From 8ea43400a34855e8cd9092a2c4c0d969cf0be80d Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@anytun.org>
Date: Wed, 18 Feb 2009 12:05:20 +0000
Subject: added runtime switch for anytun 0.2 crypto compability

---
 src/cipher.c         | 11 ++++++-----
 src/cipher.h         |  3 ++-
 src/configure        | 10 ----------
 src/key_derivation.c | 13 ++++++++++---
 src/key_derivation.h |  8 +++-----
 src/options.c        |  4 ++++
 src/options.h        |  1 +
 src/uanytun.c        |  6 ++++--
 8 files changed, 30 insertions(+), 26 deletions(-)

diff --git a/src/cipher.c b/src/cipher.c
index 58467cb..f585471 100644
--- a/src/cipher.c
+++ b/src/cipher.c
@@ -44,11 +44,12 @@
 #include <stdlib.h>
 #include <string.h>
 
-int cipher_init(cipher_t* c, const char* type)
+int cipher_init(cipher_t* c, const char* type, int8_t anytun02_compat)
 {
   if(!c) 
     return -1;
 
+  c->anytun02_compat_ = anytun02_compat;
   c->key_length_ = 0;
 
   c->type_ = c_unknown;
@@ -261,10 +262,10 @@ int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_store_dir_t di
   if(ret < 0)
     return ret;
 
-#ifdef ANYTUN_02_COMPAT
-  if(!c->salt_.buf_[0])
-    c->salt_.buf_[0] = 1;
-#endif
+  if(c->anytun02_compat_) {
+    if(!c->salt_.buf_[0])
+      c->salt_.buf_[0] = 1;
+  }
 
   memcpy(params->ctr_.salt_.buf_, c->salt_.buf_, C_AESCTR_SALT_LENGTH);
   params->ctr_.salt_.zero_ = 0;
diff --git a/src/cipher.h b/src/cipher.h
index 75e7506..cae5a88 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -54,13 +54,14 @@ typedef enum cipher_type_enum cipher_type_t;
 struct cipher_struct {
   cipher_type_t type_;
   u_int16_t key_length_;
+  int8_t anytun02_compat_;
   buffer_t key_;
   buffer_t salt_;
   void* params_;
 };
 typedef struct cipher_struct cipher_t;
 
-int cipher_init(cipher_t* c, const char* type);
+int cipher_init(cipher_t* c, const char* type, int8_t anytun02_compat);
 void cipher_close(cipher_t* c);
 
 int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux);
diff --git a/src/configure b/src/configure
index a1608ef..3d630e9 100755
--- a/src/configure
+++ b/src/configure
@@ -39,7 +39,6 @@ CFLAGS='-g -O2'
 LDFLAGS='-g -Wall -O2'
 
 CRYPTO_LIB='gcrypt'
-ANYTUN_02_COMPAT=0
 PASSPHRASE=1
 V4_MAPPED=1
 
@@ -51,7 +50,6 @@ print_usage() {
   echo "          --prefix=<PREFIX>         the installation prefix (default: /usr/local)"
   echo "          --use-ssl-crypto          use ssl crypto library instead of libgcrypt"
   echo "          --disable-crypto          disable crypto at all (only NULL cipher)"
-  echo "          --enable-anytun02-compat  enable compatiblity mode for anytun 0.2.x and prior"
   echo "          --disable-passphrase      disable master key and salt passphrase"
   echo "          --disable-v4-mapped       disable V4-Mapped addresses (until now this means"
   echo "                                    to disable IPv6 as outer protocol)"
@@ -72,9 +70,6 @@ do
   --disable-crypto)
     CRYPTO_LIB='none'
   ;; 
-  --enable-anytun02-compat)
-    ANYTUN_02_COMPAT=1
-  ;;
   --disable-passphrase)
     PASSPHRASE=0
   ;;
@@ -135,11 +130,6 @@ case $CRYPTO_LIB in
   ;;
 esac
 
-if [ $ANYTUN_02_COMPAT -eq 1 ]; then
-  CFLAGS=$CFLAGS' -DANYTUN_02_COMPAT'
-  echo "enabling anytun 0.2.x crypto compatiblity mode"
-fi
-
 if [ $PASSPHRASE -eq 0 ]; then
   CFLAGS=$CFLAGS' -DNO_PASSPHRASE'
   echo "disabling master key and salt passphrase"
diff --git a/src/key_derivation.c b/src/key_derivation.c
index 6ceabb9..43277be 100644
--- a/src/key_derivation.c
+++ b/src/key_derivation.c
@@ -45,11 +45,12 @@
 #include <stdlib.h>
 #include <string.h>
 
-int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len)
+int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, int8_t anytun02_compat, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len)
 {
   if(!kd) 
     return -1;
 
+  kd->anytun02_compat_ = anytun02_compat;
   kd->key_length_ = 0;
 
   kd->type_ = kd_unknown;
@@ -391,8 +392,14 @@ int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_store_dir_t dir, se
   }
   memcpy(params->ctr_.salt_.buf_, kd->master_salt_.buf_, KD_AESCTR_SALT_LENGTH);
   params->ctr_.salt_.zero_ = 0;
-  params->ctr_.params_.label_ ^= label;
-  params->ctr_.params_.r_ ^= SEQ_NR_T_HTON(*r);
+  if(kd->anytun02_compat_) {
+    params->ctr_.params_compat_.label_ ^= label;
+    params->ctr_.params_compat_.r_ ^= SEQ_NR_T_HTON(*r);
+  }
+  else {
+    params->ctr_.params_.label_ ^= label;
+    params->ctr_.params_.r_ ^= SEQ_NR_T_HTON(*r);
+  }
 
   return 1;
 }
diff --git a/src/key_derivation.h b/src/key_derivation.h
index d78a93e..b566334 100644
--- a/src/key_derivation.h
+++ b/src/key_derivation.h
@@ -64,6 +64,7 @@ struct key_derivation_struct {
   key_derivation_type_t type_;
   u_int16_t key_length_;
   int8_t ld_kdr_;
+  int8_t anytun02_compat_;
   buffer_t master_key_;
   buffer_t master_salt_;
   key_store_t key_store_[2][KD_LABEL_COUNT];
@@ -71,7 +72,7 @@ struct key_derivation_struct {
 };
 typedef struct key_derivation_struct key_derivation_t;
 
