BLAKE2 support for hashing.

This is where we can discuss what we would like to see added or changed in OpenVPN.

Joined: Sat Feb 06, 2021 7:17 am

BLAKE2 support for hashing.

Post by mooduck » Sat Feb 06, 2021 8:20 am

Hey there guys!

i've been trying to make some wireguard out of openvpn and since release 2.5.0 it can be possible. im already setup ec in easy-rsa instead of rsa and the chacha20Poly1305 chipher and wintun adapter and it works very fast, but it not enough and we have to go deeper.

So there is an option called auth

like it says in man

130 root@ovpnsrc ~ # openvpn --show-digests
The following message digests are available for use with
OpenVPN.  A message digest is used in conjunction with
the HMAC function, to authenticate received packets.
You can specify a message digest as parameter to
the --auth option.

MD5 128 bit digest size
RSA-MD5 128 bit digest size
SHA1 160 bit digest size
RSA-SHA1 160 bit digest size
MDC2 128 bit digest size
RSA-MDC2 128 bit digest size
MD5-SHA1 288 bit digest size
RSA-SHA1-2 160 bit digest size
RIPEMD160 160 bit digest size
RSA-RIPEMD160 160 bit digest size
MD4 128 bit digest size
RSA-MD4 128 bit digest size
RSA-SHA256 256 bit digest size
RSA-SHA384 384 bit digest size
RSA-SHA512 512 bit digest size
RSA-SHA224 224 bit digest size
SHA256 256 bit digest size
SHA384 384 bit digest size
SHA512 512 bit digest size
SHA224 224 bit digest size
whirlpool 512 bit digest size
BLAKE2b512 512 bit digest size
BLAKE2s256 256 bit digest size
SHA512-224 224 bit digest size
SHA512-256 256 bit digest size
SHA3-224 224 bit digest size
SHA3-256 256 bit digest size
SHA3-384 384 bit digest size
SHA3-512 512 bit digest size
SHAKE128 128 bit digest size
SHAKE256 256 bit digest size
id-rsassa-pkcs1-v1_5-with-sha3-224 224 bit digest size
id-rsassa-pkcs1-v1_5-with-sha3-256 256 bit digest size
id-rsassa-pkcs1-v1_5-with-sha3-384 384 bit digest size
id-rsassa-pkcs1-v1_5-with-sha3-512 512 bit digest size
SM3 256 bit digest size
RSA-SM3 256 bit digest size
RSA-SHA512/224 224 bit digest size
RSA-SHA512/256 256 bit digest size
BLAKE2 is in the list, but when i added it to the server.conf nothing seems to be happening - ovpn just dont care - it still shows me

Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
mine server.conf is
Server config

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh none
ifconfig-pool-persist ipp.txt
push "route"
keepalive 10 120

tls-crypt ta.key
data-ciphers CHACHA20-POLY1305
cipher CHACHA20-POLY1305
tls-ciphersuites TLS_CHACHA20_POLY1305_SHA256
auth BLAKE2b512

user nobody
group nogroup.
status openvpn-status.log
verb 3
explicit-exit-notify 1

"why do he need blake2 support anyway?" you probably wonder - it simple just look here
its significantly faster than sha ones
Joined: Fri Jun 03, 2016 1:17 pm

Re: BLAKE2 support for hashing.

Post by TinCanTech » Sat Feb 06, 2021 1:45 pm

HASH is not encryption .. what about the rest of your log at --verb 4

Joined: Sat Feb 06, 2021 7:17 am

Re: BLAKE2 support for hashing.

Post by mooduck » Sat Feb 06, 2021 2:41 pm

my bad, guess im confusing things, im just taked another look into the man and did some search in the forum - now im guessing that the real question should be like - can i use --auth alg with --tls-crypt instead of tls-auth? and do i need that anyway?(since the tls-crypt crypts everything from the start of the handshake)

--auth alg

Authenticate data channel packets and (if enabled) tls-auth control channel packets with HMAC using message digest algorithm alg. (The default is SHA1 ). HMAC is a commonly used message authentication algorithm (MAC) that uses a data string, a secure hash algorithm and a key to produce a digital signature.

The OpenVPN data channel protocol uses encrypt-then-mac (i.e. first encrypt a packet then HMAC the resulting ciphertext), which prevents padding oracle attacks.

