summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@anytun.org>2009-01-06 01:30:00 +0000
committerChristian Pointner <equinox@anytun.org>2009-01-06 01:30:00 +0000
commit749c7bd9adc37d4e1cfc4d2a570fdcde0e20c3c8 (patch)
tree5790c95aa9320b9e5eed10bfa5cbe79d60ef4ce3
parentadded libssl crypto based auth algo HMAC-Sha1 (diff)
some cleanup
added option for passphrase enabled option for kd-prf
-rw-r--r--src/key_derivation.c35
-rw-r--r--src/key_derivation.h7
-rw-r--r--src/options.c37
-rw-r--r--src/options.h1
-rw-r--r--src/uanytun.c20
5 files changed, 77 insertions, 23 deletions
diff --git a/src/key_derivation.c b/src/key_derivation.c
index af3228d..9f16467 100644
--- a/src/key_derivation.c
+++ b/src/key_derivation.c
@@ -41,16 +41,28 @@
#include <stdlib.h>
#include <string.h>
-int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len)
+int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len)
{
if(!kd)
return -1;
+ kd->key_length_ = 0;
+
kd->type_ = kd_unknown;
if(!strcmp(type, "null"))
kd->type_ = kd_null;
- else if(!strcmp(type, "aes-ctr"))
+ else if(!strncmp(type, "aes-ctr", 7)) {
kd->type_ = kd_aes_ctr;
+ if(type[7] == 0) {
+ kd->key_length_ = KD_AESCTR_DEFAULT_KEY_LENGTH;
+ }
+ else if(type[7] != '-')
+ return -1;
+ else {
+ const char* tmp = &type[8];
+ kd->key_length_ = atoi(tmp);
+ }
+ }
else {
log_printf(ERR, "unknown key derivation type");
return -1;
@@ -60,7 +72,6 @@ int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, u
if(ld_kdr > (int8_t)(sizeof(seq_nr_t) * 8))
kd->ld_kdr_ = sizeof(seq_nr_t) * 8;
- kd->key_length_ = key_len * sizeof(key[0]) * 8;
kd->params_ = NULL;
int i;
@@ -99,7 +110,7 @@ int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, u
int ret = 0;
if(kd->type_ == kd_aes_ctr)
- ret = key_derivation_aesctr_init(kd);
+ ret = key_derivation_aesctr_init(kd, passphrase);
if(ret)
key_derivation_close(kd);
@@ -107,6 +118,18 @@ int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, u
return ret;
}
+int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphrase, u_int16_t key_length)
+{
+
+ return 0;
+}
+
+int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passphrase, u_int16_t salt_length)
+{
+
+ return 0;
+}
+
void key_derivation_close(key_derivation_t* kd)
{
if(!kd)
@@ -159,7 +182,7 @@ int key_derivation_null_generate(u_int8_t* key, u_int32_t len)
/* ---------------- AES-Ctr Key Derivation ---------------- */
-int key_derivation_aesctr_init(key_derivation_t* kd)
+int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase)
{
if(!kd)
return -1;
@@ -173,6 +196,8 @@ int key_derivation_aesctr_init(key_derivation_t* kd)
key_derivation_aesctr_param_t* params = kd->params_;
#ifndef USE_SSL_CRYPTO
+ params->handle_ = 0;
+
int algo;
switch(kd->key_length_) {
case 128: algo = GCRY_CIPHER_AES128; break;
diff --git a/src/key_derivation.h b/src/key_derivation.h
index 2f1bfb5..d045527 100644
--- a/src/key_derivation.h
+++ b/src/key_derivation.h
@@ -69,13 +69,16 @@ struct key_derivation_struct {
};
typedef struct key_derivation_struct key_derivation_t;
-int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len);
+int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len);
+int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphrase, u_int16_t key_length);
+int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passphrase, u_int16_t salt_length);
void key_derivation_close(key_derivation_t* kd);
int key_derivation_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len);
int key_derivation_null_generate(u_int8_t* key, u_int32_t len);
+#define KD_AESCTR_DEFAULT_KEY_LENGTH 128
#define KD_AESCTR_CTR_LENGTH 16
#define KD_AESCTR_SALT_LENGTH 14
@@ -115,7 +118,7 @@ struct key_derivation_aesctr_param_struct {
};
typedef struct key_derivation_aesctr_param_struct key_derivation_aesctr_param_t;
-int key_derivation_aesctr_init(key_derivation_t* kd);
+int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase);
void key_derivation_aesctr_close(key_derivation_t* kd);
int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, seq_nr_t* r, satp_prf_label_t label, seq_nr_t seq_nr);
int key_derivation_aesctr_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len);
diff --git a/src/options.c b/src/options.c
index ae5d264..31dc498 100644
--- a/src/options.c
+++ b/src/options.c
@@ -40,6 +40,8 @@
#include <stdio.h>
#include <string.h>
+#include "log.h"
+
#define PARSE_BOOL_PARAM(SHORT, LONG, VALUE) \
else if(!strcmp(str,SHORT) || !strcmp(str,LONG)) \
VALUE = 1;
@@ -71,6 +73,22 @@
i++; \
}
+#define PARSE_STRING_PARAM_SEC(SHORT, LONG, VALUE) \
+ else if(!strcmp(str,SHORT) || !strcmp(str,LONG)) \
+ { \
+ if(argc < 1 || argv[i+1][0] == '-') \
+ return i; \
+ if(VALUE) free(VALUE); \
+ VALUE = strdup(argv[i+1]); \
+ if(!VALUE) \
+ return -2; \
+ size_t j; \
+ for(j=0; j < strlen(argv[i+1]); ++j) \
+ argv[i+1][j] = '#'; \
+ argc--; \
+ i++; \
+ }
+
#define PARSE_STRING_PARAM2(SHORT, LONG, VALUE1, VALUE2) \
else if(!strcmp(str,SHORT) || !strcmp(str,LONG)) \
{ \
@@ -174,11 +192,12 @@ int options_parse(options_t* opt, int argc, char* argv[])
PARSE_INT_PARAM("-s","--sender-id", opt->sender_id_)
PARSE_INT_PARAM("-m","--mux", opt->mux_)
PARSE_INT_PARAM("-w","--window-size", opt->seq_window_size_)
- PARSE_STRING_PARAM("-c","--cipher", opt->cipher_)
#ifndef NO_CRYPT
+ PARSE_STRING_PARAM("-c","--cipher", opt->cipher_)
PARSE_STRING_PARAM("-k","--kd-prf", opt->kd_prf_)
PARSE_INT_PARAM("-l","--ld-kdr", opt->ld_kdr_)
PARSE_STRING_PARAM("-a","--auth-algo", opt->auth_algo_)
+ PARSE_STRING_PARAM_SEC("-E","--passphrase", opt->passphrase_)
PARSE_HEXSTRING_PARAM_SEC("-K","--key", opt->key_)
PARSE_HEXSTRING_PARAM_SEC("-A","--salt", opt->salt_)
#endif
@@ -187,14 +206,9 @@ int options_parse(options_t* opt, int argc, char* argv[])
}
#ifndef NO_CRYPT
- if(!strcmp(opt->cipher_, "null") && !strcmp(opt->auth_algo_, "null")) {
- if(opt->kd_prf_) free(opt->kd_prf_);
- opt->kd_prf_ = strdup("null");
- }
if((strcmp(opt->cipher_, "null") || strcmp(opt->auth_algo_, "null")) &&
!strcmp(opt->kd_prf_, "null")) {
- if(opt->kd_prf_) free(opt->kd_prf_);
- opt->kd_prf_ = strdup("aes-ctr");
+ log_printf(WARNING, "using NULL key derivation with encryption and or authentication enabled!");
}
#endif
@@ -231,6 +245,7 @@ void options_default(options_t* opt)
opt->kd_prf_ = strdup("aes-ctr");
opt->ld_kdr_ = 0;
opt->auth_algo_ = strdup("sha1");
+ opt->passphrase_ = NULL;
#else
opt->cipher_ = strdup("null");
#endif
@@ -279,6 +294,8 @@ void options_clear(options_t* opt)
free(opt->kd_prf_);
if(opt->auth_algo_)
free(opt->auth_algo_);
+ if(opt->passphrase_)
+ free(opt->passphrase_);
#endif
if(opt->key_.buf_)
free(opt->key_.buf_);
@@ -308,11 +325,12 @@ void options_print_usage()
