5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
39 silc_verify_public_key_internal(SilcServer server, SilcSocketConnection sock,
40 SilcSocketType conn_type,
41 unsigned char *pk, SilcUInt32 pk_len,
42 SilcSKEPKType pk_type)
44 char file[256], filename[256], *fingerprint;
47 if (pk_type != SILC_SKE_PK_TYPE_SILC) {
48 SILC_LOG_WARNING(("We don't support %s (%s) port %d public key type %d",
49 sock->hostname, sock->ip, sock->port, pk_type));
53 /* Accept client keys without verification */
54 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
55 SILC_LOG_DEBUG(("Accepting client public key without verification"));
59 /* XXX For now, accept server keys without verification too. We are
60 currently always doing mutual authentication so the proof of posession
61 of the private key is verified, and if server is authenticated in
62 conn auth protocol with public key we MUST have the key already. */
64 /* Rest is unreachable code! */
66 memset(filename, 0, sizeof(filename));
67 memset(file, 0, sizeof(file));
68 snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", sock->hostname,
70 snprintf(filename, sizeof(filename) - 1, SILC_ETCDIR "/serverkeys/%s",
73 /* Create serverkeys directory if it doesn't exist. */
74 if (stat(SILC_ETCDIR "/serverkeys", &st) < 0) {
75 /* If dir doesn't exist */
76 if (errno == ENOENT) {
77 if (mkdir(SILC_ETCDIR "/serverkeys", 0755) < 0) {
78 SILC_LOG_ERROR(("Couldn't create `%s' directory\n",
79 SILC_ETCDIR "/serverkeys"));
83 SILC_LOG_ERROR(("%s\n", strerror(errno)));
88 /* Take fingerprint of the public key */
89 fingerprint = silc_hash_fingerprint(NULL, pk, pk_len);
90 SILC_LOG_DEBUG(("Received server %s (%s) port %d public key (%s)",
91 sock->hostname, sock->ip, sock->port, fingerprint));
92 silc_free(fingerprint);
94 /* Check whether this key already exists */
95 if (stat(filename, &st) < 0) {
96 /* We don't have it, then cache it. */
97 SILC_LOG_DEBUG(("New public key from server"));
99 silc_pkcs_save_public_key_data(filename, pk, pk_len,
103 /* The key already exists, verify it. */
104 SilcPublicKey public_key;
105 unsigned char *encpk;
106 SilcUInt32 encpk_len;
108 SILC_LOG_DEBUG(("We have the public key saved locally"));
110 /* Load the key file */
111 if (!silc_pkcs_load_public_key(filename, &public_key,
113 if (!silc_pkcs_load_public_key(filename, &public_key,
114 SILC_PKCS_FILE_BIN)) {
115 SILC_LOG_WARNING(("Could not load local copy of the %s (%s) port %d "
116 "server public key", sock->hostname, sock->ip,
119 /* Save the key for future checking */
121 silc_pkcs_save_public_key_data(filename, pk, pk_len,
126 /* Encode the key data */
127 encpk = silc_pkcs_public_key_encode(public_key, &encpk_len);
129 SILC_LOG_WARNING(("Local copy of the server %s (%s) port %d public key "
130 "is malformed", sock->hostname, sock->ip, sock->port));
132 /* Save the key for future checking */
134 silc_pkcs_save_public_key_data(filename, pk, pk_len, SILC_PKCS_FILE_PEM);
138 if (memcmp(pk, encpk, encpk_len)) {
139 SILC_LOG_WARNING(("%s (%s) port %d server public key does not match "
140 "with local copy", sock->hostname, sock->ip,
142 SILC_LOG_WARNING(("It is possible that the key has expired or changed"));
143 SILC_LOG_WARNING(("It is also possible that some one is performing "
144 "man-in-the-middle attack"));
145 SILC_LOG_WARNING(("Will not accept the server %s (%s) port %d public "
147 sock->hostname, sock->ip, sock->port));
151 /* Local copy matched */
156 /* Callback that is called when we have received KE2 payload from
157 responder. We try to verify the public key now. */
160 silc_server_protocol_ke_verify_key(SilcSKE ske,
161 unsigned char *pk_data,
163 SilcSKEPKType pk_type,
165 SilcSKEVerifyCbCompletion completion,
166 void *completion_context)
168 SilcProtocol protocol = (SilcProtocol)context;
169 SilcServerKEInternalContext *ctx =
170 (SilcServerKEInternalContext *)protocol->context;
171 SilcServer server = (SilcServer)ctx->server;
173 SILC_LOG_DEBUG(("Start"));
175 if (silc_verify_public_key_internal(server, ctx->sock,
176 (ctx->responder == FALSE ?
