summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/auth_algo.c12
-rw-r--r--src/auth_algo.h8
-rw-r--r--src/cipher.c12
-rw-r--r--src/cipher.h12
-rw-r--r--src/key_derivation.c89
-rw-r--r--src/key_derivation.h49
-rw-r--r--src/options.c4
-rw-r--r--src/options.h1
-rw-r--r--src/uanytun.c2
9 files changed, 61 insertions, 128 deletions
diff --git a/src/auth_algo.c b/src/auth_algo.c
index 1cec7ba..d015cc5 100644
--- a/src/auth_algo.c
+++ b/src/auth_algo.c
@@ -100,7 +100,7 @@ void auth_algo_close(auth_algo_t* aa)
free(aa->key_.buf_);
}
-void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet)
+void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet)
{
if(!aa)
return;
@@ -115,7 +115,7 @@ void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t d
}
}
-int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet)
+int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet)
{
if(!aa)
return 0;
@@ -187,7 +187,7 @@ void auth_algo_sha1_close(auth_algo_t* aa)
}
-void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet)
+void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet)
{
if(!encrypted_packet_get_auth_tag_length(packet))
return;
@@ -202,7 +202,7 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_di
}
auth_algo_sha1_param_t* params = aa->params_;
- int ret = key_derivation_generate(kd, dir, LABEL_SATP_MSG_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_);
+ int ret = key_derivation_generate(kd, dir, LABEL_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_);
if(ret < 0)
return;
@@ -235,7 +235,7 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_di
}
-int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet)
+int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet)
{
if(!encrypted_packet_get_auth_tag_length(packet))
return 1;
@@ -250,7 +250,7 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_store_di
}
auth_algo_sha1_param_t* params = aa->params_;
- int ret = key_derivation_generate(kd, dir, LABEL_SATP_MSG_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_);
+ int ret = key_derivation_generate(kd, dir, LABEL_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_);
if(ret < 0)
return 0;
diff --git a/src/auth_algo.h b/src/auth_algo.h
index 1b0aa01..baf32c5 100644
--- a/src/auth_algo.h
+++ b/src/auth_algo.h
@@ -58,8 +58,8 @@ u_int32_t auth_algo_get_max_length(const char* type);
int auth_algo_init(auth_algo_t* aa, const char* type);
void auth_algo_close(auth_algo_t* aa);
-void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet);
-int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet);
+void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet);
+int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet);
#define SHA1_LENGTH 20
@@ -75,7 +75,7 @@ typedef struct auth_algo_sha1_param_struct auth_algo_sha1_param_t;
int auth_algo_sha1_init(auth_algo_t* aa);
void auth_algo_sha1_close(auth_algo_t* aa);
-void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet);
-int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet);
+void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet);
+int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet);
#endif
diff --git a/src/cipher.c b/src/cipher.c
index 28d9bf6..13b2fa6 100644
--- a/src/cipher.c
+++ b/src/cipher.c
@@ -111,7 +111,7 @@ void cipher_close(cipher_t* c)
}
-int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
+int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
{
if(!c)
return -1;
@@ -143,7 +143,7 @@ int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, plain
return 0;
}
-int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* in, plain_packet_t* out)
+int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* in, plain_packet_t* out)
{
if(!c)
return -1;
@@ -251,14 +251,14 @@ void cipher_aesctr_close(cipher_t* c)
}
}
-int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
+int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
{
if(!c || !c->params_)
return -1;
cipher_aesctr_param_t* params = c->params_;
- int ret = key_derivation_generate(kd, dir, LABEL_SATP_SALT, seq_nr, c->salt_.buf_, C_AESCTR_SALT_LENGTH);
+ int ret = key_derivation_generate(kd, dir, LABEL_SALT, seq_nr, c->salt_.buf_, C_AESCTR_SALT_LENGTH);
if(ret < 0)
return ret;
@@ -276,7 +276,7 @@ int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_store_dir_t di
