Opened 7 years ago

Closed 2 years ago

#1024 closed Bug / Defect (wontfix)

iOS: ECDSA doesn't work when imported as PKCS#12 (.ovpn12 file)

Reported by: GainfulShrimp Owned by: OpenVPN Inc.
Priority: major Milestone:
Component: OpenVPN Connect Version: OpenVPN Connect for iOS v1.2.8
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

I was excited to see in the App Store release notes for OpenVPN Connect 1.2.8 that ECDSA was now supported, but it's not working for me.

An error is flagged up immediately when I try to connect.

This line in the log seems especially relevant, as - to me anyway - it seems to suggest that RSA is being used, when it shouldn't be:

2018-02-20 07:35:20 Client exception in transport_recv_excode: mbed TLS: SSL read error : RSA - Bad input parameters to function

Here is the log from OpenVPN Connect:

2018-02-20 07:35:20 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Feb  7 2018 17:16:12
2018-02-20 07:35:20 Keychain Cert Extraction: 1 certificate(s) found
2018-02-20 07:35:20 Frame=512/2048/512 mssfix-ctrl=1250
2018-02-20 07:35:20 UNUSED OPTIONS
3 [fast-io] 
5 [nobind] 
6 [persist-key] 
7 [persist-tun] 
9 [mute-replay-warnings] 
13 [verb] [1] 
14 [mute] [20] 

2018-02-20 07:35:20 EVENT: RESOLVE
2018-02-20 07:35:20 Contacting [xxx.xxx.xxx.xxx]:3232/UDP via UDP
2018-02-20 07:35:20 EVENT: WAIT
2018-02-20 07:35:20 Connecting to [myFQDN]:3232 (xxx.xxx.xxx.xxx) via UDPv4
2018-02-20 07:35:20 EVENT: CONNECTING
2018-02-20 07:35:20 Tunnel Options:V4,dev-type tun,link-mtu 1521,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth SHA1,keysize 128,key-method 2,tls-client
2018-02-20 07:35:20 Creds: UsernameEmpty/PasswordEmpty
2018-02-20 07:35:20 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.8-1
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_IPv6=0
IV_AUTO_SESS=1

2018-02-20 07:35:20 VERIFY OK : depth=1
cert. version    : 3
serial number    : D1:C4:F4:07:45:E9:73:B1
issuer name      : CN=CAECC
subject name      : CN=CAECC
issued  on        : 2018-01-30 13:21:21
expires on        : 2028-01-28 13:21:21
signed using      : ECDSA with SHA256
EC key size      : 256 bits
basic constraints : CA=true
key usage        : Key Cert Sign, CRL Sign

2018-02-20 07:35:20 VERIFY OK : depth=0
cert. version    : 3
serial number    : CB:E0:CD:5B:F2:DD:0F:A2:3E:61:92:26:99:6A:FA:14
issuer name      : CN=CAECC
subject name      : CN=server-ecc
issued  on        : 2018-01-30 13:22:09
expires on        : 2028-01-28 13:22:09
signed using      : ECDSA with SHA256
EC key size      : 256 bits
basic constraints : CA=false
subject alt name  : server-ecc
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2018-02-20 07:35:20 EVENT: EPKI_ERROR 69646e74000000000000002a : external_pki_error: cannot sign data, status=-50 [ERR]
2018-02-20 07:35:20 Raw stats on disconnect:
  BYTES_IN : 1426
  BYTES_OUT : 378
  PACKETS_IN : 4
  PACKETS_OUT : 3
2018-02-20 07:35:20 Performance stats on disconnect:
  CPU usage (microseconds): 125213
  Network bytes per CPU second: 14407
  Tunnel bytes per CPU second: 0
2018-02-20 07:35:20 MbedTLSContext::epki_sign: ssl_external_pki: MbedTLS: could not obtain signature
2018-02-20 07:35:20 Client exception in transport_recv_excode: mbed TLS: SSL read error : RSA - Bad input parameters to function
2018-02-20 07:35:20 EVENT: DISCONNECTED
2018-02-20 07:35:20 Raw stats on disconnect:
  BYTES_IN : 1426
  BYTES_OUT : 378
  PACKETS_IN : 4
  PACKETS_OUT : 3
  SSL_ERROR : 1
  EPKI_SIGN_ERROR : 1
2018-02-20 07:35:20 Performance stats on disconnect:
  CPU usage (microseconds): 126728
  Network bytes per CPU second: 14235
  Tunnel bytes per CPU second: 0

Server, running on Raspbian Stretch Lite (on a Pi3) is version:

OpenVPN 2.4.4 armv7l-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 15 2018
library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.09
Originally developed by James Yonan
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

