updates.

[silc.git] / apps / silcd / packet_receive.c

diff --git a/apps/silcd/packet_receive.c b/apps/silcd/packet_receive.c
index 403c5928493d82f0e81757297f43537c7ba66af1..eb3f94556926063c5530ca9b6abbb6a6c0aeeb94 100644 (file)
--- a/apps/silcd/packet_receive.c
+++ b/apps/silcd/packet_receive.c
@@ -920,6 +920,34 @@ void silc_server_channel_message(SilcServer server,
     }
   }
 
+  /* If we are router and the packet came from router and private key
+     has not been set for the channel then we must encrypt the packet
+     as it was decrypted with the session key shared between us and the
+     router which sent it. This is so, because cells does not share the
+     same channel key */
+  if (server->server_type == SILC_ROUTER &&
+      sock->type == SILC_SOCKET_TYPE_ROUTER &&
+      !(channel->mode & SILC_CHANNEL_MODE_PRIVKEY)) {
+    SilcBuffer chp;
+    unsigned int iv_len, i, data_len;
+
+    iv_len = silc_cipher_get_block_len(channel->channel_key);
+    if (channel->iv[0] == '\0')
+      for (i = 0; i < iv_len; i++) channel->iv[i] = 
+                                    silc_rng_get_byte(server->rng);
+    else
+      silc_hash_make(server->md5hash, channel->iv, iv_len, channel->iv);
+    
+    /* Encode new payload. This encrypts it also. */
+    SILC_GET16_MSB(data_len, packet->buffer->data);
+    chp = silc_channel_payload_encode(data_len, packet->buffer->data + 2,
+                                     iv_len, channel->iv,
+                                     channel->channel_key,
+                                     channel->hmac, server->rng);
+    silc_buffer_put(packet->buffer, chp->data, chp->len);
+    silc_buffer_free(chp);
+  }
+
   /* Distribute the packet to our local clients. This will send the
      packet for further routing as well, if needed. */
   silc_server_packet_relay_to_channel(server, sock, channel, sender,