summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd-option-letters2
-rw-r--r--src/anytun-config.cpp2
-rw-r--r--src/anytun.cpp9
-rw-r--r--src/cipher.cpp17
-rw-r--r--src/cipher.h9
-rw-r--r--src/cipherFactory.cpp20
-rw-r--r--src/cipherFactory.h2
-rw-r--r--src/connectionList.cpp2
-rw-r--r--src/keyDerivation.cpp26
-rw-r--r--src/keyDerivation.h20
-rw-r--r--src/keyDerivationFactory.cpp20
-rw-r--r--src/keyDerivationFactory.h2
-rw-r--r--src/options.cpp19
-rw-r--r--src/options.h3
14 files changed, 36 insertions, 117 deletions
diff --git a/cmd-option-letters b/cmd-option-letters
index 340ed83..cdb16b3 100644
--- a/cmd-option-letters
+++ b/cmd-option-letters
@@ -42,7 +42,7 @@ K: master key
L: logging
M: remote sync hosts
N:
-O: anytun 0.2 compat mode // deprecated
+O:
P: write pid file
Q:
R: route
diff --git a/src/anytun-config.cpp b/src/anytun-config.cpp
index 75f418a..1004c6e 100644
--- a/src/anytun-config.cpp
+++ b/src/anytun-config.cpp
@@ -54,7 +54,7 @@ void createConnection(const PacketSourceEndpoint & remote_end, ConnectionList &
{
SeqWindow * seq = new SeqWindow(seqSize);
seq_nr_t seq_nr_ = 0;
- KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf(), gOpt.getAnytun02Compat());
+ KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf());
kd->init(gOpt.getKey(), gOpt.getSalt(), gOpt.getPassphrase());
kd->setRole(gOpt.getRole());
cLog.msg(Log::PRIO_NOTICE) << "added connection remote host " << remote_end;
diff --git a/src/anytun.cpp b/src/anytun.cpp
index 264e26f..34fd5f5 100644
--- a/src/anytun.cpp
+++ b/src/anytun.cpp
@@ -84,7 +84,7 @@ void createConnection(const PacketSourceEndpoint& remote_end, window_size_t seqS
{
SeqWindow* seq = new SeqWindow(seqSize);
seq_nr_t seq_nr_=0;
- KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf(), gOpt.getAnytun02Compat());
+ KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf());
kd->init(gOpt.getKey(), gOpt.getSalt(), gOpt.getPassphrase());
kd->setRole(gOpt.getRole());
cLog.msg(Log::PRIO_NOTICE) << "added connection remote host " << remote_end;
@@ -135,7 +135,7 @@ void sender(TunDevice* dev, PacketSource* src)
try
{
- std::auto_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_OUTBOUND, gOpt.getAnytun02Compat()));
+ std::auto_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_OUTBOUND));
std::auto_ptr<AuthAlgo> a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_OUTBOUND) );
PlainPacket plain_packet(MAX_PACKET_LENGTH);
@@ -224,7 +224,7 @@ void receiver(TunDevice* dev, PacketSource* src)
try
{
- std::auto_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_INBOUND, gOpt.getAnytun02Compat()));
+ std::auto_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_INBOUND));
std::auto_ptr<AuthAlgo> a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_INBOUND));
EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH, gOpt.getAuthTagLength());
@@ -431,9 +431,6 @@ int main(int argc, char* argv[])
gResolver.init();
#ifndef NO_CRYPT
- if(gOpt.getAnytun02Compat())
- cLog.msg(Log::PRIO_NOTICE) << "enabling anytun 0.2.x crypto compatiblity mode";
-
#ifndef USE_SSL_CRYPTO
// this must be called before any other libgcrypt call
if(!initLibGCrypt())
diff --git a/src/cipher.cpp b/src/cipher.cpp
index 15c9af2..ddde683 100644
--- a/src/cipher.cpp
+++ b/src/cipher.cpp
@@ -79,22 +79,11 @@ AesIcmCipher::AesIcmCipher(kd_dir_t d) : Cipher(d), key_(u_int32_t(DEFAULT_KEY_L
init();
}
-
-AesIcmCipher::AesIcmCipher(kd_dir_t d, bool a) : Cipher(d, a), key_(u_int32_t(DEFAULT_KEY_LENGTH/8)), salt_(u_int32_t(SALT_LENGTH))
-{
- init();
-}
-
AesIcmCipher::AesIcmCipher(kd_dir_t d, u_int16_t key_length) : Cipher(d), key_(u_int32_t(key_length/8)), salt_(u_int32_t(SALT_LENGTH))
{
init(key_length);
}
-AesIcmCipher::AesIcmCipher(kd_dir_t d, bool a, u_int16_t key_length) : Cipher(d, a), key_(u_int32_t(key_length/8)), salt_(u_int32_t(SALT_LENGTH))
-{
- init(key_length);
-}
-
void AesIcmCipher::init(u_int16_t key_length)
{
#ifndef USE_SSL_CRYPTO
@@ -142,12 +131,6 @@ void AesIcmCipher::calcCtr(KeyDerivation& kd, seq_nr_t seq_nr, sender_id_t sende
{
kd.generate(dir_, LABEL_SALT, seq_nr, salt_);
-
- if(anytun02_compat_) {
- if(!salt_[u_int32_t(0)])
- salt_[u_int32_t(0)] = 1;
- }
-
std::memcpy(ctr_.salt_.buf_, salt_.getBuf(), SALT_LENGTH);
ctr_.salt_.zero_ = 0;
ctr_.params_.mux_ ^= MUX_T_HTON(mux);
diff --git a/src/cipher.h b/src/cipher.h
index c358969..3d922c0 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -49,10 +49,8 @@
class Cipher
{
public:
- Cipher() : dir_(KD_INBOUND), anytun02_compat_(false) {};
- Cipher(kd_dir_t d) : dir_(d), anytun02_compat_(false) {};
- Cipher(bool a) : dir_(KD_INBOUND), anytun02_compat_(a) {};
- Cipher(kd_dir_t d, bool a) : dir_(d), anytun02_compat_(a) {};
+ Cipher() : dir_(KD_INBOUND) {};
+ Cipher(kd_dir_t d) : dir_(d) {};
virtual ~Cipher() {};
void encrypt(KeyDerivation& kd, PlainPacket & in, EncryptedPacket & out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
@@ -63,7 +61,6 @@ protected:
virtual u_int32_t decipher(KeyDerivation& kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) = 0;
kd_dir_t dir_;
- bool anytun02_compat_;
};
//****** NullCipher ******
@@ -82,9 +79,7 @@ class AesIcmCipher : public Cipher
{
public:
AesIcmCipher(kd_dir_t d);
- AesIcmCipher(kd_dir_t d, bool a);
AesIcmCipher(kd_dir_t d, u_int16_t key_length);
- AesIcmCipher(kd_dir_t d, bool a, u_int16_t key_length);
~AesIcmCipher();
static const u_int16_t DEFAULT_KEY_LENGTH = 128;
diff --git a/src/cipherFactory.cpp b/src/cipherFactory.cpp
index f6f383b..e9f0292 100644
--- a/src/cipherFactory.cpp
+++ b/src/cipherFactory.cpp
@@ -36,19 +36,19 @@
#include "cipher.h"
-Cipher* CipherFactory::create(std::string const& type, kd_dir_t dir, bool anytun02_compat)
+Cipher* CipherFactory::create(std::string const& type, kd_dir_t dir)
{
- if( type == "null" )
+ if(type == "null")
return new NullCipher();
#ifndef NO_CRYPT
- else if( type == "aes-ctr" )
- return new AesIcmCipher(dir, anytun02_compat);
- else if( type == "aes-ctr-128" )
- return new AesIcmCipher(dir, anytun02_compat, 128);
- else if( type == "aes-ctr-192" )
- return new AesIcmCipher(dir, anytun02_compat, 192);
- else if( type == "aes-ctr-256" )
- return new AesIcmCipher(dir, anytun02_compat, 256);
+ else if(type == "aes-ctr")
+ return new AesIcmCipher(dir);
+ else if(type == "aes-ctr-128")
+ return new AesIcmCipher(dir, 128);
+ else if(type == "aes-ctr-192")
+ return new AesIcmCipher(dir, 192);
+ else if(type == "aes-ctr-256")
+ return new AesIcmCipher(dir, 256);
#endif
else
throw std::invalid_argument("cipher not available");
diff --git a/src/cipherFactory.h b/src/cipherFactory.h
index 91fc2fd..23d3b92 100644
--- a/src/cipherFactory.h
+++ b/src/cipherFactory.h
@@ -40,7 +40,7 @@
class CipherFactory
{
public:
- static Cipher* create(std::string const& type, kd_dir_t dir, bool anytun02_compat=false);
+ static Cipher* create(std::string const& type, kd_dir_t dir);
private:
CipherFactory();
diff --git a/src/connectionList.cpp b/src/connectionList.cpp
index b21102a..6402711 100644
--- a/src/connectionList.cpp
+++ b/src/connectionList.cpp
@@ -128,7 +128,7 @@ ConnectionParam & ConnectionList::getOrNewConnectionUnlocked(u_int16_t mux)
SeqWindow * seq= new SeqWindow(0);
seq_nr_t seq_nr_=0;
- KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf(), gOpt.getAnytun02Compat());
+ KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf());
kd->init(Buffer(key, sizeof(key)), Buffer(salt, sizeof(salt)));
ConnectionParam conn ((*kd), (*seq), seq_nr_, PacketSourceEndpoint());
connections_.insert(ConnectionMap::value_type(mux, conn));
diff --git a/src/keyDerivation.cpp b/src/keyDerivation.cpp
index 2e9dd94..72a7fa4 100644
--- a/src/keyDerivation.cpp
+++ b/src/keyDerivation.cpp
@@ -178,14 +178,6 @@ AesIcmKeyDerivation::AesIcmKeyDerivation() : KeyDerivation(DEFAULT_KEY_LENGTH)
#endif
}
-AesIcmKeyDerivation::AesIcmKeyDerivation(bool a) : KeyDerivation(a, DEFAULT_KEY_LENGTH)
-{
-#ifndef USE_SSL_CRYPTO
- for(int i=0; i<2; i++)
- handle_[i] = NULL;
-#endif
-}
-
AesIcmKeyDerivation::AesIcmKeyDerivation(u_int16_t key_length) : KeyDerivation(key_length)
{
#ifndef USE_SSL_CRYPTO
@@ -194,14 +186,6 @@ AesIcmKeyDerivation::AesIcmKeyDerivation(u_int16_t key_length) : KeyDerivation(k
#endif
}
-AesIcmKeyDerivation::AesIcmKeyDerivation(bool a, u_int16_t key_length) : KeyDerivation(a, key_length)
-{
-#ifndef USE_SSL_CRYPTO
- for(int i=0; i<2; i++)
- handle_[i] = NULL;
-#endif
-}
-
AesIcmKeyDerivation::~AesIcmKeyDerivation()
{
WritersLock lock(mutex_);
@@ -304,14 +288,8 @@ bool AesIcmKeyDerivation::calcCtr(kd_dir_t dir, satp_prf_label_t label, seq_nr_t
}
memcpy(ctr_[dir].salt_.buf_, master_salt_.getBuf(), SALT_LENGTH);
ctr_[dir].salt_.zero_ = 0;
- if(anytun02_compat_) {
- ctr_[dir].params_compat_.label_ ^= label;
- ctr_[dir].params_compat_.seq_ ^= SEQ_NR_T_HTON(seq_nr);
- }
- else {
- ctr_[dir].params_.label_ ^= SATP_PRF_LABEL_T_HTON(convertLabel(dir, label));
- ctr_[dir].params_.seq_ ^= SEQ_NR_T_HTON(seq_nr);
- }
+ ctr_[dir].params_.label_ ^= SATP_PRF_LABEL_T_HTON(convertLabel(dir, label));
+ ctr_[dir].params_.seq_ ^= SEQ_NR_T_HTON(seq_nr);
return true;
}
diff --git a/src/keyDerivation.h b/src/keyDerivation.h
index 901c9df..12d370c 100644
--- a/src/keyDerivation.h
+++ b/src/keyDerivation.h
@@ -64,10 +64,8 @@ typedef enum { KD_INBOUND, KD_OUTBOUND } kd_dir_t;
class KeyDerivation
{
public:
- KeyDerivation() : is_initialized_(false), role_(ROLE_LEFT), anytun02_compat_(false), key_length_(0), master_salt_(0), master_key_(0) {};
- KeyDerivation(bool a) : is_initialized_(false), role_(ROLE_LEFT), anytun02_compat_(a), key_length_(0), master_salt_(0), master_key_(0) {};
- KeyDerivation(u_int16_t key_length) : is_initialized_(false), role_(ROLE_LEFT), anytun02_compat_(false), key_length_(key_length), master_salt_(0), master_key_(0) {};
- KeyDerivation(bool a, u_int16_t key_length) : is_initialized_(false), role_(ROLE_LEFT), anytun02_compat_(a), key_length_(key_length), master_salt_(0), master_key_(0) {};
+ KeyDerivation() : is_initialized_(false), role_(ROLE_LEFT), key_length_(0), master_salt_(0), master_key_(0) {};
+ KeyDerivation(u_int16_t key_length) : is_initialized_(false), role_(ROLE_LEFT), key_length_(key_length), master_salt_(0), master_key_(0) {};
virtual ~KeyDerivation() {};
void setRole(const role_t role);
@@ -102,7 +100,6 @@ protected:
bool is_initialized_;
role_t role_;
- bool anytun02_compat_;
u_int16_t key_length_;
SyncBuffer master_salt_;
SyncBuffer master_key_;
@@ -148,9 +145,7 @@ class AesIcmKeyDerivation : public KeyDerivation
{
public:
AesIcmKeyDerivation();
- AesIcmKeyDerivation(bool a);
AesIcmKeyDerivation(u_int16_t key_length);
- AesIcmKeyDerivation(bool a, u_int16_t key_length);
~AesIcmKeyDerivation();
static const u_int16_t DEFAULT_KEY_LENGTH = 128;
@@ -186,23 +181,16 @@ private:
#endif
union ATTR_PACKED key_derivation_aesctr_ctr_union {
u_int8_t buf_[CTR_LENGTH];
- struct ATTR_PACKED {
+ struct ATTR_PACKED {
u_int8_t buf_[SALT_LENGTH];
u_int16_t zero_;
} salt_;
- struct ATTR_PACKED {
+ struct ATTR_PACKED {
u_int8_t fill_[SALT_LENGTH - sizeof(satp_prf_label_t) - sizeof(seq_nr_t)];
satp_prf_label_t label_;
seq_nr_t seq_;
u_int16_t zero_;
} params_;
- struct ATTR_PACKED {
- u_int8_t fill_[SALT_LENGTH - sizeof(u_int8_t) - 2*sizeof(u_int8_t) - sizeof(seq_nr_t)];
- u_int8_t label_;
- u_int8_t seq_fill_[2];
- seq_nr_t seq_;
- u_int16_t zero_;
- } params_compat_;
} ctr_[2];
#ifdef _MSC_VER
#pragma pack(pop)
diff --git a/src/keyDerivationFactory.cpp b/src/keyDerivationFactory.cpp
index 2f91196..75df38a 100644
--- a/src/keyDerivationFactory.cpp
+++ b/src/keyDerivationFactory.cpp
@@ -36,19 +36,19 @@
#include "keyDerivation.h"
-KeyDerivation* KeyDerivationFactory::create(std::string const& type, bool anytun02_compat)
+KeyDerivation* KeyDerivationFactory::create(std::string const& type)
{
- if( type == "null" )
+ if(type == "null")
return new NullKeyDerivation();
#ifndef NO_CRYPT
- else if( type == "aes-ctr" )
- return new AesIcmKeyDerivation(anytun02_compat);
- else if( type == "aes-ctr-128" )
- return new AesIcmKeyDerivation(anytun02_compat, 128);
- else if( type == "aes-ctr-192" )
- return new AesIcmKeyDerivation(anytun02_compat, 192);
- else if( type == "aes-ctr-256" )
- return new AesIcmKeyDerivation(anytun02_compat, 256);
+ else if(type == "aes-ctr")
+ return new AesIcmKeyDerivation();
+ else if(type == "aes-ctr-128")
+ return new AesIcmKeyDerivation(128);
+ else if(type == "aes-ctr-192")
+ return new AesIcmKeyDerivation(192);
+ else if(type == "aes-ctr-256")
+ return new AesIcmKeyDerivation(256);
#endif
else
throw std::invalid_argument("key derivation prf not available");
diff --git a/src/keyDerivationFactory.h b/src/keyDerivationFactory.h
index 17f0c69..77caf58 100644
--- a/src/keyDerivationFactory.h
+++ b/src/keyDerivationFactory.h
@@ -40,7 +40,7 @@
class KeyDerivationFactory
{
public:
- static KeyDerivation* create(std::string const& type, bool anytun02_compat=false);
+ static KeyDerivation* create(std::string const& type);
private:
KeyDerivationFactory();
diff --git a/src/options.cpp b/src/options.cpp
index 7d01d49..7505eb5 100644
--- a/src/options.cpp
+++ b/src/options.cpp
@@ -198,7 +198,6 @@ Options::Options() : key_(u_int32_t(0)), salt_(u_int32_t(0))
kd_prf_ = "null";
#endif
role_ = ROLE_LEFT;
- anytun02_compat_ = false;
}
Options::~Options()
@@ -408,7 +407,6 @@ bool Options::parse(int argc, char* argv[])
#ifndef NO_CRYPT
PARSE_SCALAR_PARAM("-k","--kd-prf", kd_prf_)
PARSE_SCALAR_PARAM("-e","--role", role)
- PARSE_BOOL_PARAM("-O","--anytun02-compat", anytun02_compat_)
#ifndef NO_PASSPHRASE
PARSE_PHRASE_PARAM_SEC("-E","--passphrase", passphrase_)
#endif
@@ -465,9 +463,6 @@ void Options::parse_post()
}
#endif
- if(anytun02_compat_)
- cLog.msg(Log::PRIO_WARNING) << "--anytun02-compat is deprecated and very likly to be removed by the next release";
-
if(dev_name_ == "" && dev_type_ == "")
dev_type_ = "tun";
}
@@ -634,7 +629,6 @@ void Options::printOptions()
case ROLE_RIGHT: std::cout << "right" << std::endl; break;
default: std::cout << "??" << std::endl; break;
}
- std::cout << "anytun02_compat = " << anytun02_compat_ << std::endl;
std::cout << "passphrase = '" << passphrase_ << "'" << std::endl;
std::cout << "key = " << key_.getHexDumpOneLine() << std::endl;
std::cout << "salt = " << salt_.getHexDumpOneLine() << std::endl;
@@ -1036,19 +1030,6 @@ Options& Options::setRole(role_t r)
return *this;
}
-bool Options::getAnytun02Compat()
-{
- ReadersLock lock(mutex);
- return anytun02_compat_;
-}
-
-Options& Options::setAnytun02Compat(bool a)
-{
- WritersLock lock(mutex);
- anytun02_compat_ = a;
- return *this;
-}
-
std::string Options::getPassphrase()
{
ReadersLock lock(mutex);
diff --git a/src/options.h b/src/options.h
index 71229cc..f2d6619 100644
--- a/src/options.h
+++ b/src/options.h
@@ -155,8 +155,6 @@ public:
Options& setKdPrf(std::string k);
role_t getRole();
Options& setRole(role_t r);
- bool getAnytun02Compat();
- Options& setAnytun02Compat(bool a);
std::string getPassphrase();
Options& setPassphrase(std::string p);
Options& setKey(std::string k);
@@ -217,7 +215,6 @@ private:
u_int32_t auth_tag_length_;
std::string kd_prf_;
role_t role_;
- bool anytun02_compat_;
std::string passphrase_;
Buffer key_;
Buffer salt_;