/* IV, packet-ID and implicit IV required for this mode. */
ASSERT(ctx->cipher);
ASSERT(cipher_kt_mode_aead(cipher_kt));
- ASSERT(opt->flags & CO_USE_IV);
ASSERT(packet_id_initialized(&opt->packet_id));
gc_init(&gc);
if (cipher_kt_mode_cbc(cipher_kt))
{
/* generate pseudo-random IV */
- if (opt->flags & CO_USE_IV)
- {
- prng_bytes(iv_buf, iv_size);
- }
+ prng_bytes(iv_buf, iv_size);
/* Put packet ID in plaintext buffer */
if (packet_id_initialized(&opt->packet_id))
struct packet_id_net pin;
struct buffer b;
- /* IV and packet-ID required for this mode. */
- ASSERT(opt->flags & CO_USE_IV);
+ /* packet-ID required for this mode. */
ASSERT(packet_id_initialized(&opt->packet_id));
packet_id_alloc_outgoing(&opt->packet_id.send, &pin, true);
}
/* set the IV pseudo-randomly */
- if (opt->flags & CO_USE_IV)
- {
- ASSERT(buf_write(&work, iv_buf, iv_size));
- dmsg(D_PACKET_CONTENT, "ENCRYPT IV: %s", format_hex(iv_buf, iv_size, 0, &gc));
- }
+ ASSERT(buf_write(&work, iv_buf, iv_size));
+ dmsg(D_PACKET_CONTENT, "ENCRYPT IV: %s", format_hex(iv_buf, iv_size, 0, &gc));
dmsg(D_PACKET_CONTENT, "ENCRYPT FROM: %s",
format_hex(BPTR(buf), BLEN(buf), 80, &gc));
return ret;
}
-/*
- * If (opt->flags & CO_USE_IV) is not NULL, we will read an IV from the packet.
+/**
+ * Unwrap (authenticate, decrypt and check replay protection) AEAD-mode data
+ * channel packets.
*
* Set buf->len to 0 and return false on decrypt error.
*
- * On success, buf is set to point to plaintext, true
- * is returned.
+ * On success, buf is set to point to plaintext, true is returned.
*/
static bool
openvpn_decrypt_aead(struct buffer *buf, struct buffer work,
/* IV and Packet ID required for this mode */
ASSERT(packet_id_initialized(&opt->packet_id));
- ASSERT(opt->flags & CO_USE_IV);
/* Combine IV from explicit part from packet and implicit part from context */
{
}
/*
- * If (opt->flags & CO_USE_IV) is not NULL, we will read an IV from the packet.
+ * Unwrap (authenticate, decrypt and check replay protection) CBC, OFB or CFB
+ * mode data channel packets.
*
* Set buf->len to 0 and return false on decrypt error.
*
- * On success, buf is set to point to plaintext, true
- * is returned.
+ * On success, buf is set to point to plaintext, true is returned.
*/
static bool
openvpn_decrypt_v1(struct buffer *buf, struct buffer work,
/* initialize work buffer with FRAME_HEADROOM bytes of prepend capacity */
ASSERT(buf_init(&work, FRAME_HEADROOM_ADJ(frame, FRAME_HEADROOM_MARKER_DECRYPT)));
- /* use IV if user requested it */
- if (opt->flags & CO_USE_IV)
- {
- if (buf->len < iv_size)
- {
- CRYPT_ERROR("missing IV info");
- }
- memcpy(iv_buf, BPTR(buf), iv_size);
- ASSERT(buf_advance(buf, iv_size));
- }
-
- /* show the IV's initial state */
- if (opt->flags & CO_USE_IV)
+ /* read the IV from the packet */
+ if (buf->len < iv_size)
{
- dmsg(D_PACKET_CONTENT, "DECRYPT IV: %s", format_hex(iv_buf, iv_size, 0, &gc));
+ CRYPT_ERROR("missing IV info");
}
+ memcpy(iv_buf, BPTR(buf), iv_size);
+ ASSERT(buf_advance(buf, iv_size));
+ dmsg(D_PACKET_CONTENT, "DECRYPT IV: %s", format_hex(iv_buf, iv_size, 0, &gc));
if (buf->len < 1)
{
{
struct buffer b;
- /* IV and packet-ID required for this mode. */
- ASSERT(opt->flags & CO_USE_IV);
+ /* packet-ID required for this mode. */
ASSERT(packet_id_initialized(&opt->packet_id));
buf_set_read(&b, iv_buf, iv_size);
void
crypto_adjust_frame_parameters(struct frame *frame,
const struct key_type *kt,
- bool use_iv,
bool packet_id,
bool packet_id_long_form)
{
if (kt->cipher)
{
- if (use_iv)
- {
- crypto_overhead += cipher_kt_iv_size(kt->cipher);
- }
+ crypto_overhead += cipher_kt_iv_size(kt->cipher);
if (cipher_kt_mode_aead(kt->cipher))
{
}
void
-check_replay_iv_consistency(const struct key_type *kt, bool packet_id, bool use_iv)
+check_replay_consistency(const struct key_type *kt, bool packet_id)
{
ASSERT(kt);
- if (!(packet_id && use_iv) && (cipher_kt_mode_ofb_cfb(kt->cipher)
- || cipher_kt_mode_aead(kt->cipher)))
+ if (!packet_id && (cipher_kt_mode_ofb_cfb(kt->cipher)
+ || cipher_kt_mode_aead(kt->cipher)))
{
- msg(M_FATAL, "--no-replay or --no-iv cannot be used with a CFB, OFB or "
- "AEAD mode cipher");
+ msg(M_FATAL, "--no-replay cannot be used with a CFB, OFB or AEAD mode cipher");
}
}
* - \b HMAC, covering the ciphertext IV + ciphertext. The HMAC size depends
* on the \c \-\-auth option. If \c \-\-auth \c none is specified, there is no
* HMAC at all.