-int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len);
+int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, int8_t anytun02_compat, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len);
 #ifndef NO_PASSPHRASE
 int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphrase, u_int16_t key_length);
 int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passphrase, u_int16_t salt_length);
@@ -92,14 +93,12 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union {
     u_int8_t buf_[KD_AESCTR_SALT_LENGTH];
     u_int16_t zero_;
   } salt_;
-#ifndef ANYTUN_02_COMPAT
   struct __attribute__((__packed__)) {
     u_int8_t fill_[KD_AESCTR_SALT_LENGTH - sizeof(u_int8_t) - sizeof(seq_nr_t)];
     u_int8_t label_;
     seq_nr_t r_;
     u_int16_t zero_;
-  } params_;
-#else
+  } params_compat_;
   struct __attribute__((__packed__)) {
     u_int8_t fill_[KD_AESCTR_SALT_LENGTH - sizeof(u_int8_t) - 2 - sizeof(seq_nr_t)];
     u_int8_t label_;
@@ -107,7 +106,6 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union {
     seq_nr_t r_;
     u_int16_t zero_;
   } params_;
-#endif
 };
 typedef union key_derivation_aesctr_ctr_union key_derivation_aesctr_ctr_t;
 
diff --git a/src/options.c b/src/options.c
index 0dbaac3..0d6943a 100644
--- a/src/options.c
+++ b/src/options.c
@@ -232,6 +232,7 @@ int options_parse(options_t* opt, int argc, char* argv[])
 #ifndef NO_CRYPT
     PARSE_STRING_PARAM("-k","--kd-prf", opt->kd_prf_)
     PARSE_INT_PARAM("-l","--ld-kdr", opt->ld_kdr_)
+    PARSE_BOOL_PARAM("-O","--anytun02-compat", opt->anytun02_compat_)
 #ifndef NO_PASSPHRASE
     PARSE_STRING_PARAM_SEC("-E","--passphrase", opt->passphrase_)
 #endif
@@ -295,6 +296,7 @@ void options_default(options_t* opt)
 #else
   opt->cipher_ = strdup("null");
 #endif
+  opt->anytun02_compat_ = 0;
   opt->key_.buf_ = NULL;
   opt->key_.length_ = 0;
   opt->salt_.buf_ = NULL;
@@ -372,6 +374,7 @@ void options_print_usage()
 #ifndef NO_CRYPT
   printf("        [-k|--kd-prf] <kd-prf type>         key derivation pseudo random function\n");
   printf("        [-l|--ld-kdr] <ld-kdr>              log2 of key derivation rate\n");
+  printf("        [-O|--anytun02-compat]              enable compatiblity mode for anytun 0.2.x and prior\n");
 #ifndef NO_PASSPHRASE
   printf("        [-E|--passphrase] <pass phrase>     a passprhase to generate master key and salt from\n");
 #endif
@@ -409,6 +412,7 @@ void options_print(options_t* opt)
   printf("ld_kdr: %d\n", opt->ld_kdr_);
   printf("passphrase: '%s'\n", opt->passphrase_);
 #endif
+  printf("anytun02_compat: %d\n", opt->anytun02_compat_);
 
   u_int32_t i;
   printf("key_[%d]: '", opt->key_.length_);
diff --git a/src/options.h b/src/options.h
index bbb010c..f18c254 100644
--- a/src/options.h
+++ b/src/options.h
@@ -66,6 +66,7 @@ struct options_struct {
   char* auth_algo_;
   char* passphrase_;
 #endif
+  int anytun02_compat_;
   buffer_t key_;
   buffer_t salt_;
 };
diff --git a/src/uanytun.c b/src/uanytun.c
index e8a8804..d52ef7d 100644
--- a/src/uanytun.c
+++ b/src/uanytun.c
@@ -101,7 +101,7 @@ typedef u_int8_t auth_algo_t;
 
 int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_t* kd, seq_win_t* seq_win)
 {
-  int ret = cipher_init(c, opt->cipher_);
+  int ret = cipher_init(c, opt->cipher_, opt->anytun02_compat_);
   if(ret) {
     log_printf(ERR, "could not initialize cipher of type %s", opt->cipher_);
     return ret;
@@ -115,7 +115,9 @@ int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_
     return ret;
   }
 
-  ret = key_derivation_init(kd, opt->kd_prf_, opt->ld_kdr_, opt->passphrase_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
+  if(opt->anytun02_compat_)
+    log_printf(ERR, "enabling anytun 0.2.x crypto compatiblity mode");
+  ret = key_derivation_init(kd, opt->kd_prf_, opt->ld_kdr_, opt->anytun02_compat_, opt->passphrase_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
   if(ret) {
     log_printf(ERR, "could not initialize key derivation of type %s", opt->kd_prf_);
     cipher_close(c);
-- 
cgit v1.2.3