5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 2006 - 2007 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; version 2 of the License.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
21 #include "silcclient.h"
22 #include "client_internal.h"
24 /************************ Static utility functions **************************/
26 /* Callback called after connected to remote host */
28 static void silc_client_connect_callback(SilcNetStatus status,
29 SilcStream stream, void *context)
31 SilcFSMThread fsm = context;
32 SilcClientConnection conn = silc_fsm_get_context(fsm);
33 SilcClient client = conn->client;
35 conn->internal->op = NULL;
36 if (conn->internal->verbose) {
40 case SILC_NET_UNKNOWN_IP:
41 client->internal->ops->say(
42 client, conn, SILC_CLIENT_MESSAGE_ERROR,
43 "Could not connect to host %s: unknown IP address",
46 case SILC_NET_UNKNOWN_HOST:
47 client->internal->ops->say(
48 client, conn, SILC_CLIENT_MESSAGE_ERROR,
49 "Could not connect to host %s: unknown host name",
52 case SILC_NET_HOST_UNREACHABLE:
53 client->internal->ops->say(
54 client, conn, SILC_CLIENT_MESSAGE_ERROR,
55 "Could not connect to host %s: network unreachable",
58 case SILC_NET_CONNECTION_REFUSED:
59 client->internal->ops->say(
60 client, conn, SILC_CLIENT_MESSAGE_ERROR,
61 "Could not connect to host %s: connection refused",
64 case SILC_NET_CONNECTION_TIMEOUT:
65 client->internal->ops->say(
66 client, conn, SILC_CLIENT_MESSAGE_ERROR,
67 "Could not connect to host %s: connection timeout",
71 client->internal->ops->say(
72 client, conn, SILC_CLIENT_MESSAGE_ERROR,
73 "Could not connect to host %s",
79 if (status != SILC_NET_OK) {
80 /* Notify application of failure */
81 SILC_LOG_DEBUG(("Connecting failed"));
82 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR, 0,
83 NULL, conn->callback_context);
84 silc_fsm_next(fsm, silc_client_st_connect_error);
85 SILC_FSM_CALL_CONTINUE(fsm);
89 /* Connection created successfully */
90 SILC_LOG_DEBUG(("Connected"));
91 conn->stream = (void *)stream;
92 SILC_FSM_CALL_CONTINUE(fsm);
95 /* Called after application has verified remote host's public key */
97 static void silc_client_ke_verify_key_cb(SilcBool success, void *context)
99 VerifyKeyContext verify = (VerifyKeyContext)context;
101 SILC_LOG_DEBUG(("Start"));
103 /* Call the completion callback back to the SKE */
104 verify->completion(verify->ske, success ? SILC_SKE_STATUS_OK :
105 SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
106 verify->completion_context);
111 /* Verify remote host's public key */
113 static void silc_client_ke_verify_key(SilcSKE ske,
114 SilcPublicKey public_key,
116 SilcSKEVerifyCbCompletion completion,
117 void *completion_context)
119 SilcFSMThread fsm = context;
120 SilcClientConnection conn = silc_fsm_get_context(fsm);
121 SilcClient client = conn->client;
122 VerifyKeyContext verify;
124 /* If we provided repository for SKE and we got here the key was not
125 found from the repository. */
126 if (conn->internal->params.repository &&
127 !conn->internal->params.verify_notfound) {
128 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
133 SILC_LOG_DEBUG(("Verify remote public key"));
135 verify = silc_calloc(1, sizeof(*verify));
137 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
142 verify->completion = completion;
143 verify->completion_context = completion_context;
145 /* Verify public key in application */
146 client->internal->ops->verify_public_key(client, conn,
147 conn->type, public_key,
148 silc_client_ke_verify_key_cb,
152 /* Key exchange protocol completion callback */
154 static void silc_client_ke_completion(SilcSKE ske,
155 SilcSKEStatus status,
156 SilcSKESecurityProperties prop,
157 SilcSKEKeyMaterial keymat,
158 SilcSKERekeyMaterial rekey,
161 SilcFSMThread fsm = context;
162 SilcClientConnection conn = silc_fsm_get_context(fsm);
163 SilcClient client = conn->client;
164 SilcCipher send_key, receive_key;
165 SilcHmac hmac_send, hmac_receive;
167 conn->internal->op = NULL;
168 if (status != SILC_SKE_STATUS_OK) {
169 /* Key exchange failed */
170 SILC_LOG_DEBUG(("Error during key exchange with %s: %s (%d)",
171 conn->remote_host, silc_ske_map_status(status), status));
173 if (conn->internal->verbose)
174 client->internal->ops->say(client, conn, SILC_CLIENT_MESSAGE_ERROR,
175 "Error during key exchange with %s: %s",
177 silc_ske_map_status(status));
179 silc_ske_free_rekey_material(rekey);
181 silc_fsm_next(fsm, silc_client_st_connect_error);
182 SILC_FSM_CALL_CONTINUE(fsm);
186 SILC_LOG_DEBUG(("Setting keys into use"));
188 /* Allocate the cipher and HMAC contexts */
189 if (!silc_ske_set_keys(ske, keymat, prop, &send_key, &receive_key,
190 &hmac_send, &hmac_receive, &conn->internal->hash)) {
191 /* Error setting keys */
192 SILC_LOG_DEBUG(("Could not set keys into use"));
194 if (conn->internal->verbose)
195 client->internal->ops->say(
196 client, conn, SILC_CLIENT_MESSAGE_ERROR,
197 "Error during key exchange with %s: cannot use keys",
200 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_KE, 0, NULL,
201 conn->callback_context);
203 silc_ske_free_rekey_material(rekey);
205 silc_fsm_next(fsm, silc_client_st_connect_error);
206 SILC_FSM_CALL_CONTINUE(fsm);
210 /* Set the keys into the packet stream. After this call packets will be
211 encrypted with these keys. */
212 if (!silc_packet_set_keys(conn->stream, send_key, receive_key, hmac_send,
213 hmac_receive, FALSE)) {
214 /* Error setting keys */
215 SILC_LOG_DEBUG(("Could not set keys into use"));
217 if (conn->internal->verbose)
218 client->internal->ops->say(
219 client, conn, SILC_CLIENT_MESSAGE_ERROR,
220 "Error during key exchange with %s: cannot use keys",
223 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_KE, 0, NULL,
224 conn->callback_context);
226 silc_ske_free_rekey_material(rekey);
228 silc_fsm_next(fsm, silc_client_st_connect_error);
229 SILC_FSM_CALL_CONTINUE(fsm);
233 conn->internal->rekey = rekey;
235 SILC_LOG_DEBUG(("Key Exchange completed"));
237 /* Key exchange done */
238 SILC_FSM_CALL_CONTINUE(fsm);
241 /* Rekey protocol completion callback */
243 static void silc_client_rekey_completion(SilcSKE ske,
244 SilcSKEStatus status,
245 SilcSKESecurityProperties prop,
246 SilcSKEKeyMaterial keymat,
247 SilcSKERekeyMaterial rekey,
250 SilcFSMThread fsm = context;
251 SilcClientConnection conn = silc_fsm_get_context(fsm);
252 SilcClient client = conn->client;
254 conn->internal->op = NULL;
255 if (status != SILC_SKE_STATUS_OK) {
257 SILC_LOG_DEBUG(("Error during rekey with %s: %s (%d)",
258 conn->remote_host, silc_ske_map_status(status), status));
260 if (conn->internal->verbose)
261 client->internal->ops->say(client, conn, SILC_CLIENT_MESSAGE_ERROR,
262 "Error during rekey with %s: %s",
264 silc_ske_map_status(status));
266 silc_fsm_finish(fsm);
270 silc_ske_free_rekey_material(conn->internal->rekey);
271 conn->internal->rekey = rekey;
273 SILC_LOG_DEBUG(("Rekey completed"));
276 silc_fsm_finish(fsm);
