|
|
Charlie Hosner <chosner@xxxxxxxxx> said: > Does anyone (Jim) know the method uses to handle periodic rekeying in > OpenVPN. Particularly, I would like to know if the pre_master_secret and > master_secret are regenerated as in a TLS renegotiate, or are the old > pre_master_secret or master_secret just reexpanded using new client/server > random input as in a TLS resume_connection type of situation? I hope I > asked that right. I'm assuming OpenVPN is using the regular TLS key generation process. Every key renegotiation starts with new random source material (RAND_bytes), combined as follows using the TLS PRF function: [From ssl.c in OpenVPN source] /* * Use the TLS PRF function for generating data channel keys. * This code is taken from the OpenSSL library. * * TLS generates keys as such: * * master_secret[48] = PRF(pre_master_secret[48], "master secret", * ClientHello.random[32] + ServerHello.random[32]) * * key_block[] = PRF(SecurityParameters.master_secret[48], * "key expansion", * SecurityParameters.server_random[32] + * SecurityParameters.client_random[32]); * * Notes: * * (1) key_block contains a full set of 4 keys. * (2) The pre-master secret is generated by the client. */ > Also, we have no facility for non-repudiation in OpenVPN right? I'm not completely clear what you mean by non-repudiation. Do you mean in the sense that each side is able to cryptographically verify the authenticity of the other side and therefore prevent a man-in-the-middle attack or other forms of connection hijacking? If so, the answer is yes. > We are > sharing keys on both sides for hash and encrypt, so there is no way to > determine 100% which side sent the data. If you use TLS mode or if you use static key mode with the "key direction" parameter, there is no bidirectional key usage, so you can determine which side sent the data. > I don't know that we really need > non-rep for a tunnel between two trusted systems, I just want to make sure > I'm understanding this correctly. If non-rep = authentication, then I would certainly argue that you do need it in order to be secure. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |