summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/auth_algo.c16
-rw-r--r--src/auth_algo.h8
-rw-r--r--src/cipher.c18
-rw-r--r--src/cipher.h8
-rw-r--r--src/key_derivation.c62
-rw-r--r--src/key_derivation.h10
-rw-r--r--src/uanytun.c40
7 files changed, 79 insertions, 83 deletions
diff --git a/src/auth_algo.c b/src/auth_algo.c
index b842dd9..f5aef0f 100644
--- a/src/auth_algo.c
+++ b/src/auth_algo.c
@@ -85,7 +85,7 @@ void auth_algo_close(auth_algo_t* aa)
free(aa->key_.buf_);
}
-void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_t* packet)
+void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet)
{
if(!aa)
return;
@@ -94,14 +94,14 @@ void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_
if(aa->type_ == aa_null)
return;
else if(aa->type_ == aa_sha1)
- auth_algo_sha1_generate(aa, kd, packet);
+ auth_algo_sha1_generate(aa, kd, dir, packet);
else {
log_printf(ERR, "unknown auth algo type");
return;
}
}
-int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_t* packet)
+int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet)
{
if(!aa)
return;
@@ -110,7 +110,7 @@ int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_
if(aa->type_ == aa_null)
return 1;
else if(aa->type_ == aa_sha1)
- return auth_algo_sha1_check_tag(aa, kd, packet);
+ return auth_algo_sha1_check_tag(aa, kd, dir, packet);
else {
log_printf(ERR, "unknown auth algo type");
return;
@@ -174,7 +174,7 @@ void auth_algo_sha1_close(auth_algo_t* aa)
}
-void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_t* packet)
+void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet)
{
encrypted_packet_add_auth_tag(packet);
if(!encrypted_packet_get_auth_tag_length(packet))
@@ -190,7 +190,7 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa
}
auth_algo_sha1_param_t* params = aa->params_;
- int ret = key_derivation_generate(kd, LABEL_SATP_MSG_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_);
+ int ret = key_derivation_generate(kd, dir, LABEL_SATP_MSG_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_);
if(ret < 0)
return;
if(ret) { // a new key got generated
@@ -230,7 +230,7 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa
}
-int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_t* packet)
+int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet)
{
if(!encrypted_packet_get_auth_tag_length(packet))
return 1;
@@ -245,7 +245,7 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_pa
}
auth_algo_sha1_param_t* params = aa->params_;
- int ret = key_derivation_generate(kd, LABEL_SATP_MSG_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_);
+ int ret = key_derivation_generate(kd, dir, LABEL_SATP_MSG_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_);
if(ret < 0)
return 0;
if(ret) { // a new key got generated
diff --git a/src/auth_algo.h b/src/auth_algo.h
index 3c00dd6..1575dc1 100644
--- a/src/auth_algo.h
+++ b/src/auth_algo.h
@@ -55,8 +55,8 @@ typedef struct auth_algo_struct auth_algo_t;
int auth_algo_init(auth_algo_t* aa, const char* type);
void auth_algo_close(auth_algo_t* aa);
-void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_t* packet);
-int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_t* packet);
+void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet);
+int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet);
#define SHA1_LENGTH 20
@@ -72,7 +72,7 @@ typedef struct auth_algo_sha1_param_struct auth_algo_sha1_param_t;
int auth_algo_sha1_init(auth_algo_t* aa);
void auth_algo_sha1_close(auth_algo_t* aa);
-void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_t* packet);
-int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, encrypted_packet_t* packet);
+void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet);
+int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet);
#endif
diff --git a/src/cipher.c b/src/cipher.c
index 3efe26a..2066d1f 100644
--- a/src/cipher.c
+++ b/src/cipher.c
@@ -110,7 +110,7 @@ void cipher_close(cipher_t* c)
}
