+ if(*siglen < MESHLINK_SIGLEN) {
+ meshlink_errno = MESHLINK_EINVAL;
+ return false;
+ }
+
+ pthread_mutex_lock(&(mesh->mesh_mutex));
+
+ if(!ecdsa_sign(mesh->self->connection->ecdsa, data, len, signature)) {
+ meshlink_errno = MESHLINK_EINTERNAL;
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return false;
+ }
+
+ *siglen = MESHLINK_SIGLEN;
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return true;
+}
+
+bool meshlink_verify(meshlink_handle_t *mesh, meshlink_node_t *source, const void *data, size_t len, const void *signature, size_t siglen) {
+ if(!mesh || !data || !len || !signature) {
+ meshlink_errno = MESHLINK_EINVAL;
+ return false;
+ }
+
+ if(siglen != MESHLINK_SIGLEN) {
+ meshlink_errno = MESHLINK_EINVAL;
+ return false;
+ }
+
+ pthread_mutex_lock(&(mesh->mesh_mutex));
+
+ bool rval = false;
+
+ struct node_t *n = (struct node_t *)source;
+ node_read_ecdsa_public_key(mesh, n);
+ if(!n->ecdsa) {
+ meshlink_errno = MESHLINK_EINTERNAL;
+ rval = false;
+ } else {
+ rval = ecdsa_verify(((struct node_t *)source)->ecdsa, data, len, signature);
+ }
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return rval;
+}
+
+static bool refresh_invitation_key(meshlink_handle_t *mesh) {
+ char filename[PATH_MAX];
+
+ pthread_mutex_lock(&(mesh->mesh_mutex));
+
+ snprintf(filename, sizeof filename, "%s" SLASH "invitations", mesh->confbase);
+ if(mkdir(filename, 0700) && errno != EEXIST) {
+ logger(mesh, MESHLINK_DEBUG, "Could not create directory %s: %s\n", filename, strerror(errno));
+ meshlink_errno = MESHLINK_ESTORAGE;
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return false;
+ }
+
+ // Count the number of valid invitations, clean up old ones
+ DIR *dir = opendir(filename);
+ if(!dir) {
+ logger(mesh, MESHLINK_DEBUG, "Could not read directory %s: %s\n", filename, strerror(errno));
+ meshlink_errno = MESHLINK_ESTORAGE;
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return false;
+ }
+
+ errno = 0;
+ int count = 0;
+ struct dirent *ent;
+ time_t deadline = time(NULL) - 604800; // 1 week in the past
+
+ while((ent = readdir(dir))) {
+ if(strlen(ent->d_name) != 24)
+ continue;
+ char invname[PATH_MAX];
+ struct stat st;
+ snprintf(invname, sizeof invname, "%s" SLASH "%s", filename, ent->d_name);
+ if(!stat(invname, &st)) {
+ if(mesh->invitation_key && deadline < st.st_mtime)
+ count++;
+ else
+ unlink(invname);
+ } else {
+ logger(mesh, MESHLINK_DEBUG, "Could not stat %s: %s\n", invname, strerror(errno));
+ errno = 0;
+ }
+ }
+
+ if(errno) {
+ logger(mesh, MESHLINK_DEBUG, "Error while reading directory %s: %s\n", filename, strerror(errno));
+ closedir(dir);
+ meshlink_errno = MESHLINK_ESTORAGE;
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return false;
+ }
+
+ closedir(dir);
+
+ snprintf(filename, sizeof filename, "%s" SLASH "invitations" SLASH "ecdsa_key.priv", mesh->confbase);
+
+ // Remove the key if there are no outstanding invitations.
+ if(!count) {
+ unlink(filename);
+ if(mesh->invitation_key) {
+ ecdsa_free(mesh->invitation_key);
+ mesh->invitation_key = NULL;
+ }
+ }
+
+ if(mesh->invitation_key) {
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return true;
+ }
+
+ // Create a new key if necessary.
