5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
39 silc_verify_public_key_internal(SilcServer server, SilcSocketConnection sock,
40 SilcSocketType conn_type,
41 unsigned char *pk, SilcUInt32 pk_len,
42 SilcSKEPKType pk_type)
44 char file[256], filename[256], *fingerprint;
47 if (pk_type != SILC_SKE_PK_TYPE_SILC) {
48 SILC_LOG_WARNING(("We don't support %s (%s) port %d public key type %d",
49 sock->hostname, sock->ip, sock->port, pk_type));
53 /* Accept client keys without verification */
54 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
55 SILC_LOG_DEBUG(("Accepting client public key without verification"));
59 /* XXX For now, accept server keys without verification too. We are
60 currently always doing mutual authentication so the proof of posession
61 of the private key is verified, and if server is authenticated in
62 conn auth protocol with public key we MUST have the key already. */
64 /* Rest is unreachable code! */
66 memset(filename, 0, sizeof(filename));
67 memset(file, 0, sizeof(file));
68 snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", sock->hostname,
70 snprintf(filename, sizeof(filename) - 1, SILC_ETCDIR "/serverkeys/%s",
73 /* Create serverkeys directory if it doesn't exist. */
74 if (stat(SILC_ETCDIR "/serverkeys", &st) < 0) {
75 /* If dir doesn't exist */
76 if (errno == ENOENT) {
77 if (mkdir(SILC_ETCDIR "/serverkeys", 0755) < 0) {
78 SILC_LOG_ERROR(("Couldn't create `%s' directory\n",
79 SILC_ETCDIR "/serverkeys"));
83 SILC_LOG_ERROR(("%s\n", strerror(errno)));
88 /* Take fingerprint of the public key */
89 fingerprint = silc_hash_fingerprint(NULL, pk, pk_len);
90 SILC_LOG_DEBUG(("Received server %s (%s) port %d public key (%s)",
91 sock->hostname, sock->ip, sock->port, fingerprint));
92 silc_free(fingerprint);
94 /* Check whether this key already exists */
95 if (stat(filename, &st) < 0) {
96 /* We don't have it, then cache it. */
97 SILC_LOG_DEBUG(("New public key from server"));
99 silc_pkcs_save_public_key_data(filename, pk, pk_len,
103 /* The key already exists, verify it. */
104 SilcPublicKey public_key;
105 unsigned char *encpk;
106 SilcUInt32 encpk_len;
108 SILC_LOG_DEBUG(("We have the public key saved locally"));
110 /* Load the key file */
111 if (!silc_pkcs_load_public_key(filename, &public_key,
113 if (!silc_pkcs_load_public_key(filename, &public_key,
114 SILC_PKCS_FILE_BIN)) {
115 SILC_LOG_WARNING(("Could not load local copy of the %s (%s) port %d "
116 "server public key", sock->hostname, sock->ip,
119 /* Save the key for future checking */
121 silc_pkcs_save_public_key_data(filename, pk, pk_len,
126 /* Encode the key data */
127 encpk = silc_pkcs_public_key_encode(public_key, &encpk_len);
129 SILC_LOG_WARNING(("Local copy of the server %s (%s) port %d public key "
130 "is malformed", sock->hostname, sock->ip, sock->port));
132 /* Save the key for future checking */
134 silc_pkcs_save_public_key_data(filename, pk, pk_len, SILC_PKCS_FILE_PEM);
138 if (memcmp(pk, encpk, encpk_len)) {
139 SILC_LOG_WARNING(("%s (%s) port %d server public key does not match "
140 "with local copy", sock->hostname, sock->ip,
142 SILC_LOG_WARNING(("It is possible that the key has expired or changed"));
143 SILC_LOG_WARNING(("It is also possible that some one is performing "
144 "man-in-the-middle attack"));
145 SILC_LOG_WARNING(("Will not accept the server %s (%s) port %d public "
147 sock->hostname, sock->ip, sock->port));
151 /* Local copy matched */
156 /* Callback that is called when we have received KE2 payload from
157 responder. We try to verify the public key now. */
160 silc_server_protocol_ke_verify_key(SilcSKE ske,
161 unsigned char *pk_data,
163 SilcSKEPKType pk_type,
165 SilcSKEVerifyCbCompletion completion,
166 void *completion_context)
168 SilcProtocol protocol = (SilcProtocol)context;
169 SilcServerKEInternalContext *ctx =
170 (SilcServerKEInternalContext *)protocol->context;
171 SilcServer server = (SilcServer)ctx->server;
173 SILC_LOG_DEBUG(("Start"));
175 if (silc_verify_public_key_internal(server, ctx->sock,
176 (ctx->responder == FALSE ?
