updates.

[silc.git] / apps / silcd / protocol.c

diff --git a/apps/silcd/protocol.c b/apps/silcd/protocol.c
index 543687a5f3f244195000096b2b152269a8012c79..170120f696c98007627aa1a7394628185b8ecf59 100644 (file)
--- a/apps/silcd/protocol.c
+++ b/apps/silcd/protocol.c
@@ -280,6 +280,12 @@ int silc_server_protocol_ke_set_keys(SilcSKE ske,
 
   sock->user_data = (void *)conn_data;
 
+  SILC_LOG_INFO(("%s (%s) security properties: %s %s %s", 
+                sock->hostname, sock->ip,
+                idata->send_key->cipher->name,
+                idata->hmac_send->hmac->name,
+                idata->hash->hash->name));
+
   return TRUE;
 }
 
@@ -359,10 +365,10 @@ static void silc_server_protocol_ke_continue(SilcSKE ske, void *context)
   SILC_LOG_DEBUG(("Start"));
 
   if (ske->status != SILC_SKE_STATUS_OK) {
-    SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
-                     ske->status));
-    SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
-                   ske->status));
+    SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
+                     silc_ske_map_status(ske->status)));
+    SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
+                   silc_ske_map_status(ske->status)));
     
     protocol->state = SILC_PROTOCOL_STATE_ERROR;
     silc_protocol_execute(protocol, server->schedule, 0, 300000);
@@ -449,10 +455,10 @@ SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
        return;
 
       if (status != SILC_SKE_STATUS_OK) {
-       SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
-                         status));
-       SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
-                       status));
+       SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
+                         silc_ske_map_status(status)));
+       SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
+                       silc_ske_map_status(status)));
 
        protocol->state = SILC_PROTOCOL_STATE_ERROR;
        silc_protocol_execute(protocol, server->schedule, 0, 300000);
@@ -487,10 +493,10 @@ SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
        return;
 
       if (status != SILC_SKE_STATUS_OK) {
-       SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
-                         status));
-       SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
-                       status));
+       SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
+                         silc_ske_map_status(status)));
+       SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
+                       silc_ske_map_status(status)));
 
        protocol->state = SILC_PROTOCOL_STATE_ERROR;
        silc_protocol_execute(protocol, server->schedule, 0, 300000);
@@ -529,10 +535,10 @@ SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
        return;
 
       if (status != SILC_SKE_STATUS_OK) {
-       SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
-                         status));
-       SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
-                       status));
+       SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
+                         silc_ske_map_status(status)));
+       SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
+                       silc_ske_map_status(status)));
 
        protocol->state = SILC_PROTOCOL_STATE_ERROR;
        silc_protocol_execute(protocol, server->schedule, 0, 300000);
@@ -567,10 +573,10 @@ SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
        return;
 
       if (status != SILC_SKE_STATUS_OK) {
-       SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
-                         status));
-       SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
-                       status));
+       SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
+                         silc_ske_map_status(status)));
+       SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
+                       silc_ske_map_status(status)));
 
        protocol->state = SILC_PROTOCOL_STATE_ERROR;
        silc_protocol_execute(protocol, server->schedule, 0, 300000);
@@ -712,7 +718,8 @@ silc_server_public_key_authentication(SilcServer server,
                     SILC_STR_END);
 
   /* Verify signature */
-  if (silc_pkcs_verify(pkcs, sign, sign_len, auth->data, auth->len)) {
+  if (silc_pkcs_verify_with_hash(pkcs, ske->prop->hash, sign, sign_len, 
+                                auth->data, auth->len)) {
     silc_pkcs_free(pkcs);
     silc_buffer_free(auth);
     return TRUE;
@@ -725,7 +732,6 @@ silc_server_public_key_authentication(SilcServer server,
 
 static int
 silc_server_get_public_key_auth(SilcServer server,
-                               SilcPublicKey pub_key,
                                unsigned char *auth_data,
                                uint32 *auth_data_len,
                                SilcSKE ske)
@@ -734,14 +740,7 @@ silc_server_get_public_key_auth(SilcServer server,
   SilcPKCS pkcs;
   SilcBuffer auth;
 
