diff options
-rw-r--r-- | cmd-option-letters | 2 | ||||
-rw-r--r-- | src/anytun-config.cpp | 2 | ||||
-rw-r--r-- | src/anytun.cpp | 9 | ||||
-rw-r--r-- | src/cipher.cpp | 17 | ||||
-rw-r--r-- | src/cipher.h | 9 | ||||
-rw-r--r-- | src/cipherFactory.cpp | 20 | ||||
-rw-r--r-- | src/cipherFactory.h | 2 | ||||
-rw-r--r-- | src/connectionList.cpp | 2 | ||||
-rw-r--r-- | src/keyDerivation.cpp | 26 | ||||
-rw-r--r-- | src/keyDerivation.h | 20 | ||||
-rw-r--r-- | src/keyDerivationFactory.cpp | 20 | ||||
-rw-r--r-- | src/keyDerivationFactory.h | 2 | ||||
-rw-r--r-- | src/options.cpp | 19 | ||||
-rw-r--r-- | src/options.h | 3 |
14 files changed, 36 insertions, 117 deletions
diff --git a/cmd-option-letters b/cmd-option-letters index 340ed83..cdb16b3 100644 --- a/cmd-option-letters +++ b/cmd-option-letters @@ -42,7 +42,7 @@ K: master key L: logging M: remote sync hosts N: -O: anytun 0.2 compat mode // deprecated +O: P: write pid file Q: R: route diff --git a/src/anytun-config.cpp b/src/anytun-config.cpp index 75f418a..1004c6e 100644 --- a/src/anytun-config.cpp +++ b/src/anytun-config.cpp @@ -54,7 +54,7 @@ void createConnection(const PacketSourceEndpoint & remote_end, ConnectionList & { SeqWindow * seq = new SeqWindow(seqSize); seq_nr_t seq_nr_ = 0; - KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf(), gOpt.getAnytun02Compat()); + KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf()); kd->init(gOpt.getKey(), gOpt.getSalt(), gOpt.getPassphrase()); kd->setRole(gOpt.getRole()); cLog.msg(Log::PRIO_NOTICE) << "added connection remote host " << remote_end; diff --git a/src/anytun.cpp b/src/anytun.cpp index 264e26f..34fd5f5 100644 --- a/src/anytun.cpp +++ b/src/anytun.cpp @@ -84,7 +84,7 @@ void createConnection(const PacketSourceEndpoint& remote_end, window_size_t seqS { SeqWindow* seq = new SeqWindow(seqSize); seq_nr_t seq_nr_=0; - KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf(), gOpt.getAnytun02Compat()); + KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf()); kd->init(gOpt.getKey(), gOpt.getSalt(), gOpt.getPassphrase()); kd->setRole(gOpt.getRole()); cLog.msg(Log::PRIO_NOTICE) << "added connection remote host " << remote_end; @@ -135,7 +135,7 @@ void sender(TunDevice* dev, PacketSource* src) try { - std::auto_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_OUTBOUND, gOpt.getAnytun02Compat())); + std::auto_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_OUTBOUND)); std::auto_ptr<AuthAlgo> a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_OUTBOUND) ); PlainPacket plain_packet(MAX_PACKET_LENGTH); @@ -224,7 +224,7 @@ void receiver(TunDevice* dev, PacketSource* src) try { - std::auto_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_INBOUND, gOpt.getAnytun02Compat())); + std::auto_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_INBOUND)); std::auto_ptr<AuthAlgo> a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_INBOUND)); EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH, gOpt.getAuthTagLength()); @@ -431,9 +431,6 @@ int main(int