of how to use the SILC Client Library.
*/
+/* General definitions */
+
+/* Key agreement status types indicating the status of the protocol. */
+typedef enum {
+ SILC_KEY_AGREEMENT_OK, /* Everything is Ok */
+ SILC_KEY_AGREEMENT_ERROR, /* Unknown error occured */
+ SILC_KEY_AGREEMENT_FAILURE, /* The protocol failed */
+ SILC_KEY_AGREEMENT_TIMEOUT, /* The protocol timeout */
+} SilcKeyAgreementStatus;
+
+/* Key agreement callback that is called after the key agreement protocol
+ has been performed. This is called also if error occured during the
+ key agreement protocol. The `key' is the allocated key material and
+ the caller is responsible of freeing it. The `key' is NULL if error
+ has occured. The application can freely use the `key' to whatever
+ purpose it needs. See lib/silcske/silcske.h for the definition of
+ the SilcSKEKeyMaterial structure. */
+typedef void (*SilcKeyAgreementCallback)(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry,
+ SilcKeyAgreementStatus status,
+ SilcSKEKeyMaterial *key,
+ void *context);
+
+/* Structure to hold the list of private message keys. The array of this
+ structure is returned by the silc_client_list_private_message_keys
+ function. */
+typedef struct {
+ SilcClientEntry client_entry; /* The remote client entry */
+ char *cipher; /* The cipher name */
+ unsigned char *key; /* The original key, If the appliation
+ provided it. This is NULL if the
+ library generated the key or if
+ the SKE key material was used. */
+ unsigned int key_len; /* The key length */
+} *SilcPrivateMessageKeys;
+
/******************************************************************************
SILC Client Operations
The `channel' is the channel. */
void (*channel_message)(SilcClient client, SilcClientConnection conn,
SilcClientEntry sender, SilcChannelEntry channel,
- char *msg);
+ SilcMessageFlags flags, char *msg);
/* Private message to the client. The `sender' is the sender of the
message. */
void (*private_message)(SilcClient client, SilcClientConnection conn,
- SilcClientEntry sender, char *msg);
-
+ SilcClientEntry sender, SilcMessageFlags flags,
+ char *msg);
/* Notify message to the client. The notify arguments are sent in the
same order as servers sends them. The arguments are same as received
void (*notify)(SilcClient client, SilcClientConnection conn,
SilcNotifyType type, ...);
-
/* Command handler. This function is called always in the command function.
If error occurs it will be called as well. `conn' is the associated
client connection. `cmd_context' is the command context that was
SilcClientCommandContext cmd_context, int success,
SilcCommand command);
-
/* Command reply handler. This function is called always in the command reply
function. If error occurs it will be called as well. Normal scenario
is that it will be called after the received command data has been parsed
unsigned char **auth_data,
unsigned int *auth_data_len);
- /* Verifies received public key. The public key has been received from
- a server. If user decides to trust the key may be saved as trusted
- server key for later use. If user does not trust the key this returns
- FALSE. If everything is Ok this returns TRUE. */
- int (*verify_server_key)(SilcClient client, SilcClientConnection conn,
- unsigned char *pk, unsigned int pk_len,
- SilcSKEPKType pk_type);
+ /* Verifies received public key. The `conn_type' indicates which entity
+ (server, client etc.) has sent the public key. If user decides to trust
+ the key may be saved as trusted public key for later use. If user does
+ not trust the key this returns FALSE. If everything is Ok this returns
+ TRUE. */
+ int (*verify_public_key)(SilcClient client, SilcClientConnection conn,
+ SilcSocketType conn_type, unsigned char *pk,
+ unsigned int pk_len, SilcSKEPKType pk_type);
/* Ask (interact, that is) a passphrase from user. Returns the passphrase
or NULL on error. */
This is called after we have received an key agreement packet or an
reply to our key agreement packet. This returns TRUE if the user wants
the library to perform the key agreement protocol and FALSE if it is not
- desired. */
+ desired (application may start it later by calling the function
+ silc_client_perform_key_agreement). If TRUE is returned also the
+ `completion' and `context' arguments must be set by the application. */
int (*key_agreement)(SilcClient client, SilcClientConnection conn,
- SilcClientEntry client_entry);
+ SilcClientEntry client_entry, char *hostname,
+ int port,
+ SilcKeyAgreementCallback *completion,
+ void **context);
} SilcClientOperations;
******************************************************************************/
-/* Initialization functions */
+/* Initialization functions (client.c) */
/* Allocates new client object. This has to be done before client may
work. After calling this one must call silc_client_init to initialize
void silc_client_stop(SilcClient client);
-/* Connecting functions */
+/* Connecting functions (client.c) */
/* Connects to remote server. This is the main routine used to connect
to SILC server. Returns -1 on error and the created socket otherwise.
/* Removes connection from client. Frees all memory. */
void silc_client_del_connection(SilcClient client, SilcClientConnection conn);
+/* Adds listener socket to the listener sockets table. This function is
+ used to add socket objects that are listeners to the client. This should
+ not be used to add other connection objects. */
+void silc_client_add_socket(SilcClient client, SilcSocketConnection sock);
+
+/* Deletes listener socket from the listener sockets table. */
+void silc_client_del_socket(SilcClient client, SilcSocketConnection sock);
+
/* Start SILC Key Exchange (SKE) protocol to negotiate shared secret
key material between client and server. This function can be called
directly if application is performing its own connecting and does not
int fd);
/* Closes connection to remote end. Free's all allocated data except
- for some information such as nickname etc. that are valid at all time. */
+ for some information such as nickname etc. that are valid at all time.
+ If the `sock' is NULL then the conn->sock will be used. If `sock' is
+ provided it will be checked whether the sock and `conn->sock' are the
+ same (they can be different, ie. a socket can use `conn' as its
+ connection but `conn->sock' might be actually a different connection
+ than the `sock'). */
void silc_client_close_connection(SilcClient client,
+ SilcSocketConnection sock,
SilcClientConnection conn);
-/* Message sending functions */
+/* Message sending functions (client_channel.c and client_prvmsg.c) */
/* Sends packet to the `channel'. Packet to channel is always encrypted
differently from "normal" packets. SILC header of the packet is
encrypted with the next receiver's key and the rest of the packet is
encrypted with the channel specific key. Padding and HMAC is computed
with the next receiver's key. The `data' is the channel message. If
- the `force_send' is TRUE then the packet is sent immediately. */
+ the `force_send' is TRUE then the packet is sent immediately.
+
+ If `key' is provided then that private key is used to encrypt the
+ channel message. If it is not provided, private keys has not been
+ set at all, the normal channel key is used automatically. If private
+ keys are set then the first key (the key that was added first as
+ private key) is used. */
void silc_client_send_channel_message(SilcClient client,
SilcClientConnection conn,
SilcChannelEntry channel,
+ SilcChannelPrivateKey key,
+ SilcMessageFlags flags,
unsigned char *data,
unsigned int data_len,
int force_send);
void silc_client_send_private_message(SilcClient client,
SilcClientConnection conn,
SilcClientEntry client_entry,
+ SilcMessageFlags flags,
unsigned char *data,
unsigned int data_len,
int force_send);
-/* Client and Channel entry retrieval */
+/* Client and Channel entry retrieval (idlist.c) */
/* Callback function given to the silc_client_get_client function. The
found entries are allocated into the `clients' array. The array must
char *server,
unsigned int *clients_count);
+/* Gets client entries by the list of client ID's `client_id_list'. This
+ always resolves those client ID's it does not know yet from the server
+ so this function might take a while. The `client_id_list' is a list
+ of ID Payloads added one after other. JOIN command reply and USERS
+ command reply for example returns this sort of list. The `completion'
+ will be called after the entries are available. */
+void silc_client_get_clients_by_list(SilcClient client,
+ SilcClientConnection conn,
+ unsigned int list_count,
+ SilcBuffer client_id_list,
+ SilcGetClientCallback completion,
+ void *context);
+
/* Find entry for client by the client's ID. Returns the entry or NULL
if the entry was not found. */
SilcClientEntry silc_client_get_client_by_id(SilcClient client,
SilcClientConnection conn,
SilcClientID *client_id);
+/* Same as above but will always resolve the information from the server.
+ Use this only if you know that you don't have the entry and the only
+ thing you know about the client is its ID. */
+void silc_client_get_client_by_id_resolve(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientID *client_id,
+ SilcGetClientCallback completion,
+ void *context);
+
/* Finds entry for channel by the channel name. Returns the entry or NULL
if the entry was not found. It is found only if the client is joined
to the channel. */
char *channel);
-/* Command management */
+/* Command management (command.c) */
/* Allocate Command Context. The context is defined in `command.h' file.
The context is used by the library commands and applications should use
void *context);
-/* Private Message key management */
+/* Private Message key management (client_prvmsg.c) */
/* Adds private message key to the client library. The key will be used to
encrypt all private message between the client and the remote client
- indicated by the `client_entry'. If the key and the IV arguments are NULL
- and the boolean value `generate_key' is TRUE the library will generate
- random key. Otherwise, the key material provided by the application
- will be used. It maybe random key or pre-shared-key. If the send
- and receive keys should be same they may be set to same. Same applies
- for send IV and receive IV, they maybe same. If the IV arguments
- are NULL, the library will use NULL as IV (may not be desired from
- the security persperctive).
+ indicated by the `client_entry'. If the `key' is NULL and the boolean
+ value `generate_key' is TRUE the library will generate random key.
+ The `key' maybe for example pre-shared-key, passphrase or similar.
+ The `cipher' MAY be provided but SHOULD be NULL to assure that the
+ requirements of the SILC protocol are met. The API, however, allows
+ to allocate any cipher.
It is not necessary to set key for normal private message usage. If the
key is not set then the private messages are encrypted using normal
session keys. Setting the private key, however, increases the security.
- Note that the key set using this function is sent to the remote client
- through the SILC network. The packet is protected using normal session
- keys.
-
Returns FALSE if the key is already set for the `client_entry', TRUE
otherwise. */
int silc_client_add_private_message_key(SilcClient client,
SilcClientConnection conn,
- SilcClientConnection client_entry,
- unsigned char *send_key,
- unsigned int send_key_len,
- unsigned char *receive_key,
- unsigned int receive_key_len,
- unsigned char *send_iv,
- unsigned int send_iv_len,
- unsigned char *receive_iv;
- unsigned int receive_iv_len,
+ SilcClientEntry client_entry,
+ char *cipher,
+ unsigned char *key,
+ unsigned int key_len,
int generate_key);
+/* Same as above but takes the key material from the SKE key material
+ structure. This structure is received if the application uses the
+ silc_client_send_key_agreement to negotiate the key material. The
+ `cipher' SHOULD be provided as it is negotiated also in the SKE
+ protocol. */
+int silc_client_add_private_message_key_ske(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry,
+ char *cipher,
+ SilcSKEKeyMaterial *key);
+
+/* Sends private message key payload to the remote client indicated by
+ the `client_entry'. If the `force_send' is TRUE the packet is sent
+ immediately. Returns FALSE if error occurs, TRUE otherwise. The
+ application should call this function after setting the key to the
+ client.
+
+ Note that the key sent using this function is sent to the remote client
+ through the SILC network. The packet is protected using normal session
+ keys. */
+int silc_client_send_private_message_key(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry,
+ int force_send);
+
/* Removes the private message from the library. The key won't be used
after this to protect the private messages with the remote `client_entry'
client. Returns FALSE on error, TRUE otherwise. */
SilcClientConnection conn,
SilcClientEntry client_entry);
-/* Structure to hold the list of private message keys. The array of this
- structure is returned by the silc_client_list_private_message_keys
- function. The IV's are not returned as they are not important. */
-typedef struct {
- SilcClientEntry client_entry; /* The remote client entry */
- unsigned char *send_key; /* The raw key data */
- unsigned int send_key_len; /* The key length */
- unsigned char *receive_key; /* The raw key data */
- unsigned int receive_key_len; /* The key length */
- int generated; /* TRUE if library generated the key */
-} *SilcPrivateMessageKeys;
-
/* Returns array of set private message keys associated to the connection
`conn'. Returns allocated SilcPrivateMessageKeys array and the array
count to the `key_count' argument. The array must be freed by the caller
unsigned int key_count);
-/* Channel private key management */
+/* Channel private key management (client_channel.c,
+ SilcChannelPrivateKey is defined in idlist.h) */
/* Adds private key for channel. This may be set only if the channel's mode
mask includes the SILC_CHANNEL_MODE_PRIVKEY. This returns FALSE if the
encrypted using that key. All clients on the channel must also know the
key in order to decrypt the messages. However, it is possible to have
several private keys per one channel. In this case only some of the
- clients on the channel may now the one key and only some the other key.
+ clients on the channel may know the one key and only some the other key.
The private key for channel is optional. If it is not set then the
channel messages are encrypted using the channel key generated by the
silc_client_send_key_agreement) then the `key' MUST be the
key->send_enc_key as this is dictated by the SILC protocol. However,
currently it is not expected that the SKE key material would be used
- as channel private key. */
+ as channel private key. However, this API allows it. */
int silc_client_add_channel_private_key(SilcClient client,
SilcClientConnection conn,
SilcChannelEntry channel,
+ char *cipher,
+ char *hmac,
unsigned char *key,
unsigned int key_len);
SilcClientConnection conn,
SilcChannelEntry channel);
-/* Structure to hold one channel private key. */
-typedef struct {
- unsigned char *key; /* The key */
- unsigned int key_len; /* The key length */
-} *SilcChannelPrivateKey;
-
/* Removes and frees private key `key' from the channel `channel'. The `key'
is retrieved by calling the function silc_client_list_channel_private_keys.
