X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=lib%2Fsilcclient%2Fprotocol.c;h=4bf277c8a2e5759eb330a1b1e343fc487a097cf9;hb=a818c5b5411bbc4436d1c5f011236985c96bb787;hp=ecfa193cd729231badf5c00e86f387a678daf644;hpb=7d0ea3fa6be5ed0b3597a9a79f72870d6e2977c7;p=silc.git diff --git a/lib/silcclient/protocol.c b/lib/silcclient/protocol.c index ecfa193c..4bf277c8 100644 --- a/lib/silcclient/protocol.c +++ b/lib/silcclient/protocol.c @@ -22,7 +22,8 @@ */ /* $Id$ */ -#include "clientlibincludes.h" +#include "silcincludes.h" +#include "silcclient.h" #include "client_internal.h" SILC_TASK_CALLBACK(silc_client_protocol_connection_auth); @@ -77,7 +78,7 @@ static void silc_client_verify_key_cb(bool success, void *context) void silc_client_protocol_ke_verify_key(SilcSKE ske, unsigned char *pk_data, - uint32 pk_len, + SilcUInt32 pk_len, SilcSKEPKType pk_type, void *context, SilcSKEVerifyCbCompletion completion, @@ -97,10 +98,10 @@ void silc_client_protocol_ke_verify_key(SilcSKE ske, verify->completion_context = completion_context; /* Verify public key from user. */ - client->ops->verify_public_key(client, ctx->sock->user_data, - ctx->sock->type, - pk_data, pk_len, pk_type, - silc_client_verify_key_cb, verify); + client->internal->ops->verify_public_key(client, ctx->sock->user_data, + ctx->sock->type, + pk_data, pk_len, pk_type, + silc_client_verify_key_cb, verify); } /* Sets the negotiated key material into use for particular connection. */ @@ -112,7 +113,8 @@ void silc_client_protocol_ke_set_keys(SilcSKE ske, SilcPKCS pkcs, SilcHash hash, SilcHmac hmac, - SilcSKEDiffieHellmanGroup group) + SilcSKEDiffieHellmanGroup group, + bool is_responder) { SilcClientConnection conn = (SilcClientConnection)sock->user_data; @@ -121,34 +123,43 @@ void silc_client_protocol_ke_set_keys(SilcSKE ske, /* Allocate cipher to be used in the communication */ silc_cipher_alloc(cipher->cipher->name, &conn->send_key); silc_cipher_alloc(cipher->cipher->name, &conn->receive_key); - - conn->send_key->cipher->set_key(conn->send_key->context, - keymat->send_enc_key, - keymat->enc_key_len); - conn->send_key->set_iv(conn->send_key, keymat->send_iv); - conn->receive_key->cipher->set_key(conn->receive_key->context, - keymat->receive_enc_key, - keymat->enc_key_len); - conn->receive_key->set_iv(conn->receive_key, keymat->receive_iv); + silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL, &conn->hmac_send); + silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL, &conn->hmac_receive); + + if (is_responder == TRUE) { + silc_cipher_set_key(conn->send_key, keymat->receive_enc_key, + keymat->enc_key_len); + silc_cipher_set_iv(conn->send_key, keymat->receive_iv); + silc_cipher_set_key(conn->receive_key, keymat->send_enc_key, + keymat->enc_key_len); + silc_cipher_set_iv(conn->receive_key, keymat->send_iv); + silc_hmac_set_key(conn->hmac_send, keymat->receive_hmac_key, + keymat->hmac_key_len); + silc_hmac_set_key(conn->hmac_receive, keymat->send_hmac_key, + keymat->hmac_key_len); + } else { + silc_cipher_set_key(conn->send_key, keymat->send_enc_key, + keymat->enc_key_len); + silc_cipher_set_iv(conn->send_key, keymat->send_iv); + silc_cipher_set_key(conn->receive_key, keymat->receive_enc_key, + keymat->enc_key_len); + silc_cipher_set_iv(conn->receive_key, keymat->receive_iv); + silc_hmac_set_key(conn->hmac_send, keymat->send_hmac_key, + keymat->hmac_key_len); + silc_hmac_set_key(conn->hmac_receive, keymat->receive_hmac_key, + keymat->hmac_key_len); + } /* Rekey stuff */ conn->rekey = silc_calloc(1, sizeof(*conn->rekey)); - conn->rekey->send_enc_key = - silc_calloc(keymat->enc_key_len / 8, - sizeof(*conn->rekey->send_enc_key)); - memcpy(conn->rekey->send_enc_key, - keymat->send_enc_key, keymat->enc_key_len / 8); + conn->rekey->send_enc_key = silc_memdup(keymat->send_enc_key, + keymat->enc_key_len / 8); conn->rekey->enc_key_len = keymat->enc_key_len / 8; if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS) conn->rekey->pfs = TRUE; conn->rekey->ske_group = silc_ske_group_get_number(group); - /* Save HMAC key to be used in the communication. */ - silc_hmac_alloc(hmac->hmac->name, NULL, &conn->hmac_send); - silc_hmac_set_key(conn->hmac_send, keymat->hmac_key, keymat->hmac_key_len); - conn->hmac_receive = conn->hmac_send; - /* Save the HASH function */ silc_hash_alloc(hash->hash->name, &conn->hash); } @@ -156,7 +167,7 @@ void silc_client_protocol_ke_set_keys(SilcSKE ske, /* Checks the version string of the server. */ SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version, - uint32 len, void *context) + SilcUInt32 len, void *context) { SilcClientConnection conn = (SilcClientConnection)ske->sock->user_data; SilcClient client = (SilcClient)ske->user_data; @@ -184,7 +195,7 @@ SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version, if (cp) build = atoi(cp + 1); - cp = client->silc_client_version + 9; + cp = client->internal->silc_client_version + 9; if (!cp) status = SILC_SKE_STATUS_BAD_VERSION; @@ -200,12 +211,15 @@ SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version, if (maj != maj2) status = SILC_SKE_STATUS_BAD_VERSION; - if (min < min2) - status = SILC_SKE_STATUS_BAD_VERSION; + + /* XXX backward support for 0.6.1 */ + if (maj == 0 && min == 6 && build < 2) + ske->backward_version = 1; if (status != SILC_SKE_STATUS_OK) - client->ops->say(client, conn, SILC_CLIENT_MESSAGE_AUDIT, - "We don't support server version `%s'", version); + client->internal->ops->say(client, conn, SILC_CLIENT_MESSAGE_AUDIT, + "We don't support server version `%s'", + version); return status; } @@ -229,22 +243,11 @@ static void silc_client_protocol_ke_continue(SilcSKE ske, SILC_LOG_DEBUG(("Start")); if (ske->status != SILC_SKE_STATUS_OK) { - if (ske->status == SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY) { - client->ops->say(client, conn, SILC_CLIENT_MESSAGE_AUDIT, - "Received unsupported server %s public key", - ctx->sock->hostname); - } else if (ske->status == SILC_SKE_STATUS_PUBLIC_KEY_NOT_PROVIDED) { - client->ops->say(client, conn, SILC_CLIENT_MESSAGE_AUDIT, - "Remote host did not send its public key, even though " - "it must send it"); - } else { - client->ops->say(client, conn, SILC_CLIENT_MESSAGE_ERROR, - "Error during key exchange protocol with server %s", - ctx->sock->hostname); - } - + /* Call failure client operation */ + client->internal->ops->failure(client, conn, protocol, + (void *)ske->status); protocol->state = SILC_PROTOCOL_STATE_ERROR; - silc_protocol_execute(protocol, client->timeout_queue, 0, 0); + silc_protocol_execute(protocol, client->schedule, 0, 0); return; } @@ -264,7 +267,7 @@ static void silc_client_protocol_ke_continue(SilcSKE ske, function. */ if (ctx->responder == TRUE) { protocol->state++; - silc_protocol_execute(protocol, client->timeout_queue, 0, 100000); + silc_protocol_execute(protocol, client->schedule, 0, 100000); } } @@ -294,10 +297,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_key_exchange) SilcSKE ske; /* Allocate Key Exchange object */ - ske = silc_ske_alloc(); - ctx->ske = ske; - ske->rng = client->rng; - ske->user_data = (void *)client; + ctx->ske = ske = silc_ske_alloc(client->rng, client); silc_ske_set_callbacks(ske, ctx->send_packet, NULL, ctx->verify, @@ -308,16 +308,18 @@ SILC_TASK_CALLBACK(silc_client_protocol_key_exchange) if (ctx->responder == TRUE) { /* Start the key exchange by processing the received security properties packet from initiator. */ - status = silc_ske_responder_start(ske, ctx->rng, ctx->sock, - client->silc_client_version, - ctx->packet->buffer, TRUE); + status = + silc_ske_responder_start(ske, ctx->rng, ctx->sock, + client->internal->silc_client_version, + ctx->packet->buffer, TRUE); } else { SilcSKEStartPayload *start_payload; /* Assemble security properties. */ - silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE, - client->silc_client_version, - &start_payload); + silc_ske_assemble_security_properties( + ske, SILC_SKE_SP_FLAG_MUTUAL, + client->internal->silc_client_version, + &start_payload); /* Start the key exchange by sending our security properties to the remote end. */ @@ -336,14 +338,14 @@ SILC_TASK_CALLBACK(silc_client_protocol_key_exchange) status)); protocol->state = SILC_PROTOCOL_STATE_ERROR; - silc_protocol_execute(protocol, client->timeout_queue, 0, 0); + silc_protocol_execute(protocol, client->schedule, 0, 0); return; } /* Advance protocol state and call the next state if we are responder */ protocol->state++; if (ctx->responder == TRUE) - silc_protocol_execute(protocol, client->timeout_queue, 0, 100000); + silc_protocol_execute(protocol, client->schedule, 0, 100000); } break; case 2: @@ -353,9 +355,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_key_exchange) */ if (ctx->responder == TRUE) { /* Sends the selected security properties to the initiator. */ - status = - silc_ske_responder_phase_1(ctx->ske, - ctx->ske->start_payload); + status = silc_ske_responder_phase_1(ctx->ske); } else { /* Call Phase-1 function. This processes the Key Exchange Start paylaod reply we just got from the responder. The callback @@ -371,14 +371,14 @@ SILC_TASK_CALLBACK(silc_client_protocol_key_exchange) status)); protocol->state = SILC_PROTOCOL_STATE_ERROR; - silc_protocol_execute(protocol, client->timeout_queue, 0, 0); + silc_protocol_execute(protocol, client->schedule, 0, 0); return; } /* Advance protocol state and call next state if we are initiator */ protocol->state++; if (ctx->responder == FALSE) - silc_protocol_execute(protocol, client->timeout_queue, 0, 100000); + silc_protocol_execute(protocol, client->schedule, 0, 100000); } break; case 3: @@ -398,7 +398,8 @@ SILC_TASK_CALLBACK(silc_client_protocol_key_exchange) Key Exhange 1 Payload to the responder. */ status = silc_ske_initiator_phase_2(ctx->ske, client->public_key, - client->private_key); + client->private_key, + SILC_SKE_PK_TYPE_SILC); protocol->state++; } @@ -413,7 +414,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_key_exchange) status)); protocol->state = SILC_PROTOCOL_STATE_ERROR; - silc_protocol_execute(protocol, client->timeout_queue, 0, 0); + silc_protocol_execute(protocol, client->schedule, 0, 0); return; } } @@ -446,16 +447,18 @@ SILC_TASK_CALLBACK(silc_client_protocol_key_exchange) if (status != SILC_SKE_STATUS_OK) { if (status == SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY) { - client->ops->say(client, conn, SILC_CLIENT_MESSAGE_AUDIT, - "Received unsupported server %s public key", - ctx->sock->hostname); + client->internal->ops->say( + client, conn, SILC_CLIENT_MESSAGE_AUDIT, + "Received