oweals/tinc.git
12 years agoMerge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Guus Sliepen [Thu, 8 Mar 2012 20:15:08 +0000 (21:15 +0100)]
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1

Conflicts:
src/net_packet.c

12 years agoAccept Subnets passed with the -o option when StrictSubnets = yes.
Guus Sliepen [Wed, 7 Mar 2012 09:40:06 +0000 (10:40 +0100)]
Accept Subnets passed with the -o option when StrictSubnets = yes.

12 years agoOnly log errors sending UDP packets when debug level >= 5.
Guus Sliepen [Fri, 2 Mar 2012 15:09:58 +0000 (16:09 +0100)]
Only log errors sending UDP packets when debug level >= 5.

Since tinc will fall back to TCP or route via another node, it is not necessary
to log such errors unconditionally.

12 years agoAllow log messages to be captured by tincctl.
Guus Sliepen [Sun, 26 Feb 2012 17:37:36 +0000 (18:37 +0100)]
Allow log messages to be captured by tincctl.

This allows tincctl to receive log messages from a running tincd,
independent of what is logged to syslog or to file. Tincctl can receive
debug messages with an arbitrary level.

12 years agoDon't close control connections when handling a reload command.
Guus Sliepen [Sun, 26 Feb 2012 15:56:53 +0000 (16:56 +0100)]
Don't close control connections when handling a reload command.

Because this would terminate the connection while the control message
handler was still running, it would lead to a segmentation fault later
on.

12 years agoMerge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Guus Sliepen [Sun, 26 Feb 2012 15:27:13 +0000 (16:27 +0100)]
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1

12 years agoOnly use broadcast at the start of the PMTU discovery phase.
Guus Sliepen [Sun, 26 Feb 2012 15:23:02 +0000 (16:23 +0100)]
Only use broadcast at the start of the PMTU discovery phase.

For local peer discovery, only a handful of packets are necessary for
peers to detect each other.

12 years agoLet tincctl use the NETNAME environment variable if no -n option is given.
Guus Sliepen [Sun, 26 Feb 2012 11:39:46 +0000 (12:39 +0100)]
Let tincctl use the NETNAME environment variable if no -n option is given.

This allows administrators who frequently want to work with one tinc
network to omit the -n option. Since the NETNAME variable is set by
tincd when executing scripts, this makes it slightly easier to use
tincctl from within scripts.

12 years agoEnsure all SPTPS functions are prefixed with sptps_.
Guus Sliepen [Sun, 26 Feb 2012 11:33:16 +0000 (12:33 +0100)]
Ensure all SPTPS functions are prefixed with sptps_.

12 years agoGo back to breadth first search for path finding.
Guus Sliepen [Sat, 25 Feb 2012 22:03:09 +0000 (23:03 +0100)]
Go back to breadth first search for path finding.

If 1.1.x nodes using Dijkstra's algorithm are mixed with 1.0.x nodes using BFS,
then routing loops can occur.

12 years agoMerge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Guus Sliepen [Sat, 25 Feb 2012 21:52:57 +0000 (22:52 +0100)]
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1

12 years agoStricter checks against routing loops.
Guus Sliepen [Sat, 25 Feb 2012 21:11:30 +0000 (22:11 +0100)]
Stricter checks against routing loops.

If a packet that had to be sent via an intermediate hop, and that intermediate
hop was the one that sent the packet, we drop it.

12 years agoDon't send ICMP Time Exceeded messages for other Time Exceeded messages.
Guus Sliepen [Sat, 25 Feb 2012 20:46:18 +0000 (21:46 +0100)]
Don't send ICMP Time Exceeded messages for other Time Exceeded messages.

That would be silly.

12 years agoUse SPTPS when ExperimentalProtocol is enabled.
Guus Sliepen [Sat, 25 Feb 2012 17:25:21 +0000 (18:25 +0100)]
Use SPTPS when ExperimentalProtocol is enabled.

12 years agoApply HMAC after encryption.
Guus Sliepen [Sat, 25 Feb 2012 14:18:15 +0000 (15:18 +0100)]
Apply HMAC after encryption.

