Author: Pekka Riikonen <priikone@silcnet.org>
- Copyright (C) 2005 Pekka Riikonen
+ Copyright (C) 2005 - 2007 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
/* Compute signature */
if (!silc_pkcs_sign(private_key, auth->data, silc_buffer_len(auth),
- *auth_data, len, auth_data_len, ske->prop->hash)) {
+ *auth_data, len, auth_data_len, TRUE, ske->prop->hash)) {
silc_free(*auth_data);
silc_buffer_free(auth);
return FALSE;
if (connauth->aborted) {
/** Aborted */
silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Start timeout */
if (!auth_data) {
/** Out of memory */
silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
auth_data_len = connauth->auth_data_len;
flags = SILC_PACKET_FLAG_LONG_PAD;
if (!silc_connauth_get_signature(connauth, &auth_data, &auth_data_len)) {
/** Error computing signature */
silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
break;
}
if (!packet) {
/** Out of memory */
silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
silc_buffer_format(packet,
flags, packet->data, silc_buffer_len(packet))) {
/** Error sending packet */
silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
if (auth_data) {
/** Wait for responder */
silc_fsm_next(fsm, silc_connauth_st_initiator_result);
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
}
SILC_FSM_STATE(silc_connauth_st_initiator_result)
if (connauth->aborted) {
/** Aborted */
silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Check the status of authentication */
/* Call completion callback */
connauth->completion(connauth, connauth->success, connauth->context);
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
SILC_FSM_STATE(silc_connauth_st_initiator_failure)
&silc_connauth_stream_cbs, connauth);
silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
SilcAsyncOperation
if (connauth->aborted) {
/** Aborted */
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Start timeout */
/** Wait for initiator */
silc_fsm_next(fsm, silc_connauth_st_responder_authenticate);
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
}
SILC_FSM_STATE(silc_connauth_st_responder_authenticate)
/** Aborted */
silc_packet_free(connauth->packet);
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
if (connauth->packet->type != SILC_PACKET_CONNECTION_AUTH) {
/** Protocol failure */
silc_packet_free(connauth->packet);
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Parse the received authentication data packet. The received
SILC_LOG_ERROR(("Bad payload in authentication packet"));
silc_packet_free(connauth->packet);
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
if (payload_len != silc_buffer_len(&connauth->packet->buffer)) {
SILC_LOG_ERROR(("Bad payload length in authentication packet"));
silc_packet_free(connauth->packet);
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
payload_len -= 4;
conn_type));
silc_packet_free(connauth->packet);
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
if (payload_len > 0) {
SILC_LOG_DEBUG(("Bad payload in authentication payload"));
silc_packet_free(connauth->packet);
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
}
silc_packet_free(connauth->packet);
/** Connection not configured */
SILC_LOG_ERROR(("Remote connection not configured"));
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Verify */
if (!memcmp(auth_data, passphrase, passphrase_len)) {
/** Authentication failed */
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
} else if (repository) {
/* Digital signature */
if (!find || !connauth->auth_data) {
/** Out of memory */
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
silc_skr_find_set_pkcs_type(find, connauth->ske->pk_type);
/** Authentication successful */
silc_fsm_next(fsm, silc_connauth_st_responder_success);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
SILC_FSM_STATE(silc_connauth_st_responder_authenticate_pk)
if (connauth->aborted) {
/** Aborted */
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
if (connauth->skr_status != SILC_SKR_OK) {
/** Public key not found */
SILC_LOG_DEBUG(("Public key not found, error %d", connauth->skr_status));
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
SILC_LOG_DEBUG(("Found %d public keys",
SILC_LOG_DEBUG(("Invalid signature"));
silc_free(connauth->auth_data);
silc_fsm_next(fsm, silc_connauth_st_responder_failure);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
silc_free(connauth->auth_data);
/** Authentication successful */
silc_fsm_next(fsm, silc_connauth_st_responder_success);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
SILC_FSM_STATE(silc_connauth_st_responder_success)
&silc_connauth_stream_cbs, connauth);
silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
SILC_FSM_STATE(silc_connauth_st_responder_failure)
&silc_connauth_stream_cbs, connauth);
silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
SilcAsyncOperation
Author: Pekka Riikonen <priikone@silcnet.org>
- Copyright (C) 2000 - 2006 Pekka Riikonen
+ Copyright (C) 2000 - 2007 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
SILC_FSM_STATE(silc_ske_st_rekey_initiator_start);
SILC_FSM_STATE(silc_ske_st_rekey_initiator_done);
SILC_FSM_STATE(silc_ske_st_rekey_initiator_end);
+SILC_TASK_CALLBACK(silc_ske_packet_send_retry);
