X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_key.c;h=802f7ca68d5f2707fb6eaed2ce47990d810d3a60;hb=6dfdb323612184529b4b83c1be914dda8262de47;hp=bbe0239df781379dcb028db0fac6b06869648591;hpb=7a71d48009e03ff1143a6e1084803f456a27c849;p=tinc diff --git a/src/protocol_key.c b/src/protocol_key.c index bbe0239d..802f7ca6 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -108,12 +108,15 @@ static bool send_initial_sptps_data(void *handle, uint8_t type, const char *data bool send_req_key(node_t *to) { if(to->status.sptps) { if(!node_read_ecdsa_public_key(to)) { - logger(DEBUG_ALWAYS, LOG_DEBUG, "No ECDSA key known for %s (%s)", to->name, to->hostname); + logger(DEBUG_PROTOCOL, LOG_DEBUG, "No ECDSA key known for %s (%s)", to->name, to->hostname); send_request(to->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, to->name, REQ_PUBKEY); return true; } char label[25 + strlen(myself->name) + strlen(to->name)]; snprintf(label, sizeof label, "tinc UDP key expansion %s %s", myself->name, to->name); + sptps_stop(&to->sptps); + to->status.validkey = false; + to->incompression = myself->incompression; return sptps_start(&to->sptps, to, true, true, myself->connection->ecdsa, to->ecdsa, label, sizeof label, send_initial_sptps_data, receive_sptps_record); } @@ -133,7 +136,7 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in case ANS_PUBKEY: { if(node_read_ecdsa_public_key(from)) { - logger(DEBUG_ALWAYS, LOG_WARNING, "Got ANS_PUBKEY from %s (%s) even though we already have his pubkey", from->name, from->hostname); + logger(DEBUG_PROTOCOL, LOG_WARNING, "Got ANS_PUBKEY from %s (%s) even though we already have his pubkey", from->name, from->hostname); return true; } @@ -143,14 +146,14 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in return true; } - logger(DEBUG_ALWAYS, LOG_INFO, "Learned ECDSA public key from %s (%s)", from->name, from->hostname); + logger(DEBUG_PROTOCOL, LOG_INFO, "Learned ECDSA public key from %s (%s)", from->name, from->hostname); append_config_file(from->name, "ECDSAPublicKey", pubkey); return true; } case REQ_KEY: { if(!node_read_ecdsa_public_key(from)) { - logger(DEBUG_ALWAYS, LOG_DEBUG, "No ECDSA key known for %s (%s)", from->name, from->hostname); + logger(DEBUG_PROTOCOL, LOG_DEBUG, "No ECDSA key known for %s (%s)", from->name, from->hostname); send_request(from->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, from->name, REQ_PUBKEY); return true; } @@ -167,6 +170,8 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in char label[25 + strlen(from->name) + strlen(myself->name)]; snprintf(label, sizeof label, "tinc UDP key expansion %s %s", from->name, myself->name); + sptps_stop(&from->sptps); + from->status.validkey = false; sptps_start(&from->sptps, from, false, true, myself->connection->ecdsa, from->ecdsa, label, sizeof label, send_sptps_data, receive_sptps_record); sptps_receive_data(&from->sptps, buf, len); return true; @@ -225,7 +230,7 @@ bool req_key_h(connection_t *c, const char *request) { return true; if(!to->status.reachable) { - logger(DEBUG_ALWAYS, LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable", + logger(DEBUG_PROTOCOL, LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable", "REQ_KEY", c->name, c->hostname, to_name); return true; } @@ -329,6 +334,16 @@ bool ans_key_h(connection_t *c, const char *request) { return send_request(to->nexthop->connection, "%s", request); } + /* Don't use key material until every check has passed. */ + from->status.validkey = false; + + if(compression < 0 || compression > 11) { + logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses bogus compression level!", from->name, from->hostname); + return true; + } + + from->outcompression = compression; + /* SPTPS or old-style key exchange? */ if(from->status.sptps) { @@ -369,13 +384,6 @@ bool ans_key_h(connection_t *c, const char *request) { return false; } - if(compression < 0 || compression > 11) { - logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses bogus compression level!", from->name, from->hostname); - return true; - } - - from->outcompression = compression; - /* Process key */ keylen = hex2bin(key, key, sizeof key);