From a905c5f14cd6a7d2cb6f3d4cf42b87cd3f10f9dd Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Thu, 31 Oct 2024 15:53:28 +0100 Subject: [PATCH] Add an example how a large Cloud would implement tls-crypt-v2 Signed-off-by: Arne Schwabe --- openvpn-wire-protocol.xml | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/openvpn-wire-protocol.xml b/openvpn-wire-protocol.xml index 0a821d0..fe1531b 100644 --- a/openvpn-wire-protocol.xml +++ b/openvpn-wire-protocol.xml @@ -663,7 +663,7 @@ struct clear_control_payload { The 2048 bits client-specific key ``Kc`` is identical to the key for the control channel encryption. - The wrapped key has the foloowing components: + The standard format used by OpenVPN for the wrapped key has the foloowing components:
  1. The 2048 bits client-specific key ``Kc`` is identical to the key for the control channel encryption.
  2. @@ -720,8 +720,37 @@ WKc = T || AES-256-CTR(Ke, IV, Kc || metadata) || len
  3. Add the tls-crypt-v2 client key to the client config (``tls-crypt-v2 /path/to/client-specific.key``)
    4. + +
+ + Note, since the Wkc format is opaque to the client, a server can decided to use + a different format. For example when using a large infrastructure, e.g. a Cloud service, + it is desirable to allow using multiple different server keys to be able to replace a + compromised key or to be able to key rotation. + + In this scenario a cleartext key id should be added to allow the server to select + the key that should be used to decrypt the wrapped key. + + As example how to implement this wrapping, assume the server keys are using a 32 bit + index. The server key (Ke, Ka) with the index i is named Kai and Kei. +
+ +K_id = key id of server key Kai, Kei (32 bit, network order) + +len = len(WKc) (16 bit, network byte order) + +T = HMAC-SHA256(Kai, len || K_id || Kc || metadata) + +IV = 128 most significant bits of T + +WKc = T || AES-256-CTR(Ke, IV, Kc || metadata) || K_id || len + +
+ + + When setting up the OpenVPN connection: