Community Support Forum
 
  OpenVPN.net  •  Forum Index  •  FAQ  

It is currently Thu Apr 24, 2014 6:33 pm


Forum rules


If you would like help, here is a few things you will want to do in order to help us help you.

**Post your configs from client and server, without comments. you can strip comments in linux/bsd with something like this:
grep -vE '^#|^;|^$' server.conf
**Tell us your goal.
**If you are having problems connecting, post your logfiles from server and client after using verb 4 in both configs


Also, there are 2 things you should be aware of:

**Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. Why TCP Over TCP Is A Bad Idea: http://sites.inka.de/~bigred/devel/tcp-tcp.html
**You ONLY want to use dev tap if you are tunneling layer2 traffic, if you are using IP traffic you want tun. If you are using tap only for windows file sharing, look into running a WINS server instead.



Post new topic Reply to topic  [ 72 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next
 OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian) 
Author Message
 Post subject: Re: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Deb
PostPosted: Thu Aug 11, 2011 1:11 pm 
OpenVPN User

Joined: Tue Jul 05, 2011 8:42 am
Posts: 32
@yyy:

Now, that's strange...

My setup is almost similar to yours, nonetheless doesnt' work.

BUT: if I use YOURS certificates instead of mines, then it works "out of the box" (i.e.: without modifying client and server .conf files)...

So it seems that the problem lies either in the use of SHA-512, the choice of the curve, or the certificate generation process...

I will make some other test, if it doesn't work I will post here the certificates and keys I'm using, this thing is driving me mad...

I'm SO close to the solution, I won't stop here -.-


Offline
 Profile  
 
 Post subject: Re: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Deb
PostPosted: Thu Aug 11, 2011 2:47 pm 
OpenVPN User

Joined: Tue Jul 05, 2011 8:42 am
Posts: 32
The worst scenario :( SHA512 is the issue. If I repeat all my configuration using SHA1 instead of other digests, it works. I've tried different curves and it's the same for all. SHA256 gives the same issue as SHA512, too.

Now, this is very unpleasant. It shouldn't be the case to underline that there are no benefits in having an elliptic curve setup with SHA1... At this point I think I will stick to 4096 bit RSA keys (SHA512 works with RSA).

I find this somehow disturbing, though I see that it's not just an OpenVPN issue... in general, it seems that people all around the internet have huge difficulties understanding that SHA1 MUST NOT BE USED ANYMORE.

Is there any hope this problem will be fixed in the near future?


Offline
 Profile  
 
 Post subject: Re: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Deb
PostPosted: Sun Aug 14, 2011 9:13 am 
OpenVPN User

Joined: Tue Jul 05, 2011 8:42 am
Posts: 32
BTW, is anybody aware of a server.conf file directive to use ECDH instead of DH for key exchange? (i.e.: not using "dh" but something else)

Is this a planned feature?


Offline
 Profile  
 
 Post subject: Re: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Deb
PostPosted: Mon Aug 15, 2011 6:49 am 
Forum Team
User avatar

Joined: Fri Aug 20, 2010 2:57 pm
Posts: 2702
Location: Amsterdam
this directive does not exist and and AFAIK it is not being planned either; if the 'ecdh' option enables parts of Elliptic Curve signing that are otherwise not usable then I'm sure the developers are happy to incorporate a patch...

_________________
JJK / Jan Just Keijser
http://www.nikhef.nl/~janjust/vpn/OpenVPN2-Cookbook/index.html
http://www.nikhef.nl/~janjust/vpn/OpenVPN2-Cookbook/errata.html


Offline
 Profile  
 
 Post subject: Re: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Deb
PostPosted: Mon Aug 15, 2011 9:37 am 
OpenVPN User

Joined: Tue Jul 05, 2011 8:42 am
Posts: 32
OK guys, maybe this is interesting. At the end, the result of all this paranoy is that this patch has been submitted in the openSSL mailing list:

http://cvs.openssl.org/chngview?cn=21247

If I got it correctly, this should enable the use of EC crypto certificates together with SHA256 and SHA512. A rebuild of both openssl and openvpn is needed. I'll try it out as soon as possible, and if it works I will write the details.


Offline
 Profile  
 
 Post subject: Re: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Deb
PostPosted: Tue Aug 16, 2011 12:48 pm 
OpenVPN User

Joined: Tue Jul 05, 2011 8:42 am
Posts: 32
Just tried the fix, it doesn't seem to work :( same "no shared cypher" error :(


Offline
 Profile  
 
 Post subject: Re: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Deb
PostPosted: Fri Aug 26, 2011 9:26 am 
OpenVPN User

Joined: Tue Jul 05, 2011 8:42 am
Posts: 32
Any news?


