diff --git a/doc/man-sections/management-options.rst b/doc/man-sections/management-options.rst index 884750a6..8dad52b3 100644 --- a/doc/man-sections/management-options.rst +++ b/doc/man-sections/management-options.rst @@ -85,9 +85,15 @@ server and client mode operations. management-external-key management-external-key nopadding management-external-key pkcs1 - management-external-key nopadding pkcs1 + management-external-key pss - The optional parameters :code:`nopadding` and :code:`pkcs1` signal + or any combination like: + :: + + management-external-key nopadding pkcs1 + management-external-key pkcs1 pss + + The optional parameters :code:`nopadding` :code:`pkcs1` and :code:`pss` signal support for different padding algorithms. See :code:`doc/mangement-notes.txt` for a complete description of this feature. diff --git a/doc/management-notes.txt b/doc/management-notes.txt index 203d3d82..7bb10c24 100644 --- a/doc/management-notes.txt +++ b/doc/management-notes.txt @@ -907,10 +907,24 @@ can be indicated in the signing request only if the client version is > 2" The currently defined padding algorithms are: - - RSA_PKCS1_PADDING - PKCS1 padding and RSA signature - - RSA_NO_PADDING - No padding may be added for the signature - - ECDSA - EC signature. + - RSA_PKCS1_PADDING - PKCS1 padding and RSA signature + - RSA_NO_PADDING - No padding may be added for the signature + - ECDSA - EC signature. + - RSA_PKCS1_PSS_PADDING,params - RSA signature with PSS padding + The params for PSS are specified as 'hashalg=name,saltlen=[max|digest]'. + + The hashalg names are short common names such as SHA256, SHA224, etc. + PSS saltlen="digest" means use the same size as the hash to sign, while + "max" indicates maximum possible saltlen which is + '(nbits-1)/8 - hlen - 2'. Here 'nbits' is the number of bits in the + key modulus and 'hlen' the size in octets of the hash. + (See: RFC 8017 sec 8.1.1 and 9.1.1) + + In the case of PKCS1_PADDING, when the hash algorithm is not legacy + MD5-SHA1, the hash is encoded with DigestInfo header before presenting + to the management interface. This is identical to CKM_RSA_PKCS in Cryptoki + as well as what RSA_private_encrypt() in OpenSSL expects. COMMAND -- certificate (OpenVPN 2.4 or higher) ---------------------------------------------- diff --git a/src/openvpn/manage.h b/src/openvpn/manage.h index 04dc98d1..5ed27c0c 100644 --- a/src/openvpn/manage.h +++ b/src/openvpn/manage.h @@ -339,6 +339,7 @@ struct management *management_init(void); #define MF_QUERY_REMOTE (1<<13) #define MF_QUERY_PROXY (1<<14) #define MF_EXTERNAL_CERT (1<<15) +#define MF_EXTERNAL_KEY_PSSPAD (1<<16) bool management_open(struct management *man, const char *addr, diff --git a/src/openvpn/options.c b/src/openvpn/options.c index aafec1a2..42ea3bae 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -60,6 +60,7 @@ #include "forward.h" #include "ssl_verify.h" #include "platform.h" +#include "xkey_common.h" #include #include "memdbg.h" @@ -2207,14 +2208,14 @@ options_postprocess_verify_ce(const struct options *options, #endif /* ifdef ENABLE_MANAGEMENT */ -#if defined(ENABLE_MANAGEMENT) +#if defined(ENABLE_MANAGEMENT) && !defined(HAVE_XKEY_PROVIDER) if ((tls_version_max() >= TLS_VER_1_3) && (options->management_flags & MF_EXTERNAL_KEY) && !(options->management_flags & (MF_EXTERNAL_KEY_NOPADDING)) ) { - msg(M_ERR, "management-external-key with OpenSSL 1.1.1 requires " - "the nopadding argument/support"); + msg(M_FATAL, "management-external-key with TLS 1.3 or later requires " + "nopadding argument/support"); } #endif /* @@ -5520,6 +5521,10 @@ add_option(struct options *options, { options->management_flags |= MF_EXTERNAL_KEY_PKCS1PAD; } + else if (streq(p[j], "pss")) + { + options->management_flags |= MF_EXTERNAL_KEY_PSSPAD; + } else { msg(msglevel, "Unknown management-external-key flag: %s", p[j]);