/* Forward declaration for security properties. */
typedef struct SilcSKESecurityPropertiesStruct *SilcSKESecurityProperties;
+/* Supported Public Key Types, defined by the protocol */
+typedef enum {
+ SILC_SKE_PK_TYPE_SILC = 1, /* Mandatory type */
+ /* Optional types. These are not implemented currently */
+ SILC_SKE_PK_TYPE_SSH2 = 2,
+ SILC_SKE_PK_TYPE_X509V3 = 3,
+ SILC_SKE_PK_TYPE_OPENPGP = 4,
+ SILC_SKE_PK_TYPE_SPKI = 5
+} SilcSKEPKType;
+
/* Packet sending callback. Caller of the SKE routines must provide
a routine to send packets to negotiation parties. */
typedef void (*SilcSKESendPacketCb)(SilcSKE ske, SilcBuffer packet,
callers routine might need (payloads etc). */
typedef void (*SilcSKECb)(SilcSKE ske, void *context);
-/* Supported Public Key Types, defined by the protocol */
-typedef enum {
- SILC_SKE_PK_TYPE_SILC = 1, /* Mandatory type */
- /* Optional types. These are not implemented currently
- SILC_SKE_PK_TYPE_SSH2 = 2,
- SILC_SKE_PK_TYPE_X509V3 = 3,
- SILC_SKE_PK_TYPE_OPENPGP = 4,
- SILC_SKE_PK_TYPE_SPKI = 5
- */
-} SilcSKEPKType;
+/* Callback function used to verify the received public key. */
+typedef SilcSKEStatus (*SilcSKEVerifyCb)(SilcSKE ske,
+ unsigned char *pk_data,
+ unsigned int pk_len,
+ SilcSKEPKType pk_type,
+ void *context);
/* Context passed to key material processing function. The function
returns the processed key material into this structure. */
unsigned int hmac_key_len;
} SilcSKEKeyMaterial;
+/* Length of cookie in Start Payload */
#define SILC_SKE_COOKIE_LEN 16
#include "groups.h"
/* Security Property Flags. */
typedef enum {
- SILC_SKE_SP_FLAG_NONE = (1L << 0),
- SILC_SKE_SP_FLAG_NO_REPLY = (1L << 1),
- SILC_SKE_SP_FLAG_PFS = (1L << 2),
+ SILC_SKE_SP_FLAG_NONE = (1L << 0),
+ SILC_SKE_SP_FLAG_NO_REPLY = (1L << 1),
+ SILC_SKE_SP_FLAG_PFS = (1L << 2),
} SilcSKESecurityPropertyFlag;
/* Security Properties negotiated between key exchange parties. This
/* Pointer to the what ever user data. This is set by the caller
and is not touched by the SKE. The caller must also free this one. */
void *user_data;
+
+ /* Current status of SKE */
+ SilcSKEStatus status;
};
/* Prototypes */
SilcSKECb callback,
void *context);
SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske,
+ SilcPublicKey public_key,
SilcSKESendPacketCb send_packet,
void *context);
SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske,
SilcBuffer ke2_payload,
+ SilcSKEVerifyCb verify_key,
+ void *verify_context,
SilcSKECb callback,
void *context);
SilcSKEStatus silc_ske_responder_start(SilcSKE ske, SilcRng rng,
SilcSocketConnection sock,
+ char *version,
SilcBuffer start_payload,
SilcSKECb callback,
void *context);
SilcSKECb callback,
void *context);
SilcSKEStatus silc_ske_responder_finish(SilcSKE ske,
- unsigned char *pk,
- unsigned int pk_len,
- unsigned char *prv,
- unsigned int prv_len,
+ SilcPublicKey public_key,
+ SilcPrivateKey private_key,
SilcSKEPKType pk_type,
SilcSKESendPacketCb send_packet,
void *context);
void *context);
SilcSKEStatus
silc_ske_assemble_security_properties(SilcSKE ske,
+ unsigned char flags,
+ char *version,
SilcSKEStartPayload **return_payload);
SilcSKEStatus
silc_ske_select_security_properties(SilcSKE ske,
+ char *version,
SilcSKEStartPayload *payload,
SilcSKEStartPayload *remote_payload);
SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcInt n,
unsigned int len,
SilcInt *rnd);
-SilcSKEStatus silc_ske_verify_public_key(SilcSKE ske,
- unsigned char *pubkey,
- unsigned int pubkey_len);
SilcSKEStatus silc_ske_make_hash(SilcSKE ske,
unsigned char *return_hash,
unsigned int *return_hash_len);
unsigned int req_enc_key_len,
unsigned int req_hmac_key_len,
SilcSKEKeyMaterial *key);
+SilcSKEStatus silc_ske_check_version(SilcSKE ske,
+ unsigned char *version,
+ unsigned int version_len);
#endif