updates.

[silc.git] / apps / silcd / protocol.c

diff --git a/apps/silcd/protocol.c b/apps/silcd/protocol.c
index c78ff8e26a66992289613673aa1cd6fe2f6b85b7..5bf971010d58ec8fabd3816fcfb8088080c1ba91 100644 (file)
--- a/apps/silcd/protocol.c
+++ b/apps/silcd/protocol.c
@@ -56,6 +56,13 @@ silc_verify_public_key_internal(SilcServer server, SilcSocketConnection sock,
     return TRUE;
   }
 
+  /* XXX For now, accept server keys without verification too. We are
+     currently always doing mutual authentication so the proof of posession
+     of the private key is verified, and if server is authenticated in
+     conn auth protocol with public key we MUST have the key already. */
+  return TRUE;
+  /* Rest is unreachable code! */
+  
   memset(filename, 0, sizeof(filename));
   memset(file, 0, sizeof(file));
   snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", sock->hostname, 
@@ -199,7 +206,8 @@ static void silc_server_protocol_ke_send_packet(SilcSKE ske,
 
 /* Sets the negotiated key material into use for particular connection. */
 
-int silc_server_protocol_ke_set_keys(SilcSKE ske,
+int silc_server_protocol_ke_set_keys(SilcServer server,
+                                    SilcSKE ske,
                                     SilcSocketConnection sock,
                                     SilcSKEKeyMaterial *keymat,
                                     SilcCipher cipher,
@@ -293,6 +301,9 @@ int silc_server_protocol_ke_set_keys(SilcSKE ske,
   /* Save the remote host's public key */
   silc_pkcs_public_key_decode(ske->ke1_payload->pk_data, 
                              ske->ke1_payload->pk_len, &idata->public_key);
+  if (ske->prop->flags & SILC_SKE_SP_FLAG_MUTUAL)
+    silc_hash_make(server->sha1hash, ske->ke1_payload->pk_data,
+                  ske->ke1_payload->pk_len, idata->fingerprint);
 
   sock->user_data = (void *)conn_data;
 
@@ -364,6 +375,10 @@ SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
   if (maj == 0 && min < 5)
     status = SILC_SKE_STATUS_BAD_VERSION;
 
+  /* XXX backward support for 0.6.1 */
+  if (maj == 0 && min == 6 && build < 2)
+    ske->backward_version = 1;
+
   return status;
 }
 
@@ -455,12 +470,12 @@ SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
           properties packet from initiator. */
        status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
                                          silc_version_string,
-                                         ctx->packet->buffer, FALSE);
+                                         ctx->packet->buffer, TRUE);
       } else {
        SilcSKEStartPayload *start_payload;
 
        /* Assemble security properties. */
-       silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE, 
+       silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_MUTUAL, 
                                              silc_version_string,
                                              &start_payload);
 
@@ -1395,7 +1410,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey)
          ctx->ske = silc_ske_alloc();
          ctx->ske->rng = server->rng;
          ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
-         silc_ske_get_group_by_number(idata->rekey->ske_group,
+         silc_ske_group_get_by_number(idata->rekey->ske_group,
                                       &ctx->ske->prop->group);
 
          silc_ske_set_callbacks(ctx->ske, 
@@ -1451,7 +1466,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey)
          ctx->ske = silc_ske_alloc();
          ctx->ske->rng = server->rng;
          ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
-         silc_ske_get_group_by_number(idata->rekey->ske_group,
+         silc_ske_group_get_by_number(idata->rekey->ske_group,
                                       &ctx->ske->prop->group);
 
          silc_ske_set_callbacks(ctx->ske,