SilcSKEKeyMaterial
silc_ske_process_key_material(SilcSKE ske,
/* Clear retransmission */
ske->retry_timer = SILC_SKE_RETRY_MIN;
ske->retry_count = 0;
- silc_schedule_task_del_by_context(ske->schedule, ske);
+ silc_schedule_task_del_by_callback(ske->schedule,
+ silc_ske_packet_send_retry);
/* Signal for new packet */
ske->packet = packet;
silc_ske_free(ske);
}
+/* Key exchange timeout task callback */
+
+SILC_TASK_CALLBACK(silc_ske_timeout)
+{
+ SilcSKE ske = context;
+
+ SILC_LOG_DEBUG(("Timeout"));
+
+ ske->packet = NULL;
+ ske->status = SILC_SKE_STATUS_TIMEOUT;
+ if (ske->responder)
+ silc_fsm_next(&ske->fsm, silc_ske_st_responder_failure);
+ else
+ silc_fsm_next(&ske->fsm, silc_ske_st_initiator_failure);
+
+ silc_fsm_continue_sync(&ske->fsm);
+}
+
/******************************* Protocol API *******************************/
/* Allocates new SKE object. */
if (ske->running) {
ske->freed = TRUE;
+
+ if (ske->aborted) {
+ /* If already aborted, destroy the session immediately */
+ ske->packet = NULL;
+ ske->status = SILC_SKE_STATUS_ERROR;
+ if (ske->responder)
+ silc_fsm_next(&ske->fsm, silc_ske_st_responder_failure);
+ else
+ silc_fsm_next(&ske->fsm, silc_ske_st_initiator_failure);
+ silc_fsm_continue_sync(&ske->fsm);
+ }
return;
}
if (ske->aborted) {
/** Aborted */
silc_fsm_next(fsm, silc_ske_st_initiator_aborted);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Encode the payload */
/** Error encoding Start Payload */
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Save the the payload buffer for future use. It is later used to
SILC_LOG_DEBUG(("Error sending packet"));
ske->status = SILC_SKE_STATUS_ERROR;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
- /* XXX timeout */
+ /* Add key exchange timeout */
+ silc_schedule_task_add_timeout(ske->schedule, silc_ske_timeout,
+ ske, ske->timeout, 0);
/** Wait for responder proposal */
- SILC_LOG_DEBUG(("Waiting for reponder proposal"));
+ SILC_LOG_DEBUG(("Waiting for responder proposal"));
silc_fsm_next(fsm, silc_ske_st_initiator_phase1);
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
}
/* Phase-1. Receives responder's proposal */
silc_ske_install_retransmission(ske);
silc_packet_free(ske->packet);
ske->packet = NULL;
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
}
/* Decode the payload */
ske->packet = NULL;
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Get remote ID and set it to stream */
SILC_LOG_ERROR(("Invalid cookie, modified or unsupported feature"));
ske->status = SILC_SKE_STATUS_INVALID_COOKIE;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Check version string */
/** Version mismatch */
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Free our KE Start Payload context, we don't need it anymore. */
/** Send KE Payload */
silc_fsm_next(fsm, silc_ske_st_initiator_phase2);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
err:
if (payload)
/** Error */
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Phase-2. Send KE payload */
/** Out of memory */
ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
silc_mp_init(x);
status =
silc_free(x);
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Encode the result to Key Exchange Payload. */
silc_free(x);
ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
ske->ke1_payload = payload;
ske->ke1_payload = NULL;
ske->status = SILC_SKE_STATUS_ERROR;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
payload->pk_len = pk_len;
payload->pk_type = silc_pkcs_get_type(ske->public_key);
/* Sign the hash value */
if (!silc_pkcs_sign(ske->private_key, hash, hash_len, sign,
- sizeof(sign) - 1, &sign_len, NULL)) {
+ sizeof(sign) - 1, &sign_len, FALSE, ske->prop->hash)) {
/** Error computing signature */
silc_mp_uninit(x);
silc_free(x);
ske->ke1_payload = NULL;
ske->status = SILC_SKE_STATUS_SIGNATURE_ERROR;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
payload->sign_data = silc_memdup(sign, sign_len);
if (payload->sign_data)
ske->ke1_payload = NULL;
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
ske->x = x;
SILC_LOG_DEBUG(("Error sending packet"));
ske->status = SILC_SKE_STATUS_ERROR;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
silc_buffer_free(payload_buf);
/** Waiting responder's KE payload */
silc_fsm_next(fsm, silc_ske_st_initiator_phase3);
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
}
/* Phase-3. Process responder's KE payload */
silc_ske_install_retransmission(ske);
silc_packet_free(ske->packet);
ske->packet = NULL;
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
}
/* Decode the payload */
ske->packet = NULL;
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
silc_packet_free(ske->packet);
ske->packet = NULL;
/** Process key material */
silc_fsm_next(fsm, silc_ske_st_initiator_phase4);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
err:
silc_ske_payload_ke_free(payload);
/** Error */
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Process key material */
if (ske->aborted) {
/** Aborted */
silc_fsm_next(fsm, silc_ske_st_initiator_aborted);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Check result of public key verification */
/** Public key not verified */
SILC_LOG_DEBUG(("Public key verification failed"));