Server config:

dev tun1
proto udp
port 3232
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
fast-io
ca /etc/openvpn/ecckeys/ca.crt
cert /etc/openvpn/ecckeys/server-ecc.crt
key /etc/openvpn/ecckeys/server-ecc.key
dh none
topology subnet
server 10.188.0.0 255.255.255.0
push "route 10.188.0.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
push "dhcp-option DNS 192.168.2.1"
push "redirect-gateway def1"
client-to-client
keepalive 10 60
tls-crypt /etc/openvpn/ecckeys/tc.key
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
tls-version-min 1.2

Client (iPhone X) config:

client
dev tun
proto udp
fast-io
remote myFQDN 3232
nobind
persist-key
persist-tun
reneg-sec 0
mute-replay-warnings
remote-cert-tls server
cipher AES-128-GCM
tls-version-min 1.2
verb 1
mute 20
<ca>
[blah blah]
</ca>
<tls-crypt>
[blah blah]
</tls-crypt>

Client cert and key are in a PKCS#12 file, with extension .ovpn12. Importing both profile/config and cert file seemed to go smoothly.

Using a similar client config (the same, but with inlined cert/key) and the exact same server, I can connect fine from a Linux client and a Macbook/Viscosity?.

Change History (22)

comment:1 Changed 7 years ago by GainfulShrimp

FYI, I tried to add a screenshot, but was told my submission was suspected to be spam. The error page said I needed to do the captcha, but there was no captcha shown. Meh.

comment:2 Changed 7 years ago by Antonio Quartulli

Thanks for reporting.
Apparently the interaction with the iOS keychain is not liking your EC certificates.
Could you try embedding the key/certs in the .ovpn file and see if that works? (that will help us understanding if my statement is right).

comment:3 Changed 7 years ago by Antonio Quartulli

Status: newaccepted
Summary: iOS 1.2.8: ECDSA doesn't workiOS: ECDSA doesn't work
Version: OpenVPN Connect for iOS v1.2.8

comment:4 in reply to:  2 Changed 7 years ago by GainfulShrimp

Replying to ordex:

Could you try embedding the key/certs in the .ovpn file and see if that works? (that will help us understanding if my statement is right).

Thanks for getting back to me so quickly @ordex! :)

I've tried including the cert and 3DES-encrypted private key in the .ovpn just now. The profile imported OK and showed up as "Autologin profile", but when I try to connect I immediately get a "Bad private key password". This is not surprising, as I was given no opportunity to enter my private key password, neither during profile import or when I attempt to connect.

Could you advise how I enter my password please? Or do I really need to inline my plaintext private key? (That doesn't feel right to me..?)

comment:5 Changed 7 years ago by Antonio Quartulli

weird, if a key starts with
-----BEGIN ENCRYPTED PRIVATE KEY-----
it should be detected as being an encrypted key and a textbox should appear. Is this the case for your key?

Last edited 7 years ago by Antonio Quartulli (previous) (diff)

comment:6 in reply to:  5 Changed 7 years ago by GainfulShrimp

No, my key looks very similar to this:

-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,258248872DB25390

JIzhns0nRb+pj6RONAijJli8Rhu2bIrw8D+ruHEWL1IEH6Q5tvzqAI2PDYXbSzCn
24JPWx9khmTu6ijerANNYYk0p2Pjxr12MAYpqgtXbRrXLF4AIomzYWq16BH7Y63o
zvqWMBJO6tQ5RHPLM2FmweyPB/XSL7KvLTe+g6pz/W9wf52CyQ/VeK+yBXqEi7QF
0f9EKRlePRLAUcQPD4nkckcywX6Nz+TW/SOKt38YytM9MyQsAfcxu7u0nl/dLylk
n57qUm3nk0z0moYJbfLx59eP0/go8VjeP2fRKkgz1DOM7VkmtPrC7vnyRpKsnP2S
6n6uacerkNXTmUcz7mTCGGfrsBeACJeX1gwinDZVwkzDxNKhLXOlFFAMWE+SeiFp
kDny2v3D8sU=
-----END EC PRIVATE KEY-----

That's not my actual key btw - it's the example I cut and pasted from the OpenSSL wiki page about EC keys.

Do you think it's worth trying converting my key to (encrypted) PKCS8 format, as mentioned on the above OpenSSL wiki page?

comment:7 Changed 7 years ago by Antonio Quartulli

Yes, please.

The format you used is not supported by the UI, so it can't recognize that it is an encrypted key (this should be added to the FAQ).

The PKCS#8 format should work fine.
Just don't use PKCS#5 v2.0 (which is activated by -v2) or, if you do, ensure you use SHA1 as PRF (specified by -v2prf), otherwise you'll hit a compatibility problem that is currently work in progress :-)

comment:8 in reply to:  7 Changed 7 years ago by GainfulShrimp

Replying to ordex:

The PKCS#8 format should work fine.
Just don't use PKCS#5 v2.0 (which is activated by -v2) or, if you do, ensure you use SHA1 as PRF (specified by -v2prf), otherwise you'll hit a compatibility problem that is currently work in progress :-)

I think I might be hitting this problem, as when I imported my new profile I got the prompt to enter (and save) my password. But when I entered my password, I got this error:

OpenVPN error : mbed TLS: error parsing config private key : PKCS5 - Requested encryption or digest alg not available

Could you please confirm the openssl command that I need to create the encrypted EC key in a format understood by the app?

