From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH v2] OpenVPN: Introduce new AES-GCM cipher for N2N and RW
Date: Wed, 14 Feb 2018 20:23:51 +0000
Message-ID: <1518639831.15001.12.camel@ipfire.org>
In-Reply-To: <1518635493.12017.9.camel@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0464852741639884715=="
List-Id: <development.lists.ipfire.org>

--===============0464852741639884715==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi,

On Wed, 2018-02-14 at 20:11 +0100, ummeegge wrote:
> As a version 3 idea,
> or might it be possibly a better idea to delete the '--auth *' directive in
> N2N.conf
> if AES-GCM has been chosen ? i think it might also be better to integrate
> '--tls-crypt' --> https://www.mail-archive.com/openvpn-
> devel(a)lists.sourceforge.net/msg12357.html=20

I do not get any of those arguments in that email. I find that highly useless
for a legitimate use of VPNs.

> instead of '--tls-auth' to N2N connections which uses a static AES-256-CTR
> whereby
> a HMAC can not be selected ?

The counter mode does not provide authentication like GCM does.

>=20
> But also it might be time to delete SHA1 complete from Net-to-Net HMAC
> selection since this won=C2=B4t harm old connections but brings a little
> more security per default ?

SHA1 is fine when used as a HMAC. Even MD5 is considered secure in that conte=
xt.

