+Tue Jun 26 19:23:07 EEST 2001 Pekka Riikonen <priikone@silcnet.org>
+
+ * Removed the silc_ske_check_version function and created
+ a SilcSKECheckVersion callback. Added also a function
+ silc_ske_set_callbacks that is now used to set all SKE
+ callbacks. The callback functions are not given to
+ the SKE functions anymore, but this function is used to
+ set the callbacks.
+
Mon Jun 25 21:42:51 EEST 2001 Pekka Riikonen <priikone@silcnet.org>
* Do not add regex.h for WIN32. The affected file
/* Check remote host version string */
SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
- uint32 len)
+ uint32 len, void *context)
{
SilcSKEStatus status = SILC_SKE_STATUS_OK;
char *cp;
/* Send Ok to the other end. We will end the protocol as responder
sends Ok to us when we will take the new keys into use. */
if (ctx->responder == FALSE) {
- silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
+ silc_ske_end(ctx->ske);
/* End the protocol on the next round */
protocol->state = SILC_PROTOCOL_STATE_END;
ctx->ske = ske;
ske->rng = server->rng;
+ silc_ske_set_callbacks(ske, silc_server_protocol_ke_send_packet, NULL,
+ silc_server_protocol_ke_verify_key,
+ silc_server_protocol_ke_continue,
+ silc_ske_check_version, context);
+
if (ctx->responder == TRUE) {
/* Start the key exchange by processing the received security
properties packet from initiator. */
status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
silc_version_string,
- ctx->packet->buffer, FALSE,
- NULL, NULL);
+ ctx->packet->buffer, FALSE);
} else {
SilcSKEStartPayload *start_payload;
/* Start the key exchange by sending our security properties
to the remote end. */
status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
- start_payload,
- silc_server_protocol_ke_send_packet,
- context);
+ start_payload);
}
/* Return now if the procedure is pending. */
*/
if (ctx->responder == TRUE) {
/* Sends the selected security properties to the initiator. */
- status =
- silc_ske_responder_phase_1(ctx->ske,
- ctx->ske->start_payload,
- silc_server_protocol_ke_send_packet,
- context);
+ status = silc_ske_responder_phase_1(ctx->ske,
+ ctx->ske->start_payload);
} else {
/* Call Phase-1 function. This processes the Key Exchange Start
paylaod reply we just got from the responder. The callback
function will receive the processed payload where we will
save it. */
- status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer,
- NULL, NULL);
+ status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer);
}
/* Return now if the procedure is pending. */
the initiator. This also creates our parts of the Diffie
Hellman algorithm. The silc_server_protocol_ke_continue
will be called after the public key has been verified. */
- status =
- silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
- silc_server_protocol_ke_verify_key,
- context,
- silc_server_protocol_ke_continue,
- context);
+ status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
} else {
/* Call the Phase-2 function. This creates Diffie Hellman
key exchange parameters and sends our public part inside
Key Exhange 1 Payload to the responder. */
- status =
- silc_ske_initiator_phase_2(ctx->ske,
- server->public_key,
- server->private_key,
- silc_server_protocol_ke_send_packet,
- context);
+ status = silc_ske_initiator_phase_2(ctx->ske,
+ server->public_key,
+ server->private_key);
protocol->state++;
}
if (ctx->responder == TRUE) {
/* This creates the key exchange material and sends our
public parts to the initiator inside Key Exchange 2 Payload. */
- status =
- silc_ske_responder_finish(ctx->ske,
- server->public_key, server->private_key,
- SILC_SKE_PK_TYPE_SILC,
- silc_server_protocol_ke_send_packet,
- context);
+ status = silc_ske_responder_finish(ctx->ske,
+ server->public_key,
+ server->private_key,
+ SILC_SKE_PK_TYPE_SILC);
/* End the protocol on the next round */
protocol->state = SILC_PROTOCOL_STATE_END;
/* Finish the protocol. This verifies the Key Exchange 2 payload
sent by responder. The silc_server_protocol_ke_continue will
be called after the public key has been verified. */
- status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
- silc_server_protocol_ke_verify_key,
- context,
- silc_server_protocol_ke_continue,
- context);
+ status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
}
/* Return now if the procedure is pending. */
/* Send Ok to the other end if we are responder. If we are initiator
we have sent this already. */
if (ctx->responder == TRUE)
- silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
+ silc_ske_end(ctx->ske);
/* Unregister the timeout task since the protocol has ended.
This was the timeout task to be executed if the protocol is
*/
/* Send abort notification */
- silc_ske_abort(ctx->ske, ctx->ske->status,
- silc_server_protocol_ke_send_packet,
- context);
+ silc_ske_abort(ctx->ske, ctx->ske->status);
/* Unregister the timeout task since the protocol has ended.