177 SILC_SOCKET_TYPE_ROUTER:
178 ctx->sconfig ? SILC_SOCKET_TYPE_SERVER :
179 ctx->rconfig ? SILC_SOCKET_TYPE_ROUTER :
180 SILC_SOCKET_TYPE_CLIENT),
181 pk_data, pk_len, pk_type))
182 completion(ske, SILC_SKE_STATUS_OK, completion_context);
184 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
188 /* Packet sending callback. This function is provided as packet sending
189 routine to the Key Exchange functions. */
191 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
196 SilcProtocol protocol = (SilcProtocol)context;
197 SilcServerKEInternalContext *ctx =
198 (SilcServerKEInternalContext *)protocol->context;
199 SilcServer server = (SilcServer)ctx->server;
201 /* Send the packet immediately */
202 silc_server_packet_send(server, ske->sock,
203 type, 0, packet->data, packet->len, TRUE);
206 /* Sets the negotiated key material into use for particular connection. */
208 int silc_server_protocol_ke_set_keys(SilcServer server,
210 SilcSocketConnection sock,
211 SilcSKEKeyMaterial *keymat,
216 SilcSKEDiffieHellmanGroup group,
219 SilcUnknownEntry conn_data;
220 SilcIDListData idata;
222 SILC_LOG_DEBUG(("Setting new key into use"));
224 conn_data = silc_calloc(1, sizeof(*conn_data));
225 idata = (SilcIDListData)conn_data;
227 /* Allocate cipher to be used in the communication */
228 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
229 silc_free(conn_data);
230 SILC_LOG_ERROR(("Cannot allocate algorithm: %s", cipher->cipher->name));
233 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
234 silc_free(conn_data);
235 SILC_LOG_ERROR(("Cannot allocate algorithm: %s", cipher->cipher->name));
239 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
240 &idata->hmac_send)) {
241 silc_cipher_free(idata->send_key);
242 silc_cipher_free(idata->receive_key);
243 silc_free(conn_data);
244 SILC_LOG_ERROR(("Cannot allocate algorithm: %s",
245 silc_hmac_get_name(hmac)));
249 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
250 &idata->hmac_receive)) {
251 silc_cipher_free(idata->send_key);
252 silc_cipher_free(idata->receive_key);
253 silc_hmac_free(idata->hmac_send);
254 silc_free(conn_data);
255 SILC_LOG_ERROR(("Cannot allocate algorithm: %s",
256 silc_hmac_get_name(hmac)));
260 if (is_responder == TRUE) {
261 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
262 keymat->enc_key_len);
263 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
264 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
265 keymat->enc_key_len);
266 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
267 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
268 keymat->hmac_key_len);
269 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
270 keymat->hmac_key_len);
272 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
273 keymat->enc_key_len);
274 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
275 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
276 keymat->enc_key_len);
277 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
278 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
279 keymat->hmac_key_len);
280 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
281 keymat->hmac_key_len);
284 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
285 idata->rekey->send_enc_key = silc_memdup(keymat->send_enc_key,
286 keymat->enc_key_len / 8);
287 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
289 if (ske->prop->flags & SILC_SKE_SP_FLAG_PFS)
290 idata->rekey->pfs = TRUE;
291 idata->rekey->ske_group = silc_ske_group_get_number(group);
294 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
295 silc_cipher_free(idata->send_key);
296 silc_cipher_free(idata->receive_key);
297 silc_hmac_free(idata->hmac_send);
298 silc_hmac_free(idata->hmac_receive);
299 silc_free(conn_data);
300 SILC_LOG_ERROR(("Cannot allocate algorithm: %s", hash->hash->name));
304 /* Save the remote host's public key */
305 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
306 ske->ke1_payload->pk_len, &idata->public_key);
307 if (ske->prop->flags & SILC_SKE_SP_FLAG_MUTUAL)
308 silc_hash_make(server->sha1hash, ske->ke1_payload->pk_data,
309 ske->ke1_payload->pk_len, idata->fingerprint);
311 sock->user_data = (void *)conn_data;
313 SILC_LOG_INFO(("%s (%s) security properties: %s %s %s",
314 sock->hostname, sock->ip,
315 idata->send_key->cipher->name,
316 (char *)silc_hmac_get_name(idata->hmac_send),
317 idata->hash->hash->name));
322 /* Check remote host version string */
324 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
325 SilcUInt32 len, void *context)
327 SilcSKEStatus status = SILC_SKE_STATUS_OK;
329 int maj = 0, min = 0, build = 0, maj2 = 0, min2 = 0, build2 = 0;
331 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
332 ske->sock->ip, version));
334 /* Check for initial version string */
335 if (!strstr(version, "SILC-1.0-"))
336 status = SILC_SKE_STATUS_BAD_VERSION;
338 /* Check software version */
342 status = SILC_SKE_STATUS_BAD_VERSION;
345 cp = strchr(cp, '.');
351 cp = strchr(cp, '.');
353 build = atoi(cp + 1);
356 cp = silc_version_string + 9;
358 status = SILC_SKE_STATUS_BAD_VERSION;
361 cp = strchr(cp, '.');
367 cp = strchr(cp, '.');
369 build2 = atoi(cp + 1);
373 status = SILC_SKE_STATUS_BAD_VERSION;
376 status = SILC_SKE_STATUS_BAD_VERSION;
379 /* XXX < 0.6 is not allowed */
380 if (maj == 0 && min < 5)
381 status = SILC_SKE_STATUS_BAD_VERSION;
383 if (status == SILC_SKE_STATUS_BAD_VERSION)
384 SILC_LOG_ERROR(("%s (%s) %s is not allowed/supported version",
385 ske->sock->hostname, ske->sock->ip, version));
390 /* Callback that is called by the SKE to indicate that it is safe to
391 continue the execution of the protocol. This is used only if we are
392 initiator. Is given as argument to the silc_ske_initiator_finish or
393 silc_ske_responder_phase_2 functions. This is called due to the fact
394 that the public key verification process is asynchronous and we must
395 not continue the protocl until the public key has been verified and
396 this callback is called. */
398 static void silc_server_protocol_ke_continue(SilcSKE ske, void *context)
400 SilcProtocol protocol = (SilcProtocol)context;
401 SilcServerKEInternalContext *ctx =
402 (SilcServerKEInternalContext *)protocol->context;
403 SilcServer server = (SilcServer)ctx->server;
405 SILC_LOG_DEBUG(("Start"));
407 if (ske->status != SILC_SKE_STATUS_OK) {
408 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
409 silc_ske_map_status(ske->status)));
411 protocol->state = SILC_PROTOCOL_STATE_ERROR;
412 silc_protocol_execute(protocol, server->schedule, 0, 300000);
416 /* Send Ok to the other end. We will end the protocol as responder
417 sends Ok to us when we will take the new keys into use. */
418 if (ctx->responder == FALSE) {
419 silc_ske_end(ctx->ske);
421 /* End the protocol on the next round */
422 protocol->state = SILC_PROTOCOL_STATE_END;
425 /* Advance protocol state and call the next state if we are responder.
