Add support for AES-256-CTR (used by tls-crypt) in the crypto
layer and make sure that each SSL library plugin is aware of it.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Created a lightweight abstraction layer so that another i/o
reactor can be dropped in place of asio.
The basic approach is to rename all references to asio::xxx
types to openvpn_io::xxx and then make openvpn_io a
preprocessor variable that points to the top-level namespace
of the i/o reactor implementation.
All of the source files that currently include <asio.hpp> now
include <openvpn/io/io.hpp> instead:
This gives us a lightweight abstraction layer that allows us
to define openvpn_io to be something other than asio.
Other changes:
* Inclusion of asio by scripts/build is now optional, and is
enabled by passing ASIO=1 or ASIO_DIR=<dir>.
* Refactored openvpn/common/socktypes.hpp to no longer
require asio.
* Refactored openvpn/log/logthread.hpp to no longer require
asio.
* Added openvpn::get_hostname() method as alternative to
calling asio directly.
* openvpn/openssl/util/init.hpp will now #error
if USE_ASIO is undefined.
Signed-off-by: James Yonan <james@openvpn.net>
both cryptographic and non-cryptographic algorithms, as
a failsafe, add a new virtual method assert_crypto()
that will throw an exception if the algorithm is not
crypto strength. assert_crypto() should now be called
before any RNG is used for crypto purposes.
Triple DES, and other 64-bit block-size ciphers vulnerable
to "Sweet32" birthday attack (CVE-2016-6329). Limit such
cipher keys to no more than 64 MB of data
encrypted/decrypted. While our overall goal is to limit
data-limited keys to 64 MB, we trigger a renegotiation
at 48 MB to compensate for possible delays in renegotiation
and rollover to the new key.
This client-side implementation extends data limit
protection to the entire session, even when the server
doesn't implement data limits.
This capability is advertised to servers via the a
peer info setting:
IV_BS64DL=1
meaning "Block-Size 64-bit Data Limit". The "1" indicates
the implementation version.
The implementation currently has some limitations:
* Keys are renegotiated at a maximum rate of once per
5 seconds to reduce the likelihood of loss of
synchronization between peers.
* The maximum renegotiation rate may be further extended
if the peer delays rollover from the old to new key
after renegotiation.
Added N_KEY_LIMIT_RENEG stats counter to count the number
of data-limit-triggered renegotiations.
Added new stats counter KEY_STATE_ERROR which roughly
corresponds to the OpenVPN 2.x error "TLS Error:
local/remote TLS keys are out of sync".
Prevously, the TLS ack/retransmit timeout was hardcoded to
2 seconds. Now we lower the default to 1 second and make
it variable using the (pushable) "tls-timeout" directive.
Additionally, the tls-timeout directive can be specified
in milliseconds instead of seconds by using the
"tls-timeout-ms" form of the directive.
Made the "become primary" time duration configurable via
the (pushable) "become-primary" directive which accepts
a number-of-seconds parameter. become-primary indicates
the time delay between renegotiation and rollover to the
new key for encryption/transmission. become-primary
defaults to the handshake-window which in turn defaults
to 60 seconds.
Incremented core version to 3.0.20.
allowing backtracks of up to 2048 (previous limit was 64).
In addition, we now maintain the packet ID window as a bit
array (previously a byte array was used).
control whether hex chars a-f are rendered as lowercase or
uppercase.
Renamed the template form of render_hex() to render_hex_generic(),
to avoid ambiguity from new caps parameter.
1. force_aes_cbc_ciphersuites flag will disable V2.
2. Added class CryptoDCSettings to Manage cipher/digest settings,
DC factory, and DC context. A CryptoDCSettings instance is
now declared as a member of ProtoContext::Config and is used
to define the cipher/digest pair of the config.
3. ProtoContext::Config::load now parses the "tun-mtu" directive.
Server-side changes:
1. Parse "keepalive" directive, using the same logic
as OpenVPN 2.x.
2. Added ProtoContext::init_data_channel() method for initializing
the data channel after IV_x peer info received from client.
* Make class Route standalone, moving it out of namespace
CIDRMap.
CryptoAlgs:
* Added comments
* For type-safety, mode() now returns a Mode rather than an
int.
CryptoDC:
* Added CRYPTO_DEFINED flag to indicate when encrypt() and
decrypt() methods are implemented by a data channel
provider.
Manage:
* Implemented skeleton management API for server-side client
authentication and managing client-instance properties.
Proto:
* Added Config::update_dc_factory() method.
* Support new CryptoDCInstance::CRYPTO_DEFINED flag.
* Updated server_auth() method to support SafeString transit
of client-provided auth-user-pass password to management
layer.
* control_send now does a reset() on the provided
Ptr reference before returning to reflect the
transfer-of-ownership of the underlying buffer.
* Implemented disable_keepalive() and override_dc_factory
methods.
Transbase (server) new methods:
// disable keepalive for rest of session
virtual void disable_keepalive() = 0;
// override the data channel factory
virtual void override_dc_factory(const CryptoDCFactory::Ptr& dc_factory) = 0;
// override the tun provider
virtual TunClientInstanceRecv* override_tun(TunClientInstanceSend* tun) = 0;
ServProto:
* Added abstract base classes for Tun factories and client instance
sender/receivers.
* Added Tun and Management linkages.
* Added new receiver methods for overriding the data channel
factory, Tun factory, and keepalive config.
* Added AuthCreds support.
* Performance degradation from recent commit was occurring
in PRNG.
* Allow RNG to be used in place of PRNG. For PolarSSL
at least, this change completely reverses the
polymorphic ProtoContext performance degradation
and turns it into a net performance gain.
* Added bool prng to RNG constructors to allow
the implementation to optimize for PRNG
(only PolarSSL currently supports this).
Documented different use-cases for RNG vs. PRNG
in ProtoContext:
RNG -- Random number generator.
Use-cases demand highest cryptographic strength
such as key generation.
PRNG -- Pseudo-random number generator.
Use-cases demand cryptographic strength
combined with high performance. Used for
IV and ProtoSessionID generation.
underlying crypto implementation.
Modified proto.hpp to use the new CryptoAlgs types for
cipher/digest selection.
Added initial PolarSSL implementation for cipher/digest
selection using CryptoAlgs types.
Note: this implementation is incomplete, see fixmes.