Re: [Openvpn-devel] [PATCH v4] Introduce dynamic tls-crypt for secure soft_reset/session renegotiation

/* * key_id increments to KEY_ID_MASK then recycles back to 1. * This way you know that if key_id is 0, it is the first key. */ ++session->key_id; session->key_id &= P_KEY_ID_MASK; if (!session->key_id) { session->key_id = 1; } Okay, so

Re: [Openvpn-devel] [PATCH v4] Introduce dynamic tls-crypt for secure soft_reset/session renegotiation

On Mon, Jan 09, 2023 at 05:36:06PM +0100, Arne Schwabe wrote: > Am 09.01.23 um 16:01 schrieb Frank Lichtenheld: > > On Mon, Dec 12, 2022 at 12:27:45PM +0100, Arne Schwabe wrote: > > > Currently we have only one slot for renegotiation of the session/keys. > > > If a replayed/faked packet is

Re: [Openvpn-devel] [PATCH v4] Introduce dynamic tls-crypt for secure soft_reset/session renegotiation

Am 09.01.23 um 16:01 schrieb Frank Lichtenheld: On Mon, Dec 12, 2022 at 12:27:45PM +0100, Arne Schwabe wrote: Currently we have only one slot for renegotiation of the session/keys. If a replayed/faked packet is inserted by a malicous attacker, the legimate peer cannot renegotiate anymore. This

Re: [Openvpn-devel] [PATCH v4] Introduce dynamic tls-crypt for secure soft_reset/session renegotiation

On Mon, Dec 12, 2022 at 12:27:45PM +0100, Arne Schwabe wrote: > Currently we have only one slot for renegotiation of the session/keys. > If a replayed/faked packet is inserted by a malicous attacker, the > legimate peer cannot renegotiate anymore. > > This commit introduces dynamic tls-crypt.

[Openvpn-devel] [PATCH v4] Introduce dynamic tls-crypt for secure soft_reset/session renegotiation

Currently we have only one slot for renegotiation of the session/keys. If a replayed/faked packet is inserted by a malicous attacker, the legimate peer cannot renegotiate anymore. This commit introduces dynamic tls-crypt. When both peer support this feature, both peer create a dynamic tls-crypt