> Sorry for the back and forth but the way is the goal :D .
>=20
> Some feedback might be nevertheless nice and important.
>=20
> Greetings,
>=20
> Erik
>=20
>=20
> Am Mittwoch, den 14.02.2018, 15:40 +0100 schrieb Erik Kapfer:
> > AES-GCM 128, 196 and 256 bit has been added to Net-to-Net and
> > Roadwarrior section.
> >=20
> > Cipher menu description has been changed for N2N and RW since AES-GCM=20
> > uses own authentication encryption (GMAC).
> >     More information can be found in here https://tools.ietf.org/html
> > /rfc5288 .
> > Added java script snipped to disable HMAC selection for N2N if AES-
> > GCM has been selected.
> >     'auth *' line in N2N.conf won=C2=B4t be deleted even if AES-GCM is
> > used so possible individual '--tls-auth' configurations won=C2=B4t broke.
> >     'auth *' line in N2N.conf will also be ignored if AES-GCM is used
> > and no '--tls-auth' are configured.
> > Left HMAC selection menu for Roadwarriors as it was since the WUI do
> > provides '--tls-auth' which uses the configuered HMAC even AES-GCM
> > has been applied.
> >=20
> > Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
> > ---
> >  html/cgi-bin/ovpnmain.cgi | 32 ++++++++++++++++++++++++++++++--
> >  1 file changed, 30 insertions(+), 2 deletions(-)
> >=20
> > diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
> > index 9f5e682..0a18ec7 100644
> > --- a/html/cgi-bin/ovpnmain.cgi
> > +++ b/html/cgi-bin/ovpnmain.cgi
> > @@ -4543,6 +4543,9 @@ if ($cgiparams{'TYPE'} eq 'net') {
> >      }
> >      $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} =3D
> > 'checked=3D\'checked\'';
> > =20
> > +    $selected{'DCIPHER'}{'AES-256-GCM'} =3D '';
> > +    $selected{'DCIPHER'}{'AES-192-GCM'} =3D '';
> > +    $selected{'DCIPHER'}{'AES-128-GCM'} =3D '';
> >      $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} =3D '';
> >      $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} =3D '';
> >      $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} =3D '';
> > @@ -4706,7 +4709,10 @@ if ($cgiparams{'TYPE'} eq 'net') {
> >  	</tr>
> > =20
> >  	<tr><td class=3D'boldbase'>$Lang::tr{'cipher'}</td>
> > -		<td><select name=3D'DCIPHER'>
> > +		<td><select name=3D'DCIPHER'  id=3D"n2ncipher" required>
> > +				<option value=3D'AES-256-GCM'	=09
> > $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})
> > with SHA384</option>
> > +				<option value=3D'AES-192-GCM'	=09
> > $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})
> > with SHA256</option>
> > +				<option value=3D'AES-128-GCM'	=09
> > $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})
> > with SHA256</option>
> >  				<option value=3D'CAMELLIA-256-CBC'=09
> > $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256
> > $Lang::tr{'bit'})</option>
> >  				<option value=3D'CAMELLIA-192-CBC'=09
> > $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192
> > $Lang::tr{'bit'})</option>
> >  				<option value=3D'CAMELLIA-128-CBC'=09
> > $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128
> > $Lang::tr{'bit'})</option>
> > @@ -4723,7 +4729,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
> >  		</td>
> > =20
> >  		<td class=3D'boldbase'>$Lang::tr{'ovpn ha'}:</td>
> > -		<td><select name=3D'DAUTH'>
> > +		<td><select name=3D'DAUTH' id=3D"n2nhmac">
> >  				<option value=3D'whirlpool'	=09
> > $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512
> > $Lang::tr{'bit'})</option>
> >  				<option value=3D'SHA512'	=09
> > 	$selected{'DAUTH'}{'SHA512'}>SHA2 (512
> > $Lang::tr{'bit'})</option>
> >  				<option value=3D'SHA384'	=09
> > 	$selected{'DAUTH'}{'SHA384'}>SHA2 (384
> > $Lang::tr{'bit'})</option>
> > @@ -4737,6 +4743,22 @@ if ($cgiparams{'TYPE'} eq 'net') {
> >  END
> >  ;
> >  	}
> > +
> > +#### JAVA SCRIPT ####
> > +# Validate N2N cipher. If GCM is used, disable HMAC menu
> > +print<<END;
> > +	<script>
> > +		var disable_options =3D false;
> > +		document.getElementById('n2ncipher').onchange =3D
> > function () {
> > +			if((this.value =3D=3D "AES-256-GCM"||this.value
> > =3D=3D "AES-192-GCM"||this.value =3D=3D "AES-128-GCM")) {
> > +				document.getElementById('n2nhmac').s
> > etAttribute('disabled', true);
> > +			} else {
> > +				document.getElementById('n2nhmac').r
> > emoveAttribute('disabled');
> > +			}
> > +		}
> > +	</script>
> > +END
> > +
> >  #jumper
> >  	print "<tr><td class=3D'boldbase'>$Lang::tr{'remark
> > title'}</td>";
> >  	print "<td colspan=3D'3'><input type=3D'text' name=3D'REMARK'
> > value=3D'$cgiparams{'REMARK'}' size=3D'55' maxlength=3D'50'
> > /></td></tr></table>";
> > @@ -5108,6 +5130,9 @@ END
> >      $selected{'DPROTOCOL'}{'tcp'} =3D '';
> >      $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} =3D 'SELECTED';
> > =20
> > +    $selected{'DCIPHER'}{'AES-256-GCM'} =3D '';
> > +    $selected{'DCIPHER'}{'AES-192-GCM'} =3D '';
> > +    $selected{'DCIPHER'}{'AES-128-GCM'} =3D '';
> >      $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} =3D '';
> >      $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} =3D '';
> >      $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} =3D '';
> > @@ -5204,6 +5229,9 @@ END
> > =20
> >  		<td class=3D'boldbase'
> > nowrap=3D'nowrap'>$Lang::tr{'cipher'}</td>
> >  		<td><select name=3D'DCIPHER'>
> > +				<option value=3D'AES-256-GCM'
> > $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})
> > with SHA384</option>
> > +				<option value=3D'AES-192-GCM'
> > $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})
> > with SHA256</option>
> > +				<option value=3D'AES-128-GCM'
> > $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})
> > with SHA256</option>
> >  				<option value=3D'CAMELLIA-256-CBC'
> > $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256
> > $Lang::tr{'bit'})</option>
> >  				<option value=3D'CAMELLIA-192-CBC'
> > $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192
> > $Lang::tr{'bit'})</option>
> >  				<option value=3D'CAMELLIA-128-CBC'
> > $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128
> > $Lang::tr{'bit'})</option>

--===============0464852741639884715==--