Author: Pekka Riikonen <priikone@silcnet.org>
- Copyright (C) 2000 - 2007 Pekka Riikonen
+ Copyright (C) 2000 - 2014 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
SILC_SKE_STATUS_SIGNATURE_ERROR, /* Error computing signature */
SILC_SKE_STATUS_OUT_OF_MEMORY, /* System out of memory */
SILC_SKE_STATUS_TIMEOUT, /* Timeout */
+ SILC_SKE_STATUS_PROBE_TIMEOUT, /* Probe timeout */
} SilcSKEStatus;
/***/
*
* SOURCE
*/
-typedef struct {
+typedef struct SilcSKESecurityPropertiesStruct {
SilcSKESecurityPropertyFlag flags; /* Flags */
SilcSKEDiffieHellmanGroup group; /* Selected Diffie Hellman group */
SilcCipher cipher; /* Selected cipher */
*
* SOURCE
*/
-typedef struct {
+typedef struct SilcSKEKeyMaterialStruct {
unsigned char *send_iv;
unsigned char *receive_iv;
SilcUInt32 iv_len;
* function.
*
***/
-typedef struct {
+typedef struct SilcSKERekeyMaterialStruct {
unsigned char *send_enc_key;
char *hash;
unsigned int enc_key_len : 23;
*
* SOURCE
*/
-typedef struct {
+typedef struct SilcSKEParamsObject {
/* The SKE version string that is sent to the remote end. This field
must be set. Caller must free the pointer. */
char *version;
this time it will timeout. If not specified (zero), default value
(30 seconds) will be used. */
SilcUInt16 timeout_secs;
+
+ /* Same as timeout_secs but affects only the first packet sent as
+ initiator. If the responder does not reply to the first packet in this
+ time frame the key exchange will timeout. If not specified (zero),
+ default value (30 seconds) will be used. */
+ SilcUInt16 probe_timeout_secs;
+
+ /* If TRUE small proposal is sent with only one security property
+ proposed instead of list of all currently registered. */
+ SilcBool small_proposal;
+
+ /* If TRUE protocol does not end in SUCCESS acknowledgements. */
+ SilcBool no_acks;
+
+ /* Pre-allocated security properties to use in negotiation. If provided
+ the library will perform only key exchange and proposals aren't
+ exchanged at all. */
+ SilcSKESecurityProperties prop;
} *SilcSKEParams, SilcSKEParamsStruct;
/***/
* SILC_SKE_SP_FLAG_MUTUAL is not set and you are initiator. For
* responder both `public_key' and `private_key' must be set.
*
+ * When allocating SKE session for rekey, the `repository' and `private_key'
+ * pointers must be NULL and the SilcSKEVerifyCb callback must not be
+ * set with silc_ske_set_callbacks.
+ *
* EXMPALE
*
* // Initiator example
* or certificate. The verification process is most likely asynchronous.
* That is why the application must call the completion callback when the
* verification process has been completed. If this SKE session context
- * is used to perform rekey, this callback usually is not provided as
+ * is used to perform rekey, this callback usually is not provided as
* argument since sending public key in rekey is not mandatory. Setting
* this callback implies that remote end MUST send its public key.
*
* the protocol has completed. The `stream' is the network connection
* to the remote host. The SKE library will handle all key exchange
* packets sent and received in the `stream' connection. The library will
- * also set the remote host's ID automatically to the `stream'. The
- * `params' include SKE parameters, and it must be provided.
+ * also set the remote host's ID automatically to the `stream' if it is
+ * present in the exchanged packets. The `params' include SKE parameters,
+ * and it must be provided.
*
* If the `start_payload' is NULL the library will generate it
* automatically. Caller may provide it if it wants to send its own
* callback that was set in silc_ske_set_callbacks will be called once
* the protocol has completed. The `stream' is the network connection
* to the remote host. The SKE library will handle all key exchange
- * packets sent and received in the `stream' connection. The `params'
- * include SKE parameters, and must be provided.
+ * packets sent and received in the `stream' connection. The library will
+ * also set the remote hosts's ID automatically to the `stream' if it is
+ * present in the exchanged packets. The `params' include SKE parameters,
+ * and must be provided.
*
* This function returns SilcAsyncOperation operation context which can
* be used to control the protocol from the application. Application may