summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Pointner <equinox@anytun.org>2009-03-16 23:42:16 +0000
committerChristian Pointner <equinox@anytun.org>2009-03-16 23:42:16 +0000
commit19e2940e11d1c1e2d7a18dc52fcc8ad0711556ed (patch)
treee0a0e37336b379e89985ea1e4818ca23d7f52e81 /src
parentremoved ld_kdr and key store (diff)
removed role symmetric (useless)
added new label (direction specific)
Diffstat (limited to 'src')
-rw-r--r--src/key_derivation.c45
-rw-r--r--src/key_derivation.h7
-rw-r--r--src/options.c5
-rw-r--r--src/options.h2
4 files changed, 49 insertions, 10 deletions
diff --git a/src/key_derivation.c b/src/key_derivation.c
index 3bd2207..a5a3650 100644
--- a/src/key_derivation.c
+++ b/src/key_derivation.c
@@ -262,6 +262,47 @@ int key_derivation_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp
return ret;
}
+satp_prf_label_t convert_label(role_t role, key_derivation_dir_t dir, satp_prf_label_t label)
+{
+ switch(label) {
+ case LABEL_ENC: {
+ if(dir == kd_outbound) {
+ if(role == ROLE_LEFT) return LABEL_LEFT_ENC;
+ if(role == ROLE_RIGHT) return LABEL_RIGHT_ENC;
+ }
+ else {
+ if(role == ROLE_LEFT) return LABEL_RIGHT_ENC;
+ if(role == ROLE_RIGHT) return LABEL_LEFT_ENC;
+ }
+ break;
+ }
+ case LABEL_SALT: {
+ if(dir == kd_outbound) {
+ if(role == ROLE_LEFT) return LABEL_LEFT_SALT;
+ if(role == ROLE_RIGHT) return LABEL_RIGHT_SALT;
+ }
+ else {
+ if(role == ROLE_LEFT) return LABEL_RIGHT_SALT;
+ if(role == ROLE_RIGHT) return LABEL_LEFT_SALT;
+ }
+ break;
+ }
+ case LABEL_AUTH: {
+ if(dir == kd_outbound) {
+ if(role == ROLE_LEFT) return LABEL_LEFT_AUTH;
+ if(role == ROLE_RIGHT) return LABEL_RIGHT_AUTH;
+ }
+ else {
+ if(role == ROLE_LEFT) return LABEL_RIGHT_AUTH;
+ if(role == ROLE_RIGHT) return LABEL_LEFT_AUTH;
+ }
+ break;
+ }
+ }
+
+ return label;
+}
+
/* ---------------- NULL Key Derivation ---------------- */
int key_derivation_null_generate(u_int8_t* key, u_int32_t len)
@@ -358,7 +399,7 @@ int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_derivation_dir_t di
key_derivation_aesctr_param_t* params = kd->params_;
if(kd->master_salt_.length_ != KD_AESCTR_SALT_LENGTH) {
- log_printf(ERROR, "master salt has the wrong length");
+ log_printf(ERROR, "master salt has wrong length");
return -1;
}
memcpy(params->ctr_.salt_.buf_, kd->master_salt_.buf_, KD_AESCTR_SALT_LENGTH);
@@ -368,7 +409,7 @@ int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_derivation_dir_t di
params->ctr_.params_compat_.seq_ ^= SEQ_NR_T_HTON(seq_nr);
}
else {
- params->ctr_.params_.label_ ^= label;
+ params->ctr_.params_.label_ ^= convert_label(kd->role_, dir, label);
params->ctr_.params_.seq_ ^= SEQ_NR_T_HTON(seq_nr);
}
diff --git a/src/key_derivation.h b/src/key_derivation.h
index 3e6e95a..d2fafea 100644
--- a/src/key_derivation.h
+++ b/src/key_derivation.h
@@ -59,7 +59,7 @@ typedef u_int32_t satp_prf_label_t;
enum key_derivation_type_enum { kd_unknown, kd_null, kd_aes_ctr };
typedef enum key_derivation_type_enum key_derivation_type_t;
-enum key_derivation_dir_enum { kd_inbound = 0, kd_outbound = 1 };
+enum key_derivation_dir_enum { kd_inbound, kd_outbound };
typedef enum key_derivation_dir_enum key_derivation_dir_t;
struct key_derivation_struct {
@@ -80,6 +80,7 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph
#endif
void key_derivation_close(key_derivation_t* kd);
int key_derivation_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len);
+satp_prf_label_t convert_label(role_t role, key_derivation_dir_t dir, satp_prf_label_t label);
int key_derivation_null_generate(u_int8_t* key, u_int32_t len);
@@ -95,8 +96,8 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union {
u_int16_t zero_;
} salt_;
struct __attribute__((__packed__)) {
- u_int8_t fill_[KD_AESCTR_SALT_LENGTH - sizeof(u_int8_t) - sizeof(seq_nr_t)];
- u_int8_t label_;
+ u_int8_t fill_[KD_AESCTR_SALT_LENGTH - sizeof(satp_prf_label_t) - sizeof(seq_nr_t)];
+ satp_prf_label_t label_;
seq_nr_t seq_;
u_int16_t zero_;
} params_;
diff --git a/src/options.c b/src/options.c
index b743002..e4112e0 100644
--- a/src/options.c
+++ b/src/options.c
@@ -279,8 +279,6 @@ int options_parse(options_t* opt, int argc, char* argv[])
opt->role_ = ROLE_LEFT;
else if(!strcmp(role, "bob") || !strcmp(role, "client") || !strcmp(role, "right"))
opt->role_ = ROLE_RIGHT;
- else if(!strcmp(role, "eve") || !strcmp(role, "weak") || !strcmp(role, "symmetric"))
- opt->role_ = ROLE_SYMMETRIC;
else {
free(role);
return -4;
@@ -451,7 +449,7 @@ void options_print_usage()
#endif
printf(" [-K|--key] <master key> master key to use for encryption\n");
printf(" [-A|--salt] <master salt> master salt to use for encryption\n");
- printf(" [-e|--role] <role> alice, bob or eve");
+ printf(" [-e|--role] <role> left (alice) or right (bob)");
printf(" [-c|--cipher] <cipher type> payload encryption algorithm\n");
printf(" [-a|--auth-algo] <algo type> message authentication algorithm\n");
printf(" [-b|--auth-tag-length] <length> length of the auth tag\n");
@@ -500,7 +498,6 @@ void options_print(options_t* opt)
switch(opt->role_) {
case ROLE_LEFT: printf("left\n"); break;
case ROLE_RIGHT: printf("right\n"); break;
- case ROLE_SYMMETRIC: printf("symmetric\n"); break;
default: printf("??\n"); break;
}
#endif
diff --git a/src/options.h b/src/options.h
index a43559b..f61a974 100644
--- a/src/options.h
+++ b/src/options.h
@@ -46,7 +46,7 @@ typedef struct ifconfig_param_struct ifconfig_param_t;
enum resolv_addr_type_enum { ANY, IPV4_ONLY, IPV6_ONLY };
typedef enum resolv_addr_type_enum resolv_addr_type_t;
-enum role_enum { ROLE_LEFT, ROLE_RIGHT, ROLE_SYMMETRIC };
+enum role_enum { ROLE_LEFT, ROLE_RIGHT };
typedef enum role_enum role_t;
struct options_struct {