+Thu Mar 8 21:39:03 EET 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+ * Added assert()s to buffer formatting and unformatting routines
+ to assert (if --enable-debug) when error occurs. Affected
+ file: lib/silcutil/silcbuffmt.c.
+
+ * Changed to auto-reconnect to check whether the remote host is
+ router and register the re-connect timeout if it is. It used
+ to check that whether we are normal server, but router must do
+ auto-reconnect with another router as well. Affected file
+ silcd/server.c.
+
+ * Removed the [<key len>] option from CMODE command as the cipher
+ name decides the key length, nowadays. See the defined ciphers
+ from the protocol specification.
+
+ * Added [<hmac>] option to the CMODE command to define the HMAC
+ for the channel. Added SILC_CMODE_HMAC channel mode.
+
+ * Added [<hmac>] option for the JOIN command so that user can
+ select which HMAC is used to compute the MACs of the channel
+ messages.
+
+ * Added Hmac field to the Channel Message Payload. The integrity
+ of plaintext channel messages are now protected by computing
+ MAC of the message and attaching the MAC to the payload. The
+ MAC is not encrypted. Now, it is clear that this causes some
+ overhead to the size of the packet but rationale for this is that
+ now the receiver can verify whether the channel message decrypted
+ correctly and also when private keys are set for the channel the
+ receiver can decrypt the packet with several keys and check from
+ the MAC which key decrypted the message correctly.
+
+ * Added silc_cipher_encrypt and silc_cipher_decrypt into the
+ lib/silccrypt/silccipher.[ch].
+
+ * Added silc_hash_len to return the digest length into the
+ lib/silcrypt/silchash.[ch].
+
+ * Rewrote parts of Silc Channel Payload interface in the
+ lib/silccore/silcchannel.[ch]. The encode function now also
+ encrypts the packet and parse function decrypts it.
+
+ * Channel message delivery between routers was broken after the
+ channel key distribution was fixed earlier. The channel key
+ was used be to distributed to other routers as well which is not
+ allowed by the protocol. Now this is fixed and channel keys
+ really are cell specific and the channel message delivery between
+ routers comply with the protocol specification.
+
+Wed Mar 7 20:58:50 EET 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+ * Fixed a minor formatting bug in the SKE's key material processing.
+ It actually might have processed the keys wrong way resulting
+ into wrong keys.
+
+ * Redefined the mandatory HMAC algorithms and added new algorithms.
+ Added hmac-sha1-96 and hmac-md5-96 which are normal hmac-sha1
+ and hmac-md5 truncated to 96 bits. The mandatory is now
+ hmac-sha1-96. Rest are optional (including the one that used
+ to be mandatory). Rationale for this is that the truncated HMAC
+ length is sufficient from security point of view and can actually
+ make the attack against the HMAC harder. Also, the truncated
+ HMAC causes less overhead to the packets. See the RFC2104 for
+ more information.
+
+ * Added new [hmac] configuration section. The SKE used to use
+ the hash names (md5 and sha1) in the SKE proposal as HMCAS which
+ is of course wrong. The official names that must be proposed in
+ the SKE are the ones defined in the protocol specification
+ (hmac-sha1-96 for example). The user can configure any hmac
+ using any hash function configured in the [hash] section. At
+ least, the mandatory must be configured.
+
+ Rewrote the HMAC interface in lib/silccrypt/silchmac.[ch].
+
+ * Added HMAC list to the SKE proposal list. It has now both
+ hash algorithm list and HMAC list. This makes the protocol
+ incompatible with previous versions. The SKE now seems to work
+ the way it is supposed to work, for the first time actually.
+
+ * Defined plain Hash algorithms to the protocol specification.
+ Added sha1 and md5.
+
+Tue Mar 6 15:36:11 EET 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+ * Implemented support for key agreement packets into the server.
+ Added functions silc_server_key_agreement and
+ silc_server_send_key_agreement. Other than these functions,
+ server has nothing to do with this packet.
+
+ * Added support for private message key packets into the server.
+ Added functions silc_server_private_message_key and
+ silc_server_send_private_message_key.
+
+ * Updated TODO.
