projects
/
tinc
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Use conditional compilation for cryptographic functions.
[tinc]
/
src
/
protocol_auth.c
diff --git
a/src/protocol_auth.c
b/src/protocol_auth.c
index
21cfc52
..
7940ab8
100644
(file)
--- a/
src/protocol_auth.c
+++ b/
src/protocol_auth.c
@@
-1,7
+1,7
@@
/*
protocol_auth.c -- handle the meta-protocol, authentication
Copyright (C) 1999-2005 Ivo Timmermans,
/*
protocol_auth.c -- handle the meta-protocol, authentication
Copyright (C) 1999-2005 Ivo Timmermans,
- 2000-201
2
Guus Sliepen <guus@tinc-vpn.org>
+ 2000-201
3
Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@
-139,7
+139,7
@@
bool send_id(connection_t *c) {
minor = myself->connection->protocol_minor;
}
minor = myself->connection->protocol_minor;
}
- if(proxytype)
+ if(proxytype
&& c->outgoing
)
if(!send_proxyrequest(c))
return false;
if(!send_proxyrequest(c))
return false;
@@
-160,10
+160,10
@@
bool id_h(connection_t *c, const char *request) {
if(name[0] == '^' && !strcmp(name + 1, controlcookie)) {
c->status.control = true;
c->allow_request = CONTROL;
if(name[0] == '^' && !strcmp(name + 1, controlcookie)) {
c->status.control = true;
c->allow_request = CONTROL;
- c->last_ping_time =
time(NULL)
+ 3600;
+ c->last_ping_time =
now.tv_sec
+ 3600;
- free(c->name);
-
c->name = xstrdup("<control>");
+ free(c->name);
+ c->name = xstrdup("<control>");
return send_request(c, "%d %d %d", ACK, TINC_CTL_VERSION_CURRENT, getpid());
}
return send_request(c, "%d %d %d", ACK, TINC_CTL_VERSION_CURRENT, getpid());
}
@@
-221,7
+221,7
@@
bool id_h(connection_t *c, const char *request) {
return false;
}
} else {
return false;
}
} else {
- if(c->protocol_minor && !ecdsa_active(
&
c->ecdsa))
+ if(c->protocol_minor && !ecdsa_active(c->ecdsa))
c->protocol_minor = 1;
}
c->protocol_minor = 1;
}
@@
-246,13
+246,13
@@
bool send_metakey(connection_t *c) {
if(!read_rsa_public_key(c))
return false;
if(!read_rsa_public_key(c))
return false;
- if(!
cipher_open_blowfish_ofb(&c->outcipher
))
+ if(!
(c->outcipher = cipher_open_blowfish_ofb()
))
return false;
return false;
-
- if(!
digest_open_sha1(&c->outdigest, -1
))
+
+ if(!
(c->outdigest = digest_open_sha1(-1)
))
return false;
return false;
- size_t len = rsa_size(
&
c->rsa);
+ size_t len = rsa_size(c->rsa);
char key[len];
char enckey[len];
char hexkey[2 * len + 1];
char key[len];
char enckey[len];
char hexkey[2 * len + 1];
@@
-273,7
+273,7
@@
bool send_metakey(connection_t *c) {
key[0] &= 0x7F;
key[0] &= 0x7F;
- cipher_set_key_from_rsa(
&
c->outcipher, key, len, true);
+ cipher_set_key_from_rsa(c->outcipher, key, len, true);
if(debug_level >= DEBUG_SCARY_THINGS) {
bin2hex(key, hexkey, len);
if(debug_level >= DEBUG_SCARY_THINGS) {
bin2hex(key, hexkey, len);
@@
-287,7
+287,7
@@
bool send_metakey(connection_t *c) {
with a length equal to that of the modulus of the RSA key.
*/
with a length equal to that of the modulus of the RSA key.
*/
- if(!rsa_public_encrypt(
&
c->rsa, key, len, enckey)) {
+ if(!rsa_public_encrypt(c->rsa, key, len, enckey)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error during encryption of meta key for %s (%s)", c->name, c->hostname);
return false;
}
logger(DEBUG_ALWAYS, LOG_ERR, "Error during encryption of meta key for %s (%s)", c->name, c->hostname);
return false;
}
@@
-299,10
+299,10
@@
bool send_metakey(connection_t *c) {
/* Send the meta key */
bool result = send_request(c, "%d %d %d %d %d %s", METAKEY,
/* Send the meta key */
bool result = send_request(c, "%d %d %d %d %d %s", METAKEY,
- cipher_get_nid(
&
c->outcipher),
- digest_get_nid(
&
c->outdigest), c->outmaclength,
+ cipher_get_nid(c->outcipher),
+ digest_get_nid(c->outdigest), c->outmaclength,
c->outcompression, hexkey);
c->outcompression, hexkey);
-
+
c->status.encryptout = true;
return result;
}
c->status.encryptout = true;
return result;
}
@@
-310,7
+310,7
@@
bool send_metakey(connection_t *c) {
bool metakey_h(connection_t *c, const char *request) {
char hexkey[MAX_STRING_SIZE];
int cipher, digest, maclength, compression;
bool metakey_h(connection_t *c, const char *request) {
char hexkey[MAX_STRING_SIZE];
int cipher, digest, maclength, compression;
- size_t len = rsa_size(
&
myself->connection->rsa);
+ size_t len = rsa_size(myself->connection->rsa);
char enckey[len];
char key[len];
char enckey[len];
char key[len];
@@
-332,7
+332,7
@@
bool metakey_h(connection_t *c, const char *request) {
/* Decrypt the meta key */
/* Decrypt the meta key */
- if(!rsa_private_decrypt(
&
myself->connection->rsa, enckey, len, key)) {
+ if(!rsa_private_decrypt(myself->connection->rsa, enckey, len, key)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error during decryption of meta key for %s (%s)", c->name, c->hostname);
return false;
}
logger(DEBUG_ALWAYS, LOG_ERR, "Error during decryption of meta key for %s (%s)", c->name, c->hostname);
return false;
}
@@
-344,12
+344,12
@@
bool metakey_h(connection_t *c, const char *request) {
/* Check and lookup cipher and digest algorithms */
/* Check and lookup cipher and digest algorithms */
- if(!
cipher_open_by_nid(&c->incipher, cipher) || !cipher_set_key_from_rsa(&
c->incipher, key, len, false)) {
+ if(!
