Re: [Openvpn-devel] Unable to use -OFB or -CFB ciphers in OpenVPN

2009-06-01 Thread dave 
> -Original Message-
> From: Victor Wagner [mailto:vi...@wagner.pp.ru] 
...
> > 
> > The OFB and CFB cipher modes in OpenVPN have not been 
> well-tested and 
> > should be considered experimental at this point.
>   
> 
> > They are not compiled by default mostly to prevent someone from 
> > accidentally using them.
> 
> Okay, you see there is some demand for this cipher.
> 
> Can anybody explain why such strange design decision is taken.
> 
> As far as I know cryptography theory, there is absolutely no reason to
> prefer CBC to CFB or CNT.
...

I would suspect that the exclusion is due to:

A)  in CFB/OFB/CNT, the encrypted stream is byte-bounded, as opposed to
block-bounded.  There may be some assumptions in the code that assume
the cipher text is a multiple of block lengths.  As such, it is...

B)  not thoroughly tested, and the choice was made to not release it
without such testing.

I'm curious as to why you want this support specifically, since these
modes aren't really faster than CBC.  Are you concerned about the
padding?

-dave

Re: [Openvpn-devel] Unable to use -OFB or -CFB ciphers in OpenVPN

2009-06-01 Thread dave 
> -Original Message-
> From: 'Victor Wagner' [mailto:vi...@wagner.pp.ru] 
...
> As far as I can see, openvpn can be thoroughly tested in automated
> fashion. I have some test farm with half a hundred various 
> OSes (Linux,
> Windows, Solaris, FreeBSD on several architectures), and planning to 
> do some openvpn testing for this platform anyway. 
> 
> If people would suggest me which things to test, I'll try to implement
> it in the automated test environment.
> 
> 
> > I'm curious as to why you want this support specifically, 
> since these
> > modes aren't really faster than CBC.  Are you concerned about the
> > padding?
> 
> I've stated it clearly. There is no CBC in the Russian 
> National Standard
> for symmetric ciphers. CFB is standartized, CNT is 
> standartized, CBC is
> not. So, if I want my VPNs to be considered secure by goverment
> certification authorites, I have to use CFB or CNT.

Gotcha; sorry for asking a redundant question.  I'm not familiar with
the automated test system, but possibly if you ran that then the devs
would accept the results and enable those ciphers.

Barring admission of the enablement into the official code base, would
it be a bad idea for you to build your version with the support of the
stream versions and use that?  Provided that  you  tests ran fine?

-dave

Re: [Openvpn-devel] Unable to use -OFB or -CFB ciphers in OpenVPN

2009-06-01 Thread 'Victor Wagner' 
On 2009.06.01 at 07:45:13 -0500, dave wrote:

> I would suspect that the exclusion is due to:
> 
> A)  in CFB/OFB/CNT, the encrypted stream is byte-bounded, as opposed to
> block-bounded.  There may be some assumptions in the code that assume
> the cipher text is a multiple of block lengths.  As such, it is...

It is valid argument. Is there some quick way to find out suspicious
places in the code? Some amount of false positives is Ok.

> B)  not thoroughly tested, and the choice was made to not release it
> without such testing.

As far as I can see, openvpn can be thoroughly tested in automated
fashion. I have some test farm with half a hundred various OSes (Linux,
Windows, Solaris, FreeBSD on several architectures), and planning to 
do some openvpn testing for this platform anyway. 

If people would suggest me which things to test, I'll try to implement
it in the automated test environment.


> I'm curious as to why you want this support specifically, since these
> modes aren't really faster than CBC.  Are you concerned about the
> padding?

I've stated it clearly. There is no CBC in the Russian National Standard
for symmetric ciphers. CFB is standartized, CNT is standartized, CBC is
not. So, if I want my VPNs to be considered secure by goverment
certification authorites, I have to use CFB or CNT.



> 
> -dave
>

Re: [Openvpn-devel] Unable to use -OFB or -CFB ciphers in OpenVPN

2009-06-01 Thread Victor Wagner 
On 2009.05.30 at 04:38:41 -0600, James Yonan wrote:

> 
> The OFB and CFB cipher modes in OpenVPN have not been well-tested and 
> should be considered experimental at this point.


> They are not compiled by default mostly to prevent someone from 
> accidentally using them.

Okay, you see there is some demand for this cipher.

Can anybody explain why such strange design decision is taken.

