From 4dae26be1c18fbaab59487036b239ecd47b40237 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 7 Jan 2009 18:11:10 +0000 Subject: --key and --salt have now higher priority than a passphrase --- doc/uanytun.8.txt | 2 +- src/key_derivation.c | 26 ++++++++++++-------------- src/uanytun.c | 11 +++++++---- 3 files changed, 20 insertions(+), 19 deletions(-) diff --git a/doc/uanytun.8.txt b/doc/uanytun.8.txt index e258a6e..bb58f87 100644 --- a/doc/uanytun.8.txt +++ b/doc/uanytun.8.txt @@ -256,7 +256,7 @@ This passphrase is used to generate the master key and master salt. For the master key the last n bits of the SHA256 digest of the passphrase (where n is the length of the master key in bits) is used. The master salt gets generated with the SHA1 digest. -This overrides any setting for *--key* or *--salt*. +You may force a specific key and or salt by using *--key* and *--salt*. -K|--key ~~~~~~~~~~~~~~~~~~~~~ diff --git a/src/key_derivation.c b/src/key_derivation.c index f2094e0..d78a493 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -127,6 +127,12 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr if(!kd || !passphrase) return -1; + if(kd->master_key_.buf_) { + log_printf(ERR, "master key and passphrase provided, ignoring passphrase"); + return 0; + } + log_printf(NOTICE, "using passphrase to generate master key"); + if(!key_length || (key_length % 8)) { log_printf(ERR, "bad master key length"); return -1; @@ -141,13 +147,6 @@ int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphr return -1; } - if(kd->master_key_.buf_) { - log_printf(ERR, "master key and passphrase provided, overwriting given master key"); - free(kd->master_key_.buf_); - kd->master_key_.buf_ = NULL; - kd->master_key_.length_ = 0; - } - buffer_t digest; #ifndef USE_SSL_CRYPTO digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA256); @@ -184,6 +183,12 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph if(!kd || !passphrase) return -1; + if(kd->master_salt_.buf_) { + log_printf(ERR, "master salt and passphrase provided, ignoring passphrase"); + return 0; + } + log_printf(NOTICE, "using passphrase to generate master salt"); + if(!salt_length || (salt_length % 8)) { log_printf(ERR, "bad master salt length"); return -1; @@ -198,13 +203,6 @@ int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passph return -1; } - if(kd->master_salt_.buf_) { - log_printf(ERR, "master salt and passphrase provided, overwriting given master salt"); - free(kd->master_salt_.buf_); - kd->master_salt_.buf_ = NULL; - kd->master_salt_.length_ = 0; - } - buffer_t digest; #ifndef USE_SSL_CRYPTO digest.length_ = gcry_md_get_algo_dlen(GCRY_MD_SHA1); diff --git a/src/uanytun.c b/src/uanytun.c index e403d40..15e3238 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -322,16 +322,21 @@ void print_hex_dump(const u_int8_t* buf, u_int32_t len) int main(int argc, char* argv[]) { log_init("uanytun", DAEMON); + log_printf(NOTICE, "just started..."); signal_init(); options_t opt; int ret = options_parse(&opt, argc, argv); if(ret) { options_clear(&opt); - if(ret > 0) + if(ret > 0) { fprintf(stderr, "syntax error near: %s\n\n", argv[ret]); - if(ret == -2) + log_printf(ERR, "syntax error, exitting"); + } + if(ret == -2) { fprintf(stderr, "memory error on options_parse, exitting\n"); + log_printf(ERR, "memory error on options_parse, exitting"); + } if(ret == -1 || ret > 0) options_print_usage(); @@ -339,8 +344,6 @@ int main(int argc, char* argv[]) exit(ret); } - log_printf(NOTICE, "just started..."); - #ifndef NO_CRYPT #ifndef USE_SSL_CRYPTO ret = init_libgcrypt(); -- cgit v1.2.3