-int cipher_encrypt(cipher_t* c, key_derivation_t* kd, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
+int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
{
if(!c)
return -1;
@@ -121,7 +121,7 @@ int cipher_encrypt(cipher_t* c, key_derivation_t* kd, plain_packet_t* in, encryp
encrypted_packet_get_payload(out), encrypted_packet_get_payload_length(out));
#ifndef NO_CRYPT
else if(c->type_ == c_aes_ctr)
- len = cipher_aesctr_crypt(c, kd, plain_packet_get_packet(in), plain_packet_get_length(in),
+ len = cipher_aesctr_crypt(c, kd, dir, plain_packet_get_packet(in), plain_packet_get_length(in),
encrypted_packet_get_payload(out), encrypted_packet_get_payload_length(out),
seq_nr, sender_id, mux);
#endif
@@ -142,7 +142,7 @@ int cipher_encrypt(cipher_t* c, key_derivation_t* kd, plain_packet_t* in, encryp
return 0;
}
-int cipher_decrypt(cipher_t* c, key_derivation_t* kd, encrypted_packet_t* in, plain_packet_t* out)
+int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* in, plain_packet_t* out)
{
if(!c)
return -1;
@@ -153,7 +153,7 @@ int cipher_decrypt(cipher_t* c, key_derivation_t* kd, encrypted_packet_t* in, pl
plain_packet_get_packet(out), plain_packet_get_length(out));
#ifndef NO_CRYPT
else if(c->type_ == c_aes_ctr)
- len = cipher_aesctr_crypt(c, kd, encrypted_packet_get_payload(in), encrypted_packet_get_payload_length(in),
+ len = cipher_aesctr_crypt(c, kd, dir, encrypted_packet_get_payload(in), encrypted_packet_get_payload_length(in),
plain_packet_get_packet(out), plain_packet_get_length(out),
encrypted_packet_get_seq_nr(in), encrypted_packet_get_sender_id(in),
encrypted_packet_get_mux(in));
@@ -250,14 +250,14 @@ void cipher_aesctr_close(cipher_t* c)
}
}
-int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
+int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
{
if(!c || !c->params_)
return -1;
cipher_aesctr_param_t* params = c->params_;
- int ret = key_derivation_generate(kd, LABEL_SATP_SALT, seq_nr, c->salt_.buf_, C_AESCTR_SALT_LENGTH);
+ int ret = key_derivation_generate(kd, dir, LABEL_SATP_SALT, seq_nr, c->salt_.buf_, C_AESCTR_SALT_LENGTH);
if(ret < 0)
return ret;
@@ -275,7 +275,7 @@ int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, seq_nr_t seq_nr, s
return 0;
}
-int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
+int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux)
{
if(!c || !c->params_) {
log_printf(ERR, "cipher not initialized");
@@ -289,7 +289,7 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, u_int8_t* in, u_i
cipher_aesctr_param_t* params = c->params_;
- int ret = key_derivation_generate(kd, LABEL_SATP_ENCRYPTION, seq_nr, c->key_.buf_, c->key_.length_);
+ int ret = key_derivation_generate(kd, dir, LABEL_SATP_ENCRYPTION, seq_nr, c->key_.buf_, c->key_.length_);
if(ret < 0)
return ret;
@@ -316,7 +316,7 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, u_int8_t* in, u_i
#endif
}
- ret = cipher_aesctr_calc_ctr(c, kd, seq_nr, sender_id, mux);
+ ret = cipher_aesctr_calc_ctr(c, kd, dir, seq_nr, sender_id, mux);
if(ret < 0) {
log_printf(ERR, "failed to calculate cipher CTR");
return ret;
diff --git a/src/cipher.h b/src/cipher.h
index 3ec4980..995315b 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -61,8 +61,8 @@ typedef struct cipher_struct cipher_t;
int cipher_init(cipher_t* c, const char* type);
void cipher_close(cipher_t* c);
-int cipher_encrypt(cipher_t* c, key_derivation_t* kd, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
-int cipher_decrypt(cipher_t* c, key_derivation_t* kd, encrypted_packet_t* in, plain_packet_t* out);
+int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* in, plain_packet_t* out);
int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen);
@@ -103,8 +103,8 @@ typedef struct cipher_aesctr_param_struct cipher_aesctr_param_t;
int cipher_aesctr_init(cipher_t* c);
void cipher_aesctr_close(cipher_t* c);
-int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
-int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
+int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
#endif
#endif
diff --git a/src/key_derivation.c b/src/key_derivation.c
index 60d1921..0283a7c 100644
--- a/src/key_derivation.c
+++ b/src/key_derivation.c
@@ -78,11 +78,13 @@ int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, c
kd->params_ = NULL;
- int i;
- for(i = 0; i<KD_LABEL_COUNT; ++i) {
- kd->key_store_[i].key_.buf_ = NULL;
- kd->key_store_[i].key_.length_ = 0;
- kd->key_store_[i].r_ = 0;
+ int d, i;
+ for(d = 0; d<2; ++d) {
+ for(i = 0; i<KD_LABEL_COUNT; ++i) {
+ kd->key_store_[d][i].key_.buf_ = NULL;
+ kd->key_store_[d][i].key_.length_ = 0;
+ kd->key_store_[d][i].r_ = 0;
+ }
}
if(!key) {
@@ -248,14 +250,16 @@ void key_derivation_close(key_derivation_t* kd)
if(kd->master_salt_.buf_)
free(kd->master_salt_.buf_);
- int i;
- for(i = 0; i<KD_LABEL_COUNT; ++i) {
- if(kd->key_store_[i].key_.buf_)
- free(kd->key_store_[i].key_.buf_);
+ int d, i;
+ for(d = 0; d<2; ++d) {
+ for(i = 0; i<KD_LABEL_COUNT; ++i) {
+ if(kd->key_store_[d][i].key_.buf_)
+ free(kd->key_store_[d][i].key_.buf_);
+ }
}
}
-int key_derivation_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len)
+int key_derivation_generate(key_derivation_t* kd, key_store_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len)
{
if(!kd || !key)
return -1;
@@ -269,7 +273,7 @@ int key_derivation_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr
if(kd->type_ == kd_null)
ret = key_derivation_null_generate(key, len);
else if(kd->type_ == kd_aes_ctr)
- ret = key_derivation_aesctr_generate(kd, label, seq_nr, key, len);
+ ret = key_derivation_aesctr_generate(kd, dir, label, seq_nr, key, len);
else {
log_printf(ERR, "unknown key derivation type");
return -1;
@@ -365,7 +369,7 @@ void key_derivation_aesctr_close(key_derivation_t* kd)
}
}
-int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, seq_nr_t* r, satp_prf_label_t label, seq_nr_t seq_nr)
+int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_store_dir_t dir, seq_nr_t* r, satp_prf_label_t label, seq_nr_t seq_nr)
{
if(!kd || !kd->params_ || !r)
return -1;
@@ -376,7 +380,7 @@ int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, seq_nr_t* r, satp_prf_l
if(kd->ld_kdr_ >= 0)
*r = seq_nr >> kd->ld_kdr_;
- if(kd->key_store_[label].key_.buf_ && kd->key_store_[label].r_ == *r) {
+ if(kd->key_store_[dir][label].key_.buf_ && kd->key_store_[dir][label].r_ == *r) {
if(!(*r) || (seq_nr % (*r)))
return 0;
}
@@ -398,7 +402,7 @@ int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, seq_nr_t* r, satp_prf_l
return 1;
}
-int key_derivation_aesctr_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len)
+int key_derivation_aesctr_generate(key_derivation_t* kd, key_store_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len)
{
if(!kd || !kd->params_ || !kd->master_key_.buf_ || !kd->master_salt_.buf_) {
log_printf(ERR, "key derivation not initialized or no key or salt set");
@@ -408,18 +412,18 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, satp_prf_label_t label,
key_derivation_aesctr_param_t* params = kd->params_;
seq_nr_t r;
- int ret = key_derivation_aesctr_calc_ctr(kd, &r, label, seq_nr);
+ int ret = key_derivation_aesctr_calc_ctr(kd, dir, &r, label, seq_nr);
if(ret < 0) {
log_printf(ERR, "failed to calculate key derivation CTR");
return -1;
}
else if(!ret) {
- if(len > kd->key_store_[label].key_.length_) {
+ if(len > kd->key_store_[dir][label].key_.length_) {
log_printf(WARNING, "stored (old) key for label 0x%02X is too short, filling with zeros", label);
memset(key, 0, len);
- len = kd->key_store_[label].key_.length_;
+ len = kd->key_store_[dir][label].key_.length_;
}
- memcpy(key, kd->key_store_[label].key_.buf_, len);
+ memcpy(key, kd->key_store_[dir][label].key_.buf_, len);
return 0;
}
@@ -456,25 +460,25 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, satp_prf_label_t label,
if(!kd->ld_kdr_)
return 1;
- if(!kd->key_store_[label].key_.buf_) {
- kd->key_store_[label].key_.length_ = 0;
- kd->key_store_[label].key_.buf_ = malloc(len);
- if(!kd->key_store_[label].key_.buf_)
+ if(!kd->key_store_[dir][label].key_.buf_) {
+ kd->key_store_[dir][label].key_.length_ = 0;
+ kd->key_store_[dir][label].key_.buf_ = malloc(len);
+ if(!kd->key_store_[dir][label].key_.buf_)
return -2;
- kd->key_store_[label].key_.length_ = len;
+ kd->key_store_[dir][label].key_.length_ = len;
}
- else if(kd->key_store_[label].key_.length_ < len) {
- u_int8_t* tmp = realloc(kd->key_store_[label].key_.buf_, len);
+ else if(kd->key_store_[dir][label].key_.length_ < len) {
+ u_int8_t* tmp = realloc(kd->key_store_[dir][label].key_.buf_, len);
if(!tmp)
return -2;
- kd->key_store_[label].key_.buf_ = tmp;
- kd->key_store_[label].key_.length_ = len;
+ kd->key_store_[dir][label].key_.buf_ = tmp;
+ kd->key_store_[dir][label].key_.length_ = len;
}
- memcpy(kd->key_store_[label].key_.buf_, key, len);
- kd->key_store_[label].r_ = r;
+ memcpy(kd->key_store_[dir][label].key_.buf_, key, len);
+ kd->key_store_[dir][label].r_ = r;
return 1;
}
diff --git a/src/key_derivation.h b/src/key_derivation.h
index 6cec9c9..1e849af 100644
--- a/src/key_derivation.h
+++ b/src/key_derivation.h
@@ -51,6 +51,8 @@ typedef enum satp_prf_label_enum satp_prf_label_t;
enum key_derivation_type_enum { kd_unknown, kd_null, kd_aes_ctr };
typedef enum key_derivation_type_enum key_derivation_type_t;
+enum key_store_dir_enum { kd_inbound = 0, kd_outbound = 1 };
+typedef enum key_store_dir_enum key_store_dir_t;
struct key_store_struct {
buffer_t key_;
@@ -64,7 +66,7 @@ struct key_derivation_struct {
int8_t ld_kdr_;
buffer_t master_key_;
buffer_t master_salt_;
- key_store_t key_store_[KD_LABEL_COUNT];
+ key_store_t key_store_[2][KD_LABEL_COUNT];
void* params_;
};
typedef struct key_derivation_struct key_derivation_t;
@@ -75,7 +77,7 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr
int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passphrase, u_int16_t salt_length);
#endif
void key_derivation_close(key_derivation_t* kd);
-int key_derivation_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len);
+int key_derivation_generate(key_derivation_t* kd, key_store_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len);
int key_derivation_null_generate(u_int8_t* key, u_int32_t len);
@@ -122,7 +124,7 @@ typedef struct key_derivation_aesctr_param_struct key_derivation_aesctr_param_t;
int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase);
void key_derivation_aesctr_close(key_derivation_t* kd);
-int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, seq_nr_t* r, satp_prf_label_t label, seq_nr_t seq_nr);
-int key_derivation_aesctr_generate(key_derivation_t* kd, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len);
+int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_store_dir_t dir, seq_nr_t* r, satp_prf_label_t label, seq_nr_t seq_nr);
+int key_derivation_aesctr_generate(key_derivation_t* kd, key_store_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len);
#endif
diff --git a/src/uanytun.c b/src/uanytun.c
index 15e3238..6854200 100644
--- a/src/uanytun.c
+++ b/src/uanytun.c
@@ -97,7 +97,7 @@ int init_libgcrypt()
typedef u_int8_t auth_algo_t;
#endif
-int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_t* kd_in, key_derivation_t* kd_out, seq_win_t* seq_win)
+int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_t* kd, seq_win_t* seq_win)
{
int ret = cipher_init(c, opt->cipher_);
if(ret) {
@@ -113,22 +113,14 @@ int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_
return ret;
}
- ret = key_derivation_init(kd_in, opt->kd_prf_, opt->ld_kdr_, opt->passphrase_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
+ ret = key_derivation_init(kd, opt->kd_prf_, opt->ld_kdr_, opt->passphrase_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
if(ret) {
- log_printf(ERR, "could not initialize inbound key derivation of type %s", opt->kd_prf_);
+ log_printf(ERR, "could not initialize key derivation of type %s", opt->kd_prf_);
cipher_close(c);
auth_algo_close(aa);
return ret;
}
- ret = key_derivation_init(kd_out, opt->kd_prf_, opt->ld_kdr_, opt->passphrase_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
- if(ret) {
- log_printf(ERR, "could not initialize outbound key derivation of type %s", opt->kd_prf_);
- cipher_close(c);
- auth_algo_close(aa);
- key_derivation_close(kd_in);
- return ret;
- }
#endif
ret = seq_win_init(seq_win, opt->seq_window_size_);
@@ -137,8 +129,7 @@ int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_
cipher_close(c);
#ifndef NO_CRYPT
auth_algo_close(aa);
- key_derivation_close(kd_in);
- key_derivation_close(kd_out);
+ key_derivation_close(kd);
#endif
return ret;
}
@@ -146,7 +137,7 @@ int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_
}
int process_tun_data(tun_device_t* dev, udp_socket_t* sock, options_t* opt, plain_packet_t* plain_packet, encrypted_packet_t* encrypted_packet,
- cipher_t* c, auth_algo_t* aa, key_derivation_t* kd_out, seq_nr_t seq_nr)
+ cipher_t* c, auth_algo_t* aa, key_derivation_t* kd, seq_nr_t seq_nr)
{
plain_packet_set_payload_length(plain_packet, -1);
encrypted_packet_set_length(encrypted_packet, -1);
@@ -166,10 +157,10 @@ int process_tun_data(tun_device_t* dev, udp_socket_t* sock, options_t* opt, plai
else
plain_packet_set_type(plain_packet, PAYLOAD_TYPE_UNKNOWN);
- cipher_encrypt(c, kd_out, plain_packet, encrypted_packet, seq_nr, opt->sender_id_, opt->mux_);
+ cipher_encrypt(c, kd, kd_outbound, plain_packet, encrypted_packet, seq_nr, opt->sender_id_, opt->mux_);
#ifndef NO_CRYPT
- auth_algo_generate(aa, kd_out, encrypted_packet);
+ auth_algo_generate(aa, kd, kd_outbound, encrypted_packet);
#endif
len = udp_write(sock, encrypted_packet_get_packet(encrypted_packet), encrypted_packet_get_length(encrypted_packet));
@@ -180,7 +171,7 @@ int process_tun_data(tun_device_t* dev, udp_socket_t* sock, options_t* opt, plai
}
int process_sock_data(tun_device_t* dev, udp_socket_t* sock, options_t* opt, plain_packet_t* plain_packet, encrypted_packet_t* encrypted_packet,
- cipher_t* c, auth_algo_t* aa, key_derivation_t* kd_in, seq_win_t* seq_win)
+ cipher_t* c, auth_algo_t* aa, key_derivation_t* kd, seq_win_t* seq_win)
{
plain_packet_set_payload_length(plain_packet, -1);
encrypted_packet_set_length(encrypted_packet, -1);
@@ -196,7 +187,7 @@ int process_sock_data(tun_device_t* dev, udp_socket_t* sock, options_t* opt, pla
encrypted_packet_set_length(encrypted_packet, len);
#ifndef NO_CRYPT
- if(!auth_algo_check_tag(aa, kd_in, encrypted_packet)) {
+ if(!auth_algo_check_tag(aa, kd, kd_inbound, encrypted_packet)) {
log_printf(WARNING, "wrong authentication tag, discarding packet");
return 0;
}
@@ -224,7 +215,7 @@ int process_sock_data(tun_device_t* dev, udp_socket_t* sock, options_t* opt, pla
free(addrstring);
}
- int ret = cipher_decrypt(c, kd_in, encrypted_packet, plain_packet);
+ int ret = cipher_decrypt(c, kd, kd_inbound, encrypted_packet, plain_packet);
if(ret)
return ret;
@@ -249,10 +240,10 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
cipher_t c;
auth_algo_t aa;
- key_derivation_t kd_in, kd_out;
+ key_derivation_t kd;
seq_win_t seq_win;
- int ret = init_main_loop(opt, &c, &aa, &kd_in, &kd_out, &seq_win);
+ int ret = init_main_loop(opt, &c, &aa, &kd, &seq_win);
if(ret)
return ret;
@@ -278,14 +269,14 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
}
if(FD_ISSET(dev->fd_, &readfds)) {
- return_value = process_tun_data(dev, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd_out, seq_nr);
+ return_value = process_tun_data(dev, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd, seq_nr);
seq_nr++;
if(return_value)
break;
}
if(FD_ISSET(sock->fd_, &readfds)) {
- return_value = process_sock_data(dev, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd_in, &seq_win);
+ return_value = process_sock_data(dev, sock, opt, &plain_packet, &encrypted_packet, &c, &aa, &kd, &seq_win);
if(return_value)
break;
}
@@ -294,8 +285,7 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
cipher_close(&c);
#ifndef NO_CRYPT
auth_algo_close(&aa);
- key_derivation_close(&kd_out);
- key_derivation_close(&kd_in);
+ key_derivation_close(&kd);
#endif
seq_win_clear(&seq_win);