Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
- Copyright (C) 1997 - 2000 Pekka Riikonen
+ Copyright (C) 1997 - 2001 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
return new_client;
}
-/* Free's client object */
+/* Frees client object and its internals. */
void silc_client_free(SilcClient client)
{
/* Initializes the client. This makes all the necessary steps to make
the client ready to be run. One must call silc_client_run to run the
- client. */
+ client. Returns FALSE if error occured, TRUE otherwise. */
int silc_client_init(SilcClient client)
{
SILC_LOG_DEBUG(("Client stopped"));
}
-/* Runs the client. */
+/* Runs the client. This starts the scheduler from the utility library.
+ When this functions returns the execution of the appliation is over. */
void silc_client_run(SilcClient client)
{
connection to the connection table and returns a pointer to it. A client
can have multiple connections to multiple servers. Every connection must
be added to the client using this function. User data `context' may
- be sent as argument. */
+ be sent as argument. This function is normally used only if the
+ application performed the connecting outside the library. The library
+ however may use this internally. */
SilcClientConnection silc_client_add_connection(SilcClient client,
char *hostname,
return conn;
}
-/* Removes connection from client. */
+/* Removes connection from client. Frees all memory. */
void silc_client_del_connection(SilcClient client, SilcClientConnection conn)
{
/* Connects to remote server. This is the main routine used to connect
to SILC server. Returns -1 on error and the created socket otherwise.
The `context' is user context that is saved into the SilcClientConnection
- that is created after the connection is created. */
+ that is created after the connection is created. Note that application
+ may handle the connecting process outside the library. If this is the
+ case then this function is not used at all. When the connecting is
+ done the `connect' client operation is called. */
int silc_client_connect_to_server(SilcClient client, int port,
char *host, void *context)
/* Start SILC Key Exchange (SKE) protocol to negotiate shared secret
key material between client and server. This function can be called
directly if application is performing its own connecting and does not
- use the connecting provided by this library. */
+ use the connecting provided by this library. This function is normally
+ used only if the application performed the connecting outside the library.
+ The library however may use this internally. */
int silc_client_start_key_exchange(SilcClient client,
SilcClientConnection conn,
close the connection */
if (SILC_IS_DISCONNECTING(sock)) {
client->ops->disconnect(client, conn);
- silc_client_close_connection(client, sock);
+ silc_client_close_connection(client, conn);
return;
}
SILC_LOG_DEBUG(("EOF from connection %d", sock->sock));
client->ops->disconnect(client, conn);
- silc_client_close_connection(client, sock);
+ silc_client_close_connection(client, conn);
return;
}
silc_client_packet_send_real(client, sock, force_send);
}
-/* Sends packet to a channel. Packet to channel is always encrypted
+/* Sends packet to the `channel'. Packet to channel is always encrypted
differently from "normal" packets. SILC header of the packet is
encrypted with the next receiver's key and the rest of the packet is
encrypted with the channel specific key. Padding and HMAC is computed
- with the next receiver's key. */
+ with the next receiver's key. The `data' is the channel message. If
+ the `force_send' is TRUE then the packet is sent immediately. */
-void silc_client_packet_send_to_channel(SilcClient client,
- SilcSocketConnection sock,
- SilcChannelEntry channel,
- unsigned char *data,
- unsigned int data_len,
- int force_send)
+void silc_client_send_channel_message(SilcClient client,
+ SilcClientConnection conn,
+ SilcChannelEntry channel,
+ unsigned char *data,
+ unsigned int data_len,
+ int force_send)
{
int i;
- SilcClientConnection conn = (SilcClientConnection)sock->user_data;