unsupported server %s public key", + ctx->sock->hostname); } else { - client->ops->say(client, conn, SILC_CLIENT_MESSAGE_AUDIT, + client->internal->ops->say( + client, conn, SILC_CLIENT_MESSAGE_AUDIT, "Error during key exchange protocol with server %s", ctx->sock->hostname); } protocol->state = SILC_PROTOCOL_STATE_ERROR; - silc_protocol_execute(protocol, client->timeout_queue, 0, 0); + silc_protocol_execute(protocol, client->schedule, 0, 0); return; } } @@ -476,7 +479,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_key_exchange) keymat); if (status != SILC_SKE_STATUS_OK) { protocol->state = SILC_PROTOCOL_STATE_ERROR; - silc_protocol_execute(protocol, client->timeout_queue, 0, 300000); + silc_protocol_execute(protocol, client->schedule, 0, 300000); silc_ske_free_key_material(keymat); return; } @@ -491,11 +494,11 @@ SILC_TASK_CALLBACK(silc_client_protocol_key_exchange) This was the timeout task to be executed if the protocol is not completed fast enough. */ if (ctx->timeout_task) - silc_task_unregister(client->timeout_queue, ctx->timeout_task); + silc_schedule_task_del(client->schedule, ctx->timeout_task); /* Protocol has ended, call the final callback */ if (protocol->final_callback) - silc_protocol_execute_final(protocol, client->timeout_queue); + silc_protocol_execute_final(protocol, client->schedule); else silc_protocol_free(protocol); } @@ -511,7 +514,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_key_exchange) /* On error the final callback is always called. */ if (protocol->final_callback) - silc_protocol_execute_final(protocol, client->timeout_queue); + silc_protocol_execute_final(protocol, client->schedule); else silc_protocol_free(protocol); break; @@ -525,11 +528,11 @@ SILC_TASK_CALLBACK(silc_client_protocol_key_exchange) This was the timeout task to be executed if the protocol is not completed fast enough. */ if (ctx->timeout_task) - silc_task_unregister(client->timeout_queue, ctx->timeout_task); + silc_schedule_task_del(client->schedule, ctx->timeout_task); /* On error the final callback is always called. */ if (protocol->final_callback) - silc_protocol_execute_final(protocol, client->timeout_queue); + silc_protocol_execute_final(protocol, client->schedule); else silc_protocol_free(protocol); break; @@ -544,26 +547,17 @@ SILC_TASK_CALLBACK(silc_client_protocol_key_exchange) static int silc_client_get_public_key_auth(SilcClient client, - char *filepath, + SilcClientConnection conn, unsigned char *auth_data, - uint32 *auth_data_len, + SilcUInt32 *auth_data_len, SilcSKE ske) { int len; SilcPKCS pkcs; SilcBuffer auth; - SilcPublicKey pub_key; - if (!silc_pkcs_load_public_key(filepath,&pub_key, SILC_PKCS_FILE_PEM)) - if (!silc_pkcs_load_public_key(filepath, &pub_key, SILC_PKCS_FILE_BIN)) - return FALSE; - - silc_pkcs_alloc(pub_key->name, &pkcs); - if (!silc_pkcs_public_key_set(pkcs, pub_key)) { - silc_pkcs_free(pkcs); - silc_pkcs_public_key_free(pub_key); - return FALSE; - } + /* Use our default key */ + pkcs = client->pkcs; /* Make the authentication data. Protocol says it is HASH plus KE Start Payload. */ @@ -576,16 +570,13 @@ silc_client_get_public_key_auth(SilcClient client, ske->start_payload_copy->len), SILC_STR_END); - if (silc_pkcs_sign(pkcs, auth->data, auth->len, auth_data, auth_data_len)) { - silc_pkcs_free(pkcs); + if (silc_pkcs_sign_with_hash(pkcs, ske->prop->hash, auth->data, + auth->len, auth_data, auth_data_len)) { silc_buffer_free(auth); - silc_pkcs_public_key_free(pub_key); return