X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_key.c;h=fc3707ae1d29b72595423f5596d75643f16a8e5a;hb=fec279a9c54ec8a13bd1ba4c7bec0d2a15454992;hp=4b2047a79ba978f8c8b5519a9d805d2451622a05;hpb=ac163120d7f0300c8d555f76ace3368ce2ffa655;p=tinc

diff --git a/src/protocol_key.c b/src/protocol_key.c
index 4b2047a7..fc3707ae 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -84,7 +84,7 @@ bool key_changed_h(connection_t *c, char *request) {
 }
 
 bool send_req_key(node_t *to) {
-	return send_request(to->nexthop->connection, "%d %s %s 1", REQ_KEY, myself->name, to->name);
+	return send_request(to->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, to->name, experimental ? 1 : 0);
 }
 
 bool req_key_h(connection_t *c, char *request) {
@@ -123,7 +123,7 @@ bool req_key_h(connection_t *c, char *request) {
 	/* Check if this key request is for us */
 
 	if(to == myself) {			/* Yes, send our own key back */
-		if(kx_version > 0) {
+		if(experimental && kx_version >= 1) {
 			logger(LOG_DEBUG, "Got ECDH key request from %s", from->name);
 			from->status.ecdh = true;
 		}
@@ -149,8 +149,7 @@ bool send_ans_key_ecdh(node_t *to) {
 
 	ecdh_generate_public(&to->ecdh, key);
 
-	bin2hex(key, key, ECDH_SIZE);
-	key[ECDH_SIZE * 2] = '\0';
+	b64encode(key, key, ECDH_SIZE);
 
 	return send_request(to->nexthop->connection, "%d %s %s ECDH:%s %d %d %zu %d", ANS_KEY,
 						myself->name, to->name, key,
@@ -161,7 +160,7 @@ bool send_ans_key_ecdh(node_t *to) {
 }
 
 bool send_ans_key(node_t *to) {
-	if(to->status.ecdh)
+	if(experimental && to->status.ecdh)
 		return send_ans_key_ecdh(to);
 
 	size_t keylen = cipher_keylength(&myself->incipher);
@@ -176,7 +175,6 @@ bool send_ans_key(node_t *to) {
 	digest_set_key(&to->indigest, key, keylen);
 
 	bin2hex(key, key, keylen);
-	key[keylen * 2] = '\0';
 
 	// Reset sequence number and late packet window
 	mykeyused = true;
@@ -280,8 +278,8 @@ bool ans_key_h(connection_t *c, char *request) {
 
 	/* ECDH or old-style key exchange? */
 	
-	if(!strncmp(key, "ECDH:", 5)) {
-		keylen = (strlen(key) - 5) / 2;
+	if(experimental && !strncmp(key, "ECDH:", 5)) {
+		int keylen = b64decode(key + 5, key + 5, sizeof key - 5);
 
 		if(keylen != ECDH_SIZE) {
 			logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
@@ -300,8 +298,6 @@ bool ans_key_h(connection_t *c, char *request) {
 		}
 
 		char shared[ECDH_SHARED_SIZE * 2 + 1];
-		char hex[ECDH_SHARED_SIZE * 2 + 1];
-		hex2bin(key + 5, key + 5, keylen);
 
 		if(!ecdh_compute_shared(&from->ecdh, key + 5, shared))
 			return false;
@@ -349,8 +345,7 @@ bool ans_key_h(connection_t *c, char *request) {
 		if(strcmp(myself->name, from->name) < 0)
 			memmove(key, key + mykeylen * 2, hiskeylen * 2);
 	} else {
-		keylen = strlen(key) / 2;
-		hex2bin(key, key, keylen);
+		keylen = hex2bin(key, key, sizeof key);
 
 		if(keylen != cipher_keylength(&from->outcipher)) {
 			logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);