Automatically exchange ECDSA keys and upgrade to new authentication protocol.
If we don't have ECDSA keys for the node we connect to, set protocol_minor
to 1, to indicate this to the other end. This will first complete the
old way of authentication with RSA keys, and will then exchange ECDSA keys.
The connection will be terminated right afterwards, and the next attempt
will use ECDSA keys.
The generate-keys command now generates both an RSA and an ECDSA keypair,
but one can generate-rsa-keys or generate-ecdsa-keys to just generate one type.
Add PRF to derive key material from the ECDH shared secret.
It is modelled after the pseudorandom function from RFC4346 (TLS 1.1), the only
significant change is the use of SHA512 and Whirlpool instead of MD5 and SHA1.
REQ_KEY requests have an extra field indicating key exchange version.
If it is present and > 0, the sender supports ECDH. If the receiver also
does, then it will generate a new keypair and sends the public key in a
ANS_KEY request with "ECDH:" prefixed. The ans_key_h() function will
compute the shared secret, which, at the moment,is used as is to set the
cipher and HMAC keys. However, this must be changed to use a proper KDF.
In the future, the ECDH key exchange must also be signed.
Guus Sliepen [Sat, 25 Jun 2011 19:35:27 +0000 (21:35 +0200)]
Make pid files backwards compatible and add address of listening socket.
The pid is now written first, so that a version 1.0.x tincd can be used to stop
a running version 1.1 tincd. Getsockname() is used to determine the address of
the first listening socket, so that tincctl can connect to the local tincd even
if AddressFamily = ipv6, or if BindToAddress or BindToInterface is used.
Guus Sliepen [Mon, 6 Jun 2011 14:26:11 +0000 (16:26 +0200)]
Improved --logfile option.
Instead of UNIX time, the log messages now start with the time in RFC3339
format, which human-readable and still easy for the computer to parse and sort.
The HUP signal will also cause the log file to be closed and reopened, which is
useful when log rotation is used. If there is an error while opening the log
file, this is logged to stderr.
Guus Sliepen [Fri, 3 Jun 2011 13:50:20 +0000 (15:50 +0200)]
Don't ignore SIGCHLD, system() needs it.
But we do ignore SIGPIPE, and tinc 1.0.x signals that are no longer used
(SIGUSR1 and SIGUSR2), since the default handler of these signals is to
terminate tincd immediately.
Guus Sliepen [Thu, 2 Jun 2011 18:27:16 +0000 (20:27 +0200)]
More stable sorting in tincctl top.
Although we use qsort(), which is not guaranteed to be stable, resorting the
previously sorted array is more stable than recreating and resorting the array
each time.
Guus Sliepen [Thu, 2 Jun 2011 15:45:06 +0000 (17:45 +0200)]
Drop the GNU malloc.c, realloc.c, and xmalloc.c.
We live in the 21st century, and we require C99 semantics, so we do not need to
work around buggy libcs. The xmalloc() and related functions are now static
inline functions.
Guus Sliepen [Thu, 2 Jun 2011 15:14:30 +0000 (17:14 +0200)]
Simplify signal handling.
We don't override any signal handlers anymore except those for SIGPIPE and
SIGCHLD. Fatal signals (SIGSEGV, SIGBUS etc.) will terminate tincd and
optionally dump core. The previous behaviour was to terminate gracefully and
try to restart, but that usually failed and made any core dump useless.
Guus Sliepen [Sun, 29 May 2011 12:41:05 +0000 (14:41 +0200)]
Allow tincctl to connect to something besides localhost.
This would allow tincctl to connect to a remote tincd, or to a local tincd that
isn't listening on localhost, for example if it is using the BindToInterface or
BindToAddress options.
Guus Sliepen [Sun, 22 May 2011 10:56:51 +0000 (12:56 +0200)]
Compact input buffer before trying to read instead of after.
Also log an error when the input buffer contains more than MAXBUFSIZE bytes
already, instead of silently claiming the other side closed the connection.