To make sure i'm not completely confused; the current state of this
functionality as it exists in OpenVPN, it is possible to get keying info
out of a server connected to a client (via a shared object plugin).
However, there currently exists no way to use this information to move a
clients connection to a new server. Am I understanding properly?
...Now i'm wishing I'd spent more time working on my C skills in the past!
On Thu, Apr 28, 2016 at 12:57 PM, Gert Doering <g...@greenie.muc.de> wrote:
> Hi,
>
> On Thu, Apr 28, 2016 at 06:33:08PM +0200, Jan Just Keijser wrote:
> > On 28/04/16 17:24, Gert Doering wrote:
> > > On Thu, Apr 28, 2016 at 05:14:13PM +0200, Jan Just Keijser wrote:
> > >> And it's the "export keying material" patch that is needed to make
> that
> > >> work.
> > > That patch is in master, but I totally fail to see how you'd re-import
> > > the keying material in the destination openvpn process...
> > >
> > hmmm maybe I missed something there ;) what's the purpose of exporting
> > the keying material if you cannot import it? where would you import it
> > into? or is it simply that the "import" patch has not been written yet?
>
> As far as I understand, it's "to do magic for other things' use".
>
> Yes, quite so precisely :-)
>
> doc/keying-material-exporter.txt
>
> has somewhat more useful info, though...
>
> gert
> ---------------------------------
> OpenVPN Daniel Kubec <
> n...@rtfm.cz>
> RFC-5705 February
> 2015
>
>
> Added support for TLS Keying Material Exporters
>
> Keying Material Exporter [RFC-5705] allow additional keying material to be
> derived from existing TLS channel. This exported keying material can then
> be
> used for a variety of purposes. TLS allows client and server to establish
> keying material for use in the upper layers between the TLS end-points and
> channel bindings is straightforward and well-defined mechanism how to
> authenticate other layers.
>
>
> OpenVPN Configuration
>
> --keying-material-exporter label len
>
> Export Keying Material [RFC-5705] of len bytes (min. 16 bytes) using label
> in
> environment (exported_keying_material) for use by plugins in
> OPENVPN_PLUGIN_TLS_FINAL callback.
>
> Note that exporter labels have the potential to collide with existing PRF
> labels. In order to prevent this, labels MUST begin with "EXPORTER".
> (This option requires OpenSSL 1.0.1 or newer.)
>
>
> Use Cases:
>
> Secure bindings of AAA information to application layer
>
> OpenVPN Client <------> OpenVPN Server
> [KeyAgreement] [KeyAgreement]
>
> [TLSExportedKeyingMaterial] [TLSExportedKeyingMaterial]
> [AAASessionKey] [AAASessionKey]
> Client <------> Server
> [Authenticated layer on top of (D)TLS]
>
>
> TLS side channel authentication and straightforward bindings of AAA
> information
> to application layer using well-defined mechanism.
>
> OpenVPN Client <------> OpenVPN Server
> [KeyAgreement] [KeyAgreement]
>
> [TLSExportedKeyingMaterial] [TLSExportedKeyingMaterial]
> [DerivedAAABindingKey] [DerivedAAABindingKey]
> [AuthenticateBindingKeys]
> Client -------> Server
> [Confidental channel]
>
>
> TLS Message flow for a full handshake
>
> ClientHello -------->
> ServerHello
> Certificate*
> ServerKeyExchange*
> CertificateRequest*
> <-------- ServerHelloDone
> Certificate*
> ClientKeyExchange
> CertificateVerify*
> [ChangeCipherSpec]
> Finished -------->
> [ChangeCipherSpec]
> <-------- Finished
>
> GenerateTLSBindingKey GenerateTLSBindingKey
>
> Application Data <-------> Application Data
>
>
> Terminology
>
> AAA Authentication, Authorization, and Accounting:
> functions that are generally required to control
> access to a service and support auditing.
>
> Secure channel a packet, datagram, octet stream connection, or
> sequence of connections between two end-points
> that
> affords cryptographic integrity and
> confidentiality
> to data exchanged over it.
>
> Channel binding the process of establishing that no
> man-in-the-middle
> exists between two end-points that have been
> authenticated using secure channel.
>
> TLS Binding Key Exported Keying Material [RFC5705]
>
> If no context is provided, it then computes:
> PRF(SecurityParameters.master_secret, label,
> SecurityParameters.client_random +
> SecurityParameters.server_random
> )[length]
>
> If context is provided, it computes:
> PRF(SecurityParameters.master_secret, label,
> SecurityParameters.client_random +
> SecurityParameters.server_random +
> context_value_length + context_value
> )[length]
>
> AAA Binding Key TLS side channel authentication based on secure
> channel bindings requires one more key
> derivation.
>
> SHA1(TLSExportedKeyingMaterial +
> ServerPublicKey)
>
> Reference
>
> [OPENAAA] "TLS side channel authentication and
> straightforward
> bindings of AAA information to application
> layer using well-defined mechanism."
> Daniel Kubec <n...@rtfm.cz> March
> 2013
> https://github.com/n13l/openaaa
>
> [RFC5705] "Keying Material Exporters for TLS"
> E. Rescorla, RFC 5705 March 2010
> http://tools.ietf.org/html/rfc5705
>
> [RFC5929] "Channel Bindings for TLS"
> J. Altman, N. Williams, L. Zhu, RFC 5929, July
> 2010
> http://tools.ietf.org/html/rfc5929
>
> [RFC4680] "TLS Handshake Message for Supplemental Data"
> S. Santesson, RFC 4680, September 2006
> http://tools.ietf.org/html/rfc4680
>
> [RFC5878] "TLS Authorization Extension"
> M. Brown, R. Housley, RFC 5878, May 2010
> http://tools.ietf.org/html/rfc5878
>
> [RFC5746] "TLS Renegotiation Indication Extension"
> E. Rescorla, M. Raym, S. Dispensa, N. Oskov
> RFC 5746, February 2010
> http://tools.ietf.org/html/rfc5746
> --
> USENET is *not* the non-clickable part of WWW!
> //
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> fax: +49-89-35655025
> g...@net.informatik.tu-muenchen.de
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications
> Manager
> Applications Manager provides deep performance insights into multiple
> tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
>
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
