Skip to content

Commit f649a3c

Browse files
committed
Rename aead-tag-at-end to aead-epoch
Change-Id: I9e9433b56dcbaa538d9bed30e50cf74948c647cc Signed-off-by: Arne Schwabe <[email protected]>
1 parent a7f97c1 commit f649a3c

File tree

7 files changed

+17
-13
lines changed

7 files changed

+17
-13
lines changed

src/openvpn/crypto.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -128,7 +128,7 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer work,
128128
dmsg(D_PACKET_CONTENT, "ENCRYPT AD: %s",
129129
format_hex(BPTR(&work), BLEN(&work), 0, &gc));
130130

131-
if (!(opt->flags & CO_AEAD_TAG_AT_THE_END))
131+
if (!(opt->flags & CO_EPOCH_DATA_KEY_FORMAT))
132132
{
133133
/* Reserve space for authentication tag */
134134
mac_out = buf_write_alloc(&work, mac_len);
@@ -149,7 +149,7 @@ openvpn_encrypt_aead(struct buffer *buf, struct buffer work,
149149
ASSERT(buf_inc_len(&work, outlen));
150150

151151
/* if the tag is at end the end, allocate it now */
152-
if (opt->flags & CO_AEAD_TAG_AT_THE_END)
152+
if (opt->flags & CO_EPOCH_DATA_KEY_FORMAT)
153153
{
154154
/* Reserve space for authentication tag */
155155
mac_out = buf_write_alloc(&work, mac_len);
@@ -475,7 +475,7 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work,
475475
uint8_t *tag_ptr = NULL;
476476
int data_len = 0;
477477

478-
if (opt->flags & CO_AEAD_TAG_AT_THE_END)
478+
if (opt->flags & CO_EPOCH_DATA_KEY_FORMAT)
479479
{
480480
data_len = BLEN(buf) - tag_size;
481481
tag_ptr = BPTR(buf) + data_len;

src/openvpn/crypto.h

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -359,9 +359,10 @@ struct crypto_options
359359
/**< Bit-flag indicating that renegotiations are using tls-crypt
360360
* with a TLS-EKM derived key.
361361
*/
362-
#define CO_AEAD_TAG_AT_THE_END (1<<8)
363-
/**< Bit-flag indicating that the AEAD tag is at the end of the
364-
* packet.
362+
#define CO_EPOCH_DATA_KEY_FORMAT (1<<8)
363+
/**< Bit-flag indicating that the data format using
364+
* AEAD tag is at the end of the packet and using epoch
365+
* keys is used.
365366
*/
366367

367368
unsigned int flags; /**< Bit-flags determining behavior of

src/openvpn/init.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2390,9 +2390,9 @@ tls_print_deferred_options_results(struct context *c)
23902390
{
23912391
buf_printf(&out, " dyn-tls-crypt");
23922392
}
2393-
if (o->imported_protocol_flags & CO_AEAD_TAG_AT_THE_END)
2393+
if (o->imported_protocol_flags & CO_EPOCH_DATA_KEY_FORMAT)
23942394
{
2395-
buf_printf(&out, " aead-tag-end");
2395+
buf_printf(&out, " aead-epoch");
23962396
}
23972397
}
23982398

src/openvpn/options.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8692,9 +8692,9 @@ add_option(struct options *options,
86928692
options->imported_protocol_flags |= CO_USE_DYNAMIC_TLS_CRYPT;
86938693
}
86948694
#endif
8695-
else if (streq(p[j], "aead-tag-end"))
8695+
else if (streq(p[j], "aead-epoch"))
86968696
{
8697-
options->imported_protocol_flags |= CO_AEAD_TAG_AT_THE_END;
8697+
options->imported_protocol_flags |= CO_EPOCH_DATA_KEY_FORMAT;
86988698
}
86998699
else
87008700
{

src/openvpn/push.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -689,9 +689,9 @@ prepare_push_reply(struct context *c, struct gc_arena *gc,
689689
buf_printf(&proto_flags, " dyn-tls-crypt");
690690
}
691691

692-
if (o->imported_protocol_flags & CO_AEAD_TAG_AT_THE_END)
692+
if (o->imported_protocol_flags & CO_EPOCH_DATA_KEY_FORMAT)
693693
{
694-
buf_printf(&proto_flags, " aead-tag-end");
694+
buf_printf(&proto_flags, " aead-epoch");
695695
}
696696

697697
if (buf_len(&proto_flags) > 0)

src/openvpn/ssl.h

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,9 @@
107107
/** Support to dynamic tls-crypt (renegotiation with TLS-EKM derived tls-crypt key) */
108108
#define IV_PROTO_DYN_TLS_CRYPT (1<<9)
109109

110+
/** Support the extended packet id and epoch format for data channel packets */
111+
#define IV_PROTO_DATA_EPOCH (1<<10)
112+
110113
/** Supports the --dns option after all the incompatible changes */
111114
#define IV_PROTO_DNS_OPTION_V2 (1<<11)
112115

tests/unit_tests/openvpn/test_ssl.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -404,7 +404,7 @@ static void
404404
run_data_channel_with_cipher_end(const char *cipher)
405405
{
406406
struct crypto_options co = init_crypto_options(cipher, "none");
407-
co.flags |= CO_AEAD_TAG_AT_THE_END;
407+
co.flags |= CO_EPOCH_DATA_KEY_FORMAT;
408408
do_data_channel_round_trip(&co);
409409
uninit_crypto_options(&co);
410410
}

0 commit comments

Comments
 (0)