TRUE; } - silc_pkcs_free(pkcs); silc_buffer_free(auth); - silc_pkcs_public_key_free(pub_key); return FALSE; } @@ -594,7 +585,7 @@ silc_client_get_public_key_auth(SilcClient client, static void silc_client_conn_auth_continue(unsigned char *auth_data, - uint32 auth_data_len, void *context) + SilcUInt32 auth_data_len, void *context) { SilcProtocol protocol = (SilcProtocol)context; SilcClientConnAuthInternalContext *ctx = @@ -619,11 +610,6 @@ silc_client_conn_auth_continue(unsigned char *auth_data, SILC_PACKET_CONNECTION_AUTH, NULL, 0, NULL, NULL, packet->data, packet->len, TRUE); - - if (auth_data) { - memset(auth_data, 0, auth_data_len); - silc_free(auth_data); - } silc_buffer_free(packet); /* Next state is end of protocol */ @@ -651,7 +637,8 @@ SILC_TASK_CALLBACK(silc_client_protocol_connection_auth) * to be authenticated. */ unsigned char *auth_data = NULL; - uint32 auth_data_len = 0; + SilcUInt32 auth_data_len = 0; + unsigned char sign[1024]; switch(ctx->auth_meth) { case SILC_AUTH_NONE: @@ -666,27 +653,28 @@ SILC_TASK_CALLBACK(silc_client_protocol_connection_auth) break; } - client->ops->say(client, conn, SILC_CLIENT_MESSAGE_INFO, - "Password authentication required by server %s", - ctx->sock->hostname); - client->ops->ask_passphrase(client, conn, - silc_client_conn_auth_continue, - protocol); + client->internal->ops->say( + client, conn, SILC_CLIENT_MESSAGE_INFO, + "Password authentication required by server %s", + ctx->sock->hostname); + client->internal->ops->ask_passphrase(client, conn, + silc_client_conn_auth_continue, + protocol); return; break; case SILC_AUTH_PUBLIC_KEY: - { - unsigned char sign[1024]; - + if (!ctx->auth_data) { /* Public key authentication */ - silc_client_get_public_key_auth(client, ctx->auth_data, - sign, &auth_data_len, + silc_client_get_public_key_auth(client, conn, sign, &auth_data_len, ctx->ske); - auth_data = silc_calloc(auth_data_len, sizeof(*auth_data)); - memcpy(auth_data, sign, auth_data_len); - break; + auth_data = sign; + } else { + auth_data = ctx->auth_data; + auth_data_len = ctx->auth_data_len; } + + break; } silc_client_conn_auth_continue(auth_data, @@ -702,7 +690,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_connection_auth) /* Protocol has ended, call the final callback */ if (protocol->final_callback) - silc_protocol_execute_final(protocol, client->timeout_queue); + silc_protocol_execute_final(protocol, client->schedule); else silc_protocol_free(protocol); } @@ -724,7 +712,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_connection_auth) /* On error the final callback is always called. */ if (protocol->final_callback) - silc_protocol_execute_final(protocol, client->timeout_queue); + silc_protocol_execute_final(protocol, client->schedule); else silc_protocol_free(protocol); } @@ -736,7 +724,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_connection_auth) /* On error the final callback is always called. */ if (protocol->final_callback) - silc_protocol_execute_final(protocol, client->timeout_queue); + silc_protocol_execute_final(protocol, client->schedule); else silc_protocol_free(protocol); break; @@ -766,41 +754,37 @@ silc_client_protocol_rekey_validate(SilcClient client, silc_cipher_set_key(conn->send_key, keymat->receive_enc_key, keymat->enc_key_len); silc_cipher_set_iv(conn->send_key, keymat->receive_iv); + silc_hmac_set_key(conn->hmac_send, keymat->receive_hmac_key, + keymat->hmac_key_len); } else { silc_cipher_set_key(conn->receive_key, keymat->send_enc_key, keymat->enc_key_len); silc_cipher_set_iv(conn->receive_key, keymat->send_iv); + silc_hmac_set_key(conn->hmac_receive, keymat->send_hmac_key, + keymat->hmac_key_len); } } else { if (send) { silc_cipher_set_key(conn->send_key, keymat->send_enc_key, keymat->enc_key_len); silc_cipher_set_iv(conn->send_key, keymat->send_iv); + silc_hmac_set_key(conn->hmac_send, keymat->send_hmac_key, + keymat->hmac_key_len); } else { silc_cipher_set_key(conn->receive_key, keymat->receive_enc_key, keymat->enc_key_len); silc_cipher_set_iv(conn->receive_key, keymat->receive_iv); + silc_hmac_set_key(conn->hmac_receive, keymat->receive_hmac_key, + keymat->hmac_key_len); } } - if (send) { - silc_hmac_alloc(conn->hmac_receive->hmac->name, NULL, &conn->hmac_send); - silc_hmac_set_key(conn->hmac_send, keymat->hmac_key, - keymat->hmac_key_len); - } else { - silc_hmac_free(conn->hmac_receive); - conn->hmac_receive = conn->hmac_send; - } - /* Save the current sending encryption key */ if (!send) { memset(conn->rekey->send_enc_key, 0, conn->rekey->enc_key_len); silc_free(conn->rekey->send_enc_key); - conn->rekey->send_enc_key = - silc_calloc(keymat->enc_key_len / 8, - sizeof(*conn->rekey->send_enc_key)); - memcpy(conn->rekey->send_enc_key, keymat->send_enc_key, - keymat->enc_key_len / 8); + conn->rekey->send_enc_key = silc_memdup(keymat->send_enc_key, + keymat->enc_key_len / 8); conn->rekey->enc_key_len = keymat->enc_key_len / 8; } } @@ -815,8 +799,8 @@ silc_client_protocol_rekey_generate(SilcClient client, { SilcClientConnection conn = (SilcClientConnection)ctx->sock->user_data; SilcSKEKeyMaterial *keymat; - uint32 key_len = silc_cipher_get_key_len(conn->send_key); - uint32 hash_len = conn->hash->hash->hash_len; + SilcUInt32 key_len = silc_cipher_get_key_len(conn->send_key); + SilcUInt32 hash_len = conn->hash->hash->hash_len; SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)", send ? "sending" : "receiving")); @@ -844,10 +828,10 @@ silc_client_protocol_rekey_generate_pfs(SilcClient client, { SilcClientConnection conn = (SilcClientConnection)ctx->sock->user_data; SilcSKEKeyMaterial *keymat; - uint32 key_len = silc_cipher_get_key_len(conn->send_key); - uint32 hash_len = conn->hash->hash->hash_len; + SilcUInt32 key_len = silc_cipher_get_key_len(conn->send_key); + SilcUInt32 hash_len = conn->hash->hash->hash_len; unsigned char *tmpbuf; - uint32 klen; + SilcUInt32 klen; SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)", send ? "sending" : "receiving")); @@ -926,13 +910,12 @@ SILC_TASK_CALLBACK(silc_client_protocol_rekey) if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) { /* Error in protocol */ protocol->state = SILC_PROTOCOL_STATE_ERROR; - silc_protocol_execute(protocol, client->timeout_queue, 0, 300000); + silc_protocol_execute(protocol, client->schedule, 0, 300000); } - ctx->ske = silc_ske_alloc(); - ctx->ske->rng = client->rng; + ctx->ske = silc_ske_alloc(client->rng, client); ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop)); - silc_ske_get_group_by_number(conn->rekey->ske_group, + silc_ske_group_get_by_number(conn->rekey->ske_group, &ctx->ske->prop->group); silc_ske_set_callbacks(ctx->ske, @@ -946,13 +929,13 @@ SILC_TASK_CALLBACK(silc_client_protocol_rekey) status)); protocol->state = SILC_PROTOCOL_STATE_ERROR; - silc_protocol_execute(protocol, client->timeout_queue, 0, 300000); + silc_protocol_execute(protocol, client->schedule, 0, 300000); return; } /* Advance the protocol state */ protocol->state++; - silc_protocol_execute(protocol, client->timeout_queue, 0, 0); + silc_protocol_execute(protocol, client->schedule, 0, 0); } else { /* * Do normal and simple re-key. @@ -986,10 +969,9 @@ SILC_TASK_CALLBACK(silc_client_protocol_rekey) * Use Perfect Forward Secrecy, ie. negotiate the key material * using the SKE protocol. */ - ctx->ske = silc_ske_alloc(); - ctx->ske->rng = client->rng; + ctx->ske = silc_ske_alloc(client->rng, client); ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop)); - silc_ske_get_group_by_number(conn->rekey->ske_group, + silc_ske_group_get_by_number(conn->rekey->ske_group, &ctx->ske->prop->group); silc_ske_set_callbacks(ctx->ske, @@ -997,13 +979,13 @@ SILC_TASK_CALLBACK(silc_client_protocol_rekey) NULL, NULL, NULL, silc_ske_check_version, context); - status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL); + status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL, 0); if (status != SILC_SKE_STATUS_OK) { SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)", status)); protocol->state = SILC_PROTOCOL_STATE_ERROR; - silc_protocol_execute(protocol, client->timeout_queue, 0, 300000); + silc_protocol_execute(protocol, client->schedule, 0, 300000); return; } @@ -1050,7 +1032,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_rekey) status)); protocol->state = SILC_PROTOCOL_STATE_ERROR; - silc_protocol_execute(protocol, client->timeout_queue, 0, 300000); + silc_protocol_execute(protocol, client->schedule, 0, 300000); return; } } @@ -1063,7 +1045,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_rekey) if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) { /* Error in protocol */ protocol->state = SILC_PROTOCOL_STATE_ERROR; - silc_protocol_execute(protocol, client->timeout_queue, 0, 300000); + silc_protocol_execute(protocol, client->schedule, 0, 300000); } status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer); @@ -1072,7 +1054,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_rekey) status)); protocol->state = SILC_PROTOCOL_STATE_ERROR; - silc_protocol_execute(protocol, client->timeout_queue, 0, 300000); + silc_protocol_execute(protocol, client->schedule, 0, 300000); return; } } @@ -1100,7 +1082,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_rekey) if (ctx->packet->type != SILC_PACKET_REKEY_DONE) { /* Error in protocol */ protocol->state = SILC_PROTOCOL_STATE_ERROR; - silc_protocol_execute(protocol, client->timeout_queue, 0, 0); + silc_protocol_execute(protocol, client->schedule, 0, 0); } /* We received the REKEY_DONE packet and all packets after this is @@ -1109,7 +1091,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_rekey) /* Protocol has ended, call the final callback */ if (protocol->final_callback) - silc_protocol_execute_final(protocol, client->timeout_queue); + silc_protocol_execute_final(protocol, client->schedule); else silc_protocol_free(protocol); break; @@ -1126,7 +1108,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_rekey) /* On error the final callback is always called. */ if (protocol->final_callback) - silc_protocol_execute_final(protocol, client->timeout_queue); + silc_protocol_execute_final(protocol, client->schedule); else silc_protocol_free(protocol); break; @@ -1138,7 +1120,7 @@ SILC_TASK_CALLBACK(silc_client_protocol_rekey) /* On error the final callback is always called. */ if (protocol->final_callback) - silc_protocol_execute_final(protocol, client->timeout_queue); + silc_protocol_execute_final(protocol, client->schedule); else silc_protocol_free(protocol); break;