X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_key.c;h=591bb66026d024b8a3e7b017496286563cca116e;hp=88695c79909c8d470c64abfb533d22ba3e063cde;hb=af95368c0f30955f0e13b587d5d6d4989fd5a83e;hpb=0b9175e998c2180e5d73ef3d644a49d620c68cad

diff --git a/src/protocol_key.c b/src/protocol_key.c
index 88695c79..591bb660 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -1,7 +1,7 @@
 /*
     protocol_key.c -- handle the meta-protocol, key exchange
-    Copyright (C) 1999-2002 Ivo Timmermans <ivo@o2w.nl>,
-                  2000-2002 Guus Sliepen <guus@sliepen.eu.org>
+    Copyright (C) 1999-2005 Ivo Timmermans <ivo@tinc-vpn.org>,
+                  2000-2005 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -17,35 +17,27 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: protocol_key.c,v 1.1.4.17 2003/07/06 22:11:32 guus Exp $
+    $Id$
 */
 
-#include "config.h"
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdarg.h>
-#include <errno.h>
+#include "system.h"
 
-#include <utils.h>
-#include <xalloc.h>
-#include <avl_tree.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
 
-#include "conf.h"
+#include "avl_tree.h"
+#include "connection.h"
+#include "logger.h"
 #include "net.h"
 #include "netutl.h"
-#include "protocol.h"
-#include "meta.h"
-#include "connection.h"
 #include "node.h"
-#include "logger.h"
-
-#include "system.h"
+#include "protocol.h"
+#include "utils.h"
+#include "xalloc.h"
 
-int mykeyused = 0;
+bool mykeyused = false;
 
-int send_key_changed(connection_t *c, node_t *n)
+bool send_key_changed(connection_t *c, const node_t *n)
 {
 	cp();
 
@@ -54,12 +46,12 @@ int send_key_changed(connection_t *c, node_t *n)
 	 */
 
 	if(n == myself && !mykeyused)
-		return 0;
+		return true;
 
 	return send_request(c, "%d %lx %s", KEY_CHANGED, random(), n->name);
 }
 
-int key_changed_h(connection_t *c)
+bool key_changed_h(connection_t *c)
 {
 	char name[MAX_STRING_SIZE];
 	node_t *n;
@@ -67,40 +59,41 @@ int key_changed_h(connection_t *c)
 	cp();
 
 	if(sscanf(c->buffer, "%*d %*x " MAX_STRING, name) != 1) {
-		logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED",
+		logger(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED",
 			   c->name, c->hostname);
-		return -1;
+		return false;
 	}
 
 	if(seen_request(c->buffer))
-		return 0;
+		return true;
 
 	n = lookup_node(name);
 
 	if(!n) {
-		logger(DEBUG_ALWAYS, LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"),
+		logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"),
 			   "KEY_CHANGED", c->name, c->hostname, name);
-		return -1;
+		return false;
 	}
 
-	n->status.validkey = 0;
-	n->status.waitingforkey = 0;
+	n->status.validkey = false;
+	n->status.waitingforkey = false;
 
 	/* Tell the others */
 
-	forward_request(c);
+	if(!tunnelserver)
+		forward_request(c);
 
-	return 0;
+	return true;
 }
 
-int send_req_key(connection_t *c, node_t *from, node_t *to)
+bool send_req_key(connection_t *c, const node_t *from, const node_t *to)
 {
 	cp();
 
 	return send_request(c, "%d %s %s", REQ_KEY, from->name, to->name);
 }
 
-int req_key_h(connection_t *c)
+bool req_key_h(connection_t *c)
 {
 	char from_name[MAX_STRING_SIZE];
 	char to_name[MAX_STRING_SIZE];
@@ -109,47 +102,51 @@ int req_key_h(connection_t *c)
 	cp();
 
 	if(sscanf(c->buffer, "%*d " MAX_STRING " " MAX_STRING, from_name, to_name) != 2) {
-		logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", c->name,
+		logger(LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", c->name,
 			   c->hostname);
-		return -1;
+		return false;
 	}
 
 	from = lookup_node(from_name);
 
 	if(!from) {
-		logger(DEBUG_ALWAYS, LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"),
+		logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"),
 			   "REQ_KEY", c->name, c->hostname, from_name);
-		return -1;
+		return false;
 	}
 
 	to = lookup_node(to_name);
 
 	if(!to) {
-		logger(DEBUG_ALWAYS, LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"),
+		logger(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"),
 			   "REQ_KEY", c->name, c->hostname, to_name);
-		return -1;
+		return false;
 	}
 
