From e20819f13c629d11cc8a7a3521108f92e5aae03f Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 16 Mar 2009 22:27:17 +0000 Subject: removed ld_kdr and key store started to add role support to key derivation --- src/auth_algo.c | 12 +++---- src/auth_algo.h | 8 ++--- src/cipher.c | 12 +++---- src/cipher.h | 12 +++---- src/key_derivation.c | 89 ++++++++-------------------------------------------- src/key_derivation.h | 49 +++++++++++++++-------------- src/options.c | 4 --- src/options.h | 1 - src/uanytun.c | 2 +- 9 files changed, 61 insertions(+), 128 deletions(-) (limited to 'src') diff --git a/src/auth_algo.c b/src/auth_algo.c index 1cec7ba..d015cc5 100644 --- a/src/auth_algo.c +++ b/src/auth_algo.c @@ -100,7 +100,7 @@ void auth_algo_close(auth_algo_t* aa) free(aa->key_.buf_); } -void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet) +void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet) { if(!aa) return; @@ -115,7 +115,7 @@ void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t d } } -int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet) +int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet) { if(!aa) return 0; @@ -187,7 +187,7 @@ void auth_algo_sha1_close(auth_algo_t* aa) } -void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet) +void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet) { if(!encrypted_packet_get_auth_tag_length(packet)) return; @@ -202,7 +202,7 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_di } auth_algo_sha1_param_t* params = aa->params_; - int ret = key_derivation_generate(kd, dir, LABEL_SATP_MSG_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_); + int ret = key_derivation_generate(kd, dir, LABEL_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_); if(ret < 0) return; @@ -235,7 +235,7 @@ void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_di } -int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet) +int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet) { if(!encrypted_packet_get_auth_tag_length(packet)) return 1; @@ -250,7 +250,7 @@ int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_store_di } auth_algo_sha1_param_t* params = aa->params_; - int ret = key_derivation_generate(kd, dir, LABEL_SATP_MSG_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_); + int ret = key_derivation_generate(kd, dir, LABEL_AUTH, encrypted_packet_get_seq_nr(packet), aa->key_.buf_, aa->key_.length_); if(ret < 0) return 0; diff --git a/src/auth_algo.h b/src/auth_algo.h index 1b0aa01..baf32c5 100644 --- a/src/auth_algo.h +++ b/src/auth_algo.h @@ -58,8 +58,8 @@ u_int32_t auth_algo_get_max_length(const char* type); int auth_algo_init(auth_algo_t* aa, const char* type); void auth_algo_close(auth_algo_t* aa); -void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet); -int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet); +void auth_algo_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet); +int auth_algo_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet); #define SHA1_LENGTH 20 @@ -75,7 +75,7 @@ typedef struct auth_algo_sha1_param_struct auth_algo_sha1_param_t; int auth_algo_sha1_init(auth_algo_t* aa); void auth_algo_sha1_close(auth_algo_t* aa); -void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet); -int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* packet); +void auth_algo_sha1_generate(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet); +int auth_algo_sha1_check_tag(auth_algo_t* aa, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* packet); #endif diff --git a/src/cipher.c b/src/cipher.c index 28d9bf6..13b2fa6 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -111,7 +111,7 @@ void cipher_close(cipher_t* c) } -int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) +int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { if(!c) return -1; @@ -143,7 +143,7 @@ int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, plain return 0; } -int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* in, plain_packet_t* out) +int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* in, plain_packet_t* out) { if(!c) return -1; @@ -251,14 +251,14 @@ void cipher_aesctr_close(cipher_t* c) } } -int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) +int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { if(!c || !c->params_) return -1; cipher_aesctr_param_t* params = c->params_; - int ret = key_derivation_generate(kd, dir, LABEL_SATP_SALT, seq_nr, c->salt_.buf_, C_AESCTR_SALT_LENGTH); + int ret = key_derivation_generate(kd, dir, LABEL_SALT, seq_nr, c->salt_.buf_, C_AESCTR_SALT_LENGTH); if(ret < 0) return ret; @@ -276,7 +276,7 @@ int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_store_dir_t di return 0; } -int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) +int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux) { if(!c || !c->params_) { log_printf(ERROR, "cipher not initialized"); @@ -290,7 +290,7 @@ int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t d cipher_aesctr_param_t* params = c->params_; - int ret = key_derivation_generate(kd, dir, LABEL_SATP_ENCRYPTION, seq_nr, c->key_.buf_, c->key_.length_); + int ret = key_derivation_generate(kd, dir, LABEL_ENC, seq_nr, c->key_.buf_, c->key_.length_); if(ret < 0) return ret; diff --git a/src/cipher.h b/src/cipher.h index 17a4cec..8a7e65d 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -43,8 +43,8 @@ #endif #include "key_derivation.h" #else -enum key_store_dir_enum { kd_inbound = 0, kd_outbound = 1 }; -typedef enum key_store_dir_enum key_store_dir_t; +enum key_derivation_dir_enum { kd_inbound = 0, kd_outbound = 1 }; +typedef enum key_derivation_dir_enum key_derivation_dir_t; typedef u_int8_t key_derivation_t; #endif @@ -64,8 +64,8 @@ typedef struct cipher_struct cipher_t; int cipher_init(cipher_t* c, const char* type, int8_t anytun02_compat); void cipher_close(cipher_t* c); -int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); -int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, encrypted_packet_t* in, plain_packet_t* out); +int cipher_encrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, plain_packet_t* in, encrypted_packet_t* out, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); +int cipher_decrypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, encrypted_packet_t* in, plain_packet_t* out); int32_t cipher_null_crypt(u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen); @@ -106,8 +106,8 @@ typedef struct cipher_aesctr_param_struct cipher_aesctr_param_t; int cipher_aesctr_init(cipher_t* c); void cipher_aesctr_close(cipher_t* c); -int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); -int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_store_dir_t dir, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); +int cipher_aesctr_calc_ctr(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); +int32_t cipher_aesctr_crypt(cipher_t* c, key_derivation_t* kd, key_derivation_dir_t dir, u_int8_t* in, u_int32_t ilen, u_int8_t* out, u_int32_t olen, seq_nr_t seq_nr, sender_id_t sender_id, mux_t mux); #endif #endif diff --git a/src/key_derivation.c b/src/key_derivation.c index cbc7472..3bd2207 100644 --- a/src/key_derivation.c +++ b/src/key_derivation.c @@ -45,11 +45,12 @@ #include #include -int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, int8_t