argc, char* argv[]) gResolver.init(); #ifndef NO_CRYPT - if(gOpt.getAnytun02Compat()) - cLog.msg(Log::PRIO_NOTICE) << "enabling anytun 0.2.x crypto compatiblity mode"; - #ifndef USE_SSL_CRYPTO // this must be called before any other libgcrypt call if(!initLibGCrypt()) diff --git a/src/cipher.cpp b/src/cipher.cpp index 15c9af2..ddde683 100644 --- a/src/cipher.cpp +++ b/src/cipher.cpp @@ -79,22 +79,11 @@ AesIcmCipher::AesIcmCipher(kd_dir_t d) : Cipher(d), key_(u_int32_t(DEFAULT_KEY_L init(); } - -AesIcmCipher::AesIcmCipher(kd_dir_t d, bool a) : Cipher(d, a), key_(u_int32_t(DEFAULT_KEY_LENGTH/8)), salt_(u_int32_t(SALT_LENGTH)) -{ - init(); -} - AesIcmCipher::AesIcmCipher(kd_dir_t d, u_int16_t key_length) : Cipher(d), key_(u_int32_t(key_length/8)), salt_(u_int32_t(SALT_LENGTH)) { init(key_length); } -AesIcmCipher::AesIcmCipher(kd_dir_t d, bool a, u_int16_t key_length) : Cipher(d, a), key_(u_int32_t(key_length/8)), salt_(u_int32_t(SALT_LENGTH)) -{ - init(key_length); -} - void AesIcmCipher::init(u_int16_t key_length) { #ifndef USE_SSL_CRYPTO @@ -142,12 +131,6 @@ void AesIcmCipher::calcCtr(KeyDerivation& kd, seq_nr_t seq_nr, sender_id_t sende { kd.generate(dir_, LABEL_SALT, seq_nr, salt_); - - if(anytun02_compat_) { - if(!salt_[u_int32_t(0)]) - salt_[u_int32_t(0)] = 1; - } - std::memcpy(ctr_.salt_.buf_, salt_.getBuf(), SALT_LENGTH); ctr_.salt_.zero_ = 0; ctr_.params_.mux_ ^= MUX_T_HTON(mux); diff --git a/src/cipher.h b/src/cipher.h index c358969..3d922c0 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -49,10 +49,8 @@ class Cipher { public: - Cipher() : dir_(KD_INBOUND), anytun02_compat_(false) {}; - Cipher(kd_dir_t d) : dir_(d), anytun02_compat_(false) {}; - Cipher(bool a) : dir_(KD_INBOUND), anytun02_compat_(a) {}; - Cipher(kd_dir_t d, bool a) : dir_(d), anytun02_compat_(a) {}; + Cipher() : dir_(KD_INBOUND) {}; + Cipher(kd_dir_t d) : dir_(d) {}; virtual ~Cipher() {}; void encrypt(KeyDerivation& kd, PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); @@ -63,7 +61,6 @@ protected: virtual u_int32_t decipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0; kd_dir_t dir_; - bool anytun02_compat_; }; //****** NullCipher ****** @@ -82,9 +79,7 @@ class AesIcmCipher : public Cipher { public: AesIcmCipher(kd_dir_t d); - AesIcmCipher(kd_dir_t d, bool a); AesIcmCipher(kd_dir_t d, u_int16_t key_length); - AesIcmCipher(kd_dir_t d, bool a, u_int16_t key_length); ~AesIcmCipher(); static const u_int16_t DEFAULT_KEY_LENGTH = 128; diff --git a/src/cipherFactory.cpp b/src/cipherFactory.cpp index f6f383b..e9f0292 100644 --- a/src/cipherFactory.cpp +++ b/src/cipherFactory.cpp @@ -36,19 +36,19 @@ #include "cipher.h" -Cipher* CipherFactory::create(std::string const& type, kd_dir_t dir, bool anytun02_compat) +Cipher* CipherFactory::create(std::string const& type, kd_dir_t dir) { - if( type == "null" ) + if(type == "null") return new NullCipher(); #ifndef NO_CRYPT - else if( type == "aes-ctr" ) - return new AesIcmCipher(dir, anytun02_compat); - else if( type == "aes-ctr-128" ) - return new AesIcmCipher(dir, anytun02_compat, 128); - else if( type == "aes-ctr-192" ) - return new AesIcmCipher(dir, anytun02_compat, 192); - else if( type == "aes-ctr-256" ) - return new AesIcmCipher(dir, anytun02_compat, 256); + else if(type == "aes-ctr") + return new AesIcmCipher(dir); + else if(type == "aes-ctr-128") + return new AesIcmCipher(dir, 128); + else if(type == "aes-ctr-192") + return new AesIcmCipher(dir, 192); + else if(type == "aes-ctr-256") + return new AesIcmCipher(dir, 256); #endif else throw std::invalid_argument("cipher not available"); diff --git a/src/cipherFactory.h b/src/cipherFactory.h index 91fc2fd..23d3b92 100644 --- a/src/cipherFactory.h +++ b/src/cipherFactory.h @@ -40,7 +40,7 @@ class CipherFactory { public: - static Cipher* create(std::string const& type, kd_dir_t dir, bool anytun02_compat=false); + static Cipher* create(std::string const& type, kd_dir_t dir); private: CipherFactory(); diff --git a/src/connectionList.cpp b/src/connectionList.cpp index b21102a..6402711 100644 --- a/src/connectionList.cpp +++ b/src/connectionList.cpp @@ -128,7 +128,7 @@ ConnectionParam & ConnectionList::getOrNewConnectionUnlocked(u_int16_t mux) SeqWindow * seq= new SeqWindow(0); seq_nr_t seq_nr_=0; - KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf(), gOpt.getAnytun02Compat()); + KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf()); kd->init(Buffer(key, sizeof(key)), Buffer(salt, sizeof(salt))); ConnectionParam conn ((*kd), (*seq), seq_nr_, PacketSourceEndpoint()); connections_.insert(ConnectionMap::value_type(mux, conn)); diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp index 2e9dd94..72a7fa4 100644 --- a/src/keyDerivation.cpp +++ b/src/keyDerivation.cpp @@ -178,14 +178,6 @@ AesIcmKeyDerivation::AesIcmKeyDerivation() : KeyDerivation(DEFAULT_KEY_LENGTH) #endif } -AesIcmKeyDerivation::AesIcmKeyDerivation(bool a) : KeyDerivation(a, DEFAULT_KEY_LENGTH) -{ -#ifndef USE_SSL_CRYPTO - for(int i=0; i<2; i++) - handle_[i] = NULL; -#endif -} - AesIcmKeyDerivation::AesIcmKeyDerivation(u_int16_t key_length) : KeyDerivation(key_length) { #ifndef USE_SSL_CRYPTO @@ -194,14 +186,6 @@ AesIcmKeyDerivation::AesIcmKeyDerivation(u_int16_t key_length) : KeyDerivation(k #endif } -AesIcmKeyDerivation::AesIcmKeyDerivation(bool a, u_int16_t key_length) : KeyDerivation(a, key_length) -{ -#ifndef USE_SSL_CRYPTO - for(int i=0; i<2; i++) - handle_[i] = NULL; -#endif -} - AesIcmKeyDerivation::~AesIcmKeyDerivation() { WritersLock lock(mutex_); @@ -304,14 +288,8 @@ bool AesIcmKeyDerivation::calcCtr(kd_dir_t dir, satp_prf_label_t label, seq_nr_t } memcpy(ctr_[dir].salt_.buf_, master_salt_.getBuf(), SALT_LENGTH); ctr_[dir].salt_.zero_ = 0; - if(anytun02_compat_) { - ctr_[dir].params_compat_.label_ ^= label; - ctr_[dir].params_compat_.seq_ ^= SEQ_NR_T_HTON(seq_nr); - } - else { - ctr_[dir].params_.label_ ^= SATP_PRF_LABEL_T_HTON(convertLabel(dir, label)); - ctr_[dir].params_.seq_ ^= SEQ_NR_T_HTON(seq_nr); - } + ctr_[dir].params_.label_ ^= SATP_PRF_LABEL_T_HTON(convertLabel(dir, label)); + ctr_[dir].params_.seq_ ^= SEQ_NR_T_HTON(seq_nr); return