5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2006 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
33 * Key Exhange protocol functions
37 silc_verify_public_key_internal(SilcServer server, SilcSocketConnection sock,
38 SilcSocketType conn_type,
39 unsigned char *pk, SilcUInt32 pk_len,
40 SilcSKEPKType pk_type)
42 char file[256], filename[256], *fingerprint;
45 if (pk_type != SILC_SKE_PK_TYPE_SILC) {
46 SILC_LOG_WARNING(("We don't support %s (%s) port %d public key type %d",
47 sock->hostname, sock->ip, sock->port, pk_type));
51 /* Accept client keys without verification */
52 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
53 SILC_LOG_DEBUG(("Accepting client public key without verification"));
57 /* XXX For now, accept server keys without verification too. We are
58 currently always doing mutual authentication so the proof of posession
59 of the private key is verified, and if server is authenticated in
60 conn auth protocol with public key we MUST have the key already. */
62 /* Rest is unreachable code! */
64 memset(filename, 0, sizeof(filename));
65 memset(file, 0, sizeof(file));
66 snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", sock->hostname,
68 snprintf(filename, sizeof(filename) - 1, SILC_ETCDIR "/serverkeys/%s",
71 /* Create serverkeys directory if it doesn't exist. */
72 if (stat(SILC_ETCDIR "/serverkeys", &st) < 0) {
73 /* If dir doesn't exist */
74 if (errno == ENOENT) {
75 if (mkdir(SILC_ETCDIR "/serverkeys", 0755) < 0) {
76 SILC_LOG_ERROR(("Couldn't create `%s' directory\n",
77 SILC_ETCDIR "/serverkeys"));
81 SILC_LOG_ERROR(("%s\n", strerror(errno)));
86 /* Take fingerprint of the public key */
87 fingerprint = silc_hash_fingerprint(NULL, pk, pk_len);
88 SILC_LOG_DEBUG(("Received server %s (%s) port %d public key (%s)",
89 sock->hostname, sock->ip, sock->port, fingerprint));
90 silc_free(fingerprint);
92 /* Check whether this key already exists */
93 if (stat(filename, &st) < 0) {
94 /* We don't have it, then cache it. */
95 SILC_LOG_DEBUG(("New public key from server"));
97 silc_pkcs_save_public_key_data(filename, pk, pk_len,
101 /* The key already exists, verify it. */
102 SilcPublicKey public_key;
103 unsigned char *encpk;
104 SilcUInt32 encpk_len;
106 SILC_LOG_DEBUG(("We have the public key saved locally"));
108 /* Load the key file */
109 if (!silc_pkcs_load_public_key(filename, &public_key,
111 if (!silc_pkcs_load_public_key(filename, &public_key,
112 SILC_PKCS_FILE_BIN)) {
113 SILC_LOG_WARNING(("Could not load local copy of the %s (%s) port %d "
114 "server public key", sock->hostname, sock->ip,
117 /* Save the key for future checking */
119 silc_pkcs_save_public_key_data(filename, pk, pk_len,
124 /* Encode the key data */
125 encpk = silc_pkcs_public_key_encode(public_key, &encpk_len);
127 SILC_LOG_WARNING(("Local copy of the server %s (%s) port %d public key "
128 "is malformed", sock->hostname, sock->ip, sock->port));
130 /* Save the key for future checking */
132 silc_pkcs_save_public_key_data(filename, pk, pk_len, SILC_PKCS_FILE_PEM);
136 if (memcmp(pk, encpk, encpk_len)) {
137 SILC_LOG_WARNING(("%s (%s) port %d server public key does not match "
138 "with local copy", sock->hostname, sock->ip,
140 SILC_LOG_WARNING(("It is possible that the key has expired or changed"));
141 SILC_LOG_WARNING(("It is also possible that some one is performing "
142 "man-in-the-middle attack"));
143 SILC_LOG_WARNING(("Will not accept the server %s (%s) port %d public "
145 sock->hostname, sock->ip, sock->port));
149 /* Local copy matched */
154 /* Callback that is called when we have received KE2 payload from
155 responder. We try to verify the public key now. */
158 silc_server_protocol_ke_verify_key(SilcSKE ske,
159 unsigned char *pk_data,
161 SilcSKEPKType pk_type,
163 SilcSKEVerifyCbCompletion completion,
164 void *completion_context)
166 SilcProtocol protocol = (SilcProtocol)context;
167 SilcServerKEInternalContext *ctx =
168 (SilcServerKEInternalContext *)protocol->context;
169 SilcServer server = (SilcServer)ctx->server;
171 SILC_LOG_DEBUG(("Verifying received public key"));
173 if (silc_verify_public_key_internal(
175 (ctx->responder == FALSE ?