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
payload = ske->ke2_payload;
if (ske->rekey) {
/** Finish rekey */
silc_fsm_next(fsm, silc_ske_st_rekey_initiator_done);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Process key material */
SILC_LOG_DEBUG(("Error sending packet"));
ske->status = SILC_SKE_STATUS_ERROR;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/** Waiting completion */
silc_fsm_next(fsm, silc_ske_st_initiator_end);
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
err:
memset(hash, 'F', sizeof(hash));
/** Error */
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Protocol completed */
silc_ske_install_retransmission(ske);
silc_packet_free(ske->packet);
ske->packet = NULL;
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
}
SILC_LOG_DEBUG(("Key exchange completed successfully"));
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
/* Aborted by application */
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
/* Error occurred. Send error to remote host */
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
/* Failure received from remote */
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
/* Starts the protocol as initiator */
return NULL;
}
+ ske->timeout = params->timeout_secs ? params->timeout_secs : 30;
ske->start_payload = start_payload;
ske->version = params->version;
ske->running = TRUE;
if (ske->aborted) {
/** Aborted */
silc_fsm_next(fsm, silc_ske_st_responder_aborted);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
- /* Start timeout */
- /* XXX */
+ /* Add key exchange timeout */
+ silc_schedule_task_add_timeout(ske->schedule, silc_ske_timeout,
+ ske, ske->timeout, 0);
/** Wait for initiator */
silc_fsm_next(fsm, silc_ske_st_responder_phase1);
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
}
/* Decode initiator's start payload. Select the security properties from
ske->packet = NULL;
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_responder_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Take a copy of the payload buffer for future use. It is used to
silc_ske_payload_start_free(remote_payload);
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_responder_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
silc_ske_payload_start_free(remote_payload);
/** Waiting initiator's KE payload */
silc_fsm_next(fsm, silc_ske_st_responder_phase2);
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
err:
if (ske->prop->group)
/** Error */
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_responder_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Phase-2. Decode initiator's KE payload */
silc_ske_install_retransmission(ske);
silc_packet_free(ske->packet);
ske->packet = NULL;
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
}
/* Decode Key Exchange Payload */
ske->packet = NULL;
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_responder_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
ske->ke1_payload = recv_payload;
"certificate), even though we require it"));
ske->status = SILC_SKE_STATUS_PUBLIC_KEY_NOT_PROVIDED;
silc_fsm_next(fsm, silc_ske_st_responder_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Decode the remote's public key */
SILC_LOG_ERROR(("Unsupported/malformed public key received"));
ske->status = SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY;
silc_fsm_next(fsm, silc_ske_st_responder_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
if (ske->prop->public_key && (ske->callbacks->verify_key ||
if (!find) {
ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
silc_fsm_next(fsm, silc_ske_st_responder_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
silc_skr_find_set_pkcs_type(find,
silc_pkcs_get_type(ske->prop->public_key));
/** Generate KE2 payload */
silc_fsm_next(fsm, silc_ske_st_responder_phase4);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Phase-4. Generate KE2 payload */
if (ske->aborted) {
/** Aborted */
silc_fsm_next(fsm, silc_ske_st_responder_aborted);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Check result of public key verification */
/** Public key not verified */
SILC_LOG_DEBUG(("Public key verification failed"));
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
recv_payload = ske->ke1_payload;
/** Error computing hash */
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_responder_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
SILC_LOG_DEBUG(("Verifying signature (HASH_i)"));
SILC_LOG_ERROR(("Signature verification failed, incorrect signature"));
ske->status = SILC_SKE_STATUS_INCORRECT_SIGNATURE;
silc_fsm_next(fsm, silc_ske_st_responder_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
SILC_LOG_DEBUG(("Signature is Ok"));
silc_free(x);
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_responder_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Save the results for later processing */
/** Send KE2 payload */
silc_fsm_next(fsm, silc_ske_st_responder_phase5);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Phase-5. Send KE2 payload */
/** Error encoding public key */
status = SILC_SKE_STATUS_OUT_OF_MEMORY;
silc_fsm_next(fsm, silc_ske_st_responder_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
ske->ke2_payload->pk_data = pk;
ske->ke2_payload->pk_len = pk_len;