return 0;
}
-int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
+int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
{
if(!c || !c->params_) {
log_printf(ERROR, "cipher not initialized");
@@ -290,7 +290,7 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t d
cipher_aesctr_param_t* params = c->params_;
- int ret = key_derivation_generate(kd, dir, LABEL_SATP_ENCRYPTION, seq_nr, c->key_.buf_, c->key_.length_);
+ int ret = key_derivation_generate(kd, dir, LABEL_ENC, seq_nr, c->key_.buf_, c->key_.length_);
if(ret < 0)
return ret;
diff --git a/src/cipher.h b/src/cipher.h
index 17a4cec..8a7e65d 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -43,8 +43,8 @@
#endif
#include "key_derivation.h"
#else
-enum key_store_dir_enum { kd_inbound = 0, kd_outbound = 1 };
-typedef enum key_store_dir_enum key_store_dir_t;
+enum key_derivation_dir_enum { kd_inbound = 0, kd_outbound = 1 };
+typedef enum key_derivation_dir_enum key_derivation_dir_t;
typedef u_int8_t key_derivation_t;
#endif
@@ -64,8 +64,8 @@ typedef struct cipher_struct cipher_t;
int cipher_init(cipher_t* c, const char* type, int8_t anytun02_compat);
void cipher_close(cipher_t* c);
-int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
-int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* in, plain_packet_t* out);
+int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* in, plain_packet_t* out);
int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen);
@@ -106,8 +106,8 @@ typedef struct cipher_aesctr_param_struct cipher_aesctr_param_t;
int cipher_aesctr_init(cipher_t* c);
void cipher_aesctr_close(cipher_t* c);
-int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
-int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
#endif
#endif
diff --git a/src/key_derivation.c b/src/key_derivation.c
index cbc7472..3bd2207 100644
--- a/src/key_derivation.c
+++ b/src/key_derivation.c
@@ -45,11 +45,12 @@
#include <stdlib.h>
#include <string.h>
-int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, int8_t anytun02_compat, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len)
+int key_derivation_init(key_derivation_t* kd, const char* type, role_t role, int8_t anytun02_compat, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len)
{
if(!kd)
return -1;
+ kd->role_ = role;
kd->anytun02_compat_ = anytun02_compat;
kd->key_length_ = 0;
@@ -73,21 +74,8 @@ int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, i
return -1;
}
- kd->ld_kdr_ = ld_kdr;
- if(ld_kdr > (int8_t)(sizeof(seq_nr_t) * 8))
- kd->ld_kdr_ = sizeof(seq_nr_t) * 8;
-
kd->params_ = NULL;
- int d, i;
- for(d = 0; d<2; ++d) {
- for(i = 0; i<KD_LABEL_COUNT; ++i) {
- kd->key_store_[d][i].key_.buf_ = NULL;
- kd->key_store_[d][i].key_.length_ = 0;
- kd->key_store_[d][i].r_ = 0;
- }
- }
-
if(!key) {
kd->master_key_.buf_ = NULL;
kd->master_key_.length_ = 0;
@@ -250,23 +238,15 @@ void key_derivation_close(key_derivation_t* kd)
free(kd->master_key_.buf_);
if(kd->master_salt_.buf_)
free(kd->master_salt_.buf_);
-
- int d, i;
- for(d = 0; d<2; ++d) {
- for(i = 0; i<KD_LABEL_COUNT; ++i) {
- if(kd->key_store_[d][i].key_.buf_)
- free(kd->key_store_[d][i].key_.buf_);
- }
- }
}
-int key_derivation_generate(key_derivation_t* kd, key_store_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len)
+int key_derivation_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len)
{
if(!kd || !key)
return -1;
- if(label >= KD_LABEL_COUNT) {
- log_printf(ERROR, "label 0x%02X out of range", label);
+ if(label >= LABEL_NIL) {
+ log_printf(ERROR, "unknown label 0x%02X", label);
return -1;
}
@@ -370,22 +350,13 @@ void key_derivation_aesctr_close(key_derivation_t* kd)
}
}
-int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_store_dir_t dir, seq_nr_t* r, satp_prf_label_t label, seq_nr_t seq_nr)
+int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr)
{
- if(!kd || !kd->params_ || !r)
+ if(!kd || !kd->params_)
return -1;
key_derivation_aesctr_param_t* params = kd->params_;
- *r = 0;
- if(kd->ld_kdr_ >= 0)
- *r = seq_nr >> kd->ld_kdr_;
-
- if(kd->key_store_[dir][label].key_.buf_ && kd->key_store_[dir][label].r_ == *r) {
- if(!(*r) || (seq_nr % (*r)))
- return 0;
- }
-
if(kd->master_salt_.length_ != KD_AESCTR_SALT_LENGTH) {
log_printf(ERROR, "master salt has the wrong length");