426 This happens when this callback was sent to silc_ske_responder_phase_2
428 if (ctx->responder == TRUE) {
430 silc_protocol_execute(protocol, server->schedule, 0, 100000);
434 /* Performs key exchange protocol. This is used for both initiator
435 and responder key exchange. This is performed always when accepting
436 new connection to the server. This may be called recursively. */
438 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
440 SilcProtocol protocol = (SilcProtocol)context;
441 SilcServerKEInternalContext *ctx =
442 (SilcServerKEInternalContext *)protocol->context;
443 SilcServer server = (SilcServer)ctx->server;
444 SilcSKEStatus status = SILC_SKE_STATUS_OK;
446 SILC_LOG_DEBUG(("Start"));
448 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
449 protocol->state = SILC_PROTOCOL_STATE_START;
451 SILC_LOG_DEBUG(("State=%d", protocol->state));
453 switch(protocol->state) {
454 case SILC_PROTOCOL_STATE_START:
461 /* Allocate Key Exchange object */
462 ctx->ske = ske = silc_ske_alloc(server->rng, server);
464 silc_ske_set_callbacks(ske, silc_server_protocol_ke_send_packet, NULL,
465 silc_server_protocol_ke_verify_key,
466 silc_server_protocol_ke_continue,
467 silc_ske_check_version, context);
469 if (ctx->responder == TRUE) {
470 /* Start the key exchange by processing the received security
471 properties packet from initiator. */
472 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
474 ctx->packet->buffer, ctx->flags);
476 SilcSKEStartPayload *start_payload;
478 /* Assemble security properties. */
479 silc_ske_assemble_security_properties(ske, ctx->flags,
483 /* Start the key exchange by sending our security properties
484 to the remote end. */
485 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
489 /* Return now if the procedure is pending. */
490 if (status == SILC_SKE_STATUS_PENDING)
493 if (status != SILC_SKE_STATUS_OK) {
494 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
495 silc_ske_map_status(status)));
497 protocol->state = SILC_PROTOCOL_STATE_ERROR;
498 silc_protocol_execute(protocol, server->schedule, 0, 300000);
502 /* Advance protocol state and call the next state if we are responder */
504 if (ctx->responder == TRUE)
505 silc_protocol_execute(protocol, server->schedule, 0, 100000);
513 if (ctx->responder == TRUE) {
514 /* Sends the selected security properties to the initiator. */
515 status = silc_ske_responder_phase_1(ctx->ske);
517 /* Call Phase-1 function. This processes the Key Exchange Start
518 paylaod reply we just got from the responder. The callback
519 function will receive the processed payload where we will
521 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer);
524 /* Return now if the procedure is pending. */
525 if (status == SILC_SKE_STATUS_PENDING)
528 if (status != SILC_SKE_STATUS_OK) {
529 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
530 silc_ske_map_status(status)));
532 protocol->state = SILC_PROTOCOL_STATE_ERROR;
533 silc_protocol_execute(protocol, server->schedule, 0, 300000);
537 /* Advance protocol state and call next state if we are initiator */
539 if (ctx->responder == FALSE)
540 silc_protocol_execute(protocol, server->schedule, 0, 100000);
548 if (ctx->responder == TRUE) {
549 /* Process the received Key Exchange 1 Payload packet from
550 the initiator. This also creates our parts of the Diffie
551 Hellman algorithm. The silc_server_protocol_ke_continue
552 will be called after the public key has been verified. */
553 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
555 /* Call the Phase-2 function. This creates Diffie Hellman
556 key exchange parameters and sends our public part inside
557 Key Exhange 1 Payload to the responder. */
558 status = silc_ske_initiator_phase_2(ctx->ske,
561 SILC_SKE_PK_TYPE_SILC);
565 /* Return now if the procedure is pending. */
566 if (status == SILC_SKE_STATUS_PENDING)
569 if (status != SILC_SKE_STATUS_OK) {
570 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
571 silc_ske_map_status(status)));
573 protocol->state = SILC_PROTOCOL_STATE_ERROR;
574 silc_protocol_execute(protocol, server->schedule, 0, 300000);
584 if (ctx->responder == TRUE) {
585 /* This creates the key exchange material and sends our
586 public parts to the initiator inside Key Exchange 2 Payload. */
587 status = silc_ske_responder_finish(ctx->ske,
590 SILC_SKE_PK_TYPE_SILC);
592 /* End the protocol on the next round */
593 protocol->state = SILC_PROTOCOL_STATE_END;
595 /* Finish the protocol. This verifies the Key Exchange 2 payload
596 sent by responder. The silc_server_protocol_ke_continue will
597 be called after the public key has been verified. */
598 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
601 /* Return now if the procedure is pending. */
602 if (status == SILC_SKE_STATUS_PENDING)
605 if (status != SILC_SKE_STATUS_OK) {
606 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
607 silc_ske_map_status(status)));
609 protocol->state = SILC_PROTOCOL_STATE_ERROR;
610 silc_protocol_execute(protocol, server->schedule, 0, 300000);
616 case SILC_PROTOCOL_STATE_END:
621 SilcSKEKeyMaterial *keymat;
622 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
623 int hash_len = ctx->ske->prop->hash->hash->hash_len;
625 /* Process the key material */
626 keymat = silc_calloc(1, sizeof(*keymat));
627 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
629 if (status != SILC_SKE_STATUS_OK) {
630 SILC_LOG_ERROR(("Error during Key Exchange protocol: "
631 "could not process key material"));
633 protocol->state = SILC_PROTOCOL_STATE_ERROR;
634 silc_protocol_execute(protocol, server->schedule, 0, 300000);
635 silc_ske_free_key_material(keymat);
638 ctx->keymat = keymat;
640 /* Send Ok to the other end if we are responder. If we are initiator
641 we have sent this already. */
642 if (ctx->responder == TRUE)
643 silc_ske_end(ctx->ske);
645 /* Unregister the timeout task since the protocol has ended.