12 years agoMerge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Guus Sliepen [Thu, 23 Feb 2012 12:26:01 +0000 (13:26 +0100)]
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1

Conflicts:
src/net.c
src/net_packet.c
src/net_socket.c

12 years agoAdd LocalDiscovery option which tries to detect peers on the local network.
Guus Sliepen [Wed, 22 Feb 2012 22:17:43 +0000 (23:17 +0100)]
Add LocalDiscovery option which tries to detect peers on the local network.

Currently, this is implemented by sending IPv4 broadcast packets to the
LAN during path MTU discovery.

12 years agoPass index into listen_socket[] to handle_incoming_vpn_data().
Guus Sliepen [Wed, 22 Feb 2012 13:37:56 +0000 (14:37 +0100)]
Pass index into listen_socket[] to handle_incoming_vpn_data().

12 years agoMerge branch 'master' of git://tinc-vpn.org/tinc into 1.1
Guus Sliepen [Wed, 22 Feb 2012 13:23:59 +0000 (14:23 +0100)]
Merge branch 'master' of git://tinc-vpn.org/tinc into 1.1

Conflicts:
NEWS
README
configure.in
doc/tincd.8.in
src/Makefile.am
src/bsd/device.c
src/connection.c
src/connection.h
src/cygwin/device.c
src/device.h
src/dropin.h
src/linux/device.c
src/mingw/device.c
src/net.c
src/net_packet.c
src/net_setup.c
src/net_socket.c
src/process.c
src/protocol.c
src/protocol_key.c
src/raw_socket_device.c
src/route.c
src/solaris/device.c
src/tincd.c
src/uml_device.c

12 years agoRemove useless warning about signature length being shorter than expected.
Guus Sliepen [Tue, 21 Feb 2012 22:19:51 +0000 (23:19 +0100)]
Remove useless warning about signature length being shorter than expected.

12 years agoUse only one hash algorithm (SHA512) in the PRF.
Guus Sliepen [Tue, 21 Feb 2012 22:17:12 +0000 (23:17 +0100)]
Use only one hash algorithm (SHA512) in the PRF.

On some platforms, OpenSSL by default does not support the Whirlpool algorithm.

12 years agoAdd missing ICMP message type definitions.
Nick Hibma [Tue, 21 Feb 2012 14:26:58 +0000 (15:26 +0100)]
Add missing ICMP message type definitions.

12 years agoFix check for raw socket support.
Guus Sliepen [Tue, 21 Feb 2012 13:06:55 +0000 (14:06 +0100)]
Fix check for raw socket support.

Also, move some variables so there are no compiler warnings about unused
variables when there is no support for raw sockets.

12 years agoFix a bug that caused tinc to ignore all but the last listening socket.
Guus Sliepen [Tue, 21 Feb 2012 12:31:21 +0000 (13:31 +0100)]
Fix a bug that caused tinc to ignore all but the last listening socket.

12 years agoDocument the command line flag -o and provide --option as well.
Guus Sliepen [Tue, 21 Feb 2012 12:13:40 +0000 (13:13 +0100)]
Document the command line flag -o and provide --option as well.

12 years agoMove initialization of char *priority up to prevent freeing an uninitialized pointer.
Guus Sliepen [Tue, 21 Feb 2012 10:39:21 +0000 (11:39 +0100)]
Move initialization of char *priority up to prevent freeing an uninitialized pointer.

12 years agoAllow disabling of broadcast packets.
Guus Sliepen [Mon, 20 Feb 2012 16:19:00 +0000 (17:19 +0100)]
Allow disabling of broadcast packets.

The Broadcast option can be used to cause tinc to drop all broadcast and
multicast packets. This option might be expanded in the future to selectively
allow only some broadcast packet types.

12 years agoRename connection_t *broadcast to everyone.
Guus Sliepen [Mon, 20 Feb 2012 16:12:48 +0000 (17:12 +0100)]
Rename connection_t *broadcast to everyone.

12 years agoDon't bind outgoing TCP sockets anymore.
Guus Sliepen [Mon, 20 Feb 2012 15:52:53 +0000 (16:52 +0100)]
Don't bind outgoing TCP sockets anymore.

The code introduced in commit 41a05f59ba2c3eb5caab555f096ed1b9fbe69ee3 is not
needed anymore, since tinc has been able to handle UDP packets from a different
source address than those of the TCP packets since 1.0.10.  When using multiple
BindToAddress statements, this code does not make sense anymore, we do want the
kernel to choose the source address on its own.

