Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add an example how a large Cloud would implement tls-crypt-v2 #8

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 30 additions & 1 deletion openvpn-wire-protocol.xml
Original file line number Diff line number Diff line change
Expand Up @@ -663,7 +663,7 @@ struct clear_control_payload {
The 2048 bits client-specific key ``Kc`` is identical to the key for the control channel encryption.
</t>
<t>
The wrapped key has the foloowing components:
The standard format used by OpenVPN for the wrapped key has the foloowing components:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"following"

<ol>
<li>The 2048 bits client-specific key ``Kc`` is identical to the key for the control channel encryption. </li>
<li>
Expand Down Expand Up @@ -720,8 +720,37 @@ WKc = T || AES-256-CTR(Ke, IV, Kc || metadata) || len

<li> Add the tls-crypt-v2 client key to the client config
(``tls-crypt-v2 /path/to/client-specific.key``)</li>


</ol>
</t>

<t> Note, since the Wkc format is opaque to the client, a server can decided to use
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"a server can decide"

a different format. For example when using a large infrastructure, e.g. a Cloud service,
it is desirable to allow using multiple different server keys to be able to replace a
compromised key or to be able to key rotation. </t>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"to be able to do key rotation"


<t> In this scenario a cleartext key id should be added to allow the server to select
the key that should be used to decrypt the wrapped key.</t>

<t> As example how to implement this wrapping, assume the server keys are using a 32 bit
index. The server key (Ke, Ka) with the index i is named Kai and Kei.
<figure>
<sourcecode>
K_id = key id of server key Kai, Kei (32 bit, network order)

len = len(WKc) (16 bit, network byte order)

T = HMAC-SHA256(Kai, len || K_id || Kc || metadata)

IV = 128 most significant bits of T

WKc = T || AES-256-CTR(Ke, IV, Kc || metadata) || K_id || len
</sourcecode>
</figure>
</t>



<t>
When setting up the OpenVPN connection:
Expand Down