mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 04:02:15 +02:00
ovpn-dco: change nonce_tail length to 8 bytes
AES-GCM nonce is 12 bytes. OpenVPN obtains it by concatenating 4 bytes packet id and rest (nonce_tail) from key material generated during TLS handshake. By some reasons ovpn-dco required userspace to provide 12 bytes nonce_tail and generated 16 bytes nonce, even though kernel crypto API uses only 12 bytes. This has been fixed in ovpn-dco and therefore has to be fixed in userspace. Signed-off-by: Lev Stipakov <lev@openvpn.net>
This commit is contained in:
parent
0d28aa1491
commit
9574172560
@ -28,7 +28,7 @@ namespace KoRekey {
|
||||
struct KeyDirection {
|
||||
const unsigned char *cipher_key;
|
||||
const unsigned char *hmac_key; // only CBC
|
||||
unsigned char nonce_tail[12]; // only GCM
|
||||
unsigned char nonce_tail[8]; // only GCM
|
||||
unsigned int cipher_key_size;
|
||||
unsigned int hmac_key_size; // only CBC
|
||||
};
|
||||
|
@ -212,7 +212,7 @@ public:
|
||||
auto msg_ptr = create_msg(OVPN_CMD_NEW_KEY);
|
||||
auto* msg = msg_ptr.get();
|
||||
|
||||
const int NONCE_LEN = 12;
|
||||
const int NONCE_TAIL_LEN = 8;
|
||||
|
||||
struct nlattr *key_dir;
|
||||
|
||||
@ -229,7 +229,7 @@ public:
|
||||
NLA_PUT(msg, OVPN_KEY_DIR_ATTR_CIPHER_KEY, kc->encrypt.cipher_key_size,
|
||||
kc->encrypt.cipher_key);
|
||||
if (kc->cipher_alg == OVPN_CIPHER_ALG_AES_GCM) {
|
||||
NLA_PUT(msg, OVPN_KEY_DIR_ATTR_NONCE_TAIL, NONCE_LEN,
|
||||
NLA_PUT(msg, OVPN_KEY_DIR_ATTR_NONCE_TAIL, NONCE_TAIL_LEN,
|
||||
kc->encrypt.nonce_tail);
|
||||
} else {
|
||||
NLA_PUT(msg, OVPN_KEY_DIR_ATTR_HMAC_KEY, kc->encrypt.hmac_key_size,
|
||||
@ -241,7 +241,7 @@ public:
|
||||
NLA_PUT(msg, OVPN_KEY_DIR_ATTR_CIPHER_KEY, kc->decrypt.cipher_key_size,
|
||||
kc->decrypt.cipher_key);
|
||||
if (kc->cipher_alg == OVPN_CIPHER_ALG_AES_GCM) {
|
||||
NLA_PUT(msg, OVPN_KEY_DIR_ATTR_NONCE_TAIL, NONCE_LEN,
|
||||
NLA_PUT(msg, OVPN_KEY_DIR_ATTR_NONCE_TAIL, NONCE_TAIL_LEN,
|
||||
kc->decrypt.nonce_tail);
|
||||
} else {
|
||||
NLA_PUT(msg, OVPN_KEY_DIR_ATTR_HMAC_KEY, kc->decrypt.hmac_key_size,
|
||||
|
Loading…
Reference in New Issue
Block a user