lib/silcclient/client_connect.c

   1 /*
   2
   3   client_st_connect.c
   4
   5   Author: Pekka Riikonen <priikone@silcnet.org>
   6
   7   Copyright (C) 2006 - 2007 Pekka Riikonen
   8
   9   This program is free software; you can redistribute it and/or modify
  10   it under the terms of the GNU General Public License as published by
  11   the Free Software Foundation; version 2 of the License.
  12
  13   This program is distributed in the hope that it will be useful,
  14   but WITHOUT ANY WARRANTY; without even the implied warranty of
  15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16   GNU General Public License for more details.
  17
  18 */
  19
  20 #include "silc.h"
  21 #include "silcclient.h"
  22 #include "client_internal.h"
  23
  24 /************************ Static utility functions **************************/
  25
  26 /* Callback called after connected to remote host */
  27
  28 static void silc_client_connect_callback(SilcNetStatus status,
  29                                          SilcStream stream, void *context)
  30 {
  31   SilcFSMThread fsm = context;
  32   SilcClientConnection conn = silc_fsm_get_context(fsm);
  33   SilcClient client = conn->client;
  34
  35   conn->internal->op = NULL;
  36   if (conn->internal->verbose) {
  37     switch (status) {
  38     case SILC_NET_OK:
  39       break;
  40     case SILC_NET_UNKNOWN_IP:
  41       client->internal->ops->say(
  42                    client, conn, SILC_CLIENT_MESSAGE_ERROR,
  43                    "Could not connect to host %s: unknown IP address",
  44                    conn->remote_host);
  45       break;
  46     case SILC_NET_UNKNOWN_HOST:
  47       client->internal->ops->say(
  48                    client, conn, SILC_CLIENT_MESSAGE_ERROR,
  49                    "Could not connect to host %s: unknown host name",
  50                    conn->remote_host);
  51       break;
  52     case SILC_NET_HOST_UNREACHABLE:
  53       client->internal->ops->say(
  54                    client, conn, SILC_CLIENT_MESSAGE_ERROR,
  55                    "Could not connect to host %s: network unreachable",
  56                    conn->remote_host);
  57       break;
  58     case SILC_NET_CONNECTION_REFUSED:
  59       client->internal->ops->say(
  60                    client, conn, SILC_CLIENT_MESSAGE_ERROR,
  61                    "Could not connect to host %s: connection refused",
  62                    conn->remote_host);
  63       break;
  64     case SILC_NET_CONNECTION_TIMEOUT:
  65       client->internal->ops->say(
  66                    client, conn, SILC_CLIENT_MESSAGE_ERROR,
  67                    "Could not connect to host %s: connection timeout",
  68                    conn->remote_host);
  69       break;
  70     default:
  71       client->internal->ops->say(
  72                    client, conn, SILC_CLIENT_MESSAGE_ERROR,
  73                    "Could not connect to host %s",
  74                    conn->remote_host);
  75       break;
  76     }
  77   }
  78
  79   if (status != SILC_NET_OK) {
  80     /* Notify application of failure */
  81     SILC_LOG_DEBUG(("Connecting failed"));
  82     conn->callback(client, conn, SILC_CLIENT_CONN_ERROR, 0,
  83                    NULL, conn->callback_context);
  84     silc_fsm_next(fsm, silc_client_st_connect_error);
  85     SILC_FSM_CALL_CONTINUE(fsm);
  86     return;
  87   }
  88
  89   /* Connection created successfully */
  90   SILC_LOG_DEBUG(("Connected"));
  91   conn->stream = (void *)stream;
  92   SILC_FSM_CALL_CONTINUE(fsm);
  93 }
  94
  95 /* Called after application has verified remote host's public key */
  96
  97 static void silc_client_ke_verify_key_cb(SilcBool success, void *context)
  98 {
  99   VerifyKeyContext verify = (VerifyKeyContext)context;
 100
 101   SILC_LOG_DEBUG(("Start"));
 102
 103   /* Call the completion callback back to the SKE */
