5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2002 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
39 silc_verify_public_key_internal(SilcServer server, SilcSocketConnection sock,
40 SilcSocketType conn_type,
41 unsigned char *pk, SilcUInt32 pk_len,
42 SilcSKEPKType pk_type)
44 char file[256], filename[256], *fingerprint;
47 if (pk_type != SILC_SKE_PK_TYPE_SILC) {
48 SILC_LOG_WARNING(("We don't support %s (%s) port %d public key type %d",
49 sock->hostname, sock->ip, sock->port, pk_type));
53 /* Accept client keys without verification */
54 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
55 SILC_LOG_DEBUG(("Accepting client public key without verification"));
59 /* XXX For now, accept server keys without verification too. We are
60 currently always doing mutual authentication so the proof of posession
61 of the private key is verified, and if server is authenticated in
62 conn auth protocol with public key we MUST have the key already. */
64 /* Rest is unreachable code! */
66 memset(filename, 0, sizeof(filename));
67 memset(file, 0, sizeof(file));
68 snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", sock->hostname,
70 snprintf(filename, sizeof(filename) - 1, SILC_ETCDIR "/serverkeys/%s",
73 /* Create serverkeys directory if it doesn't exist. */
74 if (stat(SILC_ETCDIR "/serverkeys", &st) < 0) {
75 /* If dir doesn't exist */
76 if (errno == ENOENT) {
77 if (mkdir(SILC_ETCDIR "/serverkeys", 0755) < 0) {
78 SILC_LOG_ERROR(("Couldn't create `%s' directory\n",
79 SILC_ETCDIR "/serverkeys"));
83 SILC_LOG_ERROR(("%s\n", strerror(errno)));
88 /* Take fingerprint of the public key */
89 fingerprint = silc_hash_fingerprint(NULL, pk, pk_len);
90 SILC_LOG_DEBUG(("Received server %s (%s) port %d public key (%s)",
91 sock->hostname, sock->ip, sock->port, fingerprint));
92 silc_free(fingerprint);
94 /* Check whether this key already exists */
95 if (stat(filename, &st) < 0) {
96 /* We don't have it, then cache it. */
97 SILC_LOG_DEBUG(("New public key from server"));
99 silc_pkcs_save_public_key_data(filename, pk, pk_len,
103 /* The key already exists, verify it. */
104 SilcPublicKey public_key;
105 unsigned char *encpk;
106 SilcUInt32 encpk_len;
108 SILC_LOG_DEBUG(("We have the public key saved locally"));
110 /* Load the key file */
111 if (!silc_pkcs_load_public_key(filename, &public_key,
113 if (!silc_pkcs_load_public_key(filename, &public_key,
114 SILC_PKCS_FILE_BIN)) {
115 SILC_LOG_WARNING(("Could not load local copy of the %s (%s) port %d "
116 "server public key", sock->hostname, sock->ip,
119 /* Save the key for future checking */
121 silc_pkcs_save_public_key_data(filename, pk, pk_len,
126 /* Encode the key data */
127 encpk = silc_pkcs_public_key_encode(public_key, &encpk_len);
129 SILC_LOG_WARNING(("Local copy of the server %s (%s) port %d public key "
130 "is malformed", sock->hostname, sock->ip, sock->port));
132 /* Save the key for future checking */
134 silc_pkcs_save_public_key_data(filename, pk, pk_len, SILC_PKCS_FILE_PEM);
138 if (memcmp(pk, encpk, encpk_len)) {
139 SILC_LOG_WARNING(("%s (%s) port %d server public key does not match "
140 "with local copy", sock->hostname, sock->ip,
142 SILC_LOG_WARNING(("It is possible that the key has expired or changed"));
143 SILC_LOG_WARNING(("It is also possible that some one is performing "
144 "man-in-the-middle attack"));
145 SILC_LOG_WARNING(("Will not accept the server %s (%s) port %d public "
147 sock->hostname, sock->ip, sock->port));
151 /* Local copy matched */
156 /* Callback that is called when we have received KE2 payload from
157 responder. We try to verify the public key now. */
160 silc_server_protocol_ke_verify_key(SilcSKE ske,
161 unsigned char *pk_data,
163 SilcSKEPKType pk_type,
165 SilcSKEVerifyCbCompletion completion,
166 void *completion_context)
168 SilcProtocol protocol = (SilcProtocol)context;
169 SilcServerKEInternalContext *ctx =
170 (SilcServerKEInternalContext *)protocol->context;
171 SilcServer server = (SilcServer)ctx->server;
173 SILC_LOG_DEBUG(("Verifying received public key"));
175 if (silc_verify_public_key_internal(
177 (ctx->responder == FALSE ?
