From 4ef701725a4bcc06d5ef2db2d6a532d43ab9f832 Mon Sep 17 00:00:00 2001 From: Pekka Riikonen Date: Thu, 12 Apr 2001 22:00:21 +0000 Subject: [PATCH] updates. --- CHANGES | 11 ++++ apps/silc/silc.c | 8 --- apps/silcd/idlist.c | 26 ++++++---- apps/silcd/idlist.h | 3 +- apps/silcd/packet_receive.c | 12 ++--- apps/silcd/packet_send.c | 32 +++++++----- apps/silcd/protocol.c | 100 +++++++++++++++++++++++++----------- apps/silcd/protocol.h | 5 -- apps/silcd/server.c | 34 ++++++------ lib/silcclient/client.c | 26 ++++++---- 10 files changed, 157 insertions(+), 100 deletions(-) diff --git a/CHANGES b/CHANGES index 13b650f7..4f4c38f5 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,14 @@ +Fri Apr 13 00:09:08 EEST 2001 Pekka Riikonen + + * Ok, rewrote the logic of the re-key and now it seems to work. + I tested it on high traffic with frequent re-keys without + problems. Added hmac_receive (and renamed hmac to hmac_send) + in SilcClientConnection in lib/silcclient/client.h and + in SilcIDListData in silcd/idlist.h. Also, removed the + SilcPacketParserContext's cipher and hmac fields as they are + not needed anymore and actually caused some problems when + the ciphers and hmac's changed underneath the packet parser. + Thu Apr 12 14:42:51 EEST 2001 Pekka Riikonen * If re-key protocol is active then process the incoming packets diff --git a/apps/silc/silc.c b/apps/silc/silc.c index f4a188d6..0ff3e1ed 100644 --- a/apps/silc/silc.c +++ b/apps/silc/silc.c @@ -577,13 +577,6 @@ static void silc_client_process_message(SilcClientInternal app) (*cmd->cb)(ctx); } else { - if (app->conn->current_channel) - silc_client_send_channel_message(app->client, - app->conn, - app->conn->current_channel, NULL, - 0, "HALOO", 5, TRUE); - -#if 0 /* Normal message to a channel */ if (len && app->conn && app->conn->current_channel && app->conn->current_channel->on_channel == TRUE) { @@ -593,7 +586,6 @@ static void silc_client_process_message(SilcClientInternal app) app->conn->current_channel, NULL, 0, data, strlen(data), TRUE); } -#endif } out: diff --git a/apps/silcd/idlist.c b/apps/silcd/idlist.c index eba17160..6785ab45 100644 --- a/apps/silcd/idlist.c +++ b/apps/silcd/idlist.c @@ -36,11 +36,10 @@ void silc_idlist_add_data(void *entry, SilcIDListData idata) SilcIDListData data = (SilcIDListData)entry; data->send_key = idata->send_key; data->receive_key = idata->receive_key; - data->send_enc_key = idata->send_enc_key; - data->enc_key_len = idata->enc_key_len; - data->pfs = idata->pfs; + data->rekey = idata->rekey; data->hash = idata->hash; - data->hmac = idata->hmac; + data->hmac_send = idata->hmac_send; + data->hmac_receive = idata->hmac_receive; data->public_key = idata->public_key; data->last_receive = idata->last_receive; data->last_sent = idata->last_sent; @@ -56,12 +55,15 @@ void silc_idlist_del_data(void *entry) silc_cipher_free(idata->send_key); if (idata->receive_key) silc_cipher_free(idata->receive_key); - if (idata->send_enc_key) { - memset(idata->send_enc_key, 0, idata->enc_key_len); - silc_free(idata->send_enc_key); + if (idata->rekey) { + if (idata->rekey->send_enc_key) { + memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len); + silc_free(idata->rekey->send_enc_key); + } + silc_free(idata->rekey); } - if (idata->hmac) - silc_hmac_free(idata->hmac); + if (idata->hmac_send) /* Same as idata->hmac_receive */ + silc_hmac_free(idata->hmac_send); if (idata->public_key) silc_pkcs_public_key_free(idata->public_key); } @@ -251,6 +253,8 @@ silc_idlist_replace_server_id(SilcIDList id_list, SilcServerID *old_id, int silc_idlist_del_server(SilcIDList id_list, SilcServerEntry entry) { + SILC_LOG_DEBUG(("Start")); + if (entry) { /* Remove from cache */ if (entry->id) @@ -322,6 +326,8 @@ silc_idlist_add_client(SilcIDList id_list, unsigned char *nickname, int silc_idlist_del_client(SilcIDList id_list, SilcClientEntry entry) { + SILC_LOG_DEBUG(("Start")); + if (entry) { /* Remove from cache */ if (entry->id) @@ -610,6 +616,8 @@ silc_idlist_add_channel(SilcIDList id_list, char *channel_name, int mode, int silc_idlist_del_channel(SilcIDList id_list, SilcChannelEntry entry) { + SILC_LOG_DEBUG(("Start")); + if (entry) { SilcChannelClientEntry chl; diff --git a/apps/silcd/idlist.h b/apps/silcd/idlist.h index b55820a1..6c5d79e7 100644 --- a/apps/silcd/idlist.h +++ b/apps/silcd/idlist.h @@ -77,7 +77,8 @@ typedef struct { SilcHash hash; /* HMAC */ - SilcHmac hmac; + SilcHmac hmac_send; + SilcHmac hmac_receive; /* Public key */ SilcPublicKey public_key; diff --git a/apps/silcd/packet_receive.c b/apps/silcd/packet_receive.c index c5ed42a8..88723cd3 100644 --- a/apps/silcd/packet_receive.c +++ b/apps/silcd/packet_receive.c @@ -70,7 +70,7 @@ void silc_server_notify(SilcServer server, if (dst_sock) /* Relay the packet */ silc_server_relay_packet(server, dst_sock, idata->send_key, - idata->hmac, packet, TRUE); + idata->hmac_receive, packet, TRUE); } /* If we are router and this packet is not already broadcast packet @@ -1037,7 +1037,7 @@ void silc_server_private_message(SilcServer server, /* Send the private message */ silc_server_send_private_message(server, dst_sock, idata->send_key, - idata->hmac, packet); + idata->hmac_send, packet); } /* Received private message key packet.. This packet is never for us. It is to @@ -1069,7 +1069,7 @@ void silc_server_private_message_key(SilcServer server, /* Relay the packet */ silc_server_relay_packet(server, dst_sock, idata->send_key, - idata->hmac, packet, FALSE); + idata->hmac_send, packet, FALSE); } /* Processes incoming command reply packet. The command reply packet may @@ -1133,7 +1133,7 @@ void silc_server_command_reply(SilcServer server, idata = (SilcIDListData)client; /* Encrypt packet */ - silc_packet_encrypt(idata->send_key, idata->hmac, dst_sock->outbuf, + silc_packet_encrypt(idata->send_key, idata->hmac_send, dst_sock->outbuf, buffer->len); /* Send the packet */ @@ -1977,7 +1977,7 @@ void silc_server_key_agreement(SilcServer server, /* Relay the packet */ silc_server_relay_packet(server, dst_sock, idata->send_key, - idata->hmac, packet, FALSE); + idata->hmac_send, packet, FALSE); } /* Received connection auth request packet that is used during connection @@ -2060,5 +2060,5 @@ void silc_server_rekey(SilcServer server, if (proto_ctx->pfs == FALSE) /* Run the protocol */ - protocol->execute(server->timeout_queue, 0, protocol, sock->sock, 0, 1); + protocol->execute(server->timeout_queue, 0, protocol, sock->sock, 0, 0); } diff --git a/apps/silcd/packet_send.c b/apps/silcd/packet_send.c index a08c5eb0..c64ef04b 100644 --- a/apps/silcd/packet_send.c +++ b/apps/silcd/packet_send.c @@ -166,7 +166,7 @@ void silc_server_packet_send_dest(SilcServer server, if (idata) { cipher = idata->send_key; - hmac = idata->hmac; + hmac = idata->hmac_send; } /* Encrypt the packet */ @@ -262,7 +262,7 @@ void silc_server_packet_send_srcdest(SilcServer server, if (idata) { cipher = idata->send_key; - hmac = idata->hmac; + hmac = idata->hmac_send; } /* Encrypt the packet */ @@ -304,7 +304,7 @@ void silc_server_packet_broadcast(SilcServer server, silc_buffer_push(buffer, buffer->data - buffer->head); silc_packet_send_prepare(sock, 0, 0, buffer->len); silc_buffer_put(sock->outbuf, buffer->data, buffer->len); - silc_packet_encrypt(idata->send_key, idata->hmac, + silc_packet_encrypt(idata->send_key, idata->hmac_send, sock->outbuf, sock->outbuf->len); SILC_LOG_HEXDUMP(("Broadcasted packet, len %d", sock->outbuf->len), @@ -338,7 +338,7 @@ void silc_server_packet_route(SilcServer