 104   verify->completion(verify->ske, success ? SILC_SKE_STATUS_OK :
 105                      SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
 106                      verify->completion_context);
 107
 108   silc_free(verify);
 109 }
 110
 111 /* Verify remote host's public key */
 112
 113 static void silc_client_ke_verify_key(SilcSKE ske,
 114                                       SilcPublicKey public_key,
 115                                       void *context,
 116                                       SilcSKEVerifyCbCompletion completion,
 117                                       void *completion_context)
 118 {
 119   SilcFSMThread fsm = context;
 120   SilcClientConnection conn = silc_fsm_get_context(fsm);
 121   SilcClient client = conn->client;
 122   VerifyKeyContext verify;
 123
 124   /* If we provided repository for SKE and we got here the key was not
 125      found from the repository. */
 126   if (conn->internal->params.repository &&
 127       !conn->internal->params.verify_notfound) {
 128     completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
 129                completion_context);
 130     return;
 131   }
 132
 133   SILC_LOG_DEBUG(("Verify remote public key"));
 134
 135   verify = silc_calloc(1, sizeof(*verify));
 136   if (!verify) {
 137     completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
 138                completion_context);
 139     return;
 140   }
 141   verify->ske = ske;
 142   verify->completion = completion;
 143   verify->completion_context = completion_context;
 144
 145   /* Verify public key in application */
 146   client->internal->ops->verify_public_key(client, conn,
 147                                            conn->type, public_key,
 148                                            silc_client_ke_verify_key_cb,
 149                                            verify);
 150 }
 151
 152 /* Key exchange protocol completion callback */
 153
 154 static void silc_client_ke_completion(SilcSKE ske,
 155                                       SilcSKEStatus status,
 156                                       SilcSKESecurityProperties prop,
 157                                       SilcSKEKeyMaterial keymat,
 158                                       SilcSKERekeyMaterial rekey,
 159                                       void *context)
 160 {
 161   SilcFSMThread fsm = context;
 162   SilcClientConnection conn = silc_fsm_get_context(fsm);
 163   SilcClient client = conn->client;
 164   SilcCipher send_key, receive_key;
 165   SilcHmac hmac_send, hmac_receive;
 166
 167   conn->internal->op = NULL;
 168   if (status != SILC_SKE_STATUS_OK) {
 169     /* Key exchange failed */
 170     SILC_LOG_DEBUG(("Error during key exchange with %s: %s (%d)",
 171                     conn->remote_host, silc_ske_map_status(status), status));
 172
 173     if (conn->internal->verbose)
 174       client->internal->ops->say(client, conn, SILC_CLIENT_MESSAGE_ERROR,
 175                                  "Error during key exchange with %s: %s",
 176                                  conn->remote_host,
 177                                  silc_ske_map_status(status));
 178
 179     silc_ske_free_rekey_material(rekey);
 180
 181     silc_fsm_next(fsm, silc_client_st_connect_error);
 182     SILC_FSM_CALL_CONTINUE(fsm);
 183     return;
 184   }
 185
 186   SILC_LOG_DEBUG(("Setting keys into use"));
 187
 188   /* Allocate the cipher and HMAC contexts */
 189   if (!silc_ske_set_keys(ske, keymat, prop, &send_key, &receive_key,
 190                          &hmac_send, &hmac_receive, &conn->internal->hash)) {
 191     /* Error setting keys */
 192     SILC_LOG_DEBUG(("Could not set keys into use"));
 193
 194     if (conn->internal->verbose)
 195       client->internal->ops->say(
 196                        client, conn, SILC_CLIENT_MESSAGE_ERROR,
