From 63910439f77b91848dda094ef6e90523e1f7efa6 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@anytun.org>
Date: Fri, 13 Mar 2009 01:50:09 +0000
Subject: added command line option for auth tag length

---
 src/options.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'src/options.c')

diff --git a/src/options.c b/src/options.c
index f15d6b8..09265da 100644
--- a/src/options.c
+++ b/src/options.c
@@ -43,6 +43,10 @@
 
 #include "log.h"
 
+#ifndef NO_CRYPT
+#include "auth_algo.h"
+#endif
+
 #define PARSE_BOOL_PARAM(SHORT, LONG, VALUE)             \
     else if(!strcmp(str,SHORT) || !strcmp(str,LONG))     \
       VALUE = 1;
@@ -257,6 +261,7 @@ int options_parse(options_t* opt, int argc, char* argv[])
     PARSE_HEXSTRING_PARAM_SEC("-A","--salt", opt->salt_)
     PARSE_STRING_PARAM("-c","--cipher", opt->cipher_)
     PARSE_STRING_PARAM("-a","--auth-algo", opt->auth_algo_)
+    PARSE_INT_PARAM("-b","--auth-tag-length", opt->auth_tag_length_)
 #endif
     else 
       return i;
@@ -294,6 +299,13 @@ void options_parse_post(options_t* opt)
      !strcmp(opt->kd_prf_, "null")) {
     log_printf(WARNING, "using NULL key derivation with encryption and or authentication enabled!");
   }
+
+  u_int32_t tag_len_max = auth_algo_get_max_length(opt->auth_algo_);
+  if(!tag_len_max) opt->auth_tag_length_ = 0;
+  else if(tag_len_max < opt->auth_tag_length_) {
+    log_printf(WARNING, "%s auth algo can't generate tags of length %d, using maximum tag length(%d)", opt->auth_algo_, opt->auth_tag_length_, tag_len_max);
+    opt->auth_tag_length_ = tag_len_max;
+  }
 #endif
 
   if(!(opt->dev_name_) && !(opt->dev_type_))
@@ -331,8 +343,10 @@ void options_default(options_t* opt)
   opt->passphrase_ = NULL;
   opt->cipher_ = strdup("aes-ctr");
   opt->auth_algo_ = strdup("sha1");
+  opt->auth_tag_length_ = 10;
 #else
   opt->cipher_ = strdup("null");
+  opt->auth_tag_length_ = 0;
 #endif
   opt->anytun02_compat_ = 0;
   opt->key_.buf_ = NULL;
@@ -426,6 +440,7 @@ void options_print_usage()
   printf("        [-A|--salt] <master salt>           master salt to use for encryption\n");
   printf("        [-c|--cipher] <cipher type>         payload encryption algorithm\n");
   printf("        [-a|--auth-algo] <algo type>        message authentication algorithm\n");
+  printf("        [-b|--auth-tag-length] <length>     length of the auth tag\n");
 #endif
 }
 
@@ -464,6 +479,7 @@ void options_print(options_t* opt)
   printf("cipher: '%s'\n", opt->cipher_);
 #ifndef NO_CRYPT
   printf("auth_algo: '%s'\n", opt->auth_algo_);
+  printf("auth_tag_length: %d\n", opt->auth_tag_length_);
   printf("kd_prf: '%s'\n", opt->kd_prf_);
   printf("ld_kdr: %d\n", opt->ld_kdr_);
   printf("passphrase: '%s'\n", opt->passphrase_);
-- 
cgit v1.2.3