5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
38 /* Packet sending callback. This function is provided as packet sending
39 routine to the Key Exchange functions. */
41 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
46 SilcProtocol protocol = (SilcProtocol)context;
47 SilcServerKEInternalContext *ctx =
48 (SilcServerKEInternalContext *)protocol->context;
49 SilcServer server = (SilcServer)ctx->server;
51 /* Send the packet immediately */
52 silc_server_packet_send(server, ske->sock,
53 type, 0, packet->data, packet->len, TRUE);
56 /* Sets the negotiated key material into use for particular connection. */
58 int silc_server_protocol_ke_set_keys(SilcSKE ske,
59 SilcSocketConnection sock,
60 SilcSKEKeyMaterial *keymat,
65 SilcSKEDiffieHellmanGroup group,
68 SilcUnknownEntry conn_data;
71 SILC_LOG_DEBUG(("Setting new key into use"));
73 conn_data = silc_calloc(1, sizeof(*conn_data));
74 idata = (SilcIDListData)conn_data;
76 /* Allocate cipher to be used in the communication */
77 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
81 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
86 if (is_responder == TRUE) {
87 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
89 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
90 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
92 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
94 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
96 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
97 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
99 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
102 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
103 idata->rekey->send_enc_key =
104 silc_calloc(keymat->enc_key_len / 8,
105 sizeof(*idata->rekey->send_enc_key));
106 memcpy(idata->rekey->send_enc_key,
107 keymat->send_enc_key, keymat->enc_key_len / 8);
108 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
110 if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
111 idata->rekey->pfs = TRUE;
112 idata->rekey->ske_group = silc_ske_group_get_number(group);
114 /* Save the remote host's public key */
115 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
116 ske->ke1_payload->pk_len, &idata->public_key);
119 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
120 silc_cipher_free(idata->send_key);
121 silc_cipher_free(idata->receive_key);
122 silc_free(conn_data);
126 /* Save HMAC key to be used in the communication. */
127 if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac)) {
128 silc_cipher_free(idata->send_key);
129 silc_cipher_free(idata->receive_key);
130 silc_hash_free(idata->hash);
131 silc_free(conn_data);
134 silc_hmac_set_key(idata->hmac, keymat->hmac_key, keymat->hmac_key_len);
136 sock->user_data = (void *)conn_data;
141 /* Check remote host version string */
143 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
146 SilcSKEStatus status = SILC_SKE_STATUS_OK;
148 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
149 ske->sock->ip, version));
151 /* Check for initial version string */
152 if (!strstr(version, "SILC-1.0-"))
153 status = SILC_SKE_STATUS_BAD_VERSION;
155 /* Check software version */
157 if (len < strlen(silc_version_string))
158 status = SILC_SKE_STATUS_BAD_VERSION;
160 /* XXX for now there is no other tests due to the abnormal version
161 string that is used */
166 /* Performs key exchange protocol. This is used for both initiator
167 and responder key exchange. This is performed always when accepting
168 new connection to the server. This may be called recursively. */
170 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
172 SilcProtocol protocol = (SilcProtocol)context;
173 SilcServerKEInternalContext *ctx =
174 (SilcServerKEInternalContext *)protocol->context;
175 SilcServer server = (SilcServer)ctx->server;
176 SilcSKEStatus status = 0;
178 SILC_LOG_DEBUG(("Start"));
180 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
181 protocol->state = SILC_PROTOCOL_STATE_START;
183 SILC_LOG_DEBUG(("State=%d", protocol->state));
185 switch(protocol->state) {
186 case SILC_PROTOCOL_STATE_START:
193 /* Allocate Key Exchange object */
194 ske = silc_ske_alloc();
196 ske->rng = server->rng;
198 if (ctx->responder == TRUE) {
199 /* Start the key exchange by processing the received security
200 properties packet from initiator. */
201 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
203 ctx->packet->buffer, FALSE,
206 SilcSKEStartPayload *start_payload;
208 /* Assemble security properties. */
209 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
213 /* Start the key exchange by sending our security properties
214 to the remote end. */
215 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
217 silc_server_protocol_ke_send_packet,
221 if (status != SILC_SKE_STATUS_OK) {
222 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
224 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
227 protocol->state = SILC_PROTOCOL_STATE_ERROR;
228 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
232 /* Advance protocol state and call the next state if we are responder */
234 if (ctx->responder == TRUE)
235 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
243 if (ctx->responder == TRUE) {
244 /* Sends the selected security properties to the initiator. */
246 silc_ske_responder_phase_1(ctx->ske,
247 ctx->ske->start_payload,
248 silc_server_protocol_ke_send_packet,
251 /* Call Phase-1 function. This processes the Key Exchange Start
252 paylaod reply we just got from the responder. The callback
253 function will receive the processed payload where we will
255 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer,
259 if (status != SILC_SKE_STATUS_OK) {
260 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
262 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
265 protocol->state = SILC_PROTOCOL_STATE_ERROR;
266 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
270 /* Advance protocol state and call next state if we are initiator */
272 if (ctx->responder == FALSE)
273 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
281 if (ctx->responder == TRUE) {
282 /* Process the received Key Exchange 1 Payload packet from
283 the initiator. This also creates our parts of the Diffie
284 Hellman algorithm. */
285 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
286 NULL, NULL, NULL, NULL);
288 /* Call the Phase-2 function. This creates Diffie Hellman
289 key exchange parameters and sends our public part inside
290 Key Exhange 1 Payload to the responder. */
292 silc_ske_initiator_phase_2(ctx->ske,
295 silc_server_protocol_ke_send_packet,
299 if (status != SILC_SKE_STATUS_OK) {
300 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
302 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
305 protocol->state = SILC_PROTOCOL_STATE_ERROR;
306 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
310 /* Advance protocol state and call the next state if we are responder */
312 if (ctx->responder == TRUE)
313 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
321 if (ctx->responder == TRUE) {
322 /* This creates the key exchange material and sends our
323 public parts to the initiator inside Key Exchange 2 Payload. */
325 silc_ske_responder_finish(ctx->ske,
326 server->public_key, server->private_key,
327 SILC_SKE_PK_TYPE_SILC,
328 silc_server_protocol_ke_send_packet,
331 /* Finish the protocol. This verifies the Key Exchange 2 payload
332 sent by responder. */
333 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
334 NULL, NULL, NULL, NULL);
337 if (status != SILC_SKE_STATUS_OK) {
338 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
340 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
343 protocol->state = SILC_PROTOCOL_STATE_ERROR;
344 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
348 /* Send Ok to the other end. We will end the protocol as responder
349 sends Ok to us when we will take the new keys into use. */
350 if (ctx->responder == FALSE)
351 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
353 /* End the protocol on the next round */
354 protocol->state = SILC_PROTOCOL_STATE_END;
358 case SILC_PROTOCOL_STATE_END:
363 SilcSKEKeyMaterial *keymat;
364 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
365 int hash_len = ctx->ske->prop->hash->hash->hash_len;
367 /* Process the key material */
368 keymat = silc_calloc(1, sizeof(*keymat));
369 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
371 if (status != SILC_SKE_STATUS_OK) {
372 protocol->state = SILC_PROTOCOL_STATE_ERROR;
373 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
374 silc_ske_free_key_material(keymat);
377 ctx->keymat = keymat;
379 /* Send Ok to the other end if we are responder. If we are initiator
380 we have sent this already. */
381 if (ctx->responder == TRUE)
382 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
384 /* Unregister the timeout task since the protocol has ended.
385 This was the timeout task to be executed if the protocol is
386 not completed fast enough. */
387 if (ctx->timeout_task)
388 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
390 /* Call the final callback */
391 if (protocol->final_callback)
392 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
394 silc_protocol_free(protocol);
398 case SILC_PROTOCOL_STATE_ERROR:
403 /* Send abort notification */
404 silc_ske_abort(ctx->ske, ctx->ske->status,
405 silc_server_protocol_ke_send_packet,
408 /* Unregister the timeout task since the protocol has ended.
409 This was the timeout task to be executed if the protocol is
410 not completed fast enough. */
411 if (ctx->timeout_task)
412 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
414 /* On error the final callback is always called. */
415 if (protocol->final_callback)
416 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
418 silc_protocol_free(protocol);
421 case SILC_PROTOCOL_STATE_FAILURE:
423 * We have received failure from remote
426 /* Unregister the timeout task since the protocol has ended.