177 SILC_SOCKET_TYPE_ROUTER:
178 ctx->sconfig ? SILC_SOCKET_TYPE_SERVER :
179 ctx->rconfig ? SILC_SOCKET_TYPE_ROUTER :
180 SILC_SOCKET_TYPE_CLIENT),
181 pk_data, pk_len, pk_type))
182 completion(ske, SILC_SKE_STATUS_OK, completion_context);
184 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
188 /* Packet sending callback. This function is provided as packet sending
189 routine to the Key Exchange functions. */
191 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
196 SilcProtocol protocol = (SilcProtocol)context;
197 SilcServerKEInternalContext *ctx =
198 (SilcServerKEInternalContext *)protocol->context;
199 SilcServer server = (SilcServer)ctx->server;
201 /* Send the packet immediately */
202 silc_server_packet_send(server, ske->sock,
203 type, 0, packet->data, packet->len, TRUE);
206 /* Sets the negotiated key material into use for particular connection. */
208 int silc_server_protocol_ke_set_keys(SilcServer server,
210 SilcSocketConnection sock,
211 SilcSKEKeyMaterial *keymat,
216 SilcSKEDiffieHellmanGroup group,
219 SilcUnknownEntry conn_data;
220 SilcIDListData idata;
222 SILC_LOG_DEBUG(("Setting new key into use"));
224 conn_data = silc_calloc(1, sizeof(*conn_data));
225 idata = (SilcIDListData)conn_data;
227 /* Allocate cipher to be used in the communication */
228 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
229 silc_free(conn_data);
230 SILC_LOG_ERROR(("Cannot allocate algorithm: %s", cipher->cipher->name));
233 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
234 silc_free(conn_data);
235 SILC_LOG_ERROR(("Cannot allocate algorithm: %s", cipher->cipher->name));
239 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
240 &idata->hmac_send)) {
241 silc_cipher_free(idata->send_key);
242 silc_cipher_free(idata->receive_key);
243 silc_free(conn_data);
244 SILC_LOG_ERROR(("Cannot allocate algorithm: %s",
245 silc_hmac_get_name(hmac)));
249 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
250 &idata->hmac_receive)) {
251 silc_cipher_free(idata->send_key);
252 silc_cipher_free(idata->receive_key);
253 silc_hmac_free(idata->hmac_send);
254 silc_free(conn_data);
255 SILC_LOG_ERROR(("Cannot allocate algorithm: %s",
256 silc_hmac_get_name(hmac)));
260 if (is_responder == TRUE) {
261 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
262 keymat->enc_key_len);
263 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
264 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
265 keymat->enc_key_len);
266 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
267 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
268 keymat->hmac_key_len);
269 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
270 keymat->hmac_key_len);
272 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
273 keymat->enc_key_len);
274 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
275 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
276 keymat->enc_key_len);
277 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
278 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
279 keymat->hmac_key_len);
280 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
281 keymat->hmac_key_len);
284 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
285 idata->rekey->send_enc_key = silc_memdup(keymat->send_enc_key,
286 keymat->enc_key_len / 8);
287 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
289 if (ske->prop->flags & SILC_SKE_SP_FLAG_PFS)
290 idata->rekey->pfs = TRUE;
291 idata->rekey->ske_group = silc_ske_group_get_number(group);
294 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
295 silc_cipher_free(idata->send_key);
296 silc_cipher_free(idata->receive_key);
297 silc_hmac_free(idata->hmac_send);
298 silc_hmac_free(idata->hmac_receive);
299 silc_free(conn_data);
300 SILC_LOG_ERROR(("Cannot allocate algorithm: %s", hash->hash->name));
304 /* Save the remote host's public key */
305 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
306 ske->ke1_payload->pk_len, &idata->public_key);
307 if (ske->prop->flags & SILC_SKE_SP_FLAG_MUTUAL)
308 silc_hash_make(server->sha1hash, ske->ke1_payload->pk_data,
309 ske->ke1_payload->pk_len, idata->fingerprint);
311 sock->user_data = (void *)conn_data;
313 SILC_LOG_INFO(("%s (%s) security properties: %s %s %s",
314 sock->hostname, sock->ip,
315 idata->send_key->cipher->name,
316 (char *)silc_hmac_get_name(idata->hmac_send),
317 idata->hash->hash->name));
322 /* Check remote host version string */
324 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
325 SilcUInt32 len, void *context)
327 SilcSKEStatus status = SILC_SKE_STATUS_OK;
329 int maj = 0, min = 0, build = 0, maj2 = 0, min2 = 0, build2 = 0;
331 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
332 ske->sock->ip, version));
334 /* Check for initial version string */
335 if (!strstr(version, "SILC-1.0-"))
336 status = SILC_SKE_STATUS_BAD_VERSION;
338 /* Check software version */
342 status = SILC_SKE_STATUS_BAD_VERSION;
345 cp = strchr(cp, '.');
351 cp = strchr(cp, '.');
353 build = atoi(cp + 1);
356 cp = silc_version_string + 9;
358 status = SILC_SKE_STATUS_BAD_VERSION;
361 cp = strchr(cp, '.');
367 cp = strchr(cp, '.');
369 build2 = atoi(cp + 1);
373 status = SILC_SKE_STATUS_BAD_VERSION;
376 status = SILC_SKE_STATUS_BAD_VERSION;
379 /* XXX < 0.6 is not allowed */
380 if (maj == 0 && min < 5)
381 status = SILC_SKE_STATUS_BAD_VERSION;
383 if (status == SILC_SKE_STATUS_BAD_VERSION)
384 SILC_LOG_ERROR(("%s (%s) %s is not allowed/supported version",
385 ske->sock->hostname, ske->sock->ip, version));
390 /* Callback that is called by the SKE to indicate that it is safe to
391 continue the execution of the protocol. This is used only if we are
392 initiator. Is given as argument to the silc_ske_initiator_finish or
393 silc_ske_responder_phase_2 functions. This is called due to the fact
394 that the public key verification process is asynchronous and we must
395 not continue the protocl until the public key has been verified and
396 this callback is called. */
398 static void silc_server_protocol_ke_continue(SilcSKE ske, void *context)
400 SilcProtocol protocol = (SilcProtocol)context;
401 SilcServerKEInternalContext *ctx =
402 (SilcServerKEInternalContext *)protocol->context;
403 SilcServer server = (SilcServer)ctx->server;
405 SILC_LOG_DEBUG(("Start"));
407 if (ske->status != SILC_SKE_STATUS_OK) {
408 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
409 silc_ske_map_status(ske->status)));
410 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
411 silc_ske_map_status(ske->status)));
413 protocol->state = SILC_PROTOCOL_STATE_ERROR;
414 silc_protocol_execute(protocol, server->schedule, 0, 300000);
418 /* Send Ok to the other end. We will end the protocol as responder
419 sends Ok to us when we will take the new keys into use. */
420 if (ctx->responder == FALSE) {
421 silc_ske_end(ctx->ske);
423 /* End the protocol on the next round */
424 protocol->state = SILC_PROTOCOL_STATE_END;
427 /* Advance protocol state and call the next state if we are responder.
