Changes between Initial Version and Version 1 of 327-changed-hex-bytes-in-the-static-key-the-key-still-connects-to-a-remote-peer-using-the-original-key

Timestamp:

01/30/14 16:21:44 (10 years ago)

Author:

Samuli Seppänen

Comment:

--

327-changed-hex-bytes-in-the-static-key-the-key-still-connects-to-a-remote-peer-using-the-original-key

@@ +1 @@
+= Changed hex bytes in the static key, the key still connects to a remote peer using the original key. =
+
+{{{
+#!html
+<div>Q: I edited my OpenVPN static key, changing some of the hex bytes, but the key still connects to a remote peer which is using the original key. Is this a bug?</div>
+<div></div>
+<div>&gt;When I modify the Preshared 2048 bit Static Key on the Initiator Side of the</div>
+<div>&gt;Tunnel(don't tested the other way) I'm anyhow able to  establish the</div>
+<div>&gt;Tunnel an send Packets through the Tunnel. I don't understand</div>
+<div>&gt;the Key splitting and handling as described below,   but I think the Keys</div>
+<div>&gt;on both Sides of the Tunnel should be identical for the Tunnel to be</div>
+<div>&gt;established.</div>
+<div></div>
+<div>&gt;I can    modify every Char in Line 2,3,4,7,8,9,10,11,12,13,14,15,16 without</div>
+<div>any effect and think this is possible a Bug.</div>
+<div></div>
+<div>&gt;Bye</div>
+<div>&gt;   Klaus</div>
+<div></div>
+<div>No, this is not a bug.  The 2048 bit static key is designed to be large</div>
+<div>enough to allow 512 bit encrypt, decrypt, HMAC send,    and HMAC receive keys</div>
+<div>to be extracted from it.</div>
+<div></div>
+<div>However, this key size is far too large for current conventional OpenVPN</div>
+<div>usage.     OpenVPN uses the 128 bit blowfish cipher by default.  It also uses</div>
+<div>the 160 bit HMAC-SHA1 as a cryptographic signature on packets to protect  <span> </span></div>
+<div>against tampering.  Since you probably didn't specify a key direction</div>
+<div>parameter, the encrypt/decrypt keys for both directions are the  <span> </span>same and</div>
+<div>the HMAC keys for both directions are also the same.</div>
+<div></div>
+<div>That means that OpenVPN is only actually using 128 + 160 = 288 bits  <span> </span>out of</div>
+<div>the file -- much less than the 2048 bits which are available.</div>
+<div></div>
+<div>Below, I will show a sample 2048 bit OpenVPN key, bracketed  <span> </span>to show which</div>
+<div>bits are actually used for key material, assuming default crypto settings:</div>
+<div></div>
+<div>#</div>
+<div># 2048 bit OpenVPN static key</div>
+<div><span> </span>#</div>
+<div>-----BEGIN OpenVPN Static key V1-----</div>
+<div>[eac9ae92cd73c5c2d6a2338b5a22263a] -> 128 bits for cipher</div>
+<div>4ef4a22326d2a996e0161d25d41150c8 <span> </span></div>
+<div>38bebc451ccf8ad19c7d1c7ce09742c3</div>
+<div>2047ba60f1d97d47c88f7ab0afafb2ce</div>
+<div>[f702cb04c7d15ff2606736c1825e830a  -> 160 bits for HMAC  <span> </span>SHA1</div>
+<div>7e30a796] 4b82825d6767a04b3c8f4583</div>
+<div>d4928127262c3a8603776bd6da339f69</div>
+<div>dece3bbfee35f1dceb7cbceaef4c6933</div>
+<div><span> </span>2c2cef8ac550ed15213b216b825ab31e</div>
+<div>49840f99ff9df3c5f31156439ed6b99c</div>
+<div>4fc1bff417d33d77134365e38c9d71cd</div>
+<div>e294ba6e65d51703d6d4a629d5fc618e <span> </span></div>
+<div>adddb889b8173ac79b4261328770bbbe</div>
+<div>74294bc79e357c82af9ef53f2968be6a</div>
+<div>007e6022da0a1a39f2ed5660f94a5926</div>
+<div><span> </span>35d72e5838dd78dd680d91f6edcf6988</div>
+<div>-----END OpenVPN Static key V1-----</div>
+<div></div>
+<div>As you can see, the only lines actually used are 1, 5, and 6.   <span> </span>And of</div>
+<div>course, that matches up perfectly with what you observed.</div>
+<div></div>
+<div>To verify this, run OpenVPN as follows:</div>
+<div></div>
+<div>openvpn --dev  <span> </span>null --verb 7 --secret key | grep 'crypt:'</div>
+<div></div>
+<div>where 'key' is a file containing the key shown above.</div>
+<div></div>
+<div>Static Encrypt: Cipher  <span> </span>'BF-CBC' initialized with 128 bit key</div>
+<div>Static Encrypt: CIPHER KEY: eac9ae92 cd73c5c2 d6a2338b 5a22263a</div>
+<div>Static Encrypt: Using 160 bit message  <span> </span>hash 'SHA1' for HMAC authentication</div>
+<div>Static Encrypt: HMAC KEY: f702cb04 c7d15ff2 606736c1 825e830a 7e30a796</div>
+<div>Static Decrypt: Cipher 'BF-CBC'  <span> </span>initialized with 128 bit key</div>
+<div>Static Decrypt: CIPHER KEY: eac9ae92 cd73c5c2 d6a2338b 5a22263a</div>
+<div>Static Decrypt: Using 160 bit message hash  <span> </span>'SHA1' for HMAC authentication</div>
+<div>Static Decrypt: HMAC KEY: f702cb04 c7d15ff2 606736c1 825e830a 7e30a796</div>
+<div></div>
+<div>Note that the keys which are  <span> </span>shown in the OpenVPN output exactly match the</div>
+<div>bracketed section of the key source.</div>
+<div></div>
+<div>Now if you want to use more of the key material,  <span> </span>it is possible to use two</div>
+<div>sets of encrypt/HMAC keys, one for each direction:</div>
+<div></div>
+<div>openvpn --dev null --verb 7 --secret key 0 | grep  <span> </span>'crypt:'</div>
+<div></div>
+<div>(Note that the '0' after key chooses one symmetrical direction -- the</div>
+<div>opposite peer would use a '1' to choose the other  <span> </span>direction).</div>
+<div></div>
+<div>Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key</div>
+<div>Static Encrypt: CIPHER KEY: eac9ae92 cd73c5c2 d6a2338b  <span> </span>5a22263a</div>
+<div>Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication</div>
+<div>Static Encrypt: HMAC KEY: f702cb04 c7d15ff2 606736c1  <span> </span>825e830a 7e30a796</div>
+<div>Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key</div>
+<div>Static Decrypt: CIPHER KEY: 2c2cef8a c550ed15 213b216b  <span> </span>825ab31e</div>
+<div>Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication</div>
+<div>Static Decrypt: HMAC KEY: adddb889 b8173ac7 9b426132  <span> </span>8770bbbe 74294bc7</div>
+<div></div>
+<div>Now notice that the Encrypt and Decrypt keys are no longer identical.  The</div>
+<div>encrypt keys are drawing key material  <span> </span>from lines 1, 5, and 6 in the key</div>
+<div>file, while the decrypt keys are drawing from lines 9, 13, and 14.</div>
+<div></div>
+<div>Now the opposite peer will use  <span> </span>a key-direction of 1:</div>
+<div></div>
+<div>openvpn --dev null --verb 7 --secret key 1 | grep 'crypt:'</div>
+<div></div>
+<div>Static Encrypt: Cipher 'BF-CBC' initialized  <span> </span>with 128 bit key</div>
+<div>Static Encrypt: CIPHER KEY: 2c2cef8a c550ed15 213b216b 825ab31e</div>
+<div>Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC <span> </span> authentication</div>
+<div>Static Encrypt: HMAC KEY: adddb889 b8173ac7 9b426132 8770bbbe 74294bc7</div>
+<div>Static Decrypt: Cipher 'BF-CBC' initialized with 128  <span> </span>bit key</div>
+<div>Static Decrypt: CIPHER KEY: eac9ae92 cd73c5c2 d6a2338b 5a22263a</div>
+<div>Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC  <span> </span>authentication</div>
+<div>Static Decrypt: HMAC KEY: f702cb04 c7d15ff2 606736c1 825e830a 7e30a796</div>
+<div></div>
+<div>Notice how the Encrypt and Decrypt keys are  <span> </span>swapped, in relation to the</div>
+<div>key-direction 1 example.</div>
+<div></div>
+<div>So you might ask why is the OpenVPN static key file so large, if such a</div>
+<div><span> </span>small percentage of the bits are currently used?  The answer is to</div>
+<div>accomodate future ciphers and HMAC hashes which use large keys.  Changing  <span> </span></div>
+<div>a file format is obviously problematic from a compatibility perspective,</div>
+<div>so 2048 bits were chosen so that two sets of 512-bit encrypt and  <span> </span>HMAC keys</div>
+<div>could be derived for two separate key directions.</div>
+<div></div>
+}}}
+
+[wiki:FAQ Return to FAQ]