+ SilcSocketConnection sock = conn->sock;
SilcBuffer payload;
SilcPacketContext packetdata;
SilcCipher cipher;
SilcHmac hmac;
unsigned char *id_string;
+ unsigned int block_len;
SILC_LOG_DEBUG(("Sending packet to channel"));
}
/* Generate IV */
- if (!channel->iv)
- for (i = 0; i < 16; i++) channel->iv[i] = silc_rng_get_byte(client->rng);
+ block_len = silc_cipher_get_block_len(channel->channel_key);
+ if (channel->iv[0] == '\0')
+ for (i = 0; i < block_len; i++) channel->iv[i] = silc_rng_get_byte(client->rng);
else
- silc_hash_make(client->md5hash, channel->iv, 16, channel->iv);
+ silc_hash_make(client->md5hash, channel->iv, block_len, channel->iv);
/* Encode the channel payload */
- payload = silc_channel_payload_encode(data_len, data, 16, channel->iv,
- client->rng);
+ payload = silc_channel_payload_encode(data_len, data, block_len,
+ channel->iv, client->rng);
if (!payload) {
client->ops->say(client, conn,
"Error: Could not create packet to be sent to channel");
/* Encrypt payload of the packet. This is encrypted with the channel key. */
channel->channel_key->cipher->encrypt(channel->channel_key->context,
payload->data, payload->data,
- payload->len - 16, /* -IV_LEN */
+ payload->len - block_len, /* -IV_LEN */
channel->iv);
/* Put the actual encrypted payload data into the buffer. */
normal session keys. Private messages are special packets in SILC
network hence we need this own function for them. This is similiar
to silc_client_packet_send_to_channel except that we send private
- message. */
-
-void silc_client_packet_send_private_message(SilcClient client,
- SilcSocketConnection sock,
- SilcClientEntry client_entry,
- unsigned char *data,
- unsigned int data_len,
- int force_send)
+ message. The `data' is the private message. If the `force_send' is
+ TRUE the packet is sent immediately. */
+
+void silc_client_send_private_message(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry,
+ unsigned char *data,
+ unsigned int data_len,
+ int force_send)
{
- SilcClientConnection conn = (SilcClientConnection)sock->user_data;
+ SilcSocketConnection sock = conn->sock;
SilcBuffer buffer;
SilcPacketContext packetdata;
unsigned int nick_len;
hmac = conn->hmac;
/* Set the packet context pointers. */
- packetdata.flags = 0;
+ packetdata.flags = SILC_PACKET_FLAG_PRIVMSG_KEY;
packetdata.type = SILC_PACKET_PRIVATE_MESSAGE;
packetdata.src_id = conn->local_id_data;
packetdata.src_id_len = SILC_ID_CLIENT_LEN;
packetdata.src_id_type = SILC_ID_CLIENT;
- if (client_entry)
- packetdata.dst_id = silc_id_id2str(client_entry->id, SILC_ID_CLIENT);
- else
- packetdata.dst_id = conn->local_id_data;
+ packetdata.dst_id = silc_id_id2str(client_entry->id, SILC_ID_CLIENT);
packetdata.dst_id_len = SILC_ID_CLIENT_LEN;
packetdata.dst_id_type = SILC_ID_CLIENT;
packetdata.truelen = buffer->len + SILC_PACKET_HEADER_LEN +
packetdata.buffer = sock->outbuf;
/* Encrypt payload of the packet. Encrypt with private message specific
- key if it exist, otherwise with session key. */
+ key */
cipher->cipher->encrypt(cipher->context, buffer->data, buffer->data,
buffer->len, cipher->iv);
silc_packet_assemble(&packetdata);
/* Encrypt the header and padding of the packet. */
+ cipher = conn->send_key;
silc_packet_encrypt(cipher, hmac, sock->outbuf, SILC_PACKET_HEADER_LEN +
packetdata.src_id_len + packetdata.dst_id_len +
packetdata.padlen);
for some information such as nickname etc. that are valid at all time. */
void silc_client_close_connection(SilcClient client,
- SilcSocketConnection sock)
+ SilcClientConnection conn)
{
- SilcClientConnection conn;
+ SilcSocketConnection sock = conn->sock;
/* We won't listen for this connection anymore */
silc_schedule_unset_listen_fd(sock->sock);
/* Free everything */
if (sock->user_data) {
- conn = (SilcClientConnection)sock->user_data;
-
/* XXX Free all client entries and channel entries. */
/* Clear ID caches */
silc_free(msg);
SILC_SET_DISCONNECTED(sock);
- silc_client_close_connection(client, sock);
+ silc_client_close_connection(client, sock->user_data);
}
/* Received error message from server. Display it on the screen.
goto out;
/* Find Client entry and if not found query it */
- client_entry = silc_idlist_get_client_by_id(client, conn, client_id);
+ client_entry = silc_client_get_client_by_id(client, conn, client_id);
if (!client_entry) {
silc_client_notify_by_server_resolve(client, conn, packet, client_id);
goto out;
goto out;
/* Find Client entry and if not found query it */
- client_entry = silc_idlist_get_client_by_id(client, conn, client_id);
+ client_entry = silc_client_get_client_by_id(client, conn, client_id);
if (!client_entry) {
silc_client_notify_by_server_resolve(client, conn, packet, client_id);
goto out;
/* Find Client entry */
client_entry =
- silc_idlist_get_client_by_id(client, conn, client_id);
+ silc_client_get_client_by_id(client, conn, client_id);
if (!client_entry)
goto out;
/* Find Client entry */
client_entry =
- silc_idlist_get_client_by_id(client, conn, client_id);
+ silc_client_get_client_by_id(client, conn, client_id);
if (!client_entry)
goto out;
/* Find Client entry */
client_entry =
- silc_idlist_get_client_by_id(client, conn, client_id);
+ silc_client_get_client_by_id(client, conn, client_id);
if (!client_entry)
goto out;
/* Find Client entry and if not found query it */
client_entry2 =
- silc_idlist_get_client_by_id(client, conn, client_id);
+ silc_client_get_client_by_id(client, conn, client_id);
if (!client_entry2) {
silc_client_notify_by_server_resolve(client, conn, packet, client_id);
goto out;
/* Find old Client entry */
client_entry =
- silc_idlist_get_client_by_id(client, conn, client_id);
+ silc_client_get_client_by_id(client, conn, client_id);
if (!client_entry)
goto out;
/* Find Client entry */
client_entry =
- silc_idlist_get_client_by_id(client, conn, client_id);
+ silc_client_get_client_by_id(client, conn, client_id);
if (!client_entry)
goto out;
/* Find Client entry */
client_entry =
- silc_idlist_get_client_by_id(client, conn, client_id);
+ silc_client_get_client_by_id(client, conn, client_id);
if (!client_entry)
goto out;
/* Find target Client entry */
client_entry2 =
- silc_idlist_get_client_by_id(client, conn, client_id);
+ silc_client_get_client_by_id(client, conn, client_id);
if (!client_entry2)
goto out;
/* Notify application */
client->ops->notify(client, conn, type, channel, channel);
break;
+
+ case SILC_NOTIFY_TYPE_KICKED:
+ /*
+ * A client (maybe me) was kicked from a channel
+ */
+
+ /* Get Client ID */
+ tmp = silc_argument_get_arg_type(args, 1, &tmp_len);
+ if (!tmp)
+ goto out;
+
+ client_id = silc_id_payload_parse_id(tmp, tmp_len);
+ if (!client_id)
+ goto out;
+
+ /* Find Client entry */
+ client_entry =
+ silc_client_get_client_by_id(client, conn, client_id);
+ if (!client_entry)
+ goto out;
+
+ /* Get channel entry */
+ channel_id = silc_id_str2id(packet->dst_id, packet->dst_id_len,
+ SILC_ID_CHANNEL);
+ if (!channel_id)
+ goto out;
+ if (!silc_idcache_find_by_id_one(conn->channel_cache, (void *)channel_id,
+ SILC_ID_CHANNEL, &id_cache))
+ break;
+
+ channel = (SilcChannelEntry)id_cache->context;
+
+ /* Get comment */
+ tmp = silc_argument_get_arg_type(args, 2, &tmp_len);
+
+ /* Notify application. The channel entry is sent last as this notify
+ is for channel but application don't know it from the arguments
+ sent by server. */
+ client->ops->notify(client, conn, type, client_entry, tmp, channel);
+
+ /* If I was kicked from channel, remove the channel */
+ if (client_entry == conn->local_entry) {
+ if (conn->current_channel == channel)
+ conn->current_channel = NULL;
+ silc_idcache_del_by_id(conn->channel_cache,
+ SILC_ID_CHANNEL, channel->id);
+ silc_free(channel->channel_name);
+ silc_free(channel->id);
+ silc_free(channel->key);
+ silc_cipher_free(channel->channel_key);
+ silc_free(channel);
+ }
+ break;
default:
break;
/* Save the key */
key = silc_channel_key_get_key(payload, &tmp_len);
cipher = silc_channel_key_get_cipher(payload, NULL);
- channel->key_len = tmp_len;
+ channel->key_len = tmp_len * 8;
channel->key = silc_calloc(tmp_len, sizeof(*channel->key));
memcpy(channel->key, key, tmp_len);
goto out;
}
channel->channel_key->cipher->set_key(channel->channel_key->context,
- key, tmp_len);
+ key, channel->key_len);
/* Client is now joined to the channel */
channel->on_channel = TRUE;
SilcIDCacheEntry id_cache = NULL;
SilcClientID *client_id = NULL;
int found = FALSE;
+ unsigned int block_len;
/* Sanity checks */
if (packet->dst_id_type != SILC_ID_CHANNEL)
/* Decrypt the channel message payload. Push the IV out of the way,
since it is not encrypted (after pushing buffer->tail has the IV). */
- silc_buffer_push_tail(buffer, 16);
+ block_len = silc_cipher_get_block_len(channel->channel_key);
+ silc_buffer_push_tail(buffer, block_len);
channel->channel_key->cipher->decrypt(channel->channel_key->context,
buffer->data, buffer->data,
buffer->len, buffer->tail);
- silc_buffer_pull_tail(buffer, 16);
+ silc_buffer_pull_tail(buffer, block_len);
/* Parse the channel message payload */
payload = silc_channel_payload_parse(buffer);
goto out;
/* Send the away message */
- silc_client_packet_send_private_message(client, sock, remote_client,
- conn->away->away,
- strlen(conn->away->away), TRUE);
+ silc_client_send_private_message(client, conn, remote_client,
+ conn->away->away,
+ strlen(conn->away->away), TRUE);
}
out:
return strdup(string);
}
+
+/* Function that actually employes the received private message key */
+
+static void silc_client_private_message_key_cb(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry *clients,
+ unsigned int clients_count,
+ void *context)
+{
+ SilcPacketContext *packet = (SilcPacketContext *)context;
+ unsigned char *key;
+ unsigned short key_len;
+ unsigned char *cipher;
+ int ret;
+
+ if (!clients)
+ goto out;
+
+ /* Parse the private message key payload */
+ ret = silc_buffer_unformat(packet->buffer,
+ SILC_STR_UI16_NSTRING(&key, &key_len),
+ SILC_STR_UI16_STRING(&cipher),
+ SILC_STR_END);
+ if (!ret)
+ goto out;
+
+ if (key_len > packet->buffer->len)
+ goto out;
+
+ /* Now take the key in use */
+ if (!silc_client_add_private_message_key(client, conn, clients[0],
+ cipher, key, key_len, FALSE))
+ goto out;
+
+ /* Print some info for application */
+ client->ops->say(client, conn,
+ "Received private message key from %s%s%s %s%s%s",
+ clients[0]->nickname,
+ clients[0]->server ? "@" : "",
+ clients[0]->server ? clients[0]->server : "",
+ clients[0]->username ? "(" : "",
+ clients[0]->username ? clients[0]->username : "",
+ clients[0]->username ? ")" : "");
+
+ out:
+ silc_packet_context_free(packet);
+}
+
+/* Processes incoming Private Message Key payload. The libary always
+ accepts the key and takes it into use. */
+
+void silc_client_private_message_key(SilcClient client,
+ SilcSocketConnection sock,
+ SilcPacketContext *packet)
+{
+ SilcClientID *remote_id;
+
+ if (packet->src_id_type != SILC_ID_CLIENT)
+ return;
+
+ remote_id = silc_id_str2id(packet->src_id, packet->src_id_len,
+ SILC_ID_CLIENT);
+ if (!remote_id)
+ return;
+
+ silc_client_get_client_by_id_resolve(client, sock->user_data, remote_id,
+ silc_client_private_message_key_cb,
+ silc_packet_context_dup(packet));
+ silc_free(remote_id);
+}
+
+/* Adds private message key to the client library. The key will be used to
+ encrypt all private message between the client and the remote client
+ indicated by the `client_entry'. If the `key' is NULL and the boolean
+ value `generate_key' is TRUE the library will generate random key.
