From 30b72e6d6ba344c4de828741d78dcf0018b724b1 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 18 Jan 2009 00:03:31 +0000 Subject: enabled 128,192 and 256 bit keys for cipher and key derivation --- src/cipherFactory.cpp | 6 ++++++ src/keyDerivationFactory.cpp | 6 ++++++ src/man/anytun.8.txt | 34 +++++++++++++++++++++++++++++++++- 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/src/cipherFactory.cpp b/src/cipherFactory.cpp index bab0d5a..02fff5d 100644 --- a/src/cipherFactory.cpp +++ b/src/cipherFactory.cpp @@ -43,6 +43,12 @@ Cipher* CipherFactory::create(std::string const& type, kd_dir_t dir) #ifndef NOCRYPT else if( type == "aes-ctr" ) return new AesIcmCipher(dir); + else if( type == "aes-ctr-128" ) + return new AesIcmCipher(dir, 128); + else if( type == "aes-ctr-192" ) + return new AesIcmCipher(dir, 192); + else if( type == "aes-ctr-256" ) + return new AesIcmCipher(dir, 256); #endif else throw std::invalid_argument("cipher not available"); diff --git a/src/keyDerivationFactory.cpp b/src/keyDerivationFactory.cpp index 58518b8..c0e06ab 100644 --- a/src/keyDerivationFactory.cpp +++ b/src/keyDerivationFactory.cpp @@ -43,6 +43,12 @@ KeyDerivation* KeyDerivationFactory::create(std::string const& type) #ifndef NOCRYPT else if( type == "aes-ctr" ) return new AesIcmKeyDerivation(); + else if( type == "aes-ctr-128" ) + return new AesIcmKeyDerivation(128); + else if( type == "aes-ctr-192" ) + return new AesIcmKeyDerivation(192); + else if( type == "aes-ctr-256" ) + return new AesIcmKeyDerivation(256); #endif else throw std::invalid_argument("key derivation prf not available"); diff --git a/src/man/anytun.8.txt b/src/man/anytun.8.txt index c3affa2..65f5c97 100644 --- a/src/man/anytun.8.txt +++ b/src/man/anytun.8.txt @@ -31,6 +31,8 @@ SYNOPSIS [ *-m|--mux* ] [ *-s|--sender-id* ] [ *-w|--window-size* ] +[ *-k|--kd-prf* ] +[ *-l|--ld-kdr* ] [ *-c|--cipher* ] [ *-a|--auth-algo* ] [ *-K|--key* ] @@ -261,7 +263,10 @@ Encryption algorithm used for encrypting the payload Possible values: * *null* - no encryption -* *aes-ctr* - AES in counter mode, default value +* *aes-ctr* - AES in counter mode with 128 Bits, default value +* *aes-ctr-128* - AES in counter mode with 128 Bits +* *aes-ctr-192* - AES in counter mode with 192 Bits +* *aes-ctr-256* - AES in counter mode with 256 Bits -a|--auth-algo ~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -279,6 +284,33 @@ Possible values: If HMAC-SHA1 is used, the packet length is increased by 10 bytes. These 10 bytes contain the authentication data. +-k|--kd--prf +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +key derivation pseudo random function. + +The pseudo random function which is used for calculating the +session keys and session salt. + +Possible values: + +* *null* - no random function, keys and salt are set to 0..00 +* *aes-ctr* - AES in counter mode with 128 Bits, default value +* *aes-ctr-128* - AES in counter mode with 128 Bits +* *aes-ctr-192* - AES in counter mode with 192 Bits +* *aes-ctr-256* - AES in counter mode with 256 Bits + +-l|--ld-kdr +~~~~~~~~~~~~~~~~~~~~ + +The log2 of the key derivation rate. This is used by the key +derivation to determine how ofen a new session key has to be +generated. A value of -1 means to generate only one key and use +it forever. The default is 0 which means to calculate a new key +for every packet. A value of 1 would tell the key derivation +to generate a new key after 2 packets, for 2 its 4 packets and +so on. + -K|--key ~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3