-int id_h(connection_t *c)
-{
- char name[MAX_STRING_SIZE];
- int bla;
-cp
- if(sscanf(c->buffer, "%*d "MAX_STRING" %d", name, &c->protocol_version) != 2)
- {
- syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, c->hostname);
- return -1;
- }
-
- /* Check if identity is a valid name */
-
- if(check_id(name))
- {
- syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ID", c->name, c->hostname, "invalid name");
- return -1;
- }
-
- /* If we set c->name in advance, make sure we are connected to the right host */
-
- if(c->name)
- {
- if(strcmp(c->name, name))
- {
- syslog(LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name, c->name);
- return -1;
- }
- }
- else
- c->name = xstrdup(name);
-
- /* Check if version matches */
-
- if(c->protocol_version != myself->connection->protocol_version)
- {
- syslog(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"),
- c->name, c->hostname, c->protocol_version);
- return -1;
- }
-
- if(bypass_security)
- {
- if(!c->config_tree)
- init_configuration(&c->config_tree);
- c->allow_request = ACK;
- return send_ack(c);
- }
-
- if(!c->config_tree)
- {
- init_configuration(&c->config_tree);
-
- if((bla = read_connection_config(c)))
- {
- syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, c->name);
- return -1;
- }
- }
-
- if(read_rsa_public_key(c))
- {
- return -1;
- }
-
- /* Check some options */
-
- if((get_config_bool(lookup_config(c->config_tree, "IndirectData"), &bla) && bla) || myself->options & OPTION_INDIRECT)
- c->options |= OPTION_INDIRECT;
-
- if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &bla) && bla) || myself->options & OPTION_TCPONLY)
- c->options |= OPTION_TCPONLY | OPTION_INDIRECT;
-
- c->allow_request = METAKEY;
-cp
- return send_metakey(c);
+bool id_h(connection_t *c, const char *request) {
+ char name[MAX_STRING_SIZE];
+
+ if(sscanf(request, "%*d " MAX_STRING " %2d.%3d", name, &c->protocol_major, &c->protocol_minor) < 2) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "ID", c->name,
+ c->hostname);
+ return false;
+ }
+
+ /* Check if this is a control connection */
+
+ if(name[0] == '^' && !strcmp(name + 1, controlcookie)) {
+ c->status.control = true;
+ c->allow_request = CONTROL;
+ c->last_ping_time = now.tv_sec + 3600;
+
+ free(c->name);
+ c->name = xstrdup("<control>");
+
+ if(!c->outgoing) {
+ send_id(c);
+ }
+
+ return send_request(c, "%d %d %d", ACK, TINC_CTL_VERSION_CURRENT, getpid());
+ }
+
+ if(name[0] == '?') {
+ if(!invitation_key) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Got invitation from %s but we don't have an invitation key", c->hostname);
+ return false;
+ }
+
+ c->ecdsa = ecdsa_set_base64_public_key(name + 1);
+
+ if(!c->ecdsa) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Got bad invitation from %s", c->hostname);
+ return false;
+ }
+
+ c->status.invitation = true;
+ char *mykey = ecdsa_get_base64_public_key(invitation_key);
+
+ if(!mykey) {
+ return false;
+ }
+
+ if(!c->outgoing) {
+ send_id(c);
+ }
+
+ if(!send_request(c, "%d %s", ACK, mykey)) {
+ return false;
+ }
+
+ free(mykey);
+
+ c->protocol_minor = 2;
+
+ return sptps_start(&c->sptps, c, false, false, invitation_key, c->ecdsa, "tinc invitation", 15, send_meta_sptps, receive_invitation_sptps);
+ }
+
+ /* Check if identity is a valid name */
+
+ if(!check_id(name) || !strcmp(name, myself->name)) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s): %s", "ID", c->name,
+ c->hostname, "invalid name");
+ return false;
+ }
+
+ /* If this is an outgoing connection, make sure we are connected to the right host */
+
+ if(c->outgoing) {
+ if(strcmp(c->name, name)) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s is %s instead of %s", c->hostname, name,
+ c->name);
+ return false;
+ }
+ } else {
+ free(c->name);
+ c->name = xstrdup(name);
+ }
+
+ /* Check if version matches */
+
+ if(c->protocol_major != myself->connection->protocol_major) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s (%s) uses incompatible version %d.%d",
+ c->name, c->hostname, c->protocol_major, c->protocol_minor);
+ return false;
+ }
+
+ if(bypass_security) {
+ if(!c->config_tree) {
+ c->config_tree = create_configuration();
+ }
+
+ c->allow_request = ACK;
+
+ if(!c->outgoing) {
+ send_id(c);
+ }
+
+ return send_ack(c);
+ }
+
+ if(!experimental) {
+ c->protocol_minor = 0;
+ }
+
+ if(!c->config_tree) {