178 SILC_SOCKET_TYPE_ROUTER:
179 ctx->sconfig.ref_ptr ? SILC_SOCKET_TYPE_SERVER :
180 ctx->rconfig.ref_ptr ? SILC_SOCKET_TYPE_ROUTER :
181 SILC_SOCKET_TYPE_CLIENT),
182 pk_data, pk_len, pk_type))
183 completion(ske, SILC_SKE_STATUS_OK, completion_context);
185 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
189 /* Packet sending callback. This function is provided as packet sending
190 routine to the Key Exchange functions. */
192 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
197 SilcProtocol protocol = (SilcProtocol)context;
198 SilcServerKEInternalContext *ctx =
199 (SilcServerKEInternalContext *)protocol->context;
200 SilcServer server = (SilcServer)ctx->server;
202 /* Send the packet immediately */
203 silc_server_packet_send(server, ske->sock,
204 type, 0, packet->data, packet->len, TRUE);
207 /* Sets the negotiated key material into use for particular connection. */
209 int silc_server_protocol_ke_set_keys(SilcServer server,
211 SilcSocketConnection sock,
212 SilcSKEKeyMaterial *keymat,
217 SilcSKEDiffieHellmanGroup group,
220 SilcUnknownEntry conn_data;
221 SilcIDListData idata;
223 SILC_LOG_DEBUG(("Setting new keys into use"));
225 conn_data = silc_calloc(1, sizeof(*conn_data));
226 idata = (SilcIDListData)conn_data;
228 /* Allocate cipher to be used in the communication */
229 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
230 silc_free(conn_data);
231 SILC_LOG_ERROR(("Cannot allocate algorithm: %s", cipher->cipher->name));
234 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
235 silc_free(conn_data);
236 SILC_LOG_ERROR(("Cannot allocate algorithm: %s", cipher->cipher->name));
240 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
241 &idata->hmac_send)) {
242 silc_cipher_free(idata->send_key);
243 silc_cipher_free(idata->receive_key);
244 silc_free(conn_data);
245 SILC_LOG_ERROR(("Cannot allocate algorithm: %s",
246 silc_hmac_get_name(hmac)));
250 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
251 &idata->hmac_receive)) {
252 silc_cipher_free(idata->send_key);
253 silc_cipher_free(idata->receive_key);
254 silc_hmac_free(idata->hmac_send);
255 silc_free(conn_data);
256 SILC_LOG_ERROR(("Cannot allocate algorithm: %s",
257 silc_hmac_get_name(hmac)));
261 if (is_responder == TRUE) {
262 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
263 keymat->enc_key_len);
264 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
265 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
266 keymat->enc_key_len);
267 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
268 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
269 keymat->hmac_key_len);
270 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
271 keymat->hmac_key_len);
273 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
274 keymat->enc_key_len);
275 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
276 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
277 keymat->enc_key_len);
278 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
279 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
280 keymat->hmac_key_len);
281 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
282 keymat->hmac_key_len);
285 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
286 idata->rekey->send_enc_key = silc_memdup(keymat->send_enc_key,
287 keymat->enc_key_len / 8);
288 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
290 if (ske->prop->flags & SILC_SKE_SP_FLAG_PFS)
291 idata->rekey->pfs = TRUE;
292 idata->rekey->ske_group = silc_ske_group_get_number(group);
295 if (!silc_hash_alloc(silc_hash_get_name(hash), &idata->hash)) {
296 silc_cipher_free(idata->send_key);
297 silc_cipher_free(idata->receive_key);
298 silc_hmac_free(idata->hmac_send);
299 silc_hmac_free(idata->hmac_receive);
300 silc_free(conn_data);
301 SILC_LOG_ERROR(("Cannot allocate algorithm: %s",
302 silc_hash_get_name(hash)));
306 /* Save the remote host's public key */
307 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
308 ske->ke1_payload->pk_len, &idata->public_key);
309 if (ske->prop->flags & SILC_SKE_SP_FLAG_MUTUAL)
310 silc_hash_make(server->sha1hash, ske->ke1_payload->pk_data,
311 ske->ke1_payload->pk_len, idata->fingerprint);
313 sock->user_data = (void *)conn_data;
315 SILC_LOG_INFO(("%s (%s) security properties: %s %s %s %s",
316 sock->hostname, sock->ip,
317 idata->send_key->cipher->name,
318 (char *)silc_hmac_get_name(idata->hmac_send),
319 silc_hash_get_name(idata->hash),
320 ske->prop->flags & SILC_SKE_SP_FLAG_PFS ? "PFS" : ""));
325 /* Check remote host version string */
327 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
328 SilcUInt32 len, void *context)
330 SilcUInt32 l_protocol_version = 0, r_protocol_version = 0;
332 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
333 ske->sock->ip, version));
335 if (!silc_parse_version_string(version, &r_protocol_version, NULL, NULL,
337 SILC_LOG_ERROR(("%s (%s) %s is not allowed/supported version",
338 ske->sock->hostname, ske->sock->ip, version));
339 return SILC_SKE_STATUS_BAD_VERSION;
342 if (!silc_parse_version_string(silc_version_string,
343 &l_protocol_version, NULL, NULL,
345 SILC_LOG_ERROR(("%s (%s) %s is not allowed/supported version",
346 ske->sock->hostname, ske->sock->ip, version));
347 return SILC_SKE_STATUS_BAD_VERSION;
350 /* If remote is too new, don't connect */
351 if (l_protocol_version < r_protocol_version) {
352 SILC_LOG_ERROR(("%s (%s) %s is not allowed/supported version",
353 ske->sock->hostname, ske->sock->ip, version));
354 return SILC_SKE_STATUS_BAD_VERSION;
357 ske->sock->version = r_protocol_version;
359 return SILC_SKE_STATUS_OK;
362 /* Callback that is called by the SKE to indicate that it is safe to
363 continue the execution of the protocol. This is used only if we are
364 initiator. Is given as argument to the silc_ske_initiator_finish or
365 silc_ske_responder_phase_2 functions. This is called due to the fact
366 that the public key verification process is asynchronous and we must
367 not continue the protocl until the public key has been verified and
368 this callback is called. */
370 static void silc_server_protocol_ke_continue(SilcSKE ske, void *context)
372 SilcProtocol protocol = (SilcProtocol)context;
373 SilcServerKEInternalContext *ctx =
374 (SilcServerKEInternalContext *)protocol->context;
375 SilcServer server = (SilcServer)ctx->server;
377 if (ske->status != SILC_SKE_STATUS_OK) {
378 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
379 silc_ske_map_status(ske->status)));
381 protocol->state = SILC_PROTOCOL_STATE_ERROR;
382 silc_protocol_execute(protocol, server->schedule, 0, 300000);
386 /* Send Ok to the other end. We will end the protocol as responder
387 sends Ok to us when we will take the new keys into use. */
388 if (ctx->responder == FALSE) {
389 SILC_LOG_DEBUG(("Ending key exchange protocol"));
390 silc_ske_end(ctx->ske);
392 /* End the protocol on the next round */
393 protocol->state = SILC_PROTOCOL_STATE_END;
396 /* Advance protocol state and call the next state if we are responder.