Here's what I tried:

openssl pkcs8 -topk8 -in matt-iphone-ecc.key -out matt-iphone-ecc-p8.key

(I'm using "OpenSSL 1.1.0g 2 Nov 2017".)

comment:9 Changed 7 years ago by Antonio Quartulli

yeah, OpenSSL 1.1. uses PKCS#5 v2.0 by default. Can you try adding this argument to the command?
-v1 PBE-SHA1-3DES

or, if you want to stick to PKCS#5v2.0, you can specify the following:
-v2 aes-256-cbc -v2prf hmacWithSHA1

FYI, a fix for this issue has recently been merged in mbedTLS, therefore it should relatively soon land into OpenVPN Connect too.

Last edited 7 years ago by Antonio Quartulli (previous) (diff)

comment:10 Changed 7 years ago by Antonio Quartulli

Summary: iOS: ECDSA doesn't workiOS: ECDSA doesn't work when imported as PKCS#12 (.ovpn12 file)

comment:11 in reply to:  9 Changed 7 years ago by GainfulShrimp

Replying to ordex:

yeah, OpenSSL 1.1. uses PKCS#5 v2.0 by default. Can you try adding this argument to the command?
-v1 PBE-SHA1-3DES

or, if you want to stick to PKCS#5v2.0, you can specify the following:
-v2 aes-256-cbc -v2prf hmacWithSHA1

FYI, a fix for this issue has recently been merged in mbedTLS, therefore it should relatively soon land into OpenVPN Connect too.

Thanks very much. Which of the above two methods gives better security do you think (assuming there's a difference)?

Anyway, I used this command to rewrap my private EC key to test:

openssl pkcs8 -topk8 -in matt-iphone-ecc.key -out matt-iphone-ecc-p8v1.key -v1 PBE-SHA1-3DES

The new .ovpn including my PKCS#5v1 format EC private key works just fine (after entering my password) and seemed to connect very quickly! :D

So yes, I think you're right that it's "EC key within PKCS#12/.ovpn12 file" which is the problem, not ECDSA per se.

comment:12 Changed 7 years ago by Antonio Quartulli

Glad to hear that!

Honestly I believe using PKCS#5v2.0 might be "safer" as you can force AES instead of 3DES, but I don't think this really makes a big difference.

Last edited 7 years ago by Antonio Quartulli (previous) (diff)

comment:13 in reply to:  12 Changed 7 years ago by GainfulShrimp

Replying to ordex:

Honestly I believe using PKCS#5v2.0 might be "safer" as you can force AES instead of 3DES, but I don't think this really makes a big difference.

OK thanks. As an experiment, I tried making a new .ovpn12 file using my new-format encrypted EC key - i.e. the one that works when it's inlined in the .ovpn profile - rather than the 3DES encrypted version I used first time. I got a similar error as in my log above.

Unfortunately, the 'Autologin profile' with everything inlined doesn't work via Settings > VPN (both of my other, external cert profiles work just fine via either the app or the iOS Settings > VPN routes). Ah well.

Hopefully you'll soon find a fix for using external/PKCS#12 keys/certs and ECDSA. :)

comment:14 Changed 7 years ago by Antonio Quartulli

Yeah, that's expected given what we discovered, because when importing as ovpn12 is not the format that is creating the issue, but the request for a EC signature (instead of RSA).

Last edited 7 years ago by Antonio Quartulli (previous) (diff)

comment:15 Changed 7 years ago by Morac

I'm running into the same problem with an external EC certificate. Unified .ovpn works fine. Does the work around posted in comment 10 do anything for the external EC certificate or is that just a bug that requires waiting for a fix?

comment:16 Changed 7 years ago by Antonio Quartulli

the instructions in comment9 are unrelated. EC certificates in the external PKI are not supported at the moment, so this needs to be addressed by a new release.

comment:17 Changed 6 years ago by Morac

Any updates on this? There have been a number of updates since this bug was filed.

comment:18 Changed 6 years ago by Antonio Quartulli

Owner: changed from Antonio Quartulli to yuriy
Status: acceptedassigned

not yet. unfortunately more pressing issues are taking higher priority

comment:19 Changed 4 years ago by Gert Döring

Owner: changed from yuriy to denys

comment:20 Changed 4 years ago by Antonio Quartulli

Owner: changed from denys to OpenVPN Inc.

comment:21 Changed 2 years ago by stvs

Any progress? I also observe this issue.

comment:22 Changed 2 years ago by Gert Döring

Resolution: wontfix
Status: assignedclosed

OpenVPN Inc does not want to receive any feedback for the "Connect"
OpenVPN clients via the community bug trackers (here and in GH issues).

Please resubmit - if still relevant - via https://support.openvpn.net/

Note: See TracTickets for help on using tickets.