warp-vpn

point to point VPN implementation
git clone git://git.2f30.org/warp-vpn
Log | Files | Refs | README

commit 384eb347ce4ee45bef59e50444208df94bcc8737
parent b807f6d21c67aba0550b205456d46a8054fc06cc
Author: sin <sin@2f30.org>
Date:   Wed, 30 Mar 2016 09:48:26 +0100

use PBKDF2 for key derivation

Diffstat:
Mstun.c | 10++++------
1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/stun.c b/stun.c @@ -22,7 +22,7 @@ * The sender verifies that the correct response was received. * * All communication is encrypted using a pre-shared symmetric key, currently - * using aes-256-gcm hashed with sha512. + * using aes-256-gcm. The key is derived with PBKDF2. * * All tunneled traffic is encapsulated inside the TCP payload. * The packet format is shown below: @@ -166,12 +166,10 @@ revokeprivs(void) int prepkey(unsigned char *pw, int pwlen) { - int ret, nrounds = 5; + int nrounds = 1000; - ret = EVP_BytesToKey(EVP_aes_256_gcm(), EVP_sha512(), - NULL, pw, pwlen, nrounds, aeskey, NULL); - if (ret != 32) - logerr("wrong key size %d", ret); + if (PKCS5_PBKDF2_HMAC_SHA1(pw, pwlen, NULL, 0, nrounds, 32, aeskey) != 1) + logerr("PKCS5_PBKDF2_HMAC_SHA1 failed"); return 0; }