Rename ECDSA to Ed25519.

diff --git a/bash_completion.d/tinc b/bash_completion.d/tinc
index 8145d43..c79e4ee 100644 (file)
--- a/bash_completion.d/tinc
+++ b/bash_completion.d/tinc
@@ -4,8 +4,8 @@ _tinc() {
        cur="${COMP_WORDS[COMP_CWORD]}"
        prev="${COMP_WORDS[COMP_CWORD-1]}"
        opts="-c -d -D -K -n -o -L -R -U --config --no-detach --debug --net --option --mlock --logfile --pidfile --chroot --user --help --version"
        cur="${COMP_WORDS[COMP_CWORD]}"
        prev="${COMP_WORDS[COMP_CWORD-1]}"
        opts="-c -d -D -K -n -o -L -R -U --config --no-detach --debug --net --option --mlock --logfile --pidfile --chroot --user --help --version"

-       confvars="Address AddressFamily BindToAddress BindToInterface Broadcast Cipher ClampMSS Compression ConnectTo DecrementTTL Device DeviceType Digest DirectOnly ECDSAPrivateKeyFile ECDSAPublicKey ECDSAPublicKeyFile ExperimentalProtocol Forwarding GraphDumpFile Hostnames IffOneQueue IndirectData Interface KeyExpire ListenAddress LocalDiscovery MACExpire MACLength MaxOutputBufferSize MaxTimeout Mode Name PMTU PMTUDiscovery PingInterval PingTimeout Port PriorityInheritance PrivateKeyFile ProcessPriority Proxy PublicKeyFile ReplayWindow StrictSubnets Subnet TCPOnly TunnelServer UDPRcvBuf UDPSndBuf VDEGroup VDEPort Weight"
-       commands="add connect debug del disconnect dump edit export export-all generate-ecdsa-keys generate-keys generate-rsa-keys get help import info init invite join log network pcap pid purge reload restart retry set start stop top version"
+       confvars="Address AddressFamily BindToAddress BindToInterface Broadcast Cipher ClampMSS Compression ConnectTo DecrementTTL Device DeviceType Digest DirectOnly Ed25519PrivateKeyFile Ed25519PublicKey Ed25519PublicKeyFile ExperimentalProtocol Forwarding GraphDumpFile Hostnames IffOneQueue IndirectData Interface KeyExpire ListenAddress LocalDiscovery MACExpire MACLength MaxOutputBufferSize MaxTimeout Mode Name PMTU PMTUDiscovery PingInterval PingTimeout Port PriorityInheritance PrivateKeyFile ProcessPriority Proxy PublicKeyFile ReplayWindow StrictSubnets Subnet TCPOnly TunnelServer UDPRcvBuf UDPSndBuf VDEGroup VDEPort Weight"
+       commands="add connect debug del disconnect dump edit export export-all generate-ed25519-keys generate-keys generate-rsa-keys get help import info init invite join log network pcap pid purge reload restart retry set start stop top version"

 
        case ${prev} in
                -c|--config)
 
        case ${prev} in
                -c|--config)

diff --git a/doc/tinc.8.in b/doc/tinc.8.in
index 74f182a..bb56386 100644 (file)
--- a/doc/tinc.8.in
+++ b/doc/tinc.8.in
@@ -69,7 +69,7 @@ option, the value of this environment variable is used.
 .Sh COMMANDS
 .Bl -tag -width indent
 .It init Op Ar name
 .Sh COMMANDS
 .Bl -tag -width indent
 .It init Op Ar name

-Create initial configuration files and RSA and ECDSA keypairs with default length.
+Create initial configuration files and RSA and Ed25519 keypairs with default length.

 If no
 .Ar name
 for this node is given, it will be asked for.
 If no
 .Ar name
 for this node is given, it will be asked for.


@@ -142,9 +142,9 @@ will be made.
 Shows the PID of the currently running
 .Xr tincd 8 .
 .It generate-keys Op bits
 Shows the PID of the currently running
 .Xr tincd 8 .
 .It generate-keys Op bits

-Generate both RSA and ECDSA keypairs (see below) and exit.
-.It generate-ecdsa-keys
-Generate public/private ECDSA keypair and exit.
+Generate both RSA and Ed25519 keypairs (see below) and exit.
+.It generate-ed25519-keys
+Generate public/private Ed25519 keypair and exit.

 .It generate-rsa-keys Op bits
 Generate public/private RSA keypair and exit.
 If
 .It generate-rsa-keys Op bits
 Generate public/private RSA keypair and exit.
 If

diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in
index 072bf07..f8f87a4 100644 (file)
--- a/doc/tinc.conf.5.in
+++ b/doc/tinc.conf.5.in
@@ -64,20 +64,20 @@ or by using
 .Sh PUBLIC/PRIVATE KEYS
 The
 .Nm tinc Li init
 .Sh PUBLIC/PRIVATE KEYS
 The
 .Nm tinc Li init

-command will have generated both RSA and ECDSA public/private keypairs.
+command will have generated both RSA and Ed25519 public/private keypairs.

