along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: protocol_auth.c,v 1.1.4.2 2002/02/18 16:25:16 guus Exp $
+ $Id: protocol_auth.c,v 1.1.4.6 2002/03/23 20:01:05 guus Exp $
*/
#include "config.h"
/* Send the meta key */
- x = send_request(c, "%d %s", METAKEY, buffer);
+ x = send_request(c, "%d %d %d %d %d %s", METAKEY,
+ c->outcipher?c->outcipher->nid:0, c->outdigest?c->outdigest->type:0,
+ c->outmaclength, c->outcompression, buffer);
/* Further outgoing requests are encrypted with the key we just generated */
- EVP_EncryptInit(c->outctx, EVP_bf_cfb(),
- c->outkey + len - EVP_bf_cfb()->key_len,
- c->outkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len);
+ if(c->outcipher)
+ {
+ EVP_EncryptInit(c->outctx, c->outcipher,
+ c->outkey + len - c->outcipher->key_len,
+ c->outkey + len - c->outcipher->key_len - c->outcipher->iv_len);
- c->status.encryptout = 1;
+ c->status.encryptout = 1;
+ }
cp
return x;
}
int metakey_h(connection_t *c)
{
char buffer[MAX_STRING_SIZE];
+ int cipher, digest, maclength, compression;
int len;
cp
- if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1)
+ if(sscanf(c->buffer, "%*d %d %d %d %d "MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5)
{
syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname);
return -1;
/* All incoming requests will now be encrypted. */
cp
- EVP_DecryptInit(c->inctx, EVP_bf_cfb(),
- c->inkey + len - EVP_bf_cfb()->key_len,
- c->inkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len);
-
- c->status.decryptin = 1;
+ /* Check and lookup cipher and digest algorithms */
+
+ if(cipher)
+ {
+ c->incipher = EVP_get_cipherbynid(cipher);
+ if(!c->incipher)
+ {
+ syslog(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname);
+ return -1;
+ }
+
+ EVP_DecryptInit(c->inctx, c->incipher,
+ c->inkey + len - c->incipher->key_len,
+ c->inkey + len - c->incipher->key_len - c->incipher->iv_len);
+
+ c->status.decryptin = 1;
+ }
+ else
+ {
+ c->incipher = NULL;
+ }
+
+ c->inmaclength = maclength;
+
+ if(digest)
+ {
+ c->indigest = EVP_get_digestbynid(digest);
+ if(!c->indigest)
+ {
+ syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname);
+ return -1;
+ }
+
+ if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0)
+ {
+ syslog(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname);
+ return -1;
+ }
+ }
+ else
+ {
+ c->indigest = NULL;
+ }
+
+ c->incompression = compression;
c->allow_request = CHALLENGE;
cp
int send_chal_reply(connection_t *c)
{
- char hash[SHA_DIGEST_LENGTH*2+1];
+ char hash[EVP_MAX_MD_SIZE*2+1];
+ EVP_MD_CTX ctx;
cp
/* Calculate the hash from the challenge we received */
- SHA1(c->mychallenge, RSA_size(myself->connection->rsa_key), hash);
+ EVP_DigestInit(&ctx, c->indigest);
+ EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key));
+ EVP_DigestFinal(&ctx, hash, NULL);
/* Convert the hash to a hexadecimal formatted string */
- bin2hex(hash,hash,SHA_DIGEST_LENGTH);
- hash[SHA_DIGEST_LENGTH*2] = '\0';
+ bin2hex(hash,hash,c->indigest->md_size);
+ hash[c->indigest->md_size*2] = '\0';
/* Send the reply */
int chal_reply_h(connection_t *c)
{
char hishash[MAX_STRING_SIZE];
- char myhash[SHA_DIGEST_LENGTH];
+ char myhash[EVP_MAX_MD_SIZE];
+ EVP_MD_CTX ctx;
cp
if(sscanf(c->buffer, "%*d "MAX_STRING, hishash) != 1)
{
/* Check if the length of the hash is all right */
- if(strlen(hishash) != SHA_DIGEST_LENGTH*2)
+ if(strlen(hishash) != c->outdigest->md_size*2)
{
syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply length"));
return -1;
/* Convert the hash to binary format */
- hex2bin(hishash, hishash, SHA_DIGEST_LENGTH);
+ hex2bin(hishash, hishash, c->outdigest->md_size);
/* Calculate the hash from the challenge we sent */
- SHA1(c->hischallenge, RSA_size(c->rsa_key), myhash);
+ EVP_DigestInit(&ctx, c->outdigest);
+ EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key));
+ EVP_DigestFinal(&ctx, myhash, NULL);
/* Verify the incoming hash with the calculated hash */
- if(memcmp(hishash, myhash, SHA_DIGEST_LENGTH))
+ if(memcmp(hishash, myhash, c->outdigest->md_size))
{
syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply"));
if(debug_lvl >= DEBUG_SCARY_THINGS)
gettimeofday(&now, NULL);
c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000;
sockaddr2str(&c->address, &address, &port);
- x = send_request(c, "%d %s %s %s %d %d", ACK, myport, address, port, c->estimated_weight, c->options);
+ x = send_request(c, "%d %s %s %d %lx", ACK, myport, address, c->estimated_weight, c->options);
free(address);
free(port);
cp
int ack_h(connection_t *c)
{
- char address[MAX_STRING_SIZE];
- char port[MAX_STRING_SIZE];
+ char myaddress[MAX_STRING_SIZE];
char hisport[MAX_STRING_SIZE];
char *hisaddress, *dummy;
int weight;
- int options;
+ long int options;
node_t *n;
connection_t *other;
avl_node_t *node;
cp
- if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d", hisport, address, port, &weight, &options) != 5)
+ if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %d %lx", hisport, myaddress, &weight, &options) != 4)
{
syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname);
return -1;
c->edge = new_edge();
cp
c->edge->from.node = myself;
- c->edge->from.tcpaddress = str2sockaddr(address, port);
- c->edge->from.udpaddress = str2sockaddr(address, myport);
+// c->edge->from.tcpaddress = str2sockaddr(address, port);
+ c->edge->from.udpaddress = str2sockaddr(myaddress, myport);
c->edge->to.node = n;
- c->edge->to.tcpaddress = c->address;
+// c->edge->to.tcpaddress = c->address;
sockaddr2str(&c->address, &hisaddress, &dummy);
c->edge->to.udpaddress = str2sockaddr(hisaddress, hisport);
free(hisaddress);
projects / tinc / blobdiff