X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_key.c;h=e838f6135578ea8d8dcd3db2dcd6fe14e89e1bc9;hb=b0d80c7f28528c2c8857c5662b4aca779b3184bb;hp=a3cf3f51b5965b90923b525494593a971f611e08;hpb=e3a4672afb8eb341b380e74b2bf6d098f61c08a3;p=tinc diff --git a/src/protocol_key.c b/src/protocol_key.c index a3cf3f51..e838f613 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -98,7 +98,7 @@ static bool send_initial_sptps_data(void *handle, uint8_t type, const char *data bool send_req_key(node_t *to) { if(to->status.sptps) { if(!node_read_ecdsa_public_key(to)) { - logger(DEBUG_PROTOCOL, LOG_DEBUG, "No ECDSA key known for %s (%s)", to->name, to->hostname); + logger(DEBUG_PROTOCOL, LOG_DEBUG, "No Ed25519 key known for %s (%s)", to->name, to->hostname); send_request(to->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, to->name, REQ_PUBKEY); return true; } @@ -142,14 +142,14 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in return true; } - logger(DEBUG_PROTOCOL, LOG_INFO, "Learned ECDSA public key from %s (%s)", from->name, from->hostname); - append_config_file(from->name, "ECDSAPublicKey", pubkey); + logger(DEBUG_PROTOCOL, LOG_INFO, "Learned Ed25519 public key from %s (%s)", from->name, from->hostname); + append_config_file(from->name, "Ed25519PublicKey", pubkey); return true; } case REQ_KEY: { if(!node_read_ecdsa_public_key(from)) { - logger(DEBUG_PROTOCOL, LOG_DEBUG, "No ECDSA key known for %s (%s)", from->name, from->hostname); + logger(DEBUG_PROTOCOL, LOG_DEBUG, "No Ed25519 key known for %s (%s)", from->name, from->hostname); send_request(from->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, from->name, REQ_PUBKEY); return true; } @@ -260,24 +260,31 @@ bool send_ans_key(node_t *to) { if(to->status.sptps) abort(); - size_t keylen = cipher_keylength(myself->incipher); + size_t keylen = myself->incipher ? cipher_keylength(myself->incipher) : 1; char key[keylen * 2 + 1]; + randomize(key, keylen); + cipher_close(to->incipher); digest_close(to->indigest); - to->incipher = cipher_open_by_nid(cipher_get_nid(myself->incipher)); - to->indigest = digest_open_by_nid(digest_get_nid(myself->indigest), digest_length(myself->indigest)); - to->incompression = myself->incompression; + if(myself->incipher) { + to->incipher = cipher_open_by_nid(cipher_get_nid(myself->incipher)); + if(!to->incipher) + abort(); + if(!cipher_set_key(to->incipher, key, false)) + abort(); + } - if(!to->incipher || !to->indigest) - abort(); + if(myself->indigest) { + to->indigest = digest_open_by_nid(digest_get_nid(myself->indigest), digest_length(myself->indigest)); + if(!to->indigest) + abort(); + if(!digest_set_key(to->indigest, key, keylen)) + abort(); + } - randomize(key, keylen); - if(!cipher_set_key(to->incipher, key, false)) - abort(); - if(!digest_set_key(to->indigest, key, keylen)) - abort(); + to->incompression = myself->incompression; bin2hex(key, key, keylen); @@ -395,14 +402,22 @@ bool ans_key_h(connection_t *c, const char *request) { /* Check and lookup cipher and digest algorithms */ - if(!(from->outcipher = cipher_open_by_nid(cipher))) { - logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name, from->hostname); - return false; + if(cipher) { + if(!(from->outcipher = cipher_open_by_nid(cipher))) { + logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name, from->hostname); + return false; + } + } else { + from->outcipher = NULL; } - if(!(from->outdigest = digest_open_by_nid(digest, maclength))) { - logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown digest!", from->name, from->hostname); - return false; + if(digest) { + if(!(from->outdigest = digest_open_by_nid(digest, maclength))) { + logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses unknown digest!", from->name, from->hostname); + return false; + } + } else { + from->outdigest = NULL; } if(maclength != digest_length(from->outdigest)) { @@ -414,16 +429,16 @@ bool ans_key_h(connection_t *c, const char *request) { keylen = hex2bin(key, key, sizeof key); - if(keylen != cipher_keylength(from->outcipher)) { + if(keylen != (from->outcipher ? cipher_keylength(from->outcipher) : 1)) { logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname); return true; } /* Update our copy of the origin's packet key */ - if(!cipher_set_key(from->outcipher, key, true)) + if(from->outcipher && !cipher_set_key(from->outcipher, key, true)) return false; - if(!digest_set_key(from->outdigest, key, keylen)) + if(from->outdigest && !digest_set_key(from->outdigest, key, keylen)) return false; from->status.validkey = true;