176 SILC_SOCKET_TYPE_ROUTER:
177 ctx->sconfig.ref_ptr ? SILC_SOCKET_TYPE_SERVER :
178 ctx->rconfig.ref_ptr ? SILC_SOCKET_TYPE_ROUTER :
179 SILC_SOCKET_TYPE_CLIENT),
180 pk_data, pk_len, pk_type))
181 completion(ske, SILC_SKE_STATUS_OK, completion_context);
183 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
187 /* Packet sending callback. This function is provided as packet sending
188 routine to the Key Exchange functions. */
190 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
195 SilcProtocol protocol = (SilcProtocol)context;
196 SilcServerKEInternalContext *ctx =
197 (SilcServerKEInternalContext *)protocol->context;
198 SilcServer server = (SilcServer)ctx->server;
200 /* Send the packet immediately */
201 silc_server_packet_send(server, ske->sock,
202 type, 0, packet->data, packet->len, TRUE);
205 /* Sets the negotiated key material into use for particular connection. */
207 int silc_server_protocol_ke_set_keys(SilcServer server,
209 SilcSocketConnection sock,
210 SilcSKEKeyMaterial *keymat,
215 SilcSKEDiffieHellmanGroup group,
218 SilcUnknownEntry conn_data;
219 SilcIDListData idata;
220 const char *cname = silc_cipher_get_name(cipher);
222 SILC_LOG_DEBUG(("Setting new keys into use"));
224 conn_data = silc_calloc(1, sizeof(*conn_data));
225 idata = (SilcIDListData)conn_data;
227 /* Allocate cipher to be used in the communication */
228 if (!silc_cipher_alloc((char *)cname, &idata->send_key)) {
229 silc_free(conn_data);
230 SILC_LOG_ERROR(("Cannot allocate algorithm: %s", cname));
233 if (!silc_cipher_alloc((char *)cname, &idata->receive_key)) {
234 silc_free(conn_data);
235 SILC_LOG_ERROR(("Cannot allocate algorithm: %s", cname));
239 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
240 &idata->hmac_send)) {
241 silc_cipher_free(idata->send_key);
242 silc_cipher_free(idata->receive_key);
243 silc_free(conn_data);
244 SILC_LOG_ERROR(("Cannot allocate algorithm: %s",
245 silc_hmac_get_name(hmac)));
249 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
250 &idata->hmac_receive)) {
251 silc_cipher_free(idata->send_key);
252 silc_cipher_free(idata->receive_key);
253 silc_hmac_free(idata->hmac_send);
254 silc_free(conn_data);
255 SILC_LOG_ERROR(("Cannot allocate algorithm: %s",
256 silc_hmac_get_name(hmac)));
260 if (is_responder == TRUE) {
261 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
262 keymat->enc_key_len);
263 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
264 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
265 keymat->enc_key_len);
266 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
267 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
268 keymat->hmac_key_len);
269 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
270 keymat->hmac_key_len);
272 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
273 keymat->enc_key_len);
274 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
275 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
276 keymat->enc_key_len);
277 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
278 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
279 keymat->hmac_key_len);
280 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
281 keymat->hmac_key_len);
284 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
285 idata->rekey->send_enc_key = silc_memdup(keymat->send_enc_key,
286 keymat->enc_key_len / 8);
287 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
289 if (ske->prop->flags & SILC_SKE_SP_FLAG_PFS)
290 idata->rekey->pfs = TRUE;
291 idata->rekey->ske_group = silc_ske_group_get_number(group);
294 if (!silc_hash_alloc(silc_hash_get_name(hash), &idata->hash)) {
295 silc_cipher_free(idata->send_key);
296 silc_cipher_free(idata->receive_key);
297 silc_hmac_free(idata->hmac_send);
298 silc_hmac_free(idata->hmac_receive);
299 silc_free(conn_data);
300 SILC_LOG_ERROR(("Cannot allocate algorithm: %s",
301 silc_hash_get_name(hash)));
305 /* Save the remote host's public key */
306 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
307 ske->ke1_payload->pk_len, &idata->public_key);
308 if (ske->prop->flags & SILC_SKE_SP_FLAG_MUTUAL)
309 silc_hash_make(server->sha1hash, ske->ke1_payload->pk_data,
310 ske->ke1_payload->pk_len, idata->fingerprint);
312 sock->user_data = (void *)conn_data;
314 SILC_LOG_INFO(("%s (%s) security properties: %s %s %s %s",
315 sock->hostname, sock->ip,
316 silc_cipher_get_name(idata->send_key),
317 (char *)silc_hmac_get_name(idata->hmac_send),
318 silc_hash_get_name(idata->hash),
319 ske->prop->flags & SILC_SKE_SP_FLAG_PFS ? "PFS" : ""));
324 /* Check remote host version string */
326 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
327 SilcUInt32 len, void *context)
329 SilcUInt32 r_protocol_version = 0;
331 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
332 ske->sock->ip, version));
334 if (!silc_parse_version_string(version, &r_protocol_version, NULL, NULL,
336 SILC_LOG_ERROR(("%s (%s) %s is not allowed/supported version",
337 ske->sock->hostname, ske->sock->ip, version));
338 return SILC_SKE_STATUS_BAD_VERSION;
341 ske->sock->version = r_protocol_version;
343 return SILC_SKE_STATUS_OK;
346 /* Callback that is called by the SKE to indicate that it is safe to
347 continue the execution of the protocol. This is used only if we are
348 initiator. Is given as argument to the silc_ske_initiator_finish or
349 silc_ske_responder_phase_2 functions. This is called due to the fact
350 that the public key verification process is asynchronous and we must
351 not continue the protocl until the public key has been verified and
352 this callback is called. */
354 static void silc_server_protocol_ke_continue(SilcSKE ske, void *context)
356 SilcProtocol protocol = (SilcProtocol)context;
357 SilcServerKEInternalContext *ctx =
358 (SilcServerKEInternalContext *)protocol->context;
359 SilcServer server = (SilcServer)ctx->server;
361 if (ske->status != SILC_SKE_STATUS_OK) {
362 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol with %s (%s)",
363 silc_ske_map_status(ske->status), ctx->sock->hostname,
366 protocol->state = SILC_PROTOCOL_STATE_ERROR;
367 silc_protocol_execute(protocol, server->schedule, 0, 300000);
371 /* Send Ok to the other end. We will end the protocol as responder
372 sends Ok to us when we will take the new keys into use. */
373 if (ctx->responder == FALSE) {
374 SILC_LOG_DEBUG(("Ending key exchange protocol"));
375 silc_ske_end(ctx->ske);
377 /* End the protocol on the next round */
378 protocol->state = SILC_PROTOCOL_STATE_END;
381 /* Advance protocol state and call the next state if we are responder.