true; } diff --git a/src/keyDerivation.h b/src/keyDerivation.h index 901c9df..12d370c 100644 --- a/src/keyDerivation.h +++ b/src/keyDerivation.h @@ -64,10 +64,8 @@ typedef enum { KD_INBOUND, KD_OUTBOUND } kd_dir_t; class KeyDerivation { public: - KeyDerivation() : is_initialized_(false), role_(ROLE_LEFT), anytun02_compat_(false), key_length_(0), master_salt_(0), master_key_(0) {}; - KeyDerivation(bool a) : is_initialized_(false), role_(ROLE_LEFT), anytun02_compat_(a), key_length_(0), master_salt_(0), master_key_(0) {}; - KeyDerivation(u_int16_t key_length) : is_initialized_(false), role_(ROLE_LEFT), anytun02_compat_(false), key_length_(key_length), master_salt_(0), master_key_(0) {}; - KeyDerivation(bool a, u_int16_t key_length) : is_initialized_(false), role_(ROLE_LEFT), anytun02_compat_(a), key_length_(key_length), master_salt_(0), master_key_(0) {}; + KeyDerivation() : is_initialized_(false), role_(ROLE_LEFT), key_length_(0), master_salt_(0), master_key_(0) {}; + KeyDerivation(u_int16_t key_length) : is_initialized_(false), role_(ROLE_LEFT), key_length_(key_length), master_salt_(0), master_key_(0) {}; virtual ~KeyDerivation() {}; void setRole(const role_t role); @@ -102,7 +100,6 @@ protected: bool is_initialized_; role_t role_; - bool anytun02_compat_; u_int16_t key_length_; SyncBuffer master_salt_; SyncBuffer master_key_; @@ -148,9 +145,7 @@ class AesIcmKeyDerivation : public KeyDerivation { public: AesIcmKeyDerivation(); - AesIcmKeyDerivation(bool a); AesIcmKeyDerivation(u_int16_t key_length); - AesIcmKeyDerivation(bool a, u_int16_t key_length); ~AesIcmKeyDerivation(); static const u_int16_t DEFAULT_KEY_LENGTH = 128; @@ -186,23 +181,16 @@ private: #endif union ATTR_PACKED key_derivation_aesctr_ctr_union { u_int8_t buf_[CTR_LENGTH]; - struct ATTR_PACKED { + struct ATTR_PACKED { u_int8_t buf_[SALT_LENGTH]; u_int16_t zero_; } salt_; - struct ATTR_PACKED { + struct ATTR_PACKED { u_int8_t fill_[SALT_LENGTH - sizeof(satp_prf_label_t) - sizeof(seq_nr_t)]; satp_prf_label_t label_; seq_nr_t seq_; u_int16_t zero_; } params_; - struct ATTR_PACKED { - u_int8_t fill_[SALT_LENGTH - sizeof(u_int8_t) - 2*sizeof(u_int8_t) - sizeof(seq_nr_t)]; - u_int8_t label_; - u_int8_t seq_fill_[2]; - seq_nr_t seq_; - u_int16_t zero_; - } params_compat_; } ctr_[2]; #ifdef _MSC_VER #pragma pack(pop) diff --git a/src/keyDerivationFactory.cpp b/src/keyDerivationFactory.cpp index 2f91196..75df38a 100644 --- a/src/keyDerivationFactory.cpp +++ b/src/keyDerivationFactory.cpp @@ -36,19 +36,19 @@ #include "keyDerivation.h" -KeyDerivation* KeyDerivationFactory::create(std::string const& type, bool anytun02_compat) +KeyDerivation* KeyDerivationFactory::create(std::string const& type) { - if( type == "null" ) + if(type == "null") return new NullKeyDerivation(); #ifndef NO_CRYPT - else if( type == "aes-ctr" ) - return new AesIcmKeyDerivation(anytun02_compat); - else if( type == "aes-ctr-128" ) - return new AesIcmKeyDerivation(anytun02_compat, 128); - else if( type == "aes-ctr-192" ) - return new AesIcmKeyDerivation(anytun02_compat, 