5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2002 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
39 silc_verify_public_key_internal(SilcServer server, SilcSocketConnection sock,
40 SilcSocketType conn_type,
41 unsigned char *pk, SilcUInt32 pk_len,
42 SilcSKEPKType pk_type)
44 char file[256], filename[256], *fingerprint;
47 if (pk_type != SILC_SKE_PK_TYPE_SILC) {
48 SILC_LOG_WARNING(("We don't support %s (%s) port %d public key type %d",
49 sock->hostname, sock->ip, sock->port, pk_type));
53 /* Accept client keys without verification */
54 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
55 SILC_LOG_DEBUG(("Accepting client public key without verification"));
59 /* XXX For now, accept server keys without verification too. We are
60 currently always doing mutual authentication so the proof of posession
61 of the private key is verified, and if server is authenticated in
62 conn auth protocol with public key we MUST have the key already. */
64 /* Rest is unreachable code! */
66 memset(filename, 0, sizeof(filename));
67 memset(file, 0, sizeof(file));
68 snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", sock->hostname,
70 snprintf(filename, sizeof(filename) - 1, SILC_ETCDIR "/serverkeys/%s",
73 /* Create serverkeys directory if it doesn't exist. */
74 if (stat(SILC_ETCDIR "/serverkeys", &st) < 0) {
75 /* If dir doesn't exist */
76 if (errno == ENOENT) {
77 if (mkdir(SILC_ETCDIR "/serverkeys", 0755) < 0) {
78 SILC_LOG_ERROR(("Couldn't create `%s' directory\n",
79 SILC_ETCDIR "/serverkeys"));
83 SILC_LOG_ERROR(("%s\n", strerror(errno)));
88 /* Take fingerprint of the public key */
89 fingerprint = silc_hash_fingerprint(NULL, pk, pk_len);
90 SILC_LOG_DEBUG(("Received server %s (%s) port %d public key (%s)",
91 sock->hostname, sock->ip, sock->port, fingerprint));
92 silc_free(fingerprint);
94 /* Check whether this key already exists */
95 if (stat(filename, &st) < 0) {
96 /* We don't have it, then cache it. */
97 SILC_LOG_DEBUG(("New public key from server"));
99 silc_pkcs_save_public_key_data(filename, pk, pk_len,
103 /* The key already exists, verify it. */
104 SilcPublicKey public_key;
105 unsigned char *encpk;
106 SilcUInt32 encpk_len;
108 SILC_LOG_DEBUG(("We have the public key saved locally"));
110 /* Load the key file */
111 if (!silc_pkcs_load_public_key(filename, &public_key,
113 if (!silc_pkcs_load_public_key(filename, &public_key,
114 SILC_PKCS_FILE_BIN)) {
115 SILC_LOG_WARNING(("Could not load local copy of the %s (%s) port %d "
116 "server public key", sock->hostname, sock->ip,
119 /* Save the key for future checking */
121 silc_pkcs_save_public_key_data(filename, pk, pk_len,
126 /* Encode the key data */
127 encpk = silc_pkcs_public_key_encode(public_key, &encpk_len);
129 SILC_LOG_WARNING(("Local copy of the server %s (%s) port %d public key "
130 "is malformed", sock->hostname, sock->ip, sock->port));
132 /* Save the key for future checking */
134 silc_pkcs_save_public_key_data(filename, pk, pk_len, SILC_PKCS_FILE_PEM);
138 if (memcmp(pk, encpk, encpk_len)) {
139 SILC_LOG_WARNING(("%s (%s) port %d server public key does not match "
140 "with local copy", sock->hostname, sock->ip,
142 SILC_LOG_WARNING(("It is possible that the key has expired or changed"));
143 SILC_LOG_WARNING(("It is also possible that some one is performing "
144 "man-in-the-middle attack"));
145 SILC_LOG_WARNING(("Will not accept the server %s (%s) port %d public "
147 sock->hostname, sock->ip, sock->port));
151 /* Local copy matched */
156 /* Callback that is called when we have received KE2 payload from
157 responder. We try to verify the public key now. */
160 silc_server_protocol_ke_verify_key(SilcSKE ske,
161 unsigned char *pk_data,
163 SilcSKEPKType pk_type,
165 SilcSKEVerifyCbCompletion completion,
166 void *completion_context)
168 SilcProtocol protocol = (SilcProtocol)context;
169 SilcServerKEInternalContext *ctx =
170 (SilcServerKEInternalContext *)protocol->context;
171 SilcServer server = (SilcServer)ctx->server;
173 SILC_LOG_DEBUG(("Start"));
175 if (silc_verify_public_key_internal(server, ctx->sock,
176 (ctx->responder == FALSE ?
177 SILC_SOCKET_TYPE_ROUTER:
178 ctx->sconfig.ref_ptr ? SILC_SOCKET_TYPE_SERVER :
179 ctx->rconfig.ref_ptr ? SILC_SOCKET_TYPE_ROUTER :
180 SILC_SOCKET_TYPE_CLIENT),
181 pk_data, pk_len, pk_type))
182 completion(ske, SILC_SKE_STATUS_OK, completion_context);
184 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
188 /* Packet sending callback. This function is provided as packet sending
189 routine to the Key Exchange functions. */
191 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
196 SilcProtocol protocol = (SilcProtocol)context;
197 SilcServerKEInternalContext *ctx =
198 (SilcServerKEInternalContext *)protocol->context;
199 SilcServer server = (SilcServer)ctx->server;
201 /* Send the packet immediately */
202 silc_server_packet_send(server, ske->sock,
203 type, 0, packet->data, packet->len, TRUE);
206 /* Sets the negotiated key material into use for particular connection. */
208 int silc_server_protocol_ke_set_keys(SilcServer server,
210 SilcSocketConnection sock,
211 SilcSKEKeyMaterial *keymat,
216 SilcSKEDiffieHellmanGroup group,
219 SilcUnknownEntry conn_data;
220 SilcIDListData idata;
222 SILC_LOG_DEBUG(("Setting new key into use"));
224 conn_data = silc_calloc(1, sizeof(*conn_data));
225 idata = (SilcIDListData)conn_data;
227 /* Allocate cipher to be used in the communication */
228 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
229 silc_free(conn_data);
230 SILC_LOG_ERROR(("Cannot allocate algorithm: %s", cipher->cipher->name));
233 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
234 silc_free(conn_data);
235 SILC_LOG_ERROR(("Cannot allocate algorithm: %s", cipher->cipher->name));
239 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
240 &idata->hmac_send)) {
241 silc_cipher_free(idata->send_key);
242 silc_cipher_free(idata->receive_key);
243 silc_free(conn_data);
244 SILC_LOG_ERROR(("Cannot allocate algorithm: %s",
245 silc_hmac_get_name(hmac)));
249 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
250 &idata->hmac_receive)) {
251 silc_cipher_free(idata->send_key);
252 silc_cipher_free(idata->receive_key);
253 silc_hmac_free(idata->hmac_send);
254 silc_free(conn_data);
255 SILC_LOG_ERROR(("Cannot allocate algorithm: %s",
256 silc_hmac_get_name(hmac)));
260 if (is_responder == TRUE) {
261 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
262 keymat->enc_key_len);
263 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
264 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
265 keymat->enc_key_len);
266 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
267 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
268 keymat->hmac_key_len);
269 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
270 keymat->hmac_key_len);
272 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
273 keymat->enc_key_len);
274 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
275 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
276 keymat->enc_key_len);
277 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
278 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
279 keymat->hmac_key_len);
280 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
281 keymat->hmac_key_len);
284 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
285 idata->rekey->send_enc_key = silc_memdup(keymat->send_enc_key,
286 keymat->enc_key_len / 8);
287 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
289 if (ske->prop->flags & SILC_SKE_SP_FLAG_PFS)
290 idata->rekey->pfs = TRUE;
291 idata->rekey->ske_group = silc_ske_group_get_number(group);
294 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
295 silc_cipher_free(idata->send_key);
296 silc_cipher_free(idata->receive_key);
297 silc_hmac_free(idata->hmac_send);
298 silc_hmac_free(idata->hmac_receive);
299 silc_free(conn_data);
300 SILC_LOG_ERROR(("Cannot allocate algorithm: %s", hash->hash->name));
304 /* Save the remote host's public key */
305 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
306 ske->ke1_payload->pk_len, &idata->public_key);
307 if (ske->prop->flags & SILC_SKE_SP_FLAG_MUTUAL)
308 silc_hash_make(server->sha1hash, ske->ke1_payload->pk_data,
309 ske->ke1_payload->pk_len, idata->fingerprint);
311 sock->user_data = (void *)conn_data;
313 SILC_LOG_INFO(("%s (%s) security properties: %s %s %s %s",
314 sock->hostname, sock->ip,
315 idata->send_key->cipher->name,
316 (char *)silc_hmac_get_name(idata->hmac_send),
317 idata->hash->hash->name,
318 ske->prop->flags & SILC_SKE_SP_FLAG_PFS ? "PFS" : ""));
323 /* Check remote host version string */
325 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
326 SilcUInt32 len, void *context)
328 SilcUInt32 l_protocol_version = 0, r_protocol_version = 0;
330 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
331 ske->sock->ip, version));
333 if (!silc_parse_version_string(version, &r_protocol_version, NULL, NULL,
335 SILC_LOG_ERROR(("%s (%s) %s is not allowed/supported version",
336 ske->sock->hostname, ske->sock->ip, version));
337 return SILC_SKE_STATUS_BAD_VERSION;
340 if (!silc_parse_version_string(silc_version_string,
341 &l_protocol_version, NULL, NULL,
343 SILC_LOG_ERROR(("%s (%s) %s is not allowed/supported version",
344 ske->sock->hostname, ske->sock->ip, version));
345 return SILC_SKE_STATUS_BAD_VERSION;
348 /* If remote is too new, don't connect */
349 if (l_protocol_version < r_protocol_version) {
350 SILC_LOG_ERROR(("%s (%s) %s is not allowed/supported version",
351 ske->sock->hostname, ske->sock->ip, version));
352 return SILC_SKE_STATUS_BAD_VERSION;
355 ske->sock->version = r_protocol_version;
357 return SILC_SKE_STATUS_OK;
360 /* Callback that is called by the SKE to indicate that it is safe to
361 continue the execution of the protocol. This is used only if we are
362 initiator. Is given as argument to the silc_ske_initiator_finish or
363 silc_ske_responder_phase_2 functions. This is called due to the fact
364 that the public key verification process is asynchronous and we must
365 not continue the protocl until the public key has been verified and
366 this callback is called. */
368 static void silc_server_protocol_ke_continue(SilcSKE ske, void *context)
370 SilcProtocol protocol = (SilcProtocol)context;
371 SilcServerKEInternalContext *ctx =
372 (SilcServerKEInternalContext *)protocol->context;
373 SilcServer server = (SilcServer)ctx->server;
375 SILC_LOG_DEBUG(("Start"));
377 if (ske->status != SILC_SKE_STATUS_OK) {
378 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
379 silc_ske_map_status(ske->status)));
381 protocol->state = SILC_PROTOCOL_STATE_ERROR;
382 silc_protocol_execute(protocol, server->schedule, 0, 300000);
386 /* Send Ok to the other end. We will end the protocol as responder
387 sends Ok to us when we will take the new keys into use. */
388 if (ctx->responder == FALSE) {
389 silc_ske_end(ctx->ske);
391 /* End the protocol on the next round */
392 protocol->state = SILC_PROTOCOL_STATE_END;
395 /* Advance protocol state and call the next state if we are responder.
396 This happens when this callback was sent to silc_ske_responder_phase_2
398 if (ctx->responder == TRUE) {
400 silc_protocol_execute(protocol, server->schedule, 0, 100000);
404 /* Performs key exchange protocol. This is used for both initiator
405 and responder key exchange. This is performed always when accepting
406 new connection to the server. This may be called recursively. */
408 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
410 SilcProtocol protocol = (SilcProtocol)context;
411 SilcServerKEInternalContext *ctx =
412 (SilcServerKEInternalContext *)protocol->context;
413 SilcServer server = (SilcServer)ctx->server;
414 SilcSKEStatus status = SILC_SKE_STATUS_OK;
416 SILC_LOG_DEBUG(("Start"));
418 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
419 protocol->state = SILC_PROTOCOL_STATE_START;
421 SILC_LOG_DEBUG(("State=%d", protocol->state));
423 switch(protocol->state) {
424 case SILC_PROTOCOL_STATE_START:
431 /* Allocate Key Exchange object */
432 ctx->ske = ske = silc_ske_alloc(server->rng, server);
434 silc_ske_set_callbacks(ske, silc_server_protocol_ke_send_packet, NULL,
435 silc_server_protocol_ke_verify_key,
436 silc_server_protocol_ke_continue,
437 silc_ske_check_version, context);
439 if (ctx->responder == TRUE) {
440 /* Start the key exchange by processing the received security
441 properties packet from initiator. */
442 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
444 ctx->packet->buffer, ctx->flags);
446 SilcSKEStartPayload *start_payload;
448 /* Assemble security properties. */
449 silc_ske_assemble_security_properties(ske, ctx->flags,
453 /* Start the key exchange by sending our security properties
454 to the remote end. */
455 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
459 /* Return now if the procedure is pending. */
460 if (status == SILC_SKE_STATUS_PENDING)
463 if (status != SILC_SKE_STATUS_OK) {
464 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
465 silc_ske_map_status(status)));
467 protocol->state = SILC_PROTOCOL_STATE_ERROR;
468 silc_protocol_execute(protocol, server->schedule, 0, 300000);
472 /* Advance protocol state and call the next state if we are responder */
474 if (ctx->responder == TRUE)
475 silc_protocol_execute(protocol, server->schedule, 0, 100000);
483 if (ctx->responder == TRUE) {
484 /* Sends the selected security properties to the initiator. */
485 status = silc_ske_responder_phase_1(ctx->ske);
487 /* Call Phase-1 function. This processes the Key Exchange Start
488 paylaod reply we just got from the responder. The callback
489 function will receive the processed payload where we will
491 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer);
494 /* Return now if the procedure is pending. */
495 if (status == SILC_SKE_STATUS_PENDING)
498 if (status != SILC_SKE_STATUS_OK) {
499 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
500 silc_ske_map_status(status)));
502 protocol->state = SILC_PROTOCOL_STATE_ERROR;
503 silc_protocol_execute(protocol, server->schedule, 0, 300000);
507 /* Advance protocol state and call next state if we are initiator */
509 if (ctx->responder == FALSE)
510 silc_protocol_execute(protocol, server->schedule, 0, 100000);
518 if (ctx->responder == TRUE) {
519 /* Process the received Key Exchange 1 Payload packet from
520 the initiator. This also creates our parts of the Diffie
521 Hellman algorithm. The silc_server_protocol_ke_continue
522 will be called after the public key has been verified. */
523 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
525 /* Call the Phase-2 function. This creates Diffie Hellman
526 key exchange parameters and sends our public part inside
527 Key Exhange 1 Payload to the responder. */
528 status = silc_ske_initiator_phase_2(ctx->ske,
531 SILC_SKE_PK_TYPE_SILC);
535 /* Return now if the procedure is pending. */
536 if (status == SILC_SKE_STATUS_PENDING)
539 if (status != SILC_SKE_STATUS_OK) {
540 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
541 silc_ske_map_status(status)));
543 protocol->state = SILC_PROTOCOL_STATE_ERROR;
544 silc_protocol_execute(protocol, server->schedule, 0, 300000);
554 if (ctx->responder == TRUE) {
555 /* This creates the key exchange material and sends our
556 public parts to the initiator inside Key Exchange 2 Payload. */
557 status = silc_ske_responder_finish(ctx->ske,
560 SILC_SKE_PK_TYPE_SILC);
562 /* End the protocol on the next round */
563 protocol->state = SILC_PROTOCOL_STATE_END;
565 /* Finish the protocol. This verifies the Key Exchange 2 payload
566 sent by responder. The silc_server_protocol_ke_continue will
567 be called after the public key has been verified. */
568 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
571 /* Return now if the procedure is pending. */
572 if (status == SILC_SKE_STATUS_PENDING)
575 if (status != SILC_SKE_STATUS_OK) {
576 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
577 silc_ske_map_status(status)));
579 protocol->state = SILC_PROTOCOL_STATE_ERROR;
580 silc_protocol_execute(protocol, server->schedule, 0, 300000);
586 case SILC_PROTOCOL_STATE_END:
591 SilcSKEKeyMaterial *keymat;
592 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
593 int hash_len = ctx->ske->prop->hash->hash->hash_len;
595 /* Process the key material */
596 keymat = silc_calloc(1, sizeof(*keymat));
597 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
599 if (status != SILC_SKE_STATUS_OK) {
600 SILC_LOG_ERROR(("Error during Key Exchange protocol: "
601 "could not process key material"));
603 protocol->state = SILC_PROTOCOL_STATE_ERROR;
604 silc_protocol_execute(protocol, server->schedule, 0, 300000);
605 silc_ske_free_key_material(keymat);
608 ctx->keymat = keymat;
610 /* Send Ok to the other end if we are responder. If we are initiator
611 we have sent this already. */
612 if (ctx->responder == TRUE)
613 silc_ske_end(ctx->ske);
615 /* Unregister the timeout task since the protocol has ended.
616 This was the timeout task to be executed if the protocol is
617 not completed fast enough. */
618 if (ctx->timeout_task)
619 silc_schedule_task_del(server->schedule, ctx->timeout_task);
621 /* Assure that after calling final callback there cannot be pending
622 executions for this protocol anymore. This just unregisters any
623 timeout callbacks for this protocol. */
624 silc_protocol_cancel(protocol, server->schedule);
626 /* Call the final callback */
627 if (protocol->final_callback)
628 silc_protocol_execute_final(protocol, server->schedule);
630 silc_protocol_free(protocol);
634 case SILC_PROTOCOL_STATE_ERROR:
639 /* Send abort notification */
640 silc_ske_abort(ctx->ske, ctx->ske->status);
642 /* Unregister the timeout task since the protocol has ended.
643 This was the timeout task to be executed if the protocol is
644 not completed fast enough. */
645 if (ctx->timeout_task)
646 silc_schedule_task_del(server->schedule, ctx->timeout_task);
648 /* Assure that after calling final callback there cannot be pending
649 executions for this protocol anymore. This just unregisters any
650 timeout callbacks for this protocol. */
651 silc_protocol_cancel(protocol, server->schedule);
653 /* On error the final callback is always called. */
654 if (protocol->final_callback)
655 silc_protocol_execute_final(protocol, server->schedule);
657 silc_protocol_free(protocol);
660 case SILC_PROTOCOL_STATE_FAILURE:
662 * We have received failure from remote
665 /* Unregister the timeout task since the protocol has ended.
666 This was the timeout task to be executed if the protocol is
667 not completed fast enough. */
668 if (ctx->timeout_task)
669 silc_schedule_task_del(server->schedule, ctx->timeout_task);
671 /* Assure that after calling final callback there cannot be pending
672 executions for this protocol anymore. This just unregisters any
673 timeout callbacks for this protocol. */
674 silc_protocol_cancel(protocol, server->schedule);
676 /* On error the final callback is always called. */
677 if (protocol->final_callback)
678 silc_protocol_execute_final(protocol, server->schedule);
680 silc_protocol_free(protocol);
683 case SILC_PROTOCOL_STATE_UNKNOWN:
689 * Connection Authentication protocol functions
693 silc_server_password_authentication(SilcServer server, char *remote_auth,
696 if (!remote_auth || !local_auth)
699 if (!memcmp(remote_auth, local_auth, strlen(local_auth)))
706 silc_server_public_key_authentication(SilcServer server,
707 SilcPublicKey pub_key,
716 if (!pub_key || !sign)
719 silc_pkcs_alloc(pub_key->name, &pkcs);
720 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
721 silc_pkcs_free(pkcs);
725 /* Make the authentication data. Protocol says it is HASH plus
727 len = ske->hash_len + ske->start_payload_copy->len;
728 auth = silc_buffer_alloc(len);
729 silc_buffer_pull_tail(auth, len);
730 silc_buffer_format(auth,
731 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
732 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
733 ske->start_payload_copy->len),
736 /* Verify signature */
737 if (silc_pkcs_verify_with_hash(pkcs, ske->prop->hash, sign, sign_len,
738 auth->data, auth->len)) {
739 silc_pkcs_free(pkcs);
740 silc_buffer_free(auth);
744 silc_pkcs_free(pkcs);
745 silc_buffer_free(auth);
750 silc_server_get_public_key_auth(SilcServer server,
751 unsigned char **auth_data,
752 SilcUInt32 *auth_data_len,
761 /* Make the authentication data. Protocol says it is HASH plus
763 len = ske->hash_len + ske->start_payload_copy->len;
764 auth = silc_buffer_alloc(len);
765 silc_buffer_pull_tail(auth, len);
766 silc_buffer_format(auth,
767 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
768 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
769 ske->start_payload_copy->len),
772 *auth_data = silc_calloc(silc_pkcs_get_key_len(pkcs), sizeof(**auth_data));
773 if (silc_pkcs_sign_with_hash(pkcs, ske->prop->hash, auth->data,
774 auth->len, *auth_data, auth_data_len)) {
775 silc_buffer_free(auth);
779 silc_free(*auth_data);
780 silc_buffer_free(auth);
784 /* Function that actually performs the authentication to the remote. This
785 supports both passphrase and public key authentication. */
788 silc_server_get_authentication(SilcServerConnAuthInternalContext *ctx,
789 char *local_passphrase,
790 SilcHashTable local_publickeys,
791 unsigned char *remote_auth,
792 SilcUInt32 remote_auth_len)
794 SilcServer server = (SilcServer)ctx->server;
795 SilcSKE ske = ctx->ske;
798 /* If we don't have authentication data set at all we do not require
799 authentication at all */
800 if (!local_passphrase && (!local_publickeys ||
801 !silc_hash_table_count(local_publickeys))) {
802 SILC_LOG_DEBUG(("No authentication required"));
806 /* If both passphrase and public key is provided then we'll try both of
807 them and see which one of them authenticates. If only one of them is
808 set, then try only that. */
810 /* Try first passphrase (as it is faster to check) */
811 if (local_passphrase) {
812 SILC_LOG_DEBUG(("Password authentication"));
813 result = silc_server_password_authentication(server, local_passphrase,
817 /* Try public key authenetication */
818 if (!result && local_publickeys) {
819 SilcPublicKey cached_key;
820 SilcPublicKey remote_key =
821 ((SilcIDListData)ctx->sock->user_data)->public_key;
823 SILC_LOG_DEBUG(("Public key authentication"));
825 /* Find the public key to be used in authentication */
826 cached_key = silc_server_find_public_key(server, local_publickeys,
831 result = silc_server_public_key_authentication(server, cached_key,
833 remote_auth_len, ske);
839 /* Performs connection authentication protocol. If responder, we
840 authenticate the remote data received. If initiator, we will send
841 authentication data to the remote end. */
843 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
845 SilcProtocol protocol = (SilcProtocol)context;
846 SilcServerConnAuthInternalContext *ctx =
847 (SilcServerConnAuthInternalContext *)protocol->context;
848 SilcServer server = (SilcServer)ctx->server;
850 SILC_LOG_DEBUG(("Start"));
852 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
853 protocol->state = SILC_PROTOCOL_STATE_START;
855 SILC_LOG_DEBUG(("State=%d", protocol->state));
857 switch(protocol->state) {
858 case SILC_PROTOCOL_STATE_START:
864 if (ctx->responder == TRUE) {
866 * We are receiving party
869 SilcUInt16 payload_len;
870 SilcUInt16 conn_type;
871 unsigned char *auth_data = NULL;
873 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
874 ctx->sock->hostname, ctx->sock->ip));
876 /* Parse the received authentication data packet. The received
877 payload is Connection Auth Payload. */
878 ret = silc_buffer_unformat(ctx->packet->buffer,
879 SILC_STR_UI_SHORT(&payload_len),
880 SILC_STR_UI_SHORT(&conn_type),
883 SILC_LOG_ERROR(("Bad payload in authentication packet"));
884 protocol->state = SILC_PROTOCOL_STATE_ERROR;
885 silc_protocol_execute(protocol, server->schedule, 0, 300000);
889 if (payload_len != ctx->packet->buffer->len) {
890 SILC_LOG_ERROR(("Bad payload length in authentication packet"));
891 protocol->state = SILC_PROTOCOL_STATE_ERROR;
892 silc_protocol_execute(protocol, server->schedule, 0, 300000);
898 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
899 conn_type > SILC_SOCKET_TYPE_ROUTER) {
900 SILC_LOG_ERROR(("Bad connection type (%d) in authentication packet",
902 protocol->state = SILC_PROTOCOL_STATE_ERROR;
903 silc_protocol_execute(protocol, server->schedule, 0, 300000);
907 if (payload_len > 0) {
908 /* Get authentication data */
909 silc_buffer_pull(ctx->packet->buffer, 4);
910 ret = silc_buffer_unformat(ctx->packet->buffer,
911 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
915 SILC_LOG_DEBUG(("Bad payload in authentication payload"));
916 protocol->state = SILC_PROTOCOL_STATE_ERROR;
917 silc_protocol_execute(protocol, server->schedule, 0, 300000);
923 * Check the remote connection type and make sure that we have
924 * configured this connection. If we haven't allowed this connection
925 * the authentication must be failed.
928 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
930 /* Remote end is client */
931 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
932 SilcServerConfigClient *client = ctx->cconfig.ref_ptr;
935 ret = silc_server_get_authentication(ctx, client->passphrase,
937 auth_data, payload_len);
939 /* Authentication failed */
940 SILC_LOG_ERROR(("Authentication failed"));
941 silc_free(auth_data);
942 protocol->state = SILC_PROTOCOL_STATE_ERROR;
943 silc_protocol_execute(protocol, server->schedule, 0, 300000);
947 SILC_LOG_ERROR(("Remote client connection not configured"));
948 SILC_LOG_ERROR(("Authentication failed"));
949 silc_free(auth_data);
950 protocol->state = SILC_PROTOCOL_STATE_ERROR;
951 silc_protocol_execute(protocol, server->schedule,
957 /* Remote end is server */
958 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
959 SilcServerConfigServer *serv = ctx->sconfig.ref_ptr;
962 ret = silc_server_get_authentication(ctx, serv->passphrase,
964 auth_data, payload_len);
966 /* Authentication failed */
967 SILC_LOG_ERROR(("Authentication failed"));
968 silc_free(auth_data);
969 protocol->state = SILC_PROTOCOL_STATE_ERROR;
970 silc_protocol_execute(protocol, server->schedule, 0, 300000);
974 SILC_LOG_ERROR(("Remote server connection not configured"));
975 SILC_LOG_ERROR(("Authentication failed"));
976 protocol->state = SILC_PROTOCOL_STATE_ERROR;
977 silc_protocol_execute(protocol, server->schedule,
979 silc_free(auth_data);
984 /* Remote end is router */
985 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
986 SilcServerConfigRouter *serv = ctx->rconfig.ref_ptr;
989 ret = silc_server_get_authentication(ctx, serv->passphrase,
991 auth_data, payload_len);
993 /* Authentication failed */
994 SILC_LOG_ERROR(("Authentication failed"));
995 silc_free(auth_data);
996 protocol->state = SILC_PROTOCOL_STATE_ERROR;
997 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1001 SILC_LOG_ERROR(("Remote router connection not configured"));
1002 SILC_LOG_ERROR(("Authentication failed"));
1003 silc_free(auth_data);
1004 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1005 silc_protocol_execute(protocol, server->schedule,
1011 silc_free(auth_data);
1013 /* Save connection type. This is later used to create the
1014 ID for the connection. */
1015 ctx->conn_type = conn_type;
1017 /* Advance protocol state. */
1018 protocol->state = SILC_PROTOCOL_STATE_END;
1019 silc_protocol_execute(protocol, server->schedule, 0, 0);
1023 * We are initiator. We are authenticating ourselves to a
1024 * remote server. We will send the authentication data to the
1025 * other end for verify.
1028 int payload_len = 0;
1029 unsigned char *auth_data = NULL;
1030 SilcUInt32 auth_data_len = 0;
1032 switch(ctx->auth_meth) {
1033 case SILC_AUTH_NONE:
1034 /* No authentication required */
1037 case SILC_AUTH_PASSWORD:
1038 /* Password authentication */
1039 if (ctx->auth_data && ctx->auth_data_len) {
1040 auth_data = strdup(ctx->auth_data);
1041 auth_data_len = ctx->auth_data_len;
1046 case SILC_AUTH_PUBLIC_KEY:
1048 /* Public key authentication */
1049 silc_server_get_public_key_auth(server, &auth_data, &auth_data_len,
1055 payload_len = 4 + auth_data_len;
1056 packet = silc_buffer_alloc(payload_len);
1057 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
1058 silc_buffer_format(packet,
1059 SILC_STR_UI_SHORT(payload_len),
1060 SILC_STR_UI_SHORT(server->server_type
1062 SILC_SOCKET_TYPE_SERVER :
1063 SILC_SOCKET_TYPE_ROUTER),
1064 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
1067 /* Send the packet to server */
1068 silc_server_packet_send(server, ctx->sock,
1069 SILC_PACKET_CONNECTION_AUTH, 0,
1070 packet->data, packet->len, TRUE);
1073 memset(auth_data, 0, auth_data_len);
1074 silc_free(auth_data);
1076 silc_buffer_free(packet);
1078 /* Next state is end of protocol */
1079 protocol->state = SILC_PROTOCOL_STATE_END;
1084 case SILC_PROTOCOL_STATE_END:
1089 unsigned char ok[4];
1091 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
1093 /* Authentication successful */
1094 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
1097 /* Unregister the timeout task since the protocol has ended.
1098 This was the timeout task to be executed if the protocol is
1099 not completed fast enough. */
1100 if (ctx->timeout_task)
1101 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1103 /* Assure that after calling final callback there cannot be pending
1104 executions for this protocol anymore. This just unregisters any
1105 timeout callbacks for this protocol. */
1106 silc_protocol_cancel(protocol, server->schedule);
1108 /* Protocol has ended, call the final callback */
1109 if (protocol->final_callback)
1110 silc_protocol_execute_final(protocol, server->schedule);
1112 silc_protocol_free(protocol);
1115 case SILC_PROTOCOL_STATE_ERROR:
1118 * Error. Send notify to remote.
1120 unsigned char error[4];
1122 /* Authentication failed */
1123 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
1124 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
1127 /* Unregister the timeout task since the protocol has ended.
1128 This was the timeout task to be executed if the protocol is
1129 not completed fast enough. */
1130 if (ctx->timeout_task)
1131 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1133 /* Assure that after calling final callback there cannot be pending
1134 executions for this protocol anymore. This just unregisters any
1135 timeout callbacks for this protocol. */
1136 silc_protocol_cancel(protocol, server->schedule);
1138 /* On error the final callback is always called. */
1139 if (protocol->final_callback)
1140 silc_protocol_execute_final(protocol, server->schedule);
1142 silc_protocol_free(protocol);
1146 case SILC_PROTOCOL_STATE_FAILURE:
1148 * We have received failure from remote
1151 SILC_LOG_ERROR(("Received Authentication Failure"));
1153 /* Unregister the timeout task since the protocol has ended.
1154 This was the timeout task to be executed if the protocol is
1155 not completed fast enough. */
1156 if (ctx->timeout_task)
1157 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1159 /* Assure that after calling final callback there cannot be pending
1160 executions for this protocol anymore. This just unregisters any
1161 timeout callbacks for this protocol. */
1162 silc_protocol_cancel(protocol, server->schedule);
1164 /* On error the final callback is always called. */
1165 if (protocol->final_callback)
1166 silc_protocol_execute_final(protocol, server->schedule);
1168 silc_protocol_free(protocol);
1171 case SILC_PROTOCOL_STATE_UNKNOWN:
1177 * Re-key protocol routines
1180 /* Actually takes the new keys into use. */
1183 silc_server_protocol_rekey_validate(SilcServer server,
1184 SilcServerRekeyInternalContext *ctx,
1185 SilcIDListData idata,
1186 SilcSKEKeyMaterial *keymat,
1189 if (ctx->responder == TRUE) {
1191 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1192 keymat->enc_key_len);
1193 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1194 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
1195 keymat->hmac_key_len);
1197 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1198 keymat->enc_key_len);
1199 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1200 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
1201 keymat->hmac_key_len);
1205 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1206 keymat->enc_key_len);
1207 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1208 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
1209 keymat->hmac_key_len);
1211 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1212 keymat->enc_key_len);
1213 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1214 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
1215 keymat->hmac_key_len);
1219 /* Save the current sending encryption key */
1221 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1222 silc_free(idata->rekey->send_enc_key);
1223 idata->rekey->send_enc_key = silc_memdup(keymat->send_enc_key,
1224 keymat->enc_key_len / 8);
1225 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1229 /* This function actually re-generates (when not using PFS) the keys and
1230 takes them into use. */
1232 void silc_server_protocol_rekey_generate(SilcServer server,
1233 SilcServerRekeyInternalContext *ctx,
1236 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1237 SilcSKEKeyMaterial *keymat;
1238 SilcUInt32 key_len = silc_cipher_get_key_len(idata->send_key);
1239 SilcUInt32 hash_len = idata->hash->hash->hash_len;
1241 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1242 send ? "sending" : "receiving"));
1244 /* Generate the new key */
1245 keymat = silc_calloc(1, sizeof(*keymat));
1246 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1247 idata->rekey->enc_key_len,
1248 16, key_len, hash_len,
1249 idata->hash, keymat);
1251 /* Set the keys into use */
1252 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1254 silc_ske_free_key_material(keymat);
1257 /* This function actually re-generates (with PFS) the keys and
1258 takes them into use. */
1261 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1262 SilcServerRekeyInternalContext *ctx,
1265 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1266 SilcSKEKeyMaterial *keymat;
1267 SilcUInt32 key_len = silc_cipher_get_key_len(idata->send_key);
1268 SilcUInt32 hash_len = idata->hash->hash->hash_len;
1269 unsigned char *tmpbuf;
1272 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1273 send ? "sending" : "receiving"));
1275 /* Encode KEY to binary data */
1276 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1278 /* Generate the new key */
1279 keymat = silc_calloc(1, sizeof(*keymat));
1280 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1281 idata->hash, keymat);
1283 /* Set the keys into use */
1284 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1286 memset(tmpbuf, 0, klen);
1288 silc_ske_free_key_material(keymat);
1291 /* Packet sending callback. This function is provided as packet sending
1292 routine to the Key Exchange functions. */
1295 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1297 SilcPacketType type,
1300 SilcProtocol protocol = (SilcProtocol)context;
1301 SilcServerRekeyInternalContext *ctx =
1302 (SilcServerRekeyInternalContext *)protocol->context;
1303 SilcServer server = (SilcServer)ctx->server;
1305 /* Send the packet immediately */
1306 silc_server_packet_send(server, ctx->sock,
1307 type, 0, packet->data, packet->len, FALSE);
1310 /* Performs re-key as defined in the SILC protocol specification. */
1312 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1314 SilcProtocol protocol = (SilcProtocol)context;
1315 SilcServerRekeyInternalContext *ctx =
1316 (SilcServerRekeyInternalContext *)protocol->context;
1317 SilcServer server = (SilcServer)ctx->server;
1318 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1319 SilcSKEStatus status;
1321 SILC_LOG_DEBUG(("Start"));
1323 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1324 protocol->state = SILC_PROTOCOL_STATE_START;
1326 SILC_LOG_DEBUG(("State=%d", protocol->state));
1328 switch(protocol->state) {
1329 case SILC_PROTOCOL_STATE_START:
1335 if (ctx->responder == TRUE) {
1337 * We are receiving party
1340 if (ctx->pfs == TRUE) {
1342 * Use Perfect Forward Secrecy, ie. negotiate the key material
1343 * using the SKE protocol.
1346 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1347 SILC_LOG_ERROR(("Error during Re-key (R PFS): re-key state is "
1348 "incorrect (received %d, expected %d packet), "
1349 "with %s (%s)", ctx->packet->type,
1350 SILC_PACKET_KEY_EXCHANGE_1, ctx->sock->hostname,
1352 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1353 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1357 ctx->ske = silc_ske_alloc(server->rng, server);
1358 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1359 silc_ske_group_get_by_number(idata->rekey->ske_group,
1360 &ctx->ske->prop->group);
1362 silc_ske_set_callbacks(ctx->ske,
1363 silc_server_protocol_rekey_send_packet,
1364 NULL, NULL, NULL, silc_ske_check_version,
1367 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
1368 if (status != SILC_SKE_STATUS_OK) {
1369 SILC_LOG_ERROR(("Error (%s) during Re-key (R PFS), with %s (%s)",
1370 silc_ske_map_status(status), ctx->sock->hostname,
1372 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1373 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1377 /* Advance the protocol state */
1379 silc_protocol_execute(protocol, server->schedule, 0, 0);
1382 * Do normal and simple re-key.
1385 /* Send the REKEY_DONE to indicate we will take new keys into use */
1386 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1389 /* After we send REKEY_DONE we must set the sending encryption
1390 key to the new key since all packets after this packet must
1391 encrypted with the new key. */
1392 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1394 /* The protocol ends in next stage. */
1395 protocol->state = SILC_PROTOCOL_STATE_END;
1400 * We are the initiator of this protocol
1403 /* Start the re-key by sending the REKEY packet */
1404 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1407 if (ctx->pfs == TRUE) {
1409 * Use Perfect Forward Secrecy, ie. negotiate the key material
1410 * using the SKE protocol.
1412 ctx->ske = silc_ske_alloc(server->rng, server);
1413 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1414 silc_ske_group_get_by_number(idata->rekey->ske_group,
1415 &ctx->ske->prop->group);
1417 silc_ske_set_callbacks(ctx->ske,
1418 silc_server_protocol_rekey_send_packet,
1419 NULL, NULL, NULL, silc_ske_check_version,
1422 status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL, 0);
1423 if (status != SILC_SKE_STATUS_OK) {
1424 SILC_LOG_ERROR(("Error (%s) during Re-key (I PFS), with %s (%s)",
1425 silc_ske_map_status(status), ctx->sock->hostname,
1427 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1428 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1432 /* Advance the protocol state */
1436 * Do normal and simple re-key.
1439 /* Send the REKEY_DONE to indicate we will take new keys into use
1441 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1444 /* After we send REKEY_DONE we must set the sending encryption
1445 key to the new key since all packets after this packet must
1446 encrypted with the new key. */
1447 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1449 /* The protocol ends in next stage. */
1450 protocol->state = SILC_PROTOCOL_STATE_END;
1458 * Second state, used only when oding re-key with PFS.
1460 if (ctx->responder == TRUE) {
1461 if (ctx->pfs == TRUE) {
1463 * Send our KE packe to the initiator now that we've processed
1464 * the initiator's KE packet.
1466 status = silc_ske_responder_finish(ctx->ske, NULL, NULL,
1467 SILC_SKE_PK_TYPE_SILC);
1468 if (status != SILC_SKE_STATUS_OK) {
1469 SILC_LOG_ERROR(("Error (%s) during Re-key (R PFS), with %s (%s)",
1470 silc_ske_map_status(status), ctx->sock->hostname,
1472 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1473 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1479 if (ctx->pfs == TRUE) {
1481 * The packet type must be KE packet
1483 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1484 SILC_LOG_ERROR(("Error during Re-key (I PFS): re-key state is "
1485 "incorrect (received %d, expected %d packet), "
1486 "with %s (%s)", ctx->packet->type,
1487 SILC_PACKET_KEY_EXCHANGE_2, ctx->sock->hostname,
1489 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1490 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1494 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
1495 if (status != SILC_SKE_STATUS_OK) {
1496 SILC_LOG_ERROR(("Error (%s) during Re-key (I PFS), with %s (%s)",
1497 silc_ske_map_status(status), ctx->sock->hostname,
1499 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1500 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1506 /* Send the REKEY_DONE to indicate we will take new keys into use
1508 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1511 /* After we send REKEY_DONE we must set the sending encryption
1512 key to the new key since all packets after this packet must
1513 encrypted with the new key. */
1514 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1516 /* The protocol ends in next stage. */
1517 protocol->state = SILC_PROTOCOL_STATE_END;
1520 case SILC_PROTOCOL_STATE_END:
1525 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1526 SILC_LOG_ERROR(("Error during Re-key (%s PFS): re-key state is "
1527 "incorrect (received %d, expected %d packet), "
1528 "with %s (%s)", ctx->responder ? "R" : "I",
1529 ctx->packet->type, SILC_PACKET_REKEY_DONE,
1530 ctx->sock->hostname, ctx->sock->ip));
1531 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1532 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1536 /* We received the REKEY_DONE packet and all packets after this is
1537 encrypted with the new key so set the decryption key to the new key */
1538 if (ctx->pfs == TRUE)
1539 silc_server_protocol_rekey_generate_pfs(server, ctx, FALSE);
1541 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1543 /* Assure that after calling final callback there cannot be pending
1544 executions for this protocol anymore. This just unregisters any
1545 timeout callbacks for this protocol. */
1546 silc_protocol_cancel(protocol, server->schedule);
1548 /* Protocol has ended, call the final callback */
1549 if (protocol->final_callback)
1550 silc_protocol_execute_final(protocol, server->schedule);
1552 silc_protocol_free(protocol);
1555 case SILC_PROTOCOL_STATE_ERROR:
1560 if (ctx->pfs == TRUE)
1561 /* Send abort notification */
1562 silc_ske_abort(ctx->ske, ctx->ske->status);
1564 /* Assure that after calling final callback there cannot be pending
1565 executions for this protocol anymore. This just unregisters any
1566 timeout callbacks for this protocol. */
1567 silc_protocol_cancel(protocol, server->schedule);
1569 /* On error the final callback is always called. */
1570 if (protocol->final_callback)
1571 silc_protocol_execute_final(protocol, server->schedule);
1573 silc_protocol_free(protocol);
1576 case SILC_PROTOCOL_STATE_FAILURE:
1578 * We have received failure from remote
1581 SILC_LOG_ERROR(("Error during Re-Key: received Failure"));
1583 /* Assure that after calling final callback there cannot be pending
1584 executions for this protocol anymore. This just unregisters any
1585 timeout callbacks for this protocol. */
1586 silc_protocol_cancel(protocol, server->schedule);
1588 /* On error the final callback is always called. */
1589 if (protocol->final_callback)
1590 silc_protocol_execute_final(protocol, server->schedule);
1592 silc_protocol_free(protocol);
1595 case SILC_PROTOCOL_STATE_UNKNOWN:
1601 /* Registers protocols used in server. */
1603 void silc_server_protocols_register(void)
1605 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1606 silc_server_protocol_connection_auth);
1607 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1608 silc_server_protocol_key_exchange);
1609 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1610 silc_server_protocol_rekey);
1611 silc_protocol_register(SILC_PROTOCOL_SERVER_BACKUP,
1612 silc_server_protocol_backup);
1615 /* Unregisters protocols */
1617 void silc_server_protocols_unregister(void)
1619 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1620 silc_server_protocol_connection_auth);
1621 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1622 silc_server_protocol_key_exchange);
1623 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1624 silc_server_protocol_rekey);
1625 silc_protocol_unregister(SILC_PROTOCOL_SERVER_BACKUP,
1626 silc_server_protocol_backup);