Remove constructions using the ECB mode
This commit is contained in:
parent
116ee6234f
commit
b04cd464db
@ -86,19 +86,15 @@ struct kword cfg_param[] = {
|
|||||||
{ "inetd", VTUN_INETD },
|
{ "inetd", VTUN_INETD },
|
||||||
{ "stand", VTUN_STAND_ALONE },
|
{ "stand", VTUN_STAND_ALONE },
|
||||||
{ "keep", VTUN_PERSIST_KEEPIF },
|
{ "keep", VTUN_PERSIST_KEEPIF },
|
||||||
{ "blowfish128ecb", VTUN_ENC_BF128ECB },
|
|
||||||
{ "blowfish128cbc", VTUN_ENC_BF128CBC },
|
{ "blowfish128cbc", VTUN_ENC_BF128CBC },
|
||||||
{ "blowfish128cfb", VTUN_ENC_BF128CFB },
|
{ "blowfish128cfb", VTUN_ENC_BF128CFB },
|
||||||
{ "blowfish128ofb", VTUN_ENC_BF128OFB },
|
{ "blowfish128ofb", VTUN_ENC_BF128OFB },
|
||||||
{ "blowfish256ecb", VTUN_ENC_BF256ECB },
|
|
||||||
{ "blowfish256cbc", VTUN_ENC_BF256CBC },
|
{ "blowfish256cbc", VTUN_ENC_BF256CBC },
|
||||||
{ "blowfish256cfb", VTUN_ENC_BF256CFB },
|
{ "blowfish256cfb", VTUN_ENC_BF256CFB },
|
||||||
{ "blowfish256ofb", VTUN_ENC_BF256OFB },
|
{ "blowfish256ofb", VTUN_ENC_BF256OFB },
|
||||||
{ "aes128ecb", VTUN_ENC_AES128ECB },
|
|
||||||
{ "aes128cbc", VTUN_ENC_AES128CBC },
|
{ "aes128cbc", VTUN_ENC_AES128CBC },
|
||||||
{ "aes128cfb", VTUN_ENC_AES128CFB },
|
{ "aes128cfb", VTUN_ENC_AES128CFB },
|
||||||
{ "aes128ofb", VTUN_ENC_AES128OFB },
|
{ "aes128ofb", VTUN_ENC_AES128OFB },
|
||||||
{ "aes256ecb", VTUN_ENC_AES256ECB },
|
|
||||||
{ "aes256cbc", VTUN_ENC_AES256CBC },
|
{ "aes256cbc", VTUN_ENC_AES256CBC },
|
||||||
{ "aes256cfb", VTUN_ENC_AES256CFB },
|
{ "aes256cfb", VTUN_ENC_AES256CFB },
|
||||||
{ "aes256ofb", VTUN_ENC_AES256OFB },
|
{ "aes256ofb", VTUN_ENC_AES256OFB },
|
||||||
|
@ -175,25 +175,6 @@ static int alloc_encrypt(struct vtun_host *host)
|
|||||||
cipher = host->cipher;
|
cipher = host->cipher;
|
||||||
switch(cipher)
|
switch(cipher)
|
||||||
{
|
{
|
||||||
case VTUN_ENC_AES256OFB:
|
|
||||||
case VTUN_ENC_AES256CFB:
|
|
||||||
case VTUN_ENC_AES256CBC:
|
|
||||||
blocksize = 16;
|
|
||||||
keysize = 32;
|
|
||||||
sb_init = 1;
|
|
||||||
cipher_type = EVP_aes_256_ecb();
|
|
||||||
pctx_enc = &ctx_enc_ecb;
|
|
||||||
pctx_dec = &ctx_dec_ecb;
|
|
||||||
break;
|
|
||||||
|
|
||||||
case VTUN_ENC_AES256ECB:
|
|
||||||
blocksize = 16;
|
|
||||||
keysize = 32;
|
|
||||||
pctx_enc = &ctx_enc;
|
|
||||||
pctx_dec = &ctx_dec;
|
|
||||||
cipher_type = EVP_aes_256_ecb();
|
|
||||||
strcpy(cipher_name,"AES-256-ECB");
|
|
||||||
break;
|
|
||||||
case VTUN_ENC_AES128OFB:
|
case VTUN_ENC_AES128OFB:
|
||||||
