silcske.c
- Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
+ Author: Pekka Riikonen <priikone@silcnet.org>
- Copyright (C) 2000 Pekka Riikonen
+ Copyright (C) 2000 - 2005 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
+ the Free Software Foundation; version 2 of the License.
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-*/
-/*
- * $Id$
- * $Log$
- * Revision 1.1.1.1 2000/06/27 11:36:56 priikone
- * Importet from internal CVS/Added Log headers.
- *
- *
- */
-
-#include "silcincludes.h"
-#include "payload_internal.h"
-#include "groups_internal.h"
+*/
+/* $Id$ */
+
+#include "silc.h"
+#include "silcske.h"
+#include "groups_internal.h"
+
+/************************** Types and definitions ***************************/
+
+/* Structure to hold all SKE callbacks. */
+struct SilcSKECallbacksStruct {
+ SilcSKEVerifyCb verify_key;
+ SilcSKECompletionCb completed;
+ void *context;
+};
+
+
+/************************ Static utility functions **************************/
+
+SilcSKEKeyMaterial
+silc_ske_process_key_material_data(unsigned char *data,
+ SilcUInt32 data_len,
+ SilcUInt32 req_iv_len,
+ SilcUInt32 req_enc_key_len,
+ SilcUInt32 req_hmac_key_len,
+ SilcHash hash);
+SilcSKEKeyMaterial
+silc_ske_process_key_material(SilcSKE ske,
+ SilcUInt32 req_iv_len,
+ SilcUInt32 req_enc_key_len,
+ SilcUInt32 req_hmac_key_len);
+
+
+/* Packet callback */
+
+static SilcBool silc_ske_packet_receive(SilcPacketEngine engine,
+ SilcPacketStream stream,
+ SilcPacket packet,
+ void *callback_context,
+ void *app_context)
+{
+ SilcSKE ske = callback_context;
+ ske->packet = packet;
+ silc_fsm_continue(&ske->fsm);
+ return TRUE;
+}
+
+/* Packet stream callbacks */
+static SilcPacketCallbacks silc_ske_stream_cbs =
+{
+ silc_ske_packet_receive, NULL, NULL
+};
+
+/* Aborts SKE protocol */
+
+static void silc_ske_abort(SilcAsyncOperation op, void *context)
+{
+ SilcSKE ske = context;
+ ske->aborted = TRUE;
+}
+
+/* Public key verification completion callback */
+
+static void silc_ske_pk_verified(SilcSKE ske, SilcSKEStatus status,
+ void *completion_context)
+{
+ ske->status = status;
+ SILC_FSM_CALL_CONTINUE(&ske->fsm);
+}
+
+/* Checks remote and local versions */
+
+static SilcSKEStatus silc_ske_check_version(SilcSKE ske)
+{
+ SilcUInt32 l_protocol_version = 0, r_protocol_version = 0;
+
+ if (!ske->remote_version || !ske->version)
+ return SILC_SKE_STATUS_BAD_VERSION;
+
+ if (!silc_parse_version_string(ske->remote_version, &r_protocol_version,
+ NULL, NULL, NULL, NULL))
+ return SILC_SKE_STATUS_BAD_VERSION;
+
+ if (!silc_parse_version_string(ske->version, &l_protocol_version,
+ NULL, NULL, NULL, NULL))
+ return SILC_SKE_STATUS_BAD_VERSION;
+
+ /* If remote is too new, don't connect */
+ if (l_protocol_version < r_protocol_version)
+ return SILC_SKE_STATUS_BAD_VERSION;
+
+ return SILC_SKE_STATUS_OK;
+}
+
+/* Selects the supported security properties from the initiator's Key
+ Exchange Start Payload. */
+
+static SilcSKEStatus
+silc_ske_select_security_properties(SilcSKE ske,
+ SilcSKEStartPayload payload,
+ SilcSKEStartPayload remote_payload)
+{
+ SilcSKEStatus status;
+ SilcSKEStartPayload rp;
+ char *cp;
+ int len;
+
+ SILC_LOG_DEBUG(("Parsing KE Start Payload"));
+
+ rp = remote_payload;
+
+ /* Check version string */
+ ske->remote_version = silc_memdup(rp->version, rp->version_len);
+ status = silc_ske_check_version(ske);
+ if (status != SILC_SKE_STATUS_OK) {
+ ske->status = status;
+ return status;
+ }
+
+ /* Flags are returned unchanged. */
+ payload->flags = rp->flags;
+
+ /* Take cookie, we must return it to sender unmodified. */
+ payload->cookie = silc_calloc(SILC_SKE_COOKIE_LEN, sizeof(unsigned char));
+ if (!payload->cookie) {
+ ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ return status;
+ }
+ payload->cookie_len = SILC_SKE_COOKIE_LEN;
+ memcpy(payload->cookie, rp->cookie, SILC_SKE_COOKIE_LEN);
+
+ /* Put our version to our reply */
+ payload->version = strdup(ske->version);
+ if (!payload->version) {
+ ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ return status;
+ }
+ payload->version_len = strlen(ske->version);
+
+ /* Get supported Key Exchange groups */
+ cp = rp->ke_grp_list;
+ if (cp && strchr(cp, ',')) {
+ while(cp) {
+ char *item;
+
+ len = strcspn(cp, ",");
+ item = silc_calloc(len + 1, sizeof(char));
+ if (!item) {
+ ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ return status;
+ }
+ memcpy(item, cp, len);
+
+ SILC_LOG_DEBUG(("Proposed KE group `%s'", item));
+
+ if (silc_ske_group_get_by_name(item, NULL) == SILC_SKE_STATUS_OK) {
+ SILC_LOG_DEBUG(("Found KE group `%s'", item));
+
+ payload->ke_grp_len = len;
+ payload->ke_grp_list = item;
+ break;
+ }
+
+ cp += len;
+ if (strlen(cp) == 0)
+ cp = NULL;
+ else
+ cp++;
+
+ if (item)
+ silc_free(item);
+ }
+
+ if (!payload->ke_grp_len && !payload->ke_grp_list) {
+ SILC_LOG_DEBUG(("Could not find supported KE group"));
+ silc_free(payload);
+ return SILC_SKE_STATUS_UNKNOWN_GROUP;
+ }
+ } else {
+
+ if (!rp->ke_grp_len) {
+ SILC_LOG_DEBUG(("KE group not defined in payload"));
+ silc_free(payload);
+ return SILC_SKE_STATUS_BAD_PAYLOAD;
+ }
+
+ SILC_LOG_DEBUG(("Proposed KE group `%s'", rp->ke_grp_list));
+ SILC_LOG_DEBUG(("Found KE group `%s'", rp->ke_grp_list));
+
+ payload->ke_grp_len = rp->ke_grp_len;
+ payload->ke_grp_list = strdup(rp->ke_grp_list);
+ }
+
+ /* Get supported PKCS algorithms */
+ cp = rp->pkcs_alg_list;
+ if (cp && strchr(cp, ',')) {
+ while(cp) {
+ char *item;
+
+ len = strcspn(cp, ",");
+ item = silc_calloc(len + 1, sizeof(char));
+ if (!item) {
+ ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ return status;
+ }
+ memcpy(item, cp, len);
+
+ SILC_LOG_DEBUG(("Proposed PKCS alg `%s'", item));
+
+ if (silc_pkcs_is_supported(item) == TRUE) {
+ SILC_LOG_DEBUG(("Found PKCS alg `%s'", item));
+
+ payload->pkcs_alg_len = len;
+ payload->pkcs_alg_list = item;
+ break;
+ }
+
+ cp += len;
+ if (strlen(cp) == 0)
+ cp = NULL;
+ else
+ cp++;
+
+ if (item)
+ silc_free(item);
+ }
+
+ if (!payload->pkcs_alg_len && !payload->pkcs_alg_list) {
+ SILC_LOG_DEBUG(("Could not find supported PKCS alg"));
+ silc_free(payload->ke_grp_list);
+ silc_free(payload);
+ return SILC_SKE_STATUS_UNKNOWN_PKCS;
+ }
+ } else {
+
+ if (!rp->pkcs_alg_len) {
+ SILC_LOG_DEBUG(("PKCS alg not defined in payload"));
+ silc_free(payload->ke_grp_list);
+ silc_free(payload);
+ return SILC_SKE_STATUS_BAD_PAYLOAD;
+ }
+
+ SILC_LOG_DEBUG(("Proposed PKCS alg `%s'", rp->pkcs_alg_list));
+ SILC_LOG_DEBUG(("Found PKCS alg `%s'", rp->pkcs_alg_list));
+
+ payload->pkcs_alg_len = rp->pkcs_alg_len;
+ payload->pkcs_alg_list = strdup(rp->pkcs_alg_list);
+ }
+
+ /* Get supported encryption algorithms */
+ cp = rp->enc_alg_list;
+ if (cp && strchr(cp, ',')) {
+ while(cp) {
+ char *item;
+
+ len = strcspn(cp, ",");
+ item = silc_calloc(len + 1, sizeof(char));
+ if (!item) {
+ ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ return status;
+ }
+ memcpy(item, cp, len);
+
+ SILC_LOG_DEBUG(("Proposed encryption alg `%s'", item));
+
+ if (silc_cipher_is_supported(item) == TRUE) {
+ SILC_LOG_DEBUG(("Found encryption alg `%s'", item));
+
+ payload->enc_alg_len = len;
+ payload->enc_alg_list = item;
+ break;
+ }
+
+ cp += len;
+ if (strlen(cp) == 0)
+ cp = NULL;
+ else
+ cp++;
+
+ if (item)
+ silc_free(item);
+ }
+
+ if (!payload->enc_alg_len && !payload->enc_alg_list) {
+ SILC_LOG_DEBUG(("Could not find supported encryption alg"));
+ silc_free(payload->ke_grp_list);
+ silc_free(payload->pkcs_alg_list);
+ silc_free(payload);
+ return SILC_SKE_STATUS_UNKNOWN_CIPHER;
+ }
+ } else {
+
+ if (!rp->enc_alg_len) {
+ SILC_LOG_DEBUG(("Encryption alg not defined in payload"));
+ silc_free(payload->ke_grp_list);
+ silc_free(payload->pkcs_alg_list);
+ silc_free(payload);
+ return SILC_SKE_STATUS_BAD_PAYLOAD;
+ }
+
+ SILC_LOG_DEBUG(("Proposed encryption alg `%s' and selected it",
+ rp->enc_alg_list));
+
+ payload->enc_alg_len = rp->enc_alg_len;
+ payload->enc_alg_list = strdup(rp->enc_alg_list);
+ }
+
+ /* Get supported hash algorithms */
+ cp = rp->hash_alg_list;
+ if (cp && strchr(cp, ',')) {
+ while(cp) {
+ char *item;
+
+ len = strcspn(cp, ",");
+ item = silc_calloc(len + 1, sizeof(char));
+ if (!item) {
+ ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ return status;
+ }
+ memcpy(item, cp, len);
+
+ SILC_LOG_DEBUG(("Proposed hash alg `%s'", item));
+
+ if (silc_hash_is_supported(item) == TRUE) {
+ SILC_LOG_DEBUG(("Found hash alg `%s'", item));
+
+ payload->hash_alg_len = len;
+ payload->hash_alg_list = item;
+ break;
+ }
+
+ cp += len;
+ if (strlen(cp) == 0)
+ cp = NULL;
+ else
+ cp++;
+
+ if (item)
+ silc_free(item);
+ }
+
+ if (!payload->hash_alg_len && !payload->hash_alg_list) {
+ SILC_LOG_DEBUG(("Could not find supported hash alg"));
+ silc_free(payload->ke_grp_list);
+ silc_free(payload->pkcs_alg_list);
+ silc_free(payload->enc_alg_list);
+ silc_free(payload);
+ return SILC_SKE_STATUS_UNKNOWN_HASH_FUNCTION;
+ }
+ } else {
+
+ if (!rp->hash_alg_len) {
+ SILC_LOG_DEBUG(("Hash alg not defined in payload"));
+ silc_free(payload->ke_grp_list);
+ silc_free(payload->pkcs_alg_list);
+ silc_free(payload->enc_alg_list);
+ silc_free(payload);
+ return SILC_SKE_STATUS_BAD_PAYLOAD;
+ }
+
+ SILC_LOG_DEBUG(("Proposed hash alg `%s' and selected it",
+ rp->hash_alg_list));
+
+ payload->hash_alg_len = rp->hash_alg_len;
+ payload->hash_alg_list = strdup(rp->hash_alg_list);
+ }
+
+ /* Get supported HMACs */
+ cp = rp->hmac_alg_list;
+ if (cp && strchr(cp, ',')) {
+ while(cp) {
+ char *item;
+
+ len = strcspn(cp, ",");
+ item = silc_calloc(len + 1, sizeof(char));
+ if (!item) {
+ ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ return status;
+ }
+ memcpy(item, cp, len);
+
+ SILC_LOG_DEBUG(("Proposed HMAC `%s'", item));
+
+ if (silc_hmac_is_supported(item) == TRUE) {
+ SILC_LOG_DEBUG(("Found HMAC `%s'", item));
+
+ payload->hmac_alg_len = len;
+ payload->hmac_alg_list = item;
+ break;
+ }
+
+ cp += len;
+ if (strlen(cp) == 0)
+ cp = NULL;
+ else
+ cp++;
+
+ if (item)
+ silc_free(item);
+ }
+
+ if (!payload->hmac_alg_len && !payload->hmac_alg_list) {
+ SILC_LOG_DEBUG(("Could not find supported HMAC"));
+ silc_free(payload->ke_grp_list);
+ silc_free(payload->pkcs_alg_list);
+ silc_free(payload->enc_alg_list);
+ silc_free(payload->hash_alg_list);
+ silc_free(payload);
+ return SILC_SKE_STATUS_UNKNOWN_HMAC;
+ }
+ } else {
+
+ if (!rp->hmac_alg_len) {
+ SILC_LOG_DEBUG(("HMAC not defined in payload"));
+ silc_free(payload->ke_grp_list);
+ silc_free(payload->pkcs_alg_list);
+ silc_free(payload->enc_alg_list);
+ silc_free(payload->hash_alg_list);
+ silc_free(payload);
+ return SILC_SKE_STATUS_BAD_PAYLOAD;
+ }
+
+ SILC_LOG_DEBUG(("Proposed HMAC `%s' and selected it",
+ rp->hmac_alg_list));
+
+ payload->hmac_alg_len = rp->hmac_alg_len;
+ payload->hmac_alg_list = strdup(rp->hmac_alg_list);
+ }
+
+ /* Get supported compression algorithms */
+ cp = rp->comp_alg_list;
+ if (cp && strchr(cp, ',')) {
+ while(cp) {
+ char *item;
+
+ len = strcspn(cp, ",");
+ item = silc_calloc(len + 1, sizeof(char));
+ if (!item) {
+ ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ return status;
+ }
+ memcpy(item, cp, len);
+
+ SILC_LOG_DEBUG(("Proposed Compression `%s'", item));
+
+#if 1
+ if (!strcmp(item, "none")) {
+ SILC_LOG_DEBUG(("Found Compression `%s'", item));
+ payload->comp_alg_len = len;
+ payload->comp_alg_list = item;
+ break;
+ }
+#else
+ if (silc_hmac_is_supported(item) == TRUE) {
+ SILC_LOG_DEBUG(("Found Compression `%s'", item));
