X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Ftincctl.c;h=5f2b135103f2b761313aabe3f1c66c5228617d8e;hb=f0e7e6b03e34e69cac5b01a2d943ad3b9b59d36c;hp=fdb72e05469e4634b5ee411ce99e5b71e24a0520;hpb=44c7f554c7a6eb411428cfd30ca2cb21a613830e;p=tinc

diff --git a/src/tincctl.c b/src/tincctl.c
index fdb72e05..5f2b1351 100644
--- a/src/tincctl.c
+++ b/src/tincctl.c
@@ -39,6 +39,10 @@
 #include "tincctl.h"
 #include "top.h"
 
+#ifndef MSG_NOSIGNAL
+#define MSG_NOSIGNAL 0
+#endif
+
 static char **orig_argv;
 static int orig_argc;
 
@@ -112,9 +116,9 @@ static void usage(bool status) {
 				"  restart [tincd options]    Restart tincd.\n"
 				"  reload                     Partially reload configuration of running tincd.\n"
 				"  pid                        Show PID of currently running tincd.\n"
-				"  generate-keys [bits]       Generate new RSA and ECDSA public/private keypairs.\n"
+				"  generate-keys [bits]       Generate new RSA and Ed25519 public/private keypairs.\n"
 				"  generate-rsa-keys [bits]   Generate a new RSA public/private keypair.\n"
-				"  generate-ecdsa-keys        Generate a new ECDSA public/private keypair.\n"
+				"  generate-ed25519-keys      Generate a new Ed25519 public/private keypair.\n"
 				"  dump                       Dump a list of one of the following things:\n"
 				"    [reachable] nodes        - all known nodes in the VPN\n"
 				"    edges                    - all known connections in the VPN\n"
@@ -242,19 +246,19 @@ static void disable_old_keys(const char *filename, const char *what) {
 
 	while(fgets(buf, sizeof buf, r)) {
 		if(!block && !strncmp(buf, "-----BEGIN ", 11)) {
-			if((strstr(buf, " EC ") && strstr(what, "ECDSA")) || (strstr(buf, " RSA ") && strstr(what, "RSA"))) {
+			if((strstr(buf, " RSA ") && strstr(what, "RSA"))) {
 				disabled = true;
 				block = true;
 			}
 		}
 
-		bool ecdsapubkey = !strncasecmp(buf, "ECDSAPublicKey", 14) && strchr(" \t=", buf[14]) && strstr(what, "ECDSA");
+		bool ed25519pubkey = !strncasecmp(buf, "Ed25519PublicKey", 16) && strchr(" \t=", buf[16]) && strstr(what, "Ed25519");
 
-		if(ecdsapubkey)
+		if(ed25519pubkey)
 			disabled = true;
 
 		if(w) {
-			if(block || ecdsapubkey)
+			if(block || ed25519pubkey)
 				fputc('#', w);
 			if(fputs(buf, w) < 0) {
 				error = true;
@@ -351,15 +355,15 @@ static FILE *ask_and_open(const char *filename, const char *what, const char *mo
 }
 
 /*
-  Generate a public/private ECDSA keypair, and ask for a file to store
+  Generate a public/private Ed25519 keypair, and ask for a file to store
   them in.
 */
-static bool ecdsa_keygen(bool ask) {
+static bool ed25519_keygen(bool ask) {
 	ecdsa_t *key;
 	FILE *f;
 	char *pubname, *privname;
 
-	fprintf(stderr, "Generating ECDSA keypair:\n");
+	fprintf(stderr, "Generating Ed25519 keypair:\n");
 
 	if(!(key = ecdsa_generate())) {
 		fprintf(stderr, "Error during key generation!\n");
@@ -367,8 +371,8 @@ static bool ecdsa_keygen(bool ask) {
 	} else
 		fprintf(stderr, "Done.\n");
 
-	xasprintf(&privname, "%s" SLASH "ecdsa_key.priv", confbase);
-	f = ask_and_open(privname, "private ECDSA key", "a", ask, 0600);
+	xasprintf(&privname, "%s" SLASH "ed25519_key.priv", confbase);
+	f = ask_and_open(privname, "private Ed25519 key", "a", ask, 0600);
 	free(privname);
 
 	if(!f)
@@ -386,16 +390,16 @@ static bool ecdsa_keygen(bool ask) {
 	if(name)
 		xasprintf(&pubname, "%s" SLASH "hosts" SLASH "%s", confbase, name);
 	else
-		xasprintf(&pubname, "%s" SLASH "ecdsa_key.pub", confbase);
+		xasprintf(&pubname, "%s" SLASH "ed25519_key.pub", confbase);
 
-	f = ask_and_open(pubname, "public ECDSA key", "a", ask, 0666);
+	f = ask_and_open(pubname, "public Ed25519 key", "a", ask, 0666);
 	free(pubname);
 
 	if(!f)
 		return false;
 
 	char *pubkey = ecdsa_get_base64_public_key(key);
-	fprintf(f, "ECDSAPublicKey = %s\n", pubkey);
+	fprintf(f, "Ed25519PublicKey = %s\n", pubkey);
 	free(pubkey);
 
 	fclose(f);
@@ -413,6 +417,15 @@ static bool rsa_keygen(int bits, bool ask) {
 	FILE *f;
 	char *pubname, *privname;
 
