Am 13.11.16 um 14:14 schrieb Steffan Karger:
> Hi,
>
> Thanks for reviewing! Replies inline.
>
> On 13-11-16 17:41, Arne Schwabe wrote:
>>
>>> This boils down to the following on-the-wire packet format:
>>>
>>> -opcode- || -session_id- || -packet_id- || auth_tag || * payload *
>>
>> I am pretty that opcode is *not* authenticated looking the code. Which
>> is probably not a problem but should not be documented as authenticated.
>> (There is a buf_advance(buf ,1) before calling the unwrap function.
>
> No, the opcode *is* authenticated. See e.g. tls_crypt_wrap(), which
> receives a dst buffer which is prepared with the opcode and session_id,
> and computes the HMAC over the contents.
Yeah, I looked harder and see now the buffer pointer magic more clearly.
My fault.
I think that
cipher_ctx_reset (ctx->cipher, tag);
belongs into the encrypt block instead of the auth block.
Arne
------------------------------------------------------------------------------
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