+ payload->comp_alg_len = len;
+ payload->comp_alg_list = item;
+ break;
+ }
+#endif
+
+ cp += len;
+ if (strlen(cp) == 0)
+ cp = NULL;
+ else
+ cp++;
+
+ if (item)
+ silc_free(item);
+ }
+ }
+
+ payload->len = 1 + 1 + 2 + SILC_SKE_COOKIE_LEN +
+ 2 + payload->version_len +
+ 2 + payload->ke_grp_len + 2 + payload->pkcs_alg_len +
+ 2 + payload->enc_alg_len + 2 + payload->hash_alg_len +
+ 2 + payload->hmac_alg_len + 2 + payload->comp_alg_len;
+
+ return SILC_SKE_STATUS_OK;
+}
+
+/* Creates random number such that 1 < rnd < n and at most length
+ of len bits. The rnd sent as argument must be initialized. */
+
+static SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcMPInt *n,
+ SilcUInt32 len,
+ SilcMPInt *rnd)
+{
+ SilcSKEStatus status = SILC_SKE_STATUS_OK;
+ unsigned char *string;
+ SilcUInt32 l;
+
+ if (!len)
+ return SILC_SKE_STATUS_ERROR;
+
+ SILC_LOG_DEBUG(("Creating random number"));
+
+ l = ((len - 1) / 8);
+
+ /* Get the random number as string */
+ string = silc_rng_get_rn_data(ske->rng, l);
+ if (!string)
+ return SILC_SKE_STATUS_OUT_OF_MEMORY;
+
+ /* Decode the string into a MP integer */
+ silc_mp_bin2mp(string, l, rnd);
+ silc_mp_mod_2exp(rnd, rnd, len);
+
+ /* Checks */
+ if (silc_mp_cmp_ui(rnd, 1) < 0)
+ status = SILC_SKE_STATUS_ERROR;
+ if (silc_mp_cmp(rnd, n) >= 0)
+ status = SILC_SKE_STATUS_ERROR;
+
+ memset(string, 'F', l);
+ silc_free(string);
+
+ return status;
+}
+
+/* Creates a hash value HASH as defined in the SKE protocol. If the
+ `initiator' is TRUE then this function is used to create the HASH_i
+ hash value defined in the protocol. If it is FALSE then this is used
+ to create the HASH value defined by the protocol. */
+
+static SilcSKEStatus silc_ske_make_hash(SilcSKE ske,
+ unsigned char *return_hash,
+ SilcUInt32 *return_hash_len,
+ int initiator)
+{
+ SilcSKEStatus status = SILC_SKE_STATUS_OK;
+ SilcBuffer buf;
+ unsigned char *e, *f, *KEY;
+ SilcUInt32 e_len, f_len, KEY_len;
+ int ret;
+
+ SILC_LOG_DEBUG(("Start"));
+
+ if (initiator == FALSE) {
+ e = silc_mp_mp2bin(&ske->ke1_payload->x, 0, &e_len);
+ f = silc_mp_mp2bin(&ske->ke2_payload->x, 0, &f_len);
+ KEY = silc_mp_mp2bin(ske->KEY, 0, &KEY_len);
+
+ /* Format the buffer used to compute the hash value */
+ buf = silc_buffer_alloc_size(silc_buffer_len(ske->start_payload_copy) +
+ ske->ke2_payload->pk_len +
+ ske->ke1_payload->pk_len +
+ e_len + f_len + KEY_len);
+ if (!buf)
+ return SILC_SKE_STATUS_OUT_OF_MEMORY;
+
+ /* Initiator is not required to send its public key */
+ if (!ske->ke1_payload->pk_data) {
+ ret =
+ silc_buffer_format(buf,
+ SILC_STR_UI_XNSTRING(
+ ske->start_payload_copy->data,
+ silc_buffer_len(ske->start_payload_copy)),
+ SILC_STR_UI_XNSTRING(ske->ke2_payload->pk_data,
+ ske->ke2_payload->pk_len),
+ SILC_STR_UI_XNSTRING(e, e_len),
+ SILC_STR_UI_XNSTRING(f, f_len),
+ SILC_STR_UI_XNSTRING(KEY, KEY_len),
+ SILC_STR_END);
+ } else {
+ ret =
+ silc_buffer_format(buf,
+ SILC_STR_UI_XNSTRING(
+ ske->start_payload_copy->data,
+ silc_buffer_len(ske->start_payload_copy)),
+ SILC_STR_UI_XNSTRING(ske->ke2_payload->pk_data,
+ ske->ke2_payload->pk_len),
+ SILC_STR_UI_XNSTRING(ske->ke1_payload->pk_data,
+ ske->ke1_payload->pk_len),
+ SILC_STR_UI_XNSTRING(e, e_len),
+ SILC_STR_UI_XNSTRING(f, f_len),
+ SILC_STR_UI_XNSTRING(KEY, KEY_len),
+ SILC_STR_END);
+ }
+ if (ret == -1) {
+ silc_buffer_free(buf);
+ memset(e, 0, e_len);
+ memset(f, 0, f_len);
+ memset(KEY, 0, KEY_len);
+ silc_free(e);
+ silc_free(f);
+ silc_free(KEY);
+ return SILC_SKE_STATUS_ERROR;
+ }
+
+ memset(e, 0, e_len);
+ memset(f, 0, f_len);
+ memset(KEY, 0, KEY_len);
+ silc_free(e);
+ silc_free(f);
+ silc_free(KEY);
+ } else {
+ e = silc_mp_mp2bin(&ske->ke1_payload->x, 0, &e_len);
+
+ buf = silc_buffer_alloc_size(silc_buffer_len(ske->start_payload_copy) +
+ ske->ke1_payload->pk_len + e_len);
+ if (!buf)
+ return SILC_SKE_STATUS_OUT_OF_MEMORY;
+
+ /* Format the buffer used to compute the hash value */
+ ret =
+ silc_buffer_format(buf,
+ SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
+ silc_buffer_len(ske->start_payload_copy)),
+ SILC_STR_UI_XNSTRING(ske->ke1_payload->pk_data,
+ ske->ke1_payload->pk_len),
+ SILC_STR_UI_XNSTRING(e, e_len),
+ SILC_STR_END);
+ if (ret == -1) {
+ silc_buffer_free(buf);
+ memset(e, 0, e_len);
+ silc_free(e);
+ return SILC_SKE_STATUS_ERROR;
+ }
+
+ memset(e, 0, e_len);
+ silc_free(e);
+ }
+
+ /* Make the hash */
+ silc_hash_make(ske->prop->hash, buf->data, silc_buffer_len(buf),
+ return_hash);
+ *return_hash_len = silc_hash_len(ske->prop->hash);
+
+ if (initiator == FALSE) {
+ SILC_LOG_HEXDUMP(("HASH"), return_hash, *return_hash_len);
+ } else {
+ SILC_LOG_HEXDUMP(("HASH_i"), return_hash, *return_hash_len);
+ }
+
+ silc_buffer_free(buf);
+
+ return status;
+}
+
+
+/******************************* Protocol API *******************************/
/* Allocates new SKE object. */
-SilcSKE silc_ske_alloc()
+SilcSKE silc_ske_alloc(SilcRng rng, SilcSchedule schedule,
+ SilcPublicKey public_key, SilcPrivateKey private_key,
+ void *context)
{
SilcSKE ske;
SILC_LOG_DEBUG(("Allocating new Key Exchange object"));
+ if (!rng || !schedule)
+ return NULL;
+
ske = silc_calloc(1, sizeof(*ske));
- if (!ske) {
- SILC_LOG_ERROR(("Could not allocate new SKE object"));
+ if (!ske)
return NULL;
- }
+ ske->status = SILC_SKE_STATUS_OK;
+ ske->rng = rng;
+ ske->user_data = context;
+ ske->schedule = schedule;
+ ske->public_key = public_key;
+ ske->private_key = private_key;
+ ske->pk_type = SILC_SKE_PK_TYPE_SILC;
return ske;
}
if (ske->start_payload)
silc_ske_payload_start_free(ske->start_payload);
- /* Free KE1 payload */
+ /* Free KE payload */
if (ske->ke1_payload)
- silc_ske_payload_one_free(ske->ke1_payload);
-
- /* Free KE2 payload */
+ silc_ske_payload_ke_free(ske->ke1_payload);
if (ske->ke2_payload)
- silc_ske_payload_two_free(ske->ke2_payload);
+ silc_ske_payload_ke_free(ske->ke2_payload);
+ silc_free(ske->remote_version);
/* Free rest */
if (ske->prop) {
if (ske->prop->group)
- silc_free(ske->prop->group);
+ silc_ske_group_free(ske->prop->group);
if (ske->prop->pkcs)
silc_pkcs_free(ske->prop->pkcs);
if (ske->prop->cipher)
silc_cipher_free(ske->prop->cipher);
if (ske->prop->hash)
silc_hash_free(ske->prop->hash);
+ if (ske->prop->hmac)
+ silc_hmac_free(ske->prop->hmac);
silc_free(ske->prop);
}
if (ske->start_payload_copy)
silc_buffer_free(ske->start_payload_copy);
- if (ske->pk)
- silc_free(ske->pk);
- silc_mp_clear(&ske->x);
- silc_mp_clear(&ske->KEY);
- if (ske->hash)
- silc_free(ske->hash);
+ if (ske->x) {
+ silc_mp_uninit(ske->x);
+ silc_free(ske->x);
+ }
+ if (ske->KEY) {
+ silc_mp_uninit(ske->KEY);
+ silc_free(ske->KEY);
+ }
+ silc_free(ske->hash);
+ silc_free(ske->callbacks);
+
+ memset(ske, 'F', sizeof(*ske));
silc_free(ske);
}
}
-/* Starts the SILC Key Exchange protocol for initiator. The connection
- to the remote end must be established before calling this function
- and the connecting socket must be sent as argument. This function
- creates the Key Exchange Start Paload which includes all our
- configured security properties. This payload is then sent to the
- remote end for further processing. This payload must be sent as
- argument to the function, however, it must not be encoded
- already, it is done by this function.
-
- The packet sending is done by calling a callback function. Caller
- must provide a routine to send the packet. */
-
-SilcSKEStatus silc_ske_initiator_start(SilcSKE ske, SilcRng rng,
- SilcSocketConnection sock,
- SilcSKEStartPayload *start_payload,
- SilcSKESendPacketCb send_packet,
- void *context)
+/* Return user context */
+
+void *silc_ske_get_context(SilcSKE ske)
{
- SilcSKEStatus status = SILC_SKE_STATUS_OK;
+ return ske->user_data;
+}
+
+/* Sets protocol callbacks */
+
+void silc_ske_set_callbacks(SilcSKE ske,
+ SilcSKEVerifyCb verify_key,
+ SilcSKECompletionCb completed,
+ void *context)
+{
+ if (ske->callbacks)
+ silc_free(ske->callbacks);
+ ske->callbacks = silc_calloc(1, sizeof(*ske->callbacks));
+ if (!ske->callbacks)
+ return;
+ ske->callbacks->verify_key = verify_key;
+ ske->callbacks->completed = completed;
+ ske->callbacks->context = context;
+}
+
+
+/******************************** Initiator *********************************/
+
+/* Initiator state machine */
+SILC_FSM_STATE(silc_ske_st_initiator_start);
+SILC_FSM_STATE(silc_ske_st_initiator_phase1);
+SILC_FSM_STATE(silc_ske_st_initiator_phase2);
+SILC_FSM_STATE(silc_ske_st_initiator_phase3);
+SILC_FSM_STATE(silc_ske_st_initiator_phase4);
+SILC_FSM_STATE(silc_ske_st_initiator_end);
+SILC_FSM_STATE(silc_ske_st_initiator_aborted);
+SILC_FSM_STATE(silc_ske_st_initiator_error);
+
+/* Start protocol. Send our proposal */
+
+SILC_FSM_STATE(silc_ske_st_initiator_start)
+{
+ SilcSKE ske = fsm_context;
SilcBuffer payload_buf;
+ SilcStatus status;
SILC_LOG_DEBUG(("Start"));
- ske->sock = sock;
- ske->rng = rng;
+ if (ske->aborted) {
+ /** Aborted */
+ silc_fsm_next(fsm, silc_ske_st_initiator_aborted);
+ return SILC_FSM_CONTINUE;
+ }
/* Encode the payload */
- status = silc_ske_payload_start_encode(ske, start_payload, &payload_buf);
- if (status != SILC_SKE_STATUS_OK)
- return status;
+ status = silc_ske_payload_start_encode(ske, ske->start_payload,
+ &payload_buf);
+ if (status != SILC_SKE_STATUS_OK) {
+ /** Error encoding Start Payload */
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
+ }
- /* Take a copy of the payload buffer for future use. It is used to
+ /* Save the the payload buffer for future use. It is later used to
compute the HASH value. */
- ske->start_payload_copy = silc_buffer_copy(payload_buf);
+ ske->start_payload_copy = payload_buf;
- /* Send the packet. */
- if (send_packet)
- (*send_packet)(ske, payload_buf, SILC_PACKET_KEY_EXCHANGE, context);
-
- silc_buffer_free(payload_buf);
+ /* Send the packet */
+ /* XXX */
- return status;
+ /** Wait for responder proposal */
+ SILC_LOG_DEBUG(("Waiting for reponder proposal"));
+ silc_fsm_next(ske, silc_ske_st_initiator_phase1);
+ return SILC_FSM_WAIT;
}
-/* Function called after ske_initiator_start fuction. This receives
- the remote ends Key Exchange Start payload which includes the
- security properties selected by the responder from our payload
- sent in the silc_ske_initiator_start function. */
+/* Phase-1. Receives responder's proposal */
-SilcSKEStatus silc_ske_initiator_phase_1(SilcSKE ske,
- SilcBuffer start_payload,
- SilcSKECb callback,
- void *context)
+SILC_FSM_STATE(silc_ske_st_initiator_phase1)
{
- SilcSKEStatus status = SILC_SKE_STATUS_OK;
- SilcSKEStartPayload *payload;
+ SilcSKE ske = fsm_context;
+ SilcSKEStatus status;
+ SilcSKEStartPayload payload;
SilcSKESecurityProperties prop;
SilcSKEDiffieHellmanGroup group;
+ SilcBuffer packet_buf = &ske->packet->buffer;
SILC_LOG_DEBUG(("Start"));
+ if (ske->aborted) {
+ /** Aborted */
+ silc_fsm_next(fsm, silc_ske_st_initiator_aborted);
+ return SILC_FSM_CONTINUE;
+ }
+
/* Decode the payload */
- status = silc_ske_payload_start_decode(ske, start_payload, &payload);
- if (status != SILC_SKE_STATUS_OK)
- return status;
+ status = silc_ske_payload_start_decode(ske, packet_buf, &payload);
+ if (status != SILC_SKE_STATUS_OK) {
+ /** Error decoding Start Payload */
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
+ }
+
+ /* Check that the cookie is returned unmodified */
+ if (memcmp(ske->start_payload->cookie, payload->cookie,
+ ske->start_payload->cookie_len)) {
+ /** Invalid cookie */
+ SILC_LOG_ERROR(("Responder modified our cookie and it must not do it"));
+ ske->status = SILC_SKE_STATUS_INVALID_COOKIE;
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
+ }
+
+ /* Check version string */
+ ske->remote_version = silc_memdup(payload->version, payload->version_len);
+ status = silc_ske_check_version(ske);
+ if (status != SILC_SKE_STATUS_OK) {
+ /** Version mismatch */
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
+ }
+
+ /* Free our KE Start Payload context, we don't need it anymore. */
+ silc_ske_payload_start_free(ske->start_payload);
+ ske->start_payload = NULL;
/* Take the selected security properties into use while doing
- the key exchange. This is used only while doing the key
- exchange. The same data is returned to upper levels by calling
- the callback function. */
+ the key exchange. This is used only while doing the key
+ exchange. */
ske->prop = prop = silc_calloc(1, sizeof(*prop));
+ if (!ske->prop)
+ goto err;
prop->flags = payload->flags;
- status = silc_ske_get_group_by_name(payload->ke_grp_list, &group);
+ status = silc_ske_group_get_by_name(payload->ke_grp_list, &group);
if (status != SILC_SKE_STATUS_OK)
goto err;
prop->group = group;
- if (silc_pkcs_alloc(payload->pkcs_alg_list, &prop->pkcs) == FALSE) {
+ if (silc_pkcs_alloc(payload->pkcs_alg_list, ske->pk_type,
+ &prop->pkcs) == FALSE) {
status = SILC_SKE_STATUS_UNKNOWN_PKCS;
goto err;
}
-
if (silc_cipher_alloc(payload->enc_alg_list, &prop->cipher) == FALSE) {
status = SILC_SKE_STATUS_UNKNOWN_CIPHER;
goto err;
}
-
if (silc_hash_alloc(payload->hash_alg_list, &prop->hash) == FALSE) {
status = SILC_SKE_STATUS_UNKNOWN_HASH_FUNCTION;
goto err;
}
+ if (silc_hmac_alloc(payload->hmac_alg_list, NULL, &prop->hmac) == FALSE) {
+ status = SILC_SKE_STATUS_UNKNOWN_HMAC;
+ goto err;
+ }
+ /* Save remote's KE Start Payload */
ske->start_payload = payload;
- /* Return the received payload by calling the callback function. */
- if (callback)
- (*callback)(ske, context);
-
- return status;
+ /** Send KE Payload */
+ silc_fsm_next(fsm, silc_ske_st_initiator_phase2);
+ return SILC_FSM_CONTINUE;
err:
if (payload)
silc_ske_payload_start_free(payload);
- silc_free(group);
+ silc_ske_group_free(group);
if (prop->pkcs)
silc_pkcs_free(prop->pkcs);
silc_cipher_free(prop->cipher);
if (prop->hash)
silc_hash_free(prop->hash);
+ if (prop->hmac)
+ silc_hmac_free(prop->hmac);
silc_free(prop);
ske->prop = NULL;
if (status == SILC_SKE_STATUS_OK)
- return SILC_SKE_STATUS_ERROR;
+ status = SILC_SKE_STATUS_ERROR;
- return status;
+ /** Error */
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
}
-/* This function creates random number x, such that 1 < x < q and
- computes e = g ^ x mod p and sends the result to the remote end in
- Key Exchange 1 Payload. */
+/* Phase-2. Send KE payload */
-SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske,
- SilcSKESendPacketCb send_packet,
- void *context)
+SILC_FSM_STATE(silc_ske_st_initiator_phase2)
{
- SilcSKEStatus status = SILC_SKE_STATUS_OK;
+ SilcSKE ske = fsm_context;
+ SilcSKEStatus status;
SilcBuffer payload_buf;
- SilcInt x, e;
- SilcSKEOnePayload *payload;
+ SilcMPInt *x;
+ SilcSKEKEPayload payload;
+ SilcUInt32 pk_len;
SILC_LOG_DEBUG(("Start"));
/* Create the random number x, 1 < x < q. */
- silc_mp_init(&x);
- status =
- silc_ske_create_rnd(ske, ske->prop->group->group_order,
+ x = silc_calloc(1, sizeof(*x));
+ if (!x){
+ /** Out of memory */
+ ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
+ }
+ silc_mp_init(x);
+ status =
+ silc_ske_create_rnd(ske, &ske->prop->group->group_order,
silc_mp_sizeinbase(&ske->prop->group->group_order, 2),
- &x);
+ x);
if (status != SILC_SKE_STATUS_OK) {
- silc_mp_clear(&x);
- return status;
+ /** Error generating random number */
+ silc_mp_uninit(x);
+ silc_free(x);
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
+ }
+
+ /* Encode the result to Key Exchange Payload. */
+
+ payload = silc_calloc(1, sizeof(*payload));
+ if (!payload) {
+ /** Out of memory */
+ silc_mp_uninit(x);
+ silc_free(x);
+ ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
}
+ ske->ke1_payload = payload;
SILC_LOG_DEBUG(("Computing e = g ^ x mod p"));
/* Do the Diffie Hellman computation, e = g ^ x mod p */
- silc_mp_init(&e);
- silc_mp_powm(&e, &ske->prop->group->generator, &x,
- &ske->prop->group->group);
-
- /* Encode the result to Key Exchange 1 Payload. */
- payload = silc_calloc(1, sizeof(*payload));
- payload->e = e;
- status = silc_ske_payload_one_encode(ske, payload, &payload_buf);
+ silc_mp_init(&payload->x);
+ silc_mp_pow_mod(&payload->x, &ske->prop->group->generator, x,
+ &ske->prop->group->group);
+
+ /* Get public key */
+ if (ske->public_key) {
+ payload->pk_data = silc_pkcs_public_key_encode(ske->public_key, &pk_len);
+ if (!payload->pk_data) {
+ /** Error encoding public key */
+ silc_mp_uninit(x);
+ silc_free(x);
+ silc_mp_uninit(&payload->x);
+ silc_free(payload);
+ ske->ke1_payload = NULL;
+ ske->status = SILC_SKE_STATUS_ERROR;
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
+ }
+ payload->pk_len = pk_len;
+ }
+ payload->pk_type = ske->pk_type;
+
+ /* Compute signature data if we are doing mutual authentication */
+ if (ske->private_key &&
+ ske->start_payload->flags & SILC_SKE_SP_FLAG_MUTUAL) {
+ unsigned char hash[SILC_HASH_MAXLEN], sign[2048 + 1];
+ SilcUInt32 hash_len, sign_len;
+
+ SILC_LOG_DEBUG(("We are doing mutual authentication"));
+ SILC_LOG_DEBUG(("Computing HASH_i value"));
+
+ /* Compute the hash value */
+ memset(hash, 0, sizeof(hash));
+ silc_ske_make_hash(ske, hash, &hash_len, TRUE);
+
+ SILC_LOG_DEBUG(("Signing HASH_i value"));
+
+ /* Sign the hash value */
+ silc_pkcs_private_key_data_set(ske->prop->pkcs, ske->private_key->prv,
+ ske->private_key->prv_len);
+ if (silc_pkcs_get_key_len(ske->prop->pkcs) / 8 > sizeof(sign) - 1 ||
+ !silc_pkcs_sign(ske->prop->pkcs, hash, hash_len, sign, &sign_len)) {
+ /** Error computing signature */
+ silc_mp_uninit(x);
+ silc_free(x);
+ silc_mp_uninit(&payload->x);
+ silc_free(payload->pk_data);
+ silc_free(payload);
+ ske->ke1_payload = NULL;
+ ske->status = SILC_SKE_STATUS_SIGNATURE_ERROR;
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
+ }
+ payload->sign_data = silc_memdup(sign, sign_len);
+ payload->sign_len = sign_len;
+ memset(sign, 0, sizeof(sign));
+ }
+
+ status = silc_ske_payload_ke_encode(ske, payload, &payload_buf);
if (status != SILC_SKE_STATUS_OK) {
- silc_mp_clear(&x);
- silc_mp_clear(&e);
+ /** Error encoding KE payload */
+ silc_mp_uninit(x);
+ silc_free(x);
+ silc_mp_uninit(&payload->x);
+ silc_free(payload->pk_data);
+ silc_free(payload->sign_data);
silc_free(payload);
- return status;
+ ske->ke1_payload = NULL;
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
}
- ske->ke1_payload = payload;
ske->x = x;
/* Send the packet. */
- if (send_packet)
- (*send_packet)(ske, payload_buf, SILC_PACKET_KEY_EXCHANGE_1, context);
+ /* XXX */
silc_buffer_free(payload_buf);
- return status;
+ /** Waiting responder's KE payload */
+ silc_fsm_next(fsm, silc_ske_st_initiator_phase3);
+ return SILC_FSM_WAIT;
}
-/* Receives Key Exchange 2 Payload from responder consisting responders
- public key, f, and signature. This function verifies the public key,
- computes the secret shared key and verifies the signature. */
+/* Phase-3. Process responder's KE payload */
-SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske,
- SilcBuffer ke2_payload,
- SilcSKECb callback,
- void *context)
+SILC_FSM_STATE(silc_ske_st_initiator_phase3)
{
- SilcSKEStatus status = SILC_SKE_STATUS_OK;
- SilcSKETwoPayload *payload;
- SilcInt KEY;
- unsigned char hash[32];
- unsigned int hash_len;
+ SilcSKE ske = fsm_context;
+ SilcSKEStatus status;
+ SilcSKEKEPayload payload;
+ SilcMPInt *KEY;
+ SilcBuffer packet_buf = &ske->packet->buffer;
SILC_LOG_DEBUG(("Start"));
+ if (ske->aborted) {
+ /** Aborted */
+ silc_fsm_next(fsm, silc_ske_st_initiator_aborted);
+ return SILC_FSM_CONTINUE;
+ }
+
/* Decode the payload */
- status = silc_ske_payload_two_decode(ske, ke2_payload, &payload);
- if (status != SILC_SKE_STATUS_OK)
- return status;
+ status = silc_ske_payload_ke_decode(ske, packet_buf, &payload);
+ if (status != SILC_SKE_STATUS_OK) {
+ /** Error decoding KE payload */
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
+ }
ske->ke2_payload = payload;
+ if (!payload->pk_data && ske->callbacks->verify_key) {
+ SILC_LOG_DEBUG(("Remote end did not send its public key (or certificate), "
+ "even though we require it"));
+ ske->status = SILC_SKE_STATUS_PUBLIC_KEY_NOT_PROVIDED;
+ goto err;
+ }
+
SILC_LOG_DEBUG(("Computing KEY = f ^ x mod p"));
/* Compute the shared secret key */
- silc_mp_init(&KEY);
- silc_mp_powm(&KEY, &payload->f, &ske->x, &ske->prop->group->group);
+ KEY = silc_calloc(1, sizeof(*KEY));
+ silc_mp_init(KEY);
+ silc_mp_pow_mod(KEY, &payload->x, ske->x, &ske->prop->group->group);
ske->KEY = KEY;
- SILC_LOG_DEBUG(("Verifying public key"));
+ if (payload->pk_data && ske->callbacks->verify_key) {
+ SILC_LOG_DEBUG(("Verifying public key"));
+
+ /** Waiting public key verification */
+ silc_fsm_next(fsm, silc_ske_st_initiator_phase4);
+ SILC_FSM_CALL(ske->callbacks->verify_key(ske, payload->pk_data,
+ payload->pk_len,
+ payload->pk_type,
+ ske->callbacks->context,
+ silc_ske_pk_verified, NULL));
+ /* NOT REACHED */
+ }
- /* Verify the public key */ /* XXX */
- status = silc_ske_verify_public_key(ske, payload->pk_data,
- payload->pk_len);
- if (status != SILC_SKE_STATUS_OK)
- goto err;
-
- SILC_LOG_DEBUG(("Public key is authentic"));
+ /** Process key material */
+ silc_fsm_next(fsm, silc_ske_st_initiator_phase4);
+ return SILC_FSM_CONTINUE;
- /* Compute the hash value */
- status = silc_ske_make_hash(ske, hash, &hash_len);
- if (status != SILC_SKE_STATUS_OK)
- goto err;
+ err:
+ silc_ske_payload_ke_free(payload);
+ ske->ke2_payload = NULL;
+
+ silc_mp_uninit(ske->KEY);
+ silc_free(ske->KEY);
+ ske->KEY = NULL;
- ske->hash = silc_calloc(hash_len, sizeof(unsigned char));
- memcpy(ske->hash, hash, hash_len);
- ske->hash_len = hash_len;
+ if (status == SILC_SKE_STATUS_OK)
+ return SILC_SKE_STATUS_ERROR;
- SILC_LOG_DEBUG(("Verifying signature"));
+ /** Error */
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
+}
- /* Verify signature */
- silc_pkcs_set_public_key(ske->prop->pkcs, payload->pk_data, payload->pk_len);
- if (ske->prop->pkcs->pkcs->verify(ske->prop->pkcs->context,
- payload->sign_data, payload->sign_len,
- hash, hash_len) == FALSE) {
+/* Process key material */
- SILC_LOG_DEBUG(("Signature don't match"));
+SILC_FSM_STATE(silc_ske_st_initiator_phase4)
+{
+ SilcSKE ske = fsm_context;
+ SilcSKEStatus status;
+ SilcSKEKEPayload payload;
+ unsigned char hash[SILC_HASH_MAXLEN];
+ SilcUInt32 hash_len;
+ SilcPublicKey public_key = NULL;
+ int key_len, block_len;
+
+ if (ske->aborted) {
+ /** Aborted */
+ silc_fsm_next(fsm, silc_ske_st_initiator_aborted);
+ return SILC_FSM_CONTINUE;
+ }
- status = SILC_SKE_STATUS_INCORRECT_SIGNATURE;
- goto err;
+ /* Check result of public key verification */
+ if (ske->status != SILC_SKE_STATUS_OK) {
+ /** Public key not verified */
+ SILC_LOG_DEBUG(("Public key verification failed"));
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
}
- SILC_LOG_DEBUG(("Signature is Ok"));
+ payload = ske->ke2_payload;
- memset(hash, 'F', hash_len);
+ if (payload->pk_data) {
+ /* Decode the public key */
+ if (!silc_pkcs_public_key_decode(payload->pk_data, payload->pk_len,
+ &public_key)) {
+ SILC_LOG_ERROR(("Unsupported/malformed public key received"));
+ status = SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY;
+ goto err;
+ }
- /* Call the callback. */
- if (callback)
- (*callback)(ske, context);
+ SILC_LOG_DEBUG(("Public key is authentic"));
- return status;
+ /* Compute the hash value */
+ status = silc_ske_make_hash(ske, hash, &hash_len, FALSE);
+ if (status != SILC_SKE_STATUS_OK)
+ goto err;
+
+ ske->hash = silc_memdup(hash, hash_len);
+ ske->hash_len = hash_len;
+
+ SILC_LOG_DEBUG(("Verifying signature (HASH)"));
+
+ /* Verify signature */
+ silc_pkcs_public_key_set(ske->prop->pkcs, public_key);
+ if (silc_pkcs_verify(ske->prop->pkcs, payload->sign_data,
+ payload->sign_len, hash, hash_len) == FALSE) {
+ SILC_LOG_ERROR(("Signature verification failed, incorrect signature"));
+ status = SILC_SKE_STATUS_INCORRECT_SIGNATURE;
+ goto err;
+ }
+
+ SILC_LOG_DEBUG(("Signature is Ok"));
+
+ silc_pkcs_public_key_free(public_key);
+ memset(hash, 'F', hash_len);
+ }
+
+ ske->status = SILC_SKE_STATUS_OK;
+
+ /* Process key material */
+ key_len = silc_cipher_get_key_len(ske->prop->cipher);
+ block_len = silc_cipher_get_key_len(ske->prop->cipher);
+ hash_len = silc_hash_len(ske->prop->hash);
+ ske->keymat = silc_ske_process_key_material(ske, block_len,
+ key_len, hash_len);
+ if (!ske->keymat) {
+ SILC_LOG_ERROR(("Error processing key material"));
+ status = SILC_SKE_STATUS_ERROR;
+ goto err;
+ }
+
+ /* Send SUCCESS packet */
+ /* XXX */
+
+ /** Waiting completion */
+ silc_fsm_next(fsm, silc_ske_st_initiator_end);
+ return SILC_FSM_WAIT;
err:
- memset(hash, 'F', hash_len);
- silc_ske_payload_two_free(payload);
+ memset(hash, 'F', sizeof(hash));
+ silc_ske_payload_ke_free(payload);
+ ske->ke2_payload = NULL;
+
+ silc_mp_uninit(ske->KEY);
+ silc_free(ske->KEY);
+ ske->KEY = NULL;
- silc_mp_clear(&ske->KEY);
+ if (public_key)
+ silc_pkcs_public_key_free(public_key);
if (ske->hash) {
memset(ske->hash, 'F', hash_len);
}
if (status == SILC_SKE_STATUS_OK)
- return SILC_SKE_STATUS_ERROR;
+ status = SILC_SKE_STATUS_ERROR;
- return status;
+ /** Error */
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
}
-/* Starts Key Exchange protocol for responder. Responder receives
- Key Exchange Start Payload from initiator consisting of all the
- security properties the initiator supports. This function decodes
- the payload and parses the payload further and selects the right
- security properties. */
-
-SilcSKEStatus silc_ske_responder_start(SilcSKE ske, SilcRng rng,
- SilcSocketConnection sock,
- SilcBuffer start_payload,
- SilcSKECb callback,
- void *context)
+/* Protocol completed */
+
+SILC_FSM_STATE(silc_ske_st_initiator_end)
{
- SilcSKEStatus status = SILC_SKE_STATUS_OK;
- SilcSKEStartPayload *remote_payload = NULL, *payload = NULL;
+ SilcSKE ske = fsm_context;
- SILC_LOG_DEBUG(("Start"));
+ if (ske->aborted) {
+ /** Aborted */
+ silc_fsm_next(fsm, silc_ske_st_initiator_aborted);
+ return SILC_FSM_CONTINUE;
+ }
- ske->sock = sock;
- ske->rng = rng;
+ /* Call the completion callback */
+ if (ske->callbacks->completed)
+ ske->callbacks->completed(ske, ske->status, NULL, NULL, NULL, NULL);
- /* Decode the payload */
- status = silc_ske_payload_start_decode(ske, start_payload, &remote_payload);
- if (status != SILC_SKE_STATUS_OK)
- return status;
+ return SILC_FSM_FINISH;
+}
- /* Take a copy of the payload buffer for future use. It is used to
- compute the HASH value. */
- ske->start_payload_copy = silc_buffer_copy(start_payload);
+/* Aborted by application */
- /* Parse and select the security properties from the payload */
- payload = silc_calloc(1, sizeof(*payload));
- status = silc_ske_select_security_properties(ske, payload, remote_payload);
- if (status != SILC_SKE_STATUS_OK)
- goto err;
+SILC_FSM_STATE(silc_ske_st_initiator_aborted)
+{
- ske->start_payload = payload;
+ return SILC_FSM_FINISH;
+}
- /* Call the callback function. */
- if (callback)
- (*callback)(ske, context);
+/* Error occurred */
- return status;
+SILC_FSM_STATE(silc_ske_st_initiator_error)
+{
- err:
- if (remote_payload)
- silc_ske_payload_start_free(remote_payload);
- if (payload)
- silc_free(payload);
+ return SILC_FSM_FINISH;
+}
- if (status == SILC_SKE_STATUS_OK)
- return SILC_SKE_STATUS_ERROR;
- return status;
+static void silc_ske_initiator_finished(SilcFSM fsm, void *fsm_context,
+ void *destructor_context)
+{
+
}
-/* The selected security properties from the initiator payload is now
- encoded into Key Exchange Start Payload and sent to the initiator. */
+/* Starts the protocol as initiator */
-SilcSKEStatus silc_ske_responder_phase_1(SilcSKE ske,
- SilcSKEStartPayload *start_payload,
- SilcSKESendPacketCb send_packet,
- void *context)
+SilcAsyncOperation
+silc_ske_initiator(SilcSKE ske,
+ SilcPacketStream stream,
+ SilcSKEStartPayload start_payload)
{
- SilcSKEStatus status = SILC_SKE_STATUS_OK;
- SilcBuffer payload_buf;
- SilcSKESecurityProperties prop;
- SilcSKEDiffieHellmanGroup group;
+ SILC_LOG_DEBUG(("Start SKE as initiator"));
- SILC_LOG_DEBUG(("Start"));
+ if (!ske || !stream || !start_payload)
+ return NULL;
- /* Allocate security properties from the payload. These are allocated
- only for this negotiation and will be free'd after KE is over. */
- ske->prop = prop = silc_calloc(1, sizeof(*prop));
- prop->flags = start_payload->flags;
- status = silc_ske_get_group_by_name(start_payload->ke_grp_list, &group);
- if (status != SILC_SKE_STATUS_OK)
- goto err;
+ if (!silc_async_init(&ske->op, silc_ske_abort, NULL, ske))
+ return NULL;
- prop->group = group;
+ if (!silc_fsm_init(&ske->fsm, ske, silc_ske_initiator_finished, ske,
+ ske->schedule))
+ return NULL;
- if (silc_pkcs_alloc(start_payload->pkcs_alg_list,
- &prop->pkcs) == FALSE) {
- status = SILC_SKE_STATUS_UNKNOWN_PKCS;
- goto err;
- }
+ ske->start_payload = start_payload;
- if (silc_cipher_alloc(start_payload->enc_alg_list,
- &prop->cipher) == FALSE) {
- status = SILC_SKE_STATUS_UNKNOWN_CIPHER;
- goto err;
- }
+ /* Link to packet stream to get key exchange packets */
+ ske->stream = stream;
+ silc_packet_stream_link(ske->stream, &silc_ske_stream_cbs, ske, 1000000,
+ SILC_PACKET_KEY_EXCHANGE,
+ SILC_PACKET_KEY_EXCHANGE_2,
+ SILC_PACKET_SUCCESS,
+ SILC_PACKET_FAILURE, -1);
- if (silc_hash_alloc(start_payload->hash_alg_list,
- &prop->hash) == FALSE) {
- status = SILC_SKE_STATUS_UNKNOWN_HASH_FUNCTION;
- goto err;
- }
+ /* Start SKE as initiator */
+ silc_fsm_start(&ske->fsm, silc_ske_st_initiator_start);
- /* Encode the payload */
- status = silc_ske_payload_start_encode(ske, start_payload, &payload_buf);
- if (status != SILC_SKE_STATUS_OK)
- goto err;
+ return &ske->op;
+}
- /* Send the packet. */
- if (send_packet)
- (*send_packet)(ske, payload_buf, SILC_PACKET_KEY_EXCHANGE, context);
- silc_buffer_free(payload_buf);
+/******************************** Responder *********************************/
- return status;
+SILC_FSM_STATE(silc_ske_st_responder_start);
+SILC_FSM_STATE(silc_ske_st_responder_phase1);
+SILC_FSM_STATE(silc_ske_st_responder_phase2);
+SILC_FSM_STATE(silc_ske_st_responder_phase3);
+SILC_FSM_STATE(silc_ske_st_responder_phase4);
+SILC_FSM_STATE(silc_ske_st_responder_phase5);
+SILC_FSM_STATE(silc_ske_st_responder_end);
+SILC_FSM_STATE(silc_ske_st_responder_aborted);
+SILC_FSM_STATE(silc_ske_st_responder_failure);
+SILC_FSM_STATE(silc_ske_st_responder_error);
- err:
- silc_free(group);
+/* Start protocol as responder. Wait initiator's start payload */
- if (prop->pkcs)
- silc_pkcs_free(prop->pkcs);
- if (prop->cipher)
- silc_cipher_free(prop->cipher);
- if (prop->hash)
- silc_hash_free(prop->hash);
- silc_free(prop);
- ske->prop = NULL;
+SILC_FSM_STATE(silc_ske_st_responder_start)
+{
+ SilcSKE ske = fsm_context;
- if (status == SILC_SKE_STATUS_OK)
- return SILC_SKE_STATUS_ERROR;
+ SILC_LOG_DEBUG(("Start"));
- return status;
+ if (ske->aborted) {
+ /** Aborted */
+ silc_fsm_next(fsm, silc_ske_st_responder_aborted);
+ return SILC_FSM_CONTINUE;
+ }
+
+ /* Start timeout */
+ /* XXX */
+
+ /** Wait for initiator */
+ silc_fsm_next(fsm, silc_ske_st_responder_phase1);
+ return SILC_FSM_WAIT;
}
-/* This function receives the Key Exchange 1 Payload from the initiator.
- After processing the payload this then selects random number x,
- such that 1 < x < q and computes f = g ^ x mod p. This then puts
- the result f to a Key Exchange 2 Payload which is later processed
- in ske_responder_finish function. The callback function should
- not touch the payload (it should merely call the ske_responder_finish
- function). */
-
-SilcSKEStatus silc_ske_responder_phase_2(SilcSKE ske,
- SilcBuffer ke1_payload,
- SilcSKECb callback,
- void *context)
+/* Decode initiator's start payload */
+
+SILC_FSM_STATE(silc_ske_st_responder_phase1)
{
- SilcSKEStatus status = SILC_SKE_STATUS_OK;
- SilcSKEOnePayload *one_payload;
- SilcSKETwoPayload *two_payload;
- SilcInt x, f;
+ SilcSKE ske = fsm_context;
+ SilcSKEStatus status;
+ SilcSKEStartPayload remote_payload = NULL, payload = NULL;
+ SilcBuffer packet_buf = &ske->packet->buffer;
SILC_LOG_DEBUG(("Start"));
- /* Decode Key Exchange 1 Payload */
- status = silc_ske_payload_one_decode(ske, ke1_payload, &one_payload);
- if (status != SILC_SKE_STATUS_OK)
- return status;
+ if (ske->aborted) {
+ /** Aborted */
+ silc_fsm_next(fsm, silc_ske_st_responder_aborted);
+ return SILC_FSM_CONTINUE;
+ }
- /* Create the random number x, 1 < x < q. */
- silc_mp_init(&x);
- status =
- silc_ske_create_rnd(ske, ske->prop->group->group_order,
- silc_mp_sizeinbase(&ske->prop->group->group_order, 2),
- &x);
+ /* See if received failure from remote */
+ if (ske->packet->type == SILC_PACKET_FAILURE) {
+ silc_fsm_next(fsm, silc_ske_st_responder_failure);
+ return SILC_FSM_CONTINUE;
+ }
+
+ /* Decode the payload */
+ status = silc_ske_payload_start_decode(ske, packet_buf, &remote_payload);
+ if (status != SILC_SKE_STATUS_OK) {
+ /** Error decoding Start Payload */
+ silc_packet_free(ske->packet);
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
+
+ /* Take a copy of the payload buffer for future use. It is used to
+ compute the HASH value. */
+ ske->start_payload_copy = silc_buffer_copy(packet_buf);
+
+ silc_packet_free(ske->packet);
+
+ /* Force the mutual authentication flag if we want to do it. */
+ if (ske->flags & SILC_SKE_SP_FLAG_MUTUAL) {
+ SILC_LOG_DEBUG(("Force mutual authentication"));
+ remote_payload->flags |= SILC_SKE_SP_FLAG_MUTUAL;
+ }
+
+ /* Force PFS flag if we require it */
+ if (ske->flags & SILC_SKE_SP_FLAG_PFS) {
+ SILC_LOG_DEBUG(("Force PFS"));
+ remote_payload->flags |= SILC_SKE_SP_FLAG_PFS;
+ }
+
+ /* Disable IV Included flag if requested */
+ if (remote_payload->flags & SILC_SKE_SP_FLAG_IV_INCLUDED &&
+ !(ske->flags & SILC_SKE_SP_FLAG_IV_INCLUDED)) {
+ SILC_LOG_DEBUG(("We do not support IV Included flag"));
+ remote_payload->flags &= ~SILC_SKE_SP_FLAG_IV_INCLUDED;
+ }
+
+ /* Parse and select the security properties from the payload */
+ payload = silc_calloc(1, sizeof(*payload));
+ status = silc_ske_select_security_properties(ske, payload, remote_payload);
if (status != SILC_SKE_STATUS_OK) {
- silc_mp_clear(&x);
- return status;
+ /** Error selecting proposal */
+ if (remote_payload)
+ silc_ske_payload_start_free(remote_payload);
+ silc_free(payload);
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
}
- SILC_LOG_DEBUG(("Computing f = g ^ x mod p"));
-
- /* Do the Diffie Hellman computation, f = g ^ x mod p */
- silc_mp_init(&f);
- silc_mp_powm(&f, &ske->prop->group->generator, &x,
- &ske->prop->group->group);
-
- /* Save the results for later processing */