anytun02_compat, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len) +int key_derivation_init(key_derivation_t* kd, const char* type, role_t role, int8_t anytun02_compat, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len) { if(!kd) return -1; + kd->role_ = role; kd->anytun02_compat_ = anytun02_compat; kd->key_length_ = 0; @@ -73,21 +74,8 @@ int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, i return -1; } - kd->ld_kdr_ = ld_kdr; - if(ld_kdr > (int8_t)(sizeof(seq_nr_t) * 8)) - kd->ld_kdr_ = sizeof(seq_nr_t) * 8; - kd->params_ = NULL; - int d, i; - for(d = 0; d<2; ++d) { - for(i = 0; ikey_store_[d][i].key_.buf_ = NULL; - kd->key_store_[d][i].key_.length_ = 0; - kd->key_store_[d][i].r_ = 0; - } - } - if(!key) { kd->master_key_.buf_ = NULL; kd->master_key_.length_ = 0; @@ -250,23 +238,15 @@ void key_derivation_close(key_derivation_t* kd) free(kd->master_key_.buf_); if(kd->master_salt_.buf_) free(kd->master_salt_.buf_); - - int d, i; - for(d = 0; d<2; ++d) { - for(i = 0; ikey_store_[d][i].key_.buf_) - free(kd->key_store_[d][i].key_.buf_); - } - } } -int key_derivation_generate(key_derivation_t* kd, key_store_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len) +int key_derivation_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len) { if(!kd || !key) return -1; - if(label >= KD_LABEL_COUNT) { - log_printf(ERROR, "label 0x%02X out of range", label); + if(label >= LABEL_NIL) { + log_printf(ERROR, "unknown label 0x%02X", label); return -1; } @@ -370,22 +350,13 @@ void key_derivation_aesctr_close(key_derivation_t* kd) } } -int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_store_dir_t dir, seq_nr_t* r, satp_prf_label_t label, seq_nr_t seq_nr) +int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr) { - if(!kd || !kd->params_ || !r) + if(!kd || !kd->params_) return -1; key_derivation_aesctr_param_t* params = kd->params_; - *r = 0; - if(kd->ld_kdr_ >= 0) - *r = seq_nr >> kd->ld_kdr_; - - if(kd->key_store_[dir][label].key_.buf_ && kd->key_store_[dir][label].r_ == *r) { - if(!(*r) || (seq_nr % (*r))) - return 0; - } - if(kd->master_salt_.length_ != KD_AESCTR_SALT_LENGTH) { log_printf(ERROR, "master salt has the wrong length"); return -1; @@ -394,17 +365,17 @@ int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_store_dir_t dir, se params->ctr_.salt_.zero_ = 0; if(kd->anytun02_compat_) { params->ctr_.params_compat_.label_ ^= label; - params->ctr_.params_compat_.r_ ^= SEQ_NR_T_HTON(*r); + params->ctr_.params_compat_.seq_ ^= SEQ_NR_T_HTON(seq_nr); } else { params->ctr_.params_.label_ ^= label; - params->ctr_.params_.r_ ^= SEQ_NR_T_HTON(*r); + params->ctr_.params_.seq_ ^= SEQ_NR_T_HTON(seq_nr); } - return 1; + return 0; } -int key_derivation_aesctr_generate(key_derivation_t* kd, key_store_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len) +int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len) { if(!kd || !kd->params_ || !kd->master_key_.buf_ || !kd->master_salt_.buf_) { log_printf(ERROR, "key derivation not initialized or no key or salt set"); @@ -413,21 +384,10 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_store_dir_t dir, sa key_derivation_aesctr_param_t* params = kd->params_; - seq_nr_t r; - int ret = key_derivation_aesctr_calc_ctr(kd, dir, &r, label, seq_nr); - if(ret < 0) { + if(key_derivation_aesctr_calc_ctr(kd, dir, label, seq_nr)) { log_printf(ERROR, "failed to calculate key derivation CTR"); return -1; } - else if(!ret) { - if(len > kd->key_store_[dir][label].key_.length_) { - log_printf(WARNING, "stored (old) key for label 0x%02X is too short, filling with zeros", label); - memset(key, 0, len); - len = kd->key_store_[dir][label].key_.length_; - } - memcpy(key, kd->key_store_[dir][label].key_.buf_, len); - return 0; - } #ifndef USE_SSL_CRYPTO gcry_error_t err = gcry_cipher_reset(params->handle_); @@ -459,28 +419,5 @@ int key_derivation_aesctr_generate(key_derivation_t* kd, key_store_dir_t dir, sa AES_ctr128_encrypt(key, key, len, ¶ms->aes_key_, params->ctr_.buf_, params->ecount_buf_, &num); #endif - if(!kd->ld_kdr_) - return 1; - - if(!kd->key_store_[dir][label].key_.buf_) { - kd->key_store_[dir][label].key_.length_ = 0; - kd->key_store_[dir][label].key_.buf_ = malloc(len); - if(!kd->key_store_[dir][label].key_.buf_) - return -2; - - kd->key_store_[dir][label].key_.length_ = len; - } - else if(kd->key_store_[dir][label].key_.length_ < len) { - u_int8_t* tmp = realloc(kd->key_store_[dir][label].key_.buf_, len); - if(!tmp) - return -2; - - kd->key_store_[dir][label].key_.buf_ = tmp; - kd->key_store_[dir][label].key_.length_ = len; - } - - memcpy(kd->key_store_[dir][label].key_.buf_, key, len); - kd->key_store_[dir][label].r_ = r; - - return 1; + return 0; } diff --git a/src/key_derivation.h b/src/key_derivation.h index dbbf73c..3e6e95a 100644 --- a/src/key_derivation.h +++ b/src/key_derivation.h @@ -41,44 +41,45 @@ #include #endif -#define KD_LABEL_COUNT 3 -enum satp_prf_label_enum { - LABEL_SATP_ENCRYPTION = 0x00, - LABEL_SATP_MSG_AUTH = 0x01, - LABEL_SATP_SALT = 0x02, -}; -typedef enum satp_prf_label_enum satp_prf_label_t; +#include "options.h" + +#define LABEL_ENC 0 +#define LABEL_AUTH 1 +#define LABEL_SALT 3 +#define LABEL_NIL 4 + +#define LABEL_LEFT_ENC 0xDEADBEEF +#define LABEL_RIGHT_ENC 0xDEAE0010 +#define LABEL_LEFT_SALT 0xDF10416F +#define LABEL_RIGHT_SALT 0xDF13FF90 +#define LABEL_LEFT_AUTH 0xE0000683 +#define LABEL_RIGHT_AUTH 0xE001B97C + +typedef u_int32_t satp_prf_label_t; enum key_derivation_type_enum { kd_unknown, kd_null, kd_aes_ctr }; typedef enum key_derivation_type_enum key_derivation_type_t; -enum key_store_dir_enum { kd_inbound = 0, kd_outbound = 1 }; -typedef enum key_store_dir_enum key_store_dir_t; - -struct key_store_struct { - buffer_t key_; - seq_nr_t r_; -}; -typedef struct key_store_struct key_store_t; +enum key_derivation_dir_enum { kd_inbound = 0, kd_outbound = 1 }; +typedef enum key_derivation_dir_enum key_derivation_dir_t; struct key_derivation_struct { key_derivation_type_t type_; u_int16_t key_length_; - int8_t ld_kdr_; + role_t role_; int8_t anytun02_compat_; buffer_t master_key_; buffer_t master_salt_; - key_store_t key_store_[2][KD_LABEL_COUNT]; void* params_; }; typedef struct key_derivation_struct key_derivation_t; -int key_derivation_init(key_derivation_t* kd, const char* type, int8_t ld_kdr, int8_t anytun02_compat, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len); +int key_derivation_init(key_derivation_t* kd, const char* type, role_t role, int8_t anytun02_compat, const char* passphrase, u_int8_t* key, u_int32_t key_len, u_int8_t* salt, u_int32_t salt_len); #ifndef NO_PASSPHRASE int key_derivation_generate_master_key(key_derivation_t* kd, const char* passphrase, u_int16_t key_length); int key_derivation_generate_master_salt(key_derivation_t* kd, const char* passphrase, u_int16_t salt_length); #endif void key_derivation_close(key_derivation_t* kd); -int key_derivation_generate(key_derivation_t* kd, key_store_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len); +int key_derivation_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len); int key_derivation_null_generate(u_int8_t* key, u_int32_t len); @@ -96,14 +97,14 @@ union __attribute__((__packed__)) key_derivation_aesctr_ctr_union { struct __attribute__((__packed__)) { u_int8_t fill_[KD_AESCTR_SALT_LENGTH - sizeof(u_int8_t) - sizeof(seq_nr_t)]; u_int8_t