X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol.c;h=0b76cc3d7321d768fe16f590f72644b38388f014;hb=d335c6d0d7328fd86154dc60b22deb7953ab0228;hp=57e071ae03b8c2e76dce54489a210cf333bbdd13;hpb=76b5f255c6cb0c5dfb5a870c371ec6f7c7879bb2;p=tinc diff --git a/src/protocol.c b/src/protocol.c index 57e071ae..0b76cc3d 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.28 2000/09/10 23:11:37 guus Exp $ + $Id: protocol.c,v 1.28.4.30 2000/09/14 11:54:51 guus Exp $ */ #include "config.h" @@ -67,7 +67,7 @@ cp if(debug_lvl >= DEBUG_META) syslog(LOG_DEBUG, _("Sending meta data to %s (%s): %s"), cl->id, cl->hostname, buffer); - if(cl->status.encryptout) + if(cl->status.encrypted) { /* FIXME: Do encryption */ } @@ -83,16 +83,22 @@ cp /* Connection protocol: Client Server - send_id(*) - send_challenge - send_chal_reply(*) - send_id - send_challenge - send_chal_reply - send_ack - send_ack - - (*) Unencrypted. + send_id(u) + send_challenge(R) + send_chal_reply(BH) + send_id(B) + send_challenge(BR) + send_chal_reply(BH) + send_ack(B) + send_ack(B) + + (u) Unencrypted, + (R) RSA, + (H) SHA1, + (B) Blowfish. + + Part of the challenge is directly used to set the blowfish key and the initial vector. + (Twee vliegen in één klap!) */ int send_id(conn_list_t *cl) @@ -163,10 +169,6 @@ cp } } - /* Since we know the identity now, we can encrypt the meta channel */ - - cl->status.encryptout = 1; - /* Send a challenge to verify the identity */ cl->allow_request = CHAL_REPLY; @@ -186,13 +188,20 @@ cp /* Allocate buffers for the challenge and the hash */ cl->chal_hash = xmalloc(SHA_DIGEST_LEN); - keylength = BN_num_bytes(cl->metakey.n); + keylength = BN_num_bytes(cl->rsakey.n); buffer = xmalloc(keylength*2); /* Copy random data and the public key to the buffer */ RAND_bytes(buffer, keylength); - BN_bn2bin(cl->metakey.n, buffer+keylength); + BN_bn2bin(cl->rsakey.n, buffer+keylength); + + /* If we don't have a blowfish key set yet, use the random data from the challenge to do so. */ + + if(!cl->status.encrypted) + { + set_metakey(cl, buffer, keylength); + } /* Calculate the hash from that */ @@ -208,6 +217,7 @@ cp cl->allow_request = CHAL_REPLY; x = send_request(cl, "%d %s", CHALLENGE, buffer); free(buffer); + cl->status.encrypted = 1; cp return x; } @@ -237,7 +247,7 @@ int send_chal_reply(conn_list_t *cl, char *challenge) char *hash; int x; cp - keylength = BN_num_bytes(myself->meyakey.n); + keylength = BN_num_bytes(myself->rsakey.n); /* Check if the length of the challenge is all right */ @@ -255,11 +265,20 @@ cp /* Copy the incoming random data and our public key to the buffer */ hex2bin(challenge, buffer, keylength); - BN_bn2bin(myself->metakey.n, buffer+keylength); + BN_bn2bin(myself->rsakey.n, buffer+keylength); /* Calculate the hash from that */ SHA1(buffer, keylength*2, hash); + + /* If we don't have a blowfish key set yet, use the random data from the challenge to do so. */ + + if(!cl->status.encrypted) + { + set_metakey(cl, buffer, keylength); + cl->status.encrypted = 1; + } + free(buffer); /* Convert the hash to a hexadecimal formatted string */ @@ -767,7 +786,7 @@ cp keylength = strlen(datakey); - if((keylength%1) || (keylength <= 0)) + if((keylength%2) || (keylength <= 0)) { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), cl->id, cl->hostname, from->id); free(from_id); free(to_id); free(datakey);