--- gvpe/src/global.h 2013/07/13 04:10:29 1.26 +++ gvpe/src/global.h 2013/07/19 18:21:03 1.32 @@ -36,40 +36,65 @@ #include +#define HASH_BITS(hash) hashbits_ ## hash +#define HASH_SIZE(hash) (HASH_BITS (hash) >> 3) +#define hashbits_EVP_ripemd160 160 +#define hashbits_EVP_sha1 160 +#define hashbits_EVP_sha224 224 +#define hashbits_EVP_sha256 256 +#define hashbits_EVP_sha384 384 +#define hashbits_EVP_sha512 512 +#define hashbits_EVP_whirlpool 512 + +#define KEY_BITS(cipher) keybits_ ## cipher +#define KEY_SIZE(cipher) (KEY_BITS (cipher) >> 3) +#define keybits_EVP_bf_cbc 128 // actually 32-448 +#define keybits_EVP_aes_128_cbc 128 +#define keybits_EVP_aes_192_cbc 192 +#define keybits_EVP_aes_256_cbc 256 + +#define BLOCK_BITS(cipher) blockbits_ ## cipher +#define BLOCK_SIZE(cipher) (BLOCK_BITS (cipher) >> 3) +#define blockbits_EVP_bf_cbc 64 +#define blockbits_EVP_aes_128_cbc 128 +#define blockbits_EVP_aes_192_cbc 128 +#define blockbits_EVP_aes_256_cbc 128 + /* Protocol version. Different major versions are incompatible, * different minor versions probably are compatible ;) */ -#define PROTOCOL_MAJOR 0 -#define PROTOCOL_MINOR 1 +#define PROTOCOL_MAJOR 1 +#define PROTOCOL_MINOR 0 + +#define SERIAL_SIZE 16 #define SEED_SIZE 64 // how many octets to seed rng with -#define RSA_KEYBITS 1280 // must be >= 1280 and divisible by 8 -#define RSA_KEYLEN ((RSA_KEYBITS) >> 3) -#define RSA_OVERHEAD (41 + 1) // well, no define for OAEP in openssl - -#define RSA_HASH EVP_ripemd160 ()// speed don't matter, boy, safety does.. I need sha256 :( -#define RSA_HASHLEN (160 >> 3) -#define RSA_RESLEN RSA_HASHLEN - -#define RSA_IDLEN 16 // how many bytes are used to identify the challenge -#define RSA_TTL 120 // challenge bytes timeout after n seconds - -#define CIPHER ENABLE_CIPHER () -#define CIPHER_KEYLEN (EVP_CIPHER_key_length (CIPHER)) -#define DIGEST ENABLE_DIGEST () -#define HMAC_KEYLEN (256 >> 3) // number of bits used for the HMAC key +#define RSA_OAEP_SIZE 41 + +#define HKDF_XTR_HASH EVP_sha512 +#define HKDF_PRF_HASH EVP_sha256 + +#define HKDF_SALT 24 // how many bytes for the hkdf salt + +#define RSA_KEYLEN (RSABITS >> 3) + +#define AUTH_DIGEST ENABLE_AUTH +#define AUTH_SIZE (HASH_SIZE (AUTH_DIGEST)) +#define AUTH_TTL 12 // challenge bytes timeout after n seconds of non-use + +#define CIPHER ENABLE_CIPHER +#define CIPHER_KEYSIZE (KEY_SIZE (CIPHER)) +#define CIPHER_IKMSIZE (CIPHER_KEYSIZE * 3 / 2) // randomness in rsa challenge + +#define MAC_DIGEST ENABLE_HMAC +#define MAC_KEYSIZE HASH_SIZE (ENABLE_HMAC) // number of bits used for the HMAC key +#define MAC_IKMSIZE (MAC_KEYSIZE * 3 / 2) // randomness in rsa challenge #define WINDOWSIZE 512 // sliding window size #define MAX_SEQNO (0xfffffff0U - WINDOWSIZE * 8) -#define CHG_SEQNO 0 // where the seqno starts within the rsa challenge -#define CHG_CIPHER_KEY (CHG_SEQNO + 4) // where the key starts within the rsa challenge -//#define CHG_HMAC_KEY (CHG_CIPHER_KEY + CIPHER_KEYLEN) // where the key starts within the rsa challenge -#define CHG_HMAC_KEY 86 // where the key starts within the rsa challenge -// 872 rsa bits used - // hdr seq len hmac MAC MAC #define VPE_OVERHEAD (4 + 4 + 4 + RAND_SIZE + HMACLENGTH - 6 - 6) #define IP_OVERHEAD 20 // size of a (normal) ip header