projects
/
tinc
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Make "tinc add" idempotent.
[tinc]
/
src
/
protocol_auth.c
diff --git
a/src/protocol_auth.c
b/src/protocol_auth.c
index
cd45deb
..
0882ddf
100644
(file)
--- a/
src/protocol_auth.c
+++ b/
src/protocol_auth.c
@@
-45,6
+45,8
@@
#include "utils.h"
#include "xalloc.h"
#include "utils.h"
#include "xalloc.h"
+#include "ed25519/sha512.h"
+
ecdsa_t *invitation_key = NULL;
static bool send_proxyrequest(connection_t *c) {
ecdsa_t *invitation_key = NULL;
static bool send_proxyrequest(connection_t *c) {
@@
-211,17
+213,13
@@
static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat
return false;
// Recover the filename from the cookie and the key
return false;
// Recover the filename from the cookie and the key
- digest_t *digest = digest_open_by_name("sha256", 18);
- if(!digest)
- abort();
char *fingerprint = ecdsa_get_base64_public_key(invitation_key);
char hashbuf[18 + strlen(fingerprint)];
char *fingerprint = ecdsa_get_base64_public_key(invitation_key);
char hashbuf[18 + strlen(fingerprint)];
- char cookie[
25
];
+ char cookie[
64
];
memcpy(hashbuf, data, 18);
memcpy(hashbuf + 18, fingerprint, sizeof hashbuf - 18);
memcpy(hashbuf, data, 18);
memcpy(hashbuf + 18, fingerprint, sizeof hashbuf - 18);
-
digest_create(digest,
hashbuf, sizeof hashbuf, cookie);
+
sha512(
hashbuf, sizeof hashbuf, cookie);
b64encode_urlsafe(cookie, cookie, 18);
b64encode_urlsafe(cookie, cookie, 18);
- digest_close(digest);
free(fingerprint);
char filename[PATH_MAX], usedname[PATH_MAX];
free(fingerprint);
char filename[PATH_MAX], usedname[PATH_MAX];
@@
-412,6
+410,14
@@
bool id_h(connection_t *c, const char *request) {
}
bool send_metakey(connection_t *c) {
}
bool send_metakey(connection_t *c) {
+#ifdef DISABLE_LEGACY
+ return false;
+#else
+ if(!myself->connection->rsa) {
+ logger(DEBUG_CONNECTIONS, LOG_ERR, "Peer %s (%s) uses legacy protocol which we don't support", c->name, c->hostname);
+ return false;
+ }
+
if(!read_rsa_public_key(c))
return false;
if(!read_rsa_public_key(c))
return false;
@@
-421,7
+427,7
@@
bool send_metakey(connection_t *c) {
if(!(c->outdigest = digest_open_sha1(-1)))
return false;
if(!(c->outdigest = digest_open_sha1(-1)))
return false;
- size_t len = rsa_size(c->rsa);
+
const
size_t len = rsa_size(c->rsa);
char key[len];
char enckey[len];
char hexkey[2 * len + 1];
char key[len];
char enckey[len];
char hexkey[2 * len + 1];
@@
-475,12
+481,19
@@
bool send_metakey(connection_t *c) {
c->status.encryptout = true;
return result;
c->status.encryptout = true;
return result;
+#endif
}
bool metakey_h(connection_t *c, const char *request) {
}
bool metakey_h(connection_t *c, const char *request) {
+#ifdef DISABLE_LEGACY
+ return false;
+#else
+ if(!myself->connection->rsa)
+ return false;
+
char hexkey[MAX_STRING_SIZE];
int cipher, digest, maclength, compression;
char hexkey[MAX_STRING_SIZE];
int cipher, digest, maclength, compression;
- size_t len = rsa_size(myself->connection->rsa);
+
const
size_t len = rsa_size(myself->connection->rsa);
char enckey[len];
char key[len];
char enckey[len];
char key[len];
@@
-537,10
+550,14
@@
bool metakey_h(connection_t *c, const char *request) {
c->allow_request = CHALLENGE;
return send_challenge(c);
c->allow_request = CHALLENGE;
return send_challenge(c);
+#endif
}
bool send_challenge(connection_t *c) {
}
bool send_challenge(connection_t *c) {
- size_t len = rsa_size(c->rsa);
+#ifdef DISABLE_LEGACY
+ return false;
+#else
+ const size_t len = rsa_size(c->rsa);
char buffer[len * 2 + 1];
if(!c->hischallenge)
char buffer[len * 2 + 1];
if(!c->hischallenge)
@@
-557,11
+574,18
@@
bool send_challenge(connection_t *c) {
/* Send the challenge */
return send_request(c, "%d %s", CHALLENGE, buffer);
/* Send the challenge */
return send_request(c, "%d %s", CHALLENGE, buffer);
+#endif
}
bool challenge_h(connection_t *c, const char *request) {
}
bool challenge_h(connection_t *c, const char *request) {
+#ifdef DISABLE_LEGACY
+ return false;
+#else
+ if(!myself->connection->rsa)
+ return false;
+
char buffer[MAX_STRING_SIZE];
char buffer[MAX_STRING_SIZE];
- size_t len = rsa_size(myself->connection->rsa);
+
const
size_t len = rsa_size(myself->connection->rsa);
size_t digestlen = digest_length(c->indigest);
char digest[digestlen];
size_t digestlen = digest_length(c->indigest);
char digest[digestlen];
@@
-595,9
+619,13
@@
bool challenge_h(connection_t *c, const char *request) {
c->allow_request = CHAL_REPLY;
return send_request(c, "%d %s", CHAL_REPLY, buffer);
c->allow_request = CHAL_REPLY;
return send_request(c, "%d %s", CHAL_REPLY, buffer);
+#endif
}
bool chal_reply_h(connection_t *c, const char *request) {
}
bool chal_reply_h(connection_t *c, const char *request) {
+#ifdef DISABLE_LEGACY
+ return false;
+#else
char hishash[MAX_STRING_SIZE];
if(sscanf(request, "%*d " MAX_STRING, hishash) != 1) {
char hishash[MAX_STRING_SIZE];
if(sscanf(request, "%*d " MAX_STRING, hishash) != 1) {
@@
-634,9
+662,13
@@
bool chal_reply_h(connection_t *c, const char *request) {
c->allow_request = ACK;
return send_ack(c);
c->allow_request = ACK;
return send_ack(c);
+#endif
}
static bool send_upgrade(connection_t *c) {
}
static bool send_upgrade(connection_t *c) {
+#ifdef DISABLE_LEGACY
+ return false;
+#else
/* Special case when protocol_minor is 1: the other end is Ed25519 capable,
* but doesn't know our key yet. So send it now. */
/* Special case when protocol_minor is 1: the other end is Ed25519 capable,
* but doesn't know our key yet. So send it now. */
@@
-648,6
+680,7
@@
static bool send_upgrade(connection_t *c) {
bool result = send_request(c, "%d %s", ACK, pubkey);
free(pubkey);
return result;
bool result = send_request(c, "%d %s", ACK, pubkey);
free(pubkey);
return result;
+#endif
}
bool send_ack(connection_t *c) {
}
bool send_ack(connection_t *c) {