- * - \b Ciphertext \b IV, if not disabled by \c \-\-no-iv. The IV size depends on
- * the \c \-\-cipher option.
+ * - \b Ciphertext \b IV. The IV size depends on the \c \-\-cipher option.
* - \b Packet \b ID, a 32-bit incrementing packet counter that provides replay
* protection (if not disabled by \c \-\-no-replay).
* - \b Timestamp, a 32-bit timestamp of the current time.
#define CO_PACKET_ID_LONG_FORM (1<<0)
/**< Bit-flag indicating whether to use
* OpenVPN's long packet ID format. */
-#define CO_USE_IV (1<<1)
- /**< Bit-flag indicating whether to
- * generate a pseudo-random IV for each
- * packet being encrypted. */
-#define CO_IGNORE_PACKET_ID (1<<2)
+#define CO_IGNORE_PACKET_ID (1<<1)
/**< Bit-flag indicating whether to ignore
* the packet ID of a received packet.
* This flag is used during processing
* of the first packet received from a
* client. */
-#define CO_MUTE_REPLAY_WARNINGS (1<<3)
+#define CO_MUTE_REPLAY_WARNINGS (1<<2)
/**< Bit-flag indicating not to display
* replay warnings. */
unsigned int flags; /**< Bit-flags determining behavior of
void generate_key_random(struct key *key, const struct key_type *kt);
-void check_replay_iv_consistency(const struct key_type *kt, bool packet_id, bool use_iv);
+void check_replay_consistency(const struct key_type *kt, bool packet_id);
bool check_key(struct key *key, const struct key_type *kt);
/** Calculate crypto overhead and adjust frame to account for that */
void crypto_adjust_frame_parameters(struct frame *frame,
const struct key_type *kt,
- bool use_iv,
bool packet_id,
bool packet_id_long_form);
init_crypto_pre(c, flags);
/* Initialize flags */
- if (c->options.use_iv)
- {
- c->c2.crypto_options.flags |= CO_USE_IV;
- }
-
if (c->options.mute_replay_warnings)
{
c->c2.crypto_options.flags |= CO_MUTE_REPLAY_WARNINGS;
c->c2.crypto_options.key_ctx_bi = c->c1.ks.static_key;
/* Compute MTU parameters */
- crypto_adjust_frame_parameters(&c->c2.frame,
- &c->c1.ks.key_type,
- options->use_iv, options->replay, true);
+ crypto_adjust_frame_parameters(&c->c2.frame, &c->c1.ks.key_type,
+ options->replay, true);
- /* Sanity check on IV, sequence number, and cipher mode options */
- check_replay_iv_consistency(&c->c1.ks.key_type, options->replay,
- options->use_iv);
+ /* Sanity check on sequence number, and cipher mode options */
+ check_replay_consistency(&c->c1.ks.key_type, options->replay);
}
/*
return;
}
- /* Sanity check on IV, sequence number, and cipher mode options */
- check_replay_iv_consistency(&c->c1.ks.key_type, options->replay,
- options->use_iv);
+ /* Sanity check on sequence number, and cipher mode options */
+ check_replay_consistency(&c->c1.ks.key_type, options->replay);
/* In short form, unique datagram identifier is 32 bits, in long form 64 bits */
packet_id_long_form = cipher_kt_mode_ofb_cfb(c->c1.ks.key_type.cipher);
else
{
crypto_adjust_frame_parameters(&c->c2.frame, &c->c1.ks.key_type,
- options->use_iv, options->replay, packet_id_long_form);
+ options->replay, packet_id_long_form);
}
tls_adjust_frame_parameters(&c->c2.frame);
/* Set all command-line TLS-related options */
CLEAR(to);
- if (options->use_iv)
- {
- to.crypto_flags |= CO_USE_IV;
- }
-
if (options->mute_replay_warnings)
{
to.crypto_flags |= CO_MUTE_REPLAY_WARNINGS;
to.tls_wrap.opt.key_ctx_bi = c->c1.ks.tls_wrap_key;
to.tls_wrap.opt.pid_persist = &c->c1.pid_persist;
to.tls_wrap.opt.flags |= CO_PACKET_ID_LONG_FORM;