return -1;
@@ -394,17 +365,17 @@ int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_store_dir_t dir, se
params->ctr_.salt_.zero_ = 0;
if(kd->anytun02_compat_) {
params->ctr_.params_compat_.label_ ^= label;
- params->ctr_.params_compat_.r_ ^= SEQ_NR_T_HTON(*r);
+ params->ctr_.params_compat_.seq_ ^= SEQ_NR_T_HTON(seq_nr);
}
else {
params->ctr_.params_.label_ ^= label;
- params->ctr_.params_.r_ ^= SEQ_NR_T_HTON(*r);
+ params->ctr_.params_.seq_ ^= SEQ_NR_T_HTON(seq_nr);
}
- return 1;
+ return 0;
}
-int key_derivation_aesctr_generate(key_derivation_t* kd, key_store_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len)
+int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len)
{
if(!kd || !kd->params_ || !kd->master_key_.buf_ || !kd->master_salt_.buf_) {
log_printf(ERROR, "key derivation not initialized or no key or salt set");
@@ -413,21 +384,10 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_store_dir_t dir, sa
key_derivation_aesctr_param_t* params = kd->params_;
- seq_nr_t r;
- int ret = key_derivation_aesctr_calc_ctr(kd, dir, &r, label, seq_nr);
- if(ret < 0) {
+ if(key_derivation_aesctr_calc_ctr(kd, dir, label, seq_nr)) {
log_printf(ERROR, "failed to calculate key derivation CTR");
return -1;
}
- else if(!ret) {
- if(len > kd->key_store_[dir][label].key_.length_) {
- log_printf(WARNING, "stored (old) key for label 0x%02X is too short, filling with zeros", label);
- memset(key, 0, len);
- len = kd->key_store_[dir][label].key_.length_;
- }
- memcpy(key, kd->key_store_[dir][label].key_.buf_, len);
- return 0;
- }
#ifndef USE_SSL_CRYPTO
gcry_error_t err = gcry_cipher_reset(params->handle_);
@@ -459,28 +419,5 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_store_dir_t dir, sa
AES_ctr128_encrypt(key, key, len, &params->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num);
#endif
- if(!kd->ld_kdr_)
- return 1;
-
- if(!kd->key_store_[dir][label].key_.buf_) {
- kd->key_store_[dir][label].key_.length_ = 0;
- kd->key_store_[dir][label].key_.buf_ = malloc(len);
- if(!kd->key_store_[dir][label].key_.buf_)
- return -2;
-
- kd->key_store_[dir][label].key_.length_ = len;
- }
- else if(kd->key_store_[dir][label].key_.length_ < len) {
- u_int8_t* tmp = realloc(kd->key_store_[dir][label].key_.buf_, len);
- if(!tmp)
- return -2;
-
- kd->key_store_[dir][label].key_.buf_ = tmp;
- kd->key_store_[dir][label].key_.length_ = len;
- }
-
- memcpy(kd->key_store_[dir][label].key_.buf_, key, len);
- kd->key_store_[dir][label].r_ = r;
-
- return 1;
+ return 0;
}
diff --git a/src/key_derivation.h b/src/key_derivation.h
index dbbf73c..3e6e95a 100644
--- a/src/key_derivation.h
+++ b/src/key_derivation.h
@@ -41,44 +41,45 @@
#include <openssl/aes.h>
#endif
-#define KD_LABEL_COUNT 3
-enum satp_prf_label_enum {
- LABEL_SATP_ENCRYPTION = 0x00,
- LABEL_SATP_MSG_AUTH = 0x01,
- LABEL_SATP_SALT = 0x02,
-};
-typedef enum satp_prf_label_enum satp_prf_label_t;
+#include "options.h"
+
+#define LABEL_ENC 0
+#define LABEL_AUTH 1
+#define LABEL_SALT 3
+#define LABEL_NIL 4
+
+#define LABEL_LEFT_ENC 0xDEADBEEF
+#define LABEL_RIGHT_ENC 0xDEAE0010
+#define LABEL_LEFT_SALT 0xDF10416F
+#define LABEL_RIGHT_SALT 0xDF13FF90
+#define LABEL_LEFT_AUTH 0xE0000683
+#define LABEL_RIGHT_AUTH 0xE001B97C
+
+typedef u_int32_t satp_prf_label_t;
enum key_derivation_type_enum { kd_unknown, kd_null, kd_aes_ctr };
typedef enum key_derivation_type_enum key_derivation_type_t;
-enum key_store_dir_enum { kd_inbound = 0, kd_outbound = 1 };
-typedef enum key_store_dir_enum key_store_dir_t;
-
-struct key_store_struct {
- buffer_t key_;
- seq_nr_t r_;
-};
-typedef struct key_store_struct key_store_t;
+enum key_derivation_dir_enum { kd_inbound = 0, kd_outbound = 1 };
+typedef enum key_derivation_dir_enum key_derivation_dir_t;
struct key_derivation_struct {
key_derivation_type_t type_;
u_int16_t key_length_;
- int8_t ld_kdr_;
+ role_t role_;
int8_t anytun02_compat_;
buffer_t master_key_;
buffer_t master_salt_;
- key_store_t key_store_[2][KD_LABEL_COUNT];
void* params_;
};
typedef struct key_derivation_struct key_derivation_t;
-int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, int8_t anytun02_compat, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len);
+int key_derivation_init(key_derivation_t* kd, const char* type, role_t role, int8_t anytun02_compat, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len);