case VTUN_ENC_AES128CFB:
|
case VTUN_ENC_AES128CFB:
|
||||||
case VTUN_ENC_AES128CBC:
|
case VTUN_ENC_AES128CBC:
|
||||||
@ -204,14 +185,6 @@ static int alloc_encrypt(struct vtun_host *host)
|
|||||||
pctx_enc = &ctx_enc_ecb;
|
pctx_enc = &ctx_enc_ecb;
|
||||||
pctx_dec = &ctx_dec_ecb;
|
pctx_dec = &ctx_dec_ecb;
|
||||||
break;
|
break;
|
||||||
case VTUN_ENC_AES128ECB:
|
|
||||||
blocksize = 16;
|
|
||||||
keysize = 16;
|
|
||||||
pctx_enc = &ctx_enc;
|
|
||||||
pctx_dec = &ctx_dec;
|
|
||||||
cipher_type = EVP_aes_128_ecb();
|
|
||||||
strcpy(cipher_name,"AES-128-ECB");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case VTUN_ENC_BF256OFB:
|
case VTUN_ENC_BF256OFB:
|
||||||
case VTUN_ENC_BF256CFB:
|
case VTUN_ENC_BF256CFB:
|
||||||
@ -225,16 +198,6 @@ static int alloc_encrypt(struct vtun_host *host)
|
|||||||
pctx_dec = &ctx_dec_ecb;
|
pctx_dec = &ctx_dec_ecb;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case VTUN_ENC_BF256ECB:
|
|
||||||
blocksize = 8;
|
|
||||||
keysize = 32;
|
|
||||||
var_key = 1;
|
|
||||||
pctx_enc = &ctx_enc;
|
|
||||||
pctx_dec = &ctx_dec;
|
|
||||||
cipher_type = EVP_bf_ecb();
|
|
||||||
strcpy(cipher_name,"Blowfish-256-ECB");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case VTUN_ENC_BF128OFB:
|
case VTUN_ENC_BF128OFB:
|
||||||
case VTUN_ENC_BF128CFB:
|
case VTUN_ENC_BF128CFB:
|
||||||
case VTUN_ENC_BF128CBC:
|
case VTUN_ENC_BF128CBC:
|
||||||
@ -246,16 +209,17 @@ static int alloc_encrypt(struct vtun_host *host)
|
|||||||
pctx_enc = &ctx_enc_ecb;
|
pctx_enc = &ctx_enc_ecb;
|
||||||
pctx_dec = &ctx_dec_ecb;
|
pctx_dec = &ctx_dec_ecb;
|
||||||
break;
|
break;
|
||||||
case VTUN_ENC_BF128ECB: /* blowfish 128 ecb is the default */
|
case VTUN_ENC_AES256OFB:
|
||||||
|
case VTUN_ENC_AES256CFB:
|
||||||
|
case VTUN_ENC_AES256CBC:
|
||||||
default:
|
default:
|
||||||
blocksize = 8;
|
blocksize = 16;
|
||||||
keysize = 16;
|
keysize = 32;
|
||||||
var_key = 1;
|
sb_init = 1;
|
||||||
pctx_enc = &ctx_enc;
|
cipher_type = EVP_aes_256_ecb();
|
||||||
pctx_dec = &ctx_dec;
|
pctx_enc = &ctx_enc_ecb;
|
||||||
cipher_type = EVP_bf_ecb();
|
pctx_dec = &ctx_dec_ecb;
|
||||||
strcpy(cipher_name,"Blowfish-128-ECB");
|
strcpy(cipher_name,"AES-256-CBC");
|
||||||
break;
|
|
||||||
} /* switch(host->cipher) */
|
} /* switch(host->cipher) */
|
||||||
|
|
||||||
if (prep_key(&pkey, keysize, host) != 0) return -1;
|
if (prep_key(&pkey, keysize, host) != 0) return -1;
|
||||||
|
4
vtun.h
4
vtun.h
@ -138,20 +138,16 @@ extern llist host_list;
