summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@anytun.org>2009-01-02 12:15:20 +0000
committerChristian Pointner <equinox@anytun.org>2009-01-02 12:15:20 +0000
commitf5b5a594433e96ffb1bd6883fbfead2db45f51a6 (patch)
tree99c1dbec418f9cb33716c62a8d6e7013b59bcb44
parentcosmetic change (diff)
added option ld-kdr for the key derivation rate
-rw-r--r--doc/uanytun.8.txt14
-rw-r--r--src/key_derivation.c2
-rw-r--r--src/options.c6
-rw-r--r--src/options.h1
-rw-r--r--src/uanytun.c2
5 files changed, 21 insertions, 4 deletions
diff --git a/doc/uanytun.8.txt b/doc/uanytun.8.txt
index f2a2095..d0e1fc6 100644
--- a/doc/uanytun.8.txt
+++ b/doc/uanytun.8.txt
@@ -28,6 +28,7 @@ SYNOPSIS
[ *-m|--mux* <mux-id> ]
[ *-c|--cipher* <cipher type> ]
[ *-a|--auth-algo* <algo type> ]
+[ *-l|--ld-kdr* <ld-kdr> ]
[ *-K|--key* <master key> ]
[ *-A|--salt* <master salt> ]
@@ -215,6 +216,17 @@ Possible values:
If HMAC-SHA1 is used, the packet length is increased by
10 bytes. These 10 bytes contain the authentication data.
+-l|--ld-kdr <ld-kdr>
+~~~~~~~~~~~~~~~~~~~~
+
+The log2 of the key derivation rate. This is used by the key
+derivation to determine how ofen a new session key has to be
+generated. A value of -1 means to generate only one key and use
+it forever. The default is 0 which means to calculate a new key
+for every packet. A value of 1 would tell the key derivation
+to generate a new key after 2 packets, for 2 its 4 packets and
+so on.
+
-K|--key <master key>
~~~~~~~~~~~~~~~~~~~~~
@@ -222,7 +234,7 @@ master key to use for encryption
Master key in hexadecimal notation, eg
01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
-of 32 characters (16 bytes).
+of 32, 48 or 64 characters (128, 196 or 256 bits).
-A|--salt <master salt>
~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/src/key_derivation.c b/src/key_derivation.c
index 49fb2a2..28e9a1c 100644
--- a/src/key_derivation.c
+++ b/src/key_derivation.c
@@ -296,7 +296,7 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, satp_prf_label_t label,
}
else if(!ret) {
if(len > kd->key_store_[label].length_) {
- log_printf(WARNING, "stored (old) key for label 0x%02X is to short, filling with zeros", label);
+ log_printf(WARNING, "stored (old) key for label 0x%02X is too short, filling with zeros", label);
memset(key, 0, len);
len = kd->key_store_[label].length_;
}
diff --git a/src/options.c b/src/options.c
index 360e85d..b74092b 100644
--- a/src/options.c
+++ b/src/options.c
@@ -51,7 +51,7 @@
#define PARSE_INT_PARAM(SHORT, LONG, VALUE) \
else if(!strcmp(str,SHORT) || !strcmp(str,LONG)) \
{ \
- if(argc < 1 || argv[i+1][0] == '-') \
+ if(argc < 1) \
return i; \
VALUE = atoi(argv[i+1]); \
argc--; \
@@ -176,6 +176,7 @@ int options_parse(options_t* opt, int argc, char* argv[])
PARSE_INT_PARAM("-w","--window-size", opt->seq_window_size_)
PARSE_STRING_PARAM("-c","--cipher", opt->cipher_)
PARSE_STRING_PARAM("-k","--kd-prf", opt->kd_prf_)
+ PARSE_INT_PARAM("-l","--ld-kdr", opt->ld_kdr_)
PARSE_STRING_PARAM("-a","--auth-algo", opt->auth_algo_)
PARSE_HEXSTRING_PARAM_SEC("-K","--key", opt->key_)
PARSE_HEXSTRING_PARAM_SEC("-A","--salt", opt->salt_)
@@ -223,6 +224,7 @@ void options_default(options_t* opt)
opt->seq_window_size_ = 100;
opt->cipher_ = strdup("null");
opt->kd_prf_ = strdup("null");
+ opt->ld_kdr_ = 0;
opt->auth_algo_ = strdup("null");
opt->mux_ = 0;
opt->key_.buf_ = NULL;
@@ -299,6 +301,7 @@ void options_print_usage()
printf(" [-c|--cipher] <cipher type> payload encryption algorithm\n");
printf(" [-a|--auth-algo] <algo type> message authentication algorithm\n");
// printf(" [-k|--kd-prf] <kd-prf type> key derivation pseudo random function\n");
+ printf(" [-l|--ld-kdr] <ld-kdr> log2 of key derivation rate\n");
printf(" [-K|--key] <master key> master key to use for encryption\n");
printf(" [-A|--salt] <master salt> master salt to use for encryption\n");
}
@@ -326,6 +329,7 @@ void options_print(options_t* opt)
printf("cipher: '%s'\n", opt->cipher_);
printf("auth_algo: '%s'\n", opt->auth_algo_);
printf("kd_prf: '%s'\n", opt->kd_prf_);
+ printf("ld_kdr: %d\n", opt->ld_kdr_);
u_int32_t i;
printf("key_[%d]: '", opt->key_.length_);
diff --git a/src/options.h b/src/options.h
index 8fd413d..93836b5 100644
--- a/src/options.h
+++ b/src/options.h
@@ -55,6 +55,7 @@ struct options_struct {
window_size_t seq_window_size_;
char* cipher_;
char* kd_prf_;
+ int ld_kdr_;
char* auth_algo_;
mux_t mux_;
buffer_t key_;
diff --git a/src/uanytun.c b/src/uanytun.c
index b666575..b4ea9c0 100644
--- a/src/uanytun.c
+++ b/src/uanytun.c
@@ -106,7 +106,7 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
}
key_derivation_t kd;
- ret = key_derivation_init(&kd, opt->kd_prf_, 0, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
+ ret = key_derivation_init(&kd, opt->kd_prf_, opt->ld_kdr_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
if(ret) {
log_printf(ERR, "could not initialize key derivation of type %s", opt->kd_prf_);
return_value = ret;