Hi Tony, The graphic is wrong. Some of the text that you can find in the code comes from old internal documentation and it hasn't always been updated.
To clarify, AES-GCM (and ChaCha20Poly1305) accepts a 12 bytes nonce that OpenVPN creates by concatenating the 4 bytes packet ID (sent over the wire) with 8 bytes nonce-tail generated from the key material. So all numbers in the doc are correct - just the hex string is wrong. It is now fixed. Thanks for reporting. Please note that the documentation in the code is still work in progress, so some other inconsistency may jump out every now and then. Cheers, On 25/11/2020 03:33, Tony He wrote: > Hi Antonio, > > I'm reading the source code to study this module driven by intertest. > I'm new to crypto stuffs. In pktid.h: > > /* When the OpenVPN protocol is run in AEAD mode, use > * the OpenVPN packet ID as the AEAD nonce: > * > * 00000005 521c3b01 4308c041 83ba3099 > * [seq # ] [nonce_tail ] > * [ 12-byte full IV ] -> > NONCE_SIZE > * [4-bytes -> > NONCE_WIRE_SIZE > * on wire] > */ > > /* AEAD nonce size */ > #define NONCE_SIZE 12 > > Is " 00000005 521c3b01 4308c041 83ba3099" wrong? Its size is 16 bytes, > but you also comment > "12-byte full IV" after two lines of it. > > Tony -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
