From d79b8eb01a5a3ab99e61524367eff14bb05f2e95 Mon Sep 17 00:00:00 2001
From: Pekka Riikonen <priikone@silcnet.org>
Date: Fri, 7 Jul 2000 06:46:43 +0000
Subject: [PATCH] 	Removed ske_verify_public_key function as it is not
 needed 	anymore. Added support to the public key verification as
 callback 	function. Other minor changes and bug fixes.

---
 lib/silcske/payload.c |  7 +++--
 lib/silcske/silcske.c | 66 +++++++++++++++++++++++++------------------
 lib/silcske/silcske.h | 38 ++++++++++++++-----------
 3 files changed, 64 insertions(+), 47 deletions(-)

diff --git a/lib/silcske/payload.c b/lib/silcske/payload.c
index 69089920..e9269c8d 100644
--- a/lib/silcske/payload.c
+++ b/lib/silcske/payload.c
@@ -22,6 +22,11 @@
 /*
  * $Id$
  * $Log$
+ * Revision 1.3  2000/07/07 06:46:43  priikone
+ * 	Removed ske_verify_public_key function as it is not needed
+ * 	anymore. Added support to the public key verification as callback
+ * 	function. Other minor changes and bug fixes.
+ *
  * Revision 1.2  2000/07/05 06:05:15  priikone
  * 	Global cosmetic change.
  *
@@ -370,7 +375,6 @@ SilcSKEStatus silc_ske_payload_one_decode(SilcSKE ske,
 void silc_ske_payload_one_free(SilcSKEOnePayload *payload)
 {
   if (payload) {
-    silc_mp_clear(&payload->e);
     silc_free(payload);
   }
 }
@@ -538,7 +542,6 @@ void silc_ske_payload_two_free(SilcSKETwoPayload *payload)
       silc_free(payload->pk_data);
     if (payload->sign_data)
       silc_free(payload->sign_data);
-    silc_mp_clear(&payload->f);
     silc_free(payload);
   }
 }
diff --git a/lib/silcske/silcske.c b/lib/silcske/silcske.c
index 299c8aaa..99be72b4 100644
--- a/lib/silcske/silcske.c
+++ b/lib/silcske/silcske.c
@@ -20,6 +20,11 @@
 /*
  * $Id$
  * $Log$
+ * Revision 1.4  2000/07/07 06:46:43  priikone
+ * 	Removed ske_verify_public_key function as it is not needed
+ * 	anymore. Added support to the public key verification as callback
+ * 	function. Other minor changes and bug fixes.
+ *
  * Revision 1.3  2000/07/06 07:12:39  priikone
  * 	Support for SILC style public keys added.
  *
@@ -84,8 +89,10 @@ void silc_ske_free(SilcSKE ske)
       silc_buffer_free(ske->start_payload_copy);
     if (ske->pk)
       silc_free(ske->pk);
+    /* XXX
     silc_mp_clear(&ske->x);
     silc_mp_clear(&ske->KEY);
+    */
     if (ske->hash)
       silc_free(ske->hash);
     silc_free(ske);
@@ -276,11 +283,14 @@ SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske,
 
 SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske,
 					SilcBuffer ke2_payload,
+					SilcSKEVerifyCb verify_key,
+					void *verify_context,
 					SilcSKECb callback,
 					void *context)
 {
   SilcSKEStatus status = SILC_SKE_STATUS_OK;
   SilcSKETwoPayload *payload;
+  SilcPublicKey public_key = NULL;
   SilcInt KEY;
   unsigned char hash[32];
   unsigned int hash_len;
@@ -302,12 +312,19 @@ SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske,
 
   SILC_LOG_DEBUG(("Verifying public key"));
 
-  /* Verify the public key */ /* XXX */
-  status = silc_ske_verify_public_key(ske, payload->pk_data, 
-				      payload->pk_len);
-  if (status != SILC_SKE_STATUS_OK)
+  if (!silc_pkcs_public_key_decode(payload->pk_data, payload->pk_len, 
+				   &public_key)) {
+    status = SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY;
     goto err;
-  
+  }
+
+  if (verify_key) {
+    status = (*verify_key)(ske, payload->pk_data, payload->pk_len,
+			   payload->pk_type, verify_context);
+    if (status != SILC_SKE_STATUS_OK)
+      goto err;
+  }  
+
   SILC_LOG_DEBUG(("Public key is authentic"));
 
