j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Rename ECDSA to Ed25519.

Browse source
This commit is contained in:
Guus Sliepen 2014-05-18 20:47:04 +02:00
parent 35437a50e2
commit f0e7e6b03e
12 changed files with 94 additions and 94 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/invitation.c
View file

@ -321,7 +321,7 @@ int cmd_invite(int argc, char *argv[]) {
free(filename);
ecdsa_t *key;
xasprintf(&filename, "%s" SLASH "invitations" SLASH "ecdsa_key.priv", confbase);
xasprintf(&filename, "%s" SLASH "invitations" SLASH "ed25519_key.priv", confbase);
// Remove the key if there are no outstanding invitations.
if(!count)
@ -722,7 +722,7 @@ make_names:
if(!b64key)
return false;
xasprintf(&filename, "%s" SLASH "ecdsa_key.priv", confbase);
xasprintf(&filename, "%s" SLASH "ed25519_key.priv", confbase);
f = fopenmask(filename, "w", 0600);
if(!ecdsa_write_pem_private_key(key, f)) {
@ -734,7 +734,7 @@ make_names:
fclose(f);
fprintf(fh, "ECDSAPublicKey = %s\n", b64key);
fprintf(fh, "Ed25519PublicKey = %s\n", b64key);
sptps_send_record(&sptps, 1, b64key, strlen(b64key));
free(b64key);

38
src/net_setup.c
View file

@ -71,17 +71,17 @@ bool node_read_ecdsa_public_key(node_t *n) {
if(!read_host_config(config_tree, n->name))
goto exit;
/* First, check for simple ECDSAPublicKey statement */
/* First, check for simple Ed25519PublicKey statement */
if(get_config_string(lookup_config(config_tree, "ECDSAPublicKey"), &p)) {
if(get_config_string(lookup_config(config_tree, "Ed25519PublicKey"), &p)) {
n->ecdsa = ecdsa_set_base64_public_key(p);
free(p);
goto exit;
}
/* Else, check for ECDSAPublicKeyFile statement and read it */
/* Else, check for Ed25519PublicKeyFile statement and read it */
if(!get_config_string(lookup_config(config_tree, "ECDSAPublicKeyFile"), &pubname))
if(!get_config_string(lookup_config(config_tree, "Ed25519PublicKeyFile"), &pubname))
xasprintf(&pubname, "%s" SLASH "hosts" SLASH "%s", confbase, n->name);
fp = fopen(pubname, "r");
@ -112,23 +112,23 @@ bool read_ecdsa_public_key(connection_t *c) {
return false;
}
/* First, check for simple ECDSAPublicKey statement */
/* First, check for simple Ed25519PublicKey statement */
if(get_config_string(lookup_config(c->config_tree, "ECDSAPublicKey"), &p)) {
if(get_config_string(lookup_config(c->config_tree, "Ed25519PublicKey"), &p)) {
c->ecdsa = ecdsa_set_base64_public_key(p);
free(p);
return c->ecdsa;
}
/* Else, check for ECDSAPublicKeyFile statement and read it */
/* Else, check for Ed25519PublicKeyFile statement and read it */
if(!get_config_string(lookup_config(c->config_tree, "ECDSAPublicKeyFile"), &fname))
if(!get_config_string(lookup_config(c->config_tree, "Ed25519PublicKeyFile"), &fname))
xasprintf(&fname, "%s" SLASH "hosts" SLASH "%s", confbase, c->name);
fp = fopen(fname, "r");
if(!fp) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error reading ECDSA public key file `%s': %s",
logger(DEBUG_ALWAYS, LOG_ERR, "Error reading Ed25519 public key file `%s': %s",
fname, strerror(errno));
free(fname);
return false;
@ -138,7 +138,7 @@ bool read_ecdsa_public_key(connection_t *c) {
fclose(fp);
if(!c->ecdsa)
logger(DEBUG_ALWAYS, LOG_ERR, "Parsing ECDSA public key file `%s' failed.", fname);
logger(DEBUG_ALWAYS, LOG_ERR, "Parsing Ed25519 public key file `%s' failed.", fname);
free(fname);
return c->ecdsa;
}
@ -187,15 +187,15 @@ static bool read_ecdsa_private_key(void) {
/* Check for PrivateKeyFile statement and read it */
if(!get_config_string(lookup_config(config_tree, "ECDSAPrivateKeyFile"), &fname))
xasprintf(&fname, "%s" SLASH "ecdsa_key.priv", confbase);
if(!get_config_string(lookup_config(config_tree, "Ed25519PrivateKeyFile"), &fname))
xasprintf(&fname, "%s" SLASH "ed25519_key.priv", confbase);
fp = fopen(fname, "r");
if(!fp) {
logger(DEBUG_ALWAYS, LOG_ERR, "Error reading ECDSA private key file `%s': %s", fname, strerror(errno));
logger(DEBUG_ALWAYS, LOG_ERR, "Error reading Ed25519 private key file `%s': %s", fname, strerror(errno));
if(errno == ENOENT)
logger(DEBUG_ALWAYS, LOG_INFO, "Create an ECDSA keypair with `tinc -n %s generate-ecdsa-keys'.", netname ?: ".");
logger(DEBUG_ALWAYS, LOG_INFO, "Create an Ed25519 keypair with `tinc -n %s generate-ed25519-keys'.", netname ?: ".");
free(fname);
return false;
}
@ -204,20 +204,20 @@ static bool read_ecdsa_private_key(void) {
struct stat s;
if(fstat(fileno(fp), &s)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat ECDSA private key file `%s': %s'", fname, strerror(errno));
logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat Ed25519 private key file `%s': %s'", fname, strerror(errno));
free(fname);
return false;
}
if(s.st_mode & ~0100700)
logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for ECDSA private key file `%s'!", fname);
logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for Ed25519 private key file `%s'!", fname);
#endif
myself->connection->ecdsa = ecdsa_read_pem_private_key(fp);
fclose(fp);
if(!myself->connection->ecdsa)
logger(DEBUG_ALWAYS, LOG_ERR, "Reading ECDSA private key file `%s' failed: %s", fname, strerror(errno));
logger(DEBUG_ALWAYS, LOG_ERR, "Reading Ed25519 private key file `%s' failed", fname);
free(fname);
return myself->connection->ecdsa;
}
@ -231,7 +231,7 @@ static bool read_invitation_key(void) {
invitation_key = NULL;
}
xasprintf(&fname, "%s" SLASH "invitations" SLASH "ecdsa_key.priv", confbase);
xasprintf(&fname, "%s" SLASH "invitations" SLASH "ed25519_key.priv", confbase);
fp = fopen(fname, "r");
@ -239,7 +239,7 @@ static bool read_invitation_key(void) {
invitation_key = ecdsa_read_pem_private_key(fp);
fclose(fp);
if(!invitation_key)
logger(DEBUG_ALWAYS, LOG_ERR, "Reading ECDSA private key file `%s' failed: %s", fname, strerror(errno));
logger(DEBUG_ALWAYS, LOG_ERR, "Reading Ed25519 private key file `%s' failed", fname);
}
free(fname);

