From patchwork Sun Dec 22 21:45:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4013 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:998b:b0:5e7:b9eb:58e8 with SMTP id d11csp3665327mav; Sun, 22 Dec 2024 13:46:16 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXVu94eblyU8FgcL5kQk3amuyxYPZ/lod3uY7dUf8x6lj9Zl5OjTSJpGr6cRh66nmNKvGMqCAg5pQE=@openvpn.net X-Google-Smtp-Source: AGHT+IHiDppCnDYgRtq92EIf431LMT8GI+zDSyy0zztwsuZvWlsQjVOwRfoq6T7Uow+1LFpe9DV/ X-Received: by 2002:a05:6808:140a:b0:3eb:4acb:a86d with SMTP id 5614622812f47-3ed88f77da5mr6771640b6e.21.1734903976474; Sun, 22 Dec 2024 13:46:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1734903976; cv=none; d=google.com; s=arc-20240605; b=D9/CTtMqOzrtwrxX9V2JTseySCXCt+wgcDexWClXJ3Oy8ELIacnYAnsarS/LE+T+Af khHRMgkJ+lEK5S3fqm5jU/fYUjzgLuGS/Zh0jwJMdbSlKpz7qKmCfebsrLkn6Ffp5UI6 eFZ/mydBgJdGP8HSZYqKheFdoY8OfpCNqzbphmAjDtkGATBc8wUU41UphsKtwM1r9+1k 6Qo7c+NwWMKFbxPIEiddg0V3Oo6tsAviuMgpeA963cHVmPyt6Y6NcZdrL4S3HC1J9wHI KdkHQrTNdhfMnnLbUnpTjOe+jJ31oGdSuleqfkxzctW+WoAwaiTuNTCkg6+Sb88PB2ks GpAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=M/qevJ+yQMAXzjjYKj8ZnNDfRX+daMjwwg4vunA77jQ=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=SlyO36hbrJGzzgiXvM3sutPX+YFSiXYIrVUb6mh38Iap4eRzGGqcOXL/n9gWe1gJpu GMN7DzpRw1U8Yhwy1jLu5srHuo9XkcfdObpIJ29o5cJOOSIjctzOcqV+MzV8Vus8ILh9 x2hbUnThlNbWwPVzdFLVPLeDnlN6CvMqSZkAc/Wv1g0Ddz35yJ5myx1djR3i1lMmoWvL 4MuQ/r530Y1RsvACaudhtscZaUJQLnNZ0cuGF0i0O+K8yW+h89Vg0ef5ggl4KTlOgTE1 /78QZL0ZYdM7rNtG2QCPIIQPNz5ch3nQcmqZK6CldKVMiIwjP5oNQYjEE2LkpfPZ+Cyv n1Ag==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ZQH2258x; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=XyDJhhxE; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3ece263727bsi5666071b6e.156.2024.12.22.13.46.16 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 22 Dec 2024 13:46:16 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=ZQH2258x; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=XyDJhhxE; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tPTm8-0004Qw-MU; Sun, 22 Dec 2024 21:46:13 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tPTlq-0004QM-3n for openvpn-devel@lists.sourceforge.net; Sun, 22 Dec 2024 21:45:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=zyoE3ncADA802dOlRPGk2VQ99CEeGAz7tByr66RRRHw=; b=ZQH2258xTT8gAy2FHbJ4hy/wGG U0iSqU5cB2hZDfIZQ4nDBuqD61NBw15LEK+PjvA5NR+oXvjj3Dy0LSOfWZWOGkrqTtp0uQTHNKGPi xlEiihMbos+BlNUIB4dx1Kxo7A4nV5QdsNHenxx85u+93jWXQT678RpHhQezAaEddooI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=zyoE3ncADA802dOlRPGk2VQ99CEeGAz7tByr66RRRHw=; b=XyDJhhxEuytENbkBP/sIeVYn5y bcs7kHxhNvtsTf2h/spdaWYwSxuraYXi7k9O3wmtQR4uKWTC6mQcseFJmq/whXftKWqPilqJFh09S q2yiB/i7SPBJT1/++tNn4UJZhdd6IR8W/MOi258XGvVHhO8956K+dJDeiQhOvVhJA7pQ=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1tPTlk-0007V7-SA for openvpn-devel@lists.sourceforge.net; Sun, 22 Dec 2024 21:45:50 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 4BMLjgQh011124 for ; Sun, 22 Dec 2024 22:45:42 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 4BMLjfJN011122 for openvpn-devel@lists.sourceforge.net; Sun, 22 Dec 2024 22:45:41 