- two_payload = silc_calloc(1, sizeof(*two_payload));
- two_payload->f = f;
- ske->x = x;
- ske->ke1_payload = one_payload;
- ske->ke2_payload = two_payload;
+ ske->start_payload = payload;
- /* Call the callback. */
- if (callback)
- (*callback)(ske, context);
+ silc_ske_payload_start_free(remote_payload);
- return status;
+ /** Send proposal to initiator */
+ silc_fsm_next(fsm, silc_ske_st_responder_phase2);
+ return SILC_FSM_CONTINUE;
}
-/* This function computes the secret shared key KEY = e ^ x mod p, and,
- a hash value to be signed and sent to the other end. This then
- encodes Key Exchange 2 Payload and sends it to the other end. */
-
-SilcSKEStatus silc_ske_responder_finish(SilcSKE ske,
- unsigned char *pk,
- unsigned int pk_len,
- unsigned char *prv,
- unsigned int prv_len,
- SilcSKEPKType pk_type,
- SilcSKESendPacketCb send_packet,
- void *context)
+/* Phase-2. Send Start Payload */
+
+SILC_FSM_STATE(silc_ske_st_responder_phase2)
{
- SilcSKEStatus status = SILC_SKE_STATUS_OK;
+ SilcSKE ske = fsm_context;
+ SilcSKEStatus status;
SilcBuffer payload_buf;
- SilcInt KEY;
- unsigned char hash[32], sign[256];
- unsigned int hash_len, sign_len;
+ SilcSKESecurityProperties prop;
+ SilcSKEDiffieHellmanGroup group = NULL;
SILC_LOG_DEBUG(("Start"));
- SILC_LOG_DEBUG(("Computing KEY = e ^ x mod p"));
-
- /* Compute the shared secret key */
- silc_mp_init(&KEY);
- silc_mp_powm(&KEY, &ske->ke1_payload->e, &ske->x,
- &ske->prop->group->group);
- ske->KEY = KEY;
-
- SILC_LOG_DEBUG(("Getting public key"));
-
- /* Get the public key */
- ske->ke2_payload->pk_data = silc_calloc(pk_len, sizeof(unsigned char));
- memcpy(ske->ke2_payload->pk_data, pk, pk_len);
- ske->ke2_payload->pk_len = pk_len;
- ske->ke2_payload->pk_type = pk_type;
+ /* Allocate security properties from the payload. These are allocated
+ only for this negotiation and will be free'd after KE is over. */
+ ske->prop = prop = silc_calloc(1, sizeof(*prop));
+ if (!ske->prop) {
+ status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ goto err;
+ }
+ prop->flags = ske->start_payload->flags;
+ status = silc_ske_group_get_by_name(ske->start_payload->ke_grp_list,
+ &group);
+ if (status != SILC_SKE_STATUS_OK)
+ goto err;
- SILC_LOG_DEBUG(("Computing HASH value"));
+ prop->group = group;
- /* Compute the hash value */
- memset(hash, 0, sizeof(hash));
- status = silc_ske_make_hash(ske, hash, &hash_len);
- if (status != SILC_SKE_STATUS_OK)
+ /* XXX these shouldn't be allocated before we know the remote's
+ public key type. It's unnecessary to allocate these because the
+ select_security_properties has succeeded already. */
+ if (silc_pkcs_alloc(ske->start_payload->pkcs_alg_list,
+ SILC_PKCS_SILC, &prop->pkcs) == FALSE) {
+ status = SILC_SKE_STATUS_UNKNOWN_PKCS;
+ goto err;
+ }
+ if (silc_cipher_alloc(ske->start_payload->enc_alg_list,
+ &prop->cipher) == FALSE) {
+ status = SILC_SKE_STATUS_UNKNOWN_CIPHER;
goto err;
+ }
+ if (silc_hash_alloc(ske->start_payload->hash_alg_list,
+ &prop->hash) == FALSE) {
+ status = SILC_SKE_STATUS_UNKNOWN_HASH_FUNCTION;
+ goto err;
+ }
+ if (silc_hmac_alloc(ske->start_payload->hmac_alg_list, NULL,
+ &prop->hmac) == FALSE) {
+ status = SILC_SKE_STATUS_UNKNOWN_HMAC;
+ goto err;
+ }
- ske->hash = silc_calloc(hash_len, sizeof(unsigned char));
- memcpy(ske->hash, hash, hash_len);
- ske->hash_len = hash_len;
-
- SILC_LOG_DEBUG(("Signing HASH value"));
-
- /* Sign the hash value */
- silc_pkcs_set_private_key(ske->prop->pkcs, prv, prv_len);
- ske->prop->pkcs->pkcs->sign(ske->prop->pkcs->context,
- hash, hash_len,
- sign, &sign_len);
- ske->ke2_payload->sign_data = silc_calloc(sign_len, sizeof(unsigned char));
- memcpy(ske->ke2_payload->sign_data, sign, sign_len);
- memset(sign, 0, sizeof(sign));
- ske->ke2_payload->sign_len = sign_len;
-
- /* Encode the Key Exchange 2 Payload */
- status = silc_ske_payload_two_encode(ske, ske->ke2_payload,
- &payload_buf);
+ /* Encode the payload */
+ status = silc_ske_payload_start_encode(ske, ske->start_payload,
+ &payload_buf);
if (status != SILC_SKE_STATUS_OK)
goto err;
/* Send the packet. */
- if (send_packet)
- (*send_packet)(ske, payload_buf, SILC_PACKET_KEY_EXCHANGE_2, context);
+ if (!silc_packet_send(ske->stream, SILC_PACKET_KEY_EXCHANGE, 0,
+ payload_buf->data, silc_buffer_len(payload_buf)))
+ goto err;
silc_buffer_free(payload_buf);
- return status;
+ /** Waiting initiator's KE payload */
+ silc_fsm_next(fsm, silc_ske_st_responder_phase3);
+ return SILC_FSM_WAIT;
err:
- silc_mp_clear(&ske->KEY);
- silc_ske_payload_two_free(ske->ke2_payload);
+ if (group)
+ silc_ske_group_free(group);
+
+ if (prop->pkcs)
+ silc_pkcs_free(prop->pkcs);
+ if (prop->cipher)
+ silc_cipher_free(prop->cipher);
+ if (prop->hash)
+ silc_hash_free(prop->hash);
+ if (prop->hmac)
+ silc_hmac_free(prop->hmac);
+ silc_free(prop);
+ ske->prop = NULL;
if (status == SILC_SKE_STATUS_OK)
- return SILC_SKE_STATUS_ERROR;
+ status = SILC_SKE_STATUS_ERROR;
- return status;
+ /** Error */
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
}
-/* The Key Exchange protocol is ended by calling this function. This
- must not be called until the keys are processed like the protocol
- defines. This function is for both initiator and responder. */
+/* Phase-3. Decode initiator's KE payload */
-SilcSKEStatus silc_ske_end(SilcSKE ske,
- SilcSKESendPacketCb send_packet,
- void *context)
+SILC_FSM_STATE(silc_ske_st_responder_phase3)
{
- SilcSKEStatus status = SILC_SKE_STATUS_OK;
- SilcBuffer packet;
+ SilcSKE ske = fsm_context;
+ SilcSKEStatus status;
+ SilcSKEKEPayload recv_payload;
+ SilcBuffer packet_buf = &ske->packet->buffer;
SILC_LOG_DEBUG(("Start"));
- packet = silc_buffer_alloc(1);
- packet->len = 0;
+ if (ske->aborted) {
+ /** Aborted */
+ silc_fsm_next(fsm, silc_ske_st_responder_aborted);
+ return SILC_FSM_CONTINUE;
+ }
- if (send_packet)
- (*send_packet)(ske, packet, SILC_PACKET_SUCCESS, context);
+ /* See if received failure from remote */
+ if (ske->packet->type == SILC_PACKET_FAILURE) {
+ silc_fsm_next(fsm, silc_ske_st_responder_failure);
+ return SILC_FSM_CONTINUE;
+ }
- return status;
-}
+ /* Decode Key Exchange Payload */
+ status = silc_ske_payload_ke_decode(ske, packet_buf, &recv_payload);
+ if (status != SILC_SKE_STATUS_OK) {
+ /** Error decoding KE payload */
+ silc_packet_free(ske->packet);
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
-/* Aborts the Key Exchange protocol. This is called if error occurs
- while performing the protocol. The status argument is the error
- status and it is sent to the remote end. */
+ ske->ke1_payload = recv_payload;
-SilcSKEStatus silc_ske_abort(SilcSKE ske, SilcSKEStatus status,
- SilcSKESendPacketCb send_packet,
- void *context)
-{
- SilcBuffer packet;
+ silc_packet_free(ske->packet);
- SILC_LOG_DEBUG(("Start"));
+ /* Verify the received public key and verify the signature if we are
+ doing mutual authentication. */
+ if (ske->start_payload &&
+ ske->start_payload->flags & SILC_SKE_SP_FLAG_MUTUAL) {
- packet = silc_buffer_alloc(4);
- silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
- silc_buffer_format(packet,
- SILC_STR_UI_SHORT(status),
- SILC_STR_END);
+ SILC_LOG_DEBUG(("We are doing mutual authentication"));
- if (send_packet)
- (*send_packet)(ske, packet, SILC_PACKET_FAILURE, context);
+ if (!recv_payload->pk_data && ske->callbacks->verify_key) {
+ /** Public key not provided */
+ SILC_LOG_ERROR(("Remote end did not send its public key (or "
+ "certificate), even though we require it"));
+ ske->status = SILC_SKE_STATUS_PUBLIC_KEY_NOT_PROVIDED;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
- silc_buffer_free(packet);
+ if (recv_payload->pk_data && ske->callbacks->verify_key) {
+ SILC_LOG_DEBUG(("Verifying public key"));
+
+ /** Waiting public key verification */
+ silc_fsm_next(fsm, silc_ske_st_responder_phase4);
+ SILC_FSM_CALL(ske->callbacks->verify_key(ske, recv_payload->pk_data,
+ recv_payload->pk_len,
+ recv_payload->pk_type,
+ ske->callbacks->context,
+ silc_ske_pk_verified, NULL));
+ /* NOT REACHED */
+ }
+ }
- return SILC_SKE_STATUS_OK;
+ /** Generate KE2 payload */
+ silc_fsm_next(fsm, silc_ske_st_responder_phase4);
+ return SILC_FSM_CONTINUE;
}
-/* Assembles security properties to Key Exchange Start Payload to be
- sent to the remote end. This checks system wide (SILC system, that is)
- settings and chooses from those. However, if other properties
- should be used this function is easy to replace by another function,
- as, this function is called by the caller of the protocol and not
- by the protocol itself. */
+/* Phase-4. Generate KE2 payload */
-SilcSKEStatus
-silc_ske_assemble_security_properties(SilcSKE ske,
- SilcSKEStartPayload **return_payload)
+SILC_FSM_STATE(silc_ske_st_responder_phase4)
{
- SilcSKEStartPayload *rp;
-
- SILC_LOG_DEBUG(("Assembling KE Start Payload"));
-
- rp = silc_calloc(1, sizeof(*rp));
-
- /* XXX */
- /* Set flags */
- rp->flags = 0;
-
- /* XXX */
- /* Cookie */
- rp->cookie = silc_calloc(SILC_SKE_COOKIE_LEN, sizeof(unsigned char));
- rp->cookie_len = SILC_SKE_COOKIE_LEN;
- memcpy(rp->cookie, "1234567890123456", SILC_SKE_COOKIE_LEN);
-
- /* Get supported Key Exhange groups */
- rp->ke_grp_list = silc_ske_get_supported_groups();
- rp->ke_grp_len = strlen(rp->ke_grp_list);
-
- /* Get supported PKCS algorithms */
- rp->pkcs_alg_list = silc_pkcs_get_supported();
- rp->pkcs_alg_len = strlen(rp->pkcs_alg_list);
+ SilcSKE ske = fsm_context;
+ SilcSKEStatus status;
+ SilcSKEKEPayload recv_payload, send_payload;
+ SilcMPInt *x, *KEY;
+
+ if (ske->aborted) {
+ /** Aborted */
+ silc_fsm_next(fsm, silc_ske_st_responder_aborted);
+ return SILC_FSM_CONTINUE;
+ }
- /* Get supported encryption algorithms */
- rp->enc_alg_list = silc_cipher_get_supported();
- rp->enc_alg_len = strlen(rp->enc_alg_list);
+ /* Check result of public key verification */
+ if (ske->status != SILC_SKE_STATUS_OK) {
+ /** Public key not verified */
+ SILC_LOG_DEBUG(("Public key verification failed"));
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
+ }
- /* Get supported hash algorithms */
- rp->hash_alg_list = silc_hash_get_supported();
- rp->hash_alg_len = strlen(rp->hash_alg_list);
+ recv_payload = ske->ke1_payload;
+
+ /* The public key verification was performed only if the Mutual
+ Authentication flag is set. */
+ if (ske->start_payload &&
+ ske->start_payload->flags & SILC_SKE_SP_FLAG_MUTUAL) {
+ SilcPublicKey public_key = NULL;
+ unsigned char hash[SILC_HASH_MAXLEN];
+ SilcUInt32 hash_len;
+
+ /* Decode the public key */
+ if (!silc_pkcs_public_key_decode(recv_payload->pk_data,
+ recv_payload->pk_len,
+ &public_key)) {
+ /** Error decoding public key */
+ SILC_LOG_ERROR(("Unsupported/malformed public key received"));
+ ske->status = SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
- /* XXX */
- /* Get supported compression algorithms */
- rp->comp_alg_list = "";
- rp->comp_alg_len = 0;
+ SILC_LOG_DEBUG(("Public key is authentic"));
- rp->len = 1 + 1 + 2 + SILC_SKE_COOKIE_LEN +
- 2 + rp->ke_grp_len + 2 + rp->pkcs_alg_len +
- 2 + rp->enc_alg_len + 2 + rp->hash_alg_len +
- 2 + rp->comp_alg_len;
+ /* Compute the hash value */
+ status = silc_ske_make_hash(ske, hash, &hash_len, TRUE);
+ if (status != SILC_SKE_STATUS_OK) {
+ /** Error computing hash */
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
- *return_payload = rp;
+ SILC_LOG_DEBUG(("Verifying signature (HASH_i)"));
+
+ /* Verify signature */
+ silc_pkcs_public_key_set(ske->prop->pkcs, public_key);
