projects
/
tinc
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
- Lots of small changes.
[tinc]
/
src
/
protocol.c
diff --git
a/src/protocol.c
b/src/protocol.c
index
2081edc
..
0b76cc3
100644
(file)
--- a/
src/protocol.c
+++ b/
src/protocol.c
@@
-17,7
+17,7
@@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: protocol.c,v 1.28.4.
29 2000/09/11 10:05:34
guus Exp $
+ $Id: protocol.c,v 1.28.4.
30 2000/09/14 11:54:51
guus Exp $
*/
#include "config.h"
*/
#include "config.h"
@@
-67,7
+67,7
@@
cp
if(debug_lvl >= DEBUG_META)
syslog(LOG_DEBUG, _("Sending meta data to %s (%s): %s"), cl->id, cl->hostname, buffer);
if(debug_lvl >= DEBUG_META)
syslog(LOG_DEBUG, _("Sending meta data to %s (%s): %s"), cl->id, cl->hostname, buffer);
- if(cl->status.encrypt
out
)
+ if(cl->status.encrypt
ed
)
{
/* FIXME: Do encryption */
}
{
/* FIXME: Do encryption */
}
@@
-83,16
+83,22
@@
cp
/* Connection protocol:
Client Server
/* Connection protocol:
Client Server
- send_id(*)
- send_challenge
- send_chal_reply(*)
- send_id
- send_challenge
- send_chal_reply
- send_ack
- send_ack
-
- (*) Unencrypted.
+ send_id(u)
+ send_challenge(R)
+ send_chal_reply(BH)
+ send_id(B)
+ send_challenge(BR)
+ send_chal_reply(BH)
+ send_ack(B)
+ send_ack(B)
+
+ (u) Unencrypted,
+ (R) RSA,
+ (H) SHA1,
+ (B) Blowfish.
+
+ Part of the challenge is directly used to set the blowfish key and the initial vector.
+ (Twee vliegen in één klap!)
*/
int send_id(conn_list_t *cl)
*/
int send_id(conn_list_t *cl)
@@
-163,10
+169,6
@@
cp
}
}
}
}
- /* Since we know the identity now, we can encrypt the meta channel */
-
- cl->status.encryptout = 1;
-
/* Send a challenge to verify the identity */
cl->allow_request = CHAL_REPLY;
/* Send a challenge to verify the identity */
cl->allow_request = CHAL_REPLY;
@@
-186,13
+188,20
@@
cp
/* Allocate buffers for the challenge and the hash */
cl->chal_hash = xmalloc(SHA_DIGEST_LEN);
/* Allocate buffers for the challenge and the hash */
cl->chal_hash = xmalloc(SHA_DIGEST_LEN);
- keylength = BN_num_bytes(cl->
met
akey.n);
+ keylength = BN_num_bytes(cl->
rs
akey.n);
buffer = xmalloc(keylength*2);
/* Copy random data and the public key to the buffer */
RAND_bytes(buffer, keylength);
buffer = xmalloc(keylength*2);
/* Copy random data and the public key to the buffer */
RAND_bytes(buffer, keylength);
- BN_bn2bin(cl->metakey.n, buffer+keylength);
+ BN_bn2bin(cl->rsakey.n, buffer+keylength);
+
+ /* If we don't have a blowfish key set yet, use the random data from the challenge to do so. */
+
+ if(!cl->status.encrypted)
+ {
+ set_metakey(cl, buffer, keylength);
+ }
/* Calculate the hash from that */
/* Calculate the hash from that */
@@
-208,6
+217,7
@@
cp
cl->allow_request = CHAL_REPLY;
x = send_request(cl, "%d %s", CHALLENGE, buffer);
free(buffer);
cl->allow_request = CHAL_REPLY;
x = send_request(cl, "%d %s", CHALLENGE, buffer);
free(buffer);
+ cl->status.encrypted = 1;
cp
return x;
}
cp
return x;
}
@@
-237,7
+247,7
@@
int send_chal_reply(conn_list_t *cl, char *challenge)
char *hash;
int x;
cp
char *hash;
int x;
cp
- keylength = BN_num_bytes(myself->
mey
akey.n);
+ keylength = BN_num_bytes(myself->
rs
akey.n);
/* Check if the length of the challenge is all right */
/* Check if the length of the challenge is all right */
@@
-255,11
+265,20
@@
cp
/* Copy the incoming random data and our public key to the buffer */
hex2bin(challenge, buffer, keylength);
/* Copy the incoming random data and our public key to the buffer */
hex2bin(challenge, buffer, keylength);
- BN_bn2bin(myself->
met
akey.n, buffer+keylength);
+ BN_bn2bin(myself->
rs
akey.n, buffer+keylength);
/* Calculate the hash from that */
SHA1(buffer, keylength*2, hash);
/* Calculate the hash from that */
SHA1(buffer, keylength*2, hash);
+
+ /* If we don't have a blowfish key set yet, use the random data from the challenge to do so. */
+
+ if(!cl->status.encrypted)
+ {
+ set_metakey(cl, buffer, keylength);
+ cl->status.encrypted = 1;
+ }
+
free(buffer);
/* Convert the hash to a hexadecimal formatted string */
free(buffer);
/* Convert the hash to a hexadecimal formatted string */