428 This happens when this callback was sent to silc_ske_responder_phase_2
430 if (ctx->responder == TRUE) {
432 silc_protocol_execute(protocol, server->schedule, 0, 100000);
436 /* Performs key exchange protocol. This is used for both initiator
437 and responder key exchange. This is performed always when accepting
438 new connection to the server. This may be called recursively. */
440 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
442 SilcProtocol protocol = (SilcProtocol)context;
443 SilcServerKEInternalContext *ctx =
444 (SilcServerKEInternalContext *)protocol->context;
445 SilcServer server = (SilcServer)ctx->server;
446 SilcSKEStatus status = SILC_SKE_STATUS_OK;
448 SILC_LOG_DEBUG(("Start"));
450 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
451 protocol->state = SILC_PROTOCOL_STATE_START;
453 SILC_LOG_DEBUG(("State=%d", protocol->state));
455 switch(protocol->state) {
456 case SILC_PROTOCOL_STATE_START:
463 /* Allocate Key Exchange object */
464 ctx->ske = ske = silc_ske_alloc(server->rng, server);
466 silc_ske_set_callbacks(ske, silc_server_protocol_ke_send_packet, NULL,
467 silc_server_protocol_ke_verify_key,
468 silc_server_protocol_ke_continue,
469 silc_ske_check_version, context);
471 if (ctx->responder == TRUE) {
472 /* Start the key exchange by processing the received security
473 properties packet from initiator. */
474 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
476 ctx->packet->buffer, ctx->flags);
478 SilcSKEStartPayload *start_payload;
480 /* Assemble security properties. */
481 silc_ske_assemble_security_properties(ske, ctx->flags,
485 /* Start the key exchange by sending our security properties
486 to the remote end. */
487 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
491 /* Return now if the procedure is pending. */
492 if (status == SILC_SKE_STATUS_PENDING)
495 if (status != SILC_SKE_STATUS_OK) {
496 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
497 silc_ske_map_status(status)));
498 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
499 silc_ske_map_status(status)));
501 protocol->state = SILC_PROTOCOL_STATE_ERROR;
502 silc_protocol_execute(protocol, server->schedule, 0, 300000);
506 /* Advance protocol state and call the next state if we are responder */
508 if (ctx->responder == TRUE)
509 silc_protocol_execute(protocol, server->schedule, 0, 100000);
517 if (ctx->responder == TRUE) {
518 /* Sends the selected security properties to the initiator. */
519 status = silc_ske_responder_phase_1(ctx->ske);
521 /* Call Phase-1 function. This processes the Key Exchange Start
522 paylaod reply we just got from the responder. The callback
523 function will receive the processed payload where we will
525 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer);
528 /* Return now if the procedure is pending. */
529 if (status == SILC_SKE_STATUS_PENDING)
532 if (status != SILC_SKE_STATUS_OK) {
533 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
534 silc_ske_map_status(status)));
535 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
536 silc_ske_map_status(status)));
538 protocol->state = SILC_PROTOCOL_STATE_ERROR;
539 silc_protocol_execute(protocol, server->schedule, 0, 300000);
543 /* Advance protocol state and call next state if we are initiator */
545 if (ctx->responder == FALSE)
546 silc_protocol_execute(protocol, server->schedule, 0, 100000);
554 if (ctx->responder == TRUE) {
555 /* Process the received Key Exchange 1 Payload packet from
556 the initiator. This also creates our parts of the Diffie
557 Hellman algorithm. The silc_server_protocol_ke_continue
558 will be called after the public key has been verified. */
559 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
561 /* Call the Phase-2 function. This creates Diffie Hellman
562 key exchange parameters and sends our public part inside
563 Key Exhange 1 Payload to the responder. */
564 status = silc_ske_initiator_phase_2(ctx->ske,
567 SILC_SKE_PK_TYPE_SILC);
571 /* Return now if the procedure is pending. */
572 if (status == SILC_SKE_STATUS_PENDING)
575 if (status != SILC_SKE_STATUS_OK) {
576 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
577 silc_ske_map_status(status)));
578 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
579 silc_ske_map_status(status)));
581 protocol->state = SILC_PROTOCOL_STATE_ERROR;
582 silc_protocol_execute(protocol, server->schedule, 0, 300000);
592 if (ctx->responder == TRUE) {
593 /* This creates the key exchange material and sends our
594 public parts to the initiator inside Key Exchange 2 Payload. */
595 status = silc_ske_responder_finish(ctx->ske,
598 SILC_SKE_PK_TYPE_SILC);
600 /* End the protocol on the next round */
601 protocol->state = SILC_PROTOCOL_STATE_END;
603 /* Finish the protocol. This verifies the Key Exchange 2 payload
604 sent by responder. The silc_server_protocol_ke_continue will
605 be called after the public key has been verified. */
606 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
609 /* Return now if the procedure is pending. */
610 if (status == SILC_SKE_STATUS_PENDING)
613 if (status != SILC_SKE_STATUS_OK) {
614 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
615 silc_ske_map_status(status)));
616 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
617 silc_ske_map_status(status)));
619 protocol->state = SILC_PROTOCOL_STATE_ERROR;
620 silc_protocol_execute(protocol, server->schedule, 0, 300000);
626 case SILC_PROTOCOL_STATE_END:
631 SilcSKEKeyMaterial *keymat;
632 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
633 int hash_len = ctx->ske->prop->hash->hash->hash_len;
635 /* Process the key material */
636 keymat = silc_calloc(1, sizeof(*keymat));
637 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
639 if (status != SILC_SKE_STATUS_OK) {
640 SILC_LOG_ERROR(("Error during Key Exchange protocol: "
641 "could not process key material"));
643 protocol->state = SILC_PROTOCOL_STATE_ERROR;
644 silc_protocol_execute(protocol, server->schedule, 0, 300000);
645 silc_ske_free_key_material(keymat);
648 ctx->keymat = keymat;
650 /* Send Ok to the other end if we are responder. If we are initiator
651 we have sent this already. */
652 if (ctx->responder == TRUE)
653 silc_ske_end(ctx->ske);
655 /* Unregister the timeout task since the protocol has ended.
