SILC_TASK_CALLBACK(silc_client_protocol_key_exchange);
SILC_TASK_CALLBACK(silc_client_protocol_rekey);
-extern char *silc_version_string;
-
/*
* Key Exhange protocol functions
*/
silc_free(verify);
}
-/* Callback that is called when we have received KE2 payload from
+/* Callback that is called when we have received KE payload from
responder. We try to verify the public key now. */
void silc_client_protocol_ke_verify_key(SilcSKE ske,
/* Checks the version string of the server. */
SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
- uint32 len)
+ uint32 len, void *context)
{
SilcClientConnection conn = (SilcClientConnection)ske->sock->user_data;
SilcClient client = (SilcClient)ske->user_data;
if (cp)
build = atoi(cp + 1);
- cp = silc_version_string + 9;
+ cp = client->silc_client_version + 9;
if (!cp)
status = SILC_SKE_STATUS_BAD_VERSION;
status = SILC_SKE_STATUS_BAD_VERSION;
if (status != SILC_SKE_STATUS_OK)
- client->ops->say(client, conn,
+ client->ops->say(client, conn, SILC_CLIENT_MESSAGE_AUDIT,
"We don't support server version `%s'", version);
return status;
if (ske->status != SILC_SKE_STATUS_OK) {
if (ske->status == SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY) {
- client->ops->say(client, conn,
+ client->ops->say(client, conn, SILC_CLIENT_MESSAGE_AUDIT,
"Received unsupported server %s public key",
ctx->sock->hostname);
} else if (ske->status == SILC_SKE_STATUS_PUBLIC_KEY_NOT_PROVIDED) {
- client->ops->say(client, conn,
+ client->ops->say(client, conn, SILC_CLIENT_MESSAGE_AUDIT,
"Remote host did not send its public key, even though "
"it must send it");
} else {
- client->ops->say(client, conn,
+ client->ops->say(client, conn, SILC_CLIENT_MESSAGE_ERROR,
"Error during key exchange protocol with server %s",
ctx->sock->hostname);
}
if we are initiator. This is happens when this callback was sent
to silc_ske_initiator_finish function. */
if (ctx->responder == FALSE) {
- silc_ske_end(ctx->ske, ctx->send_packet, context);
+ silc_ske_end(ctx->ske);
/* End the protocol on the next round */
protocol->state = SILC_PROTOCOL_STATE_END;
ctx->ske = ske;
ske->rng = client->rng;
ske->user_data = (void *)client;
+
+ silc_ske_set_callbacks(ske, ctx->send_packet, NULL,
+ ctx->verify,
+ silc_client_protocol_ke_continue,
+ silc_ske_check_version,
+ context);
if (ctx->responder == TRUE) {
/* Start the key exchange by processing the received security
properties packet from initiator. */
status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
- silc_version_string,
- ctx->packet->buffer, TRUE,
- NULL, NULL);
+ client->silc_client_version,
+ ctx->packet->buffer, TRUE);
} else {
SilcSKEStartPayload *start_payload;
/* Assemble security properties. */
silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
- silc_version_string,
+ client->silc_client_version,
&start_payload);
/* Start the key exchange by sending our security properties
to the remote end. */
status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
- start_payload,
- ctx->send_packet,
- context);
+ start_payload);
}
/* Return now if the procedure is pending */
/* Sends the selected security properties to the initiator. */
status =
silc_ske_responder_phase_1(ctx->ske,
- ctx->ske->start_payload,
- ctx->send_packet,
- context);
+ ctx->ske->start_payload);
} else {
/* Call Phase-1 function. This processes the Key Exchange Start
paylaod reply we just got from the responder. The callback
function will receive the processed payload where we will
save it. */
- status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer,
- NULL, NULL);
+ status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer);
}
if (status != SILC_SKE_STATUS_OK) {
the initiator. This also creates our parts of the Diffie
Hellman algorithm. The silc_client_protocol_ke_continue will
be called after the public key has been verified. */
- status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
- ctx->verify, context,
- silc_client_protocol_ke_continue,
- context);
+ status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
} else {
/* Call the Phase-2 function. This creates Diffie Hellman