382 This happens when this callback was sent to silc_ske_responder_phase_2
384 if (ctx->responder == TRUE) {
386 silc_protocol_execute(protocol, server->schedule, 0, 100000);
390 /* Performs key exchange protocol. This is used for both initiator
391 and responder key exchange. This is performed always when accepting
392 new connection to the server. This may be called recursively. */
394 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
396 SilcProtocol protocol = (SilcProtocol)context;
397 SilcServerKEInternalContext *ctx =
398 (SilcServerKEInternalContext *)protocol->context;
399 SilcServer server = (SilcServer)ctx->server;
400 SilcSKEStatus status = SILC_SKE_STATUS_OK;
402 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
403 protocol->state = SILC_PROTOCOL_STATE_START;
405 SILC_LOG_DEBUG(("Current protocol state %d", protocol->state));
407 switch(protocol->state) {
408 case SILC_PROTOCOL_STATE_START:
415 /* Allocate Key Exchange object */
416 ctx->ske = ske = silc_ske_alloc(server->rng, server);
418 silc_ske_set_callbacks(ske, silc_server_protocol_ke_send_packet, NULL,
419 silc_server_protocol_ke_verify_key,
420 silc_server_protocol_ke_continue,
421 silc_ske_check_version, context);
423 if (ctx->responder == TRUE) {
425 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol with %s (%s)",
426 silc_ske_map_status(status), ctx->sock->hostname,
429 protocol->state = SILC_PROTOCOL_STATE_ERROR;
430 silc_protocol_execute(protocol, server->schedule, 0, 300000);
434 /* Start the key exchange by processing the received security
435 properties packet from initiator. */
436 SILC_LOG_DEBUG(("Process security property list (KE)"));
437 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
439 ctx->packet->buffer, ctx->flags);
441 SilcSKEStartPayload *start_payload;
443 SILC_LOG_DEBUG(("Send security property list (KE)"));
445 /* Assemble security properties. */
446 silc_ske_assemble_security_properties(ske, ctx->flags,
450 /* Start the key exchange by sending our security properties
451 to the remote end. */
452 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
456 /* Return now if the procedure is pending. */
457 if (status == SILC_SKE_STATUS_PENDING)
460 if (status != SILC_SKE_STATUS_OK) {
461 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol with %s (%s)",
462 silc_ske_map_status(status), ctx->sock->hostname,
465 protocol->state = SILC_PROTOCOL_STATE_ERROR;
466 silc_protocol_execute(protocol, server->schedule, 0, 300000);
470 /* Advance protocol state and call the next state if we are responder */
472 if (ctx->responder == TRUE)
473 silc_protocol_execute(protocol, server->schedule, 0, 100000);
481 if (ctx->responder == TRUE) {
482 /* Sends the selected security properties to the initiator. */
483 SILC_LOG_DEBUG(("Send security property list reply (KE)"));
484 status = silc_ske_responder_phase_1(ctx->ske);
487 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol with %s (%s)",
488 silc_ske_map_status(status), ctx->sock->hostname,
491 protocol->state = SILC_PROTOCOL_STATE_ERROR;
492 silc_protocol_execute(protocol, server->schedule, 0, 300000);
496 /* Call Phase-1 function. This processes the Key Exchange Start
497 paylaod reply we just got from the responder. The callback
498 function will receive the processed payload where we will
500 SILC_LOG_DEBUG(("Process security property list reply (KE)"));
501 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer);
504 /* Return now if the procedure is pending. */
505 if (status == SILC_SKE_STATUS_PENDING)
508 if (status != SILC_SKE_STATUS_OK) {
509 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol with %s (%s)",
510 silc_ske_map_status(status), ctx->sock->hostname,
513 protocol->state = SILC_PROTOCOL_STATE_ERROR;
514 silc_protocol_execute(protocol, server->schedule, 0, 300000);
518 /* Advance protocol state and call next state if we are initiator */
520 if (ctx->responder == FALSE)
521 silc_protocol_execute(protocol, server->schedule, 0, 100000);
529 if (ctx->responder == TRUE) {
531 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol with %s (%s)",
532 silc_ske_map_status(status), ctx->sock->hostname,
535 protocol->state = SILC_PROTOCOL_STATE_ERROR;
536 silc_protocol_execute(protocol, server->schedule, 0, 300000);
540 /* Process the received Key Exchange 1 Payload packet from
541 the initiator. This also creates our parts of the Diffie
542 Hellman algorithm. The silc_server_protocol_ke_continue
543 will be called after the public key has been verified. */
544 SILC_LOG_DEBUG(("Process KE1 packet"));
545 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
547 /* Call the Phase-2 function. This creates Diffie Hellman
548 key exchange parameters and sends our public part inside
549 Key Exhange 1 Payload to the responder. */
550 SILC_LOG_DEBUG(("Send KE1 packet"));
551 status = silc_ske_initiator_phase_2(ctx->ske,
554 SILC_SKE_PK_TYPE_SILC);
558 /* Return now if the procedure is pending. */
559 if (status == SILC_SKE_STATUS_PENDING)
562 if (status != SILC_SKE_STATUS_OK) {
563 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol with %s (%s)",
564 silc_ske_map_status(status), ctx->sock->hostname,
567 protocol->state = SILC_PROTOCOL_STATE_ERROR;
568 silc_protocol_execute(protocol, server->schedule, 0, 300000);
578 if (ctx->responder == TRUE) {
579 /* This creates the key exchange material and sends our
580 public parts to the initiator inside Key Exchange 2 Payload. */
581 SILC_LOG_DEBUG(("Process KE2 packet"));
582 status = silc_ske_responder_finish(ctx->ske,
585 SILC_SKE_PK_TYPE_SILC);
587 /* End the protocol on the next round */
588 protocol->state = SILC_PROTOCOL_STATE_END;
591 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol with %s (%s)",
592 silc_ske_map_status(status), ctx->sock->hostname,
595 protocol->state = SILC_PROTOCOL_STATE_ERROR;
596 silc_protocol_execute(protocol, server->schedule, 0, 300000);
600 /* Finish the protocol. This verifies the Key Exchange 2 payload
601 sent by responder. The silc_server_protocol_ke_continue will
602 be called after the public key has been verified. */
603 SILC_LOG_DEBUG(("Send KE2 packet"));
604 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
607 /* Return now if the procedure is pending. */
608 if (status == SILC_SKE_STATUS_PENDING)
611 if (status != SILC_SKE_STATUS_OK) {
612 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol with %s (%s)",
613 silc_ske_map_status(status), ctx->sock->hostname,
616 protocol->state = SILC_PROTOCOL_STATE_ERROR;
617 silc_protocol_execute(protocol, server->schedule, 0, 300000);
623 case SILC_PROTOCOL_STATE_END:
628 SilcSKEKeyMaterial *keymat;
629 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
630 int hash_len = silc_hash_len(ctx->ske->prop->hash);
632 SILC_LOG_DEBUG(("Process computed key material"));
634 /* Process the key material */
635 keymat = silc_calloc(1, sizeof(*keymat));
636 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
638 if (status != SILC_SKE_STATUS_OK) {
639 SILC_LOG_ERROR(("Error during Key Exchange protocol: "
640 "could not process key material"));
642 protocol->state = SILC_PROTOCOL_STATE_ERROR;
643 silc_protocol_execute(protocol, server->schedule, 0, 300000);
644 silc_ske_free_key_material(keymat);
647 ctx->keymat = keymat;
649 /* Send Ok to the other end if we are responder. If we are initiator
650 we have sent this already. */
651 if (ctx->responder == TRUE) {
652 SILC_LOG_DEBUG(("Ending key exchange protocol"));
653 silc_ske_end(ctx->ske);
656 /* Unregister the timeout task since the protocol has ended.
657 This was the timeout task to be executed if the protocol is
658 not completed fast enough. */
659 if (ctx->timeout_task)
660 silc_schedule_task_del(server->schedule, ctx->timeout_task);
662 /* Assure that after calling final callback there cannot be pending
663 executions for this protocol anymore. This just unregisters any
664 timeout callbacks for this protocol. */
665 silc_protocol_cancel(protocol, server->schedule);
667 /* Call the final callback */
668 if (protocol->final_callback)
669 silc_protocol_execute_final(protocol, server->schedule);
671 silc_protocol_free(protocol);
675 case SILC_PROTOCOL_STATE_ERROR:
680 /* Send abort notification */
682 silc_ske_abort(ctx->ske, ctx->ske->status);
684 /* Unregister the timeout task since the protocol has ended.
685 This was the timeout task to be executed if the protocol is
686 not completed fast enough. */
687 if (ctx->timeout_task)
688 silc_schedule_task_del(server->schedule, ctx->timeout_task);
690 /* Assure that after calling final callback there cannot be pending
691 executions for this protocol anymore. This just unregisters any
692 timeout callbacks for this protocol. */
693 silc_protocol_cancel(protocol, server->schedule);
695 /* On error the final callback is always called. */
696 if (protocol->final_callback)
697 silc_protocol_execute_final(protocol, server->schedule);
699 silc_protocol_free(protocol);
702 case SILC_PROTOCOL_STATE_FAILURE:
704 * We have received failure from remote
707 /* Unregister the timeout task since the protocol has ended.
708 This was the timeout task to be executed if the protocol is
709 not completed fast enough. */
710 if (ctx->timeout_task)
711 silc_schedule_task_del(server->schedule, ctx->timeout_task);
713 /* Assure that after calling final callback there cannot be pending
714 executions for this protocol anymore. This just unregisters any
715 timeout callbacks for this protocol. */
716 silc_protocol_cancel(protocol, server->schedule);
718 /* On error the final callback is always called. */
719 if (protocol->final_callback)
720 silc_protocol_execute_final(protocol, server->schedule);
722 silc_protocol_free(protocol);
725 case SILC_PROTOCOL_STATE_UNKNOWN:
731 * Connection Authentication protocol functions
735 silc_server_password_authentication(SilcServer server, char *local_auth,
738 if (!remote_auth || !local_auth || strlen(local_auth) != strlen(remote_auth))
741 if (!memcmp(remote_auth, local_auth, strlen(local_auth)))
748 silc_server_public_key_authentication(SilcServer server,
749 SilcPublicKey pub_key,
758 if (!pub_key || !sign)
761 silc_pkcs_alloc(pub_key->name, &pkcs);
762 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
763 silc_pkcs_free(pkcs);
767 /* Make the authentication data. Protocol says it is HASH plus
769 len = ske->hash_len + ske->start_payload_copy->len;
770 auth = silc_buffer_alloc(len);
771 silc_buffer_pull_tail(auth, len);
772 silc_buffer_format(auth,
773 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
774 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
775 ske->start_payload_copy->len),
778 /* Verify signature */
779 if (silc_pkcs_verify_with_hash(pkcs, ske->prop->hash, sign, sign_len,
780 auth->data, auth->len)) {
781 silc_pkcs_free(pkcs);
782 silc_buffer_free(auth);
786 silc_pkcs_free(pkcs);
787 silc_buffer_free(auth);
792 silc_server_get_public_key_auth(SilcServer server,
793 unsigned char **auth_data,
794 SilcUInt32 *auth_data_len,
803 /* Make the authentication data. Protocol says it is HASH plus
805 len = ske->hash_len + ske->start_payload_copy->len;
806 auth = silc_buffer_alloc(len);
807 silc_buffer_pull_tail(auth, len);
808 silc_buffer_format(auth,
809 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
810 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
811 ske->start_payload_copy->len),
814 *auth_data = silc_calloc((silc_pkcs_get_key_len(pkcs) / 8) + 1,
815 sizeof(**auth_data));
816 if (silc_pkcs_sign_with_hash(pkcs, ske->prop->hash, auth->data,
817 auth->len, *auth_data, auth_data_len)) {
818 silc_buffer_free(auth);
822 SILC_LOG_ERROR(("Error computing signature"));
824 silc_free(*auth_data);
825 silc_buffer_free(auth);
829 /* Function that actually performs the authentication to the remote. This
830 supports both passphrase and public key authentication. */
833 silc_server_get_authentication(SilcServerConnAuthInternalContext *ctx,
834 char *local_passphrase,
835 SilcHashTable local_publickeys,
836 unsigned char *remote_auth,
837 SilcUInt32 remote_auth_len)
839 SilcServer server = (SilcServer)ctx->server;
840 SilcSKE ske = ctx->ske;
843 /* If we don't have authentication data set at all we do not require
844 authentication at all */
845 if (!local_passphrase && (!local_publickeys ||
846 !silc_hash_table_count(local_publickeys))) {
847 SILC_LOG_DEBUG(("No authentication required"));
851 /* If both passphrase and public key is provided then we'll try both of
852 them and see which one of them authenticates. If only one of them is
853 set, then try only that. */
855 /* Try first passphrase (as it is faster to check) */
856 if (local_passphrase) {
857 SILC_LOG_DEBUG(("Password authentication"));
858 result = silc_server_password_authentication(server, local_passphrase,
862 /* Try public key authenetication */
863 if (!result && local_publickeys) {
864 SilcPublicKey cached_key;
865 SilcPublicKey remote_key =
866 ((SilcIDListData)ctx->sock->user_data)->public_key;
868 SILC_LOG_DEBUG(("Public key authentication"));
870 /* Find the public key to be used in authentication */
871 cached_key = silc_server_find_public_key(server, local_publickeys,
876 result = silc_server_public_key_authentication(server, cached_key,
878 remote_auth_len, ske);
881 SILC_LOG_DEBUG(("Authentication %s", result ? "successful" : "failed"));
886 /* Performs connection authentication protocol. If responder, we
887 authenticate the remote data received. If initiator, we will send
888 authentication data to the remote end. */
890 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
892 SilcProtocol protocol = (SilcProtocol)context;
893 SilcServerConnAuthInternalContext *ctx =
894 (SilcServerConnAuthInternalContext *)protocol->context;
895 SilcServer server = (SilcServer)ctx->server;
897 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
898 protocol->state = SILC_PROTOCOL_STATE_START;
900 SILC_LOG_DEBUG(("Current protocol state %d", protocol->state));
902 switch(protocol->state) {
903 case SILC_PROTOCOL_STATE_START:
909 if (ctx->responder == TRUE) {
911 * We are receiving party
914 SilcUInt16 payload_len;
915 SilcUInt16 conn_type;
916 unsigned char *auth_data = NULL;
918 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
919 ctx->sock->hostname, ctx->sock->ip));
922 SILC_LOG_ERROR(("Bad authentication protocol request"));
923 protocol->state = SILC_PROTOCOL_STATE_ERROR;
924 silc_protocol_execute(protocol, server->schedule, 0, 300000);
928 /* Parse the received authentication data packet. The received
929 payload is Connection Auth Payload. */
930 ret = silc_buffer_unformat(ctx->packet->buffer,
931 SILC_STR_UI_SHORT(&payload_len),
932 SILC_STR_UI_SHORT(&conn_type),
935 SILC_LOG_ERROR(("Bad payload in authentication packet"));
936 protocol->state = SILC_PROTOCOL_STATE_ERROR;
937 silc_protocol_execute(protocol, server->schedule, 0, 300000);
941 if (payload_len != ctx->packet->buffer->len) {
942 SILC_LOG_ERROR(("Bad payload length in authentication packet"));
943 protocol->state = SILC_PROTOCOL_STATE_ERROR;
944 silc_protocol_execute(protocol, server->schedule, 0, 300000);
950 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
951 conn_type > SILC_SOCKET_TYPE_ROUTER) {
952 SILC_LOG_ERROR(("Bad connection type (%d) in authentication packet",
954 protocol->state = SILC_PROTOCOL_STATE_ERROR;
955 silc_protocol_execute(protocol, server->schedule, 0, 300000);
959 if (payload_len > 0) {
960 /* Get authentication data */
961 silc_buffer_pull(ctx->packet->buffer, 4);
962 ret = silc_buffer_unformat(ctx->packet->buffer,
963 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
967 SILC_LOG_DEBUG(("Bad payload in authentication payload"));
968 protocol->state = SILC_PROTOCOL_STATE_ERROR;
969 silc_protocol_execute(protocol, server->schedule, 0, 300000);
975 * Check the remote connection type and make sure that we have
976 * configured this connection. If we haven't allowed this connection
977 * the authentication must be failed.
980 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
982 /* Remote end is client */
983 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
984 SilcServerConfigClient *client = ctx->cconfig.ref_ptr;
987 ret = silc_server_get_authentication(ctx, client->passphrase,
989 auth_data, payload_len);
991 /* Authentication failed */
992 SILC_LOG_ERROR(("Authentication failed"));
993 silc_free(auth_data);
994 protocol->state = SILC_PROTOCOL_STATE_ERROR;
995 silc_protocol_execute(protocol, server->schedule, 0, 300000);
999 SILC_LOG_ERROR(("Remote client connection not configured"));
1000 SILC_LOG_ERROR(("Authentication failed"));
1001 silc_free(auth_data);
1002 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1003 silc_protocol_execute(protocol, server->schedule,
1009 /* Remote end is server */
1010 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
1011 SilcServerConfigServer *serv = ctx->sconfig.ref_ptr;
1014 ret = silc_server_get_authentication(ctx, serv->passphrase,
1016 auth_data, payload_len);
1018 /* Authentication failed */
1019 SILC_LOG_ERROR(("Authentication failed"));
1020 silc_free(auth_data);
1021 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1022 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1026 SILC_LOG_ERROR(("Remote server connection not configured"));
1027 SILC_LOG_ERROR(("Authentication failed"));
1028 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1029 silc_protocol_execute(protocol, server->schedule,
1031 silc_free(auth_data);
1036 /* Remote end is router */
1037 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
1038 SilcServerConfigRouter *serv = ctx->rconfig.ref_ptr;
1041 ret = silc_server_get_authentication(ctx, serv->passphrase,
1043 auth_data, payload_len);
1045 /* Authentication failed */
1046 SILC_LOG_ERROR(("Authentication failed"));
1047 silc_free(auth_data);
1048 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1049 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1053 SILC_LOG_ERROR(("Remote router connection not configured"));
1054 SILC_LOG_ERROR(("Authentication failed"));
1055 silc_free(auth_data);
1056 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1057 silc_protocol_execute(protocol, server->schedule,
1063 silc_free(auth_data);
1065 /* Save connection type. This is later used to create the
1066 ID for the connection. */
1067 ctx->conn_type = conn_type;
1069 /* Advance protocol state. */
1070 protocol->state = SILC_PROTOCOL_STATE_END;
1071 silc_protocol_execute(protocol, server->schedule, 0, 0);
1075 * We are initiator. We are authenticating ourselves to a
1076 * remote server. We will send the authentication data to the
1077 * other end for verify.