656 This was the timeout task to be executed if the protocol is
657 not completed fast enough. */
658 if (ctx->timeout_task)
659 silc_schedule_task_del(server->schedule, ctx->timeout_task);
661 /* Assure that after calling final callback there cannot be pending
662 executions for this protocol anymore. This just unregisters any
663 timeout callbacks for this protocol. */
664 silc_protocol_cancel(protocol, server->schedule);
666 /* Call the final callback */
667 if (protocol->final_callback)
668 silc_protocol_execute_final(protocol, server->schedule);
670 silc_protocol_free(protocol);
674 case SILC_PROTOCOL_STATE_ERROR:
679 /* Send abort notification */
680 silc_ske_abort(ctx->ske, ctx->ske->status);
682 /* Unregister the timeout task since the protocol has ended.
683 This was the timeout task to be executed if the protocol is
684 not completed fast enough. */
685 if (ctx->timeout_task)
686 silc_schedule_task_del(server->schedule, ctx->timeout_task);
688 /* Assure that after calling final callback there cannot be pending
689 executions for this protocol anymore. This just unregisters any
690 timeout callbacks for this protocol. */
691 silc_protocol_cancel(protocol, server->schedule);
693 /* On error the final callback is always called. */
694 if (protocol->final_callback)
695 silc_protocol_execute_final(protocol, server->schedule);
697 silc_protocol_free(protocol);
700 case SILC_PROTOCOL_STATE_FAILURE:
702 * We have received failure from remote
705 /* Unregister the timeout task since the protocol has ended.
706 This was the timeout task to be executed if the protocol is
707 not completed fast enough. */
708 if (ctx->timeout_task)
709 silc_schedule_task_del(server->schedule, ctx->timeout_task);
711 /* Assure that after calling final callback there cannot be pending
712 executions for this protocol anymore. This just unregisters any
713 timeout callbacks for this protocol. */
714 silc_protocol_cancel(protocol, server->schedule);
716 /* On error the final callback is always called. */
717 if (protocol->final_callback)
718 silc_protocol_execute_final(protocol, server->schedule);
720 silc_protocol_free(protocol);
723 case SILC_PROTOCOL_STATE_UNKNOWN:
729 * Connection Authentication protocol functions
733 silc_server_password_authentication(SilcServer server, char *remote_auth,
736 if (!remote_auth || !local_auth)
739 if (!memcmp(remote_auth, local_auth, strlen(local_auth)))
746 silc_server_public_key_authentication(SilcServer server,
747 SilcPublicKey pub_key,
756 if (!pub_key || !sign)
759 silc_pkcs_alloc(pub_key->name, &pkcs);
760 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
761 silc_pkcs_free(pkcs);
765 /* Make the authentication data. Protocol says it is HASH plus
767 len = ske->hash_len + ske->start_payload_copy->len;
768 auth = silc_buffer_alloc(len);
769 silc_buffer_pull_tail(auth, len);
770 silc_buffer_format(auth,
771 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
772 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
773 ske->start_payload_copy->len),
776 /* Verify signature */
777 if (silc_pkcs_verify_with_hash(pkcs, ske->prop->hash, sign, sign_len,
778 auth->data, auth->len)) {
779 silc_pkcs_free(pkcs);
780 silc_buffer_free(auth);
784 silc_pkcs_free(pkcs);
785 silc_buffer_free(auth);
790 silc_server_get_public_key_auth(SilcServer server,
791 unsigned char **auth_data,
792 SilcUInt32 *auth_data_len,
801 /* Make the authentication data. Protocol says it is HASH plus
803 len = ske->hash_len + ske->start_payload_copy->len;
804 auth = silc_buffer_alloc(len);
805 silc_buffer_pull_tail(auth, len);
806 silc_buffer_format(auth,
807 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
808 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
809 ske->start_payload_copy->len),
812 *auth_data = silc_calloc(silc_pkcs_get_key_len(pkcs), sizeof(**auth_data));
813 if (silc_pkcs_sign_with_hash(pkcs, ske->prop->hash, auth->data,
814 auth->len, *auth_data, auth_data_len)) {
815 silc_buffer_free(auth);
819 silc_free(*auth_data);
820 silc_buffer_free(auth);
824 /* Function that actually performs the authentication to the remote. This
825 supports both passphrase and public key authentication. */
828 silc_server_get_authentication(SilcServerConnAuthInternalContext *ctx,
829 char *local_passphrase,
830 void *local_publickey,
831 unsigned char *remote_auth,
832 SilcUInt32 remote_auth_len)
834 SilcServer server = (SilcServer)ctx->server;
835 SilcSKE ske = ctx->ske;
838 /* If we don't have authentication data set at all we do not require
839 authentication at all */
840 if (!local_passphrase && !local_publickey) {
841 SILC_LOG_DEBUG(("No authentication required"));
845 /* If both passphrase and public key is provided then we'll try both of
846 them and see which one of them authenticates. If only one of them is
847 set, then try only that. */
849 /* Try first passphrase (as it is faster to check) */
850 if (local_passphrase) {
851 SILC_LOG_DEBUG(("Password authentication"));
852 result = silc_server_password_authentication(server, local_passphrase,
856 /* Try public key authenetication */
857 if (!result && local_publickey) {
858 SILC_LOG_DEBUG(("Public key authentication"));
859 result = silc_server_public_key_authentication(server,
869 /* Performs connection authentication protocol. If responder, we
870 authenticate the remote data received. If initiator, we will send
