updates.

[silc.git] / lib / silcske / silcske.h

diff --git a/lib/silcske/silcske.h b/lib/silcske/silcske.h
index e429b70f3eaaaebd48f851c40d68c7ca51d20331..13e82eb65f68e5f80bfcf54045a880a28832d9e3 100644 (file)
--- a/lib/silcske/silcske.h
+++ b/lib/silcske/silcske.h
@@ -4,7 +4,7 @@
 
   Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
 
-  Copyright (C) 2000 Pekka Riikonen
+  Copyright (C) 2000 - 2001 Pekka Riikonen
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -29,6 +29,16 @@ typedef struct SilcSKEStruct *SilcSKE;
 /* Forward declaration for security properties. */
 typedef struct SilcSKESecurityPropertiesStruct *SilcSKESecurityProperties;
 
+/* Supported Public Key Types, defined by the protocol */
+typedef enum {
+  SILC_SKE_PK_TYPE_SILC    = 1,        /* Mandatory type */
+  /* Optional types. These are not implemented currently */
+  SILC_SKE_PK_TYPE_SSH2    = 2,
+  SILC_SKE_PK_TYPE_X509V3  = 3,
+  SILC_SKE_PK_TYPE_OPENPGP = 4,
+  SILC_SKE_PK_TYPE_SPKI    = 5
+} SilcSKEPKType;
+
 /* Packet sending callback. Caller of the SKE routines must provide
    a routine to send packets to negotiation parties. */
 typedef void (*SilcSKESendPacketCb)(SilcSKE ske, SilcBuffer packet, 
@@ -39,16 +49,12 @@ typedef void (*SilcSKESendPacketCb)(SilcSKE ske, SilcBuffer packet,
    callers routine might need (payloads etc). */
 typedef void (*SilcSKECb)(SilcSKE ske, void *context);
 
-/* Supported Public Key Types, defined by the protocol */
-typedef enum {
-  SILC_SKE_PK_TYPE_SILC = 1,   /* Mandatory type */
-  /* Optional types. These are not implemented currently
-  SILC_SKE_PK_TYPE_SSH2 = 2,
-  SILC_SKE_PK_TYPE_X509V3 = 3,
-  SILC_SKE_PK_TYPE_OPENPGP = 4,
-  SILC_SKE_PK_TYPE_SPKI = 5
-  */
-} SilcSKEPKType;
+/* Callback function used to verify the received public key. */
+typedef SilcSKEStatus (*SilcSKEVerifyCb)(SilcSKE ske, 
+                                        unsigned char *pk_data,
+                                        unsigned int pk_len,
+                                        SilcSKEPKType pk_type,
+                                        void *context);
 
 /* Context passed to key material processing function. The function
    returns the processed key material into this structure. */
@@ -63,6 +69,7 @@ typedef struct {
   unsigned int hmac_key_len;
 } SilcSKEKeyMaterial;
 
+/* Length of cookie in Start Payload */
 #define SILC_SKE_COOKIE_LEN 16
 
 #include "groups.h"
@@ -70,9 +77,10 @@ typedef struct {
 
 /* Security Property Flags. */
 typedef enum {
-  SILC_SKE_SP_FLAG_NONE = (1L << 0),
-  SILC_SKE_SP_FLAG_NO_REPLY = (1L << 1),
-  SILC_SKE_SP_FLAG_PFS = (1L << 2),
+  SILC_SKE_SP_FLAG_NONE      = 0x00,
+  SILC_SKE_SP_FLAG_NO_REPLY  = 0x01,
+  SILC_SKE_SP_FLAG_PFS       = 0x02,
+  SILC_SKE_SP_FLAG_MUTUAL    = 0x04,
 } SilcSKESecurityPropertyFlag;
 
 /* Security Properties negotiated between key exchange parties. This
@@ -85,7 +93,8 @@ struct SilcSKESecurityPropertiesStruct {
   SilcPKCS pkcs;
   SilcCipher cipher;
   SilcHash hash;
-  /* XXX SilcCompression comp; */
+  SilcHmac hmac;
+  /* XXX SilcZip comp; */
 };
 
 struct SilcSKEStruct {
@@ -98,8 +107,8 @@ struct SilcSKEStruct {
   /* Key Exchange payloads filled during key negotiation with
      remote data. Responder may save local data here as well. */
   SilcSKEStartPayload *start_payload;
-  SilcSKEOnePayload *ke1_payload;
-  SilcSKETwoPayload *ke2_payload;
+  SilcSKEKEPayload *ke1_payload;
+  SilcSKEKEPayload *ke2_payload;
 
