- /* Convert the encrypted random data to a hexadecimal formatted string */
-
- bin2hex(enckey, hexkey, len);
-
- /* Send the meta key */
-
- bool result = send_request(c, "%d %d %d %d %d %s", METAKEY,
- cipher_get_nid(&c->outcipher),
- digest_get_nid(&c->outdigest), c->outmaclength,
- c->outcompression, hexkey);
-
- c->status.encryptout = true;
- return result;
-}
-
-bool metakey_h(connection_t *c, const char *request) {
- char hexkey[MAX_STRING_SIZE];
- int cipher, digest, maclength, compression;
- size_t len = rsa_size(&myself->connection->rsa);
- char enckey[len];
- char key[len];
-
- if(sscanf(request, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, &compression, hexkey) != 5) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "METAKEY", c->name, c->hostname);
- return false;
- }
-
- /* Convert the challenge from hexadecimal back to binary */
-
- int inlen = hex2bin(hexkey, enckey, sizeof enckey);
-
- /* Check if the length of the meta key is all right */
-
- if(inlen != len) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong keylength");
- return false;
- }
-
- /* Decrypt the meta key */
-
- if(!rsa_private_decrypt(&myself->connection->rsa, enckey, len, key)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error during decryption of meta key for %s (%s)", c->name, c->hostname);
- return false;
- }
-
- if(debug_level >= DEBUG_SCARY_THINGS) {
- bin2hex(key, hexkey, len);
- logger(DEBUG_SCARY_THINGS, LOG_DEBUG, "Received random meta key (unencrypted): %s", hexkey);
- }
-
- /* Check and lookup cipher and digest algorithms */
-
- if(!cipher_open_by_nid(&c->incipher, cipher) || !cipher_set_key_from_rsa(&c->incipher, key, len, false)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of cipher from %s (%s)", c->name, c->hostname);
- return false;
- }
-
- if(!digest_open_by_nid(&c->indigest, digest, -1)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Error during initialisation of digest from %s (%s)", c->name, c->hostname);
- return false;
- }
-
- c->status.decryptin = true;
-
- c->allow_request = CHALLENGE;
-
- return send_challenge(c);
-}
-
-bool send_challenge(connection_t *c) {
- size_t len = rsa_size(&c->rsa);
- char buffer[len * 2 + 1];
-
- if(!c->hischallenge)
- c->hischallenge = xrealloc(c->hischallenge, len);
-
- /* Copy random data to the buffer */
-
- randomize(c->hischallenge, len);
-
- /* Convert to hex */
-
- bin2hex(c->hischallenge, buffer, len);
-
- /* Send the challenge */
-
- return send_request(c, "%d %s", CHALLENGE, buffer);
-}
-
-bool challenge_h(connection_t *c, const char *request) {
- char buffer[MAX_STRING_SIZE];
- size_t len = rsa_size(&myself->connection->rsa);
- size_t digestlen = digest_length(&c->indigest);
- char digest[digestlen];
-
- if(sscanf(request, "%*d " MAX_STRING, buffer) != 1) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "CHALLENGE", c->name, c->hostname);
- return false;
- }
-
- /* Convert the challenge from hexadecimal back to binary */
-
- int inlen = hex2bin(buffer, buffer, sizeof buffer);
-
- /* Check if the length of the challenge is all right */
-
- if(inlen != len) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge length");
- return false;
- }
-
- c->allow_request = CHAL_REPLY;
-
- /* Calculate the hash from the challenge we received */
-
- digest_create(&c->indigest, buffer, len, digest);
-
- /* Convert the hash to a hexadecimal formatted string */
-
- bin2hex(digest, buffer, digestlen);
-
- /* Send the reply */
-
- return send_request(c, "%d %s", CHAL_REPLY, buffer);
-}
-
-bool chal_reply_h(connection_t *c, const char *request) {
- char hishash[MAX_STRING_SIZE];
-
- if(sscanf(request, "%*d " MAX_STRING, hishash) != 1) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "CHAL_REPLY", c->name,
- c->hostname);
- return false;
- }
-
- /* Convert the hash to binary format */
-
- int inlen = hex2bin(hishash, hishash, sizeof hishash);
-
- /* Check if the length of the hash is all right */
-
- if(inlen != digest_length(&c->outdigest)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply length");
- return false;
- }
-
-
- /* Verify the hash */
-
- if(!digest_verify(&c->outdigest, c->hischallenge, rsa_size(&c->rsa), hishash)) {
- logger(DEBUG_ALWAYS, LOG_ERR, "Possible intruder %s (%s): %s", c->name, c->hostname, "wrong challenge reply");
- return false;
- }
-
- /* Identity has now been positively verified.
- Send an acknowledgement with the rest of the information needed.
- */
-
- free(c->hischallenge);
- c->hischallenge = NULL;