This was the timeout task to be executed if the protocol is
silc_ske_get_group_by_number(idata->rekey->ske_group,
&ctx->ske->prop->group);
- status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
- NULL, NULL, NULL, NULL);
+ silc_ske_set_callbacks(ctx->ske,
+ silc_server_protocol_rekey_send_packet,
+ NULL, NULL, NULL, silc_ske_check_version,
+ context);
+
+ status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
if (status != SILC_SKE_STATUS_OK) {
SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
status));
silc_ske_get_group_by_number(idata->rekey->ske_group,
&ctx->ske->prop->group);
- status =
- silc_ske_initiator_phase_2(ctx->ske, NULL, NULL,
- silc_server_protocol_rekey_send_packet,
- context);
-
+ silc_ske_set_callbacks(ctx->ske,
+ silc_server_protocol_rekey_send_packet,
+ NULL, NULL, NULL, silc_ske_check_version,
+ context);
+
+ status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL);
if (status != SILC_SKE_STATUS_OK) {
SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
status));
* Send our KE packe to the initiator now that we've processed
* the initiator's KE packet.
*/
- status =
- silc_ske_responder_finish(ctx->ske, NULL, NULL,
- SILC_SKE_PK_TYPE_SILC,
- silc_server_protocol_rekey_send_packet,
- context);
-
- if (status != SILC_SKE_STATUS_OK) {
- SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
- status));
-
- protocol->state = SILC_PROTOCOL_STATE_ERROR;
- silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
- return;
- }
+ status = silc_ske_responder_finish(ctx->ske, NULL, NULL,
+ SILC_SKE_PK_TYPE_SILC);
+ if (status != SILC_SKE_STATUS_OK) {
+ SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
+ status));
+
+ protocol->state = SILC_PROTOCOL_STATE_ERROR;
+ silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
+ return;
+ }
}
} else {
silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
}
- status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
- NULL, NULL, NULL, NULL);
+ status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
if (status != SILC_SKE_STATUS_OK) {
SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
status));
if (ctx->pfs == TRUE) {
/* Send abort notification */
- silc_ske_abort(ctx->ske, ctx->ske->status,
- silc_server_protocol_ke_send_packet,
- context);
+ silc_ske_abort(ctx->ske, ctx->ske->status);
}
/* On error the final callback is always called. */
/* Checks the version string of the server. */
SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
- uint32 len)
+ uint32 len, void *context)
{
SilcClientConnection conn = (SilcClientConnection)ske->sock->user_data;
SilcClient client = (SilcClient)ske->user_data;
if we are initiator. This is happens when this callback was sent
to silc_ske_initiator_finish function. */
if (ctx->responder == FALSE) {
- silc_ske_end(ctx->ske, ctx->send_packet, context);
+ silc_ske_end(ctx->ske);
/* End the protocol on the next round */
protocol->state = SILC_PROTOCOL_STATE_END;
ctx->ske = ske;
ske->rng = client->rng;
ske->user_data = (void *)client;
+
+ silc_ske_set_callbacks(ske, ctx->send_packet, NULL,
+ ctx->verify,
+ silc_client_protocol_ke_continue,
+ silc_ske_check_version,
+ context);
if (ctx->responder == TRUE) {
/* Start the key exchange by processing the received security
properties packet from initiator. */
status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
silc_version_string,
- ctx->packet->buffer, TRUE,
- NULL, NULL);
+ ctx->packet->buffer, TRUE);
} else {
SilcSKEStartPayload *start_payload;
/* Start the key exchange by sending our security properties
to the remote end. */
status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
- start_payload,
- ctx->send_packet,
- context);
+ start_payload);
}
/* Return now if the procedure is pending */
/* Sends the selected security properties to the initiator. */
status =
silc_ske_responder_phase_1(ctx->ske,
- ctx->ske->start_payload,
- ctx->send_packet,
- context);
+ ctx->ske->start_payload);
} else {
/* Call Phase-1 function. This processes the Key Exchange Start
paylaod reply we just got from the responder. The callback
function will receive the processed payload where we will
save it. */
- status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer,
- NULL, NULL);
+ status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer);
}
if (status != SILC_SKE_STATUS_OK) {
the initiator. This also creates our parts of the Diffie
Hellman algorithm. The silc_client_protocol_ke_continue will
be called after the public key has been verified. */
- status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
- ctx->verify, context,
- silc_client_protocol_ke_continue,
- context);
+ status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
} else {
/* Call the Phase-2 function. This creates Diffie Hellman
key exchange parameters and sends our public part inside
Key Exhange 1 Payload to the responder. */
status = silc_ske_initiator_phase_2(ctx->ske,
client->public_key,
- client->private_key,
- ctx->send_packet,
- context);
+ client->private_key);
protocol->state++;
}
status =
silc_ske_responder_finish(ctx->ske,
client->public_key, client->private_key,
- SILC_SKE_PK_TYPE_SILC,
- ctx->send_packet,
- context);
+ SILC_SKE_PK_TYPE_SILC);
/* End the protocol on the next round */
protocol->state = SILC_PROTOCOL_STATE_END;
/* Finish the protocol. This verifies the Key Exchange 2 payload
sent by responder. The silc_client_protocol_ke_continue will
be called after the public key has been verified. */
- status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
- ctx->verify, context,
- silc_client_protocol_ke_continue,
- context);
+ status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
}
/* Return now if the procedure is pending */
/* Send Ok to the other end if we are responder. If we are initiator
we have sent this already. */
if (ctx->responder == TRUE)
- silc_ske_end(ctx->ske, ctx->send_packet, context);
+ silc_ske_end(ctx->ske);
/* Unregister the timeout task since the protocol has ended.
This was the timeout task to be executed if the protocol is
*/
/* Send abort notification */
- silc_ske_abort(ctx->ske, ctx->ske->status,
- ctx->send_packet, context);
+ silc_ske_abort(ctx->ske, ctx->ske->status);
/* On error the final callback is always called. */
if (protocol->final_callback)
silc_ske_get_group_by_number(conn->rekey->ske_group,
&ctx->ske->prop->group);
- status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
- NULL, NULL, NULL, NULL);
+ silc_ske_set_callbacks(ctx->ske,
+ silc_client_protocol_rekey_send_packet,
+ NULL, NULL, NULL, silc_ske_check_version,
+ context);
+
+ status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
if (status != SILC_SKE_STATUS_OK) {
SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
status));
silc_ske_get_group_by_number(conn->rekey->ske_group,
&ctx->ske->prop->group);
- status =
- silc_ske_initiator_phase_2(ctx->ske, NULL, NULL,
- silc_client_protocol_rekey_send_packet,
- context);
-
+ silc_ske_set_callbacks(ctx->ske,
+ silc_client_protocol_rekey_send_packet,
+ NULL, NULL, NULL, silc_ske_check_version,
+ context);
+
+ status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL);
if (status != SILC_SKE_STATUS_OK) {
SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
status));
* Send our KE packe to the initiator now that we've processed
* the initiator's KE packet.
*/
- status =
- silc_ske_responder_finish(ctx->ske, NULL, NULL,
- SILC_SKE_PK_TYPE_SILC,
- silc_client_protocol_rekey_send_packet,
- context);
+ status = silc_ske_responder_finish(ctx->ske, NULL, NULL,
+ SILC_SKE_PK_TYPE_SILC);
if (status != SILC_SKE_STATUS_OK) {
SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
silc_protocol_execute(protocol, client->timeout_queue, 0, 300000);
}
- status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
- NULL, NULL, NULL, NULL);
+ status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
if (status != SILC_SKE_STATUS_OK) {
SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
status));
if (ctx->pfs == TRUE) {
/* Send abort notification */
- silc_ske_abort(ctx->ske, ctx->ske->status,
- silc_client_protocol_ke_send_packet,
- context);
+ silc_ske_abort(ctx->ske, ctx->ske->status);
}
/* On error the final callback is always called. */
#include "payload_internal.h"
#include "groups_internal.h"
+/* Structure to hold all SKE callbacks-> */
+struct SilcSKECallbacksStruct {
+ SilcSKESendPacketCb send_packet;
+ SilcSKECb payload_receive;
+ SilcSKEVerifyCb verify_key;
+ SilcSKECb proto_continue;
+ SilcSKECheckVersion check_version;
+ void *context;
+};
+
/* Allocates new SKE object. */
SilcSKE silc_ske_alloc()
}
}
+/* Sets the callback functions for the SKE session.
+
+ The `send_packet' callback is a function that sends the packet to
+ network. The SKE library will call it at any time packet needs to
+ be sent to the remote host.
+
+ The `payload_receive' callback is called when the remote host's Key
+ Exchange Start Payload has been processed. The payload is saved
+ to ske->start_payload if the application would need it. The application
+ must also provide the payload to the next state of the SKE.
+
+ The `verify_key' callback is called to verify the received public key
+ or certificate. The verification process is most likely asynchronous.
+ That is why the application must call the completion callback when the
+ verification process has been completed. The library then calls the user
+ callback (`proto_continue'), if it is provided to indicate that the SKE
+ protocol may continue.
+
+ The `proto_continue' callback is called to indicate that it is
+ safe to continue the execution of the SKE protocol after executing
+ an asynchronous operation, such as calling the `verify_key' callback
+ function, which is asynchronous. The application should check the
+ ske->status in this function to check whether it is Ok to continue
+ the execution of the protocol.
+
+ The `check_version' callback is called to verify the remote host's
+ version. The application may check its own version against the remote
+ host's version and determine whether supporting the remote host
+ is possible.
+
+ The `context' is passed as argument to all of the above callback
+ functions. */
+
+void silc_ske_set_callbacks(SilcSKE ske,
+ SilcSKESendPacketCb send_packet,
+ SilcSKECb payload_receive,
+ SilcSKEVerifyCb verify_key,
+ SilcSKECb proto_continue,
+ SilcSKECheckVersion check_version,
+ void *context)
+{
+ if (ske->callbacks)
+ silc_free(ske->callbacks);
+ ske->callbacks = silc_calloc(1, sizeof(*ske->callbacks));
+ ske->callbacks->send_packet = send_packet;
+ ske->callbacks->payload_receive = payload_receive;
+ ske->callbacks->verify_key = verify_key;
+ ske->callbacks->proto_continue = proto_continue;
+ ske->callbacks->check_version = check_version;
+ ske->callbacks->context = context;
+}
+
/* Starts the SILC Key Exchange protocol for initiator. The connection
to the remote end must be established before calling this function
and the connecting socket must be sent as argument. This function
- creates the Key Exchange Start Paload which includes all our
+ creates the Key Exchange Start Payload which includes all our
configured security properties. This payload is then sent to the
remote end for further processing. This payload must be sent as
argument to the function, however, it must not be encoded
SilcSKEStatus silc_ske_initiator_start(SilcSKE ske, SilcRng rng,
SilcSocketConnection sock,
- SilcSKEStartPayload *start_payload,
- SilcSKESendPacketCb send_packet,
- void *context)
+ SilcSKEStartPayload *start_payload)
{
SilcSKEStatus status = SILC_SKE_STATUS_OK;
SilcBuffer payload_buf;
ske->start_payload_copy = silc_buffer_copy(payload_buf);
/* Send the packet. */
- if (send_packet)
- (*send_packet)(ske, payload_buf, SILC_PACKET_KEY_EXCHANGE, context);
+ if (ske->callbacks->send_packet)
+ (*ske->callbacks->send_packet)(ske, payload_buf, SILC_PACKET_KEY_EXCHANGE,
+ ske->callbacks->context);
silc_buffer_free(payload_buf);
sent in the silc_ske_initiator_start function. */
SilcSKEStatus silc_ske_initiator_phase_1(SilcSKE ske,
- SilcBuffer start_payload,
- SilcSKECb callback,
- void *context)
+ SilcBuffer start_payload)
{
SilcSKEStatus status = SILC_SKE_STATUS_OK;
SilcSKEStartPayload *payload;
ske->start_payload = payload;
/* Return the received payload by calling the callback function. */
- if (callback)
- (*callback)(ske, context);
+ if (ske->callbacks->payload_receive)
+ (*ske->callbacks->payload_receive)(ske, ske->callbacks->context);
return status;
SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske,
SilcPublicKey public_key,
- SilcPrivateKey private_key,
- SilcSKESendPacketCb send_packet,
- void *context)
+ SilcPrivateKey private_key)
{
SilcSKEStatus status = SILC_SKE_STATUS_OK;
SilcBuffer payload_buf;
ske->x = x;
/* Send the packet. */
- if (send_packet)
- (*send_packet)(ske, payload_buf, SILC_PACKET_KEY_EXCHANGE_1, context);
+ if (ske->callbacks->send_packet)
+ (*ske->callbacks->send_packet)(ske, payload_buf,
+ SILC_PACKET_KEY_EXCHANGE_1,
+ ske->callbacks->context);
silc_buffer_free(payload_buf);
/* An initiator finish final callback that is called to indicate that
the SKE protocol may continue. */
-typedef struct {
- SilcSKECb callback;
- void *context;
-} *SKEInitiatorFinish;
-
static void silc_ske_initiator_finish_final(SilcSKE ske,
SilcSKEStatus status,
void *context)
{
