Fixed meta protocol.
This commit is contained in:
Ivo Timmermans
parent
9ea27f76fa
commit
a9247e6f2c
3 changed files with 40 additions and 30 deletions
41
src/encr.c
41
src/encr.c
|
|
@ -225,16 +225,25 @@ void encrypt_passphrase(passphrase_t *pp)
|
|||
{
|
||||
char key[1000];
|
||||
char tmp[1000];
|
||||
int len;
|
||||
unsigned char phrase[1000];
|
||||
int keylen;
|
||||
int i;
|
||||
BF_KEY bf_key;
|
||||
|
||||
cp
|
||||
mpz_get_str(tmp, 16, my_public_key);
|
||||
len = str_hex_to_bin(key, tmp);
|
||||
keylen = str_hex_to_bin(key, tmp);
|
||||
|
||||
cipher_set_key(&bf_key, len, key);
|
||||
cipher_set_key(&bf_key, keylen, key);
|
||||
|
||||
low_crypt_key(mypassphrase, pp->phrase, &bf_key, mypassphraselen, BF_ENCRYPT);
|
||||
pp->len = ((mypassphraselen - 1) | 7) + 5;
|
||||
low_crypt_key(mypassphrase, phrase, &bf_key, mypassphraselen, BF_ENCRYPT);
|
||||
pp->len = ((mypassphraselen - 1) | 7) + 1;
|
||||
pp->phrase = xmalloc((pp->len << 1) + 1);
|
||||
|
||||
for(i = 0; i < pp->len; i++)
|
||||
snprintf(&(pp->phrase)[i << 1], 3, "%02x", (int)phrase[i]);
|
||||
|
||||
pp->phrase[(pp->len << 1) + 1] = '\0';
|
||||
|
||||
if(key_inited)
|
||||
cipher_set_key(&encryption_key, encryption_keylen, text_key);
|
||||
|
|
@ -244,29 +253,31 @@ cp
|
|||
int verify_passphrase(conn_list_t *cl, unsigned char *his_pubkey)
|
||||
{
|
||||
char key[1000];
|
||||
char tmp[1000];
|
||||
int len;
|
||||
char *tmp;
|
||||
unsigned char phrase[1000];
|
||||
int keylen, pplen;
|
||||
mpz_t pk;
|
||||
unsigned char *out;
|
||||
BF_KEY bf_key;
|
||||
char which[sizeof("123.123.123.123")+1];
|
||||
char *meuk;
|
||||
cp
|
||||
mpz_init_set_str(pk, his_pubkey, 16);
|
||||
mpz_get_str(tmp, 16, pk);
|
||||
len = str_hex_to_bin(key, tmp);
|
||||
out = xmalloc(strlen(cl->pp) + 3);
|
||||
mpz_init_set_str(pk, his_pubkey, 36);
|
||||
tmp = mpz_get_str(NULL, 16, pk);
|
||||
keylen = str_hex_to_bin(key, tmp);
|
||||
out = xmalloc((cl->pp->len >> 1) + 3);
|
||||
pplen = str_hex_to_bin(phrase, cl->pp->phrase);
|
||||
|
||||
cipher_set_key(&bf_key, len, key);
|
||||
low_crypt_key(cl->pp, out, &bf_key, strlen(cl->pp), BF_DECRYPT);
|
||||
cipher_set_key(&bf_key, keylen, key);
|
||||
low_crypt_key(phrase, out, &bf_key, pplen, BF_DECRYPT);
|
||||
if(key_inited)
|
||||
cipher_set_key(&encryption_key, encryption_keylen, text_key);
|
||||
|
||||
sprintf(which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip));
|
||||
if((len = read_passphrase(which, &meuk)) < 0)
|
||||
if((pplen = read_passphrase(which, &meuk)) < 0)
|
||||
return -1;
|
||||
|
||||
if(memcmp(meuk, out, len))
|
||||
if(memcmp(meuk, out, pplen))
|
||||
return -1;
|
||||
cp
|
||||
return 0;
|
||||
|
|
|
|||
|
|
@ -28,9 +28,6 @@
|
|||
#define MAXSIZE 1700 /* should be a bit more than the MTU for the tapdevice */
|
||||
#define MTU 1600
|
||||
|
||||
