 @@ const char *config_ciphername; const char *config_ncp_ciphers; + bool data_v3_features_supported; /**< dco supports new data channel features */ + bool tls_crypt_v2; const char *tls_crypt_v2_verify_script; @@ -490,8 +491,6 @@ */ int key_id; - int limit_next; /* used for traffic shaping on the control channel */ - int verify_maxlevel; char *common_name; diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c index 0ca6d42..0b4ad8a 100644 --- a/src/openvpn/ssl_ncp.c +++ b/src/openvpn/ssl_ncp.c @@ -430,6 +430,12 @@ session->opt->crypto_flags |= CO_USE_CC_EXIT_NOTIFY; } + if (session->opt->data_v3_features_supported && (iv_proto_peer & IV_PROTO_DATA_V3)) + { + session->opt->crypto_flags |= CO_AEAD_TAG_AT_THE_END; + session->opt->crypto_flags |= CO_64_BIT_PKT_ID; + } + #if defined(HAVE_EXPORT_KEYING_MATERIAL) if (iv_proto_peer & IV_PROTO_TLS_KEY_EXPORT) { diff --git a/tests/unit_tests/openvpn/test_ssl.c b/tests/unit_tests/openvpn/test_ssl.c index 0ded052..125d24b 100644 --- a/tests/unit_tests/openvpn/test_ssl.c +++ b/tests/unit_tests/openvpn/test_ssl.c @@ -128,9 +128,12 @@ { cipher_ctx_t *cipher = co->key_ctx_bi.encrypt.cipher; + if (cipher_ctx_mode_aead(cipher)) { - size_t impl_iv_len = cipher_ctx_iv_length(cipher) - sizeof(packet_id_type); + bool longiv = co->flags & CO_64_BIT_PKT_ID; + + size_t impl_iv_len = cipher_ctx_iv_length(cipher) - packet_id_size(longiv); ASSERT(cipher_ctx_iv_length(cipher) <= OPENVPN_MAX_IV_LENGTH); ASSERT(cipher_ctx_iv_length(cipher) >= OPENVPN_AEAD_MIN_IV_LEN); @@ -142,6 +145,11 @@ memcpy(co->key_ctx_bi.decrypt.implicit_iv, co->key_ctx_bi.encrypt.implicit_iv, OPENVPN_MAX_IV_LENGTH); co->key_ctx_bi.decrypt.implicit_iv_len = impl_iv_len; + + if (longiv) + { + co->flags |= CO_64_BIT_PKT_ID; + } } } @@ -280,6 +288,25 @@ } static void +run_data_channel_with_cipher_end_and_long_pkt_counter(const char *cipher) +{ + struct crypto_options co = init_crypto_options(cipher, "none"); + co.flags |= CO_AEAD_TAG_AT_THE_END; + do_data_channel_round_trip(&co); + uninit_crypto_options(&co); +} + +static void +run_data_channel_with_long_pkt_counter(const char *cipher) +{ + struct crypto_options co = init_crypto_options(cipher, "none"); + co.flags |= CO_64_BIT_PKT_ID; + do_data_channel_round_trip(&co); + uninit_crypto_options(&co); +} + + +static void run_data_channel_with_cipher(const char *cipher, const char *auth) { struct crypto_options co = init_crypto_options(cipher, auth); @@ -289,24 +316,30 @@ static void +run_aead_channel_tests(const char *cipher) +{ + run_data_channel_with_cipher_end(cipher); + run_data_channel_with_cipher(cipher, "none"); + run_data_channel_with_cipher_end_and_long_pkt_counter(cipher); + run_data_channel_with_long_pkt_counter(cipher); +} + +static void test_data_channel_roundtrip_aes_128_gcm(void **state) { - run_data_channel_with_cipher_end("AES-128-GCM"); - run_data_channel_with_cipher("AES-128-GCM", "none"); + run_aead_channel_tests("AES-128-GCM"); } static void test_data_channel_roundtrip_aes_192_gcm(void **state) { - run_data_channel_with_cipher_end("AES-192-GCM"); - run_data_channel_with_cipher("AES-192-GCM", "none"); + run_aead_channel_tests("AES-192-GCM"); } static void test_data_channel_roundtrip_aes_256_gcm(void **state) { - run_data_channel_with_cipher_end("AES-256-GCM"); - run_data_channel_with_cipher("AES-256-GCM", "none"); + run_aead_channel_tests("AES-256-GCM"); } static void @@ -336,8 +369,7 @@ return; } - run_data_channel_with_cipher_end("ChaCha20-Poly1305"); - run_data_channel_with_cipher("ChaCha20-Poly1305", "none"); + run_aead_channel_tests("ChaCha20-Poly1305"); } static void