 197                        "Error during key exchange with %s: cannot use keys",
 198                        conn->remote_host);
 199
 200     conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_KE, 0, NULL,
 201                    conn->callback_context);
 202
 203     silc_ske_free_rekey_material(rekey);
 204
 205     silc_fsm_next(fsm, silc_client_st_connect_error);
 206     SILC_FSM_CALL_CONTINUE(fsm);
 207     return;
 208   }
 209
 210   /* Set the keys into the packet stream.  After this call packets will be
 211      encrypted with these keys. */
 212   if (!silc_packet_set_keys(conn->stream, send_key, receive_key, hmac_send,
 213                             hmac_receive, FALSE)) {
 214     /* Error setting keys */
 215     SILC_LOG_DEBUG(("Could not set keys into use"));
 216
 217     if (conn->internal->verbose)
 218       client->internal->ops->say(
 219                        client, conn, SILC_CLIENT_MESSAGE_ERROR,
 220                        "Error during key exchange with %s: cannot use keys",
 221                        conn->remote_host);
 222
 223     conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_KE, 0, NULL,
 224                    conn->callback_context);
 225
 226     silc_ske_free_rekey_material(rekey);
 227
 228     silc_fsm_next(fsm, silc_client_st_connect_error);
 229     SILC_FSM_CALL_CONTINUE(fsm);
 230     return;
 231   }
 232
 233   conn->internal->rekey = rekey;
 234
 235   SILC_LOG_DEBUG(("Key Exchange completed"));
 236
 237   /* Key exchange done */
 238   SILC_FSM_CALL_CONTINUE(fsm);
 239 }
 240
 241 /* Rekey protocol completion callback */
 242
 243 static void silc_client_rekey_completion(SilcSKE ske,
 244                                          SilcSKEStatus status,
 245                                          SilcSKESecurityProperties prop,
 246                                          SilcSKEKeyMaterial keymat,
 247                                          SilcSKERekeyMaterial rekey,
 248                                          void *context)
 249 {
 250   SilcFSMThread fsm = context;
 251   SilcClientConnection conn = silc_fsm_get_context(fsm);
 252   SilcClient client = conn->client;
 253
 254   conn->internal->op = NULL;
 255   if (status != SILC_SKE_STATUS_OK) {
 256     /* Rekey failed */
 257     SILC_LOG_DEBUG(("Error during rekey with %s: %s (%d)",
 258                     conn->remote_host, silc_ske_map_status(status), status));
 259
 260     if (conn->internal->verbose)
 261       client->internal->ops->say(client, conn, SILC_CLIENT_MESSAGE_ERROR,
 262                                  "Error during rekey with %s: %s",
 263                                  conn->remote_host,
 264                                  silc_ske_map_status(status));
 265
 266     silc_fsm_finish(fsm);
 267     return;
 268   }
 269
 270   silc_ske_free_rekey_material(conn->internal->rekey);
 271   conn->internal->rekey = rekey;
 272
 273   SILC_LOG_DEBUG(("Rekey completed"));
 274
 275   /* Rekey done */
 276   silc_fsm_finish(fsm);
 277 }
 278
 279 /* Callback called by application to return authentication data */
 280
 281 static void silc_client_connect_auth_method(SilcAuthMethod auth_meth,
 282                                             void *auth, SilcUInt32 auth_len,
 283                                             void *context)
 284 {
 285   SilcFSMThread fsm = context;
 286   SilcClientConnection conn = silc_fsm_get_context(fsm);
 287
 288   conn->internal->params.auth_method = auth_meth;
 289   conn->internal->params.auth = auth;
 290   conn->internal->params.auth_len = auth_len;
 291
 292   SILC_FSM_CALL_CONTINUE(fsm);
 293 }
 294
 295 /* Connection authentication completion callback */
 296
 297 static void silc_client_connect_auth_completion(SilcConnAuth connauth,
 298                                                 SilcBool success,
 299                                                 void *context)
 300 {