-  if (!pub_key)
-    return FALSE;
-
-  silc_pkcs_alloc(pub_key->name, &pkcs);
-  if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
-    silc_pkcs_free(pkcs);
-    return FALSE;
-  }
+  pkcs = server->pkcs;
 
   /* Make the authentication data. Protocol says it is HASH plus
      KE Start Payload. */
@@ -754,13 +753,12 @@ silc_server_get_public_key_auth(SilcServer server,
                                          ske->start_payload_copy->len),
                     SILC_STR_END);
 
-  if (silc_pkcs_sign(pkcs, auth->data, auth->len, auth_data, auth_data_len)) {
-    silc_pkcs_free(pkcs);
+  if (silc_pkcs_sign_with_hash(pkcs, ske->prop->hash, auth->data, 
+                              auth->len, auth_data, auth_data_len)) {
     silc_buffer_free(auth);
     return TRUE;
   }
 
-  silc_pkcs_free(pkcs);
   silc_buffer_free(auth);
   return FALSE;
 }
@@ -1081,8 +1079,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
            unsigned char sign[1024];
 
            /* Public key authentication */
-           silc_server_get_public_key_auth(server, ctx->auth_data,
-                                           sign, &auth_data_len,
+           silc_server_get_public_key_auth(server, sign, &auth_data_len,
                                            ctx->ske);
            auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
            memcpy(auth_data, sign, auth_data_len);
@@ -1389,8 +1386,8 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey)
       
          status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
          if (status != SILC_SKE_STATUS_OK) {
-           SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
-                             status));
+           SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
+                             silc_ske_map_status(status)));
            
            protocol->state = SILC_PROTOCOL_STATE_ERROR;
            silc_protocol_execute(protocol, server->schedule, 0, 300000);
@@ -1445,8 +1442,8 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey)
       
          status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL);
          if (status != SILC_SKE_STATUS_OK) {
-           SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
-                             status));
+           SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
+                             silc_ske_map_status(status)));
            
            protocol->state = SILC_PROTOCOL_STATE_ERROR;
            silc_protocol_execute(protocol, server->schedule, 0, 300000);
@@ -1490,8 +1487,8 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey)
        status = silc_ske_responder_finish(ctx->ske, NULL, NULL, 
                                           SILC_SKE_PK_TYPE_SILC);
        if (status != SILC_SKE_STATUS_OK) {
-         SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
-                           status));
+         SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
+                           silc_ske_map_status(status)));
          
          protocol->state = SILC_PROTOCOL_STATE_ERROR;
          silc_protocol_execute(protocol, server->schedule, 0, 300000);
@@ -1513,8 +1510,8 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey)
        
        status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
        if (status != SILC_SKE_STATUS_OK) {
-         SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
-                           status));
+         SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
+                           silc_ske_map_status(status)));
          
          protocol->state = SILC_PROTOCOL_STATE_ERROR;
          silc_protocol_execute(protocol, server->schedule, 0, 300000);
@@ -1545,7 +1542,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey)
     if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
       /* Error in protocol */
       protocol->state = SILC_PROTOCOL_STATE_ERROR;
-      silc_protocol_execute(protocol, server->schedule, 0, 0);
+      silc_protocol_execute(protocol, server->schedule, 0, 300000);
       return;
     }
 
@@ -1605,6 +1602,8 @@ void silc_server_protocols_register(void)
                         silc_server_protocol_key_exchange);
   silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
                         silc_server_protocol_rekey);
+  silc_protocol_register(SILC_PROTOCOL_SERVER_BACKUP,
+                        silc_server_protocol_backup);
 }
 
 /* Unregisters protocols */
@@ -1617,4 +1616,6 @@ void silc_server_protocols_unregister(void)
                           silc_server_protocol_key_exchange);
   silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
                           silc_server_protocol_rekey);
+  silc_protocol_unregister(SILC_PROTOCOL_SERVER_BACKUP,
+                          silc_server_protocol_backup);
 }