12 years agoDecrement TTL of incoming packets.
Guus Sliepen [Mon, 20 Feb 2012 15:34:02 +0000 (16:34 +0100)]
Decrement TTL of incoming packets.

Tinc will now, by default, decrement the TTL field of incoming IPv4 and IPv6
packets, before forwarding them to the virtual network device or to another
node. Packets with a TTL value of zero will be dropped, and an ICMP Time
Exceeded message will be sent back.

This behaviour can be disabled using the DecrementTTL option.

12 years agoOnly compile raw socket code when it is supported on that platform.
Guus Sliepen [Mon, 20 Feb 2012 14:44:52 +0000 (15:44 +0100)]
Only compile raw socket code when it is supported on that platform.

12 years agoMerge branch 'master' of black:tinc
Guus Sliepen [Sat, 18 Feb 2012 13:31:08 +0000 (14:31 +0100)]
Merge branch 'master' of black:tinc

12 years agoAllow setting DeviceType to tun or tap on Linux.
Guus Sliepen [Sat, 18 Feb 2012 13:37:52 +0000 (14:37 +0100)]
Allow setting DeviceType to tun or tap on Linux.

12 years agoSend packets back using the same socket as they were received on.
Guus Sliepen [Sat, 18 Feb 2012 10:48:21 +0000 (11:48 +0100)]
Send packets back using the same socket as they were received on.

12 years agoMerge branch 'master' of black:tinc
Guus Sliepen [Sat, 18 Feb 2012 10:43:00 +0000 (11:43 +0100)]
Merge branch 'master' of black:tinc

12 years agoAllow multiple BindToAddress statements.
Guus Sliepen [Fri, 17 Feb 2012 15:25:00 +0000 (16:25 +0100)]
Allow multiple BindToAddress statements.

12 years agoSet FD_CLOEXEC flag on all sockets.
Guus Sliepen [Fri, 17 Feb 2012 15:13:38 +0000 (16:13 +0100)]
Set FD_CLOEXEC flag on all sockets.

Scripts called by tinc would inherit its open filedescriptors. This could
be a problem if other long-running daemons are started from those scripts,
if those daemons would not close all filedescriptors before going into the
background.

Problem found and solution suggested by Nick Hibma.

12 years agoFix a few small memory leaks.
Guus Sliepen [Mon, 26 Dec 2011 22:11:27 +0000 (23:11 +0100)]
Fix a few small memory leaks.

12 years agoFix compiler warnings.
Guus Sliepen [Mon, 26 Dec 2011 22:04:40 +0000 (23:04 +0100)]
Fix compiler warnings.

12 years agoAllow linking with multiple device drivers.
Guus Sliepen [Sun, 4 Dec 2011 00:20:59 +0000 (01:20 +0100)]
Allow linking with multiple device drivers.

Apart from the platform specific tun/tap driver, link with the dummy and
raw_socket devices, and optionally with support for UML and VDE devices.
At runtime, the DeviceType option can be used to select which driver to
use.

12 years agoFix a few small memory leaks.
Guus Sliepen [Sat, 3 Dec 2011 20:59:47 +0000 (21:59 +0100)]
Fix a few small memory leaks.

13 years agoAdd vde/device.c to the tarball.
Guus Sliepen [Sun, 27 Nov 2011 11:13:16 +0000 (12:13 +0100)]
Add vde/device.c to the tarball.

13 years agoFix compilation of VDE and UML interfaces.
Guus Sliepen [Sun, 27 Nov 2011 11:12:34 +0000 (12:12 +0100)]
Fix compilation of VDE and UML interfaces.

13 years agoExchange ACK records to indicate switch to new keys.
Guus Sliepen [Thu, 6 Oct 2011 13:32:12 +0000 (15:32 +0200)]
Exchange ACK records to indicate switch to new keys.

This allow application records to be sent while key renegotiation is still
happening.

13 years agoUse counter mode encryption.
Guus Sliepen [Thu, 6 Oct 2011 07:34:34 +0000 (09:34 +0200)]
Use counter mode encryption.

13 years agoAdd counter mode encryption.
Guus Sliepen [Thu, 6 Oct 2011 07:33:09 +0000 (09:33 +0200)]
Add counter mode encryption.