#define MAX_PASSPHRASE_SIZE 2000 /* 2kb is really waaaay too much. nobody's
|
||||
gonna need a 16 kbit passphrase */
|
||||
|
||||
#define MAC_ADDR_S "%02x:%02x:%02x:%02x:%02x:%02x"
|
||||
#define MAC_ADDR_V(x) ((unsigned char*)&(x))[0],((unsigned char*)&(x))[1], \
|
||||
((unsigned char*)&(x))[2],((unsigned char*)&(x))[3], \
|
||||
|
|
@ -64,7 +61,7 @@ typedef struct real_packet_t {
|
|||
|
||||
typedef struct passphrase_t {
|
||||
unsigned short len;
|
||||
unsigned char phrase[MAX_PASSPHRASE_SIZE];
|
||||
unsigned char *phrase;
|
||||
} passphrase_t;
|
||||
|
||||
typedef struct status_bits_t {
|
||||
|
|
@ -109,7 +106,7 @@ typedef struct conn_list_t {
|
|||
int meta_socket; /* our tcp meta socket */
|
||||
int protocol_version; /* used protocol */
|
||||
status_bits_t status; /* status info */
|
||||
unsigned char *pp; /* encoded passphrase */
|
||||
passphrase_t *pp; /* encoded passphrase */
|
||||
packet_queue_t *sq; /* pending outgoing packets */
|
||||
packet_queue_t *rq; /* pending incoming packets (they have no
|
||||
valid key to be decrypted with) */
|
||||
|
|
|
|||
|
|
@ -213,10 +213,10 @@ cp
|
|||
encrypt_passphrase(&tmp);
|
||||
|
||||
if(debug_lvl > 2)
|
||||
syslog(LOG_DEBUG, "Send PASSPHRASE to " IP_ADDR_S,
|
||||
IP_ADDR_V(cl->vpn_ip));
|
||||
syslog(LOG_DEBUG, "Send PASSPHRASE %s to " IP_ADDR_S,
|
||||
tmp.phrase, IP_ADDR_V(cl->vpn_ip));
|
||||
|
||||
buflen = sprintf(buffer, "%d %s\n", PASSPHRASE, tmp.phrase);
|
||||
buflen = snprintf(buffer, MAXBUFSIZE, "%d %s\n", PASSPHRASE, tmp.phrase);
|
||||
|
||||
if((write(cl->meta_socket, buffer, buflen)) < 0)
|
||||
{
|
||||
|
|
@ -231,8 +231,8 @@ int send_public_key(conn_list_t *cl)
|
|||
{
|
||||
cp
|
||||
if(debug_lvl > 2)
|
||||
syslog(LOG_DEBUG, "Send PUBLIC_KEY to " IP_ADDR_S,
|
||||
IP_ADDR_V(cl->vpn_ip));
|
||||
syslog(LOG_DEBUG, "Send PUBLIC_KEY %s to " IP_ADDR_S,
|
||||
my_public_key_base36, IP_ADDR_V(cl->vpn_ip));
|
||||
|
||||
buflen = sprintf(buffer, "%d %s\n", PUBLIC_KEY, my_public_key_base36);
|
||||
|
||||
|
|
@ -396,11 +396,13 @@ cp
|
|||
int passphrase_h(conn_list_t *cl)
|
||||
{
|
||||
cp
|
||||
if(sscanf(cl->buffer, "%*d %s", cl->pp) != 1)
|
||||
cl->pp=xmalloc(sizeof(*(cl->pp)));
|
||||
if(sscanf(cl->buffer, "%*d %as", &(cl->pp->phrase)) != 1)
|
||||
{
|
||||
syslog(LOG_ERR, "got bad PASSPHRASE request: %s", cl->buffer);
|
||||
return -1;
|
||||
}
|
||||
syslog(LOG_ERR, "got bad PASSPHRASE request: %s", cl->buffer);
|
||||
return -1;
|
||||
}
|
||||
cl->pp->len = strlen(cl->pp->phrase);
|
||||
|
||||
if(debug_lvl > 2)
|
||||
syslog(LOG_DEBUG, "got PASSPHRASE");
|
||||
|
|
@ -424,7 +426,7 @@ cp
|
|||
}
|
||||
|
||||
if(debug_lvl > 2)
|
||||
syslog(LOG_DEBUG, "got PUBLIC_KEY");
|
||||
syslog(LOG_DEBUG, "got PUBLIC_KEY %s", g_n);
|
||||
|
||||
if(verify_passphrase(cl, g_n))
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in a new issue