ovpn-dco: change nonce_tail length to 8 bytes

AES-GCM nonce is 12 bytes. OpenVPN obtains it by concatenating 4 bytes
packet id and rest (nonce_tail) from key material generated during TLS
handshake.

By some reasons ovpn-dco required userspace to provide 12 bytes
nonce_tail and generated 16 bytes nonce, even though kernel crypto API
uses only 12 bytes. This has been fixed in ovpn-dco and therefore has to
be fixed in userspace.

Signed-off-by: Lev Stipakov <lev@openvpn.net>

openvpn/dco/key.hpp

@@ -28,7 +28,7 @@ namespace KoRekey {
 struct KeyDirection {
   const unsigned char *cipher_key;
   const unsigned char *hmac_key; // only CBC
-  unsigned char nonce_tail[12];  // only GCM
+  unsigned char nonce_tail[8];  // only GCM
   unsigned int cipher_key_size;
   unsigned int hmac_key_size; // only CBC
 };

openvpn/tun/linux/client/genl.hpp

@@ -212,7 +212,7 @@ public:
     auto msg_ptr = create_msg(OVPN_CMD_NEW_KEY);
     auto* msg = msg_ptr.get();
 
-    const int NONCE_LEN = 12;
+    const int NONCE_TAIL_LEN = 8;
 
     struct nlattr *key_dir;
 
@@ -229,7 +229,7 @@ public:
     NLA_PUT(msg, OVPN_KEY_DIR_ATTR_CIPHER_KEY, kc->encrypt.cipher_key_size,
             kc->encrypt.cipher_key);
     if (kc->cipher_alg == OVPN_CIPHER_ALG_AES_GCM) {
-      NLA_PUT(msg, OVPN_KEY_DIR_ATTR_NONCE_TAIL, NONCE_LEN,
+      NLA_PUT(msg, OVPN_KEY_DIR_ATTR_NONCE_TAIL, NONCE_TAIL_LEN,
               kc->encrypt.nonce_tail);
     } else {
       NLA_PUT(msg, OVPN_KEY_DIR_ATTR_HMAC_KEY, kc->encrypt.hmac_key_size,
@@ -241,7 +241,7 @@ public:
     NLA_PUT(msg, OVPN_KEY_DIR_ATTR_CIPHER_KEY, kc->decrypt.cipher_key_size,
             kc->decrypt.cipher_key);
     if (kc->cipher_alg == OVPN_CIPHER_ALG_AES_GCM) {
-      NLA_PUT(msg, OVPN_KEY_DIR_ATTR_NONCE_TAIL, NONCE_LEN,
+      NLA_PUT(msg, OVPN_KEY_DIR_ATTR_NONCE_TAIL, NONCE_TAIL_LEN,
               kc->decrypt.nonce_tail);
     } else {
       NLA_PUT(msg, OVPN_KEY_DIR_ATTR_HMAC_KEY, kc->decrypt.hmac_key_size,