   /* Temporary copy of the KE Start Payload used in the
      HASH computation. */
@@ -112,10 +121,10 @@ struct SilcSKEStruct {
 
   /* Random number x, 1 < x < q. This is the secret exponent
      used in Diffie Hellman computations. */
-  SilcInt x;
+  SilcInt *x;
   
   /* The secret shared key */
-  SilcInt KEY;
+  SilcInt *KEY;
   
   /* The hash value HASH of the key exchange */
   unsigned char *hash;
@@ -128,6 +137,9 @@ struct SilcSKEStruct {
   /* Pointer to the what ever user data. This is set by the caller
      and is not touched by the SKE. The caller must also free this one. */
   void *user_data;
+
+  /* Current status of SKE */
+  SilcSKEStatus status;
 };
 
 /* Prototypes */
@@ -143,15 +155,21 @@ SilcSKEStatus silc_ske_initiator_phase_1(SilcSKE ske,
                                         SilcSKECb callback,
                                         void *context);
 SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske,
+                                        SilcPublicKey public_key,
+                                        SilcPrivateKey private_key,
                                         SilcSKESendPacketCb send_packet,
                                         void *context);
 SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske,
-                                       SilcBuffer ke2_payload,
+                                       SilcBuffer ke_payload,
+                                       SilcSKEVerifyCb verify_key,
+                                       void *verify_context,
                                        SilcSKECb callback,
                                        void *context);
 SilcSKEStatus silc_ske_responder_start(SilcSKE ske, SilcRng rng,
                                       SilcSocketConnection sock,
+                                      char *version,
                                       SilcBuffer start_payload,
+                                      int mutual_auth,
                                       SilcSKECb callback,
                                       void *context);
 SilcSKEStatus silc_ske_responder_phase_1(SilcSKE ske, 
@@ -159,14 +177,14 @@ SilcSKEStatus silc_ske_responder_phase_1(SilcSKE ske,
                                         SilcSKESendPacketCb send_packet,
                                         void *context);
 SilcSKEStatus silc_ske_responder_phase_2(SilcSKE ske,
-                                        SilcBuffer ke1_payload,
+                                        SilcBuffer ke_payload,
+                                        SilcSKEVerifyCb verify_key,
+                                        void *verify_context,
                                         SilcSKECb callback,
                                         void *context);
 SilcSKEStatus silc_ske_responder_finish(SilcSKE ske,
-                                       unsigned char *pk,
-                                       unsigned int pk_len,
-                                       unsigned char *prv,
-                                       unsigned int prv_len,
+                                       SilcPublicKey public_key,
+                                       SilcPrivateKey private_key,
                                        SilcSKEPKType pk_type,
                                        SilcSKESendPacketCb send_packet,
                                        void *context);
@@ -178,23 +196,37 @@ SilcSKEStatus silc_ske_abort(SilcSKE ske, SilcSKEStatus status,
                             void *context);
 SilcSKEStatus 
 silc_ske_assemble_security_properties(SilcSKE ske,
+                                     unsigned char flags,
+                                     char *version,
                                      SilcSKEStartPayload **return_payload);
 SilcSKEStatus 
 silc_ske_select_security_properties(SilcSKE ske,
+                                   char *version,
                                    SilcSKEStartPayload *payload,
                                    SilcSKEStartPayload *remote_payload);
 SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcInt n, 
                                  unsigned int len, 
                                  SilcInt *rnd);
-SilcSKEStatus silc_ske_verify_public_key(SilcSKE ske, 
-                                        unsigned char *pubkey,
-                                        unsigned int pubkey_len);
 SilcSKEStatus silc_ske_make_hash(SilcSKE ske, 
                                 unsigned char *return_hash,
-                                unsigned int *return_hash_len);
+                                unsigned int *return_hash_len,
+                                int initiator);
+SilcSKEStatus 
+silc_ske_process_key_material_data(unsigned char *data,
+                                  unsigned int data_len,
+                                  unsigned int req_iv_len,
+                                  unsigned int req_enc_key_len,
+                                  unsigned int req_hmac_key_len,
+                                  SilcHash hash,
+                                  SilcSKEKeyMaterial *key);
 SilcSKEStatus silc_ske_process_key_material(SilcSKE ske, 
                                            unsigned int req_iv_len,
                                            unsigned int req_enc_key_len,
                                            unsigned int req_hmac_key_len,
                                            SilcSKEKeyMaterial *key);
+SilcSKEStatus silc_ske_check_version(SilcSKE ske,
+                                    unsigned char *version,
+                                    unsigned int version_len);
+void silc_ske_free_key_material(SilcSKEKeyMaterial *key);
+
 #endif