Merge branch 'master' into 1.1

[meshlink] / src / protocol_key.c

diff --git a/src/protocol_key.c b/src/protocol_key.c
index 52666d998698d2d1f6d89f01f67836bf067aa51a..60e9d73691b7c6993effaf99ca317bcadf11a3a4 100644 (file)
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -1,7 +1,7 @@
 /*
     protocol_key.c -- handle the meta-protocol, key exchange
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2006 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2009 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -25,6 +25,7 @@
 #include "splay_tree.h"
 #include "cipher.h"
 #include "connection.h"
+#include "crypto.h"
 #include "logger.h"
 #include "net.h"
 #include "netutl.h"
@@ -35,17 +36,17 @@
 
 static bool mykeyused = false;
 
-bool send_key_changed(connection_t *c, const node_t *n) {
+bool send_key_changed() {
        cp();
 
        /* Only send this message if some other daemon requested our key previously.
           This reduces unnecessary key_changed broadcasts.
         */
 
-       if(n == myself && !mykeyused)
+       if(!mykeyused)
                return true;
 
-       return send_request(c, "%d %lx %s", KEY_CHANGED, random(), n->name);
+       return send_request(broadcast, "%d %x %s", KEY_CHANGED, rand(), myself->name);
 }
 
 bool key_changed_h(connection_t *c, char *request) {
@@ -82,10 +83,10 @@ bool key_changed_h(connection_t *c, char *request) {
        return true;
 }
 
-bool send_req_key(connection_t *c, const node_t *from, const node_t *to) {
+bool send_req_key(node_t *to) {
        cp();
 
-       return send_request(c, "%d %s %s", REQ_KEY, from->name, to->name);
+       return send_request(to->nexthop->connection, "%d %s %s", REQ_KEY, myself->name, to->name);
 }
 
 bool req_key_h(connection_t *c, char *request) {
@@ -120,35 +121,51 @@ bool req_key_h(connection_t *c, char *request) {
        /* Check if this key request is for us */
 
        if(to == myself) {                      /* Yes, send our own key back */
-               mykeyused = true;
-               from->received_seqno = 0;
-               memset(from->late, 0, sizeof(from->late));
-               send_ans_key(c, myself, from);
+
+               send_ans_key(from);
        } else {
                if(tunnelserver)
                        return false;
 
-               send_req_key(to->nexthop->connection, from, to);
+               if(!to->status.reachable) {
+                       logger(LOG_WARNING, _("Got %s from %s (%s) destination %s which is not reachable"),
+                               "REQ_KEY", c->name, c->hostname, to_name);
+                       return true;
+               }
+
+               send_request(to->nexthop->connection, "%s", request);
        }
 
        return true;
 }
 
-bool send_ans_key(connection_t *c, const node_t *from, const node_t *to) {
-       size_t keylen = cipher_keylength(&from->cipher);
+bool send_ans_key(node_t *to) {
+       size_t keylen = cipher_keylength(&myself->incipher);
        char key[keylen * 2 + 1];
 
        cp();
 
-       cipher_get_key(&from->cipher, key);
+       cipher_open_by_nid(&to->incipher, cipher_get_nid(&myself->incipher));
+       digest_open_by_nid(&to->indigest, digest_get_nid(&myself->indigest), digest_length(&myself->indigest));
+       to->incompression = myself->incompression;
+
+       randomize(key, keylen);
+       cipher_set_key(&to->incipher, key, true);
+
        bin2hex(key, key, keylen);
        key[keylen * 2] = '\0';
 
-       return send_request(c, "%d %s %s %s %d %d %d %d", ANS_KEY,
-                                               from->name, to->name, key,
-                                               cipher_get_nid(&from->cipher),
-                                               digest_get_nid(&from->digest), from->maclength,
-                                               from->compression);
+       // Reset sequence number and late packet window
+       mykeyused = true;
+       to->received_seqno = 0;
+       memset(to->late, 0, sizeof(to->late));
+
+       return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
+                                               myself->name, to->name, key,
+                                               cipher_get_nid(&to->incipher),
+                                               digest_get_nid(&to->indigest),
+                                               digest_length(&to->indigest),
+                                               to->incompression);
 }
 
 bool ans_key_h(connection_t *c, char *request) {
@@ -190,29 +207,33 @@ bool ans_key_h(connection_t *c, char *request) {
                if(tunnelserver)
                        return false;
 
+               if(!to->status.reachable) {
+                       logger(LOG_WARNING, _("Got %s from %s (%s) destination %s which is not reachable"),
+                                  "ANS_KEY", c->name, c->hostname, to_name);
+                       return true;
+               }
+
                return send_request(to->nexthop->connection, "%s", request);
        }
 
        /* Check and lookup cipher and digest algorithms */
 
-       if(!cipher_open_by_nid(&from->cipher, cipher)) {
+       if(!cipher_open_by_nid(&from->outcipher, cipher)) {
                logger(LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name, from->hostname);
                return false;
        }
 
-       if(strlen(key) / 2 != cipher_keylength(&from->cipher)) {
+       if(strlen(key) / 2 != cipher_keylength(&from->outcipher)) {
                logger(LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name, from->hostname);
                return false;
        }
 
-       from->maclength = maclength;
-
-       if(!digest_open_by_nid(&from->digest, digest)) {
+       if(!digest_open_by_nid(&from->outdigest, digest, maclength)) {
                logger(LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name, from->hostname);
                return false;
        }
 
-       if(from->maclength > digest_length(&from->digest) || from->maclength < 0) {
+       if(maclength != digest_length(&from->outdigest)) {
                logger(LOG_ERR, _("Node %s (%s) uses bogus MAC length!"), from->name, from->hostname);
                return false;
        }
@@ -222,12 +243,12 @@ bool ans_key_h(connection_t *c, char *request) {
                return false;
        }
        
-       from->compression = compression;
+       from->outcompression = compression;
 
        /* Update our copy of the origin's packet key */
 
-       hex2bin(key, key, cipher_keylength(&from->cipher));
-       cipher_set_key(&from->cipher, key, false);
+       hex2bin(key, key, cipher_keylength(&from->outcipher));
+       cipher_set_key(&from->outcipher, key, false);
 
        from->status.validkey = true;
        from->status.waitingforkey = false;
@@ -236,7 +257,5 @@ bool ans_key_h(connection_t *c, char *request) {
        if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes)
                send_mtu_probe(from);
 
-       flush_queue(from);
-
        return true;
 }