X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=blobdiff_plain;f=apps%2Fsilcd%2Fprotocol.c;h=794a20880279462c6b473c8896443a1c971969e2;hp=449a6886daaa3b9190982cc6d85c1ff2f5f49632;hb=386c883d8774999c6e74d7c6c37e52e4163a4cb1;hpb=8a5f64b6ead2707ba7f623e4e8c6f6a58f4d712f

diff --git a/apps/silcd/protocol.c b/apps/silcd/protocol.c
index 449a6886..794a2088 100644
--- a/apps/silcd/protocol.c
+++ b/apps/silcd/protocol.c
@@ -276,14 +276,11 @@ int silc_server_protocol_ke_set_keys(SilcServer server,
   }
 
   idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
-  idata->rekey->send_enc_key = 
-    silc_calloc(keymat->enc_key_len / 8,
-		sizeof(*idata->rekey->send_enc_key));
-  memcpy(idata->rekey->send_enc_key, 
-	 keymat->send_enc_key, keymat->enc_key_len / 8);
+  idata->rekey->send_enc_key = silc_memdup(keymat->send_enc_key,
+					   keymat->enc_key_len / 8);
   idata->rekey->enc_key_len = keymat->enc_key_len / 8;
 
-  if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
+  if (ske->prop->flags & SILC_SKE_SP_FLAG_PFS)
     idata->rekey->pfs = TRUE;
   idata->rekey->ske_group = silc_ske_group_get_number(group);
 
@@ -457,9 +454,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
       SilcSKE ske;
 
       /* Allocate Key Exchange object */
-      ske = silc_ske_alloc();
-      ctx->ske = ske;
-      ske->rng = server->rng;
+      ctx->ske = ske = silc_ske_alloc(server->rng, server);
       
       silc_ske_set_callbacks(ske, silc_server_protocol_ke_send_packet, NULL,
 			     silc_server_protocol_ke_verify_key,
@@ -471,12 +466,12 @@ SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
 	   properties packet from initiator. */
 	status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
 					  silc_version_string,
-					  ctx->packet->buffer, TRUE);
+					  ctx->packet->buffer, ctx->flags);
       } else {
 	SilcSKEStartPayload *start_payload;
 
 	/* Assemble security properties. */
-	silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_MUTUAL, 
+	silc_ske_assemble_security_properties(ske, ctx->flags, 
 					      silc_version_string,
 					      &start_payload);
 
@@ -514,8 +509,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
        */
       if (ctx->responder == TRUE) {
 	/* Sends the selected security properties to the initiator. */
-	status = silc_ske_responder_phase_1(ctx->ske, 
-					    ctx->ske->start_payload);
+	status = silc_ske_responder_phase_1(ctx->ske);
       } else {
 	/* Call Phase-1 function. This processes the Key Exchange Start
 	   paylaod reply we just got from the responder. The callback
@@ -562,7 +556,8 @@ SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
 	   Key Exhange 1 Payload to the responder. */
 	status = silc_ske_initiator_phase_2(ctx->ske,
 					    server->public_key,
-					    server->private_key);
+					    server->private_key,
+					    SILC_SKE_PK_TYPE_SILC);
 	protocol->state++;
       }
 
@@ -783,7 +778,7 @@ silc_server_public_key_authentication(SilcServer server,
 
 static int
 silc_server_get_public_key_auth(SilcServer server,
-				unsigned char *auth_data,
+				unsigned char **auth_data,
 				uint32 *auth_data_len,
 				SilcSKE ske)
 {
@@ -804,12 +799,14 @@ silc_server_get_public_key_auth(SilcServer server,
 					  ske->start_payload_copy->len),
 		     SILC_STR_END);
 
+  *auth_data = silc_calloc(silc_pkcs_get_key_len(pkcs), sizeof(**auth_data));
   if (silc_pkcs_sign_with_hash(pkcs, ske->prop->hash, auth->data, 
-			       auth->len, auth_data, auth_data_len)) {
+			       auth->len, *auth_data, auth_data_len)) {
     silc_buffer_free(auth);
     return TRUE;
   }
 
+  silc_free(*auth_data);
   silc_buffer_free(auth);
   return FALSE;
 }
@@ -951,7 +948,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
 
 	/* Remote end is client */
 	if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
-	  SilcServerConfigSectionClient *client = ctx->cconfig;
+	  SilcServerConfigClient *client = ctx->cconfig;
 	  
 	  if (client) {
 	    ret = silc_server_get_authentication(ctx, client->passphrase,
@@ -980,7 +977,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
 	
 	/* Remote end is server */
 	if (conn_type == SILC_SOCKET_TYPE_SERVER) {
-	  SilcServerConfigSectionServer *serv = ctx->sconfig;
+	  SilcServerConfigServer *serv = ctx->sconfig;
 	  
 	  if (serv) {
 	    ret = silc_server_get_authentication(ctx, serv->passphrase,
@@ -1009,7 +1006,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
 	
 	/* Remote end is router */
 	if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
-	  SilcServerConfigSectionRouter *serv = ctx->rconfig;
+	  SilcServerConfigRouter *serv = ctx->rconfig;
 
 	  if (serv) {
 	    ret = silc_server_get_authentication(ctx, serv->passphrase,
@@ -1073,13 +1070,9 @@ SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
 	  
 	case SILC_AUTH_PUBLIC_KEY:
 	  {
-	    unsigned char sign[1024];
-
 	    /* Public key authentication */
-	    silc_server_get_public_key_auth(server, sign, &auth_data_len,
+	    silc_server_get_public_key_auth(server, &auth_data, &auth_data_len,
 					    ctx->ske);
-	    auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
-	    memcpy(auth_data, sign, auth_data_len);
 	    break;
 	  }
 	}
@@ -1251,11 +1244,8 @@ silc_server_protocol_rekey_validate(SilcServer server,
   if (!send) {
     memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
     silc_free(idata->rekey->send_enc_key);
-    idata->rekey->send_enc_key = 
-      silc_calloc(keymat->enc_key_len / 8,
-		  sizeof(*idata->rekey->send_enc_key));
-    memcpy(idata->rekey->send_enc_key, keymat->send_enc_key, 
-	   keymat->enc_key_len / 8);
+    idata->rekey->send_enc_key = silc_memdup(keymat->send_enc_key,
+					     keymat->enc_key_len / 8);
     idata->rekey->enc_key_len = keymat->enc_key_len / 8;
   }
 }
@@ -1384,8 +1374,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey)
 	    return;
 	  }
 
-	  ctx->ske = silc_ske_alloc();
-	  ctx->ske->rng = server->rng;
+	  ctx->ske = silc_ske_alloc(server->rng, server);
 	  ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
 	  silc_ske_group_get_by_number(idata->rekey->ske_group,
 				       &ctx->ske->prop->group);
@@ -1440,8 +1429,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey)
 	   * Use Perfect Forward Secrecy, ie. negotiate the key material
 	   * using the SKE protocol.
 	   */
-	  ctx->ske = silc_ske_alloc();
-	  ctx->ske->rng = server->rng;
+	  ctx->ske = silc_ske_alloc(server->rng, server);
 	  ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
 	  silc_ske_group_get_by_number(idata->rekey->ske_group,
 				       &ctx->ske->prop->group);
@@ -1451,7 +1439,7 @@ SILC_TASK_CALLBACK(silc_server_protocol_rekey)
 				 NULL, NULL, NULL, silc_ske_check_version,
 				 context);
       
-	  status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL);
+	  status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL, 0);
 	  if (status != SILC_SKE_STATUS_OK) {
 	    SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
 			      silc_ske_map_status(status)));