X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_key.c;h=cd95d9c425e93f4316c83fab01aa9b6928ac4765;hp=5baa5f409b1fcaf0a7c7b197d62da60f9259636a;hb=5dde6461a321ee47b06e33f8203f2acf00a31a51;hpb=3308d13e7e3bf20cfeaf6f2ab17228a9820cea66 diff --git a/src/protocol_key.c b/src/protocol_key.c index 5baa5f40..cd95d9c4 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -13,11 +13,9 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id$ + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "system.h" @@ -38,8 +36,7 @@ bool mykeyused = false; -bool send_key_changed() -{ +bool send_key_changed() { cp(); /* Only send this message if some other daemon requested our key previously. @@ -49,11 +46,10 @@ bool send_key_changed() if(!mykeyused) return true; - return send_request(broadcast, "%d %lx %s", KEY_CHANGED, random(), myself->name); + return send_request(broadcast, "%d %x %s", KEY_CHANGED, rand(), myself->name); } -bool key_changed_h(connection_t *c) -{ +bool key_changed_h(connection_t *c) { char name[MAX_STRING_SIZE]; node_t *n; @@ -87,15 +83,13 @@ bool key_changed_h(connection_t *c) return true; } -bool send_req_key(node_t *to) -{ +bool send_req_key(node_t *to) { cp(); return send_request(to->nexthop->connection, "%d %s %s", REQ_KEY, myself->name, to->name); } -bool req_key_h(connection_t *c) -{ +bool req_key_h(connection_t *c) { char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; node_t *from, *to; @@ -127,9 +121,6 @@ bool req_key_h(connection_t *c) /* Check if this key request is for us */ if(to == myself) { /* Yes, send our own key back */ - mykeyused = true; - from->received_seqno = 0; - memset(from->late, 0, sizeof(from->late)); send_ans_key(from); } else { if(tunnelserver) @@ -147,27 +138,35 @@ bool req_key_h(connection_t *c) return true; } -bool send_ans_key(node_t *to) -{ +bool send_ans_key(node_t *to) { char *key; cp(); - if(!to->inkey) { - to->incipher = myself->incipher; - to->inkeylength = myself->inkeylength; - to->indigest = myself->indigest; - to->incompression = myself->incompression; - to->inkey = xmalloc(to->inkeylength); + // Set key parameters + to->incipher = myself->incipher; + to->inkeylength = myself->inkeylength; + to->indigest = myself->indigest; + to->inmaclength = myself->inmaclength; + to->incompression = myself->incompression; - RAND_pseudo_bytes((unsigned char *)to->inkey, to->inkeylength); - if(to->incipher) - EVP_DecryptInit_ex(&packet_ctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len); - } + // Allocate memory for key + to->inkey = xrealloc(to->inkey, to->inkeylength); + + // Create a new key + RAND_pseudo_bytes((unsigned char *)to->inkey, to->inkeylength); + if(to->incipher) + EVP_DecryptInit_ex(&to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len); + // Reset sequence number and late packet window + mykeyused = true; + to->received_seqno = 0; + memset(to->late, 0, sizeof(to->late)); + + // Convert to hexadecimal and send key = alloca(2 * to->inkeylength + 1); bin2hex(to->inkey, key, to->inkeylength); - key[to->outkeylength * 2] = '\0'; + key[to->inkeylength * 2] = '\0'; return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY, myself->name, to->name, key, @@ -176,8 +175,7 @@ bool send_ans_key(node_t *to) to->incompression); } -bool ans_key_h(connection_t *c) -{ +bool ans_key_h(connection_t *c) { char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; char key[MAX_STRING_SIZE]; @@ -226,19 +224,13 @@ bool ans_key_h(connection_t *c) } /* Update our copy of the origin's packet key */ - - if(from->outkey) - free(from->outkey); + from->outkey = xrealloc(from->outkey, strlen(key) / 2); from->outkey = xstrdup(key); from->outkeylength = strlen(key) / 2; - hex2bin(from->outkey, from->outkey, from->outkeylength); - from->outkey[from->outkeylength] = '\0'; + hex2bin(key, from->outkey, from->outkeylength); - from->status.validkey = true; from->status.waitingforkey = false; - from->sent_seqno = 0; - /* Check and lookup cipher and digest algorithms */ if(cipher) { @@ -293,6 +285,9 @@ bool ans_key_h(connection_t *c) return false; } + from->status.validkey = true; + from->sent_seqno = 0; + if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes) send_mtu_probe(from);