#ifndef SILCSKE_H
#define SILCSKE_H
-/****h* silcske/SilcSKEAPI
+/****h* silcske/SILC SKE Interface
*
* DESCRIPTION
*
/****s* silcske/SilcSKEAPI/SilcSKE
*
* NAME
- *
+ *
* typedef struct SilcSKEStruct *SilcSKE;
*
* DESCRIPTION
/****s* silcske/SilcSKEAPI/SilcSKESecurityProperties
*
* NAME
- *
- * typedef struct SilcSKESecurityPropertiesStruct
+ *
+ * typedef struct SilcSKESecurityPropertiesStruct
* *SilcSKESecurityProperties;
*
* DESCRIPTION
*
- * This context is forward declaration for the
+ * This context is forward declaration for the
* SilcSKESecurityPropertiesStruct structure. It is allocated by the
* library, and it represents the security properties selected during
* the SKE negotiation.
/****d* silcske/SilcSKEAPI/SilcSKEPKType
*
* NAME
- *
+ *
* typedef enum { ... } SilcSKEPKType;
*
* DESCRIPTION
*
* SYNOPSIS
*
- * typedef void (*SilcSKESendPacketCb)(SilcSKE ske, SilcBuffer packet,
+ * typedef void (*SilcSKESendPacketCb)(SilcSKE ske, SilcBuffer packet,
* SilcPacketType type, void *context);
*
* DESCRIPTION
* silc_ske_set_callbacks for more information.
*
***/
-typedef void (*SilcSKESendPacketCb)(SilcSKE ske, SilcBuffer packet,
+typedef void (*SilcSKESendPacketCb)(SilcSKE ske, SilcBuffer packet,
SilcPacketType type, void *context);
/****f* silcske/SilcSKEAPI/SilcSKECb
*
* SYNOPSIS
*
- * typedef void (*SilcSKEVerifyCb)(SilcSKE ske,
+ * typedef void (*SilcSKEVerifyCb)(SilcSKE ske,
* unsigned char *pk_data,
- * uint32 pk_len,
+ * SilcUInt32 pk_len,
* SilcSKEPKType pk_type,
* void *context,
* SilcSKEVerifyCbCompletion completion,
*
* DESCRIPTION
*
- * Callback function used to verify the received public key or certificate.
+ * Callback function used to verify the received public key or certificate.
* The verification process is most likely asynchronous. That's why the
* application must call the `completion' callback when the verification
* process has been completed. The library then calls the user callback
* (SilcSKECb), if it was provided for the function that takes this callback
- * function as argument, to indicate that the SKE protocol may continue.
+ * function as argument, to indicate that the SKE protocol may continue.
* See silc_ske_set_callbacks for more information.
*
***/
-typedef void (*SilcSKEVerifyCb)(SilcSKE ske,
+typedef void (*SilcSKEVerifyCb)(SilcSKE ske,
unsigned char *pk_data,
- uint32 pk_len,
+ SilcUInt32 pk_len,
SilcSKEPKType pk_type,
void *context,
SilcSKEVerifyCbCompletion completion,
*
* SYNOPSIS
*
- * typedef SilcSKEStatus (*SilcSKECheckVersion)(SilcSKE ske,
- * unsigned char *version,
- * uint32 len, void *context);
+ * typedef SilcSKEStatus (*SilcSKECheckVersion)(SilcSKE ske,
+ * unsigned char *version,
+ * SilcUInt32 len, void *context);
*
* DESCRIPTION
*
* SILC_SKE_STATUS_BAD_VERSION if the version was not acceptable.
*
***/
-typedef SilcSKEStatus (*SilcSKECheckVersion)(SilcSKE ske,
- unsigned char *version,
- uint32 len, void *context);
+typedef SilcSKEStatus (*SilcSKECheckVersion)(SilcSKE ske,
+ unsigned char *version,
+ SilcUInt32 len, void *context);
/****s* silcske/SilcSKEAPI/SilcSKEKeyMaterial
*
* NAME
- *
+ *
* typedef struct { ... } SilcSKEKeyMaterial;
*
* DESCRIPTION
typedef struct {
unsigned char *send_iv;
unsigned char *receive_iv;
- uint32 iv_len;
+ SilcUInt32 iv_len;
unsigned char *send_enc_key;
unsigned char *receive_enc_key;
- uint32 enc_key_len;
+ SilcUInt32 enc_key_len;
unsigned char *send_hmac_key;
unsigned char *receive_hmac_key;
- uint32 hmac_key_len;
+ SilcUInt32 hmac_key_len;
} SilcSKEKeyMaterial;
/* Length of cookie in Start Payload */
/****d* silcske/SilcSKEAPI/SilcSKESecurityPropertyFlag
*
* NAME
- *
+ *
* typedef enum { ... } SilcSKESecurityPropertyFlag
*
* DESCRIPTION
/****s* silcske/SilcSKEAPI/SilcSKESecurityPropertiesStruct
*
* NAME
- *
+ *
* struct SilcSKESecurityPropertiesStruct { ... };
*
* DESCRIPTION
/****s* silcske/SilcSKEAPI/SilcSKEStruct
*
* NAME
- *
+ *
* struct SilcSKEStruct { ... };
*
* DESCRIPTION
SilcSKEStartPayload *start_payload;
SilcSKEKEPayload *ke1_payload;
SilcSKEKEPayload *ke2_payload;
+ unsigned char *remote_version;
/* Temporary copy of the KE Start Payload used in the
HASH computation. */
/* The secret shared key */
SilcMPInt *KEY;
-
+
/* The hash value HASH of the key exchange */
unsigned char *hash;
- uint32 hash_len;
+ SilcUInt32 hash_len;
/* Random Number Generator. This is set by the caller and must
be free'd by the caller. */
SilcSKECallbacks callbacks;
/* Backwards support version indicator */
- uint32 backward_version;
+ SilcUInt32 backward_version;
};
/***/
*
* DESCRIPTION
*
- * Sets the callback functions for the SKE session.
+ * Sets the callback functions for the SKE session.
*
* The `send_packet' callback is a function that sends the packet to
* network. The SKE library will call it at any time packet needs to
- * be sent to the remote host.
+ * be sent to the remote host.
*
* The `payload_receive' callback is called when the remote host's Key
* Exchange Start Payload has been processed. The payload is saved
* that remote end MUST send its public key, and this could cause
* problems when performing rekey. When doing normal SKE session this
* callback should be set.
- *
+ *
* The `proto_continue' callback is called to indicate that it is
* safe to continue the execution of the SKE protocol after executing
* an asynchronous operation, such as calling the `verify_key' callback
* The `check_version' callback is called to verify the remote host's
* version. The application may check its own version against the remote
* host's version and determine whether supporting the remote host
- * is possible.
+ * is possible.
*
* The `context' is passed as argument to all of the above callback
* functions.
*
* SilcSKEStatus silc_ske_initiator_start(SilcSKE ske, SilcRng rng,
* SilcSocketConnection sock,
- * SilcSKEStartPayload
+ * SilcSKEStartPayload
* *start_payload);
*
* DESCRIPTION
*
* SYNOPSIS
*
- * SilcSKEStatus silc_ske_initiator_phase_1(SilcSKE ske,
+ * SilcSKEStatus silc_ske_initiator_phase_1(SilcSKE ske,
* SilcBuffer start_payload);
*
* DESCRIPTION
* or with short timeout, the silc_ske_initiator_phase_2 function.
*
***/
-SilcSKEStatus silc_ske_initiator_phase_1(SilcSKE ske,
+SilcSKEStatus silc_ske_initiator_phase_1(SilcSKE ske,
SilcBuffer start_payload);
-/****f* silcske/SilcSKEAPI/silc_ske_initiator_phase_1
+/****f* silcske/SilcSKEAPI/silc_ske_initiator_phase_2
*
* SYNOPSIS
*
* When in this status application must not continue with calling
* any other SKE routine. The asynchronous operation is the `verify_key'
* callback, which application completes by calling its completion
- * callback. After completion the SKE libary will call the
+ * callback. After completion the SKE libary will call the
* `proto_continue' callback, to indicate application that pending
* status is over and it is safe to continue the execution of SKE,
* which application does by calling the silc_ske_responder_finish
*
* SYNOPSIS
*
- * SilcSKEStatus
+ * SilcSKEStatus
* silc_ske_assemble_security_properties(SilcSKE ske,
* SilcSKESecurityPropertyFlag flags,
* const char *version,
- * SilcSKEStartPayload
+ * SilcSKEStartPayload
* **return_payload);
*
* DESCRIPTION
* that application can do version check with the remote end.
