motiejus
/
vtun
1
Fork 0
Code Releases Activity

Remove constructions using the ECB mode

This commit is contained in:
Frank Denis 2015-10-08 12:54:43 +02:00
parent 116ee6234f
commit b04cd464db
5 changed files with 13 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cfg_kwords.h
View File

@ -86,19 +86,15 @@ struct kword cfg_param[] = {
{ "inetd", VTUN_INETD }, { "inetd", VTUN_INETD },
{ "stand", VTUN_STAND_ALONE }, { "stand", VTUN_STAND_ALONE },
{ "keep", VTUN_PERSIST_KEEPIF }, { "keep", VTUN_PERSIST_KEEPIF },
{ "blowfish128ecb", VTUN_ENC_BF128ECB },
{ "blowfish128cbc", VTUN_ENC_BF128CBC }, { "blowfish128cbc", VTUN_ENC_BF128CBC },
{ "blowfish128cfb", VTUN_ENC_BF128CFB }, { "blowfish128cfb", VTUN_ENC_BF128CFB },
{ "blowfish128ofb", VTUN_ENC_BF128OFB }, { "blowfish128ofb", VTUN_ENC_BF128OFB },
{ "blowfish256ecb", VTUN_ENC_BF256ECB },
{ "blowfish256cbc", VTUN_ENC_BF256CBC }, { "blowfish256cbc", VTUN_ENC_BF256CBC },
{ "blowfish256cfb", VTUN_ENC_BF256CFB }, { "blowfish256cfb", VTUN_ENC_BF256CFB },
{ "blowfish256ofb", VTUN_ENC_BF256OFB }, { "blowfish256ofb", VTUN_ENC_BF256OFB },
{ "aes128ecb", VTUN_ENC_AES128ECB },
{ "aes128cbc", VTUN_ENC_AES128CBC }, { "aes128cbc", VTUN_ENC_AES128CBC },
{ "aes128cfb", VTUN_ENC_AES128CFB }, { "aes128cfb", VTUN_ENC_AES128CFB },
{ "aes128ofb", VTUN_ENC_AES128OFB }, { "aes128ofb", VTUN_ENC_AES128OFB },
{ "aes256ecb", VTUN_ENC_AES256ECB },
{ "aes256cbc", VTUN_ENC_AES256CBC }, { "aes256cbc", VTUN_ENC_AES256CBC },
{ "aes256cfb", VTUN_ENC_AES256CFB }, { "aes256cfb", VTUN_ENC_AES256CFB },
{ "aes256ofb", VTUN_ENC_AES256OFB }, { "aes256ofb", VTUN_ENC_AES256OFB },

60
lfd_encrypt.c
View File

@ -175,25 +175,6 @@ static int alloc_encrypt(struct vtun_host *host)
cipher = host->cipher; cipher = host->cipher;
switch(cipher) switch(cipher)
{ {
case VTUN_ENC_AES256OFB:
case VTUN_ENC_AES256CFB:
case VTUN_ENC_AES256CBC:
blocksize = 16;
keysize = 32;
sb_init = 1;
cipher_type = EVP_aes_256_ecb();
pctx_enc = &ctx_enc_ecb;
pctx_dec = &ctx_dec_ecb;
break;
case VTUN_ENC_AES256ECB:
blocksize = 16;
keysize = 32;
pctx_enc = &ctx_enc;
pctx_dec = &ctx_dec;
cipher_type = EVP_aes_256_ecb();
strcpy(cipher_name,"AES-256-ECB");
break;
case VTUN_ENC_AES128OFB: case VTUN_ENC_AES128OFB:
case VTUN_ENC_AES128CFB: case VTUN_ENC_AES128CFB:
case VTUN_ENC_AES128CBC: case VTUN_ENC_AES128CBC:
@ -204,14 +185,6 @@ static int alloc_encrypt(struct vtun_host *host)
pctx_enc = &ctx_enc_ecb; pctx_enc = &ctx_enc_ecb;
pctx_dec = &ctx_dec_ecb; pctx_dec = &ctx_dec_ecb;
break; break;
case VTUN_ENC_AES128ECB:
blocksize = 16;
keysize = 16;
pctx_enc = &ctx_enc;
pctx_dec = &ctx_dec;
cipher_type = EVP_aes_128_ecb();
strcpy(cipher_name,"AES-128-ECB");
break;
case VTUN_ENC_BF256OFB: case VTUN_ENC_BF256OFB:
case VTUN_ENC_BF256CFB: case VTUN_ENC_BF256CFB:
@ -225,16 +198,6 @@ static int alloc_encrypt(struct vtun_host *host)
pctx_dec = &ctx_dec_ecb; pctx_dec = &ctx_dec_ecb;
break; break;
case VTUN_ENC_BF256ECB:
blocksize = 8;
keysize = 32;
var_key = 1;
pctx_enc = &ctx_enc;
pctx_dec = &ctx_dec;
cipher_type = EVP_bf_ecb();
strcpy(cipher_name,"Blowfish-256-ECB");
break;
case VTUN_ENC_BF128OFB: case VTUN_ENC_BF128OFB:
case VTUN_ENC_BF128CFB: case VTUN_ENC_BF128CFB:
case VTUN_ENC_BF128CBC: case VTUN_ENC_BF128CBC:
@ -245,18 +208,19 @@ static int alloc_encrypt(struct vtun_host *host)
cipher_type = EVP_bf_ecb(); cipher_type = EVP_bf_ecb();
pctx_enc = &ctx_enc_ecb; pctx_enc = &ctx_enc_ecb;
pctx_dec = &ctx_dec_ecb; pctx_dec = &ctx_dec_ecb;
break; break;
case VTUN_ENC_BF128ECB: /* blowfish 128 ecb is the default */ case VTUN_ENC_AES256OFB:
case VTUN_ENC_AES256CFB:
case VTUN_ENC_AES256CBC:
default: default:
blocksize = 8; blocksize = 16;
keysize = 16; keysize = 32;
var_key = 1; sb_init = 1;
pctx_enc = &ctx_enc; cipher_type = EVP_aes_256_ecb();
pctx_dec = &ctx_dec; pctx_enc = &ctx_enc_ecb;
cipher_type = EVP_bf_ecb(); pctx_dec = &ctx_dec_ecb;
strcpy(cipher_name,"Blowfish-128-ECB"); strcpy(cipher_name,"AES-256-CBC");
break; } /* switch(host->cipher) */
} /* switch(host->cipher) */
if (prep_key(&pkey, keysize, host) != 0) return -1; if (prep_key(&pkey, keysize, host) != 0) return -1;
EVP_CIPHER_CTX_init(pctx_enc); EVP_CIPHER_CTX_init(pctx_enc);

4
vtun.h
View File

@ -138,20 +138,16 @@ extern llist host_list;
#define VTUN_ENCRYPT 0x0008 #define VTUN_ENCRYPT 0x0008
/* Cipher options */ /* Cipher options */
#define VTUN_ENC_BF128ECB 1
#define VTUN_ENC_BF128CBC 2 #define VTUN_ENC_BF128CBC 2
#define VTUN_ENC_BF128CFB 3 #define VTUN_ENC_BF128CFB 3
#define VTUN_ENC_BF128OFB 4 #define VTUN_ENC_BF128OFB 4
#define VTUN_ENC_BF256ECB 5
#define VTUN_ENC_BF256CBC 6 #define VTUN_ENC_BF256CBC 6
#define VTUN_ENC_BF256CFB 7 #define VTUN_ENC_BF256CFB 7
#define VTUN_ENC_BF256OFB 8 #define VTUN_ENC_BF256OFB 8
#define VTUN_ENC_AES128ECB 9
#define VTUN_ENC_AES128CBC 10 #define VTUN_ENC_AES128CBC 10
#define VTUN_ENC_AES128CFB 11 #define VTUN_ENC_AES128CFB 11
#define VTUN_ENC_AES128OFB 12 #define VTUN_ENC_AES128OFB 12
#define VTUN_ENC_AES256ECB 13
#define VTUN_ENC_AES256CBC 14 #define VTUN_ENC_AES256CBC 14
#define VTUN_ENC_AES256CFB 15 #define VTUN_ENC_AES256CFB 15
#define VTUN_ENC_AES256OFB 16 #define VTUN_ENC_AES256OFB 16

9
vtund.conf
View File

@ -150,28 +150,19 @@
# ----------- # -----------
# encrypt - Enable 'yes' or disable 'no' encryption. # encrypt - Enable 'yes' or disable 'no' encryption.
# It is also possible to specify a method: # It is also possible to specify a method:
# 'blowfish128ecb' - Blowfish cipher, 128 bit key, mode ECB
# 'blowfish128cbc' - Blowfish cipher, 128 bit key, mode CBC # 'blowfish128cbc' - Blowfish cipher, 128 bit key, mode CBC
# 'blowfish128cfb' - Blowfish cipher, 128 bit key, mode CFB # 'blowfish128cfb' - Blowfish cipher, 128 bit key, mode CFB
# 'blowfish128ofb' - Blowfish cipher, 128 bit key, mode OFB # 'blowfish128ofb' - Blowfish cipher, 128 bit key, mode OFB
# 'blowfish256ecb' - Blowfish cipher, 256 bit key, mode ECB
# 'blowfish256cbc' - Blowfish cipher, 256 bit key, mode CBC # 'blowfish256cbc' - Blowfish cipher, 256 bit key, mode CBC
# 'blowfish256cfb' - Blowfish cipher, 256 bit key, mode CFB # 'blowfish256cfb' - Blowfish cipher, 256 bit key, mode CFB
# 'blowfish256ofb' - Blowfish cipher, 256 bit key, mode OFB # 'blowfish256ofb' - Blowfish cipher, 256 bit key, mode OFB
# 'aes128ecb' - AES cipher, 128 bit key, mode ECB
# 'aes128cbc' - AES cipher, 128 bit key, mode CBC # 'aes128cbc' - AES cipher, 128 bit key, mode CBC
# 'aes128cfb' - AES cipher, 128 bit key, mode CFB # 'aes128cfb' - AES cipher, 128 bit key, mode CFB
# 'aes128ofb' - AES cipher, 128 bit key, mode OFB # 'aes128ofb' - AES cipher, 128 bit key, mode OFB
# 'aes256ecb' - AES cipher, 256 bit key, mode ECB
# 'aes256cbc' - AES cipher, 256 bit key, mode CBC # 'aes256cbc' - AES cipher, 256 bit key, mode CBC
# 'aes256cfb' - AES cipher, 256 bit key, mode CFB # 'aes256cfb' - AES cipher, 256 bit key, mode CFB
# 'aes256ofb' - AES cipher, 256 bit key, mode OFB # 'aes256ofb' - AES cipher, 256 bit key, mode OFB
# #
# A special encryption method is provided for use with clients
# running pre-3.0 versions:
# 'oldblowfish128ecb' - Blowfish cipher, 128bit key, mode ECB
#
# Default method is 'blowfish128ecb'.
# Ignored by the client. # Ignored by the client.
# #
# ----------- # -----------

13
vtund.conf.5
View File

@ -198,36 +198,25 @@ specifies encryption method to use. Encryption \fImethod\fRs include:
.IP \fBno\fR .IP \fBno\fR
no encryption no encryption
.IP \fByes\fR .IP \fByes\fR
default encryption method (\fBblowfish128ecb\fR) default encryption method
.IP \fBblowfish128ecb\fR
Blowfish cipher, 128 bit key, mode ECB
.IP \fBblowfish128cbc\fR .IP \fBblowfish128cbc\fR
Blowfish cipher, 128 bit key, mode CBC Blowfish cipher, 128 bit key, mode CBC
.IP \fBblowfish128cfb\fR .IP \fBblowfish128cfb\fR
Blowfish cipher, 128 bit key, mode CFB Blowfish cipher, 128 bit key, mode CFB
.IP \fBblowfish128ofb\fR .IP \fBblowfish128ofb\fR
Blowfish cipher, 128 bit key, mode OFB Blowfish cipher, 128 bit key, mode OFB
.IP \fBblowfish256ecb\fR
Blowfish cipher, 256 bit key, mode ECB
.IP \fBblowfish256cbc\fR .IP \fBblowfish256cbc\fR
Blowfish cipher, 256 bit key, mode CBC Blowfish cipher, 256 bit key, mode CBC
.IP \fBblowfish256cfb\fR .IP \fBblowfish256cfb\fR
Blowfish cipher, 256 bit key, mode CFB Blowfish cipher, 256 bit key, mode CFB
.IP \fBblowfish256ofb\fR .IP \fBblowfish256ofb\fR
Blowfish cipher, 256 bit key, mode OFB Blowfish cipher, 256 bit key, mode OFB
.IP \fBaes128ecb\fR
.IP \fBoldblowfish128ecb\fR
Blowfish cipher, 128bit key, mode ECB
(for use with 2.6 clients only)
AES cipher, 128 bit key, mode ECB
.IP \fBaes128cbc\fR .IP \fBaes128cbc\fR
AES cipher, 128 bit key, mode CBC AES cipher, 128 bit key, mode CBC
.IP \fBaes128cfb\fR .IP \fBaes128cfb\fR
AES cipher, 128 bit key, mode CFB AES cipher, 128 bit key, mode CFB
.IP \fBaes128ofb\fR .IP \fBaes128ofb\fR
AES cipher, 128 bit key, mode OFB AES cipher, 128 bit key, mode OFB
.IP \fBaes256ecb\fR
AES cipher, 256 bit key, mode ECB
.IP \fBaes256cbc\fR .IP \fBaes256cbc\fR
AES cipher, 256 bit key, mode CBC AES cipher, 256 bit key, mode CBC
.IP \fBaes256cfb\fR .IP \fBaes256cfb\fR