/*
protocol_auth.c -- handle the meta-protocol, authentication
Copyright (C) 1999-2005 Ivo Timmermans,
- 2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+ 2000-2014 Guus Sliepen <guus@tinc-vpn.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include "control_common.h"
#include "cipher.h"
#include "crypto.h"
+#include "device.h"
#include "digest.h"
#include "ecdsa.h"
#include "edge.h"
#include "prf.h"
#include "protocol.h"
#include "rsa.h"
+#include "script.h"
#include "sptps.h"
#include "utils.h"
#include "xalloc.h"
return false;
}
- fprintf(f, "ECDSAPublicKey = %s\n", data);
+ fprintf(f, "Ed25519PublicKey = %s\n", data);
fclose(f);
logger(DEBUG_CONNECTIONS, LOG_INFO, "Key succesfully received from %s (%s)", c->name, c->hostname);
+
+ // Call invitation-accepted script
+ char *envp[7] = {NULL};
+ char *address, *port;
+
+ xasprintf(&envp[0], "NETNAME=%s", netname ? : "");
+ xasprintf(&envp[1], "DEVICE=%s", device ? : "");
+ xasprintf(&envp[2], "INTERFACE=%s", iface ? : "");
+ xasprintf(&envp[3], "NODE=%s", c->name);
+ sockaddr2str(&c->address, &address, &port);
+ xasprintf(&envp[4], "REMOTEADDRESS=%s", address);
+ xasprintf(&envp[5], "NAME=%s", myself->name);
+
+ execute_script("invitation-accepted", envp);
+
+ for(int i = 0; envp[i] && i < 7; i++)
+ free(envp[i]);
+
sptps_send_record(&c->sptps, 2, data, 0);
return true;
}
if(type != 0 || len != 18 || c->status.invitation_used)
return false;
+ // Recover the filename from the cookie and the key
+ digest_t *digest = digest_open_by_name("sha256", 18);
+ if(!digest)
+ abort();
+ char *fingerprint = ecdsa_get_base64_public_key(invitation_key);
+ char hashbuf[18 + strlen(fingerprint)];
char cookie[25];
- b64encode_urlsafe(data, cookie, 18);
+ memcpy(hashbuf, data, 18);
+ memcpy(hashbuf + 18, fingerprint, sizeof hashbuf - 18);
+ digest_create(digest, hashbuf, sizeof hashbuf, cookie);
+ b64encode_urlsafe(cookie, cookie, 18);
+ digest_close(digest);
+ free(fingerprint);
char filename[PATH_MAX], usedname[PATH_MAX];
snprintf(filename, sizeof filename, "%s" SLASH "invitations" SLASH "%s", confbase, cookie);
}
if(experimental)
- read_ecdsa_public_key(c);
+ if(!read_ecdsa_public_key(c))
+ return false;
} else {
if(c->protocol_minor && !ecdsa_active(c->ecdsa))
c->protocol_minor = 1;
}
- /* Forbid version rollback for nodes whose ECDSA key we know */
+ /* Forbid version rollback for nodes whose Ed25519 key we know */
if(ecdsa_active(c->ecdsa) && c->protocol_minor < 2) {
logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s (%s) tries to roll back protocol version to %d.%d",
/* Check and lookup cipher and digest algorithms */
- if(!(c->incipher = cipher_open_by_nid(cipher)) || !cipher_set_key_from_rsa(c->incipher, key, len, false)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of cipher from %s (%s)", c->name, c->hostname);
- return false;
+ if(cipher) {
+ if(!(c->incipher = cipher_open_by_nid(cipher)) || !cipher_set_key_from_rsa(c->incipher, key, len, false)) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of cipher from %s (%s)", c->name, c->hostname);
+ return false;
+ }
+ } else {
+ c->incipher = NULL;
}
- if(!(c->indigest = digest_open_by_nid(digest, -1))) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of digest from %s (%s)", c->name, c->hostname);
- return false;
+ if(digest) {
+ if(!(c->indigest = digest_open_by_nid(digest, -1))) {
+ logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of digest from %s (%s)", c->name, c->hostname);
+ return false;
+ }
+ } else {
+ c->indigest = NULL;
}
c->status.decryptin = true;
}
static bool send_upgrade(connection_t *c) {
- /* Special case when protocol_minor is 1: the other end is ECDSA capable,
+ /* Special case when protocol_minor is 1: the other end is Ed25519 capable,
* but doesn't know our key yet. So send it now. */
char *pubkey = ecdsa_get_base64_public_key(myself->connection->ecdsa);
if(choice)
c->options |= OPTION_CLAMP_MSS;
- get_config_int(lookup_config(c->config_tree, "Weight"), &c->estimated_weight);
+ if(!get_config_int(lookup_config(c->config_tree, "Weight"), &c->estimated_weight))
+ get_config_int(lookup_config(config_tree, "Weight"), &c->estimated_weight);
return send_request(c, "%d %s %d %x", ACK, myport, c->estimated_weight, (c->options & 0xffffff) | (experimental ? (PROT_MINOR << 24) : 0));
}
}
if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(c)) {
- logger(DEBUG_ALWAYS, LOG_INFO, "Already have ECDSA public key from %s (%s), not upgrading.", c->name, c->hostname);
+ logger(DEBUG_ALWAYS, LOG_INFO, "Already have Ed25519 public key from %s (%s), not upgrading.", c->name, c->hostname);
return false;
}
- logger(DEBUG_ALWAYS, LOG_INFO, "Got ECDSA public key from %s (%s), upgrading!", c->name, c->hostname);
- append_config_file(c->name, "ECDSAPublicKey", pubkey);
+ logger(DEBUG_ALWAYS, LOG_INFO, "Got Ed25519 public key from %s (%s), upgrading!", c->name, c->hostname);
+ append_config_file(c->name, "Ed25519PublicKey", pubkey);
c->allow_request = TERMREQ;
return send_termreq(c);
}
projects / tinc / blobdiff