279 /* Callback called by application to return authentication data */
281 static void silc_client_connect_auth_method(SilcAuthMethod auth_meth,
282 void *auth, SilcUInt32 auth_len,
285 SilcFSMThread fsm = context;
286 SilcClientConnection conn = silc_fsm_get_context(fsm);
288 conn->internal->params.auth_method = auth_meth;
289 conn->internal->params.auth = auth;
290 conn->internal->params.auth_len = auth_len;
292 SILC_FSM_CALL_CONTINUE(fsm);
295 /* Connection authentication completion callback */
297 static void silc_client_connect_auth_completion(SilcConnAuth connauth,
301 SilcFSMThread fsm = context;
302 SilcClientConnection conn = silc_fsm_get_context(fsm);
303 SilcClient client = conn->client;
305 conn->internal->op = NULL;
306 silc_connauth_free(connauth);
309 if (conn->internal->verbose)
310 client->internal->ops->say(
311 client, conn, SILC_CLIENT_MESSAGE_ERROR,
312 "Authentication failed");
314 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_AUTH, 0, NULL,
315 conn->callback_context);
316 silc_fsm_next(fsm, silc_client_st_connect_error);
319 SILC_FSM_CALL_CONTINUE(fsm);
322 /********************** CONNECTION_AUTH_REQUEST packet **********************/
324 /* Received connection authentication request packet. We get the
325 required authentication method here. */
327 SILC_FSM_STATE(silc_client_connect_auth_request)
329 SilcClientConnection conn = fsm_context;
330 SilcPacket packet = state_context;
331 SilcUInt16 conn_type, auth_meth;
333 if (!conn->internal->auth_request) {
334 silc_packet_free(packet);
338 /* Parse the payload */
339 if (silc_buffer_unformat(&packet->buffer,
340 SILC_STR_UI_SHORT(&conn_type),
341 SILC_STR_UI_SHORT(&auth_meth),
343 auth_meth = SILC_AUTH_NONE;
345 silc_packet_free(packet);
347 SILC_LOG_DEBUG(("Resolved authentication method: %s",
348 (auth_meth == SILC_AUTH_NONE ? "none" :
349 auth_meth == SILC_AUTH_PASSWORD ? "passphrase" :
351 conn->internal->params.auth_method = auth_meth;
353 /* Continue authentication */
354 silc_fsm_continue_sync(&conn->internal->event_thread);
358 /*************************** Connect remote host ****************************/
360 /* Connection timeout callback */
362 SILC_TASK_CALLBACK(silc_client_connect_timeout)
364 SilcClientConnection conn = context;
365 SilcClient client = conn->client;
367 SILC_LOG_DEBUG(("Connection timeout"));
369 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_TIMEOUT, 0, NULL,
370 conn->callback_context);
372 silc_fsm_next(&conn->internal->event_thread, silc_client_st_connect_error);
373 silc_fsm_continue_sync(&conn->internal->event_thread);
376 /* Creates a connection to remote host */
378 SILC_FSM_STATE(silc_client_st_connect)
380 SilcClientConnection conn = fsm_context;
381 SilcClient client = conn->client;
383 SILC_LOG_DEBUG(("Connecting to %s:%d", conn->remote_host,
387 silc_fsm_next(fsm, silc_client_st_connect_set_stream);
389 /* Add connection timeout */
390 if (conn->internal->params.timeout_secs)
391 silc_schedule_task_add_timeout(conn->internal->schedule,
392 silc_client_connect_timeout, conn,
393 conn->internal->params.timeout_secs, 0);
395 if (conn->internal->params.udp) {
398 if (!conn->internal->params.local_ip) {
399 /** IP address not given */
400 SILC_LOG_ERROR(("Local UDP IP address not specified"));
401 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR, 0, NULL,
402 conn->callback_context);
403 silc_fsm_next(fsm, silc_client_st_connect_error);
408 stream = silc_net_udp_connect(conn->internal->params.bind_ip ?
