Opened 6 years ago
Closed 16 months ago
#1024 closed Bug / Defect (wontfix)
iOS: ECDSA doesn't work when imported as PKCS#12 (.ovpn12 file)
| Reported by: | GainfulShrimp | Owned by: | OpenVPN Inc. |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | OpenVPN Connect | Version: | OpenVPN Connect for iOS v1.2.8 |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
I was excited to see in the App Store release notes for OpenVPN Connect 1.2.8 that ECDSA was now supported, but it's not working for me.
An error is flagged up immediately when I try to connect.
This line in the log seems especially relevant, as - to me anyway - it seems to suggest that RSA is being used, when it shouldn't be:
2018-02-20 07:35:20 Client exception in transport_recv_excode: mbed TLS: SSL read error : RSA - Bad input parameters to function
Here is the log from OpenVPN Connect:
2018-02-20 07:35:20 ----- OpenVPN Start ----- OpenVPN core 3.1.2 ios arm64 64-bit built on Feb 7 2018 17:16:12 2018-02-20 07:35:20 Keychain Cert Extraction: 1 certificate(s) found 2018-02-20 07:35:20 Frame=512/2048/512 mssfix-ctrl=1250 2018-02-20 07:35:20 UNUSED OPTIONS 3 [fast-io] 5 [nobind] 6 [persist-key] 7 [persist-tun] 9 [mute-replay-warnings] 13 [verb] [1] 14 [mute] [20] 2018-02-20 07:35:20 EVENT: RESOLVE 2018-02-20 07:35:20 Contacting [xxx.xxx.xxx.xxx]:3232/UDP via UDP 2018-02-20 07:35:20 EVENT: WAIT 2018-02-20 07:35:20 Connecting to [myFQDN]:3232 (xxx.xxx.xxx.xxx) via UDPv4 2018-02-20 07:35:20 EVENT: CONNECTING 2018-02-20 07:35:20 Tunnel Options:V4,dev-type tun,link-mtu 1521,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth SHA1,keysize 128,key-method 2,tls-client 2018-02-20 07:35:20 Creds: UsernameEmpty/PasswordEmpty 2018-02-20 07:35:20 Peer Info: IV_GUI_VER=net.openvpn.connect.ios 1.2.8-1 IV_VER=3.1.2 IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_IPv6=0 IV_AUTO_SESS=1 2018-02-20 07:35:20 VERIFY OK : depth=1 cert. version : 3 serial number : D1:C4:F4:07:45:E9:73:B1 issuer name : CN=CAECC subject name : CN=CAECC issued on : 2018-01-30 13:21:21 expires on : 2028-01-28 13:21:21 signed using : ECDSA with SHA256 EC key size : 256 bits basic constraints : CA=true key usage : Key Cert Sign, CRL Sign 2018-02-20 07:35:20 VERIFY OK : depth=0 cert. version : 3 serial number : CB:E0:CD:5B:F2:DD:0F:A2:3E:61:92:26:99:6A:FA:14 issuer name : CN=CAECC subject name : CN=server-ecc issued on : 2018-01-30 13:22:09 expires on : 2028-01-28 13:22:09 signed using : ECDSA with SHA256 EC key size : 256 bits basic constraints : CA=false subject alt name : server-ecc key usage : Digital Signature, Key Encipherment ext key usage : TLS Web Server Authentication 2018-02-20 07:35:20 EVENT: EPKI_ERROR 69646e74000000000000002a : external_pki_error: cannot sign data, status=-50 [ERR] 2018-02-20 07:35:20 Raw stats on disconnect: BYTES_IN : 1426 BYTES_OUT : 378 PACKETS_IN : 4 PACKETS_OUT : 3 2018-02-20 07:35:20 Performance stats on disconnect: CPU usage (microseconds): 125213 Network bytes per CPU second: 14407 Tunnel bytes per CPU second: 0 2018-02-20 07:35:20 MbedTLSContext::epki_sign: ssl_external_pki: MbedTLS: could not obtain signature 2018-02-20 07:35:20 Client exception in transport_recv_excode: mbed TLS: SSL read error : RSA - Bad input parameters to function 2018-02-20 07:35:20 EVENT: DISCONNECTED 2018-02-20 07:35:20 Raw stats on disconnect: BYTES_IN : 1426 BYTES_OUT : 378 PACKETS_IN : 4 PACKETS_OUT : 3 SSL_ERROR : 1 EPKI_SIGN_ERROR : 1 2018-02-20 07:35:20 Performance stats on disconnect: CPU usage (microseconds): 126728 Network bytes per CPU second: 14235 Tunnel bytes per CPU second: 0
Server, running on Raspbian Stretch Lite (on a Pi3) is version:
OpenVPN 2.4.4 armv7l-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 15 2018 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.09 Originally developed by James Yonan Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
Server config:
dev tun1 proto udp port 3232 sndbuf 393216 rcvbuf 393216 push "sndbuf 393216" push "rcvbuf 393216" fast-io ca /etc/openvpn/ecckeys/ca.crt cert /etc/openvpn/ecckeys/server-ecc.crt key /etc/openvpn/ecckeys/server-ecc.key dh none topology subnet server 10.188.0.0 255.255.255.0 push "route 10.188.0.0 255.255.255.0" push "route 192.168.2.0 255.255.255.0" push "dhcp-option DNS 192.168.2.1" push "redirect-gateway def1" client-to-client keepalive 10 60 tls-crypt /etc/openvpn/ecckeys/tc.key cipher AES-128-GCM ncp-ciphers AES-128-GCM tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 tls-version-min 1.2
Client (iPhone X) config:
client dev tun proto udp fast-io remote myFQDN 3232 nobind persist-key persist-tun reneg-sec 0 mute-replay-warnings remote-cert-tls server cipher AES-128-GCM tls-version-min 1.2 verb 1 mute 20 <ca> [blah blah] </ca> <tls-crypt> [blah blah] </tls-crypt>
Client cert and key are in a PKCS#12 file, with extension .ovpn12. Importing both profile/config and cert file seemed to go smoothly.
