From 1d81178ad006cbdc02121626feced167bb6d4822 Mon Sep 17 00:00:00 2001 From: Pekka Riikonen Date: Tue, 12 Nov 2002 17:46:30 +0000 Subject: [PATCH] Fixed public key decoding. Better error printing to SKE library. --- lib/silcclient/silcclient.h | 3 +++ lib/silccrypt/silcpkcs.c | 19 ++++++++++++------- lib/silcske/groups.c | 8 ++++++-- lib/silcske/silcske.c | 11 +++++------ 4 files changed, 26 insertions(+), 15 deletions(-) diff --git a/lib/silcclient/silcclient.h b/lib/silcclient/silcclient.h index 62a788a3..f2bc667c 100644 --- a/lib/silcclient/silcclient.h +++ b/lib/silcclient/silcclient.h @@ -1621,6 +1621,9 @@ void silc_client_command_send(SilcClient client, SilcClientConnection conn, * called when an command reply is received to an earlier sent command. * The `reply_cmd' is the command that must be received in order for * the pending command callback indicated by `callback' to be called. + * The `callback' will deliver the `context' and + * SilcClientCommandReplyContext which includes the internals of the + * command reply. * * The `ident' is a command identifier which was set for the earlier * sent command. The command reply will include the same identifier diff --git a/lib/silccrypt/silcpkcs.c b/lib/silccrypt/silcpkcs.c index 08543c5b..410845fc 100644 --- a/lib/silccrypt/silcpkcs.c +++ b/lib/silccrypt/silcpkcs.c @@ -631,7 +631,7 @@ SilcPublicKey silc_pkcs_public_key_alloc(const char *name, } public_key->identifier = strdup(identifier); - public_key->len = 4 + 2 + strlen(name) + 2 + strlen(identifier) + pk_len; + public_key->len = 2 + strlen(name) + 2 + strlen(identifier) + pk_len; silc_free(tmp); return public_key; @@ -687,7 +687,7 @@ silc_pkcs_public_key_encode(SilcPublicKey public_key, SilcUInt32 *len) SilcBuffer buf; unsigned char *ret; - buf = silc_buffer_alloc(public_key->len); + buf = silc_buffer_alloc(public_key->len + 4); silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); silc_buffer_format(buf, @@ -700,7 +700,7 @@ silc_pkcs_public_key_encode(SilcPublicKey public_key, SilcUInt32 *len) public_key->pk_len), SILC_STR_END); if (len) - *len = public_key->len; + *len = public_key->len + 4; ret = silc_calloc(buf->len, sizeof(*ret)); memcpy(ret, buf->data, buf->len); @@ -720,8 +720,8 @@ silc_pkcs_public_key_data_encode(unsigned char *pk, SilcUInt32 pk_len, unsigned char *ret; SilcUInt32 totlen; - totlen = 4 + 2 + strlen(pkcs) + 2 + strlen(identifier) + pk_len; - buf = silc_buffer_alloc(totlen); + totlen = 2 + strlen(pkcs) + 2 + strlen(identifier) + pk_len; + buf = silc_buffer_alloc(totlen + 4); silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); silc_buffer_format(buf, @@ -733,7 +733,7 @@ silc_pkcs_public_key_data_encode(unsigned char *pk, SilcUInt32 pk_len, SILC_STR_UI_XNSTRING(pk, pk_len), SILC_STR_END); if (len) - *len = totlen; + *len = totlen + 4; ret = silc_calloc(buf->len, sizeof(*ret)); memcpy(ret, buf->data, buf->len); @@ -768,7 +768,12 @@ bool silc_pkcs_public_key_decode(unsigned char *data, SilcUInt32 data_len, return FALSE; } - if (totlen != data_len) { +#if 1 /* Backwards support, remove! */ + if (totlen == data_len) + totlen -= 4; +#endif + + if (totlen + 4 != data_len) { silc_buffer_free(buf); return FALSE; } diff --git a/lib/silcske/groups.c b/lib/silcske/groups.c index c5a947e8..e0bbce0f 100644 --- a/lib/silcske/groups.c +++ b/lib/silcske/groups.c @@ -83,8 +83,10 @@ SilcSKEStatus silc_ske_group_get_by_number(int number, break; } - if (silc_ske_groups[i].name == NULL) + if (silc_ske_groups[i].name == NULL) { + SILC_LOG_ERROR(("Unsupported Diffie-Hellman group number %d", number)); return SILC_SKE_STATUS_UNKNOWN_GROUP; + } /* Return the group */ if (ret) { @@ -117,8 +119,10 @@ SilcSKEStatus silc_ske_group_get_by_name(const char *name, break; } - if (silc_ske_groups[i].name == NULL) + if (silc_ske_groups[i].name == NULL) { + SILC_LOG_ERROR(("Unsupported Diffie-Hellman group `%s'", name)); return SILC_SKE_STATUS_UNKNOWN_GROUP; + } /* Return the group */ if (ret) { diff --git a/lib/silcske/silcske.c b/lib/silcske/silcske.c index e87b50b3..604d9209 100644 --- a/lib/silcske/silcske.c +++ b/lib/silcske/silcske.c @@ -495,6 +495,7 @@ static void silc_ske_initiator_finish_final(SilcSKE ske, if (!silc_pkcs_public_key_decode(payload->pk_data, payload->pk_len, &public_key)) { status = SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY; + SILC_LOG_ERROR(("Unsupported/malformed public key received")); if (ske->callbacks->proto_continue) ske->callbacks->proto_continue(ske, ske->callbacks->context); return; @@ -517,8 +518,7 @@ static void silc_ske_initiator_finish_final(SilcSKE ske, silc_pkcs_public_key_set(ske->prop->pkcs, public_key); if (silc_pkcs_verify(ske->prop->pkcs, payload->sign_data, payload->sign_len, hash, hash_len) == FALSE) { - - SILC_LOG_DEBUG(("Signature don't match")); + SILC_LOG_ERROR(("Signature verification failed, incorrect signature")); status = SILC_SKE_STATUS_INCORRECT_SIGNATURE; goto err; } @@ -854,6 +854,7 @@ static void silc_ske_responder_phase2_final(SilcSKE ske, recv_payload->pk_len, &public_key)) { ske->status = SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY; + SILC_LOG_ERROR(("Unsupported/malformed public key received")); if (ske->callbacks->proto_continue) ske->callbacks->proto_continue(ske, ske->callbacks->context); return; @@ -876,9 +877,7 @@ static void silc_ske_responder_phase2_final(SilcSKE ske, silc_pkcs_public_key_set(ske->prop->pkcs, public_key); if (silc_pkcs_verify(ske->prop->pkcs, recv_payload->sign_data, recv_payload->sign_len, hash, hash_len) == FALSE) { - - SILC_LOG_DEBUG(("Signature don't match")); - + SILC_LOG_ERROR(("Signature verification failed, incorrect signature")); ske->status = SILC_SKE_STATUS_INCORRECT_SIGNATURE; if (ske->callbacks->proto_continue) ske->callbacks->proto_continue(ske, ske->callbacks->context); @@ -969,7 +968,7 @@ SilcSKEStatus silc_ske_responder_phase_2(SilcSKE ske, SILC_LOG_DEBUG(("We are doing mutual authentication")); if (!recv_payload->pk_data && ske->callbacks->verify_key) { - SILC_LOG_DEBUG(("Remote end did not send its public key (or " + SILC_LOG_ERROR(("Remote end did not send its public key (or " "certificate), even though we require it")); ske->status = SILC_SKE_STATUS_PUBLIC_KEY_NOT_PROVIDED; return status; -- 2.24.0