871 authentication data to the remote end. */
873 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
875 SilcProtocol protocol = (SilcProtocol)context;
876 SilcServerConnAuthInternalContext *ctx =
877 (SilcServerConnAuthInternalContext *)protocol->context;
878 SilcServer server = (SilcServer)ctx->server;
880 SILC_LOG_DEBUG(("Start"));
882 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
883 protocol->state = SILC_PROTOCOL_STATE_START;
885 SILC_LOG_DEBUG(("State=%d", protocol->state));
887 switch(protocol->state) {
888 case SILC_PROTOCOL_STATE_START:
894 if (ctx->responder == TRUE) {
896 * We are receiving party
899 SilcUInt16 payload_len;
900 SilcUInt16 conn_type;
901 unsigned char *auth_data = NULL;
903 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
904 ctx->sock->hostname, ctx->sock->ip));
906 /* Parse the received authentication data packet. The received
907 payload is Connection Auth Payload. */
908 ret = silc_buffer_unformat(ctx->packet->buffer,
909 SILC_STR_UI_SHORT(&payload_len),
910 SILC_STR_UI_SHORT(&conn_type),
913 SILC_LOG_ERROR(("Bad payload in authentication packet"));
914 protocol->state = SILC_PROTOCOL_STATE_ERROR;
915 silc_protocol_execute(protocol, server->schedule, 0, 300000);
919 if (payload_len != ctx->packet->buffer->len) {
920 SILC_LOG_ERROR(("Bad payload length in authentication packet"));
921 protocol->state = SILC_PROTOCOL_STATE_ERROR;
922 silc_protocol_execute(protocol, server->schedule, 0, 300000);
928 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
929 conn_type > SILC_SOCKET_TYPE_ROUTER) {
930 SILC_LOG_ERROR(("Bad connection type (%d) in authentication packet",
932 protocol->state = SILC_PROTOCOL_STATE_ERROR;
933 silc_protocol_execute(protocol, server->schedule, 0, 300000);
937 if (payload_len > 0) {
938 /* Get authentication data */
939 silc_buffer_pull(ctx->packet->buffer, 4);
940 ret = silc_buffer_unformat(ctx->packet->buffer,
941 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
945 SILC_LOG_DEBUG(("Bad payload in authentication payload"));
946 protocol->state = SILC_PROTOCOL_STATE_ERROR;
947 silc_protocol_execute(protocol, server->schedule, 0, 300000);
953 * Check the remote connection type and make sure that we have
954 * configured this connection. If we haven't allowed this connection
955 * the authentication must be failed.
958 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
960 /* Remote end is client */
961 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
962 SilcServerConfigClient *client = ctx->cconfig;
965 ret = silc_server_get_authentication(ctx, client->passphrase,
967 auth_data, payload_len);
969 /* Authentication failed */
970 SILC_LOG_ERROR(("Authentication failed"));
971 SILC_LOG_DEBUG(("Authentication failed"));
972 silc_free(auth_data);
973 protocol->state = SILC_PROTOCOL_STATE_ERROR;
974 silc_protocol_execute(protocol, server->schedule, 0, 300000);
978 SILC_LOG_DEBUG(("No configuration for remote client connection"));
979 SILC_LOG_ERROR(("Remote client connection not configured"));
980 SILC_LOG_ERROR(("Authentication failed"));
981 silc_free(auth_data);
982 protocol->state = SILC_PROTOCOL_STATE_ERROR;
983 silc_protocol_execute(protocol, server->schedule,
989 /* Remote end is server */
990 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
991 SilcServerConfigServer *serv = ctx->sconfig;
994 ret = silc_server_get_authentication(ctx, serv->passphrase,
996 auth_data, payload_len);
998 /* Authentication failed */
999 SILC_LOG_ERROR(("Authentication failed"));
1000 SILC_LOG_DEBUG(("Authentication failed"));
1001 silc_free(auth_data);
1002 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1003 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1007 SILC_LOG_DEBUG(("No configuration for remote server connection"));
1008 SILC_LOG_ERROR(("Remote server connection not configured"));
1009 SILC_LOG_ERROR(("Authentication failed"));
1010 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1011 silc_protocol_execute(protocol, server->schedule,
1013 silc_free(auth_data);
1018 /* Remote end is router */
1019 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
1020 SilcServerConfigRouter *serv = ctx->rconfig;
1023 ret = silc_server_get_authentication(ctx, serv->passphrase,
1025 auth_data, payload_len);
1027 /* Authentication failed */
1028 SILC_LOG_ERROR(("Authentication failed"));
1029 SILC_LOG_DEBUG(("Authentication failed"));
1030 silc_free(auth_data);
1031 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1032 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1036 SILC_LOG_DEBUG(("No configuration for remote router connection"));
1037 SILC_LOG_ERROR(("Remote router connection not configured"));
1038 SILC_LOG_ERROR(("Authentication failed"));
1039 silc_free(auth_data);
1040 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1041 silc_protocol_execute(protocol, server->schedule,
1047 silc_free(auth_data);
1049 /* Save connection type. This is later used to create the
1050 ID for the connection. */
1051 ctx->conn_type = conn_type;
1053 /* Advance protocol state. */
1054 protocol->state = SILC_PROTOCOL_STATE_END;
1055 silc_protocol_execute(protocol, server->schedule, 0, 0);
1059 * We are initiator. We are authenticating ourselves to a
1060 * remote server. We will send the authentication data to the
1061 * other end for verify.
