Opened 9 months ago

Last modified 7 weeks ago

#1024 assigned Bug / Defect

iOS: ECDSA doesn't work when imported as PKCS#12 (.ovpn12 file)

Reported by: GainfulShrimp Owned by: yuriy
Priority: major Milestone:
Component: OpenVPN Connect Version: OpenVPN Connect for iOS v1.2.8
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

I was excited to see in the App Store release notes for OpenVPN Connect 1.2.8 that ECDSA was now supported, but it's not working for me.

An error is flagged up immediately when I try to connect.

This line in the log seems especially relevant, as - to me anyway - it seems to suggest that RSA is being used, when it shouldn't be:

2018-02-20 07:35:20 Client exception in transport_recv_excode: mbed TLS: SSL read error : RSA - Bad input parameters to function

Here is the log from OpenVPN Connect:

2018-02-20 07:35:20 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Feb  7 2018 17:16:12
2018-02-20 07:35:20 Keychain Cert Extraction: 1 certificate(s) found
2018-02-20 07:35:20 Frame=512/2048/512 mssfix-ctrl=1250
2018-02-20 07:35:20 UNUSED OPTIONS
3 [fast-io] 
5 [nobind] 
6 [persist-key] 
7 [persist-tun] 
9 [mute-replay-warnings] 
13 [verb] [1] 
14 [mute] [20] 

2018-02-20 07:35:20 EVENT: RESOLVE
2018-02-20 07:35:20 Contacting [xxx.xxx.xxx.xxx]:3232/UDP via UDP
2018-02-20 07:35:20 EVENT: WAIT
2018-02-20 07:35:20 Connecting to [myFQDN]:3232 (xxx.xxx.xxx.xxx) via UDPv4
2018-02-20 07:35:20 EVENT: CONNECTING
2018-02-20 07:35:20 Tunnel Options:V4,dev-type tun,link-mtu 1521,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth SHA1,keysize 128,key-method 2,tls-client
2018-02-20 07:35:20 Creds: UsernameEmpty/PasswordEmpty
2018-02-20 07:35:20 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.8-1
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_IPv6=0
IV_AUTO_SESS=1

2018-02-20 07:35:20 VERIFY OK : depth=1
cert. version    : 3
serial number    : D1:C4:F4:07:45:E9:73:B1
issuer name      : CN=CAECC
subject name      : CN=CAECC
issued  on        : 2018-01-30 13:21:21
expires on        : 2028-01-28 13:21:21
signed using      : ECDSA with SHA256
EC key size      : 256 bits
basic constraints : CA=true
key usage        : Key Cert Sign, CRL Sign

2018-02-20 07:35:20 VERIFY OK : depth=0
cert. version    : 3
serial number    : CB:E0:CD:5B:F2:DD:0F:A2:3E:61:92:26:99:6A:FA:14
issuer name      : CN=CAECC
subject name      : CN=server-ecc
issued  on        : 2018-01-30 13:22:09
expires on        : 2028-01-28 13:22:09
signed using      : ECDSA with SHA256
EC key size      : 256 bits
basic constraints : CA=false
subject alt name  : server-ecc
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2018-02-20 07:35:20 EVENT: EPKI_ERROR 69646e74000000000000002a : external_pki_error: cannot sign data, status=-50 [ERR]
2018-02-20 07:35:20 Raw stats on disconnect:
  BYTES_IN : 1426
  BYTES_OUT : 378
  PACKETS_IN : 4
  PACKETS_OUT : 3
2018-02-20 07:35:20 Performance stats on disconnect:
  CPU usage (microseconds): 125213
  Network bytes per CPU second: 14407
  Tunnel bytes per CPU second: 0
2018-02-20 07:35:20 MbedTLSContext::epki_sign: ssl_external_pki: MbedTLS: could not obtain signature
2018-02-20 07:35:20 Client exception in transport_recv_excode: mbed TLS: SSL read error : RSA - Bad input parameters to function
2018-02-20 07:35:20 EVENT: DISCONNECTED
2018-02-20 07:35:20 Raw stats on disconnect:
  BYTES_IN : 1426
  BYTES_OUT : 378
  PACKETS_IN : 4
  PACKETS_OUT : 3
  SSL_ERROR : 1
  EPKI_SIGN_ERROR : 1
2018-02-20 07:35:20 Performance stats on disconnect:
  CPU usage (microseconds): 126728
  Network bytes per CPU second: 14235
  Tunnel bytes per CPU second: 0

Server, running on Raspbian Stretch Lite (on a Pi3) is version:

OpenVPN 2.4.4 armv7l-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 15 2018
library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.09
Originally developed by James Yonan
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