1080 int payload_len = 0;
1081 unsigned char *auth_data = NULL;
1082 SilcUInt32 auth_data_len = 0;
1084 switch(ctx->auth_meth) {
1085 case SILC_AUTH_NONE:
1086 /* No authentication required */
1089 case SILC_AUTH_PASSWORD:
1090 /* Password authentication */
1091 if (ctx->auth_data && ctx->auth_data_len) {
1092 auth_data = strdup(ctx->auth_data);
1093 auth_data_len = ctx->auth_data_len;
1098 case SILC_AUTH_PUBLIC_KEY:
1100 /* Public key authentication */
1101 silc_server_get_public_key_auth(server, &auth_data, &auth_data_len,
1107 payload_len = 4 + auth_data_len;
1108 packet = silc_buffer_alloc(payload_len);
1109 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
1110 silc_buffer_format(packet,
1111 SILC_STR_UI_SHORT(payload_len),
1112 SILC_STR_UI_SHORT(server->server_type
1114 SILC_SOCKET_TYPE_SERVER :
1115 SILC_SOCKET_TYPE_ROUTER),
1116 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
1119 /* Send the packet to server */
1120 silc_server_packet_send(server, ctx->sock,
1121 SILC_PACKET_CONNECTION_AUTH, 0,
1122 packet->data, packet->len, TRUE);
1125 memset(auth_data, 0, auth_data_len);
1126 silc_free(auth_data);
1128 silc_buffer_free(packet);
1130 /* Next state is end of protocol */
1131 protocol->state = SILC_PROTOCOL_STATE_END;
1136 case SILC_PROTOCOL_STATE_END:
1141 unsigned char ok[4];
1143 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
1145 /* Authentication successful */
1146 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
1149 /* Unregister the timeout task since the protocol has ended.
1150 This was the timeout task to be executed if the protocol is
1151 not completed fast enough. */
1152 if (ctx->timeout_task)
1153 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1155 /* Assure that after calling final callback there cannot be pending
1156 executions for this protocol anymore. This just unregisters any
1157 timeout callbacks for this protocol. */
1158 silc_protocol_cancel(protocol, server->schedule);
1160 /* Protocol has ended, call the final callback */
1161 if (protocol->final_callback)
1162 silc_protocol_execute_final(protocol, server->schedule);
1164 silc_protocol_free(protocol);
1167 case SILC_PROTOCOL_STATE_ERROR:
1170 * Error. Send notify to remote.
1172 unsigned char error[4];
1174 /* Authentication failed */
1175 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
1176 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
1179 /* Unregister the timeout task since the protocol has ended.
1180 This was the timeout task to be executed if the protocol is
1181 not completed fast enough. */
1182 if (ctx->timeout_task)
1183 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1185 /* Assure that after calling final callback there cannot be pending
1186 executions for this protocol anymore. This just unregisters any
1187 timeout callbacks for this protocol. */
1188 silc_protocol_cancel(protocol, server->schedule);
1190 /* On error the final callback is always called. */
1191 if (protocol->final_callback)
1192 silc_protocol_execute_final(protocol, server->schedule);
1194 silc_protocol_free(protocol);
1198 case SILC_PROTOCOL_STATE_FAILURE:
1200 * We have received failure from remote
1203 SILC_LOG_ERROR(("Received Authentication Failure"));
1205 /* Unregister the timeout task since the protocol has ended.
1206 This was the timeout task to be executed if the protocol is
1207 not completed fast enough. */
1208 if (ctx->timeout_task)
1209 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1211 /* Assure that after calling final callback there cannot be pending
1212 executions for this protocol anymore. This just unregisters any
1213 timeout callbacks for this protocol. */
1214 silc_protocol_cancel(protocol, server->schedule);
1216 /* On error the final callback is always called. */
1217 if (protocol->final_callback)
1218 silc_protocol_execute_final(protocol, server->schedule);
1220 silc_protocol_free(protocol);
1223 case SILC_PROTOCOL_STATE_UNKNOWN:
1229 * Re-key protocol routines
1232 /* Actually takes the new keys into use. */
1235 silc_server_protocol_rekey_validate(SilcServer server,
1236 SilcServerRekeyInternalContext *ctx,
1237 SilcIDListData idata,
1238 SilcSKEKeyMaterial *keymat,
1241 if (ctx->responder == TRUE) {
1243 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1244 keymat->enc_key_len);
1245 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1246 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
1247 keymat->hmac_key_len);
1249 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1250 keymat->enc_key_len);
1251 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1252 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
1253 keymat->hmac_key_len);
1257 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1258 keymat->enc_key_len);
1259 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1260 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
1261 keymat->hmac_key_len);
1263 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1264 keymat->enc_key_len);
1265 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1266 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
1267 keymat->hmac_key_len);
1271 /* Save the current sending encryption key */
1273 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1274 silc_free(idata->rekey->send_enc_key);
1275 idata->rekey->send_enc_key = silc_memdup(keymat->send_enc_key,
1276 keymat->enc_key_len / 8);
1277 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1281 /* This function actually re-generates (when not using PFS) the keys and
1282 takes them into use. */
1284 void silc_server_protocol_rekey_generate(SilcServer server,
1285 SilcServerRekeyInternalContext *ctx,
1288 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1289 SilcSKEKeyMaterial *keymat;
1290 SilcUInt32 key_len = silc_cipher_get_key_len(idata->send_key);
1291 SilcUInt32 hash_len = silc_hash_len(idata->hash);
1293 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1294 send ? "sending" : "receiving"));
1296 /* Generate the new key */
1297 keymat = silc_calloc(1, sizeof(*keymat));
1298 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1299 idata->rekey->enc_key_len,
1300 16, key_len, hash_len,
1301 idata->hash, keymat);
1303 /* Set the keys into use */
1304 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1306 silc_ske_free_key_material(keymat);
1309 /* This function actually re-generates (with PFS) the keys and
1310 takes them into use. */
1313 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1314 SilcServerRekeyInternalContext *ctx,
1317 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1318 SilcSKEKeyMaterial *keymat;
1319 SilcUInt32 key_len = silc_cipher_get_key_len(idata->send_key);
1320 SilcUInt32 hash_len = silc_hash_len(idata->hash);
1321 unsigned char *tmpbuf;
1324 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1325 send ? "sending" : "receiving"));
1327 /* Encode KEY to binary data */
1328 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1330 /* Generate the new key */
1331 keymat = silc_calloc(1, sizeof(*keymat));
1332 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1333 idata->hash, keymat);
1335 /* Set the keys into use */
1336 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1338 memset(tmpbuf, 0, klen);
1340 silc_ske_free_key_material(keymat);
1343 /* Packet sending callback. This function is provided as packet sending
1344 routine to the Key Exchange functions. */
1347 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1349 SilcPacketType type,
1352 SilcProtocol protocol = (SilcProtocol)context;
1353 SilcServerRekeyInternalContext *ctx =
1354 (SilcServerRekeyInternalContext *)protocol->context;
1355 SilcServer server = (SilcServer)ctx->server;
1357 /* Send the packet immediately */
1358 silc_server_packet_send(server, ctx->sock,
1359 type, 0, packet->data, packet->len, FALSE);
1362 /* Performs re-key as defined in the SILC protocol specification. */
1364 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1366 SilcProtocol protocol = (SilcProtocol)context;
1367 SilcServerRekeyInternalContext *ctx =
1368 (SilcServerRekeyInternalContext *)protocol->context;
1369 SilcServer server = (SilcServer)ctx->server;
1370 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1371 SilcSKEStatus status;
1373 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1374 protocol->state = SILC_PROTOCOL_STATE_START;
1376 SILC_LOG_DEBUG(("Current protocol state %d", protocol->state));
1378 switch(protocol->state) {
1379 case SILC_PROTOCOL_STATE_START:
1385 if (ctx->responder == TRUE) {
1387 * We are receiving party
1390 if (ctx->pfs == TRUE) {
1392 * Use Perfect Forward Secrecy, ie. negotiate the key material
1393 * using the SKE protocol.
1397 SILC_LOG_ERROR(("Error during Re-key, with %s (%s)",
1398 ctx->sock->hostname, ctx->sock->ip));
1399 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1400 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1404 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1405 SILC_LOG_ERROR(("Error during Re-key (R PFS): re-key state is "
1406 "incorrect (received %d, expected %d packet), "
1407 "with %s (%s)", ctx->packet->type,
1408 SILC_PACKET_KEY_EXCHANGE_1, ctx->sock->hostname,
1410 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1411 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1415 ctx->ske = silc_ske_alloc(server->rng, server);
1416 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1417 silc_ske_group_get_by_number(idata->rekey->ske_group,
1418 &ctx->ske->prop->group);
1420 silc_ske_set_callbacks(ctx->ske,
1421 silc_server_protocol_rekey_send_packet,
1422 NULL, NULL, NULL, silc_ske_check_version,
1425 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
1426 if (status != SILC_SKE_STATUS_OK) {
1427 SILC_LOG_ERROR(("Error (%s) during Re-key (R PFS), with %s (%s)",
1428 silc_ske_map_status(status), ctx->sock->hostname,
1430 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1431 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1435 /* Advance the protocol state */
1437 silc_protocol_execute(protocol, server->schedule, 0, 0);
1440 * Do normal and simple re-key.
1443 /* Send the REKEY_DONE to indicate we will take new keys into use */
1444 silc_server_packet_queue_purge(server, ctx->sock);
1445 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1448 /* After we send REKEY_DONE we must set the sending encryption
1449 key to the new key since all packets after this packet must
1450 encrypted with the new key. */
1451 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1452 silc_server_packet_queue_purge(server, ctx->sock);
1454 /* The protocol ends in next stage. */
1455 protocol->state = SILC_PROTOCOL_STATE_END;
1460 * We are the initiator of this protocol
1463 /* Start the re-key by sending the REKEY packet */
1464 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1467 if (ctx->pfs == TRUE) {
1469 * Use Perfect Forward Secrecy, ie. negotiate the key material
1470 * using the SKE protocol.
1472 ctx->ske = silc_ske_alloc(server->rng, server);
1473 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1474 silc_ske_group_get_by_number(idata->rekey->ske_group,
1475 &ctx->ske->prop->group);
1477 silc_ske_set_callbacks(ctx->ske,
1478 silc_server_protocol_rekey_send_packet,
1479 NULL, NULL, NULL, silc_ske_check_version,
1482 status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL, 0);
1483 if (status != SILC_SKE_STATUS_OK) {
1484 SILC_LOG_ERROR(("Error (%s) during Re-key (I PFS), with %s (%s)",
1485 silc_ske_map_status(status), ctx->sock->hostname,
1487 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1488 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1492 /* Advance the protocol state */
1496 * Do normal and simple re-key.
