summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@anytun.org>2009-02-18 12:05:20 +0000
committerChristian Pointner <equinox@anytun.org>2009-02-18 12:05:20 +0000
commit8ea43400a34855e8cd9092a2c4c0d969cf0be80d (patch)
tree16a23bb99930d702f157e4bec2524ee3c725bdef
parentupdated kamikaze package description (diff)
added runtime switch for anytun 0.2 crypto compability
-rw-r--r--src/cipher.c11
-rw-r--r--src/cipher.h3
-rwxr-xr-xsrc/configure10
-rw-r--r--src/key_derivation.c13
-rw-r--r--src/key_derivation.h8
-rw-r--r--src/options.c4
-rw-r--r--src/options.h1
-rw-r--r--src/uanytun.c6
8 files changed, 30 insertions, 26 deletions
diff --git a/src/cipher.c b/src/cipher.c
index 58467cb..f585471 100644
--- a/src/cipher.c
+++ b/src/cipher.c
@@ -44,11 +44,12 @@
#include <stdlib.h>
#include <string.h>
-int cipher_init(cipher_t* c, const char* type)
+int cipher_init(cipher_t* c, const char* type, int8_t anytun02_compat)
{
if(!c)
return -1;
+ c->anytun02_compat_ = anytun02_compat;
c->key_length_ = 0;
c->type_ = c_unknown;
@@ -261,10 +262,10 @@ int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_store_dir_t di
if(ret < 0)
return ret;
-#ifdef ANYTUN_02_COMPAT
- if(!c->salt_.buf_[0])
- c->salt_.buf_[0] = 1;
-#endif
+ if(c->anytun02_compat_) {
+ if(!c->salt_.buf_[0])
+ c->salt_.buf_[0] = 1;
+ }
memcpy(params->ctr_.salt_.buf_, c->salt_.buf_, C_AESCTR_SALT_LENGTH);
params->ctr_.salt_.zero_ = 0;
diff --git a/src/cipher.h b/src/cipher.h
index 75e7506..cae5a88 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -54,13 +54,14 @@ typedef enum cipher_type_enum cipher_type_t;
struct cipher_struct {
cipher_type_t type_;
u_int16_t key_length_;
+ int8_t anytun02_compat_;
buffer_t key_;
buffer_t salt_;
void* params_;
};
typedef struct cipher_struct cipher_t;
-int cipher_init(cipher_t* c, const char* type);
+int cipher_init(cipher_t* c, const char* type, int8_t anytun02_compat);
void cipher_close(cipher_t* c);
int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
diff --git a/src/configure b/src/configure
index a1608ef..3d630e9 100755
--- a/src/configure
+++ b/src/configure
@@ -39,7 +39,6 @@ CFLAGS='-g -O2'
LDFLAGS='-g -Wall -O2'
CRYPTO_LIB='gcrypt'
-ANYTUN_02_COMPAT=0
PASSPHRASE=1
V4_MAPPED=1
@@ -51,7 +50,6 @@ print_usage() {
echo " --prefix=<PREFIX> the installation prefix (default: /usr/local)"
echo " --use-ssl-crypto use ssl crypto library instead of libgcrypt"
echo " --disable-crypto disable crypto at all (only NULL cipher)"
- echo " --enable-anytun02-compat enable compatiblity mode for anytun 0.2.x and prior"
echo " --disable-passphrase disable master key and salt passphrase"
echo " --disable-v4-mapped disable V4-Mapped addresses (until now this means"
echo " to disable IPv6 as outer protocol)"
@@ -72,9 +70,6 @@ do
--disable-crypto)
CRYPTO_LIB='none'
;;
- --enable-anytun02-compat)
- ANYTUN_02_COMPAT=1
- ;;
--disable-passphrase)
PASSPHRASE=0
;;
@@ -135,11 +130,6 @@ case $CRYPTO_LIB in
;;
esac
-if [ $ANYTUN_02_COMPAT -eq 1 ]; then
- CFLAGS=$CFLAGS' -DANYTUN_02_COMPAT'
- echo "enabling anytun 0.2.x crypto compatiblity mode"
-fi
-
if [ $PASSPHRASE -eq 0 ]; then
CFLAGS=$CFLAGS' -DNO_PASSPHRASE'
echo "disabling master key and salt passphrase"
diff --git a/src/key_derivation.c b/src/key_derivation.c
index 6ceabb9..43277be 100644
--- a/src/key_derivation.c
+++ b/src/key_derivation.c
@@ -45,11 +45,12 @@
#include <stdlib.h>
#include <string.h>
-int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len)
+int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, int8_t anytun02_compat, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len)
{
if(!kd)
return -1;
+ kd->anytun02_compat_ = anytun02_compat;
kd->key_length_ = 0;
kd->type_ = kd_unknown;
@@ -391,8 +392,14 @@ int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_store_dir_t dir, se
}
memcpy(params->ctr_.salt_.buf_, kd->master_salt_.buf_, KD_AESCTR_SALT_LENGTH);
params->ctr_.salt_.zero_ = 0;
- params->ctr_.params_.label_ ^= label;
- params->ctr_.params_.r_ ^= SEQ_NR_T_HTON(*r);
+ if(kd->anytun02_compat_) {
+ params->ctr_.params_compat_.label_ ^= label;
+ params->ctr_.params_compat_.r_ ^= SEQ_NR_T_HTON(*r);
+ }
+ else {
+ params->ctr_.params_.label_ ^= label;
+ params->ctr_.params_.r_ ^= SEQ_NR_T_HTON(*r);
+ }
return 1;
