DCO: support key rotation notifications

Allow the kernel driver to notify us that it's time to renegotiate keys.
The intent is to avoid IV re-use after 2^32 packets.

This is a first draft intended for discussion. The accompanying kernel
change for FreeBSD can be found in https://reviews.freebsd.org/D39570

Signed-off-by: Kristof Provost <kprovost@netgate.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20230414094227.9153-1-kprovost@netgate.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26590.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index a334d5d2a50c4ca2b3d4f69141a7169d839d7501..1111abebdc48e3ddac1bf77c07aea3cb92f0ce0a 100644 (file)
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -550,6 +550,10 @@ dco_do_read(dco_context_t *dco)
             dco->dco_message_type = OVPN_CMD_DEL_PEER;
             break;
 
+        case OVPN_NOTIF_ROTATE_KEY:
+            dco->dco_message_type = OVPN_CMD_SWAP_KEYS;
+            break;
+
         default:
             msg(M_WARN, "Unknown kernel notification %d", type);
             break;

diff --git a/src/openvpn/dco_freebsd.h b/src/openvpn/dco_freebsd.h
index a07f9b69fc98d6eeb62c8222d056aab7469069fb..e1a054e0ffe46c511b51985a4e381ce98fccde37 100644 (file)
--- a/src/openvpn/dco_freebsd.h
+++ b/src/openvpn/dco_freebsd.h
@@ -35,6 +35,7 @@ typedef enum ovpn_key_cipher dco_cipher_t;
 enum ovpn_message_type_t {
     OVPN_CMD_DEL_PEER,
     OVPN_CMD_PACKET,
+    OVPN_CMD_SWAP_KEYS,
 };
 
 enum ovpn_del_reason_t {

diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index b3e0ba5d9882e663ba49d66f79c4d37a1a5c3e33..5bffe07d139ef74d1e0ab14fb665f5ca4ea6f968 100644 (file)
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1232,20 +1232,30 @@ process_incoming_dco(struct context *c)
         return;
     }
 
-    if (dco->dco_message_type != OVPN_CMD_DEL_PEER)
+    switch (dco->dco_message_type)
     {
-        msg(D_DCO_DEBUG, "%s: received message of type %u - ignoring", __func__,
-            dco->dco_message_type);
-        return;
-    }
+        case OVPN_CMD_DEL_PEER:
+            if (dco->dco_del_peer_reason == OVPN_DEL_PEER_REASON_EXPIRED)
+            {
+                msg(D_DCO_DEBUG, "%s: received peer expired notification of for peer-id "
+                    "%d", __func__, dco->dco_message_peer_id);
+                trigger_ping_timeout_signal(c);
+                return;
+            }
+            break;
 
-    if (dco->dco_del_peer_reason == OVPN_DEL_PEER_REASON_EXPIRED)
-    {
-        msg(D_DCO_DEBUG, "%s: received peer expired notification of for peer-id "
-            "%d", __func__, dco->dco_message_peer_id);
-        trigger_ping_timeout_signal(c);
-        return;
+        case OVPN_CMD_SWAP_KEYS:
+            msg(D_DCO_DEBUG, "%s: received key rotation notification for peer-id %d",
+                __func__, dco->dco_message_peer_id);
+            tls_session_soft_reset(c->c2.tls_multi);
+            break;
+
+        default:
+            msg(D_DCO_DEBUG, "%s: received message of type %u - ignoring", __func__,
+                dco->dco_message_type);
+            return;
     }
+
 #endif /* if defined(ENABLE_DCO) && (defined(TARGET_LINUX) || defined(TARGET_FREEBSD)) */
 }
 

diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 5444e752080a789e7843913ca21b74a75dcd4fe1..6fb9cff20ee757621b3936d0a4b7558f3b0149ef 100644 (file)
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -3284,6 +3284,10 @@ multi_process_incoming_dco(struct multi_context *m)
         {
             process_incoming_del_peer(m, mi, dco);
         }
+        else if (dco->dco_message_type == OVPN_CMD_SWAP_KEYS)
+        {
+            tls_session_soft_reset(mi->context.c2.tls_multi);
+        }
     }
     else
     {

diff --git a/src/openvpn/ovpn_dco_freebsd.h b/src/openvpn/ovpn_dco_freebsd.h
index fec33835f007cafa2d0f3300e4da02816aa4ae69..53f94dfdba88b81b2494109d75de25479836287b 100644 (file)
--- a/src/openvpn/ovpn_dco_freebsd.h
+++ b/src/openvpn/ovpn_dco_freebsd.h
@@ -36,6 +36,7 @@
 
 enum ovpn_notif_type {
     OVPN_NOTIF_DEL_PEER,
+    OVPN_NOTIF_ROTATE_KEY,
 };
 
 enum ovpn_del_reason {

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 60aaee8da9ee8f1a78d2c3335e1b6ca3c6399559..8641a51a38a0453dc43e64d0eb0eb3636de8b513 100644 (file)
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1918,6 +1918,12 @@ key_state_soft_reset(struct tls_session *session)
     ks->remote_addr = ks_lame->remote_addr;
 }
 
+void
+tls_session_soft_reset(struct tls_multi *tls_multi)
+{
+    key_state_soft_reset(&tls_multi->session[TM_ACTIVE]);
+}
+
 /*
  * Read/write strings from/to a struct buffer with a u16 length prefix.
  */

diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h
index 4ed4cfaa4f444bbab4c91a44747f5fc4714a195f..3c40fbed35b2c89bd0826e9e3b8d796388e36464 100644 (file)
--- a/src/openvpn/ssl.h
+++ b/src/openvpn/ssl.h
@@ -573,6 +573,9 @@ bool
 tls_session_generate_data_channel_keys(struct tls_multi *multi,
                                        struct tls_session *session);
 
+void
+tls_session_soft_reset(struct tls_multi *multi);
+
 /**
  * Load ovpn.xkey provider used for external key signing
  */