From 73dc785a54dd2f8066709480da536ae890739d6f Mon Sep 17 00:00:00 2001 From: Pekka Riikonen Date: Fri, 7 Jul 2000 06:55:59 +0000 Subject: [PATCH] Added SILC style public key support and made server to use it at all time. --- apps/silcd/protocol.c | 22 +++------ apps/silcd/server.c | 95 +++++++++++++++++++----------------- apps/silcd/server_internal.h | 4 +- apps/silcd/testi.conf | 1 - 4 files changed, 60 insertions(+), 62 deletions(-) diff --git a/apps/silcd/protocol.c b/apps/silcd/protocol.c index 44737ca2..fb5ac5b6 100644 --- a/apps/silcd/protocol.c +++ b/apps/silcd/protocol.c @@ -23,6 +23,10 @@ /* * $Id$ * $Log$ + * Revision 1.4 2000/07/07 06:55:59 priikone + * Added SILC style public key support and made server to use + * it at all time. + * * Revision 1.3 2000/07/06 07:15:31 priikone * Cleaner code fro password and public key authentication. * Deprecated old `channel_auth' protocol. @@ -290,34 +294,20 @@ SILC_TASK_CALLBACK(silc_server_protocol_key_exchange) * Finish protocol */ if (ctx->responder == TRUE) { - unsigned char *pk, *prv; - unsigned int pk_len, prv_len; - - /* Get our public key to be sent to the initiator */ - pk = silc_pkcs_get_public_key(server->public_key, &pk_len); - - /* Get out private key to sign some data. */ - prv = silc_pkcs_get_private_key(server->public_key, &prv_len); - /* This creates the key exchange material and sends our public parts to the initiator inside Key Exchange 2 Payload. */ status = silc_ske_responder_finish(ctx->ske, - pk, pk_len, prv, prv_len, + server->public_key, server->private_key, SILC_SKE_PK_TYPE_SILC, silc_server_protocol_ke_send_packet, context); - - memset(pk, 0, pk_len); - memset(prv, 0, prv_len); - silc_free(pk); - silc_free(prv); } else { /* Finish the protocol. This verifies the Key Exchange 2 payload sent by responder. */ status = silc_ske_initiator_finish(ctx->ske, - ctx->packet, NULL, NULL); + ctx->packet, NULL, NULL, NULL, NULL); } if (status != SILC_SKE_STATUS_OK) { diff --git a/apps/silcd/server.c b/apps/silcd/server.c index 5e67474b..05953586 100644 --- a/apps/silcd/server.c +++ b/apps/silcd/server.c @@ -25,6 +25,10 @@ /* * $Id$ * $Log$ + * Revision 1.6 2000/07/07 06:55:59 priikone + * Added SILC style public key support and made server to use + * it at all time. + * * Revision 1.5 2000/07/06 13:18:07 priikone * Check for NULL in client_on_channel. * @@ -166,44 +170,47 @@ int silc_server_init(SilcServer server) unsigned char *public_key; unsigned char *private_key; unsigned int pk_len, prv_len; - SilcPublicKey pub_key; - SilcPrivateKey prv_key; + struct stat st; - if (silc_pkcs_alloc("rsa", &server->public_key) == FALSE) { - SILC_LOG_ERROR(("Could not create RSA key pair")); - goto err0; - } + if (stat("pubkey.pub", &st) < 0 && stat("privkey.prv", &st) < 0) { - if (server->public_key->pkcs->init(server->public_key->context, - 1024, server->rng) == FALSE) { - SILC_LOG_ERROR(("Could not generate RSA key pair")); - goto err0; + if (silc_pkcs_alloc("rsa", &server->pkcs) == FALSE) { + SILC_LOG_ERROR(("Could not create RSA key pair")); + goto err0; + } + + if (server->pkcs->pkcs->init(server->pkcs->context, + 1024, server->rng) == FALSE) { + SILC_LOG_ERROR(("Could not generate RSA key pair")); + goto err0; + } + + public_key = server->pkcs->pkcs->get_public_key(server->pkcs->context, + &pk_len); + private_key = server->pkcs->pkcs->get_private_key(server->pkcs->context, + &prv_len); + + SILC_LOG_HEXDUMP(("public key"), public_key, pk_len); + SILC_LOG_HEXDUMP(("private key"), private_key, prv_len); + + server->public_key = + silc_pkcs_public_key_alloc("rsa", "UN=root, HN=dummy", + public_key, pk_len); + server->private_key = + silc_pkcs_private_key_alloc("rsa", private_key, prv_len); + + /* XXX Save keys */ + silc_pkcs_save_public_key("pubkey.pub", server->public_key); + silc_pkcs_save_private_key("privkey.prv", server->private_key, NULL); + + memset(public_key, 