12
src/protocol_auth.c
View file

@ -172,7 +172,7 @@ static bool finalize_invitation(connection_t *c, const char *data, uint16_t len)
return false;
}
fprintf(f, "ECDSAPublicKey = %s\n", data);
fprintf(f, "Ed25519PublicKey = %s\n", data);
fclose(f);
logger(DEBUG_CONNECTIONS, LOG_INFO, "Key succesfully received from %s (%s)", c->name, c->hostname);
@ -386,7 +386,7 @@ bool id_h(connection_t *c, const char *request) {
c->protocol_minor = 1;
}
/* Forbid version rollback for nodes whose ECDSA key we know */
/* Forbid version rollback for nodes whose Ed25519 key we know */
if(ecdsa_active(c->ecdsa) && c->protocol_minor < 2) {
logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s (%s) tries to roll back protocol version to %d.%d",
@ -629,7 +629,7 @@ bool chal_reply_h(connection_t *c, const char *request) {
}
static bool send_upgrade(connection_t *c) {
/* Special case when protocol_minor is 1: the other end is ECDSA capable,
/* Special case when protocol_minor is 1: the other end is Ed25519 capable,
* but doesn't know our key yet. So send it now. */
char *pubkey = ecdsa_get_base64_public_key(myself->connection->ecdsa);
@ -718,12 +718,12 @@ static bool upgrade_h(connection_t *c, const char *request) {
}
if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(c)) {
logger(DEBUG_ALWAYS, LOG_INFO, "Already have ECDSA public key from %s (%s), not upgrading.", c->name, c->hostname);
logger(DEBUG_ALWAYS, LOG_INFO, "Already have Ed25519 public key from %s (%s), not upgrading.", c->name, c->hostname);
return false;
}
logger(DEBUG_ALWAYS, LOG_INFO, "Got ECDSA public key from %s (%s), upgrading!", c->name, c->hostname);
append_config_file(c->name, "ECDSAPublicKey", pubkey);
logger(DEBUG_ALWAYS, LOG_INFO, "Got Ed25519 public key from %s (%s), upgrading!", c->name, c->hostname);
append_config_file(c->name, "Ed25519PublicKey", pubkey);
c->allow_request = TERMREQ;
return send_termreq(c);
}

8
src/protocol_key.c
View file

@ -98,7 +98,7 @@ static bool send_initial_sptps_data(void *handle, uint8_t type, const char *data
bool send_req_key(node_t *to) {
if(to->status.sptps) {
if(!node_read_ecdsa_public_key(to)) {
logger(DEBUG_PROTOCOL, LOG_DEBUG, "No ECDSA key known for %s (%s)", to->name, to->hostname);
logger(DEBUG_PROTOCOL, LOG_DEBUG, "No Ed25519 key known for %s (%s)", to->name, to->hostname);
send_request(to->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, to->name, REQ_PUBKEY);
return true;
}
@ -142,14 +142,14 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in
return true;
}
logger(DEBUG_PROTOCOL, LOG_INFO, "Learned ECDSA public key from %s (%s)", from->name, from->hostname);
append_config_file(from->name, "ECDSAPublicKey", pubkey);
logger(DEBUG_PROTOCOL, LOG_INFO, "Learned Ed25519 public key from %s (%s)", from->name, from->hostname);
append_config_file(from->name, "Ed25519PublicKey", pubkey);
return true;
}
case REQ_KEY: {
if(!node_read_ecdsa_public_key(from)) {
logger(DEBUG_PROTOCOL, LOG_DEBUG, "No ECDSA key known for %s (%s)", from->name, from->hostname);
logger(DEBUG_PROTOCOL, LOG_DEBUG, "No Ed25519 key known for %s (%s)", from->name, from->hostname);
send_request(from->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, from->name, REQ_PUBKEY);
return true;
}

4
src/sptps.c
View file

@ -39,7 +39,7 @@ unsigned int sptps_replaywin = 16;
Sign all handshake messages up to ECDHE kex with long-term public keys. (done)
HMACed KEX finished message to prevent downgrade attacks and prove you have the right key material (done by virtue of ECDSA over the whole ECDHE exchange?)
HMACed KEX finished message to prevent downgrade attacks and prove you have the right key material (done by virtue of Ed25519 over the whole ECDHE exchange?)
Explicit close message needs to be added.
@ -163,7 +163,7 @@ static bool send_kex(sptps_t *s) {
return send_record_priv(s, SPTPS_HANDSHAKE, s->mykex, 1 + 32 + keylen);
}
// Send a SIGnature record, containing an ECDSA signature over both KEX records.
// Send a SIGnature record, containing an Ed25519 signature over both KEX records.
static bool send_sig(sptps_t *s) {
size_t keylen = ECDH_SIZE;
size_t siglen = ecdsa_size(s->mykey);

