j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity
tinc/src/protocol_key.c

518 lines
16 KiB
C
Raw Normal View History

Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
/*
protocol_key.c -- handle the meta-protocol, key exchange
Update copyright notices, remove Ivo's email address.
2006-04-26 13:52:58 +00:00
Copyright (C) 1999-2005 Ivo Timmermans,
Use void pointers for opaque data blobs in the SPTPS code.
2014-12-24 21:15:40 +00:00
2000-2014 Guus Sliepen <guus@tinc-vpn.org>
Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
Update the address of the Free Software Foundation in all copyright headers.
2009-09-24 22:01:00 +00:00
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
*/
Big header file cleanup: everything that has to do with standard system libraries is moved to system.h.
2003-07-17 15:06:27 +00:00
#include "system.h"
Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
Use the crypto wrappers again instead of calling OpenSSL directly. This theoretically allows other cryptographic libraries to be used, and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
#include "cipher.h"
Big header file cleanup: everything that has to do with standard system libraries is moved to system.h.
2003-07-17 15:06:27 +00:00
#include "connection.h"
Merge branch 'master' into 1.1 Conflicts: doc/tincd.8.in lib/pidfile.c src/graph.c src/net.c src/net.h src/net_packet.c src/net_setup.c src/net_socket.c src/netutl.c src/node.c src/node.h src/protocol_auth.c src/protocol_key.c src/tincd.c
2009-06-05 21:03:28 +00:00
#include "crypto.h"
Big header file cleanup: everything that has to do with standard system libraries is moved to system.h.
2003-07-17 15:06:27 +00:00
#include "logger.h"
Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
#include "net.h"
#include "netutl.h"
#include "node.h"
Use PRF.
2011-07-03 13:59:49 +00:00
#include "prf.h"
Big header file cleanup: everything that has to do with standard system libraries is moved to system.h.
2003-07-17 15:06:27 +00:00
#include "protocol.h"
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
#include "sptps.h"
Big header file cleanup: everything that has to do with standard system libraries is moved to system.h.
2003-07-17 15:06:27 +00:00
#include "utils.h"
#include "xalloc.h"
Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
Use the crypto wrappers again instead of calling OpenSSL directly. This theoretically allows other cryptographic libraries to be used, and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
static bool mykeyused = false;
Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
sparse fixup: warning: non-ANSI function declaration of function '...'
2011-05-28 01:57:20 +00:00
void send_key_changed(void) {
Don't send KEY_CHANGED messages if we don't support the legacy protocol. KEY_CHANGED messages are only useful to invalidate keys for non-SPTPS nodes; SPTPS nodes use a different internal mechanism (forced KEX) for that purpose. Therefore, if we know we can't talk to legacy nodes, there's no point in sending them these messages.
2015-05-17 18:23:12 +00:00
#ifndef DISABLE_LEGACY
Rename connection_t *broadcast to everyone.
2012-02-20 16:12:48 +00:00
send_request(everyone, "%d %x %s", KEY_CHANGED, rand(), myself->name);
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
Ensure peers with a meta connection always have our key. This keeps UDP probes going, which in turn keeps NAT mappings alive.
2010-02-03 10:18:46 +00:00
/* Immediately send new keys to directly connected nodes to keep UDP mappings alive */
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
C99 extravaganza.
2012-10-07 22:35:38 +00:00
for list_each(connection_t, c, connection_list)
Remove redundant connection_t::status.active field. The only places where connection_t::status.active is modified is in ack_h() and terminate_connection(). In both cases, connection_t::edge is added and removed at the same time, and that's the only places connection_t::edge is set. Therefore, the following is true at all times: !c->status.active == !c->edge This commit removes the redundant state information by getting rid of connection_t::status.active, and using connection_t::edge instead.
2014-07-12 10:57:03 +00:00
if(c->edge && c->node && c->node->status.reachable && !c->node->status.sptps)
C99 extravaganza.
2012-10-07 22:35:38 +00:00
send_ans_key(c->node);
Don't send KEY_CHANGED messages if we don't support the legacy protocol. KEY_CHANGED messages are only useful to invalidate keys for non-SPTPS nodes; SPTPS nodes use a different internal mechanism (forced KEX) for that purpose. Therefore, if we know we can't talk to legacy nodes, there's no point in sending them these messages.
2015-05-17 18:23:12 +00:00
#endif
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
/* Force key exchange for connections using SPTPS */
if(experimental) {
C99 extravaganza.
2012-10-07 22:35:38 +00:00
for splay_each(node_t, n, node_tree)
Use a status bit to track which nodes use SPTPS.
2012-07-31 19:43:49 +00:00
if(n->status.reachable && n->status.validkey && n->status.sptps)
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
sptps_force_kex(&n->sptps);
Ensure peers with a meta connection always have our key. This keeps UDP probes going, which in turn keeps NAT mappings alive.
2010-02-03 10:18:46 +00:00
}
Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
}
Always pass request strings to other functions as const char *.
2012-05-08 14:44:15 +00:00
bool key_changed_h(connection_t *c, const char *request) {
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
char name[MAX_STRING_SIZE];
node_t *n;
Use libevent for meta socket input/output buffering.
2007-05-19 22:23:02 +00:00
if(sscanf(request, "%*d %*x " MAX_STRING, name) != 1) {
Allow log messages to be captured by tincctl. This allows tincctl to receive log messages from a running tincd, independent of what is logged to syslog or to file. Tincctl can receive debug messages with an arbitrary level.
2012-02-26 17:37:36 +00:00
logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "KEY_CHANGED",
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
c->name, c->hostname);
Use bools and enums where appropriate.
2003-07-22 20:55:21 +00:00
return false;
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
}
Use libevent for meta socket input/output buffering.
2007-05-19 22:23:02 +00:00
if(seen_request(request))
Use bools and enums where appropriate.
2003-07-22 20:55:21 +00:00
return true;
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
n = lookup_node(name);
if(!n) {
Allow log messages to be captured by tincctl. This allows tincctl to receive log messages from a running tincd, independent of what is logged to syslog or to file. Tincctl can receive debug messages with an arbitrary level.
2012-02-26 17:37:36 +00:00
logger(DEBUG_ALWAYS, LOG_ERR, "Got %s from %s (%s) origin %s which does not exist",
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
"KEY_CHANGED", c->name, c->hostname, name);
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests. When we got a key request for or from a node we don't know, we disconnected the node that forwarded us that request. However, especially in TunnelServer mode, disconnecting does not help. We now ignore such requests, but since there is no way of telling the original sender that the request was dropped, we now retry sending REQ_KEY requests when we don't get an ANS_KEY back.
2010-01-23 17:48:01 +00:00
return true;
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
}
Use a status bit to track which nodes use SPTPS.
2012-07-31 19:43:49 +00:00
if(!n->status.sptps) {
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
n->status.validkey = false;
n->last_req_key = 0;
}
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
/* Tell the others */
Replace Opaque and Strict options with a TunnelServer option.
2003-11-17 15:30:18 +00:00
if(!tunnelserver)
Use libevent for meta socket input/output buffering.
2007-05-19 22:23:02 +00:00
forward_request(c, request);
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
Use bools and enums where appropriate.
2003-07-22 20:55:21 +00:00
return true;
Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
}
Expose the raw SPTPS send interface from net_packet. net_packet doesn't actually use send_sptps_data(); it only uses send_sptps_data_priv(). In addition, the only user of send_sptps_data() is protocol_key. Therefore it makes sense to expose send_sptps_data_priv() directly, and move send_sptps_data() (which is basically just boilerplate) as a local function in protocol_key.
2015-05-09 16:54:34 +00:00
static bool send_sptps_data_myself(void *handle, uint8_t type, const void *data, size_t len) {
return send_sptps_data(handle, myself, type, data, len);
}
Use void pointers for opaque data blobs in the SPTPS code.
2014-12-24 21:15:40 +00:00
static bool send_initial_sptps_data(void *handle, uint8_t type, const void *data, size_t len) {
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
node_t *to = handle;
Expose the raw SPTPS send interface from net_packet. net_packet doesn't actually use send_sptps_data(); it only uses send_sptps_data_priv(). In addition, the only user of send_sptps_data() is protocol_key. Therefore it makes sense to expose send_sptps_data_priv() directly, and move send_sptps_data() (which is basically just boilerplate) as a local function in protocol_key.
2015-05-09 16:54:34 +00:00
to->sptps.send_data = send_sptps_data_myself;
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
char buf[len * 4 / 3 + 5];
b64encode(data, buf, len);
return send_request(to->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, to->name, REQ_KEY, buf);
}
Merge branch 'master' into 1.1 Conflicts: doc/tincd.8.in lib/pidfile.c src/graph.c src/net.c src/net.h src/net_packet.c src/net_setup.c src/net_socket.c src/netutl.c src/node.c src/node.h src/protocol_auth.c src/protocol_key.c src/tincd.c
2009-06-05 21:03:28 +00:00
bool send_req_key(node_t *to) {
Use a status bit to track which nodes use SPTPS.
2012-07-31 19:43:49 +00:00
if(to->status.sptps) {
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
if(!node_read_ecdsa_public_key(to)) {
Rename ECDSA to Ed25519.
2014-05-18 18:47:04 +00:00
logger(DEBUG_PROTOCOL, LOG_DEBUG, "No Ed25519 key known for %s (%s)", to->name, to->hostname);
Use minor protocol version to determine whether to use ECDH key exchange between nodes.
2012-07-19 23:02:51 +00:00
send_request(to->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, to->name, REQ_PUBKEY);
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
return true;
}
Fix handling of initial datagram SPTPS packet. Only the very first packet of an SPTPS session should be send with REQ_KEY, this signals the peer to abort any previous session and start a new one as well.
2012-10-14 12:33:54 +00:00
Fix whitespace.
2012-10-10 15:17:49 +00:00
char label[25 + strlen(myself->name) + strlen(to->name)];
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
snprintf(label, sizeof label, "tinc UDP key expansion %s %s", myself->name, to->name);
Clear struct sptps before reusing it.
2012-08-02 15:23:51 +00:00
sptps_stop(&to->sptps);
to->status.validkey = false;
Make datagram SPTPS key exchange more robust. Similar to old style key exchange requests, keep track of whether a key exchange is already in progress and how long it took. If no key is known yet or if key exchange takes too long, (re)start a new key exchange.
2012-10-07 11:31:19 +00:00
to->status.waitingforkey = true;
Avoid calling time(NULL). In most cases we can use the cached time.
2013-03-08 13:11:15 +00:00
to->last_req_key = now.tv_sec;
Optionally compress and/or strip Ethernet header from SPTPS packets.
2012-08-02 15:44:59 +00:00
to->incompression = myself->incompression;
Fix whitespace.
2012-10-10 15:17:49 +00:00
return sptps_start(&to->sptps, to, true, true, myself->connection->ecdsa, to->ecdsa, label, sizeof label, send_initial_sptps_data, receive_sptps_record);
Use minor protocol version to determine whether to use ECDH key exchange between nodes.
2012-07-19 23:02:51 +00:00
}
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
Use minor protocol version to determine whether to use ECDH key exchange between nodes.
2012-07-19 23:02:51 +00:00
return send_request(to->nexthop->connection, "%d %s %s", REQ_KEY, myself->name, to->name);
}
/* REQ_KEY is overloaded to allow arbitrary requests to be routed between two nodes. */
Try to use UDP to relay SPTPS packets received over TCP. Currently, when tinc receives a SPTPS packet over TCP via the REQ_KEY encapsulation mechanism, it forwards it like any other TCP request. This is inefficient, because even though we received the packet over TCP, we might have an UDP link with the next hop, which means the packet could be sent over UDP. This commit removes that limitation by making sure SPTPS data packets received through REQ_KEY requests are not forwarded as-is but passed to send_sptps_data() instead, thereby using the same code path as if the packet was received over UDP.
2015-05-09 17:09:23 +00:00
static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, node_t *to, int reqno) {
/* If this is a SPTPS packet, see if sending UDP info helps.
Note that we only do this if we're the destination or the static relay;
otherwise every hop would initiate its own UDP info message, resulting in elevated chatter. */
Rename REQ_SPTPS to SPTPS_PACKET. REQ_SPTPS implies the message has an ANS_ counterpart (like REQ_KEY, ANS_KEY), but it doesn't. Therefore dropping the REQ_ seems more appropriate, and we add a _PACKET suffix to reduce the likelihood of naming conflicts.
2015-05-10 17:05:19 +00:00
if((reqno == REQ_KEY || reqno == SPTPS_PACKET) && to->via == myself)
Try to use UDP to relay SPTPS packets received over TCP. Currently, when tinc receives a SPTPS packet over TCP via the REQ_KEY encapsulation mechanism, it forwards it like any other TCP request. This is inefficient, because even though we received the packet over TCP, we might have an UDP link with the next hop, which means the packet could be sent over UDP. This commit removes that limitation by making sure SPTPS data packets received through REQ_KEY requests are not forwarded as-is but passed to send_sptps_data() instead, thereby using the same code path as if the packet was received over UDP.
2015-05-09 17:09:23 +00:00
send_udp_info(myself, from);
Rename REQ_SPTPS to SPTPS_PACKET. REQ_SPTPS implies the message has an ANS_ counterpart (like REQ_KEY, ANS_KEY), but it doesn't. Therefore dropping the REQ_ seems more appropriate, and we add a _PACKET suffix to reduce the likelihood of naming conflicts.
2015-05-10 17:05:19 +00:00
if(reqno == SPTPS_PACKET) {
Try to use UDP to relay SPTPS packets received over TCP. Currently, when tinc receives a SPTPS packet over TCP via the REQ_KEY encapsulation mechanism, it forwards it like any other TCP request. This is inefficient, because even though we received the packet over TCP, we might have an UDP link with the next hop, which means the packet could be sent over UDP. This commit removes that limitation by making sure SPTPS data packets received through REQ_KEY requests are not forwarded as-is but passed to send_sptps_data() instead, thereby using the same code path as if the packet was received over UDP.
2015-05-09 17:09:23 +00:00
/* This is a SPTPS data packet. */
char buf[MAX_STRING_SIZE];
int len;
if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1 || !(len = b64decode(buf, buf, strlen(buf)))) {
Rename REQ_SPTPS to SPTPS_PACKET. REQ_SPTPS implies the message has an ANS_ counterpart (like REQ_KEY, ANS_KEY), but it doesn't. Therefore dropping the REQ_ seems more appropriate, and we add a _PACKET suffix to reduce the likelihood of naming conflicts.
2015-05-10 17:05:19 +00:00
logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s) to %s (%s): %s", "SPTPS_PACKET", from->name, from->hostname, to->name, to->hostname, "invalid SPTPS data");
Try to use UDP to relay SPTPS packets received over TCP. Currently, when tinc receives a SPTPS packet over TCP via the REQ_KEY encapsulation mechanism, it forwards it like any other TCP request. This is inefficient, because even though we received the packet over TCP, we might have an UDP link with the next hop, which means the packet could be sent over UDP. This commit removes that limitation by making sure SPTPS data packets received through REQ_KEY requests are not forwarded as-is but passed to send_sptps_data() instead, thereby using the same code path as if the packet was received over UDP.
2015-05-09 17:09:23 +00:00
return true;
}
if(to != myself) {
/* We don't just forward the request, because we want to use UDP if it's available. */
send_sptps_data(to, from, 0, buf, len);
try_tx(to, true);
} else {
/* The packet is for us */
Proactively restart the SPTPS tunnel if we get receive errors. There are a number of ways a SPTPS tunnel can get into a corrupt state. For example, during key regeneration, the KEX and SIG messages from other nodes might arrive out of order, which confuses the hell out of the SPTPS code. Another possible scenario is not noticing another node crashed and restarted because there was no point in time where the node was seen completely disconnected from *all* nodes; this could result in using the wrong (old) key. There are probably other scenarios which have not even been considered yet. Distributed systems are hard. When SPTPS got confused by a packet, it used to crash the entire process; fortunately that was fixed by commit 2e7f68ad2b51648b89c4b5c61aeb4cec67c2fbbb. However, the error handling (or lack thereof) leaves a lot to be desired. Currently, when SPTPS encounters an error when receiving a packet, it just shrugs it off and continues as if nothing happened. The problem is, sometimes getting receive errors mean the tunnel is completely stuck and will not recover on its own. In that case, the node will become unreachable - possibly indefinitely. The goal of this commit is to improve SPTPS error handling by taking proactive action when an incoming packet triggers a failure, which is often an indicator that the tunnel is stuck in some way. When that happens, we simply restart SPTPS entirely, which should make the tunnel recover quickly. To prevent "storms" where two buggy nodes flood each other with invalid packets and therefore spend all their time negotiating new tunnels, we limit the frequency at which tunnel restarts happen to ten seconds. It is likely this commit will solve the "Invalid KEX record length during key regeneration" issue that has been seen in the wild. It is difficult to be sure though because we do not have a full understanding of all the possible conditions that can trigger this problem.
2015-05-17 17:50:11 +00:00
if(!sptps_receive_data(&from->sptps, buf, len)) {
/* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
so let's restart SPTPS in case that helps. But don't do that too often
to prevent storms. */
if(from->last_req_key < now.tv_sec - 10) {
logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
send_req_key(from);
}
Try to use UDP to relay SPTPS packets received over TCP. Currently, when tinc receives a SPTPS packet over TCP via the REQ_KEY encapsulation mechanism, it forwards it like any other TCP request. This is inefficient, because even though we received the packet over TCP, we might have an UDP link with the next hop, which means the packet could be sent over UDP. This commit removes that limitation by making sure SPTPS data packets received through REQ_KEY requests are not forwarded as-is but passed to send_sptps_data() instead, thereby using the same code path as if the packet was received over UDP.
2015-05-09 17:09:23 +00:00
return true;
}
send_mtu_info(myself, from, MTU);
}
return true;
}
/* Requests that are not SPTPS data packets are forwarded as-is. */
if (to != myself)
return send_request(to->nexthop->connection, "%s", request);
/* The request is for us */
Use minor protocol version to determine whether to use ECDH key exchange between nodes.
2012-07-19 23:02:51 +00:00
switch(reqno) {
case REQ_PUBKEY: {
Preemptively mirror REQ_PUBKEY messages from nodes with unknown keys. In this commit, if a node receives a REQ_PUBKEY message from a node it doesn't have the key for, it will send a REQ_PUBKEY message in return *before* sending its own key. The rationale is to prevent delays when establishing communication between two nodes that see each other for the first time. These delays are caused by the first SPTPS packet being dropped on the floor, as shown in the following typical exchange: node1: No Ed25519 key known for node2 REQ_PUBKEY -> <- ANS_PUBKEY node1: Learned Ed25519 public key from node2 REQ_SPTPS_START -> node2: No Ed25519 key known for zyklos <- REQ_PUBKEY ANS_PUBKEY -> node2: Learned Ed25519 public key from node1 -- 10-second delay -- node1: No key from node2 after 10 seconds, restarting SPTPS REQ_SPTPS_START -> <- SPTPS -> node1: SPTPS key exchange with node2 succesful node2: SPTPS key exchange with node1 succesful With this patch, the following happens instead: node1: No Ed25519 key known for node2 REQ_PUBKEY -> node2: Preemptively requesting Ed25519 key for node1 <- REQ_PUBKEY <- ANS_PUBKEY ANS_PUBKEY -> node2: Learned Ed25519 public key from node1 node1: Learned Ed25519 public key from node2 REQ_SPTPS_START -> <- SPTPS -> node1: SPTPS key exchange with node2 succesful node2: SPTPS key exchange with node1 succesful
2014-09-21 09:38:41 +00:00
if(!node_read_ecdsa_public_key(from)) {
/* Request their key *before* we send our key back. Otherwise the first SPTPS packet from them will get dropped. */
logger(DEBUG_PROTOCOL, LOG_DEBUG, "Preemptively requesting Ed25519 key for %s (%s)", from->name, from->hostname);
send_request(from->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, from->name, REQ_PUBKEY);
}
Use conditional compilation for cryptographic functions. This gets rid of the rest of the symbolic links. However, as a consequence, the crypto header files have now moved to src/, and can no longer contain library-specific declarations. Therefore, cipher_t, digest_t, ecdh_t, ecdsa_t and rsa_t are now all opaque types, and only pointers to those types can be used.
2013-05-01 15:17:22 +00:00
char *pubkey = ecdsa_get_base64_public_key(myself->connection->ecdsa);
Use minor protocol version to determine whether to use ECDH key exchange between nodes.
2012-07-19 23:02:51 +00:00
send_request(from->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, from->name, ANS_PUBKEY, pubkey);
free(pubkey);
return true;
}
case ANS_PUBKEY: {
if(node_read_ecdsa_public_key(from)) {
Remove some debugging messages.
2012-09-28 15:51:48 +00:00
logger(DEBUG_PROTOCOL, LOG_WARNING, "Got ANS_PUBKEY from %s (%s) even though we already have his pubkey", from->name, from->hostname);
Use minor protocol version to determine whether to use ECDH key exchange between nodes.
2012-07-19 23:02:51 +00:00
return true;
}
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
char pubkey[MAX_STRING_SIZE];
Use conditional compilation for cryptographic functions. This gets rid of the rest of the symbolic links. However, as a consequence, the crypto header files have now moved to src/, and can no longer contain library-specific declarations. Therefore, cipher_t, digest_t, ecdh_t, ecdsa_t and rsa_t are now all opaque types, and only pointers to those types can be used.
2013-05-01 15:17:22 +00:00
if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, pubkey) != 1 || !(from->ecdsa = ecdsa_set_base64_public_key(pubkey))) {
Use minor protocol version to determine whether to use ECDH key exchange between nodes.
2012-07-19 23:02:51 +00:00
logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "ANS_PUBKEY", from->name, from->hostname, "invalid pubkey");
return true;
}
Rename ECDSA to Ed25519.
2014-05-18 18:47:04 +00:00
logger(DEBUG_PROTOCOL, LOG_INFO, "Learned Ed25519 public key from %s (%s)", from->name, from->hostname);
append_config_file(from->name, "Ed25519PublicKey", pubkey);
Use minor protocol version to determine whether to use ECDH key exchange between nodes.
2012-07-19 23:02:51 +00:00
return true;
}
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
case REQ_KEY: {
if(!node_read_ecdsa_public_key(from)) {
Rename ECDSA to Ed25519.
2014-05-18 18:47:04 +00:00
logger(DEBUG_PROTOCOL, LOG_DEBUG, "No Ed25519 key known for %s (%s)", from->name, from->hostname);
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
send_request(from->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, from->name, REQ_PUBKEY);
return true;
}
Fix handling of initial datagram SPTPS packet. Only the very first packet of an SPTPS session should be send with REQ_KEY, this signals the peer to abort any previous session and start a new one as well.
2012-10-14 12:33:54 +00:00
if(from->sptps.label)
logger(DEBUG_ALWAYS, LOG_DEBUG, "Got REQ_KEY from %s while we already started a SPTPS session!", from->name);
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
char buf[MAX_STRING_SIZE];
Improve base64 encoding/decoding, add URL-safe variant. b64decode() now returns length 0 when an invalid character was encountered.
2013-05-28 11:39:15 +00:00
int len;
if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, buf) != 1 || !(len = b64decode(buf, buf, strlen(buf)))) {
Fix handling of initial datagram SPTPS packet. Only the very first packet of an SPTPS session should be send with REQ_KEY, this signals the peer to abort any previous session and start a new one as well.
2012-10-14 12:33:54 +00:00
logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_SPTPS_START", from->name, from->hostname, "invalid SPTPS data");
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
return true;
}
char label[25 + strlen(from->name) + strlen(myself->name)];
snprintf(label, sizeof label, "tinc UDP key expansion %s %s", from->name, myself->name);
Clear struct sptps before reusing it.
2012-08-02 15:23:51 +00:00
sptps_stop(&from->sptps);
from->status.validkey = false;
Make datagram SPTPS key exchange more robust. Similar to old style key exchange requests, keep track of whether a key exchange is already in progress and how long it took. If no key is known yet or if key exchange takes too long, (re)start a new key exchange.
