summaryrefslogtreecommitdiff
path: root/src/options.cpp
diff options
context:
space:
mode:
authorChristian Pointner <equinox@anytun.org>2009-03-17 15:53:22 +0000
committerChristian Pointner <equinox@anytun.org>2009-03-17 15:53:22 +0000
commit7d04626ef28ca5d27bc8515660c58bb135aa8c93 (patch)
treed8affb3523764a4be6aba9b6bd227e875ebb2096 /src/options.cpp
parentremoved key derivation rate entirely (diff)
added support for configurabel auth tag length
Diffstat (limited to 'src/options.cpp')
-rw-r--r--src/options.cpp34
1 files changed, 33 insertions, 1 deletions
diff --git a/src/options.cpp b/src/options.cpp
index e58278a..94e3c44 100644
--- a/src/options.cpp
+++ b/src/options.cpp
@@ -38,6 +38,7 @@
#include "datatypes.h"
#include "options.h"
#include "log.h"
+#include "authAlgoFactory.h"
std::ostream& operator<<(std::ostream& stream, syntax_error const& error)
{
@@ -181,10 +182,12 @@ Options::Options() : key_(u_int32_t(0)), salt_(u_int32_t(0))
#ifndef NO_CRYPT
cipher_ = "aes-ctr";
auth_algo_ = "sha1";
+ auth_tag_length_ = 10;
kd_prf_ = "aes-ctr";
#else
cipher_ = "null";
auth_algo_ = "null";
+ auth_tag_length_ = 0;
kd_prf_ = "null";
#endif
role_ = ROLE_LEFT;
@@ -412,6 +415,7 @@ bool Options::parse(int argc, char* argv[])
#ifndef NO_CRYPT
PARSE_SCALAR_PARAM("-c","--cipher", cipher_)
PARSE_SCALAR_PARAM("-a","--auth-algo", auth_algo_)
+ PARSE_SCALAR_PARAM("-b","--auth-tag-length", auth_tag_length_)
#endif
#endif
@@ -443,6 +447,19 @@ void Options::parse_post()
kd_prf_ = "null";
if((cipher_ != "null" || auth_algo_ != "null") && kd_prf_ == "null")
cLog.msg(Log::PRIO_WARNING) << "using NULL key derivation with encryption and or authentication enabled!";
+
+
+#if defined(ANYTUN_OPTIONS)
+ u_int32_t tag_len_max = AuthAlgoFactory::getDigestLength(auth_algo_);
+ if(!tag_len_max) auth_tag_length_ = 0;
+ else if(tag_len_max < auth_tag_length_) {
+ cLog.msg(Log::PRIO_WARNING) << auth_algo_ << " auth algo can't generate tags of length " << auth_tag_length_ << ", using maximum tag length(" << tag_len_max << ")";
+ auth_tag_length_ = tag_len_max;
+ }
+#endif
+
+ if(anytun02_compat_)
+ cLog.msg(Log::PRIO_WARNING) << "--anytun02-compat is deprecated and very likly to be removed by the next release";
if(dev_name_ == "" && dev_type_ == "")
dev_type_ = "tun";
@@ -528,7 +545,6 @@ void Options::printUsage()
#ifndef NO_CRYPT
std::cout << " [-k|--kd-prf] <kd-prf type> key derivation pseudo random function" << std::endl;
std::cout << " [-e|--role] <role> left (alice) or right (bob)" << std::endl;
- std::cout << " [-O|--anytun02-compat] enable compatiblity mode for anytun 0.2.x and prior" << std::endl;
#ifndef NO_PASSPHRASE
std::cout << " [-E|--passphrase] <pass phrase> a passprhase to generate master key and salt from" << std::endl;
#endif
@@ -542,6 +558,7 @@ void Options::printUsage()
#ifndef NO_CRYPT
std::cout << " [-c|--cipher] <cipher type> payload encryption algorithm" << std::endl;
std::cout << " [-a|--auth-algo] <algo type> message authentication algorithm" << std::endl;
+ std::cout << " [-b|--auth-tag-length] length of the auth tag" << std::endl;
#endif
#endif
@@ -602,6 +619,7 @@ void Options::printOptions()
std::cout << std::endl;
std::cout << "cipher = '" << cipher_ << "'" << std::endl;
std::cout << "auth_algo = '" << auth_algo_ << "'" << std::endl;
+ std::cout << "auth_tag_length = " << auth_tag_length_ << std::endl;
std::cout << "kd_prf = '" << kd_prf_ << "'" << std::endl;
std::cout << "role = ";
switch(role_) {
@@ -971,6 +989,20 @@ Options& Options::setAuthAlgo(std::string a)
return *this;
}
+u_int32_t Options::getAuthTagLength()
+{
+ ReadersLock lock(mutex);
+ return auth_tag_length_;
+}
+
+Options& Options::setAuthTagLength(u_int32_t a)
+{
+ WritersLock lock(mutex);
+ auth_tag_length_ = a;
+ return *this;
+}
+
+
std::string Options::getKdPrf()
{
ReadersLock lock(mutex);