If an AEAD cipher mode (e.g. GCM) is chosen then the specified --auth algorithm is ignored for the data channel and the authentication method of the AEAD cipher is used instead. Note that alg still specifies the digest used for tls-auth.

In static-key encryption mode, the HMAC key is included in the key file generated by --genkey. In TLS mode, the HMAC key is dynamically generated and shared between peers via the TLS control channel. If OpenVPN receives a packet with a bad HMAC it will drop the packet. HMAC usually adds 16 or 20 bytes per packet. Set alg=none to disable authentication.
Last edited by mooduck on Sat Feb 06, 2021 2:49 pm, edited 1 time in total.

Joined: Sat Feb 06, 2021 7:17 am

Re: BLAKE2 support for hashing.

Post by mooduck » Sat Feb 06, 2021 2:47 pm

here goes log with verb 4

2021-02-06 17:41:26 us=7246 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2021-02-06 17:41:26 us=7246 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-02-06 17:41:26 us=7246 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2021-02-06 17:41:26 us=7246 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-02-06 17:41:26 us=7246 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
2021-02-06 17:41:26 us=7246 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2021-02-06 17:41:26 us=7246 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1534,tun-mtu 1500,proto UDPv4,keydir 1,cipher CHACHA20-POLY1305,auth [null-digest],keysize 256,key-method 2,tls-client'
2021-02-06 17:41:26 us=7246 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1534,tun-mtu 1500,proto UDPv4,keydir 0,cipher CHACHA20-POLY1305,auth [null-digest],keysize 256,key-method 2,tls-server'
2021-02-06 17:41:26 us=7246 TCP/UDP: Preserving recently used remote address: [AF_INET]
2021-02-06 17:41:26 us=7246 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-02-06 17:41:26 us=7246 UDP link local: (not bound)
2021-02-06 17:41:26 us=7246 UDP link remote: [AF_INET]
2021-02-06 17:41:26 us=7246 MANAGEMENT: >STATE:1612622486,WAIT,,,,,,
2021-02-06 17:41:26 us=29504 MANAGEMENT: >STATE:1612622486,AUTH,,,,,,
2021-02-06 17:41:26 us=29504 TLS: Initial packet from [AF_INET], sid=daa5fbeb 68ae9e22
2021-02-06 17:41:26 us=49353 VERIFY KU OK
2021-02-06 17:41:26 us=49353 Validating certificate extended key usage
2021-02-06 17:41:26 us=49353 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-02-06 17:41:26 us=49353 VERIFY EKU OK
2021-02-06 17:41:26 us=49353 VERIFY OK: depth=0, CN=server
2021-02-06 17:41:26 us=69240 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256
2021-02-06 17:41:26 us=69240 [server] Peer Connection Initiated with [AF_INET]
2021-02-06 17:41:26 us=89578 PUSH: Received control message: 'PUSH_REPLY,route,route,topology net30,ping 10,ping-restart 120,ifconfig,peer-id 0,cipher CHACHA20-POLY1305'
2021-02-06 17:41:26 us=89578 OPTIONS IMPORT: timers and/or timeouts modified
2021-02-06 17:41:26 us=89578 OPTIONS IMPORT: --ifconfig/up options modified
2021-02-06 17:41:26 us=89578 OPTIONS IMPORT: route options modified
2021-02-06 17:41:26 us=89578 OPTIONS IMPORT: peer-id set
2021-02-06 17:41:26 us=89578 OPTIONS IMPORT: adjusting link_mtu to 1624
2021-02-06 17:41:26 us=89578 OPTIONS IMPORT: data channel crypto options modified
2021-02-06 17:41:26 us=89578 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2021-02-06 17:41:26 us=89578 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2021-02-06 17:41:26 us=89578 interactive service msg_channel=592
2021-02-06 17:41:26 us=89578 ROUTE_GATEWAY I=12 HWADDR=d4:3d:7e:b1:3a:5e
2021-02-06 17:41:26 us=89578 open_tun
2021-02-06 17:41:26 us=99525 Ring buffers registered via service
2021-02-06 17:41:26 us=99525 wintun device [OpenVPN Wintun] opened
2021-02-06 17:41:26 us=99525 do_ifconfig, ipv4=1, ipv6=0
2021-02-06 17:41:26 us=99525 MANAGEMENT: >STATE:1612622486,ASSIGN_IP,,,,,,
2021-02-06 17:41:26 us=99525 INET address service: add
2021-02-06 17:41:26 us=99525 IPv4 MTU set to 1500 on interface 11 using service
2021-02-06 17:41:26 us=99525 MANAGEMENT: >STATE:1612622486,ADD_ROUTES,,,,,,
2021-02-06 17:41:26 us=99525 C:\WINDOWS\system32\route.exe ADD MASK
2021-02-06 17:41:26 us=99525 Route addition via service succeeded
2021-02-06 17:41:26 us=99525 C:\WINDOWS\system32\route.exe ADD MASK
2021-02-06 17:41:26 us=109205 Route addition via service succeeded
2021-02-06 17:41:26 us=109205 Initialization Sequence Completed
2021-02-06 17:41:26 us=109205 MANAGEMENT: >STATE:1612622486,CONNECTED,SUCCESS,,,1194,,