(c->incipher = cipher_open_by_nid(cipher)) || !cipher_set_key_from_rsa(
c->incipher, key, len, false)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of cipher from %s (%s)", c->name, c->hostname);
return false;
}
logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of cipher from %s (%s)", c->name, c->hostname);
return false;
}
- if(!
digest_open_by_nid(&c->indigest, digest, -1
)) {
+ if(!
(c->indigest = digest_open_by_nid(digest, -1)
)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of digest from %s (%s)", c->name, c->hostname);
return false;
}
logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of digest from %s (%s)", c->name, c->hostname);
return false;
}
@@
-362,7
+362,7
@@
bool metakey_h(connection_t *c, const char *request) {
}
bool send_challenge(connection_t *c) {
}
bool send_challenge(connection_t *c) {
- size_t len = rsa_size(
&
c->rsa);
+ size_t len = rsa_size(c->rsa);
char buffer[len * 2 + 1];
if(!c->hischallenge)
char buffer[len * 2 + 1];
if(!c->hischallenge)
@@
-383,8
+383,8
@@
bool send_challenge(connection_t *c) {
bool challenge_h(connection_t *c, const char *request) {
char buffer[MAX_STRING_SIZE];
bool challenge_h(connection_t *c, const char *request) {
char buffer[MAX_STRING_SIZE];
- size_t len = rsa_size(
&
myself->connection->rsa);
- size_t digestlen = digest_length(
&
c->indigest);
+ size_t len = rsa_size(myself->connection->rsa);
+ size_t digestlen = digest_length(c->indigest);
char digest[digestlen];
if(sscanf(request, "%*d " MAX_STRING, buffer) != 1) {
char digest[digestlen];
if(sscanf(request, "%*d " MAX_STRING, buffer) != 1) {
@@
-407,7
+407,7
@@
bool challenge_h(connection_t *c, const char *request) {
/* Calculate the hash from the challenge we received */
/* Calculate the hash from the challenge we received */
- digest_create(
&
c->indigest, buffer, len, digest);
+ digest_create(c->indigest, buffer, len, digest);
/* Convert the hash to a hexadecimal formatted string */
/* Convert the hash to a hexadecimal formatted string */
@@
-433,7
+433,7
@@
bool chal_reply_h(connection_t *c, const char *request) {
/* Check if the length of the hash is all right */
/* Check if the length of the hash is all right */
- if(inlen != digest_length(
&
c->outdigest)) {
+ if(inlen != digest_length(c->outdigest)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply length");
return false;
}
logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply length");
return false;
}
@@
-441,7
+441,7
@@
bool chal_reply_h(connection_t *c, const char *request) {
/* Verify the hash */
/* Verify the hash */
- if(!digest_verify(
&c->outdigest, c->hischallenge, rsa_size(&
c->rsa), hishash)) {
+ if(!digest_verify(
c->outdigest, c->hischallenge, rsa_size(
c->rsa), hishash)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply");
return false;
}
logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply");
return false;
}
@@
-461,7
+461,7
@@
static bool send_upgrade(connection_t *c) {
/* Special case when protocol_minor is 1: the other end is ECDSA capable,
* but doesn't know our key yet. So send it now. */
/* Special case when protocol_minor is 1: the other end is ECDSA capable,
* but doesn't know our key yet. So send it now. */
- char *pubkey = ecdsa_get_base64_public_key(
&
myself->connection->ecdsa);
+ char *pubkey = ecdsa_get_base64_public_key(myself->connection->ecdsa);
if(!pubkey)
return false;
if(!pubkey)
return false;
@@
-510,6
+510,17
@@
bool send_ack(connection_t *c) {
static void send_everything(connection_t *c) {
/* Send all known subnets and edges */
static void send_everything(connection_t *c) {
/* Send all known subnets and edges */
+ if(disablebuggypeers) {
+ static struct {
+ vpn_packet_t pkt;
+ char pad[MAXBUFSIZE - MAXSIZE];
+ } zeropkt;
+
+ memset(&zeropkt, 0, sizeof zeropkt);
+ zeropkt.pkt.len = MAXBUFSIZE;
+ send_tcppacket(c, &zeropkt.pkt);
+ }
+
if(tunnelserver) {
for splay_each(subnet_t, s, myself->subnet_tree)
send_add_subnet(c, s);
if(tunnelserver) {
for splay_each(subnet_t, s, myself->subnet_tree)
send_add_subnet(c, s);
@@
-534,7
+545,7
@@
static bool upgrade_h(connection_t *c, const char *request) {
return false;
}
return false;
}
- if(ecdsa_active(
&
c->ecdsa) || read_ecdsa_public_key(c)) {
+ if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(c)) {
logger(DEBUG_ALWAYS, LOG_INFO, "Already have ECDSA public key from %s (%s), not upgrading.", c->name, c->hostname);
return false;
}
logger(DEBUG_ALWAYS, LOG_INFO, "Already have ECDSA public key from %s (%s), not upgrading.", c->name, c->hostname);
return false;
}