646 This was the timeout task to be executed if the protocol is
647 not completed fast enough. */
648 if (ctx->timeout_task)
649 silc_schedule_task_del(server->schedule, ctx->timeout_task);
651 /* Assure that after calling final callback there cannot be pending
652 executions for this protocol anymore. This just unregisters any
653 timeout callbacks for this protocol. */
654 silc_protocol_cancel(protocol, server->schedule);
656 /* Call the final callback */
657 if (protocol->final_callback)
658 silc_protocol_execute_final(protocol, server->schedule);
660 silc_protocol_free(protocol);
664 case SILC_PROTOCOL_STATE_ERROR:
669 /* Send abort notification */
670 silc_ske_abort(ctx->ske, ctx->ske->status);
672 /* Unregister the timeout task since the protocol has ended.
673 This was the timeout task to be executed if the protocol is
674 not completed fast enough. */
675 if (ctx->timeout_task)
676 silc_schedule_task_del(server->schedule, ctx->timeout_task);
678 /* Assure that after calling final callback there cannot be pending
679 executions for this protocol anymore. This just unregisters any
680 timeout callbacks for this protocol. */
681 silc_protocol_cancel(protocol, server->schedule);
683 /* On error the final callback is always called. */
684 if (protocol->final_callback)
685 silc_protocol_execute_final(protocol, server->schedule);
687 silc_protocol_free(protocol);
690 case SILC_PROTOCOL_STATE_FAILURE:
692 * We have received failure from remote
695 /* Unregister the timeout task since the protocol has ended.
696 This was the timeout task to be executed if the protocol is
697 not completed fast enough. */
698 if (ctx->timeout_task)
699 silc_schedule_task_del(server->schedule, ctx->timeout_task);
701 /* Assure that after calling final callback there cannot be pending
702 executions for this protocol anymore. This just unregisters any
703 timeout callbacks for this protocol. */
704 silc_protocol_cancel(protocol, server->schedule);
706 /* On error the final callback is always called. */
707 if (protocol->final_callback)
708 silc_protocol_execute_final(protocol, server->schedule);
710 silc_protocol_free(protocol);
713 case SILC_PROTOCOL_STATE_UNKNOWN:
719 * Connection Authentication protocol functions
723 silc_server_password_authentication(SilcServer server, char *remote_auth,
726 if (!remote_auth || !local_auth)
729 if (!memcmp(remote_auth, local_auth, strlen(local_auth)))
736 silc_server_public_key_authentication(SilcServer server,
737 SilcPublicKey pub_key,
746 if (!pub_key || !sign)
749 silc_pkcs_alloc(pub_key->name, &pkcs);
750 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
751 silc_pkcs_free(pkcs);
755 /* Make the authentication data. Protocol says it is HASH plus
757 len = ske->hash_len + ske->start_payload_copy->len;
758 auth = silc_buffer_alloc(len);
759 silc_buffer_pull_tail(auth, len);
760 silc_buffer_format(auth,
761 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
762 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
763 ske->start_payload_copy->len),
766 /* Verify signature */
767 if (silc_pkcs_verify_with_hash(pkcs, ske->prop->hash, sign, sign_len,
768 auth->data, auth->len)) {
769 silc_pkcs_free(pkcs);
770 silc_buffer_free(auth);
774 silc_pkcs_free(pkcs);
775 silc_buffer_free(auth);
780 silc_server_get_public_key_auth(SilcServer server,
781 unsigned char **auth_data,
782 SilcUInt32 *auth_data_len,
791 /* Make the authentication data. Protocol says it is HASH plus
793 len = ske->hash_len + ske->start_payload_copy->len;
794 auth = silc_buffer_alloc(len);
795 silc_buffer_pull_tail(auth, len);
796 silc_buffer_format(auth,
797 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
798 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
799 ske->start_payload_copy->len),
802 *auth_data = silc_calloc(silc_pkcs_get_key_len(pkcs), sizeof(**auth_data));
803 if (silc_pkcs_sign_with_hash(pkcs, ske->prop->hash, auth->data,
804 auth->len, *auth_data, auth_data_len)) {
805 silc_buffer_free(auth);
809 silc_free(*auth_data);
810 silc_buffer_free(auth);
814 /* Function that actually performs the authentication to the remote. This
815 supports both passphrase and public key authentication. */
818 silc_server_get_authentication(SilcServerConnAuthInternalContext *ctx,
819 char *local_passphrase,
820 SilcHashTable local_publickeys,
821 unsigned char *remote_auth,
822 SilcUInt32 remote_auth_len)
824 SilcServer server = (SilcServer)ctx->server;
825 SilcSKE ske = ctx->ske;
828 /* If we don't have authentication data set at all we do not require
829 authentication at all */
830 if (!local_passphrase && (!local_publickeys ||
831 !silc_hash_table_count(local_publickeys))) {
832 SILC_LOG_DEBUG(("No authentication required"));
836 /* If both passphrase and public key is provided then we'll try both of
837 them and see which one of them authenticates. If only one of them is
838 set, then try only that. */
840 /* Try first passphrase (as it is faster to check) */
841 if (local_passphrase) {
842 SILC_LOG_DEBUG(("Password authentication"));
843 result = silc_server_password_authentication(server, local_passphrase,
847 /* Try public key authenetication */
848 if (!result && local_publickeys) {
849 SilcPublicKey cached_key;
850 SilcPublicKey remote_key =
851 ((SilcIDListData)ctx->sock->user_data)->public_key;
853 SILC_LOG_DEBUG(("Public key authentication"));
855 /* Find the public key to be used in authentication */
856 cached_key = silc_server_find_public_key(server, local_publickeys,
861 result = silc_server_public_key_authentication(server, cached_key,
863 remote_auth_len, ske);
869 /* Performs connection authentication protocol. If responder, we
870 authenticate the remote data received. If initiator, we will send
871 authentication data to the remote end. */
873 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
875 SilcProtocol protocol = (SilcProtocol)context;
876 SilcServerConnAuthInternalContext *ctx =
877 (SilcServerConnAuthInternalContext *)protocol->context;
878 SilcServer server = (SilcServer)ctx->server;
880 SILC_LOG_DEBUG(("Start"));
882 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
883 protocol->state = SILC_PROTOCOL_STATE_START;
885 SILC_LOG_DEBUG(("State=%d", protocol->state));
887 switch(protocol->state) {
888 case SILC_PROTOCOL_STATE_START:
894 if (ctx->responder == TRUE) {
896 * We are receiving party
899 SilcUInt16 payload_len;
900 SilcUInt16 conn_type;
901 unsigned char *auth_data = NULL;
903 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
904 ctx->sock->hostname, ctx->sock->ip));
906 /* Parse the received authentication data packet. The received
907 payload is Connection Auth Payload. */
908 ret = silc_buffer_unformat(ctx->packet->buffer,
909 SILC_STR_UI_SHORT(&payload_len),
910 SILC_STR_UI_SHORT(&conn_type),
913 SILC_LOG_ERROR(("Bad payload in authentication packet"));
914 protocol->state = SILC_PROTOCOL_STATE_ERROR;
915 silc_protocol_execute(protocol, server->schedule, 0, 300000);
919 if (payload_len != ctx->packet->buffer->len) {
920 SILC_LOG_ERROR(("Bad payload length in authentication packet"));
921 protocol->state = SILC_PROTOCOL_STATE_ERROR;
922 silc_protocol_execute(protocol, server->schedule, 0, 300000);
928 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
929 conn_type > SILC_SOCKET_TYPE_ROUTER) {
930 SILC_LOG_ERROR(("Bad connection type (%d) in authentication packet",
932 protocol->state = SILC_PROTOCOL_STATE_ERROR;
933 silc_protocol_execute(protocol, server->schedule, 0, 300000);
937 if (payload_len > 0) {
938 /* Get authentication data */
939 silc_buffer_pull(ctx->packet->buffer, 4);
940 ret = silc_buffer_unformat(ctx->packet->buffer,
941 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
945 SILC_LOG_DEBUG(("Bad payload in authentication payload"));
946 protocol->state = SILC_PROTOCOL_STATE_ERROR;
947 silc_protocol_execute(protocol, server->schedule, 0, 300000);
953 * Check the remote connection type and make sure that we have
954 * configured this connection. If we haven't allowed this connection
955 * the authentication must be failed.
958 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
960 /* Remote end is client */
961 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
962 SilcServerConfigClient *client = ctx->cconfig;
965 ret = silc_server_get_authentication(ctx, client->passphrase,
967 auth_data, payload_len);
969 /* Authentication failed */
970 SILC_LOG_ERROR(("Authentication failed"));
971 silc_free(auth_data);
972 protocol->state = SILC_PROTOCOL_STATE_ERROR;
973 silc_protocol_execute(protocol, server->schedule, 0, 300000);
977 SILC_LOG_ERROR(("Remote client connection not configured"));
978 SILC_LOG_ERROR(("Authentication failed"));
979 silc_free(auth_data);
980 protocol->state = SILC_PROTOCOL_STATE_ERROR;
981 silc_protocol_execute(protocol, server->schedule,
987 /* Remote end is server */
988 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
989 SilcServerConfigServer *serv = ctx->sconfig;
992 ret = silc_server_get_authentication(ctx, serv->passphrase,
994 auth_data, payload_len);
996 /* Authentication failed */
997 SILC_LOG_ERROR(("Authentication failed"));
998 silc_free(auth_data);
999 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1000 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1004 SILC_LOG_ERROR(("Remote server connection not configured"));
1005 SILC_LOG_ERROR(("Authentication failed"));
1006 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1007 silc_protocol_execute(protocol, server->schedule,
1009 silc_free(auth_data);
1014 /* Remote end is router */
1015 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
1016 SilcServerConfigRouter *serv = ctx->rconfig;
1019 ret = silc_server_get_authentication(ctx, serv->passphrase,
1021 auth_data, payload_len);
1023 /* Authentication failed */
1024 SILC_LOG_ERROR(("Authentication failed"));
1025 silc_free(auth_data);
1026 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1027 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1031 SILC_LOG_ERROR(("Remote router connection not configured"));
1032 SILC_LOG_ERROR(("Authentication failed"));
1033 silc_free(auth_data);
1034 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1035 silc_protocol_execute(protocol, server->schedule,
1041 silc_free(auth_data);
1043 /* Save connection type. This is later used to create the
1044 ID for the connection. */
1045 ctx->conn_type = conn_type;
1047 /* Advance protocol state. */
1048 protocol->state = SILC_PROTOCOL_STATE_END;
1049 silc_protocol_execute(protocol, server->schedule, 0, 0);
1053 * We are initiator. We are authenticating ourselves to a
1054 * remote server. We will send the authentication data to the
1055 * other end for verify.