1064 int payload_len = 0;
1065 unsigned char *auth_data = NULL;
1066 SilcUInt32 auth_data_len = 0;
1068 switch(ctx->auth_meth) {
1069 case SILC_AUTH_NONE:
1070 /* No authentication required */
1073 case SILC_AUTH_PASSWORD:
1074 /* Password authentication */
1075 if (ctx->auth_data && ctx->auth_data_len) {
1076 auth_data = strdup(ctx->auth_data);
1077 auth_data_len = ctx->auth_data_len;
1082 case SILC_AUTH_PUBLIC_KEY:
1084 /* Public key authentication */
1085 silc_server_get_public_key_auth(server, &auth_data, &auth_data_len,
1091 payload_len = 4 + auth_data_len;
1092 packet = silc_buffer_alloc(payload_len);
1093 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
1094 silc_buffer_format(packet,
1095 SILC_STR_UI_SHORT(payload_len),
1096 SILC_STR_UI_SHORT(server->server_type
1098 SILC_SOCKET_TYPE_SERVER :
1099 SILC_SOCKET_TYPE_ROUTER),
1100 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
1103 /* Send the packet to server */
1104 silc_server_packet_send(server, ctx->sock,
1105 SILC_PACKET_CONNECTION_AUTH, 0,
1106 packet->data, packet->len, TRUE);
1109 memset(auth_data, 0, auth_data_len);
1110 silc_free(auth_data);
1112 silc_buffer_free(packet);
1114 /* Next state is end of protocol */
1115 protocol->state = SILC_PROTOCOL_STATE_END;
1120 case SILC_PROTOCOL_STATE_END:
1125 unsigned char ok[4];
1127 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
1129 /* Authentication successful */
1130 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
1133 /* Unregister the timeout task since the protocol has ended.
1134 This was the timeout task to be executed if the protocol is
1135 not completed fast enough. */
1136 if (ctx->timeout_task)
1137 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1139 /* Assure that after calling final callback there cannot be pending
1140 executions for this protocol anymore. This just unregisters any
1141 timeout callbacks for this protocol. */
1142 silc_protocol_cancel(protocol, server->schedule);
1144 /* Protocol has ended, call the final callback */
1145 if (protocol->final_callback)
1146 silc_protocol_execute_final(protocol, server->schedule);
1148 silc_protocol_free(protocol);
1151 case SILC_PROTOCOL_STATE_ERROR:
1154 * Error. Send notify to remote.
1156 unsigned char error[4];
1158 /* Authentication failed */
1159 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
1160 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
1163 /* Unregister the timeout task since the protocol has ended.
1164 This was the timeout task to be executed if the protocol is
1165 not completed fast enough. */
1166 if (ctx->timeout_task)
1167 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1169 /* Assure that after calling final callback there cannot be pending
1170 executions for this protocol anymore. This just unregisters any
1171 timeout callbacks for this protocol. */
1172 silc_protocol_cancel(protocol, server->schedule);
1174 /* On error the final callback is always called. */
1175 if (protocol->final_callback)
1176 silc_protocol_execute_final(protocol, server->schedule);
1178 silc_protocol_free(protocol);
1182 case SILC_PROTOCOL_STATE_FAILURE:
1184 * We have received failure from remote
1187 SILC_LOG_ERROR(("Received Authentication Failure"));
1189 /* Unregister the timeout task since the protocol has ended.