As far as I know cryptography theory, there is absolutely no reason to
prefer CBC to CFB or CNT.

Re: [Openvpn-devel] Unable to use -OFB or -CFB ciphers in OpenVPN

2009-05-30 Thread James Yonan 

Victor Wagner wrote:

On 2009.05.27 at 10:48:30 -0700, Frank Yellin wrote:


   I posted the following onto the OpenVPN forum, but it was suggested
   that I would be better off mailing directly to this list.
   =
   I seem to have found a bug in 2.1_rc16 that is also apparent in earlier
   versions. Although OpenVPN claims to support -CFB and -OFB cipher
   modes, using them seems to cause OpenVPN to crash consistently.

   For example, when I run the simple TLS example on the 2.1 documentation
   page, it works fine.  But if I add "--cipher bf-cfb" to both the client
   and server command lines, one or the other will crash. The error
   message is always "Assertion failed at crypto.c:162". The crasher is
   always the first one to try and send an encrypted message.


I've reported this problem more than a year ago, but nothing changed.
I really don't understand why openvpn prefers CBC modes. There is
nothing wrong with CFB and OFB neither from securith nor from
performance point of view.

But it is not only problem with non-CBC ciphers. If you try to use
preshared keys, you'll find out that they are explicitely disabled
unless --test-crypto option is given, even if your compile with 
-DALLOW_NON_CBC_CIPHERS.


Also, I've encountered some problems with UDP transport and stream
ciphers which I haven't find time to debug yet.



The OFB and CFB cipher modes in OpenVPN have not been well-tested and 
should be considered experimental at this point.


They are not compiled by default mostly to prevent someone from 
accidentally using them.


James

Re: [Openvpn-devel] Unable to use -OFB or -CFB ciphers in OpenVPN

2009-05-29 Thread Frank Yellin 
A simpler way to see the crypto bug. . . .

$ openvpn --secret static.key --test-crypto
 
Fri May 29 10:56:58 2009 OpenVPN crypto self-test mode SUCCEEDED.

$ openvpn --secret static.key --test-crypto --cipher bf-ofb
Fri May 29 11:12:07 2009 OpenVPN 2.1_rc15 mipsel-unknown-linux-gnu [SSL]
[LZO2] built on May  2 2009
Fri May 29 11:12:07 2009 OpenVPN 2.1_rc15 mipsel-unknown-linux-gnu [SSL]
[LZO2] built on May  2 2009
Fri May 29 11:12:07 2009 Entering OpenVPN crypto self-test mode.
Fri May 29 11:12:07 2009 TESTING ENCRYPT/DECRYPT of packet length=1
Fri May 29 11:12:07 2009 Assertion failed at crypto.c:162
Fri May 29 11:12:07 2009 Exiting

I'd like someone who understands this code to confirm that the ASSERT is
incorrect.

(I'll also point out the minor bug of the header being printed out twice!)

Re: [Openvpn-devel] Unable to use -OFB or -CFB ciphers in OpenVPN

2009-05-28 Thread Victor Wagner 
On 2009.05.27 at 23:17:39 -0700, Frank Yellin wrote:

>[Just to you, not the list.]
>I figured that someone had to have noticed this problem before.  But
>when I googled "OpenVPN BF-OFB"  or  "OpenVPN BF-CFB", I couldn't find
>anything.

Of course you haven't find anything about Blowfish cipher. 
If you ask about GOST 28147-89, you might be more lucky.

Really, mentioned GOST (Russian State Standard) doesn't specify CBC mode
at all. It specifies CNT (gammirovanie) and CFB (gammirovanie s obrantoy
sv'az'u).  RFC 4357 does add CBC mode for GOST, but RFC is just "request
for comments", and if I want to deploy OpenVPN in some Russian goverment
organization, they would ask for national standard ciphers, not for RFC
compliant. So, gost-cbc wasn't added to OpenSSL 1.0 while CFB (named
gost89) and gost-cnt were.

So, when adding GOST support into OpenVPN (really, that means support
for GOST ciphers and TLS ciphersuides, if underlying OpenSSL supports them)
I have to use CFB.


>This bug is particularly strange because just before the bug, there is
>code that's supposed to deal with -CFB and -OFB mode.  But then it
>doesn't do anything.  It almost feels like this code was never tested.

