From f5b5a594433e96ffb1bd6883fbfead2db45f51a6 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@anytun.org>
Date: Fri, 2 Jan 2009 12:15:20 +0000
Subject: added option ld-kdr for the key derivation rate

---
 doc/uanytun.8.txt    | 14 +++++++++++++-
 src/key_derivation.c |  2 +-
 src/options.c        |  6 +++++-
 src/options.h        |  1 +
 src/uanytun.c        |  2 +-
 5 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/doc/uanytun.8.txt b/doc/uanytun.8.txt
index f2a2095..d0e1fc6 100644
--- a/doc/uanytun.8.txt
+++ b/doc/uanytun.8.txt
@@ -28,6 +28,7 @@ SYNOPSIS
 [ *-m|--mux* <mux-id> ]
 [ *-c|--cipher* <cipher type> ]
 [ *-a|--auth-algo* <algo type> ]
+[ *-l|--ld-kdr* <ld-kdr> ]
 [ *-K|--key* <master key> ]
 [ *-A|--salt* <master salt> ]
 
@@ -215,6 +216,17 @@ Possible values:
 If HMAC-SHA1 is used, the packet length is increased by
 10 bytes. These 10 bytes contain the authentication data.
 
+-l|--ld-kdr <ld-kdr>
+~~~~~~~~~~~~~~~~~~~~
+
+The log2 of the key derivation rate. This is used by the key
+derivation to determine how ofen a new session key has to be
+generated. A value of -1 means to generate only one key and use
+it forever. The default is 0 which means to calculate a new key
+for every packet. A value of 1 would tell the key derivation
+to generate a new key after 2 packets, for 2 its 4 packets and 
+so on.
+
 -K|--key <master key>
 ~~~~~~~~~~~~~~~~~~~~~
 
@@ -222,7 +234,7 @@ master key to use for encryption
 
 Master key in hexadecimal notation, eg
 01a2b3c4d5e6f708a9b0cadbecfd0fa1, with a mandatory length
-of 32 characters (16 bytes).
+of 32, 48 or 64 characters (128, 196 or 256 bits).
 
 -A|--salt <master salt>
 ~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/src/key_derivation.c b/src/key_derivation.c
index 49fb2a2..28e9a1c 100644
--- a/src/key_derivation.c
+++ b/src/key_derivation.c
@@ -296,7 +296,7 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, satp_prf_label_t label,
   }
   else if(!ret) {
     if(len > kd->key_store_[label].length_) {
-      log_printf(WARNING, "stored (old) key for label 0x%02X is to short, filling with zeros", label);
+      log_printf(WARNING, "stored (old) key for label 0x%02X is too short, filling with zeros", label);
       memset(key, 0, len);
       len = kd->key_store_[label].length_;
     }
diff --git a/src/options.c b/src/options.c
index 360e85d..b74092b 100644
--- a/src/options.c
+++ b/src/options.c
@@ -51,7 +51,7 @@
 #define PARSE_INT_PARAM(SHORT, LONG, VALUE)              \
     else if(!strcmp(str,SHORT) || !strcmp(str,LONG))     \
     {                                                    \
-      if(argc < 1 || argv[i+1][0] == '-')                \
+      if(argc < 1)                                       \
         return i;                                        \
       VALUE = atoi(argv[i+1]);                           \
       argc--;                                            \
@@ -176,6 +176,7 @@ int options_parse(options_t* opt, int argc, char* argv[])
     PARSE_INT_PARAM("-w","--window-size", opt->seq_window_size_)
     PARSE_STRING_PARAM("-c","--cipher", opt->cipher_)
     PARSE_STRING_PARAM("-k","--kd-prf", opt->kd_prf_)
+    PARSE_INT_PARAM("-l","--ld-kdr", opt->ld_kdr_)
     PARSE_STRING_PARAM("-a","--auth-algo", opt->auth_algo_)
     PARSE_HEXSTRING_PARAM_SEC("-K","--key", opt->key_)
     PARSE_HEXSTRING_PARAM_SEC("-A","--salt", opt->salt_)
@@ -223,6 +224,7 @@ void options_default(options_t* opt)
   opt->seq_window_size_ = 100;
   opt->cipher_ = strdup("null");
   opt->kd_prf_ = strdup("null");
+  opt->ld_kdr_ = 0;
   opt->auth_algo_ = strdup("null");
   opt->mux_ = 0;
   opt->key_.buf_ = NULL;
@@ -299,6 +301,7 @@ void options_print_usage()
   printf("        [-c|--cipher] <cipher type>         payload encryption algorithm\n");
   printf("        [-a|--auth-algo] <algo type>        message authentication algorithm\n");
 //  printf("        [-k|--kd-prf] <kd-prf type>         key derivation pseudo random function\n");
+  printf("        [-l|--ld-kdr] <ld-kdr>              log2 of key derivation rate\n");
   printf("        [-K|--key] <master key>             master key to use for encryption\n");
   printf("        [-A|--salt] <master salt>           master salt to use for encryption\n");
 }
@@ -326,6 +329,7 @@ void options_print(options_t* opt)
   printf("cipher: '%s'\n", opt->cipher_);
   printf("auth_algo: '%s'\n", opt->auth_algo_);
   printf("kd_prf: '%s'\n", opt->kd_prf_);
+  printf("ld_kdr: %d\n", opt->ld_kdr_);
 
   u_int32_t i;
   printf("key_[%d]: '", opt->key_.length_);
diff --git a/src/options.h b/src/options.h
index 8fd413d..93836b5 100644
--- a/src/options.h
+++ b/src/options.h
@@ -55,6 +55,7 @@ struct options_struct {
   window_size_t seq_window_size_;
   char* cipher_;
   char* kd_prf_;
+  int ld_kdr_;
   char* auth_algo_;
   mux_t mux_;
   buffer_t key_;
diff --git a/src/uanytun.c b/src/uanytun.c
index b666575..b4ea9c0 100644
--- a/src/uanytun.c
+++ b/src/uanytun.c
@@ -106,7 +106,7 @@ int main_loop(tun_device_t* dev, udp_socket_t* sock, options_t* opt)
   }
 
   key_derivation_t kd;
-  ret = key_derivation_init(&kd, opt->kd_prf_, 0, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
+  ret = key_derivation_init(&kd, opt->kd_prf_, opt->ld_kdr_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_);
   if(ret) {
     log_printf(ERR, "could not initialize key derivation of type %s", opt->kd_prf_);
     return_value = ret;
-- 
cgit v1.2.3