From patchwork Wed Oct 10 04:29:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 539 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.27.255.50]) by backend30.mail.ord1d.rsapps.net with LMTP id 0FLGEQwbvls1ZwAAIUCqbw for ; Wed, 10 Oct 2018 11:30:20 -0400 Received: from proxy15.mail.iad3a.rsapps.net ([172.27.255.50]) by director10.mail.ord1d.rsapps.net with LMTP id OLASDwwbvltRcgAApN4f7A ; Wed, 10 Oct 2018 11:30:20 -0400 Received: from smtp13.gate.iad3a ([172.27.255.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy15.mail.iad3a.rsapps.net with LMTP id 0PkBBwwbvlvmMgAAHi9b9g ; Wed, 10 Oct 2018 11:30:20 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp13.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 64afd20c-cca1-11e8-8fb9-5254004b83b1-1-1 Received: from [216.105.38.7] ([216.105.38.7:44952] helo=lists.sourceforge.net) by smtp13.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 80/8F-00666-B0B1EBB5; Wed, 10 Oct 2018 11:30:19 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1gAGQU-000767-1Q; Wed, 10 Oct 2018 15:29:30 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1gAGQS-000761-RO for openvpn-devel@lists.sourceforge.NET; Wed, 10 Oct 2018 15:29:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ak4jkZjxJjteINCcd3W7Xg4MPW0s8lb8FKayr3ULprI=; b=hHsT4WsuiPb5Kvf5Cqc8kKkW+T Qn1gRGoEzt1QmeoSyeIEeFaOI3fjVKHg4zM+9Xnxo8nxRiqclHnrFJQTcMILEwd+SG/xOsLW/1o5A PtEdm8C3kbTHwakfkvKfFKZI5mcWRGO2RmJ1b/OfQO3z83LGG55a+AdE2aExYt4Vif8Q=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ak4jkZjxJjteINCcd3W7Xg4MPW0s8lb8FKayr3ULprI=; b=Ybqqsek8lzTagh93Ofu9NC6qI7 V5qvK671a40E6X0/9j1KzejQbbA9XhLqgyyEiQtZ8Zv3I257Wk00iW6v6SPxEndj5IPkmDKw3gVCF fGHvVfQ94wgEIyCXHdmtYXEGuYKdWu4ICSwvosh54Pwtx2XRDgD604ZuVv2QeTjQvSv4=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) id 1gAGQP-00GquC-3A for openvpn-devel@lists.sourceforge.NET; Wed, 10 Oct 2018 15:29:28 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.91 (FreeBSD)) (envelope-from ) id 1gAGQI-000G0f-B1 for openvpn-devel@lists.sourceforge.net; Wed, 10 Oct 2018 17:29:18 +0200 Received: (nullmailer pid 27807 invoked by uid 10006); Wed, 10 Oct 2018 15:29:18 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 10 Oct 2018 17:29:18 +0200 Message-Id: <20181010152918.27762-1-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181008214923.11058-3-arne@rfc2549.org> References: <20181008214923.11058-3-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.1 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1gAGQP-00GquC-3A Subject: [Openvpn-devel] [PATCH v3 3/3] Implement the nopadding option to management-external-key for mbed TLS X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Although mbed TLS does not have a TLS 1.3 API yet and we do not really know how mbed TLS will handle querying for TLS 1.3 signatures, being able to use the same API with OpenSSL and mbed TLS is a nice feature. Since mbed TLS does not expose a way to do pkcs1 padding, copy the trimmed down version of the pkcs1 copy to the OpenVPN source code. --- Patch V2: Fix a minor style violation Signed-off-by: Arne Schwabe --- src/openvpn/options.c | 11 ++---- src/openvpn/ssl_mbedtls.c | 71 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 72 insertions(+), 10 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index a3e0e90c..f98fa935 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3025,11 +3025,11 @@ options_postprocess_verify(const struct options *o) } } -#if defined(ENABLE_CRYPTOAPI) || (defined(ENABLE_CRYPTO_OPENSSL) && defined(ENABLE_MANAGEMENT)) +#if defined(ENABLE_CRYPTOAPI) || defined(ENABLE_MANAGEMENT) static void disable_tls13_if_avilable(struct options *o, const char *msg) { -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(ENABLE_CRYPTO_MBEDTLS) const int tls_version_max = (o->ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT) & SSLF_TLS_VERSION_MAX_MASK; @@ -3134,13 +3134,6 @@ options_postprocess_mutate(struct options *o) } #endif -#if defined(ENABLE_CRYPTO_MBEDTLS) && defined(MANAGMENT_EXTERNAL_KEY) - if (o->management_flags & MF_EXTERNAL_KEY_NOPADDING) - { - msg(M_FATAL, "mbed TLS does not support the 'nopadding' argument for the --management-external-key option"); - } -#endif - #if defined(ENABLE_CRYPTOAPI) if (o->cryptoapi_cert) { diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 3a0b5641..862a2a48 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -619,6 +619,59 @@ tls_ctx_use_external_signing_func(struct tls_root_ctx *ctx, } #ifdef ENABLE_MANAGEMENT +/* + * Construct a PKCS v1.5 encoding of a hashed message. + * + * Taken and trimmed down version (only MBEDTLS_MD_NONE) of + * rsa_rsassa_pkcs1_v15_encode from mbedTLS 2.13.1 (53546ea0) + * + * This is used both for signature generation and verification. + * + * Parameters: + * - hashlen: Length of hash in case hashlen is MBEDTLS_MD_NONE. + * - hash: Buffer containing the hashed message or the raw data. + * - dst_len: Length of the encoded message. + * - dst: Buffer to hold the encoded message. + * + * Assumptions: + * - hash has size hashlen + * - dst points to a buffer of size at least dst_len. + * + */ +static int rsa_pkcs1_v15_pad(size_t hashlen, const unsigned char *hash, + size_t dst_len, unsigned char *dst) +{ + size_t nb_pad = dst_len; + unsigned char *p = dst; + + if (nb_pad < hashlen) + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + + nb_pad -= hashlen; + + + /* Need space for signature header and padding delimiter (3 bytes), + * and 8 bytes for the minimal padding */ + if (nb_pad < 3 + 8) + { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); + } + nb_pad -= 3; + + /* Now nb_pad is the amount of memory to be filled + * with padding, and at least 8 bytes long. */ + + /* Write signature header and padding */ + *p++ = 0; + *p++ = MBEDTLS_RSA_SIGN; + memset(p, 0xFF, nb_pad); + p += nb_pad; + *p++ = 0; + + /* we are signing raw data */ + memcpy(p, hash, hashlen); + return 0; +} /** Query the management interface for a signature, see external_sign_func. */ static bool @@ -629,7 +682,23 @@ management_sign_func(void *sign_ctx, const void *src, size_t src_len, char *src_b64 = NULL; char *dst_b64 = NULL; - if (!management || (openvpn_base64_encode(src, src_len, &src_b64) <= 0)) + if (!management) + { + goto cleanup; + } + if (management->settings.flags & MF_EXTERNAL_KEY_NOPADDING) + { + /* + * Add PKCS1 signature and replace input with it + * Use our output buffer also als temporary buffer + */ + if ((!mbed_ok(rsa_pkcs1_v15_pad(src_len, src, dst_len, dst))) + || (openvpn_base64_encode(dst, dst_len, &src_b64) <= 0 )) + { + goto cleanup; + } + } + else if (openvpn_base64_encode(src, src_len, &src_b64) <= 0) { goto cleanup; }