+
+ * Changed the silc_[client|server]_protocol_ke_set_keys to be
+ called in the protocol's final callback instead in the END
+ protocol state. This makes a little more sense and in the same
+ time in client we can use the same protocol routines for normal
+ key exchange and to key agreement packet handling as well.
+
+ * Added to both client's and server's KE protocol context the
+ SilcSKEKeyMaterial pointer to save the key material. We will
+ bring the key material to the protocol's final callback by doing
+ this. The final callback must free the key material.
+
+ * Added SKE's packet_send callback into client's KE protocol
+ context so that the caller can choose what packet sending function
+ is used. This way we can use different packet sending when
+ doing normal SKE when doing key agreement packet handling (in
+ the key agreement packet handling we do not want to encrypt
+ the packets).
+
+ * Implemented the responder side of the key agreement routines
+ in the client. The client can now bind to specified port and
+ accept incoming key negotiation. The key material is passed
+ to the application after the protocol is over.
+
+ * Implemented the processing of incoming Key Agreement packet
+ in the client. Added function silc_client_key_agreement to
+ process the packet.
+
+ * Implemented the intiator side of the key agreement routines
+ in the client. The client can now initiate key agreement with
+ another remote client. The key material is passed to the
+ application after the protocol is over.
+
+ * Created client_keyagr.c to include all the key agreement
+ routines.
+
+ * Added macro SILC_TASK_CALLBACK_GLOBAL which is equal to the
+ SILC_TASK_CALLBACK except that it is not static.
+
+ * Created client_notify.c and moved the Notify packet handling
+ from the client.[ch] into that file.
+
+ * Created client_prvmsg.c and moved all private message and
+ private message key routines from the client.[ch] into that file.
+
+ * Create client_channel.c and moved all channel message and
+ channel private key routines from the client.[ch] into that file.
+
+ * Changed silc_client_get_client_by_id_resolve to resolve with
+ WHOIS command instead of IDENTIFY command, in the file
+ lib/silclient/idlist.c.
+
+Mon Mar 5 18:39:49 EET 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+ * Implemented the SKE's responder side to the Client library.
+
+ * When FAILURE is received to the protocol do not trust it
+ blindly. Register a timeout to wait whether the remote closes
+ the connection as it should do it, only after that process the
+ actual failure. This was changed to both client and server.
+
+ * Added client_internal.h to include some of the structures
+ there instead of client.h in lib/silcclient/.
+
+ * Added function silc_task_unregister_by_callback to unregister
+ timeouts by the callback function.
+
+Sat Mar 3 19:15:43 EET 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+ * Some "Incomplete WHOIS info" errors has been appearing on the
+ log files. Took away the entry->userinfo check from WHOIS
+ reply sending. The entry->userinfo is now " " if client did not
+ provide one. I thought this was fixed earlier but something
+ is wrong still. Let's see if the error still appears.
+
+Wed Feb 28 20:56:29 EET 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+ * Fixed a minor bug in the login when the channel key is
+ re-generated in the server. It used to generate the key in
+ wrong order and thus caused problems in the channel traffic.
+
+ * Fixed a minor bug in channel key distsribution after
+ KICK command. The key was not sent to the router even though
+ it should've been.
+
+Tue Feb 27 20:24:25 EET 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+ * Added silc_ske_process_key_material_data as generic routine
+ to process any key material as the SILC protocol dictates. The
+ function is used by the actual SKE library but can be used by
+ applications as well. This relates to the private message keys
+ and the channel private keys since they must be processed the
+ same way the normal SILC session keys. The protocol dictates
+ this. Affected files: lib/silcske/silcske.[ch].
+
+ Added also silc_ske_free_key_material to free the
+ SilcSKEKeyMaterial structure.
+
+ * Defined silc_cipher_set_key function to set the key for
+ cipher without using the object's method function. The affected
+ files: lib/silccrypt/silccipher.[ch].
+
+ * Implemented silc silc_client_add_private_message_key,
+ silc_client_add_private_message_key_ske,
+ silc_client_del_private_message_key,
+ silc_client_list_private_message_keys and
+ silc_client_free_private_message_keys functions in the
+ client library.
