Hi, On Thu, Apr 28, 2016 at 06:33:08PM +0200, Jan Just Keijser wrote: > On 28/04/16 17:24, Gert Doering wrote: > > On Thu, Apr 28, 2016 at 05:14:13PM +0200, Jan Just Keijser wrote: > >> And it's the "export keying material" patch that is needed to make that > >> work. > > That patch is in master, but I totally fail to see how you'd re-import > > the keying material in the destination openvpn process... > > > hmmm maybe I missed something there ;) what's the purpose of exporting > the keying material if you cannot import it? where would you import it > into? or is it simply that the "import" patch has not been written yet?
As far as I understand, it's "to do magic for other things' use".
Yes, quite so precisely :-)
doc/keying-material-exporter.txt
has somewhat more useful info, though...
gert
---------------------------------
OpenVPN Daniel Kubec <n...@rtfm.cz>
RFC-5705 February 2015
Added support for TLS Keying Material Exporters
Keying Material Exporter [RFC-5705] allow additional keying material to be
derived from existing TLS channel. This exported keying material can then be
used for a variety of purposes. TLS allows client and server to establish
keying material for use in the upper layers between the TLS end-points and
channel bindings is straightforward and well-defined mechanism how to
authenticate other layers.
OpenVPN Configuration
--keying-material-exporter label len
Export Keying Material [RFC-5705] of len bytes (min. 16 bytes) using label in
environment (exported_keying_material) for use by plugins in
OPENVPN_PLUGIN_TLS_FINAL callback.
Note that exporter labels have the potential to collide with existing PRF
labels. In order to prevent this, labels MUST begin with "EXPORTER".
(This option requires OpenSSL 1.0.1 or newer.)
Use Cases:
Secure bindings of AAA information to application layer
OpenVPN Client <------> OpenVPN Server
[KeyAgreement] [KeyAgreement]
[TLSExportedKeyingMaterial] [TLSExportedKeyingMaterial]
[AAASessionKey] [AAASessionKey]
Client <------> Server
[Authenticated layer on top of (D)TLS]
TLS side channel authentication and straightforward bindings of AAA information
to application layer using well-defined mechanism.
OpenVPN Client <------> OpenVPN Server
[KeyAgreement] [KeyAgreement]
[TLSExportedKeyingMaterial] [TLSExportedKeyingMaterial]
[DerivedAAABindingKey] [DerivedAAABindingKey]
[AuthenticateBindingKeys]
Client -------> Server
[Confidental channel]
TLS Message flow for a full handshake
ClientHello -------->
ServerHello
Certificate*
ServerKeyExchange*
CertificateRequest*
<-------- ServerHelloDone
Certificate*
ClientKeyExchange
CertificateVerify*
[ChangeCipherSpec]
Finished -------->
[ChangeCipherSpec]
<-------- Finished
GenerateTLSBindingKey GenerateTLSBindingKey
Application Data <-------> Application Data
Terminology
AAA Authentication, Authorization, and Accounting:
functions that are generally required to control
access to a service and support auditing.
Secure channel a packet, datagram, octet stream connection, or
sequence of connections between two end-points that
affords cryptographic integrity and confidentiality
to data exchanged over it.
Channel binding the process of establishing that no man-in-the-middle
exists between two end-points that have been
authenticated using secure channel.
TLS Binding Key Exported Keying Material [RFC5705]
If no context is provided, it then computes:
PRF(SecurityParameters.master_secret, label,
SecurityParameters.client_random +
SecurityParameters.server_random
)[length]
If context is provided, it computes:
PRF(SecurityParameters.master_secret, label,
SecurityParameters.client_random +
SecurityParameters.server_random +
context_value_length + context_value
)[length]
AAA Binding Key TLS side channel authentication based on secure
channel bindings requires one more key derivation.
SHA1(TLSExportedKeyingMaterial + ServerPublicKey)
Reference
[OPENAAA] "TLS side channel authentication and straightforward
bindings of AAA information to application
layer using well-defined mechanism."
Daniel Kubec <n...@rtfm.cz> March 2013
https://github.com/n13l/openaaa
[RFC5705] "Keying Material Exporters for TLS"
E. Rescorla, RFC 5705 March 2010
http://tools.ietf.org/html/rfc5705
[RFC5929] "Channel Bindings for TLS"
J. Altman, N. Williams, L. Zhu, RFC 5929, July 2010
http://tools.ietf.org/html/rfc5929
[RFC4680] "TLS Handshake Message for Supplemental Data"
S. Santesson, RFC 4680, September 2006
http://tools.ietf.org/html/rfc4680
[RFC5878] "TLS Authorization Extension"
M. Brown, R. Housley, RFC 5878, May 2010
http://tools.ietf.org/html/rfc5878
[RFC5746] "TLS Renegotiation Indication Extension"
E. Rescorla, M. Raym, S. Dispensa, N. Oskov
RFC 5746, February 2010
http://tools.ietf.org/html/rfc5746
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
