Hello Jan, Thank you for your answers.
2018-11-07 15:50 GMT+01:00 Jan Just Keijser <janj...@nikhef.nl>: > > In short: > - in CBC+SHA mode (iv + cipher + tag + hmac) = (16 + 16 + 0 + 32) = 64 > - in GCM mode (iv + cipher + tag + hmac) = (12 + 16 + 16 + 0) = 44 > This is a bit of a surprise. I was under the impression that the HMAC key data part of the IV was not transmitted over the line, and that the PACKET-ID forms the other 4 bytes of the IV (and is transmitted only once over the line). As such, my view was: AES-CBC: 20 (IP) + 8 (UDP) + 1 (OPCODE) + 3 (PEER-ID) + 16 (IV) + 32 (HMAC) + 4 (PACKET-ID) + 16 (max padding) = 100 bytes overhead. AES-GCM: 20 (IP) + 8 (UDP) + 1 (OPCODE) + 3 (PEER-ID) + 4 (IV = PACKET-ID) + 16 (TAG) = 52 bytes overhead. My remaining question was more in regards to the 8 byte HMAC key section of the IV (which I believe is not transmitted over the line). Where does it come from? Is it a sub section of the 32 byte HMAC key exchanged during (re-)keying? If so, which sub section? Is it perhaps a hash/KDF result of the 32 byte HMAC key? Is the key exchange changed to only send an 8 byte HMAC key in stead? Kind regards, Pieter Hulshoff
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
