X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_key.c;h=f9afb4fe42e856b40702d967813398c828db624a;hb=8af2f3f5a4061a8dbfd4f7d259e0038df06a373e;hp=98b934cb85bef9037086328beca097206426e173;hpb=153abaa4d940bf2bc9bd7275d5efe5c01c354190;p=tinc diff --git a/src/protocol_key.c b/src/protocol_key.c index 98b934cb..f9afb4fe 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -47,7 +47,7 @@ void send_key_changed(void) { for(node = connection_tree->head; node; node = node->next) { c = node->data; if(c->status.active && c->node && c->node->status.reachable) { - if(!experimental || OPTION_VERSION(c->node->options) < 2) + if(!c->node->status.sptps) send_ans_key(c->node); } } @@ -57,7 +57,7 @@ void send_key_changed(void) { if(experimental) { for(node = node_tree->head; node; node = node->next) { node_t *n = node->data; - if(n->status.reachable && n->status.validkey && OPTION_VERSION(n->options) >= 2) + if(n->status.reachable && n->status.validkey && n->status.sptps) sptps_force_kex(&n->sptps); } } @@ -84,7 +84,7 @@ bool key_changed_h(connection_t *c, const char *request) { return true; } - if(OPTION_VERSION(n->options) < 2) { + if(!n->status.sptps) { n->status.validkey = false; n->last_req_key = 0; } @@ -106,7 +106,7 @@ static bool send_initial_sptps_data(void *handle, uint8_t type, const char *data } bool send_req_key(node_t *to) { - if(experimental && OPTION_VERSION(to->options) >= 2) { + if(to->status.sptps) { if(!node_read_ecdsa_public_key(to)) { logger(DEBUG_ALWAYS, LOG_DEBUG, "No ECDSA key known for %s (%s)", to->name, to->hostname); send_request(to->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, to->name, REQ_PUBKEY); @@ -114,6 +114,9 @@ bool send_req_key(node_t *to) { } char label[25 + strlen(myself->name) + strlen(to->name)]; snprintf(label, sizeof label, "tinc UDP key expansion %s %s", myself->name, to->name); + sptps_stop(&to->sptps); + to->status.validkey = false; + to->incompression = myself->incompression; return sptps_start(&to->sptps, to, true, true, myself->connection->ecdsa, to->ecdsa, label, sizeof label, send_initial_sptps_data, receive_sptps_record); } @@ -167,6 +170,8 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in char label[25 + strlen(from->name) + strlen(myself->name)]; snprintf(label, sizeof label, "tinc UDP key expansion %s %s", from->name, myself->name); + sptps_stop(&from->sptps); + from->status.validkey = false; sptps_start(&from->sptps, from, false, true, myself->connection->ecdsa, from->ecdsa, label, sizeof label, send_sptps_data, receive_sptps_record); sptps_receive_data(&from->sptps, buf, len); return true; @@ -213,10 +218,12 @@ bool req_key_h(connection_t *c, const char *request) { /* Check if this key request is for us */ - if(to == myself) { /* Yes, send our own key back */ + if(to == myself) { /* Yes */ + /* Is this an extended REQ_KEY message? */ if(experimental && reqno) return req_key_ext_h(c, request, from, reqno); + /* No, just send our key back */ send_ans_key(from); } else { if(tunnelserver) @@ -235,7 +242,7 @@ bool req_key_h(connection_t *c, const char *request) { } bool send_ans_key(node_t *to) { - if(experimental && OPTION_VERSION(to->options) >= 2) + if(to->status.sptps) abort(); size_t keylen = cipher_keylength(&myself->incipher); @@ -327,9 +334,16 @@ bool ans_key_h(connection_t *c, const char *request) { return send_request(to->nexthop->connection, "%s", request); } + if(compression < 0 || compression > 11) { + logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses bogus compression level!", from->name, from->hostname); + return true; + } + + from->outcompression = compression; + /* SPTPS or old-style key exchange? */ - if(experimental && OPTION_VERSION(from->options) >= 2) { + if(from->status.sptps) { char buf[strlen(key)]; int len = b64decode(key, buf, strlen(key)); @@ -367,13 +381,6 @@ bool ans_key_h(connection_t *c, const char *request) { return false; } - if(compression < 0 || compression > 11) { - logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses bogus compression level!", from->name, from->hostname); - return true; - } - - from->outcompression = compression; - /* Process key */ keylen = hex2bin(key, key, sizeof key);