/* Check and lookup cipher and digest algorithms */
- if(!(c->incipher = cipher_open_by_nid(cipher)) || !cipher_set_key_from_rsa(c->incipher, key, len, false)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of cipher from %s (%s)", c->name, c->hostname);
- return false;
+ if(cipher) {
+ if(!(c->incipher = cipher_open_by_nid(cipher)) || !cipher_set_key_from_rsa(c->incipher, key, len, false)) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of cipher from %s (%s)", c->name, c->hostname);
+ return false;
+ }
+ } else {
+ c->incipher = NULL;
}
- if(!(c->indigest = digest_open_by_nid(digest, -1))) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of digest from %s (%s)", c->name, c->hostname);
- return false;
+ if(digest) {
+ if(!(c->indigest = digest_open_by_nid(digest, -1))) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of digest from %s (%s)", c->name, c->hostname);
+ return false;
+ }
+ } else {
+ c->indigest = NULL;
}
c->status.decryptin = true;
if(to->status.sptps)
abort();
- size_t keylen = cipher_keylength(myself->incipher);
+ size_t keylen = myself->incipher ? cipher_keylength(myself->incipher) : 1;
char key[keylen * 2 + 1];
+ randomize(key, keylen);
+
cipher_close(to->incipher);
digest_close(to->indigest);
- to->incipher = cipher_open_by_nid(cipher_get_nid(myself->incipher));
- to->indigest = digest_open_by_nid(digest_get_nid(myself->indigest), digest_length(myself->indigest));
- to->incompression = myself->incompression;
+ if(myself->incipher) {
+ to->incipher = cipher_open_by_nid(cipher_get_nid(myself->incipher));
+ if(!to->incipher)
+ abort();
+ if(!cipher_set_key(to->incipher, key, false))
+ abort();
+ }
- if(!to->incipher || !to->indigest)
- abort();
+ if(myself->indigest) {
+ to->indigest = digest_open_by_nid(digest_get_nid(myself->indigest), digest_length(myself->indigest));
+ if(!to->indigest)
+ abort();
+ if(!digest_set_key(to->indigest, key, keylen))
+ abort();
+ }
- randomize(key, keylen);
- if(!cipher_set_key(to->incipher, key, false))
- abort();
- if(!digest_set_key(to->indigest, key, keylen))
- abort();
+ to->incompression = myself->incompression;
bin2hex(key, key, keylen);
keylen = hex2bin(key, key, sizeof key);
- if(keylen != cipher_keylength(from->outcipher)) {
+ if(keylen != (from->outcipher ? cipher_keylength(from->outcipher) : 1)) {
logger(DEBUG_ALWAYS, LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
return true;
}
/* Update our copy of the origin's packet key */
- if(!cipher_set_key(from->outcipher, key, true))
+ if(from->outcipher && !cipher_set_key(from->outcipher, key, true))
return false;
- if(!digest_set_key(from->outdigest, key, keylen))
+ if(from->outdigest && !digest_set_key(from->outdigest, key, keylen))
return false;
from->status.validkey = true;
--- /dev/null
+#!/bin/sh
+
+. ./testlib.sh
+
+# Initialize two nodes
+
+$tinc $c1 <<EOF
+init foo
+set DeviceType dummy
+set Port 32755
+set Address localhost
+set ExperimentalProtocol no
+EOF
+
+$tinc $c2 <<EOF
+init bar
+set DeviceType dummy
+set Port 0
+set ExperimentalProtocol no
+EOF
+
+# Exchange configuration
+
+$tinc $c1 export | $tinc $c2 exchange | $tinc $c1 import
+$tinc $c2 add ConnectTo foo
+$tinc $c1 start $r1
+
+# Test various ciphers and digests
+
+for digest in none md5 sha1 sha256 sha512; do
+ for cipher in none bf-cbc aes-128-cbc aes-256-cbc camellia-128-cbc camellia-256-cbc; do
+ echo Testing $cipher $digest
+ $tinc $c2 <<EOF
+set Digest $digest
+set Cipher $cipher
+EOF
+
+ $tinc $c2 start $r2
+ sleep 2;
+ $tinc $c1 info bar
+ $tinc $c1 info bar | grep -q 'directly with UDP'
+ $tinc $c2 stop
+ done
+done
+
+$tinc $c1 stop
projects / tinc / commitdiff