Server config:

dev tun1
proto udp
port 3232
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
fast-io
ca /etc/openvpn/ecckeys/ca.crt
cert /etc/openvpn/ecckeys/server-ecc.crt
key /etc/openvpn/ecckeys/server-ecc.key
dh none
topology subnet
server 10.188.0.0 255.255.255.0
push "route 10.188.0.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
push "dhcp-option DNS 192.168.2.1"
push "redirect-gateway def1"
client-to-client
keepalive 10 60
tls-crypt /etc/openvpn/ecckeys/tc.key
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
tls-version-min 1.2

Client (iPhone X) config:

client
dev tun
proto udp
fast-io
remote myFQDN 3232
nobind
persist-key
persist-tun
reneg-sec 0
mute-replay-warnings
remote-cert-tls server
cipher AES-128-GCM
tls-version-min 1.2
verb 1
mute 20
<ca>
[blah blah]
</ca>
<tls-crypt>
[blah blah]
</tls-crypt>

Client cert and key are in a PKCS#12 file, with extension .ovpn12. Importing both profile/config and cert file seemed to go smoothly.

Using a similar client config (the same, but with inlined cert/key) and the exact same server, I can connect fine from a Linux client and a Macbook/Viscosity?.

Change History (18)

comment:1 Changed 9 months ago by GainfulShrimp

FYI, I tried to add a screenshot, but was told my submission was suspected to be spam. The error page said I needed to do the captcha, but there was no captcha shown. Meh.

comment:2 Changed 9 months ago by Antonio

Thanks for reporting.
Apparently the interaction with the iOS keychain is not liking your EC certificates.
Could you try embedding the key/certs in the .ovpn file and see if that works? (that will help us understanding if my statement is right).

comment:3 Changed 9 months ago by Antonio

Status: newaccepted
Summary: iOS 1.2.8: ECDSA doesn't workiOS: ECDSA doesn't work
Version: OpenVPN Connect for iOS v1.2.8

comment:4 in reply to:  2 Changed 9 months ago by GainfulShrimp

Replying to ordex:

Could you try embedding the key/certs in the .ovpn file and see if that works? (that will help us understanding if my statement is right).

Thanks for getting back to me so quickly @ordex! :)

I've tried including the cert and 3DES-encrypted private key in the .ovpn just now. The profile imported OK and showed up as "Autologin profile", but when I try to connect I immediately get a "Bad private key password". This is not surprising, as I was given no opportunity to enter my private key password, neither during profile import or when I attempt to connect.

Could you advise how I enter my password please? Or do I really need to inline my plaintext private key? (That doesn't feel right to me..?)

comment:5 Changed 9 months ago by Antonio

weird, if a key starts with
-----BEGIN ENCRYPTED PRIVATE KEY-----
it should be detected as being an encrypted key and a textbox should appear. Is this the case for your key?

Last edited 9 months ago by Antonio (previous) (diff)

comment:6 in reply to:  5 Changed 9 months ago by GainfulShrimp

No, my key looks very similar to this:

-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,258248872DB25390

JIzhns0nRb+pj6RONAijJli8Rhu2bIrw8D+ruHEWL1IEH6Q5tvzqAI2PDYXbSzCn
24JPWx9khmTu6ijerANNYYk0p2Pjxr12MAYpqgtXbRrXLF4AIomzYWq16BH7Y63o
zvqWMBJO6tQ5RHPLM2FmweyPB/XSL7KvLTe+g6pz/W9wf52CyQ/VeK+yBXqEi7QF
0f9EKRlePRLAUcQPD4nkckcywX6Nz+TW/SOKt38YytM9MyQsAfcxu7u0nl/dLylk
n57qUm3nk0z0moYJbfLx59eP0/go8VjeP2fRKkgz1DOM7VkmtPrC7vnyRpKsnP2S
6n6uacerkNXTmUcz7mTCGGfrsBeACJeX1gwinDZVwkzDxNKhLXOlFFAMWE+SeiFp
kDny2v3D8sU=
-----END EC PRIVATE KEY-----

That's not my actual key btw - it's the example I cut and pasted from the OpenSSL wiki page about EC keys.

Do you think it's worth trying converting my key to (encrypted) PKCS8 format, as mentioned on the above OpenSSL wiki page?

comment:7 Changed 9 months ago by Antonio

Yes, please.

The format you used is not supported by the UI, so it can't recognize that it is an encrypted key (this should be added to the FAQ).