- SKEInitiatorFinish finish = (SKEInitiatorFinish)context;
SilcSKEKEPayload *payload;
unsigned char hash[32];
uint32 hash_len;
by the caller is not authentic. */
if (status != SILC_SKE_STATUS_OK) {
ske->status = status;
- if (finish->callback)
- finish->callback(ske, finish->context);
- silc_free(finish);
+ if (ske->callbacks->proto_continue)
+ ske->callbacks->proto_continue(ske, ske->callbacks->context);
return;
}
if (!silc_pkcs_public_key_decode(payload->pk_data, payload->pk_len,
&public_key)) {
status = SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY;
- if (finish->callback)
- finish->callback(ske, finish->context);
- silc_free(finish);
+ if (ske->callbacks->proto_continue)
+ ske->callbacks->proto_continue(ske, ske->callbacks->context);
return;
}
ske->status = SILC_SKE_STATUS_OK;
/* Call the callback. The caller may now continue the SKE protocol. */
- if (finish->callback)
- finish->callback(ske, finish->context);
+ if (ske->callbacks->proto_continue)
+ ske->callbacks->proto_continue(ske, ske->callbacks->context);
- silc_free(finish);
return;
err:
ske->status = status;
/* Call the callback. */
- if (finish->callback)
- finish->callback(ske, finish->context);
- silc_free(finish);
+ if (ske->callbacks->proto_continue)
+ ske->callbacks->proto_continue(ske, ske->callbacks->context);
}
/* Receives Key Exchange Payload from responder consisting responders
required for the remote to send its public key. */
SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske,
- SilcBuffer ke_payload,
- SilcSKEVerifyCb verify_key,
- void *verify_context,
- SilcSKECb callback,
- void *context)
+ SilcBuffer ke_payload)
{
SilcSKEStatus status = SILC_SKE_STATUS_OK;
SilcSKEKEPayload *payload;
SilcMPInt *KEY;
- SKEInitiatorFinish finish;
SILC_LOG_DEBUG(("Start"));
}
ske->ke2_payload = payload;
- if (!payload->pk_data && verify_key) {
+ if (!payload->pk_data && ske->callbacks->verify_key) {
SILC_LOG_DEBUG(("Remote end did not send its public key (or certificate), "
"even though we require it"));
ske->status = SILC_SKE_STATUS_PUBLIC_KEY_NOT_PROVIDED;
silc_mp_pow_mod(KEY, &payload->x, ske->x, &ske->prop->group->group);
ske->KEY = KEY;
- finish = silc_calloc(1, sizeof(*finish));
- finish->callback = callback;
- finish->context = context;
-
- if (payload->pk_data && verify_key) {
+ if (payload->pk_data && ske->callbacks->verify_key) {
SILC_LOG_DEBUG(("Verifying public key"));
ske->users++;
- (*verify_key)(ske, payload->pk_data, payload->pk_len,
- payload->pk_type, verify_context,
- silc_ske_initiator_finish_final, finish);
+ (*ske->callbacks->verify_key)(ske, payload->pk_data, payload->pk_len,
+ payload->pk_type, ske->callbacks->context,
+ silc_ske_initiator_finish_final, NULL);
/* We will continue to the final state after the public key has
been verified by the caller. */
}
/* Continue to final state */
- silc_ske_initiator_finish_final(ske, SILC_SKE_STATUS_OK, finish);
+ silc_ske_initiator_finish_final(ske, SILC_SKE_STATUS_OK, NULL);
return SILC_SKE_STATUS_OK;
SilcSocketConnection sock,
char *version,
SilcBuffer start_payload,
- int mutual_auth,
- SilcSKECb callback,
- void *context)
+ bool mutual_auth)
{
SilcSKEStatus status = SILC_SKE_STATUS_OK;
SilcSKEStartPayload *remote_payload = NULL, *payload = NULL;
ske->start_payload = payload;
/* Call the callback function. */
- if (callback)
- (*callback)(ske, context);
+ if (ske->callbacks->payload_receive)
+ (*ske->callbacks->payload_receive)(ske, ske->callbacks->context);
return status;
encoded into Key Exchange Start Payload and sent to the initiator. */
SilcSKEStatus silc_ske_responder_phase_1(SilcSKE ske,
- SilcSKEStartPayload *start_payload,
- SilcSKESendPacketCb send_packet,
- void *context)
+ SilcSKEStartPayload *start_payload)
{
SilcSKEStatus status = SILC_SKE_STATUS_OK;
SilcBuffer payload_buf;
goto err;
/* Send the packet. */
- if (send_packet)
- (*send_packet)(ske, payload_buf, SILC_PACKET_KEY_EXCHANGE, context);
+ if (ske->callbacks->send_packet)
+ (*ske->callbacks->send_packet)(ske, payload_buf, SILC_PACKET_KEY_EXCHANGE,
+ ske->callbacks->context);
silc_buffer_free(payload_buf);