server, silc_buffer_push(buffer, buffer->data - buffer->head); silc_packet_send_prepare(sock, 0, 0, buffer->len); silc_buffer_put(sock->outbuf, buffer->data, buffer->len); - silc_packet_encrypt(idata->send_key, idata->hmac, + silc_packet_encrypt(idata->send_key, idata->hmac_send, sock->outbuf, sock->outbuf->len); SILC_LOG_HEXDUMP(("Routed packet, len %d", sock->outbuf->len), @@ -455,7 +455,8 @@ void silc_server_packet_send_to_channel(SilcServer server, SILC_LOG_DEBUG(("Sending channel message to router for routing")); silc_server_packet_send_to_channel_real(server, sock, &packetdata, - idata->send_key, idata->hmac, + idata->send_key, + idata->hmac_send, data, data_len, FALSE, force_send); } @@ -489,7 +490,8 @@ void silc_server_packet_send_to_channel(SilcServer server, /* Send the packet */ silc_server_packet_send_to_channel_real(server, sock, &packetdata, - idata->send_key, idata->hmac, + idata->send_key, + idata->hmac_send, data, data_len, FALSE, force_send); @@ -518,7 +520,8 @@ void silc_server_packet_send_to_channel(SilcServer server, /* Send the packet */ silc_server_packet_send_to_channel_real(server, sock, &packetdata, - idata->send_key, idata->hmac, + idata->send_key, + idata->hmac_send, data, data_len, FALSE, force_send); } @@ -590,7 +593,8 @@ void silc_server_packet_relay_to_channel(SilcServer server, SILC_LOG_DEBUG(("Sending channel message to router for routing")); silc_server_packet_send_to_channel_real(server, sock, &packetdata, - idata->send_key, idata->hmac, + idata->send_key, + idata->hmac_send, data, data_len, TRUE, force_send); } @@ -692,7 +696,8 @@ void silc_server_packet_relay_to_channel(SilcServer server, /* Send the packet (to normal server) */ silc_server_packet_send_to_channel_real(server, sock, &packetdata, - idata->send_key, idata->hmac, + idata->send_key, + idata->hmac_send, data, data_len, TRUE, force_send); @@ -715,7 +720,8 @@ void silc_server_packet_relay_to_channel(SilcServer server, /* Send the packet */ silc_server_packet_send_to_channel_real(server, sock, &packetdata, - idata->send_key, idata->hmac, + idata->send_key, + idata->hmac_send, data, data_len, TRUE, force_send); } @@ -1327,7 +1333,8 @@ void silc_server_send_notify_on_channels(SilcServer server, /* Send the packet */ silc_server_packet_send_to_channel_real(server, sock, &packetdata, - idata->send_key, idata->hmac, + idata->send_key, + idata->hmac_send, data, data_len, FALSE, force_send); @@ -1362,7 +1369,8 @@ void silc_server_send_notify_on_channels(SilcServer server, /* Send the packet */ silc_server_packet_send_to_channel_real(server, sock, &packetdata, - idata->send_key, idata->hmac, + idata->send_key, + idata->hmac_send, data, data_len, FALSE, force_send); diff --git a/apps/silcd/protocol.c b/apps/silcd/protocol.c index aef7267c..de03c8aa 100644 --- a/apps/silcd/protocol.c +++ b/apps/silcd/protocol.c @@ -124,14 +124,15 @@ int silc_server_protocol_ke_set_keys(SilcSKE ske, } /* Save HMAC key to be used in the communication. */ - if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac)) { + if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac_send)) { silc_cipher_free(idata->send_key); silc_cipher_free(idata->receive_key); silc_hash_free(idata->hash); silc_free(conn_data); return FALSE; } - silc_hmac_set_key(idata->hmac, keymat->hmac_key, keymat->hmac_key_len); + silc_hmac_set_key(idata->hmac_send, keymat->hmac_key, keymat->hmac_key_len); + idata->hmac_receive = idata->hmac_send; sock->user_data = (void *)conn_data; @@ -1005,49 +1006,67 @@ static void silc_server_protocol_rekey_validate(SilcServer server, SilcServerRekeyInternalContext *ctx, SilcIDListData idata, - SilcSKEKeyMaterial *keymat) + SilcSKEKeyMaterial *keymat, + bool send) { if (ctx->responder == TRUE) { - silc_cipher_set_key(idata->send_key, keymat->receive_enc_key, - keymat->enc_key_len); - silc_cipher_set_iv(idata->send_key, keymat->receive_iv); - silc_cipher_set_key(idata->receive_key, keymat->send_enc_key, - keymat->enc_key_len); - silc_cipher_set_iv(idata->receive_key, keymat->send_iv); + if (send) { + silc_cipher_set_key(idata->send_key, keymat->receive_enc_key, + keymat->enc_key_len); + silc_cipher_set_iv(idata->send_key, keymat->receive_iv); + } else { + silc_cipher_set_key(idata->receive_key, keymat->send_enc_key, + keymat->enc_key_len); + silc_cipher_set_iv(idata->receive_key, keymat->send_iv); + } } else { - silc_cipher_set_key(idata->send_key, keymat->send_enc_key, - keymat->enc_key_len); - silc_cipher_set_iv(idata->send_key, keymat->send_iv); - silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key, - keymat->enc_key_len); - silc_cipher_set_iv(idata->receive_key, keymat->receive_iv); + if (send) { + silc_cipher_set_key(idata->send_key, keymat->send_enc_key, + keymat->enc_key_len); + silc_cipher_set_iv(idata->send_key, keymat->send_iv); + } else { + silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key, + keymat->enc_key_len); + silc_cipher_set_iv(idata->receive_key, keymat->receive_iv); + } } - silc_hmac_set_key(idata->hmac, keymat->hmac_key, keymat->hmac_key_len); + if (send) { + silc_hmac_alloc(idata->hmac_send->hmac->name, NULL, &idata->hmac_send); + silc_hmac_set_key(idata->hmac_send, keymat->hmac_key, + keymat->hmac_key_len); + } else { + silc_hmac_free(idata->hmac_receive); + idata->hmac_receive = idata->hmac_send; + } /* Save the current sending encryption key */ - memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len); - silc_free(idata->rekey->send_enc_key); - idata->rekey->send_enc_key = - silc_calloc(keymat->enc_key_len / 8, - sizeof(*idata->rekey->send_enc_key)); - memcpy(idata->rekey->send_enc_key, keymat->send_enc_key, - keymat->enc_key_len / 8); - idata->rekey->enc_key_len = keymat->enc_key_len / 8; + if (!send) { + memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len); + silc_free(idata->rekey->send_enc_key); + idata->rekey->send_enc_key = + silc_calloc(keymat->enc_key_len / 8, + sizeof(*idata->rekey->send_enc_key)); + memcpy(idata->rekey->send_enc_key, keymat->send_enc_key, + keymat->enc_key_len / 8); + idata->rekey->enc_key_len = keymat->enc_key_len / 8; + } } /* This function actually re-generates (when not using PFS) the keys and takes them into use. */ void silc_server_protocol_rekey_generate(SilcServer server, - SilcServerRekeyInternalContext *ctx) + SilcServerRekeyInternalContext *ctx, + bool send) { SilcIDListData idata = (SilcIDListData)ctx->sock->user_data; SilcSKEKeyMaterial *keymat; uint32 key_len = silc_cipher_get_key_len(idata->send_key); uint32 hash_len = idata->hash->hash->hash_len; - SILC_LOG_DEBUG(("Generating new session keys (no PFS)")); + SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)", + send ? "sending" : "receiving")); /* Generate the new key */ keymat = silc_calloc(1, sizeof(*keymat)); @@ -1057,7 +1076,7 @@ void silc_server_protocol_rekey_generate(SilcServer server, idata->hash, keymat); /* Set the keys into use */ - silc_server_protocol_rekey_validate(server, ctx, idata, keymat); + silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send); silc_ske_free_key_material(keymat); } @@ -1067,7 +1086,8 @@ void silc_server_protocol_rekey_generate(SilcServer server, void silc_server_protocol_rekey_generate_pfs(SilcServer server, - SilcServerRekeyInternalContext *ctx) + SilcServerRekeyInternalContext *ctx, + bool send) { SilcIDListData idata = (SilcIDListData)ctx->sock->user_data; SilcSKEKeyMaterial *keymat; @@ -1076,7 +1096,8 @@ silc_server_protocol_rekey_generate_pfs(SilcServer