Omit the timestamp when we compute the hmac

[dinosaure]

We probably should update the Packet.to_be_signed_header. /cc @reynir

See:

miragevpn/src/packet.ml

Lines 132 to 156 in 64f2b7d

	let to_be_signed_header ?(more = 0) op header =
	(* packet_id ++ timestamp ++ operation ++ session_id ++ ack_len ++ acks ++ remote_session ++ msg_id *)
	let acks =
	match header.ack_message_ids with
	| [] -> 0
	| x -> List.length x * packet_id_len
	and rses = match header.remote_session with None -> 0 | Some _ -> 8 in
	let buflen = packet_id_len + 4 + 1 + 8 + 1 + acks + rses + more in
	let buf = Cstruct.create buflen in
	Cstruct.BE.set_uint32 buf 0 header.packet_id;
	Cstruct.BE.set_uint32 buf 4 header.timestamp;
	Cstruct.set_uint8 buf 8 op;
	Cstruct.BE.set_uint64 buf 9 header.local_session;
	Cstruct.set_uint8 buf 17 (List.length header.ack_message_ids);
	let rec enc_ack off = function
	| [] -> ()
	| hd :: tl ->
	Cstruct.BE.set_uint32 buf off hd;
	enc_ack (off + 4) tl
	in
	enc_ack 18 header.ack_message_ids;
	(match header.remote_session with
	| None -> ()
	| Some x -> Cstruct.BE.set_uint64 buf (18 + acks) x);
	(buf, 18 + acks + rses)

[reynir]

To add the motivation for this is the openvpn-rfc document says the replay_packet_id (packet id + optional timestamp) is without the timestamp for tls-crypt-v2. This does not seem to correspond with what the openvpn source code does. As the openvpn-rfc seems to be wrong I am closing this.

Please reopen if this becomes relevant again.