 301   SilcFSMThread fsm = context;
 302   SilcClientConnection conn = silc_fsm_get_context(fsm);
 303   SilcClient client = conn->client;
 304
 305   conn->internal->op = NULL;
 306   silc_connauth_free(connauth);
 307
 308   if (!success) {
 309     if (conn->internal->verbose)
 310         client->internal->ops->say(
 311                         client, conn, SILC_CLIENT_MESSAGE_ERROR,
 312                         "Authentication failed");
 313
 314     conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_AUTH, 0, NULL,
 315                    conn->callback_context);
 316     silc_fsm_next(fsm, silc_client_st_connect_error);
 317   }
 318
 319   SILC_FSM_CALL_CONTINUE(fsm);
 320 }
 321
 322 /********************** CONNECTION_AUTH_REQUEST packet **********************/
 323
 324 /* Received connection authentication request packet.  We get the
 325    required authentication method here. */
 326
 327 SILC_FSM_STATE(silc_client_connect_auth_request)
 328 {
 329   SilcClientConnection conn = fsm_context;
 330   SilcPacket packet = state_context;
 331   SilcUInt16 conn_type, auth_meth;
 332
 333   if (!conn->internal->auth_request) {
 334     silc_packet_free(packet);
 335     SILC_FSM_FINISH;
 336   }
 337
 338   /* Parse the payload */
 339   if (silc_buffer_unformat(&packet->buffer,
 340                            SILC_STR_UI_SHORT(&conn_type),
 341                            SILC_STR_UI_SHORT(&auth_meth),
 342                            SILC_STR_END) < 0)
 343     auth_meth = SILC_AUTH_NONE;
 344
 345   silc_packet_free(packet);
 346
 347   SILC_LOG_DEBUG(("Resolved authentication method: %s",
 348                   (auth_meth == SILC_AUTH_NONE ? "none" :
 349                    auth_meth == SILC_AUTH_PASSWORD ? "passphrase" :
 350                    "public key")));
 351   conn->internal->params.auth_method = auth_meth;
 352
 353   /* Continue authentication */
 354   silc_fsm_continue_sync(&conn->internal->event_thread);
 355   SILC_FSM_FINISH;
 356 }
 357
 358 /*************************** Connect remote host ****************************/
 359
 360 /* Connection timeout callback */
 361
 362 SILC_TASK_CALLBACK(silc_client_connect_timeout)
 363 {
 364   SilcClientConnection conn = context;
 365   SilcClient client = conn->client;
 366
 367   SILC_LOG_DEBUG(("Connection timeout"));
 368
 369   conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_TIMEOUT, 0, NULL,
 370                  conn->callback_context);
 371
 372   silc_fsm_next(&conn->internal->event_thread, silc_client_st_connect_error);
 373   silc_fsm_continue_sync(&conn->internal->event_thread);
 374 }
 375
 376 /* Creates a connection to remote host */
 377
 378 SILC_FSM_STATE(silc_client_st_connect)
 379 {
 380   SilcClientConnection conn = fsm_context;
 381   SilcClient client = conn->client;
 382
 383   SILC_LOG_DEBUG(("Connecting to %s:%d", conn->remote_host,
 384                   conn->remote_port));
 385
 386   /** Connect */
 387   silc_fsm_next(fsm, silc_client_st_connect_set_stream);
 388
 389   /* Add connection timeout */
 390   if (conn->internal->params.timeout_secs)
 391     silc_schedule_task_add_timeout(conn->internal->schedule,
 392                                    silc_client_connect_timeout, conn,
 393                                    conn->internal->params.timeout_secs, 0);
 394
 395   if (conn->internal->params.udp) {
 396     SilcStream stream;
 397
 398     if (!conn->internal->params.local_ip) {
 399       /** IP address not given */
 400       SILC_LOG_ERROR(("Local UDP IP address not specified"));
 401       conn->callback(client, conn, SILC_CLIENT_CONN_ERROR, 0, NULL,
 402                      conn->callback_context);
 403       silc_fsm_next(fsm, silc_client_st_connect_error);
 404       SILC_FSM_CONTINUE;
 405     }
 406
 407     /* Connect (UDP) */
 408     stream = silc_net_udp_connect(conn->internal->params.bind_ip ?
