along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: protocol.c,v 1.28.4.64 2000/11/22 19:55:50 guus Exp $
+ $Id: protocol.c,v 1.28.4.70 2000/12/22 21:34:24 guus Exp $
*/
#include "config.h"
for (i = 0; i < strlen(id); i++)
if(!isalnum(id[i]) && id[i] != '_')
return -1;
-
+
return 0;
}
-/* Generic request routines - takes care of logging and error detection as well */
+/* Generic request routines - takes care of logging and error
+ detection as well */
int send_request(connection_t *cl, const char *format, ...)
{
int len, request;
cp
- /* Use vsnprintf instead of vasprintf: faster, no memory fragmentation, cleanup is automatic,
- and there is a limit on the input buffer anyway */
+ /* Use vsnprintf instead of vasprintf: faster, no memory
+ fragmentation, cleanup is automatic, and there is a limit on the
+ input buffer anyway */
va_start(args, format);
len = vsnprintf(buffer, MAXBUFSIZE, format, args);
(H) SHA1,
(E) Encrypted with symmetric cipher.
- Part of the challenge is directly used to set the symmetric cipher key and the initial vector.
- Since a man-in-the-middle cannot decrypt the RSA challenges, this means that he cannot get or
- forge the key for the symmetric cipher.
+ Part of the challenge is directly used to set the symmetric cipher
+ key and the initial vector. Since a man-in-the-middle cannot
+ decrypt the RSA challenges, this means that he cannot get or forge
+ the key for the symmetric cipher.
*/
int send_id(connection_t *cl)
/* Read in the public key, so that we can send a challenge */
- if((cfg = get_config_val(cl->config, config_publickey)))
- {
- cl->rsa_key = RSA_new();
- BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr);
- BN_hex2bn(&cl->rsa_key->e, "FFFF");
- }
- else
- {
- syslog(LOG_ERR, _("No public key known for %s (%s)"), cl->name, cl->hostname);
- return -1;
- }
+ if(read_rsa_public_key(cl))
+ return -1;
+
cp
return send_challenge(cl);
}
}
/* Encrypt the random data */
-
+
if(RSA_public_encrypt(len, cl->hischallenge, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */
{
syslog(LOG_ERR, _("Error during encryption of challenge for %s (%s)"), cl->name, cl->hostname);
if(cl->status.outgoing)
cl->allow_request = ACK;
- setup_vpn_connection(cl);
-
x = send_request(cl, "%d", ACK);
cl->status.encryptout = 1;
cp
/* Check if somebody tries to add ourself */
- if(!strcmp(new->name, myself->name))
+ if(!strcmp(name, myself->name))
{
syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), cl->name, cl->hostname);
sighup = 1;
new->status.active = 1;
new->cipher_pkttype = EVP_bf_cfb();
new->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len;
-
- /* Okay this is a bit ugly... it would be better to setup UDP sockets dynamically, or
- * perhaps just one UDP socket... but then again, this has benefits too...
- */
-
- setup_vpn_connection(new);
cp
return 0;
}
from->cipher_pktkey = xstrdup(pktkey);
keylength /= 2;
- hex2bin(pktkey, pktkey, keylength);
- pktkey[keylength] = '\0';
+ hex2bin(from->cipher_pktkey, from->cipher_pktkey, keylength);
+ from->cipher_pktkey[keylength] = '\0';
from->status.validkey = 1;
from->status.waitingforkey = 0;