409 conn->internal->params.bind_ip :
410 conn->internal->params.local_ip,
411 conn->internal->params.local_port,
412 conn->remote_host, conn->remote_port,
413 conn->internal->schedule);
415 SILC_FSM_CALL(silc_client_connect_callback(stream ? SILC_NET_OK :
416 SILC_NET_HOST_UNREACHABLE,
420 SILC_FSM_CALL(conn->internal->op = silc_net_tcp_connect(
421 NULL, conn->remote_host,
423 conn->internal->schedule,
424 silc_client_connect_callback, fsm));
428 /* Sets the new connection stream into use and creates packet stream */
430 SILC_FSM_STATE(silc_client_st_connect_set_stream)
432 SilcClientConnection conn = fsm_context;
433 SilcClient client = conn->client;
435 if (conn->internal->disconnected) {
437 silc_fsm_next(fsm, silc_client_st_connect_error);
441 /* Create packet stream */
442 conn->stream = silc_packet_stream_create(client->internal->packet_engine,
443 conn->internal->schedule,
444 (SilcStream)conn->stream);
446 /** Cannot create packet stream */
447 SILC_LOG_DEBUG(("Could not create packet stream"));
448 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR, 0, NULL,
449 conn->callback_context);
450 silc_fsm_next(fsm, silc_client_st_connect_error);
454 silc_packet_set_context(conn->stream, conn);
456 /** Start key exchange */
457 silc_fsm_next(fsm, silc_client_st_connect_key_exchange);
461 /* Starts key exchange protocol with remote host */
463 SILC_FSM_STATE(silc_client_st_connect_key_exchange)
465 SilcClientConnection conn = fsm_context;
466 SilcClient client = conn->client;
467 SilcSKEParamsStruct params;
469 SILC_LOG_DEBUG(("Starting key exchange protocol"));
472 conn->internal->ske =
473 silc_ske_alloc(client->rng, conn->internal->schedule,
474 conn->internal->params.repository,
475 conn->public_key, conn->private_key, fsm);
476 if (!conn->internal->ske) {
478 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_KE, 0, NULL,
479 conn->callback_context);
480 silc_fsm_next(fsm, silc_client_st_connect_error);
484 /* Set SKE callbacks */
485 silc_ske_set_callbacks(conn->internal->ske, silc_client_ke_verify_key,
486 silc_client_ke_completion, fsm);
488 /* Set up key exchange parameters */
489 params.version = client->internal->silc_client_version;
490 params.flags = SILC_SKE_SP_FLAG_MUTUAL;
491 if (conn->internal->params.pfs)
492 params.flags |= SILC_SKE_SP_FLAG_PFS;
493 if (conn->internal->params.udp) {
494 params.flags |= SILC_SKE_SP_FLAG_IV_INCLUDED;
495 params.session_port = conn->internal->params.local_port;
498 if (conn->internal->params.no_authentication)
499 /** Run key exchange (no auth) */
500 silc_fsm_next(fsm, silc_client_st_connected);
501 else if (conn->internal->params.udp)
502 /** Run key exchange (UDP)*/
503 silc_fsm_next(fsm, silc_client_st_connect_setup_udp);
505 /** Run key exchange (TCP) */
506 silc_fsm_next(fsm, silc_client_st_connect_auth_resolve);
508 SILC_FSM_CALL(conn->internal->op = silc_ske_initiator(conn->internal->ske,
513 /* For UDP/IP connections, set up the UDP session after successful key
516 SILC_FSM_STATE(silc_client_st_connect_setup_udp)
518 SilcClientConnection conn = fsm_context;
519 SilcClient client = conn->client;
520 SilcStream stream, old;
521 SilcSKESecurityProperties prop;
523 SILC_LOG_DEBUG(("Setup UDP SILC session"));
525 if (conn->internal->disconnected) {
527 silc_fsm_next(fsm, silc_client_st_connect_error);
531 /* Create new UDP stream */