Joined: Sat Feb 06, 2021 7:17 am

Re: BLAKE2 support for hashing.

Post by mooduck » Sat Feb 06, 2021 2:57 pm

im confused with the

auth [null-digest]
in that log, my guess is that because i use tls-crypt not tls-auth

Joined: Fri Jun 03, 2016 1:17 pm

Re: BLAKE2 support for hashing.

Post by TinCanTech » Sat Feb 06, 2021 3:26 pm

mooduck wrote:
Sat Feb 06, 2021 2:57 pm
im confused with the

auth [null-digest]
in that log, my guess is that because i use tls-crypt not tls-auth
It's complicated..

Computer security is complicated and because of that, people who understand how these things fit together make a lot of decisions for you, in order that things work correctly. It is easy to misconfigure openvpn and end up with insecure settings.

Something which may help you see the bigger picture:
  • --auth is applied to data channel packets
    The data channel cipher may over-write your configured HASH algorithm
  • --tls-auth is applied to control channel packets
    The control channel cipher will almost certainly over-write your configured HASH algorithm
Reason: Some of those advanced ciphers have hashing built-in, which is faster and more reliable.

Joined: Sat Feb 06, 2021 7:17 am

Re: BLAKE2 support for hashing.

Post by mooduck » Sat Feb 06, 2021 3:38 pm

TinCanTech wrote:
Sat Feb 06, 2021 3:26 pm
It is easy to misconfigure openvpn and end up with insecure settings.
exactly! insecure settings that's what im affraid of mostly(dont know why - nsa can crack anything though).
Everything in it's place now - in the cipher chacha20poly1305 - poly1305 is auth alg for mac thats overwrite my auth setting(again just guessing).
Thanks for the answer man! im guess that only one thing i can do about it - drink for that people which provide to us that "computer security things"(that i dont know sh about).

Joined: Fri Jun 03, 2016 1:17 pm

Re: BLAKE2 support for hashing.

Post by TinCanTech » Sat Feb 06, 2021 4:05 pm

mooduck wrote:
Sat Feb 06, 2021 3:38 pm
nsa can crack anything though
They wish :D

They have been caught trying to poison code but they cannot crack anything yet. Unless they arrest you..

Joined: Sat Feb 06, 2021 7:17 am

Re: BLAKE2 support for hashing.

Post by mooduck » Wed Feb 10, 2021 5:23 am

well i can confrim that the BLAKE2 is working so you can close this thread.
like i was guessing(and you were right) - when i use tls-auth everything is fine and nothing seems to overwrite mine auth settings

Outgoing Control Channel Authentication: Using 512 bit message hash 'BLAKE2b512' for HMAC authentication
Incoming Control Channel Authentication: Using 512 bit message hash 'BLAKE2b512' for HMAC authentication
but when im switches to tls-crypt - then auth option became useless 'cause it's doesn't set the hash algo you want, something is overwrite this option

Joined: Fri Jun 03, 2016 1:17 pm

Re: BLAKE2 support for hashing.

Post by TinCanTech » Wed Feb 10, 2021 4:34 pm

--tls-crypt does not use a hash it uses crypto .. so no hash.