13 years agoTest corner cases in the SPTPS protocol.
Guus Sliepen [Wed, 5 Oct 2011 20:05:13 +0000 (22:05 +0200)]
Test corner cases in the SPTPS protocol.

* Test zero-byte messages.
* Test maximum size (65535 byte) messages.
* Test different message types.
* Test key renegotiation.

13 years agoUpdate SPTPS protocol.
Guus Sliepen [Wed, 5 Oct 2011 20:00:51 +0000 (22:00 +0200)]
Update SPTPS protocol.

* Exchange nonce and ECDH public key first, calculate the ECDSA signature
  over the complete key exchange.
* Make an explicit distinction between client and server in the signatures.
* Add more comments and replace some magic numbers by #defines.

Thanks to Erik Tews for very helpful hints and comments!

13 years agoFix compiler warning.
Guus Sliepen [Wed, 5 Oct 2011 19:59:33 +0000 (21:59 +0200)]
Fix compiler warning.

13 years agoReturn false instead of void when there is an error.
Guus Sliepen [Tue, 30 Aug 2011 18:49:48 +0000 (20:49 +0200)]
Return false instead of void when there is an error.

13 years agoPrevent read_rsa_public_key() from returning an uninitialized RSA structure.
Guus Sliepen [Tue, 30 Aug 2011 17:56:56 +0000 (19:56 +0200)]
Prevent read_rsa_public_key() from returning an uninitialized RSA structure.

In case the config file could not be opened a new but unitialized RSA structure
would be returned, causing a segmentation fault later on. This would only
happen in the case that the config file could be opened before, but not when
read_rsa_public_key() was called. This situation could occur when the --user
option was used, and the config files were not readable by the specified user.

13 years agoHandle UDP packets with unknown source addresses properly.
Guus Sliepen [Wed, 10 Aug 2011 15:04:17 +0000 (17:04 +0200)]
Handle UDP packets with unknown source addresses properly.

Probably due to a merge, the try_harder() function had duplicated the
rate-limiting code for detecting the sender node based on the HMAC of the
packet. This prevented this detection from running at all. The function is now
identical again to that in the 1.0 branch.

13 years agouse execvp() not execve() in tincctl start
Michael Tokarev [Sun, 7 Aug 2011 08:18:20 +0000 (12:18 +0400)]
use execvp() not execve() in tincctl start

sometimes argv[0] will have directory-less name (when the
command is started by shell searching in $PATH for example).
For tincctl start we want the same rules to run tincd as for
tincctl itself (having full path is better but if shell does
not provide one we've no other choice).  Previous code tried
to run ./tincd in this case, which is obviously wrong.

This is a fix for the previous commit.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
13 years agorun tincd from the same directory as tincctl and pass all options to it
Michael Tokarev [Sun, 7 Aug 2011 08:05:07 +0000 (12:05 +0400)]
run tincd from the same directory as tincctl and pass all options to it

For tincctl start, run tincd from dirname($0) not SBINDIR -
this allows painless alternative directory installation and
running from build directory too.

Also while at it, pass the rest of command line to tincd, not
only options before "start" argument.  This way it's possible
to pass options to tincd like this:
  tincctl -n net start -- -d 1 -R -U tincuser ...

And also add missing newline at the end of error message there.

Signed-Off-By: Michael Tokarev <mjt@tls.msk.ru>
13 years agodon't mention reload twice in tincctl help
Michael Tokarev [Sun, 7 Aug 2011 07:25:03 +0000 (11:25 +0400)]
don't mention reload twice in tincctl help

Signed-Off-By: Michael Tokarev <mjt@tls.msk.ru>
13 years agoStart of "Simple Peer-To-Peer Security" protocol.
Guus Sliepen [Sun, 24 Jul 2011 13:44:51 +0000 (15:44 +0200)]
Start of "Simple Peer-To-Peer Security" protocol.

Encryption and authentication of the meta connection is spread out over
meta.c and protocol_auth.c. The new protocol was added there as well,
leading to spaghetti code. To improve things, the new protocol will now
be implemented in sptps.[ch].