1058 int payload_len = 0;
1059 unsigned char *auth_data = NULL;
1060 SilcUInt32 auth_data_len = 0;
1062 switch(ctx->auth_meth) {
1063 case SILC_AUTH_NONE:
1064 /* No authentication required */
1067 case SILC_AUTH_PASSWORD:
1068 /* Password authentication */
1069 if (ctx->auth_data && ctx->auth_data_len) {
1070 auth_data = strdup(ctx->auth_data);
1071 auth_data_len = ctx->auth_data_len;
1076 case SILC_AUTH_PUBLIC_KEY:
1078 /* Public key authentication */
1079 silc_server_get_public_key_auth(server, &auth_data, &auth_data_len,
1085 payload_len = 4 + auth_data_len;
1086 packet = silc_buffer_alloc(payload_len);
1087 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
1088 silc_buffer_format(packet,
1089 SILC_STR_UI_SHORT(payload_len),
1090 SILC_STR_UI_SHORT(server->server_type
1092 SILC_SOCKET_TYPE_SERVER :
1093 SILC_SOCKET_TYPE_ROUTER),
1094 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
1097 /* Send the packet to server */
1098 silc_server_packet_send(server, ctx->sock,
1099 SILC_PACKET_CONNECTION_AUTH, 0,
1100 packet->data, packet->len, TRUE);
1103 memset(auth_data, 0, auth_data_len);
1104 silc_free(auth_data);
1106 silc_buffer_free(packet);
1108 /* Next state is end of protocol */
1109 protocol->state = SILC_PROTOCOL_STATE_END;
1114 case SILC_PROTOCOL_STATE_END:
1119 unsigned char ok[4];
1121 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
1123 /* Authentication successful */
1124 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
1127 /* Unregister the timeout task since the protocol has ended.
1128 This was the timeout task to be executed if the protocol is
1129 not completed fast enough. */
1130 if (ctx->timeout_task)
1131 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1133 /* Assure that after calling final callback there cannot be pending
1134 executions for this protocol anymore. This just unregisters any
1135 timeout callbacks for this protocol. */
1136 silc_protocol_cancel(protocol, server->schedule);
1138 /* Protocol has ended, call the final callback */
1139 if (protocol->final_callback)
1140 silc_protocol_execute_final(protocol, server->schedule);
1142 silc_protocol_free(protocol);
1145 case SILC_PROTOCOL_STATE_ERROR:
1148 * Error. Send notify to remote.
1150 unsigned char error[4];
1152 /* Authentication failed */
1153 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
1154 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
1157 /* Unregister the timeout task since the protocol has ended.
1158 This was the timeout task to be executed if the protocol is
1159 not completed fast enough. */
1160 if (ctx->timeout_task)
1161 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1163 /* Assure that after calling final callback there cannot be pending
1164 executions for this protocol anymore. This just unregisters any
1165 timeout callbacks for this protocol. */
1166 silc_protocol_cancel(protocol, server->schedule);
1168 /* On error the final callback is always called. */
1169 if (protocol->final_callback)
1170 silc_protocol_execute_final(protocol, server->schedule);
1172 silc_protocol_free(protocol);
1176 case SILC_PROTOCOL_STATE_FAILURE:
1178 * We have received failure from remote
1181 SILC_LOG_ERROR(("Received Authentication Failure"));
1183 /* Unregister the timeout task since the protocol has ended.
1184 This was the timeout task to be executed if the protocol is
1185 not completed fast enough. */
1186 if (ctx->timeout_task)
1187 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1189 /* Assure that after calling final callback there cannot be pending
1190 executions for this protocol anymore. This just unregisters any
1191 timeout callbacks for this protocol. */
1192 silc_protocol_cancel(protocol, server->schedule);
1194 /* On error the final callback is always called. */
1195 if (protocol->final_callback)
1196 silc_protocol_execute_final(protocol, server->schedule);
1198 silc_protocol_free(protocol);
1201 case SILC_PROTOCOL_STATE_UNKNOWN:
1207 * Re-key protocol routines
1210 /* Actually takes the new keys into use. */
1213 silc_server_protocol_rekey_validate(SilcServer server,
1214 SilcServerRekeyInternalContext *ctx,
1215 SilcIDListData idata,
1216 SilcSKEKeyMaterial *keymat,
1219 if (ctx->responder == TRUE) {
1221 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1222 keymat->enc_key_len);
1223 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1224 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
1225 keymat->hmac_key_len);
1227 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1228 keymat->enc_key_len);
1229 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1230 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
1231 keymat->hmac_key_len);
1235 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1236 keymat->enc_key_len);
1237 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1238 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
1239 keymat->hmac_key_len);
1241 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1242 keymat->enc_key_len);
1243 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1244 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
1245 keymat->hmac_key_len);
1249 /* Save the current sending encryption key */
1251 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1252 silc_free(idata->rekey->send_enc_key);
1253 idata->rekey->send_enc_key = silc_memdup(keymat->send_enc_key,
1254 keymat->enc_key_len / 8);
1255 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1259 /* This function actually re-generates (when not using PFS) the keys and
1260 takes them into use. */
1262 void silc_server_protocol_rekey_generate(SilcServer server,
1263 SilcServerRekeyInternalContext *ctx,
1266 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1267 SilcSKEKeyMaterial *keymat;
1268 SilcUInt32 key_len = silc_cipher_get_key_len(idata->send_key);
1269 SilcUInt32 hash_len = idata->hash->hash->hash_len;
1271 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1272 send ? "sending" : "receiving"));
1274 /* Generate the new key */
1275 keymat = silc_calloc(1, sizeof(*keymat));
1276 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1277 idata->rekey->enc_key_len,
1278 16, key_len, hash_len,
1279 idata->hash, keymat);
1281 /* Set the keys into use */
1282 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1284 silc_ske_free_key_material(keymat);
1287 /* This function actually re-generates (with PFS) the keys and
1288 takes them into use. */
1291 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1292 SilcServerRekeyInternalContext *ctx,
1295 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1296 SilcSKEKeyMaterial *keymat;
1297 SilcUInt32 key_len = silc_cipher_get_key_len(idata->send_key);
1298 SilcUInt32 hash_len = idata->hash->hash->hash_len;
1299 unsigned char *tmpbuf;
1302 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1303 send ? "sending" : "receiving"));
1305 /* Encode KEY to binary data */
1306 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1308 /* Generate the new key */
1309 keymat = silc_calloc(1, sizeof(*keymat));
1310 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1311 idata->hash, keymat);
1313 /* Set the keys into use */
1314 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1316 memset(tmpbuf, 0, klen);
1318 silc_ske_free_key_material(keymat);
1321 /* Packet sending callback. This function is provided as packet sending
1322 routine to the Key Exchange functions. */
1325 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1327 SilcPacketType type,
1330 SilcProtocol protocol = (SilcProtocol)context;
1331 SilcServerRekeyInternalContext *ctx =
1332 (SilcServerRekeyInternalContext *)protocol->context;
1333 SilcServer server = (SilcServer)ctx->server;
1335 /* Send the packet immediately */
1336 silc_server_packet_send(server, ctx->sock,
1337 type, 0, packet->data, packet->len, FALSE);
1340 /* Performs re-key as defined in the SILC protocol specification. */
1342 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1344 SilcProtocol protocol = (SilcProtocol)context;
1345 SilcServerRekeyInternalContext *ctx =
1346 (SilcServerRekeyInternalContext *)protocol->context;
1347 SilcServer server = (SilcServer)ctx->server;
1348 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1349 SilcSKEStatus status;
1351 SILC_LOG_DEBUG(("Start"));
1353 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1354 protocol->state = SILC_PROTOCOL_STATE_START;
1356 SILC_LOG_DEBUG(("State=%d", protocol->state));
1358 switch(protocol->state) {
1359 case SILC_PROTOCOL_STATE_START:
1365 if (ctx->responder == TRUE) {
1367 * We are receiving party
1370 if (ctx->pfs == TRUE) {
1372 * Use Perfect Forward Secrecy, ie. negotiate the key material
1373 * using the SKE protocol.
1376 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1377 SILC_LOG_ERROR(("Error during Re-key (PFS): re-key state is "
1378 "incorrect (received %d, expected %d packet)",
1379 ctx->packet->type, SILC_PACKET_KEY_EXCHANGE_1));
1380 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1381 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1385 ctx->ske = silc_ske_alloc(server->rng, server);
1386 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1387 silc_ske_group_get_by_number(idata->rekey->ske_group,
1388 &ctx->ske->prop->group);
1390 silc_ske_set_callbacks(ctx->ske,
1391 silc_server_protocol_rekey_send_packet,
1392 NULL, NULL, NULL, silc_ske_check_version,
1395 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
1396 if (status != SILC_SKE_STATUS_OK) {
1397 SILC_LOG_ERROR(("Error (%s) during Re-key (PFS)",
1398 silc_ske_map_status(status)));
1399 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1400 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1404 /* Advance the protocol state */
1406 silc_protocol_execute(protocol, server->schedule, 0, 0);
1409 * Do normal and simple re-key.
1412 /* Send the REKEY_DONE to indicate we will take new keys into use */
1413 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1416 /* After we send REKEY_DONE we must set the sending encryption
1417 key to the new key since all packets after this packet must
1418 encrypted with the new key. */
1419 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1421 /* The protocol ends in next stage. */
1422 protocol->state = SILC_PROTOCOL_STATE_END;
1427 * We are the initiator of this protocol
1430 /* Start the re-key by sending the REKEY packet */
1431 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1434 if (ctx->pfs == TRUE) {
1436 * Use Perfect Forward Secrecy, ie. negotiate the key material
1437 * using the SKE protocol.
