X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_key.c;h=5baa5f409b1fcaf0a7c7b197d62da60f9259636a;hp=832b2af0255b26559020ec16aef0f04542d7c5b2;hb=3308d13e7e3bf20cfeaf6f2ab17228a9820cea66;hpb=e449d94caef963809d417f16497f6f978e10d731 diff --git a/src/protocol_key.c b/src/protocol_key.c index 832b2af0..5baa5f40 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -1,7 +1,7 @@ /* protocol_key.c -- handle the meta-protocol, key exchange - Copyright (C) 1999-2003 Ivo Timmermans , - 2000-2003 Guus Sliepen + Copyright (C) 1999-2005 Ivo Timmermans, + 2000-2009 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,11 +17,15 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.19 2003/07/17 15:06:26 guus Exp $ + $Id$ */ #include "system.h" +#include +#include +#include + #include "avl_tree.h" #include "connection.h" #include "logger.h" @@ -32,9 +36,9 @@ #include "utils.h" #include "xalloc.h" -int mykeyused = 0; +bool mykeyused = false; -int send_key_changed(connection_t *c, node_t *n) +bool send_key_changed() { cp(); @@ -42,13 +46,13 @@ int send_key_changed(connection_t *c, node_t *n) This reduces unnecessary key_changed broadcasts. */ - if(n == myself && !mykeyused) - return 0; + if(!mykeyused) + return true; - return send_request(c, "%d %lx %s", KEY_CHANGED, random(), n->name); + return send_request(broadcast, "%d %lx %s", KEY_CHANGED, random(), myself->name); } -int key_changed_h(connection_t *c) +bool key_changed_h(connection_t *c) { char name[MAX_STRING_SIZE]; node_t *n; @@ -58,38 +62,39 @@ int key_changed_h(connection_t *c) if(sscanf(c->buffer, "%*d %*x " MAX_STRING, name) != 1) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", c->name, c->hostname); - return -1; + return false; } if(seen_request(c->buffer)) - return 0; + return true; n = lookup_node(name); if(!n) { logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"), "KEY_CHANGED", c->name, c->hostname, name); - return -1; + return false; } - n->status.validkey = 0; - n->status.waitingforkey = 0; + n->status.validkey = false; + n->status.waitingforkey = false; /* Tell the others */ - forward_request(c); + if(!tunnelserver) + forward_request(c); - return 0; + return true; } -int send_req_key(connection_t *c, node_t *from, node_t *to) +bool send_req_key(node_t *to) { cp(); - return send_request(c, "%d %s %s", REQ_KEY, from->name, to->name); + return send_request(to->nexthop->connection, "%d %s %s", REQ_KEY, myself->name, to->name); } -int req_key_h(connection_t *c) +bool req_key_h(connection_t *c) { char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; @@ -100,7 +105,7 @@ int req_key_h(connection_t *c) if(sscanf(c->buffer, "%*d " MAX_STRING " " MAX_STRING, from_name, to_name) != 2) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", c->name, c->hostname); - return -1; + return false; } from = lookup_node(from_name); @@ -108,7 +113,7 @@ int req_key_h(connection_t *c) if(!from) { logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "REQ_KEY", c->name, c->hostname, from_name); - return -1; + return false; } to = lookup_node(to_name); @@ -116,40 +121,62 @@ int req_key_h(connection_t *c) if(!to) { logger(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "REQ_KEY", c->name, c->hostname, to_name); - return -1; + return false; } /* Check if this key request is for us */ if(to == myself) { /* Yes, send our own key back */ - mykeyused = 1; + mykeyused = true; from->received_seqno = 0; memset(from->late, 0, sizeof(from->late)); - send_ans_key(c, myself, from); + send_ans_key(from); } else { - send_req_key(to->nexthop->connection, from, to); + if(tunnelserver) + return false; + + if(!to->status.reachable) { + logger(LOG_WARNING, _("Got %s from %s (%s) destination %s which is not reachable"), + "REQ_KEY", c->name, c->hostname, to_name); + return true; + } + + send_request(to->nexthop->connection, "%s", c->buffer); } - return 0; + return true; } -int send_ans_key(connection_t *c, node_t *from, node_t *to) +bool send_ans_key(node_t *to) { - char key[MAX_STRING_SIZE]; + char *key; cp(); - bin2hex(from->key, key, from->keylength); - key[from->keylength * 2] = '\0'; + if(!to->inkey) { + to->incipher = myself->incipher; + to->inkeylength = myself->inkeylength; + to->indigest = myself->indigest; + to->incompression = myself->incompression; + to->inkey = xmalloc(to->inkeylength); + + RAND_pseudo_bytes((unsigned char *)to->inkey, to->inkeylength); + if(to->incipher) + EVP_DecryptInit_ex(&packet_ctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len); + } + + key = alloca(2 * to->inkeylength + 1); + bin2hex(to->inkey, key, to->inkeylength); + key[to->outkeylength * 2] = '\0'; - return send_request(c, "%d %s %s %s %d %d %d %d", ANS_KEY, - from->name, to->name, key, - from->cipher ? from->cipher->nid : 0, - from->digest ? from->digest->type : 0, from->maclength, - from->compression); + return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY, + myself->name, to->name, key, + to->incipher ? to->incipher->nid : 0, + to->indigest ? to->indigest->type : 0, to->inmaclength, + to->incompression); } -int ans_key_h(connection_t *c) +bool ans_key_h(connection_t *c) { char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; @@ -164,7 +191,7 @@ int ans_key_h(connection_t *c) &compression) != 7) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", c->name, c->hostname); - return -1; + return false; } from = lookup_node(from_name); @@ -172,7 +199,7 @@ int ans_key_h(connection_t *c) if(!from) { logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "ANS_KEY", c->name, c->hostname, from_name); - return -1; + return false; } to = lookup_node(to_name); @@ -180,79 +207,94 @@ int ans_key_h(connection_t *c) if(!to) { logger(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "ANS_KEY", c->name, c->hostname, to_name); - return -1; + return false; } /* Forward it if necessary */ if(to != myself) { + if(tunnelserver) + return false; + + if(!to->status.reachable) { + logger(LOG_WARNING, _("Got %s from %s (%s) destination %s which is not reachable"), + "ANS_KEY", c->name, c->hostname, to_name); + return true; + } + return send_request(to->nexthop->connection, "%s", c->buffer); } /* Update our copy of the origin's packet key */ - if(from->key) - free(from->key); + if(from->outkey) + free(from->outkey); - from->key = xstrdup(key); - from->keylength = strlen(key) / 2; - hex2bin(from->key, from->key, from->keylength); - from->key[from->keylength] = '\0'; + from->outkey = xstrdup(key); + from->outkeylength = strlen(key) / 2; + hex2bin(from->outkey, from->outkey, from->outkeylength); + from->outkey[from->outkeylength] = '\0'; - from->status.validkey = 1; - from->status.waitingforkey = 0; + from->status.validkey = true; + from->status.waitingforkey = false; from->sent_seqno = 0; /* Check and lookup cipher and digest algorithms */ if(cipher) { - from->cipher = EVP_get_cipherbynid(cipher); + from->outcipher = EVP_get_cipherbynid(cipher); - if(!from->cipher) { + if(!from->outcipher) { logger(LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name, from->hostname); - return -1; + return false; } - if(from->keylength != from->cipher->key_len + from->cipher->iv_len) { + if(from->outkeylength != from->outcipher->key_len + from->outcipher->iv_len) { logger(LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name, from->hostname); - return -1; + return false; } } else { - from->cipher = NULL; + from->outcipher = NULL; } - from->maclength = maclength; + from->outmaclength = maclength; if(digest) { - from->digest = EVP_get_digestbynid(digest); + from->outdigest = EVP_get_digestbynid(digest); - if(!from->digest) { + if(!from->outdigest) { logger(LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name, from->hostname); - return -1; + return false; } - if(from->maclength > from->digest->md_size || from->maclength < 0) { + if(from->outmaclength > from->outdigest->md_size || from->outmaclength < 0) { logger(LOG_ERR, _("Node %s (%s) uses bogus MAC length!"), from->name, from->hostname); - return -1; + return false; } } else { - from->digest = NULL; + from->outdigest = NULL; } if(compression < 0 || compression > 11) { logger(LOG_ERR, _("Node %s (%s) uses bogus compression level!"), from->name, from->hostname); - return -1; + return false; } - from->compression = compression; + from->outcompression = compression; - EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len); + if(from->outcipher) + if(!EVP_EncryptInit_ex(&from->outctx, from->outcipher, NULL, (unsigned char *)from->outkey, (unsigned char *)from->outkey + from->outcipher->key_len)) { + logger(LOG_ERR, _("Error during initialisation of key from %s (%s): %s"), + from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL)); + return false; + } - flush_queue(from); + if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes) + send_mtu_probe(from); - return 0; + return true; }