--- gvpe/src/global.h 2013/07/18 13:35:16 1.29 +++ gvpe/src/global.h 2015/09/05 17:40:22 1.35 @@ -48,17 +48,24 @@ #define KEY_BITS(cipher) keybits_ ## cipher #define KEY_SIZE(cipher) (KEY_BITS (cipher) >> 3) -#define keybits_EVP_bf_cbc 128 // actually 32-448 -#define keybits_EVP_aes_128_cbc 128 -#define keybits_EVP_aes_192_cbc 192 -#define keybits_EVP_aes_256_cbc 256 +//#define keybits_EVP_bf_ctr 128 // actually 32-448 +#define keybits_EVP_aes_128_ctr 128 +#define keybits_EVP_aes_192_ctr 192 +#define keybits_EVP_aes_256_ctr 256 #define BLOCK_BITS(cipher) blockbits_ ## cipher #define BLOCK_SIZE(cipher) (BLOCK_BITS (cipher) >> 3) -#define blockbits_EVP_bf_cbc 64 -#define blockbits_EVP_aes_128_cbc 128 -#define blockbits_EVP_aes_192_cbc 128 -#define blockbits_EVP_aes_256_cbc 128 +//#define blockbits_EVP_bf_ctr 64 +#define blockbits_EVP_aes_128_ctr 8 +#define blockbits_EVP_aes_192_ctr 8 +#define blockbits_EVP_aes_256_ctr 8 + +#define IV_BITS(cipher) ivbits_ ## cipher +#define IV_SIZE(cipher) (IV_BITS (cipher) >> 3) +//#define ivbits_EVP_bf_ctr 64 +#define ivbits_EVP_aes_128_ctr 128 +#define ivbits_EVP_aes_192_ctr 128 +#define ivbits_EVP_aes_256_ctr 128 /* Protocol version. Different major versions are incompatible, * different minor versions probably are compatible ;) @@ -67,12 +74,16 @@ #define PROTOCOL_MAJOR 1 #define PROTOCOL_MINOR 0 +#define SERIAL_SIZE 16 + #define SEED_SIZE 64 // how many octets to seed rng with +#define RSA_OAEP_SIZE 41 + #define HKDF_XTR_HASH EVP_sha512 #define HKDF_PRF_HASH EVP_sha256 -#define HKDF_SALT 32 +#define HKDF_SALT 24 // how many bytes for the hkdf salt #define RSA_KEYLEN (RSABITS >> 3) @@ -82,15 +93,17 @@ #define CIPHER ENABLE_CIPHER #define CIPHER_KEYSIZE (KEY_SIZE (CIPHER)) +#define CIPHER_IKMSIZE (CIPHER_KEYSIZE * 3 / 2) // randomness in rsa challenge #define MAC_DIGEST ENABLE_HMAC #define MAC_KEYSIZE HASH_SIZE (ENABLE_HMAC) // number of bits used for the HMAC key +#define MAC_IKMSIZE (MAC_KEYSIZE * 3 / 2) // randomness in rsa challenge #define WINDOWSIZE 512 // sliding window size #define MAX_SEQNO (0xfffffff0U - WINDOWSIZE * 8) -// hdr seq len hmac MAC MAC -#define VPE_OVERHEAD (4 + 4 + 4 + RAND_SIZE + HMACLENGTH - 6 - 6) +// hdr seq len hmac MAC MAC +#define VPE_OVERHEAD (4 + 4 + 4 + HMACLENGTH - 6 - 6) #define IP_OVERHEAD 20 // size of a (normal) ip header #define GRE_OVERHEAD (IP_OVERHEAD + 4) #define ICMP_OVERHEAD (IP_OVERHEAD + 4) @@ -98,9 +111,9 @@ #define TCP_OVERHEAD (IP_OVERHEAD + 22) // size of a (normal) ip + tcp header + packetlength #define MAX_OVERHEAD UDP_OVERHEAD // the max. overhead of any protocol (ok, tcp doesn't count) #define ETH_OVERHEAD 14 // the size of an ethernet header -#define MAXSIZE (MAX_MTU + VPE_OVERHEAD) // slightly too large, but who cares +#define MAXSIZE (MAX_MTU + IP_OVERHEAD) // slightly too large, but who cares -#define PKTCACHESIZE 16 // the size of the memory pool for packets +#define PKTCACHESIZE 128 // the size of the memory pool for packets extern char *confbase; // directory in which all config files are extern char *thisnode; // config for current node (TODO: remove)