- crypto_adjust_frame_parameters(&to.frame,
- &c->c1.ks.tls_auth_key_type,
- false, true, true);
+ crypto_adjust_frame_parameters(&to.frame, &c->c1.ks.tls_auth_key_type,
+ true, true);
}
/* TLS handshake encryption (--tls-crypt) */
{
msg(M_WARN, "WARNING: You have disabled Replay Protection (--no-replay) which may make " PACKAGE_NAME " less secure");
}
- if (!o->use_iv)
- {
- msg(M_WARN, "WARNING: You have disabled Crypto IVs (--no-iv) which may make " PACKAGE_NAME " less secure");
- }
if (o->tls_server)
{
"--replay-window n [t] : Use a replay protection sliding window of size n\n"
" and a time window of t seconds.\n"
" Default n=%d t=%d\n"
- "--no-iv : Disable cipher IV -- only allowed with CBC mode ciphers.\n"
"--replay-persist file : Persist replay-protection state across sessions\n"
" using file.\n"
"--test-crypto : Run a self-test of crypto features enabled.\n"
o->replay = true;
o->replay_window = DEFAULT_SEQ_BACKTRACK;
o->replay_time = DEFAULT_TIME_BACKTRACK;
- o->use_iv = true;
o->key_direction = KEY_DIRECTION_BIDIRECTIONAL;
#ifdef ENABLE_PREDICTION_RESISTANCE
o->use_prediction_resistance = false;
SHOW_INT(replay_window);
SHOW_INT(replay_time);
SHOW_STR(packet_id_file);
- SHOW_BOOL(use_iv);
SHOW_BOOL(test_crypto);
#ifdef ENABLE_PREDICTION_RESISTANCE
SHOW_BOOL(use_prediction_resistance);
{
msg(M_USAGE, "NCP cipher list contains unsupported ciphers.");
}
- if (options->ncp_enabled && !options->use_iv)
- {
- msg(M_USAGE, "--no-iv not allowed when NCP is enabled.");
- }
- if (!options->use_iv)
- {
- msg(M_WARN, "WARNING: --no-iv is deprecated and will be removed in 2.5");
- }
/*
* Check consistency of replay options
init_key_type(&fake_kt, o->ciphername, o->authname, o->keysize, true,
false);
frame_add_to_extra_frame(&fake_frame, -(crypto_max_overhead()));
- crypto_adjust_frame_parameters(&fake_frame, &fake_kt, o->use_iv,
- o->replay, cipher_kt_mode_ofb_cfb(fake_kt.cipher));
+ crypto_adjust_frame_parameters(&fake_frame, &fake_kt, o->replay,
+ cipher_kt_mode_ofb_cfb(fake_kt.cipher));
frame_finalize(&fake_frame, o->ce.link_mtu_defined, o->ce.link_mtu,
o->ce.tun_mtu_defined, o->ce.tun_mtu);
msg(D_MTU_DEBUG, "%s: link-mtu %u -> %d", __func__, (unsigned int) link_mtu,
* --keysize
* --secret
* --no-replay
- * --no-iv
*
* SSL Options:
*
{
buf_printf(&out, ",no-replay");
}
- if (!o->use_iv)
- {
- buf_printf(&out, ",no-iv");
- }
#ifdef ENABLE_PREDICTION_RESISTANCE
if (o->use_prediction_resistance)
}
else if (streq(p[0], "no-iv") && !p[1])
{
- VERIFY_PERMISSION(OPT_P_GENERAL);
- options->use_iv = false;
+ msg(msglevel,
+ "--no-iv is no longer supported. Remove it from client and server configs.");
}
else if (streq(p[0], "replay-persist") && p[1] && !p[2])
{
int replay_window;
int replay_time;
const char *packet_id_file;
- bool use_iv;
bool test_crypto;
#ifdef ENABLE_PREDICTION_RESISTANCE
bool use_prediction_resistance;
/* Update frame parameters: undo worst-case overhead, add actual overhead */
frame_add_to_extra_frame(frame, -(crypto_max_overhead()));
crypto_adjust_frame_parameters(frame, &session->opt->key_type,
- options->use_iv, options->replay, packet_id_long_form);
+ options->replay, packet_id_long_form);
frame_finalize(frame, options->ce.link_mtu_defined, options->ce.link_mtu,
options->ce.tun_mtu_defined, options->ce.tun_mtu);
frame_init_mssfix(frame, options);
projects / thirdparty / openvpn.git / commitdiff