   /* Compute the hash value */
@@ -322,8 +339,8 @@ SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske,
   SILC_LOG_DEBUG(("Verifying signature"));
 
   /* Verify signature */
-  silc_pkcs_public_key_data_set(ske->prop->pkcs, payload->pk_data, 
-				payload->pk_len);
+  silc_pkcs_public_key_data_set(ske->prop->pkcs, public_key->pk, 
+				public_key->pk_len);
   if (ske->prop->pkcs->pkcs->verify(ske->prop->pkcs->context,
 				    payload->sign_data, payload->sign_len,
 				    hash, hash_len) == FALSE) {
@@ -336,6 +353,7 @@ SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske,
 
   SILC_LOG_DEBUG(("Signature is Ok"));
 
+  silc_pkcs_public_key_free(public_key);
   memset(hash, 'F', hash_len);
 
   /* Call the callback. */
@@ -345,11 +363,15 @@ SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske,
   return status;
 
  err:
-  memset(hash, 'F', hash_len);
+  memset(hash, 'F', sizeof(hash));
   silc_ske_payload_two_free(payload);
+  ske->ke2_payload = NULL;
 
   silc_mp_clear(&ske->KEY);
 
+  if (public_key)
+    silc_pkcs_public_key_free(public_key);
+
   if (ske->hash) {
     memset(ske->hash, 'F', hash_len);
     silc_free(ske->hash);
@@ -553,10 +575,8 @@ SilcSKEStatus silc_ske_responder_phase_2(SilcSKE ske,
    encodes Key Exchange 2 Payload and sends it to the other end. */
 
 SilcSKEStatus silc_ske_responder_finish(SilcSKE ske,
-					unsigned char *pk,
-					unsigned int pk_len,
-					unsigned char *prv,
-					unsigned int prv_len,
+					SilcPublicKey public_key,
+					SilcPrivateKey private_key,
 					SilcSKEPKType pk_type,
 					SilcSKESendPacketCb send_packet,
 					void *context)
@@ -564,8 +584,8 @@ SilcSKEStatus silc_ske_responder_finish(SilcSKE ske,
   SilcSKEStatus status = SILC_SKE_STATUS_OK;
   SilcBuffer payload_buf;
   SilcInt KEY;
-  unsigned char hash[32], sign[256];
-  unsigned int hash_len, sign_len;
+  unsigned char hash[32], sign[256], *pk;
+  unsigned int hash_len, sign_len, pk_len;
 
   SILC_LOG_DEBUG(("Start"));
 
@@ -580,8 +600,8 @@ SilcSKEStatus silc_ske_responder_finish(SilcSKE ske,
   SILC_LOG_DEBUG(("Getting public key"));
 
   /* Get the public key */
-  ske->ke2_payload->pk_data = silc_calloc(pk_len, sizeof(unsigned char));
-  memcpy(ske->ke2_payload->pk_data, pk, pk_len);
+  pk = silc_pkcs_public_key_encode(public_key, &pk_len);
+  ske->ke2_payload->pk_data = pk;
   ske->ke2_payload->pk_len = pk_len;
   ske->ke2_payload->pk_type = pk_type;
 
@@ -600,7 +620,8 @@ SilcSKEStatus silc_ske_responder_finish(SilcSKE ske,
   SILC_LOG_DEBUG(("Signing HASH value"));
 
   /* Sign the hash value */
-  silc_pkcs_private_key_data_set(ske->prop->pkcs, prv, prv_len);
+  silc_pkcs_private_key_data_set(ske->prop->pkcs, private_key->prv, 
+				 private_key->prv_len);
   ske->prop->pkcs->pkcs->sign(ske->prop->pkcs->context,
 			      hash, hash_len,
 			      sign, &sign_len);
@@ -1060,17 +1081,6 @@ SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcInt n,
   return status;
 }
 