+ The `key' maybe for example pre-shared-key, passphrase or similar.
+ The `cipher' MAY be provided but SHOULD be NULL to assure that the
+ requirements of the SILC protocol are met. The API, however, allows
+ to allocate any cipher.
+
+ It is not necessary to set key for normal private message usage. If the
+ key is not set then the private messages are encrypted using normal
+ session keys. Setting the private key, however, increases the security.
+
+ Returns FALSE if the key is already set for the `client_entry', TRUE
+ otherwise. */
+
+int silc_client_add_private_message_key(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry,
+ char *cipher,
+ unsigned char *key,
+ unsigned int key_len,
+ int generate_key)
+{
+ unsigned char private_key[32];
+ unsigned int len;
+ int i;
+ SilcSKEKeyMaterial *keymat;
+
+ assert(client_entry);
+
+ /* Return FALSE if key already set */
+ if (client_entry->send_key && client_entry->receive_key)
+ return FALSE;
+
+ if (!cipher)
+ cipher = "aes-256-cbc";
+
+ /* Check the requested cipher */
+ if (!silc_cipher_is_supported(cipher))
+ return FALSE;
+
+ /* Generate key if not provided */
+ if (!key && generate_key == TRUE) {
+ len = 32;
+ for (i = 0; i < len; i++) private_key[i] = silc_rng_get_byte(client->rng);
+ key = private_key;
+ key_len = len;
+ client_entry->generated = TRUE;
+ }
+
+ /* Save the key */
+ client_entry->key = silc_calloc(key_len, sizeof(*client_entry->key));
+ memcpy(client_entry->key, key, key_len);
+ client_entry->key_len = key_len;
+
+ /* Produce the key material as the protocol defines */
+ keymat = silc_calloc(1, sizeof(*keymat));
+ if (silc_ske_process_key_material_data(key, key_len, 16, 256, 16,
+ client->md5hash, keymat)
+ != SILC_SKE_STATUS_OK)
+ return FALSE;
+
+ /* Allocate the ciphers */
+ silc_cipher_alloc(cipher, &client_entry->send_key);
+ silc_cipher_alloc(cipher, &client_entry->receive_key);
+
+ /* Set the keys */
+ silc_cipher_set_key(client_entry->send_key, keymat->send_enc_key,
+ keymat->enc_key_len);
+ silc_cipher_set_iv(client_entry->send_key, keymat->send_iv);
+ silc_cipher_set_key(client_entry->receive_key, keymat->receive_enc_key,
+ keymat->enc_key_len);
+ silc_cipher_set_iv(client_entry->receive_key, keymat->receive_iv);
+
+ /* Free the key material */
+ silc_ske_free_key_material(keymat);
+
+ return TRUE;
+}
+
+/* Same as above but takes the key material from the SKE key material
+ structure. This structure is received if the application uses the
+ silc_client_send_key_agreement to negotiate the key material. The
+ `cipher' SHOULD be provided as it is negotiated also in the SKE
+ protocol. */
+
+int silc_client_add_private_message_key_ske(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry,
+ char *cipher,
+ SilcSKEKeyMaterial *key)
+{
+ assert(client_entry);
+
+ /* Return FALSE if key already set */
+ if (client_entry->send_key && client_entry->receive_key)
+ return FALSE;
+
+ if (!cipher)
+ cipher = "aes-256-cbc";
+
+ /* Check the requested cipher */
+ if (!silc_cipher_is_supported(cipher))
+ return FALSE;
+
+ /* Allocate the ciphers */
+ silc_cipher_alloc(cipher, &client_entry->send_key);
+ silc_cipher_alloc(cipher, &client_entry->receive_key);
+
+ /* Set the keys */
+ silc_cipher_set_key(client_entry->send_key, key->send_enc_key,
+ key->enc_key_len);
+ silc_cipher_set_iv(client_entry->send_key, key->send_iv);
+ silc_cipher_set_key(client_entry->receive_key, key->receive_enc_key,
+ key->enc_key_len);
+ silc_cipher_set_iv(client_entry->receive_key, key->receive_iv);
+
+ return TRUE;
+}
+
+/* Sends private message key payload to the remote client indicated by
+ the `client_entry'. If the `force_send' is TRUE the packet is sent
+ immediately. Returns FALSE if error occurs, TRUE otherwise. The
+ application should call this function after setting the key to the
+ client.
+
+ Note that the key sent using this function is sent to the remote client
+ through the SILC network. The packet is protected using normal session
+ keys. */
+
+int silc_client_send_private_message_key(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry,
+ int force_send)
+{
+ SilcSocketConnection sock = conn->sock;
+ SilcBuffer buffer;
+ int cipher_len;
+
+ if (!client_entry->send_key || !client_entry->key)
+ return FALSE;
+
+ SILC_LOG_DEBUG(("Sending private message key"));
+
+ cipher_len = strlen(client_entry->send_key->cipher->name);
+
+ /* Create private message key payload */
+ buffer = silc_buffer_alloc(2 + client_entry->key_len);
+ silc_buffer_pull_tail(buffer, SILC_BUFFER_END(buffer));
+ silc_buffer_format(buffer,
+ SILC_STR_UI_SHORT(client_entry->key_len),
+ SILC_STR_UI_XNSTRING(client_entry->key,
+ client_entry->key_len),
+ SILC_STR_UI_SHORT(cipher_len),
+ SILC_STR_UI_XNSTRING(client_entry->send_key->cipher->name,
+ cipher_len),
+ SILC_STR_END);
+
+ /* Send the packet */
+ silc_client_packet_send(client, sock, SILC_PACKET_PRIVATE_MESSAGE_KEY,
+ client_entry->id, SILC_ID_CLIENT, NULL, NULL,
+ buffer->data, buffer->len, force_send);
+ silc_free(buffer);
+
+ return TRUE;
+}
+
+/* Removes the private message from the library. The key won't be used
+ after this to protect the private messages with the remote `client_entry'
+ client. Returns FALSE on error, TRUE otherwise. */
+
+int silc_client_del_private_message_key(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry)
+{
+ assert(client_entry);
+
+ if (!client_entry->send_key && !client_entry->receive_key)
+ return FALSE;
+
+ silc_cipher_free(client_entry->send_key);
+ silc_cipher_free(client_entry->receive_key);
+
+ if (client_entry->key) {
+ memset(client_entry->key, 0, client_entry->key_len);
+ silc_free(client_entry->key);
+ }
+
+ client_entry->send_key = NULL;
+ client_entry->receive_key = NULL;
+ client_entry->key = NULL;
+
+ return TRUE;
+}
+
+/* Returns array of set private message keys associated to the connection
+ `conn'. Returns allocated SilcPrivateMessageKeys array and the array
+ count to the `key_count' argument. The array must be freed by the caller
+ by calling the silc_client_free_private_message_keys function. Note:
+ the keys returned in the array is in raw format. It might not be desired
+ to show the keys as is. The application might choose not to show the keys
+ at all or to show the fingerprints of the keys. */
+
+SilcPrivateMessageKeys
+silc_client_list_private_message_keys(SilcClient client,
+ SilcClientConnection conn,
+ unsigned int *key_count)
+{
+ SilcPrivateMessageKeys keys;
+ unsigned int count = 0;
+ SilcIDCacheEntry id_cache;
+ SilcIDCacheList list;
+ SilcClientEntry entry;
+
+ if (!silc_idcache_find_by_id(conn->client_cache, SILC_ID_CACHE_ANY,
+ SILC_ID_CLIENT, &list))
+ return NULL;
+
+ if (!silc_idcache_list_count(list)) {
+ silc_idcache_list_free(list);
+ return NULL;
+ }
+
+ keys = silc_calloc(silc_idcache_list_count(list), sizeof(*keys));