 409                                   conn->internal->params.bind_ip :
 410                                   conn->internal->params.local_ip,
 411                                   conn->internal->params.local_port,
 412                                   conn->remote_host, conn->remote_port,
 413                                   conn->internal->schedule);
 414
 415     SILC_FSM_CALL(silc_client_connect_callback(stream ? SILC_NET_OK :
 416                                                SILC_NET_HOST_UNREACHABLE,
 417                                                stream, fsm));
 418   } else {
 419     /* Connect (TCP) */
 420     SILC_FSM_CALL(conn->internal->op = silc_net_tcp_connect(
 421                                        NULL, conn->remote_host,
 422                                        conn->remote_port,
 423                                        conn->internal->schedule,
 424                                        silc_client_connect_callback, fsm));
 425   }
 426 }
 427
 428 /* Sets the new connection stream into use and creates packet stream */
 429
 430 SILC_FSM_STATE(silc_client_st_connect_set_stream)
 431 {
 432   SilcClientConnection conn = fsm_context;
 433   SilcClient client = conn->client;
 434
 435   if (conn->internal->disconnected) {
 436     /** Disconnected */
 437     silc_fsm_next(fsm, silc_client_st_connect_error);
 438     SILC_FSM_CONTINUE;
 439   }
 440
 441   /* Create packet stream */
 442   conn->stream = silc_packet_stream_create(client->internal->packet_engine,
 443                                            conn->internal->schedule,
 444                                            (SilcStream)conn->stream);
 445   if (!conn->stream) {
 446     /** Cannot create packet stream */
 447     SILC_LOG_DEBUG(("Could not create packet stream"));
 448     conn->callback(client, conn, SILC_CLIENT_CONN_ERROR, 0, NULL,
 449                    conn->callback_context);
 450     silc_fsm_next(fsm, silc_client_st_connect_error);
 451     SILC_FSM_CONTINUE;
 452   }
 453
 454   silc_packet_set_context(conn->stream, conn);
 455
 456   /** Start key exchange */
 457   silc_fsm_next(fsm, silc_client_st_connect_key_exchange);
 458   SILC_FSM_CONTINUE;
 459 }
 460
 461 /* Starts key exchange protocol with remote host */
 462
 463 SILC_FSM_STATE(silc_client_st_connect_key_exchange)
 464 {
 465   SilcClientConnection conn = fsm_context;
 466   SilcClient client = conn->client;
 467   SilcSKEParamsStruct params;
 468
 469   SILC_LOG_DEBUG(("Starting key exchange protocol"));
 470
 471   /* Allocate SKE */
 472   conn->internal->ske =
 473     silc_ske_alloc(client->rng, conn->internal->schedule,
 474                    conn->internal->params.repository,
 475                    conn->public_key, conn->private_key, fsm);
 476   if (!conn->internal->ske) {
 477     /** Out of memory */
 478     conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_KE, 0, NULL,
 479                    conn->callback_context);
 480     silc_fsm_next(fsm, silc_client_st_connect_error);
 481     SILC_FSM_CONTINUE;
 482   }
 483
 484   /* Set SKE callbacks */
 485   silc_ske_set_callbacks(conn->internal->ske, silc_client_ke_verify_key,
 486                          silc_client_ke_completion, fsm);
 487
 488   /* Set up key exchange parameters */
 489   params.version = client->internal->silc_client_version;
 490   params.flags = SILC_SKE_SP_FLAG_MUTUAL;
 491   if (conn->internal->params.pfs)
 492     params.flags |= SILC_SKE_SP_FLAG_PFS;
 493   if (conn->internal->params.udp) {
 494     params.flags |= SILC_SKE_SP_FLAG_IV_INCLUDED;
 495     params.session_port = conn->internal->params.local_port;
 496   }
 497
 498   if (conn->internal->params.no_authentication)
 499     /** Run key exchange (no auth) */
 500     silc_fsm_next(fsm, silc_client_st_connected);
 501   else if (conn->internal->params.udp)
 502     /** Run key exchange (UDP)*/
 503     silc_fsm_next(fsm, silc_client_st_connect_setup_udp);
 504   else
 505     /** Run key exchange (TCP) */
 506     silc_fsm_next(fsm, silc_client_st_connect_auth_resolve);
 507
 508   SILC_FSM_CALL(conn->internal->op = silc_ske_initiator(conn->internal->ske,
 509                                                         conn->stream,
 510                                                         &params, NULL));
 511 }
 512
 513 /* For UDP/IP connections, set up the UDP session after successful key
 514    exchange protocol */
 515
 516 SILC_FSM_STATE(silc_client_st_connect_setup_udp)
 517 {
 518   SilcClientConnection conn = fsm_context;
 519   SilcClient client = conn->client;
 520   SilcStream stream, old;
 521   SilcSKESecurityProperties prop;
 522
 523   SILC_LOG_DEBUG(("Setup UDP SILC session"));
 524
 525   if (conn->internal->disconnected) {
 526     /** Disconnected */
 527     silc_fsm_next(fsm, silc_client_st_connect_error);
 528     SILC_FSM_CONTINUE;
 529   }
 530
 531   /* Create new UDP stream */
 532   prop = silc_ske_get_security_properties(conn->internal->ske);
 533   stream = silc_net_udp_connect(conn->internal->params.local_ip,
 534                                 conn->internal->params.local_port,
 535                                 conn->remote_host, prop->remote_port,
 536                                 conn->internal->schedule);
 537   if (!stream) {
 538     /** Cannot create UDP stream */
 539     conn->callback(client, conn, SILC_CLIENT_CONN_ERROR, 0, NULL,
 540                    conn->callback_context);
 541     silc_fsm_next(fsm, silc_client_st_connect_error);
 542     SILC_FSM_CONTINUE;
 543   }
 544
 545   /* Set the new stream to packet stream */
 546   old = silc_packet_stream_get_stream(conn->stream);
 547   silc_packet_stream_set_stream(conn->stream, stream);
 548   silc_packet_stream_set_iv_included(conn->stream);
 549   silc_packet_set_sid(conn->stream, 0);
 550
 551   /* Delete the old stream */
 552   silc_stream_destroy(old);
 553
 554   /** Start authentication */
 555   silc_fsm_next(fsm, silc_client_st_connect_auth_resolve);
 556   SILC_FSM_CONTINUE;
 557 }
 558
 559 /* Resolved authentication method to be used in authentication protocol */
 560
 561 SILC_FSM_STATE(silc_client_st_connect_auth_resolve)
 562 {
 563   SilcClientConnection conn = fsm_context;
 564
 565   SILC_LOG_DEBUG(("Resolve authentication method"));
 566
 567   if (conn->internal->disconnected) {
 568     /** Disconnected */
 569     silc_fsm_next(fsm, silc_client_st_connect_error);
 570     SILC_FSM_CONTINUE;
 571   }
 572
 573   /* If authentication method and data is set, use them */
 574   if (conn->internal->params.auth_set) {
 575     /** Got authentication data */
 576     silc_fsm_next(fsm, silc_client_st_connect_auth_start);
 577     SILC_FSM_CONTINUE;
 578   }
 579
 580   /* Send connection authentication request packet */
 581   silc_packet_send_va(conn->stream,
 582                       SILC_PACKET_CONNECTION_AUTH_REQUEST, 0,
 583                       SILC_STR_UI_SHORT(SILC_CONN_CLIENT),
 584                       SILC_STR_UI_SHORT(SILC_AUTH_NONE),
 585                       SILC_STR_END);
 586
 587   /** Wait for authentication method */
 588   conn->internal->auth_request = TRUE;
 589   conn->internal->params.auth_method = SILC_AUTH_NONE;
 590   silc_fsm_next_later(fsm, silc_client_st_connect_auth_data, 2, 0);
 591   SILC_FSM_WAIT;
 592 }
 593