2012-10-07 11:31:19 +00:00
from->status.waitingforkey = true;
Avoid calling time(NULL). In most cases we can use the cached time.
2013-03-08 13:11:15 +00:00
from->last_req_key = now.tv_sec;
Expose the raw SPTPS send interface from net_packet. net_packet doesn't actually use send_sptps_data(); it only uses send_sptps_data_priv(). In addition, the only user of send_sptps_data() is protocol_key. Therefore it makes sense to expose send_sptps_data_priv() directly, and move send_sptps_data() (which is basically just boilerplate) as a local function in protocol_key.
2015-05-09 16:54:34 +00:00
sptps_start(&from->sptps, from, false, true, myself->connection->ecdsa, from->ecdsa, label, sizeof label, send_sptps_data_myself, receive_sptps_record);
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
sptps_receive_data(&from->sptps, buf, len);
Add MTU_INFO protocol message. In this commit, nodes use MTU_INFO messages to provide MTU information. The issue this code is meant to address is the non-trivial problem of finding the proper MTU when UDP SPTPS relays are involved. Currently, tinc has no idea what the MTU looks like beyond the first relay, and will arbitrarily use the first relay's MTU as the limit. This will fail miserably if the MTU decreases after the first relay, forcing relays to fall back to TCP. More generally, one should keep in mind that relay paths can be arbitrarily complex, resulting in packets taking "epic journeys" through the graph, switching back and forth between UDP (with variable MTUs) and TCP multiple times along the path. A solution that was considered consists in sending standard MTU probes through the relays. This is inefficient (if there are 3 nodes on one side of relay and 3 nodes on the other side, we end up with 3*3=9 MTU discoveries taking place at the same time, while technically only 3+3=6 are needed) and would involve eyebrow-raising behaviors such as probes being sent over TCP. This commit implements an alternative solution, which consists in the packet receiver sending MTU_INFO messages to the packet sender. The message contains an MTU value which is set to maximum when the message is originally sent. The message gets altered as it travels through the metagraph, such that when the message arrives to the destination, the MTU value contained in the message can be used to send packets while making sure no relays will be forced to fall back to TCP to deliver them. The operating principles behind such a protocol message are similar to how the UDP_INFO message works, but there is a key difference that prevents us from simply reusing the same message: the UDP_INFO message only cares about relay-to-relay links (i.e. it is sent between static relays and the information it contains only makes sense between two adjacent static relays), while the MTU_INFO cares about the end-to-end MTU, including the entire relay path. Therefore, UDP_INFO messages stop when they encounter static relays, while MTU_INFO messages don't stop until they get to the original packet sender. Note that, technically, the MTU that is obtained through this mechanism can be slightly pessimistic, because it can be lowered by an intermediate node that is not being used as a relay. Since nodes have no way of knowing whether they'll be used as dynamic relays or not (and have no say in the matter), this is not a trivial problem. That said, this is highly unlikely to result in noticeable issues in realistic scenarios.
2015-03-08 18:54:50 +00:00
send_mtu_info(myself, from, MTU);
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
return true;
}
Use minor protocol version to determine whether to use ECDH key exchange between nodes.
2012-07-19 23:02:51 +00:00
default:
logger(DEBUG_ALWAYS, LOG_ERR, "Unknown extended REQ_KEY request from %s (%s): %s", from->name, from->hostname, request);
return true;
}
Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
}
Always pass request strings to other functions as const char *.
2012-05-08 14:44:15 +00:00
bool req_key_h(connection_t *c, const char *request) {
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
char from_name[MAX_STRING_SIZE];
char to_name[MAX_STRING_SIZE];
node_t *from, *to;
Use minor protocol version to determine whether to use ECDH key exchange between nodes.
2012-07-19 23:02:51 +00:00
int reqno = 0;
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
Use minor protocol version to determine whether to use ECDH key exchange between nodes.
2012-07-19 23:02:51 +00:00
if(sscanf(request, "%*d " MAX_STRING " " MAX_STRING " %d", from_name, to_name, &reqno) < 2) {
Allow log messages to be captured by tincctl. This allows tincctl to receive log messages from a running tincd, independent of what is logged to syslog or to file. Tincctl can receive debug messages with an arbitrary level.
2012-02-26 17:37:36 +00:00
logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "REQ_KEY", c->name,
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
c->hostname);
Use bools and enums where appropriate.
2003-07-22 20:55:21 +00:00
return false;
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
}
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests. When we got a key request for or from a node we don't know, we disconnected the node that forwarded us that request. However, especially in TunnelServer mode, disconnecting does not help. We now ignore such requests, but since there is no way of telling the original sender that the request was dropped, we now retry sending REQ_KEY requests when we don't get an ANS_KEY back.
2010-01-23 17:48:01 +00:00
if(!check_id(from_name) || !check_id(to_name)) {
Allow log messages to be captured by tincctl. This allows tincctl to receive log messages from a running tincd, independent of what is logged to syslog or to file. Tincctl can receive debug messages with an arbitrary level.
2012-02-26 17:37:36 +00:00
logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "REQ_KEY", c->name, c->hostname, "invalid name");
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests. When we got a key request for or from a node we don't know, we disconnected the node that forwarded us that request. However, especially in TunnelServer mode, disconnecting does not help. We now ignore such requests, but since there is no way of telling the original sender that the request was dropped, we now retry sending REQ_KEY requests when we don't get an ANS_KEY back.
2010-01-23 17:48:01 +00:00
return false;
}
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
from = lookup_node(from_name);
if(!from) {
Allow log messages to be captured by tincctl. This allows tincctl to receive log messages from a running tincd, independent of what is logged to syslog or to file. Tincctl can receive debug messages with an arbitrary level.
2012-02-26 17:37:36 +00:00
logger(DEBUG_ALWAYS, LOG_ERR, "Got %s from %s (%s) origin %s which does not exist in our connection list",
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
"REQ_KEY", c->name, c->hostname, from_name);
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests. When we got a key request for or from a node we don't know, we disconnected the node that forwarded us that request. However, especially in TunnelServer mode, disconnecting does not help. We now ignore such requests, but since there is no way of telling the original sender that the request was dropped, we now retry sending REQ_KEY requests when we don't get an ANS_KEY back.
2010-01-23 17:48:01 +00:00
return true;
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
}
to = lookup_node(to_name);
if(!to) {
Allow log messages to be captured by tincctl. This allows tincctl to receive log messages from a running tincd, independent of what is logged to syslog or to file. Tincctl can receive debug messages with an arbitrary level.
2012-02-26 17:37:36 +00:00
logger(DEBUG_ALWAYS, LOG_ERR, "Got %s from %s (%s) destination %s which does not exist in our connection list",
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
"REQ_KEY", c->name, c->hostname, to_name);
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests. When we got a key request for or from a node we don't know, we disconnected the node that forwarded us that request. However, especially in TunnelServer mode, disconnecting does not help. We now ignore such requests, but since there is no way of telling the original sender that the request was dropped, we now retry sending REQ_KEY requests when we don't get an ANS_KEY back.
2010-01-23 17:48:01 +00:00
return true;
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
}
/* Check if this key request is for us */
Fix whitespace.
2012-10-10 15:17:49 +00:00
if(to == myself) { /* Yes */
Use a status bit to track which nodes use SPTPS.
2012-07-31 19:43:49 +00:00
/* Is this an extended REQ_KEY message? */
Use minor protocol version to determine whether to use ECDH key exchange between nodes.
2012-07-19 23:02:51 +00:00
if(experimental && reqno)
Try to use UDP to relay SPTPS packets received over TCP. Currently, when tinc receives a SPTPS packet over TCP via the REQ_KEY encapsulation mechanism, it forwards it like any other TCP request. This is inefficient, because even though we received the packet over TCP, we might have an UDP link with the next hop, which means the packet could be sent over UDP. This commit removes that limitation by making sure SPTPS data packets received through REQ_KEY requests are not forwarded as-is but passed to send_sptps_data() instead, thereby using the same code path as if the packet was received over UDP.
2015-05-09 17:09:23 +00:00
return req_key_ext_h(c, request, from, to, reqno);
Use minor protocol version to determine whether to use ECDH key exchange between nodes.
2012-07-19 23:02:51 +00:00
Use a status bit to track which nodes use SPTPS.
2012-07-31 19:43:49 +00:00
/* No, just send our key back */
Handle UDP packets from different and ports than advertised. Previously, tinc used a fixed address and port for each node for UDP packet exchange. The port was the one advertised by that node as its listening port. However, due to NAT the port might be different. Now, tinc sends a different session key to each node. This way, the sending node can be determined from incoming packets by checking the MAC against all session keys. If a match is found, the address and port for that node are updated.
2009-04-02 23:05:23 +00:00
send_ans_key(from);
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
} else {
Replace Opaque and Strict options with a TunnelServer option.
2003-11-17 15:30:18 +00:00
if(tunnelserver)
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests. When we got a key request for or from a node we don't know, we disconnected the node that forwarded us that request. However, especially in TunnelServer mode, disconnecting does not help. We now ignore such requests, but since there is no way of telling the original sender that the request was dropped, we now retry sending REQ_KEY requests when we don't get an ANS_KEY back.
2010-01-23 17:48:01 +00:00
return true;
Replace Opaque and Strict options with a TunnelServer option.
2003-11-17 15:30:18 +00:00
Backport fixes from trunk since revision 1555.
2008-12-11 15:21:40 +00:00
if(!to->status.reachable) {
Remove some debugging messages.
2012-09-28 15:51:48 +00:00
logger(DEBUG_PROTOCOL, LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable",
Backport fixes from trunk since revision 1555.
2008-12-11 15:21:40 +00:00
"REQ_KEY", c->name, c->hostname, to_name);
return true;
}
Try to use UDP to relay SPTPS packets received over TCP. Currently, when tinc receives a SPTPS packet over TCP via the REQ_KEY encapsulation mechanism, it forwards it like any other TCP request. This is inefficient, because even though we received the packet over TCP, we might have an UDP link with the next hop, which means the packet could be sent over UDP. This commit removes that limitation by making sure SPTPS data packets received through REQ_KEY requests are not forwarded as-is but passed to send_sptps_data() instead, thereby using the same code path as if the packet was received over UDP.
2015-05-09 17:09:23 +00:00
/* Is this an extended REQ_KEY message? */
if(experimental && reqno)
return req_key_ext_h(c, request, from, to, reqno);
Merge branch 'master' into 1.1 Conflicts: doc/tincd.8.in lib/pidfile.c src/graph.c src/net.c src/net.h src/net_packet.c src/net_setup.c src/net_socket.c src/netutl.c src/node.c src/node.h src/protocol_auth.c src/protocol_key.c src/tincd.c
2009-06-05 21:03:28 +00:00
send_request(to->nexthop->connection, "%s", request);
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
}
Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
Use bools and enums where appropriate.
2003-07-22 20:55:21 +00:00
return true;
Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
}
Merge branch 'master' into 1.1 Conflicts: doc/tincd.8.in lib/pidfile.c src/graph.c src/net.c src/net.h src/net_packet.c src/net_setup.c src/net_socket.c src/netutl.c src/node.c src/node.h src/protocol_auth.c src/protocol_key.c src/tincd.c
2009-06-05 21:03:28 +00:00
bool send_ans_key(node_t *to) {
Use a status bit to track which nodes use SPTPS.
2012-07-31 19:43:49 +00:00
if(to->status.sptps)
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
abort();
Support ECDH key exchange. REQ_KEY requests have an extra field indicating key exchange version. If it is present and > 0, the sender supports ECDH. If the receiver also does, then it will generate a new keypair and sends the public key in a ANS_KEY request with "ECDH:" prefixed. The ans_key_h() function will compute the shared secret, which, at the moment,is used as is to set the cipher and HMAC keys. However, this must be changed to use a proper KDF. In the future, the ECDH key exchange must also be signed.
2011-07-03 11:17:28 +00:00
Allow tinc to be compiled without OpenSSL. The option "--disable-legacy-protocol" was added to the configure script. The new protocol does not depend on any external crypto libraries, so when the option is used tinc is no longer linked to OpenSSL's libcrypto.
2014-12-29 21:57:18 +00:00
#ifdef DISABLE_LEGACY
return false;
#else
Allow Cipher and Digest "none". This is for backwards compatibility with tinc 1.0, it has no effect on the SPTPS protocol.
2014-05-18 19:51:42 +00:00
size_t keylen = myself->incipher ? cipher_keylength(myself->incipher) : 1;
Use the crypto wrappers again instead of calling OpenSSL directly. This theoretically allows other cryptographic libraries to be used, and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
char key[keylen * 2 + 1];
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
Allow Cipher and Digest "none". This is for backwards compatibility with tinc 1.0, it has no effect on the SPTPS protocol.
2014-05-18 19:51:42 +00:00
randomize(key, keylen);
Use conditional compilation for cryptographic functions. This gets rid of the rest of the symbolic links. However, as a consequence, the crypto header files have now moved to src/, and can no longer contain library-specific declarations. Therefore, cipher_t, digest_t, ecdh_t, ecdsa_t and rsa_t are now all opaque types, and only pointers to those types can be used.
2013-05-01 15:17:22 +00:00
cipher_close(to->incipher);
digest_close(to->indigest);
Fix memory leaks found by valgrind.
2012-10-09 14:27:28 +00:00
Allow Cipher and Digest "none". This is for backwards compatibility with tinc 1.0, it has no effect on the SPTPS protocol.
2014-05-18 19:51:42 +00:00
if(myself->incipher) {
to->incipher = cipher_open_by_nid(cipher_get_nid(myself->incipher));
if(!to->incipher)
abort();
if(!cipher_set_key(to->incipher, key, false))
abort();
}
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
Allow Cipher and Digest "none". This is for backwards compatibility with tinc 1.0, it has no effect on the SPTPS protocol.
2014-05-18 19:51:42 +00:00
if(myself->indigest) {
to->indigest = digest_open_by_nid(digest_get_nid(myself->indigest), digest_length(myself->indigest));
if(!to->indigest)
abort();
if(!digest_set_key(to->indigest, key, keylen))
abort();
}
Use conditional compilation for cryptographic functions. This gets rid of the rest of the symbolic links. However, as a consequence, the crypto header files have now moved to src/, and can no longer contain library-specific declarations. Therefore, cipher_t, digest_t, ecdh_t, ecdsa_t and rsa_t are now all opaque types, and only pointers to those types can be used.
2013-05-01 15:17:22 +00:00
Allow Cipher and Digest "none". This is for backwards compatibility with tinc 1.0, it has no effect on the SPTPS protocol.
2014-05-18 19:51:42 +00:00
to->incompression = myself->incompression;
Fix initialisation of packet decryption context broken by commit 3308d13e7e3bf20cfeaf6f2ab17228a9820cea66. Instead of a single, global decryption context, each node has its own context. However, in send_ans_key(), the global context was initialised. This commit fixes that and removes the global context completely. Also only set status.validkey after all checks have been evaluated.
2009-05-24 17:31:31 +00:00
Use the crypto wrappers again instead of calling OpenSSL directly. This theoretically allows other cryptographic libraries to be used, and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
bin2hex(key, key, keylen);
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
Fix initialisation of packet decryption context broken by commit 3308d13e7e3bf20cfeaf6f2ab17228a9820cea66. Instead of a single, global decryption context, each node has its own context. However, in send_ans_key(), the global context was initialised. This commit fixes that and removes the global context completely. Also only set status.validkey after all checks have been evaluated.
2009-05-24 17:31:31 +00:00
// Reset sequence number and late packet window
mykeyused = true;
to->received_seqno = 0;
Count the number of correctly received UDP packets. Keep track of the number of correct, non-replayed UDP packets that have been received, regardless of their content. This can be compared to the sequence number to determine the real packet loss.
2013-01-15 12:33:16 +00:00
to->received = 0;
Configurable ReplayWindow size, zero disables
2010-11-13 18:05:50 +00:00
if(replaywin) memset(to->late, 0, replaywin);
Handle UDP packets from different and ports than advertised. Previously, tinc used a fixed address and port for each node for UDP packet exchange. The port was the one advertised by that node as its listening port. However, due to NAT the port might be different. Now, tinc sends a different session key to each node. This way, the sending node can be determined from incoming packets by checking the MAC against all session keys. If a match is found, the address and port for that node are updated.
2009-04-02 23:05:23 +00:00
Remember whether we sent our key to another node. In tinc 1.0.x, this was tracked in node->inkey, however in tinc 1.1 we have an abstraction layer for the legacy cipher and digest, and we don't keep an explicit copy of the key around. We cannot use cipher_active() or digest_active(), since it is possible to set both to the null algorithm. So add a bit to node_status_t.
2015-01-10 21:26:33 +00:00
to->status.validkey_in = true;
Make sure tinc compiles on Windows.
2012-07-21 10:51:53 +00:00
return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
Merge branch 'master' into 1.1 Conflicts: doc/tincd.8.in lib/pidfile.c src/graph.c src/net.c src/net.h src/net_packet.c src/net_setup.c src/net_socket.c src/netutl.c src/node.c src/node.h src/protocol_auth.c src/protocol_key.c src/tincd.c
2009-06-05 21:03:28 +00:00
myself->name, to->name, key,
Use conditional compilation for cryptographic functions. This gets rid of the rest of the symbolic links. However, as a consequence, the crypto header files have now moved to src/, and can no longer contain library-specific declarations. Therefore, cipher_t, digest_t, ecdh_t, ecdsa_t and rsa_t are now all opaque types, and only pointers to those types can be used.
2013-05-01 15:17:22 +00:00
cipher_get_nid(to->incipher),
digest_get_nid(to->indigest),
(int)digest_length(to->indigest),
Merge branch 'master' into 1.1 Conflicts: doc/tincd.8.in lib/pidfile.c src/graph.c src/net.c src/net.h src/net_packet.c src/net_setup.c src/net_socket.c src/netutl.c src/node.c src/node.h src/protocol_auth.c src/protocol_key.c src/tincd.c
2009-06-05 21:03:28 +00:00
to->incompression);
Allow tinc to be compiled without OpenSSL. The option "--disable-legacy-protocol" was added to the configure script. The new protocol does not depend on any external crypto libraries, so when the option is used tinc is no longer linked to OpenSSL's libcrypto.
2014-12-29 21:57:18 +00:00
#endif
Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
}
Always pass request strings to other functions as const char *.
2012-05-08 14:44:15 +00:00
bool ans_key_h(connection_t *c, const char *request) {
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
char from_name[MAX_STRING_SIZE];
char to_name[MAX_STRING_SIZE];
char key[MAX_STRING_SIZE];
Fix whitespace.
2012-10-10 15:17:49 +00:00
char address[MAX_STRING_SIZE] = "";
char port[MAX_STRING_SIZE] = "";
Fix packet authentication. This wasn't working at all, since we didn't do HMAC but just a plain hash. Also, verification of packets failed because it was checking the whole packet, not the packet minus the HMAC.
2009-12-18 00:15:25 +00:00
int cipher, digest, maclength, compression, keylen;
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
node_t *from, *to;
Fix compiler warnings.
2011-07-13 20:52:52 +00:00
if(sscanf(request, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d "MAX_STRING" "MAX_STRING,
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
from_name, to_name, key, &cipher, &digest, &maclength,
Determine peer's reflexive address and port when exchanging keys. To help peers that are behind NAT connect to each other directly via UDP, they need to know the exact external address and port that they use. Keys exchanged between NATted peers necessarily go via a third node, which knows this address and port, and can append this information to the keys, which is in turned used by the peers. Since PMTU discovery will immediately trigger UDP communication from both sides to each other, this should allow direct communication between peers behind full, address-restricted and port-restricted cone NAT.
2010-02-01 23:51:44 +00:00
&compression, address, port) < 7) {
Allow log messages to be captured by tincctl. This allows tincctl to receive log messages from a running tincd, independent of what is logged to syslog or to file. Tincctl can receive debug messages with an arbitrary level.
2012-02-26 17:37:36 +00:00
logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "ANS_KEY", c->name,
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
c->hostname);
Use bools and enums where appropriate.
2003-07-22 20:55:21 +00:00
return false;
Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
}
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests. When we got a key request for or from a node we don't know, we disconnected the node that forwarded us that request. However, especially in TunnelServer mode, disconnecting does not help. We now ignore such requests, but since there is no way of telling the original sender that the request was dropped, we now retry sending REQ_KEY requests when we don't get an ANS_KEY back.
2010-01-23 17:48:01 +00:00
if(!check_id(from_name) || !check_id(to_name)) {
Allow log messages to be captured by tincctl. This allows tincctl to receive log messages from a running tincd, independent of what is logged to syslog or to file. Tincctl can receive debug messages with an arbitrary level.
2012-02-26 17:37:36 +00:00
logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "ANS_KEY", c->name, c->hostname, "invalid name");
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests. When we got a key request for or from a node we don't know, we disconnected the node that forwarded us that request. However, especially in TunnelServer mode, disconnecting does not help. We now ignore such requests, but since there is no way of telling the original sender that the request was dropped, we now retry sending REQ_KEY requests when we don't get an ANS_KEY back.
2010-01-23 17:48:01 +00:00
return false;
}
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
from = lookup_node(from_name);
if(!from) {
Allow log messages to be captured by tincctl. This allows tincctl to receive log messages from a running tincd, independent of what is logged to syslog or to file. Tincctl can receive debug messages with an arbitrary level.
2012-02-26 17:37:36 +00:00
logger(DEBUG_ALWAYS, LOG_ERR, "Got %s from %s (%s) origin %s which does not exist in our connection list",
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
"ANS_KEY", c->name, c->hostname, from_name);
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests. When we got a key request for or from a node we don't know, we disconnected the node that forwarded us that request. However, especially in TunnelServer mode, disconnecting does not help. We now ignore such requests, but since there is no way of telling the original sender that the request was dropped, we now retry sending REQ_KEY requests when we don't get an ANS_KEY back.
2010-01-23 17:48:01 +00:00
return true;
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
}
to = lookup_node(to_name);
if(!to) {
Allow log messages to be captured by tincctl. This allows tincctl to receive log messages from a running tincd, independent of what is logged to syslog or to file. Tincctl can receive debug messages with an arbitrary level.
2012-02-26 17:37:36 +00:00
logger(DEBUG_ALWAYS, LOG_ERR, "Got %s from %s (%s) destination %s which does not exist in our connection list",
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
"ANS_KEY", c->name, c->hostname, to_name);
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests. When we got a key request for or from a node we don't know, we disconnected the node that forwarded us that request. However, especially in TunnelServer mode, disconnecting does not help. We now ignore such requests, but since there is no way of telling the original sender that the request was dropped, we now retry sending REQ_KEY requests when we don't get an ANS_KEY back.
2010-01-23 17:48:01 +00:00
return true;
Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
}
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
/* Forward it if necessary */
if(to != myself) {
Replace Opaque and Strict options with a TunnelServer option.
2003-11-17 15:30:18 +00:00
if(tunnelserver)
Be liberal in accepting KEY_CHANGED/REQ_KEY/ANS_KEY requests. When we got a key request for or from a node we don't know, we disconnected the node that forwarded us that request. However, especially in TunnelServer mode, disconnecting does not help. We now ignore such requests, but since there is no way of telling the original sender that the request was dropped, we now retry sending REQ_KEY requests when we don't get an ANS_KEY back.
2010-01-23 17:48:01 +00:00
return true;
Replace Opaque and Strict options with a TunnelServer option.
2003-11-17 15:30:18 +00:00
Backport fixes from trunk since revision 1555.
2008-12-11 15:21:40 +00:00
if(!to->status.reachable) {
Allow log messages to be captured by tincctl. This allows tincctl to receive log messages from a running tincd, independent of what is logged to syslog or to file. Tincctl can receive debug messages with an arbitrary level.
2012-02-26 17:37:36 +00:00
logger(DEBUG_ALWAYS, LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable",
Backport fixes from trunk since revision 1555.
