From patchwork Wed Aug 12 04:01:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1381 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.27.255.7]) by backend30.mail.ord1d.rsapps.net with LMTP id EGS2G2f2M19+OwAAIUCqbw for ; Wed, 12 Aug 2020 10:02:15 -0400 Received: from proxy20.mail.iad3a.rsapps.net ([172.27.255.7]) by director11.mail.ord1d.rsapps.net with LMTP id oFv+GWf2M19JdwAAvGGmqA (envelope-from ) for ; Wed, 12 Aug 2020 10:02:15 -0400 Received: from smtp17.gate.iad3a ([172.27.255.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy20.mail.iad3a.rsapps.net with LMTP id 2P+WE2f2M18EWwAAtfLT2w ; Wed, 12 Aug 2020 10:02:15 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp17.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 6c4c9ba2-dca4-11ea-9f59-525400723ca9-1-1 Received: from [216.105.38.7] ([216.105.38.7:49484] helo=lists.sourceforge.net) by smtp17.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 6F/5A-22810-666F33F5; Wed, 12 Aug 2020 10:02:14 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1k5rJx-0005Om-QO; Wed, 12 Aug 2020 14:01:37 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5rJw-0005Of-3f for openvpn-devel@lists.sourceforge.net; Wed, 12 Aug 2020 14:01:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=piiqijoZJ7A4nLC+llpddWsUfy/p5Gtlt9V98mFtQJc=; b=ZEW5tT3l1NrpdCt2Jv83BWB88I 5fHzdaRGY+LB2l/7OvfL5ihxawYF9WHWIqd/BwGiU7BJmWCqHEHEUgf1k35JVpyhB0QNdCZtQwbpg w7xrBEd92Z1HY5bb72jMMRwVXiYqF4O79gTMgDs1oAk5c9s/VLpxIqV2LhPbby2IMJGs=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=piiqijoZJ7A4nLC+llpddWsUfy/p5Gtlt9V98mFtQJc=; b=IeYcd1jDostQDCLj/JQQmvk9i/ aIF3Li+bwHzGl4hGOvmo9ghoNWFqanSQ05q+rRxA6fEFgIHFdzY5cEC6nmqQ/3eWIs7s0E/gCo8ym KGHnA84mvccYGb/fOwD+4WHXkFHibcVrm4YEvBFQH3tDwFByVP8CaVG/c2Mo/Azjlpes=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1k5rJu-003Gs5-4h for openvpn-devel@lists.sourceforge.net; Wed, 12 Aug 2020 14:01:36 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1k5rJg-000Bwj-Jv for openvpn-devel@lists.sourceforge.net; Wed, 12 Aug 2020 16:01:20 +0200 Received: (nullmailer pid 21332 invoked by uid 10006); Wed, 12 Aug 2020 14:01:20 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 12 Aug 2020 16:01:18 +0200 Message-Id: <20200812140120.21287-1-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1k5rJu-003Gs5-4h Subject: [Openvpn-devel] [PATCH v2 1/3] Refactor key_state_export_keying_material functions X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This refactors the common code between mbed SSL and OpenSSL into export_user_keying_material and also prepares the backend functions to export more than one key. Also fix checking the return value of SSL_export_keying_material only 1 is a sucess, -1 is also an error. Signed-off-by: Arne Schwabe Patch V2: Cache secrets for mbed TLS instead generating all ekms in the call back function Signed-off-by: Arne Schwabe --- src/openvpn/ssl.c | 36 ++++++++++++++++++- src/openvpn/ssl_backend.h | 16 +++++++-- src/openvpn/ssl_mbedtls.c | 73 ++++++++++++++++++++------------------- src/openvpn/ssl_mbedtls.h | 12 +++++-- src/openvpn/ssl_openssl.c | 43 +++++++++-------------- 5 files changed, 113 insertions(+), 67 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index f16114c2..3fcaa25f 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -2412,6 +2412,40 @@ error: return false; } +static void +export_user_keying_material(struct key_state_ssl *ssl, + struct tls_session *session) +{ + if (session->opt->ekm_size > 0) + { + unsigned int size = session->opt->ekm_size; + struct gc_arena gc = gc_new(); + + unsigned char *ekm; + if ((ekm = key_state_export_keying_material(session, + session->opt->ekm_label, + session->opt->ekm_label_size, + session->opt->ekm_size, + &gc))) + { + unsigned int len = (size * 2) + 2; + + const char *key = format_hex_ex(ekm, size, len, 0, NULL, &gc); + setenv_str(session->opt->es, "exported_keying_material", key); + + dmsg(D_TLS_DEBUG_MED, "%s: exported keying material: %s", + __func__, key); + secure_memzero(ekm, size); + } + else + { + msg(M_WARN, "WARNING: Export keying material failed!"); + setenv_del(session->opt->es, "exported_keying_material"); + } + gc_free(&gc); + } +} + /** * Handle reading key data, peer-info, username/password, OCC * from the TLS control channel (cleartext). @@ -2541,7 +2575,7 @@ key_method_2_read(struct buffer *buf, struct tls_multi *multi, struct tls_sessio if ((ks->authenticated > KS_AUTH_FALSE) && plugin_defined(session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL)) { - key_state_export_keying_material(&ks->ks_ssl, session); + export_user_keying_material(&ks->ks_ssl, session); if (plugin_call(session->opt->plugins, OPENVPN_PLUGIN_TLS_FINAL, NULL, NULL, session->opt->es) != OPENVPN_PLUGIN_FUNC_SUCCESS) { diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index 7f52ab1e..eb7d541d 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -394,13 +394,23 @@ void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, * derived from existing TLS channel. This exported keying material can then be * used for a variety of purposes. * + * * @param ks_ssl The SSL channel's state info * @param session The session associated with the given key_state + * @param label The label to use when exporting the key + * @param label_size The size of the label to use when exporting the key + * + * @param gc gc_arena that might be used to allocate the string + * returned + * @returns The exported key material, the caller may zero the + * string but should not free it */ -void -key_state_export_keying_material(struct key_state_ssl *ks_ssl, - struct tls_session *session) __attribute__((nonnull)); +unsigned char* +key_state_export_keying_material(struct tls_session *session, + const char* label, size_t label_size, + size_t ekm_size, + struct gc_arena *gc) __attribute__((nonnull)); /**************************************************************************/ /** @addtogroup control_tls diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 9c874788..4287b59e 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -206,51 +206,54 @@ mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms, { struct tls_session *session = p_expkey; struct key_state_ssl *ks_ssl = &session->key[KS_PRIMARY].ks_ssl; - unsigned char client_server_random[64]; + struct tls_key_cache *cache = &ks_ssl->tls_key_cache; - ks_ssl->exported_key_material = gc_malloc(session->opt->ekm_size, - true, NULL); + static_assert(sizeof(ks_ssl->ctx->session->master) + == sizeof(cache->master_secret), "master size mismatch"); - memcpy(client_server_random, client_random, 32); - memcpy(client_server_random + 32, server_random, 32); + memcpy(cache->client_server_random, client_random, 32); + memcpy(cache->client_server_random + 32, server_random, 32); + memcpy(cache->master_secret, ms, sizeof(cache->master_secret)); + cache->tls_prf_type = tls_prf_type; - const size_t ms_len = sizeof(ks_ssl->ctx->session->master); - int ret = mbedtls_ssl_tls_prf(tls_prf_type, ms, ms_len, - session->opt->ekm_label, client_server_random, - sizeof(client_server_random), ks_ssl->exported_key_material, - session->opt->ekm_size); - - if (!mbed_ok(ret)) - { - secure_memzero(ks_ssl->exported_key_material, session->opt->ekm_size); - } - - secure_memzero(client_server_random, sizeof(client_server_random)); - - return ret; + return true; } -#endif /* HAVE_EXPORT_KEYING_MATERIAL */ -void -key_state_export_keying_material(struct key_state_ssl *ssl, - struct tls_session *session) +unsigned char * +key_state_export_keying_material(struct tls_session *session, + const char* label, size_t label_size, + size_t ekm_size, + struct gc_arena *gc) { - if (ssl->exported_key_material) + ASSERT(strlen(label) == label_size); + + struct tls_key_cache *cache = &session->key[KS_PRIMARY].ks_ssl.tls_key_cache; + + /* If the type is NONE, we either have no cached secrets or + * there is no PRF, in both cases we cannot generate key material */ + if (cache->tls_prf_type == MBEDTLS_SSL_TLS_PRF_NONE) { - unsigned int size = session->opt->ekm_size; - struct gc_arena gc = gc_new(); - unsigned int len = (size * 2) + 2; + return NULL; + } - const char *key = format_hex_ex(ssl->exported_key_material, - size, len, 0, NULL, &gc); - setenv_str(session->opt->es, "exported_keying_material", key); + unsigned char *ekm = (unsigned char *) gc_malloc(ekm_size, true, gc); + int ret = mbedtls_ssl_tls_prf(cache->tls_prf_type, cache->master_secret, + sizeof(cache->master_secret), + label, cache->client_server_random, + sizeof(cache->client_server_random), + ekm, ekm_size); - dmsg(D_TLS_DEBUG_MED, "%s: exported keying material: %s", - __func__, key); - gc_free(&gc); + if (mbed_ok(ret)) + { + return ekm; + } + else + { + secure_memzero(ekm, session->opt->ekm_size); + return NULL; } } - +#endif /* HAVE_EXPORT_KEYING_MATERIAL */ bool tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags) @@ -1178,7 +1181,7 @@ key_state_ssl_free(struct key_state_ssl *ks_ssl) { if (ks_ssl) { - free(ks_ssl->exported_key_material); + CLEAR(ks_ssl->tls_key_cache); if (ks_ssl->ctx) { diff --git a/src/openvpn/ssl_mbedtls.h b/src/openvpn/ssl_mbedtls.h index 0525134f..17aae551 100644 --- a/src/openvpn/ssl_mbedtls.h +++ b/src/openvpn/ssl_mbedtls.h @@ -82,6 +82,15 @@ struct external_context { void *sign_ctx; }; +/** struct to cache TLS secrets for keying material exporter (RFC 5705). + * The constants (64 and 48) are inherent to TLS version and + * the whole keying material export will likely change when they change */ +struct tls_key_cache { + unsigned char client_server_random[64]; + mbedtls_tls_prf_types tls_prf_type; + unsigned char master_secret[48]; +}; + /** * Structure that wraps the TLS context. Contents differ depending on the * SSL library used. @@ -114,8 +123,7 @@ struct key_state_ssl { mbedtls_ssl_context *ctx; /**< mbedTLS connection context */ bio_ctx *bio_ctx; - /** Keying material exporter cache (RFC 5705). */ - uint8_t *exported_key_material; + struct tls_key_cache tls_key_cache; }; diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 5ba74402..f52c7c39 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -158,35 +158,26 @@ tls_ctx_initialised(struct tls_root_ctx *ctx) return NULL != ctx->ctx; } -void -key_state_export_keying_material(struct key_state_ssl *ssl, - struct tls_session *session) -{ - if (session->opt->ekm_size > 0) - { - unsigned int size = session->opt->ekm_size; - struct gc_arena gc = gc_new(); - unsigned char *ekm = (unsigned char *) gc_malloc(size, true, &gc); +unsigned char* +key_state_export_keying_material(struct tls_session *session, + const char* label, size_t label_size, + size_t ekm_size, + struct gc_arena *gc) - if (SSL_export_keying_material(ssl->ssl, ekm, size, - session->opt->ekm_label, - session->opt->ekm_label_size, - NULL, 0, 0)) - { - unsigned int len = (size * 2) + 2; +{ + unsigned char *ekm = (unsigned char *) gc_malloc(ekm_size, true, gc); - const char *key = format_hex_ex(ekm, size, len, 0, NULL, &gc); - setenv_str(session->opt->es, "exported_keying_material", key); + SSL* ssl = session->key[KS_PRIMARY].ks_ssl.ssl; - dmsg(D_TLS_DEBUG_MED, "%s: exported keying material: %s", - __func__, key); - } - else - { - msg(M_WARN, "WARNING: Export keying material failed!"); - setenv_del(session->opt->es, "exported_keying_material"); - } - gc_free(&gc); + if (SSL_export_keying_material(ssl, ekm, ekm_size, label, + label_size, NULL, 0, 0) == 1) + { + return ekm; + } + else + { + secure_memzero(ekm, ekm_size); + return NULL; } } From patchwork Wed Aug 12 04:01:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1380 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id eI4qM2b2M18xLwAAIUCqbw for ; Wed, 12 Aug 2020 10:02:14 -0400 Received: from proxy16.mail.iad3b.rsapps.net ([172.31.255.6]) by director7.mail.ord1d.rsapps.net with LMTP id 2EbmMWb2M1/1QQAAovjBpQ (envelope-from ) for ; Wed, 12 Aug 2020 10:02:14 -0400 Received: from smtp32.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy16.mail.iad3b.rsapps.net with LMTP id cHJRK2b2M1/qTAAAPj+4aA ; Wed, 12 Aug 2020 10:02:14 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp32.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 6c08a69a-dca4-11ea-99ff-5254006a2e70-1-1 Received: from [216.105.38.7] ([216.105.38.7:36366] helo=lists.sourceforge.net) by smtp32.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 92/ED-16274-566F33F5; Wed, 12 Aug 2020 10:02:14 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1k5rJr-0000TI-Pc; Wed, 12 Aug 2020 14:01:31 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5rJp-0000T4-SY for openvpn-devel@lists.sourceforge.net; Wed, 12 Aug 2020 14:01:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=PHyLDEbJVaE4FSm7Sp/ur0dpaFt8Duy5osKOIYDEKJw=; b=cwFFXpxIZwtE3NVoxvYJjuD1p1 fdph1fhNJM4rzKP5ti7umUqqCd2j6tuV4GhBA11lFwdFVkO0MDHMaDPzQxO+axpVhqJGOk7i4rjVl 65XljpdozQI8zdBmnBjLmTPUILggEe78t1GG2gDbP146yKhg0bJX0pjUd0HKTo1em9gA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=PHyLDEbJVaE4FSm7Sp/ur0dpaFt8Duy5osKOIYDEKJw=; b=Tzn0LDshxjV83NjCs4AIufqR9k Hplq6WoYfRET00lEuUV56OQjB5I1Joi08kxk8IxCjBin+WZ8WNwcC119p4MiNOZqFf2ElJ3FVVTM8 NGhp6QYfuqcRXCyvGT+MSloqu+UVIVtA+TK0ofCJ9arqK2uiR7q+BZSsRynrIq812vik=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1k5rJn-003Grg-SN for openvpn-devel@lists.sourceforge.net; Wed, 12 Aug 2020 14:01:29 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1k5rJg-000Bwl-MP for openvpn-devel@lists.sourceforge.net; Wed, 12 Aug 2020 16:01:20 +0200 Received: (nullmailer pid 21335 invoked by uid 10006); Wed, 12 Aug 2020 14:01:20 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 12 Aug 2020 16:01:19 +0200 Message-Id: <20200812140120.21287-2-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200812140120.21287-1-arne@rfc2549.org> References: <20200812140120.21287-1-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1k5rJn-003Grg-SN Subject: [Openvpn-devel] [PATCH v2 2/3] Move openvpn specific key expansion into its own function X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This moves the OpenVPN specific PRF into its own function also simplifies the code a bit by passing tls_session directly instead of 5 of its fields. Signed-off-by: Arne Schwabe Patch V2: Rebase --- src/openvpn/ssl.c | 109 +++++++++++++++++++++++++++++----------------- 1 file changed, 69 insertions(+), 40 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 3fcaa25f..06cc4c0b 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1765,27 +1765,38 @@ openvpn_PRF(const uint8_t *secret, VALGRIND_MAKE_READABLE((void *)output, output_len); } -/* - * Using source entropy from local and remote hosts, mix into - * master key. - */ -static bool -generate_key_expansion(struct key_ctx_bi *key, - const struct key_type *key_type, - const struct key_source2 *key_src, - const struct session_id *client_sid, - const struct session_id *server_sid, - bool server) +static void +init_key_contexts(struct key_ctx_bi *key, + const struct key_type *key_type, + bool server, + struct key2 *key2) +{ + /* Initialize OpenSSL key contexts */ + int key_direction = server ? KEY_DIRECTION_INVERSE : KEY_DIRECTION_NORMAL; + init_key_ctx_bi(key, key2, key_direction, key_type, "Data Channel"); + + /* Initialize implicit IVs */ + key_ctx_update_implicit_iv(&key->encrypt, (*key2).keys[(int)server].hmac, + MAX_HMAC_KEY_LENGTH); + key_ctx_update_implicit_iv(&key->decrypt, (*key2).keys[1-(int)server].hmac, + MAX_HMAC_KEY_LENGTH); + +} + + +static struct key2 +generate_key_expansion_oepnvpn_prf(const struct tls_session *session) { + uint8_t master[48] = { 0 }; - struct key2 key2 = { 0 }; - bool ret = false; - if (key->initialized) - { - msg(D_TLS_ERRORS, "TLS Error: key already initialized"); - goto exit; - } + const struct key_state *ks = &session->key[KS_PRIMARY]; + const struct key_source2 *key_src = ks->key_src; + + const struct session_id *client_sid = session->opt->server ? + &ks->session_id_remote : &session->session_id; + const struct session_id *server_sid = !session->opt->server ? + &ks->session_id_remote : &session->session_id; /* debugging print of source key material */ key_source2_print(key_src); @@ -1803,6 +1814,7 @@ generate_key_expansion(struct key_ctx_bi *key, master, sizeof(master)); + struct key2 key2; /* compute key expansion */ openvpn_PRF(master, sizeof(master), @@ -1815,41 +1827,62 @@ generate_key_expansion(struct key_ctx_bi *key, server_sid, (uint8_t *)key2.keys, sizeof(key2.keys)); + secure_memzero(&master, sizeof(master)); + /* We use the DES fixup here so we can drop it once we + * drop DES support and non RFC5705 key derivation */ + for (int i = 0; i < 2; ++i) + { + fixup_key(&key2.keys[i], &session->opt->key_type); + } key2.n = 2; - key2_print(&key2, key_type, "Master Encrypt", "Master Decrypt"); + return key2; +} + +/* + * Using source entropy from local and remote hosts, mix into + * master key. + */ +static bool +generate_key_expansion(struct key_ctx_bi *key, + const struct tls_session *session) +{ + bool ret = false; + + if (key->initialized) + { + msg(D_TLS_ERRORS, "TLS Error: key already initialized"); + goto exit; + } + + + bool server = session->opt->server; + + struct key2 key2 = generate_key_expansion_oepnvpn_prf(session); + + key2_print(&key2, &session->opt->key_type, + "Master Encrypt", "Master Decrypt"); /* check for weak keys */ for (int i = 0; i < 2; ++i) { - fixup_key(&key2.keys[i], key_type); - if (!check_key(&key2.keys[i], key_type)) + if (!check_key(&key2.keys[i], &session->opt->key_type)) { msg(D_TLS_ERRORS, "TLS Error: Bad dynamic key generated"); goto exit; } } - - /* Initialize OpenSSL key contexts */ - int key_direction = server ? KEY_DIRECTION_INVERSE : KEY_DIRECTION_NORMAL; - init_key_ctx_bi(key, &key2, key_direction, key_type, "Data Channel"); - - /* Initialize implicit IVs */ - key_ctx_update_implicit_iv(&key->encrypt, key2.keys[(int)server].hmac, - MAX_HMAC_KEY_LENGTH); - key_ctx_update_implicit_iv(&key->decrypt, key2.keys[1-(int)server].hmac, - MAX_HMAC_KEY_LENGTH); - + init_key_contexts(key, &session->opt->key_type, server, &key2); ret = true; exit: - secure_memzero(&master, sizeof(master)); secure_memzero(&key2, sizeof(key2)); return ret; } + static void key_ctx_update_implicit_iv(struct key_ctx *ctx, uint8_t *key, size_t key_len) { @@ -1879,10 +1912,7 @@ tls_session_generate_data_channel_keys(struct tls_session *session) { bool ret = false; struct key_state *ks = &session->key[KS_PRIMARY]; /* primary key */ - const struct session_id *client_sid = session->opt->server ? - &ks->session_id_remote : &session->session_id; - const struct session_id *server_sid = !session->opt->server ? - &ks->session_id_remote : &session->session_id; + if (ks->authenticated == KS_AUTH_FALSE) { @@ -1891,9 +1921,8 @@ tls_session_generate_data_channel_keys(struct tls_session *session) } ks->crypto_options.flags = session->opt->crypto_flags; - if (!generate_key_expansion(&ks->crypto_options.key_ctx_bi, - &session->opt->key_type, ks->key_src, client_sid, server_sid, - session->opt->server)) + + if (!generate_key_expansion(&ks->crypto_options.key_ctx_bi, session)) { msg(D_TLS_ERRORS, "TLS Error: generate_key_expansion failed"); goto cleanup; From patchwork Wed Aug 12 04:01:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1382 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id WGkuC3D2M1+QCAAAIUCqbw for ; Wed, 12 Aug 2020 10:02:24 -0400 Received: from proxy1.mail.iad3b.rsapps.net ([172.31.255.6]) by director12.mail.ord1d.rsapps.net with LMTP id UB+MCXD2M190TgAAIasKDg (envelope-from ) for ; Wed, 12 Aug 2020 10:02:24 -0400 Received: from smtp7.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy1.mail.iad3b.rsapps.net with LMTP id oE8NA3D2M1+ZaQAALM5PBw ; Wed, 12 Aug 2020 10:02:24 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp7.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 71771134-dca4-11ea-8be8-525400e292e5-1-1 Received: from [216.105.38.7] ([216.105.38.7:36408] helo=lists.sourceforge.net) by smtp7.