Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server should support alternate types of Channel Bindings #823

Open
GuidoKiener opened this issue Jan 2, 2024 · 7 comments
Open

Server should support alternate types of Channel Bindings #823

GuidoKiener opened this issue Jan 2, 2024 · 7 comments
Assignees
@hyc
Milestone
2.2.0

Comments

@GuidoKiener
Copy link
Contributor

Problem

According to RFC 5929 there are different channel binding types (e.g. "tls-unique", "tls-exporter", "tls-end-point-server") for TLS connections that can be used with SASL mechanisms like SCRAM-SHA-*-PLUS or GS2-KRB5-PLUS. After a TLS connection is established a server can currently set only one binding data with sasl_setprop(conn, SASL_CHANNEL_BINDING, &cb);.

Depending on protocol agreements a client can select e.g. between:

  • "tls-unique" and "tls-end-point-server" when using TLS 1.2
  • "tls-exporter" and "tls-end-point-server" when using TLS 1.3

If a server does not support the desired channel binding type of the client then the authentication will fail or the client is obliged to try another channel binding type or even another worse SASL mechanism.
Therefore it's useful to add a new property or callback function that allows the server to select the desired channel binding data.

Proposal: New Callback Function

My preferred solution is adding a new callback function:

/* callback to change channel binding type (e.g. "tls-end-point-server")
 * of the server.  The callback is used by plugins like SCRAM-SHA-*-PLUS or
 * GS2-KRB5-PLUS when the desired binding type of the client does not match
 * the binding type set with property SASL_CHANNEL_BINDING. A server should
 * check the requested 'cbindingname' of the 'plugin' and overwrite the
 * channel binding data of property SASL_CHANNEL_BINDING within the callback
 * function.
 *  plugin        -- name of plugin
 *  cbindingname  -- name of desired channel binding type
 */
typedef int sasl_server_channel_binding_t(sasl_conn_t* conn,
					  void* context,
					  const char* plugin,
					  const char* cbindingname);
#define SASL_CB_SERVER_CHANNEL_BINDING (0x8006)

This solution is flexibel and a server application can react to specific plugins and binding types.

Alternative Proposal: New property SASL_CHANNEL_BINDING_2

Another way is to add a new property SASL_CHANNEL_BINDING_2 that allows the server to set an alternative channel binding type that is selected by the plugins SCRAM-SHA-*-PLUS or GS2-KRB5-PLUS.

This solution is easy and ok for the next years, but maybe not flexible enough for future security extensions.

Common problem

The property SASL_CHANNEL_BINDING sets only a reference to the channel binding data and the user has to care for the lifecycle of the channel binding data. A less error-prone coding style is to allocate memory and store a copy of the channel binding data within the struct sasl_server_params. This will help users to implement the callback function for channel binding.

cc: @Neustradamus, @quanah, @ksmurchison, @aamelnikov, @dilyanpalauzov : Feedback is welcome. I would contribute the patches.
@ksmurchison
Copy link
Contributor

I also believe that a new callback is the better solution.
I don't have any strong feelings on whether the application of the library is responsible for the channel binding data.

@GuidoKiener
Copy link
Contributor Author

Thanks for your comment. Since all applications using cyrus-sasl have managed the lifecycle problem of the channel binding data there is not really a need to change the policy of the ownership of the binding data.
I just stumbled over this pitfall with my first reference implemenation and people are able to fix it. Nevertheless some common members of struct sasl_conn store a copy (like service, serverFQDN, security properties ...) and others do not. It's confusing.
At the end I'm not sad if we keep it like it is.

GuidoKiener added a commit to GuidoKiener/cyrus-sasl that referenced this issue Feb 15, 2024
@GuidoKiener
Add callback SASL_CB_SERVER_CHANNEL_BINDING
8362a32 
Provide a callback function to change the channel binding type
of servers (e.g. "tls-server-end-point" instead of "tls-unique")
during authentication of secure mechanisms like GS2-KRB5-PLUS or
SCRAM-SHA-256-PLUS.

The callback is used by the plugins SCRAM and GS2 when the desired
binding type of the client does not match the binding type set with
property SASL_CHANNEL_BINDING.
A server can check the requested type of channel binding and
overwrite the current channel binding data with the property
SASL_CHANNEL_BINDING before the authentication proceeds.

