5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 2006 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; version 2 of the License.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
21 #include "silcclient.h"
22 #include "client_internal.h"
24 /************************** Types and definitions ***************************/
26 /* Public key verification context */
29 SilcSKEVerifyCbCompletion completion;
30 void *completion_context;
34 /************************ Static utility functions **************************/
36 /* Callback called after connected to remote host */
38 static void silc_client_connect_callback(SilcNetStatus status,
39 SilcStream stream, void *context)
41 SilcFSMThread fsm = context;
42 SilcClientConnection conn = silc_fsm_get_context(fsm);
43 SilcClient client = conn->client;
45 if (conn->internal->verbose) {
49 case SILC_NET_UNKNOWN_IP:
50 client->internal->ops->say(
51 client, conn, SILC_CLIENT_MESSAGE_ERROR,
52 "Could not connect to host %s: unknown IP address",
55 case SILC_NET_UNKNOWN_HOST:
56 client->internal->ops->say(
57 client, conn, SILC_CLIENT_MESSAGE_ERROR,
58 "Could not connect to host %s: unknown host name",
61 case SILC_NET_HOST_UNREACHABLE:
62 client->internal->ops->say(
63 client, conn, SILC_CLIENT_MESSAGE_ERROR,
64 "Could not connect to host %s: network unreachable",
67 case SILC_NET_CONNECTION_REFUSED:
68 client->internal->ops->say(
69 client, conn, SILC_CLIENT_MESSAGE_ERROR,
70 "Could not connect to host %s: connection refused",
73 case SILC_NET_CONNECTION_TIMEOUT:
74 client->internal->ops->say(
75 client, conn, SILC_CLIENT_MESSAGE_ERROR,
76 "Could not connect to host %s: connection timeout",
80 client->internal->ops->say(
81 client, conn, SILC_CLIENT_MESSAGE_ERROR,
82 "Could not connect to host %s",
88 if (status != SILC_NET_OK) {
89 /* Notify application of failure */
90 SILC_LOG_DEBUG(("Connecting failed"));
91 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR, 0,
93 silc_fsm_next(fsm, silc_client_st_connect_error);
94 SILC_FSM_CALL_CONTINUE(fsm);
98 /* Connection created successfully */
99 SILC_LOG_DEBUG(("Connected"));
100 conn->stream = (void *)stream;
101 SILC_FSM_CALL_CONTINUE(fsm);
104 /* Called after application has verified remote host's public key */
106 static void silc_client_ke_verify_key_cb(SilcBool success, void *context)
108 VerifyKeyContext verify = (VerifyKeyContext)context;
110 SILC_LOG_DEBUG(("Start"));
112 /* Call the completion callback back to the SKE */
113 verify->completion(verify->ske, success ? SILC_SKE_STATUS_OK :
114 SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
115 verify->completion_context);
120 /* Verify remote host's public key */
122 static void silc_client_ke_verify_key(SilcSKE ske,
123 SilcPublicKey public_key,
125 SilcSKEVerifyCbCompletion completion,
126 void *completion_context)
128 SilcFSMThread fsm = context;
129 SilcClientConnection conn = silc_fsm_get_context(fsm);
130 SilcClient client = conn->client;
131 VerifyKeyContext verify;
133 /* If we provided repository for SKE and we got here the key was not
134 found from the repository. */
135 if (conn->internal->params.repository &&
136 !conn->internal->params.verify_notfound) {
137 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
142 SILC_LOG_DEBUG(("Verify remote public key"));
144 verify = silc_calloc(1, sizeof(*verify));
146 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
151 verify->completion = completion;
152 verify->completion_context = completion_context;