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sun, 22 Dec 2024 22:45:41 +0100 Message-ID: <20241222214541.11021-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe This is really more a function of initialising the data cipher and key context and putting it into the init_key_ctx_bi makes more sense. It will allow calling init_key_ctx_bi to fully initialise a data channel key without calling some extra functions after that which will make the (upcoming) epoch key implementation cleaner. Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in sa-trusted.bondedsender.org] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in bl.score.senderscore.com] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record X-Headers-End: 1tPTlk-0007V7-SA Subject: [Openvpn-devel] [PATCH v8] Move initialisation of implicit IVs to init_key_ctx_bi methods X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1819178672079225123?= X-GMAIL-MSGID: =?utf-8?q?1819178672079225123?= From: Arne Schwabe This is really more a function of initialising the data cipher and key context and putting it into the init_key_ctx_bi makes more sense. It will allow calling init_key_ctx_bi to fully initialise a data channel key without calling some extra functions after that which will make the (upcoming) epoch key implementation cleaner. Also ensure that free_ctx_bi actually also sets initialized to false. Change-Id: Id223612c7bcab91d49c013fb775024bd64ab0836 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/800 This mail reflects revision 8 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 53f50de..67c4d3b 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -900,6 +900,33 @@ } } +/** + * Update the implicit IV for a key_ctx_bi based on TLS session ids and cipher + * used. + * + * Note that the implicit IV is based on the HMAC key, but only in AEAD modes + * where the HMAC key is not used for an actual HMAC. + * + * @param ctx Encrypt/decrypt key context + * @param key key, hmac part used to calculate implicit IV + */ +static void +key_ctx_update_implicit_iv(struct key_ctx *ctx, const struct key *key) +{ + /* Only use implicit IV in AEAD cipher mode, where HMAC key is not used */ + if (cipher_ctx_mode_aead(ctx->cipher)) + { + size_t impl_iv_len = 0; + ASSERT(cipher_ctx_iv_length(ctx->cipher) >= OPENVPN_AEAD_MIN_IV_LEN); + impl_iv_len = cipher_ctx_iv_length(ctx->cipher) - sizeof(packet_id_type); + ASSERT(impl_iv_len + sizeof(packet_id_type) <= OPENVPN_MAX_IV_LENGTH); + ASSERT(impl_iv_len <= MAX_HMAC_KEY_LENGTH); + CLEAR(ctx->implicit_iv); + /* The first bytes of the IV are filled with the packet id */ + memcpy(ctx->implicit_iv + sizeof(packet_id_type), key->hmac, impl_iv_len); + } +} + /* given a key and key_type, build a key_ctx */ void init_key_ctx(struct key_ctx *ctx, const struct key *key, @@ -958,7 +985,7 @@ snprintf(log_prefix, sizeof(log_prefix), "Outgoing %s", name); init_key_ctx(ctx, &key2->keys[kds.out_key], kt, OPENVPN_OP_ENCRYPT, log_prefix); - + key_ctx_update_implicit_iv(ctx, &key2->keys[kds.out_key]); } void @@ -973,7 +1000,7 @@ snprintf(log_prefix, sizeof(log_prefix), "Incoming %s", name); init_key_ctx(ctx, &key2->keys[kds.in_key], kt, OPENVPN_OP_DECRYPT, log_prefix); - + key_ctx_update_implicit_iv(ctx, &key2->keys[kds.in_key]); } void @@ -1008,6 +1035,7 @@ { free_key_ctx(&ctx->encrypt); free_key_ctx(&ctx->decrypt); + ctx->initialized = false; } static bool diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 73201ef..5adc6b1 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -96,21 +96,6 @@ #endif /* ifdef MEASURE_TLS_HANDSHAKE_STATS */ /** - * Update the implicit IV for a key_ctx_bi based on TLS session ids and cipher - * used. - * - * Note that the implicit IV is based on the HMAC key, but only in AEAD modes - * where the HMAC key is not used for an actual HMAC. - * - * @param ctx Encrypt/decrypt key context - * @param key HMAC key, used to calculate implicit IV - * @param key_len HMAC key length - */ -static void -key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, size_t key_len); - - -/** * Limit the reneg_bytes value when using a small-block (<128 bytes) cipher. * * @param cipher The current cipher (may be NULL). @@ -1411,12 +1396,6 @@ else { init_key_ctx_bi(key, key2, key_direction, key_type, "Data Channel"); - /* Initialize implicit IVs */ - key_ctx_update_implicit_iv(&key->encrypt, key2->keys[(int)server].hmac, - MAX_HMAC_KEY_LENGTH); - key_ctx_update_implicit_iv(&key->decrypt, - key2->keys[1 - (int)server].hmac, - MAX_HMAC_KEY_LENGTH); } } @@ -1553,23 +1532,6 @@ return ret; } -static void -key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, size_t key_len) -{ - /* Only use implicit IV in AEAD cipher mode, where HMAC key is not used */ - if (cipher_ctx_mode_aead(ctx->cipher)) - { - size_t impl_iv_len = 0; - ASSERT(cipher_ctx_iv_length(ctx->cipher) >= OPENVPN_AEAD_MIN_IV_LEN); - impl_iv_len = cipher_ctx_iv_length(ctx->cipher) - sizeof(packet_id_type); - ASSERT(impl_iv_len + sizeof(packet_id_type) <= OPENVPN_MAX_IV_LENGTH); - ASSERT(impl_iv_len <= key_len); - CLEAR(ctx->implicit_iv); - /* The first bytes of the IV are filled with the packet id */ - memcpy(ctx->implicit_iv + sizeof(packet_id_type), key, impl_iv_len); - } -} - /** * Generate data channel keys for the supplied TLS session. * diff --git a/tests/unit_tests/openvpn/test_ssl.c b/tests/unit_tests/openvpn/test_ssl.c index ae33cc6..caacd9e 100644 --- a/tests/unit_tests/openvpn/test_ssl.c +++ b/tests/unit_tests/openvpn/test_ssl.c @@ -277,24 +277,6 @@ #endif /* HAVE_OPENSSL_STORE */ } -static void -init_implicit_iv(struct crypto_options *co) -{ - cipher_ctx_t *cipher = co->key_ctx_bi.encrypt.cipher; - - if (cipher_ctx_mode_aead(cipher)) - { - ASSERT(cipher_ctx_iv_length(cipher) <= OPENVPN_MAX_IV_LENGTH); - ASSERT(cipher_ctx_iv_length(cipher) >= OPENVPN_AEAD_MIN_IV_LEN); - - /* Generate dummy implicit IV */ - ASSERT(rand_bytes(co->key_ctx_bi.encrypt.implicit_iv, - OPENVPN_MAX_IV_LENGTH)); - - memcpy(co->key_ctx_bi.decrypt.implicit_iv, - co->key_ctx_bi.encrypt.implicit_iv, OPENVPN_MAX_IV_LENGTH); - } -} static void init_frame_parameters(struct frame *frame) @@ -346,7 +328,6 @@ /* init work */ ASSERT(buf_init(&work, frame.buf.headroom)); - init_implicit_iv(co); update_time(); /* Test encryption, decryption for all packet sizes */