+ if (silc_pkcs_verify(ske->prop->pkcs, recv_payload->sign_data,
+ recv_payload->sign_len, hash, hash_len) == FALSE) {
+ /** Incorrect signature */
+ SILC_LOG_ERROR(("Signature verification failed, incorrect signature"));
+ ske->status = SILC_SKE_STATUS_INCORRECT_SIGNATURE;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
- return SILC_SKE_STATUS_OK;
-}
+ SILC_LOG_DEBUG(("Signature is Ok"));
-/* Selects the supported security properties from the remote end's Key
- Exchange Start Payload. */
+ silc_pkcs_public_key_free(public_key);
+ memset(hash, 'F', hash_len);
+ }
-SilcSKEStatus
-silc_ske_select_security_properties(SilcSKE ske,
- SilcSKEStartPayload *payload,
- SilcSKEStartPayload *remote_payload)
-{
- SilcSKEStartPayload *rp;
- char *cp;
- int len;
+ /* Create the random number x, 1 < x < q. */
+ x = silc_calloc(1, sizeof(*x));
+ silc_mp_init(x);
+ status =
+ silc_ske_create_rnd(ske, &ske->prop->group->group_order,
+ silc_mp_sizeinbase(&ske->prop->group->group_order, 2),
+ x);
+ if (status != SILC_SKE_STATUS_OK) {
+ /** Error generating random number */
+ silc_mp_uninit(x);
+ silc_free(x);
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
- SILC_LOG_DEBUG(("Parsing KE Start Payload"));
+ /* Save the results for later processing */
+ send_payload = silc_calloc(1, sizeof(*send_payload));
+ ske->x = x;
+ ske->ke2_payload = send_payload;
- rp = remote_payload;
+ SILC_LOG_DEBUG(("Computing f = g ^ x mod p"));
- /* Flags are returned unchanged. */
- payload->flags = rp->flags;
+ /* Do the Diffie Hellman computation, f = g ^ x mod p */
+ silc_mp_init(&send_payload->x);
+ silc_mp_pow_mod(&send_payload->x, &ske->prop->group->generator, x,
+ &ske->prop->group->group);
- /* XXX Cookie check?? */
- payload->cookie = silc_calloc(SILC_SKE_COOKIE_LEN, sizeof(unsigned char));
- payload->cookie_len = SILC_SKE_COOKIE_LEN;
- memcpy(payload->cookie, rp->cookie, SILC_SKE_COOKIE_LEN);
+ SILC_LOG_DEBUG(("Computing KEY = e ^ x mod p"));
- /* Get supported Key Exchange groups */
- cp = rp->ke_grp_list;
- if (cp && strchr(cp, ',')) {
- while(cp) {
- char *item;
+ /* Compute the shared secret key */
+ KEY = silc_calloc(1, sizeof(*KEY));
+ silc_mp_init(KEY);
+ silc_mp_pow_mod(KEY, &ske->ke1_payload->x, ske->x,
+ &ske->prop->group->group);
+ ske->KEY = KEY;
- len = strcspn(cp, ",");
- item = silc_calloc(len + 1, sizeof(char));
- memcpy(item, cp, len);
+ /** Send KE2 payload */
+ silc_fsm_next(fsm, silc_ske_st_responder_phase5);
+ return SILC_FSM_CONTINUE;
+}
- SILC_LOG_DEBUG(("Proposed KE group `%s'", item));
+/* Phase-5. Send KE2 payload */
- if (silc_ske_get_group_by_name(item, NULL) == SILC_SKE_STATUS_OK) {
- SILC_LOG_DEBUG(("Found KE group `%s'", item));
+SILC_FSM_STATE(silc_ske_st_responder_phase5)
+{
+ SilcSKE ske = fsm_context;
+ SilcSKEStatus status;
+ SilcBuffer payload_buf;
+ unsigned char hash[SILC_HASH_MAXLEN], sign[2048 + 1], *pk;
+ SilcUInt32 hash_len, sign_len, pk_len;
- payload->ke_grp_len = len;
- payload->ke_grp_list = item;
- break;
- }
+ SILC_LOG_DEBUG(("Start"));
- cp += len;
- if (strlen(cp) == 0)
- cp = NULL;
- else
- cp++;
+ if (ske->public_key && ske->private_key) {
+ SILC_LOG_DEBUG(("Getting public key"));
- if (item)
- silc_free(item);
+ /* Get the public key */
+ pk = silc_pkcs_public_key_encode(ske->public_key, &pk_len);
+ if (!pk) {
+ /** Error encoding public key */
+ status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
}
+ ske->ke2_payload->pk_data = pk;
+ ske->ke2_payload->pk_len = pk_len;
- if (!payload->ke_grp_len && !payload->ke_grp_list) {
- SILC_LOG_DEBUG(("Could not find supported KE group"));
- silc_free(payload);
- return SILC_SKE_STATUS_UNKNOWN_GROUP;
- }
- } else {
+ SILC_LOG_DEBUG(("Computing HASH value"));
- if (!rp->ke_grp_len) {
- SILC_LOG_DEBUG(("KE group not defined in payload"));
- silc_free(payload);
- return SILC_SKE_STATUS_BAD_PAYLOAD;
+ /* Compute the hash value */
+ memset(hash, 0, sizeof(hash));
+ status = silc_ske_make_hash(ske, hash, &hash_len, FALSE);
+ if (status != SILC_SKE_STATUS_OK) {
+ /** Error computing hash */
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
}
- SILC_LOG_DEBUG(("Proposed KE group `%s'", rp->ke_grp_list));
- SILC_LOG_DEBUG(("Found KE group `%s'", rp->ke_grp_list));
-
- payload->ke_grp_len = rp->ke_grp_len;
- payload->ke_grp_list = strdup(rp->ke_grp_list);
- }
-
- /* Get supported PKCS algorithms */
- cp = rp->pkcs_alg_list;
- if (cp && strchr(cp, ',')) {
- while(cp) {
- char *item;
-
- len = strcspn(cp, ",");
- item = silc_calloc(len + 1, sizeof(char));
- memcpy(item, cp, len);
-
- SILC_LOG_DEBUG(("Proposed PKCS alg `%s'", item));
+ ske->hash = silc_memdup(hash, hash_len);
+ ske->hash_len = hash_len;
- if (silc_pkcs_is_supported(item) == TRUE) {
- SILC_LOG_DEBUG(("Found PKCS alg `%s'", item));
+ SILC_LOG_DEBUG(("Signing HASH value"));
- payload->pkcs_alg_len = len;
- payload->pkcs_alg_list = item;
- break;
- }
+ /* Sign the hash value */
+ silc_pkcs_private_key_data_set(ske->prop->pkcs, ske->private_key->prv,
+ ske->private_key->prv_len);
+ if (silc_pkcs_get_key_len(ske->prop->pkcs) / 8 > sizeof(sign) - 1 ||
+ !silc_pkcs_sign(ske->prop->pkcs, hash, hash_len, sign, &sign_len)) {
+ /** Error computing signature */
+ status = SILC_SKE_STATUS_SIGNATURE_ERROR;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
+ ske->ke2_payload->sign_data = silc_memdup(sign, sign_len);
+ ske->ke2_payload->sign_len = sign_len;
+ memset(sign, 0, sizeof(sign));
+ }
+ ske->ke2_payload->pk_type = ske->pk_type;
- cp += len;
- if (strlen(cp) == 0)
- cp = NULL;
- else
- cp++;
+ /* Encode the Key Exchange Payload */
+ status = silc_ske_payload_ke_encode(ske, ske->ke2_payload,
+ &payload_buf);
+ if (status != SILC_SKE_STATUS_OK) {
+ /** Error encoding KE payload */
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
- if (item)
- silc_free(item);
- }
+ /* Send the packet. */
+ if (!silc_packet_send(ske->stream, SILC_PACKET_KEY_EXCHANGE_2, 0,
+ payload_buf->data, silc_buffer_len(payload_buf))) {
+ ske->status = SILC_SKE_STATUS_ERROR;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
- if (!payload->pkcs_alg_len && !payload->pkcs_alg_list) {
- SILC_LOG_DEBUG(("Could not find supported PKCS alg"));
- silc_free(payload->ke_grp_list);
- silc_free(payload);
- return SILC_SKE_STATUS_UNKNOWN_PKCS;
- }
- } else {
+ silc_buffer_free(payload_buf);
- if (!rp->pkcs_alg_len) {
- SILC_LOG_DEBUG(("PKCS alg not defined in payload"));
- silc_free(payload->ke_grp_list);
- silc_free(payload);
- return SILC_SKE_STATUS_BAD_PAYLOAD;
- }
+ /** Waiting completion */
+ silc_fsm_next(fsm, silc_ske_st_responder_end);
+ return SILC_FSM_WAIT;
+}
- SILC_LOG_DEBUG(("Proposed PKCS alg `%s'", rp->pkcs_alg_list));
- SILC_LOG_DEBUG(("Found PKCS alg `%s'", rp->pkcs_alg_list));
+/* Protocol completed */
- payload->pkcs_alg_len = rp->pkcs_alg_len;
- payload->pkcs_alg_list = strdup(rp->pkcs_alg_list);
+SILC_FSM_STATE(silc_ske_st_responder_end)
+{
+ SilcSKE ske = fsm_context;
+ unsigned char tmp[4];
+ SilcUInt32 hash_len, key_len, block_len;
+
+ if (ske->aborted) {
+ /** Aborted */
+ silc_fsm_next(fsm, silc_ske_st_responder_aborted);
+ return SILC_FSM_CONTINUE;
}
- /* Get supported encryption algorithms */
- cp = rp->enc_alg_list;
- if (cp && strchr(cp, ',')) {
- while(cp) {
- char *item;
-
- len = strcspn(cp, ",");
- item = silc_calloc(len + 1, sizeof(char));
- memcpy(item, cp, len);
+ /* Check the result of the protocol */
+ if (ske->packet->type == SILC_PACKET_FAILURE) {
+ silc_fsm_next(fsm, silc_ske_st_responder_failure);
+ return SILC_FSM_CONTINUE;
+ }
+ silc_packet_free(ske->packet);
+
+ /* Process key material */
+ key_len = silc_cipher_get_key_len(ske->prop->cipher);
+ block_len = silc_cipher_get_key_len(ske->prop->cipher);
+ hash_len = silc_hash_len(ske->prop->hash);
+ ske->keymat = silc_ske_process_key_material(ske, block_len,
+ key_len, hash_len);
+ if (!ske->keymat) {
+ /** Error processing key material */
+ ske->status = SILC_SKE_STATUS_ERROR;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
- SILC_LOG_DEBUG(("Proposed encryption alg `%s'", item));
+ /* Send SUCCESS packet */
+ SILC_PUT32_MSB(SILC_SKE_STATUS_OK, tmp);
+ silc_packet_send(ske->stream, SILC_PACKET_SUCCESS, 0, tmp, 4);
- if (silc_cipher_is_supported(item) == TRUE) {
- SILC_LOG_DEBUG(("Found encryption alg `%s'", item));
+ silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
- payload->enc_alg_len = len;
- payload->enc_alg_list = item;
- break;
- }
+ /* Call the completion callback */
+ if (ske->callbacks->completed)
+ ske->callbacks->completed(ske, ske->status, ske->prop, ske->keymat,
+ ske->rekey, ske->callbacks->context);
- cp += len;
- if (strlen(cp) == 0)
- cp = NULL;
- else
- cp++;
+ return SILC_FSM_FINISH;
+}
- if (item)
- silc_free(item);
- }
+/* Aborted by application */
- if (!payload->enc_alg_len && !payload->enc_alg_list) {
- SILC_LOG_DEBUG(("Could not find supported encryption alg"));
- silc_free(payload->ke_grp_list);
- silc_free(payload->pkcs_alg_list);
- silc_free(payload);
- return SILC_SKE_STATUS_UNKNOWN_CIPHER;
- }
- } else {
+SILC_FSM_STATE(silc_ske_st_responder_aborted)
+{
+ SilcSKE ske = fsm_context;
+ unsigned char tmp[4];
- if (!rp->enc_alg_len) {
- SILC_LOG_DEBUG(("Encryption alg not defined in payload"));
- silc_free(payload->ke_grp_list);
- silc_free(payload->pkcs_alg_list);
- silc_free(payload);
- return SILC_SKE_STATUS_BAD_PAYLOAD;
- }
+ SILC_LOG_DEBUG(("Key exchange protocol aborted"));
- SILC_LOG_DEBUG(("Proposed encryption alg `%s' and selected it",
- rp->enc_alg_list));
+ /* Send FAILURE packet */
+ SILC_PUT32_MSB(SILC_SKE_STATUS_ERROR, tmp);
+ silc_packet_send(ske->stream, SILC_PACKET_FAILURE, 0, tmp, 4);
- payload->enc_alg_len = rp->enc_alg_len;
- payload->enc_alg_list = strdup(rp->enc_alg_list);
- }
+ silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
- /* Get supported hash algorithms */
- cp = rp->hash_alg_list;
- if (cp && strchr(cp, ',')) {
- while(cp) {
- char *item;
+ return SILC_FSM_FINISH;
+}
- len = strcspn(cp, ",");
- item = silc_calloc(len + 1, sizeof(char));
- memcpy(item, cp, len);
+/* Failure received from remote */
- SILC_LOG_DEBUG(("Proposed hash alg `%s'", item));
+SILC_FSM_STATE(silc_ske_st_responder_failure)
+{
+ SilcSKE ske = fsm_context;
+ SilcUInt32 error = SILC_SKE_STATUS_ERROR;
- if (silc_hash_is_supported(item) == TRUE) {
- SILC_LOG_DEBUG(("Found hash alg `%s'", item));
+ SILC_LOG_DEBUG(("Key exchange protocol failed"));
- payload->hash_alg_len = len;
- payload->hash_alg_list = item;
- break;
- }
+ if (silc_buffer_len(&ske->packet->buffer) == 4)
+ SILC_GET32_MSB(error, ske->packet->buffer.data);
+ ske->status = error;
- cp += len;
- if (strlen(cp) == 0)
- cp = NULL;
- else
- cp++;
+ /* Call the completion callback */
+ if (ske->callbacks->completed)
+ ske->callbacks->completed(ske, ske->status, NULL, NULL, NULL,
+ ske->callbacks->context);
- if (item)
- silc_free(item);
- }
+ silc_packet_free(ske->packet);
+ silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
- if (!payload->hash_alg_len && !payload->hash_alg_list) {
- SILC_LOG_DEBUG(("Could not find supported hash alg"));
- silc_free(payload->ke_grp_list);
- silc_free(payload->pkcs_alg_list);
- silc_free(payload->enc_alg_list);
- silc_free(payload);
- return SILC_SKE_STATUS_UNKNOWN_HASH_FUNCTION;
- }
- } else {
+ return SILC_FSM_FINISH;
+}
- if (!rp->hash_alg_len) {
- SILC_LOG_DEBUG(("Hash alg not defined in payload"));
- silc_free(payload->ke_grp_list);
- silc_free(payload->pkcs_alg_list);
- silc_free(payload->enc_alg_list);
- silc_free(payload);
