{ "pubkey_no_match", "{hilight $0} key does not match with your local copy", 1, { 0 } },
{ "pubkey_maybe_expired", "It is possible that the key has expired or changed", 0 },
{ "pubkey_mitm_attack", "It is also possible that someone is performing a man-in-the-middle attack", 0 },
- { "getkey_notkey", "Server did not return any public key", 0 },
- { "getkey_verified", "Verified successfully $0 {hilight $1}'s cached public key", 2, { 0, 0 } },
- { "getkey_discard", "Could not verify $0 {hilight $1}'s public key", 2, { 0, 0 } },
+ { "pubkey_notkey", "Server did not return any public key", 0 },
+ { "pubkey_verified", "Verified successfully $0 {hilight $1}'s cached public key", 2, { 0, 0 } },
+ { "pubkey_notverified", "Could not verify $0 {hilight $1}'s public key", 2, { 0, 0 } },
/* Misc messages */
{ NULL, "Misc", 0 },
{ "attr_header", "Requested Attributes", 0 },
{ "attr_footer", "End of Requested Attributes", 0 },
{ "attr_allow", " Sending allowed : $0", 1, { 0 } },
- { "attr_vcard_file", " Business card file : $0", 1, { 0 } },
+ { "attr_vcard_file", " Business card : $0", 1, { 0 } },
{ "attr_services", " Services used : $0", 1, { 0 } },
{ "attr_service", " Service : port [$0] address [$1] logged in [$2]", 3, { 0, 0, 0 } },
{ "attr_status_mood", " User's mood : $0", 1, { 0 } },
{ "attr_status_text", " User's message : $0", 1, { 0 } },
{ "attr_status_message", " User's message : $0", 1, { 0 } },
- { "attr_status_message_file", " Mmessage file : $0", 1, { 0 } },
+ { "attr_status_message_file", " Message file : $0", 1, { 0 } },
{ "attr_preferred_language", " Preferred langauge : $0", 1, { 0 } },
{ "attr_preferred_contact", " Preferred contact : $0", 1, { 0 } },
{ "attr_geolocation", " Geolocation : $0", 1, { 0 } },
{ "attr_public_keys", " Public keys : $0", 1, { 0 } },
{ "attr_timezone", " Timezone : $0", 1, { 0 } },
{ "attr_timezone_allow", " Sending timezone : $0", 1, { 0 } },
- { "attr_user_sign_verified", " User's signature verified successfully", 0 },
- { "attr_user_sign_failed", " {hilight User's signature failed}", 0 },
- { "attr_user_sign_not_present", " User did not provide digital signature", 0 },
- { "attr_server_sign_verified", " Server's signature verified successfully", 0 },
- { "attr_server_sign_failed", " {hilight Server's signature failed}", 0 },
+ { "attr_user_sign_verified", " User's signature : verified successfully", 0 },
+ { "attr_user_sign_failed", " User's signature : {hilight signature failed}", 0 },
+ { "attr_user_sign_not_present", " User's signature : not available", 0 },
+ { "attr_server_sign_verified", " Server's signature : verified successfully", 0 },
+ { "attr_server_sign_failed", " Server's signature : {hilight signature failed}", 0 },
+ { "attr_extension", " Extension : $0", 1, { 0 } },
{ NULL, NULL, 0 }
};
#include "fe-common/core/keyboard.h"
#include "fe-common/silc/module-formats.h"
+static void silc_query_attributes_print_final(bool success, void *context);
+
QUERY_REC *silc_query_create(const char *server_tag,
const char *nick, int automatic)
{
SilcAttributeObjGeo geo;
SilcAttributeObjDevice dev;
SilcAttributeObjPk pk;
+ SilcVCardStruct vcard;
bool allowed;
memset(&service, 0, sizeof(service));
memset(&geo, 0, sizeof(geo));
memset(&dev, 0, sizeof(dev));
memset(&pk, 0, sizeof(pk));
+ memset(&vcard, 0, sizeof(vcard));
sv = settings_get_str("attr_vcard");
if (sv && *sv) {
silc_client_attribute_del(silc_client, conn,
SILC_ATTRIBUTE_USER_INFO, NULL);
tmp = silc_file_readfile(sv, &tmp_len);
- if (tmp)
+ if (tmp && silc_vcard_decode(tmp, tmp_len, &vcard))
silc_client_attribute_add(silc_client, conn,
- SILC_ATTRIBUTE_USER_INFO, tmp, tmp_len);
+ SILC_ATTRIBUTE_USER_INFO, (void *)&vcard,
+ sizeof(vcard));
+ silc_vcard_free(&vcard);
silc_free(tmp);
}
SILC_ATTRIBUTE_USER_PUBLIC_KEY, NULL);
list = g_strsplit(sv, " ", -1);
for (entry = list; *entry != NULL; entry++) {
- /* XXX we support only SILC keys currently */
if (!strncasecmp(*entry, "silc-rsa:", 8)) {
tmp = silc_file_readfile((*entry) + 8, &tmp_len);
if (tmp) {
sizeof(pk));
}
silc_free(tmp);
+ } else {
+ silc_say_error("Unsupported public key type '%s'", *entry);
}
}
g_strfreev(list);
}
}
+typedef struct {
+ SILC_SERVER_REC *server;
+ char *name;
+ SilcAttributeObjPk userpk;
+ SilcVCardStruct vcard;
+ SilcAttributeObjMime message;
+ SilcAttributeObjMime extension;
+} *AttrVerify;
+
void silc_query_attributes_print(SILC_SERVER_REC *server,
SilcClient client,
SilcClientConnection conn,
- SilcDList attrs)
+ SilcDList attrs,
+ SilcClientEntry client_entry)
{
SilcAttributePayload attr;
SilcAttribute attribute;
char tmp[512];
- SilcAttributeObjPk userpk, serverpk, usersign, serversign;
+ SilcAttributeObjPk serverpk, usersign, serversign;
+ AttrVerify verify;
printformat_module("fe-common/silc", server, NULL,
MSGLEVEL_CRAP, SILCTXT_ATTR_HEADER);
- memset(&userpk, 0, sizeof(userpk));
memset(&serverpk, 0, sizeof(serverpk));
memset(&usersign, 0, sizeof(usersign));
memset(&serversign, 0, sizeof(serversign));
+ verify = silc_calloc(1, sizeof(*verify));
+ if (!verify)
+ return;
+ verify->server = server;
+ verify->name = strdup(client_entry->nickname);
+
silc_dlist_start(attrs);
while ((attr = silc_dlist_get(attrs)) != SILC_LIST_END) {
attribute = silc_attribute_get_attribute(attr);
case SILC_ATTRIBUTE_USER_INFO:
{
- SilcVCardStruct vcard;
- memset(&vcard, 0, sizeof(vcard));
- if (!silc_attribute_get_object(attr, (void *)&vcard, sizeof(vcard)))
+ if (!silc_attribute_get_object(attr, (void *)&verify->vcard,
+ sizeof(verify->vcard)))
continue;
- /* XXX */
+ printformat_module("fe-common/silc", server, NULL,
+ MSGLEVEL_CRAP, SILCTXT_ATTR_VCARD_FILE,
+ "present");
}
break;
case SILC_ATTRIBUTE_STATUS_MESSAGE:
{
- SilcAttributeObjMime mime;
- memset(&mime, 0, sizeof(mime));
- if (!silc_attribute_get_object(attr, (void *)&mime, sizeof(mime)))
+ if (!silc_attribute_get_object(attr, (void *)&verify->message,
+ sizeof(verify->message)))
continue;
- /* XXX */
+ printformat_module("fe-common/silc", server, NULL,
+ MSGLEVEL_CRAP, SILCTXT_ATTR_STATUS_MESSAGE,
+ "present");
}
break;
break;
case SILC_ATTRIBUTE_EXTENSION:
+ {
+ if (!silc_attribute_get_object(attr, (void *)&verify->extension,
+ sizeof(verify->extension)))
+ continue;
+ printformat_module("fe-common/silc", server, NULL,
+ MSGLEVEL_CRAP, SILCTXT_ATTR_EXTENSION,
+ "present");
+ }
break;
case SILC_ATTRIBUTE_GEOLOCATION:
case SILC_ATTRIBUTE_USER_PUBLIC_KEY:
{
- if (userpk.type)
+ if (verify->userpk.type)
continue;
- if (!silc_attribute_get_object(attr, (void *)&userpk, sizeof(userpk)))
+ if (!silc_attribute_get_object(attr, (void *)&verify->userpk,
+ sizeof(verify->userpk)))
continue;
}
+ break;
+
case SILC_ATTRIBUTE_SERVER_PUBLIC_KEY:
{
if (serverpk.type)
}
}
- if (!userpk.type)
+ /* Handle the signature verifications and public key verifying here */
+
+ if (usersign.data && !strcmp(verify->userpk.type, "silc-rsa")) {
+ /* Verify the signature now */
+ SilcPublicKey public_key;
+ SilcPKCS pkcs;
+ unsigned char *verifyd;
+ SilcUInt32 verify_len;
+
+ if (silc_pkcs_public_key_decode(verify->userpk.data,
+ verify->userpk.data_len,
+ &public_key)) {
+ silc_pkcs_alloc("rsa", &pkcs);
+ verifyd = silc_attribute_get_verify_data(attrs, FALSE, &verify_len);
+ if (verifyd && silc_pkcs_public_key_set(pkcs, public_key)){
+ if (silc_pkcs_verify_with_hash(pkcs, client->sha1hash,
+ usersign.data,
+ usersign.data_len,
+ verifyd, verify_len)) {
+ printformat_module("fe-common/silc", server, NULL,
+ MSGLEVEL_CRAP, SILCTXT_ATTR_USER_SIGN_VERIFIED);
+ } else {
+ printformat_module("fe-common/silc", server, NULL,
+ MSGLEVEL_CRAP, SILCTXT_ATTR_USER_SIGN_FAILED);
+ }
+ }
+
+ silc_pkcs_public_key_free(public_key);
+ silc_free(verifyd);
+ }
+ } else {
+ printformat_module("fe-common/silc", server, NULL,
+ MSGLEVEL_CRAP, SILCTXT_ATTR_USER_SIGN_NOT_PRESENT);
+ }
+
+ if (serversign.data && !strcmp(serverpk.type, "silc-rsa")) {
+ /* Verify the signature now */
+ SilcPublicKey public_key;
+ SilcPKCS pkcs;
+ unsigned char *verifyd;
+ SilcUInt32 verify_len;
+
+ if (silc_pkcs_public_key_decode(serverpk.data, serverpk.data_len,
+ &public_key)) {
+ silc_pkcs_alloc("rsa", &pkcs);
+ verifyd = silc_attribute_get_verify_data(attrs, TRUE, &verify_len);
+ if (verifyd && silc_pkcs_public_key_set(pkcs, public_key)) {
+ if (silc_pkcs_verify_with_hash(pkcs, client->sha1hash,
+ serversign.data,
+ serversign.data_len,
+ verifyd, verify_len)) {
+ printformat_module("fe-common/silc", server, NULL,
+ MSGLEVEL_CRAP, SILCTXT_ATTR_SERVER_SIGN_VERIFIED);
+ } else {
+ printformat_module("fe-common/silc", server, NULL,
+ MSGLEVEL_CRAP, SILCTXT_ATTR_SERVER_SIGN_FAILED);
+ }
+ }
+
+ silc_pkcs_public_key_free(public_key);
+ silc_free(verifyd);
+ }
+ }
+
+ if (!verify->userpk.type || !usersign.data)
printformat_module("fe-common/silc", server, NULL,
MSGLEVEL_CRAP, SILCTXT_ATTR_FOOTER);
- /* Handle the signature verifications and public key verifying here */
+ silc_verify_public_key(client, conn, SILC_SOCKET_TYPE_CLIENT,
+ verify->userpk.data, verify->userpk.data_len,
+ SILC_SKE_PK_TYPE_SILC,
+ silc_query_attributes_print_final, verify);
+}
- if (usersign.data && !strcmp(userpk.type, "silc-rsa")) {
- /* Verify the signature now */
- /* XXX */
+static void silc_query_attributes_print_final(bool success, void *context)
+{
+ AttrVerify verify = context;
+ SILC_SERVER_REC *server = verify->server;
+
+ if (success) {
+ printformat_module("fe-common/silc", NULL, NULL,
+ MSGLEVEL_CRAP, SILCTXT_GETKEY_VERIFIED, "user",
+ verify->name);
+ } else {
+ printformat_module("fe-common/silc", NULL, NULL,
+ MSGLEVEL_CRAP, SILCTXT_GETKEY_DISCARD, "user",
+ verify->name);
}
+ printformat_module("fe-common/silc", server, NULL,
+ MSGLEVEL_CRAP, SILCTXT_ATTR_FOOTER);
+
+ silc_free(verify->name);
+ silc_vcard_free(&verify->vcard);
+ silc_free(verify);
}
projects / silc.git / commitdiff