Issue cyrusimap#823

Signed-off-by: Guido Kiener <guido.kiener@rohde-schwarz.com>
GuidoKiener added a commit to GuidoKiener/cyrus-sasl that referenced this issue Feb 16, 2024
@GuidoKiener
Add callback SASL_CB_SERVER_CHANNEL_BINDING
6ac8205 
Provide a callback function to change the channel binding type
of servers (e.g. "tls-server-end-point" instead of "tls-unique")
during authentication of secure mechanisms like GS2-KRB5-PLUS or
SCRAM-SHA-256-PLUS.

The callback is used by the plugins SCRAM and GS2 when the desired
binding type of the client does not match the binding type set with
property SASL_CHANNEL_BINDING.
A server can check the requested type of channel binding and
overwrite the current channel binding data with the property
SASL_CHANNEL_BINDING before the authentication proceeds.

Issue cyrusimap#823

Signed-off-by: Guido Kiener <guido.kiener@rohde-schwarz.com>
GuidoKiener added a commit to GuidoKiener/cyrus-sasl that referenced this issue Feb 16, 2024
@GuidoKiener
Add callback SASL_CB_SERVER_CHANNEL_BINDING
32b3072 
Provide a callback function to change the channel binding type
of servers (e.g. "tls-server-end-point" instead of "tls-unique")
during authentication of secure mechanisms like GS2-KRB5-PLUS or
SCRAM-SHA-256-PLUS.

The callback is used by the plugins SCRAM and GS2 when the desired
binding type of the client does not match the binding type set with
property SASL_CHANNEL_BINDING.
A server can check the requested type of channel binding and
overwrite the current channel binding data with the property
SASL_CHANNEL_BINDING before the authentication proceeds.

Issue cyrusimap#823

Signed-off-by: Guido Kiener <guido.kiener@rohde-schwarz.com>
GuidoKiener added a commit to GuidoKiener/cyrus-sasl that referenced this issue Feb 16, 2024
@GuidoKiener
Add callback SASL_CB_SERVER_CHANNEL_BINDING
8950de5 
Provide a callback function to change the channel binding type
of servers (e.g. "tls-server-end-point" instead of "tls-unique")
during authentication of secure mechanisms like GS2-KRB5-PLUS or
SCRAM-SHA-256-PLUS.

The callback is used by the plugins SCRAM and GS2 when the desired
binding type of the client does not match the binding type set with
property SASL_CHANNEL_BINDING.
A server can check the requested type of channel binding and
overwrite the current channel binding data with the property
SASL_CHANNEL_BINDING before the authentication proceeds.

Issue cyrusimap#823

Signed-off-by: Guido Kiener <guido.kiener@rohde-schwarz.com>
@GuidoKiener GuidoKiener mentioned this issue Feb 16, 2024
Open
@GuidoKiener
Copy link
Contributor Author

@ksmurchison, Hi Ken, do you like to review the patch? I tested the patch in my projects and with a patched cyrus-imapd variant.

@GuidoKiener
Copy link
Contributor Author

@ksmurchison, Hi Ken, do you like to review the patch? I tested the patch in my projects and with a patched cyrus-imapd variant.

@ksmurchison or @quanah: Do you have time to review the patch?

@ksmurchison
Copy link
Contributor

I will try but I'm not an expert on channel binding. @aamelnikov can you give a look?

@GuidoKiener GuidoKiener mentioned this issue Mar 26, 2024
Open
@Neustradamus
Copy link
Contributor

@aamelnikov: Can you look tickets here?

@GuidoKiener has done a PR here, can you look too?

@ksmurchison requests same.

@quanah quanah added this to the 2.2.0 milestone Jul 22, 2024
@Neustradamus
Copy link
Contributor

@quanah: I have relaunched @aamelnikov.

GuidoKiener added a commit to GuidoKiener/cyrus-sasl that referenced this issue Aug 9, 2024
@GuidoKiener
Add callback SASL_CB_SERVER_CHANNEL_BINDING
2285381 
Provide a callback function to change the channel binding type
of servers (e.g. "tls-server-end-point" instead of "tls-unique")
during authentication of secure mechanisms like GS2-KRB5-PLUS or
SCRAM-SHA-256-PLUS.

The callback is used by the plugins SCRAM and GS2 when the desired
binding type of the client does not match the binding type set with
property SASL_CHANNEL_BINDING.
A server can check the requested type of channel binding and
overwrite the current channel binding data with the property
SASL_CHANNEL_BINDING before the authentication proceeds.