6
src/sptps_speed.c
View file

@ -96,14 +96,14 @@ int main(int argc, char *argv[]) {
key1 = ecdsa_generate();
key2 = ecdsa_generate();
// ECDSA signatures
// Ed25519 signatures
fprintf(stderr, "ECDSA sign for %lg seconds: ", duration);
fprintf(stderr, "Ed25519 sign for %lg seconds: ", duration);
for(clock_start(); clock_countto(duration);)
ecdsa_sign(key1, buf1, 256, buf2);
fprintf(stderr, "%22.2lf op/s\n", rate);
fprintf(stderr, "ECDSA verify for %lg seconds: ", duration);
fprintf(stderr, "Ed25519 verify for %lg seconds: ", duration);
for(clock_start(); clock_countto(duration);)
ecdsa_verify(key1, buf1, 256, buf2);
fprintf(stderr, "%20.2lf op/s\n", rate);

2
src/sptps_test.c
View file

@ -77,7 +77,7 @@ static struct option const long_options[] = {
const char *program_name;
static void usage() {
fprintf(stderr, "Usage: %s [options] my_ecdsa_key_file his_ecdsa_key_file [host] port\n\n", program_name);
fprintf(stderr, "Usage: %s [options] my_ed25519_key_file his_ed25519_key_file [host] port\n\n", program_name);
fprintf(stderr, "Valid options are:\n"
" -d, --datagram Enable datagram mode.\n"
" -q, --quit Quit when EOF occurs on stdin.\n"

