diff options
| author | Christian Pointner <equinox@anytun.org> | 2009-01-02 19:49:51 +0000 |
|---|---|---|
| committer | Christian Pointner <equinox@anytun.org> | 2009-01-02 19:49:51 +0000 |
| commit | c0cfc1ff73049c4f420fdc70002f6f2c068d34dd (patch) | |
| tree | 1bb22c9f3fdcb6706941e492f334ad1c16bd858a /src/uanytun.c | |
| parent | some cleanup at key derivation (diff) | |
some improvements in key derivation
note this is no longer compatible to anytun and
currently not compliant to the rfc (but probably will)
Diffstat (limited to 'src/uanytun.c')
| -rw-r--r-- | src/uanytun.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/uanytun.c b/src/uanytun.c index 8f677a4..8ad6ed7 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -105,10 +105,17 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt) return_value = ret; } - key_derivation_t kd; - ret = key_derivation_init(&kd, opt->kd_prf_, opt->ld_kdr_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_); + key_derivation_t kd_in; + ret = key_derivation_init(&kd_in, opt->kd_prf_, opt->ld_kdr_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_); if(ret) { - log_printf(ERR, "could not initialize key derivation of type %s", opt->kd_prf_); + log_printf(ERR, "could not initialize inbound key derivation of type %s", opt->kd_prf_); + return_value = ret; + } + + key_derivation_t kd_out; + ret = key_derivation_init(&kd_out, opt->kd_prf_, opt->ld_kdr_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_); + if(ret) { + log_printf(ERR, "could not initialize outbound key derivation of type %s", opt->kd_prf_); return_value = ret; } @@ -158,7 +165,7 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt) else plain_packet_set_type(&plain_packet, PAYLOAD_TYPE_UNKNOWN); - cipher_encrypt(&c, &kd, &plain_packet, &encrypted_packet, seq_nr, opt->sender_id_, opt->mux_); + cipher_encrypt(&c, &kd_out, &plain_packet, &encrypted_packet, seq_nr, opt->sender_id_, opt->mux_); seq_nr++; // TODO: add auth-tag @@ -201,7 +208,7 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt) free(addrstring); } - cipher_decrypt(&c, &kd, &encrypted_packet, &plain_packet); + cipher_decrypt(&c, &kd_in, &encrypted_packet, &plain_packet); len = tun_write(dev, plain_packet_get_payload(&plain_packet), plain_packet_get_payload_length(&plain_packet)); if(len == -1) @@ -210,7 +217,8 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt) } cipher_close(&c); - key_derivation_close(&kd); + key_derivation_close(&kd_out); + key_derivation_close(&kd_in); seq_win_clear(&seq_win); return return_value; |