Issue cyrusimap#823

Signed-off-by: Guido Kiener <guido.kiener@rohde-schwarz.com>
GuidoKiener added a commit to GuidoKiener/cyrus-sasl that referenced this issue Aug 9, 2024
@GuidoKiener
Add sample for callback SASL_CB_SERVER_CHANNEL_BINDING
7632d01 
With the callback SASL_CB_SERVER_CHANNEL_BINDING
a server can change the channel binding data to the
desired channel binding type of the client.

sample/client.c
Select the option -d or -D to use the channel
binding type "tls-server-end-point".
Or select the option -c or -C to use the channel
binding type "tls-unique".
Options -C or -D force client and server to use
channel binding.

sample/server.c
select option -c to activate channel binding
type "tls-unique".
Option -C forces clients to use channel binding.
Via callback "my_select_binding" the server changes
the binding type to "tls-server-end-point" if
required.

Note that client/server must use the binding type:
- "tls-exporter" for TLS 1.3
- "tls-unique" for TLS 1.2
- "tls-server-end-point" works for TLS 1.2 and 1.3

Issue cyrusimap#823

Signed-off-by: Guido Kiener <guido.kiener@rohde-schwarz.com>
GuidoKiener added a commit to GuidoKiener/cyrus-sasl that referenced this issue Aug 9, 2024
@GuidoKiener
Add callback SASL_CB_SERVER_CHANNEL_BINDING
175682f 
Provide a callback function to change the channel binding type
of servers (e.g. "tls-server-end-point" instead of "tls-unique")
during authentication of secure mechanisms like GS2-KRB5-PLUS or
SCRAM-SHA-256-PLUS.

The callback is used by the plugins SCRAM and GS2 when the desired
binding type of the client does not match the binding type set with
property SASL_CHANNEL_BINDING.
A server can check the requested type of channel binding and
overwrite the current channel binding data with the property
SASL_CHANNEL_BINDING before the authentication proceeds.

Issue cyrusimap#823

Signed-off-by: Guido Kiener <guido.kiener@rohde-schwarz.com>
GuidoKiener added a commit to GuidoKiener/cyrus-sasl that referenced this issue Aug 9, 2024
@GuidoKiener
Add sample for callback SASL_CB_SERVER_CHANNEL_BINDING
019ebb4 
With the callback SASL_CB_SERVER_CHANNEL_BINDING
a server can change the channel binding data to the
desired channel binding type of the client.

sample/client.c
Select the option -d or -D to use the channel
binding type "tls-server-end-point".
Or select the option -c or -C to use the channel
binding type "tls-unique".
Options -C or -D force client and server to use
channel binding.

sample/server.c
select option -c to activate channel binding
type "tls-unique".
Option -C forces clients to use channel binding.
Via callback "my_select_binding" the server changes
the binding type to "tls-server-end-point" if
required.

Note that client/server must use the binding type:
- "tls-exporter" for TLS 1.3
- "tls-unique" for TLS 1.2
- "tls-server-end-point" works for TLS 1.2 and 1.3

Issue cyrusimap#823

Signed-off-by: Guido Kiener <guido.kiener@rohde-schwarz.com>
GuidoKiener added a commit to GuidoKiener/cyrus-sasl that referenced this issue Aug 9, 2024
@GuidoKiener
Add sample for callback SASL_CB_SERVER_CHANNEL_BINDING
2835cc1 
With the callback SASL_CB_SERVER_CHANNEL_BINDING
a server can change the channel binding data to the
desired channel binding type of the client.

sample/client.c
Select the option -d or -D to use the channel
binding type "tls-server-end-point".
Or select the option -c or -C to use the channel
binding type "tls-unique".
Options -C or -D force client and server to use
channel binding.

sample/server.c
select option -c to activate channel binding
type "tls-unique".
Option -C forces clients to use channel binding.
Via callback "my_select_binding" the server changes
the binding type to "tls-server-end-point" if
required.

Note that client/server must use the binding type:
- "tls-exporter" for TLS 1.3
- "tls-unique" for TLS 1.2
- "tls-server-end-point" works for TLS 1.2 and 1.3

Issue cyrusimap#823

Signed-off-by: Guido Kiener <guido@kiener-muenchen.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hyc hyc

Labels
None yet
Projects
None yet
Milestone
2.2.0
Development

No branches or pull requests
5 participants
@Neustradamus @hyc @quanah @ksmurchison @GuidoKiener