label_; - seq_nr_t r_; + seq_nr_t seq_; u_int16_t zero_; } params_; struct __attribute__((__packed__)) { u_int8_t fill_[KD_AESCTR_SALT_LENGTH - sizeof(u_int8_t) - 2*sizeof(u_int8_t) - sizeof(seq_nr_t)]; u_int8_t label_; - u_int8_t r_fill_[2]; - seq_nr_t r_; + u_int8_t seq_fill_[2]; + seq_nr_t seq_; u_int16_t zero_; } params_compat_; }; @@ -122,7 +123,7 @@ typedef struct key_derivation_aesctr_param_struct key_derivation_aesctr_param_t; int key_derivation_aesctr_init(key_derivation_t* kd, const char* passphrase); void key_derivation_aesctr_close(key_derivation_t* kd); -int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_store_dir_t dir, seq_nr_t* r, satp_prf_label_t label, seq_nr_t seq_nr); -int key_derivation_aesctr_generate(key_derivation_t* kd, key_store_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len); +int key_derivation_aesctr_calc_ctr(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr); +int key_derivation_aesctr_generate(key_derivation_t* kd, key_derivation_dir_t dir, satp_prf_label_t label, seq_nr_t seq_nr, u_int8_t* key, u_int32_t len); #endif diff --git a/src/options.c b/src/options.c index 2f77cca..b743002 100644 --- a/src/options.c +++ b/src/options.c @@ -253,7 +253,6 @@ int options_parse(options_t* opt, int argc, char* argv[]) PARSE_INT_PARAM("-w","--window-size", opt->seq_window_size_) #ifndef NO_CRYPT PARSE_STRING_PARAM("-k","--kd-prf", opt->kd_prf_) -// PARSE_INT_PARAM("-l","--ld-kdr", opt->ld_kdr_) PARSE_BOOL_PARAM("-O","--anytun02-compat", opt->anytun02_compat_) #ifndef NO_PASSPHRASE PARSE_STRING_PARAM_SEC("-E","--passphrase", opt->passphrase_) @@ -354,7 +353,6 @@ void options_default(options_t* opt) opt->seq_window_size_ = 0; #ifndef NO_CRYPT opt->kd_prf_ = strdup("aes-ctr"); - opt->ld_kdr_ = 0; opt->passphrase_ = NULL; opt->role_ = ROLE_LEFT; opt->cipher_ = strdup("aes-ctr"); @@ -447,7 +445,6 @@ void options_print_usage() printf(" [-w|--window-size] seqence number window size\n"); #ifndef NO_CRYPT printf(" [-k|--kd-prf] key derivation pseudo random function\n"); -// printf(" [-l|--ld-kdr] log2 of key derivation rate\n"); printf(" [-O|--anytun02-compat] enable compatiblity mode for anytun 0.2.x and prior\n"); #ifndef NO_PASSPHRASE printf(" [-E|--passphrase] a passprhase to generate master key and salt from\n"); @@ -498,7 +495,6 @@ void options_print(options_t* opt) printf("auth_algo: '%s'\n", opt->auth_algo_); printf("auth_tag_length: %d\n", opt->auth_tag_length_); printf("kd_prf: '%s'\n", opt->kd_prf_); - printf("ld_kdr: %d\n", opt->ld_kdr_); printf("passphrase: '%s'\n", opt->passphrase_); printf("role: "); switch(opt->role_) { diff --git a/src/options.h b/src/options.h index bbf3bd6..a43559b 100644 --- a/src/options.h +++ b/src/options.h @@ -72,7 +72,6 @@ struct options_struct { char* cipher_; #ifndef NO_CRYPT char* kd_prf_; - int ld_kdr_; char* auth_algo_; char* passphrase_; role_t role_; diff --git a/src/uanytun.c b/src/uanytun.c index 78c9f77..553a392 100644 --- a/src/uanytun.c +++ b/src/uanytun.c @@ -117,7 +117,7 @@ int init_main_loop(options_t* opt, cipher_t* c, auth_algo_t* aa, key_derivation_ if(opt->anytun02_compat_) log_printf(NOTICE, "enabling anytun 0.2.x crypto compatiblity mode"); - ret = key_derivation_init(kd, opt->kd_prf_, opt->ld_kdr_, opt->anytun02_compat_, opt->passphrase_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_); + ret = key_derivation_init(kd, opt->kd_prf_, opt->role_, opt->anytun02_compat_, opt->passphrase_, opt->key_.buf_, opt->key_.length_, opt->salt_.buf_, opt->salt_.length_); if(ret) { log_printf(ERROR, "could not initialize key derivation of type %s", opt->kd_prf_); cipher_close(c); -- cgit v1.2.3