warp-vpn

simple point to point tunnel
git clone git://git.2f30.org/warp-vpn.git
Log | Files | Refs | README

commit f25ef0893d58c1f6b0c71acb85e0b617ad968729
parent 38c59c0c7da2a81eb031c361f9aabfe9fc6239a9
Author: sin <sin@2f30.org>
Date:   Thu Apr 14 09:40:05 +0100

add support for listing ciphers via -c ?

Diffstat:
crypto.c | 35+++++++++++++++++++++++------------
stun.8 | 7++++---
stun.c | 5+++++
stun.h | 1+
4 files changed, 33 insertions(+), 15 deletions(-)
diff --git a/crypto.c b/crypto.c @@ -8,21 +8,32 @@ static EVP_AEAD_CTX ectx, dctx; static const EVP_AEAD *aead; static unsigned char key[EVP_MAX_KEY_LENGTH]; +static struct cipher { + const char *name; + const EVP_AEAD *(*aeadfn)(void); +} ciphers[] = { + { "aes-128-gcm", EVP_aead_aes_128_gcm }, + { "aes-256-gcm", EVP_aead_aes_256_gcm }, + { "chacha20-poly1305", EVP_aead_chacha20_poly1305 }, +#if LIBRESSL_VERSION_NUMBER >= 0x2030200fL + { "chacha20-poly1305-ietf", EVP_aead_chacha20_poly1305_ietf }, +#endif + { NULL, NULL } +}; + +void +listciphers(void) +{ + struct cipher *cp; + + for (cp = ciphers; cp->name; cp++) + puts(cp->name); +} + void setcipher(char *name) { - struct { - const char *name; - const EVP_AEAD *(*aeadfn)(void); - } *cp, ciphers[] = { - { "aes-128-gcm", EVP_aead_aes_128_gcm }, - { "aes-256-gcm", EVP_aead_aes_256_gcm }, - { "chacha20-poly1305", EVP_aead_chacha20_poly1305 }, -#if LIBRESSL_VERSION_NUMBER >= 0x2030200fL - { "chacha20-poly1305-ietf", EVP_aead_chacha20_poly1305_ietf }, -#endif - { NULL, NULL } - }; + struct cipher *cp; for (cp = ciphers; cp->name; cp++) { if (strcmp(cp->name, name) == 0) { diff --git a/stun.8 b/stun.8 @@ -54,10 +54,11 @@ Select the tunnel .Ar device type . The two available device types are TUN and TAP. The default is TUN. .It Fl c Ar cipher -Use the given +Select the given .Ar cipher . -One can choose between aes-128-gcm, aes-256-gcm, chacha20-poly1305 -and chacha20-poly1305-ietf. The default cipher is chacha20-poly1305. +If the argument is ? then +.Nm +will list the available ciphers. The default cipher is chacha20-poly1305. .El .Sh BUGS This program is an experiment and may not be secure. Use at your diff --git a/stun.c b/stun.c @@ -118,6 +118,11 @@ main(int argc, char *argv[]) if (argc != 1 || !(sflag ^ (host != NULL))) usage(); + if (strcmp(cipher, "?") == 0) { + listciphers(); + return 0; + } + /* disable core dumps as memory contains the pre-shared key */ rlim.rlim_cur = rlim.rlim_max = 0; if (setrlimit(RLIMIT_CORE, &rlim) < 0) diff --git a/stun.h b/stun.h @@ -36,6 +36,7 @@ int response(int); int clientconnect(char *, char *); /* crypto.c */ +void listciphers(void); void setcipher(char *); void derivekey(char *); void cryptoinit(void);