 The private keys should be stored in files named
 .Pa rsa_key.priv
 and
 The private keys should be stored in files named
 .Pa rsa_key.priv
 and

-.Pa ecdsa_key.priv
+.Pa ed25519_key.priv

 in the directory
 .Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /
 The public keys should be stored in the host configuration file
 .Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Va NAME .
 The RSA keys are used for backwards compatibility with tinc version 1.0.
 If you are upgrading from version 1.0 to 1.1, you can keep the old configuration files,
 in the directory
 .Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /
 The public keys should be stored in the host configuration file
 .Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Va NAME .
 The RSA keys are used for backwards compatibility with tinc version 1.0.
 If you are upgrading from version 1.0 to 1.1, you can keep the old configuration files,

-but you will need to create ECDSA keys using the following command:
+but you will need to create Ed25519 keys using the following command:

 .Bd -literal -offset indent
 .Bd -literal -offset indent

-.Nm tinc Fl n Ar NETNAME Li generate-ecdsa-keys
+.Nm tinc Fl n Ar NETNAME Li generate-ed25519-keys

 .Ed
 .Sh SERVER CONFIGURATION
 The server configuration of the daemon is done in the file
 .Ed
 .Sh SERVER CONFIGURATION
 The server configuration of the daemon is done in the file


@@ -260,17 +260,17 @@ When this option is enabled, packets that cannot be sent directly to the destina
 but which would have to be forwarded by an intermediate node, are dropped instead.
 When combined with the IndirectData option,
 packets for nodes for which we do not have a meta connection with are also dropped.
 but which would have to be forwarded by an intermediate node, are dropped instead.
 When combined with the IndirectData option,
 packets for nodes for which we do not have a meta connection with are also dropped.

-.It Va ECDSAPrivateKeyFile Li = Ar filename Po Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /ecdsa_key.priv Pc
-The file in which the private ECDSA key of this tinc daemon resides.
+.It Va Ed25519PrivateKeyFile Li = Ar filename Po Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /ed25519_key.priv Pc
+The file in which the private Ed25519 key of this tinc daemon resides.

 This is only used if
 .Va ExperimentalProtocol
 is enabled.
 .It Va ExperimentalProtocol Li = yes | no Pq yes
 When this option is enabled, the SPTPS protocol will be used when connecting to nodes that also support it.
 Ephemeral ECDH will be used for key exchanges,
 This is only used if
 .Va ExperimentalProtocol
 is enabled.
 .It Va ExperimentalProtocol Li = yes | no Pq yes
 When this option is enabled, the SPTPS protocol will be used when connecting to nodes that also support it.
 Ephemeral ECDH will be used for key exchanges,

-and ECDSA will be used instead of RSA for authentication.
-When enabled, an ECDSA key must have been generated before with
-.Nm tinc generate-ecdsa-keys .
+and Ed25519 will be used instead of RSA for authentication.
+When enabled, an Ed25519 key must have been generated before with
+.Nm tinc generate-ed25519-keys .

 .It Va Forwarding Li = off | internal | kernel Po internal Pc Bq experimental
 This option selects the way indirect packets are forwarded.
 .Bl -tag -width indent
 .It Va Forwarding Li = off | internal | kernel Po internal Pc Bq experimental
 This option selects the way indirect packets are forwarded.
 .Bl -tag -width indent

diff --git a/doc/tinc.texi b/doc/tinc.texi
index 3082397..81cc8c5 100644 (file)
--- a/doc/tinc.texi
+++ b/doc/tinc.texi
@@ -993,18 +993,18 @@ but which would have to be forwarded by an intermediate node, are dropped instea
 When combined with the IndirectData option,
 packets for nodes for which we do not have a meta connection with are also dropped.
 
 When combined with the IndirectData option,
 packets for nodes for which we do not have a meta connection with are also dropped.
 

-@cindex ECDSAPrivateKeyFile
-@item ECDSAPrivateKeyFile = <@var{path}> (@file{@value{sysconfdir}/tinc/@var{netname}/ecdsa_key.priv})
-The file in which the private ECDSA key of this tinc daemon resides.
+@cindex Ed25519PrivateKeyFile
+@item Ed25519PrivateKeyFile = <@var{path}> (@file{@value{sysconfdir}/tinc/@var{netname}/ed25519_key.priv})
+The file in which the private Ed25519 key of this tinc daemon resides.

 This is only used if ExperimentalProtocol is enabled.
 
 @cindex ExperimentalProtocol
 @item ExperimentalProtocol = <yes|no> (yes)
 When this option is enabled, the SPTPS protocol will be used when connecting to nodes that also support it.
 Ephemeral ECDH will be used for key exchanges,
 This is only used if ExperimentalProtocol is enabled.
 
 @cindex ExperimentalProtocol
 @item ExperimentalProtocol = <yes|no> (yes)
 When this option is enabled, the SPTPS protocol will be used when connecting to nodes that also support it.
 Ephemeral ECDH will be used for key exchanges,

-and ECDSA will be used instead of RSA for authentication.
-When enabled, an ECDSA key must have been generated before with
-@samp{tinc generate-ecdsa-keys}.
+and Ed25519 will be used instead of RSA for authentication.
+When enabled, an Ed25519 key must have been generated before with
+@samp{tinc generate-ed25519-keys}.

 
 @cindex Forwarding
 @item Forwarding = <off|internal|kernel> (internal) [experimental]
 
 @cindex Forwarding
 @item Forwarding = <off|internal|kernel> (internal) [experimental]


@@ -1490,9 +1490,9 @@ In the configuration directory, it will create the file @file{tinc.conf} with th
 Name = @var{name}
 @end example
 
 Name = @var{name}
 @end example
 

-It will also create private RSA and ECDSA keys, which will be stored in the files @file{rsa_key.priv} and @file{ecdsa_key.priv}.
+It will also create private RSA and Ed25519 keys, which will be stored in the files @file{rsa_key.priv} and @file{ed25519_key.priv}.

 It will also create a host configuration file @file{hosts/@var{name}},
 It will also create a host configuration file @file{hosts/@var{name}},

-which will contain the corresponding public RSA and ECDSA keys.
+which will contain the corresponding public RSA and Ed25519 keys.

 
 Finally, on UNIX operating systems, it will create an executable script @file{tinc-up},
 which will initially not do anything except warning that you should edit it.
 
 Finally, on UNIX operating systems, it will create an executable script @file{tinc-up},
 which will initially not do anything except warning that you should edit it.


