return TRUE;
}
+ /* XXX For now, accept server keys without verification too. We are
+ currently always doing mutual authentication so the proof of posession
+ of the private key is verified, and if server is authenticated in
+ conn auth protocol with public key we MUST have the key already. */
+ return TRUE;
+ /* Rest is unreachable code! */
+
memset(filename, 0, sizeof(filename));
memset(file, 0, sizeof(file));
snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", sock->hostname,
/* Sets the negotiated key material into use for particular connection. */
-int silc_server_protocol_ke_set_keys(SilcSKE ske,
+int silc_server_protocol_ke_set_keys(SilcServer server,
+ SilcSKE ske,
SilcSocketConnection sock,
SilcSKEKeyMaterial *keymat,
SilcCipher cipher,
return FALSE;
}
- /* XXX backwards support for old MAC thingy
- XXX Remove ing 0.7.x */
- if (ske->backward_version) {
- silc_hmac_set_b(idata->hmac_send);
- silc_hmac_set_b(idata->hmac_receive);
- idata->send_key->back = TRUE;
- idata->receive_key->back = TRUE;
- }
-
if (is_responder == TRUE) {
silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
keymat->enc_key_len);
/* Save the remote host's public key */
silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
ske->ke1_payload->pk_len, &idata->public_key);
+ if (ske->prop->flags & SILC_SKE_SP_FLAG_MUTUAL)
+ silc_hash_make(server->sha1hash, ske->ke1_payload->pk_data,
+ ske->ke1_payload->pk_len, idata->fingerprint);
sock->user_data = (void *)conn_data;
if (min > min2)
status = SILC_SKE_STATUS_BAD_VERSION;
- /* Backwards support for 0.5.x for various MAC related issues.
- XXX Remove in 0.7.x */
- if (maj == 0 && min < 6)
+ /* XXX < 0.6 is not allowed */
+ if (maj == 0 && min < 5)
+ status = SILC_SKE_STATUS_BAD_VERSION;
+
+ /* XXX backward support for 0.6.1 */
+ if (maj == 0 && min == 6 && build < 2)
ske->backward_version = 1;
return status;
properties packet from initiator. */
status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
silc_version_string,
- ctx->packet->buffer, FALSE);
+ ctx->packet->buffer, TRUE);
} else {
SilcSKEStartPayload *start_payload;
/* Assemble security properties. */
- silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
+ silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_MUTUAL,
silc_version_string,
&start_payload);