5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 2006 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; version 2 of the License.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
21 #include "silcclient.h"
22 #include "client_internal.h"
24 /************************ Static utility functions **************************/
26 /* Callback called after connected to remote host */
28 static void silc_client_connect_callback(SilcNetStatus status,
29 SilcStream stream, void *context)
31 SilcFSMThread fsm = context;
32 SilcClientConnection conn = silc_fsm_get_context(fsm);
33 SilcClient client = conn->client;
35 if (conn->internal->aborted) {
36 silc_fsm_next(fsm, silc_client_st_connect_error);
37 SILC_FSM_CALL_CONTINUE(fsm);
41 conn->internal->op = NULL;
42 if (conn->internal->verbose) {
46 case SILC_NET_UNKNOWN_IP:
47 client->internal->ops->say(
48 client, conn, SILC_CLIENT_MESSAGE_ERROR,
49 "Could not connect to host %s: unknown IP address",
52 case SILC_NET_UNKNOWN_HOST:
53 client->internal->ops->say(
54 client, conn, SILC_CLIENT_MESSAGE_ERROR,
55 "Could not connect to host %s: unknown host name",
58 case SILC_NET_HOST_UNREACHABLE:
59 client->internal->ops->say(
60 client, conn, SILC_CLIENT_MESSAGE_ERROR,
61 "Could not connect to host %s: network unreachable",
64 case SILC_NET_CONNECTION_REFUSED:
65 client->internal->ops->say(
66 client, conn, SILC_CLIENT_MESSAGE_ERROR,
67 "Could not connect to host %s: connection refused",
70 case SILC_NET_CONNECTION_TIMEOUT:
71 client->internal->ops->say(
72 client, conn, SILC_CLIENT_MESSAGE_ERROR,
73 "Could not connect to host %s: connection timeout",
77 client->internal->ops->say(
78 client, conn, SILC_CLIENT_MESSAGE_ERROR,
79 "Could not connect to host %s",
85 if (status != SILC_NET_OK) {
86 /* Notify application of failure */
87 SILC_LOG_DEBUG(("Connecting failed"));
88 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR, 0,
89 NULL, conn->callback_context);
90 silc_fsm_next(fsm, silc_client_st_connect_error);
91 SILC_FSM_CALL_CONTINUE(fsm);
95 /* Connection created successfully */
96 SILC_LOG_DEBUG(("Connected"));
97 conn->stream = (void *)stream;
98 SILC_FSM_CALL_CONTINUE(fsm);
101 /* Called after application has verified remote host's public key */
103 static void silc_client_ke_verify_key_cb(SilcBool success, void *context)
105 VerifyKeyContext verify = (VerifyKeyContext)context;
107 SILC_LOG_DEBUG(("Start"));
109 /* Call the completion callback back to the SKE */
110 verify->completion(verify->ske, success ? SILC_SKE_STATUS_OK :
111 SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
112 verify->completion_context);
117 /* Verify remote host's public key */
119 static void silc_client_ke_verify_key(SilcSKE ske,
120 SilcPublicKey public_key,
122 SilcSKEVerifyCbCompletion completion,
123 void *completion_context)
125 SilcFSMThread fsm = context;
126 SilcClientConnection conn = silc_fsm_get_context(fsm);
127 SilcClient client = conn->client;
128 VerifyKeyContext verify;
130 if (conn->internal->aborted) {
131 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
133 silc_fsm_next(fsm, silc_client_st_connect_error);
134 SILC_FSM_CALL_CONTINUE(fsm);
138 /* If we provided repository for SKE and we got here the key was not
139 found from the repository. */
140 if (conn->internal->params.repository &&
141 !conn->internal->params.verify_notfound) {
142 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
147 SILC_LOG_DEBUG(("Verify remote public key"));
149 verify = silc_calloc(1, sizeof(*verify));
151 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
156 verify->completion = completion;
157 verify->completion_context = completion_context;
159 /* Verify public key in application */
160 client->internal->ops->verify_public_key(client, conn,
161 conn->type, public_key,
162 silc_client_ke_verify_key_cb,
166 /* Key exchange protocol completion callback */
168 static void silc_client_ke_completion(SilcSKE ske,
169 SilcSKEStatus status,
170 SilcSKESecurityProperties prop,
171 SilcSKEKeyMaterial keymat,
172 SilcSKERekeyMaterial rekey,
175 SilcFSMThread fsm = context;
176 SilcClientConnection conn = silc_fsm_get_context(fsm);
177 SilcClient client = conn->client;
178 SilcCipher send_key, receive_key;
179 SilcHmac hmac_send, hmac_receive;
181 if (conn->internal->aborted) {
182 silc_ske_free_rekey_material(rekey);
183 silc_fsm_next(fsm, silc_client_st_connect_error);
184 SILC_FSM_CALL_CONTINUE(fsm);
188 conn->internal->op = NULL;
189 if (status != SILC_SKE_STATUS_OK) {
190 /* Key exchange failed */
191 SILC_LOG_DEBUG(("Error during key exchange with %s: %s (%d)",
192 conn->remote_host, silc_ske_map_status(status), status));
194 if (conn->internal->verbose)
195 client->internal->ops->say(client, conn, SILC_CLIENT_MESSAGE_ERROR,
196 "Error during key exchange with %s: %s",
198 silc_ske_map_status(status));
200 silc_ske_free_rekey_material(rekey);
202 silc_fsm_next(fsm, silc_client_st_connect_error);
203 SILC_FSM_CALL_CONTINUE(fsm);
207 SILC_LOG_DEBUG(("Setting keys into use"));
209 /* Allocate the cipher and HMAC contexts */
210 if (!silc_ske_set_keys(ske, keymat, prop, &send_key, &receive_key,
211 &hmac_send, &hmac_receive, &conn->internal->hash)) {
212 /* Error setting keys */
213 SILC_LOG_DEBUG(("Could not set keys into use"));
215 if (conn->internal->verbose)
216 client->internal->ops->say(
217 client, conn, SILC_CLIENT_MESSAGE_ERROR,
218 "Error during key exchange with %s: cannot use keys",
221 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_KE, 0, NULL,
222 conn->callback_context);
224 silc_ske_free_rekey_material(rekey);
226 silc_fsm_next(fsm, silc_client_st_connect_error);
227 SILC_FSM_CALL_CONTINUE(fsm);
231 /* Set the keys into the packet stream. After this call packets will be
232 encrypted with these keys. */
233 if (!silc_packet_set_keys(conn->stream, send_key, receive_key, hmac_send,
234 hmac_receive, FALSE)) {
235 /* Error setting keys */
236 SILC_LOG_DEBUG(("Could not set keys into use"));
238 if (conn->internal->verbose)
239 client->internal->ops->say(
240 client, conn, SILC_CLIENT_MESSAGE_ERROR,
241 "Error during key exchange with %s: cannot use keys",
244 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_KE, 0, NULL,
245 conn->callback_context);
247 silc_ske_free_rekey_material(rekey);
249 silc_fsm_next(fsm, silc_client_st_connect_error);
250 SILC_FSM_CALL_CONTINUE(fsm);
254 conn->internal->rekey = rekey;
256 SILC_LOG_DEBUG(("Key Exchange completed"));
258 /* Key exchange done */
259 SILC_FSM_CALL_CONTINUE(fsm);
262 /* Rekey protocol completion callback */
264 static void silc_client_rekey_completion(SilcSKE ske,
265 SilcSKEStatus status,
266 SilcSKESecurityProperties prop,
267 SilcSKEKeyMaterial keymat,
268 SilcSKERekeyMaterial rekey,
271 SilcFSMThread fsm = context;
272 SilcClientConnection conn = silc_fsm_get_context(fsm);
273 SilcClient client = conn->client;
275 conn->internal->op = NULL;
276 if (status != SILC_SKE_STATUS_OK) {
278 SILC_LOG_DEBUG(("Error during rekey with %s: %s (%d)",
279 conn->remote_host, silc_ske_map_status(status), status));
281 if (conn->internal->verbose)
282 client->internal->ops->say(client, conn, SILC_CLIENT_MESSAGE_ERROR,
283 "Error during rekey with %s: %s",
285 silc_ske_map_status(status));
287 silc_fsm_finish(fsm);
291 silc_ske_free_rekey_material(conn->internal->rekey);
292 conn->internal->rekey = rekey;
294 SILC_LOG_DEBUG(("Rekey completed"));
297 silc_fsm_finish(fsm);
300 /* Callback called by application to return authentication data */
302 static void silc_client_connect_auth_method(SilcBool success,
303 SilcAuthMethod auth_meth,
304 void *auth, SilcUInt32 auth_len,
307 SilcFSMThread fsm = context;
308 SilcClientConnection conn = silc_fsm_get_context(fsm);
310 conn->internal->params.auth_method = SILC_AUTH_NONE;
313 conn->internal->params.auth_method = auth_meth;
314 conn->internal->params.auth = auth;
315 conn->internal->params.auth_len = auth_len;
318 SILC_FSM_CALL_CONTINUE(fsm);
321 /* Connection authentication completion callback */
323 static void silc_client_connect_auth_completion(SilcConnAuth connauth,
327 SilcFSMThread fsm = context;
328 SilcClientConnection conn = silc_fsm_get_context(fsm);
329 SilcClient client = conn->client;
331 if (conn->internal->aborted) {
332 silc_fsm_next(fsm, silc_client_st_connect_error);
333 SILC_FSM_CALL_CONTINUE(fsm);
337 conn->internal->op = NULL;
338 silc_connauth_free(connauth);
341 if (conn->internal->verbose)
342 client->internal->ops->say(
343 client, conn, SILC_CLIENT_MESSAGE_ERROR,
344 "Authentication failed");
346 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_AUTH, 0, NULL,
347 conn->callback_context);
348 silc_fsm_next(fsm, silc_client_st_connect_error);
351 SILC_FSM_CALL_CONTINUE(fsm);
354 /*************************** Connect remote host ****************************/
356 /* Connection timeout callback */
358 SILC_TASK_CALLBACK(silc_client_connect_timeout)
360 SilcClientConnection conn = context;
361 SilcClient client = conn->client;
363 SILC_LOG_DEBUG(("Connection timeout"));
365 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_TIMEOUT, 0, NULL,
366 conn->callback_context);
368 silc_fsm_next(&conn->internal->event_thread, silc_client_st_connect_error);
369 silc_fsm_continue_sync(&conn->internal->event_thread);
372 /* Creates a connection to remote host */
374 SILC_FSM_STATE(silc_client_st_connect)
376 SilcClientConnection conn = fsm_context;
377 SilcClient client = conn->client;
379 SILC_LOG_DEBUG(("Connecting to %s:%d", conn->remote_host,
383 silc_fsm_next(fsm, silc_client_st_connect_set_stream);
385 /* Add connection timeout */
386 if (conn->internal->params.timeout_secs)
387 silc_schedule_task_add_timeout(conn->internal->schedule,
388 silc_client_connect_timeout, conn,
389 conn->internal->params.timeout_secs, 0);
391 if (conn->internal->params.udp) {
394 if (!conn->internal->params.local_ip) {
395 /** IP address not given */
396 SILC_LOG_ERROR(("Local UDP IP address not specified"));
397 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR, 0, NULL,
398 conn->callback_context);
399 silc_fsm_next(fsm, silc_client_st_connect_error);
400 return SILC_FSM_CONTINUE;
404 stream = silc_net_udp_connect(conn->internal->params.bind_ip ?
405 conn->internal->params.bind_ip :
406 conn->internal->params.local_ip,
407 conn->internal->params.local_port,
408 conn->remote_host, conn->remote_port,
409 conn->internal->schedule);
411 SILC_FSM_CALL(silc_client_connect_callback(stream ? SILC_NET_OK :
412 SILC_NET_HOST_UNREACHABLE,
416 SILC_FSM_CALL(conn->internal->op = silc_net_tcp_connect(
417 NULL, conn->remote_host,
419 conn->internal->schedule,
420 silc_client_connect_callback, fsm));
424 /* Sets the new connection stream into use and creates packet stream */
426 SILC_FSM_STATE(silc_client_st_connect_set_stream)
428 SilcClientConnection conn = fsm_context;
429 SilcClient client = conn->client;
431 if (conn->internal->disconnected) {
433 silc_fsm_next(fsm, silc_client_st_connect_error);
434 return SILC_FSM_CONTINUE;
437 /* Create packet stream */
438 conn->stream = silc_packet_stream_create(client->internal->packet_engine,
439 conn->internal->schedule,
440 (SilcStream)conn->stream);
442 /** Cannot create packet stream */
443 SILC_LOG_DEBUG(("Could not create packet stream"));
444 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR, 0, NULL,
445 conn->callback_context);
446 silc_fsm_next(fsm, silc_client_st_connect_error);
447 return SILC_FSM_CONTINUE;
450 silc_packet_set_context(conn->stream, conn);
452 /** Start key exchange */
453 silc_fsm_next(fsm, silc_client_st_connect_key_exchange);
454 return SILC_FSM_CONTINUE;
457 /* Starts key exchange protocol with remote host */
459 SILC_FSM_STATE(silc_client_st_connect_key_exchange)
461 SilcClientConnection conn = fsm_context;
462 SilcClient client = conn->client;
463 SilcSKEParamsStruct params;
465 SILC_LOG_DEBUG(("Starting key exchange protocol"));
468 conn->internal->ske =
469 silc_ske_alloc(client->rng, conn->internal->schedule,
470 conn->internal->params.repository,
471 conn->public_key, conn->private_key, fsm);
472 if (!conn->internal->ske) {
474 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_KE, 0, NULL,
475 conn->callback_context);
476 silc_fsm_next(fsm, silc_client_st_connect_error);
477 return SILC_FSM_CONTINUE;
480 /* Set SKE callbacks */
481 silc_ske_set_callbacks(conn->internal->ske, silc_client_ke_verify_key,
482 silc_client_ke_completion, fsm);
484 /* Set up key exchange parameters */
485 params.version = client->internal->silc_client_version;
486 params.flags = SILC_SKE_SP_FLAG_MUTUAL;
487 if (conn->internal->params.pfs)
488 params.flags |= SILC_SKE_SP_FLAG_PFS;
489 if (conn->internal->params.udp) {
490 params.flags |= SILC_SKE_SP_FLAG_IV_INCLUDED;
491 params.session_port = conn->internal->params.local_port;
494 if (conn->internal->params.no_authentication)
495 /** Run key exchange (no auth) */
496 silc_fsm_next(fsm, silc_client_st_connected);
497 else if (conn->internal->params.udp)
498 /** Run key exchange (UDP)*/
499 silc_fsm_next(fsm, silc_client_st_connect_setup_udp);
501 /** Run key exchange (TCP) */
502 silc_fsm_next(fsm, silc_client_st_connect_auth);
504 SILC_FSM_CALL(conn->internal->op = silc_ske_initiator(conn->internal->ske,
509 /* For UDP/IP connections, set up the UDP session after successful key
512 SILC_FSM_STATE(silc_client_st_connect_setup_udp)
514 SilcClientConnection conn = fsm_context;
515 SilcClient client = conn->client;
516 SilcStream stream, old;
517 SilcSKESecurityProperties prop;
519 SILC_LOG_DEBUG(("Setup UDP SILC session"));
521 if (conn->internal->disconnected) {
523 silc_fsm_next(fsm, silc_client_st_connect_error);
524 return SILC_FSM_CONTINUE;
527 /* Create new UDP stream */
528 prop = silc_ske_get_security_properties(conn->internal->ske);
529 stream = silc_net_udp_connect(conn->internal->params.local_ip,
530 conn->internal->params.local_port,
531 conn->remote_host, prop->remote_port,
532 conn->internal->schedule);
534 /** Cannot create UDP stream */
535 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR, 0, NULL,
536 conn->callback_context);
537 silc_fsm_next(fsm, silc_client_st_connect_error);
538 return SILC_FSM_CONTINUE;
541 /* Set the new stream to packet stream */
542 old = silc_packet_stream_get_stream(conn->stream);
543 silc_packet_stream_set_stream(conn->stream, stream,
544 conn->internal->schedule);
545 silc_packet_stream_set_iv_included(conn->stream);
546 silc_packet_set_sid(conn->stream, 0);
548 /* Delete the old stream */
549 silc_stream_destroy(old);
551 /** Start authentication */
552 silc_fsm_next(fsm, silc_client_st_connect_auth);
553 return SILC_FSM_CONTINUE;
556 /* Get authentication method to be used in authentication protocol */
558 SILC_FSM_STATE(silc_client_st_connect_auth)
560 SilcClientConnection conn = fsm_context;
561 SilcClient client = conn->client;
563 SILC_LOG_DEBUG(("Get authentication data"));
565 if (conn->internal->disconnected) {
567 silc_fsm_next(fsm, silc_client_st_connect_error);
568 return SILC_FSM_CONTINUE;
571 silc_fsm_next(fsm, silc_client_st_connect_auth_start);
573 /* If authentication data not provided, ask from application */
574 if (!conn->internal->params.auth_set)
575 SILC_FSM_CALL(client->internal->ops->get_auth_method(
579 silc_client_connect_auth_method, fsm));
581 if (conn->internal->params.auth_method == SILC_AUTH_PUBLIC_KEY)
582 conn->internal->params.auth = conn->private_key;
584 /* We have authentication data */
585 return SILC_FSM_CONTINUE;
588 /* Start connection authentication with remote host */
590 SILC_FSM_STATE(silc_client_st_connect_auth_start)
592 SilcClientConnection conn = fsm_context;
593 SilcClient client = conn->client;
594 SilcConnAuth connauth;
596 SILC_LOG_DEBUG(("Starting connection authentication protocol"));
598 if (conn->internal->disconnected) {
600 silc_fsm_next(fsm, silc_client_st_connect_error);