#ifndef NO_PASSPHRASE
int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphrase, u_int16_t key_length);
int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passphrase, u_int16_t salt_length);
#endif
void key_derivation_close(key_derivation_t* kd);
-int key_derivation_generate(key_derivation_t* kd, key_store_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len);
+int key_derivation_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len);
int key_derivation_null_generate(u_int8_t* key, u_int32_t len);
@@ -96,14 +97,14 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union {
struct __attribute__((__packed__)) {
u_int8_t fill_[KD_AESCTR_SALT_LENGTH - sizeof(u_int8_t) - sizeof(seq_nr_t)];
u_int8_t label_;
- seq_nr_t r_;
+ seq_nr_t seq_;
u_int16_t zero_;
} params_;
struct __attribute__((__packed__)) {
u_int8_t fill_[KD_AESCTR_SALT_LENGTH - sizeof(u_int8_t) - 2*sizeof(u_int8_t) - sizeof(seq_nr_t)];
u_int8_t label_;
- u_int8_t r_fill_[2];
- seq_nr_t r_;
+ u_int8_t seq_fill_[2];
+ seq_nr_t seq_;
u_int16_t zero_;
} params_compat_;
};
@@ -122,7 +123,7 @@ typedef struct key_derivation_aesctr_param_struct key_derivation_aesctr_param_t;
int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase);
void key_derivation_aesctr_close(key_derivation_t* kd);
-int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_store_dir_t dir, seq_nr_t* r, satp_prf_label_t label, seq_nr_t seq_nr);
-int key_derivation_aesctr_generate(key_derivation_t* kd, key_store_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len);
+int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr);
+int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len);
#endif
diff --git a/src/options.c b/src/options.c
index 2f77cca..b743002 100644
--- a/src/options.c
+++ b/src/options.c
@@ -253,7 +253,6 @@ int options_parse(options_t* opt, int argc, char* argv[])
PARSE_INT_PARAM("-w","--window-size", opt->seq_window_size_)
#ifndef NO_CRYPT
PARSE_STRING_PARAM("-k","--kd-prf", opt->kd_prf_)
-// PARSE_INT_PARAM("-l","--ld-kdr", opt->ld_kdr_)
PARSE_BOOL_PARAM("-O","--anytun02-compat", opt->anytun02_compat_)
#ifndef NO_PASSPHRASE
PARSE_STRING_PARAM_SEC("-E","--passphrase", opt->passphrase_)
@@ -354,7 +353,6 @@ void options_default(options_t* opt)
opt->seq_window_size_ = 0;
#ifndef NO_CRYPT
opt->kd_prf_ = strdup("aes-ctr");
- opt->ld_kdr_ = 0;
opt->passphrase_ = NULL;
opt->role_ = ROLE_LEFT;
opt->cipher_ = strdup("aes-ctr");
@@ -447,7 +445,6 @@ void options_print_usage()
printf(" [-w|--window-size] <window size> seqence number window size\n");
#ifndef NO_CRYPT
printf(" [-k|--kd-prf] <kd-prf type> key derivation pseudo random function\n");
-// printf(" [-l|--ld-kdr] <ld-kdr> log2 of key derivation rate\n");
printf(" [-O|--anytun02-compat] enable compatiblity mode for anytun 0.2.x and prior\n");
#ifndef NO_PASSPHRASE
printf(" [-E|--passphrase] <pass phrase> a passprhase to generate master key and salt from\n");
@@ -498,7 +495,6 @@ void options_print(options_t* opt)
printf("auth_algo: '%s'\n", opt->auth_algo_);
printf("auth_tag_length: %d\n", opt->auth_tag_length_);
printf("kd_prf: '%s'\n", opt->kd_prf_);
- printf("ld_kdr: %d\n", opt->ld_kdr_);
printf("passphrase: '%s'\n", opt->passphrase_);
printf("role: ");
switch(opt->role_) {
diff --git a/src/options.h b/src/options.h
index bbf3bd6..a43559b 100644
--- a/src/options.h
+++ b/src/options.h
@@ -72,7 +72,6 @@ struct options_struct {
char* cipher_;
#ifndef NO_CRYPT
char* kd_prf_;
- int ld_kdr_;
char* auth_algo_;
char* passphrase_;
role_t role_;
diff --git a/src/uanytun.c b/src/uanytun.c
index 78c9f77..553a392 100644
--- a/src/uanytun.c
+++ b/src/uanytun.c
@@ -117,7 +117,7 @@ int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_
if(opt->anytun02_compat_)
log_printf(NOTICE, "enabling anytun 0.2.x crypto compatiblity mode");
- ret = key_derivation_init(kd, opt->kd_prf_, opt->ld_kdr_, opt->anytun02_compat_, opt->passphrase_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
+ ret = key_derivation_init(kd, opt->kd_prf_, opt->role_, opt->anytun02_compat_, opt->passphrase_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
if(ret) {
log_printf(ERROR, "could not initialize key derivation of type %s", opt->kd_prf_);
cipher_close(c);