X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;ds=sidebyside;f=src%2Fprotocol_auth.c;h=b8d4ee8e7a0658ff1e353fa00f36d5a0ab472fbe;hb=b0d80c7f28528c2c8857c5662b4aca779b3184bb;hp=52afa0969cffafbbc7342af42f1fda9c3ba5f6d3;hpb=06a4a8c153407b690a3ce3f0e7fdaa8568ccb1a3;p=tinc diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 52afa096..b8d4ee8e 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -172,7 +172,7 @@ static bool finalize_invitation(connection_t *c, const char *data, uint16_t len) return false; } - fprintf(f, "ECDSAPublicKey = %s\n", data); + fprintf(f, "Ed25519PublicKey = %s\n", data); fclose(f); logger(DEBUG_CONNECTIONS, LOG_INFO, "Key succesfully received from %s (%s)", c->name, c->hostname); @@ -379,13 +379,14 @@ bool id_h(connection_t *c, const char *request) { } if(experimental) - read_ecdsa_public_key(c); + if(!read_ecdsa_public_key(c)) + return false; } else { if(c->protocol_minor && !ecdsa_active(c->ecdsa)) c->protocol_minor = 1; } - /* Forbid version rollback for nodes whose ECDSA key we know */ + /* Forbid version rollback for nodes whose Ed25519 key we know */ if(ecdsa_active(c->ecdsa) && c->protocol_minor < 2) { logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s (%s) tries to roll back protocol version to %d.%d", @@ -513,14 +514,22 @@ bool metakey_h(connection_t *c, const char *request) { /* Check and lookup cipher and digest algorithms */ - if(!(c->incipher = cipher_open_by_nid(cipher)) || !cipher_set_key_from_rsa(c->incipher, key, len, false)) { - logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of cipher from %s (%s)", c->name, c->hostname); - return false; + if(cipher) { + if(!(c->incipher = cipher_open_by_nid(cipher)) || !cipher_set_key_from_rsa(c->incipher, key, len, false)) { + logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of cipher from %s (%s)", c->name, c->hostname); + return false; + } + } else { + c->incipher = NULL; } - if(!(c->indigest = digest_open_by_nid(digest, -1))) { - logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of digest from %s (%s)", c->name, c->hostname); - return false; + if(digest) { + if(!(c->indigest = digest_open_by_nid(digest, -1))) { + logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of digest from %s (%s)", c->name, c->hostname); + return false; + } + } else { + c->indigest = NULL; } c->status.decryptin = true; @@ -628,7 +637,7 @@ bool chal_reply_h(connection_t *c, const char *request) { } static bool send_upgrade(connection_t *c) { - /* Special case when protocol_minor is 1: the other end is ECDSA capable, + /* Special case when protocol_minor is 1: the other end is Ed25519 capable, * but doesn't know our key yet. So send it now. */ char *pubkey = ecdsa_get_base64_public_key(myself->connection->ecdsa); @@ -717,12 +726,12 @@ static bool upgrade_h(connection_t *c, const char *request) { } if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(c)) { - logger(DEBUG_ALWAYS, LOG_INFO, "Already have ECDSA public key from %s (%s), not upgrading.", c->name, c->hostname); + logger(DEBUG_ALWAYS, LOG_INFO, "Already have Ed25519 public key from %s (%s), not upgrading.", c->name, c->hostname); return false; } - logger(DEBUG_ALWAYS, LOG_INFO, "Got ECDSA public key from %s (%s), upgrading!", c->name, c->hostname); - append_config_file(c->name, "ECDSAPublicKey", pubkey); + logger(DEBUG_ALWAYS, LOG_INFO, "Got Ed25519 public key from %s (%s), upgrading!", c->name, c->hostname); + append_config_file(c->name, "Ed25519PublicKey", pubkey); c->allow_request = TERMREQ; return send_termreq(c); }