{
SilcUInt32 r_software_version = 0;
char *r_software_string = NULL;
- SilcBool src_set = FALSE;
if (!ske->remote_version || !ske->version)
return SILC_SKE_STATUS_BAD_VERSION;
&r_software_string, NULL))
return SILC_SKE_STATUS_BAD_VERSION;
- /* Backwards compatibility checks */
-
- /* Old server versions requires "valid" looking Source ID in the SILC
- packets during initial key exchange. All version before 1.1.0. */
- silc_packet_get_ids(ske->stream, &src_set, NULL, NULL, NULL);
- if (!src_set && !ske->responder && r_software_string &&
- r_software_version < 110) {
- SILC_LOG_DEBUG(("Remote is old version, add dummy Source ID to packets"));
-
- if (strstr(r_software_string, "server")) {
- SilcServerID sid;
- memset(&sid, 0, sizeof(sid));
- sid.ip.data_len = 4;
- silc_packet_set_ids(ske->stream, SILC_ID_SERVER, &sid, 0, NULL);
- }
-
- if (strstr(r_software_string, "client")) {
- SilcClientID cid;
- memset(&cid, 0, sizeof(cid));
- cid.ip.data_len = 4;
- silc_packet_set_ids(ske->stream, SILC_ID_CLIENT, &cid, 0, NULL);
- }
- }
-
return SILC_SKE_STATUS_OK;
}
SilcSKE ske = fsm_context;
SilcUInt32 error = SILC_SKE_STATUS_ERROR;
- SILC_LOG_DEBUG(("Error %s (%d) received during key exchange",
- silc_ske_map_status(ske->status), ske->status));
-
if (ske->packet && silc_buffer_len(&ske->packet->buffer) == 4) {
SILC_GET32_MSB(error, ske->packet->buffer.data);
ske->status = error;
ske->packet = NULL;
}
+ SILC_LOG_DEBUG(("Error %s (%d) received during key exchange",
+ silc_ske_map_status(ske->status), ske->status));
+
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
SilcSKEStatus status;
SilcSKEStartPayload remote_payload = NULL;
SilcBuffer packet_buf = &ske->packet->buffer;
+ SilcID id;
SILC_LOG_DEBUG(("Start"));
return SILC_FSM_CONTINUE;
}
+ /* Get remote ID and set it to stream */
+ if (ske->packet->src_id_len) {
+ silc_id_str2id(ske->packet->src_id, ske->packet->src_id_len,
+ ske->packet->src_id_type,
+ (ske->packet->src_id_type == SILC_ID_SERVER ?
+ (void *)&id.u.server_id : (void *)&id.u.client_id),
+ (ske->packet->src_id_type == SILC_ID_SERVER ?
+ sizeof(id.u.server_id) : sizeof(id.u.client_id)));
+ silc_packet_set_ids(ske->stream, 0, NULL, ske->packet->src_id_type,
+ (ske->packet->src_id_type == SILC_ID_SERVER ?
+ (void *)&id.u.server_id : (void *)&id.u.client_id));
+ }
+
/* Take a copy of the payload buffer for future use. It is used to
compute the HASH value. */
ske->start_payload_copy = silc_buffer_copy(packet_buf);
&hmac_send, NULL, NULL)) {
/** Cannot get keys */
ske->status = SILC_SKE_STATUS_ERROR;
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
return SILC_FSM_CONTINUE;
}
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
+
/* Set the new keys into use. This will also send REKEY_DONE packet. Any
packet sent after this call will be protected with the new keys. */
if (!silc_packet_set_keys(ske->stream, send_key, NULL, hmac_send, NULL,
/** Cannot set keys */
SILC_LOG_DEBUG(("Cannot set new keys, error sending REKEY_DONE"));
ske->status = SILC_SKE_STATUS_ERROR;
+ silc_cipher_free(send_key);
+ silc_hmac_free(hmac_send);
silc_fsm_next(fsm, silc_ske_st_initiator_error);
return SILC_FSM_CONTINUE;
}
NULL, &hmac_receive, NULL)) {
/** Cannot get keys */
ske->status = SILC_SKE_STATUS_ERROR;
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
return SILC_FSM_CONTINUE;
}
/** Cannot set keys */
SILC_LOG_DEBUG(("Cannot set new keys"));
ske->status = SILC_SKE_STATUS_ERROR;
+ silc_cipher_free(receive_key);
+ silc_hmac_free(hmac_receive);
silc_fsm_next(fsm, silc_ske_st_initiator_error);
return SILC_FSM_CONTINUE;
}
if (!rekey) {
/** No memory */
ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
return SILC_FSM_CONTINUE;
}
silc_schedule_task_add_timeout(ske->schedule, silc_ske_timeout,
ske, 30, 0);
-
silc_fsm_next(fsm, silc_ske_st_rekey_responder_start);
/* If REKEY packet already received process it directly */
&hmac_send, NULL, NULL)) {
/** Cannot get keys */
ske->status = SILC_SKE_STATUS_ERROR;
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
silc_fsm_next(fsm, silc_ske_st_responder_error);
return SILC_FSM_CONTINUE;
}
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
+
/* Set the new keys into use. This will also send REKEY_DONE packet. Any
packet sent after this call will be protected with the new keys. */
if (!silc_packet_set_keys(ske->stream, send_key, NULL, hmac_send, NULL,
/** Cannot set keys */
SILC_LOG_DEBUG(("Cannot set new keys, error sending REKEY_DONE"));
ske->status = SILC_SKE_STATUS_ERROR;
+ silc_cipher_free(send_key);
+ silc_hmac_free(hmac_send);
silc_fsm_next(fsm, silc_ske_st_responder_error);
return SILC_FSM_CONTINUE;
}
NULL, &hmac_receive, NULL)) {
/** Cannot get keys */
ske->status = SILC_SKE_STATUS_ERROR;
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
silc_fsm_next(fsm, silc_ske_st_responder_error);
return SILC_FSM_CONTINUE;
}
/** Cannot set keys */
SILC_LOG_DEBUG(("Cannot set new keys"));
ske->status = SILC_SKE_STATUS_ERROR;
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
+ silc_cipher_free(receive_key);
+ silc_hmac_free(hmac_receive);
silc_fsm_next(fsm, silc_ske_st_responder_error);
return SILC_FSM_CONTINUE;
}
if (!rekey) {
/** No memory */
ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
silc_fsm_next(fsm, silc_ske_st_responder_error);
return SILC_FSM_CONTINUE;
}