+	// Make sure the key size is a multiple of 8 bits.
+	bits &= ~0x7;
+
+	// Force them to be between 1024 and 8192 bits long.
+	if(bits < 1024)
+		bits = 1024;
+	if(bits > 8192)
+		bits = 8192;
+
 	fprintf(stderr, "Generating %d bits keys:\n", bits);
 
 	if(!(key = rsa_generate(bits, 0x10001))) {
@@ -529,7 +542,7 @@ bool sendline(int fd, char *format, ...) {
 	blen++;
 
 	while(blen) {
-		int result = send(fd, p, blen, 0);
+		int result = send(fd, p, blen, MSG_NOSIGNAL);
 		if(result == -1 && errno == EINTR)
 			continue;
 		else if(result <= 0)
@@ -741,6 +754,11 @@ bool connect_tincd(bool verbose) {
 	freeaddrinfo(res);
 #endif
 
+#ifdef SO_NOSIGPIPE
+	static const int one = 1;
+	setsockopt(c, SOL_SOCKET, SO_NOSIGPIPE, (void *)&one, sizeof one);
+#endif
+
 	char data[4096];
 	int version;
 
@@ -1285,7 +1303,7 @@ const var_t variables[] = {
 	{"Device", VAR_SERVER},
 	{"DeviceType", VAR_SERVER},
 	{"DirectOnly", VAR_SERVER},
-	{"ECDSAPrivateKeyFile", VAR_SERVER},
+	{"Ed25519PrivateKeyFile", VAR_SERVER},
 	{"ExperimentalProtocol", VAR_SERVER},
 	{"Forwarding", VAR_SERVER},
 	{"GraphDumpFile", VAR_SERVER | VAR_OBSOLETE},
@@ -1323,8 +1341,8 @@ const var_t variables[] = {
 	{"ClampMSS", VAR_SERVER | VAR_HOST},
 	{"Compression", VAR_SERVER | VAR_HOST},
 	{"Digest", VAR_SERVER | VAR_HOST},
-	{"ECDSAPublicKey", VAR_HOST},
-	{"ECDSAPublicKeyFile", VAR_SERVER | VAR_HOST},
+	{"Ed25519PublicKey", VAR_HOST},
+	{"Ed25519PublicKeyFile", VAR_SERVER | VAR_HOST},
 	{"IndirectData", VAR_SERVER | VAR_HOST},
 	{"MACLength", VAR_SERVER | VAR_HOST},
 	{"PMTU", VAR_SERVER | VAR_HOST},
@@ -1764,7 +1782,7 @@ static int cmd_init(int argc, char *argv[]) {
 	fprintf(f, "Name = %s\n", name);
 	fclose(f);
 
-	if(!rsa_keygen(2048, false) || !ecdsa_keygen(false))
+	if(!rsa_keygen(2048, false) || !ed25519_keygen(false))
 		return 1;
 
 	check_port(name);
@@ -1796,7 +1814,7 @@ static int cmd_generate_keys(int argc, char *argv[]) {
 	if(!name)
 		name = get_my_name(false);
 
-	return !(rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true) && ecdsa_keygen(true));
+	return !(rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true) && ed25519_keygen(true));
 }
 
 static int cmd_generate_rsa_keys(int argc, char *argv[]) {
@@ -1811,7 +1829,7 @@ static int cmd_generate_rsa_keys(int argc, char *argv[]) {
 	return !rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true);
 }
 
-static int cmd_generate_ecdsa_keys(int argc, char *argv[]) {
+static int cmd_generate_ed25519_keys(int argc, char *argv[]) {
 	if(argc > 1) {
 		fprintf(stderr, "Too many arguments!\n");
 		return 1;
@@ -1820,7 +1838,7 @@ static int cmd_generate_ecdsa_keys(int argc, char *argv[]) {
 	if(!name)
 		name = get_my_name(false);
 
-	return !ecdsa_keygen(true);
+	return !ed25519_keygen(true);
 }
 
 static int cmd_help(int argc, char *argv[]) {
@@ -2129,6 +2147,8 @@ static int cmd_network(int argc, char *argv[]) {
 		free(fname);
 	}
 
+	closedir(dir);
+
 	return 0;
 }
 
@@ -2159,7 +2179,7 @@ static const struct {
 	{"init", cmd_init},
 	{"generate-keys", cmd_generate_keys},
 	{"generate-rsa-keys", cmd_generate_rsa_keys},
-	{"generate-ecdsa-keys", cmd_generate_ecdsa_keys},
+	{"generate-ed25519-keys", cmd_generate_ed25519_keys},
 	{"help", cmd_help},
 	{"version", cmd_version},
 	{"info", cmd_info},