*
***/
-SilcSKEStatus
+SilcSKEStatus
silc_ske_select_security_properties(SilcSKE ske,
const char *version,
SilcSKEStartPayload *payload,
*
* SYNOPSIS
*
- * SilcSKEStatus silc_ske_process_key_material(SilcSKE ske,
- * uint32 req_iv_len,
- * uint32 req_enc_key_len,
- * uint32 req_hmac_key_len,
+ * SilcSKEStatus silc_ske_process_key_material(SilcSKE ske,
+ * SilcUInt32 req_iv_len,
+ * SilcUInt32 req_enc_key_len,
+ * SilcUInt32 req_hmac_key_len,
* SilcSKEKeyMaterial *key);
*
* DESCRIPTION
* free.
*
***/
-SilcSKEStatus silc_ske_process_key_material(SilcSKE ske,
- uint32 req_iv_len,
- uint32 req_enc_key_len,
- uint32 req_hmac_key_len,
+SilcSKEStatus silc_ske_process_key_material(SilcSKE ske,
+ SilcUInt32 req_iv_len,
+ SilcUInt32 req_enc_key_len,
+ SilcUInt32 req_hmac_key_len,
SilcSKEKeyMaterial *key);
/****f* silcske/SilcSKEAPI/silc_ske_process_key_material_data
*
* SYNOPSIS
*
- * SilcSKEStatus
+ * SilcSKEStatus
* silc_ske_process_key_material_data(unsigned char *data,
- * uint32 data_len,
- * uint32 req_iv_len,
- * uint32 req_enc_key_len,
- * uint32 req_hmac_key_len,
+ * SilcUInt32 data_len,
+ * SilcUInt32 req_iv_len,
+ * SilcUInt32 req_enc_key_len,
+ * SilcUInt32 req_hmac_key_len,
* SilcHash hash,
* SilcSKEKeyMaterial *key);
*
* is used as part of key processing, and caller must provide it.
*
***/
-SilcSKEStatus
+SilcSKEStatus
silc_ske_process_key_material_data(unsigned char *data,
- uint32 data_len,
- uint32 req_iv_len,
- uint32 req_enc_key_len,
- uint32 req_hmac_key_len,
+ SilcUInt32 data_len,
+ SilcUInt32 req_iv_len,
+ SilcUInt32 req_enc_key_len,
+ SilcUInt32 req_hmac_key_len,
SilcHash hash,
SilcSKEKeyMaterial *key);
***/
void silc_ske_free_key_material(SilcSKEKeyMaterial *key);
-#endif /* SILCSKE_H */
+/****f* silcske/SilcSKEAPI/silc_ske_parse_version
+ *
+ * SYNOPSIS
+ *
+ * bool silc_ske_parse_version(SilcSKE ske,
+ * SilcUInt32 *protocol_version,
+ * char **protocol_version_string,
+ * SilcUInt32 *software_version,
+ * char **software_version_string,
+ * char **vendor_version);
+ *
+ * DESCRIPTION
+ *
+ * This utility function can be used to parse the remote host's version
+ * string. This returns the protocol version, and software version into
+ * the `protocol_version', `software_version' and `vendor_version' pointers
+ * if they are provided. The string versions of the versions are saved
+ * in *_string pointers if they are provided. Returns TRUE if the version
+ * string was successfully parsed.
+ *
+ ***/
+bool silc_ske_parse_version(SilcSKE ske,
+ SilcUInt32 *protocol_version,
+ char **protocol_version_string,
+ SilcUInt32 *software_version,
+ char **software_version_string,
+ char **vendor_version);
+
+#endif /* !SILCSKE_H */