|
|||||||
#define VTUN_ENCRYPT 0x0008
|
#define VTUN_ENCRYPT 0x0008
|
||||||
|
|
||||||
/* Cipher options */
|
/* Cipher options */
|
||||||
#define VTUN_ENC_BF128ECB 1
|
|
||||||
#define VTUN_ENC_BF128CBC 2
|
#define VTUN_ENC_BF128CBC 2
|
||||||
#define VTUN_ENC_BF128CFB 3
|
#define VTUN_ENC_BF128CFB 3
|
||||||
#define VTUN_ENC_BF128OFB 4
|
#define VTUN_ENC_BF128OFB 4
|
||||||
#define VTUN_ENC_BF256ECB 5
|
|
||||||
#define VTUN_ENC_BF256CBC 6
|
#define VTUN_ENC_BF256CBC 6
|
||||||
#define VTUN_ENC_BF256CFB 7
|
#define VTUN_ENC_BF256CFB 7
|
||||||
#define VTUN_ENC_BF256OFB 8
|
#define VTUN_ENC_BF256OFB 8
|
||||||
|
|
||||||
#define VTUN_ENC_AES128ECB 9
|
|
||||||
#define VTUN_ENC_AES128CBC 10
|
#define VTUN_ENC_AES128CBC 10
|
||||||
#define VTUN_ENC_AES128CFB 11
|
#define VTUN_ENC_AES128CFB 11
|
||||||
#define VTUN_ENC_AES128OFB 12
|
#define VTUN_ENC_AES128OFB 12
|
||||||
#define VTUN_ENC_AES256ECB 13
|
|
||||||
#define VTUN_ENC_AES256CBC 14
|
#define VTUN_ENC_AES256CBC 14
|
||||||
#define VTUN_ENC_AES256CFB 15
|
#define VTUN_ENC_AES256CFB 15
|
||||||
#define VTUN_ENC_AES256OFB 16
|
#define VTUN_ENC_AES256OFB 16
|
||||||
|
@ -150,28 +150,19 @@
|
|||||||
# -----------
|
# -----------
|
||||||
# encrypt - Enable 'yes' or disable 'no' encryption.
|
# encrypt - Enable 'yes' or disable 'no' encryption.
|
||||||
# It is also possible to specify a method:
|
# It is also possible to specify a method:
|
||||||
# 'blowfish128ecb' - Blowfish cipher, 128 bit key, mode ECB
|
|
||||||
# 'blowfish128cbc' - Blowfish cipher, 128 bit key, mode CBC
|
# 'blowfish128cbc' - Blowfish cipher, 128 bit key, mode CBC
|
||||||
# 'blowfish128cfb' - Blowfish cipher, 128 bit key, mode CFB
|
# 'blowfish128cfb' - Blowfish cipher, 128 bit key, mode CFB
|
||||||
# 'blowfish128ofb' - Blowfish cipher, 128 bit key, mode OFB
|
# 'blowfish128ofb' - Blowfish cipher, 128 bit key, mode OFB
|
||||||
# 'blowfish256ecb' - Blowfish cipher, 256 bit key, mode ECB
|
|
||||||
# 'blowfish256cbc' - Blowfish cipher, 256 bit key, mode CBC
|
# 'blowfish256cbc' - Blowfish cipher, 256 bit key, mode CBC
|
||||||
# 'blowfish256cfb' - Blowfish cipher, 256 bit key, mode CFB
|
# 'blowfish256cfb' - Blowfish cipher, 256 bit key, mode CFB
|
||||||
# 'blowfish256ofb' - Blowfish cipher, 256 bit key, mode OFB
|
# 'blowfish256ofb' - Blowfish cipher, 256 bit key, mode OFB
|
||||||
# 'aes128ecb' - AES cipher, 128 bit key, mode ECB
|
|
||||||
# 'aes128cbc' - AES cipher, 128 bit key, mode CBC
|
# 'aes128cbc' - AES cipher, 128 bit key, mode CBC
|
||||||
# 'aes128cfb' - AES cipher, 128 bit key, mode CFB
|
# 'aes128cfb' - AES cipher, 128 bit key, mode CFB
|
||||||
# 'aes128ofb' - AES cipher, 128 bit key, mode OFB
|
# 'aes128ofb' - AES cipher, 128 bit key, mode OFB
|
||||||
# 'aes256ecb' - AES cipher, 256 bit key, mode ECB
|
|
||||||
# 'aes256cbc' - AES cipher, 256 bit key, mode CBC
|
# 'aes256cbc' - AES cipher, 256 bit key, mode CBC
|
