@@ -128,7 +128,7 @@
dmsg(D_PACKET_CONTENT, "ENCRYPT AD: %s",
format_hex(BPTR(&work), BLEN(&work), 0, &gc));
- if (!(opt->flags & CO_AEAD_TAG_AT_THE_END))
+ if (!(opt->flags & CO_EPOCH_DATA_KEY_FORMAT))
{
/* Reserve space for authentication tag */
mac_out = buf_write_alloc(&work, mac_len);
@@ -149,7 +149,7 @@
ASSERT(buf_inc_len(&work, outlen));
/* if the tag is at end the end, allocate it now */
- if (opt->flags & CO_AEAD_TAG_AT_THE_END)
+ if (opt->flags & CO_EPOCH_DATA_KEY_FORMAT)
{
/* Reserve space for authentication tag */
mac_out = buf_write_alloc(&work, mac_len);
@@ -475,7 +475,7 @@
uint8_t *tag_ptr = NULL;
int data_len = 0;
- if (opt->flags & CO_AEAD_TAG_AT_THE_END)
+ if (opt->flags & CO_EPOCH_DATA_KEY_FORMAT)
{
data_len = BLEN(buf) - tag_size;
tag_ptr = BPTR(buf) + data_len;
@@ -359,9 +359,10 @@
/**< Bit-flag indicating that renegotiations are using tls-crypt
* with a TLS-EKM derived key.
*/
-#define CO_AEAD_TAG_AT_THE_END (1<<8)
- /**< Bit-flag indicating that the AEAD tag is at the end of the
- * packet.
+#define CO_EPOCH_DATA_KEY_FORMAT (1<<8)
+ /**< Bit-flag indicating that the data format using
+ * AEAD tag is at the end of the packet and using epoch
+ * keys is used.
*/
unsigned int flags; /**< Bit-flags determining behavior of
@@ -2390,9 +2390,9 @@
{
buf_printf(&out, " dyn-tls-crypt");
}
- if (o->imported_protocol_flags & CO_AEAD_TAG_AT_THE_END)
+ if (o->imported_protocol_flags & CO_EPOCH_DATA_KEY_FORMAT)
{
- buf_printf(&out, " aead-tag-end");
+ buf_printf(&out, " aead-epoch");
}
}
@@ -8692,9 +8692,9 @@
options->imported_protocol_flags |= CO_USE_DYNAMIC_TLS_CRYPT;
}
#endif
- else if (streq(p[j], "aead-tag-end"))
+ else if (streq(p[j], "aead-epoch"))
{
- options->imported_protocol_flags |= CO_AEAD_TAG_AT_THE_END;
+ options->imported_protocol_flags |= CO_EPOCH_DATA_KEY_FORMAT;
}
else
{
@@ -689,9 +689,9 @@
buf_printf(&proto_flags, " dyn-tls-crypt");
}
- if (o->imported_protocol_flags & CO_AEAD_TAG_AT_THE_END)
+ if (o->imported_protocol_flags & CO_EPOCH_DATA_KEY_FORMAT)
{
- buf_printf(&proto_flags, " aead-tag-end");
+ buf_printf(&proto_flags, " aead-epoch");
}
if (buf_len(&proto_flags) > 0)
@@ -107,6 +107,9 @@
/** Support to dynamic tls-crypt (renegotiation with TLS-EKM derived tls-crypt key) */
#define IV_PROTO_DYN_TLS_CRYPT (1<<9)
+/** Support the extended packet id and epoch format for data channel packets */
+#define IV_PROTO_DATA_EPOCH (1<<10)
+
/** Supports the --dns option after all the incompatible changes */
#define IV_PROTO_DNS_OPTION_V2 (1<<11)
@@ -404,7 +404,7 @@
run_data_channel_with_cipher_end(const char *cipher)
{
struct crypto_options co = init_crypto_options(cipher, "none");
- co.flags |= CO_AEAD_TAG_AT_THE_END;
+ co.flags |= CO_EPOCH_DATA_KEY_FORMAT;
do_data_channel_round_trip(&co);
uninit_crypto_options(&co);
}
Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/805?usp=email to review the following change. Change subject: Rename aead-tag-at-end to aead-epoch ...................................................................... Rename aead-tag-at-end to aead-epoch Change-Id: I9e9433b56dcbaa538d9bed30e50cf74948c647cc Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- M src/openvpn/crypto.c M src/openvpn/crypto.h M src/openvpn/init.c M src/openvpn/options.c M src/openvpn/push.c M src/openvpn/ssl.h M tests/unit_tests/openvpn/test_ssl.c 7 files changed, 17 insertions(+), 13 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/05/805/1