The goal is to have a very simplified version of TLS. There is a record
layer, and there are only two record types: application data and
handshake messages. The handshake message contains a random nonce, an
ephemeral ECDH public key, and an ECDSA signature over the former. After
the ECDH public keys are exchanged, a shared secret is calculated, and a
TLS style PRF is used to generate the key material for the cipher and
HMAC algorithm, and further communication is encrypted and authenticated.

A lot of the simplicity comes from the fact that both sides must have
each other's public keys in advance, and there are no options to choose.
There will be one fixed cipher suite, and both peers always authenticate
each other. (Inspiration taken from Ian Grigg's hypotheses[0].)
There might be some compromise in the future, to enable or disable
encryption, authentication and compression, but there will be no choice
of algorithms. This will allow SPTPS to be built with a few embedded
crypto algorithms instead of linking with huge crypto libraries.

The API is also kept simple. There is a start and a stop function. All
data necessary to make the connection work is passed in the start
function. Instead having both send- and receive-record functions, there
is a send-record function and a receive-data function. The latter will
pass protocol data received from the peer to the SPTPS implementation,
which will in turn call a receive-record callback function when
necessary. This hides all the handshaking from the application, and is
completely independent from any event loop or socket characteristics.

[0] http://iang.org/ssl/hn_hypotheses_in_secure_protocol_design.html

13 years agoReleasing 1.0.16. release-1.0.16
Guus Sliepen [Sat, 23 Jul 2011 12:12:23 +0000 (14:12 +0200)]
Releasing 1.0.16.

13 years agoUse usleep() instead of sleep(), MinGW complained.
Guus Sliepen [Sat, 23 Jul 2011 12:11:44 +0000 (14:11 +0200)]
Use usleep() instead of sleep(), MinGW complained.

13 years agoDon't abort() on low-level crypto errors, just return false.
Guus Sliepen [Wed, 20 Jul 2011 06:19:18 +0000 (08:19 +0200)]
Don't abort() on low-level crypto errors, just return false.

The abort() calls were accidentily left in for debugging.

13 years agoFix tinc 1.0.x daemons connecting when ExperimentalProtocol = yes.
Guus Sliepen [Tue, 19 Jul 2011 19:11:11 +0000 (21:11 +0200)]
Fix tinc 1.0.x daemons connecting when ExperimentalProtocol = yes.

13 years agoReleasing 1.1pre2. release-1.1pre2
Guus Sliepen [Sun, 17 Jul 2011 18:09:08 +0000 (20:09 +0200)]
Releasing 1.1pre2.

13 years agoAdd missing newline.
Guus Sliepen [Sun, 17 Jul 2011 18:06:06 +0000 (20:06 +0200)]
Add missing newline.

13 years agoWrite loopback address instead of "any" address in pidfile.
Guus Sliepen [Sun, 17 Jul 2011 18:01:24 +0000 (20:01 +0200)]
Write loopback address instead of "any" address in pidfile.

13 years agoFlush output buffer in send_tcppacket().
Guus Sliepen [Sun, 17 Jul 2011 17:34:01 +0000 (19:34 +0200)]
Flush output buffer in send_tcppacket().

This is mainly important for Windows, where the select() call in the
main thread is not being woken up when the tapreader thread calls
route(), causing a delay of up to 1 second before the output buffer is
flushed. This would cause bad performance when UDP communication is not
possible.

13 years ago"tincctl stop" now removes the tinc service on Windows.
Guus Sliepen [Sun, 17 Jul 2011 17:23:52 +0000 (19:23 +0200)]
"tincctl stop" now removes the tinc service on Windows.

13 years agoFix declaration of usleep().
Guus Sliepen [Sun, 17 Jul 2011 16:02:56 +0000 (18:02 +0200)]
Fix declaration of usleep().

13 years agoEnsure symlinked files do not end up in the tarball.
Guus Sliepen [Sun, 17 Jul 2011 08:59:54 +0000 (10:59 +0200)]
Ensure symlinked files do not end up in the tarball.

13 years agoUse const pointer to source in base64 and hex routines.
Guus Sliepen [Sat, 16 Jul 2011 20:38:50 +0000 (22:38 +0200)]
Use const pointer to source in base64 and hex routines.

13 years agoUse usleep() instead of sleep(), MinGW complained.
Guus Sliepen [Sat, 16 Jul 2011 20:38:22 +0000 (22:38 +0200)]
Use usleep() instead of sleep(), MinGW complained.