154 /* Verify public key in application */
155 client->internal->ops->verify_public_key(client, conn,
156 conn->type, public_key,
157 silc_client_ke_verify_key_cb,
161 /* Key exchange protocol completion callback */
163 static void silc_client_ke_completion(SilcSKE ske,
164 SilcSKEStatus status,
165 SilcSKESecurityProperties prop,
166 SilcSKEKeyMaterial keymat,
167 SilcSKERekeyMaterial rekey,
170 SilcFSMThread fsm = context;
171 SilcClientConnection conn = silc_fsm_get_context(fsm);
172 SilcClient client = conn->client;
173 SilcCipher send_key, receive_key;
174 SilcHmac hmac_send, hmac_receive;
176 if (status != SILC_SKE_STATUS_OK) {
177 /* Key exchange failed */
178 SILC_LOG_DEBUG(("Error during key exchange with %s: %s (%d)",
179 conn->remote_host, silc_ske_map_status(status), status));
181 if (conn->internal->verbose)
182 client->internal->ops->say(client, conn, SILC_CLIENT_MESSAGE_ERROR,
183 "Error during key exchange with %s: %s",
185 silc_ske_map_status(status));
187 silc_fsm_next(fsm, silc_client_st_connect_error);
188 SILC_FSM_CALL_CONTINUE(fsm);
192 SILC_LOG_DEBUG(("Setting keys into use"));
194 /* Set the keys into use. Data will be encrypted after this. */
195 if (!silc_ske_set_keys(ske, keymat, prop, &send_key, &receive_key,
196 &hmac_send, &hmac_receive, &conn->internal->hash)) {
197 /* Error setting keys */
198 SILC_LOG_DEBUG(("Could not set keys into use"));
200 if (conn->internal->verbose)
201 client->internal->ops->say(
202 client, conn, SILC_CLIENT_MESSAGE_ERROR,
203 "Error during key exchange with %s: cannot use keys",
206 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_KE, 0, NULL,
209 silc_fsm_next(fsm, silc_client_st_connect_error);
210 SILC_FSM_CALL_CONTINUE(fsm);
214 silc_packet_set_ciphers(conn->stream, send_key, receive_key);
215 silc_packet_set_hmacs(conn->stream, hmac_send, hmac_receive);
217 conn->internal->rekey = rekey;
219 /* Key exchange done */
220 SILC_FSM_CALL_CONTINUE(fsm);
223 /* Callback called by application to return authentication data */
225 static void silc_client_connect_auth_method(SilcBool success,
226 SilcAuthMethod auth_meth,
227 void *auth, SilcUInt32 auth_len,
230 SilcFSMThread fsm = context;
231 SilcClientConnection conn = silc_fsm_get_context(fsm);
233 conn->internal->params.auth_method = SILC_AUTH_NONE;
236 conn->internal->params.auth_method = auth_meth;
237 conn->internal->params.auth = auth;
238 conn->internal->params.auth_len = auth_len;
241 SILC_FSM_CALL_CONTINUE(fsm);
244 /* Connection authentication completion callback */
246 static void silc_client_connect_auth_completion(SilcConnAuth connauth,
250 SilcFSMThread fsm = context;
251 SilcClientConnection conn = silc_fsm_get_context(fsm);
252 SilcClient client = conn->client;
254 silc_connauth_free(connauth);
257 if (conn->internal->verbose)
258 client->internal->ops->say(
259 client, conn, SILC_CLIENT_MESSAGE_ERROR,
260 "Authentication failed");
262 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_AUTH, 0, NULL,
264 silc_fsm_next(fsm, silc_client_st_connect_error);
267 SILC_FSM_CALL_CONTINUE(fsm);
270 /*************************** Connect remote host ****************************/
272 /* Creates a connection to remote host */
274 SILC_FSM_STATE(silc_client_st_connect)
276 SilcClientConnection conn = fsm_context;
277 SilcClient client = conn->client;
279 SILC_LOG_DEBUG(("Connecting to %s:%d", conn->remote_host,
283 silc_fsm_next(fsm, silc_client_st_connect_set_stream);
285 if (conn->internal->params.udp) {