/* An responder phase 2 final callback that is called to indicate that
the SKE protocol may continue. */
-typedef struct {
- SilcSKECb callback;
- void *context;
-} *SKEResponderPhaseII;
-
static void silc_ske_responder_phase2_final(SilcSKE ske,
SilcSKEStatus status,
void *context)
{
- SKEResponderPhaseII finish = (SKEResponderPhaseII)context;
SilcSKEKEPayload *recv_payload, *send_payload;
SilcMPInt *x, f;
by the caller is not authentic. */
if (status != SILC_SKE_STATUS_OK) {
ske->status = status;
- if (finish->callback)
- finish->callback(ske, finish->context);
- silc_free(finish);
+ if (ske->callbacks->proto_continue)
+ ske->callbacks->proto_continue(ske, ske->callbacks->context);
return;
}
recv_payload->pk_len,
&public_key)) {
ske->status = SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY;
- if (finish->callback)
- finish->callback(ske, finish->context);
- silc_free(finish);
+ if (ske->callbacks->proto_continue)
+ ske->callbacks->proto_continue(ske, ske->callbacks->context);
return;
}
status = silc_ske_make_hash(ske, hash, &hash_len, TRUE);
if (status != SILC_SKE_STATUS_OK) {
ske->status = status;
- if (finish->callback)
- finish->callback(ske, finish->context);
- silc_free(finish);
+ if (ske->callbacks->proto_continue)
+ ske->callbacks->proto_continue(ske, ske->callbacks->context);
return;
}
SILC_LOG_DEBUG(("Signature don't match"));
ske->status = SILC_SKE_STATUS_INCORRECT_SIGNATURE;
- if (finish->callback)
- finish->callback(ske, finish->context);
- silc_free(finish);
+ if (ske->callbacks->proto_continue)
+ ske->callbacks->proto_continue(ske, ske->callbacks->context);
return;
}
silc_mp_uninit(x);
silc_free(x);
ske->status = status;
- if (finish->callback)
- finish->callback(ske, finish->context);
- silc_free(finish);
+ if (ske->callbacks->proto_continue)
+ ske->callbacks->proto_continue(ske, ske->callbacks->context);
return;
}
/* Call the callback. The caller may now continue with the SKE protocol. */
ske->status = SILC_SKE_STATUS_OK;
- if (finish->callback)
- finish->callback(ske, finish->context);
- silc_free(finish);
+ if (ske->callbacks->proto_continue)
+ ske->callbacks->proto_continue(ske, ske->callbacks->context);
}
/* This function receives the Key Exchange Payload from the initiator.
is considered to be an error if remote does not send its public key. */
SilcSKEStatus silc_ske_responder_phase_2(SilcSKE ske,
- SilcBuffer ke_payload,
- SilcSKEVerifyCb verify_key,
- void *verify_context,
- SilcSKECb callback,
- void *context)
+ SilcBuffer ke_payload)
{
SilcSKEStatus status = SILC_SKE_STATUS_OK;
SilcSKEKEPayload *recv_payload;
- SKEResponderPhaseII finish;
SILC_LOG_DEBUG(("Start"));
ske->ke1_payload = recv_payload;
- finish = silc_calloc(1, sizeof(*finish));
- finish->callback = callback;
- finish->context = context;
-
/* Verify the received public key and verify the signature if we are
doing mutual authentication. */
if (ske->start_payload &&
SILC_LOG_DEBUG(("We are doing mutual authentication"));
- if (!recv_payload->pk_data && verify_key) {
+ if (!recv_payload->pk_data && ske->callbacks->verify_key) {
SILC_LOG_DEBUG(("Remote end did not send its public key (or "
"certificate), even though we require it"));
ske->status = SILC_SKE_STATUS_PUBLIC_KEY_NOT_PROVIDED;
return status;
}
- if (recv_payload->pk_data && verify_key) {
+ if (recv_payload->pk_data && ske->callbacks->verify_key) {
SILC_LOG_DEBUG(("Verifying public key"));
ske->users++;
- (*verify_key)(ske, recv_payload->pk_data, recv_payload->pk_len,
- recv_payload->pk_type, verify_context,
- silc_ske_responder_phase2_final, finish);
+ (*ske->callbacks->verify_key)(ske, recv_payload->pk_data,
+ recv_payload->pk_len,
+ recv_payload->pk_type,
+ ske->callbacks->context,
+ silc_ske_responder_phase2_final, NULL);
/* We will continue to the final state after the public key has
been verified by the caller. */
}
/* Continue to final state */
- silc_ske_responder_phase2_final(ske, SILC_SKE_STATUS_OK, finish);
+ silc_ske_responder_phase2_final(ske, SILC_SKE_STATUS_OK, NULL);
return SILC_SKE_STATUS_OK;
}
SilcSKEStatus silc_ske_responder_finish(SilcSKE ske,
SilcPublicKey public_key,
SilcPrivateKey private_key,
- SilcSKEPKType pk_type,
- SilcSKESendPacketCb send_packet,
- void *context)
+ SilcSKEPKType pk_type)
{
SilcSKEStatus status = SILC_SKE_STATUS_OK;
SilcBuffer payload_buf;
goto err;
/* Send the packet. */
- if (send_packet)
- (*send_packet)(ske, payload_buf, SILC_PACKET_KEY_EXCHANGE_2, context);
+ if (ske->callbacks->send_packet)
+ (*ske->callbacks->send_packet)(ske, payload_buf, SILC_PACKET_KEY_EXCHANGE_2,
+ ske->callbacks->context);
silc_buffer_free(payload_buf);
must not be called until the keys are processed like the protocol
defines. This function is for both initiator and responder. */
-SilcSKEStatus silc_ske_end(SilcSKE ske,
- SilcSKESendPacketCb send_packet,
- void *context)
+SilcSKEStatus silc_ske_end(SilcSKE ske)
{
SilcBuffer packet;
SILC_STR_UI_INT((uint32)SILC_SKE_STATUS_OK),
SILC_STR_END);
- if (send_packet)
- (*send_packet)(ske, packet, SILC_PACKET_SUCCESS, context);
+ if (ske->callbacks->send_packet)
+ (*ske->callbacks->send_packet)(ske, packet, SILC_PACKET_SUCCESS,
+ ske->callbacks->context);
silc_buffer_free(packet);
while performing the protocol. The status argument is the error
status and it is sent to the remote end. */
-SilcSKEStatus silc_ske_abort(SilcSKE ske, SilcSKEStatus status,
- SilcSKESendPacketCb send_packet,
- void *context)
+SilcSKEStatus silc_ske_abort(SilcSKE ske, SilcSKEStatus status)
{
SilcBuffer packet;
SILC_STR_UI_INT((uint32)status),
SILC_STR_END);
- if (send_packet)
- (*send_packet)(ske, packet, SILC_PACKET_FAILURE, context);
+ if (ske->callbacks->send_packet)
+ (*ske->callbacks->send_packet)(ske, packet, SILC_PACKET_FAILURE,
+ ske->callbacks->context);
silc_buffer_free(packet);
rp = remote_payload;
/* Check version string */
- status = silc_ske_check_version(ske, rp->version, rp->version_len);
- if (status != SILC_SKE_STATUS_OK) {
- ske->status = status;
- return status;
+ if (ske->callbacks->check_version) {
+ status = ske->callbacks->check_version(ske, rp->version,
+ rp->version_len,
+ ske->callbacks->context);
+ if (status != SILC_SKE_STATUS_OK) {
+ ske->status = status;
+ return status;
+ }
}
/* Flags are returned unchanged. */
/* Forward declaration for security properties. */
typedef struct SilcSKESecurityPropertiesStruct *SilcSKESecurityProperties;
+/* Forward declaration for SKE callbacks structure. */
+typedef struct SilcSKECallbacksStruct *SilcSKECallbacks;
+
/* Supported Public Key Types, defined by the protocol */
typedef enum {
SILC_SKE_PK_TYPE_SILC = 1, /* Mandatory type */
} SilcSKEPKType;
/* Packet sending callback. Caller of the SKE routines must provide
- a routine to send packets to negotiation parties. */
+ a routine to send packets to negotiation parties. See the
+ silc_ske_set_callbacks for more information. */
typedef void (*SilcSKESendPacketCb)(SilcSKE ske, SilcBuffer packet,
SilcPacketType type, void *context);
callers routine might need (payloads etc). This is usually called
to indicate that the application may continue the execution of the
SKE protocol. The application should check the ske->status in this
- callback function. */
+ callback function. This callback is also called when Start Payload
+ is processed. See silc_ske_set_callbacks function for more information. */
typedef void (*SilcSKECb)(SilcSKE ske, void *context);
/* Completion callback that will be called when the public key
key were trusted or not. If the `status' is PENDING then the status
is not considered to be available at this moment. In this case the
SKE libary will assume that the caller will call this callback again
- when the status is available. */
+ when the status is available. See silc_ske_set_callbacks for more
+ information. */
typedef void (*SilcSKEVerifyCbCompletion)(SilcSKE ske,
SilcSKEStatus status,
void *context);
application must call the `completion' callback when the verification
process has been completed. The library then calls the user callback
(SilcSKECb), if it was provided for the function that takes this callback
- function as argument, to indicate that the SKE protocol may continue. */
+ function as argument, to indicate that the SKE protocol may continue.