@@ -1511,7 +1511,7 @@ tinc -n @var{netname} add subnet 192.168.2.0/24
 
 This will add a Subnet statement to your host configuration file.
 Try opening the file @file{@value{sysconfdir}/tinc/@var{netname}/hosts/@var{name}} in an editor.
 
 This will add a Subnet statement to your host configuration file.
 Try opening the file @file{@value{sysconfdir}/tinc/@var{netname}/hosts/@var{name}} in an editor.

-You should now see a file containing the public RSA and ECDSA keys (which looks like a bunch of random characters),
+You should now see a file containing the public RSA and Ed25519 keys (which looks like a bunch of random characters),

 and the following line at the bottom:
 
 @example
 and the following line at the bottom:
 
 @example


@@ -1822,8 +1822,8 @@ Address = 4.5.6.7
 A, B, C and D all have their own public/private keypairs:
 
 The private RSA key is stored in @file{@value{sysconfdir}/tinc/company/rsa_key.priv},
 A, B, C and D all have their own public/private keypairs:
 
 The private RSA key is stored in @file{@value{sysconfdir}/tinc/company/rsa_key.priv},

-the private ECDSA key is stored in @file{@value{sysconfdir}/tinc/company/ecdsa_key.priv},
-and the public RSA and ECDSA keys are put into the host configuration file in the @file{@value{sysconfdir}/tinc/company/hosts/} directory.
+the private Ed25519 key is stored in @file{@value{sysconfdir}/tinc/company/ed25519_key.priv},
+and the public RSA and Ed25519 keys are put into the host configuration file in the @file{@value{sysconfdir}/tinc/company/hosts/} directory.

 
 @subsubheading Starting
 
 
 @subsubheading Starting
 


@@ -2235,7 +2235,7 @@ the value of this environment variable is used.
 
 @cindex init
 @item init [@var{name}]
 
 @cindex init
 @item init [@var{name}]

-Create initial configuration files and RSA and ECDSA keypairs with default length.
+Create initial configuration files and RSA and Ed25519 keypairs with default length.

 If no @var{name} for this node is given, it will be asked for.
 
 @cindex get
 If no @var{name} for this node is given, it will be asked for.
 
 @cindex get


@@ -2319,13 +2319,13 @@ Shows the PID of the currently running @samp{tincd}.
 
 @cindex generate-keys
 @item generate-keys [@var{bits}]
 
 @cindex generate-keys
 @item generate-keys [@var{bits}]

-Generate both RSA and ECDSA keypairs (see below) and exit.
+Generate both RSA and Ed25519 keypairs (see below) and exit.

 tinc will ask where you want to store the files, but will default to the
 configuration directory (you can use the -c or -n option).
 
 tinc will ask where you want to store the files, but will default to the
 configuration directory (you can use the -c or -n option).
 

-@cindex generate-ecdsa-keys
-@item generate-ecdsa-keys
-Generate public/private ECDSA keypair and exit.
+@cindex generate-ed25519-keys
+@item generate-ed25519-keys
+Generate public/private Ed25519 keypair and exit.

 
 @cindex generate-rsa-keys
 @item generate-rsa-keys [@var{bits}]
 
 @cindex generate-rsa-keys
 @item generate-rsa-keys [@var{bits}]


@@ -3010,12 +3010,12 @@ The expanded key is used as follows:
 Where initiator_cipher_key is the key used by session initiator to encrypt
 messages sent to the responder.
 
 Where initiator_cipher_key is the key used by session initiator to encrypt
 messages sent to the responder.
 

-When using 521 bits EC keys, the AES-256-CTR cipher and HMAC-SHA-256 digest algorithm,
+When using 256 bits Ed25519 keys, the AES-256-CTR cipher and HMAC-SHA-256 digest algorithm,

 the sizes are as follows:
 
 @example
 the sizes are as follows:
 
 @example

-ECDH_SIZE:       67 (= ceil(521/8) + 1)
-ECDSA_SIZE:     141 (= 2 * ceil(521/8) + 9)
+ECDH_SIZE:       32 (= 256/8)
+ECDSA_SIZE:      64 (= 2 * 256/8)

 CIPHER_KEYSIZE:  48 (= 256/8 + 128/8)
 DIGEST_KEYSIZE:  32 (= 256/8)
 @end example
 CIPHER_KEYSIZE:  48 (= 256/8 + 128/8)
 DIGEST_KEYSIZE:  32 (= 256/8)
 @end example

diff --git a/src/invitation.c b/src/invitation.c
index 3aec3b3..7fb96da 100644 (file)
--- a/src/invitation.c
+++ b/src/invitation.c
@@ -321,7 +321,7 @@ int cmd_invite(int argc, char *argv[]) {
        free(filename);
 
        ecdsa_t *key;
        free(filename);
 
        ecdsa_t *key;

-       xasprintf(&filename, "%s" SLASH "invitations" SLASH "ecdsa_key.priv", confbase);
+       xasprintf(&filename, "%s" SLASH "invitations" SLASH "ed25519_key.priv", confbase);

 
        // Remove the key if there are no outstanding invitations.
        if(!count)
 
        // Remove the key if there are no outstanding invitations.
        if(!count)


@@ -722,7 +722,7 @@ make_names:
        if(!b64key)
                return false;
 
        if(!b64key)
                return false;
 

-       xasprintf(&filename, "%s" SLASH "ecdsa_key.priv", confbase);
+       xasprintf(&filename, "%s" SLASH "ed25519_key.priv", confbase);

        f = fopenmask(filename, "w", 0600);
 
        if(!ecdsa_write_pem_private_key(key, f)) {
        f = fopenmask(filename, "w", 0600);
 
        if(!ecdsa_write_pem_private_key(key, f)) {


@@ -734,7 +734,7 @@ make_names:
 
        fclose(f);
 
 
        fclose(f);
 

