diff options
| author | Arne Schwabe | 2019-12-04 12:08:36 +0100 |
|---|---|---|
| committer | Gert Doering | 2019-12-04 16:50:45 +0100 |
| commit | 8be444df89be09689ba82e58cbc89452a5fcceca (patch) | |
| tree | b0f9926505c1a5ae32092b7bbac81e83d4902aba /doc/management-notes.txt | |
| parent | 6328aef94a748bd9859ae5cd264b7e50fbb8a325 (diff) | |
| download | openvpn-8be444df89be09689ba82e58cbc89452a5fcceca.zip openvpn-8be444df89be09689ba82e58cbc89452a5fcceca.tar.gz | |
Add support for OpenSSL TLS 1.3 when using management-external-key
For TLS versions 1.0 to 1.2 and OpenSSL 1.1.0 and requires a PKCS1
padded response for the external key implementation.
As TLS 1.3 mandates RSA-PSS padding support and also requires an
TLS 1.3 implementation to support RSA-PSS for older TLS
version, OpenSSL will query us to sign an already RSA-PSS padded
string.
This patch adds an 'unpadded' and 'pkcs1' parameter to the
management-external-key option to signal that the client is
able to support pkcs1 as well as unpadded signature requests.
Since clients that implement the management-external-key interface
are usually rather tightly integrated solutions (OpenVPN Connect in the
past, OpenVPN for Android), it is reasonable to expect that
upgrading the OpenSSL library can be done together with
management interface changes. Therefore we provide no backwards
compatbility for mangement-interface clients not supporting
OpenSSL 1.1.1. Also doing this would require downgrading TLS
to 1.1.
Using the management api client version instead the parameters to
management-external-key might seem like the more logical way
but since we only know that version very late in connection progress,
it would require extra logic and complexity to deal with this asynchronous
behaviour. Instead just give an error early if OpenSSL 1.1.1 and
management-external-key without nopadding is detected.
The interface is prepared for signalling PCKS1 and RSA-PSS support
instead of signalling unpadded support.
Patch v3: fix overlong lines and few other style patches. Note
two overlong lines concerning mbedtls are not fixed as they
are removed/shortend by the mbed tls patch to avoid conflicts
Patch v4: Setting minimum TLS version proved to be not enough and
instead of implementing a whole compability layer we require
mangement-clients to implement the new feature when they want
to use OpenSSL 1.1.1
Add a padding=ALGORITHM argument to pk-sig to indicate the
algorithm. Drop adding PKCS1 ourselves.
Patch v5: Send the right version of the patch
Patch v6: rebase on master
Patch v7: change style and reword documentation. Make things more
consistent.
Patch v8: fix spellings, grammar.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20191204110836.6364-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19219.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'doc/management-notes.txt')
| -rw-r--r-- | doc/management-notes.txt | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/doc/management-notes.txt b/doc/management-notes.txt index 17645c1..e54e108 100644 --- a/doc/management-notes.txt +++ b/doc/management-notes.txt @@ -816,6 +816,7 @@ actual private key. When the SSL protocol needs to perform a sign operation, the data to be signed will be sent to the management interface via a notification as follows: +>PK_SIGN:[BASE64_DATA],[ALG] (if client announces support for management version > 2) >PK_SIGN:[BASE64_DATA] (if client announces support for management version > 1) >RSA_SIGN:[BASE64_DATA] (only older clients will be prompted like this) @@ -823,7 +824,7 @@ The management interface client should then create an appropriate signature of the (decoded) BASE64_DATA using the private key and return the SSL signature as follows: -pk-sig (or rsa-sig) +pk-sig (or rsa-sig) [BASE64_SIG_LINE] . . @@ -833,6 +834,8 @@ END Base 64 encoded output of RSA_private_encrypt for RSA or ECDSA_sign() for EC using OpenSSL or mbedtls_pk_sign() using mbed TLS will provide a correct signature. +The rsa-sig interface expects PKCS1 padded signatures for RSA keys +(RSA_PKCS1_PADDING). EC signatures are always unpadded. This capability is intended to allow the use of arbitrary cryptographic service providers with OpenVPN via the management interface. @@ -840,6 +843,18 @@ service providers with OpenVPN via the management interface. New and updated clients are expected to use the version command to announce a version > 1 and handle '>PK_SIGN' prompt and respond with 'pk-sig'. +The signature algorithm is indicated in the PK_SIGN request only if the +management client-version is > 2. In particular, to support TLS1.3 and +TLS1.2 using OpenSSL 1.1.1, unpadded signature support is required and this +can be indicated in the signing request only if the client version is > 2" + +The currently defined padding algorithms are: + + - RSA_PKCS1_PADDING - PKCS1 padding and RSA signature + - RSA_NO_PADDING - No padding may be added for the signature + - ECDSA - EC signature. + + COMMAND -- certificate (OpenVPN 2.4 or higher) ---------------------------------------------- Provides support for external storage of the certificate. Requires the |