 	/* Check if this key request is for us */
 
 	if(to == myself) {			/* Yes, send our own key back */
-		mykeyused = 1;
+		mykeyused = true;
 		from->received_seqno = 0;
 		memset(from->late, 0, sizeof(from->late));
 		send_ans_key(c, myself, from);
 	} else {
+		if(tunnelserver)
+			return false;
+
 		send_req_key(to->nexthop->connection, from, to);
 	}
 
-	return 0;
+	return true;
 }
 
-int send_ans_key(connection_t *c, node_t *from, node_t *to)
+bool send_ans_key(connection_t *c, const node_t *from, const node_t *to)
 {
-	char key[MAX_STRING_SIZE];
+	char *key;
 
 	cp();
 
+	key = alloca(2 * from->keylength + 1);
 	bin2hex(from->key, key, from->keylength);
 	key[from->keylength * 2] = '\0';
 
@@ -160,7 +157,7 @@ int send_ans_key(connection_t *c, node_t *from, node_t *to)
 						from->compression);
 }
 
-int ans_key_h(connection_t *c)
+bool ans_key_h(connection_t *c)
 {
 	char from_name[MAX_STRING_SIZE];
 	char to_name[MAX_STRING_SIZE];
@@ -173,30 +170,33 @@ int ans_key_h(connection_t *c)
 	if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d",
 		from_name, to_name, key, &cipher, &digest, &maclength,
 		&compression) != 7) {
-		logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", c->name,
+		logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", c->name,
 			   c->hostname);
-		return -1;
+		return false;
 	}
 
 	from = lookup_node(from_name);
 
 	if(!from) {
-		logger(DEBUG_ALWAYS, LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"),
+		logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"),
 			   "ANS_KEY", c->name, c->hostname, from_name);
-		return -1;
+		return false;
 	}
 
 	to = lookup_node(to_name);
 
 	if(!to) {
-		logger(DEBUG_ALWAYS, LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"),
+		logger(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"),
 			   "ANS_KEY", c->name, c->hostname, to_name);
-		return -1;
+		return false;
 	}
 
 	/* Forward it if necessary */
 
 	if(to != myself) {
+		if(tunnelserver)
+			return false;
+
 		return send_request(to->nexthop->connection, "%s", c->buffer);
 	}
 
@@ -210,8 +210,8 @@ int ans_key_h(connection_t *c)
 	hex2bin(from->key, from->key, from->keylength);
 	from->key[from->keylength] = '\0';
 
-	from->status.validkey = 1;
-	from->status.waitingforkey = 0;
+	from->status.validkey = true;
+	from->status.waitingforkey = false;
 	from->sent_seqno = 0;
 
 	/* Check and lookup cipher and digest algorithms */
@@ -220,15 +220,15 @@ int ans_key_h(connection_t *c)
 		from->cipher = EVP_get_cipherbynid(cipher);
 
 		if(!from->cipher) {
-			logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name,
+			logger(LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name,
 				   from->hostname);
-			return -1;
+			return false;
 		}
 
 		if(from->keylength != from->cipher->key_len + from->cipher->iv_len) {
-			logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name,
+			logger(LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name,
 				   from->hostname);
-			return -1;
+			return false;
 		}
 	} else {
 		from->cipher = NULL;
@@ -240,30 +240,38 @@ int ans_key_h(connection_t *c)
 		from->digest = EVP_get_digestbynid(digest);
 
 		if(!from->digest) {
-			logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name,
+			logger(LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name,
 				   from->hostname);
-			return -1;
+			return false;
 		}
 
 		if(from->maclength > from->digest->md_size || from->maclength < 0) {
-			logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses bogus MAC length!"),
+			logger(LOG_ERR, _("Node %s (%s) uses bogus MAC length!"),
 				   from->name, from->hostname);
-			return -1;
+			return false;
 		}
 	} else {
 		from->digest = NULL;
 	}
 
 	if(compression < 0 || compression > 11) {
-		logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses bogus compression level!"), from->name, from->hostname);
-		return -1;
+		logger(LOG_ERR, _("Node %s (%s) uses bogus compression level!"), from->name, from->hostname);
+		return false;
 	}
 	
 	from->compression = compression;
 
-	EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len);
+	if(from->cipher)
+		if(!EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, (unsigned char *)from->key, (unsigned char *)from->key + from->cipher->key_len)) {
+			logger(LOG_ERR, _("Error during initialisation of key from %s (%s): %s"),
+					from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL));
+			return false;
+		}
+
+	if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes)
+		send_mtu_probe(from);
 
 	flush_queue(from);
 
-	return 0;
+	return true;
 }