||||||
# 'aes256cfb' - AES cipher, 256 bit key, mode CFB
|
# 'aes256cfb' - AES cipher, 256 bit key, mode CFB
|
||||||
# 'aes256ofb' - AES cipher, 256 bit key, mode OFB
|
# 'aes256ofb' - AES cipher, 256 bit key, mode OFB
|
||||||
#
|
#
|
||||||
# A special encryption method is provided for use with clients
|
|
||||||
# running pre-3.0 versions:
|
|
||||||
# 'oldblowfish128ecb' - Blowfish cipher, 128bit key, mode ECB
|
|
||||||
#
|
|
||||||
# Default method is 'blowfish128ecb'.
|
|
||||||
# Ignored by the client.
|
# Ignored by the client.
|
||||||
#
|
#
|
||||||
# -----------
|
# -----------
|
||||||
|
13
vtund.conf.5
13
vtund.conf.5
@ -198,36 +198,25 @@ specifies encryption method to use. Encryption \fImethod\fRs include:
|
|||||||
.IP \fBno\fR
|
.IP \fBno\fR
|
||||||
no encryption
|
no encryption
|
||||||
.IP \fByes\fR
|
.IP \fByes\fR
|
||||||
default encryption method (\fBblowfish128ecb\fR)
|
default encryption method
|
||||||
.IP \fBblowfish128ecb\fR
|
|
||||||
Blowfish cipher, 128 bit key, mode ECB
|
|
||||||
.IP \fBblowfish128cbc\fR
|
.IP \fBblowfish128cbc\fR
|
||||||
Blowfish cipher, 128 bit key, mode CBC
|
Blowfish cipher, 128 bit key, mode CBC
|
||||||
.IP \fBblowfish128cfb\fR
|
.IP \fBblowfish128cfb\fR
|
||||||
Blowfish cipher, 128 bit key, mode CFB
|
Blowfish cipher, 128 bit key, mode CFB
|
||||||
.IP \fBblowfish128ofb\fR
|
.IP \fBblowfish128ofb\fR
|
||||||
Blowfish cipher, 128 bit key, mode OFB
|
Blowfish cipher, 128 bit key, mode OFB
|
||||||
.IP \fBblowfish256ecb\fR
|
|
||||||
Blowfish cipher, 256 bit key, mode ECB
|
|
||||||
.IP \fBblowfish256cbc\fR
|
.IP \fBblowfish256cbc\fR
|
||||||
Blowfish cipher, 256 bit key, mode CBC
|
Blowfish cipher, 256 bit key, mode CBC
|
||||||
.IP \fBblowfish256cfb\fR
|
.IP \fBblowfish256cfb\fR
|
||||||
Blowfish cipher, 256 bit key, mode CFB
|
Blowfish cipher, 256 bit key, mode CFB
|
||||||
.IP \fBblowfish256ofb\fR
|
.IP \fBblowfish256ofb\fR
|
||||||
Blowfish cipher, 256 bit key, mode OFB
|
Blowfish cipher, 256 bit key, mode OFB
|
||||||
.IP \fBaes128ecb\fR
|
|
||||||
.IP \fBoldblowfish128ecb\fR
|
|
||||||
Blowfish cipher, 128bit key, mode ECB
|
|
||||||
(for use with 2.6 clients only)
|
|
||||||
AES cipher, 128 bit key, mode ECB
|
|
||||||
.IP \fBaes128cbc\fR
|
.IP \fBaes128cbc\fR
|
||||||
AES cipher, 128 bit key, mode CBC
|
AES cipher, 128 bit key, mode CBC
|
||||||
.IP \fBaes128cfb\fR
|
.IP \fBaes128cfb\fR
|
||||||
AES cipher, 128 bit key, mode CFB
|
AES cipher, 128 bit key, mode CFB
|
||||||
.IP \fBaes128ofb\fR
|
.IP \fBaes128ofb\fR
|
||||||
AES cipher, 128 bit key, mode OFB
|
AES cipher, 128 bit key, mode OFB
|
||||||
.IP \fBaes256ecb\fR
|
|
||||||
AES cipher, 256 bit key, mode ECB
|
|
||||||
.IP \fBaes256cbc\fR
|
.IP \fBaes256cbc\fR
|
||||||
AES cipher, 256 bit key, mode CBC
|
AES cipher, 256 bit key, mode CBC
|
||||||
.IP \fBaes256cfb\fR
|
.IP \fBaes256cfb\fR
|
||||||
|
Loading…
Reference in New Issue
Block a user