Am 13.11.16 um 14:14 schrieb Steffan Karger: > Hi, > > Thanks for reviewing! Replies inline. > > On 13-11-16 17:41, Arne Schwabe wrote: >> >>> This boils down to the following on-the-wire packet format: >>> >>> -opcode- || -session_id- || -packet_id- || auth_tag || * payload * >> >> I am pretty that opcode is *not* authenticated looking the code. Which >> is probably not a problem but should not be documented as authenticated. >> (There is a buf_advance(buf ,1) before calling the unwrap function. > > No, the opcode *is* authenticated. See e.g. tls_crypt_wrap(), which > receives a dst buffer which is prepared with the opcode and session_id, > and computes the HMAC over the contents.
Yeah, I looked harder and see now the buffer pointer magic more clearly. My fault. I think that cipher_ctx_reset (ctx->cipher, tag); belongs into the encrypt block instead of the auth block. Arne ------------------------------------------------------------------------------ _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel