Attention is currently required from: plaisthos.

Hello plaisthos,

I'd like you to do a code review.
Please visit

    http://gerrit.openvpn.net/c/openvpn/+/1759?usp=email

to review the following change.


Change subject: oob: Send tls-crypt-v2 SERVER_PROBE from the client
......................................................................

oob: Send tls-crypt-v2 SERVER_PROBE from the client

When tls-crypt-v2 is configured, send the probe as P_CONTROL_OOB_WKC_V1
with the wrapped client key (WKc) appended, so the server can recover the
per-client key and unwrap it. Without tls-crypt-v2 the probe stays a plain
P_CONTROL_OOB_V1, unchanged.

  - drop the "skip probing under tls-crypt-v2" bail-out
  - make the WKc available on the probe's wrap context (mirroring
    init_instance()), so tls_wrap_control() appends it
  - choose the opcode (P_CONTROL_OOB_WKC_V1 vs P_CONTROL_OOB_V1) and report
    "tls-crypt-v2" in the wrapping log line

Change-Id: I5cc100dd7dc810d7d1e6f29bb57584905fbcf4a0
---
M src/openvpn/oob_client.c
1 file changed, 24 insertions(+), 17 deletions(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/59/1759/1

diff --git a/src/openvpn/oob_client.c b/src/openvpn/oob_client.c
index 2b1b732..7e26392 100644
--- a/src/openvpn/oob_client.c
+++ b/src/openvpn/oob_client.c
@@ -84,19 +84,9 @@
      * supported; the first entry's wrapping is used for all.) */
     const struct connection_entry *ce = c->options.connection_list->array[0];

-    /* tls-crypt-v2 wraps with a per-client key the server only learns from the
-     * wrapped client key (WKc) carried in the TLS handshake. An out-of-band
-     * probe carries no WKc, so the server cannot unwrap it; skip probing 
rather
-     * than send something unverifiable. */
-    if (ce->tls_crypt_v2_file)
-    {
-        msg(D_LOW, "server-probe: not supported with tls-crypt-v2; using 
configured order");
-        return NULL;
-    }
-
-    /* Load the tls-auth/tls-crypt key material into c->c1.ks (a no-op if 
neither
-     * is configured). This is run again per-connection later; calling it early
-     * here is harmless. */
+    /* Load the tls-auth/tls-crypt(-v2) key material into c->c1.ks (a no-op if
+     * none is configured). This is run again per-connection later; calling it
+     * early here is harmless. */
     do_init_tls_wrap_key(c, ce);

     struct tls_options to;
@@ -105,6 +95,15 @@
     to.replay_window = c->options.replay_window;
     to.replay_time = c->options.replay_time;

+    /* tls-crypt-v2 wraps with a per-client key the server learns from the
+     * wrapped client key (WKc). init_tls_wrap_ctx() loaded the per-client key
+     * into the wrap context; make the WKc available too so the probe can 
append
+     * it (as a P_CONTROL_OOB_WKC_V1 message), mirroring init_instance(). */
+    if (ce->tls_crypt_v2_file)
+    {
+        to.tls_wrap.tls_crypt_v2_wkc = &c->c1.ks.tls_crypt_v2_wkc;
+    }
+
     struct tls_auth_standalone *tas = tls_auth_standalone_init(&to, gc);

     /* Control-channel frame and work buffers, mirroring do_init_frame_tls(). 
*/
@@ -467,8 +466,15 @@
         return;
     }

+    /* With tls-crypt-v2 the probe must carry the wrapped client key so the
+     * server can recover the per-client key; that is a P_CONTROL_OOB_WKC_V1
+     * message. Otherwise (tls-crypt v1, tls-auth, or plaintext) it is a plain
+     * P_CONTROL_OOB_V1. */
+    const bool is_v2 = (tas->tls_wrap.tls_crypt_v2_wkc != NULL);
+    const int probe_opcode = is_v2 ? P_CONTROL_OOB_WKC_V1 : P_CONTROL_OOB_V1;
+
     struct buffer probe =
-        tls_wrap_oob_standalone(&tas->tls_wrap, tas, &client_sid, &payload, 
P_CONTROL_OOB_V1);
+        tls_wrap_oob_standalone(&tas->tls_wrap, tas, &client_sid, &payload, 
probe_opcode);
     if (!BLEN(&probe))
     {
         msg(D_LOW, "server-probe: could not wrap probe packet; using 
configured order");
@@ -478,9 +484,10 @@
         return;
     }

-    const char *wrap_name = (tas->tls_wrap.mode == TLS_WRAP_CRYPT)  ? 
"tls-crypt"
-                            : (tas->tls_wrap.mode == TLS_WRAP_AUTH) ? 
"tls-auth"
-                                                                    : "none 
(plaintext)";
+    const char *wrap_name = is_v2                                    ? 
"tls-crypt-v2"
+                            : (tas->tls_wrap.mode == TLS_WRAP_CRYPT) ? 
"tls-crypt"
+                            : (tas->tls_wrap.mode == TLS_WRAP_AUTH)  ? 
"tls-auth"
+                                                                     : "none 
(plaintext)";
     msg(D_LOW, "server-probe: probing %d remote(s) with a %d ms window, 
control-channel wrapping: %s",
         l->len, OOB_PROBE_WINDOW_MS, wrap_name);


--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1759?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings?usp=email

Gerrit-MessageType: newchange
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I5cc100dd7dc810d7d1e6f29bb57584905fbcf4a0
Gerrit-Change-Number: 1759
Gerrit-PatchSet: 1
Gerrit-Owner: stipa <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to