The PKCS#8 format should work fine.
Just don't use PKCS#5 v2.0 (which is activated by -v2) or, if you do, ensure you use SHA1 as PRF (specified by -v2prf), otherwise you'll hit a compatibility problem that is currently work in progress :-)

comment:8 in reply to:  7 Changed 9 months ago by GainfulShrimp

Replying to ordex:

The PKCS#8 format should work fine.
Just don't use PKCS#5 v2.0 (which is activated by -v2) or, if you do, ensure you use SHA1 as PRF (specified by -v2prf), otherwise you'll hit a compatibility problem that is currently work in progress :-)

I think I might be hitting this problem, as when I imported my new profile I got the prompt to enter (and save) my password. But when I entered my password, I got this error:

OpenVPN error : mbed TLS: error parsing config private key : PKCS5 - Requested encryption or digest alg not available

Could you please confirm the openssl command that I need to create the encrypted EC key in a format understood by the app?

Here's what I tried:

openssl pkcs8 -topk8 -in matt-iphone-ecc.key -out matt-iphone-ecc-p8.key

(I'm using "OpenSSL 1.1.0g 2 Nov 2017".)

comment:9 Changed 9 months ago by Antonio

yeah, OpenSSL 1.1. uses PKCS#5 v2.0 by default. Can you try adding this argument to the command?
-v1 PBE-SHA1-3DES

or, if you want to stick to PKCS#5v2.0, you can specify the following:
-v2 aes-256-cbc -v2prf hmacWithSHA1

FYI, a fix for this issue has recently been merged in mbedTLS, therefore it should relatively soon land into OpenVPN Connect too.

Last edited 9 months ago by Antonio (previous) (diff)

comment:10 Changed 9 months ago by Antonio

Summary: iOS: ECDSA doesn't workiOS: ECDSA doesn't work when imported as PKCS#12 (.ovpn12 file)

comment:11 in reply to:  9 Changed 9 months ago by GainfulShrimp

Replying to ordex:

yeah, OpenSSL 1.1. uses PKCS#5 v2.0 by default. Can you try adding this argument to the command?
-v1 PBE-SHA1-3DES

or, if you want to stick to PKCS#5v2.0, you can specify the following:
-v2 aes-256-cbc -v2prf hmacWithSHA1

FYI, a fix for this issue has recently been merged in mbedTLS, therefore it should relatively soon land into OpenVPN Connect too.

Thanks very much. Which of the above two methods gives better security do you think (assuming there's a difference)?

Anyway, I used this command to rewrap my private EC key to test:

openssl pkcs8 -topk8 -in matt-iphone-ecc.key -out matt-iphone-ecc-p8v1.key -v1 PBE-SHA1-3DES

The new .ovpn including my PKCS#5v1 format EC private key works just fine (after entering my password) and seemed to connect very quickly! :D

So yes, I think you're right that it's "EC key within PKCS#12/.ovpn12 file" which is the problem, not ECDSA per se.

comment:12 Changed 9 months ago by Antonio

Glad to hear that!

Honestly I believe using PKCS#5v2.0 might be "safer" as you can force AES instead of 3DES, but I don't think this really makes a big difference.

Last edited 9 months ago by Antonio (previous) (diff)

comment:13 in reply to:  12 Changed 9 months ago by GainfulShrimp

Replying to ordex:

Honestly I believe using PKCS#5v2.0 might be "safer" as you can force AES instead of 3DES, but I don't think this really makes a big difference.

OK thanks. As an experiment, I tried making a new .ovpn12 file using my new-format encrypted EC key - i.e. the one that works when it's inlined in the .ovpn profile - rather than the 3DES encrypted version I used first time. I got a similar error as in my log above.

Unfortunately, the 'Autologin profile' with everything inlined doesn't work via Settings > VPN (both of my other, external cert profiles work just fine via either the app or the iOS Settings > VPN routes). Ah well.

Hopefully you'll soon find a fix for using external/PKCS#12 keys/certs and ECDSA. :)

comment:14 Changed 9 months ago by Antonio

Yeah, that's expected given what we discovered, because when importing as ovpn12 is not the format that is creating the issue, but the request for a EC signature (instead of RSA).

Last edited 9 months ago by Antonio (previous) (diff)

comment:15 Changed 9 months ago by Morac

I'm running into the same problem with an external EC certificate. Unified .ovpn works fine. Does the work around posted in comment 10 do anything for the external EC certificate or is that just a bug that requires waiting for a fix?

comment:16 Changed 9 months ago by Antonio

the instructions in comment9 are unrelated. EC certificates in the external PKI are not supported at the moment, so this needs to be addressed by a new release.

comment:17 Changed 7 weeks ago by Morac

Any updates on this? There have been a number of updates since this bug was filed.

comment:18 Changed 7 weeks ago by Antonio

Owner: changed from Antonio to yuriy
Status: acceptedassigned

not yet. unfortunately more pressing issues are taking higher priority

Note: See TracTickets for help on using tickets.