printf(" [-s|--sender-id ] <sender id> the sender id to use\n");
printf(" [-w|--window-size] <window size> seqence number window size\n");
printf(" [-m|--mux] <mux-id> the multiplex id to use\n");
- printf(" [-c|--cipher] <cipher type> payload encryption algorithm\n");
#ifndef NO_CRYPT
+ printf(" [-c|--cipher] <cipher type> payload encryption algorithm\n");
printf(" [-a|--auth-algo] <algo type> message authentication algorithm\n");
-// printf(" [-k|--kd-prf] <kd-prf type> key derivation pseudo random function\n");
+ printf(" [-k|--kd-prf] <kd-prf type> key derivation pseudo random function\n");
printf(" [-l|--ld-kdr] <ld-kdr> log2 of key derivation rate\n");
+ printf(" [-E|--passphrase <pass phrase> a passprhase to generate master key and salt from\n");
printf(" [-K|--key] <master key> master key to use for encryption\n");
printf(" [-A|--salt] <master salt> master salt to use for encryption\n");
#endif
@@ -343,6 +361,7 @@ void options_print(options_t* opt)
printf("auth_algo: '%s'\n", opt->auth_algo_);
printf("kd_prf: '%s'\n", opt->kd_prf_);
printf("ld_kdr: %d\n", opt->ld_kdr_);
+ printf("passphrase: '%s'\n", opt->passphrase_);
#endif
u_int32_t i;
diff --git a/src/options.h b/src/options.h
index 8808e63..ce8f3fc 100644
--- a/src/options.h
+++ b/src/options.h
@@ -58,6 +58,7 @@ struct options_struct {
char* kd_prf_;
int ld_kdr_;
char* auth_algo_;
+ char* passphrase_;
#endif
mux_t mux_;
buffer_t key_;
diff --git a/src/uanytun.c b/src/uanytun.c
index b33ff43..051886a 100644
--- a/src/uanytun.c
+++ b/src/uanytun.c
@@ -95,7 +95,6 @@ int init_libgcrypt()
int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
{
- int return_value = 0;
log_printf(INFO, "entering main loop");
plain_packet_t plain_packet;
@@ -111,7 +110,7 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
int ret = cipher_init(&c, opt->cipher_);
if(ret) {
log_printf(ERR, "could not initialize cipher of type %s", opt->cipher_);
- return_value = ret;
+ return ret;
}
#ifndef NO_CRYPT
@@ -119,26 +118,33 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
ret = auth_algo_init(&aa, opt->auth_algo_);
if(ret) {
log_printf(ERR, "could not initialize auth algo of type %s", opt->auth_algo_);
- return_value = ret;
+ cipher_close(&c);
+ return ret;
}
key_derivation_t kd_in;
- ret = key_derivation_init(&kd_in, opt->kd_prf_, opt->ld_kdr_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
+ ret = key_derivation_init(&kd_in, opt->kd_prf_, opt->ld_kdr_, opt->passphrase_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
if(ret) {
log_printf(ERR, "could not initialize inbound key derivation of type %s", opt->kd_prf_);
- return_value = ret;
+ cipher_close(&c);
+ auth_algo_close(&aa);
+ return ret;
}
key_derivation_t kd_out;
- ret = key_derivation_init(&kd_out, opt->kd_prf_, opt->ld_kdr_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
+ ret = key_derivation_init(&kd_out, opt->kd_prf_, opt->ld_kdr_, opt->passphrase_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
if(ret) {
log_printf(ERR, "could not initialize outbound key derivation of type %s", opt->kd_prf_);
- return_value = ret;
+ cipher_close(&c);
+ auth_algo_close(&aa);
+ key_derivation_close(&kd_in);
+ return ret;
}
#else
key_derivation_t kd_in, kd_out;
#endif
+ int return_value = 0;
seq_win_t seq_win;
ret = seq_win_init(&seq_win, opt->seq_window_size_);
if(ret) {