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id C8/F5-24787-F66F33F5; Wed, 12 Aug 2020 10:02:23 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1k5rJr-0000TQ-Sh; Wed, 12 Aug 2020 14:01:31 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k5rJq-0000TA-1R for openvpn-devel@lists.sourceforge.net; Wed, 12 Aug 2020 14:01:30 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=APrmu3egRSSD8XdFndco1GddOzW6PfivgW/QIXJxWeE=; b=fPDvsjoTDuhSg6HZuHlBJVtWbZ lm5HkAvdY1XbXsPoVqtulJ7T5SxBUxshr/6by7lKbnP6HBpygAD+CaOZW8nqsO4NSd/kyIrwHZ3gB hDNJ3rUD1lUNEWNc57VIvOAPM7pRtYfYdY4yaCYfjdP5LICgrb+15cpGpfIr/vmYML1U=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=APrmu3egRSSD8XdFndco1GddOzW6PfivgW/QIXJxWeE=; b=IgwePMbxcGod2RgBACNIEAXQwW t3BqbpwTW/zCL5jSNVUejsxtCmgFflhm5mi5p6ghzTeMs1int9z3WHit67uhx3hPY4eKPqKLa6NTB Kz4/sG6hBrPfMIgMoPjy7jC1EpW+nsys3gXkdMpC1an7qpC9ug8VCQo7P1w3wFdTYsVE=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1k5rJn-007tYm-Uy for openvpn-devel@lists.sourceforge.net; Wed, 12 Aug 2020 14:01:29 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1k5rJg-000Bwp-PL for openvpn-devel@lists.sourceforge.net; Wed, 12 Aug 2020 16:01:20 +0200 Received: (nullmailer pid 21338 invoked by uid 10006); Wed, 12 Aug 2020 14:01:20 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 12 Aug 2020 16:01:20 +0200 Message-Id: <20200812140120.21287-3-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200812140120.21287-1-arne@rfc2549.org> References: <20200812140120.21287-1-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1k5rJn-007tYm-Uy Subject: [Openvpn-devel] [PATCH v2 3/3] Implement generating data channel keys via EKM/RFC 5705 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox OpenVPN currently uses its own (based on TLS 1.0) key derivation mechansim to generate the 256 bytes key data in key2 struct that are then used used to generate encryption/hmac/iv vectors. While this mechanism is still secure, it is not state of the art. Instead of modernisating our own approach, this commit implements key derivation using the Keying Material Exporters API introduced by RFC 5705. We also use an opportunistic approach of negotiating the use of EKM (exported key material) through an IV_PROTO flag and prefer EKM to our own PRF if both client and server support it. The use of EKM is pushed to the client as part of NCP as key-derivation tls-ekm. We still exchange the random data (112 bytes from client to server and 64 byte from server to client) that for the OpenVPN PRF but do not use it. Removing that exchange would break the handshake and make a key-method 3 or similar necessary. Side note: this commit breaks the (not yet merged) WolfSSL support as it claims to support EKM in the OpenSSL compat API but always returns an error if you try to use it. Signed-off-by: Arne Schwabe Patch V2: rebase/change to V2 of EKM refactoring --- Changes.rst | 11 +++++++ doc/doxygen/doc_key_generation.h | 15 ++++++++-- src/openvpn/crypto.h | 4 +++ src/openvpn/init.c | 1 + src/openvpn/multi.c | 4 +++ src/openvpn/options.c | 14 +++++++++ src/openvpn/options.h | 3 ++ src/openvpn/push.c | 5 +++- src/openvpn/ssl.c | 50 ++++++++++++++++++++++++++++++-- src/openvpn/ssl.h | 2 ++ src/openvpn/ssl_backend.h | 2 ++ src/openvpn/ssl_mbedtls.c | 7 ++--- 12 files changed, 107 insertions(+), 11 deletions(-) diff --git a/Changes.rst b/Changes.rst index bacc98cd..2c28a399 100644 --- a/Changes.rst +++ b/Changes.rst @@ -1,3 +1,14 @@ +Overview of changes in 2.6 +========================== + + +New features +------------ +Keying Material Exporters (RFC 5705) based key generation + As part of the cipher negotiation OpenVPN will automatically prefer + the RFC5705 based key material generation to the current custom + OpenVPN PRF. This feature requires OpenSSL or mbed TLS 2.18+. + Overview of changes in 2.5 ========================== diff --git a/doc/doxygen/doc_key_generation.h b/doc/doxygen/doc_key_generation.h index 4bb9c708..bbd6c0c5 100644 --- a/doc/doxygen/doc_key_generation.h +++ b/doc/doxygen/doc_key_generation.h @@ -58,6 +58,12 @@ * * @subsection key_generation_method_2 Key method 2 * + * There