+ c->config_tree = create_configuration();
+
+ if(!read_host_config(c->config_tree, c->name, false)) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s had unknown identity (%s)", c->hostname, c->name);
+ return false;
+ }
+
+ if(experimental) {
+ read_ecdsa_public_key(&c->ecdsa, &c->config_tree, c->name);
+ }
+
+ /* Ignore failures if no key known yet */
+ }
+
+ if(c->protocol_minor && !ecdsa_active(c->ecdsa)) {
+ c->protocol_minor = 1;
+ }
+
+ /* Forbid version rollback for nodes whose Ed25519 key we know */
+
+ if(ecdsa_active(c->ecdsa) && c->protocol_minor < 1) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s (%s) tries to roll back protocol version to %d.%d",
+ c->name, c->hostname, c->protocol_major, c->protocol_minor);
+ return false;
+ }
+
+ c->allow_request = METAKEY;
+
+ if(!c->outgoing) {
+ send_id(c);
+ }
+
+ if(c->protocol_minor >= 2) {
+ c->allow_request = ACK;
+
+ const size_t labellen = 25 + strlen(myself->name) + strlen(c->name);
+ char *label = alloca(labellen);
+
+ if(c->outgoing) {
+ snprintf(label, labellen, "tinc TCP key expansion %s %s", myself->name, c->name);
+ } else {
+ snprintf(label, labellen, "tinc TCP key expansion %s %s", c->name, myself->name);
+ }
+
+ return sptps_start(&c->sptps, c, c->outgoing, false, myself->connection->ecdsa, c->ecdsa, label, labellen, send_meta_sptps, receive_meta_sptps);
+ } else {
+ return send_metakey(c);
+ }
+}
+
+#ifndef DISABLE_LEGACY
+static const char *get_cipher_name(cipher_t *cipher) {
+ size_t keylen = cipher_keylength(cipher);
+
+ if(keylen <= 16) {
+ return "aes-128-cfb";
+ } else if(keylen <= 24) {
+ return "aes-192-cfb";
+ } else {
+ return "aes-256-cfb";
+ }
+}
+
+bool send_metakey(connection_t *c) {
+ if(!myself->connection->legacy) {
+ logger(DEBUG_CONNECTIONS, LOG_ERR, "Peer %s (%s) uses legacy protocol which we don't support", c->name, c->hostname);
+ return false;
+ }
+
+ rsa_t *rsa = read_rsa_public_key(c->config_tree, c->name);
+
+ if(!rsa) {
+ return false;
+ }
+
+ legacy_ctx_t *ctx = new_legacy_ctx(rsa);
+
+ /* We need to use a stream mode for the meta protocol. Use AES for this,
+ but try to match the key size with the one from the cipher selected
+ by Cipher.
+ */
+
+ const char *cipher_name = get_cipher_name(myself->incipher);
+
+ if(!init_crypto_by_name(&ctx->out, cipher_name, "sha256")) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of cipher or digest to %s (%s)", c->name, c->hostname);
+ free_legacy_ctx(ctx);
+ return false;
+ }
+
+ const size_t len = rsa_size(ctx->rsa);
+ const size_t hexkeylen = HEX_SIZE(len);
+ char *key = alloca(len);
+ char *enckey = alloca(len);
+ char *hexkey = alloca(hexkeylen);
+
+ /* Create a random key */
+
+ randomize(key, len);
+
+ /* The message we send must be smaller than the modulus of the RSA key.
+ By definition, for a key of k bits, the following formula holds:
+
+ 2^(k-1) <= modulus < 2^(k)
+
+ Where ^ means "to the power of", not "xor".
+ This means that to be sure, we must choose our message < 2^(k-1).
+ This can be done by setting the most significant bit to zero.
+ */
+
+ key[0] &= 0x7F;
+
+ if(!cipher_set_key_from_rsa(&ctx->out.cipher, key, len, true)) {
+ free_legacy_ctx(ctx);
+ memzero(key, len);
+ return false;
+ }
+
+ if(debug_level >= DEBUG_SCARY_THINGS) {
+ bin2hex(key, hexkey, len);
+ logger(DEBUG_SCARY_THINGS, LOG_DEBUG, "Generated random meta key (unencrypted): %s", hexkey);
+ memzero(hexkey, hexkeylen);
+ }
+
+ /* Encrypt the random data
+
+ We do not use one of the PKCS padding schemes here.
+ This is allowed, because we encrypt a totally random string
+ with a length equal to that of the modulus of the RSA key.
+ */
+
+ bool encrypted = rsa_public_encrypt(ctx->rsa, key, len, enckey);
+ memzero(key, len);
+
+ if(!encrypted) {
+ free_legacy_ctx(ctx);
+ logger(DEBUG_ALWAYS, LOG_ERR, "Error during encryption of meta key for %s (%s)", c->name, c->hostname);
+ return false;
+ }
+
+ free_legacy_ctx(c->legacy);
+ c->legacy = ctx;
+
+ /* Convert the encrypted random data to a hexadecimal formatted string */
+
+ bin2hex(enckey, hexkey, len);
+
+ /* Send the meta key */
+
+ bool result = send_request(c, "%d %d %d %d %d %s", METAKEY,
+ cipher_get_nid(&c->legacy->out.cipher),
+ digest_get_nid(&c->legacy->out.digest), c->outmaclength,
+ COMPRESS_NONE, hexkey);
+
+ c->status.encryptout = true;
+ return result;