- return SILC_SKE_STATUS_BAD_PAYLOAD;
- }
+/* Error occurred */
- SILC_LOG_DEBUG(("Proposed hash alg `%s' and selected it",
- rp->hash_alg_list));
+SILC_FSM_STATE(silc_ske_st_responder_error)
+{
+ SilcSKE ske = fsm_context;
+ unsigned char tmp[4];
- payload->hash_alg_len = rp->hash_alg_len;
- payload->hash_alg_list = strdup(rp->hash_alg_list);
- }
+ SILC_LOG_DEBUG(("Error %d (%s) during key exchange protocol",
+ ske->status, silc_ske_map_status(ske->status)));
-#if 0
- /* Get supported compression algorithms */
- cp = rp->hash_alg_list;
- if (cp && strchr(cp, ',')) {
- while(cp) {
- char *item;
+ /* Send FAILURE packet */
+ if (ske->status > SILC_SKE_STATUS_INVALID_COOKIE)
+ ske->status = SILC_SKE_STATUS_BAD_PAYLOAD;
+ SILC_PUT32_MSB(ske->status, tmp);
+ silc_packet_send(ske->stream, SILC_PACKET_FAILURE, 0, tmp, 4);
- len = strcspn(cp, ",");
- item = silc_calloc(len + 1, sizeof(char));
- memcpy(item, cp, len);
+ silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
- SILC_LOG_DEBUG(("Proposed hash alg `%s'", item));
+ return SILC_FSM_FINISH;
+}
- if (silc_hash_is_supported(item) == TRUE) {
- SILC_LOG_DEBUG(("Found hash alg `%s'", item));
- payload->hash_alg_len = len;
- payload->hash_alg_list = item;
- break;
- }
+static void silc_ske_responder_finished(SilcFSM fsm, void *fsm_context,
+ void *destructor_context)
+{
- cp += len;
- if (strlen(cp) == 0)
- cp = NULL;
- else
- cp++;
+}
- if (item)
- silc_free(item);
- }
+/* Starts the protocol as responder. */
- if (!payload->hash_alg_len && !payload->hash_alg_list) {
- SILC_LOG_DEBUG(("Could not find supported hash alg"));
- silc_ske_abort(ske, SILC_SKE_STATUS_UNKNOWN_HASH_FUNCTION);
- silc_free(payload->ke_grp_list);
- silc_free(payload->pkcs_alg_list);
- silc_free(payload->enc_alg_list);
- silc_free(payload);
- return;
- }
- } else {
+SilcAsyncOperation
+silc_ske_responder(SilcSKE ske,
+ SilcPacketStream stream,
+ const char *version,
+ SilcSKESecurityPropertyFlag flags)
+{
+ SILC_LOG_DEBUG(("Start SKE as responder"));
+ if (!ske || !stream || !version) {
+ return NULL;
}
-#endif
- payload->len = 1 + 1 + 2 + SILC_SKE_COOKIE_LEN +
- 2 + payload->ke_grp_len + 2 + payload->pkcs_alg_len +
- 2 + payload->enc_alg_len + 2 + payload->hash_alg_len +
- 2 + payload->comp_alg_len;
+ if (!silc_async_init(&ske->op, silc_ske_abort, NULL, ske))
+ return NULL;
- return SILC_SKE_STATUS_OK;
+ if (!silc_fsm_init(&ske->fsm, ske, silc_ske_responder_finished, ske,
+ ske->schedule))
+ return NULL;
+
+ ske->flags = flags;
+ ske->version = strdup(version);
+ if (!ske->version)
+ return NULL;
+ ske->responder = TRUE;
+
+ /* Link to packet stream to get key exchange packets */
+ ske->stream = stream;
+ silc_packet_stream_link(ske->stream, &silc_ske_stream_cbs, ske, 1000000,
+ SILC_PACKET_KEY_EXCHANGE,
+ SILC_PACKET_KEY_EXCHANGE_1,
+ SILC_PACKET_SUCCESS,
+ SILC_PACKET_FAILURE, -1);
+
+ /* Start SKE as responder */
+ silc_fsm_start(&ske->fsm, silc_ske_st_responder_start);
+
+ return &ske->op;
}
-/* Creates random number such that 1 < rnd < n and at most length
- of len bits. The rnd sent as argument must be initialized. */
+SILC_FSM_STATE(silc_ske_st_rekey_initiator_start);
-SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcInt n,
- unsigned int len,
- SilcInt *rnd)
+SILC_FSM_STATE(silc_ske_st_rekey_initiator_start)
{
- SilcSKEStatus status = SILC_SKE_STATUS_OK;
- unsigned char *string;
+ return SILC_FSM_FINISH;
+}
- SILC_LOG_DEBUG(("Creating random number"));
+/* Starts rekey protocol as initiator */
- /* Get the random number as string */
- string = silc_rng_get_rn_string(ske->rng, (len / 8));
+SilcAsyncOperation
+silc_ske_rekey_initiator(SilcSKE ske,
+ SilcPacketStream stream,
+ SilcSKERekeyMaterial rekey)
+{
+ SILC_LOG_DEBUG(("Start SKE rekey as initator"));
- /* Decode the string into a MP integer */
- silc_mp_set_str(rnd, string, 16);
- silc_mp_mod_2exp(rnd, rnd, len);
+ if (!ske || !stream || !rekey)
+ return NULL;
- /* Checks */
- if (silc_mp_cmp_ui(rnd, 1) < 0)
- status = SILC_SKE_STATUS_ERROR;
+ if (!silc_async_init(&ske->op, silc_ske_abort, NULL, ske))
+ return NULL;
- if (silc_mp_cmp(rnd, &n) >= 0)
- status = SILC_SKE_STATUS_ERROR;
+ if (!silc_fsm_init(&ske->fsm, ske, NULL, NULL, ske->schedule))
+ return NULL;
- memset(string, 'F', (len / 8));
- silc_free(string);
+ ske->rekey = rekey;
- return status;
+ /* Link to packet stream to get key exchange packets */
+ ske->stream = stream;
+
+ /* Start SKE rekey as initiator */
+ silc_fsm_start(&ske->fsm, silc_ske_st_rekey_initiator_start);
+
+ return &ske->op;
}
-/* XXX TODO */
+SILC_FSM_STATE(silc_ske_st_rekey_responder_start);
-SilcSKEStatus silc_ske_verify_public_key(SilcSKE ske,
- unsigned char *pubkey,
- unsigned int pubkey_len)
+SILC_FSM_STATE(silc_ske_st_rekey_responder_start)
{
- SilcSKEStatus status = SILC_SKE_STATUS_OK;
+ return SILC_FSM_FINISH;
+}
- return status;
+/* Starts rekey protocol as responder */
+
+SilcAsyncOperation
+silc_ske_rekey_responder(SilcSKE ske,
+ SilcPacketStream stream,
+ SilcBuffer ke_payload,
+ SilcSKERekeyMaterial rekey)
+{
+ SILC_LOG_DEBUG(("Start SKE rekey as responder"));
+
+ if (!ske || !stream || !rekey)
+ return NULL;
+ if (rekey->pfs && !ke_payload)
+ return NULL;
+
+ if (!silc_async_init(&ske->op, silc_ske_abort, NULL, ske))
+ return NULL;
+
+ if (!silc_fsm_init(&ske->fsm, ske, NULL, NULL, ske->schedule))
+ return NULL;
+
+ // ske->packet_buf = ke_payload;
+ ske->rekey = rekey;
+
+ /* Link to packet stream to get key exchange packets */
+ ske->stream = stream;
+
+ /* Start SKE rekey as responder */
+ silc_fsm_start(&ske->fsm, silc_ske_st_rekey_responder_start);
+
+ return &ske->op;
}
-/* Creates a hash value HASH as defined in the SKE protocol. */
+/* Assembles security properties */
-SilcSKEStatus silc_ske_make_hash(SilcSKE ske,
- unsigned char *return_hash,
- unsigned int *return_hash_len)
+SilcSKEStartPayload
+silc_ske_assemble_security_properties(SilcSKE ske,
+ SilcSKESecurityPropertyFlag flags,
+ const char *version)
{
- SilcSKEStatus status = SILC_SKE_STATUS_OK;
- SilcBuffer buf;
- unsigned char *e, *f, *KEY;
- unsigned int e_len, f_len, KEY_len;
+ SilcSKEStartPayload rp;
+ int i;
- SILC_LOG_DEBUG(("Start"));
+ SILC_LOG_DEBUG(("Assembling KE Start Payload"));
- e_len = silc_mp_sizeinbase(&ske->ke1_payload->e, 16);
- e = silc_calloc(e_len + 1, sizeof(unsigned char));
- silc_mp_get_str(e, 16, &ske->ke1_payload->e);
+ rp = silc_calloc(1, sizeof(*rp));
- f_len = silc_mp_sizeinbase(&ske->ke2_payload->f, 16);
- f = silc_calloc(f_len + 1, sizeof(unsigned char));
- silc_mp_get_str(f, 16, &ske->ke2_payload->f);
+ /* Set flags */
+ rp->flags = (unsigned char)flags;
- KEY_len = silc_mp_sizeinbase(&ske->KEY, 16);
- KEY = silc_calloc(KEY_len + 1, sizeof(unsigned char));
- silc_mp_get_str(KEY, 16, &ske->KEY);
+ /* Set random cookie */
+ rp->cookie = silc_calloc(SILC_SKE_COOKIE_LEN, sizeof(*rp->cookie));
+ for (i = 0; i < SILC_SKE_COOKIE_LEN; i++)
+ rp->cookie[i] = silc_rng_get_byte_fast(ske->rng);
+ rp->cookie_len = SILC_SKE_COOKIE_LEN;
- buf = silc_buffer_alloc(ske->start_payload_copy->len +
- ske->pk_len + e_len + f_len + KEY_len);
- silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
+ /* Put version */
+ rp->version = strdup(version);
+ rp->version_len = strlen(version);
- /* Format the buffer used to compute the hash value */
- silc_buffer_format(buf,
- SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
- ske->start_payload_copy->len),
- SILC_STR_UI_XNSTRING(ske->pk, ske->pk_len),
- SILC_STR_UI_XNSTRING(e, e_len),
- SILC_STR_UI_XNSTRING(f, f_len),
- SILC_STR_UI_XNSTRING(KEY, KEY_len),
- SILC_STR_END);
+ /* Get supported Key Exhange groups */
+ rp->ke_grp_list = silc_ske_get_supported_groups();
+ rp->ke_grp_len = strlen(rp->ke_grp_list);
-#if 0
- SILC_LOG_HEXDUMP(("Hash buffer"), buf->data, buf->len);
-#endif
+ /* Get supported PKCS algorithms */
+ rp->pkcs_alg_list = silc_pkcs_get_supported();
+ rp->pkcs_alg_len = strlen(rp->pkcs_alg_list);
- /* Make the hash */
- silc_hash_make(ske->prop->hash, buf->data, buf->len, return_hash);
- *return_hash_len = ske->prop->hash->hash->hash_len;
+ /* Get supported encryption algorithms */
+ rp->enc_alg_list = silc_cipher_get_supported();
+ rp->enc_alg_len = strlen(rp->enc_alg_list);
+
+ /* Get supported hash algorithms */
+ rp->hash_alg_list = silc_hash_get_supported();
+ rp->hash_alg_len = strlen(rp->hash_alg_list);
- SILC_LOG_HEXDUMP(("Hash"), return_hash, *return_hash_len);
+ /* Get supported HMACs */
+ rp->hmac_alg_list = silc_hmac_get_supported();
+ rp->hmac_alg_len = strlen(rp->hmac_alg_list);
- silc_buffer_free(buf);
- memset(e, 0, e_len);
- memset(f, 0, f_len);
- memset(KEY, 0, KEY_len);
- silc_free(e);
- silc_free(f);
- silc_free(KEY);
+ /* XXX */
+ /* Get supported compression algorithms */
+ rp->comp_alg_list = strdup("none");
+ rp->comp_alg_len = strlen("none");
- return status;
+ rp->len = 1 + 1 + 2 + SILC_SKE_COOKIE_LEN +
+ 2 + rp->version_len +
+ 2 + rp->ke_grp_len + 2 + rp->pkcs_alg_len +
+ 2 + rp->enc_alg_len + 2 + rp->hash_alg_len +
+ 2 + rp->hmac_alg_len + 2 + rp->comp_alg_len;
+
+ return rp;
}
-/* Processes negotiated key material as protocol specifies. This returns
- the actual keys to be used in the SILC. */
+/* Processes the provided key material `data' as the SILC protocol
+ specification defines. */
-SilcSKEStatus silc_ske_process_key_material(SilcSKE ske,
- unsigned int req_iv_len,
- unsigned int req_enc_key_len,
- unsigned int req_hmac_key_len,
- SilcSKEKeyMaterial *key)
+SilcSKEKeyMaterial
+silc_ske_process_key_material_data(unsigned char *data,
+ SilcUInt32 data_len,
+ SilcUInt32 req_iv_len,
+ SilcUInt32 req_enc_key_len,
+ SilcUInt32 req_hmac_key_len,
+ SilcHash hash)
{
- int i, klen;
SilcBuffer buf;
- SilcInt tmp;
- unsigned char *tmpbuf;
- unsigned char hash[32];
- unsigned int hash_len = ske->prop->hash->hash->hash_len;
- unsigned int enc_key_len = req_enc_key_len / 8;
+ unsigned char hashd[SILC_HASH_MAXLEN];
+ SilcUInt32 hash_len = req_hmac_key_len;
+ SilcUInt32 enc_key_len = req_enc_key_len / 8;
+ SilcSKEKeyMaterial key;
SILC_LOG_DEBUG(("Start"));
- silc_mp_init_set(&tmp, &ske->KEY);
-
- klen = silc_mp_size(&tmp);
-
- /* Format the KEY material into binary data */
- tmpbuf = silc_calloc(klen, sizeof(unsigned char));
- for (i = klen; i > 0; i--) {
- tmpbuf[i - 1] = (unsigned char)(silc_mp_get_ui(&tmp) & 0xff);
- silc_mp_fdiv_q_2exp(&tmp, &tmp, 8);
- }
+ if (!req_iv_len || !req_enc_key_len || !req_hmac_key_len)
+ return NULL;
- buf = silc_buffer_alloc(1 + klen + hash_len);
+ key = silc_calloc(1, sizeof(*key));
+ if (!key)
+ return NULL;
- silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
+ buf = silc_buffer_alloc_size(1 + data_len);
+ if (!buf)
+ return NULL;
silc_buffer_format(buf,
SILC_STR_UI_CHAR(0),
- SILC_STR_UI_XNSTRING(tmpbuf, klen),
- SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
+ SILC_STR_UI_XNSTRING(data, data_len),
SILC_STR_END);
/* Take IVs */
- memset(hash, 0, sizeof(hash));
+ memset(hashd, 0, sizeof(hashd));
buf->data[0] = 0;
- silc_hash_make(ske->prop->hash, buf->data, buf->len, hash);
+ silc_hash_make(hash, buf->data, silc_buffer_len(buf), hashd);
key->send_iv = silc_calloc(req_iv_len, sizeof(unsigned char));
- memcpy(key->send_iv, hash, req_iv_len);
- memset(hash, 0, sizeof(hash));
+ memcpy(key->send_iv, hashd, req_iv_len);
+ memset(hashd, 0, sizeof(hashd));
buf->data[0] = 1;
- silc_hash_make(ske->prop->hash, buf->data, buf->len, hash);
+ silc_hash_make(hash, buf->data, silc_buffer_len(buf), hashd);
