summaryrefslogtreecommitdiff
path: root/src/options.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/options.c')
-rw-r--r--src/options.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/src/options.c b/src/options.c
index f15d6b8..09265da 100644
--- a/src/options.c
+++ b/src/options.c
@@ -43,6 +43,10 @@
#include "log.h"
+#ifndef NO_CRYPT
+#include "auth_algo.h"
+#endif
+
#define PARSE_BOOL_PARAM(SHORT, LONG, VALUE) \
else if(!strcmp(str,SHORT) || !strcmp(str,LONG)) \
VALUE = 1;
@@ -257,6 +261,7 @@ int options_parse(options_t* opt, int argc, char* argv[])
PARSE_HEXSTRING_PARAM_SEC("-A","--salt", opt->salt_)
PARSE_STRING_PARAM("-c","--cipher", opt->cipher_)
PARSE_STRING_PARAM("-a","--auth-algo", opt->auth_algo_)
+ PARSE_INT_PARAM("-b","--auth-tag-length", opt->auth_tag_length_)
#endif
else
return i;
@@ -294,6 +299,13 @@ void options_parse_post(options_t* opt)
!strcmp(opt->kd_prf_, "null")) {
log_printf(WARNING, "using NULL key derivation with encryption and or authentication enabled!");
}
+
+ u_int32_t tag_len_max = auth_algo_get_max_length(opt->auth_algo_);
+ if(!tag_len_max) opt->auth_tag_length_ = 0;
+ else if(tag_len_max < opt->auth_tag_length_) {
+ log_printf(WARNING, "%s auth algo can't generate tags of length %d, using maximum tag length(%d)", opt->auth_algo_, opt->auth_tag_length_, tag_len_max);
+ opt->auth_tag_length_ = tag_len_max;
+ }
#endif
if(!(opt->dev_name_) && !(opt->dev_type_))
@@ -331,8 +343,10 @@ void options_default(options_t* opt)
opt->passphrase_ = NULL;
opt->cipher_ = strdup("aes-ctr");
opt->auth_algo_ = strdup("sha1");
+ opt->auth_tag_length_ = 10;
#else
opt->cipher_ = strdup("null");
+ opt->auth_tag_length_ = 0;
#endif
opt->anytun02_compat_ = 0;
opt->key_.buf_ = NULL;
@@ -426,6 +440,7 @@ void options_print_usage()
printf(" [-A|--salt] <master salt> master salt to use for encryption\n");
printf(" [-c|--cipher] <cipher type> payload encryption algorithm\n");
printf(" [-a|--auth-algo] <algo type> message authentication algorithm\n");
+ printf(" [-b|--auth-tag-length] <length> length of the auth tag\n");
#endif
}
@@ -464,6 +479,7 @@ void options_print(options_t* opt)
printf("cipher: '%s'\n", opt->cipher_);
#ifndef NO_CRYPT
printf("auth_algo: '%s'\n", opt->auth_algo_);
+ printf("auth_tag_length: %d\n", opt->auth_tag_length_);
printf("kd_prf: '%s'\n", opt->kd_prf_);
printf("ld_kdr: %d\n", opt->ld_kdr_);
printf("passphrase: '%s'\n", opt->passphrase_);