+
+ Added functions silc_client_send_private_message_key to send
+ the Private Message Key payload and silc_client_private_message_key
+ to handle incoming Private Message Key payload.
+
+ * Added Cipher field to the Private Message Key payload to set
+ the cipher to be used. If ignored, the default cipher defined
+ in the SILC protocol (aes-256-cbc) is used.
+
+Tue Feb 27 13:30:52 EET 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+ * Removed lib/silcclient/ops.h file.
+
+ Redefined parts of the SILC Client Library API. Created new
+ file silcapi.h that deprecates the ops.h file and defines the
+ published Client Library API. Defined also private message key
+ API and channel private key API into the file.
+
+ This is the file that the application must include from the
+ SILC Client Library. Other files need not be included by
+ the application anymore.
+
+ * Added new key_agreement client operation callback and also
+ defined the Key Agreement library API for the application.
+
+Tue Feb 27 11:28:31 EET 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+ * Added new packet type: SILC_PACKET_KEY_AGREEMENT. This packet
+ is used by clients to request key negotiation between another
+ client in the SILC network. If the negotiation is started it
+ is performed using the SKE protocol. The result of the
+ negotiation, the secret key material, can be used for example
+ as private message key.
+
+ Implemented the Key Agreement payload into the files
+ lib/silccore/silauth.[ch].
+
+Mon Feb 26 12:13:58 EET 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+ * Redefined ciphers for the SILC protocol. Added some new ciphers
+ and defined the key lengths for the algorithms. Changed the
+ code accordingly. The default key length is now 256 bits.
+
+ * Fixed SKE key distribution function silc_ske_process_key_material
+ when the key length is more than 128 bits. The default key
+ length in SILC is now 256 bits.
+
+ * Added new command status type: SILC_STATUS_ERR_UNKOWN_ALGORITHM
+ to indicate unsupported algorithm.
+
+ * Renamed rijndael.c to aes.c and all functions as well.
+
+ * Fixed a long standing channel key setting bug in client library.
+ Weird that it has never surfaced before.
+
+ * Fixed bug in channel deletion. If the entire channel is removed
+ then it must also delete the references of the channel entry
+ from the client's channel list as the client's channel entry and
+ the channel's client entry share same memory.
+
+Sun Feb 25 20:47:29 EET 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+ * Implemented CONNECT and SHUTDOWN commands in the client.
+
+ * Implemented CLOSE command to the client.
+
+ * Added the function silc_idlist_find_server_by_name into the
+ files silcd/idlist.[ch].
+
+ Added the function silc_idlist_find_server_by_conn into the
+ files silcd/idlist.[ch].
+
+Sat Feb 24 23:45:49 EET 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+ * DIE command was renamed to SHUTDOWN. Updated the both code
+ and protocol specs.
+
+ * Defined SILC_UMODE_NONE, SILC_UMODE_SERVER_OPERATOR and
+ SILC_UMODE_ROUTER_OPERATOR modes into lib/silccore/silcmode.h.
+
+ * Implemented CONNECT, CLOSE and SHUTDOWN commands to the server
+ side.
+
+ * Added function silc_server_create_connection function to create
+ connection to remote router. My server implementation actually
+ does not allow router to connect to normal server (it expects
+ that normal server always initiates the connection to the router)
+ so the CONNECT command is only good for connecting to another
+ router.
+
+Sat Feb 24 16:03:45 EET 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+ * Added SILC_NOTIFY_TYPE_KICKED to indicate that the client
+ or some other client was kicked from the channel.
+
+ Implemented the handling of the notify type to both client
+ and server.
+
+ Implemented silc_server_send_notify_kicked to send the KICKED
+ notify. It is used to send it to the server's primary router.
+
+ * Implemented the KICK command into server and client.
+
+ * Added `query' argument to the silc_idlist_get_client function
+ to indicate whether to query the client from server or not if
+ it was not found.
+
+ * Added new command status type SILC_STATUS_ERR_NO_CHANNEL_FOPRIV
+ to indicate that the client is not channel founder.
+
+ * Updated TODO.
+
Sat Feb 24 00:00:55 EET 2001 Pekka Riikonen <priikone@poseidon.pspt.fi>
* Removed the rng context from SilcPacketContext structure and