Use SPTPS when ExperimentalProtocol is enabled.

2012-02-25 18:25:21 +01:00 · 2012-02-25 18:25:21 +01:00 · 65d6f023c4
commit 65d6f023c4
parent efd21e232d
9 changed files with 92 additions and 112 deletions
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -8,7 +8,7 @@ tincd_SOURCES = \
 	utils.c getopt.c getopt1.c list.c splay_tree.c dropin.c fake-getaddrinfo.c fake-getnameinfo.c \
 	buffer.c conf.c connection.c control.c edge.c graph.c logger.c meta.c net.c net_packet.c net_setup.c \
 	net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \
-	protocol_key.c protocol_subnet.c route.c subnet.c tincd.c \
+	protocol_key.c protocol_subnet.c route.c sptps.c subnet.c tincd.c \
 	dummy_device.c raw_socket_device.c
 if UML
@ -31,7 +31,7 @@ nodist_tincctl_SOURCES = \
 sptps_test_SOURCES = \
 	logger.c cipher.c crypto.c ecdh.c ecdsa.c digest.c prf.c \
-	sptps.c sptps_test.c
+	sptps.c sptps_test.c utils.c
 if TUNEMU
 tincd_SOURCES += bsd/tunemu.c
--- a/src/connection.c
+++ b/src/connection.c
@ -69,7 +69,7 @@ void free_connection(connection_t *c) {
 	cipher_close(&c->outcipher);
 	digest_close(&c->outdigest);
-	ecdh_free(&c->ecdh);
+	stop_sptps(&c->sptps);
 	ecdsa_free(&c->ecdsa);
 	rsa_free(&c->rsa);
--- a/src/connection.h
+++ b/src/connection.h
@ -26,6 +26,7 @@
 #include "digest.h"
 #include "rsa.h"
 #include "splay_tree.h"
 #include "sptps.h"
 #define OPTION_INDIRECT		0x0001
 #define OPTION_TCPONLY		0x0002
@ -73,11 +74,11 @@ typedef struct connection_t {
 	rsa_t rsa;			/* his public RSA key */
 	ecdsa_t ecdsa;			/* his public ECDSA key */
 	ecdsa_t ecdh;			/* state for ECDH key exchange */
 	cipher_t incipher;		/* Cipher he will use to send data to us */
 	cipher_t outcipher;		/* Cipher we will use to send data to him */
 	digest_t indigest;
 	digest_t outdigest;
 	sptps_t sptps;
 	int inmaclength;
 	int outmaclength;
--- a/src/meta.c
+++ b/src/meta.c
@ -31,6 +31,22 @@
 #include "utils.h"
 #include "xalloc.h"
 bool send_meta_sptps(void *handle, const char *buffer, size_t length) {
 	connection_t *c = handle;
 	if(!c) {
 		logger(LOG_ERR, "send_meta_sptps() called with NULL pointer!");
 		abort();
 	}
 	logger(LOG_DEBUG, "send_meta_sptps(%s, %p, %zu)", c->name, buffer, length);
 	buffer_add(&c->outbuf, buffer, length);
 	event_add(&c->outevent, NULL);
 	return true;
 }
 bool send_meta(connection_t *c, const char *buffer, int length) {
 	if(!c) {
 		logger(LOG_ERR, "send_meta() called with NULL pointer!");
@ -40,6 +56,9 @@ bool send_meta(connection_t *c, const char *buffer, int length) {
 	ifdebug(META) logger(LOG_DEBUG, "Sending %d bytes of metadata to %s (%s)", length,
 			   c->name, c->hostname);
 	if(c->protocol_minor >= 2)
 		return send_record(&c->sptps, 0, buffer, length);
 	/* Add our data to buffer */
 	if(c->status.encryptout) {
 		size_t outlen = length;
@ -71,6 +90,41 @@ void broadcast_meta(connection_t *from, const char *buffer, int length) {
 	}
 }
 bool receive_meta_sptps(void *handle, uint8_t type, const char *data, uint16_t length) {
 	connection_t *c = handle;
 	if(!c) {
 		logger(LOG_ERR, "receive_meta_sptps() called with NULL pointer!");
 		abort();
 	}
 	logger(LOG_DEBUG, "receive_meta_sptps(%s, %d, %p, %hu)", c->name, type, data, length);
 	if(type == SPTPS_HANDSHAKE) {
 		if(c->allow_request == ACK)
 			return send_ack(c);
 		else
 			return true;
 	}
 	if(!data)
 		return true;
 	/* Are we receiving a TCPpacket? */
 	if(c->tcplen) {
 		if(length != c->tcplen)
 			return false;
 		receive_tcppacket(c, data, length);
 		c->tcplen = 0;
 		return true;
 	}
 	/* Otherwise we are waiting for a request */
 	return receive_request(c, data);
 }
 bool receive_meta(connection_t *c) {
 	int inlen;
 	char inbuf[MAXBUFSIZE];
@ -107,6 +161,11 @@ bool receive_meta(connection_t *c) {
 	}
 	do {
 		if(c->protocol_minor >= 2) {
