Hi all,
I notice there is another developer, Frances also posted similar problem as
mine recently. I am very sure that I have extracted the data below correctly
and the HMAC SHA1 computation that I did is correct as I have verified with RFC
test vectors and tested against openvpn tls-prf HMAC function.
Anyone has solved this mystery?
Thanks.
Regards,
Jessica Tan
From: jessta...@hotmail.com
To: openvpn-devel@lists.sourceforge.net; openvpn-us...@lists.sourceforge.net
List-Post: openvpn-devel@lists.sourceforge.net
Date: Wed, 10 Mar 2010 00:52:17 +0800
Subject: Re: [Openvpn-devel] FW: HMAC-SHA1
Perhaps allow me to provide an example to give you a better picture.
I extracted the following information:
Data
Channel Encrypt: HMAC KEY: 7bc9e462
32dd2b4c 3c8a3108 39d1b38e d58bf293
Data Channel Decrypt: HMAC KEY: 5c6e268f addae698 8728b25d bc0fb5cd d84f4729
ENCRYPT IV:
a947f77f 0db28c61 8a2fd60c 66dc1e08
ENCRYPT FROM:
0000002c 4b8f0474 faffffff ffffff00 ff331067 be080045 00006001 c3000080
1123c40a 0300020a 0300ff00 89008900 4c5a5480 4b281000 01000000 00000120
41424143 46504650 454e4644 45434643 45504648 46444546 46504650 41434142
00002000 01c00c00 20000100 0493e000 06e0000a 030002
ENCRYPT TO:
a947f77f 0db28c61 8a2fd60c 66dc1e08 dfb2689b 9a9484ba d9aff0e7 b751621f
d9f845b0 d438a09e d401c487 a475a3a2 90930c8d 81c83647 a84ff343 1705e2d0
6d42a018 8fb2c1b5 96b69e88 7163e540 6fc9b64e e9a30b53 e9162577 990fb81d
68b1ccdb c9e9fa1e 64776f92 880ec25a f7dbca8b 1d8ed454 29cf4a9a beb887ff
e345751e 5d210c67 f190433b 2bd5973a
HMAC work (input): c93b3269 080ba41f 0c7b7762
9ff17296 f789e8a3 a947f77f 0db28c61 8a2fd60c 66dc1e08 dfb2689b 9a9484ba
d9aff0e7 b751621f d9f845b0 d438a09e d401c487 a475a3a2 90930c8d 81c83647
a84ff343 1705e2d0 6d42a018 8fb2c1b5 96b69e88 7163e540 6fc9b64e e9a30b53
e9162577 990fb81d 68b1ccdb c9e9fa1e 64776f92 880ec25a f7dbca8b 1d8ed454
29cf4a9a beb887ff e345751e 5d210c67 f190433b 2bd5973a
HMAC output (generated hmac): c93b3269 080ba41f
0c7b7762 9ff17296 f789e8a3
I computed HMAC-SHA1 on the content of "ENCRYPT TO:", using HMAC KEY (I
actually tested both encrypt and decrypt HMAC keys), but none of them gives me
the correct output as expected as indicated under "HMAC output".
Is this a bug? Or the input is more than the encrypted packet?
Thanks. Please help.
Regards,
Jessica Tan
From: jessta...@hotmail.com
To: openvpn-devel@lists.sourceforge.net
List-Post: openvpn-devel@lists.sourceforge.net
Date: Wed, 10 Mar 2010 00:32:37 +0800
Subject: [Openvpn-devel] FW: HMAC-SHA1
Dear all,
I was trying to run some tests on OpenVPN
implementation. Realise HMAC computation for Data and Control channel
does not match my computation. I have use the same computation on
TLS-PRF's HMAC and it matches perfectly. Anyone has any idea what this
problem could be? Is it a bug?
The input I use to the HMAC is the "IV || Encrypted (packetID and
payload). This is what I understand from OpenVPN Security Overview
page. Is this correct? Or there is some pre-processing that I am not
aware?
Appreciate any help available.
Thanks.
Regards,
Jessica Tan
Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now.
Hotmail: Powerful Free email with security by Microsoft. Get it now.
_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969
