Merge branch 'master' into 1.1
[oweals/tinc.git] / src / protocol_key.c
index 22692bb614e97632d2224bedbd77b1fb28647976..f57dc2ea059ff07d01d104c8e3df46b48c60287a 100644 (file)
 
 #include "system.h"
 
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-#include "avl_tree.h"
+#include "splay_tree.h"
+#include "cipher.h"
 #include "connection.h"
+#include "crypto.h"
 #include "logger.h"
 #include "net.h"
 #include "netutl.h"
 #include "utils.h"
 #include "xalloc.h"
 
-bool mykeyused = false;
+static bool mykeyused = false;
 
 void send_key_changed() {
-       avl_node_t *node;
+       splay_node_t *node;
        connection_t *c;
 
        send_request(broadcast, "%d %x %s", KEY_CHANGED, rand(), myself->name);
@@ -51,22 +49,17 @@ void send_key_changed() {
        }
 }
 
-bool key_changed_h(connection_t *c) {
+bool key_changed_h(connection_t *c, char *request) {
        char name[MAX_STRING_SIZE];
        node_t *n;
 
-       if(sscanf(c->buffer, "%*d %*x " MAX_STRING, name) != 1) {
+       if(sscanf(request, "%*d %*x " MAX_STRING, name) != 1) {
                logger(LOG_ERR, "Got bad %s from %s (%s)", "KEY_CHANGED",
                           c->name, c->hostname);
                return false;
        }
 
-       if(!check_id(name)) {
-               logger(LOG_ERR, "Got bad %s from %s (%s): %s", "KEY_CHANGED", c->name, c->hostname, "invalid name");
-               return false;
-       }
-
-       if(seen_request(c->buffer))
+       if(seen_request(request))
                return true;
 
        n = lookup_node(name);
@@ -83,7 +76,7 @@ bool key_changed_h(connection_t *c) {
        /* Tell the others */
 
        if(!tunnelserver)
-               forward_request(c);
+               forward_request(c, request);
 
        return true;
 }
@@ -92,12 +85,12 @@ bool send_req_key(node_t *to) {
        return send_request(to->nexthop->connection, "%d %s %s", REQ_KEY, myself->name, to->name);
 }
 
-bool req_key_h(connection_t *c) {
+bool req_key_h(connection_t *c, char *request) {
        char from_name[MAX_STRING_SIZE];
        char to_name[MAX_STRING_SIZE];
        node_t *from, *to;
 
-       if(sscanf(c->buffer, "%*d " MAX_STRING " " MAX_STRING, from_name, to_name) != 2) {
+       if(sscanf(request, "%*d " MAX_STRING " " MAX_STRING, from_name, to_name) != 2) {
                logger(LOG_ERR, "Got bad %s from %s (%s)", "REQ_KEY", c->name,
                           c->hostname);
                return false;
@@ -127,6 +120,7 @@ bool req_key_h(connection_t *c) {
        /* Check if this key request is for us */
 
        if(to == myself) {                      /* Yes, send our own key back */
+
                send_ans_key(from);
        } else {
                if(tunnelserver)
@@ -138,57 +132,50 @@ bool req_key_h(connection_t *c) {
                        return true;
                }
 
-               send_request(to->nexthop->connection, "%s", c->buffer);
+               send_request(to->nexthop->connection, "%s", request);
        }
 
        return true;
 }
 
 bool send_ans_key(node_t *to) {
-       char *key;
+       size_t keylen = cipher_keylength(&myself->incipher);
+       char key[keylen * 2 + 1];
 
-       // Set key parameters
-       to->incipher = myself->incipher;
-       to->inkeylength = myself->inkeylength;
-       to->indigest = myself->indigest;
-       to->inmaclength = myself->inmaclength;
+       cipher_open_by_nid(&to->incipher, cipher_get_nid(&myself->incipher));
+       digest_open_by_nid(&to->indigest, digest_get_nid(&myself->indigest), digest_length(&myself->indigest));
        to->incompression = myself->incompression;
 
-       // Allocate memory for key
-       to->inkey = xrealloc(to->inkey, to->inkeylength);
+       randomize(key, keylen);
+       cipher_set_key(&to->incipher, key, true);
+       digest_set_key(&to->indigest, key, keylen);
 
-       // Create a new key
-       RAND_pseudo_bytes((unsigned char *)to->inkey, to->inkeylength);
-       if(to->incipher)
-               EVP_DecryptInit_ex(&to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len);
+       bin2hex(key, key, keylen);
+       key[keylen * 2] = '\0';
 
        // Reset sequence number and late packet window
        mykeyused = true;
        to->received_seqno = 0;
        memset(to->late, 0, sizeof(to->late));
 
-       // Convert to hexadecimal and send
-       key = alloca(2 * to->inkeylength + 1);
-       bin2hex(to->inkey, key, to->inkeylength);
-       key[to->inkeylength * 2] = '\0';
-
-       return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
-                       myself->name, to->name, key,
-                       to->incipher ? to->incipher->nid : 0,
-                       to->indigest ? to->indigest->type : 0, to->inmaclength,
-                       to->incompression);
+       return send_request(to->nexthop->connection, "%d %s %s %s %d %d %zu %d", ANS_KEY,
+                                               myself->name, to->name, key,
+                                               cipher_get_nid(&to->incipher),
+                                               digest_get_nid(&to->indigest),
+                                               digest_length(&to->indigest),
+                                               to->incompression);
 }
 
