silc_fsm_next(&ske->fsm, silc_ske_st_initiator_failure);
}
- /* Handle rekey synchronously */
- if (ske->rekeying)
+ /* Handle rekey and SUCCESS packets synchronously. After SUCCESS packets
+ they keys are taken into use immediately, hence the synchronous
+ processing to get the keys in use as soon as possible. */
+ if (ske->rekeying || packet->type == SILC_PACKET_SUCCESS)
silc_fsm_continue_sync(&ske->fsm);
else
silc_fsm_continue(&ske->fsm);
static SilcSKEStatus silc_ske_check_version(SilcSKE ske)
{
- SilcUInt32 l_protocol_version = 0, r_protocol_version = 0;
SilcUInt32 r_software_version = 0;
if (!ske->remote_version || !ske->version)
return SILC_SKE_STATUS_BAD_VERSION;
- if (!silc_parse_version_string(ske->remote_version, &r_protocol_version,
- NULL, &r_software_version, NULL, NULL))
- return SILC_SKE_STATUS_BAD_VERSION;
-
- if (!silc_parse_version_string(ske->version, &l_protocol_version,
- NULL, NULL, NULL, NULL))
- return SILC_SKE_STATUS_BAD_VERSION;
-
- /* If remote is too new, don't connect */
- if (l_protocol_version < r_protocol_version)
+ if (!silc_parse_version_string(ske->remote_version, NULL, NULL,
+ &r_software_version, NULL, NULL))
return SILC_SKE_STATUS_BAD_VERSION;
/* Backwards compatibility checks */
return ret;
}
-/* SKE FSM destructor. We call completion callback here. All SKE
- machines go here and call the completion. Completion must not be called
- from any other place. */
+/* Calls completion callback. Completion is called always in this function
+ and must not be called anywhere else. */
-static void silc_ske_finished(SilcFSM fsm, void *fsm_context,
- void *destructor_context)
+static void silc_ske_completion(SilcSKE ske)
{
- SilcSKE ske = fsm_context;
-
/* Call the completion callback */
if (!ske->freed && !ske->aborted && ske->callbacks->completed) {
if (ske->status != SILC_SKE_STATUS_OK)
ske->callbacks->completed(ske, ske->status, ske->prop, ske->keymat,
ske->rekey, ske->callbacks->context);
}
+}
+
+/* SKE FSM destructor. */
+static void silc_ske_finished(SilcFSM fsm, void *fsm_context,
+ void *destructor_context)
+{
+ SilcSKE ske = fsm_context;
ske->running = FALSE;
if (ske->freed)
silc_ske_free(ske);
silc_hash_free(ske->prop->hash);
if (ske->prop->hmac)
silc_hmac_free(ske->prop->hmac);
+ if (ske->prop->public_key)
+ silc_pkcs_public_key_free(ske->prop->public_key);
silc_free(ske->prop);
}
if (ske->keymat)
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
/* Starts the protocol as initiator */
-SilcAsyncOperation
-silc_ske_initiator(SilcSKE ske,
- SilcPacketStream stream,
- SilcSKEParams params,
- SilcSKEStartPayload start_payload)
+SilcAsyncOperation silc_ske_initiator(SilcSKE ske,
+ SilcPacketStream stream,
+ SilcSKEParams params,
+ SilcSKEStartPayload start_payload)
{
SILC_LOG_DEBUG(("Start SKE as initiator"));
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
/* Starts the protocol as responder. */
-SilcAsyncOperation
-silc_ske_responder(SilcSKE ske,
- SilcPacketStream stream,
- SilcSKEParams params)
+SilcAsyncOperation silc_ske_responder(SilcSKE ske,
+ SilcPacketStream stream,
+ SilcSKEParams params)
{
SILC_LOG_DEBUG(("Start SKE as responder"));
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
SilcHash *ret_hash)
{
unsigned char iv[32];
+ SilcBool iv_included = (prop->flags & SILC_SKE_SP_FLAG_IV_INCLUDED);
/* Allocate ciphers to be used in the communication */
if (ret_send_key) {
if (silc_cipher_get_mode(*ret_send_key) == SILC_CIPHER_MODE_CTR) {
memcpy(iv, ske->hash, 4);
- memcpy(iv + 4, keymat->receive_iv, 4);
+ memcpy(iv + 4, keymat->receive_iv, iv_included ? 4 : 8);
silc_cipher_set_iv(*ret_send_key, iv);
} else {
silc_cipher_set_iv(*ret_send_key, keymat->receive_iv);
if (silc_cipher_get_mode(*ret_receive_key) == SILC_CIPHER_MODE_CTR) {
memcpy(iv, ske->hash, 4);
- memcpy(iv + 4, keymat->send_iv, 4);
+ memcpy(iv + 4, keymat->send_iv, iv_included ? 4 : 8);
silc_cipher_set_iv(*ret_receive_key, iv);
} else {
silc_cipher_set_iv(*ret_receive_key, keymat->send_iv);
if (silc_cipher_get_mode(*ret_send_key) == SILC_CIPHER_MODE_CTR) {
memcpy(iv, ske->hash, 4);
- memcpy(iv + 4, keymat->send_iv, 4);
+ memcpy(iv + 4, keymat->send_iv, iv_included ? 4 : 8);
silc_cipher_set_iv(*ret_send_key, iv);
} else {
silc_cipher_set_iv(*ret_send_key, keymat->send_iv);
if (silc_cipher_get_mode(*ret_receive_key) == SILC_CIPHER_MODE_CTR) {
memcpy(iv, ske->hash, 4);
- memcpy(iv + 4, keymat->receive_iv, 4);
+ memcpy(iv + 4, keymat->receive_iv, iv_included ? 4 : 8);
silc_cipher_set_iv(*ret_receive_key, iv);
} else {
silc_cipher_set_iv(*ret_receive_key, keymat->receive_iv);