-       fprintf(fh, "ECDSAPublicKey = %s\n", b64key);
+       fprintf(fh, "Ed25519PublicKey = %s\n", b64key);

 
        sptps_send_record(&sptps, 1, b64key, strlen(b64key));
        free(b64key);
 
        sptps_send_record(&sptps, 1, b64key, strlen(b64key));
        free(b64key);

diff --git a/src/net_setup.c b/src/net_setup.c
index 839d7a9..7c9f23a 100644 (file)
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -71,17 +71,17 @@ bool node_read_ecdsa_public_key(node_t *n) {
        if(!read_host_config(config_tree, n->name))
                goto exit;
 
        if(!read_host_config(config_tree, n->name))
                goto exit;
 

-       /* First, check for simple ECDSAPublicKey statement */
+       /* First, check for simple Ed25519PublicKey statement */

 
 

-       if(get_config_string(lookup_config(config_tree, "ECDSAPublicKey"), &p)) {
+       if(get_config_string(lookup_config(config_tree, "Ed25519PublicKey"), &p)) {

                n->ecdsa = ecdsa_set_base64_public_key(p);
                free(p);
                goto exit;
        }
 
                n->ecdsa = ecdsa_set_base64_public_key(p);
                free(p);
                goto exit;
        }
 

-       /* Else, check for ECDSAPublicKeyFile statement and read it */
+       /* Else, check for Ed25519PublicKeyFile statement and read it */

 
 

-       if(!get_config_string(lookup_config(config_tree, "ECDSAPublicKeyFile"), &pubname))
+       if(!get_config_string(lookup_config(config_tree, "Ed25519PublicKeyFile"), &pubname))

                xasprintf(&pubname, "%s" SLASH "hosts" SLASH "%s", confbase, n->name);
 
        fp = fopen(pubname, "r");
                xasprintf(&pubname, "%s" SLASH "hosts" SLASH "%s", confbase, n->name);
 
        fp = fopen(pubname, "r");


@@ -112,23 +112,23 @@ bool read_ecdsa_public_key(connection_t *c) {
                        return false;
        }
 
                        return false;
        }
 

-       /* First, check for simple ECDSAPublicKey statement */
+       /* First, check for simple Ed25519PublicKey statement */

 
 

-       if(get_config_string(lookup_config(c->config_tree, "ECDSAPublicKey"), &p)) {
+       if(get_config_string(lookup_config(c->config_tree, "Ed25519PublicKey"), &p)) {

                c->ecdsa = ecdsa_set_base64_public_key(p);
                free(p);
                return c->ecdsa;
        }
 
                c->ecdsa = ecdsa_set_base64_public_key(p);
                free(p);
                return c->ecdsa;
        }
 

-       /* Else, check for ECDSAPublicKeyFile statement and read it */
+       /* Else, check for Ed25519PublicKeyFile statement and read it */

 
 

-       if(!get_config_string(lookup_config(c->config_tree, "ECDSAPublicKeyFile"), &fname))
+       if(!get_config_string(lookup_config(c->config_tree, "Ed25519PublicKeyFile"), &fname))

                xasprintf(&fname, "%s" SLASH "hosts" SLASH "%s", confbase, c->name);
 
        fp = fopen(fname, "r");
 
        if(!fp) {
                xasprintf(&fname, "%s" SLASH "hosts" SLASH "%s", confbase, c->name);
 
        fp = fopen(fname, "r");
 
        if(!fp) {

-               logger(DEBUG_ALWAYS, LOG_ERR, "Error reading ECDSA public key file `%s': %s",
+               logger(DEBUG_ALWAYS, LOG_ERR, "Error reading Ed25519 public key file `%s': %s",

                           fname, strerror(errno));
                free(fname);
                return false;
                           fname, strerror(errno));
                free(fname);
                return false;


@@ -138,7 +138,7 @@ bool read_ecdsa_public_key(connection_t *c) {
        fclose(fp);
 
        if(!c->ecdsa)
        fclose(fp);
 
        if(!c->ecdsa)

-               logger(DEBUG_ALWAYS, LOG_ERR, "Parsing ECDSA public key file `%s' failed.", fname);
+               logger(DEBUG_ALWAYS, LOG_ERR, "Parsing Ed25519 public key file `%s' failed.", fname);

        free(fname);
        return c->ecdsa;
 }
        free(fname);
        return c->ecdsa;
 }


@@ -187,15 +187,15 @@ static bool read_ecdsa_private_key(void) {
 
        /* Check for PrivateKeyFile statement and read it */
 
 
        /* Check for PrivateKeyFile statement and read it */
 

-       if(!get_config_string(lookup_config(config_tree, "ECDSAPrivateKeyFile"), &fname))
-               xasprintf(&fname, "%s" SLASH "ecdsa_key.priv", confbase);
+       if(!get_config_string(lookup_config(config_tree, "Ed25519PrivateKeyFile"), &fname))
+               xasprintf(&fname, "%s" SLASH "ed25519_key.priv", confbase);

 
        fp = fopen(fname, "r");
 
        if(!fp) {
 
        fp = fopen(fname, "r");
 
        if(!fp) {

-               logger(DEBUG_ALWAYS, LOG_ERR, "Error reading ECDSA private key file `%s': %s", fname, strerror(errno));
+               logger(DEBUG_ALWAYS, LOG_ERR, "Error reading Ed25519 private key file `%s': %s", fname, strerror(errno));

                if(errno == ENOENT)
                if(errno == ENOENT)

-                       logger(DEBUG_ALWAYS, LOG_INFO, "Create an ECDSA keypair with `tinc -n %s generate-ecdsa-keys'.", netname ?: ".");
+                       logger(DEBUG_ALWAYS, LOG_INFO, "Create an Ed25519 keypair with `tinc -n %s generate-ed25519-keys'.", netname ?: ".");

                free(fname);
                return false;
        }
                free(fname);
                return false;
        }


@@ -204,20 +204,20 @@ static bool read_ecdsa_private_key(void) {
        struct stat s;
 
        if(fstat(fileno(fp), &s)) {
        struct stat s;
 
        if(fstat(fileno(fp), &s)) {

-               logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat ECDSA private key file `%s': %s'", fname, strerror(errno));
+               logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat Ed25519 private key file `%s': %s'", fname, strerror(errno));

                free(fname);
                return false;
        }
 
        if(s.st_mode & ~0100700)
                free(fname);
                return false;
        }
 
        if(s.st_mode & ~0100700)

-               logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for ECDSA private key file `%s'!", fname);
+               logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for Ed25519 private key file `%s'!", fname);

 #endif
 
        myself->connection->ecdsa = ecdsa_read_pem_private_key(fp);
        fclose(fp);
 
        if(!myself->connection->ecdsa)
 #endif
 
        myself->connection->ecdsa = ecdsa_read_pem_private_key(fp);
        fclose(fp);
 
        if(!myself->connection->ecdsa)

-               logger(DEBUG_ALWAYS, LOG_ERR, "Reading ECDSA private key file `%s' failed: %s", fname, strerror(errno));
+               logger(DEBUG_ALWAYS, LOG_ERR, "Reading Ed25519 private key file `%s' failed", fname);

        free(fname);
        return myself->connection->ecdsa;
 }
        free(fname);
        return myself->connection->ecdsa;
 }


@@ -231,7 +231,7 @@ static bool read_invitation_key(void) {
                invitation_key = NULL;
        }
 
                invitation_key = NULL;
        }
 

-       xasprintf(&fname, "%s" SLASH "invitations" SLASH "ecdsa_key.priv", confbase);
+       xasprintf(&fname, "%s" SLASH "invitations" SLASH "ed25519_key.priv", confbase);

 
        fp = fopen(fname, "r");
 
 
        fp = fopen(fname, "r");
 


@@ -239,7 +239,7 @@ static bool read_invitation_key(void) {
                invitation_key = ecdsa_read_pem_private_key(fp);
                fclose(fp);
                if(!invitation_key)
                invitation_key = ecdsa_read_pem_private_key(fp);
                fclose(fp);
                if(!invitation_key)

-                       logger(DEBUG_ALWAYS, LOG_ERR, "Reading ECDSA private key file `%s' failed: %s", fname, strerror(errno));
+                       logger(DEBUG_ALWAYS, LOG_ERR, "Reading Ed25519 private key file `%s' failed", fname);

        }
 
        free(fname);
        }
 
        free(fname);

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 0904afd..f3322c7 100644 (file)
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -172,7 +172,7 @@ static bool finalize_invitation(connection_t *c, const char *data, uint16_t len)
                return false;
        }
 
                return false;
        }
 

-       fprintf(f, "ECDSAPublicKey = %s\n", data);
+       fprintf(f, "Ed25519PublicKey = %s\n", data);

        fclose(f);
 
        logger(DEBUG_CONNECTIONS, LOG_INFO, "Key succesfully received from %s (%s)", c->name, c->hostname);
        fclose(f);
 
        logger(DEBUG_CONNECTIONS, LOG_INFO, "Key succesfully received from %s (%s)", c->name, c->hostname);


@@ -386,7 +386,7 @@ bool id_h(connection_t *c, const char *request) {
                        c->protocol_minor = 1;
        }
 
                        c->protocol_minor = 1;
        }
 

-       /* Forbid version rollback for nodes whose ECDSA key we know */
+       /* Forbid version rollback for nodes whose Ed25519 key we know */

 
        if(ecdsa_active(c->ecdsa) && c->protocol_minor < 2) {
                logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s (%s) tries to roll back protocol version to %d.%d",
 
        if(ecdsa_active(c->ecdsa) && c->protocol_minor < 2) {
                logger(DEBUG_ALWAYS, LOG_ERR, "Peer %s (%s) tries to roll back protocol version to %d.%d",


@@ -629,7 +629,7 @@ bool chal_reply_h(connection_t *c, const char *request) {
 }
 
 static bool send_upgrade(connection_t *c) {
 }
 
 static bool send_upgrade(connection_t *c) {

-       /* Special case when protocol_minor is 1: the other end is ECDSA capable,
+       /* Special case when protocol_minor is 1: the other end is Ed25519 capable,

         * but doesn't know our key yet. So send it now. */
 
        char *pubkey = ecdsa_get_base64_public_key(myself->connection->ecdsa);
         * but doesn't know our key yet. So send it now. */
 
        char *pubkey = ecdsa_get_base64_public_key(myself->connection->ecdsa);


@@ -718,12 +718,12 @@ static bool upgrade_h(connection_t *c, const char *request) {
        }
 
        if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(c)) {
        }
 
        if(ecdsa_active(c->ecdsa) || read_ecdsa_public_key(c)) {

-               logger(DEBUG_ALWAYS, LOG_INFO, "Already have ECDSA public key from %s (%s), not upgrading.", c->name, c->hostname);
+               logger(DEBUG_ALWAYS, LOG_INFO, "Already have Ed25519 public key from %s (%s), not upgrading.", c->name, c->hostname);

                return false;
        }
 
                return false;
        }
 

-       logger(DEBUG_ALWAYS, LOG_INFO, "Got ECDSA public key from %s (%s), upgrading!", c->name, c->hostname);
-       append_config_file(c->name, "ECDSAPublicKey", pubkey);
+       logger(DEBUG_ALWAYS, LOG_INFO, "Got Ed25519 public key from %s (%s), upgrading!", c->name, c->hostname);
+       append_config_file(c->name, "Ed25519PublicKey", pubkey);

        c->allow_request = TERMREQ;
        return send_termreq(c);
 }
        c->allow_request = TERMREQ;
        return send_termreq(c);
 }

diff --git a/src/protocol_key.c b/src/protocol_key.c
index e41ec42..b8744a9 100644 (file)
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -98,7 +98,7 @@ static bool send_initial_sptps_data(void *handle, uint8_t type, const char *data
 bool send_req_key(node_t *to) {
        if(to->status.sptps) {
                if(!node_read_ecdsa_public_key(to)) {
 bool send_req_key(node_t *to) {
        if(to->status.sptps) {
                if(!node_read_ecdsa_public_key(to)) {

