X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_key.c;h=591bb66026d024b8a3e7b017496286563cca116e;hp=1a6804a4497e10256f2ee13dd01a110a4e9b9575;hb=af95368c0f30955f0e13b587d5d6d4989fd5a83e;hpb=5db596c6844169f1eb5f804b72abe99d067aaa5a diff --git a/src/protocol_key.c b/src/protocol_key.c index 1a6804a4..591bb660 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -1,7 +1,7 @@ /* protocol_key.c -- handle the meta-protocol, key exchange - Copyright (C) 1999-2003 Ivo Timmermans , - 2000-2003 Guus Sliepen + Copyright (C) 1999-2005 Ivo Timmermans , + 2000-2005 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,35 +17,27 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.18 2003/07/12 17:41:47 guus Exp $ + $Id$ */ -#include "config.h" - -#include -#include -#include -#include -#include +#include "system.h" -#include -#include -#include +#include +#include -#include "conf.h" +#include "avl_tree.h" +#include "connection.h" +#include "logger.h" #include "net.h" #include "netutl.h" -#include "protocol.h" -#include "meta.h" -#include "connection.h" #include "node.h" -#include "logger.h" - -#include "system.h" +#include "protocol.h" +#include "utils.h" +#include "xalloc.h" -int mykeyused = 0; +bool mykeyused = false; -int send_key_changed(connection_t *c, node_t *n) +bool send_key_changed(connection_t *c, const node_t *n) { cp(); @@ -54,12 +46,12 @@ int send_key_changed(connection_t *c, node_t *n) */ if(n == myself && !mykeyused) - return 0; + return true; return send_request(c, "%d %lx %s", KEY_CHANGED, random(), n->name); } -int key_changed_h(connection_t *c) +bool key_changed_h(connection_t *c) { char name[MAX_STRING_SIZE]; node_t *n; @@ -69,38 +61,39 @@ int key_changed_h(connection_t *c) if(sscanf(c->buffer, "%*d %*x " MAX_STRING, name) != 1) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", c->name, c->hostname); - return -1; + return false; } if(seen_request(c->buffer)) - return 0; + return true; n = lookup_node(name); if(!n) { logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"), "KEY_CHANGED", c->name, c->hostname, name); - return -1; + return false; } - n->status.validkey = 0; - n->status.waitingforkey = 0; + n->status.validkey = false; + n->status.waitingforkey = false; /* Tell the others */ - forward_request(c); + if(!tunnelserver) + forward_request(c); - return 0; + return true; } -int send_req_key(connection_t *c, node_t *from, node_t *to) +bool send_req_key(connection_t *c, const node_t *from, const node_t *to) { cp(); return send_request(c, "%d %s %s", REQ_KEY, from->name, to->name); } -int req_key_h(connection_t *c) +bool req_key_h(connection_t *c) { char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; @@ -111,7 +104,7 @@ int req_key_h(connection_t *c) if(sscanf(c->buffer, "%*d " MAX_STRING " " MAX_STRING, from_name, to_name) != 2) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", c->name, c->hostname); - return -1; + return false; } from = lookup_node(from_name); @@ -119,7 +112,7 @@ int req_key_h(connection_t *c) if(!from) { logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "REQ_KEY", c->name, c->hostname, from_name); - return -1; + return false; } to = lookup_node(to_name); @@ -127,29 +120,33 @@ int req_key_h(connection_t *c) if(!to) { logger(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "REQ_KEY", c->name, c->hostname, to_name); - return -1; + return false; } /* Check if this key request is for us */ if(to == myself) { /* Yes, send our own key back */ - mykeyused = 1; + mykeyused = true; from->received_seqno = 0; memset(from->late, 0, sizeof(from->late)); send_ans_key(c, myself, from); } else { + if(tunnelserver) + return false; + send_req_key(to->nexthop->connection, from, to); } - return 0; + return true; } -int send_ans_key(connection_t *c, node_t *from, node_t *to) +bool send_ans_key(connection_t *c, const node_t *from, const node_t *to) { - char key[MAX_STRING_SIZE]; + char *key; cp(); + key = alloca(2 * from->keylength + 1); bin2hex(from->key, key, from->keylength); key[from->keylength * 2] = '\0'; @@ -160,7 +157,7 @@ int send_ans_key(connection_t *c, node_t *from, node_t *to) from->compression); } -int ans_key_h(connection_t *c) +bool ans_key_h(connection_t *c) { char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; @@ -175,7 +172,7 @@ int ans_key_h(connection_t *c) &compression) != 7) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", c->name, c->hostname); - return -1; + return false; } from = lookup_node(from_name); @@ -183,7 +180,7 @@ int ans_key_h(connection_t *c) if(!from) { logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "ANS_KEY", c->name, c->hostname, from_name); - return -1; + return false; } to = lookup_node(to_name); @@ -191,12 +188,15 @@ int ans_key_h(connection_t *c) if(!to) { logger(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "ANS_KEY", c->name, c->hostname, to_name); - return -1; + return false; } /* Forward it if necessary */ if(to != myself) { + if(tunnelserver) + return false; + return send_request(to->nexthop->connection, "%s", c->buffer); } @@ -210,8 +210,8 @@ int ans_key_h(connection_t *c) hex2bin(from->key, from->key, from->keylength); from->key[from->keylength] = '\0'; - from->status.validkey = 1; - from->status.waitingforkey = 0; + from->status.validkey = true; + from->status.waitingforkey = false; from->sent_seqno = 0; /* Check and lookup cipher and digest algorithms */ @@ -222,13 +222,13 @@ int ans_key_h(connection_t *c) if(!from->cipher) { logger(LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name, from->hostname); - return -1; + return false; } if(from->keylength != from->cipher->key_len + from->cipher->iv_len) { logger(LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name, from->hostname); - return -1; + return false; } } else { from->cipher = NULL; @@ -242,13 +242,13 @@ int ans_key_h(connection_t *c) if(!from->digest) { logger(LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name, from->hostname); - return -1; + return false; } if(from->maclength > from->digest->md_size || from->maclength < 0) { logger(LOG_ERR, _("Node %s (%s) uses bogus MAC length!"), from->name, from->hostname); - return -1; + return false; } } else { from->digest = NULL; @@ -256,14 +256,22 @@ int ans_key_h(connection_t *c) if(compression < 0 || compression > 11) { logger(LOG_ERR, _("Node %s (%s) uses bogus compression level!"), from->name, from->hostname); - return -1; + return false; } from->compression = compression; - EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len); + if(from->cipher) + if(!EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, (unsigned char *)from->key, (unsigned char *)from->key + from->cipher->key_len)) { + logger(LOG_ERR, _("Error during initialisation of key from %s (%s): %s"), + from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL)); + return false; + } + + if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes) + send_mtu_probe(from); flush_queue(from); - return 0; + return true; }