updates.

[silc.git] / apps / silcd / protocol.c

diff --git a/apps/silcd/protocol.c b/apps/silcd/protocol.c
index 449a6886daaa3b9190982cc6d85c1ff2f5f49632..794a20880279462c6b473c8896443a1c971969e2 100644 (file)
--- a/apps/silcd/protocol.c
+++ b/apps/silcd/protocol.c
@@ -276,14 +276,11 @@ int silc_server_protocol_ke_set_keys(SilcServer server,
   }
 
   idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
-  idata->rekey->send_enc_key = 
-    silc_calloc(keymat->enc_key_len / 8,
-               sizeof(*idata->rekey->send_enc_key));
-  memcpy(idata->rekey->send_enc_key, 
-        keymat->send_enc_key, keymat->enc_key_len / 8);
+  idata->rekey->send_enc_key = silc_memdup(keymat->send_enc_key,
+                                          keymat->enc_key_len / 8);
   idata->rekey->enc_key_len = keymat->enc_key_len / 8;
 
-  if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
+  if (ske->prop->flags & SILC_SKE_SP_FLAG_PFS)
     idata->rekey->pfs = TRUE;
   idata->rekey->ske_group = silc_ske_group_get_number(group);
 
@@ -457,9 +454,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
       SilcSKE ske;
 
       /* Allocate Key Exchange object */
-      ske = silc_ske_alloc();
-      ctx->ske = ske;
-      ske->rng = server->rng;
+      ctx->ske = ske = silc_ske_alloc(server->rng, server);
       
       silc_ske_set_callbacks(ske, silc_server_protocol_ke_send_packet, NULL,
                             silc_server_protocol_ke_verify_key,
@@ -471,12 +466,12 @@ SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
           properties packet from initiator. */
        status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
                                          silc_version_string,
-                                         ctx->packet->buffer, TRUE);
+                                         ctx->packet->buffer, ctx->flags);
       } else {
        SilcSKEStartPayload *start_payload;
 
        /* Assemble security properties. */
-       silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_MUTUAL, 
+       silc_ske_assemble_security_properties(ske, ctx->flags, 
                                              silc_version_string,
                                              &start_payload);
 
@@ -514,8 +509,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
        */
       if (ctx->responder == TRUE) {
        /* Sends the selected security properties to the initiator. */
-       status = silc_ske_responder_phase_1(ctx->ske, 
-                                           ctx->ske->start_payload);
+       status = silc_ske_responder_phase_1(ctx->ske);
       } else {
        /* Call Phase-1 function. This processes the Key Exchange Start
           paylaod reply we just got from the responder. The callback
@@ -562,7 +556,8 @@ SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
           Key Exhange 1 Payload to the responder. */
        status = silc_ske_initiator_phase_2(ctx->ske,
                                            server->public_key,
-                                           server->private_key);
+                                           server->private_key,
+                                           SILC_SKE_PK_TYPE_SILC);
        protocol->state++;
       }
 
@@ -783,7 +778,7 @@ silc_server_public_key_authentication(SilcServer server,
 
 static int
 silc_server_get_public_key_auth(SilcServer server,
-                               unsigned char *auth_data,
+                               unsigned char **auth_data,
                                uint32 *auth_data_len,
                                SilcSKE ske)
 {
@@ -804,12 +799,14 @@ silc_server_get_public_key_auth(SilcServer server,
                                          ske->start_payload_copy->len),
                     SILC_STR_END);
 
+  *auth_data = silc_calloc(silc_pkcs_get_key_len(pkcs), sizeof(**auth_data));
   if (silc_pkcs_sign_with_hash(pkcs, ske->prop->hash, auth->data, 
-                              auth->len, auth_data, auth_data_len)) {
+                              auth->len, *auth_data, auth_data_len)) {
     silc_buffer_free(auth);
     return TRUE;
   }
 
+  silc_free(*auth_data);
   silc_buffer_free(auth);
   return FALSE;
 }
@@ -951,7 +948,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
 
        /* Remote end is client */
        if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
-         SilcServerConfigSectionClient *client = ctx->cconfig;
+         SilcServerConfigClient *client = ctx->cconfig;
          
          if (client) {
            ret = silc_server_get_authentication(ctx, client->passphrase,
@@ -980,7 +977,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
        
        /* Remote end is server */
        if (conn_type == SILC_SOCKET_TYPE_SERVER) {
-         SilcServerConfigSectionServer *serv = ctx->sconfig;
+         SilcServerConfigServer *serv = ctx->sconfig;
          
          if (serv) {
            ret = silc_server_get_authentication(ctx, serv->passphrase,
@@ -1009,7 +1006,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
        
        /* Remote end is router */
        if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
-         SilcServerConfigSectionRouter *serv = ctx->rconfig;
+         SilcServerConfigRouter *serv = ctx->rconfig;
 
          if (serv) {
            ret = silc_server_get_authentication(ctx, serv->passphrase,
@@ -1073,13 +1070,9 @@ SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
          
        case SILC_AUTH_PUBLIC_KEY:
          {
-           unsigned char sign[1024];
-
            /* Public key authentication */
-           silc_server_get_public_key_auth(server, sign, &auth_data_len,
+           silc_server_get_public_key_auth(server, &auth_data, &auth_data_len,
                                            ctx->ske);
-           auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
-           memcpy(auth_data, sign, auth_data_len);
            break;
          }
        }
@@ -1251,11 +1244,8 @@ silc_server_protocol_rekey_validate(SilcServer server,
   if (!send) {
     memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
     silc_free(idata->rekey->send_enc_key);
-    idata->rekey->send_enc_key = 
-      silc_calloc(keymat->enc_key_len / 8,
-                 sizeof(*idata->rekey->send_enc_key));
-    memcpy(idata->rekey->send_enc_key, keymat->send_enc_key, 
-          keymat->enc_key_len / 8);
+    idata->rekey->send_enc_key = silc_memdup(keymat->send_enc_key,
+                                            keymat->enc_key_len / 8);
     idata->rekey->enc_key_len = keymat->enc_key_len / 8;
   }
 }
@@ -1384,8 +1374,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey)
            return;
          }
 
-         ctx->ske = silc_ske_alloc();
-         ctx->ske->rng = server->rng;
+         ctx->ske = silc_ske_alloc(server->rng, server);
          ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
          silc_ske_group_get_by_number(idata->rekey->ske_group,
                                       &ctx->ske->prop->group);
@@ -1440,8 +1429,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey)
           * Use Perfect Forward Secrecy, ie. negotiate the key material
           * using the SKE protocol.
           */
-         ctx->ske = silc_ske_alloc();
-         ctx->ske->rng = server->rng;
+         ctx->ske = silc_ske_alloc(server->rng, server);
          ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
          silc_ske_group_get_by_number(idata->rekey->ske_group,
                                       &ctx->ske->prop->group);
@@ -1451,7 +1439,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey)
                                 NULL, NULL, NULL, silc_ske_check_version,
                                 context);
       
-         status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL);
+         status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL, 0);
          if (status != SILC_SKE_STATUS_OK) {
            SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
                              silc_ske_map_status(status)));