Hi Jan, On 07-11-18 16:22, Jan Just Keijser wrote: > in CBC mode, "auth sha256" leads to an MTU adjustment of 68 bytes > leaving everything else constant, "auth sha512" leads to an MTU > adjustment of 68+32=100 bytes: > > crypto_adjust_frame_parameters: packet_id_size= 4 bytes > crypto_adjust_frame_parameters: cipher_kt_iv_size = 16 bytes > crypto_adjust_frame_parameters: cipher_kt_block_size = 16 bytes > crypto_adjust_frame_parameters: hmac_length = 64 bytes > crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by > 100 bytes > > and > /usr/sbin/ip link set dev tun1 up mtu 1396 > > so I cannot tell whether the entire HMAC is transmitted over the wire > with every packet, but I *DO* see that OpenVPN subtracts another 32 > bytes from the tun-mtu if I increase the HMAC size from SHA256 (32 > bytes) to SHA512 (64 bytes). > Again, I am not saying that this is the correct behaviour, I am just > stating this is the *observed* behaviour.
Yes, this is intended and correct behaviour. In CBC mode, the HMAC tag size depends on the chosen algorithm. OpenVPN could have chosen to truncate the tags; just sending the first 256 bits of HMAC-SHA512 authentication tags is perfectly secure too. The design of this data packet format is from long before my time so I can only speculate about the reason, but I guess the original design only included HMAC-SHA1 and later on someone added support for other algorithms without rethinking whether to send all the tag data or just part of it. I think Pieter's question was about whether the 8-byte part of the AEAD IV was transmitted over the wire or not. It is not, because there is no need to. This was proposed by James in this mail: https://www.mail-archive.com/[email protected]/msg09681.html -Steffan _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