1439 ctx->ske = silc_ske_alloc(server->rng, server);
1440 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1441 silc_ske_group_get_by_number(idata->rekey->ske_group,
1442 &ctx->ske->prop->group);
1444 silc_ske_set_callbacks(ctx->ske,
1445 silc_server_protocol_rekey_send_packet,
1446 NULL, NULL, NULL, silc_ske_check_version,
1449 status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL, 0);
1450 if (status != SILC_SKE_STATUS_OK) {
1451 SILC_LOG_ERROR(("Error (%s) during Re-key (PFS)",
1452 silc_ske_map_status(status)));
1453 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1454 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1458 /* Advance the protocol state */
1462 * Do normal and simple re-key.
1465 /* Send the REKEY_DONE to indicate we will take new keys into use
1467 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1470 /* After we send REKEY_DONE we must set the sending encryption
1471 key to the new key since all packets after this packet must
1472 encrypted with the new key. */
1473 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1475 /* The protocol ends in next stage. */
1476 protocol->state = SILC_PROTOCOL_STATE_END;
1484 * Second state, used only when oding re-key with PFS.
1486 if (ctx->responder == TRUE) {
1487 if (ctx->pfs == TRUE) {
1489 * Send our KE packe to the initiator now that we've processed
1490 * the initiator's KE packet.
1492 status = silc_ske_responder_finish(ctx->ske, NULL, NULL,
1493 SILC_SKE_PK_TYPE_SILC);
1494 if (status != SILC_SKE_STATUS_OK) {
1495 SILC_LOG_ERROR(("Error (%s) during Re-key (PFS)",
1496 silc_ske_map_status(status)));
1497 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1498 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1504 if (ctx->pfs == TRUE) {
1506 * The packet type must be KE packet
1508 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1509 SILC_LOG_ERROR(("Error during Re-key (PFS): re-key state is "
1510 "incorrect (received %d, expected %d packet)",
1511 ctx->packet->type, SILC_PACKET_KEY_EXCHANGE_2));
1512 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1513 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1517 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
1518 if (status != SILC_SKE_STATUS_OK) {
1519 SILC_LOG_ERROR(("Error (%s) during Re-key (PFS)",
1520 silc_ske_map_status(status)));
1521 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1522 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1528 /* Send the REKEY_DONE to indicate we will take new keys into use
1530 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1533 /* After we send REKEY_DONE we must set the sending encryption
1534 key to the new key since all packets after this packet must
1535 encrypted with the new key. */
1536 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1538 /* The protocol ends in next stage. */
1539 protocol->state = SILC_PROTOCOL_STATE_END;
1542 case SILC_PROTOCOL_STATE_END:
1547 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1548 SILC_LOG_ERROR(("Error during Re-key (PFS): re-key state is "
1549 "incorrect (received %d, expected %d packet)",
1550 ctx->packet->type, SILC_PACKET_REKEY_DONE));
1551 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1552 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1556 /* We received the REKEY_DONE packet and all packets after this is
1557 encrypted with the new key so set the decryption key to the new key */
1558 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1560 /* Assure that after calling final callback there cannot be pending
1561 executions for this protocol anymore. This just unregisters any
1562 timeout callbacks for this protocol. */
1563 silc_protocol_cancel(protocol, server->schedule);
1565 /* Protocol has ended, call the final callback */
1566 if (protocol->final_callback)
1567 silc_protocol_execute_final(protocol, server->schedule);
1569 silc_protocol_free(protocol);
1572 case SILC_PROTOCOL_STATE_ERROR:
1577 if (ctx->pfs == TRUE)
1578 /* Send abort notification */
1579 silc_ske_abort(ctx->ske, ctx->ske->status);
1581 /* Assure that after calling final callback there cannot be pending
1582 executions for this protocol anymore. This just unregisters any
1583 timeout callbacks for this protocol. */
1584 silc_protocol_cancel(protocol, server->schedule);
1586 /* On error the final callback is always called. */
1587 if (protocol->final_callback)
1588 silc_protocol_execute_final(protocol, server->schedule);
1590 silc_protocol_free(protocol);
1593 case SILC_PROTOCOL_STATE_FAILURE:
1595 * We have received failure from remote
1598 SILC_LOG_ERROR(("Error during Re-Key: received Failure"));
1600 /* Assure that after calling final callback there cannot be pending
1601 executions for this protocol anymore. This just unregisters any
1602 timeout callbacks for this protocol. */
1603 silc_protocol_cancel(protocol, server->schedule);
1605 /* On error the final callback is always called. */
1606 if (protocol->final_callback)
1607 silc_protocol_execute_final(protocol, server->schedule);
1609 silc_protocol_free(protocol);
1612 case SILC_PROTOCOL_STATE_UNKNOWN:
1618 /* Registers protocols used in server. */
1620 void silc_server_protocols_register(void)
1622 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1623 silc_server_protocol_connection_auth);
1624 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1625 silc_server_protocol_key_exchange);
1626 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1627 silc_server_protocol_rekey);
1628 silc_protocol_register(SILC_PROTOCOL_SERVER_BACKUP,
1629 silc_server_protocol_backup);
1632 /* Unregisters protocols */
1634 void silc_server_protocols_unregister(void)
1636 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1637 silc_server_protocol_connection_auth);
1638 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1639 silc_server_protocol_key_exchange);
1640 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1641 silc_server_protocol_rekey);
1642 silc_protocol_unregister(SILC_PROTOCOL_SERVER_BACKUP,
1643 silc_server_protocol_backup);