X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_setup.c;h=17eaec2b7475be8ec88b5ccae689cdecec68de6b;hb=5a132550deb58473285e5f91705d286aef47be71;hp=b8fb4f0205d3f174cd04147a5a6c142f76fd3888;hpb=bf8e3ce13dba6109757c14dc0013a315a75d2ba3;p=tinc

diff --git a/src/net_setup.c b/src/net_setup.c
index b8fb4f02..17eaec2b 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -1,7 +1,7 @@
 /*
     net_setup.c -- Setup.
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2006 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2009 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -22,17 +22,13 @@
 
 #include "system.h"
 
-#include <openssl/pem.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-
 #include "splay_tree.h"
+#include "cipher.h"
 #include "conf.h"
 #include "connection.h"
 #include "control.h"
 #include "device.h"
+#include "digest.h"
 #include "graph.h"
 #include "logger.h"
 #include "net.h"
@@ -40,6 +36,7 @@
 #include "process.h"
 #include "protocol.h"
 #include "route.h"
+#include "rsa.h"
 #include "subnet.h"
 #include "utils.h"
 #include "xalloc.h"
@@ -50,125 +47,66 @@ static struct event device_ev;
 bool read_rsa_public_key(connection_t *c) {
 	FILE *fp;
 	char *fname;
-	char *key;
+	char *n;
+	bool result;
 
 	cp();
 
-	if(!c->rsa_key) {
-		c->rsa_key = RSA_new();
-//		RSA_blinding_on(c->rsa_key, NULL);
-	}
-
 	/* First, check for simple PublicKey statement */
 
-	if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) {
-		BN_hex2bn(&c->rsa_key->n, key);
-		BN_hex2bn(&c->rsa_key->e, "FFFF");
-		free(key);
-		return true;
+	if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &n)) {
+		result = rsa_set_hex_public_key(&c->rsa, n, "FFFF");
+		free(n);
+		return result;
 	}
 
 	/* Else, check for PublicKeyFile statement and read it */
 
-	if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) {
-		fp = fopen(fname, "r");
-
-		if(!fp) {
-			logger(LOG_ERR, _("Error reading RSA public key file `%s': %s"),
-				   fname, strerror(errno));
-			free(fname);
-			return false;
-		}
-
-		free(fname);
-		c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
-		fclose(fp);
-
-		if(c->rsa_key)
-			return true;		/* Woohoo. */
-
-		/* If it fails, try PEM_read_RSA_PUBKEY. */
-		fp = fopen(fname, "r");
+	if(!get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname))
+		asprintf(&fname, "%s/hosts/%s", confbase, c->name);
 
-		if(!fp) {
-			logger(LOG_ERR, _("Error reading RSA public key file `%s': %s"),
-				   fname, strerror(errno));
-			free(fname);
-			return false;
-		}
-
-		free(fname);
-		c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
-		fclose(fp);
-
-		if(c->rsa_key) {
-//				RSA_blinding_on(c->rsa_key, NULL);
-			return true;
-		}
+	fp = fopen(fname, "r");
 
-		logger(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"),
+	if(!fp) {
+		logger(LOG_ERR, _("Error reading RSA public key file `%s': %s"),
 			   fname, strerror(errno));
+		free(fname);
 		return false;
 	}
 
-	/* Else, check if a harnessed public key is in the config file */
-
-	asprintf(&fname, "%s/hosts/%s", confbase, c->name);
-	fp = fopen(fname, "r");
-
-	if(fp) {
-		c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
-		fclose(fp);
-	}
-
-	free(fname);
-
-	if(c->rsa_key)
-		return true;
-
-	/* Try again with PEM_read_RSA_PUBKEY. */
-
-	asprintf(&fname, "%s/hosts/%s", confbase, c->name);
-	fp = fopen(fname, "r");
-
-	if(fp) {
-		c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
-//		RSA_blinding_on(c->rsa_key, NULL);
-		fclose(fp);
-	}
+	result = rsa_read_pem_public_key(&c->rsa, fp);
+	fclose(fp);
 
+	if(!result) 
+		logger(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), fname, strerror(errno));
 	free(fname);
-
-	if(c->rsa_key)
-		return true;
-
-	logger(LOG_ERR, _("No public key for %s specified!"), c->name);
-
-	return false;
+	return result;
 }
 
-bool read_rsa_private_key(void) {
+bool read_rsa_private_key() {
 	FILE *fp;
-	char *fname, *key, *pubkey;
-	struct stat s;
+	char *fname;
+	char *n, *d;
+	bool result;
 
 	cp();
 