13 years agoUpdate info manual.
Guus Sliepen [Sat, 16 Jul 2011 19:44:17 +0000 (21:44 +0200)]
Update info manual.

13 years agoUse ECDSA to sign ECDH key exchange for UDP session keys.
Guus Sliepen [Sat, 16 Jul 2011 18:21:44 +0000 (20:21 +0200)]
Use ECDSA to sign ECDH key exchange for UDP session keys.

The ECDSA public keys will also be included in the ANS_KEY requests,
but are only used when no ECDSA public key is known yet.

13 years agoUse the same logic as tinc 1.0.x for detecting two nodes with the same Name.
Guus Sliepen [Sat, 16 Jul 2011 13:21:37 +0000 (15:21 +0200)]
Use the same logic as tinc 1.0.x for detecting two nodes with the same Name.

13 years agoUse the correct direction flag when setting cipher keys.
Guus Sliepen [Sat, 16 Jul 2011 13:15:29 +0000 (15:15 +0200)]
Use the correct direction flag when setting cipher keys.

The flag was set incorrectly, but for most ciphers this does not have
any effect. AES in any of the block modes is picky about it though.

13 years agoMake code to detect two nodes with the same Name less triggerhappy.
Guus Sliepen [Sat, 16 Jul 2011 08:47:35 +0000 (10:47 +0200)]
Make code to detect two nodes with the same Name less triggerhappy.

First of all, if there really are two nodes with the same name, much
more than 10 contradicting ADD_EDGE and DEL_EDGE messages will be sent.
Also, we forgot to reset the counters when nothing happened.

In case there is a ADD_EDGE/DEL_EDGE storm, we do not shut down, but
sleep an increasing amount of time, allowing tinc to recover gracefully
from temporary failures.

13 years agoFix compiler warnings.
Guus Sliepen [Wed, 13 Jul 2011 20:52:52 +0000 (22:52 +0200)]
Fix compiler warnings.

13 years agoRemove unnecessary variables and functions.
Guus Sliepen [Wed, 13 Jul 2011 20:29:30 +0000 (22:29 +0200)]
Remove unnecessary variables and functions.

13 years agoMake use of the improved hex and base64 functions.
Guus Sliepen [Tue, 12 Jul 2011 21:43:12 +0000 (23:43 +0200)]
Make use of the improved hex and base64 functions.

Also, use base64 for all EC related data, it is shorter and easy to
distinguish from the legacy protocol.

13 years agoMake hexadecimal and base64 routines behave the same.
Guus Sliepen [Tue, 12 Jul 2011 20:54:49 +0000 (22:54 +0200)]
Make hexadecimal and base64 routines behave the same.

The length parameter for the encoding functions is the length of the
binary input, and for the decoding functions it is the maximum size of
the binary output.

The return value is always the length of the resulting output, excluding
the terminating NULL character for the encoding routines.

All functions can encode and decode in-place. The encoding functions
will always write a terminating NULL character, and the decoding
functions will stop at a NULL character.

13 years agoDon't use wildcards in filenames in configure.in.
Guus Sliepen [Mon, 11 Jul 2011 20:14:06 +0000 (22:14 +0200)]
Don't use wildcards in filenames in configure.in.

13 years agoRequire ExperimentalProtocol = yes for new features, update documentation.
Guus Sliepen [Mon, 11 Jul 2011 19:54:01 +0000 (21:54 +0200)]
Require ExperimentalProtocol = yes for new features, update documentation.

13 years agoClose meta connection socket after cleaning up event structures.
Guus Sliepen [Sun, 10 Jul 2011 20:46:43 +0000 (22:46 +0200)]
Close meta connection socket after cleaning up event structures.

Epoll doesn't like it when an already closed filedescriptor is being
removed, so we defer closing the socket until after all else is cleaned
up.

13 years agoAutomatically exchange ECDSA keys and upgrade to new authentication protocol.
Guus Sliepen [Sun, 10 Jul 2011 20:34:17 +0000 (22:34 +0200)]
Automatically exchange ECDSA keys and upgrade to new authentication protocol.

If we don't have ECDSA keys for the node we connect to, set protocol_minor
to 1, to indicate this to the other end. This will first complete the
old way of authentication with RSA keys, and will then exchange ECDSA keys.
The connection will be terminated right afterwards, and the next attempt
will use ECDSA keys.

