summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xsrc/configure18
-rw-r--r--src/key_derivation.c4
-rw-r--r--src/key_derivation.h2
-rw-r--r--src/options.c4
4 files changed, 24 insertions, 4 deletions
diff --git a/src/configure b/src/configure
index fbbe771..78cf78b 100755
--- a/src/configure
+++ b/src/configure
@@ -40,6 +40,7 @@ LDFLAGS='-g -Wall -O2'
CRYPTO_LIB='gcrypt'
ANYTUN_02_COMPAT=0
+PASSPHRASE=1
V4_MAPPED=1
print_usage() {
@@ -47,6 +48,7 @@ print_usage() {
echo " --use-ssl-crypto use ssl crypto library instead of libgcrypt"
echo " --disable-crypto disable crypto at all (only NULL cipher)"
echo " --enable-anytun02-compat enable compatiblity mode for anytun 0.2"
+ echo " --disable-passphrase disable master key and salt passphrase"
echo " --disable-v4-mapped disable V4-Mapped addresses (until now this means"
echo " to disable IPv6 as outer protocol)"
}
@@ -63,6 +65,9 @@ do
--enable-anytun02-compat)
ANYTUN_02_COMPAT=1
;;
+ --disable-passphrase)
+ PASSPHRASE=0
+ ;;
--disable-v4-mapped)
V4_MAPPED=0
;;
@@ -106,23 +111,28 @@ esac
case $CRYPTO_LIB in
gcrypt)
LDFLAGS=$LDFLAGS' -lgcrypt -lgpg-error'
- echo "Using libgcrypt library"
+ echo "using libgcrypt library"
;;
ssl)
CFLAGS=$CFLAGS' -DUSE_SSL_CRYPTO'
LDFLAGS=$LDFLAGS' -lcrypto'
- echo "Using ssl crypto library"
+ echo "using ssl crypto library"
;;
none)
CFLAGS=$CFLAGS' -DNO_CRYPT'
echo "NO_CRYPT_OBJ = 1" >> include.mk
- echo "Disabling crypto"
+ echo "disabling crypto"
;;
esac
if [ $ANYTUN_02_COMPAT -eq 1 ]; then
CFLAGS=$CFLAGS' -DANYTUN_02_COMPAT'
- echo "enbabling anytun 0.2 crypto compatiblity mode"
+ echo "enabling anytun 0.2 crypto compatiblity mode"
+fi
+
+if [ $PASSPHRASE -eq 0 ]; then
+ CFLAGS=$CFLAGS' -DNO_PASSPHRASE'
+ echo "disabling master key and salt passphrase"
fi
if [ $V4_MAPPED -eq 0 ]; then
diff --git a/src/key_derivation.c b/src/key_derivation.c
index d78a493..60d1921 100644
--- a/src/key_derivation.c
+++ b/src/key_derivation.c
@@ -122,6 +122,7 @@ int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, c
return ret;
}
+#ifndef NO_PASSPHRASE
int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphrase, u_int16_t key_length)
{
if(!kd || !passphrase)
@@ -232,6 +233,7 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph
return 0;
}
+#endif
void key_derivation_close(key_derivation_t* kd)
{
@@ -301,6 +303,7 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase)
params->handle_ = 0;
#endif
+#ifndef NO_PASSPHRASE
if(passphrase) {
int ret = key_derivation_generate_master_key(kd, passphrase, kd->key_length_);
if(ret)
@@ -309,6 +312,7 @@ int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase)
if(ret)
return ret;
}
+#endif
#ifndef USE_SSL_CRYPTO
int algo;
diff --git a/src/key_derivation.h b/src/key_derivation.h
index d045527..6cec9c9 100644
--- a/src/key_derivation.h
+++ b/src/key_derivation.h
@@ -70,8 +70,10 @@ struct key_derivation_struct {
typedef struct key_derivation_struct key_derivation_t;
int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len);
+#ifndef NO_PASSPHRASE
int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphrase, u_int16_t key_length);
int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passphrase, u_int16_t salt_length);
+#endif
void key_derivation_close(key_derivation_t* kd);
int key_derivation_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len);
diff --git a/src/options.c b/src/options.c
index 9bfb030..32f0ce7 100644
--- a/src/options.c
+++ b/src/options.c
@@ -201,7 +201,9 @@ int options_parse(options_t* opt, int argc, char* argv[])
PARSE_STRING_PARAM("-k","--kd-prf", opt->kd_prf_)
PARSE_INT_PARAM("-l","--ld-kdr", opt->ld_kdr_)
PARSE_STRING_PARAM("-a","--auth-algo", opt->auth_algo_)
+#ifndef NO_PASSPHRASE
PARSE_STRING_PARAM_SEC("-E","--passphrase", opt->passphrase_)
+#endif
PARSE_HEXSTRING_PARAM_SEC("-K","--key", opt->key_)
PARSE_HEXSTRING_PARAM_SEC("-A","--salt", opt->salt_)
#endif
@@ -334,7 +336,9 @@ void options_print_usage()
printf(" [-a|--auth-algo] <algo type> message authentication algorithm\n");
printf(" [-k|--kd-prf] <kd-prf type> key derivation pseudo random function\n");
printf(" [-l|--ld-kdr] <ld-kdr> log2 of key derivation rate\n");
+#ifndef NO_PASSPHRASE
printf(" [-E|--passphrase <pass phrase> a passprhase to generate master key and salt from\n");
+#endif
printf(" [-K|--key] <master key> master key to use for encryption\n");
printf(" [-A|--salt] <master salt> master salt to use for encryption\n");
#endif