-/* XXX TODO */
-
-SilcSKEStatus silc_ske_verify_public_key(SilcSKE ske, 
-					 unsigned char *pubkey,
-					 unsigned int pubkey_len)
-{
-  SilcSKEStatus status = SILC_SKE_STATUS_OK;
-
-  return status;
-}
-
 /* Creates a hash value HASH as defined in the SKE protocol. */
 
 SilcSKEStatus silc_ske_make_hash(SilcSKE ske, 
diff --git a/lib/silcske/silcske.h b/lib/silcske/silcske.h
index e429b70f..a5fead29 100644
--- a/lib/silcske/silcske.h
+++ b/lib/silcske/silcske.h
@@ -29,16 +29,6 @@ typedef struct SilcSKEStruct *SilcSKE;
 /* Forward declaration for security properties. */
 typedef struct SilcSKESecurityPropertiesStruct *SilcSKESecurityProperties;
 
-/* Packet sending callback. Caller of the SKE routines must provide
-   a routine to send packets to negotiation parties. */
-typedef void (*SilcSKESendPacketCb)(SilcSKE ske, SilcBuffer packet, 
-				    SilcPacketType type, void *context);
-
-/* Generic SKE callback function. This is called in various SKE
-   routines. The SilcSKE object sent as argument provides all the data
-   callers routine might need (payloads etc). */
-typedef void (*SilcSKECb)(SilcSKE ske, void *context);
-
 /* Supported Public Key Types, defined by the protocol */
 typedef enum {
   SILC_SKE_PK_TYPE_SILC = 1,	/* Mandatory type */
@@ -50,6 +40,23 @@ typedef enum {
   */
 } SilcSKEPKType;
 
+/* Packet sending callback. Caller of the SKE routines must provide
+   a routine to send packets to negotiation parties. */
+typedef void (*SilcSKESendPacketCb)(SilcSKE ske, SilcBuffer packet, 
+				    SilcPacketType type, void *context);
+
+/* Generic SKE callback function. This is called in various SKE
+   routines. The SilcSKE object sent as argument provides all the data
+   callers routine might need (payloads etc). */
+typedef void (*SilcSKECb)(SilcSKE ske, void *context);
+
+/* Callback function used to verify the received public key. */
+typedef SilcSKEStatus (*SilcSKEVerifyCb)(SilcSKE ske, 
+					 unsigned char *pk_data,
+					 unsigned int pk_len,
+					 SilcSKEPKType pk_type,
+					 void *context);
+
 /* Context passed to key material processing function. The function
    returns the processed key material into this structure. */
 typedef struct {
@@ -147,6 +154,8 @@ SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske,
 					 void *context);
 SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske,
 					SilcBuffer ke2_payload,
+					SilcSKEVerifyCb verify_key,
+					void *verify_context,
 					SilcSKECb callback,
 					void *context);
 SilcSKEStatus silc_ske_responder_start(SilcSKE ske, SilcRng rng,
@@ -163,10 +172,8 @@ SilcSKEStatus silc_ske_responder_phase_2(SilcSKE ske,
 					 SilcSKECb callback,
 					 void *context);
 SilcSKEStatus silc_ske_responder_finish(SilcSKE ske,
-					unsigned char *pk,
-					unsigned int pk_len,
-					unsigned char *prv,
-					unsigned int prv_len,
+					SilcPublicKey public_key,
+					SilcPrivateKey private_key,
 					SilcSKEPKType pk_type,
 					SilcSKESendPacketCb send_packet,
 					void *context);
@@ -186,9 +193,6 @@ silc_ske_select_security_properties(SilcSKE ske,
 SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcInt n, 
 				  unsigned int len, 
 				  SilcInt *rnd);
-SilcSKEStatus silc_ske_verify_public_key(SilcSKE ske, 
-					 unsigned char *pubkey,
-					 unsigned int pubkey_len);
 SilcSKEStatus silc_ske_make_hash(SilcSKE ske, 
 				 unsigned char *return_hash,
 				 unsigned int *return_hash_len);
-- 
2.24.0