The key is not used after this. If the key was last private key then the
silc_client_list_channel_private_keys(SilcClient client,
SilcClientConnection conn,
SilcChannelEntry channel,
- unsigned int key_count);
+ unsigned int *key_count);
/* Frees the SilcChannelPrivateKey array. */
void silc_client_free_channel_private_keys(SilcChannelPrivateKey *keys,
unsigned int key_count);
-/* Key Agreement routines */
-
-/* Key agreement callback that is called after the key agreement protocol
- has been performed. This is called also if error occured during the
- key agreement protocol. The `key' is the allocated key material and
- the caller is responsible of freeing it. The `key' is NULL if error
- has occured. The application can freely use the `key' to whatever
- purpose it needs. See lib/silcske/silcske.h for the definition of
- the SilcSKEKeyMaterial structure. */
-typedef void (*SilcKeyAgreementCallback)(SilcClient client,
- SilcClientConnection conn,
- SilcClientEntry client_entry,
- SilcSKEKeyMaterial *key,
- void *context);
+/* Key Agreement routines (client_keyagr.c) */
/* Sends key agreement request to the remote client indicated by the
`client_entry'. If the caller provides the `hostname' and the `port'
that port for the key agreement protocol. It also sends the `hostname'
and the `port' in the key agreement packet to the remote client. This
would indicate that the remote client may initiate the key agreement
- protocol to the `hostname' on the `port'.
+ protocol to the `hostname' on the `port'. If port is zero then the
+ bound port is undefined (the operating system defines it).
If the `hostname' and `port' is not provided then empty key agreement
packet is sent to the remote client. The remote client may reply with
the same packet including its hostname and port. If the library receives
the reply from the remote client the `key_agreement' client operation
callback will be called to verify whether the user wants to perform the
- key agreement or not.
+ key agreement or not.
- Note, that if the remote side decides not to initiate the key agreement
+ NOTE: If the application provided the `hostname' and the `port' and the
+ remote side initiates the key agreement protocol it is not verified
+ from the user anymore whether the protocol should be executed or not.
+ By setting the `hostname' and `port' the user gives permission to
+ perform the protocol (we are responder in this case).
+
+ NOTE: If the remote side decides not to initiate the key agreement
or decides not to reply with the key agreement packet then we cannot
perform the key agreement at all. If the key agreement protocol is
- performed the `completion' callback with `context' will be called.
- If remote side decides to ignore the request the `completion' will never
- be called and the caller is responsible of freeing the `context' memory.
- The application can do this by setting, for example, timeout. */
+ performed the `completion' callback with the `context' will be called.
+ If remote side decides to ignore the request the `completion' will be
+ called after the specified timeout, `timeout_secs'.
+
+ NOTE: There can be only one active key agreement for one client entry.
+ Before setting new one, the old one must be finished (it is finished
+ after calling the completion callback) or the function
+ silc_client_abort_key_agreement must be called. */
void silc_client_send_key_agreement(SilcClient client,
SilcClientConnection conn,
SilcClientEntry client_entry,
char *hostname,
int port,
+ unsigned long timeout_secs,
SilcKeyAgreementCallback completion,
void *context);
+/* Performs the actual key agreement protocol. Application may use this
+ to initiate the key agreement protocol. This can be called for example
+ after the application has received the `key_agreement' client operation,
+ and did not return TRUE from it.
+
+ The `hostname' is the remote hostname (or IP address) and the `port'
+ is the remote port. The `completion' callback with the `context' will
+ be called after the key agreement protocol.
+
+ NOTE: If the application returns TRUE in the `key_agreement' client
+ operation the library will automatically start the key agreement. In this
+ case the application must not call this function. However, application
+ may choose to just ignore the `key_agreement' client operation (and
+ merely just print information about it on the screen) and call this
+ function when the user whishes to do so (by, for example, giving some
+ specific command). Thus, the API provides both, automatic and manual
+ initiation of the key agreement. Calling this function is the manual
+ initiation and returning TRUE in the `key_agreement' client operation
+ is the automatic initiation. */
+void silc_client_perform_key_agreement(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry,
+ char *hostname,
+ int port,
+ SilcKeyAgreementCallback completion,
+ void *context);
+
+/* Same as above but application has created already the connection to
+ the remote host. The `sock' is the socket to the remote connection.
+ Application can use this function if it does not want the client library
+ to create the connection. */
+void silc_client_perform_key_agreement_fd(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry,
+ int sock,
+ char *hostname,
+ SilcKeyAgreementCallback completion,
+ void *context);
+
/* This function can be called to unbind the hostname and the port for
the key agreement protocol. However, this function has effect only
before the key agreement protocol has been performed. After it has
projects / silc.git / blobdiff