Index: connectionParam.h =================================================================== --- connectionParam.h (Revision 535) +++ connectionParam.h (Arbeitskopie) @@ -44,9 +44,10 @@ { public: ConnectionParam(const ConnectionParam & src); - ConnectionParam( KeyDerivation& kd, SeqWindow& seq_window, seq_nr_t seq_nr_, std::string remote_host, u_int16_t remote_port); + ConnectionParam( KeyDerivation& kd_send, KeyDerivation& kd_recv, SeqWindow& seq_window, seq_nr_t seq_nr_, std::string remote_host, u_int16_t remote_port); - KeyDerivation& kd_; + KeyDerivation& kd_send_; + KeyDerivation& kd_recv_; SeqWindow& seq_window_; seq_nr_t seq_nr_; std::string remote_host_; @@ -60,7 +61,8 @@ void serialize(Archive & ar, const unsigned int version) { Lock lock(mutex_); - ar & kd_; + ar & kd_send_; + ar & kd_recv_; ar & seq_window_; ar & seq_nr_; ar & remote_host_; Index: anytun.cpp =================================================================== --- anytun.cpp (Revision 535) +++ anytun.cpp (Arbeitskopie) @@ -86,10 +86,14 @@ { SeqWindow * seq= new SeqWindow(seqSize); seq_nr_t seq_nr_=0; - KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf()); - kd->init(gOpt.getKey(), gOpt.getSalt()); + + KeyDerivation * kd_send = KeyDerivationFactory::create(gOpt.getKdPrf()); + kd_send->init(gOpt.getKey(), gOpt.getSalt()); + KeyDerivation * kd_recv = KeyDerivationFactory::create(gOpt.getKdPrf()); + kd_recv->init(gOpt.getKey(), gOpt.getSalt()); + cLog.msg(Log::PRIO_NOTICE) << "added connection remote host " << remote_host << ":" << remote_port; - ConnectionParam connparam ( (*kd), (*seq), seq_nr_, remote_host, remote_port); + ConnectionParam connparam ( (*kd_send), (*kd_recv), (*seq), seq_nr_, remote_host, remote_port); cl.addConnection(connparam,mux); NetworkAddress addr(ipv4,gOpt.getIfconfigParamRemoteNetmask().c_str()); NetworkPrefix prefix(addr,32); @@ -162,8 +166,8 @@ if(conn.remote_host_==""||!conn.remote_port_) continue; // generate packet-key TODO: do this only when needed - conn.kd_.generate(LABEL_SATP_ENCRYPTION, conn.seq_nr_, session_key); - conn.kd_.generate(LABEL_SATP_SALT, conn.seq_nr_, session_salt); + conn.kd_send_.generate(LABEL_SATP_ENCRYPTION, conn.seq_nr_, session_key); + conn.kd_send_.generate(LABEL_SATP_SALT, conn.seq_nr_, session_salt); c->setKey(session_key); c->setSalt(session_salt); @@ -177,7 +181,7 @@ // add authentication tag if(a->getMaxLength()) { encrypted_packet.addAuthTag(); - conn.kd_.generate(LABEL_SATP_MSG_AUTH, encrypted_packet.getSeqNr(), session_auth_key); + conn.kd_send_.generate(LABEL_SATP_MSG_AUTH, encrypted_packet.getSeqNr(), session_auth_key); a->setKey(session_auth_key); a->generate(encrypted_packet); } @@ -283,7 +287,7 @@ // check whether auth tag is ok or not if(a->getMaxLength()) { encrypted_packet.withAuthTag(true); - conn.kd_.generate(LABEL_SATP_MSG_AUTH, encrypted_packet.getSeqNr(), session_auth_key); + conn.kd_recv_.generate(LABEL_SATP_MSG_AUTH, encrypted_packet.getSeqNr(), session_auth_key); a->setKey(session_auth_key); if(!a->checkTag(encrypted_packet)) { cLog.msg(Log::PRIO_NOTICE) << "wrong Authentication Tag!" << std::endl; @@ -309,8 +313,8 @@ continue; // generate packet-key - conn.kd_.generate(LABEL_SATP_ENCRYPTION, encrypted_packet.getSeqNr(), session_key); - conn.kd_.generate(LABEL_SATP_SALT, encrypted_packet.getSeqNr(), session_salt); + conn.kd_recv_.generate(LABEL_SATP_ENCRYPTION, encrypted_packet.getSeqNr(), session_key); + conn.kd_recv_.generate(LABEL_SATP_SALT, encrypted_packet.getSeqNr(), session_salt); c->setKey(session_key); c->setSalt(session_salt); Index: connectionList.cpp =================================================================== --- connectionList.cpp (Revision 535) +++ connectionList.cpp (Arbeitskopie) @@ -103,9 +103,13 @@ SeqWindow * seq= new SeqWindow(0); seq_nr_t seq_nr_=0; - KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf()); - kd->init(Buffer(key, sizeof(key)), Buffer(salt, sizeof(salt))); - ConnectionParam conn ( (*kd), (*seq), seq_nr_, "", 0); + KeyDerivation * kd_send = KeyDerivationFactory::create(gOpt.getKdPrf()); + kd_send->init(Buffer(key, sizeof(key)), Buffer(salt, sizeof(salt))); + + KeyDerivation * kd_recv = KeyDerivationFactory::create(gOpt.getKdPrf()); + kd_recv->init(Buffer(key, sizeof(key)), Buffer(salt, sizeof(salt))); + + ConnectionParam conn ( (*kd_send), (*kd_recv), (*seq), seq_nr_, "", 0); connections_.insert(ConnectionMap::value_type(mux, conn)); it = connections_.find(mux); return it->second; Index: connectionParam.cpp =================================================================== --- connectionParam.cpp (Revision 535) +++ connectionParam.cpp (Arbeitskopie) @@ -34,10 +34,10 @@ //{ //} -ConnectionParam::ConnectionParam(KeyDerivation& kd, SeqWindow& seq_window,seq_nr_t seq_nr, std::string remote_host, u_int16_t remote_port) : kd_(kd),seq_window_(seq_window),seq_nr_(seq_nr),remote_host_(remote_host), remote_port_(remote_port) +ConnectionParam::ConnectionParam(KeyDerivation& kd_send,KeyDerivation& kd_recv, SeqWindow& seq_window,seq_nr_t seq_nr, std::string remote_host, u_int16_t remote_port) : kd_send_(kd_send),kd_recv_(kd_recv),seq_window_(seq_window),seq_nr_(seq_nr),remote_host_(remote_host), remote_port_(remote_port) { } -ConnectionParam::ConnectionParam(const ConnectionParam & src) : kd_(src.kd_),seq_window_(src.seq_window_),seq_nr_(src.seq_nr_),remote_host_(src.remote_host_), remote_port_(src.remote_port_),mutex_() +ConnectionParam::ConnectionParam(const ConnectionParam & src) : kd_send_(src.kd_send_),kd_recv_(src.kd_recv_),seq_window_(src.seq_window_),seq_nr_(src.seq_nr_),remote_host_(src.remote_host_), remote_port_(src.remote_port_),mutex_() { }