X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Finvitation.c;h=38634886fd098e09c8cd6bdf9a7cbcd9928060e9;hp=cdef3d0480efa04278ecb834156ef9332de99ec0;hb=c46bdbde18629f0a0613c776c13a79fea0ec6093;hpb=06a4a8c153407b690a3ce3f0e7fdaa8568ccb1a3

diff --git a/src/invitation.c b/src/invitation.c
index cdef3d04..38634886 100644
--- a/src/invitation.c
+++ b/src/invitation.c
@@ -33,6 +33,8 @@
 #include "utils.h"
 #include "xalloc.h"
 
+#include "ed25519/sha512.h"
+
 int addressfamily = AF_UNSPEC;
 
 static void scan_for_hostname(const char *filename, char **hostname, char **port) {
@@ -197,8 +199,10 @@ done:
 		else
 			xasprintf(&hostport, "%s:%s", hostname, port);
 	} else {
-		hostport = hostname;
-		hostname = NULL;
+		if(strchr(hostname, ':'))
+			xasprintf(&hostport, "[%s]", hostname);
+		else
+			hostport = xstrdup(hostname);
 	}
 
 	free(hostname);
@@ -248,7 +252,7 @@ int cmd_invite(int argc, char *argv[]) {
 	}
 	free(filename);
 
-	// If a daemon is running, ensure no other nodes now about this name
+	// If a daemon is running, ensure no other nodes know about this name
 	bool found = false;
 	if(connect_tincd(false)) {
 		sendline(fd, "%d %d", CONTROL, REQ_DUMP_NODES);
@@ -268,8 +272,6 @@ int cmd_invite(int argc, char *argv[]) {
 		}
 	}
 
-	char hash[25];
-
 	xasprintf(&filename, "%s" SLASH "invitations", confbase);
 	if(mkdir(filename, 0700) && errno != EEXIST) {
 		fprintf(stderr, "Could not create directory %s: %s\n", filename, strerror(errno));
@@ -319,7 +321,7 @@ int cmd_invite(int argc, char *argv[]) {
 	free(filename);
 
 	ecdsa_t *key;
-	xasprintf(&filename, "%s" SLASH "invitations" SLASH "ecdsa_key.priv", confbase);
+	xasprintf(&filename, "%s" SLASH "invitations" SLASH "ed25519_key.priv", confbase);
 
 	// Remove the key if there are no outstanding invitations.
 	if(!count)
@@ -363,11 +365,9 @@ int cmd_invite(int argc, char *argv[]) {
 		return 1;
 
 	// Create a hash of the key.
+	char hash[64];
 	char *fingerprint = ecdsa_get_base64_public_key(key);
-	digest_t *digest = digest_open_by_name("sha256", 18);
-	if(!digest)
-		abort();
-	digest_create(digest, fingerprint, strlen(fingerprint), hash);
+	sha512(fingerprint, strlen(fingerprint), hash);
 	b64encode_urlsafe(hash, hash, 18);
 
 	// Create a random cookie for this invitation.
@@ -376,10 +376,10 @@ int cmd_invite(int argc, char *argv[]) {
 
 	// Create a filename that doesn't reveal the cookie itself
 	char buf[18 + strlen(fingerprint)];
-	char cookiehash[25];
+	char cookiehash[64];
 	memcpy(buf, cookie, 18);
 	memcpy(buf + 18, fingerprint, sizeof buf - 18);
-	digest_create(digest, buf, sizeof buf, cookiehash);
+	sha512(buf, sizeof buf, cookiehash);
 	b64encode_urlsafe(cookiehash, cookiehash, 18);
 
 	b64encode_urlsafe(cookie, cookie, 18);
@@ -611,6 +611,7 @@ make_names:
 	FILE *fh = fopen(filename, "w");
 	if(!fh) {
 		fprintf(stderr, "Could not create file %s: %s\n", filename, strerror(errno));
+		fclose(f);
 		return false;
 	}
 
@@ -720,7 +721,7 @@ make_names:
 	if(!b64key)
 		return false;
 
-	xasprintf(&filename, "%s" SLASH "ecdsa_key.priv", confbase);
+	xasprintf(&filename, "%s" SLASH "ed25519_key.priv", confbase);
 	f = fopenmask(filename, "w", 0600);
 
 	if(!ecdsa_write_pem_private_key(key, f)) {
@@ -732,12 +733,13 @@ make_names:
 
 	fclose(f);
 
-	fprintf(fh, "ECDSAPublicKey = %s\n", b64key);
+	fprintf(fh, "Ed25519PublicKey = %s\n", b64key);
 
 	sptps_send_record(&sptps, 1, b64key, strlen(b64key));
 	free(b64key);
+	ecdsa_free(key);
 
-
+#ifndef DISABLE_LEGACY
 	rsa_t *rsa = rsa_generate(2048, 0x1001);
 	xasprintf(&filename, "%s" SLASH "rsa_key.priv", confbase);
 	f = fopenmask(filename, "w", 0600);
@@ -748,8 +750,8 @@ make_names:
 	rsa_write_pem_public_key(rsa, fh);
 	fclose(fh);
 
-	ecdsa_free(key);
 	rsa_free(rsa);
+#endif
 
 	check_port(name);
 
@@ -784,7 +786,7 @@ ask_netname:
 }
 
 
-static bool invitation_send(void *handle, uint8_t type, const char *data, size_t len) {
+static bool invitation_send(void *handle, uint8_t type, const void *data, size_t len) {
 	while(len) {
 		int result = send(sock, data, len, 0);
 		if(result == -1 && errno == EINTR)
@@ -797,7 +799,7 @@ static bool invitation_send(void *handle, uint8_t type, const char *data, size_t
 	return true;
 }
 
-static bool invitation_receive(void *handle, uint8_t type, const char *msg, uint16_t len) {
+static bool invitation_receive(void *handle, uint8_t type, const void *msg, uint16_t len) {
 	switch(type) {
 		case SPTPS_HANDSHAKE:
 			return sptps_send_record(&sptps, 0, cookie, sizeof cookie);
@@ -904,7 +906,7 @@ int cmd_join(int argc, char *argv[]) {
 	if(!port || !*port)
 		port = "655";
 
-	if(!b64decode(slash, hash, 18) || !b64decode(slash + 24, cookie, 18))
+	if(!b64decode(slash, hash, 24) || !b64decode(slash + 24, cookie, 24))
 		goto invalid;
 
 	// Generate a throw-away key for the invitation.
@@ -955,11 +957,8 @@ int cmd_join(int argc, char *argv[]) {
 
 	// Check if the hash of the key he gave us matches the hash in the URL.
 	char *fingerprint = line + 2;
-	digest_t *digest = digest_open_by_name("sha256", 18);
-	if(!digest)
-		abort();
-	char hishash[18];
-	if(!digest_create(digest, fingerprint, strlen(fingerprint), hishash)) {
+	char hishash[64];
+	if(sha512(fingerprint, strlen(fingerprint), hishash)) {
 		fprintf(stderr, "Could not create digest\n%s\n", line + 2);
 		return 1;
 	}