-	if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
-		if(!get_config_string(lookup_config(myself->connection->config_tree, "PublicKey"), &pubkey)) {
+	/* First, check for simple PrivateKey statement */
+
+	if(get_config_string(lookup_config(config_tree, "PrivateKey"), &d)) {
+		if(!get_config_string(lookup_config(myself->connection->config_tree, "PublicKey"), &n)) {
 			logger(LOG_ERR, _("PrivateKey used but no PublicKey found!"));
+			free(d);
 			return false;
 		}
-		myself->connection->rsa_key = RSA_new();
-//		RSA_blinding_on(myself->connection->rsa_key, NULL);
-		BN_hex2bn(&myself->connection->rsa_key->d, key);
-		BN_hex2bn(&myself->connection->rsa_key->n, pubkey);
-		BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
-		free(key);
-		free(pubkey);
+		result = rsa_set_hex_private_key(&myself->connection->rsa, n, "FFFF", d);
+		free(n);
+		free(d);
 		return true;
 	}
 
+	/* Else, check for PrivateKeyFile statement and read it */
+
 	if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname))
 		asprintf(&fname, "%s/rsa_key.priv", confbase);
 
@@ -182,9 +120,10 @@ bool read_rsa_private_key(void) {
 	}
 
 #if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
+	struct stat s;
+
 	if(fstat(fileno(fp), &s)) {
-		logger(LOG_ERR, _("Could not stat RSA private key file `%s': %s'"),
-				fname, strerror(errno));
+		logger(LOG_ERR, _("Could not stat RSA private key file `%s': %s'"), fname, strerror(errno));
 		free(fname);
 		return false;
 	}
@@ -193,18 +132,13 @@ bool read_rsa_private_key(void) {
 		logger(LOG_WARNING, _("Warning: insecure file permissions for RSA private key file `%s'!"), fname);
 #endif
 
-	myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
+	result = rsa_read_pem_private_key(&myself->connection->rsa, fp);
 	fclose(fp);
 
-	if(!myself->connection->rsa_key) {
-		logger(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"),
-			   fname, strerror(errno));
-		free(fname);
-		return false;
-	}
-
+	if(!result) 
+		logger(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), fname, strerror(errno));
 	free(fname);
-	return true;
+	return result;
 }
 
 static struct event keyexpire_event;
@@ -214,10 +148,8 @@ static void keyexpire_handler(int fd, short events, void *data) {
 }
 
 void regenerate_key() {
-	RAND_pseudo_bytes((unsigned char *)myself->key, myself->keylength);
-
 	if(timeout_initialized(&keyexpire_event)) {
-		ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key"));
+		ifdebug(STATUS) logger(LOG_INFO, _("Expiring symmetric keys"));
 		event_del(&keyexpire_event);
 		send_key_changed(broadcast, myself);
 	} else {
@@ -225,16 +157,6 @@ void regenerate_key() {
 	}
 
 	event_add(&keyexpire_event, &(struct timeval){keylifetime, 0});
-
-	if(myself->cipher) {
-		EVP_CIPHER_CTX_init(&packet_ctx);
-		if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, (unsigned char *)myself->key, (unsigned char *)myself->key + myself->cipher->key_len)) {
-			logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"),
-					myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL));
-			abort();
-		}
-
-	}
 }
 
 /*
@@ -314,9 +236,6 @@ bool setup_myself(void) {
 	if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice) && choice)
 		myself->options |= OPTION_TCPONLY;
 
-	if(get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) && choice)
-		myself->options |= OPTION_PMTU_DISCOVERY;
-
 	if(myself->options & OPTION_TCPONLY)
 		myself->options |= OPTION_INDIRECT;
 
@@ -337,11 +256,15 @@ bool setup_myself(void) {
 	} else
 		routing_mode = RMODE_ROUTER;
 
+	if(routing_mode == RMODE_ROUTER)
+		if(!get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) || choice)
+			myself->options |= OPTION_PMTU_DISCOVERY;
+
 	get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance);
 
 #if !defined(SOL_IP) || !defined(IP_TOS)
 	if(priorityinheritance)
-		logger(LOG_WARNING, _("PriorityInheritance not supported on this platform"));
+		logger(LOG_WARNING, _("%s not supported on this platform"), "PriorityInheritance");
 #endif
 
 	if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire))
@@ -373,79 +296,50 @@ bool setup_myself(void) {
 
 	/* Generate packet encryption key */
 
-	if(get_config_string
-	   (lookup_config(myself->connection->config_tree, "Cipher"), &cipher)) {
-		if(!strcasecmp(cipher, "none")) {
-			myself->cipher = NULL;
-		} else {
-			myself->cipher = EVP_get_cipherbyname(cipher);
-
-			if(!myself->cipher) {
-				logger(LOG_ERR, _("Unrecognized cipher type!"));
-				return false;
-			}
-		}
-	} else
-		myself->cipher = EVP_bf_cbc();
-
-	if(myself->cipher)
-		myself->keylength = myself->cipher->key_len + myself->cipher->iv_len;
-	else
-		myself->keylength = 1;
+	if(!get_config_string(lookup_config(myself->connection->config_tree, "Cipher"), &cipher))
+		cipher = xstrdup("blowfish");
 
