diff options
| author | Christian Pointner <equinox@anytun.org> | 2009-03-16 23:42:16 +0000 |
|---|---|---|
| committer | Christian Pointner <equinox@anytun.org> | 2009-03-16 23:42:16 +0000 |
| commit | 19e2940e11d1c1e2d7a18dc52fcc8ad0711556ed (patch) | |
| tree | e0a0e37336b379e89985ea1e4818ca23d7f52e81 | |
| parent | removed ld_kdr and key store (diff) | |
removed role symmetric (useless)
added new label (direction specific)
| -rw-r--r-- | src/key_derivation.c | 45 | ||||
| -rw-r--r-- | src/key_derivation.h | 7 | ||||
| -rw-r--r-- | src/options.c | 5 | ||||
| -rw-r--r-- | src/options.h | 2 |
4 files changed, 49 insertions, 10 deletions
diff --git a/src/key_derivation.c b/src/key_derivation.c index 3bd2207..a5a3650 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -262,6 +262,47 @@ int key_derivation_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp return ret; } +satp_prf_label_t convert_label(role_t role, key_derivation_dir_t dir, satp_prf_label_t label) +{ + switch(label) { + case LABEL_ENC: { + if(dir == kd_outbound) { + if(role == ROLE_LEFT) return LABEL_LEFT_ENC; + if(role == ROLE_RIGHT) return LABEL_RIGHT_ENC; + } + else { + if(role == ROLE_LEFT) return LABEL_RIGHT_ENC; + if(role == ROLE_RIGHT) return LABEL_LEFT_ENC; + } + break; + } + case LABEL_SALT: { + if(dir == kd_outbound) { + if(role == ROLE_LEFT) return LABEL_LEFT_SALT; + if(role == ROLE_RIGHT) return LABEL_RIGHT_SALT; + } + else { + if(role == ROLE_LEFT) return LABEL_RIGHT_SALT; + if(role == ROLE_RIGHT) return LABEL_LEFT_SALT; + } + break; + } + case LABEL_AUTH: { + if(dir == kd_outbound) { + if(role == ROLE_LEFT) return LABEL_LEFT_AUTH; + if(role == ROLE_RIGHT) return LABEL_RIGHT_AUTH; + } + else { + if(role == ROLE_LEFT) return LABEL_RIGHT_AUTH; + if(role == ROLE_RIGHT) return LABEL_LEFT_AUTH; + } + break; + } + } + + return label; +} + /* ---------------- NULL Key Derivation ---------------- */ int key_derivation_null_generate(u_int8_t* key, u_int32_t len) @@ -358,7 +399,7 @@ int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_derivation_dir_t di key_derivation_aesctr_param_t* params = kd->params_; if(kd->master_salt_.length_ != KD_AESCTR_SALT_LENGTH) { - log_printf(ERROR, "master salt has the wrong length"); + log_printf(ERROR, "master salt has wrong length"); return -1; } memcpy(params->ctr_.salt_.buf_, kd->master_salt_.buf_, KD_AESCTR_SALT_LENGTH); @@ -368,7 +409,7 @@ int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_derivation_dir_t di params->ctr_.params_compat_.seq_ ^= SEQ_NR_T_HTON(seq_nr); } else { - params->ctr_.params_.label_ ^= label; + params->ctr_.params_.label_ ^= convert_label(kd->role_, dir, label); params->ctr_.params_.seq_ ^= SEQ_NR_T_HTON(seq_nr); } diff --git a/src/key_derivation.h b/src/key_derivation.h index 3e6e95a..d2fafea 100644 --- a/src/key_derivation.h +++ b/src/key_derivation.h @@ -59,7 +59,7 @@ typedef u_int32_t satp_prf_label_t; enum key_derivation_type_enum { kd_unknown, kd_null, kd_aes_ctr }; typedef enum key_derivation_type_enum key_derivation_type_t; -enum key_derivation_dir_enum { kd_inbound = 0, kd_outbound = 1 }; +enum key_derivation_dir_enum { kd_inbound, kd_outbound }; typedef enum key_derivation_dir_enum key_derivation_dir_t; struct key_derivation_struct { @@ -80,6 +80,7 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph #endif void key_derivation_close(key_derivation_t* kd); int key_derivation_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len); +satp_prf_label_t convert_label(role_t role, key_derivation_dir_t dir, satp_prf_label_t label); int key_derivation_null_generate(u_int8_t* key, u_int32_t len); @@ -95,8 +96,8 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union { u_int16_t zero_; } salt_; struct __attribute__((__packed__)) { - u_int8_t fill_[KD_AESCTR_SALT_LENGTH - sizeof(u_int8_t) - sizeof(seq_nr_t)]; - u_int8_t label_; + u_int8_t fill_[KD_AESCTR_SALT_LENGTH - sizeof(satp_prf_label_t) - sizeof(seq_nr_t)]; + satp_prf_label_t label_; seq_nr_t seq_; u_int16_t zero_; } params_; diff --git a/src/options.c b/src/options.c index b743002..e4112e0 100644 --- a/src/options.c +++ b/src/options.c @@ -279,8 +279,6 @@ int options_parse(options_t* opt, int argc, char* argv[]) opt->role_ = ROLE_LEFT; else if(!strcmp(role, "bob") || !strcmp(role, "client") || !strcmp(role, "right")) opt->role_ = ROLE_RIGHT; - else if(!strcmp(role, "eve") || !strcmp(role, "weak") || !strcmp(role, "symmetric")) - opt->role_ = ROLE_SYMMETRIC; else { free(role); return -4; @@ -451,7 +449,7 @@ void options_print_usage() #endif printf(" [-K|--key] <master key> master key to use for encryption\n"); printf(" [-A|--salt] <master salt> master salt to use for encryption\n"); - printf(" [-e|--role] <role> alice, bob or eve"); + printf(" [-e|--role] <role> left (alice) or right (bob)"); printf(" [-c|--cipher] <cipher type> payload encryption algorithm\n"); printf(" [-a|--auth-algo] <algo type> message authentication algorithm\n"); printf(" [-b|--auth-tag-length] <length> length of the auth tag\n"); @@ -500,7 +498,6 @@ void options_print(options_t* opt) switch(opt->role_) { case ROLE_LEFT: printf("left\n"); break; case ROLE_RIGHT: printf("right\n"); break; - case ROLE_SYMMETRIC: printf("symmetric\n"); break; default: printf("??\n"); break; } #endif diff --git a/src/options.h b/src/options.h index a43559b..f61a974 100644 --- a/src/options.h +++ b/src/options.h @@ -46,7 +46,7 @@ typedef struct ifconfig_param_struct ifconfig_param_t; enum resolv_addr_type_enum { ANY, IPV4_ONLY, IPV6_ONLY }; typedef enum resolv_addr_type_enum resolv_addr_type_t; -enum role_enum { ROLE_LEFT, ROLE_RIGHT, ROLE_SYMMETRIC }; +enum role_enum { ROLE_LEFT, ROLE_RIGHT }; typedef enum role_enum role_t; struct options_struct { |