 			logger(LOG_DEBUG, "Receiving %d bytes of SPTPS data", inlen);
 			return receive_data(&c->sptps, bufp, inlen);
 		}
 		if(!c->status.decryptin) {
 			endp = memchr(bufp, '\n', inlen);
 			if(endp)
--- a/src/meta.h
+++ b/src/meta.h
@ -24,6 +24,8 @@
 #include "connection.h"
 extern bool send_meta(struct connection_t *, const char *, int);
 extern bool send_meta_sptps(void *, const char *, size_t);
 extern bool receive_meta_sptps(void *, uint8_t, const char *, uint16_t);
 extern void broadcast_meta(struct connection_t *, const char *, int);
 extern bool receive_meta(struct connection_t *);
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@ -31,12 +31,14 @@
 #include "edge.h"
 #include "graph.h"
 #include "logger.h"
 #include "meta.h"
 #include "net.h"
 #include "netutl.h"
 #include "node.h"
 #include "prf.h"
 #include "protocol.h"
 #include "rsa.h"
 #include "sptps.h"
 #include "utils.h"
 #include "xalloc.h"
@ -122,9 +124,10 @@ bool id_h(connection_t *c, char *request) {
 			return false;
 		}
-		if(experimental && c->protocol_minor >= 2)
+		if(experimental && c->protocol_minor >= 2) {
 			if(!read_ecdsa_public_key(c))
 				return false;
 		}
 	} else {
 		if(c->protocol_minor && !ecdsa_active(&c->ecdsa))
 			c->protocol_minor = 1;
@ -132,30 +135,19 @@ bool id_h(connection_t *c, char *request) {
 	c->allow_request = METAKEY;
-	if(c->protocol_minor >= 2)
+	if(c->protocol_minor >= 2) {
-		return send_metakey_ec(c);
+		c->allow_request = ACK;
 		char label[25 + strlen(myself->name) + strlen(c->name)];
 		if(c->outgoing)
 			snprintf(label, sizeof label, "tinc TCP key expansion %s %s", myself->name, c->name);
 		else
 			snprintf(label, sizeof label, "tinc TCP key expansion %s %s", c->name, myself->name);
 		return start_sptps(&c->sptps, c, c->outgoing, myself->connection->ecdsa, c->ecdsa, label, sizeof label, send_meta_sptps, receive_meta_sptps);
 	} else {
 		return send_metakey(c);
 	}
 bool send_metakey_ec(connection_t *c) {
 	logger(LOG_DEBUG, "Sending ECDH metakey to %s", c->name);
 	size_t siglen = ecdsa_size(&myself->connection->ecdsa);
 	char key[(ECDH_SIZE + siglen) * 2 + 1];
 	// TODO: include nonce? Use relevant parts of SSH or TLS protocol
 	if(!ecdh_generate_public(&c->ecdh, key))
 		return false;
 	if(!ecdsa_sign(&myself->connection->ecdsa, key, ECDH_SIZE, key + ECDH_SIZE))
 		return false;
 	b64encode(key, key, ECDH_SIZE + siglen);
 	return send_request(c, "%d %s", METAKEY, key);
 }
 bool send_metakey(connection_t *c) {
@ -223,84 +215,7 @@ bool send_metakey(connection_t *c) {
 	return result;
 }
 static bool metakey_ec_h(connection_t *c, const char *request) {
 	size_t siglen = ecdsa_size(&c->ecdsa);
 	char key[MAX_STRING_SIZE];
 	logger(LOG_DEBUG, "Got ECDH metakey from %s", c->name);
 	if(sscanf(request, "%*d " MAX_STRING, key) != 1) {
 		logger(LOG_ERR, "Got bad %s from %s (%s)", "METAKEY", c->name, c->hostname);
 		return false;
 	}
 	int inlen = b64decode(key, key, sizeof key);
 	if(inlen != (ECDH_SIZE + siglen)) {
 		logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong keylength");
 		return false;
 	}
 	if(!ecdsa_verify(&c->ecdsa, key, ECDH_SIZE, key + ECDH_SIZE)) {
 		logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "invalid ECDSA signature");
 		return false;
 	}
 	char shared[ECDH_SHARED_SIZE];
 	if(!ecdh_compute_shared(&c->ecdh, key, shared))
 		return false;
 	/* Update our crypto end */
 	if(!cipher_open_by_name(&c->incipher, "aes-256-ofb"))
 		return false;
 	if(!digest_open_by_name(&c->indigest, "sha512", -1))
 		return false;
 	if(!cipher_open_by_name(&c->outcipher, "aes-256-ofb"))
 		return false;
 	if(!digest_open_by_name(&c->outdigest, "sha512", -1))
 		return false;
 	size_t mykeylen = cipher_keylength(&c->incipher);
 	size_t hiskeylen = cipher_keylength(&c->outcipher);
 	char *mykey;
 	char *hiskey;
 	char *seed;
 	if(strcmp(myself->name, c->name) < 0) {
 		mykey = key;
 		hiskey = key + mykeylen * 2;
 		xasprintf(&seed, "tinc TCP key expansion %s %s", myself->name, c->name);
 	} else {
 		mykey = key + hiskeylen * 2;
 		hiskey = key;
 		xasprintf(&seed, "tinc TCP key expansion %s %s", c->name, myself->name);
 	}
 	if(!prf(shared, ECDH_SHARED_SIZE, seed, strlen(seed), key, hiskeylen * 2 + mykeylen * 2))
 		return false;
 	free(seed);
 	cipher_set_key(&c->incipher, mykey, false);
 	digest_set_key(&c->indigest, mykey + mykeylen, mykeylen);
 	cipher_set_key(&c->outcipher, hiskey, true);
 	digest_set_key(&c->outdigest, hiskey + hiskeylen, hiskeylen);
 	c->status.decryptin = true;
 	c->status.encryptout = true;
 	c->allow_request = CHALLENGE;
 	return send_challenge(c);
 }
 bool metakey_h(connection_t *c, char *request) {
 	if(c->protocol_minor >= 2)
 		return metakey_ec_h(c, request);
 	char hexkey[MAX_STRING_SIZE];
 	int cipher, digest, maclength, compression;
 	size_t len = rsa_size(&myself->connection->rsa);
@ -355,7 +270,7 @@ bool metakey_h(connection_t *c, char *request) {
 }
 bool send_challenge(connection_t *c) {
-	size_t len = c->protocol_minor >= 2 ? ECDH_SIZE : rsa_size(&c->rsa);
+	size_t len = rsa_size(&c->rsa);
 	char buffer[len * 2 + 1];
 	if(!c->hischallenge)
@ -376,7 +291,7 @@ bool send_challenge(connection_t *c) {
 bool challenge_h(connection_t *c, char *request) {
 	char buffer[MAX_STRING_SIZE];
-	size_t len = c->protocol_minor >= 2 ? ECDH_SIZE : rsa_size(&myself->connection->rsa);
+	size_t len = rsa_size(&myself->connection->rsa);
 	size_t digestlen = digest_length(&c->indigest);
 	char digest[digestlen];
@ -434,7 +349,7 @@ bool chal_reply_h(connection_t *c, char *request) {
 	/* Verify the hash */
-	if(!digest_verify(&c->outdigest, c->hischallenge, c->protocol_minor >= 2 ? ECDH_SIZE : rsa_size(&c->rsa), hishash)) {
+	if(!digest_verify(&c->outdigest, c->hischallenge, rsa_size(&c->rsa), hishash)) {
 		logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply");
 		return false;
 	}
--- a/src/sptps.c
+++ b/src/sptps.c
@ -27,9 +27,6 @@
 #include "prf.h"
 #include "sptps.h"
 char *logfilename;
 #include "utils.c"
 /*
   Nonce MUST be exchanged first (done)
   Signatures MUST be done over both nonces, to guarantee the signature is fresh
@ -60,7 +57,6 @@ static bool error(sptps_t *s, int s_errno, const char *msg) {
 // Send a record (private version, accepts all record types, handles encryption and authentication).
 static bool send_record_priv(sptps_t *s, uint8_t type, const char *data, uint16_t len) {
 	char buffer[len + 23UL];
 	//char ciphertext[len + 19];
 	// Create header with sequence number, length and record type
 	uint32_t seqno = htonl(s->outseqno++);
@ -326,6 +322,7 @@ static bool receive_handshake(sptps_t *s, const char *data, uint16_t len) {
 			// We expect a handshake message to indicate transition to the new keys.
 			if(!receive_ack(s, data, len))
 				return false;
 			s->receive_record(s->handle, SPTPS_HANDSHAKE, NULL, 0);
 			s->state = SPTPS_SECONDARY_KEX;
 			return true;
 		// TODO: split ACK into a VERify and ACK?
--- a/src/sptps.h
+++ b/src/sptps.h
@ -17,6 +17,9 @@
    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 #ifndef __SPTPS_H__
 #define __SPTPS_H__
 #include "system.h"
 #include "cipher.h"
@ -78,3 +81,5 @@ extern bool stop_sptps(sptps_t *s);
 extern bool send_record(sptps_t *s, uint8_t type, const char *data, uint16_t len);
 extern bool receive_data(sptps_t *s, const char *data, size_t len);
 extern bool force_kex(sptps_t *s);
 #endif
--- a/src/sptps_test.c
+++ b/src/sptps_test.c
@ -25,6 +25,7 @@
 #include "sptps.h"
 #include "utils.h"
 char *logfilename;
 ecdsa_t mykey, hiskey;
 static bool send_data(void *handle, const char *data, size_t len) {