-
Notifications
You must be signed in to change notification settings - Fork 3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Trigger renegotiation of data key if getting close to the AEAD usage …
…limit This implements the limitation of AEAD key usage[1] with a confidentiality margin of 2^-57, the same as TLS 1.3. In this implementation, unlike TLS 1.3 that counts the number of records, we count the actual number of packets and plaintext blocks. TLS 1.3 can reasonable assume that for large data transfers, full records are used and therefore the maximum record size of 2**14 (2*10 blocks) is used to calculate the number of records before a new key needs to be used. For a VPN like OpenVPN, the same calculation would either require using a pessimistic assumption of using a MTU size of 65k which limits us to 2^24 packets, which equals only 24 GB with more common MTU/MSS of 1400 or requiring a dynamic calculation which includes the actual MTU that we allow to send. For 1500 the calculation yields 2*29.4 which is a quite significant higher number of packets (923 GB at 1400 MSS/MTU). To avoid this dynamic calculation and also avoid needing to know the MSS/MTU size in the crypto layer, this implementation foregoes the simplification of counting just packets but will count blocks and packets instead and determines the limit from that. This also has the side effect that connections with a lot of small packets (like TCP ACKs) mixed with large packets will be able to keep using the same key much longer until requiring a renegotiation. This patch will set the limit where to trigger the renegotiation at 7/8 of the recommended maximum value. [1] https://www.ietf.org/archive/id/draft-irtf-cfrg-aead-limits-08.html Testing instructions: The easiest way to test if this patch works as intended is to manually change the return value of cipher_get_aead_limits to some silly low value like 2048. After a bit of VPN traffic, a soft reset should occur that indicates being over the TLS: soft reset sec=41/3600 bytes=59720/-1 pkts=78/0 aead_limit_send=1883/1792 aead_limit_recv=1937/1792 Here the send limit is over the limit (1792 = 2048 * 8/7). Change-Id: I057f007577f10c6ac917ee4620ee3d2559187dc7 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20241221153731.1755-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg30144.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
- Loading branch information
Showing
6 changed files
with
169 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters