j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Use conditional compilation for cryptographic functions.

Browse source 
This gets rid of the rest of the symbolic links. However, as a consequence, the
crypto header files have now moved to src/, and can no longer contain
library-specific declarations. Therefore, cipher_t, digest_t, ecdh_t, ecdsa_t
and rsa_t are now all opaque types, and only pointers to those types can be
used.
This commit is contained in:
Guus Sliepen 2013-05-01 17:17:22 +02:00
parent e70b5b5bd7
commit 9b9230a0a7
35 changed files with 595 additions and 639 deletions
Download patch file Download diff file Expand all files Collapse all files

43
src/protocol_key.c
View file

@ -124,7 +124,7 @@ bool send_req_key(node_t *to) {
static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, int reqno) {
switch(reqno) {
case REQ_PUBKEY: {
char *pubkey = ecdsa_get_base64_public_key(&myself->connection->ecdsa);
char *pubkey = ecdsa_get_base64_public_key(myself->connection->ecdsa);
send_request(from->nexthop->connection, "%d %s %s %d %s", REQ_KEY, myself->name, from->name, ANS_PUBKEY, pubkey);
free(pubkey);
return true;
@ -137,7 +137,7 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in
}
char pubkey[MAX_STRING_SIZE];
if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, pubkey) != 1 || !ecdsa_set_base64_public_key(&from->ecdsa, pubkey)) {
if(sscanf(request, "%*d %*s %*s %*d " MAX_STRING, pubkey) != 1 || !(from->ecdsa = ecdsa_set_base64_public_key(pubkey))) {
logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "ANS_PUBKEY", from->name, from->hostname, "invalid pubkey");
return true;
}
@ -259,19 +259,22 @@ bool send_ans_key(node_t *to) {
if(to->status.sptps)
abort();
size_t keylen = cipher_keylength(&myself->incipher);
size_t keylen = cipher_keylength(myself->incipher);
char key[keylen * 2 + 1];
cipher_close(&to->incipher);
digest_close(&to->indigest);
cipher_close(to->incipher);
digest_close(to->indigest);
cipher_open_by_nid(&to->incipher, cipher_get_nid(&myself->incipher));
digest_open_by_nid(&to->indigest, digest_get_nid(&myself->indigest), digest_length(&myself->indigest));
to->incipher = cipher_open_by_nid(cipher_get_nid(myself->incipher));
to->indigest = digest_open_by_nid(digest_get_nid(myself->indigest), digest_length(myself->indigest));
to->incompression = myself->incompression;
if(!to->incipher || !to->indigest)
abort();
randomize(key, keylen);
cipher_set_key(&to->incipher, key, false);
digest_set_key(&to->indigest, key, keylen);
cipher_set_key(to->incipher, key, false);
digest_set_key(to->indigest, key, keylen);
bin2hex(key, key, keylen);
@ -283,9 +286,9 @@ bool send_ans_key(node_t *to) {
return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
myself->name, to->name, key,
cipher_get_nid(&to->incipher),
digest_get_nid(&to->indigest),
(int)digest_length(&to->indigest),
cipher_get_nid(to->incipher),
digest_get_nid(to->indigest),
(int)digest_length(to->indigest),
to->incompression);
}
@ -353,8 +356,8 @@ bool ans_key_h(connection_t *c, const char *request) {
}
/* Don't use key material until every check has passed. */
cipher_close(&from->outcipher);
digest_close(&from->outdigest);
cipher_close(from->outcipher);
digest_close(from->outdigest);
from->status.validkey = false;
if(compression < 0 || compression > 11) {
@ -389,17 +392,17 @@ bool ans_key_h(connection_t *c, const char *request) {
/* Check and lookup cipher and digest algorithms */
if(!cipher_open_by_nid(&from->outcipher, cipher)) {
if(!(from->outcipher = cipher_open_by_nid(cipher))) {
logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name, from->hostname);
return false;
}
if(!digest_open_by_nid(&from->outdigest, digest, maclength)) {
if(!(from->outdigest = digest_open_by_nid(digest, maclength))) {
logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown digest!", from->name, from->hostname);
return false;
}
if(maclength != digest_length(&from->outdigest)) {
if(maclength != digest_length(from->outdigest)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses bogus MAC length!", from->name, from->hostname);
return false;
}
@ -408,15 +411,15 @@ bool ans_key_h(connection_t *c, const char *request) {
keylen = hex2bin(key, key, sizeof key);
if(keylen != cipher_keylength(&from->outcipher)) {
if(keylen != cipher_keylength(from->outcipher)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
return true;
}
/* Update our copy of the origin's packet key */
cipher_set_key(&from->outcipher, key, true);
digest_set_key(&from->outdigest, key, keylen);
cipher_set_key(from->outcipher, key, true);
digest_set_key(from->outdigest, key, keylen);
from->status.validkey = true;
from->sent_seqno = 0;