5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2000 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Client side of the protocols.
26 * Revision 1.6 2000/07/14 06:12:29 priikone
27 * Put the HMAC keys into the HMAC object instead on having them
28 * saved elsewhere; we can use now silc_hmac_make instead of
29 * silc_hmac_make_with_key.
31 * Revision 1.5 2000/07/07 11:36:09 priikone
32 * Inform user when received unsupported public key from server.
34 * Revision 1.4 2000/07/07 06:53:45 priikone
35 * Added support for server public key verification.
37 * Revision 1.3 2000/07/06 07:14:16 priikone
38 * Deprecated old `channel_auth' protocol.
40 * Revision 1.2 2000/07/05 06:12:05 priikone
41 * Global cosmetic changes.
43 * Revision 1.1.1.1 2000/06/27 11:36:56 priikone
44 * Imported from internal CVS/Added Log headers.
49 #include "clientincludes.h"
51 SILC_TASK_CALLBACK(silc_client_protocol_connection_auth);
52 SILC_TASK_CALLBACK(silc_client_protocol_key_exchange);
54 /* SILC client protocol list */
55 const SilcProtocolObject silc_protocol_list[] =
57 { SILC_PROTOCOL_CLIENT_CONNECTION_AUTH,
58 silc_client_protocol_connection_auth },
59 { SILC_PROTOCOL_CLIENT_KEY_EXCHANGE,
60 silc_client_protocol_key_exchange },
62 { SILC_PROTOCOL_CLIENT_NONE, NULL },
66 * Key Exhange protocol functions
69 /* Function that is called when SKE protocol sends packets to network. */
71 static void silc_client_protocol_ke_send_packet(SilcSKE ske,
76 SilcProtocol protocol = (SilcProtocol)context;
77 SilcClientKEInternalContext *ctx =
78 (SilcClientKEInternalContext *)protocol->context;
79 SilcClient client = (SilcClient)ctx->client;
81 /* Send the packet immediately */
82 silc_client_packet_send(client, ske->sock, type, NULL, 0, NULL, NULL,
83 packet->data, packet->len, TRUE);
87 /* Callback that is called when we have received KE2 payload from
88 responder. We try to verify the public key now. */
91 silc_client_protocol_ke_verify_key(SilcSKE ske,
92 unsigned char *pk_data,
94 SilcSKEPKType pk_type,
97 SilcProtocol protocol = (SilcProtocol)context;
98 SilcClientKEInternalContext *ctx =
99 (SilcClientKEInternalContext *)protocol->context;
100 SilcClient client = (SilcClient)ctx->client;
102 SILC_LOG_DEBUG(("Start"));
104 if (!silc_client_verify_server_key(client, ctx->sock,
105 pk_data, pk_len, pk_type))
106 return SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY;
108 return SILC_SKE_STATUS_OK;
111 /* Sets the negotiated key material into use for particular connection. */
113 static void silc_client_protocol_ke_set_keys(SilcSKE ske,
114 SilcSocketConnection sock,
115 SilcSKEKeyMaterial *keymat,
120 SilcClientWindow win = (SilcClientWindow)sock->user_data;
123 SILC_LOG_DEBUG(("Setting new keys into use"));
125 /* Allocate cipher to be used in the communication */
126 silc_cipher_alloc(cipher->cipher->name, &win->send_key);
127 silc_cipher_alloc(cipher->cipher->name, &win->receive_key);
129 win->send_key->cipher->set_key(win->send_key->context,
130 keymat->send_enc_key,
131 keymat->enc_key_len);
132 win->send_key->set_iv(win->send_key, keymat->send_iv);
133 win->receive_key->cipher->set_key(win->receive_key->context,
134 keymat->receive_enc_key,
135 keymat->enc_key_len);
136 win->receive_key->set_iv(win->receive_key, keymat->receive_iv);
138 /* Allocate PKCS to be used */
140 /* XXX Do we ever need to allocate PKCS for the connection??
141 If yes, we need to change KE protocol to get the initiators
143 silc_pkcs_alloc(pkcs->pkcs->name, &win->public_Key);
144 silc_pkcs_set_public_key(win->public_key, ske->ke2_payload->pk_data,
145 ske->ke2_payload->pk_len);
148 /* Save HMAC key to be used in the communication. */
149 silc_hash_alloc(hash->hash->name, &nhash);
150 silc_hmac_alloc(nhash, &win->hmac);
151 silc_hmac_set_key(win->hmac, keymat->hmac_key, keymat->hmac_key_len);
154 /* Performs key exchange protocol. This is used for both initiator
155 and responder key exchange. This may be called recursively. */
157 SILC_TASK_CALLBACK(silc_client_protocol_key_exchange)
159 SilcProtocol protocol = (SilcProtocol)context;
160 SilcClientKEInternalContext *ctx =
161 (SilcClientKEInternalContext *)protocol->context;
162 SilcClient client = (SilcClient)ctx->client;
163 SilcSKEStatus status;
165 SILC_LOG_DEBUG(("Start"));
167 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
168 protocol->state = SILC_PROTOCOL_STATE_START;
170 switch(protocol->state) {
171 case SILC_PROTOCOL_STATE_START:
178 /* Allocate Key Exchange object */
179 ske = silc_ske_alloc();
182 if (ctx->responder == TRUE) {
184 SilcBuffer start_payload;
187 /* Start the key exchange by processing the received security
188 properties packet from initiator. */
189 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
191 silc_client_protocol_ke_send_packet,
195 SilcSKEStartPayload *start_payload;
197 /* Assemble security properties. */
198 silc_ske_assemble_security_properties(ske, &start_payload);
200 /* Start the key exchange by sending our security properties
201 to the remote end. */
202 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
204 silc_client_protocol_ke_send_packet,
208 if (status != SILC_SKE_STATUS_OK) {
216 /* Advance the state of the protocol. */
225 if (ctx->responder == TRUE) {
228 silc_ske_responder_phase_1(ctx->ske,
229 ctx->ske->start_payload,
230 silc_server_protocol_ke_send_packet,
234 /* Call Phase-1 function. This processes the Key Exchange Start
235 paylaod reply we just got from the responder. The callback
236 function will receive the processed payload where we will
238 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet, NULL, NULL);
246 /* Advance the state of the protocol and call the next state. */
248 protocol->execute(client->timeout_queue, 0, protocol, fd, 0, 0);
256 if (ctx->responder == TRUE) {
259 silc_ske_responder_phase_2(ctx->ske,
260 ctx->ske->start_payload,
261 silc_server_protocol_ke_send_packet,
265 /* Call the Phase-2 function. This creates Diffie Hellman
266 key exchange parameters and sends our public part inside
267 Key Exhange 1 Payload to the responder. */
269 silc_ske_initiator_phase_2(ctx->ske,
270 silc_client_protocol_ke_send_packet,
279 /* Advance the state of the protocol. */
288 if (ctx->responder == TRUE) {
292 silc_ske_responder_phase_2(ctx->ske,
293 ctx->ske->start_payload,
294 silc_server_protocol_ke_send_packet,
298 /* Finish the protocol. This verifies the Key Exchange 2 payload
299 sent by responder. */
300 status = silc_ske_initiator_finish(ctx->ske, ctx->packet,
301 silc_client_protocol_ke_verify_key,
302 context, NULL, NULL);
305 if (status != SILC_SKE_STATUS_OK) {
307 if (status == SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY) {
308 silc_say(client, "Received unsupported server %s public key",
309 ctx->sock->hostname);
311 silc_say(client, "Error during key exchange protocol with server %s",
312 ctx->sock->hostname);
314 protocol->state = SILC_PROTOCOL_STATE_ERROR;
315 protocol->execute(client->timeout_queue, 0, protocol, fd, 0, 0);
319 /* Send Ok to the other end. We will end the protocol as server
320 sends Ok to us when we will take the new keys into use. */
321 silc_ske_end(ctx->ske, silc_client_protocol_ke_send_packet, context);
323 /* End the protocol on the next round */
324 protocol->state = SILC_PROTOCOL_STATE_END;
327 case SILC_PROTOCOL_STATE_END:
332 SilcSKEKeyMaterial *keymat;
334 /* Process the key material */
335 keymat = silc_calloc(1, sizeof(*keymat));
336 silc_ske_process_key_material(ctx->ske, 16, (16 * 8), 16, keymat);
338 /* Take the negotiated keys into use. */
339 silc_client_protocol_ke_set_keys(ctx->ske, ctx->sock, keymat,
340 ctx->ske->prop->cipher,
341 ctx->ske->prop->pkcs,
342 ctx->ske->prop->hash);
344 /* Protocol has ended, call the final callback */
345 if (protocol->final_callback)
346 protocol->execute_final(client->timeout_queue, 0, protocol, fd);
348 silc_protocol_free(protocol);
351 case SILC_PROTOCOL_STATE_ERROR:
353 /* On error the final callback is always called. */
354 if (protocol->final_callback)
355 protocol->execute_final(client->timeout_queue, 0, protocol, fd);
357 silc_protocol_free(protocol);
359 case SILC_PROTOCOL_STATE_UNKNOWN:
365 * Connection Authentication protocol functions
368 SILC_TASK_CALLBACK(silc_client_protocol_connection_auth)
370 SilcProtocol protocol = (SilcProtocol)context;
371 SilcClientConnAuthInternalContext *ctx =
372 (SilcClientConnAuthInternalContext *)protocol->context;
373 SilcClient client = (SilcClient)ctx->client;
375 SILC_LOG_DEBUG(("Start"));
377 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
378 protocol->state = SILC_PROTOCOL_STATE_START;
380 switch(protocol->state) {
381 case SILC_PROTOCOL_STATE_START:
384 * Start protocol. We send authentication data to the server
385 * to be authenticated.
389 unsigned char *auth_data = NULL;
390 unsigned int auth_data_len = 0;
392 switch(ctx->auth_meth) {
393 case SILC_PROTOCOL_CONN_AUTH_NONE:
394 /* No authentication required */
397 case SILC_PROTOCOL_CONN_AUTH_PASSWORD:
398 /* Password authentication */
399 if (ctx->auth_data && ctx->auth_data_len) {
400 auth_data = ctx->auth_data;
401 auth_data_len = ctx->auth_data_len;
405 silc_say(client, "Password authentication required by server %s",
406 ctx->sock->hostname);
407 auth_data = silc_client_ask_passphrase(client);
408 auth_data_len = strlen(auth_data);
411 case SILC_PROTOCOL_CONN_AUTH_PUBLIC_KEY:
416 payload_len = 4 + auth_data_len;
417 packet = silc_buffer_alloc(payload_len);
418 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
419 silc_buffer_format(packet,
420 SILC_STR_UI_SHORT(payload_len),
421 SILC_STR_UI_SHORT(SILC_SOCKET_TYPE_CLIENT),
422 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
425 /* Send the packet to server */
426 silc_client_packet_send(client, ctx->sock,
427 SILC_PACKET_CONNECTION_AUTH,
429 packet->data, packet->len, TRUE);
432 memset(auth_data, 0, auth_data_len);
433 silc_free(auth_data);
435 silc_buffer_free(packet);
437 /* Next state is end of protocol */
438 protocol->state = SILC_PROTOCOL_STATE_END;
442 case SILC_PROTOCOL_STATE_END:
445 * End protocol. Nothing special to be done here.
448 /* Protocol has ended, call the final callback */
449 if (protocol->final_callback)
450 protocol->execute_final(client->timeout_queue, 0, protocol, fd);
452 silc_protocol_free(protocol);
456 case SILC_PROTOCOL_STATE_ERROR:
462 /* Error in protocol. Send FAILURE packet. Although I don't think
463 this could ever happen on client side. */
464 silc_client_packet_send(client, ctx->sock, SILC_PACKET_FAILURE,
465 NULL, 0, NULL, NULL, NULL, 0, TRUE);
467 /* On error the final callback is always called. */
468 if (protocol->final_callback)
469 protocol->execute_final(client->timeout_queue, 0, protocol, fd);
471 silc_protocol_free(protocol);
474 case SILC_PROTOCOL_STATE_UNKNOWN: