OpenVPN
ssl_ncp.c
Go to the documentation of this file.
1 /*
2  * OpenVPN -- An application to securely tunnel IP networks
3  * over a single TCP/UDP port, with support for SSL/TLS-based
4  * session authentication and key exchange,
5  * packet encryption, packet authentication, and
6  * packet compression.
7  *
8  * Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
9  * Copyright (C) 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
10  * Copyright (C) 2008-2013 David Sommerseth <dazo@users.sourceforge.net>
11  *
12  * This program is free software; you can redistribute it and/or modify
13  * it under the terms of the GNU General Public License version 2
14  * as published by the Free Software Foundation.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License along
22  * with this program; if not, write to the Free Software Foundation, Inc.,
23  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24  */
25 
31 /*
32  * The routines in this file deal with dynamically negotiating
33  * the data channel HMAC and cipher keys through a TLS session.
34  *
35  * Both the TLS session and the data channel are multiplexed
36  * over the same TCP/UDP port.
37  */
38 #ifdef HAVE_CONFIG_H
39 #include "config.h"
40 #elif defined(_MSC_VER)
41 #include "config-msvc.h"
42 #endif
43 
44 #include "syshead.h"
45 #include "win32.h"
46 
47 #include "error.h"
48 #include "common.h"
49 
50 #include "ssl_ncp.h"
51 #include "ssl_util.h"
52 #include "openvpn.h"
53 
58 static int
59 tls_peer_info_ncp_ver(const char *peer_info)
60 {
61  const char *ncpstr = peer_info ? strstr(peer_info, "IV_NCP=") : NULL;
62  if (ncpstr)
63  {
64  int ncp = 0;
65  int r = sscanf(ncpstr, "IV_NCP=%d", &ncp);
66  if (r == 1)
67  {
68  return ncp;
69  }
70  }
71  return 0;
72 }
73 
78 bool
79 tls_peer_supports_ncp(const char *peer_info)
80 {
81  if (!peer_info)
82  {
83  return false;
84  }
85  else if (tls_peer_info_ncp_ver(peer_info) >= 2
86  || strstr(peer_info, "IV_CIPHERS="))
87  {
88  return true;
89  }
90  else
91  {
92  return false;
93  }
94 }
95 
96 char *
97 mutate_ncp_cipher_list(const char *list, struct gc_arena *gc)
98 {
99  bool error_found = false;
100 
101  struct buffer new_list = alloc_buf(MAX_NCP_CIPHERS_LENGTH);
102 
103  char *const tmp_ciphers = string_alloc(list, NULL);
104  const char *token = strtok(tmp_ciphers, ":");
105  while (token)
106  {
107  /*
108  * Going through a roundtrip by using cipher_kt_get/cipher_kt_name
109  * (and translate_cipher_name_from_openvpn/
110  * translate_cipher_name_to_openvpn) also normalises the cipher name,
111  * e.g. replacing AeS-128-gCm with AES-128-GCM
112  */
113  const cipher_kt_t *ktc = cipher_kt_get(token);
114  if (strcmp(token, "none") == 0)
115  {
116  msg(M_WARN, "WARNING: cipher 'none' specified for --data-ciphers. "
117  "This allows negotiation of NO encryption and "
118  "tunnelled data WILL then be transmitted in clear text "
119  "over the network! "
120  "PLEASE DO RECONSIDER THIS SETTING!");
121  }
122  if (!ktc && strcmp(token, "none") != 0)
123  {
124  msg(M_WARN, "Unsupported cipher in --data-ciphers: %s", token);
125  error_found = true;
126  }
127  else
128  {
129  const char *ovpn_cipher_name = cipher_kt_name(ktc);
130  if (ktc == NULL)
131  {
132  /* NULL resolves to [null-cipher] but we need none for
133  * data-ciphers */
134  ovpn_cipher_name = "none";
135  }
136 
137  if (buf_len(&new_list)> 0)
138  {
139  /* The next if condition ensure there is always space for
140  * a :
141  */
142  buf_puts(&new_list, ":");
143  }
144 
145  /* Ensure buffer has capacity for cipher name + : + \0 */
146  if (!(buf_forward_capacity(&new_list) >
147  strlen(ovpn_cipher_name) + 2))
148  {
149  msg(M_WARN, "Length of --data-ciphers is over the "
150  "limit of 127 chars");
151  error_found = true;
152  }
153  else
154  {
155  buf_puts(&new_list, ovpn_cipher_name);
156  }
157  }
158  token = strtok(NULL, ":");
159  }
160 
161 
162 
163  char *ret = NULL;
164  if (!error_found && buf_len(&new_list) > 0)
165  {
166  buf_null_terminate(&new_list);
167  ret = string_alloc(buf_str(&new_list), gc);
168  }
169  free(tmp_ciphers);
170  free_buf(&new_list);
171 
172  return ret;
173 }
174 
175 bool
176 tls_item_in_cipher_list(const char *item, const char *list)
177 {
178  char *tmp_ciphers = string_alloc(list, NULL);
179  char *tmp_ciphers_orig = tmp_ciphers;
180 
181  const char *token = strtok(tmp_ciphers, ":");
182  while (token)
183  {
184  if (0 == strcmp(token, item))
185  {
186  break;
187  }
188  token = strtok(NULL, ":");
189  }
190  free(tmp_ciphers_orig);
191 
192  return token != NULL;
193 }
194 
195 const char *
196 tls_peer_ncp_list(const char *peer_info, struct gc_arena *gc)
197 {
198  /* Check if the peer sends the IV_CIPHERS list */
199  const char *iv_ciphers = extract_var_peer_info(peer_info,"IV_CIPHERS=", gc);
200  if (iv_ciphers)
201  {
202  return iv_ciphers;
203  }
204  else if (tls_peer_info_ncp_ver(peer_info)>=2)
205  {
206  /* If the peer announces IV_NCP=2 then it supports the AES GCM
207  * ciphers */
208  return "AES-256-GCM:AES-128-GCM";
209  }
210  else
211  {
212  return "";
213  }
214 }
215 
216 char *
217 ncp_get_best_cipher(const char *server_list, const char *peer_info,
218  const char *remote_cipher, struct gc_arena *gc)
219 {
220  /*
221  * The gc of the parameter is tied to the VPN session, create a
222  * short lived gc arena that is only valid for the duration of
223  * this function
224  */
225 
226  struct gc_arena gc_tmp = gc_new();
227 
228  const char *peer_ncp_list = tls_peer_ncp_list(peer_info, &gc_tmp);
229 
230  /* non-NCP client without OCC? "assume nothing" */
231  /* For client doing the newer version of NCP (that send IV_CIPHER)
232  * we cannot assume that they will accept remote_cipher */
233  if (remote_cipher == NULL ||
234  (peer_info && strstr(peer_info, "IV_CIPHERS=")))
235  {
236  remote_cipher = "";
237  }
238 
239  char *tmp_ciphers = string_alloc(server_list, &gc_tmp);
240 
241  const char *token;
242  while ((token = strsep(&tmp_ciphers, ":")))
243  {
244  if (tls_item_in_cipher_list(token, peer_ncp_list)
245  || streq(token, remote_cipher))
246  {
247  break;
248  }
249  }
250 
251  char *ret = NULL;
252  if (token != NULL)
253  {
254  ret = string_alloc(token, gc);
255  }
256 
257  gc_free(&gc_tmp);
258  return ret;
259 }
260 
270 static bool
271 tls_poor_mans_ncp(struct options *o, const char *remote_ciphername)
272 {
273  if (remote_ciphername
274  && tls_item_in_cipher_list(remote_ciphername, o->ncp_ciphers))
275  {
276  o->ciphername = string_alloc(remote_ciphername, &o->gc);
277  msg(D_TLS_DEBUG_LOW, "Using peer cipher '%s'", o->ciphername);
278  return true;
279  }
280  return false;
281 }
282 
283 bool
284 check_pull_client_ncp(struct context *c, const int found)
285 {
286  if (found & OPT_P_NCP)
287  {
288  msg(D_PUSH, "OPTIONS IMPORT: data channel crypto options modified");
289  return true;
290  }
291 
292  if (!c->options.ncp_enabled)
293  {
294  return true;
295  }
296  /* If the server did not push a --cipher, we will switch to the
297  * remote cipher if it is in our ncp-ciphers list */
299  {
300  return true;
301  }
302 
303  /* We could not figure out the peer's cipher but we have fallback
304  * enabled */
306  {
307  return true;
308  }
309 
310  /* We failed negotiation, give appropiate error message */
312  {
313  msg(D_TLS_ERRORS, "OPTIONS ERROR: failed to negotiate "
314  "cipher with server. Add the server's "
315  "cipher ('%s') to --data-ciphers (currently '%s') if "
316  "you want to connect to this server.",
318  c->options.ncp_ciphers);
319  return false;
320 
321  }
322  else
323  {
324  msg(D_TLS_ERRORS, "OPTIONS ERROR: failed to negotiate "
325  "cipher with server. Configure "
326  "--data-ciphers-fallback if you want to connect "
327  "to this server.");
328  return false;
329  }
330 }
bool ncp_enabled
Definition: options.h:515
struct options options
Options loaded from command line or configuration file.
Definition: openvpn.h:465
void free_buf(struct buffer *buf)
Definition: buffer.c:185
#define D_TLS_DEBUG_LOW
Definition: errlevel.h:77
static int buf_len(const struct buffer *buf)
Definition: buffer.h:240
char * string_alloc(const char *str, struct gc_arena *gc)
Definition: buffer.c:685
bool enable_ncp_fallback
If defined fall back to ciphername if NCP fails.
Definition: options.h:513
#define streq(x, y)
Definition: options.h:664
Contains all state information for one tunnel.
Definition: openvpn.h:463
#define D_PUSH
Definition: errlevel.h:83
static void gc_free(struct gc_arena *a)
Definition: buffer.h:1023
#define D_TLS_ERRORS
Definition: errlevel.h:59
static bool tls_poor_mans_ncp(struct options *o, const char *remote_ciphername)
"Poor man&#39;s NCP": Use peer cipher if it is an allowed (NCP) cipher.
Definition: ssl_ncp.c:271
struct buffer alloc_buf(size_t size)
Definition: buffer.c:64
bool tls_item_in_cipher_list(const char *item, const char *list)
Return true iff item is present in the colon-separated zero-terminated cipher list.
Definition: ssl_ncp.c:176
bool tls_peer_supports_ncp(const char *peer_info)
Returns whether the client supports NCP either by announcing IV_NCP>=2 or the IV_CIPHERS list...
Definition: ssl_ncp.c:79
const char * ncp_ciphers
Definition: options.h:516
#define MAX_NCP_CIPHERS_LENGTH
The maximum length of a ncp-cipher string that is accepted.
Definition: ssl_ncp.h:116
bool buf_puts(struct buffer *buf, const char *str)
Definition: buffer.c:269
static struct gc_arena gc_new(void)
Definition: buffer.h:1015
void buf_null_terminate(struct buffer *buf)
Definition: buffer.c:569
bool check_pull_client_ncp(struct context *c, const int found)
Checks whether the cipher negotiation is in an acceptable state and we continue to connect or should ...
Definition: ssl_ncp.c:284
#define OPT_P_NCP
Negotiable crypto parameters.
Definition: options.h:681
const char * ciphername
Definition: options.h:512
mbedtls_cipher_info_t cipher_kt_t
Generic cipher key type context.
static int buf_forward_capacity(const struct buffer *buf)
Definition: buffer.h:562
char * ncp_get_best_cipher(const char *server_list, const char *peer_info, const char *remote_cipher, struct gc_arena *gc)
Iterates through the ciphers in server_list and return the first cipher that is also supported by the...
Definition: ssl_ncp.c:217
char * remote_ciphername
cipher specified in peer&#39;s config file
Definition: ssl_common.h:610
static char * buf_str(const struct buffer *buf)
Definition: buffer.h:284
struct context_2 c2
Level 2 context.
Definition: openvpn.h:504
char * strsep(char **stringp, const char *delim)
Definition: compat-strsep.c:38
#define msg(flags,...)
Definition: error.h:149
const char * tls_peer_ncp_list(const char *peer_info, struct gc_arena *gc)
Returns the support cipher list from the peer according to the IV_NCP and IV_CIPHER values in peer_in...
Definition: ssl_ncp.c:196
Wrapper structure for dynamically allocated memory.
Definition: buffer.h:60
#define M_WARN
Definition: error.h:96
static int tls_peer_info_ncp_ver(const char *peer_info)
Return the Negotiable Crypto Parameters version advertised in the peer info string, or 0 if none specified.
Definition: ssl_ncp.c:59
#define free
Definition: cmocka.c:1850
Garbage collection arena used to keep track of dynamically allocated memory.
Definition: buffer.h:116
char * extract_var_peer_info(const char *peer_info, const char *var, struct gc_arena *gc)
Extracts a variable from peer info, the returned string will be allocated using the supplied gc_arena...
Definition: ssl_util.c:34
char * mutate_ncp_cipher_list(const char *list, struct gc_arena *gc)
Check whether the ciphers in the supplied list are supported.
Definition: ssl_ncp.c:97
struct gc_arena gc
Definition: options.h:215
struct tls_multi * tls_multi
TLS state structure for this VPN tunnel.
Definition: openvpn.h:318
const cipher_kt_t * cipher_kt_get(const char *ciphername)
Return cipher parameters, based on the given cipher name.
const char * cipher_kt_name(const cipher_kt_t *cipher_kt)
Retrieve a string describing the cipher (e.g.