+ FILE *f = fopen(filename, "r");
+ if(!f) {
+ if(errno != ENOENT) {
+ logger(mesh, MESHLINK_DEBUG, "Could not read %s: %s\n", filename, strerror(errno));
+ meshlink_errno = MESHLINK_ESTORAGE;
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return false;
+ }
+
+ mesh->invitation_key = ecdsa_generate();
+ if(!mesh->invitation_key) {
+ logger(mesh, MESHLINK_DEBUG, "Could not generate a new key!\n");
+ meshlink_errno = MESHLINK_EINTERNAL;
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return false;
+ }
+ f = fopen(filename, "w");
+ if(!f) {
+ logger(mesh, MESHLINK_DEBUG, "Could not write %s: %s\n", filename, strerror(errno));
+ meshlink_errno = MESHLINK_ESTORAGE;
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return false;
+ }
+ chmod(filename, 0600);
+ ecdsa_write_pem_private_key(mesh->invitation_key, f);
+ fclose(f);
+ } else {
+ mesh->invitation_key = ecdsa_read_pem_private_key(f);
+ fclose(f);
+ if(!mesh->invitation_key) {
+ logger(mesh, MESHLINK_DEBUG, "Could not read private key from %s\n", filename);
+ meshlink_errno = MESHLINK_ESTORAGE;
+ }
+ }
+
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return mesh->invitation_key;
+}
+
+bool meshlink_add_address(meshlink_handle_t *mesh, const char *address) {
+ if(!mesh || !address) {
+ meshlink_errno = MESHLINK_EINVAL;
+ return false;
+ }
+
+ bool rval = false;
+
+ pthread_mutex_lock(&(mesh->mesh_mutex));
+
+ for(const char *p = address; *p; p++) {
+ if(isalnum(*p) || *p == '-' || *p == '.' || *p == ':')
+ continue;
+ logger(mesh, MESHLINK_DEBUG, "Invalid character in address: %s\n", address);
+ meshlink_errno = MESHLINK_EINVAL;
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return false;
+ }
+
+ rval = append_config_file(mesh, mesh->self->name, "Address", address);
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return rval;
+}
+
+char *meshlink_invite(meshlink_handle_t *mesh, const char *name) {
+ if(!mesh) {
+ meshlink_errno = MESHLINK_EINVAL;
+ return NULL;
+ }
+
+ pthread_mutex_lock(&(mesh->mesh_mutex));
+
+ // Check validity of the new node's name
+ if(!check_id(name)) {
+ logger(mesh, MESHLINK_DEBUG, "Invalid name for node.\n");
+ meshlink_errno = MESHLINK_EINVAL;
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return NULL;
+ }
+
+ // Ensure no host configuration file with that name exists
+ char filename[PATH_MAX];
+ snprintf(filename, sizeof filename, "%s" SLASH "hosts" SLASH "%s", mesh->confbase, name);
+ if(!access(filename, F_OK)) {
+ logger(mesh, MESHLINK_DEBUG, "A host config file for %s already exists!\n", name);
+ meshlink_errno = MESHLINK_EEXIST;
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return NULL;
+ }
+
+ // Ensure no other nodes know about this name
+ if(meshlink_get_node(mesh, name)) {
+ logger(mesh, MESHLINK_DEBUG, "A node with name %s is already known!\n", name);
+ meshlink_errno = MESHLINK_EEXIST;
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return NULL;
+ }
+
+ // Get the local address
+ char *address = get_my_hostname(mesh);
+ if(!address) {
+ logger(mesh, MESHLINK_DEBUG, "No Address known for ourselves!\n");
+ meshlink_errno = MESHLINK_ERESOLV;
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return NULL;
+ }
+
+ if(!refresh_invitation_key(mesh)) {
+ meshlink_errno = MESHLINK_EINTERNAL;
+ pthread_mutex_unlock(&(mesh->mesh_mutex));
+ return NULL;
+ }
+
+ char hash[64];
+
+ // Create a hash of the key.
+ char *fingerprint = ecdsa_get_base64_public_key(mesh->invitation_key);
+ sha512(fingerprint, strlen(fingerprint), hash);
+ b64encode_urlsafe(hash, hash, 18);
+
+ // Create a random cookie for this invitation.
+ char cookie[25];
+ randomize(cookie, 18);