192); - else if( type == "aes-ctr-256" ) - return new AesIcmKeyDerivation(anytun02_compat, 256); + else if(type == "aes-ctr") + return new AesIcmKeyDerivation(); + else if(type == "aes-ctr-128") + return new AesIcmKeyDerivation(128); + else if(type == "aes-ctr-192") + return new AesIcmKeyDerivation(192); + else if(type == "aes-ctr-256") + return new AesIcmKeyDerivation(256); #endif else throw std::invalid_argument("key derivation prf not available"); diff --git a/src/keyDerivationFactory.h b/src/keyDerivationFactory.h index 17f0c69..77caf58 100644 --- a/src/keyDerivationFactory.h +++ b/src/keyDerivationFactory.h @@ -40,7 +40,7 @@ class KeyDerivationFactory { public: - static KeyDerivation* create(std::string const& type, bool anytun02_compat=false); + static KeyDerivation* create(std::string const& type); private: KeyDerivationFactory(); diff --git a/src/options.cpp b/src/options.cpp index 7d01d49..7505eb5 100644 --- a/src/options.cpp +++ b/src/options.cpp @@ -198,7 +198,6 @@ Options::Options() : key_(u_int32_t(0)), salt_(u_int32_t(0)) kd_prf_ = "null"; #endif role_ = ROLE_LEFT; - anytun02_compat_ = false; } Options::~Options() @@ -408,7 +407,6 @@ bool Options::parse(int argc, char* argv[]) #ifndef NO_CRYPT PARSE_SCALAR_PARAM("-k","--kd-prf", kd_prf_) PARSE_SCALAR_PARAM("-e","--role", role) - PARSE_BOOL_PARAM("-O","--anytun02-compat", anytun02_compat_) #ifndef NO_PASSPHRASE PARSE_PHRASE_PARAM_SEC("-E","--passphrase", passphrase_) #endif @@ -465,9 +463,6 @@ void Options::parse_post() } #endif - if(anytun02_compat_) - cLog.msg(Log::PRIO_WARNING) << "--anytun02-compat is deprecated and very likly to be removed by the next release"; - if(dev_name_ == "" && dev_type_ == "") dev_type_ = "tun"; } @@ -634,7 +629,6 @@ void Options::printOptions() case ROLE_RIGHT: std::cout << "right" << std::endl; break; default: std::cout << "??" << std::endl; break; } - std::cout << "anytun02_compat = " << anytun02_compat_ << std::endl; std::cout << "passphrase = '" << passphrase_ << "'" << std::endl; std::cout << "key = " << key_.getHexDumpOneLine() << std::endl; std::cout << "salt = " << salt_.getHexDumpOneLine() << std::endl; @@ -1036,19 +1030,6 @@ Options& Options::setRole(role_t r) return *this; } -bool Options::getAnytun02Compat() -{ - ReadersLock lock(mutex); - return anytun02_compat_; -} - -Options& Options::setAnytun02Compat(bool a) -{ - WritersLock lock(mutex); - anytun02_compat_ = a; - return *this; -} - std::string Options::getPassphrase() { ReadersLock lock(mutex); diff --git a/src/options.h b/src/options.h index 71229cc..f2d6619 100644 --- a/src/options.h +++ b/src/options.h @@ -155,8 +155,6 @@ public: Options& setKdPrf(std::string k); role_t getRole(); Options& setRole(role_t r); - bool getAnytun02Compat(); - Options& setAnytun02Compat(bool a); std::string getPassphrase(); Options& setPassphrase(std::string p); Options& setKey(std::string k); @@ -217,7 +215,6 @@ private: u_int32_t auth_tag_length_; std::string kd_prf_; role_t role_; - bool anytun02_compat_; std::string passphrase_; Buffer key_; Buffer salt_; |