Next: , Previous: , Up: Security   [Contents][Index]


8.3.3 Encryption of network packets

A data packet can only be sent if the encryption key is known to both parties, and the connection is activated. If the encryption key is not known, a request is sent to the destination using the meta connection to retrieve it.

The UDP packets can be either encrypted with the legacy protocol or with SPTPS. In case of the legacy protocol, the UDP packet containing the network packet from the VPN has the following layout:

... | IP header | UDP header | seqno | VPN packet | MAC | UDP trailer
                             \___________________/\_____/
                                       |             |
                                       V             +---> digest algorithm
                         Encrypted with symmetric cipher

So, the entire VPN packet is encrypted using a symmetric cipher, including a 32 bits sequence number that is added in front of the actual VPN packet, to act as a unique IV for each packet and to prevent replay attacks. A message authentication code is added to the UDP packet to prevent alteration of packets. Tinc by default encrypts network packets using Blowfish with 128 bit keys in CBC mode and uses 4 byte long message authentication codes to make sure eavesdroppers cannot get and cannot change any information at all from the packets they can intercept. The encryption algorithm and message authentication algorithm can be changed in the configuration. The length of the message authentication codes is also adjustable. The length of the key for the encryption algorithm is always the default length used by LibreSSL/OpenSSL.

The SPTPS protocol is described in Simple Peer-to-Peer Security. For comparison, this is how SPTPS UDP packets look:

... | IP header | UDP header | seqno | type | VPN packet | MAC | UDP trailer
                                     \__________________/\_____/
                                               |            |
                                               V            +---> digest algorithm
                                 Encrypted with symmetric cipher

The difference is that the seqno is not encrypted, since the encryption cipher is used in CTR mode, and therefore the seqno must be known before the packet can be decrypted. Furthermore, the MAC is never truncated. The SPTPS protocol always uses the AES-256-CTR cipher and HMAC-SHA-256 digest, this cannot be changed.


Next: , Previous: , Up: Security   [Contents][Index]