288 if (!conn->internal->params.local_ip) {
289 /** IP address not given */
290 SILC_LOG_ERROR(("Local UDP IP address not specified"));
291 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR, 0, NULL,
293 silc_fsm_next(fsm, silc_client_st_connect_error);
294 return SILC_FSM_CONTINUE;
298 stream = silc_net_udp_connect(conn->internal->params.local_ip,
299 conn->internal->params.local_port,
300 conn->remote_host, conn->remote_port,
301 conn->internal->schedule);
303 SILC_FSM_CALL(silc_client_connect_callback(stream ? SILC_NET_OK :
304 SILC_NET_HOST_UNREACHABLE,
308 SILC_FSM_CALL(silc_net_tcp_connect(NULL, conn->remote_host,
310 conn->internal->schedule,
311 silc_client_connect_callback, fsm));
315 /* Sets the new connection stream into use and creates packet stream */
317 SILC_FSM_STATE(silc_client_st_connect_set_stream)
319 SilcClientConnection conn = fsm_context;
320 SilcClient client = conn->client;
322 /* Create packet stream */
323 conn->stream = silc_packet_stream_create(client->internal->packet_engine,
324 conn->internal->schedule,
325 (SilcStream)conn->stream);
327 /** Cannot create packet stream */
328 SILC_LOG_DEBUG(("Could not create packet stream"));
329 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR, 0, NULL,
331 silc_fsm_next(fsm, silc_client_st_connect_error);
332 return SILC_FSM_CONTINUE;
335 silc_packet_set_context(conn->stream, conn);
337 /** Start key exchange */
338 silc_fsm_next(fsm, silc_client_st_connect_key_exchange);
339 return SILC_FSM_CONTINUE;
342 /* Starts key exchange protocol with remote host */
344 SILC_FSM_STATE(silc_client_st_connect_key_exchange)
346 SilcClientConnection conn = fsm_context;
347 SilcClient client = conn->client;
348 SilcSKEParamsStruct params;
350 SILC_LOG_DEBUG(("Starting key exchange protocol"));
353 conn->internal->ske =
354 silc_ske_alloc(client->rng, conn->internal->schedule,
355 conn->internal->params.repository,
356 conn->public_key, conn->private_key, fsm);
357 if (!conn->internal->ske) {
359 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_KE, 0, NULL,
361 silc_fsm_next(fsm, silc_client_st_connect_error);
362 return SILC_FSM_CONTINUE;
365 /* Set SKE callbacks */
366 silc_ske_set_callbacks(conn->internal->ske, silc_client_ke_verify_key,
367 silc_client_ke_completion, fsm);
369 /* Set up key exchange parameters */
370 params.version = client->internal->silc_client_version;
371 params.flags = SILC_SKE_SP_FLAG_MUTUAL;
372 if (conn->internal->params.pfs)
373 params.flags |= SILC_SKE_SP_FLAG_PFS;
374 if (conn->internal->params.udp) {
375 params.flags |= SILC_SKE_SP_FLAG_IV_INCLUDED;
376 params.session_port = conn->internal->params.local_port;
379 if (conn->internal->params.no_authentication)
380 /** Run key exchange (no auth) */
381 silc_fsm_next(fsm, silc_client_st_connected);
382 else if (conn->internal->params.udp)
383 /** Run key exchange (UDP)*/
384 silc_fsm_next(fsm, silc_client_st_connect_setup_udp);
386 /** Run key exchange (TCP) */
387 silc_fsm_next(fsm, silc_client_st_connect_auth);
389 SILC_FSM_CALL(silc_ske_initiator(conn->internal->ske, conn->stream,
393 /* For UDP/IP connections, set up the UDP session after successful key
396 SILC_FSM_STATE(silc_client_st_connect_setup_udp)
398 SilcClientConnection conn = fsm_context;
399 SilcClient client = conn->client;
400 SilcStream stream, old;
401 SilcSKESecurityProperties prop;
403 SILC_LOG_DEBUG(("Setup UDP SILC session"));
405 /* Create new UDP stream */
