#include "control.h"
#include "device.h"
#include "digest.h"
+#include "ecdsa.h"
#include "graph.h"
#include "logger.h"
#include "net.h"
char *myport;
static struct event device_ev;
+bool node_read_ecdsa_public_key(node_t *n) {
+ if(ecdsa_active(&n->ecdsa))
+ return true;
+
+ splay_tree_t *config_tree;
+ FILE *fp;
+ char *fname;
+ char *p;
+ bool result = false;
+
+ xasprintf(&fname, "%s/hosts/%s", confbase, n->name);
+
+ init_configuration(&config_tree);
+ if(!read_config_file(config_tree, fname))
+ goto exit;
+
+ /* First, check for simple ECDSAPublicKey statement */
+
+ if(get_config_string(lookup_config(config_tree, "ECDSAPublicKey"), &p)) {
+ result = ecdsa_set_base64_public_key(&n->ecdsa, p);
+ free(p);
+ goto exit;
+ }
+
+ /* Else, check for ECDSAPublicKeyFile statement and read it */
+
+ free(fname);
+
+ if(!get_config_string(lookup_config(config_tree, "ECDSAPublicKeyFile"), &fname))
+ xasprintf(&fname, "%s/hosts/%s", confbase, n->name);
+
+ fp = fopen(fname, "r");
+
+ if(!fp) {
+ logger(LOG_ERR, "Error reading ECDSA public key file `%s': %s", fname, strerror(errno));
+ goto exit;
+ }
+
+ result = ecdsa_read_pem_public_key(&n->ecdsa, fp);
+ fclose(fp);
+
+exit:
+ exit_configuration(&config_tree);
+ free(fname);
+ return result;
+}
+
+bool read_ecdsa_public_key(connection_t *c) {
+ FILE *fp;
+ char *fname;
+ char *p;
+ bool result;
+
+ /* First, check for simple ECDSAPublicKey statement */
+
+ if(get_config_string(lookup_config(c->config_tree, "ECDSAPublicKey"), &p)) {
+ result = ecdsa_set_base64_public_key(&c->ecdsa, p);
+ free(p);
+ return result;
+ }
+
+ /* Else, check for ECDSAPublicKeyFile statement and read it */
+
+ if(!get_config_string(lookup_config(c->config_tree, "ECDSAPublicKeyFile"), &fname))
+ xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
+
+ fp = fopen(fname, "r");
+
+ if(!fp) {
+ logger(LOG_ERR, "Error reading ECDSA public key file `%s': %s",
+ fname, strerror(errno));
+ free(fname);
+ return false;
+ }
+
+ result = ecdsa_read_pem_public_key(&c->ecdsa, fp);
+ fclose(fp);
+
+ if(!result)
+ logger(LOG_ERR, "Reading ECDSA public key file `%s' failed: %s", fname, strerror(errno));
+ free(fname);
+ return result;
+}
+
bool read_rsa_public_key(connection_t *c) {
FILE *fp;
char *fname;
return result;
}
-bool read_rsa_private_key() {
+static bool read_ecdsa_private_key(void) {
+ FILE *fp;
+ char *fname;
+ bool result;
+
+ /* Check for PrivateKeyFile statement and read it */
+
+ if(!get_config_string(lookup_config(config_tree, "ECDSAPrivateKeyFile"), &fname))
+ xasprintf(&fname, "%s/ecdsa_key.priv", confbase);
+
+ fp = fopen(fname, "r");
+
+ if(!fp) {
+ logger(LOG_ERR, "Error reading ECDSA private key file `%s': %s",
+ fname, strerror(errno));
+ free(fname);
+ return false;
+ }
+
+#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
+ struct stat s;
+
+ if(fstat(fileno(fp), &s)) {
+ logger(LOG_ERR, "Could not stat ECDSA private key file `%s': %s'", fname, strerror(errno));
+ free(fname);
+ return false;
+ }
+
+ if(s.st_mode & ~0100700)
+ logger(LOG_WARNING, "Warning: insecure file permissions for ECDSA private key file `%s'!", fname);
+#endif
+
+ result = ecdsa_read_pem_private_key(&myself->connection->ecdsa, fp);
+ fclose(fp);
+
+ if(!result)
+ logger(LOG_ERR, "Reading ECDSA private key file `%s' failed: %s", fname, strerror(errno));
+ free(fname);
+ return result;
+}
+
+static bool read_rsa_private_key(void) {
FILE *fp;
char *fname;
char *n, *d;
regenerate_key();
}
-void regenerate_key() {
+void regenerate_key(void) {
if(timeout_initialized(&keyexpire_event)) {
ifdebug(STATUS) logger(LOG_INFO, "Expiring symmetric keys");
event_del(&keyexpire_event);
/*
Configure node_t myself and set up the local sockets (listen only)
*/
-bool setup_myself(void) {
+static bool setup_myself(void) {
config_t *cfg;
subnet_t *subnet;
char *name, *hostname, *mode, *afname, *cipher, *digest;
myself->connection->hostname = xstrdup("MYSELF");
myself->connection->options = 0;
- myself->connection->protocol_version = PROT_CURRENT;
+ myself->connection->protocol_major = PROT_MAJOR;
+ myself->connection->protocol_minor = PROT_MINOR;
if(!get_config_string(lookup_config(config_tree, "Name"), &name)) { /* Not acceptable */
logger(LOG_ERR, "Name for tinc daemon required!");
read_config_file(config_tree, fname);
free(fname);
+ get_config_bool(lookup_config(config_tree, "ExperimentalProtocol"), &experimental);
+
+ if(experimental && !read_ecdsa_private_key())
+ return false;
+
if(!read_rsa_private_key())
return false;
for(node = connection_tree->head; node; node = next) {
next = node->next;
c = node->data;
- c->outgoing = false;
+ c->outgoing = NULL;
terminate_connection(c, false);
}
projects / tinc / blobdiff