 594 /* Get authentication data to be used in authentication protocol */
 595
 596 SILC_FSM_STATE(silc_client_st_connect_auth_data)
 597 {
 598   SilcClientConnection conn = fsm_context;
 599   SilcClient client = conn->client;
 600
 601   SILC_LOG_DEBUG(("Get authentication data"));
 602
 603   if (conn->internal->disconnected) {
 604     /** Disconnected */
 605     silc_fsm_next(fsm, silc_client_st_connect_error);
 606     SILC_FSM_CONTINUE;
 607   }
 608
 609   conn->internal->auth_request = FALSE;
 610
 611   /** Get authentication data */
 612   silc_fsm_next(fsm, silc_client_st_connect_auth_start);
 613   SILC_FSM_CALL(client->internal->ops->get_auth_method(
 614                                     client, conn,
 615                                     conn->remote_host,
 616                                     conn->remote_port,
 617                                     conn->internal->params.auth_method,
 618                                     silc_client_connect_auth_method, fsm));
 619 }
 620
 621 /* Start connection authentication with remote host */
 622
 623 SILC_FSM_STATE(silc_client_st_connect_auth_start)
 624 {
 625   SilcClientConnection conn = fsm_context;
 626   SilcClient client = conn->client;
 627   SilcConnAuth connauth;
 628
 629   SILC_LOG_DEBUG(("Starting connection authentication protocol"));
 630
 631   if (conn->internal->disconnected) {
 632     /** Disconnected */
 633     silc_fsm_next(fsm, silc_client_st_connect_error);
 634     SILC_FSM_CONTINUE;
 635   }
 636
 637   /* We always use the same key for connection authentication and SKE */
 638   if (conn->internal->params.auth_method == SILC_AUTH_PUBLIC_KEY)
 639     conn->internal->params.auth = conn->private_key;
 640
 641   /* Allocate connection authentication protocol */
 642   connauth = silc_connauth_alloc(conn->internal->schedule,
 643                                  conn->internal->ske,
 644                                  conn->internal->params.rekey_secs);
 645   if (!connauth) {
 646     /** Out of memory */
 647     conn->callback(client, conn, SILC_CLIENT_CONN_ERROR_AUTH, 0, NULL,
 648                    conn->callback_context);
 649     silc_fsm_next(fsm, silc_client_st_connect_error);
 650     SILC_FSM_CONTINUE;
 651   }
 652
 653   /** Start connection authentication */
 654   silc_fsm_next(fsm, silc_client_st_connected);
 655   SILC_FSM_CALL(conn->internal->op = silc_connauth_initiator(
 656                                         connauth, SILC_CONN_CLIENT,
 657                                         conn->internal->params.auth_method,
 658                                         conn->internal->params.auth,
 659                                         conn->internal->params.auth_len,
 660                                         silc_client_connect_auth_completion,
 661                                         fsm));
 662 }
 663
 664 /* Connection fully established */
 665
 666 SILC_FSM_STATE(silc_client_st_connected)
 667 {
 668   SilcClientConnection conn = fsm_context;
 669   SilcClient client = conn->client;
 670
 671   silc_ske_free(conn->internal->ske);
 672   conn->internal->ske = NULL;
 673
 674   if (conn->internal->disconnected) {
 675     /** Disconnected */
 676     silc_fsm_next(fsm, silc_client_st_connect_error);
 677     SILC_FSM_CONTINUE;
 678   }
 679
 680   SILC_LOG_DEBUG(("Connection established"));
 681
 682   /* Install rekey timer */
 683   silc_schedule_task_add_timeout(conn->internal->schedule,
 684                                  silc_client_rekey_timer, conn,
 685                                  conn->internal->params.rekey_secs, 0);
 686
 687   /* If we connected to server, now register to network. */