397 This happens when this callback was sent to silc_ske_responder_phase_2
399 if (ctx->responder == TRUE) {
401 silc_protocol_execute(protocol, server->schedule, 0, 100000);
405 /* Performs key exchange protocol. This is used for both initiator
406 and responder key exchange. This is performed always when accepting
407 new connection to the server. This may be called recursively. */
409 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
411 SilcProtocol protocol = (SilcProtocol)context;
412 SilcServerKEInternalContext *ctx =
413 (SilcServerKEInternalContext *)protocol->context;
414 SilcServer server = (SilcServer)ctx->server;
415 SilcSKEStatus status = SILC_SKE_STATUS_OK;
417 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
418 protocol->state = SILC_PROTOCOL_STATE_START;
420 SILC_LOG_DEBUG(("Current protocol state %d", protocol->state));
422 switch(protocol->state) {
423 case SILC_PROTOCOL_STATE_START:
430 /* Allocate Key Exchange object */
431 ctx->ske = ske = silc_ske_alloc(server->rng, server);
433 silc_ske_set_callbacks(ske, silc_server_protocol_ke_send_packet, NULL,
434 silc_server_protocol_ke_verify_key,
435 silc_server_protocol_ke_continue,
436 silc_ske_check_version, context);
438 if (ctx->responder == TRUE) {
439 /* Start the key exchange by processing the received security
440 properties packet from initiator. */
441 SILC_LOG_DEBUG(("Process security property list (KE)"));
442 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
444 ctx->packet->buffer, ctx->flags);
446 SilcSKEStartPayload *start_payload;
448 SILC_LOG_DEBUG(("Send security property list (KE)"));
450 /* Assemble security properties. */
451 silc_ske_assemble_security_properties(ske, ctx->flags,
455 /* Start the key exchange by sending our security properties
456 to the remote end. */
457 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
461 /* Return now if the procedure is pending. */
462 if (status == SILC_SKE_STATUS_PENDING)
465 if (status != SILC_SKE_STATUS_OK) {
466 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
467 silc_ske_map_status(status)));
469 protocol->state = SILC_PROTOCOL_STATE_ERROR;
470 silc_protocol_execute(protocol, server->schedule, 0, 300000);
474 /* Advance protocol state and call the next state if we are responder */
476 if (ctx->responder == TRUE)
477 silc_protocol_execute(protocol, server->schedule, 0, 100000);
485 if (ctx->responder == TRUE) {
486 /* Sends the selected security properties to the initiator. */
487 SILC_LOG_DEBUG(("Send security property list reply (KE)"));
488 status = silc_ske_responder_phase_1(ctx->ske);
490 /* Call Phase-1 function. This processes the Key Exchange Start
491 paylaod reply we just got from the responder. The callback
492 function will receive the processed payload where we will
494 SILC_LOG_DEBUG(("Process security property list reply (KE)"));
495 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer);
498 /* Return now if the procedure is pending. */
499 if (status == SILC_SKE_STATUS_PENDING)
502 if (status != SILC_SKE_STATUS_OK) {
503 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
504 silc_ske_map_status(status)));
506 protocol->state = SILC_PROTOCOL_STATE_ERROR;
507 silc_protocol_execute(protocol, server->schedule, 0, 300000);
511 /* Advance protocol state and call next state if we are initiator */
513 if (ctx->responder == FALSE)
514 silc_protocol_execute(protocol, server->schedule, 0, 100000);
522 if (ctx->responder == TRUE) {
523 /* Process the received Key Exchange 1 Payload packet from
524 the initiator. This also creates our parts of the Diffie
525 Hellman algorithm. The silc_server_protocol_ke_continue
526 will be called after the public key has been verified. */
527 SILC_LOG_DEBUG(("Process KE1 packet"));
528 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
530 /* Call the Phase-2 function. This creates Diffie Hellman
531 key exchange parameters and sends our public part inside
532 Key Exhange 1 Payload to the responder. */
533 SILC_LOG_DEBUG(("Send KE1 packet"));
534 status = silc_ske_initiator_phase_2(ctx->ske,
537 SILC_SKE_PK_TYPE_SILC);
541 /* Return now if the procedure is pending. */
542 if (status == SILC_SKE_STATUS_PENDING)
545 if (status != SILC_SKE_STATUS_OK) {
546 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
547 silc_ske_map_status(status)));
549 protocol->state = SILC_PROTOCOL_STATE_ERROR;
550 silc_protocol_execute(protocol, server->schedule, 0, 300000);
560 if (ctx->responder == TRUE) {
561 /* This creates the key exchange material and sends our
562 public parts to the initiator inside Key Exchange 2 Payload. */
563 SILC_LOG_DEBUG(("Process KE2 packet"));
564 status = silc_ske_responder_finish(ctx->ske,
567 SILC_SKE_PK_TYPE_SILC);
569 /* End the protocol on the next round */
570 protocol->state = SILC_PROTOCOL_STATE_END;
572 /* Finish the protocol. This verifies the Key Exchange 2 payload
573 sent by responder. The silc_server_protocol_ke_continue will
574 be called after the public key has been verified. */
575 SILC_LOG_DEBUG(("Send KE2 packet"));
576 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
579 /* Return now if the procedure is pending. */
580 if (status == SILC_SKE_STATUS_PENDING)
583 if (status != SILC_SKE_STATUS_OK) {
584 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
585 silc_ske_map_status(status)));
587 protocol->state = SILC_PROTOCOL_STATE_ERROR;
588 silc_protocol_execute(protocol, server->schedule, 0, 300000);
594 case SILC_PROTOCOL_STATE_END:
599 SilcSKEKeyMaterial *keymat;
600 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
601 int hash_len = silc_hash_len(ctx->ske->prop->hash);
603 SILC_LOG_DEBUG(("Process computed key material"));
605 /* Process the key material */
606 keymat = silc_calloc(1, sizeof(*keymat));
607 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
609 if (status != SILC_SKE_STATUS_OK) {
610 SILC_LOG_ERROR(("Error during Key Exchange protocol: "
611 "could not process key material"));
613 protocol->state = SILC_PROTOCOL_STATE_ERROR;
614 silc_protocol_execute(protocol, server->schedule, 0, 300000);
615 silc_ske_free_key_material(keymat);
618 ctx->keymat = keymat;
620 /* Send Ok to the other end if we are responder. If we are initiator
621 we have sent this already. */
622 if (ctx->responder == TRUE) {
623 SILC_LOG_DEBUG(("Ending key exchange protocol"));
624 silc_ske_end(ctx->ske);
627 /* Unregister the timeout task since the protocol has ended.