-                       logger(DEBUG_PROTOCOL, LOG_DEBUG, "No ECDSA key known for %s (%s)", to->name, to->hostname);
+                       logger(DEBUG_PROTOCOL, LOG_DEBUG, "No Ed25519 key known for %s (%s)", to->name, to->hostname);

                        send_request(to->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, to->name, REQ_PUBKEY);
                        return true;
                }
                        send_request(to->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, to->name, REQ_PUBKEY);
                        return true;
                }


@@ -142,14 +142,14 @@ static bool req_key_ext_h(connection_t *c, const char *request, node_t *from, in
                                return true;
                        }
 
                                return true;
                        }
 

-                       logger(DEBUG_PROTOCOL, LOG_INFO, "Learned ECDSA public key from %s (%s)", from->name, from->hostname);
-                       append_config_file(from->name, "ECDSAPublicKey", pubkey);
+                       logger(DEBUG_PROTOCOL, LOG_INFO, "Learned Ed25519 public key from %s (%s)", from->name, from->hostname);
+                       append_config_file(from->name, "Ed25519PublicKey", pubkey);

                        return true;
                }
 
                case REQ_KEY: {
                        if(!node_read_ecdsa_public_key(from)) {
                        return true;
                }
 
                case REQ_KEY: {
                        if(!node_read_ecdsa_public_key(from)) {

-                               logger(DEBUG_PROTOCOL, LOG_DEBUG, "No ECDSA key known for %s (%s)", from->name, from->hostname);
+                               logger(DEBUG_PROTOCOL, LOG_DEBUG, "No Ed25519 key known for %s (%s)", from->name, from->hostname);

                                send_request(from->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, from->name, REQ_PUBKEY);
                                return true;
                        }
                                send_request(from->nexthop->connection, "%d %s %s %d", REQ_KEY, myself->name, from->name, REQ_PUBKEY);
                                return true;
                        }

diff --git a/src/sptps.c b/src/sptps.c
index 0989b14..7d6293c 100644 (file)
--- a/src/sptps.c
+++ b/src/sptps.c
@@ -39,7 +39,7 @@ unsigned int sptps_replaywin = 16;
 
    Sign all handshake messages up to ECDHE kex with long-term public keys. (done)
 
 
    Sign all handshake messages up to ECDHE kex with long-term public keys. (done)
 

-   HMACed KEX finished message to prevent downgrade attacks and prove you have the right key material (done by virtue of ECDSA over the whole ECDHE exchange?)
+   HMACed KEX finished message to prevent downgrade attacks and prove you have the right key material (done by virtue of Ed25519 over the whole ECDHE exchange?)

 
    Explicit close message needs to be added.
 
 
    Explicit close message needs to be added.
 


@@ -163,7 +163,7 @@ static bool send_kex(sptps_t *s) {
        return send_record_priv(s, SPTPS_HANDSHAKE, s->mykex, 1 + 32 + keylen);
 }
 
        return send_record_priv(s, SPTPS_HANDSHAKE, s->mykex, 1 + 32 + keylen);
 }
 

-// Send a SIGnature record, containing an ECDSA signature over both KEX records.
+// Send a SIGnature record, containing an Ed25519 signature over both KEX records.

 static bool send_sig(sptps_t *s) {
        size_t keylen = ECDH_SIZE;
        size_t siglen = ecdsa_size(s->mykey);
 static bool send_sig(sptps_t *s) {
        size_t keylen = ECDH_SIZE;
        size_t siglen = ecdsa_size(s->mykey);

diff --git a/src/sptps_speed.c b/src/sptps_speed.c
index d9776b7..953d7f5 100644 (file)
--- a/src/sptps_speed.c
+++ b/src/sptps_speed.c
@@ -96,14 +96,14 @@ int main(int argc, char *argv[]) {
        key1 = ecdsa_generate();
        key2 = ecdsa_generate();
 
        key1 = ecdsa_generate();
        key2 = ecdsa_generate();
 

-       // ECDSA signatures
+       // Ed25519 signatures

 
 

-       fprintf(stderr, "ECDSA sign for %lg seconds: ", duration);
+       fprintf(stderr, "Ed25519 sign for %lg seconds: ", duration);

        for(clock_start(); clock_countto(duration);)
                ecdsa_sign(key1, buf1, 256, buf2);
        fprintf(stderr, "%22.2lf op/s\n", rate);
 
        for(clock_start(); clock_countto(duration);)
                ecdsa_sign(key1, buf1, 256, buf2);
        fprintf(stderr, "%22.2lf op/s\n", rate);
 