Offline
 Profile  
 
 Post subject: Re: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Deb
PostPosted: Fri Aug 26, 2011 5:52 pm 
OpenVpn Newbie

Joined: Fri Aug 26, 2011 5:45 pm
Posts: 1
There's a whitepaper that claims a successful implementation of ECC with OpenVPN. The website isn't working well right now, but here's the URL:
http://csam.univ-ovidius.ro/~tudrescu/p ... 005Eng.pdf

I was able to view and save this with google preview and google docs. Here's a shared copy in case the link above doesn't work for you:
https://docs.google.com/viewer?a=v&pid= ... l&hl=en_US

I could also email you the PDF, if you'd like. Perhaps the authors would be willing to share some configuration advice and code with you.

_________________
@@ron


Offline
 Profile  
 
 Post subject: Re: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Deb
PostPosted: Sat Aug 27, 2011 7:09 am 
OpenVPN User

Joined: Tue Jul 05, 2011 8:42 am
Posts: 32
Thanks, I've already found that document somewhere, but unfortunately it doesn't seem to address the issue here: I was indeed able to test an ECDSA-based OpenVPN setup already, but only by using SHA-1 as a message digest, while it fails using SHA-256 or SHA-512. Anyway, the authors seem to have solved the problem of using ECDH instead of DH, too, so I'll try to contact them in the meantime.


Offline
 Profile  
 
 Post subject: Re: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Deb
PostPosted: Wed Aug 31, 2011 12:13 pm 
Forum Team
User avatar

Joined: Fri Aug 20, 2010 2:57 pm
Posts: 2702
Location: Amsterdam
finally got round to looking into this more thoroughly:

it looks like the openssl code itself does not support ecdsa_with_SHA256 (or anything other than SHA1); if I scan the openssl 1.0.0d sources I don't see ANY support for NID_ecdsa_with_SHA256 ; the openssl patch for 1.0.0e that you mentioned might fix this, but I'm actually doubtful. Looks like your best bet is to take this up with the openssl developer first.

_________________
JJK / Jan Just Keijser
http://www.nikhef.nl/~janjust/vpn/OpenVPN2-Cookbook/index.html
http://www.nikhef.nl/~janjust/vpn/OpenVPN2-Cookbook/errata.html


Offline
 Profile  
 
 Post subject: Re: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Deb
PostPosted: Wed Aug 31, 2011 2:53 pm 
Forum Team
User avatar

Joined: Fri Aug 20, 2010 2:57 pm
Posts: 2702
Location: Amsterdam
as a follow up : try applying the following patch to the openssl 1.0.0d code base, recompile openssl, relink openvpn against it and now run
Code:
./openvpn --show-digests

this seemed to work for my test setup using
Code:
./openvpn --config ...  --auth ecdsa-with-SHA256


Code:
--- ./crypto/evp/m_ecdsa.c   2006-04-19 19:05:57.000000000 +0200
+++ ../openssl-1.0.0d-sha256/./crypto/evp/m_ecdsa.c   2011-08-31 16:29:24.000000000 +0200
@@ -146,3 +146,62 @@
    return(&ecdsa_md);
    }
 #endif
+
+#ifndef OPENSSL_NO_SHA256
+static int init224(EVP_MD_CTX *ctx)
+   { return SHA224_Init(ctx->md_data); }
+static int init256(EVP_MD_CTX *ctx)
+   { return SHA256_Init(ctx->md_data); }
+
+static int update224(EVP_MD_CTX *ctx,const void *data,size_t count)
+   { return SHA224_Update(ctx->md_data,data,count); }
+static int update256(EVP_MD_CTX *ctx,const void *data,size_t count)
+   { return SHA256_Update(ctx->md_data,data,count); }
+
+static int final224(EVP_MD_CTX *ctx,unsigned char *md)
+   { return SHA224_Final(md,ctx->md_data); }
+static int final256(EVP_MD_CTX *ctx,unsigned char *md)
+   { return SHA256_Final(md,ctx->md_data); }
+
+static const EVP_MD ecdsa_sha224_md=
+   {
+   NID_ecdsa_with_SHA224,
+   NID_ecdsa_with_SHA224,
+   SHA224_DIGEST_LENGTH,
+   EVP_MD_FLAG_PKEY_DIGEST,
+   init224,
+   update224,
+   final224,
+   NULL,
+   NULL,
+   EVP_PKEY_ECDSA_method,
+   SHA256_CBLOCK,
+   sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+   };
+
+const EVP_MD *EVP_ecdsa_sha224(void)
+   {
+   return(&ecdsa_sha224_md);
+   }
+
+static const EVP_MD ecdsa_sha256_md=
+   {
+   NID_ecdsa_with_SHA256,
+   NID_ecdsa_with_SHA256,
+   SHA256_DIGEST_LENGTH,
+   EVP_MD_FLAG_PKEY_DIGEST,
+   init256,
+   update256,
+   final256,
+   NULL,
+   NULL,
+   EVP_PKEY_ECDSA_method,
+   SHA256_CBLOCK,
+   sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+   };
+
+const EVP_MD *EVP_ecdsa_sha256(void)
+   {
+   return(&ecdsa_sha256_md);
+   }
+#endif
--- ./ssl/ssl_algs.c   2010-04-07 15:18:30.000000000 +0200
+++ ../openssl-1.0.0d-sha256/./ssl/ssl_algs.c   2011-08-31 16:22:41.000000000 +0200
@@ -122,6 +122,10 @@
 #ifndef OPENSSL_NO_ECDSA
    EVP_add_digest(EVP_ecdsa());
 #endif
+#if !defined(OPENSSL_NO_SHA256) && !defined(OPENSSL_NO_ECDSA)
+   EVP_add_digest(EVP_ecdsa_sha224());
+   EVP_add_digest(EVP_ecdsa_sha256());
+#endif
    /* If you want support for phased out ciphers, add the following */
 #if 0
    EVP_add_digest(EVP_sha());