628 This was the timeout task to be executed if the protocol is
629 not completed fast enough. */
630 if (ctx->timeout_task)
631 silc_schedule_task_del(server->schedule, ctx->timeout_task);
633 /* Assure that after calling final callback there cannot be pending
634 executions for this protocol anymore. This just unregisters any
635 timeout callbacks for this protocol. */
636 silc_protocol_cancel(protocol, server->schedule);
638 /* Call the final callback */
639 if (protocol->final_callback)
640 silc_protocol_execute_final(protocol, server->schedule);
642 silc_protocol_free(protocol);
646 case SILC_PROTOCOL_STATE_ERROR:
651 /* Send abort notification */
652 silc_ske_abort(ctx->ske, ctx->ske->status);
654 /* Unregister the timeout task since the protocol has ended.
655 This was the timeout task to be executed if the protocol is
656 not completed fast enough. */
657 if (ctx->timeout_task)
658 silc_schedule_task_del(server->schedule, ctx->timeout_task);
660 /* Assure that after calling final callback there cannot be pending
661 executions for this protocol anymore. This just unregisters any
662 timeout callbacks for this protocol. */
663 silc_protocol_cancel(protocol, server->schedule);
665 /* On error the final callback is always called. */
666 if (protocol->final_callback)
667 silc_protocol_execute_final(protocol, server->schedule);
669 silc_protocol_free(protocol);
672 case SILC_PROTOCOL_STATE_FAILURE:
674 * We have received failure from remote
677 /* Unregister the timeout task since the protocol has ended.
678 This was the timeout task to be executed if the protocol is
679 not completed fast enough. */
680 if (ctx->timeout_task)
681 silc_schedule_task_del(server->schedule, ctx->timeout_task);
683 /* Assure that after calling final callback there cannot be pending
684 executions for this protocol anymore. This just unregisters any
685 timeout callbacks for this protocol. */
686 silc_protocol_cancel(protocol, server->schedule);
688 /* On error the final callback is always called. */
689 if (protocol->final_callback)
690 silc_protocol_execute_final(protocol, server->schedule);
692 silc_protocol_free(protocol);
695 case SILC_PROTOCOL_STATE_UNKNOWN:
701 * Connection Authentication protocol functions
705 silc_server_password_authentication(SilcServer server, char *local_auth,
708 if (!remote_auth || !local_auth || strlen(local_auth) != strlen(remote_auth))
711 if (!memcmp(remote_auth, local_auth, strlen(local_auth)))
718 silc_server_public_key_authentication(SilcServer server,
719 SilcPublicKey pub_key,
728 if (!pub_key || !sign)
731 silc_pkcs_alloc(pub_key->name, &pkcs);
732 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
733 silc_pkcs_free(pkcs);
737 /* Make the authentication data. Protocol says it is HASH plus
739 len = ske->hash_len + ske->start_payload_copy->len;
740 auth = silc_buffer_alloc(len);
741 silc_buffer_pull_tail(auth, len);
742 silc_buffer_format(auth,
743 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
744 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
745 ske->start_payload_copy->len),
748 /* Verify signature */
749 if (silc_pkcs_verify_with_hash(pkcs, ske->prop->hash, sign, sign_len,
750 auth->data, auth->len)) {
751 silc_pkcs_free(pkcs);
752 silc_buffer_free(auth);
756 silc_pkcs_free(pkcs);
757 silc_buffer_free(auth);
762 silc_server_get_public_key_auth(SilcServer server,
763 unsigned char **auth_data,
764 SilcUInt32 *auth_data_len,
773 /* Make the authentication data. Protocol says it is HASH plus
775 len = ske->hash_len + ske->start_payload_copy->len;
776 auth = silc_buffer_alloc(len);
777 silc_buffer_pull_tail(auth, len);
778 silc_buffer_format(auth,
779 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
780 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
781 ske->start_payload_copy->len),
784 *auth_data = silc_calloc((silc_pkcs_get_key_len(pkcs) / 8) + 1,
785 sizeof(**auth_data));
786 if (silc_pkcs_sign_with_hash(pkcs, ske->prop->hash, auth->data,
787 auth->len, *auth_data, auth_data_len)) {
788 silc_buffer_free(auth);
792 SILC_LOG_ERROR(("Error computing signature"));
794 silc_free(*auth_data);
795 silc_buffer_free(auth);
799 /* Function that actually performs the authentication to the remote. This
800 supports both passphrase and public key authentication. */
803 silc_server_get_authentication(SilcServerConnAuthInternalContext *ctx,
804 char *local_passphrase,
805 SilcHashTable local_publickeys,
806 unsigned char *remote_auth,
807 SilcUInt32 remote_auth_len)
809 SilcServer server = (SilcServer)ctx->server;
810 SilcSKE ske = ctx->ske;
813 /* If we don't have authentication data set at all we do not require
814 authentication at all */
815 if (!local_passphrase && (!local_publickeys ||
816 !silc_hash_table_count(local_publickeys))) {
817 SILC_LOG_DEBUG(("No authentication required"));
821 /* If both passphrase and public key is provided then we'll try both of
822 them and see which one of them authenticates. If only one of them is
823 set, then try only that. */
825 /* Try first passphrase (as it is faster to check) */
826 if (local_passphrase) {
827 SILC_LOG_DEBUG(("Password authentication"));
828 result = silc_server_password_authentication(server, local_passphrase,
832 /* Try public key authenetication */
833 if (!result && local_publickeys) {
834 SilcPublicKey cached_key;
835 SilcPublicKey remote_key =
836 ((SilcIDListData)ctx->sock->user_data)->public_key;