server, unsigned char *tmpbuf; uint32 klen; - SILC_LOG_DEBUG(("Generating new session keys (with PFS)")); + SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)", + send ? "sending" : "receiving")); /* Encode KEY to binary data */ tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen); @@ -1087,7 +1108,7 @@ silc_server_protocol_rekey_generate_pfs(SilcServer server, idata->hash, keymat); /* Set the keys into use */ - silc_server_protocol_rekey_validate(server, ctx, idata, keymat); + silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send); memset(tmpbuf, 0, klen); silc_free(tmpbuf); @@ -1186,6 +1207,11 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey) silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE, 0, NULL, 0, FALSE); + /* After we send REKEY_DONE we must set the sending encryption + key to the new key since all packets after this packet must + encrypted with the new key. */ + silc_server_protocol_rekey_generate(server, ctx, TRUE); + /* The protocol ends in next stage. */ protocol->state = SILC_PROTOCOL_STATE_END; } @@ -1237,6 +1263,11 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey) silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE, 0, NULL, 0, FALSE); + /* After we send REKEY_DONE we must set the sending encryption + key to the new key since all packets after this packet must + encrypted with the new key. */ + silc_server_protocol_rekey_generate(server, ctx, TRUE); + /* The protocol ends in next stage. */ protocol->state = SILC_PROTOCOL_STATE_END; } @@ -1301,6 +1332,11 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey) silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE, 0, NULL, 0, FALSE); + /* After we send REKEY_DONE we must set the sending encryption + key to the new key since all packets after this packet must + encrypted with the new key. */ + silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE); + /* The protocol ends in next stage. */ protocol->state = SILC_PROTOCOL_STATE_END; break; @@ -1316,6 +1352,10 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey) protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0); } + /* We received the REKEY_DONE packet and all packets after this is + encrypted with the new key so set the decryption key to the new key */ + silc_server_protocol_rekey_generate(server, ctx, FALSE); + /* Protocol has ended, call the final callback */ if (protocol->final_callback) protocol->execute_final(server->timeout_queue, 0, protocol, fd); diff --git a/apps/silcd/protocol.h b/apps/silcd/protocol.h index c309aabc..99f2e720 100644 --- a/apps/silcd/protocol.h +++ b/apps/silcd/protocol.h @@ -104,10 +104,5 @@ int silc_server_protocol_ke_set_keys(SilcSKE ske, SilcHmac hmac, SilcSKEDiffieHellmanGroup group, bool is_responder); -void silc_server_protocol_rekey_generate(SilcServer server, - SilcServerRekeyInternalContext *ctx); -void -silc_server_protocol_rekey_generate_pfs(SilcServer server, - SilcServerRekeyInternalContext *ctx); #endif diff --git a/apps/silcd/server.c b/apps/silcd/server.c index aea2f4c6..4ebe22b6 100644 --- a/apps/silcd/server.c +++ b/apps/silcd/server.c @@ -884,12 +884,12 @@ SILC_TASK_CALLBACK(silc_server_connect_to_router_final) timeout!! */ hb_context = silc_calloc(1, sizeof(*hb_context)); hb_context->server = server; - silc_socket_set_heartbeat(sock, 30, hb_context, + silc_socket_set_heartbeat(sock, 600, hb_context, silc_server_perform_heartbeat, server->timeout_queue); /* Register re-key timeout */ - idata->rekey->timeout = 60; /* XXX hardcoded */ + idata->rekey->timeout = 3600; /* XXX hardcoded */ idata->rekey->context = (void *)server; silc_task_register(server->timeout_queue, sock->sock, silc_server_rekey_callback, @@ -1259,7 +1259,7 @@ SILC_TASK_CALLBACK(silc_server_accept_new_connection_final) timeout!! */ hb_context = silc_calloc(1, sizeof(*hb_context)); hb_context->server = server; - silc_socket_set_heartbeat(sock, 30, hb_context, + silc_socket_set_heartbeat(sock, 600, hb_context, silc_server_perform_heartbeat, server->timeout_queue); @@ -1380,7 +1380,7 @@ SILC_TASK_CALLBACK(silc_server_packet_process) if (idata) { idata->last_receive = time(NULL); cipher = idata->receive_key; - hmac = idata->hmac; + hmac = idata->hmac_receive; } /* Process the packet. This will call the parser that will then @@ -1431,12 +1431,14 @@ SILC_TASK_CALLBACK(silc_server_packet_parse_real) SilcServer server = (SilcServer)parse_ctx->context; SilcSocketConnection sock = parse_ctx->sock; SilcPacketContext *packet = parse_ctx->packet; + SilcIDListData idata = (SilcIDListData)sock->user_data; int ret; SILC_LOG_DEBUG(("Start")); /* Decrypt the received packet */ - ret = silc_packet_decrypt(parse_ctx->cipher, parse_ctx->hmac, + ret = silc_packet_decrypt(idata ? idata->receive_key : NULL, + idata ? idata->hmac_receive : NULL, packet->buffer, packet, silc_server_packet_decrypt_check, parse_ctx); if (ret < 0) @@ -1760,7 +1762,7 @@ void silc_server_packet_parse_type(SilcServer server, /* Let the protocol handle the packet */ sock->protocol->execute(server->timeout_queue, 0, - sock->protocol, sock->sock, 0, 1); + sock->protocol, sock->sock, 0, 0); } else { SilcServerKEInternalContext *proto_ctx = (SilcServerKEInternalContext *)sock->protocol->context; @@ -1806,7 +1808,7 @@ void silc_server_packet_parse_type(SilcServer server, /* Let the protocol handle the packet */ sock->protocol->execute(server->timeout_queue, 0, - sock->protocol, sock->sock, 0, 1); + sock->protocol, sock->sock, 0, 0); } else { SilcServerKEInternalContext *proto_ctx = (SilcServerKEInternalContext *)sock->protocol->context; @@ -1972,14 +1974,8 @@ void silc_server_packet_parse_type(SilcServer server, proto_ctx->packet = silc_packet_context_dup(packet); /* Let the protocol handle the packet */ - if (proto_ctx->responder == FALSE) - sock->protocol->execute(server->timeout_queue, 0, - sock->protocol, sock->sock, - 0, 0); - else - sock->protocol->execute(server->timeout_queue, 0, - sock->protocol, sock->sock, - 0, 100000); + sock->protocol->execute(server->timeout_queue, 0, + sock->protocol, sock->sock, 0, 0); } else { SILC_LOG_ERROR(("Received Re-key done packet but no re-key " "protocol active, packet dropped.")); @@ -2832,7 +2828,7 @@ SILC_TASK_CALLBACK(silc_server_channel_key_rekey) silc_task_register(server->timeout_queue, 0, silc_server_channel_key_rekey, - (void *)rekey, 30, 0, + (void *)rekey, 3600, 0, SILC_TASK_TIMEOUT, SILC_TASK_PRI_NORMAL); } @@ -2903,7 +2899,7 @@ void silc_server_create_channel_key(SilcServer server, silc_server_channel_key_rekey); silc_task_register(server->timeout_queue, 0, silc_server_channel_key_rekey, - (void *)channel->rekey, 30, 0, + (void *)channel->rekey, 3600, 0, SILC_TASK_TIMEOUT, SILC_TASK_PRI_NORMAL); } @@ -3008,7 +3004,7 @@ SilcChannelEntry silc_server_save_channel_key(SilcServer server, silc_server_channel_key_rekey); silc_task_register(server->timeout_queue, 0, silc_server_channel_key_rekey, - (void *)channel->rekey, 30, 0, + (void *)channel->rekey, 3600, 0, SILC_TASK_TIMEOUT, SILC_TASK_PRI_NORMAL); } @@ -3700,11 +3696,13 @@ SILC_TASK_CALLBACK_GLOBAL(silc_server_rekey_final) return; } +#if 0 /* Take the keys into use */ if (ctx->pfs == TRUE) silc_server_protocol_rekey_generate_pfs(server, ctx); else silc_server_protocol_rekey_generate(server, ctx); +#endif /* Cleanup */ silc_protocol_free(protocol); diff --git a/lib/silcclient/client.c b/lib/silcclient/client.c index bf7e71f7..04790cdb 100644 --- a/lib/silcclient/client.c +++ b/lib/silcclient/client.c @@ -557,7 +557,7 @@ SILC_TASK_CALLBACK(silc_client_connect_to_server_final) conn->remote_id_data_len = SILC_ID_SERVER_LEN; /* Register re-key timeout */ - conn->rekey->timeout = 30; /* XXX hardcoded */ + conn->rekey->timeout = 3600; /* XXX hardcoded */ conn->rekey->context = (void *)client; silc_task_register(client->timeout_queue, conn->sock->sock, silc_client_rekey_callback, @@ -636,7 +636,7 @@ SILC_TASK_CALLBACK_GLOBAL(silc_client_packet_process) silc_buffer_push(sock->outbuf, sock->outbuf->data - sock->outbuf->head); - ret = silc_client_packet_send_real(client, sock, TRUE, FALSE); + ret = silc_client_packet_send_real(client, sock, TRUE, TRUE); /* If returned -2 could not write to connection now, will do it later. */ @@ -686,7 +686,7 @@ SILC_TASK_CALLBACK_GLOBAL(silc_client_packet_process) /* Process the packet. This will call the parser that will then decrypt and parse the packet. */ if (sock->type != SILC_SOCKET_TYPE_UNKNOWN) - silc_packet_receive_process(sock, conn->receive_key, conn->hmac, + silc_packet_receive_process(sock, conn->receive_key, conn->hmac_receive, silc_client_packet_parse, client); else silc_packet_receive_process(sock, NULL, NULL, @@ -738,7 +738,8 @@ SILC_TASK_CALLBACK(silc_client_packet_parse_real) /* Decrypt the received packet */ if (sock->type != SILC_SOCKET_TYPE_UNKNOWN) - ret = silc_packet_decrypt(conn->receive_key, conn->hmac, buffer, packet, + ret = silc_packet_decrypt(conn->receive_key, conn->hmac_receive, + buffer, packet, silc_client_packet_decrypt_check, parse_ctx); else ret = silc_packet_decrypt(NULL, NULL, buffer, packet, @@ -1085,8 +1086,8 @@ void silc_client_packet_send(SilcClient client, if (!cipher && ((SilcClientConnection)sock->user_data)->send_key) cipher = ((SilcClientConnection)sock->user_data)->send_key; - if (!hmac && ((SilcClientConnection)sock->user_data)->hmac) - hmac = ((SilcClientConnection)sock->user_data)->hmac; + if (!hmac && ((SilcClientConnection)sock->user_data)->hmac_send) + hmac = ((SilcClientConnection)sock->user_data)->hmac_send; if (!dst_id && ((SilcClientConnection)sock->user_data)->remote_id) { dst_id = ((SilcClientConnection)sock->user_data)->remote_id; @@ -1182,8 +1183,8 @@ void silc_client_packet_send_flush(SilcClient client, if (!cipher && ((SilcClientConnection)sock->user_data)->send_key) cipher = ((SilcClientConnection)sock->user_data)->send_key; - if (!hmac && ((SilcClientConnection)sock->user_data)->hmac) - hmac = ((SilcClientConnection)sock->user_data)->hmac; + if (!hmac && ((SilcClientConnection)sock->user_data)->hmac_send) + hmac = ((SilcClientConnection)sock->user_data)->hmac_send; if (!dst_id && ((SilcClientConnection)sock->user_data)->remote_id) { dst_id = ((SilcClientConnection)sock->user_data)->remote_id; @@ -1295,8 +1296,8 @@ void silc_client_close_connection(SilcClient client, silc_cipher_free(conn->send_key); if (conn->receive_key) silc_cipher_free(conn->receive_key); - if (conn->hmac) - silc_hmac_free(conn->hmac); + if (conn->hmac_send) /* conn->hmac_receive is same */ + silc_hmac_free(conn->hmac_send); if (conn->pending_commands) silc_dlist_uninit(conn->pending_commands); if (conn->rekey) @@ -1307,7 +1308,8 @@ void silc_client_close_connection(SilcClient client, conn->remote_type = 0; conn->send_key = NULL; conn->receive_key = NULL; - conn->hmac = NULL; + conn->hmac_send = NULL; + conn->hmac_receive = NULL; conn->local_id = NULL; conn->local_id_data = NULL; conn->remote_host = NULL; @@ -1737,11 +1739,13 @@ SILC_TASK_CALLBACK(silc_client_rekey_final) return; } +#if 0 /* Take the keys into use */ if (ctx->pfs == TRUE) silc_client_protocol_rekey_generate_pfs(client, ctx); else silc_client_protocol_rekey_generate(client, ctx); +#endif /* Cleanup */ silc_protocol_free(protocol); -- 2.24.0