--- gvpe/src/global.h	2013/07/19 18:18:27	1.31
+++ gvpe/src/global.h	2016/03/30 04:02:45	1.36
@@ -48,17 +48,24 @@
 
 #define KEY_BITS(cipher) keybits_ ## cipher
 #define KEY_SIZE(cipher) (KEY_BITS (cipher) >> 3)
-#define keybits_EVP_bf_cbc        128 // actually 32-448
-#define keybits_EVP_aes_128_cbc   128
-#define keybits_EVP_aes_192_cbc   192
-#define keybits_EVP_aes_256_cbc   256
+//#define keybits_EVP_bf_ctr        128 // actually 32-448
+#define keybits_EVP_aes_128_ctr   128
+#define keybits_EVP_aes_192_ctr   192
+#define keybits_EVP_aes_256_ctr   256
 
 #define BLOCK_BITS(cipher) blockbits_ ## cipher
 #define BLOCK_SIZE(cipher) (BLOCK_BITS (cipher) >> 3)
-#define blockbits_EVP_bf_cbc       64
-#define blockbits_EVP_aes_128_cbc 128
-#define blockbits_EVP_aes_192_cbc 128
-#define blockbits_EVP_aes_256_cbc 128
+//#define blockbits_EVP_bf_ctr       64
+#define blockbits_EVP_aes_128_ctr   8
+#define blockbits_EVP_aes_192_ctr   8
+#define blockbits_EVP_aes_256_ctr   8
+
+#define IV_BITS(cipher) ivbits_ ## cipher
+#define IV_SIZE(cipher) (IV_BITS (cipher) >> 3)
+//#define ivbits_EVP_bf_ctr         64
+#define ivbits_EVP_aes_128_ctr    128
+#define ivbits_EVP_aes_192_ctr    128
+#define ivbits_EVP_aes_256_ctr    128
 
 /* Protocol version. Different major versions are incompatible,
  * different minor versions probably are compatible ;)
@@ -76,7 +83,7 @@
 #define HKDF_XTR_HASH	EVP_sha512
 #define HKDF_PRF_HASH	EVP_sha256
 
-#define HKDF_SALT	32 // how many bytes for the hkdf salt
+#define HKDF_SALT	24 // how many bytes for the hkdf salt
 
 #define RSA_KEYLEN	(RSABITS >> 3)
 
@@ -86,17 +93,17 @@
 
 #define CIPHER		ENABLE_CIPHER
 #define CIPHER_KEYSIZE	(KEY_SIZE (CIPHER))
-#define CIPHER_IKMSIZE	CIPHER_KEYSIZE * 2 // randomness in rsa challenge
+#define CIPHER_IKMSIZE	(CIPHER_KEYSIZE * 3 / 2) // randomness in rsa challenge
 
 #define MAC_DIGEST	ENABLE_HMAC
 #define MAC_KEYSIZE	HASH_SIZE (ENABLE_HMAC)	// number of bits used for the HMAC key
-#define MAC_IKMSIZE	MAC_KEYSIZE * 2 // randomness in rsa challenge
+#define MAC_IKMSIZE	(MAC_KEYSIZE    * 3 / 2) // randomness in rsa challenge
 
-#define WINDOWSIZE	512		// sliding window size
+#define WINDOWSIZE	65536		// sliding window size
 #define MAX_SEQNO	(0xfffffff0U - WINDOWSIZE * 8)
 
-//                    hdr seq len              hmac        MAC MAC
-#define VPE_OVERHEAD  (4 + 4 + 4 + RAND_SIZE + HMACLENGTH - 6 - 6)
+//                    hdr seq len  hmac        MAC MAC
+#define VPE_OVERHEAD  (4 + 4 + 4 + HMACLENGTH - 6 - 6)
 #define IP_OVERHEAD   20			// size of a (normal) ip header
 #define GRE_OVERHEAD  (IP_OVERHEAD +  4)
 #define ICMP_OVERHEAD (IP_OVERHEAD +  4)
@@ -104,9 +111,9 @@
 #define TCP_OVERHEAD  (IP_OVERHEAD + 22)	// size of a (normal) ip + tcp header + packetlength
 #define MAX_OVERHEAD  UDP_OVERHEAD		// the max. overhead of any protocol (ok, tcp doesn't count)
 #define ETH_OVERHEAD  14			// the size of an ethernet header
-#define MAXSIZE       (MAX_MTU + VPE_OVERHEAD)	// slightly too large, but who cares
+#define MAXSIZE       (MAX_MTU + IP_OVERHEAD)	// slightly too large, but who cares
 
-#define PKTCACHESIZE	16	// the size of the memory pool for packets
+#define PKTCACHESIZE	128	// the size of the memory pool for packets
 
 extern char *confbase;		// directory in which all config files are
 extern char *thisnode;		// config for current node (TODO: remove)