13 years agoFree ECDSA and RSA structures when freeing a connection_t.
Guus Sliepen [Sun, 10 Jul 2011 19:02:34 +0000 (21:02 +0200)]
Free ECDSA and RSA structures when freeing a connection_t.

13 years agoHash input before signing it with ECDSA.
Guus Sliepen [Fri, 8 Jul 2011 16:17:34 +0000 (18:17 +0200)]
Hash input before signing it with ECDSA.

13 years agoVery primitive ECDSA signed ECDH key exchange for the meta protocol.
Guus Sliepen [Thu, 7 Jul 2011 20:30:55 +0000 (22:30 +0200)]
Very primitive ECDSA signed ECDH key exchange for the meta protocol.

Nonces and hash of the ID requests should be included in the seed for the PRF.

13 years agoRead ECDSA keys.
Guus Sliepen [Thu, 7 Jul 2011 20:28:25 +0000 (22:28 +0200)]
Read ECDSA keys.

13 years agoImplement ECDSA sign and verify operations.
Guus Sliepen [Thu, 7 Jul 2011 20:27:17 +0000 (22:27 +0200)]
Implement ECDSA sign and verify operations.

Very basic at the moment, doesn't hash the input first,
and uses OpenSSL's DER encoded signature as output.

13 years agoBump minor protocol to indicate ECDH capability for UDP session keys.
Guus Sliepen [Tue, 5 Jul 2011 19:29:31 +0000 (21:29 +0200)]
Bump minor protocol to indicate ECDH capability for UDP session keys.

13 years agoAdd a minor number to the protocol version.
Guus Sliepen [Tue, 5 Jul 2011 19:19:48 +0000 (21:19 +0200)]
Add a minor number to the protocol version.

13 years agoRound up the size of the secret parts after splitting it in two.
Guus Sliepen [Mon, 4 Jul 2011 05:51:47 +0000 (07:51 +0200)]
Round up the size of the secret parts after splitting it in two.

13 years agoAdd ECDSA key import.
Guus Sliepen [Sun, 3 Jul 2011 21:44:43 +0000 (23:44 +0200)]
Add ECDSA key import.

13 years agoFinish base64 decoding routine.
Guus Sliepen [Sun, 3 Jul 2011 21:33:56 +0000 (23:33 +0200)]
Finish base64 decoding routine.

13 years agoHave tincctl generate ECDSA keys.
Guus Sliepen [Sun, 3 Jul 2011 20:25:29 +0000 (22:25 +0200)]
Have tincctl generate ECDSA keys.

The generate-keys command now generates both an RSA and an ECDSA keypair,
but one can generate-rsa-keys or generate-ecdsa-keys to just generate one type.

13 years agoAdd ECDSA key generation.
Guus Sliepen [Sun, 3 Jul 2011 20:15:00 +0000 (22:15 +0200)]
Add ECDSA key generation.

13 years agoBase64 encoding and decoding functions.
Guus Sliepen [Sun, 3 Jul 2011 20:13:58 +0000 (22:13 +0200)]
Base64 encoding and decoding functions.

13 years agoCleanups in ECDH code.
Guus Sliepen [Sun, 3 Jul 2011 20:13:34 +0000 (22:13 +0200)]
Cleanups in ECDH code.

13 years agoNo need to keep around pointers to EC_GROUP.
Guus Sliepen [Sun, 3 Jul 2011 19:21:37 +0000 (21:21 +0200)]
No need to keep around pointers to EC_GROUP.

13 years agoProper use of PRF.
Guus Sliepen [Sun, 3 Jul 2011 14:30:49 +0000 (16:30 +0200)]
Proper use of PRF.

13 years agoUse PRF.
Guus Sliepen [Sun, 3 Jul 2011 13:59:49 +0000 (15:59 +0200)]
Use PRF.

13 years agoAdd PRF to derive key material from the ECDH shared secret.
Guus Sliepen [Sun, 3 Jul 2011 13:26:58 +0000 (15:26 +0200)]
Add PRF to derive key material from the ECDH shared secret.

It is modelled after the pseudorandom function from RFC4346 (TLS 1.1), the only
significant change is the use of SHA512 and Whirlpool instead of MD5 and SHA1.