+
+ silc_idcache_list_first(list, &id_cache);
+ while (id_cache) {
+ entry = (SilcClientEntry)id_cache->context;
+
+ if (entry->send_key) {
+ keys[count].client_entry = entry;
+ keys[count].cipher = entry->send_key->cipher->name;
+ keys[count].key = entry->generated == FALSE ? entry->key : NULL;
+ keys[count].key_len = entry->generated == FALSE ? entry->key_len : 0;
+ count++;
+ }
+
+ if (!silc_idcache_list_next(list, &id_cache))
+ break;
+ }
+
+ if (key_count)
+ *key_count = count;
+
+ return keys;
+}
+
+/* Frees the SilcPrivateMessageKeys array returned by the function
+ silc_client_list_private_message_keys. */
+
+void silc_client_free_private_message_keys(SilcPrivateMessageKeys keys,
+ unsigned int key_count)
+{
+ silc_free(keys);
+}
+
+/* Adds private key for channel. This may be set only if the channel's mode
+ mask includes the SILC_CHANNEL_MODE_PRIVKEY. This returns FALSE if the
+ mode is not set. When channel has private key then the messages are
+ encrypted using that key. All clients on the channel must also know the
+ key in order to decrypt the messages. However, it is possible to have
+ several private keys per one channel. In this case only some of the
+ clients on the channel may now the one key and only some the other key.
+
+ The private key for channel is optional. If it is not set then the
+ channel messages are encrypted using the channel key generated by the
+ server. However, setting the private key (or keys) for the channel
+ significantly adds security. If more than one key is set the library
+ will automatically try all keys at the message decryption phase. Note:
+ setting many keys slows down the decryption phase as all keys has to
+ be tried in order to find the correct decryption key. However, setting
+ a few keys does not have big impact to the decryption performace.
+
+ NOTE: that this is entirely local setting. The key set using this function
+ is not sent to the network at any phase.
+
+ NOTE: If the key material was originated by the SKE protocol (using
+ silc_client_send_key_agreement) then the `key' MUST be the
+ key->send_enc_key as this is dictated by the SILC protocol. However,
+ currently it is not expected that the SKE key material would be used
+ as channel private key. However, this API allows it. */
+
+int silc_client_add_channel_private_key(SilcClient client,
+ SilcClientConnection conn,
+ SilcChannelEntry channel,
+ char *cipher,
+ unsigned char *key,
+ unsigned int key_len)
+{
+
+ return TRUE;
+}
+
+/* Removes all private keys from the `channel'. The old channel key is used
+ after calling this to protect the channel messages. Returns FALSE on
+ on error, TRUE otherwise. */
+
+int silc_client_del_channel_private_keys(SilcClient client,
+ SilcClientConnection conn,
+ SilcChannelEntry channel)
+{
+
+ return TRUE;
+}
+
+/* Removes and frees private key `key' from the channel `channel'. The `key'
+ is retrieved by calling the function silc_client_list_channel_private_keys.
+ The key is not used after this. If the key was last private key then the
+ old channel key is used hereafter to protect the channel messages. This
+ returns FALSE on error, TRUE otherwise. */
+
+int silc_client_del_channel_private_key(SilcClient client,
+ SilcClientConnection conn,
+ SilcChannelEntry channel,
+ SilcChannelPrivateKey key)
+{
+
+ return TRUE;
+}
+
+/* Returns array (pointers) of private keys associated to the `channel'.
