--- gvpe/configure.ac 2013/07/13 04:10:29 1.61 +++ gvpe/configure.ac 2013/07/16 16:44:36 1.62 @@ -4,7 +4,7 @@ AC_INIT AC_CONFIG_SRCDIR([src/gvpe.C]) AC_CANONICAL_TARGET -AM_INIT_AUTOMAKE(gvpe, 2.24) +AM_INIT_AUTOMAKE(gvpe, 2.25) AC_CONFIG_HEADERS([config.h]) AM_MAINTAINER_MODE @@ -329,6 +329,14 @@ ] ) +RSA=3072 +AC_ARG_ENABLE(rsa-length, + [AS_HELP_STRING(--enable-rsa-length=BITS,[ + use BITS rsa keys (default 3072). Allowed values are 2048-10240.])], + RSA=$enableval +) +AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.]) + HMAC=12 AC_ARG_ENABLE(hmac-length, [AS_HELP_STRING(--enable-hmac-length=BYTES,[ @@ -365,28 +373,40 @@ AC_ARG_ENABLE(cipher, [AS_HELP_STRING(--enable-cipher=CIPHER,[ Select the symmetric cipher (default "aes-128"). - Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192" or "aes-256".])], - if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi - if test "x$enableval" = xaes-128; then CIPHER=aes_128_cbc; fi - if test "x$enableval" = xaes-192; then CIPHER=aes_192_cbc; fi - if test "x$enableval" = xaes-256; then CIPHER=aes_256_cbc; fi + Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192", "aes-256", "camellia-128" or "camellia-256".])], + if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi + if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_cbc ; fi + if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_cbc ; fi + if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_cbc ; fi + if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_cbc; fi + if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_cbc; fi ) AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) -DIGEST=ripemd160 +DIGEST=sha1 AC_ARG_ENABLE(digest, - [AS_HELP_STRING(--enable-digest=CIPHER,[ - Select the digest algorithm to use (default "ripemd160"). Must be one of - "sha512", "sha256", "sha1" (legacy), "ripemd160", "md5" (insecure) or "md4" (insecure).])], + [AS_HELP_STRING(--enable-digest=DIGEST,[ + Select the digest algorithm to use (default "sha1"). Must be one of + "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])], + if test "x$enableval" = xwhirlpool; then DIGEST=whirlpool; fi if test "x$enableval" = xsha512 ; then DIGEST=sha512 ; fi if test "x$enableval" = xsha256 ; then DIGEST=sha256 ; fi if test "x$enableval" = xsha1 ; then DIGEST=sha1 ; fi if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi - if test "x$enableval" = xmd5 ; then DIGEST=md5 ; fi - if test "x$enableval" = xmd4 ; then DIGEST=md4 ; fi ) AC_DEFINE_UNQUOTED(ENABLE_DIGEST, EVP_${DIGEST}, [Select the digest algorithm to use.]) +AUTH=sha512 +AC_ARG_ENABLE(auth-digest, + [AS_HELP_STRING(--enable-auth-digest=DIGEST,[ + Select the hmac algorithm to use (default "sha512"). Must be one of + "sha512", "sha256", "whirlpool".])], + if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi + if test "x$enableval" = xsha512 ; then AUTH=sha512 ; fi + if test "x$enableval" = xsha256 ; then AUTH=sha256 ; fi +) +AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.]) + if $CXX -v --help 2>&1 | grep -q fno-rtti; then CXXFLAGS="$CXXFLAGS -fno-rtti" fi @@ -420,8 +440,10 @@ echo "*** Configuration Summary" echo "***" echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE" +echo "*** RSA size: $RSA" echo "*** Cipher used: $CIPHER" echo "*** Digest used: $DIGEST" +echo "*** Authdigest: $AUTH" echo "*** HMAC length: $HMAC" echo "*** RAND used: $RAND" echo "*** Max. MTU: $MTU" @@ -430,16 +452,6 @@ echo "*** Enable options:" grep ENABLE_ config.h | sed -e 's/^/*** /' -if test "x$DIGEST" = xmd4; then -echo "***" -echo "*** WARNING: The digest you have chosen ($DIGEST) is known to be insecure" -fi - -if test "x$DIGEST" = xmd5; then -echo "***" -echo "*** WARNING: The digest you have chosen ($DIGEST) is quite insecure" -fi - if test "$HMAC" -lt 12; then echo "***" echo "*** WARNING: The hmac length you have chosen ($HMAC) is quite insecure"