X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=src%2Fnet_setup.c;h=91c71c3fec08abab373171537857d2879013ab4a;hb=fb7b6e7a0c966a88a682f656ca1caeb9a0583c5b;hp=32946dab14ac021654c312311af9993ac94d8c50;hpb=158cbe99f972a1613b7d4d95abfe5fe48e019e67;p=meshlink diff --git a/src/net_setup.c b/src/net_setup.c index 32946dab..91c71c3f 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -30,7 +30,6 @@ #include "netutl.h" #include "protocol.h" #include "route.h" -#include "rsa.h" #include "utils.h" #include "xalloc.h" @@ -129,44 +128,6 @@ bool read_ecdsa_public_key(connection_t *c) { return c->ecdsa; } -bool read_rsa_public_key(connection_t *c) { - if(ecdsa_active(c->ecdsa)) - return true; - - FILE *fp; - char *fname; - char *n; - - /* First, check for simple PublicKey statement */ - - if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &n)) { - c->rsa = rsa_set_hex_public_key(n, "FFFF"); - free(n); - return c->rsa; - } - - /* Else, check for PublicKeyFile statement and read it */ - - if(!get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) - xasprintf(&fname, "%s" SLASH "hosts" SLASH "%s", confbase, c->name); - - fp = fopen(fname, "r"); - - if(!fp) { - logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA public key file `%s': %s", fname, strerror(errno)); - free(fname); - return false; - } - - c->rsa = rsa_read_pem_public_key(fp); - fclose(fp); - - if(!c->rsa) - logger(DEBUG_ALWAYS, LOG_ERR, "Reading RSA public key file `%s' failed: %s", fname, strerror(errno)); - free(fname); - return c->rsa; -} - static bool read_ecdsa_private_key(void) { FILE *fp; char *fname; @@ -232,61 +193,6 @@ static bool read_invitation_key(void) { return invitation_key; } -static bool read_rsa_private_key(void) { - FILE *fp; - char *fname; - char *n, *d; - - /* First, check for simple PrivateKey statement */ - - if(get_config_string(lookup_config(config_tree, "PrivateKey"), &d)) { - if(!get_config_string(lookup_config(config_tree, "PublicKey"), &n)) { - logger(DEBUG_ALWAYS, LOG_ERR, "PrivateKey used but no PublicKey found!"); - free(d); - return false; - } - myself->connection->rsa = rsa_set_hex_private_key(n, "FFFF", d); - free(n); - free(d); - return myself->connection->rsa; - } - - /* Else, check for PrivateKeyFile statement and read it */ - - if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) - xasprintf(&fname, "%s" SLASH "rsa_key.priv", confbase); - - fp = fopen(fname, "r"); - - if(!fp) { - logger(DEBUG_ALWAYS, LOG_ERR, "Error reading RSA private key file `%s': %s", - fname, strerror(errno)); - free(fname); - return false; - } - -#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN) - struct stat s; - - if(fstat(fileno(fp), &s)) { - logger(DEBUG_ALWAYS, LOG_ERR, "Could not stat RSA private key file `%s': %s'", fname, strerror(errno)); - free(fname); - return false; - } - - if(s.st_mode & ~0100700) - logger(DEBUG_ALWAYS, LOG_WARNING, "Warning: insecure file permissions for RSA private key file `%s'!", fname); -#endif - - myself->connection->rsa = rsa_read_pem_private_key(fp); - fclose(fp); - - if(!myself->connection->rsa) - logger(DEBUG_ALWAYS, LOG_ERR, "Reading RSA private key file `%s' failed: %s", fname, strerror(errno)); - free(fname); - return myself->connection->rsa; -} - static timeout_t keyexpire_timeout; static void keyexpire_handler(void *data) { @@ -671,16 +577,7 @@ bool setup_myself(void) { myself->options |= PROT_MINOR << 24; - if(!get_config_bool(lookup_config(config_tree, "ExperimentalProtocol"), &experimental)) { - experimental = read_ecdsa_private_key(); - if(!experimental) - logger(DEBUG_ALWAYS, LOG_WARNING, "Support for SPTPS disabled."); - } else { - if(experimental && !read_ecdsa_private_key()) - return false; - } - - if(!read_rsa_private_key()) + if(!read_ecdsa_private_key()) return false; /* Ensure myport is numeric */ @@ -717,44 +614,8 @@ bool setup_myself(void) { sptps_replaywin = replaywin; } - /* Generate packet encryption key */ - - if(!get_config_string(lookup_config(config_tree, "Cipher"), &cipher)) - cipher = xstrdup("blowfish"); - - if(!strcasecmp(cipher, "none")) { - myself->incipher = NULL; - } else if(!(myself->incipher = cipher_open_by_name(cipher))) { - logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized cipher type!"); - return false; - } - - free(cipher); - timeout_add(&keyexpire_timeout, keyexpire_handler, &keyexpire_timeout, &(struct timeval){keylifetime, rand() % 100000}); - /* Check if we want to use message authentication codes... */ - - int maclength = 4; - get_config_int(lookup_config(config_tree, "MACLength"), &maclength); - - if(maclength < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, "Bogus MAC length!"); - return false; - } - - if(!get_config_string(lookup_config(config_tree, "Digest"), &digest)) - digest = xstrdup("sha1"); - - if(!strcasecmp(digest, "none")) { - myself->indigest = NULL; - } else if(!(myself->indigest = digest_open_by_name(digest, maclength))) { - logger(DEBUG_ALWAYS, LOG_ERR, "Unrecognized digest type!"); - return false; - } - - free(digest); - /* Compression */ if(get_config_int(lookup_config(config_tree, "Compression"), &myself->incompression)) { @@ -773,7 +634,6 @@ bool setup_myself(void) { myself->via = myself; myself->status.reachable = true; myself->last_state_change = now.tv_sec; - myself->status.sptps = experimental; node_add(myself); graph();