Automatically exchange ECDSA keys and upgrade to new authentication protocol.

If we don't have ECDSA keys for the node we connect to, set protocol_minor to 1, to indicate this to the other end. This will first complete the old way of authentication with RSA keys, and will then exchange ECDSA keys. The connection will be terminated right afterwards, and the next attempt will use ECDSA keys.
2011-07-10 22:34:17 +02:00 · 2011-07-10 22:34:17 +02:00 · 30ef2a981e
commit 30ef2a981e
parent 027228debe
5 changed files with 90 additions and 11 deletions
--- a/src/openssl/ecdsa.c
+++ b/src/openssl/ecdsa.c
@ -26,8 +26,8 @@
 #include "ecdsa.h"
 #include "utils.h"

-// Set ECDSA keys
-
+// Get and set ECDSA keys
+//
 bool ecdsa_set_base64_public_key(ecdsa_t *ecdsa, const char *p) {
 	*ecdsa = EC_KEY_new_by_curve_name(NID_secp521r1);

@ -44,6 +44,18 @@ bool ecdsa_set_base64_public_key(ecdsa_t *ecdsa, const char *p) {
 	return true;
 }

+char *ecdsa_get_base64_public_key(ecdsa_t *ecdsa) {
+	unsigned char *pubkey = NULL;
+	int len = i2o_ECPublicKey(*ecdsa, &pubkey);
+
+	char *base64 = malloc(len * 4 / 3 + 5);
+	b64encode(pubkey, base64, len);
+
+	free(pubkey);
+
+	return base64;
+}
+
 // Read PEM ECDSA keys

 bool ecdsa_read_pem_public_key(ecdsa_t *ecdsa, FILE *fp) {
--- a/src/openssl/ecdsa.h
+++ b/src/openssl/ecdsa.h
@ -25,6 +25,7 @@
 typedef EC_KEY *ecdsa_t;

 extern bool ecdsa_set_base64_public_key(ecdsa_t *ecdsa, const char *p);
+extern char *ecdsa_get_base64_public_key(ecdsa_t *ecdsa);
 extern bool ecdsa_read_pem_public_key(ecdsa_t *ecdsa, FILE *fp);
 extern bool ecdsa_read_pem_private_key(ecdsa_t *ecdsa, FILE *fp);
 extern size_t ecdsa_size(ecdsa_t *ecdsa);