It seems so. We haven't yet investigated all problems we encountered
with openvpn + gost CFB. Some of our problems was rather related with
oldish TUN driver for Solaris (which are hopefully solved). And we have
a lot of other OpenSSL-based applications besides OpenVPN to test.

>I didn't have any trouble with my brief tests using BF-CFB over UDP,

I'll note it. May be we should add this cipher into our test suite to
isolate CFB-related problem from problems with dynamically loadable
engines (GOST is implemented as engine) and problems with non-HMAC macs
(which required a lot more patching than CFB, because at the time
OpenVPN was designed, OpenSSL has no support form non-hmac MACs)

>once I deleted the offending line.  But I wasn't trying anything
>difficult.  Mainly just making sure the connection was there and that
>it didn't die.

We typically do following:

1. Start the connection
2. Download some file from peer via HTTP (using wget)
3. Download another, bigger file, to be sure that key renegotiation
occur.

Re: [Openvpn-devel] Unable to use -OFB or -CFB ciphers in OpenVPN

2009-05-28 Thread Frank Yellin 
[Just to you, not the list.]

I figured that someone had to have noticed this problem before.  But when I
googled "OpenVPN BF-OFB"  or  "OpenVPN BF-CFB", I couldn't find anything.

This bug is particularly strange because just before the bug, there is code
that's supposed to deal with -CFB and -OFB mode.  But then it doesn't do
anything.  It almost feels like this code was never tested.

I didn't have any trouble with my brief tests using BF-CFB over UDP, once I
deleted the offending line.  But I wasn't trying anything difficult.  Mainly
just making sure the connection was there and that it didn't die.



On Wed, May 27, 2009 at 10:54 PM, Victor Wagner  wrote:

> On 2009.05.27 at 10:48:30 -0700, Frank Yellin wrote:
>
> >I posted the following onto the OpenVPN forum, but it was suggested
> >that I would be better off mailing directly to this list.
> >=
> >I seem to have found a bug in 2.1_rc16 that is also apparent in
> earlier
> >versions. Although OpenVPN claims to support -CFB and -OFB cipher
> >modes, using them seems to cause OpenVPN to crash consistently.
> >
> >For example, when I run the simple TLS example on the 2.1
> documentation
> >page, it works fine.  But if I add "--cipher bf-cfb" to both the
> client
> >and server command lines, one or the other will crash. The error
> >message is always "Assertion failed at crypto.c:162". The crasher is
> >always the first one to try and send an encrypted message.
>
> I've reported this problem more than a year ago, but nothing changed.
> I really don't understand why openvpn prefers CBC modes. There is
> nothing wrong with CFB and OFB neither from securith nor from
> performance point of view.
>
> But it is not only problem with non-CBC ciphers. If you try to use
> preshared keys, you'll find out that they are explicitely disabled
> unless --test-crypto option is given, even if your compile with
> -DALLOW_NON_CBC_CIPHERS.
>
> Also, I've encountered some problems with UDP transport and stream
> ciphers which I haven't find time to debug yet.
>
>
>
>
>
> --
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals.
> Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>

Re: [Openvpn-devel] Unable to use -OFB or -CFB ciphers in OpenVPN

2009-05-28 Thread Victor Wagner 
On 2009.05.27 at 10:48:30 -0700, Frank Yellin wrote:

>I posted the following onto the OpenVPN forum, but it was suggested
>that I would be better off mailing directly to this list.
>=
>I seem to have found a bug in 2.1_rc16 that is also apparent in earlier
>versions. Although OpenVPN claims to support -CFB and -OFB cipher
>modes, using them seems to cause OpenVPN to crash consistently.
> 
>For example, when I run the simple TLS example on the 2.1 documentation
>page, it works fine.  But if I add "--cipher bf-cfb" to both the client
>and server command lines, one or the other will crash. The error
>message is always "Assertion failed at crypto.c:162". The crasher is
>always the first one to try and send an encrypted message.

I've reported this problem more than a year ago, but nothing changed.
I really don't understand why openvpn prefers CBC modes. There is
nothing wrong with CFB and OFB neither from securith nor from
performance point of view.

But it is not only problem with non-CBC ciphers. If you try to use
preshared keys, you'll find out that they are explicitely disabled
unless --test-crypto option is given, even if your compile with 
-DALLOW_NON_CBC_CIPHERS.

Also, I've encountered some problems with UDP transport and stream
ciphers which I haven't find time to debug yet.