X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Finvitation.c;h=38634886fd098e09c8cd6bdf9a7cbcd9928060e9;hb=176ee015267d87ff4fd4d2615e9f5ac978116171;hp=a6996cc692aee9857fc8866b3ce30a7a7c5919c2;hpb=ef5e8b6920d1dd3097f36bd0c50170100acf2f28;p=tinc diff --git a/src/invitation.c b/src/invitation.c index a6996cc6..38634886 100644 --- a/src/invitation.c +++ b/src/invitation.c @@ -33,6 +33,8 @@ #include "utils.h" #include "xalloc.h" +#include "ed25519/sha512.h" + int addressfamily = AF_UNSPEC; static void scan_for_hostname(const char *filename, char **hostname, char **port) { @@ -270,8 +272,6 @@ int cmd_invite(int argc, char *argv[]) { } } - char hash[25]; - xasprintf(&filename, "%s" SLASH "invitations", confbase); if(mkdir(filename, 0700) && errno != EEXIST) { fprintf(stderr, "Could not create directory %s: %s\n", filename, strerror(errno)); @@ -365,11 +365,9 @@ int cmd_invite(int argc, char *argv[]) { return 1; // Create a hash of the key. + char hash[64]; char *fingerprint = ecdsa_get_base64_public_key(key); - digest_t *digest = digest_open_by_name("sha256", 18); - if(!digest) - abort(); - digest_create(digest, fingerprint, strlen(fingerprint), hash); + sha512(fingerprint, strlen(fingerprint), hash); b64encode_urlsafe(hash, hash, 18); // Create a random cookie for this invitation. @@ -378,10 +376,10 @@ int cmd_invite(int argc, char *argv[]) { // Create a filename that doesn't reveal the cookie itself char buf[18 + strlen(fingerprint)]; - char cookiehash[25]; + char cookiehash[64]; memcpy(buf, cookie, 18); memcpy(buf + 18, fingerprint, sizeof buf - 18); - digest_create(digest, buf, sizeof buf, cookiehash); + sha512(buf, sizeof buf, cookiehash); b64encode_urlsafe(cookiehash, cookiehash, 18); b64encode_urlsafe(cookie, cookie, 18); @@ -613,6 +611,7 @@ make_names: FILE *fh = fopen(filename, "w"); if(!fh) { fprintf(stderr, "Could not create file %s: %s\n", filename, strerror(errno)); + fclose(f); return false; } @@ -738,8 +737,9 @@ make_names: sptps_send_record(&sptps, 1, b64key, strlen(b64key)); free(b64key); + ecdsa_free(key); - +#ifndef DISABLE_LEGACY rsa_t *rsa = rsa_generate(2048, 0x1001); xasprintf(&filename, "%s" SLASH "rsa_key.priv", confbase); f = fopenmask(filename, "w", 0600); @@ -750,8 +750,8 @@ make_names: rsa_write_pem_public_key(rsa, fh); fclose(fh); - ecdsa_free(key); rsa_free(rsa); +#endif check_port(name); @@ -786,7 +786,7 @@ ask_netname: } -static bool invitation_send(void *handle, uint8_t type, const char *data, size_t len) { +static bool invitation_send(void *handle, uint8_t type, const void *data, size_t len) { while(len) { int result = send(sock, data, len, 0); if(result == -1 && errno == EINTR) @@ -799,7 +799,7 @@ static bool invitation_send(void *handle, uint8_t type, const char *data, size_t return true; } -static bool invitation_receive(void *handle, uint8_t type, const char *msg, uint16_t len) { +static bool invitation_receive(void *handle, uint8_t type, const void *msg, uint16_t len) { switch(type) { case SPTPS_HANDSHAKE: return sptps_send_record(&sptps, 0, cookie, sizeof cookie); @@ -957,11 +957,8 @@ int cmd_join(int argc, char *argv[]) { // Check if the hash of the key he gave us matches the hash in the URL. char *fingerprint = line + 2; - digest_t *digest = digest_open_by_name("sha256", 18); - if(!digest) - abort(); - char hishash[18]; - if(!digest_create(digest, fingerprint, strlen(fingerprint), hishash)) { + char hishash[64]; + if(sha512(fingerprint, strlen(fingerprint), hishash)) { fprintf(stderr, "Could not create digest\n%s\n", line + 2); return 1; }