Using a similar client config (the same, but with inlined cert/key) and the exact same server, I can connect fine from a Linux client and a Macbook/Viscosity?.
Change History (22)
comment:1 Changed 6 years ago by
comment:2 follow-up: 4 Changed 6 years ago by
Thanks for reporting.
Apparently the interaction with the iOS keychain is not liking your EC certificates.
Could you try embedding the key/certs in the .ovpn file and see if that works? (that will help us understanding if my statement is right).
comment:3 Changed 6 years ago by
| Status: | new → accepted |
|---|---|
| Summary: | iOS 1.2.8: ECDSA doesn't work → iOS: ECDSA doesn't work |
| Version: | → OpenVPN Connect for iOS v1.2.8 |
comment:4 Changed 6 years ago by
Replying to ordex:
Could you try embedding the key/certs in the .ovpn file and see if that works? (that will help us understanding if my statement is right).
Thanks for getting back to me so quickly @ordex! :)
I've tried including the cert and 3DES-encrypted private key in the .ovpn just now. The profile imported OK and showed up as "Autologin profile", but when I try to connect I immediately get a "Bad private key password". This is not surprising, as I was given no opportunity to enter my private key password, neither during profile import or when I attempt to connect.
Could you advise how I enter my password please? Or do I really need to inline my plaintext private key? (That doesn't feel right to me..?)
comment:5 follow-up: 6 Changed 6 years ago by
weird, if a key starts with
-----BEGIN ENCRYPTED PRIVATE KEY-----
it should be detected as being an encrypted key and a textbox should appear. Is this the case for your key?
comment:6 Changed 6 years ago by
No, my key looks very similar to this:
-----BEGIN EC PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,258248872DB25390 JIzhns0nRb+pj6RONAijJli8Rhu2bIrw8D+ruHEWL1IEH6Q5tvzqAI2PDYXbSzCn 24JPWx9khmTu6ijerANNYYk0p2Pjxr12MAYpqgtXbRrXLF4AIomzYWq16BH7Y63o zvqWMBJO6tQ5RHPLM2FmweyPB/XSL7KvLTe+g6pz/W9wf52CyQ/VeK+yBXqEi7QF 0f9EKRlePRLAUcQPD4nkckcywX6Nz+TW/SOKt38YytM9MyQsAfcxu7u0nl/dLylk n57qUm3nk0z0moYJbfLx59eP0/go8VjeP2fRKkgz1DOM7VkmtPrC7vnyRpKsnP2S 6n6uacerkNXTmUcz7mTCGGfrsBeACJeX1gwinDZVwkzDxNKhLXOlFFAMWE+SeiFp kDny2v3D8sU= -----END EC PRIVATE KEY-----
That's not my actual key btw - it's the example I cut and pasted from the OpenSSL wiki page about EC keys.
Do you think it's worth trying converting my key to (encrypted) PKCS8 format, as mentioned on the above OpenSSL wiki page?
comment:7 follow-up: 8 Changed 6 years ago by
Yes, please.
The format you used is not supported by the UI, so it can't recognize that it is an encrypted key (this should be added to the FAQ).
The PKCS#8 format should work fine.
Just don't use PKCS#5 v2.0 (which is activated by -v2) or, if you do, ensure you use SHA1 as PRF (specified by -v2prf), otherwise you'll hit a compatibility problem that is currently work in progress :-)
comment:8 Changed 6 years ago by
Replying to ordex:
The PKCS#8 format should work fine.