44
src/tincctl.c
View file

@ -116,9 +116,9 @@ static void usage(bool status) {
" restart [tincd options] Restart tincd.\n"
" reload Partially reload configuration of running tincd.\n"
" pid Show PID of currently running tincd.\n"
" generate-keys [bits] Generate new RSA and ECDSA public/private keypairs.\n"
" generate-keys [bits] Generate new RSA and Ed25519 public/private keypairs.\n"
" generate-rsa-keys [bits] Generate a new RSA public/private keypair.\n"
" generate-ecdsa-keys Generate a new ECDSA public/private keypair.\n"
" generate-ed25519-keys Generate a new Ed25519 public/private keypair.\n"
" dump Dump a list of one of the following things:\n"
" [reachable] nodes - all known nodes in the VPN\n"
" edges - all known connections in the VPN\n"
@ -246,19 +246,19 @@ static void disable_old_keys(const char *filename, const char *what) {
while(fgets(buf, sizeof buf, r)) {
if(!block && !strncmp(buf, "-----BEGIN ", 11)) {
if((strstr(buf, " EC ") && strstr(what, "ECDSA")) || (strstr(buf, " RSA ") && strstr(what, "RSA"))) {
if((strstr(buf, " RSA ") && strstr(what, "RSA"))) {
disabled = true;
block = true;
}
}
bool ecdsapubkey = !strncasecmp(buf, "ECDSAPublicKey", 14) && strchr(" \t=", buf[14]) && strstr(what, "ECDSA");
bool ed25519pubkey = !strncasecmp(buf, "Ed25519PublicKey", 16) && strchr(" \t=", buf[16]) && strstr(what, "Ed25519");
if(ecdsapubkey)
if(ed25519pubkey)
disabled = true;
if(w) {
if(block || ecdsapubkey)
if(block || ed25519pubkey)
fputc('#', w);
if(fputs(buf, w) < 0) {
error = true;
@ -355,15 +355,15 @@ static FILE *ask_and_open(const char *filename, const char *what, const char *mo
}
/*
Generate a public/private ECDSA keypair, and ask for a file to store
Generate a public/private Ed25519 keypair, and ask for a file to store
them in.
*/
static bool ecdsa_keygen(bool ask) {
static bool ed25519_keygen(bool ask) {
ecdsa_t *key;
FILE *f;
char *pubname, *privname;
fprintf(stderr, "Generating ECDSA keypair:\n");
fprintf(stderr, "Generating Ed25519 keypair:\n");
if(!(key = ecdsa_generate())) {
fprintf(stderr, "Error during key generation!\n");
@ -371,8 +371,8 @@ static bool ecdsa_keygen(bool ask) {
} else
fprintf(stderr, "Done.\n");
xasprintf(&privname, "%s" SLASH "ecdsa_key.priv", confbase);
f = ask_and_open(privname, "private ECDSA key", "a", ask, 0600);
xasprintf(&privname, "%s" SLASH "ed25519_key.priv", confbase);
f = ask_and_open(privname, "private Ed25519 key", "a", ask, 0600);
free(privname);
if(!f)
@ -390,16 +390,16 @@ static bool ecdsa_keygen(bool ask) {
if(name)
xasprintf(&pubname, "%s" SLASH "hosts" SLASH "%s", confbase, name);
else
xasprintf(&pubname, "%s" SLASH "ecdsa_key.pub", confbase);
xasprintf(&pubname, "%s" SLASH "ed25519_key.pub", confbase);
f = ask_and_open(pubname, "public ECDSA key", "a", ask, 0666);
f = ask_and_open(pubname, "public Ed25519 key", "a", ask, 0666);
free(pubname);
if(!f)
return false;
char *pubkey = ecdsa_get_base64_public_key(key);
fprintf(f, "ECDSAPublicKey = %s\n", pubkey);
fprintf(f, "Ed25519PublicKey = %s\n", pubkey);
free(pubkey);
fclose(f);
@ -1303,7 +1303,7 @@ const var_t variables[] = {
{"Device", VAR_SERVER},
{"DeviceType", VAR_SERVER},
{"DirectOnly", VAR_SERVER},
{"ECDSAPrivateKeyFile", VAR_SERVER},
{"Ed25519PrivateKeyFile", VAR_SERVER},
{"ExperimentalProtocol", VAR_SERVER},
{"Forwarding", VAR_SERVER},
{"GraphDumpFile", VAR_SERVER | VAR_OBSOLETE},
@ -1341,8 +1341,8 @@ const var_t variables[] = {
{"ClampMSS", VAR_SERVER | VAR_HOST},
{"Compression", VAR_SERVER | VAR_HOST},
{"Digest", VAR_SERVER | VAR_HOST},
{"ECDSAPublicKey", VAR_HOST},
{"ECDSAPublicKeyFile", VAR_SERVER | VAR_HOST},
{"Ed25519PublicKey", VAR_HOST},
{"Ed25519PublicKeyFile", VAR_SERVER | VAR_HOST},
{"IndirectData", VAR_SERVER | VAR_HOST},
{"MACLength", VAR_SERVER | VAR_HOST},
{"PMTU", VAR_SERVER | VAR_HOST},
@ -1782,7 +1782,7 @@ static int cmd_init(int argc, char *argv[]) {
fprintf(f, "Name = %s\n", name);
fclose(f);
if(!rsa_keygen(2048, false) || !ecdsa_keygen(false))
if(!rsa_keygen(2048, false) || !ed25519_keygen(false))
return 1;
check_port(name);
@ -1814,7 +1814,7 @@ static int cmd_generate_keys(int argc, char *argv[]) {
if(!name)
name = get_my_name(false);
return !(rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true) && ecdsa_keygen(true));
return !(rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true) && ed25519_keygen(true));
}
static int cmd_generate_rsa_keys(int argc, char *argv[]) {
@ -1829,7 +1829,7 @@ static int cmd_generate_rsa_keys(int argc, char *argv[]) {
return !rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true);
}
static int cmd_generate_ecdsa_keys(int argc, char *argv[]) {
static int cmd_generate_ed25519_keys(int argc, char *argv[]) {
if(argc > 1) {
fprintf(stderr, "Too many arguments!\n");
return 1;
@ -1838,7 +1838,7 @@ static int cmd_generate_ecdsa_keys(int argc, char *argv[]) {
if(!name)
name = get_my_name(false);
return !ecdsa_keygen(true);
return !ed25519_keygen(true);
}
static int cmd_help(int argc, char *argv[]) {
@ -2179,7 +2179,7 @@ static const struct {
{"init", cmd_init},
{"generate-keys", cmd_generate_keys},
{"generate-rsa-keys", cmd_generate_rsa_keys},
{"generate-ecdsa-keys", cmd_generate_ecdsa_keys},
{"generate-ed25519-keys", cmd_generate_ed25519_keys},
{"help", cmd_help},
{"version", cmd_version},
{"info", cmd_info},