are two methods for generating key data when using key method 2 + * the first is OpenVPN's traditional approach that exchanges random + * data and uses a PRF and the other is using the RFC5705 keying material + * exporter to generate the key material. For both methods the random + * data is exchange but only used in the traditional method. + * * -# The client generates random material in the following amounts: * - Pre-master secret: 48 bytes * - Client's PRF seed for master secret: 32 bytes @@ -73,8 +79,13 @@ * server's random material. * * %Key method 2 %key expansion is performed by the \c - * generate_key_expansion() function. Please refer to its source code for - * details of the %key expansion process. + * generate_key_expansion_oepnvpn_prf() function. Please refer to its source + * code for details of the %key expansion process. + * + * When the client sends the IV_PROTO_TLS_KEY_EXPORT and the server replies + * with `key-derivation tls-ekm` RFC5705 key material exporter with the label + * EXPORTER-OpenVPN-datakeys is used for the key data. + * * * @subsection key_generation_random Source of random material * diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 999f643e..ec935ca5 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -254,6 +254,10 @@ struct crypto_options #define CO_MUTE_REPLAY_WARNINGS (1<<2) /**< Bit-flag indicating not to display * replay warnings. */ +#define CO_USE_TLS_KEY_MATERIAL_EXPORT (1<<3) + /**< Bit-flag indicating that key derivation + * is done using TLS keying material export [RFC5705] + */ unsigned int flags; /**< Bit-flags determining behavior of * security operation functions. */ }; diff --git a/src/openvpn/init.c b/src/openvpn/init.c index dfa045b0..34a7313e 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -676,6 +676,7 @@ restore_ncp_options(struct context *c) c->options.ciphername = c->c1.ciphername; c->options.authname = c->c1.authname; c->options.keysize = c->c1.keysize; + c->options.data_channel_use_ekm = false; } void diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index 13738180..a5862020 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -1817,6 +1817,10 @@ multi_client_set_protocol_options(struct context *c) c->c2.push_request_received = true; } +#ifdef HAVE_EXPORT_KEYING_MATERIAL + o->data_channel_use_ekm = (proto & IV_PROTO_TLS_KEY_EXPORT); +#endif + /* Select cipher if client supports Negotiable Crypto Parameters */ if (!o->ncp_enabled) { diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 8bf82c57..90e78a7b 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -7947,6 +7947,20 @@ add_option(struct options *options, } options->ncp_ciphers = p[1]; } + else if (streq(p[0], "key-derivation") && p[1]) + { + VERIFY_PERMISSION(OPT_P_NCP) +#ifdef HAVE_EXPORT_KEYING_MATERIAL + if (streq(p[1], "tls-ekm")) + { + options->data_channel_use_ekm = true; + } + else +#endif + { + msg(msglevel, "Unknown key-derivation method %s", p[1]); + } + } else if (streq(p[0], "ncp-disable") && !p[1]) { VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_INSTANCE); diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 877e9396..c730c6a7 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -648,6 +648,9 @@ struct options /* Useful when packets sent by openvpn itself are not subject * to the routing tables that would move packets into the tunnel. */ bool allow_recursive_routing; + + /* Use RFC 5705 key export */ + bool data_channel_use_ekm; }; #define streq(x, y) (!strcmp((x), (y))) diff --git a/src/openvpn/push.c b/src/openvpn/push.c index e0d2eeaf..17bba948 100644 --- a/src/openvpn/push.c +++ b/src/openvpn/push.c @@ -479,7 +479,10 @@ prepare_push_reply(struct context *c, struct gc_arena *gc, { push_option_fmt(gc, push_list, M_USAGE, "cipher %s", o->ciphername); } - + if (o->data_channel_use_ekm) + { + push_option_fmt(gc, push_list, M_USAGE, "key-derivation tls-ekm"); + } return true; } diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 06cc4c0b..946d841a 