key exchange parameters and sends our public part inside
Key Exhange 1 Payload to the responder. */
status = silc_ske_initiator_phase_2(ctx->ske,
client->public_key,
- client->private_key,
- ctx->send_packet,
- context);
+ client->private_key);
protocol->state++;
}
status =
silc_ske_responder_finish(ctx->ske,
client->public_key, client->private_key,
- SILC_SKE_PK_TYPE_SILC,
- ctx->send_packet,
- context);
+ SILC_SKE_PK_TYPE_SILC);
/* End the protocol on the next round */
protocol->state = SILC_PROTOCOL_STATE_END;
/* Finish the protocol. This verifies the Key Exchange 2 payload
sent by responder. The silc_client_protocol_ke_continue will
be called after the public key has been verified. */
- status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
- ctx->verify, context,
- silc_client_protocol_ke_continue,
- context);
+ status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
}
/* Return now if the procedure is pending */
if (status != SILC_SKE_STATUS_OK) {
if (status == SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY) {
- client->ops->say(client, conn,
+ client->ops->say(client, conn, SILC_CLIENT_MESSAGE_AUDIT,
"Received unsupported server %s public key",
ctx->sock->hostname);
} else {
- client->ops->say(client, conn,
+ client->ops->say(client, conn, SILC_CLIENT_MESSAGE_AUDIT,
"Error during key exchange protocol with server %s",
ctx->sock->hostname);
}
/* Send Ok to the other end if we are responder. If we are initiator
we have sent this already. */
if (ctx->responder == TRUE)
- silc_ske_end(ctx->ske, ctx->send_packet, context);
+ silc_ske_end(ctx->ske);
/* Unregister the timeout task since the protocol has ended.
This was the timeout task to be executed if the protocol is
*/
/* Send abort notification */
- silc_ske_abort(ctx->ske, ctx->ske->status,
- ctx->send_packet, context);
+ silc_ske_abort(ctx->ske, ctx->ske->status);
/* On error the final callback is always called. */
if (protocol->final_callback)
break;
}
- client->ops->say(client, conn,
+ client->ops->say(client, conn, SILC_CLIENT_MESSAGE_INFO,
"Password authentication required by server %s",
ctx->sock->hostname);
client->ops->ask_passphrase(client, conn,
silc_ske_get_group_by_number(conn->rekey->ske_group,
&ctx->ske->prop->group);
- status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
- NULL, NULL, NULL, NULL);
+ silc_ske_set_callbacks(ctx->ske,
+ silc_client_protocol_rekey_send_packet,
+ NULL, NULL, NULL, silc_ske_check_version,
+ context);
+
+ status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
if (status != SILC_SKE_STATUS_OK) {
SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
status));
silc_ske_get_group_by_number(conn->rekey->ske_group,
&ctx->ske->prop->group);
- status =
- silc_ske_initiator_phase_2(ctx->ske, NULL, NULL,
- silc_client_protocol_rekey_send_packet,
- context);
-
+ silc_ske_set_callbacks(ctx->ske,
+ silc_client_protocol_rekey_send_packet,
+ NULL, NULL, NULL, silc_ske_check_version,
+ context);
+
+ status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL);
if (status != SILC_SKE_STATUS_OK) {
SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
status));
* Send our KE packe to the initiator now that we've processed
* the initiator's KE packet.
*/
- status =
- silc_ske_responder_finish(ctx->ske, NULL, NULL,
- SILC_SKE_PK_TYPE_SILC,
- silc_client_protocol_rekey_send_packet,
- context);
+ status = silc_ske_responder_finish(ctx->ske, NULL, NULL,
+ SILC_SKE_PK_TYPE_SILC);
if (status != SILC_SKE_STATUS_OK) {
SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
silc_protocol_execute(protocol, client->timeout_queue, 0, 300000);
}
- status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
- NULL, NULL, NULL, NULL);
+ status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
if (status != SILC_SKE_STATUS_OK) {
SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
status));
if (ctx->pfs == TRUE) {
/* Send abort notification */
- silc_ske_abort(ctx->ske, ctx->ske->status,
- silc_client_protocol_ke_send_packet,
- context);
+ silc_ske_abort(ctx->ske, ctx->ske->status);
}
/* On error the final callback is always called. */