406 prop = silc_ske_get_security_properties(conn->internal->ske);
407 stream = silc_net_udp_connect(conn->internal->params.local_ip,
408 conn->internal->params.local_port,
409 conn->remote_host, prop->remote_port,
410 conn->internal->schedule);
412 /** Cannot create UDP stream */
413 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR, 0, NULL,
415 silc_fsm_next(fsm, silc_client_st_connect_error);
416 return SILC_FSM_CONTINUE;
419 /* Set the new stream to packet stream */
420 old = silc_packet_stream_get_stream(conn->stream);
421 silc_packet_stream_set_stream(conn->stream, stream,
422 conn->internal->schedule);
423 silc_packet_stream_set_iv_included(conn->stream);
424 silc_packet_set_sid(conn->stream, 0);
426 /* Delete the old stream */
427 silc_stream_destroy(old);
429 /** Start authentication */
430 silc_fsm_next(fsm, silc_client_st_connect_auth);
431 return SILC_FSM_CONTINUE;
434 /* Get authentication method to be used in authentication protocol */
436 SILC_FSM_STATE(silc_client_st_connect_auth)
438 SilcClientConnection conn = fsm_context;
439 SilcClient client = conn->client;
441 SILC_LOG_DEBUG(("Get authentication data"));
443 silc_fsm_next(fsm, silc_client_st_connect_auth_start);
445 /* If authentication data not provided, ask from application */
446 if (!conn->internal->params.auth_set)
447 SILC_FSM_CALL(client->internal->ops->get_auth_method(
451 silc_client_connect_auth_method, fsm));
453 if (conn->internal->params.auth_method == SILC_AUTH_PUBLIC_KEY)
454 conn->internal->params.auth = conn->private_key;
456 /* We have authentication data */
457 return SILC_FSM_CONTINUE;
460 /* Start connection authentication with remote host */
462 SILC_FSM_STATE(silc_client_st_connect_auth_start)
464 SilcClientConnection conn = fsm_context;
465 SilcClient client = conn->client;
466 SilcConnAuth connauth;
468 SILC_LOG_DEBUG(("Starting connection authentication protocol"));
470 /* Allocate connection authentication protocol */
471 connauth = silc_connauth_alloc(conn->internal->schedule,
473 client->internal->params->rekey_secs);
476 conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_AUTH, 0, NULL,
478 silc_fsm_next(fsm, silc_client_st_connect_error);
479 return SILC_FSM_CONTINUE;
482 /** Start connection authentication */
483 silc_fsm_next(fsm, silc_client_st_connected);
484 SILC_FSM_CALL(silc_connauth_initiator(connauth, SILC_CONN_CLIENT,
485 conn->internal->params.auth_method,
486 conn->internal->params.auth,
487 conn->internal->params.auth_len,
488 silc_client_connect_auth_completion,
492 /* Connection fully established */
494 SILC_FSM_STATE(silc_client_st_connected)
496 SilcClientConnection conn = fsm_context;
497 SilcClient client = conn->client;
499 SILC_LOG_DEBUG(("Connection established"));
501 /* If we connected to server, now register to network. */
502 if (conn->type == SILC_CONN_SERVER &&
503 !conn->internal->params.no_authentication) {
505 /* If detach data is provided, resume the session. */
506 if (conn->internal->params.detach_data &&
507 conn->internal->params.detach_data_len) {
508 /** Resume detached session */
509 silc_fsm_next(fsm, silc_client_st_resume);
511 /** Register to network */
512 silc_fsm_next(fsm, silc_client_st_register);
515 return SILC_FSM_CONTINUE;
518 /* Call connection callback */
519 conn->callback(client, conn, SILC_CLIENT_CONN_SUCCESS, 0, NULL,
522 return SILC_FSM_FINISH;
525 /* Error during connecting */
527 SILC_FSM_STATE(silc_client_st_connect_error)
531 /* Close connection */
533 return SILC_FSM_FINISH;