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -1784,6 +1784,29 @@ init_key_contexts(struct key_ctx_bi *key, } +static bool +generate_key_expansion_tls_export(struct tls_session *session, struct key2 *key2) +{ + struct gc_arena gc = gc_new(); + unsigned char *key2data; + + key2data = key_state_export_keying_material(session, + EXPORT_KEY_DATA_LABEL, + strlen(EXPORT_KEY_DATA_LABEL), + EXPORT_KEY_DATA_EKM_SIZE, + &gc); + if (!key2data) + { + return false; + } + memcpy(key2->keys, key2data, sizeof(key2->keys)); + secure_memzero(key2data, sizeof(key2->keys)); + key2->n = 2; + + gc_free(&gc); + return true; +} + static struct key2 generate_key_expansion_oepnvpn_prf(const struct tls_session *session) { @@ -1846,7 +1869,7 @@ generate_key_expansion_oepnvpn_prf(const struct tls_session *session) */ static bool generate_key_expansion(struct key_ctx_bi *key, - const struct tls_session *session) + struct tls_session *session) { bool ret = false; @@ -1859,7 +1882,20 @@ generate_key_expansion(struct key_ctx_bi *key, bool server = session->opt->server; - struct key2 key2 = generate_key_expansion_oepnvpn_prf(session); + struct key2 key2; + + if (session->opt->crypto_flags & CO_USE_TLS_KEY_MATERIAL_EXPORT) + { + if(!generate_key_expansion_tls_export(session, &key2)) + { + msg(D_TLS_ERRORS, "TLS Error: Keying material export failed"); + goto exit; + } + } + else + { + key2 = generate_key_expansion_oepnvpn_prf(session); + } key2_print(&key2, &session->opt->key_type, "Master Encrypt", "Master Decrypt"); @@ -1988,6 +2024,11 @@ tls_session_update_crypto_params(struct tls_session *session, session->opt->crypto_flags |= CO_PACKET_ID_LONG_FORM; } + if (options->data_channel_use_ekm) + { + session->opt->crypto_flags |= CO_USE_TLS_KEY_MATERIAL_EXPORT; + } + /* Update frame parameters: undo worst-case overhead, add actual overhead */ frame_remove_from_extra_frame(frame, crypto_max_overhead()); crypto_adjust_frame_parameters(frame, &session->opt->key_type, @@ -2244,10 +2285,13 @@ push_peer_info(struct buffer *buf, struct tls_session *session) * push request, also signal that the client wants * to get push-reply messages without without requiring a round * trip for a push request message*/ - if(session->opt->pull) + if (session->opt->pull) { iv_proto |= IV_PROTO_REQUEST_PUSH; } +#ifdef HAVE_EXPORT_KEYING_MATERIAL + iv_proto |= IV_PROTO_TLS_KEY_EXPORT; +#endif buf_printf(&out, "IV_PROTO=%d\n", iv_proto); diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h index 005628f6..f00f8abd 100644 --- a/src/openvpn/ssl.h +++ b/src/openvpn/ssl.h @@ -116,6 +116,8 @@ * to wait for a push-request to send a push-reply */ #define IV_PROTO_REQUEST_PUSH (1<<2) +/** Supports key derivation via TLS key material exporter [RFC5705] */ +#define IV_PROTO_TLS_KEY_EXPORT (1<<3) /* Default field in X509 to be username */ #define X509_USERNAME_FIELD_DEFAULT "CN" diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h index eb7d541d..2be32244 100644 --- a/src/openvpn/ssl_backend.h +++ b/src/openvpn/ssl_backend.h @@ -389,6 +389,8 @@ void key_state_ssl_free(struct key_state_ssl *ks_ssl); void backend_tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file, bool crl_inline); +#define EXPORT_KEY_DATA_LABEL "EXPORTER-OpenVPN-datakeys" +#define EXPORT_KEY_DATA_EKM_SIZE (2 * (MAX_CIPHER_KEY_LENGTH + MAX_HMAC_KEY_LENGTH)) /** * Keying Material Exporters [RFC 5705] allows additional keying material to be * derived from existing TLS channel. This exported keying material can then be diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 4287b59e..da19fe38 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -1158,11 +1158,8 @@ key_state_ssl_init(struct key_state_ssl *ks_ssl, #ifdef HAVE_EXPORT_KEYING_MATERIAL /* Initialize keying material exporter */ - if (session->opt->ekm_size) - { - mbedtls_ssl_conf_export_keys_ext_cb(ks_ssl->ssl_config, - mbedtls_ssl_export_keys_cb, session); - } + mbedtls_ssl_conf_export_keys_ext_cb(ks_ssl->ssl_config, + mbedtls_ssl_export_keys_cb, session); #endif /* Initialise SSL context */