of how to use the SILC Client Library.
*/
+/* Key agreement callback that is called after the key agreement protocol
+ has been performed. This is called also if error occured during the
+ key agreement protocol. The `key' is the allocated key material and
+ the caller is responsible of freeing it. The `key' is NULL if error
+ has occured. The application can freely use the `key' to whatever
+ purpose it needs. See lib/silcske/silcske.h for the definition of
+ the SilcSKEKeyMaterial structure. */
+typedef void (*SilcKeyAgreementCallback)(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry,
+ SilcSKEKeyMaterial *key,
+ void *context);
+
/******************************************************************************
SILC Client Operations
void (*private_message)(SilcClient client, SilcClientConnection conn,
SilcClientEntry sender, char *msg);
-
/* Notify message to the client. The notify arguments are sent in the
same order as servers sends them. The arguments are same as received
from the server except for ID's. If ID is received application receives
void (*notify)(SilcClient client, SilcClientConnection conn,
SilcNotifyType type, ...);
-
/* Command handler. This function is called always in the command function.
If error occurs it will be called as well. `conn' is the associated
client connection. `cmd_context' is the command context that was
SilcClientCommandContext cmd_context, int success,
SilcCommand command);
-
/* Command reply handler. This function is called always in the command reply
function. If error occurs it will be called as well. Normal scenario
is that it will be called after the received command data has been parsed
This is called after we have received an key agreement packet or an
reply to our key agreement packet. This returns TRUE if the user wants
the library to perform the key agreement protocol and FALSE if it is not
- desired. */
+ desired (application may start it later by calling the function
+ silc_client_perform_key_agreement). If TRUE is returned also the
+ `completion' and `context' arguments must be set by the application. */
int (*key_agreement)(SilcClient client, SilcClientConnection conn,
- SilcClientEntry client_entry);
+ SilcClientEntry client_entry, char *hostname,
+ int port,
+ SilcKeyAgreementCallback *completion,
+ void **context);
} SilcClientOperations;
******************************************************************************/
-/* Initialization functions */
+/* Initialization functions (client.c) */
/* Allocates new client object. This has to be done before client may
work. After calling this one must call silc_client_init to initialize
void silc_client_stop(SilcClient client);
-/* Connecting functions */
+/* Connecting functions (client.c) */
/* Connects to remote server. This is the main routine used to connect
to SILC server. Returns -1 on error and the created socket otherwise.
SilcClientConnection conn);
-/* Message sending functions */
+/* Message sending functions (client_channel.c and client_prvmsg.c) */
/* Sends packet to the `channel'. Packet to channel is always encrypted
differently from "normal" packets. SILC header of the packet is
int force_send);
-/* Client and Channel entry retrieval */
+/* Client and Channel entry retrieval (idlist.c) */
/* Callback function given to the silc_client_get_client function. The
found entries are allocated into the `clients' array. The array must
SilcClientConnection conn,
SilcClientID *client_id);
+/* Same as above but will always resolve the information from the server.
+ Use this only if you know that you don't have the entry and the only
+ thing you know about the client is its ID. */
+void silc_client_get_client_by_id_resolve(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientID *client_id,
+ SilcGetClientCallback completion,
+ void *context);
+
/* Finds entry for channel by the channel name. Returns the entry or NULL
if the entry was not found. It is found only if the client is joined
to the channel. */
char *channel);
-/* Command management */
+/* Command management (command.c) */
/* Allocate Command Context. The context is defined in `command.h' file.
The context is used by the library commands and applications should use
void *context);
-/* Private Message key management */
+/* Private Message key management (client_prvmsg.c) */
/* Adds private message key to the client library. The key will be used to
encrypt all private message between the client and the remote client
indicated by the `client_entry'. If the `key' is NULL and the boolean
value `generate_key' is TRUE the library will generate random key.
The `key' maybe for example pre-shared-key, passphrase or similar.
+ The `cipher' MAY be provided but SHOULD be NULL to assure that the
+ requirements of the SILC protocol are met. The API, however, allows
+ to allocate any cipher.
It is not necessary to set key for normal private message usage. If the
key is not set then the private messages are encrypted using normal
session keys. Setting the private key, however, increases the security.
- Note that the key set using this function is sent to the remote client
- through the SILC network. The packet is protected using normal session
- keys.
-
Returns FALSE if the key is already set for the `client_entry', TRUE
otherwise. */
int silc_client_add_private_message_key(SilcClient client,
SilcClientConnection conn,
- SilcClientConnection client_entry,
+ SilcClientEntry client_entry,
+ char *cipher,
unsigned char *key,
unsigned int key_len,
int generate_key);
/* Same as above but takes the key material from the SKE key material
structure. This structure is received if the application uses the
- silc_client_send_key_agreement to negotiate the key material. */
+ silc_client_send_key_agreement to negotiate the key material. The
+ `cipher' SHOULD be provided as it is negotiated also in the SKE
+ protocol. */
int silc_client_add_private_message_key_ske(SilcClient client,
SilcClientConnection conn,
- SilcClientConnection client_entry,
+ SilcClientEntry client_entry,
+ char *cipher,
SilcSKEKeyMaterial *key);
+/* Sends private message key payload to the remote client indicated by
+ the `client_entry'. If the `force_send' is TRUE the packet is sent
+ immediately. Returns FALSE if error occurs, TRUE otherwise. The
+ application should call this function after setting the key to the
+ client.