2008-12-11 15:21:40 +00:00
"ANS_KEY", c->name, c->hostname, to_name);
return true;
}
Do not append an address to ANS_KEY messages if we don't know any address. This would let tinc raise an exception when an ANS_KEY request crossed a DEL_EDGE request for the node sending the key.
2010-06-04 14:03:19 +00:00
if(!*address && from->address.sa.sa_family != AF_UNSPEC) {
Fix merge of commit 4a0b9981513059755b9fd15b38fc198f46a0d6f2.
2010-04-17 10:33:15 +00:00
char *address, *port;
Allow log messages to be captured by tincctl. This allows tincctl to receive log messages from a running tincd, independent of what is logged to syslog or to file. Tincctl can receive debug messages with an arbitrary level.
2012-02-26 17:37:36 +00:00
logger(DEBUG_PROTOCOL, LOG_DEBUG, "Appending reflexive UDP address to ANS_KEY from %s to %s", from->name, to->name);
Fix merge of commit 4a0b9981513059755b9fd15b38fc198f46a0d6f2.
2010-04-17 10:33:15 +00:00
sockaddr2str(&from->address, &address, &port);
send_request(to->nexthop->connection, "%s %s %s", request, address, port);
free(address);
free(port);
return true;
}
Use libevent for meta socket input/output buffering.
2007-05-19 22:23:02 +00:00
return send_request(to->nexthop->connection, "%s", request);
Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
}
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
Allow tinc to be compiled without OpenSSL. The option "--disable-legacy-protocol" was added to the configure script. The new protocol does not depend on any external crypto libraries, so when the option is used tinc is no longer linked to OpenSSL's libcrypto.
2014-12-29 21:57:18 +00:00
#ifndef DISABLE_LEGACY
Add strict checks to hex to binary conversions. The main goal is to catch misuse of the obsolete PrivateKey and PublicKey statements.
2012-09-30 11:45:47 +00:00
/* Don't use key material until every check has passed. */
Use conditional compilation for cryptographic functions. This gets rid of the rest of the symbolic links. However, as a consequence, the crypto header files have now moved to src/, and can no longer contain library-specific declarations. Therefore, cipher_t, digest_t, ecdh_t, ecdsa_t and rsa_t are now all opaque types, and only pointers to those types can be used.
2013-05-01 15:17:22 +00:00
cipher_close(from->outcipher);
digest_close(from->outdigest);
Allow tinc to be compiled without OpenSSL. The option "--disable-legacy-protocol" was added to the configure script. The new protocol does not depend on any external crypto libraries, so when the option is used tinc is no longer linked to OpenSSL's libcrypto.
2014-12-29 21:57:18 +00:00
#endif
Add strict checks to hex to binary conversions. The main goal is to catch misuse of the obsolete PrivateKey and PublicKey statements.
2012-09-30 11:45:47 +00:00
from->status.validkey = false;
Optionally compress and/or strip Ethernet header from SPTPS packets.
2012-08-02 15:44:59 +00:00
if(compression < 0 || compression > 11) {
logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses bogus compression level!", from->name, from->hostname);
return true;
}
from->outcompression = compression;
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
/* SPTPS or old-style key exchange? */
Use a status bit to track which nodes use SPTPS.
2012-07-31 19:43:49 +00:00
if(from->status.sptps) {
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
char buf[strlen(key)];
int len = b64decode(key, buf, strlen(key));
Proactively restart the SPTPS tunnel if we get receive errors. There are a number of ways a SPTPS tunnel can get into a corrupt state. For example, during key regeneration, the KEX and SIG messages from other nodes might arrive out of order, which confuses the hell out of the SPTPS code. Another possible scenario is not noticing another node crashed and restarted because there was no point in time where the node was seen completely disconnected from *all* nodes; this could result in using the wrong (old) key. There are probably other scenarios which have not even been considered yet. Distributed systems are hard. When SPTPS got confused by a packet, it used to crash the entire process; fortunately that was fixed by commit 2e7f68ad2b51648b89c4b5c61aeb4cec67c2fbbb. However, the error handling (or lack thereof) leaves a lot to be desired. Currently, when SPTPS encounters an error when receiving a packet, it just shrugs it off and continues as if nothing happened. The problem is, sometimes getting receive errors mean the tunnel is completely stuck and will not recover on its own. In that case, the node will become unreachable - possibly indefinitely. The goal of this commit is to improve SPTPS error handling by taking proactive action when an incoming packet triggers a failure, which is often an indicator that the tunnel is stuck in some way. When that happens, we simply restart SPTPS entirely, which should make the tunnel recover quickly. To prevent "storms" where two buggy nodes flood each other with invalid packets and therefore spend all their time negotiating new tunnels, we limit the frequency at which tunnel restarts happen to ten seconds. It is likely this commit will solve the "Invalid KEX record length during key regeneration" issue that has been seen in the wild. It is difficult to be sure though because we do not have a full understanding of all the possible conditions that can trigger this problem.
2015-05-17 17:50:11 +00:00
if(!len || !sptps_receive_data(&from->sptps, buf, len)) {
/* Uh-oh. It might be that the tunnel is stuck in some corrupted state,
so let's restart SPTPS in case that helps. But don't do that too often
to prevent storms.
Note that simply relying on handshake timeout is not enough, because
that doesn't apply to key regeneration. */
if(from->last_req_key < now.tv_sec - 10) {
logger(DEBUG_PROTOCOL, LOG_ERR, "Failed to decode handshake TCP packet from %s (%s), restarting SPTPS", from->name, from->hostname);
send_req_key(from);
}
return true;
}
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
if(from->status.validkey) {
if(*address && *port) {
logger(DEBUG_PROTOCOL, LOG_DEBUG, "Using reflexive UDP address from %s: %s port %s", from->name, address, port);
sockaddr_t sa = str2sockaddr(address, port);
update_node_udp(from, &sa);
}
}
Add MTU_INFO protocol message. In this commit, nodes use MTU_INFO messages to provide MTU information. The issue this code is meant to address is the non-trivial problem of finding the proper MTU when UDP SPTPS relays are involved. Currently, tinc has no idea what the MTU looks like beyond the first relay, and will arbitrarily use the first relay's MTU as the limit. This will fail miserably if the MTU decreases after the first relay, forcing relays to fall back to TCP. More generally, one should keep in mind that relay paths can be arbitrarily complex, resulting in packets taking "epic journeys" through the graph, switching back and forth between UDP (with variable MTUs) and TCP multiple times along the path. A solution that was considered consists in sending standard MTU probes through the relays. This is inefficient (if there are 3 nodes on one side of relay and 3 nodes on the other side, we end up with 3*3=9 MTU discoveries taking place at the same time, while technically only 3+3=6 are needed) and would involve eyebrow-raising behaviors such as probes being sent over TCP. This commit implements an alternative solution, which consists in the packet receiver sending MTU_INFO messages to the packet sender. The message contains an MTU value which is set to maximum when the message is originally sent. The message gets altered as it travels through the metagraph, such that when the message arrives to the destination, the MTU value contained in the message can be used to send packets while making sure no relays will be forced to fall back to TCP to deliver them. The operating principles behind such a protocol message are similar to how the UDP_INFO message works, but there is a key difference that prevents us from simply reusing the same message: the UDP_INFO message only cares about relay-to-relay links (i.e. it is sent between static relays and the information it contains only makes sense between two adjacent static relays), while the MTU_INFO cares about the end-to-end MTU, including the entire relay path. Therefore, UDP_INFO messages stop when they encounter static relays, while MTU_INFO messages don't stop until they get to the original packet sender. Note that, technically, the MTU that is obtained through this mechanism can be slightly pessimistic, because it can be lowered by an intermediate node that is not being used as a relay. Since nodes have no way of knowing whether they'll be used as dynamic relays or not (and have no say in the matter), this is not a trivial problem. That said, this is highly unlikely to result in noticeable issues in realistic scenarios.
2015-03-08 18:54:50 +00:00
send_mtu_info(myself, from, MTU);
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
return true;
}
Allow tinc to be compiled without OpenSSL. The option "--disable-legacy-protocol" was added to the configure script. The new protocol does not depend on any external crypto libraries, so when the option is used tinc is no longer linked to OpenSSL's libcrypto.
2014-12-29 21:57:18 +00:00
#ifdef DISABLE_LEGACY
Fix typo in logging statement. This was introduced in cfe9285adf391ab66faeb5def811fe08e47a221a.
2014-12-30 09:56:30 +00:00
logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses legacy protocol!", from->name, from->hostname);
Allow tinc to be compiled without OpenSSL. The option "--disable-legacy-protocol" was added to the configure script. The new protocol does not depend on any external crypto libraries, so when the option is used tinc is no longer linked to OpenSSL's libcrypto.
2014-12-29 21:57:18 +00:00
return false;
#else
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
/* Check and lookup cipher and digest algorithms */
Allow "none" for Cipher and Digest again.
2013-11-28 13:19:55 +00:00
if(cipher) {
if(!(from->outcipher = cipher_open_by_nid(cipher))) {
logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name, from->hostname);
return false;
}
} else {
from->outcipher = NULL;
Use the crypto wrappers again instead of calling OpenSSL directly. This theoretically allows other cryptographic libraries to be used, and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
}
Temporarily revert to old crypto code (The new code is still segfaulting for me, and I'd like to proceed with other work.) This largely rolls back to the revision 1545 state of the existing code (new crypto layer is still there with no callers), though I reintroduced the segfault fix of revision 1562.
2007-11-07 02:47:05 +00:00
Allow "none" for Cipher and Digest again.
2013-11-28 13:19:55 +00:00
if(digest) {
if(!(from->outdigest = digest_open_by_nid(digest, maclength))) {
logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown digest!", from->name, from->hostname);
return false;
}
} else {
from->outdigest = NULL;
Use the crypto wrappers again instead of calling OpenSSL directly. This theoretically allows other cryptographic libraries to be used, and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
}
Temporarily revert to old crypto code (The new code is still segfaulting for me, and I'd like to proceed with other work.) This largely rolls back to the revision 1545 state of the existing code (new crypto layer is still there with no callers), though I reintroduced the segfault fix of revision 1562.
2007-11-07 02:47:05 +00:00
Use conditional compilation for cryptographic functions. This gets rid of the rest of the symbolic links. However, as a consequence, the crypto header files have now moved to src/, and can no longer contain library-specific declarations. Therefore, cipher_t, digest_t, ecdh_t, ecdsa_t and rsa_t are now all opaque types, and only pointers to those types can be used.
2013-05-01 15:17:22 +00:00
if(maclength != digest_length(from->outdigest)) {
Allow log messages to be captured by tincctl. This allows tincctl to receive log messages from a running tincd, independent of what is logged to syslog or to file. Tincctl can receive debug messages with an arbitrary level.
2012-02-26 17:37:36 +00:00
logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses bogus MAC length!", from->name, from->hostname);
Use the crypto wrappers again instead of calling OpenSSL directly. This theoretically allows other cryptographic libraries to be used, and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
return false;
Switch to K&R style indentation.
2002-09-09 21:25:28 +00:00
}
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
/* Process key */
Use ECDSA to sign ECDH key exchange for UDP session keys. The ECDSA public keys will also be included in the ANS_KEY requests, but are only used when no ECDSA public key is known yet.
2011-07-16 18:21:44 +00:00
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
keylen = hex2bin(key, key, sizeof key);
Support ECDH key exchange. REQ_KEY requests have an extra field indicating key exchange version. If it is present and > 0, the sender supports ECDH. If the receiver also does, then it will generate a new keypair and sends the public key in a ANS_KEY request with "ECDH:" prefixed. The ans_key_h() function will compute the shared secret, which, at the moment,is used as is to set the cipher and HMAC keys. However, this must be changed to use a proper KDF. In the future, the ECDH key exchange must also be signed.
2011-07-03 11:17:28 +00:00
Allow Cipher and Digest "none". This is for backwards compatibility with tinc 1.0, it has no effect on the SPTPS protocol.
2014-05-18 19:51:42 +00:00
if(keylen != (from->outcipher ? cipher_keylength(from->outcipher) : 1)) {
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
return true;
}
Use the crypto wrappers again instead of calling OpenSSL directly. This theoretically allows other cryptographic libraries to be used, and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
Use datagram SPTPS for packet exchange between nodes. When two nodes which support SPTPS want to send packets to each other, they now always use SPTPS. The node initiating the SPTPS session send the first SPTPS packet via an extended REQ_KEY messages. All other handshake messages are sent using ANS_KEY messages. This ensures that intermediate nodes using an older version of tinc can still help with NAT traversal. After the authentication phase is over, SPTPS packets are sent via UDP, or are encapsulated in extended REQ_KEY messages instead of PACKET messages.
2012-07-30 16:36:59 +00:00
/* Update our copy of the origin's packet key */
Support ECDH key exchange. REQ_KEY requests have an extra field indicating key exchange version. If it is present and > 0, the sender supports ECDH. If the receiver also does, then it will generate a new keypair and sends the public key in a ANS_KEY request with "ECDH:" prefixed. The ans_key_h() function will compute the shared secret, which, at the moment,is used as is to set the cipher and HMAC keys. However, this must be changed to use a proper KDF. In the future, the ECDH key exchange must also be signed.
2011-07-03 11:17:28 +00:00
Allow Cipher and Digest "none". This is for backwards compatibility with tinc 1.0, it has no effect on the SPTPS protocol.
2014-05-18 19:51:42 +00:00
if(from->outcipher && !cipher_set_key(from->outcipher, key, true))
Fix warnings for functions marked __attribute((warn_unused_result)).
2013-05-10 18:30:47 +00:00
return false;
Allow Cipher and Digest "none". This is for backwards compatibility with tinc 1.0, it has no effect on the SPTPS protocol.
2014-05-18 19:51:42 +00:00
if(from->outdigest && !digest_set_key(from->outdigest, key, keylen))
Fix warnings for functions marked __attribute((warn_unused_result)).
2013-05-10 18:30:47 +00:00
return false;
Use the crypto wrappers again instead of calling OpenSSL directly. This theoretically allows other cryptographic libraries to be used, and it improves the readability of the code.
2008-12-11 14:44:44 +00:00
from->status.validkey = true;
from->sent_seqno = 0;
Check all EVP_ function calls.
2003-10-11 12:16:13 +00:00
Determine peer's reflexive address and port when exchanging keys. To help peers that are behind NAT connect to each other directly via UDP, they need to know the exact external address and port that they use. Keys exchanged between NATted peers necessarily go via a third node, which knows this address and port, and can append this information to the keys, which is in turned used by the peers. Since PMTU discovery will immediately trigger UDP communication from both sides to each other, this should allow direct communication between peers behind full, address-restricted and port-restricted cone NAT.
2010-02-01 23:51:44 +00:00
if(*address && *port) {
Allow log messages to be captured by tincctl. This allows tincctl to receive log messages from a running tincd, independent of what is logged to syslog or to file. Tincctl can receive debug messages with an arbitrary level.
2012-02-26 17:37:36 +00:00
logger(DEBUG_PROTOCOL, LOG_DEBUG, "Using reflexive UDP address from %s: %s port %s", from->name, address, port);
Determine peer's reflexive address and port when exchanging keys. To help peers that are behind NAT connect to each other directly via UDP, they need to know the exact external address and port that they use. Keys exchanged between NATted peers necessarily go via a third node, which knows this address and port, and can append this information to the keys, which is in turned used by the peers. Since PMTU discovery will immediately trigger UDP communication from both sides to each other, this should allow direct communication between peers behind full, address-restricted and port-restricted cone NAT.
2010-02-01 23:51:44 +00:00
sockaddr_t sa = str2sockaddr(address, port);
update_node_udp(from, &sa);
}
Use bools and enums where appropriate.
2003-07-22 20:55:21 +00:00
return true;
Allow tinc to be compiled without OpenSSL. The option "--disable-legacy-protocol" was added to the configure script. The new protocol does not depend on any external crypto libraries, so when the option is used tinc is no longer linked to OpenSSL's libcrypto.
2014-12-29 21:57:18 +00:00
#endif
Forgot to merge new files from pre5.
2002-02-11 10:05:58 +00:00
}
Reference in a new issue Copy permalink