838 SILC_LOG_DEBUG(("Public key authentication"));
840 /* Find the public key to be used in authentication */
841 cached_key = silc_server_find_public_key(server, local_publickeys,
846 result = silc_server_public_key_authentication(server, cached_key,
848 remote_auth_len, ske);
851 SILC_LOG_DEBUG(("Authentication %s", result ? "successful" : "failed"));
856 /* Performs connection authentication protocol. If responder, we
857 authenticate the remote data received. If initiator, we will send
858 authentication data to the remote end. */
860 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
862 SilcProtocol protocol = (SilcProtocol)context;
863 SilcServerConnAuthInternalContext *ctx =
864 (SilcServerConnAuthInternalContext *)protocol->context;
865 SilcServer server = (SilcServer)ctx->server;
867 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
868 protocol->state = SILC_PROTOCOL_STATE_START;
870 SILC_LOG_DEBUG(("Current protocol state %d", protocol->state));
872 switch(protocol->state) {
873 case SILC_PROTOCOL_STATE_START:
879 if (ctx->responder == TRUE) {
881 * We are receiving party
884 SilcUInt16 payload_len;
885 SilcUInt16 conn_type;
886 unsigned char *auth_data = NULL;
888 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
889 ctx->sock->hostname, ctx->sock->ip));
891 /* Parse the received authentication data packet. The received
892 payload is Connection Auth Payload. */
893 ret = silc_buffer_unformat(ctx->packet->buffer,
894 SILC_STR_UI_SHORT(&payload_len),
895 SILC_STR_UI_SHORT(&conn_type),
898 SILC_LOG_ERROR(("Bad payload in authentication packet"));
899 protocol->state = SILC_PROTOCOL_STATE_ERROR;
900 silc_protocol_execute(protocol, server->schedule, 0, 300000);
904 if (payload_len != ctx->packet->buffer->len) {
905 SILC_LOG_ERROR(("Bad payload length in authentication packet"));
906 protocol->state = SILC_PROTOCOL_STATE_ERROR;
907 silc_protocol_execute(protocol, server->schedule, 0, 300000);
913 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
914 conn_type > SILC_SOCKET_TYPE_ROUTER) {
915 SILC_LOG_ERROR(("Bad connection type (%d) in authentication packet",
917 protocol->state = SILC_PROTOCOL_STATE_ERROR;
918 silc_protocol_execute(protocol, server->schedule, 0, 300000);
922 if (payload_len > 0) {
923 /* Get authentication data */
924 silc_buffer_pull(ctx->packet->buffer, 4);
925 ret = silc_buffer_unformat(ctx->packet->buffer,
926 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
930 SILC_LOG_DEBUG(("Bad payload in authentication payload"));
931 protocol->state = SILC_PROTOCOL_STATE_ERROR;
932 silc_protocol_execute(protocol, server->schedule, 0, 300000);
938 * Check the remote connection type and make sure that we have
939 * configured this connection. If we haven't allowed this connection
940 * the authentication must be failed.
943 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
945 /* Remote end is client */
946 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
947 SilcServerConfigClient *client = ctx->cconfig.ref_ptr;
950 ret = silc_server_get_authentication(ctx, client->passphrase,
952 auth_data, payload_len);
954 /* Authentication failed */
955 SILC_LOG_ERROR(("Authentication failed"));
956 silc_free(auth_data);
957 protocol->state = SILC_PROTOCOL_STATE_ERROR;
958 silc_protocol_execute(protocol, server->schedule, 0, 300000);
962 SILC_LOG_ERROR(("Remote client connection not configured"));
963 SILC_LOG_ERROR(("Authentication failed"));
964 silc_free(auth_data);
965 protocol->state = SILC_PROTOCOL_STATE_ERROR;
966 silc_protocol_execute(protocol, server->schedule,
972 /* Remote end is server */
973 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
974 SilcServerConfigServer *serv = ctx->sconfig.ref_ptr;
977 ret = silc_server_get_authentication(ctx, serv->passphrase,
979 auth_data, payload_len);
981 /* Authentication failed */
982 SILC_LOG_ERROR(("Authentication failed"));
983 silc_free(auth_data);
984 protocol->state = SILC_PROTOCOL_STATE_ERROR;
985 silc_protocol_execute(protocol, server->schedule, 0, 300000);
989 SILC_LOG_ERROR(("Remote server connection not configured"));
990 SILC_LOG_ERROR(("Authentication failed"));
991 protocol->state = SILC_PROTOCOL_STATE_ERROR;
992 silc_protocol_execute(protocol, server->schedule,
994 silc_free(auth_data);
999 /* Remote end is router */
1000 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
1001 SilcServerConfigRouter *serv = ctx->rconfig.ref_ptr;
1004 ret = silc_server_get_authentication(ctx, serv->passphrase,
1006 auth_data, payload_len);
1008 /* Authentication failed */
1009 SILC_LOG_ERROR(("Authentication failed"));
1010 silc_free(auth_data);
1011 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1012 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1016 SILC_LOG_ERROR(("Remote router connection not configured"));
1017 SILC_LOG_ERROR(("Authentication failed"));
1018 silc_free(auth_data);
1019 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1020 silc_protocol_execute(protocol, server->schedule,
1026 silc_free(auth_data);
1028 /* Save connection type. This is later used to create the
1029 ID for the connection. */
1030 ctx->conn_type = conn_type;
1032 /* Advance protocol state. */
1033 protocol->state = SILC_PROTOCOL_STATE_END;
1034 silc_protocol_execute(protocol, server->schedule, 0, 0);
1038 * We are initiator. We are authenticating ourselves to a
1039 * remote server. We will send the authentication data to the
1040 * other end for verify.