Just don't use PKCS#5 v2.0 (which is activated by -v2) or, if you do, ensure you use SHA1 as PRF (specified by -v2prf), otherwise you'll hit a compatibility problem that is currently work in progress :-)
I think I might be hitting this problem, as when I imported my new profile I got the prompt to enter (and save) my password. But when I entered my password, I got this error:
OpenVPN error : mbed TLS: error parsing config private key : PKCS5 - Requested encryption or digest alg not available
Could you please confirm the openssl command that I need to create the encrypted EC key in a format understood by the app?
Here's what I tried:
openssl pkcs8 -topk8 -in matt-iphone-ecc.key -out matt-iphone-ecc-p8.key
(I'm using "OpenSSL 1.1.0g 2 Nov 2017".)
comment:9 follow-up: 11 Changed 6 years ago by
yeah, OpenSSL 1.1. uses PKCS#5 v2.0 by default. Can you try adding this argument to the command?
-v1 PBE-SHA1-3DES
or, if you want to stick to PKCS#5v2.0, you can specify the following:
-v2 aes-256-cbc -v2prf hmacWithSHA1
FYI, a fix for this issue has recently been merged in mbedTLS, therefore it should relatively soon land into OpenVPN Connect too.
comment:10 Changed 6 years ago by
| Summary: | iOS: ECDSA doesn't work → iOS: ECDSA doesn't work when imported as PKCS#12 (.ovpn12 file) |
|---|
comment:11 Changed 6 years ago by
Replying to ordex:
yeah, OpenSSL 1.1. uses PKCS#5 v2.0 by default. Can you try adding this argument to the command?
-v1 PBE-SHA1-3DES
or, if you want to stick to PKCS#5v2.0, you can specify the following:
-v2 aes-256-cbc -v2prf hmacWithSHA1
FYI, a fix for this issue has recently been merged in mbedTLS, therefore it should relatively soon land into OpenVPN Connect too.
Thanks very much. Which of the above two methods gives better security do you think (assuming there's a difference)?
Anyway, I used this command to rewrap my private EC key to test:
openssl pkcs8 -topk8 -in matt-iphone-ecc.key -out matt-iphone-ecc-p8v1.key -v1 PBE-SHA1-3DES
The new .ovpn including my PKCS#5v1 format EC private key works just fine (after entering my password) and seemed to connect very quickly! :D
So yes, I think you're right that it's "EC key within PKCS#12/.ovpn12 file" which is the problem, not ECDSA per se.
comment:12 follow-up: 13 Changed 6 years ago by
Glad to hear that!
Honestly I believe using PKCS#5v2.0 might be "safer" as you can force AES instead of 3DES, but I don't think this really makes a big difference.
comment:13 Changed 6 years ago by
Replying to ordex:
Honestly I believe using PKCS#5v2.0 might be "safer" as you can force AES instead of 3DES, but I don't think this really makes a big difference.
OK thanks. As an experiment, I tried making a new .ovpn12 file using my new-format encrypted EC key - i.e. the one that works when it's inlined in the .ovpn profile - rather than the 3DES encrypted version I used first time. I got a similar error as in my log above.
Unfortunately, the 'Autologin profile' with everything inlined doesn't work via Settings > VPN (both of my other, external cert profiles work just fine via either the app or the iOS Settings > VPN routes). Ah well.
Hopefully you'll soon find a fix for using external/PKCS#12 keys/certs and ECDSA. :)
comment:14 Changed 6 years ago by
Yeah, that's expected given what we discovered, because when importing as ovpn12 is not the format that is creating the issue, but the request for a EC signature (instead of RSA).
comment:15 Changed 6 years ago by
I'm running into the same problem with an external EC certificate. Unified .ovpn works fine. Does the work around posted in comment 10 do anything for the external EC certificate or is that just a bug that requires waiting for a fix?
comment:16 Changed 6 years ago by
the instructions in comment9 are unrelated. EC certificates in the external PKI are not supported at the moment, so this needs to be addressed by a new release.
comment:17 Changed 6 years ago by
Any updates on this? There have been a number of updates since this bug was filed.
comment:18 Changed 6 years ago by
| Owner: | changed from Antonio Quartulli to yuriy |
|---|---|
| Status: | accepted → assigned |
not yet. unfortunately more pressing issues are taking higher priority
comment:19 Changed 3 years ago by
| Owner: | changed from yuriy to denys |
|---|
comment:20 Changed 3 years ago by
| Owner: | changed from denys to OpenVPN Inc. |
|---|
comment:22 Changed 16 months ago by
| Resolution: | → wontfix |
|---|---|
| Status: | assigned → closed |
OpenVPN Inc does not want to receive any feedback for the "Connect"
OpenVPN clients via the community bug trackers (here and in GH issues).
Please resubmit - if still relevant - via https://support.openvpn.net/
FYI, I tried to add a screenshot, but was told my submission was suspected to be spam. The error page said I needed to do the captcha, but there was no captcha shown. Meh.