OpenVPN/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2025-05-11 22:41:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

Enable key export with mbed TLS 3.x.y

Browse Source 
Change-Id: I8e90530726b7f7ba3cee0438f2d81a1ac42e821b
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20231117091401.25793-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27458.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit b5faf1b2e90fd44c5137a2b8f3da98c7ae482fc1)
This commit is contained in:
Max Fillinger 2023-11-17 10:14:01 +01:00 committed by Gert Doering
parent 7fa534dbb8
commit 001950d14e
6 changed files with 107 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
config.h.cmake.in
View File

@ -384,7 +384,10 @@ don't. */
#undef HAVE_VSNPRINTF #undef HAVE_VSNPRINTF
/* we always assume a recent mbed TLS version */ /* we always assume a recent mbed TLS version */
#define HAVE_CTR_DRBG_UPDATE_RET 1 #define HAVE_MBEDTLS_PSA_CRYPTO_H 1
#define HAVE_MBEDTLS_SSL_TLS_PRF 1
#define HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB 1
#define HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET 1
/* Path to ifconfig tool */ /* Path to ifconfig tool */
#define IFCONFIG_PATH "@IFCONFIG_PATH@" #define IFCONFIG_PATH "@IFCONFIG_PATH@"

26
configure.ac
View File

@ -1040,8 +1040,8 @@ elif test "${with_crypto_library}" = "mbedtls"; then
AC_CHECK_HEADER( AC_CHECK_HEADER(
psa/crypto.h, psa/crypto.h,
[AC_DEFINE([MBEDTLS_HAVE_PSA_CRYPTO_H], [1], [yes])], [AC_DEFINE([HAVE_MBEDTLS_PSA_CRYPTO_H], [1], [yes])],
[AC_DEFINE([MBEDTLS_HAVE_PSA_CRYPTO_H], [0], [no])] [AC_DEFINE([HAVE_MBEDTLS_PSA_CRYPTO_H], [0], [no])]
) )
AC_CHECK_FUNCS( AC_CHECK_FUNCS(
@ -1053,16 +1053,32 @@ elif test "${with_crypto_library}" = "mbedtls"; then
[AC_MSG_ERROR([mbed TLS check for AEAD support failed])] [AC_MSG_ERROR([mbed TLS check for AEAD support failed])]
) )
AC_CHECK_FUNC(
[mbedtls_ssl_tls_prf],
[AC_DEFINE([HAVE_MBEDTLS_SSL_TLS_PRF], [1], [yes])],
[AC_DEFINE([HAVE_MBEDTLS_SSL_TLS_PRF], [0], [no])]
)
have_export_keying_material="yes" have_export_keying_material="yes"
AC_CHECK_FUNC( AC_CHECK_FUNC(
[mbedtls_ssl_conf_export_keys_ext_cb], [mbedtls_ssl_conf_export_keys_ext_cb],
, [AC_DEFINE([HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB], [1], [yes])],
[have_export_keying_material="no"] [AC_DEFINE([HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB], [0], [no])]
) )
if test "x$ac_cv_func_mbedtls_ssl_conf_export_keys_ext_cb" != xyes; then
AC_CHECK_FUNC(
[mbedtls_ssl_set_export_keys_cb],
[AC_DEFINE([HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB], [1], [yes])],
[AC_DEFINE([HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB], [0], [no])]
)
if test "x$ac_cv_func_mbedtls_ssl_set_export_keys_cb" != xyes; then
have_export_keying_material="no"
fi
fi
AC_CHECK_FUNC( AC_CHECK_FUNC(
[mbedtls_ctr_drbg_update_ret], [mbedtls_ctr_drbg_update_ret],
AC_DEFINE([HAVE_CTR_DRBG_UPDATE_RET], [1], AC_DEFINE([HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET], [1],
[Use mbedtls_ctr_drbg_update_ret from mbed TLS]), [Use mbedtls_ctr_drbg_update_ret from mbed TLS]),
) )

1
src/openvpn/Makefile.am
View File

@ -82,6 +82,7 @@ openvpn_SOURCES = \
ovpn_dco_win.h \ ovpn_dco_win.h \
platform.c platform.h \ platform.c platform.h \
console.c console.h console_builtin.c console_systemd.c \ console.c console.h console_builtin.c console_systemd.c \
mbedtls_compat.h \
mroute.c mroute.h \ mroute.c mroute.h \
mss.c mss.h \ mss.c mss.h \
mstats.c mstats.h \ mstats.c mstats.h \

