X-Git-Url: http://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=47c248db5ede5d47559164ab8f7b45657d71f8e2;hb=6b92ac505d2cd5c7e390d49bf1f0b399ef9f8327;hp=ac486ea6f0ba0b34b12eacc75b66990d45f7391f;hpb=b23bf132838156d2fe5a18d50a2b5e068ae18ec3;p=tinc

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index ac486ea6..47c248db 100644
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -198,7 +198,7 @@ static bool finalize_invitation(connection_t *c, const char *data, uint16_t len)
 	return true;
 }
 
-static bool receive_invitation_sptps(void *handle, uint8_t type, const char *data, uint16_t len) {
+static bool receive_invitation_sptps(void *handle, uint8_t type, const void *data, uint16_t len) {
 	connection_t *c = handle;
 
 	if(type == 128)
@@ -379,13 +379,13 @@ bool id_h(connection_t *c, const char *request) {
 		}
 
 		if(experimental)
-			if(!read_ecdsa_public_key(c))
-				return false;
-	} else {
-		if(c->protocol_minor && !ecdsa_active(c->ecdsa))
-			c->protocol_minor = 1;
+			read_ecdsa_public_key(c);
+			/* Ignore failures if no key known yet */
 	}
 
+	if(c->protocol_minor && !ecdsa_active(c->ecdsa))
+		c->protocol_minor = 1;
+
 	/* Forbid version rollback for nodes whose Ed25519 key we know */
 
 	if(ecdsa_active(c->ecdsa) && c->protocol_minor < 2) {
@@ -421,7 +421,7 @@ bool send_metakey(connection_t *c) {
 	if(!(c->outdigest = digest_open_sha1(-1)))
 		return false;
 
-	size_t len = rsa_size(c->rsa);
+	const size_t len = rsa_size(c->rsa);
 	char key[len];
 	char enckey[len];
 	char hexkey[2 * len + 1];
@@ -480,7 +480,7 @@ bool send_metakey(connection_t *c) {
 bool metakey_h(connection_t *c, const char *request) {
 	char hexkey[MAX_STRING_SIZE];
 	int cipher, digest, maclength, compression;
-	size_t len = rsa_size(myself->connection->rsa);
+	const size_t len = rsa_size(myself->connection->rsa);
 	char enckey[len];
 	char key[len];
 
@@ -540,7 +540,7 @@ bool metakey_h(connection_t *c, const char *request) {
 }
 
 bool send_challenge(connection_t *c) {
-	size_t len = rsa_size(c->rsa);
+	const size_t len = rsa_size(c->rsa);
 	char buffer[len * 2 + 1];
 
 	if(!c->hischallenge)
@@ -561,7 +561,7 @@ bool send_challenge(connection_t *c) {
 
 bool challenge_h(connection_t *c, const char *request) {
 	char buffer[MAX_STRING_SIZE];
-	size_t len = rsa_size(myself->connection->rsa);
+	const size_t len = rsa_size(myself->connection->rsa);
 	size_t digestlen = digest_length(c->indigest);
 	char digest[digestlen];
 
@@ -726,7 +726,21 @@ static bool upgrade_h(connection_t *c, const char *request) {
 	}
 
 	if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(c)) {
-		logger(DEBUG_ALWAYS, LOG_INFO, "Already have Ed25519 public key from %s (%s), not upgrading.", c->name, c->hostname);
+		char *knownkey = ecdsa_get_base64_public_key(c->ecdsa);
+		bool different = strcmp(knownkey, pubkey);
+		free(knownkey);
+		if(different) {
+			logger(DEBUG_ALWAYS, LOG_ERR, "Already have an Ed25519 public key from %s (%s) which is different from the one presented now!", c->name, c->hostname);
+			return false;
+		}
+		logger(DEBUG_ALWAYS, LOG_INFO, "Already have Ed25519 public key from %s (%s), ignoring.", c->name, c->hostname);
+		c->allow_request = TERMREQ;
+		return send_termreq(c);
+	}
+
+	c->ecdsa = ecdsa_set_base64_public_key(pubkey);
+	if(!c->ecdsa) {
+		logger(DEBUG_ALWAYS, LOG_INFO, "Got bad Ed25519 public key from %s (%s), not upgrading.", c->name, c->hostname);
 		return false;
 	}