{
char key[1000];
char tmp[1000];
- int len;
+ unsigned char phrase[1000];
+ int keylen;
+ int i;
BF_KEY bf_key;
+
cp
mpz_get_str(tmp, 16, my_public_key);
- len = str_hex_to_bin(key, tmp);
+ keylen = str_hex_to_bin(key, tmp);
- cipher_set_key(&bf_key, len, key);
+ cipher_set_key(&bf_key, keylen, key);
- low_crypt_key(mypassphrase, pp->phrase, &bf_key, mypassphraselen, BF_ENCRYPT);
- pp->len = ((mypassphraselen - 1) | 7) + 5;
+ low_crypt_key(mypassphrase, phrase, &bf_key, mypassphraselen, BF_ENCRYPT);
+ pp->len = ((mypassphraselen - 1) | 7) + 1;
+ pp->phrase = xmalloc((pp->len << 1) + 1);
+
+ for(i = 0; i < pp->len; i++)
+ snprintf(&(pp->phrase)[i << 1], 3, "%02x", (int)phrase[i]);
+
+ pp->phrase[(pp->len << 1) + 1] = '\0';
if(key_inited)
cipher_set_key(&encryption_key, encryption_keylen, text_key);
int verify_passphrase(conn_list_t *cl, unsigned char *his_pubkey)
{
char key[1000];
- char tmp[1000];
- int len;
+ char *tmp;
+ unsigned char phrase[1000];
+ int keylen, pplen;
mpz_t pk;
unsigned char *out;
BF_KEY bf_key;
char which[sizeof("123.123.123.123")+1];
char *meuk;
cp
- mpz_init_set_str(pk, his_pubkey, 16);
- mpz_get_str(tmp, 16, pk);
- len = str_hex_to_bin(key, tmp);
- out = xmalloc(strlen(cl->pp) + 3);
-
- cipher_set_key(&bf_key, len, key);
- low_crypt_key(cl->pp, out, &bf_key, strlen(cl->pp), BF_DECRYPT);
+ mpz_init_set_str(pk, his_pubkey, 36);
+ tmp = mpz_get_str(NULL, 16, pk);
+ keylen = str_hex_to_bin(key, tmp);
+ out = xmalloc((cl->pp->len >> 1) + 3);
+ pplen = str_hex_to_bin(phrase, cl->pp->phrase);
+
+ cipher_set_key(&bf_key, keylen, key);
+ low_crypt_key(phrase, out, &bf_key, pplen, BF_DECRYPT);
if(key_inited)
cipher_set_key(&encryption_key, encryption_keylen, text_key);
sprintf(which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip));
- if((len = read_passphrase(which, &meuk)) < 0)
+ if((pplen = read_passphrase(which, &meuk)) < 0)
return -1;
- if(memcmp(meuk, out, len))
+ if(memcmp(meuk, out, pplen))
return -1;
cp
return 0;
#define MAXSIZE 1700 /* should be a bit more than the MTU for the tapdevice */
#define MTU 1600
-#define MAX_PASSPHRASE_SIZE 2000 /* 2kb is really waaaay too much. nobody's
- gonna need a 16 kbit passphrase */
-
#define MAC_ADDR_S "%02x:%02x:%02x:%02x:%02x:%02x"
#define MAC_ADDR_V(x) ((unsigned char*)&(x))[0],((unsigned char*)&(x))[1], \
((unsigned char*)&(x))[2],((unsigned char*)&(x))[3], \
typedef struct passphrase_t {
unsigned short len;
- unsigned char phrase[MAX_PASSPHRASE_SIZE];
+ unsigned char *phrase;
} passphrase_t;
typedef struct status_bits_t {
int meta_socket; /* our tcp meta socket */
int protocol_version; /* used protocol */
status_bits_t status; /* status info */
- unsigned char *pp; /* encoded passphrase */
+ passphrase_t *pp; /* encoded passphrase */
packet_queue_t *sq; /* pending outgoing packets */
packet_queue_t *rq; /* pending incoming packets (they have no
valid key to be decrypted with) */
encrypt_passphrase(&tmp);
if(debug_lvl > 2)
- syslog(LOG_DEBUG, "Send PASSPHRASE to " IP_ADDR_S,
- IP_ADDR_V(cl->vpn_ip));
+ syslog(LOG_DEBUG, "Send PASSPHRASE %s to " IP_ADDR_S,
+ tmp.phrase, IP_ADDR_V(cl->vpn_ip));
- buflen = sprintf(buffer, "%d %s\n", PASSPHRASE, tmp.phrase);
+ buflen = snprintf(buffer, MAXBUFSIZE, "%d %s\n", PASSPHRASE, tmp.phrase);
if((write(cl->meta_socket, buffer, buflen)) < 0)
{
{
cp
if(debug_lvl > 2)
- syslog(LOG_DEBUG, "Send PUBLIC_KEY to " IP_ADDR_S,
- IP_ADDR_V(cl->vpn_ip));
+ syslog(LOG_DEBUG, "Send PUBLIC_KEY %s to " IP_ADDR_S,
+ my_public_key_base36, IP_ADDR_V(cl->vpn_ip));
buflen = sprintf(buffer, "%d %s\n", PUBLIC_KEY, my_public_key_base36);
int passphrase_h(conn_list_t *cl)
{
cp
- if(sscanf(cl->buffer, "%*d %s", cl->pp) != 1)
+ cl->pp=xmalloc(sizeof(*(cl->pp)));
+ if(sscanf(cl->buffer, "%*d %as", &(cl->pp->phrase)) != 1)
{
- syslog(LOG_ERR, "got bad PASSPHRASE request: %s", cl->buffer);
- return -1;
- }
+ syslog(LOG_ERR, "got bad PASSPHRASE request: %s", cl->buffer);
+ return -1;
+ }
+ cl->pp->len = strlen(cl->pp->phrase);
if(debug_lvl > 2)
syslog(LOG_DEBUG, "got PASSPHRASE");
}
if(debug_lvl > 2)
- syslog(LOG_DEBUG, "got PUBLIC_KEY");
+ syslog(LOG_DEBUG, "got PUBLIC_KEY %s", g_n);
if(verify_passphrase(cl, g_n))
{
projects / oweals / tinc.git / commitdiff