 688   if (conn->type == SILC_CONN_SERVER &&
 689       !conn->internal->params.no_authentication) {
 690
 691     /* If detach data is provided, resume the session. */
 692     if (conn->internal->params.detach_data &&
 693         conn->internal->params.detach_data_len) {
 694       /** Resume detached session */
 695       silc_fsm_next(fsm, silc_client_st_resume);
 696     } else {
 697       /** Register to network */
 698       silc_fsm_next(fsm, silc_client_st_register);
 699     }
 700
 701     SILC_FSM_CONTINUE;
 702   }
 703
 704   silc_schedule_task_del_by_all(conn->internal->schedule, 0,
 705                                 silc_client_connect_timeout, conn);
 706
 707   /* Call connection callback */
 708   conn->callback(client, conn, SILC_CLIENT_CONN_SUCCESS, 0, NULL,
 709                  conn->callback_context);
 710
 711   SILC_FSM_FINISH;
 712 }
 713
 714 /* Error during connecting */
 715
 716 SILC_FSM_STATE(silc_client_st_connect_error)
 717 {
 718   SilcClientConnection conn = fsm_context;
 719
 720   if (conn->internal->ske) {
 721     silc_ske_free(conn->internal->ske);
 722     conn->internal->ske = NULL;
 723   }
 724
 725   /* Signal to close connection */
 726   if (!conn->internal->disconnected) {
 727     conn->internal->disconnected = TRUE;
 728     SILC_FSM_EVENT_SIGNAL(&conn->internal->wait_event);
 729   }
 730
 731   silc_schedule_task_del_by_all(conn->internal->schedule, 0,
 732                                 silc_client_connect_timeout, conn);
 733
 734   SILC_FSM_FINISH;
 735 }
 736
 737 /****************************** Connect rekey *******************************/
 738
 739 /* Connection rekey timer callback */
 740
 741 SILC_TASK_CALLBACK(silc_client_rekey_timer)
 742 {
 743   SilcClientConnection conn = context;
 744
 745   /* Signal to start rekey */
 746   conn->internal->rekey_responder = FALSE;
 747   conn->internal->rekeying = TRUE;
 748   SILC_FSM_EVENT_SIGNAL(&conn->internal->wait_event);
 749
 750   /* Reinstall rekey timer */
 751   silc_schedule_task_add_timeout(conn->internal->schedule,
 752                                  silc_client_rekey_timer, conn,
 753                                  conn->internal->params.rekey_secs, 0);
 754 }
 755
 756 /* Performs rekey */
 757
 758 SILC_FSM_STATE(silc_client_st_rekey)
 759 {
 760   SilcClientConnection conn = fsm_context;
 761   SilcClient client = conn->client;
 762
 763   SILC_LOG_DEBUG(("Rekey"));
 764
 765   if (conn->internal->disconnected)
 766     SILC_FSM_FINISH;
 767
 768   /* Allocate SKE */
 769   conn->internal->ske =
 770     silc_ske_alloc(client->rng, conn->internal->schedule,
 771                    conn->internal->params.repository,
 772                    conn->public_key, conn->private_key, fsm);
 773   if (!conn->internal->ske)
 774     SILC_FSM_FINISH;
 775
 776   /* Set SKE callbacks */
 777   silc_ske_set_callbacks(conn->internal->ske, NULL,
 778                          silc_client_rekey_completion, fsm);
 779
 780   /** Perform rekey */
 781   if (!conn->internal->rekey_responder)
 782     SILC_FSM_CALL(conn->internal->op = silc_ske_rekey_initiator(
 783                                                     conn->internal->ske,
 784                                                     conn->stream,
 785                                                     conn->internal->rekey));
 786   else
 787     SILC_FSM_CALL(conn->internal->op = silc_ske_rekey_responder(
 788                                                     conn->internal->ske,
 789                                                     conn->stream,
 790                                                     conn->internal->rekey));
 791 }