601 return SILC_FSM_CONTINUE;
604 /* Allocate connection authentication protocol */
605 connauth = silc_connauth_alloc(conn->internal->schedule,
607 conn->internal->params.rekey_secs);
610 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_AUTH, 0, NULL,
611 conn->callback_context);
612 silc_fsm_next(fsm, silc_client_st_connect_error);
613 return SILC_FSM_CONTINUE;
616 /** Start connection authentication */
617 silc_fsm_next(fsm, silc_client_st_connected);
618 SILC_FSM_CALL(conn->internal->op = silc_connauth_initiator(
619 connauth, SILC_CONN_CLIENT,
620 conn->internal->params.auth_method,
621 conn->internal->params.auth,
622 conn->internal->params.auth_len,
623 silc_client_connect_auth_completion,
627 /* Connection fully established */
629 SILC_FSM_STATE(silc_client_st_connected)
631 SilcClientConnection conn = fsm_context;
632 SilcClient client = conn->client;
634 silc_ske_free(conn->internal->ske);
635 conn->internal->ske = NULL;
637 if (conn->internal->disconnected) {
639 silc_fsm_next(fsm, silc_client_st_connect_error);
640 return SILC_FSM_CONTINUE;
643 SILC_LOG_DEBUG(("Connection established"));
645 /* Install rekey timer */
646 silc_schedule_task_add_timeout(conn->internal->schedule,
647 silc_client_rekey_timer, conn,
648 conn->internal->params.rekey_secs, 0);
650 /* If we connected to server, now register to network. */
651 if (conn->type == SILC_CONN_SERVER &&
652 !conn->internal->params.no_authentication) {
654 /* If detach data is provided, resume the session. */
655 if (conn->internal->params.detach_data &&
656 conn->internal->params.detach_data_len) {
657 /** Resume detached session */
658 silc_fsm_next(fsm, silc_client_st_resume);
660 /** Register to network */
661 silc_fsm_next(fsm, silc_client_st_register);
664 return SILC_FSM_CONTINUE;
667 silc_schedule_task_del_by_all(conn->internal->schedule, 0,
668 silc_client_connect_timeout, conn);
670 /* Call connection callback */
671 conn->callback(client, conn, SILC_CLIENT_CONN_SUCCESS, 0, NULL,
672 conn->callback_context);
674 return SILC_FSM_FINISH;
677 /* Error during connecting */
679 SILC_FSM_STATE(silc_client_st_connect_error)
681 SilcClientConnection conn = fsm_context;
683 if (conn->internal->ske) {
684 silc_ske_free(conn->internal->ske);
685 conn->internal->ske = NULL;
688 /* Signal to close connection */
689 if (!conn->internal->disconnected) {
690 conn->internal->disconnected = TRUE;
691 SILC_FSM_SEMA_POST(&conn->internal->wait_event);
694 silc_schedule_task_del_by_all(conn->internal->schedule, 0,
695 silc_client_connect_timeout, conn);
697 return SILC_FSM_FINISH;
700 /****************************** Connect rekey *******************************/
702 /* Connection rekey timer callback */
704 SILC_TASK_CALLBACK(silc_client_rekey_timer)
706 SilcClientConnection conn = context;
708 /* Signal to start rekey */
709 conn->internal->rekey_responder = FALSE;
710 conn->internal->rekeying = TRUE;
711 SILC_FSM_SEMA_POST(&conn->internal->wait_event);
713 /* Reinstall rekey timer */
714 silc_schedule_task_add_timeout(conn->internal->schedule,
715 silc_client_rekey_timer, conn,
716 conn->internal->params.rekey_secs, 0);
721 SILC_FSM_STATE(silc_client_st_rekey)
723 SilcClientConnection conn = fsm_context;
724 SilcClient client = conn->client;
726 SILC_LOG_DEBUG(("Rekey"));
728 if (conn->internal->disconnected)
729 return SILC_FSM_FINISH;
732 conn->internal->ske =
733 silc_ske_alloc(client->rng, conn->internal->schedule,
734 conn->internal->params.repository,
735 conn->public_key, conn->private_key, fsm);
736 if (!conn->internal->ske)
737 return SILC_FSM_FINISH;
739 /* Set SKE callbacks */
740 silc_ske_set_callbacks(conn->internal->ske, NULL,
741 silc_client_rekey_completion, fsm);
744 if (!conn->internal->rekey_responder)
745 SILC_FSM_CALL(conn->internal->op = silc_ske_rekey_initiator(
748 conn->internal->rekey));
750 SILC_FSM_CALL(conn->internal->op = silc_ske_rekey_responder(
753 conn->internal->rekey));