Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
- Copyright (C) 2000 Pekka Riikonen
+ Copyright (C) 2000 - 2001 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/* Generic SKE callback function. This is called in various SKE
routines. The SilcSKE object sent as argument provides all the data
- callers routine might need (payloads etc). */
+ callers routine might need (payloads etc). This is usually called
+ to indicate that the application may continue the execution of the
+ SKE protocol. The application should check the ske->status in this
+ callback function. */
typedef void (*SilcSKECb)(SilcSKE ske, void *context);
-/* Callback function used to verify the received public key. */
-typedef SilcSKEStatus (*SilcSKEVerifyCb)(SilcSKE ske,
- unsigned char *pk_data,
- unsigned int pk_len,
- SilcSKEPKType pk_type,
- void *context);
+/* Completion callback that will be called when the public key
+ has been verified. The `status' will indicate whether the public
+ key were trusted or not. If the `status' is PENDING then the status
+ is not considered to be available at this moment. In this case the
+ SKE libary will assume that the caller will call this callback again
+ when the status is available. */
+typedef void (*SilcSKEVerifyCbCompletion)(SilcSKE ske,
+ SilcSKEStatus status,
+ void *context);
+
+/* Callback function used to verify the received public key or certificate.
+ The verification process is most likely asynchronous. That's why the
+ application must call the `completion' callback when the verification
+ process has been completed. The library then calls the user callback
+ (SilcSKECb), if it was provided for the function that takes this callback
+ function as argument, to indicate that the SKE protocol may continue. */
+typedef void (*SilcSKEVerifyCb)(SilcSKE ske,
+ unsigned char *pk_data,
+ uint32 pk_len,
+ SilcSKEPKType pk_type,
+ void *context,
+ SilcSKEVerifyCbCompletion completion,
+ void *completion_context);
/* Context passed to key material processing function. The function
returns the processed key material into this structure. */
typedef struct {
unsigned char *send_iv;
unsigned char *receive_iv;
- unsigned int iv_len;
+ uint32 iv_len;
unsigned char *send_enc_key;
unsigned char *receive_enc_key;
- unsigned int enc_key_len;
+ uint32 enc_key_len;
unsigned char *hmac_key;
- unsigned int hmac_key_len;
+ uint32 hmac_key_len;
} SilcSKEKeyMaterial;
/* Length of cookie in Start Payload */
/* Security Property Flags. */
typedef enum {
- SILC_SKE_SP_FLAG_NONE = (1L << 0),
- SILC_SKE_SP_FLAG_NO_REPLY = (1L << 1),
- SILC_SKE_SP_FLAG_PFS = (1L << 2),
+ SILC_SKE_SP_FLAG_NONE = 0x00,
+ SILC_SKE_SP_FLAG_NO_REPLY = 0x01,
+ SILC_SKE_SP_FLAG_PFS = 0x02,
+ SILC_SKE_SP_FLAG_MUTUAL = 0x04,
} SilcSKESecurityPropertyFlag;
/* Security Properties negotiated between key exchange parties. This
SilcPKCS pkcs;
SilcCipher cipher;
SilcHash hash;
- /* XXX SilcCompression comp; */
+ SilcHmac hmac;
+ /* XXX SilcZip comp; */
};
struct SilcSKEStruct {
/* Key Exchange payloads filled during key negotiation with
remote data. Responder may save local data here as well. */
SilcSKEStartPayload *start_payload;
- SilcSKEOnePayload *ke1_payload;
- SilcSKETwoPayload *ke2_payload;
+ SilcSKEKEPayload *ke1_payload;
+ SilcSKEKEPayload *ke2_payload;
/* Temporary copy of the KE Start Payload used in the
HASH computation. */
/* If initiator, this is responders public key. If responder this
is our own public key. */
unsigned char *pk;
- unsigned int pk_len;
+ uint32 pk_len;
/* Random number x, 1 < x < q. This is the secret exponent
used in Diffie Hellman computations. */
- SilcInt x;
+ SilcMPInt *x;
/* The secret shared key */
- SilcInt KEY;
+ SilcMPInt *KEY;
/* The hash value HASH of the key exchange */
unsigned char *hash;
- unsigned int hash_len;
+ uint32 hash_len;
/* Random Number Generator. This is set by the caller and must
be free'd by the caller. */
/* Current status of SKE */
SilcSKEStatus status;
+
+ /* Reference counter. This is used when SKE library is performing async
+ operations, like public key verification. */
+ int users;
};
/* Prototypes */
void *context);
SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske,
SilcPublicKey public_key,
+ SilcPrivateKey private_key,
SilcSKESendPacketCb send_packet,
void *context);
SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske,
- SilcBuffer ke2_payload,
+ SilcBuffer ke_payload,
SilcSKEVerifyCb verify_key,
void *verify_context,
SilcSKECb callback,
SilcSocketConnection sock,
char *version,
SilcBuffer start_payload,
+ int mutual_auth,
SilcSKECb callback,
void *context);
SilcSKEStatus silc_ske_responder_phase_1(SilcSKE ske,
SilcSKESendPacketCb send_packet,
void *context);
SilcSKEStatus silc_ske_responder_phase_2(SilcSKE ske,
- SilcBuffer ke1_payload,
+ SilcBuffer ke_payload,
+ SilcSKEVerifyCb verify_key,
+ void *verify_context,
SilcSKECb callback,
void *context);
SilcSKEStatus silc_ske_responder_finish(SilcSKE ske,
char *version,
SilcSKEStartPayload *payload,
SilcSKEStartPayload *remote_payload);
-SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcInt n,
- unsigned int len,
- SilcInt *rnd);
+SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcMPInt n,
+ uint32 len,
+ SilcMPInt *rnd);
SilcSKEStatus silc_ske_make_hash(SilcSKE ske,
unsigned char *return_hash,
- unsigned int *return_hash_len);
+ uint32 *return_hash_len,
+ int initiator);
+SilcSKEStatus
+silc_ske_process_key_material_data(unsigned char *data,
+ uint32 data_len,
+ uint32 req_iv_len,
+ uint32 req_enc_key_len,
+ uint32 req_hmac_key_len,
+ SilcHash hash,
+ SilcSKEKeyMaterial *key);
SilcSKEStatus silc_ske_process_key_material(SilcSKE ske,
- unsigned int req_iv_len,
- unsigned int req_enc_key_len,
- unsigned int req_hmac_key_len,
+ uint32 req_iv_len,
+ uint32 req_enc_key_len,
+ uint32 req_hmac_key_len,
SilcSKEKeyMaterial *key);
SilcSKEStatus silc_ske_check_version(SilcSKE ske,
unsigned char *version,
- unsigned int version_len);
+ uint32 version_len);
+void silc_ske_free_key_material(SilcSKEKeyMaterial *key);
+
#endif
projects / silc.git / blobdiff