From: Ivo Timmermans Date: Mon, 1 May 2000 21:31:59 +0000 (+0000) Subject: Fixed meta protocol. X-Git-Tag: release-1.0pre1~19 X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=a9247e6f2c57bda9dc62ed050f41048847109e83;p=tinc Fixed meta protocol. --- diff --git a/src/encr.c b/src/encr.c index 31e0b944..fe7b2e8f 100644 --- a/src/encr.c +++ b/src/encr.c @@ -225,16 +225,25 @@ void encrypt_passphrase(passphrase_t *pp) { char key[1000]; char tmp[1000]; - int len; + unsigned char phrase[1000]; + int keylen; + int i; BF_KEY bf_key; + cp mpz_get_str(tmp, 16, my_public_key); - len = str_hex_to_bin(key, tmp); + keylen = str_hex_to_bin(key, tmp); - cipher_set_key(&bf_key, len, key); + cipher_set_key(&bf_key, keylen, key); - low_crypt_key(mypassphrase, pp->phrase, &bf_key, mypassphraselen, BF_ENCRYPT); - pp->len = ((mypassphraselen - 1) | 7) + 5; + low_crypt_key(mypassphrase, phrase, &bf_key, mypassphraselen, BF_ENCRYPT); + pp->len = ((mypassphraselen - 1) | 7) + 1; + pp->phrase = xmalloc((pp->len << 1) + 1); + + for(i = 0; i < pp->len; i++) + snprintf(&(pp->phrase)[i << 1], 3, "%02x", (int)phrase[i]); + + pp->phrase[(pp->len << 1) + 1] = '\0'; if(key_inited) cipher_set_key(&encryption_key, encryption_keylen, text_key); @@ -244,29 +253,31 @@ cp int verify_passphrase(conn_list_t *cl, unsigned char *his_pubkey) { char key[1000]; - char tmp[1000]; - int len; + char *tmp; + unsigned char phrase[1000]; + int keylen, pplen; mpz_t pk; unsigned char *out; BF_KEY bf_key; char which[sizeof("123.123.123.123")+1]; char *meuk; cp - mpz_init_set_str(pk, his_pubkey, 16); - mpz_get_str(tmp, 16, pk); - len = str_hex_to_bin(key, tmp); - out = xmalloc(strlen(cl->pp) + 3); - - cipher_set_key(&bf_key, len, key); - low_crypt_key(cl->pp, out, &bf_key, strlen(cl->pp), BF_DECRYPT); + mpz_init_set_str(pk, his_pubkey, 36); + tmp = mpz_get_str(NULL, 16, pk); + keylen = str_hex_to_bin(key, tmp); + out = xmalloc((cl->pp->len >> 1) + 3); + pplen = str_hex_to_bin(phrase, cl->pp->phrase); + + cipher_set_key(&bf_key, keylen, key); + low_crypt_key(phrase, out, &bf_key, pplen, BF_DECRYPT); if(key_inited) cipher_set_key(&encryption_key, encryption_keylen, text_key); sprintf(which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip)); - if((len = read_passphrase(which, &meuk)) < 0) + if((pplen = read_passphrase(which, &meuk)) < 0) return -1; - if(memcmp(meuk, out, len)) + if(memcmp(meuk, out, pplen)) return -1; cp return 0; diff --git a/src/net.h b/src/net.h index 7dae4193..27a16cf8 100644 --- a/src/net.h +++ b/src/net.h @@ -28,9 +28,6 @@ #define MAXSIZE 1700 /* should be a bit more than the MTU for the tapdevice */ #define MTU 1600 -#define MAX_PASSPHRASE_SIZE 2000 /* 2kb is really waaaay too much. nobody's - gonna need a 16 kbit passphrase */ - #define MAC_ADDR_S "%02x:%02x:%02x:%02x:%02x:%02x" #define MAC_ADDR_V(x) ((unsigned char*)&(x))[0],((unsigned char*)&(x))[1], \ ((unsigned char*)&(x))[2],((unsigned char*)&(x))[3], \ @@ -64,7 +61,7 @@ typedef struct real_packet_t { typedef struct passphrase_t { unsigned short len; - unsigned char phrase[MAX_PASSPHRASE_SIZE]; + unsigned char *phrase; } passphrase_t; typedef struct status_bits_t { @@ -109,7 +106,7 @@ typedef struct conn_list_t { int meta_socket; /* our tcp meta socket */ int protocol_version; /* used protocol */ status_bits_t status; /* status info */ - unsigned char *pp; /* encoded passphrase */ + passphrase_t *pp; /* encoded passphrase */ packet_queue_t *sq; /* pending outgoing packets */ packet_queue_t *rq; /* pending incoming packets (they have no valid key to be decrypted with) */ diff --git a/src/protocol.c b/src/protocol.c index 21dba5bb..0a27692e 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -213,10 +213,10 @@ cp encrypt_passphrase(&tmp); if(debug_lvl > 2) - syslog(LOG_DEBUG, "Send PASSPHRASE to " IP_ADDR_S, - IP_ADDR_V(cl->vpn_ip)); + syslog(LOG_DEBUG, "Send PASSPHRASE %s to " IP_ADDR_S, + tmp.phrase, IP_ADDR_V(cl->vpn_ip)); - buflen = sprintf(buffer, "%d %s\n", PASSPHRASE, tmp.phrase); + buflen = snprintf(buffer, MAXBUFSIZE, "%d %s\n", PASSPHRASE, tmp.phrase); if((write(cl->meta_socket, buffer, buflen)) < 0) { @@ -231,8 +231,8 @@ int send_public_key(conn_list_t *cl) { cp if(debug_lvl > 2) - syslog(LOG_DEBUG, "Send PUBLIC_KEY to " IP_ADDR_S, - IP_ADDR_V(cl->vpn_ip)); + syslog(LOG_DEBUG, "Send PUBLIC_KEY %s to " IP_ADDR_S, + my_public_key_base36, IP_ADDR_V(cl->vpn_ip)); buflen = sprintf(buffer, "%d %s\n", PUBLIC_KEY, my_public_key_base36); @@ -396,11 +396,13 @@ cp int passphrase_h(conn_list_t *cl) { cp - if(sscanf(cl->buffer, "%*d %s", cl->pp) != 1) + cl->pp=xmalloc(sizeof(*(cl->pp))); + if(sscanf(cl->buffer, "%*d %as", &(cl->pp->phrase)) != 1) { - syslog(LOG_ERR, "got bad PASSPHRASE request: %s", cl->buffer); - return -1; - } + syslog(LOG_ERR, "got bad PASSPHRASE request: %s", cl->buffer); + return -1; + } + cl->pp->len = strlen(cl->pp->phrase); if(debug_lvl > 2) syslog(LOG_DEBUG, "got PASSPHRASE"); @@ -424,7 +426,7 @@ cp } if(debug_lvl > 2) - syslog(LOG_DEBUG, "got PUBLIC_KEY"); + syslog(LOG_DEBUG, "got PUBLIC_KEY %s", g_n); if(verify_passphrase(cl, g_n)) {