532 prop = silc_ske_get_security_properties(conn->internal->ske);
533 stream = silc_net_udp_connect(conn->internal->params.local_ip,
534 conn->internal->params.local_port,
535 conn->remote_host, prop->remote_port,
536 conn->internal->schedule);
538 /** Cannot create UDP stream */
539 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR, 0, NULL,
540 conn->callback_context);
541 silc_fsm_next(fsm, silc_client_st_connect_error);
545 /* Set the new stream to packet stream */
546 old = silc_packet_stream_get_stream(conn->stream);
547 silc_packet_stream_set_stream(conn->stream, stream);
548 silc_packet_stream_set_iv_included(conn->stream);
549 silc_packet_set_sid(conn->stream, 0);
551 /* Delete the old stream */
552 silc_stream_destroy(old);
554 /** Start authentication */
555 silc_fsm_next(fsm, silc_client_st_connect_auth_resolve);
559 /* Resolved authentication method to be used in authentication protocol */
561 SILC_FSM_STATE(silc_client_st_connect_auth_resolve)
563 SilcClientConnection conn = fsm_context;
565 SILC_LOG_DEBUG(("Resolve authentication method"));
567 if (conn->internal->disconnected) {
569 silc_fsm_next(fsm, silc_client_st_connect_error);
573 /* If authentication method and data is set, use them */
574 if (conn->internal->params.auth_set) {
575 /** Got authentication data */
576 silc_fsm_next(fsm, silc_client_st_connect_auth_start);
580 /* Send connection authentication request packet */
581 silc_packet_send_va(conn->stream,
582 SILC_PACKET_CONNECTION_AUTH_REQUEST, 0,
583 SILC_STR_UI_SHORT(SILC_CONN_CLIENT),
584 SILC_STR_UI_SHORT(SILC_AUTH_NONE),
587 /** Wait for authentication method */
588 conn->internal->auth_request = TRUE;
589 conn->internal->params.auth_method = SILC_AUTH_NONE;
590 silc_fsm_next_later(fsm, silc_client_st_connect_auth_data, 2, 0);
594 /* Get authentication data to be used in authentication protocol */
596 SILC_FSM_STATE(silc_client_st_connect_auth_data)
598 SilcClientConnection conn = fsm_context;
599 SilcClient client = conn->client;
601 SILC_LOG_DEBUG(("Get authentication data"));
603 if (conn->internal->disconnected) {
605 silc_fsm_next(fsm, silc_client_st_connect_error);
609 conn->internal->auth_request = FALSE;
611 /** Get authentication data */
612 silc_fsm_next(fsm, silc_client_st_connect_auth_start);
613 SILC_FSM_CALL(client->internal->ops->get_auth_method(
617 conn->internal->params.auth_method,
618 silc_client_connect_auth_method, fsm));
621 /* Start connection authentication with remote host */
623 SILC_FSM_STATE(silc_client_st_connect_auth_start)
625 SilcClientConnection conn = fsm_context;
626 SilcClient client = conn->client;
627 SilcConnAuth connauth;
629 SILC_LOG_DEBUG(("Starting connection authentication protocol"));
631 if (conn->internal->disconnected) {
633 silc_fsm_next(fsm, silc_client_st_connect_error);
637 /* We always use the same key for connection authentication and SKE */
638 if (conn->internal->params.auth_method == SILC_AUTH_PUBLIC_KEY)
639 conn->internal->params.auth = conn->private_key;
641 /* Allocate connection authentication protocol */
642 connauth = silc_connauth_alloc(conn->internal->schedule,
644 conn->internal->params.rekey_secs);
647 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_AUTH, 0, NULL,
648 conn->callback_context);
649 silc_fsm_next(fsm, silc_client_st_connect_error);
653 /** Start connection authentication */