}
diff --git a/src/key_derivation.h b/src/key_derivation.h
index d78a93e..b566334 100644
--- a/src/key_derivation.h
+++ b/src/key_derivation.h
@@ -64,6 +64,7 @@ struct key_derivation_struct {
key_derivation_type_t type_;
u_int16_t key_length_;
int8_t ld_kdr_;
+ int8_t anytun02_compat_;
buffer_t master_key_;
buffer_t master_salt_;
key_store_t key_store_[2][KD_LABEL_COUNT];
@@ -71,7 +72,7 @@ struct key_derivation_struct {
};
typedef struct key_derivation_struct key_derivation_t;
-int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len);
+int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, int8_t anytun02_compat, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len);
#ifndef NO_PASSPHRASE
int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphrase, u_int16_t key_length);
int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passphrase, u_int16_t salt_length);
@@ -92,14 +93,12 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union {
u_int8_t buf_[KD_AESCTR_SALT_LENGTH];
u_int16_t zero_;
} salt_;
-#ifndef ANYTUN_02_COMPAT
struct __attribute__((__packed__)) {
u_int8_t fill_[KD_AESCTR_SALT_LENGTH - sizeof(u_int8_t) - sizeof(seq_nr_t)];
u_int8_t label_;
seq_nr_t r_;
u_int16_t zero_;
- } params_;
-#else
+ } params_compat_;
struct __attribute__((__packed__)) {
u_int8_t fill_[KD_AESCTR_SALT_LENGTH - sizeof(u_int8_t) - 2 - sizeof(seq_nr_t)];
u_int8_t label_;
@@ -107,7 +106,6 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union {
seq_nr_t r_;
u_int16_t zero_;
} params_;
-#endif
};
typedef union key_derivation_aesctr_ctr_union key_derivation_aesctr_ctr_t;
diff --git a/src/options.c b/src/options.c
index 0dbaac3..0d6943a 100644
--- a/src/options.c
+++ b/src/options.c
@@ -232,6 +232,7 @@ int options_parse(options_t* opt, int argc, char* argv[])
#ifndef NO_CRYPT
PARSE_STRING_PARAM("-k","--kd-prf", opt->kd_prf_)
PARSE_INT_PARAM("-l","--ld-kdr", opt->ld_kdr_)
+ PARSE_BOOL_PARAM("-O","--anytun02-compat", opt->anytun02_compat_)
#ifndef NO_PASSPHRASE
PARSE_STRING_PARAM_SEC("-E","--passphrase", opt->passphrase_)
#endif
@@ -295,6 +296,7 @@ void options_default(options_t* opt)
#else
opt->cipher_ = strdup("null");
#endif
+ opt->anytun02_compat_ = 0;
opt->key_.buf_ = NULL;
opt->key_.length_ = 0;
opt->salt_.buf_ = NULL;
@@ -372,6 +374,7 @@ void options_print_usage()
#ifndef NO_CRYPT
printf(" [-k|--kd-prf] <kd-prf type> key derivation pseudo random function\n");
printf(" [-l|--ld-kdr] <ld-kdr> log2 of key derivation rate\n");
+ printf(" [-O|--anytun02-compat] enable compatiblity mode for anytun 0.2.x and prior\n");
#ifndef NO_PASSPHRASE
printf(" [-E|--passphrase] <pass phrase> a passprhase to generate master key and salt from\n");
#endif
@@ -409,6 +412,7 @@ void options_print(options_t* opt)
printf("ld_kdr: %d\n", opt->ld_kdr_);
printf("passphrase: '%s'\n", opt->passphrase_);
#endif
+ printf("anytun02_compat: %d\n", opt->anytun02_compat_);
u_int32_t i;
printf("key_[%d]: '", opt->key_.length_);
diff --git a/src/options.h b/src/options.h
index bbb010c..f18c254 100644
--- a/src/options.h
+++ b/src/options.h
@@ -66,6 +66,7 @@ struct options_struct {
char* auth_algo_;
char* passphrase_;
#endif
+ int anytun02_compat_;
buffer_t key_;
buffer_t salt_;
};
diff --git a/src/uanytun.c b/src/uanytun.c
index e8a8804..d52ef7d 100644
--- a/src/uanytun.c
+++ b/src/uanytun.c
@@ -101,7 +101,7 @@ typedef u_int8_t auth_algo_t;
int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_t* kd, seq_win_t* seq_win)
{
- int ret = cipher_init(c, opt->cipher_);
+ int ret = cipher_init(c, opt->cipher_, opt->anytun02_compat_);
if(ret) {
log_printf(ERR, "could not initialize cipher of type %s", opt->cipher_);
return ret;
@@ -115,7 +115,9 @@ int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_
return ret;
}
- ret = key_derivation_init(kd, opt->kd_prf_, opt->ld_kdr_, opt->passphrase_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
+ if(opt->anytun02_compat_)
+ log_printf(ERR, "enabling anytun 0.2.x crypto compatiblity mode");
+ ret = key_derivation_init(kd, opt->kd_prf_, opt->ld_kdr_, opt->anytun02_compat_, opt->passphrase_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
if(ret) {
log_printf(ERR, "could not initialize key derivation of type %s", opt->kd_prf_);
cipher_close(c);