+ The caller must free the array by calling the function
+ silc_client_free_channel_private_keys. The pointers in the array may be
+ used to delete the specific key by giving the pointer as argument to the
+ function silc_client_del_channel_private_key. */
+
+SilcChannelPrivateKey *
+silc_client_list_channel_private_keys(SilcClient client,
+ SilcClientConnection conn,
+ SilcChannelEntry channel,
+ unsigned int key_count)
+{
+
+ return NULL;
+}
+
+/* Frees the SilcChannelPrivateKey array. */
+
+void silc_client_free_channel_private_keys(SilcChannelPrivateKey *keys,
+ unsigned int key_count)
+{
+
+}
+
+/* Sends key agreement request to the remote client indicated by the
+ `client_entry'. If the caller provides the `hostname' and the `port'
+ arguments then the library will bind the client to that hostname and
+ that port for the key agreement protocol. It also sends the `hostname'
+ and the `port' in the key agreement packet to the remote client. This
+ would indicate that the remote client may initiate the key agreement
+ protocol to the `hostname' on the `port'.
+
+ If the `hostname' and `port' is not provided then empty key agreement
+ packet is sent to the remote client. The remote client may reply with
+ the same packet including its hostname and port. If the library receives
+ the reply from the remote client the `key_agreement' client operation
+ callback will be called to verify whether the user wants to perform the
+ key agreement or not.
+
+ NOTE: If the application provided the `hostname' and the `port' and the
+ remote side initiates the key agreement protocol it is not verified
+ from the user anymore whether the protocol should be executed or not.
+ By setting the `hostname' and `port' the user gives permission to
+ perform the protocol (we are responder in this case).
+
+ NOTE: If the remote side decides not to initiate the key agreement
+ or decides not to reply with the key agreement packet then we cannot
+ perform the key agreement at all. If the key agreement protocol is
+ performed the `completion' callback with the `context' will be called.
+ If remote side decides to ignore the request the `completion' will never
+ be called and the caller is responsible of freeing the `context' memory.
+ The application can do this by setting, for example, timeout. */
+
+void silc_client_send_key_agreement(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry,
+ char *hostname,
+ int port,
+ SilcKeyAgreementCallback completion,
+ void *context)
+{
+
+}
+
+/* Performs the actual key agreement protocol. Application may use this
+ to initiate the key agreement protocol. This can be called for example
+ after the application has received the `key_agreement' client operation,
+ and did not return TRUE from it.
+
+ The `hostname' is the remote hostname (or IP address) and the `port'
+ is the remote port. The `completion' callblack with the `context' will
+ be called after the key agreement protocol.
+
+ NOTE: If the application returns TRUE in the `key_agreement' client
+ operation the library will automatically start the key agreement. In this
+ case the application must not call this function. However, application
+ may choose to just ignore the `key_agreement' client operation (and
+ merely just print information about it on the screen) and call this
+ function when the user whishes to do so (by, for example, giving some
+ specific command). Thus, the API provides both, automatic and manual
+ initiation of the key agreement. Calling this function is the manual
+ initiation and returning TRUE in the `key_agreement' client operation
+ is the automatic initiation. */
+
+void silc_client_perform_key_agreement(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry,
+ char *hostname,
+ int port,
+ SilcKeyAgreementCallback completion,
+ void *context)
+{
+
+}
+
+/* This function can be called to unbind the hostname and the port for
+ the key agreement protocol. However, this function has effect only
+ before the key agreement protocol has been performed. After it has
+ been performed the library will automatically unbind the port. The
+ `client_entry' is the client to which we sent the key agreement
+ request. */
+
+void silc_client_abort_key_agreement(SilcClient client,
+ SilcClientConnection conn,
+ SilcClientEntry client_entry)
+{
+
+}
projects / silc.git / blobdiff