+
+ Note that the key sent using this function is sent to the remote client
+ through the SILC network. The packet is protected using normal session
+ keys. */
+int silc_client_send_private_message_key(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry,
+ int force_send);
+
/* Removes the private message from the library. The key won't be used
after this to protect the private messages with the remote `client_entry'
client. Returns FALSE on error, TRUE otherwise. */
/* Structure to hold the list of private message keys. The array of this
structure is returned by the silc_client_list_private_message_keys
- function. The IV's are not returned as they are not important. */
+ function. */
typedef struct {
SilcClientEntry client_entry; /* The remote client entry */
- unsigned char *send_key; /* The raw key data */
- unsigned int send_key_len; /* The key length */
- unsigned char *receive_key; /* The raw key data */
- unsigned int receive_key_len; /* The key length */
- int generated; /* TRUE if library generated the key */
+ char *cipher; /* The cipher name */
+ unsigned char *key; /* The original key, If the appliation
+ provided it. This is NULL if the
+ library generated the key or if
+ the SKE key material was used. */
+ unsigned int key_len; /* The key length */
} *SilcPrivateMessageKeys;
/* Returns array of set private message keys associated to the connection
unsigned int key_count);
-/* Channel private key management */
+/* Channel private key management (client_channel.c) */
/* Adds private key for channel. This may be set only if the channel's mode
mask includes the SILC_CHANNEL_MODE_PRIVKEY. This returns FALSE if the
int silc_client_add_channel_private_key(SilcClient client,
SilcClientConnection conn,
SilcChannelEntry channel,
+ char *cipher,
unsigned char *key,
unsigned int key_len);
/* Structure to hold one channel private key. */
typedef struct {
+ char *cipher; /* The cipher name */
unsigned char *key; /* The key */
unsigned int key_len; /* The key length */
} *SilcChannelPrivateKey;
silc_client_list_channel_private_keys(SilcClient client,
SilcClientConnection conn,
SilcChannelEntry channel,
- unsigned int key_count);
+ unsigned int *key_count);
/* Frees the SilcChannelPrivateKey array. */
void silc_client_free_channel_private_keys(SilcChannelPrivateKey *keys,
unsigned int key_count);
-/* Key Agreement routines */
-
-/* Key agreement callback that is called after the key agreement protocol
- has been performed. This is called also if error occured during the
- key agreement protocol. The `key' is the allocated key material and
- the caller is responsible of freeing it. The `key' is NULL if error
- has occured. The application can freely use the `key' to whatever
- purpose it needs. See lib/silcske/silcske.h for the definition of
- the SilcSKEKeyMaterial structure. */
-typedef void (*SilcKeyAgreementCallback)(SilcClient client,
- SilcClientConnection conn,
- SilcClientEntry client_entry,
- SilcSKEKeyMaterial *key,
- void *context);
+/* Key Agreement routines (client_keyagr.c) */
/* Sends key agreement request to the remote client indicated by the
`client_entry'. If the caller provides the `hostname' and the `port'
the same packet including its hostname and port. If the library receives
the reply from the remote client the `key_agreement' client operation
callback will be called to verify whether the user wants to perform the
- key agreement or not.
+ key agreement or not.
- Note, that if the remote side decides not to initiate the key agreement
+ NOTE: If the application provided the `hostname' and the `port' and the
+ remote side initiates the key agreement protocol it is not verified
+ from the user anymore whether the protocol should be executed or not.
+ By setting the `hostname' and `port' the user gives permission to
+ perform the protocol (we are responder in this case).
+
+ NOTE: If the remote side decides not to initiate the key agreement
or decides not to reply with the key agreement packet then we cannot
perform the key agreement at all. If the key agreement protocol is
- performed the `completion' callback with `context' will be called.
- If remote side decides to ignore the request the `completion' will never
- be called and the caller is responsible of freeing the `context' memory.
- The application can do this by setting, for example, timeout. */
+ performed the `completion' callback with the `context' will be called.
+ If remote side decides to ignore the request the `completion' will be
+ called after the specified timeout, `timeout_secs'.
+
+ NOTE: There can be only one active key agreement for one client entry.
+ Before setting new one, the old one must be finished (it is finished
+ after calling the completion callback) or the function
+ silc_client_abort_key_agreement must be called. */
void silc_client_send_key_agreement(SilcClient client,
SilcClientConnection conn,
SilcClientEntry client_entry,
char *hostname,
int port,
+ unsigned long timeout_secs,
SilcKeyAgreementCallback completion,
void *context);
+/* Performs the actual key agreement protocol. Application may use this
+ to initiate the key agreement protocol. This can be called for example
+ after the application has received the `key_agreement' client operation,
+ and did not return TRUE from it.
+
+ The `hostname' is the remote hostname (or IP address) and the `port'
+ is the remote port. The `completion' callback with the `context' will
+ be called after the key agreement protocol.
+
+ NOTE: If the application returns TRUE in the `key_agreement' client
+ operation the library will automatically start the key agreement. In this
+ case the application must not call this function. However, application
+ may choose to just ignore the `key_agreement' client operation (and
+ merely just print information about it on the screen) and call this
+ function when the user whishes to do so (by, for example, giving some
+ specific command). Thus, the API provides both, automatic and manual
+ initiation of the key agreement. Calling this function is the manual
+ initiation and returning TRUE in the `key_agreement' client operation
+ is the automatic initiation. */
+void silc_client_perform_key_agreement(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry,
+ char *hostname,
+ int port,
+ SilcKeyAgreementCallback completion,
+ void *context);
+
+/* Same as above but application has created already the connection to
+ the remote host. The `sock' is the socket to the remote connection.
+ Application can use this function if it does not want the client library
+ to create the connection. */
+void silc_client_perform_key_agreement_fd(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry,
+ int sock,
+ SilcKeyAgreementCallback completion,
+ void *context);
+
/* This function can be called to unbind the hostname and the port for
the key agreement protocol. However, this function has effect only
before the key agreement protocol has been performed. After it has
projects / silc.git / blobdiff