key->receive_iv = silc_calloc(req_iv_len, sizeof(unsigned char));
- memcpy(key->receive_iv, hash, req_iv_len);
+ memcpy(key->receive_iv, hashd, req_iv_len);
key->iv_len = req_iv_len;
/* Take the encryption keys. If requested key size is more than
buf->data[0] = 2;
if (enc_key_len > hash_len) {
SilcBuffer dist;
- unsigned char k1[32], k2[32], k3[32];
+ unsigned char k1[SILC_HASH_MAXLEN], k2[SILC_HASH_MAXLEN],
+ k3[SILC_HASH_MAXLEN];
unsigned char *dtmp;
-
+
/* XXX */
if (enc_key_len > (3 * hash_len))
- return SILC_SKE_STATUS_ERROR;
-
+ return NULL;
+
+ /* Take first round */
memset(k1, 0, sizeof(k1));
- silc_hash_make(ske->prop->hash, buf->data, buf->len, k1);
-
- /* XXX */
- dist = silc_buffer_alloc(hash_len * 3);
-
- silc_buffer_pull_tail(dist, klen + hash_len);
+ silc_hash_make(hash, buf->data, silc_buffer_len(buf), k1);
+
+ /* Take second round */
+ dist = silc_buffer_alloc_size(data_len + hash_len);
+ if (!dist)
+ return NULL;
silc_buffer_format(dist,
- SILC_STR_UI_XNSTRING(tmpbuf, klen),
+ SILC_STR_UI_XNSTRING(data, data_len),
SILC_STR_UI_XNSTRING(k1, hash_len),
SILC_STR_END);
-
memset(k2, 0, sizeof(k2));
- silc_hash_make(ske->prop->hash, dist->data, dist->len, k2);
-
- silc_buffer_pull(dist, klen + hash_len);
+ silc_hash_make(hash, dist->data, silc_buffer_len(dist), k2);
+
+ /* Take third round */
+ dist = silc_buffer_realloc(dist, data_len + hash_len + hash_len);
+ silc_buffer_pull_tail(dist, hash_len);
+ silc_buffer_pull(dist, data_len + hash_len);
silc_buffer_format(dist,
SILC_STR_UI_XNSTRING(k2, hash_len),
SILC_STR_END);
- silc_buffer_push(dist, klen + hash_len);
-
+ silc_buffer_push(dist, data_len + hash_len);
memset(k3, 0, sizeof(k3));
- silc_hash_make(ske->prop->hash, dist->data, dist->len, k3);
-
+ silc_hash_make(hash, dist->data, silc_buffer_len(dist), k3);
+
+ /* Then, save the keys */
dtmp = silc_calloc((3 * hash_len), sizeof(unsigned char));
memcpy(dtmp, k1, hash_len);
memcpy(dtmp + hash_len, k2, hash_len);
- memcpy(dtmp + hash_len, k3, hash_len);
+ memcpy(dtmp + hash_len + hash_len, k3, hash_len);
key->send_enc_key = silc_calloc(enc_key_len, sizeof(unsigned char));
memcpy(key->send_enc_key, dtmp, enc_key_len);
memset(k2, 0, sizeof(k2));
memset(k3, 0, sizeof(k3));
silc_free(dtmp);
+ silc_buffer_clear(dist);
silc_buffer_free(dist);
} else {
/* Take normal hash as key */
- memset(hash, 0, sizeof(hash));
- silc_hash_make(ske->prop->hash, buf->data, buf->len, hash);
+ memset(hashd, 0, sizeof(hashd));
+ silc_hash_make(hash, buf->data, silc_buffer_len(buf), hashd);
key->send_enc_key = silc_calloc(enc_key_len, sizeof(unsigned char));
- memcpy(key->send_enc_key, hash, enc_key_len);
+ memcpy(key->send_enc_key, hashd, enc_key_len);
key->enc_key_len = req_enc_key_len;
}
buf->data[0] = 3;
if (enc_key_len > hash_len) {
SilcBuffer dist;
- unsigned char k1[32], k2[32], k3[32];
+ unsigned char k1[SILC_HASH_MAXLEN], k2[SILC_HASH_MAXLEN],
+ k3[SILC_HASH_MAXLEN];
unsigned char *dtmp;
-
+
/* XXX */
if (enc_key_len > (3 * hash_len))
- return SILC_SKE_STATUS_ERROR;
-
+ return NULL;
+
+ /* Take first round */
memset(k1, 0, sizeof(k1));
- silc_hash_make(ske->prop->hash, buf->data, buf->len, k1);
-
- /* XXX */
- dist = silc_buffer_alloc(hash_len * 3);
-
- silc_buffer_pull_tail(dist, klen + hash_len);
+ silc_hash_make(hash, buf->data, silc_buffer_len(buf), k1);
+
+ /* Take second round */
+ dist = silc_buffer_alloc_size(data_len + hash_len);
+ if (!dist)
+ return NULL;
silc_buffer_format(dist,
- SILC_STR_UI_XNSTRING(tmpbuf, klen),
+ SILC_STR_UI_XNSTRING(data, data_len),
SILC_STR_UI_XNSTRING(k1, hash_len),
SILC_STR_END);
-
memset(k2, 0, sizeof(k2));
- silc_hash_make(ske->prop->hash, dist->data, dist->len, k2);
-
- silc_buffer_pull(dist, klen + hash_len);
+ silc_hash_make(hash, dist->data, silc_buffer_len(dist), k2);
+
+ /* Take third round */
+ dist = silc_buffer_realloc(dist, data_len + hash_len + hash_len);
+ silc_buffer_pull_tail(dist, hash_len);
+ silc_buffer_pull(dist, data_len + hash_len);
silc_buffer_format(dist,
SILC_STR_UI_XNSTRING(k2, hash_len),
SILC_STR_END);
- silc_buffer_push(dist, klen + hash_len);
-
+ silc_buffer_push(dist, data_len + hash_len);
memset(k3, 0, sizeof(k3));
- silc_hash_make(ske->prop->hash, dist->data, dist->len, k3);
-
+ silc_hash_make(hash, dist->data, silc_buffer_len(dist), k3);
+
+ /* Then, save the keys */
dtmp = silc_calloc((3 * hash_len), sizeof(unsigned char));
memcpy(dtmp, k1, hash_len);
memcpy(dtmp + hash_len, k2, hash_len);
- memcpy(dtmp + hash_len, k3, hash_len);
+ memcpy(dtmp + hash_len + hash_len, k3, hash_len);
key->receive_enc_key = silc_calloc(enc_key_len, sizeof(unsigned char));
memcpy(key->receive_enc_key, dtmp, enc_key_len);
memset(k2, 0, sizeof(k2));
memset(k3, 0, sizeof(k3));
silc_free(dtmp);
+ silc_buffer_clear(dist);
silc_buffer_free(dist);
} else {
/* Take normal hash as key */
- memset(hash, 0, sizeof(hash));
- silc_hash_make(ske->prop->hash, buf->data, buf->len, hash);
+ memset(hashd, 0, sizeof(hashd));
+ silc_hash_make(hash, buf->data, silc_buffer_len(buf), hashd);
key->receive_enc_key = silc_calloc(enc_key_len, sizeof(unsigned char));
- memcpy(key->receive_enc_key, hash, enc_key_len);
+ memcpy(key->receive_enc_key, hashd, enc_key_len);
key->enc_key_len = req_enc_key_len;
}
- /* Take HMAC key */
- memset(hash, 0, sizeof(hash));
+ /* Take HMAC keys */
+ memset(hashd, 0, sizeof(hashd));
buf->data[0] = 4;
- silc_hash_make(ske->prop->hash, buf->data, buf->len, hash);
- key->hmac_key = silc_calloc(req_hmac_key_len, sizeof(unsigned char));
- memcpy(key->hmac_key, hash, req_hmac_key_len);
+ silc_hash_make(hash, buf->data, silc_buffer_len(buf), hashd);
+ key->send_hmac_key = silc_calloc(req_hmac_key_len, sizeof(unsigned char));
+ memcpy(key->send_hmac_key, hashd, req_hmac_key_len);
+ memset(hashd, 0, sizeof(hashd));
+ buf->data[0] = 5;
+ silc_hash_make(hash, buf->data, silc_buffer_len(buf), hashd);
+ key->receive_hmac_key = silc_calloc(req_hmac_key_len, sizeof(unsigned char));
+ memcpy(key->receive_hmac_key, hashd, req_hmac_key_len);
key->hmac_key_len = req_hmac_key_len;
+ memset(hashd, 0, sizeof(hashd));
+
+ silc_buffer_clear(buf);
+ silc_buffer_free(buf);
+
+ return key;
+}
+
+/* Processes negotiated key material as protocol specifies. This returns
+ the actual keys to be used in the SILC. */
+
+SilcSKEKeyMaterial
+silc_ske_process_key_material(SilcSKE ske,
+ SilcUInt32 req_iv_len,
+ SilcUInt32 req_enc_key_len,
+ SilcUInt32 req_hmac_key_len)
+{
+ SilcBuffer buf;
+ unsigned char *tmpbuf;
+ SilcUInt32 klen;
+ SilcSKEKeyMaterial key;
+
+ /* Encode KEY to binary data */
+ tmpbuf = silc_mp_mp2bin(ske->KEY, 0, &klen);
+
+ buf = silc_buffer_alloc_size(klen + ske->hash_len);
+ if (!buf)
+ return NULL;
+ silc_buffer_format(buf,
+ SILC_STR_UI_XNSTRING(tmpbuf, klen),
+ SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
+ SILC_STR_END);
+
+ /* Process the key material */
+ key = silc_ske_process_key_material_data(buf->data, silc_buffer_len(buf),
+ req_iv_len, req_enc_key_len,
+ req_hmac_key_len,
+ ske->prop->hash);
memset(tmpbuf, 0, klen);
silc_free(tmpbuf);
+ silc_buffer_clear(buf);
+ silc_buffer_free(buf);
- return SILC_SKE_STATUS_OK;
+ return key;
+}
+
+/* Free key material structure */
+
+void silc_ske_free_key_material(SilcSKEKeyMaterial key)
+{
+ if (!key)
+ return;
+
+ if (key->send_iv)
+ silc_free(key->send_iv);
+ if (key->receive_iv)
+ silc_free(key->receive_iv);
+ if (key->send_enc_key) {
+ memset(key->send_enc_key, 0, key->enc_key_len / 8);
+ silc_free(key->send_enc_key);
+ }
+ if (key->receive_enc_key) {
+ memset(key->receive_enc_key, 0, key->enc_key_len / 8);
+ silc_free(key->receive_enc_key);
+ }
+ if (key->send_hmac_key) {
+ memset(key->send_hmac_key, 0, key->hmac_key_len);
+ silc_free(key->send_hmac_key);
+ }
+ if (key->receive_hmac_key) {
+ memset(key->receive_hmac_key, 0, key->hmac_key_len);
+ silc_free(key->receive_hmac_key);
+ }
+ silc_free(key);
+}
+
+/* Set keys into use */
+
+SilcBool silc_ske_set_keys(SilcSKE ske,
+ SilcSKEKeyMaterial keymat,
+ SilcSKESecurityProperties prop,
+ SilcCipher *ret_send_key,
+ SilcCipher *ret_receive_key,
+ SilcHmac *ret_hmac_send,
+ SilcHmac *ret_hmac_receive,
+ SilcHash *ret_hash)
+{
+ /* Allocate ciphers to be used in the communication */
+ if (ret_send_key) {
+ if (!silc_cipher_alloc((char *)silc_cipher_get_name(prop->cipher),
+ ret_send_key))
+ return FALSE;
+ }
+ if (ret_receive_key) {
+ if (!silc_cipher_alloc((char *)silc_cipher_get_name(prop->cipher),
+ ret_receive_key))
+ return FALSE;
+ }
+
+ /* Allocate HMACs */
+ if (ret_hmac_send) {
+ if (!silc_hmac_alloc((char *)silc_hmac_get_name(prop->hmac), NULL,
+ ret_hmac_send))
+ return FALSE;
+ }
+ if (ret_hmac_receive) {
+ if (!silc_hmac_alloc((char *)silc_hmac_get_name(prop->hmac), NULL,
+ ret_hmac_receive))
+ return FALSE;
+ }
+
+ /* Set key material */
+ if (ske->responder) {
+ silc_cipher_set_key(*ret_send_key, keymat->receive_enc_key,
+ keymat->enc_key_len);
+ silc_cipher_set_iv(*ret_send_key, keymat->receive_iv);
+ silc_cipher_set_key(*ret_receive_key, keymat->send_enc_key,
+ keymat->enc_key_len);
+ silc_cipher_set_iv(*ret_receive_key, keymat->send_iv);
+ silc_hmac_set_key(*ret_hmac_send, keymat->receive_hmac_key,
+ keymat->hmac_key_len);
+ silc_hmac_set_key(*ret_hmac_receive, keymat->send_hmac_key,
+ keymat->hmac_key_len);
+ } else {
+ silc_cipher_set_key(*ret_send_key, keymat->send_enc_key,
+ keymat->enc_key_len);
+ silc_cipher_set_iv(*ret_send_key, keymat->send_iv);
+ silc_cipher_set_key(*ret_receive_key, keymat->receive_enc_key,
+ keymat->enc_key_len);
+ silc_cipher_set_iv(*ret_receive_key, keymat->receive_iv);
+ silc_hmac_set_key(*ret_hmac_send, keymat->send_hmac_key,
+ keymat->hmac_key_len);
+ silc_hmac_set_key(*ret_hmac_receive, keymat->receive_hmac_key,
+ keymat->hmac_key_len);
+ }
+
+ /* Allocate hash */
+ if (ret_hash) {
+ if (!silc_hash_alloc(silc_hash_get_name(prop->hash), ret_hash))
+ return FALSE;
+ }
+
+ SILC_LOG_INFO(("Security properties: %s %s %s %s",
+ ret_send_key ? silc_cipher_get_name(*ret_send_key) : "??",
+ ret_hmac_send ? silc_hmac_get_name(*ret_hmac_send) : "??",
+ ret_hash ? silc_hash_get_name(*ret_hash) : "??",
+ ske->prop->flags & SILC_SKE_SP_FLAG_PFS ? "PFS" : ""));
+
+ return TRUE;
+}
+
+const char *silc_ske_status_string[] =
+{
+ /* Official */
+ "Ok",
+ "Unkown error occurred",
+ "Bad payload in packet",
+ "Unsupported group",
+ "Unsupported cipher",
+ "Unsupported PKCS",
+ "Unsupported hash function",
+ "Unsupported HMAC",
+ "Unsupported public key (or certificate)",
+ "Incorrect signature",
+ "Bad or unsupported version",
+ "Invalid cookie",
+
+ /* Other errors */
+ "Remote did not provide public key",
+ "Bad reserved field in packet",
+ "Bad payload length in packet",
+ "Error computing signature",
+ "System out of memory",
+
+ NULL
+};
+
+/* Maps status to readable string and returns the string. If string is not
+ found and empty character string ("") is returned. */
+
+const char *silc_ske_map_status(SilcSKEStatus status)
+{
+ int i;
+
+ for (i = 0; silc_ske_status_string[i]; i++)
+ if (status == i)
+ return silc_ske_status_string[i];
+
+ return "";
+}
+
+/* Parses remote host's version string. */
+
+SilcBool silc_ske_parse_version(SilcSKE ske,
+ SilcUInt32 *protocol_version,
+ char **protocol_version_string,
+ SilcUInt32 *software_version,
+ char **software_version_string,
+ char **vendor_version)
+{
+ return silc_parse_version_string(ske->remote_version,
+ protocol_version,
+ protocol_version_string,
+ software_version,
+ software_version_string,
+ vendor_version);
}