-	myself->connection->outcipher = EVP_bf_ofb();
-
-	myself->key = xmalloc(myself->keylength);
+	if(!cipher_open_by_name(&myself->incipher, cipher)) {
+		logger(LOG_ERR, _("Unrecognized cipher type!"));
+		return false;
+	}
 
 	if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
 		keylifetime = 3600;
 
 	regenerate_key();
+
 	/* Check if we want to use message authentication codes... */
 
-	if(get_config_string
-	   (lookup_config(myself->connection->config_tree, "Digest"), &digest)) {
-		if(!strcasecmp(digest, "none")) {
-			myself->digest = NULL;
-		} else {
-			myself->digest = EVP_get_digestbyname(digest);
-
-			if(!myself->digest) {
-				logger(LOG_ERR, _("Unrecognized digest type!"));
-				return false;
-			}
-		}
-	} else
-		myself->digest = EVP_sha1();
-
-	myself->connection->outdigest = EVP_sha1();
-
-	if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"),
-		&myself->maclength)) {
-		if(myself->digest) {
-			if(myself->maclength > myself->digest->md_size) {
-				logger(LOG_ERR, _("MAC length exceeds size of digest!"));
-				return false;
-			} else if(myself->maclength < 0) {
-				logger(LOG_ERR, _("Bogus MAC length!"));
-				return false;
-			}
-		}
-	} else
-		myself->maclength = 4;
+	if(!get_config_string(lookup_config(myself->connection->config_tree, "Digest"), &digest))
+		digest = xstrdup("sha1");
 
-	myself->connection->outmaclength = 0;
+	if(!digest_open_by_name(&myself->indigest, digest)) {
+		logger(LOG_ERR, _("Unrecognized digest type!"));
+		return false;
+	}
+
+	if(!get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->inmaclength))
+
+	if(digest_active(&myself->indigest)) {
+		if(myself->inmaclength > digest_length(&myself->indigest)) {
+			logger(LOG_ERR, _("MAC length exceeds size of digest!"));
+			return false;
+		} else if(myself->inmaclength < 0) {
+			logger(LOG_ERR, _("Bogus MAC length!"));
+			return false;
+		}
+	}
 
 	/* Compression */
 
-	if(get_config_int(lookup_config(myself->connection->config_tree, "Compression"),
-		&myself->compression)) {
-		if(myself->compression < 0 || myself->compression > 11) {
+	if(get_config_int(lookup_config(myself->connection->config_tree, "Compression"), &myself->incompression)) {
+		if(myself->incompression < 0 || myself->incompression > 11) {
 			logger(LOG_ERR, _("Bogus compression level!"));
 			return false;
 		}
 	} else
-		myself->compression = 0;
+		myself->incompression = 0;
 
 	myself->connection->outcompression = 0;
 
@@ -463,8 +357,8 @@ bool setup_myself(void) {
 	if(!setup_device())
 		return false;
 
-	event_set(&device_ev, device_fd, EV_READ|EV_PERSIST,
-			  handle_device_data, NULL);
+	event_set(&device_ev, device_fd, EV_READ|EV_PERSIST, handle_device_data, NULL);
+
 	if (event_add(&device_ev, NULL) < 0) {
 		logger(LOG_ERR, _("event_add failed: %s"), strerror(errno));
 		close_device();
@@ -567,9 +461,10 @@ bool setup_myself(void) {
 }
 
 /*
-  setup all initial network connections
+  initialize network
 */
-bool setup_network_connections(void) {
+bool setup_network(void)
+{
 	cp();
 
 	init_connections();
@@ -591,13 +486,11 @@ bool setup_network_connections(void) {
 		pingtimeout = pinginterval;
 
 	if(!get_config_int(lookup_config(config_tree, "MaxOutputBufferSize"), &maxoutbufsize))
-		maxoutbufsize = 4 * MTU;
+		maxoutbufsize = 10 * MTU;
 
 	if(!setup_myself())
 		return false;
 
-	try_outgoing_connections();
-
 	return true;
 }
 
@@ -615,21 +508,16 @@ void close_network_connections(void) {
 	for(node = connection_tree->head; node; node = next) {
 		next = node->next;
 		c = node->data;
-
-		if(c->outgoing) {
-			if(c->outgoing->ai)
-				freeaddrinfo(c->outgoing->ai);
-			free(c->outgoing->name);
-			free(c->outgoing);
-			c->outgoing = NULL;
-		}
-
+		c->outgoing = false;
 		terminate_connection(c, false);
 	}
 
+	list_delete_list(outgoing_list);
+
 	if(myself && myself->connection) {
 		subnet_update(myself, NULL, false);
 		terminate_connection(myself->connection, false);
+		free_connection(myself->connection);
 	}
 
 	for(i = 0; i < listen_sockets; i++) {
@@ -653,6 +541,8 @@ void close_network_connections(void) {
 
 	execute_script("tinc-down", envp);
 
+	if(myport) free(myport);
+
 	for(i = 0; i < 4; i++)
 		free(envp[i]);