0, pk_len); + memset(private_key, 0, prv_len); + silc_free(public_key); + silc_free(private_key); + } else { + silc_pkcs_load_public_key("pubkey.pub", &server->public_key); + silc_pkcs_load_private_key("privkey.prv", &server->private_key); } - - public_key = - server->public_key->pkcs->get_public_key(server->public_key->context, - &pk_len); - private_key = - server->public_key->pkcs->get_private_key(server->public_key->context, - &prv_len); - - SILC_LOG_HEXDUMP(("public key"), public_key, pk_len); - SILC_LOG_HEXDUMP(("private key"), private_key, prv_len); - - pub_key = silc_pkcs_public_key_alloc("rsa", "UN=root, HN=dummy", - public_key, pk_len); - prv_key = silc_pkcs_private_key_alloc("rsa", private_key, prv_len); - - /* XXX Save keys */ - silc_pkcs_save_public_key("pubkey.pub", pub_key); - silc_pkcs_save_private_key("privkey.prv", prv_key, NULL); - - memset(public_key, 0, pk_len); - memset(private_key, 0, prv_len); - silc_free(public_key); - silc_free(private_key); - silc_pkcs_public_key_free(pub_key); - silc_pkcs_private_key_free(prv_key); } /* Create a listening server. Note that our server can listen on @@ -416,13 +423,13 @@ SILC_TASK_CALLBACK(silc_server_connect_to_router) newsocket->protocol = protocol; /* Register a timeout task that will be executed if the protocol - is not executed within 15 seconds. For now, this is a hard coded - limit. After 15 secs the connection will be closed if the key + is not executed within 60 seconds. For now, this is a hard coded + limit. After 60 secs the connection will be closed if the key exchange protocol has not been executed. */ proto_ctx->timeout_task = silc_task_register(server->timeout_queue, sock, silc_server_timeout_remote, - context, 15, 0, + context, 60, 0, SILC_TASK_TIMEOUT, SILC_TASK_PRI_LOW); @@ -488,13 +495,13 @@ SILC_TASK_CALLBACK(silc_server_connect_to_router) newsocket->protocol = protocol; /* Register a timeout task that will be executed if the protocol - is not executed within 15 seconds. For now, this is a hard coded - limit. After 15 secs the connection will be closed if the key + is not executed within 60 seconds. For now, this is a hard coded + limit. After 60 secs the connection will be closed if the key exchange protocol has not been executed. */ proto_ctx->timeout_task = silc_task_register(server->timeout_queue, sock, silc_server_timeout_remote, - context, 15, 0, + context, 60, 0, SILC_TASK_TIMEOUT, SILC_TASK_PRI_LOW); @@ -795,13 +802,13 @@ SILC_TASK_CALLBACK(silc_server_accept_new_connection) silc_server_accept_new_connection_second); /* Register a timeout task that will be executed if the connector - will not start the key exchange protocol within 15 seconds. For - now, this is a hard coded limit. After 15 secs the connection will + will not start the key exchange protocol within 60 seconds. For + now, this is a hard coded limit. After 60 secs the connection will be closed if the key exchange protocol has not been started. */ proto_ctx->timeout_task = silc_task_register(server->timeout_queue, newsocket->sock, silc_server_timeout_remote, - context, 15, 0, + context, 60, 0, SILC_TASK_TIMEOUT, SILC_TASK_PRI_LOW); diff --git a/apps/silcd/server_internal.h b/apps/silcd/server_internal.h index 3ed7cbeb..8f4fa582 100644 --- a/apps/silcd/server_internal.h +++ b/apps/silcd/server_internal.h @@ -60,7 +60,9 @@ typedef struct SilcServerObjectStruct { SilcCipher none_cipher; /* Server public key */ - SilcPKCS public_key; + SilcPKCS pkcs; + SilcPublicKey public_key; + SilcPrivateKey private_key; /* Hash objects for general hashing */ SilcHash md5hash; diff --git a/apps/silcd/testi.conf b/apps/silcd/testi.conf index e5417e21..c04a7aa8 100644 --- a/apps/silcd/testi.conf +++ b/apps/silcd/testi.conf @@ -32,7 +32,6 @@ errorlogfile:silcd2_error.log:10000 2:200:300:400 [ClientConnection] -10.2.1.199:passwd:priikone:333:1 :::1333:1 [AdminConnection] -- 2.43.0