-       fprintf(stderr, "ECDSA verify for %lg seconds: ", duration);
+       fprintf(stderr, "Ed25519 verify for %lg seconds: ", duration);

        for(clock_start(); clock_countto(duration);)
                ecdsa_verify(key1, buf1, 256, buf2);
        fprintf(stderr, "%20.2lf op/s\n", rate);
        for(clock_start(); clock_countto(duration);)
                ecdsa_verify(key1, buf1, 256, buf2);
        fprintf(stderr, "%20.2lf op/s\n", rate);

diff --git a/src/sptps_test.c b/src/sptps_test.c
index eea8e75..3ec9f98 100644 (file)
--- a/src/sptps_test.c
+++ b/src/sptps_test.c
@@ -77,7 +77,7 @@ static struct option const long_options[] = {
 const char *program_name;
 
 static void usage() {
 const char *program_name;
 
 static void usage() {

-       fprintf(stderr, "Usage: %s [options] my_ecdsa_key_file his_ecdsa_key_file [host] port\n\n", program_name);
+       fprintf(stderr, "Usage: %s [options] my_ed25519_key_file his_ed25519_key_file [host] port\n\n", program_name);

        fprintf(stderr, "Valid options are:\n"
                        "  -d, --datagram          Enable datagram mode.\n"
                        "  -q, --quit              Quit when EOF occurs on stdin.\n"
        fprintf(stderr, "Valid options are:\n"
                        "  -d, --datagram          Enable datagram mode.\n"
                        "  -q, --quit              Quit when EOF occurs on stdin.\n"

diff --git a/src/tincctl.c b/src/tincctl.c
index 2f7fe6b..5f2b135 100644 (file)
--- a/src/tincctl.c
+++ b/src/tincctl.c
@@ -116,9 +116,9 @@ static void usage(bool status) {
                                "  restart [tincd options]    Restart tincd.\n"
                                "  reload                     Partially reload configuration of running tincd.\n"
                                "  pid                        Show PID of currently running tincd.\n"
                                "  restart [tincd options]    Restart tincd.\n"
                                "  reload                     Partially reload configuration of running tincd.\n"
                                "  pid                        Show PID of currently running tincd.\n"

-                               "  generate-keys [bits]       Generate new RSA and ECDSA public/private keypairs.\n"
+                               "  generate-keys [bits]       Generate new RSA and Ed25519 public/private keypairs.\n"

                                "  generate-rsa-keys [bits]   Generate a new RSA public/private keypair.\n"
                                "  generate-rsa-keys [bits]   Generate a new RSA public/private keypair.\n"

-                               "  generate-ecdsa-keys        Generate a new ECDSA public/private keypair.\n"
+                               "  generate-ed25519-keys      Generate a new Ed25519 public/private keypair.\n"

                                "  dump                       Dump a list of one of the following things:\n"
                                "    [reachable] nodes        - all known nodes in the VPN\n"
                                "    edges                    - all known connections in the VPN\n"
                                "  dump                       Dump a list of one of the following things:\n"
                                "    [reachable] nodes        - all known nodes in the VPN\n"
                                "    edges                    - all known connections in the VPN\n"


@@ -246,19 +246,19 @@ static void disable_old_keys(const char *filename, const char *what) {
 
        while(fgets(buf, sizeof buf, r)) {
                if(!block && !strncmp(buf, "-----BEGIN ", 11)) {
 
        while(fgets(buf, sizeof buf, r)) {
                if(!block && !strncmp(buf, "-----BEGIN ", 11)) {

-                       if((strstr(buf, " EC ") && strstr(what, "ECDSA")) || (strstr(buf, " RSA ") && strstr(what, "RSA"))) {
+                       if((strstr(buf, " RSA ") && strstr(what, "RSA"))) {

                                disabled = true;
                                block = true;
                        }
                }
 
                                disabled = true;
                                block = true;
                        }
                }
 

-               bool ecdsapubkey = !strncasecmp(buf, "ECDSAPublicKey", 14) && strchr(" \t=", buf[14]) && strstr(what, "ECDSA");
+               bool ed25519pubkey = !strncasecmp(buf, "Ed25519PublicKey", 16) && strchr(" \t=", buf[16]) && strstr(what, "Ed25519");

 
 

-               if(ecdsapubkey)
+               if(ed25519pubkey)

                        disabled = true;
 
                if(w) {
                        disabled = true;
 
                if(w) {

-                       if(block || ecdsapubkey)
+                       if(block || ed25519pubkey)

                                fputc('#', w);
                        if(fputs(buf, w) < 0) {
                                error = true;
                                fputc('#', w);
                        if(fputs(buf, w) < 0) {
                                error = true;


@@ -355,15 +355,15 @@ static FILE *ask_and_open(const char *filename, const char *what, const char *mo
 }
 
 /*
 }
 
 /*

-  Generate a public/private ECDSA keypair, and ask for a file to store
+  Generate a public/private Ed25519 keypair, and ask for a file to store

   them in.
 */
   them in.
 */

-static bool ecdsa_keygen(bool ask) {
+static bool ed25519_keygen(bool ask) {

        ecdsa_t *key;
        FILE *f;
        char *pubname, *privname;
 
        ecdsa_t *key;
        FILE *f;
        char *pubname, *privname;
 

-       fprintf(stderr, "Generating ECDSA keypair:\n");
+       fprintf(stderr, "Generating Ed25519 keypair:\n");

 
        if(!(key = ecdsa_generate())) {
                fprintf(stderr, "Error during key generation!\n");
 
        if(!(key = ecdsa_generate())) {
                fprintf(stderr, "Error during key generation!\n");


@@ -371,8 +371,8 @@ static bool ecdsa_keygen(bool ask) {
        } else
                fprintf(stderr, "Done.\n");
 
        } else
                fprintf(stderr, "Done.\n");
 

-       xasprintf(&privname, "%s" SLASH "ecdsa_key.priv", confbase);
-       f = ask_and_open(privname, "private ECDSA key", "a", ask, 0600);
+       xasprintf(&privname, "%s" SLASH "ed25519_key.priv", confbase);
+       f = ask_and_open(privname, "private Ed25519 key", "a", ask, 0600);

        free(privname);
 
        if(!f)
        free(privname);
 
        if(!f)


@@ -390,16 +390,16 @@ static bool ecdsa_keygen(bool ask) {
        if(name)
                xasprintf(&pubname, "%s" SLASH "hosts" SLASH "%s", confbase, name);
        else
        if(name)
                xasprintf(&pubname, "%s" SLASH "hosts" SLASH "%s", confbase, name);
        else

-               xasprintf(&pubname, "%s" SLASH "ecdsa_key.pub", confbase);
+               xasprintf(&pubname, "%s" SLASH "ed25519_key.pub", confbase);

 
 

-       f = ask_and_open(pubname, "public ECDSA key", "a", ask, 0666);
+       f = ask_and_open(pubname, "public Ed25519 key", "a", ask, 0666);

        free(pubname);
 
        if(!f)
                return false;
 
        char *pubkey = ecdsa_get_base64_public_key(key);
        free(pubname);
 
        if(!f)
                return false;
 
        char *pubkey = ecdsa_get_base64_public_key(key);

-       fprintf(f, "ECDSAPublicKey = %s\n", pubkey);
+       fprintf(f, "Ed25519PublicKey = %s\n", pubkey);

        free(pubkey);
 
        fclose(f);
        free(pubkey);
 
        fclose(f);


@@ -1303,7 +1303,7 @@ const var_t variables[] = {
        {"Device", VAR_SERVER},
        {"DeviceType", VAR_SERVER},
        {"DirectOnly", VAR_SERVER},
        {"Device", VAR_SERVER},
        {"DeviceType", VAR_SERVER},
        {"DirectOnly", VAR_SERVER},

-       {"ECDSAPrivateKeyFile", VAR_SERVER},
+       {"Ed25519PrivateKeyFile", VAR_SERVER},

        {"ExperimentalProtocol", VAR_SERVER},
        {"Forwarding", VAR_SERVER},
        {"GraphDumpFile", VAR_SERVER | VAR_OBSOLETE},
        {"ExperimentalProtocol", VAR_SERVER},
        {"Forwarding", VAR_SERVER},
        {"GraphDumpFile", VAR_SERVER | VAR_OBSOLETE},


@@ -1341,8 +1341,8 @@ const var_t variables[] = {
        {"ClampMSS", VAR_SERVER | VAR_HOST},
        {"Compression", VAR_SERVER | VAR_HOST},
        {"Digest", VAR_SERVER | VAR_HOST},
        {"ClampMSS", VAR_SERVER | VAR_HOST},
        {"Compression", VAR_SERVER | VAR_HOST},
        {"Digest", VAR_SERVER | VAR_HOST},

-       {"ECDSAPublicKey", VAR_HOST},
-       {"ECDSAPublicKeyFile", VAR_SERVER | VAR_HOST},
+       {"Ed25519PublicKey", VAR_HOST},
+       {"Ed25519PublicKeyFile", VAR_SERVER | VAR_HOST},

        {"IndirectData", VAR_SERVER | VAR_HOST},
        {"MACLength", VAR_SERVER | VAR_HOST},
        {"PMTU", VAR_SERVER | VAR_HOST},
        {"IndirectData", VAR_SERVER | VAR_HOST},
        {"MACLength", VAR_SERVER | VAR_HOST},
        {"PMTU", VAR_SERVER | VAR_HOST},


@@ -1782,7 +1782,7 @@ static int cmd_init(int argc, char *argv[]) {
        fprintf(f, "Name = %s\n", name);
        fclose(f);
 
        fprintf(f, "Name = %s\n", name);
        fclose(f);
 

-       if(!rsa_keygen(2048, false) || !ecdsa_keygen(false))
+       if(!rsa_keygen(2048, false) || !ed25519_keygen(false))

                return 1;
 
        check_port(name);
                return 1;
 
        check_port(name);


@@ -1814,7 +1814,7 @@ static int cmd_generate_keys(int argc, char *argv[]) {
        if(!name)
                name = get_my_name(false);
 
        if(!name)
                name = get_my_name(false);
 

-       return !(rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true) && ecdsa_keygen(true));
+       return !(rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true) && ed25519_keygen(true));

 }
 
 static int cmd_generate_rsa_keys(int argc, char *argv[]) {
 }
 
 static int cmd_generate_rsa_keys(int argc, char *argv[]) {


@@ -1829,7 +1829,7 @@ static int cmd_generate_rsa_keys(int argc, char *argv[]) {
        return !rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true);
 }
 
        return !rsa_keygen(argc > 1 ? atoi(argv[1]) : 2048, true);
 }
 

-static int cmd_generate_ecdsa_keys(int argc, char *argv[]) {
+static int cmd_generate_ed25519_keys(int argc, char *argv[]) {

        if(argc > 1) {
                fprintf(stderr, "Too many arguments!\n");
                return 1;
        if(argc > 1) {
                fprintf(stderr, "Too many arguments!\n");
                return 1;


@@ -1838,7 +1838,7 @@ static int cmd_generate_ecdsa_keys(int argc, char *argv[]) {
        if(!name)
                name = get_my_name(false);
 
        if(!name)
                name = get_my_name(false);
 

-       return !ecdsa_keygen(true);
+       return !ed25519_keygen(true);

 }
 
 static int cmd_help(int argc, char *argv[]) {
 }
 
 static int cmd_help(int argc, char *argv[]) {


@@ -2179,7 +2179,7 @@ static const struct {
        {"init", cmd_init},
        {"generate-keys", cmd_generate_keys},
        {"generate-rsa-keys", cmd_generate_rsa_keys},
        {"init", cmd_init},
        {"generate-keys", cmd_generate_keys},
        {"generate-rsa-keys", cmd_generate_rsa_keys},

-       {"generate-ecdsa-keys", cmd_generate_ecdsa_keys},
+       {"generate-ed25519-keys", cmd_generate_ed25519_keys},

        {"help", cmd_help},
        {"version", cmd_version},
        {"info", cmd_info},
        {"help", cmd_help},
        {"version", cmd_version},
        {"info", cmd_info},