/** Error computing hash */
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_responder_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
ske->hash = silc_memdup(hash, hash_len);
/* Sign the hash value */
if (!silc_pkcs_sign(ske->private_key, hash, hash_len, sign,
- sizeof(sign) - 1, &sign_len, NULL)) {
+ sizeof(sign) - 1, &sign_len, FALSE, ske->prop->hash)) {
/** Error computing signature */
status = SILC_SKE_STATUS_SIGNATURE_ERROR;
silc_fsm_next(fsm, silc_ske_st_responder_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
ske->ke2_payload->sign_data = silc_memdup(sign, sign_len);
ske->ke2_payload->sign_len = sign_len;
/** Error encoding KE payload */
ske->status = status;
silc_fsm_next(fsm, silc_ske_st_responder_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Send the packet. */
SILC_LOG_DEBUG(("Error sending packet"));
ske->status = SILC_SKE_STATUS_ERROR;
silc_fsm_next(fsm, silc_ske_st_responder_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
silc_buffer_free(payload_buf);
/** Waiting completion */
silc_fsm_next(fsm, silc_ske_st_responder_end);
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
}
/* Protocol completed */
silc_ske_install_retransmission(ske);
silc_packet_free(ske->packet);
ske->packet = NULL;
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
}
silc_packet_free(ske->packet);
ske->packet = NULL;
/** Error processing key material */
ske->status = SILC_SKE_STATUS_ERROR;
silc_fsm_next(fsm, silc_ske_st_responder_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Send SUCCESS packet */
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
/* Aborted by application */
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
/* Failure received from remote */
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
/* Error occurred */
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
/* Starts the protocol as responder. */
ske->responder = TRUE;
ske->flags = params->flags;
+ ske->timeout = params->timeout_secs ? params->timeout_secs : 30;
if (ske->flags & SILC_SKE_SP_FLAG_IV_INCLUDED)
ske->session_port = params->session_port;
ske->version = strdup(params->version);
if (ske->aborted) {
/** Aborted */
silc_fsm_next(fsm, silc_ske_st_initiator_aborted);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
- /* XXX timeout */
+ /* Add rekey exchange timeout */
+ silc_schedule_task_add_timeout(ske->schedule, silc_ske_timeout,
+ ske, 30, 0);
ske->prop = silc_calloc(1, sizeof(*ske->prop));
if (!ske->prop) {
/** No memory */
ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Send REKEY packet to start rekey protocol */
SILC_LOG_DEBUG(("Error sending packet"));
ske->status = SILC_SKE_STATUS_ERROR;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* If doing rekey without PFS, move directly to the end of the protocol. */
if (!ske->rekey->pfs) {
/** Rekey without PFS */
silc_fsm_next(fsm, silc_ske_st_rekey_initiator_done);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
status = silc_ske_group_get_by_number(ske->rekey->ske_group,
if (status != SILC_SKE_STATUS_OK) {
/** Unknown group */
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/** Rekey with PFS */
silc_fsm_next(fsm, silc_ske_st_initiator_phase2);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Sends REKEY_DONE packet to finish the protocol. */
/** Cannot allocate hash */
ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
hash_len = silc_hash_len(hash);
if (!ske->keymat) {
SILC_LOG_ERROR(("Error processing key material"));
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
ske->prop->cipher = send_key;
/** Cannot get keys */
ske->status = SILC_SKE_STATUS_ERROR;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Set the new keys into use. This will also send REKEY_DONE packet. Any
SILC_LOG_DEBUG(("Cannot set new keys, error sending REKEY_DONE"));
ske->status = SILC_SKE_STATUS_ERROR;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/** Wait for REKEY_DONE */
silc_fsm_next(fsm, silc_ske_st_rekey_initiator_end);
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
}
/* Rekey protocol end */
SILC_LOG_DEBUG(("Remote retransmitted an old packet"));
silc_packet_free(ske->packet);
ske->packet = NULL;
- SILC_FSM_WAIT;
+ return SILC_FSM_WAIT;
}
silc_packet_get_keys(ske->stream, NULL, &receive_key, NULL, &hmac_receive);
/** Cannot get keys */
ske->status = SILC_SKE_STATUS_ERROR;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
/* Set new receiving keys into use. All packets received after this will
SILC_LOG_DEBUG(("Cannot set new keys"));
ske->status = SILC_SKE_STATUS_ERROR;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
SILC_LOG_DEBUG(("Rekey completed successfully"));
/** No memory */
ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
- SILC_FSM_CONTINUE;
+ return SILC_FSM_CONTINUE;
}
rekey->pfs = ske->rekey->pfs;
ske->rekey = rekey;
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
/* Starts rekey protocol as initiator */
SILC_FSM_STATE(silc_ske_st_rekey_responder_start)
{
- SILC_FSM_FINISH;
+ return SILC_FSM_FINISH;
}
/* Starts rekey protocol as responder */
"Bad payload length in packet",
"Error computing signature",
"System out of memory",
+ "Key exchange timeout",
NULL
};
projects / silc.git / commitdiff