-bool ans_key_h(connection_t *c) {
+bool ans_key_h(connection_t *c, char *request) {
        char from_name[MAX_STRING_SIZE];
        char to_name[MAX_STRING_SIZE];
        char key[MAX_STRING_SIZE];
-       char address[MAX_STRING_SIZE] = "";
-       char port[MAX_STRING_SIZE] = "";
-       int cipher, digest, maclength, compression;
+        char address[MAX_STRING_SIZE] = "";
+        char port[MAX_STRING_SIZE] = "";
+       int cipher, digest, maclength, compression, keylen;
        node_t *from, *to;
 
-       if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d "MAX_STRING" "MAX_STRING,
+       if(sscanf(request, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d "MAX_STRING" "MAX_STRING,
                from_name, to_name, key, &cipher, &digest, &maclength,
                &compression, address, port) < 7) {
                logger(LOG_ERR, "Got bad %s from %s (%s)", "ANS_KEY", c->name,
@@ -225,7 +212,7 @@ bool ans_key_h(connection_t *c) {
 
                if(!to->status.reachable) {
                        logger(LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable",
-                               "ANS_KEY", c->name, c->hostname, to_name);
+                                  "ANS_KEY", c->name, c->hostname, to_name);
                        return true;
                }
 
@@ -233,60 +220,37 @@ bool ans_key_h(connection_t *c) {
                        char *address, *port;
                        ifdebug(PROTOCOL) logger(LOG_DEBUG, "Appending reflexive UDP address to ANS_KEY from %s to %s", from->name, to->name);
                        sockaddr2str(&from->address, &address, &port);
-                       send_request(to->nexthop->connection, "%s %s %s", c->buffer, address, port);
+                       send_request(to->nexthop->connection, "%s %s %s", request, address, port);
                        free(address);
                        free(port);
                        return true;
                }
 
-               return send_request(to->nexthop->connection, "%s", c->buffer);
+               return send_request(to->nexthop->connection, "%s", request);
        }
 
-       /* Update our copy of the origin's packet key */
-       from->outkey = xrealloc(from->outkey, strlen(key) / 2);
-
-       from->outkey = xstrdup(key);
-       from->outkeylength = strlen(key) / 2;
-       hex2bin(key, from->outkey, from->outkeylength);
-
        /* Check and lookup cipher and digest algorithms */
 
-       if(cipher) {
-               from->outcipher = EVP_get_cipherbynid(cipher);
-
-               if(!from->outcipher) {
-                       logger(LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name,
-                                  from->hostname);
-                       return true;
-               }
-
-               if(from->outkeylength != from->outcipher->key_len + from->outcipher->iv_len) {
-                       logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name,
-                                  from->hostname);
-                       return true;
-               }
-       } else {
-               from->outcipher = NULL;
+       if(!cipher_open_by_nid(&from->outcipher, cipher)) {
+               logger(LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name, from->hostname);
+               return false;
        }
 
-       from->outmaclength = maclength;
+       keylen = strlen(key) / 2;
 
-       if(digest) {
-               from->outdigest = EVP_get_digestbynid(digest);
+       if(keylen != cipher_keylength(&from->outcipher)) {
+               logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name, from->hostname);
+               return false;
+       }
 
-               if(!from->outdigest) {
-                       logger(LOG_ERR, "Node %s (%s) uses unknown digest!", from->name,
-                                  from->hostname);
-                       return true;
-               }
+       if(!digest_open_by_nid(&from->outdigest, digest, maclength)) {
+               logger(LOG_ERR, "Node %s (%s) uses unknown digest!", from->name, from->hostname);
+               return false;
+       }
 
-               if(from->outmaclength > from->outdigest->md_size || from->outmaclength < 0) {
-                       logger(LOG_ERR, "Node %s (%s) uses bogus MAC length!",
-                                  from->name, from->hostname);
-                       return true;
-               }
-       } else {
-               from->outdigest = NULL;
+       if(maclength != digest_length(&from->outdigest)) {
+               logger(LOG_ERR, "Node %s (%s) uses bogus MAC length!", from->name, from->hostname);
+               return false;
        }
 
        if(compression < 0 || compression > 11) {
@@ -296,12 +260,11 @@ bool ans_key_h(connection_t *c) {
        
        from->outcompression = compression;
 
-       if(from->outcipher)
-               if(!EVP_EncryptInit_ex(&from->outctx, from->outcipher, NULL, (unsigned char *)from->outkey, (unsigned char *)from->outkey + from->outcipher->key_len)) {
-                       logger(LOG_ERR, "Error during initialisation of key from %s (%s): %s",
-                                       from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL));
-                       return true;
-               }
+       /* Update our copy of the origin's packet key */
+
+       hex2bin(key, key, keylen);
+       cipher_set_key(&from->outcipher, key, false);
+       digest_set_key(&from->outdigest, key, keylen);
 
        from->status.validkey = true;
        from->sent_seqno = 0;