_________________
JJK / Jan Just Keijser
http://www.nikhef.nl/~janjust/vpn/OpenVPN2-Cookbook/index.html
http://www.nikhef.nl/~janjust/vpn/OpenVPN2-Cookbook/errata.html


Offline
 Profile  
 
 Post subject: Re: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Deb
PostPosted: Wed Aug 31, 2011 4:12 pm 
OpenVpn Newbie

Joined: Wed Aug 31, 2011 3:58 pm
Posts: 7
There was a horrible hack in OpenSSL 0.9.8 and earlier which tied digests to signature algorithms. So if you wanted to sign something with SHA1+ECDSA you couldn't use the regular digest you had to use the cloned one such as EVP_ecdsa() instead.

This link was removed in OpenSSL 1.0.0 and later but the older clone digests were retained for compatibility with existing apps. So you wont see explicit support for things like ecdsaWithSHA256 it should be automatic. There is a translation table and API for signature NIDs and their relevant algorithms in crypto/objects: the "obj_xref" stuff.

There may be some bugs left: the recent one was with the TLS code still using the old techniques. I'm not familiar with OpenVPN but I'll see if I can trace the cause in this case.

Update: I've tried this against the latest OpenSSL HEAD and OpenVPN 2.2.1 I can't reproduce it. I have certificate chains all signed with ecdsa+SHA512 and connections seem to proceed OK. I did have a problem earlier when I accidentally included a keyUsage extension in the server certificate which didn't support key agreement.

I note that there is currently no way to supply a set of ECDH parameters to OpenVPN. I'd suggest adding an option to do that, or add a callback in the code, otherwise you cannot use the higher security forward secrecy ECDHE ciphersuites.


Offline
 Profile  
 
 Post subject: Re: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Deb
PostPosted: Wed Aug 31, 2011 8:53 pm 
Forum Team
User avatar

Joined: Fri Aug 20, 2010 2:57 pm
Posts: 2702
Location: Amsterdam
@shenson: thanks for the response.

the crypto stuff you're looking for is all in openvpn's crypto.c file.
What openvpn does is basically set the HMAC digest to whatever is specified using '--auth' as follows:
Code:
 533       kt->digest = get_md (authname);
 534       kt->hmac_length = EVP_MD_size (kt->digest);

this is used later in
Code:
475   HMAC_CTX_init (ctx);
 476   HMAC_Init_ex (ctx, key->hmac, kt->hmac_length, digest, NULL);


if there is any way to do this more efficiently then I'm sure the openvpn developers would love to hear about it.

_________________
JJK / Jan Just Keijser
http://www.nikhef.nl/~janjust/vpn/OpenVPN2-Cookbook/index.html
http://www.nikhef.nl/~janjust/vpn/OpenVPN2-Cookbook/errata.html


Offline
 Profile  
 
 Post subject: Re: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Deb
PostPosted: Wed Aug 31, 2011 9:32 pm 
OpenVpn Newbie

Joined: Wed Aug 31, 2011 3:58 pm
Posts: 7
Well it should work if you use --auth SHA256 . The value ecdsa-with-SHA256 is technically a signature algorithm and not a message digest algorithm though some things with ecdsa-with-sha1 etc have been used and retained for rather historical reasons.

Do you need to be able to specify ecdsa-with-SHA256 too?


Offline
 Profile  
 
 Post subject: Re: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Deb
PostPosted: Wed Aug 31, 2011 9:38 pm 
Forum Team
User avatar

Joined: Fri Aug 20, 2010 2:57 pm
Posts: 2702
Location: Amsterdam
I don't have access to any ECDSA certs right now - is there another way to test?

BTW, I agree about the 'ecparam' option: this needs to be added to openvpn, but how can we test that it actually *does* something, i.e. what will NOT work without this option?

_________________
JJK / Jan Just Keijser
http://www.nikhef.nl/~janjust/vpn/OpenVPN2-Cookbook/index.html
http://www.nikhef.nl/~janjust/vpn/OpenVPN2-Cookbook/errata.html


Offline
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 72 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next


 Who is online 

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


phpBB SEO
[ Time : 0.200s | 12 Queries | GZIP : On ]

 
Index  |  FAQ


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group