9
src/openvpn/crypto_mbedtls.c
View File

@ -989,8 +989,9 @@ memcmp_constant_time(const void *a, const void *b, size_t size)
return diff; return diff;
} }
/* mbedtls-2.18.0 or newer */ /* mbedtls-2.18.0 or newer implements tls_prf, but prf_tls1 is removed
#ifdef HAVE_MBEDTLS_SSL_TLS_PRF * from recent versions, so we use our own implementation if necessary. */
#if HAVE_MBEDTLS_SSL_TLS_PRF && defined(MBEDTLS_SSL_TLS_PRF_TLS1)
bool bool
ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret, ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret,
int secret_len, uint8_t *output, int output_len) int secret_len, uint8_t *output, int output_len)
@ -999,7 +1000,7 @@ ssl_tls1_PRF(const uint8_t *seed, int seed_len, const uint8_t *secret,
secret_len, "", seed, seed_len, output, secret_len, "", seed, seed_len, output,
output_len)); output_len));
} }
#else /* ifdef HAVE_MBEDTLS_SSL_TLS_PRF */ #else /* HAVE_MBEDTLS_SSL_TLS_PRF && defined(MBEDTLS_SSL_TLS_PRF_TLS1) */
/* /*
* Generate the hash required by for the \c tls1_PRF function. * Generate the hash required by for the \c tls1_PRF function.
* *
@ -1128,5 +1129,5 @@ ssl_tls1_PRF(const uint8_t *label, int label_len, const uint8_t *sec,
gc_free(&gc); gc_free(&gc);
return true; return true;
} }
#endif /* ifdef HAVE_MBEDTLS_SSL_TLS_PRF */ #endif /* HAVE_MBEDTLS_SSL_TLS_PRF && defined(MBEDTLS_SSL_TLS_PRF_TLS1) */
#endif /* ENABLE_CRYPTO_MBEDTLS */ #endif /* ENABLE_CRYPTO_MBEDTLS */

13
src/openvpn/mbedtls_compat.h
View File

@ -33,6 +33,8 @@
#ifndef MBEDTLS_COMPAT_H_ #ifndef MBEDTLS_COMPAT_H_
#define MBEDTLS_COMPAT_H_ #define MBEDTLS_COMPAT_H_
#include "syshead.h"
#include "errlevel.h" #include "errlevel.h"
#include <mbedtls/cipher.h> #include <mbedtls/cipher.h>
@ -41,24 +43,25 @@
#include <mbedtls/md.h> #include <mbedtls/md.h>
#include <mbedtls/pem.h> #include <mbedtls/pem.h>
#include <mbedtls/pk.h> #include <mbedtls/pk.h>
#include <mbedtls/ssl.h>
#include <mbedtls/version.h> #include <mbedtls/version.h>
#include <mbedtls/x509_crt.h> #include <mbedtls/x509_crt.h>
#if MBEDTLS_HAVE_PSA_CRYPTO_H #if HAVE_MBEDTLS_PSA_CRYPTO_H
#include <psa/crypto.h> #include <psa/crypto.h>
#endif #endif
static inline void static inline void
mbedtls_compat_psa_crypto_init(void) mbedtls_compat_psa_crypto_init(void)
{ {
#if MBEDTLS_HAVE_PSA_CRYPTO_H && defined(MBEDTLS_PSA_CRYPTO_C) #if HAVE_MBEDTLS_PSA_CRYPTO_H && defined(MBEDTLS_PSA_CRYPTO_C)
if (psa_crypto_init() != PSA_SUCCESS) if (psa_crypto_init() != PSA_SUCCESS)
{ {
msg(M_FATAL, "mbedtls: psa_crypto_init() failed"); msg(M_FATAL, "mbedtls: psa_crypto_init() failed");
} }
#else #else
return; return;
#endif /* MBEDTLS_HAVE_PSA_CRYPTO_H && defined(MBEDTLS_PSA_CRYPTO_C) */ #endif /* HAVE_MBEDTLS_PSA_CRYPTO_H && defined(MBEDTLS_PSA_CRYPTO_C) */
} }
/* /*
@ -74,14 +77,14 @@ mbedtls_compat_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx,
const unsigned char *additional, const unsigned char *additional,
size_t add_len) size_t add_len)
{ {
#if HAVE_CTR_DRBG_UPDATE_RET #if HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET
return mbedtls_ctr_drbg_update_ret(ctx, additional, add_len); return mbedtls_ctr_drbg_update_ret(ctx, additional, add_len);
#elif MBEDTLS_VERSION_NUMBER < 0x03020100 #elif MBEDTLS_VERSION_NUMBER < 0x03020100
mbedtls_ctr_drbg_update(ctx, additional, add_len); mbedtls_ctr_drbg_update(ctx, additional, add_len);
return 0; return 0;
#else #else
return mbedtls_ctr_drbg_update(ctx, additional, add_len); return mbedtls_ctr_drbg_update(ctx, additional, add_len);
#endif /* HAVE_CTR_DRBG_UPDATE_RET */ #endif /* HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET */
} }
static inline int static inline int

68
src/openvpn/ssl_mbedtls.c
View File

@ -173,6 +173,16 @@ tls_ctx_initialised(struct tls_root_ctx *ctx)
} }
#ifdef HAVE_EXPORT_KEYING_MATERIAL #ifdef HAVE_EXPORT_KEYING_MATERIAL
#if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB
/*
* Key export callback for older versions of mbed TLS, to be used with
* mbedtls_ssl_conf_export_keys_ext_cb(). It is called with the master
* secret, client random and server random, and the type of PRF function
* to use.
*
* Mbed TLS stores this callback in the mbedtls_ssl_config struct and it
* is used in the mbedtls_ssl_contexts set up from that config. */
int int
mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms, mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms,
const unsigned char *kb, size_t maclen, const unsigned char *kb, size_t maclen,
@ -193,8 +203,55 @@ mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms,
memcpy(cache->master_secret, ms, sizeof(cache->master_secret)); memcpy(cache->master_secret, ms, sizeof(cache->master_secret));
cache->tls_prf_type = tls_prf_type; cache->tls_prf_type = tls_prf_type;
return true; return 0;
} }
#elif HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB
/*
* Key export callback for newer versions of mbed TLS, to be used with
* mbedtls_ssl_set_export_keys_cb(). When used with TLS 1.2, the callback
* is called with the TLS 1.2 master secret, client random, server random
* and the type of PRF to use. With TLS 1.3, it is called with several
* different keys (indicated by type), but unfortunately not the exporter
* master secret.
*
* Unlike in older versions, the callback is not stored in the
* mbedtls_ssl_config. It is placed in the mbedtls_ssl_context after it
* has been set up. */
void
mbedtls_ssl_export_keys_cb(void *p_expkey,
mbedtls_ssl_key_export_type type,
const unsigned char *secret,
size_t secret_len,
const unsigned char client_random[32],
const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type)
{
/* Since we can't get the TLS 1.3 exporter master secret, we ignore all key
* types except MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET. */
if (type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET)
{
return;
}
struct tls_session *session = p_expkey;
struct key_state_ssl *ks_ssl = &session->key[KS_PRIMARY].ks_ssl;
struct tls_key_cache *cache = &ks_ssl->tls_key_cache;
/* The TLS 1.2 master secret has a fixed size, so if secret_len has
* a different value, something is wrong with mbed TLS. */
if (secret_len != sizeof(cache->master_secret))
{
msg(M_FATAL,
"ERROR: Incorrect TLS 1.2 master secret length: Got %zu, expected %zu",
secret_len, sizeof(cache->master_secret));
}
memcpy(cache->client_server_random, client_random, 32);
memcpy(cache->client_server_random + 32, server_random, 32);
memcpy(cache->master_secret, secret, sizeof(cache->master_secret));
cache->tls_prf_type = tls_prf_type;
}
#endif /* HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB */
bool bool
key_state_export_keying_material(struct tls_session *session, key_state_export_keying_material(struct tls_session *session,
@ -1196,8 +1253,8 @@ key_state_ssl_init(struct key_state_ssl *ks_ssl,
mbedtls_ssl_conf_max_version(ks_ssl->ssl_config, major, minor); mbedtls_ssl_conf_max_version(ks_ssl->ssl_config, major, minor);
} }
#ifdef HAVE_EXPORT_KEYING_MATERIAL #if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB
/* Initialize keying material exporter */ /* Initialize keying material exporter, old style. */
mbedtls_ssl_conf_export_keys_ext_cb(ks_ssl->ssl_config, mbedtls_ssl_conf_export_keys_ext_cb(ks_ssl->ssl_config,
mbedtls_ssl_export_keys_cb, session); mbedtls_ssl_export_keys_cb, session);
#endif #endif
@ -1207,6 +1264,11 @@ key_state_ssl_init(struct key_state_ssl *ks_ssl,
mbedtls_ssl_init(ks_ssl->ctx); mbedtls_ssl_init(ks_ssl->ctx);
mbed_ok(mbedtls_ssl_setup(ks_ssl->ctx, ks_ssl->ssl_config)); mbed_ok(mbedtls_ssl_setup(ks_ssl->ctx, ks_ssl->ssl_config));
#if HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB
/* Initialize keying material exporter, new style. */
mbedtls_ssl_set_export_keys_cb(ks_ssl->ctx, mbedtls_ssl_export_keys_cb, session);
#endif
/* Initialise BIOs */ /* Initialise BIOs */
ALLOC_OBJ_CLEAR(ks_ssl->bio_ctx, bio_ctx); ALLOC_OBJ_CLEAR(ks_ssl->bio_ctx, bio_ctx);
mbedtls_ssl_set_bio(ks_ssl->ctx, ks_ssl->bio_ctx, ssl_bio_write, mbedtls_ssl_set_bio(ks_ssl->ctx, ks_ssl->bio_ctx, ssl_bio_write,