1043 int payload_len = 0;
1044 unsigned char *auth_data = NULL;
1045 SilcUInt32 auth_data_len = 0;
1047 switch(ctx->auth_meth) {
1048 case SILC_AUTH_NONE:
1049 /* No authentication required */
1052 case SILC_AUTH_PASSWORD:
1053 /* Password authentication */
1054 if (ctx->auth_data && ctx->auth_data_len) {
1055 auth_data = strdup(ctx->auth_data);
1056 auth_data_len = ctx->auth_data_len;
1061 case SILC_AUTH_PUBLIC_KEY:
1063 /* Public key authentication */
1064 silc_server_get_public_key_auth(server, &auth_data, &auth_data_len,
1070 payload_len = 4 + auth_data_len;
1071 packet = silc_buffer_alloc(payload_len);
1072 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
1073 silc_buffer_format(packet,
1074 SILC_STR_UI_SHORT(payload_len),
1075 SILC_STR_UI_SHORT(server->server_type
1077 SILC_SOCKET_TYPE_SERVER :
1078 SILC_SOCKET_TYPE_ROUTER),
1079 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
1082 /* Send the packet to server */
1083 silc_server_packet_send(server, ctx->sock,
1084 SILC_PACKET_CONNECTION_AUTH, 0,
1085 packet->data, packet->len, TRUE);
1088 memset(auth_data, 0, auth_data_len);
1089 silc_free(auth_data);
1091 silc_buffer_free(packet);
1093 /* Next state is end of protocol */
1094 protocol->state = SILC_PROTOCOL_STATE_END;
1099 case SILC_PROTOCOL_STATE_END:
1104 unsigned char ok[4];
1106 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
1108 /* Authentication successful */
1109 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
1112 /* Unregister the timeout task since the protocol has ended.
1113 This was the timeout task to be executed if the protocol is
1114 not completed fast enough. */
1115 if (ctx->timeout_task)
1116 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1118 /* Assure that after calling final callback there cannot be pending
1119 executions for this protocol anymore. This just unregisters any
1120 timeout callbacks for this protocol. */
1121 silc_protocol_cancel(protocol, server->schedule);
1123 /* Protocol has ended, call the final callback */
1124 if (protocol->final_callback)
1125 silc_protocol_execute_final(protocol, server->schedule);
1127 silc_protocol_free(protocol);
1130 case SILC_PROTOCOL_STATE_ERROR:
1133 * Error. Send notify to remote.
1135 unsigned char error[4];
1137 /* Authentication failed */
1138 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
1139 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
1142 /* Unregister the timeout task since the protocol has ended.
1143 This was the timeout task to be executed if the protocol is
1144 not completed fast enough. */
1145 if (ctx->timeout_task)
1146 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1148 /* Assure that after calling final callback there cannot be pending
1149 executions for this protocol anymore. This just unregisters any
1150 timeout callbacks for this protocol. */
1151 silc_protocol_cancel(protocol, server->schedule);
1153 /* On error the final callback is always called. */
1154 if (protocol->final_callback)
1155 silc_protocol_execute_final(protocol, server->schedule);
1157 silc_protocol_free(protocol);
1161 case SILC_PROTOCOL_STATE_FAILURE:
1163 * We have received failure from remote
1166 SILC_LOG_ERROR(("Received Authentication Failure"));
1168 /* Unregister the timeout task since the protocol has ended.
1169 This was the timeout task to be executed if the protocol is
1170 not completed fast enough. */
1171 if (ctx->timeout_task)
1172 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1174 /* Assure that after calling final callback there cannot be pending
1175 executions for this protocol anymore. This just unregisters any
1176 timeout callbacks for this protocol. */
1177 silc_protocol_cancel(protocol, server->schedule);
1179 /* On error the final callback is always called. */
1180 if (protocol->final_callback)
1181 silc_protocol_execute_final(protocol, server->schedule);
1183 silc_protocol_free(protocol);
1186 case SILC_PROTOCOL_STATE_UNKNOWN:
1192 * Re-key protocol routines
1195 /* Actually takes the new keys into use. */
1198 silc_server_protocol_rekey_validate(SilcServer server,
1199 SilcServerRekeyInternalContext *ctx,
1200 SilcIDListData idata,
1201 SilcSKEKeyMaterial *keymat,
1204 if (ctx->responder == TRUE) {
1206 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1207 keymat->enc_key_len);
1208 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1209 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
1210 keymat->hmac_key_len);
1212 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1213 keymat->enc_key_len);
1214 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1215 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
1216 keymat->hmac_key_len);
1220 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1221 keymat->enc_key_len);
1222 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1223 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
1224 keymat->hmac_key_len);
1226 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1227 keymat->enc_key_len);
1228 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1229 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
1230 keymat->hmac_key_len);
1234 /* Save the current sending encryption key */
1236 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1237 silc_free(idata->rekey->send_enc_key);
1238 idata->rekey->send_enc_key = silc_memdup(keymat->send_enc_key,
1239 keymat->enc_key_len / 8);
1240 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1244 /* This function actually re-generates (when not using PFS) the keys and
1245 takes them into use. */
1247 void silc_server_protocol_rekey_generate(SilcServer server,
1248 SilcServerRekeyInternalContext *ctx,
1251 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1252 SilcSKEKeyMaterial *keymat;
1253 SilcUInt32 key_len = silc_cipher_get_key_len(idata->send_key);
1254 SilcUInt32 hash_len = silc_hash_len(idata->hash);
1256 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1257 send ? "sending" : "receiving"));
1259 /* Generate the new key */
1260 keymat = silc_calloc(1, sizeof(*keymat));
1261 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1262 idata->rekey->enc_key_len,
1263 16, key_len, hash_len,
1264 idata->hash, keymat);
1266 /* Set the keys into use */
1267 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1269 silc_ske_free_key_material(keymat);
1272 /* This function actually re-generates (with PFS) the keys and
1273 takes them into use. */
1276 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1277 SilcServerRekeyInternalContext *ctx,
1280 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1281 SilcSKEKeyMaterial *keymat;
1282 SilcUInt32 key_len = silc_cipher_get_key_len(idata->send_key);
1283 SilcUInt32 hash_len = silc_hash_len(idata->hash);
1284 unsigned char *tmpbuf;
1287 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1288 send ? "sending" : "receiving"));
1290 /* Encode KEY to binary data */
1291 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1293 /* Generate the new key */
1294 keymat = silc_calloc(1, sizeof(*keymat));
1295 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1296 idata->hash, keymat);
1298 /* Set the keys into use */
1299 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1301 memset(tmpbuf, 0, klen);
1303 silc_ske_free_key_material(keymat);
1306 /* Packet sending callback. This function is provided as packet sending
1307 routine to the Key Exchange functions. */
1310 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1312 SilcPacketType type,
1315 SilcProtocol protocol = (SilcProtocol)context;
1316 SilcServerRekeyInternalContext *ctx =
1317 (SilcServerRekeyInternalContext *)protocol->context;
1318 SilcServer server = (SilcServer)ctx->server;
1320 /* Send the packet immediately */
1321 silc_server_packet_send(server, ctx->sock,
1322 type, 0, packet->data, packet->len, FALSE);
1325 /* Performs re-key as defined in the SILC protocol specification. */
1327 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1329 SilcProtocol protocol = (SilcProtocol)context;
1330 SilcServerRekeyInternalContext *ctx =
1331 (SilcServerRekeyInternalContext *)protocol->context;
1332 SilcServer server = (SilcServer)ctx->server;
1333 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1334 SilcSKEStatus status;
1336 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1337 protocol->state = SILC_PROTOCOL_STATE_START;
1339 SILC_LOG_DEBUG(("Current protocol state %d", protocol->state));
1341 switch(protocol->state) {
1342 case SILC_PROTOCOL_STATE_START:
1348 if (ctx->responder == TRUE) {
1350 * We are receiving party
1353 if (ctx->pfs == TRUE) {
1355 * Use Perfect Forward Secrecy, ie. negotiate the key material
1356 * using the SKE protocol.
1359 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1360 SILC_LOG_ERROR(("Error during Re-key (R PFS): re-key state is "
1361 "incorrect (received %d, expected %d packet), "
1362 "with %s (%s)", ctx->packet->type,
1363 SILC_PACKET_KEY_EXCHANGE_1, ctx->sock->hostname,
1365 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1366 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1370 ctx->ske = silc_ske_alloc(server->rng, server);
1371 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1372 silc_ske_group_get_by_number(idata->rekey->ske_group,
1373 &ctx->ske->prop->group);
1375 silc_ske_set_callbacks(ctx->ske,
1376 silc_server_protocol_rekey_send_packet,
1377 NULL, NULL, NULL, silc_ske_check_version,
1380 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
1381 if (status != SILC_SKE_STATUS_OK) {
1382 SILC_LOG_ERROR(("Error (%s) during Re-key (R PFS), with %s (%s)",
1383 silc_ske_map_status(status), ctx->sock->hostname,
1385 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1386 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1390 /* Advance the protocol state */
1392 silc_protocol_execute(protocol, server->schedule, 0, 0);
1395 * Do normal and simple re-key.
1398 /* Send the REKEY_DONE to indicate we will take new keys into use */
1399 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1402 /* After we send REKEY_DONE we must set the sending encryption
1403 key to the new key since all packets after this packet must
1404 encrypted with the new key. */
1405 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1407 /* The protocol ends in next stage. */
1408 protocol->state = SILC_PROTOCOL_STATE_END;
1413 * We are the initiator of this protocol
1416 /* Start the re-key by sending the REKEY packet */
1417 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1420 if (ctx->pfs == TRUE) {
1422 * Use Perfect Forward Secrecy, ie. negotiate the key material
1423 * using the SKE protocol.
1425 ctx->ske = silc_ske_alloc(server->rng, server);
1426 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1427 silc_ske_group_get_by_number(idata->rekey->ske_group,
1428 &ctx->ske->prop->group);
1430 silc_ske_set_callbacks(ctx->ske,
1431 silc_server_protocol_rekey_send_packet,
1432 NULL, NULL, NULL, silc_ske_check_version,
1435 status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL, 0);
1436 if (status != SILC_SKE_STATUS_OK) {
1437 SILC_LOG_ERROR(("Error (%s) during Re-key (I PFS), with %s (%s)",
1438 silc_ske_map_status(status), ctx->sock->hostname,
1440 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1441 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1445 /* Advance the protocol state */
1449 * Do normal and simple re-key.
1452 /* Send the REKEY_DONE to indicate we will take new keys into use
1454 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1457 /* After we send REKEY_DONE we must set the sending encryption
1458 key to the new key since all packets after this packet must
1459 encrypted with the new key. */
1460 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1462 /* The protocol ends in next stage. */
1463 protocol->state = SILC_PROTOCOL_STATE_END;
1471 * Second state, used only when oding re-key with PFS.
1473 if (ctx->responder == TRUE) {
1474 if (ctx->pfs == TRUE) {
1476 * Send our KE packe to the initiator now that we've processed
1477 * the initiator's KE packet.
1479 status = silc_ske_responder_finish(ctx->ske, NULL, NULL,
1480 SILC_SKE_PK_TYPE_SILC);
1481 if (status != SILC_SKE_STATUS_OK) {
1482 SILC_LOG_ERROR(("Error (%s) during Re-key (R PFS), with %s (%s)",
1483 silc_ske_map_status(status), ctx->sock->hostname,
1485 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1486 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1492 if (ctx->pfs == TRUE) {
1494 * The packet type must be KE packet
1496 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1497 SILC_LOG_ERROR(("Error during Re-key (I PFS): re-key state is "
1498 "incorrect (received %d, expected %d packet), "
1499 "with %s (%s)", ctx->packet->type,
1500 SILC_PACKET_KEY_EXCHANGE_2, ctx->sock->hostname,
1502 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1503 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1507 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
1508 if (status != SILC_SKE_STATUS_OK) {
1509 SILC_LOG_ERROR(("Error (%s) during Re-key (I PFS), with %s (%s)",
1510 silc_ske_map_status(status), ctx->sock->hostname,
1512 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1513 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1519 /* Send the REKEY_DONE to indicate we will take new keys into use
1521 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1524 /* After we send REKEY_DONE we must set the sending encryption
1525 key to the new key since all packets after this packet must
1526 encrypted with the new key. */
1527 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1529 /* The protocol ends in next stage. */
1530 protocol->state = SILC_PROTOCOL_STATE_END;
1533 case SILC_PROTOCOL_STATE_END:
1538 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1539 SILC_LOG_ERROR(("Error during Re-key (%s PFS): re-key state is "
1540 "incorrect (received %d, expected %d packet), "
1541 "with %s (%s)", ctx->responder ? "R" : "I",
1542 ctx->packet->type, SILC_PACKET_REKEY_DONE,
1543 ctx->sock->hostname, ctx->sock->ip));
1544 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1545 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1549 /* We received the REKEY_DONE packet and all packets after this is
1550 encrypted with the new key so set the decryption key to the new key */
1551 if (ctx->pfs == TRUE)
1552 silc_server_protocol_rekey_generate_pfs(server, ctx, FALSE);
1554 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1556 /* Assure that after calling final callback there cannot be pending
1557 executions for this protocol anymore. This just unregisters any
1558 timeout callbacks for this protocol. */
1559 silc_protocol_cancel(protocol, server->schedule);
1561 /* Protocol has ended, call the final callback */
1562 if (protocol->final_callback)
1563 silc_protocol_execute_final(protocol, server->schedule);
1565 silc_protocol_free(protocol);
1568 case SILC_PROTOCOL_STATE_ERROR:
1573 if (ctx->pfs == TRUE)
1574 /* Send abort notification */
1575 silc_ske_abort(ctx->ske, ctx->ske->status);
1577 /* Assure that after calling final callback there cannot be pending
1578 executions for this protocol anymore. This just unregisters any
1579 timeout callbacks for this protocol. */
1580 silc_protocol_cancel(protocol, server->schedule);
1582 /* On error the final callback is always called. */
1583 if (protocol->final_callback)
1584 silc_protocol_execute_final(protocol, server->schedule);
1586 silc_protocol_free(protocol);
1589 case SILC_PROTOCOL_STATE_FAILURE:
1591 * We have received failure from remote
1594 SILC_LOG_ERROR(("Error during Re-Key: received Failure"));
1596 /* Assure that after calling final callback there cannot be pending
1597 executions for this protocol anymore. This just unregisters any
1598 timeout callbacks for this protocol. */
1599 silc_protocol_cancel(protocol, server->schedule);
1601 /* On error the final callback is always called. */
1602 if (protocol->final_callback)
1603 silc_protocol_execute_final(protocol, server->schedule);
1605 silc_protocol_free(protocol);
1608 case SILC_PROTOCOL_STATE_UNKNOWN:
1614 /* Registers protocols used in server. */
1616 void silc_server_protocols_register(void)
1618 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1619 silc_server_protocol_connection_auth);
1620 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1621 silc_server_protocol_key_exchange);
1622 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1623 silc_server_protocol_rekey);
1624 silc_protocol_register(SILC_PROTOCOL_SERVER_BACKUP,
1625 silc_server_protocol_backup);
1628 /* Unregisters protocols */
1630 void silc_server_protocols_unregister(void)
1632 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1633 silc_server_protocol_connection_auth);
1634 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1635 silc_server_protocol_key_exchange);
1636 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1637 silc_server_protocol_rekey);
1638 silc_protocol_unregister(SILC_PROTOCOL_SERVER_BACKUP,
1639 silc_server_protocol_backup);