Attention is currently required from: flichtenheld, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/797?usp=email )
Change subject: Use XOR instead of concatenation for calculation of IV from implicit IV ...................................................................... Patch Set 2: (5 comments) Commit Message: http://gerrit.openvpn.net/c/openvpn/+/797/comment/b59359cf_8e31314e : PS2, Line 12: IV generation code later. Question: what is the advantage or XOR'ing the IV with the packet ID? And why is the implicit IV growing from 32bits to 64? File src/openvpn/crypto.h: http://gerrit.openvpn.net/c/openvpn/+/797/comment/c99a7cfb_275919d0 : PS2, Line 168: size_t implicit_iv_len; /**< The length of implicit_iv */ why is the len being removed? What is the underlying assumption allowing us to drop the len? My wild wild guess: implicit IV len == packet ID size. Is that correct? http://gerrit.openvpn.net/c/openvpn/+/797/comment/a758a11d_0ceb58dd : PS2, Line 173: uint8_t implicit_iv[OPENVPN_MAX_IV_LENGTH]; I believe I understand the comment above, but I have troubles combining it with OPENVPN_MAX_IV_LENGTH that is 128 bits with OpenSSL. Does it mean we actually only fill part of the array when using AEAD (i.e. 32 bits)? Is this going to change with the new format and become 64 bits? Is the rest of the array therefore unused? Maybe this is explained somewhere else, but this comment alone leaves me with these open questions. File src/openvpn/crypto.c: http://gerrit.openvpn.net/c/openvpn/+/797/comment/ae81c136_3aaad761 : PS2, Line 102: * XOR of packet and implicit IV */ This comment doesn't fully compile. Are you saying that "implicit part = packet id XOR implcit iv"? If that's the case, I'll rephrase it a bit, like: "Remainder of IV is the result of packet id XOR'd with impliciti IV (the result is expected to be unique per session)." Or something along those lines. http://gerrit.openvpn.net/c/openvpn/+/797/comment/f435a313_33ac03a7 : PS2, Line 445: * XOR of packet counter and implicit IV */ same comment as before -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/797?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I74216d776d3e0a8dc987ec7b1671c8e8dcccdbd6 Gerrit-Change-Number: 797 Gerrit-PatchSet: 2 Gerrit-Owner: plaisthos <arne-open...@rfc2549.org> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-CC: cron2 <g...@greenie.muc.de> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-CC: ordex <a...@unstable.cc> Gerrit-Attention: plaisthos <arne-open...@rfc2549.org> Gerrit-Attention: flichtenheld <fr...@lichtenheld.com> Gerrit-Comment-Date: Tue, 12 Nov 2024 08:26:21 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