654 silc_fsm_next(fsm, silc_client_st_connected);
655 SILC_FSM_CALL(conn->internal->op = silc_connauth_initiator(
656 connauth, SILC_CONN_CLIENT,
657 conn->internal->params.auth_method,
658 conn->internal->params.auth,
659 conn->internal->params.auth_len,
660 silc_client_connect_auth_completion,
664 /* Connection fully established */
666 SILC_FSM_STATE(silc_client_st_connected)
668 SilcClientConnection conn = fsm_context;
669 SilcClient client = conn->client;
671 silc_ske_free(conn->internal->ske);
672 conn->internal->ske = NULL;
674 if (conn->internal->disconnected) {
676 silc_fsm_next(fsm, silc_client_st_connect_error);
680 SILC_LOG_DEBUG(("Connection established"));
682 /* Install rekey timer */
683 silc_schedule_task_add_timeout(conn->internal->schedule,
684 silc_client_rekey_timer, conn,
685 conn->internal->params.rekey_secs, 0);
687 /* If we connected to server, now register to network. */
688 if (conn->type == SILC_CONN_SERVER &&
689 !conn->internal->params.no_authentication) {
691 /* If detach data is provided, resume the session. */
692 if (conn->internal->params.detach_data &&
693 conn->internal->params.detach_data_len) {
694 /** Resume detached session */
695 silc_fsm_next(fsm, silc_client_st_resume);
697 /** Register to network */
698 silc_fsm_next(fsm, silc_client_st_register);
704 silc_schedule_task_del_by_all(conn->internal->schedule, 0,
705 silc_client_connect_timeout, conn);
707 /* Call connection callback */
708 conn->callback(client, conn, SILC_CLIENT_CONN_SUCCESS, 0, NULL,
709 conn->callback_context);
714 /* Error during connecting */
716 SILC_FSM_STATE(silc_client_st_connect_error)
718 SilcClientConnection conn = fsm_context;
720 if (conn->internal->ske) {
721 silc_ske_free(conn->internal->ske);
722 conn->internal->ske = NULL;
725 /* Signal to close connection */
726 if (!conn->internal->disconnected) {
727 conn->internal->disconnected = TRUE;
728 SILC_FSM_EVENT_SIGNAL(&conn->internal->wait_event);
731 silc_schedule_task_del_by_all(conn->internal->schedule, 0,
732 silc_client_connect_timeout, conn);
737 /****************************** Connect rekey *******************************/
739 /* Connection rekey timer callback */
741 SILC_TASK_CALLBACK(silc_client_rekey_timer)
743 SilcClientConnection conn = context;
745 /* Signal to start rekey */
746 conn->internal->rekey_responder = FALSE;
747 conn->internal->rekeying = TRUE;
748 SILC_FSM_EVENT_SIGNAL(&conn->internal->wait_event);
750 /* Reinstall rekey timer */
751 silc_schedule_task_add_timeout(conn->internal->schedule,
752 silc_client_rekey_timer, conn,
753 conn->internal->params.rekey_secs, 0);
758 SILC_FSM_STATE(silc_client_st_rekey)
760 SilcClientConnection conn = fsm_context;
761 SilcClient client = conn->client;
763 SILC_LOG_DEBUG(("Rekey"));
765 if (conn->internal->disconnected)
769 conn->internal->ske =
770 silc_ske_alloc(client->rng, conn->internal->schedule,
771 conn->internal->params.repository,
772 conn->public_key, conn->private_key, fsm);
773 if (!conn->internal->ske)
776 /* Set SKE callbacks */
777 silc_ske_set_callbacks(conn->internal->ske, NULL,
778 silc_client_rekey_completion, fsm);
781 if (!conn->internal->rekey_responder)
782 SILC_FSM_CALL(conn->internal->op = silc_ske_rekey_initiator(
785 conn->internal->rekey));
787 SILC_FSM_CALL(conn->internal->op = silc_ske_rekey_responder(
790 conn->internal->rekey));