silcske.h
- Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
+ Author: Pekka Riikonen <priikone@silcnet.org>
Copyright (C) 2000 - 2001 Pekka Riikonen
/* Forward declaration for security properties. */
typedef struct SilcSKESecurityPropertiesStruct *SilcSKESecurityProperties;
+/* Forward declaration for SKE callbacks structure. */
+typedef struct SilcSKECallbacksStruct *SilcSKECallbacks;
+
/* Supported Public Key Types, defined by the protocol */
typedef enum {
SILC_SKE_PK_TYPE_SILC = 1, /* Mandatory type */
} SilcSKEPKType;
/* Packet sending callback. Caller of the SKE routines must provide
- a routine to send packets to negotiation parties. */
+ a routine to send packets to negotiation parties. See the
+ silc_ske_set_callbacks for more information. */
typedef void (*SilcSKESendPacketCb)(SilcSKE ske, SilcBuffer packet,
SilcPacketType type, void *context);
callers routine might need (payloads etc). This is usually called
to indicate that the application may continue the execution of the
SKE protocol. The application should check the ske->status in this
- callback function. */
+ callback function. This callback is also called when Start Payload
+ is processed. See silc_ske_set_callbacks function for more information. */
typedef void (*SilcSKECb)(SilcSKE ske, void *context);
/* Completion callback that will be called when the public key
key were trusted or not. If the `status' is PENDING then the status
is not considered to be available at this moment. In this case the
SKE libary will assume that the caller will call this callback again
- when the status is available. */
+ when the status is available. See silc_ske_set_callbacks for more
+ information. */
typedef void (*SilcSKEVerifyCbCompletion)(SilcSKE ske,
SilcSKEStatus status,
void *context);
application must call the `completion' callback when the verification
process has been completed. The library then calls the user callback
(SilcSKECb), if it was provided for the function that takes this callback
- function as argument, to indicate that the SKE protocol may continue. */
+ function as argument, to indicate that the SKE protocol may continue.
+ See silc_ske_set_callbacks for more information. */
typedef void (*SilcSKEVerifyCb)(SilcSKE ske,
unsigned char *pk_data,
uint32 pk_len,
SilcSKEVerifyCbCompletion completion,
void *completion_context);
+/* Callback function used to check the version of the remote SKE server.
+ The SKE library will call this function so that the appliation may
+ check its version against the remote host's version. This returns
+ SILC_SKE_STATUS_OK if the version string is Ok, and returns
+ SILC_SKE_STATUS_BAD_VERSION if the version was not acceptable. */
+typedef SilcSKEStatus (*SilcSKECheckVersion)(SilcSKE ske,
+ unsigned char *version,
+ uint32 len, void *context);
+
/* Context passed to key material processing function. The function
returns the processed key material into this structure. */
typedef struct {
unsigned char *send_enc_key;
unsigned char *receive_enc_key;
uint32 enc_key_len;
- unsigned char *hmac_key;
+ unsigned char *send_hmac_key;
+ unsigned char *receive_hmac_key;
uint32 hmac_key_len;
} SilcSKEKeyMaterial;
HASH computation. */
SilcBuffer start_payload_copy;
- /* If initiator, this is responders public key. If responder this
- is our own public key. */
- unsigned char *pk;
- uint32 pk_len;
-
/* Random number x, 1 < x < q. This is the secret exponent
used in Diffie Hellman computations. */
SilcMPInt *x;
/* Current status of SKE */
SilcSKEStatus status;
+
+ /* Reference counter. This is used when SKE library is performing async
+ operations, like public key verification. */
+ int users;
+
+ /* SKE callbacks. */
+ SilcSKECallbacks callbacks;
+
+ /* Backwards support version indicator */
+ uint32 backward_version;
};
/* Prototypes */
SilcSKE silc_ske_alloc();
void silc_ske_free(SilcSKE ske);
+void silc_ske_set_callbacks(SilcSKE ske,
+ SilcSKESendPacketCb send_packet,
+ SilcSKECb payload_receive,
+ SilcSKEVerifyCb verify_key,
+ SilcSKECb proto_continue,
+ SilcSKECheckVersion check_version,
+ void *context);
SilcSKEStatus silc_ske_initiator_start(SilcSKE ske, SilcRng rng,
SilcSocketConnection sock,
- SilcSKEStartPayload *start_payload,
- SilcSKESendPacketCb send_packet,
- void *context);
+ SilcSKEStartPayload *start_payload);
SilcSKEStatus silc_ske_initiator_phase_1(SilcSKE ske,
- SilcBuffer start_payload,
- SilcSKECb callback,
- void *context);
+ SilcBuffer start_payload);
SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske,
SilcPublicKey public_key,
- SilcPrivateKey private_key,
- SilcSKESendPacketCb send_packet,
- void *context);
+ SilcPrivateKey private_key);
SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske,
- SilcBuffer ke_payload,
- SilcSKEVerifyCb verify_key,
- void *verify_context,
- SilcSKECb callback,
- void *context);
+ SilcBuffer ke_payload);
SilcSKEStatus silc_ske_responder_start(SilcSKE ske, SilcRng rng,
SilcSocketConnection sock,
char *version,
SilcBuffer start_payload,
- int mutual_auth,
- SilcSKECb callback,
- void *context);
+ bool mutual_auth);
SilcSKEStatus silc_ske_responder_phase_1(SilcSKE ske,
- SilcSKEStartPayload *start_payload,
- SilcSKESendPacketCb send_packet,
- void *context);
+ SilcSKEStartPayload *start_payload);
SilcSKEStatus silc_ske_responder_phase_2(SilcSKE ske,
- SilcBuffer ke_payload,
- SilcSKEVerifyCb verify_key,
- void *verify_context,
- SilcSKECb callback,
- void *context);
+ SilcBuffer ke_payload);
SilcSKEStatus silc_ske_responder_finish(SilcSKE ske,
SilcPublicKey public_key,
SilcPrivateKey private_key,
- SilcSKEPKType pk_type,
- SilcSKESendPacketCb send_packet,
- void *context);
-SilcSKEStatus silc_ske_end(SilcSKE ske,
- SilcSKESendPacketCb send_packet,
- void *context);
-SilcSKEStatus silc_ske_abort(SilcSKE ske, SilcSKEStatus status,
- SilcSKESendPacketCb send_packet,
- void *context);
+ SilcSKEPKType pk_type);
+SilcSKEStatus silc_ske_end(SilcSKE ske);
+SilcSKEStatus silc_ske_abort(SilcSKE ske, SilcSKEStatus status);
SilcSKEStatus
silc_ske_assemble_security_properties(SilcSKE ske,
unsigned char flags,
char *version,
SilcSKEStartPayload *payload,
SilcSKEStartPayload *remote_payload);
-SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcMPInt n,
+SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcMPInt *n,
uint32 len,
SilcMPInt *rnd);
SilcSKEStatus silc_ske_make_hash(SilcSKE ske,
uint32 req_enc_key_len,
uint32 req_hmac_key_len,
SilcSKEKeyMaterial *key);
-SilcSKEStatus silc_ske_check_version(SilcSKE ske,
- unsigned char *version,
- uint32 version_len);
void silc_ske_free_key_material(SilcSKEKeyMaterial *key);
+const char *silc_ske_map_status(SilcSKEStatus status);
#endif