1190 This was the timeout task to be executed if the protocol is
1191 not completed fast enough. */
1192 if (ctx->timeout_task)
1193 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1195 /* Assure that after calling final callback there cannot be pending
1196 executions for this protocol anymore. This just unregisters any
1197 timeout callbacks for this protocol. */
1198 silc_protocol_cancel(protocol, server->schedule);
1200 /* On error the final callback is always called. */
1201 if (protocol->final_callback)
1202 silc_protocol_execute_final(protocol, server->schedule);
1204 silc_protocol_free(protocol);
1207 case SILC_PROTOCOL_STATE_UNKNOWN:
1213 * Re-key protocol routines
1216 /* Actually takes the new keys into use. */
1219 silc_server_protocol_rekey_validate(SilcServer server,
1220 SilcServerRekeyInternalContext *ctx,
1221 SilcIDListData idata,
1222 SilcSKEKeyMaterial *keymat,
1225 if (ctx->responder == TRUE) {
1227 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1228 keymat->enc_key_len);
1229 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1230 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
1231 keymat->hmac_key_len);
1233 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1234 keymat->enc_key_len);
1235 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1236 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
1237 keymat->hmac_key_len);
1241 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1242 keymat->enc_key_len);
1243 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1244 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
1245 keymat->hmac_key_len);
1247 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1248 keymat->enc_key_len);
1249 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1250 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
1251 keymat->hmac_key_len);
1255 /* Save the current sending encryption key */
1257 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1258 silc_free(idata->rekey->send_enc_key);
1259 idata->rekey->send_enc_key = silc_memdup(keymat->send_enc_key,
1260 keymat->enc_key_len / 8);
1261 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1265 /* This function actually re-generates (when not using PFS) the keys and
1266 takes them into use. */
1268 void silc_server_protocol_rekey_generate(SilcServer server,
1269 SilcServerRekeyInternalContext *ctx,
1272 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1273 SilcSKEKeyMaterial *keymat;
1274 SilcUInt32 key_len = silc_cipher_get_key_len(idata->send_key);
1275 SilcUInt32 hash_len = idata->hash->hash->hash_len;
1277 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1278 send ? "sending" : "receiving"));
1280 /* Generate the new key */
1281 keymat = silc_calloc(1, sizeof(*keymat));
1282 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1283 idata->rekey->enc_key_len,
1284 16, key_len, hash_len,
1285 idata->hash, keymat);
1287 /* Set the keys into use */
1288 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1290 silc_ske_free_key_material(keymat);
1293 /* This function actually re-generates (with PFS) the keys and
1294 takes them into use. */
1297 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1298 SilcServerRekeyInternalContext *ctx,
1301 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1302 SilcSKEKeyMaterial *keymat;
1303 SilcUInt32 key_len = silc_cipher_get_key_len(idata->send_key);
1304 SilcUInt32 hash_len = idata->hash->hash->hash_len;
1305 unsigned char *tmpbuf;
1308 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1309 send ? "sending" : "receiving"));
1311 /* Encode KEY to binary data */
1312 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1314 /* Generate the new key */
1315 keymat = silc_calloc(1, sizeof(*keymat));
1316 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1317 idata->hash, keymat);
1319 /* Set the keys into use */
1320 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1322 memset(tmpbuf, 0, klen);
1324 silc_ske_free_key_material(keymat);
1327 /* Packet sending callback. This function is provided as packet sending
1328 routine to the Key Exchange functions. */
1331 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1333 SilcPacketType type,
1336 SilcProtocol protocol = (SilcProtocol)context;
1337 SilcServerRekeyInternalContext *ctx =
1338 (SilcServerRekeyInternalContext *)protocol->context;
1339 SilcServer server = (SilcServer)ctx->server;
1341 /* Send the packet immediately */
1342 silc_server_packet_send(server, ctx->sock,
1343 type, 0, packet->data, packet->len, FALSE);
1346 /* Performs re-key as defined in the SILC protocol specification. */
1348 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1350 SilcProtocol protocol = (SilcProtocol)context;
1351 SilcServerRekeyInternalContext *ctx =
1352 (SilcServerRekeyInternalContext *)protocol->context;
1353 SilcServer server = (SilcServer)ctx->server;
1354 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1355 SilcSKEStatus status;
1357 SILC_LOG_DEBUG(("Start"));
1359 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1360 protocol->state = SILC_PROTOCOL_STATE_START;
1362 SILC_LOG_DEBUG(("State=%d", protocol->state));
1364 switch(protocol->state) {
1365 case SILC_PROTOCOL_STATE_START:
1371 if (ctx->responder == TRUE) {
1373 * We are receiving party
1376 if (ctx->pfs == TRUE) {
1378 * Use Perfect Forward Secrecy, ie. negotiate the key material
1379 * using the SKE protocol.
1382 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1383 SILC_LOG_ERROR(("Error during Re-key (PFS): re-key state is "
1384 "incorrect (received %d, expected %d packet)",
1385 ctx->packet->type, SILC_PACKET_KEY_EXCHANGE_1));
1386 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1387 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1391 ctx->ske = silc_ske_alloc(server->rng, server);
1392 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1393 silc_ske_group_get_by_number(idata->rekey->ske_group,
1394 &ctx->ske->prop->group);
1396 silc_ske_set_callbacks(ctx->ske,
1397 silc_server_protocol_rekey_send_packet,
1398 NULL, NULL, NULL, silc_ske_check_version,
1401 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
1402 if (status != SILC_SKE_STATUS_OK) {
1403 SILC_LOG_ERROR(("Error (%s) during Re-key (PFS)",
1404 silc_ske_map_status(status)));
1405 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1406 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1410 /* Advance the protocol state */
1412 silc_protocol_execute(protocol, server->schedule, 0, 0);
1415 * Do normal and simple re-key.
1418 /* Send the REKEY_DONE to indicate we will take new keys into use */
1419 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1422 /* After we send REKEY_DONE we must set the sending encryption
1423 key to the new key since all packets after this packet must
1424 encrypted with the new key. */
1425 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1427 /* The protocol ends in next stage. */
1428 protocol->state = SILC_PROTOCOL_STATE_END;
1433 * We are the initiator of this protocol
1436 /* Start the re-key by sending the REKEY packet */
1437 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1440 if (ctx->pfs == TRUE) {
1442 * Use Perfect Forward Secrecy, ie. negotiate the key material
1443 * using the SKE protocol.