1499 /* Send the REKEY_DONE to indicate we will take new keys into use
1501 silc_server_packet_queue_purge(server, ctx->sock);
1502 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1505 /* After we send REKEY_DONE we must set the sending encryption
1506 key to the new key since all packets after this packet must
1507 encrypted with the new key. */
1508 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1509 silc_server_packet_queue_purge(server, ctx->sock);
1511 /* The protocol ends in next stage. */
1512 protocol->state = SILC_PROTOCOL_STATE_END;
1520 * Second state, used only when doing re-key with PFS.
1522 if (ctx->responder == TRUE) {
1523 if (ctx->pfs == TRUE) {
1525 * Send our KE packet to the initiator now that we've processed
1526 * the initiator's KE packet.
1528 status = silc_ske_responder_finish(ctx->ske, NULL, NULL,
1529 SILC_SKE_PK_TYPE_SILC);
1530 if (status != SILC_SKE_STATUS_OK) {
1531 SILC_LOG_ERROR(("Error (%s) during Re-key (R PFS), with %s (%s)",
1532 silc_ske_map_status(status), ctx->sock->hostname,
1534 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1535 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1541 if (ctx->pfs == TRUE) {
1543 * The packet type must be KE packet
1546 SILC_LOG_ERROR(("Error during Re-key, with %s (%s)",
1547 ctx->sock->hostname, ctx->sock->ip));
1548 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1549 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1553 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1554 SILC_LOG_ERROR(("Error during Re-key (I PFS): re-key state is "
1555 "incorrect (received %d, expected %d packet), "
1556 "with %s (%s)", ctx->packet->type,
1557 SILC_PACKET_KEY_EXCHANGE_2, ctx->sock->hostname,
1559 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1560 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1564 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
1565 if (status != SILC_SKE_STATUS_OK) {
1566 SILC_LOG_ERROR(("Error (%s) during Re-key (I PFS), with %s (%s)",
1567 silc_ske_map_status(status), ctx->sock->hostname,
1569 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1570 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1576 /* Send the REKEY_DONE to indicate we will take new keys into use
1578 silc_server_packet_queue_purge(server, ctx->sock);
1579 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1582 /* After we send REKEY_DONE we must set the sending encryption
1583 key to the new key since all packets after this packet must
1584 encrypted with the new key. */
1585 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1586 silc_server_packet_queue_purge(server, ctx->sock);
1588 /* The protocol ends in next stage. */
1589 protocol->state = SILC_PROTOCOL_STATE_END;
1592 case SILC_PROTOCOL_STATE_END:
1598 SILC_LOG_ERROR(("Error during Re-key, with %s (%s)",
1599 ctx->sock->hostname, ctx->sock->ip));
1600 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1601 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1605 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1606 SILC_LOG_ERROR(("Error during Re-key (%s PFS): re-key state is "
1607 "incorrect (received %d, expected %d packet), "
1608 "with %s (%s)", ctx->responder ? "R" : "I",
1609 ctx->packet->type, SILC_PACKET_REKEY_DONE,
1610 ctx->sock->hostname, ctx->sock->ip));
1611 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1612 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1616 /* We received the REKEY_DONE packet and all packets after this is
1617 encrypted with the new key so set the decryption key to the new key */
1618 if (ctx->pfs == TRUE)
1619 silc_server_protocol_rekey_generate_pfs(server, ctx, FALSE);
1621 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1622 silc_server_packet_queue_purge(server, ctx->sock);
1624 /* Assure that after calling final callback there cannot be pending
1625 executions for this protocol anymore. This just unregisters any
1626 timeout callbacks for this protocol. */
1627 silc_protocol_cancel(protocol, server->schedule);
1629 /* Protocol has ended, call the final callback */
1630 if (protocol->final_callback)
1631 silc_protocol_execute_final(protocol, server->schedule);
1633 silc_protocol_free(protocol);
1636 case SILC_PROTOCOL_STATE_ERROR:
1641 if (ctx->pfs == TRUE && ctx->ske)
1642 /* Send abort notification */
1643 silc_ske_abort(ctx->ske, ctx->ske->status);
1645 /* Assure that after calling final callback there cannot be pending
1646 executions for this protocol anymore. This just unregisters any
1647 timeout callbacks for this protocol. */
1648 silc_protocol_cancel(protocol, server->schedule);
1650 /* On error the final callback is always called. */
1651 if (protocol->final_callback)
1652 silc_protocol_execute_final(protocol, server->schedule);
1654 silc_protocol_free(protocol);
1657 case SILC_PROTOCOL_STATE_FAILURE:
1659 * We have received failure from remote
1662 SILC_LOG_ERROR(("Error during Re-Key: received Failure"));
1664 /* Assure that after calling final callback there cannot be pending
1665 executions for this protocol anymore. This just unregisters any
1666 timeout callbacks for this protocol. */
1667 silc_protocol_cancel(protocol, server->schedule);
1669 /* On error the final callback is always called. */
1670 if (protocol->final_callback)
1671 silc_protocol_execute_final(protocol, server->schedule);
1673 silc_protocol_free(protocol);
1676 case SILC_PROTOCOL_STATE_UNKNOWN:
1682 /* Registers protocols used in server. */
1684 void silc_server_protocols_register(void)
1686 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1687 silc_server_protocol_connection_auth);
1688 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1689 silc_server_protocol_key_exchange);
1690 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1691 silc_server_protocol_rekey);
1692 silc_protocol_register(SILC_PROTOCOL_SERVER_BACKUP,
1693 silc_server_protocol_backup);
1696 /* Unregisters protocols */
1698 void silc_server_protocols_unregister(void)
1700 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1701 silc_server_protocol_connection_auth);
1702 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1703 silc_server_protocol_key_exchange);
1704 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1705 silc_server_protocol_rekey);
1706 silc_protocol_unregister(SILC_PROTOCOL_SERVER_BACKUP,
1707 silc_server_protocol_backup);