5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 2000 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
24 #include "silcske_status.h"
26 /* Forward declaration for SKE object. */
27 typedef struct SilcSKEStruct *SilcSKE;
29 /* Forward declaration for security properties. */
30 typedef struct SilcSKESecurityPropertiesStruct *SilcSKESecurityProperties;
32 /* Packet sending callback. Caller of the SKE routines must provide
33 a routine to send packets to negotiation parties. */
34 typedef void (*SilcSKESendPacketCb)(SilcSKE ske, SilcBuffer packet,
35 SilcPacketType type, void *context);
37 /* Generic SKE callback function. This is called in various SKE
38 routines. The SilcSKE object sent as argument provides all the data
39 callers routine might need (payloads etc). */
40 typedef void (*SilcSKECb)(SilcSKE ske, void *context);
42 /* Supported Public Key Types, defined by the protocol */
44 SILC_SKE_PK_TYPE_SILC = 1, /* Mandatory type */
45 /* Optional types. These are not implemented currently
46 SILC_SKE_PK_TYPE_SSH2 = 2,
47 SILC_SKE_PK_TYPE_X509V3 = 3,
48 SILC_SKE_PK_TYPE_OPENPGP = 4,
49 SILC_SKE_PK_TYPE_SPKI = 5
53 /* Context passed to key material processing function. The function
54 returns the processed key material into this structure. */
56 unsigned char *send_iv;
57 unsigned char *receive_iv;
59 unsigned char *send_enc_key;
60 unsigned char *receive_enc_key;
61 unsigned int enc_key_len;
62 unsigned char *hmac_key;
63 unsigned int hmac_key_len;
66 #define SILC_SKE_COOKIE_LEN 16
71 /* Security Property Flags. */
73 SILC_SKE_SP_FLAG_NONE = (1L << 0),
74 SILC_SKE_SP_FLAG_NO_REPLY = (1L << 1),
75 SILC_SKE_SP_FLAG_PFS = (1L << 2),
76 } SilcSKESecurityPropertyFlag;
78 /* Security Properties negotiated between key exchange parties. This
79 structure is filled from the Key Exchange Start Payload which is used
80 to negotiate what security properties should be used in the
82 struct SilcSKESecurityPropertiesStruct {
84 SilcSKEDiffieHellmanGroup group;
88 /* XXX SilcCompression comp; */
91 struct SilcSKEStruct {
92 /* The connection object. This is initialized by the caller. */
93 SilcSocketConnection sock;
95 /* Security properties negotiated */
96 SilcSKESecurityProperties prop;
98 /* Key Exchange payloads filled during key negotiation with
99 remote data. Responder may save local data here as well. */
100 SilcSKEStartPayload *start_payload;
101 SilcSKEOnePayload *ke1_payload;
102 SilcSKETwoPayload *ke2_payload;
104 /* Temporary copy of the KE Start Payload used in the
106 SilcBuffer start_payload_copy;
108 /* If initiator, this is responders public key. If responder this
109 is our own public key. */
113 /* Random number x, 1 < x < q. This is the secret exponent
114 used in Diffie Hellman computations. */
117 /* The secret shared key */
120 /* The hash value HASH of the key exchange */
122 unsigned int hash_len;
124 /* Random Number Generator. This is set by the caller and must
125 be free'd by the caller. */
128 /* Pointer to the what ever user data. This is set by the caller
129 and is not touched by the SKE. The caller must also free this one. */
134 SilcSKE silc_ske_alloc();
135 void silc_ske_free(SilcSKE ske);
136 SilcSKEStatus silc_ske_initiator_start(SilcSKE ske, SilcRng rng,
137 SilcSocketConnection sock,
138 SilcSKEStartPayload *start_payload,
139 SilcSKESendPacketCb send_packet,
141 SilcSKEStatus silc_ske_initiator_phase_1(SilcSKE ske,
142 SilcBuffer start_payload,
145 SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske,
146 SilcSKESendPacketCb send_packet,
148 SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske,
149 SilcBuffer ke2_payload,
152 SilcSKEStatus silc_ske_responder_start(SilcSKE ske, SilcRng rng,
153 SilcSocketConnection sock,
154 SilcBuffer start_payload,
157 SilcSKEStatus silc_ske_responder_phase_1(SilcSKE ske,
158 SilcSKEStartPayload *start_payload,
159 SilcSKESendPacketCb send_packet,
161 SilcSKEStatus silc_ske_responder_phase_2(SilcSKE ske,
162 SilcBuffer ke1_payload,
165 SilcSKEStatus silc_ske_responder_finish(SilcSKE ske,
169 unsigned int prv_len,
170 SilcSKEPKType pk_type,
171 SilcSKESendPacketCb send_packet,
173 SilcSKEStatus silc_ske_end(SilcSKE ske,
174 SilcSKESendPacketCb send_packet,
176 SilcSKEStatus silc_ske_abort(SilcSKE ske, SilcSKEStatus status,
177 SilcSKESendPacketCb send_packet,
180 silc_ske_assemble_security_properties(SilcSKE ske,
181 SilcSKEStartPayload **return_payload);
183 silc_ske_select_security_properties(SilcSKE ske,
184 SilcSKEStartPayload *payload,
185 SilcSKEStartPayload *remote_payload);
186 SilcSKEStatus silc_ske_create_rnd(SilcSKE ske, SilcInt n,
189 SilcSKEStatus silc_ske_verify_public_key(SilcSKE ske,
190 unsigned char *pubkey,
191 unsigned int pubkey_len);
192 SilcSKEStatus silc_ske_make_hash(SilcSKE ske,
193 unsigned char *return_hash,
194 unsigned int *return_hash_len);
195 SilcSKEStatus silc_ske_process_key_material(SilcSKE ske,
196 unsigned int req_iv_len,
197 unsigned int req_enc_key_len,
198 unsigned int req_hmac_key_len,
199 SilcSKEKeyMaterial *key);