1445 ctx->ske = silc_ske_alloc(server->rng, server);
1446 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1447 silc_ske_group_get_by_number(idata->rekey->ske_group,
1448 &ctx->ske->prop->group);
1450 silc_ske_set_callbacks(ctx->ske,
1451 silc_server_protocol_rekey_send_packet,
1452 NULL, NULL, NULL, silc_ske_check_version,
1455 status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL, 0);
1456 if (status != SILC_SKE_STATUS_OK) {
1457 SILC_LOG_ERROR(("Error (%s) during Re-key (PFS)",
1458 silc_ske_map_status(status)));
1459 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1460 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1464 /* Advance the protocol state */
1468 * Do normal and simple re-key.
1471 /* Send the REKEY_DONE to indicate we will take new keys into use
1473 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1476 /* After we send REKEY_DONE we must set the sending encryption
1477 key to the new key since all packets after this packet must
1478 encrypted with the new key. */
1479 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1481 /* The protocol ends in next stage. */
1482 protocol->state = SILC_PROTOCOL_STATE_END;
1490 * Second state, used only when oding re-key with PFS.
1492 if (ctx->responder == TRUE) {
1493 if (ctx->pfs == TRUE) {
1495 * Send our KE packe to the initiator now that we've processed
1496 * the initiator's KE packet.
1498 status = silc_ske_responder_finish(ctx->ske, NULL, NULL,
1499 SILC_SKE_PK_TYPE_SILC);
1500 if (status != SILC_SKE_STATUS_OK) {
1501 SILC_LOG_ERROR(("Error (%s) during Re-key (PFS)",
1502 silc_ske_map_status(status)));
1503 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1504 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1510 if (ctx->pfs == TRUE) {
1512 * The packet type must be KE packet
1514 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1515 SILC_LOG_ERROR(("Error during Re-key (PFS): re-key state is "
1516 "incorrect (received %d, expected %d packet)",
1517 ctx->packet->type, SILC_PACKET_KEY_EXCHANGE_2));
1518 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1519 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1523 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
1524 if (status != SILC_SKE_STATUS_OK) {
1525 SILC_LOG_ERROR(("Error (%s) during Re-key (PFS)",
1526 silc_ske_map_status(status)));
1527 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1528 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1534 /* Send the REKEY_DONE to indicate we will take new keys into use
1536 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1539 /* After we send REKEY_DONE we must set the sending encryption
1540 key to the new key since all packets after this packet must
1541 encrypted with the new key. */
1542 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1544 /* The protocol ends in next stage. */
1545 protocol->state = SILC_PROTOCOL_STATE_END;
1548 case SILC_PROTOCOL_STATE_END:
1553 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1554 SILC_LOG_ERROR(("Error during Re-key (PFS): re-key state is "
1555 "incorrect (received %d, expected %d packet)",
1556 ctx->packet->type, SILC_PACKET_REKEY_DONE));
1557 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1558 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1562 /* We received the REKEY_DONE packet and all packets after this is
1563 encrypted with the new key so set the decryption key to the new key */
1564 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1566 /* Assure that after calling final callback there cannot be pending
1567 executions for this protocol anymore. This just unregisters any
1568 timeout callbacks for this protocol. */
1569 silc_protocol_cancel(protocol, server->schedule);
1571 /* Protocol has ended, call the final callback */
1572 if (protocol->final_callback)
1573 silc_protocol_execute_final(protocol, server->schedule);
1575 silc_protocol_free(protocol);
1578 case SILC_PROTOCOL_STATE_ERROR:
1583 if (ctx->pfs == TRUE)
1584 /* Send abort notification */
1585 silc_ske_abort(ctx->ske, ctx->ske->status);
1587 /* Assure that after calling final callback there cannot be pending
1588 executions for this protocol anymore. This just unregisters any
1589 timeout callbacks for this protocol. */
1590 silc_protocol_cancel(protocol, server->schedule);
1592 /* On error the final callback is always called. */
1593 if (protocol->final_callback)
1594 silc_protocol_execute_final(protocol, server->schedule);
1596 silc_protocol_free(protocol);
1599 case SILC_PROTOCOL_STATE_FAILURE:
1601 * We have received failure from remote
1604 SILC_LOG_ERROR(("Error during Re-Key: received Failure"));
1606 /* Assure that after calling final callback there cannot be pending
1607 executions for this protocol anymore. This just unregisters any
1608 timeout callbacks for this protocol. */
1609 silc_protocol_cancel(protocol, server->schedule);
1611 /* On error the final callback is always called. */
1612 if (protocol->final_callback)
1613 silc_protocol_execute_final(protocol, server->schedule);
1615 silc_protocol_free(protocol);
1618 case SILC_PROTOCOL_STATE_UNKNOWN:
1624 /* Registers protocols used in server. */
1626 void silc_server_protocols_register(void)
1628 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1629 silc_server_protocol_connection_auth);
1630 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1631 silc_server_protocol_key_exchange);
1632 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1633 silc_server_protocol_rekey);
1634 silc_protocol_register(SILC_PROTOCOL_SERVER_BACKUP,
1635 silc_server_protocol_backup);
1638 /* Unregisters protocols */
1640 void silc_server_protocols_unregister(void)
1642 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1643 silc_server_protocol_connection_auth);
1644 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1645 silc_server_protocol_key_exchange);
1646 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1647 silc_server_protocol_rekey);
1648 silc_protocol_unregister(SILC_PROTOCOL_SERVER_BACKUP,
1649 silc_server_protocol_backup);