+ See silc_ske_set_callbacks for more information. */
typedef void (*SilcSKEVerifyCb)(SilcSKE ske,
unsigned char *pk_data,
uint32 pk_len,
SilcSKEVerifyCbCompletion completion,
void *completion_context);
+/* Callback function used to check the version of the remote SKE server.
+ The SKE library will call this function so that the appliation may
+ check its version against the remote host's version. This returns
+ SILC_SKE_STATUS_OK if the version string is Ok, and returns
+ SILC_SKE_STATUS_BAD_VERSION if the version was not acceptable. */
+typedef SilcSKEStatus (*SilcSKECheckVersion)(SilcSKE ske,
+ unsigned char *version,
+ uint32 len, void *context);
+
/* Context passed to key material processing function. The function
returns the processed key material into this structure. */
typedef struct {
/* Reference counter. This is used when SKE library is performing async
operations, like public key verification. */
int users;
+
+ /* SKE callbacks. */
+ SilcSKECallbacks callbacks;
};
/* Prototypes */
SilcSKE silc_ske_alloc();
void silc_ske_free(SilcSKE ske);
+void silc_ske_set_callbacks(SilcSKE ske,
+ SilcSKESendPacketCb send_packet,
+ SilcSKECb payload_receive,
+ SilcSKEVerifyCb verify_key,
+ SilcSKECb proto_continue,
+ SilcSKECheckVersion check_version,
+ void *context);
SilcSKEStatus silc_ske_initiator_start(SilcSKE ske, SilcRng rng,
SilcSocketConnection sock,
- SilcSKEStartPayload *start_payload,
- SilcSKESendPacketCb send_packet,
- void *context);
+ SilcSKEStartPayload *start_payload);
SilcSKEStatus silc_ske_initiator_phase_1(SilcSKE ske,
- SilcBuffer start_payload,
- SilcSKECb callback,
- void *context);
+ SilcBuffer start_payload);
SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske,
SilcPublicKey public_key,
- SilcPrivateKey private_key,
- SilcSKESendPacketCb send_packet,
- void *context);
+ SilcPrivateKey private_key);
SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske,
- SilcBuffer ke_payload,
- SilcSKEVerifyCb verify_key,
- void *verify_context,
- SilcSKECb callback,
- void *context);
+ SilcBuffer ke_payload);
SilcSKEStatus silc_ske_responder_start(SilcSKE ske, SilcRng rng,
SilcSocketConnection sock,
char *version,
SilcBuffer start_payload,
- int mutual_auth,
- SilcSKECb callback,
- void *context);
+ bool mutual_auth);
SilcSKEStatus silc_ske_responder_phase_1(SilcSKE ske,
- SilcSKEStartPayload *start_payload,
- SilcSKESendPacketCb send_packet,
- void *context);
+ SilcSKEStartPayload *start_payload);
SilcSKEStatus silc_ske_responder_phase_2(SilcSKE ske,
- SilcBuffer ke_payload,
- SilcSKEVerifyCb verify_key,
- void *verify_context,
- SilcSKECb callback,
- void *context);
+ SilcBuffer ke_payload);
SilcSKEStatus silc_ske_responder_finish(SilcSKE ske,
SilcPublicKey public_key,
SilcPrivateKey private_key,
- SilcSKEPKType pk_type,
- SilcSKESendPacketCb send_packet,
- void *context);
-SilcSKEStatus silc_ske_end(SilcSKE ske,
- SilcSKESendPacketCb send_packet,
- void *context);
-SilcSKEStatus silc_ske_abort(SilcSKE ske, SilcSKEStatus status,
- SilcSKESendPacketCb send_packet,
- void *context);
+ SilcSKEPKType pk_type);
+SilcSKEStatus silc_ske_end(SilcSKE ske);
+SilcSKEStatus silc_ske_abort(SilcSKE ske, SilcSKEStatus status);
SilcSKEStatus
silc_ske_assemble_security_properties(SilcSKE ske,
unsigned char flags,
uint32 req_enc_key_len,
uint32 req_hmac_key_len,
SilcSKEKeyMaterial *key);
-SilcSKEStatus silc_ske_check_version(SilcSKE ske,
- unsigned char *version,
- uint32 version_len);
void silc_ske_free_key_material(SilcSKEKeyMaterial *key);
#endif
projects / silc.git / commitdiff