427 This was the timeout task to be executed if the protocol is
428 not completed fast enough. */
429 if (ctx->timeout_task)
430 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
432 /* On error the final callback is always called. */
433 if (protocol->final_callback)
434 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
436 silc_protocol_free(protocol);
439 case SILC_PROTOCOL_STATE_UNKNOWN:
445 * Connection Authentication protocol functions
449 silc_server_password_authentication(SilcServer server, char *auth1,
452 if (!auth1 || !auth2)
455 if (!memcmp(auth1, auth2, strlen(auth1)))
462 silc_server_public_key_authentication(SilcServer server,
463 SilcPublicKey pub_key,
472 if (!pub_key || !sign)
475 silc_pkcs_alloc(pub_key->name, &pkcs);
476 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
477 silc_pkcs_free(pkcs);
481 /* Make the authentication data. Protocol says it is HASH plus
483 len = ske->hash_len + ske->start_payload_copy->len;
484 auth = silc_buffer_alloc(len);
485 silc_buffer_pull_tail(auth, len);
486 silc_buffer_format(auth,
487 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
488 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
489 ske->start_payload_copy->len),
492 /* Verify signature */
493 if (silc_pkcs_verify(pkcs, sign, sign_len, auth->data, auth->len)) {
494 silc_pkcs_free(pkcs);
495 silc_buffer_free(auth);
499 silc_pkcs_free(pkcs);
500 silc_buffer_free(auth);
505 silc_server_get_public_key_auth(SilcServer server,
506 SilcPublicKey pub_key,
507 unsigned char *auth_data,
508 uint32 *auth_data_len,
518 silc_pkcs_alloc(pub_key->name, &pkcs);
519 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
520 silc_pkcs_free(pkcs);
524 /* Make the authentication data. Protocol says it is HASH plus
526 len = ske->hash_len + ske->start_payload_copy->len;
527 auth = silc_buffer_alloc(len);
528 silc_buffer_pull_tail(auth, len);
529 silc_buffer_format(auth,
530 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
531 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
532 ske->start_payload_copy->len),
535 if (silc_pkcs_sign(pkcs, auth->data, auth->len, auth_data, auth_data_len)) {
536 silc_pkcs_free(pkcs);
537 silc_buffer_free(auth);
541 silc_pkcs_free(pkcs);
542 silc_buffer_free(auth);
546 /* Performs connection authentication protocol. If responder, we
547 authenticate the remote data received. If initiator, we will send
548 authentication data to the remote end. */
550 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
552 SilcProtocol protocol = (SilcProtocol)context;
553 SilcServerConnAuthInternalContext *ctx =
554 (SilcServerConnAuthInternalContext *)protocol->context;
555 SilcServer server = (SilcServer)ctx->server;
557 SILC_LOG_DEBUG(("Start"));
559 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
560 protocol->state = SILC_PROTOCOL_STATE_START;
562 SILC_LOG_DEBUG(("State=%d", protocol->state));
564 switch(protocol->state) {
565 case SILC_PROTOCOL_STATE_START:
571 if (ctx->responder == TRUE) {
573 * We are receiving party
578 unsigned char *auth_data = NULL;
580 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
581 ctx->sock->hostname, ctx->sock->ip));
583 /* Parse the received authentication data packet. The received
584 payload is Connection Auth Payload. */
585 ret = silc_buffer_unformat(ctx->packet->buffer,
586 SILC_STR_UI_SHORT(&payload_len),
587 SILC_STR_UI_SHORT(&conn_type),
590 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
591 protocol->state = SILC_PROTOCOL_STATE_ERROR;
592 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
596 if (payload_len != ctx->packet->buffer->len) {
597 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
598 protocol->state = SILC_PROTOCOL_STATE_ERROR;
599 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
605 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
606 conn_type > SILC_SOCKET_TYPE_ROUTER) {
607 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
608 protocol->state = SILC_PROTOCOL_STATE_ERROR;
609 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
613 if (payload_len > 0) {
614 /* Get authentication data */
615 silc_buffer_pull(ctx->packet->buffer, 4);
616 ret = silc_buffer_unformat(ctx->packet->buffer,
617 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
621 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
622 protocol->state = SILC_PROTOCOL_STATE_ERROR;
623 protocol->execute(server->timeout_queue, 0,
624 protocol, fd, 0, 300000);
630 * Check the remote connection type and make sure that we have
631 * configured this connection. If we haven't allowed this connection
632 * the authentication must be failed.
635 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
637 /* Remote end is client */
638 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
639 SilcServerConfigSectionClientConnection *client = NULL;
640 client = silc_server_config_find_client_conn(server->config,
644 client = silc_server_config_find_client_conn(server->config,
649 switch(client->auth_meth) {
651 /* No authentication required */
652 SILC_LOG_DEBUG(("No authentication required"));
655 case SILC_AUTH_PASSWORD:
656 /* Password authentication */
657 SILC_LOG_DEBUG(("Password authentication"));
658 ret = silc_server_password_authentication(server, auth_data,
664 /* Authentication failed */
665 SILC_LOG_ERROR(("Authentication failed"));
666 SILC_LOG_DEBUG(("Authentication failed"));
667 silc_free(auth_data);
668 protocol->state = SILC_PROTOCOL_STATE_ERROR;
669 protocol->execute(server->timeout_queue, 0,
670 protocol, fd, 0, 300000);
674 case SILC_AUTH_PUBLIC_KEY:
675 /* Public key authentication */
676 SILC_LOG_DEBUG(("Public key authentication"));
677 ret = silc_server_public_key_authentication(server,
686 SILC_LOG_ERROR(("Authentication failed"));
687 SILC_LOG_DEBUG(("Authentication failed"));
688 silc_free(auth_data);
689 protocol->state = SILC_PROTOCOL_STATE_ERROR;
690 protocol->execute(server->timeout_queue, 0,
691 protocol, fd, 0, 300000);
695 SILC_LOG_DEBUG(("No configuration for remote connection"));
696 SILC_LOG_ERROR(("Remote connection not configured"));
697 SILC_LOG_ERROR(("Authentication failed"));
698 silc_free(auth_data);
699 protocol->state = SILC_PROTOCOL_STATE_ERROR;
700 protocol->execute(server->timeout_queue, 0,
701 protocol, fd, 0, 300000);
706 /* Remote end is server */
707 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
708 SilcServerConfigSectionServerConnection *serv = NULL;
709 serv = silc_server_config_find_server_conn(server->config,
713 serv = silc_server_config_find_server_conn(server->config,
718 switch(serv->auth_meth) {
720 /* No authentication required */
721 SILC_LOG_DEBUG(("No authentication required"));
724 case SILC_AUTH_PASSWORD:
725 /* Password authentication */
726 SILC_LOG_DEBUG(("Password authentication"));
727 ret = silc_server_password_authentication(server, auth_data,
733 /* Authentication failed */
734 SILC_LOG_ERROR(("Authentication failed"));
735 SILC_LOG_DEBUG(("Authentication failed"));
736 silc_free(auth_data);
737 protocol->state = SILC_PROTOCOL_STATE_ERROR;
738 protocol->execute(server->timeout_queue, 0,
739 protocol, fd, 0, 300000);
743 case SILC_AUTH_PUBLIC_KEY:
744 /* Public key authentication */
745 SILC_LOG_DEBUG(("Public key authentication"));
746 ret = silc_server_public_key_authentication(server,
755 SILC_LOG_ERROR(("Authentication failed"));
756 SILC_LOG_DEBUG(("Authentication failed"));
757 silc_free(auth_data);
758 protocol->state = SILC_PROTOCOL_STATE_ERROR;
759 protocol->execute(server->timeout_queue, 0,
760 protocol, fd, 0, 300000);
764 SILC_LOG_DEBUG(("No configuration for remote connection"));
765 SILC_LOG_ERROR(("Remote connection not configured"));
766 SILC_LOG_ERROR(("Authentication failed"));
767 protocol->state = SILC_PROTOCOL_STATE_ERROR;
768 protocol->execute(server->timeout_queue, 0,
769 protocol, fd, 0, 300000);
770 silc_free(auth_data);
775 /* Remote end is router */
776 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
777 SilcServerConfigSectionServerConnection *serv = NULL;
778 serv = silc_server_config_find_router_conn(server->config,
782 serv = silc_server_config_find_router_conn(server->config,
787 switch(serv->auth_meth) {
789 /* No authentication required */
790 SILC_LOG_DEBUG(("No authentication required"));
793 case SILC_AUTH_PASSWORD:
794 /* Password authentication */
795 SILC_LOG_DEBUG(("Password authentication"));
796 ret = silc_server_password_authentication(server, auth_data,
802 /* Authentication failed */
803 SILC_LOG_ERROR(("Authentication failed"));
804 SILC_LOG_DEBUG(("Authentication failed"));
805 silc_free(auth_data);
806 protocol->state = SILC_PROTOCOL_STATE_ERROR;
807 protocol->execute(server->timeout_queue, 0,
808 protocol, fd, 0, 300000);
812 case SILC_AUTH_PUBLIC_KEY:
813 /* Public key authentication */
814 SILC_LOG_DEBUG(("Public key authentication"));
815 ret = silc_server_public_key_authentication(server,
824 SILC_LOG_ERROR(("Authentication failed"));
825 SILC_LOG_DEBUG(("Authentication failed"));
826 silc_free(auth_data);
827 protocol->state = SILC_PROTOCOL_STATE_ERROR;
828 protocol->execute(server->timeout_queue, 0,
829 protocol, fd, 0, 300000);
833 SILC_LOG_DEBUG(("No configuration for remote connection"));
834 SILC_LOG_ERROR(("Remote connection not configured"));
835 SILC_LOG_ERROR(("Authentication failed"));
836 silc_free(auth_data);
837 protocol->state = SILC_PROTOCOL_STATE_ERROR;
838 protocol->execute(server->timeout_queue, 0,
839 protocol, fd, 0, 300000);
844 silc_free(auth_data);
846 /* Save connection type. This is later used to create the
847 ID for the connection. */
848 ctx->conn_type = conn_type;
850 /* Advance protocol state. */
851 protocol->state = SILC_PROTOCOL_STATE_END;
852 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
856 * We are initiator. We are authenticating ourselves to a
857 * remote server. We will send the authentication data to the
858 * other end for verify.
862 unsigned char *auth_data = NULL;
863 uint32 auth_data_len = 0;
865 switch(ctx->auth_meth) {
867 /* No authentication required */
870 case SILC_AUTH_PASSWORD:
871 /* Password authentication */
872 if (ctx->auth_data && ctx->auth_data_len) {
873 auth_data = strdup(ctx->auth_data);
874 auth_data_len = ctx->auth_data_len;
879 case SILC_AUTH_PUBLIC_KEY:
881 unsigned char sign[1024];
883 /* Public key authentication */
884 silc_server_get_public_key_auth(server, ctx->auth_data,
885 sign, &auth_data_len,
887 auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
888 memcpy(auth_data, sign, auth_data_len);
893 payload_len = 4 + auth_data_len;
894 packet = silc_buffer_alloc(payload_len);
895 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
896 silc_buffer_format(packet,
897 SILC_STR_UI_SHORT(payload_len),
898 SILC_STR_UI_SHORT(server->server_type
900 SILC_SOCKET_TYPE_SERVER :
901 SILC_SOCKET_TYPE_ROUTER),
902 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
905 /* Send the packet to server */
906 silc_server_packet_send(server, ctx->sock,
907 SILC_PACKET_CONNECTION_AUTH, 0,
908 packet->data, packet->len, TRUE);
911 memset(auth_data, 0, auth_data_len);
912 silc_free(auth_data);
914 silc_buffer_free(packet);
916 /* Next state is end of protocol */
917 protocol->state = SILC_PROTOCOL_STATE_END;
922 case SILC_PROTOCOL_STATE_END:
929 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
931 /* Authentication successful */
932 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
935 /* Unregister the timeout task since the protocol has ended.
936 This was the timeout task to be executed if the protocol is
937 not completed fast enough. */
938 if (ctx->timeout_task)
939 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
941 /* Protocol has ended, call the final callback */
942 if (protocol->final_callback)
943 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
945 silc_protocol_free(protocol);
948 case SILC_PROTOCOL_STATE_ERROR:
951 * Error. Send notify to remote.
953 unsigned char error[4];
955 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
957 /* Authentication failed */
958 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
961 /* Unregister the timeout task since the protocol has ended.
962 This was the timeout task to be executed if the protocol is
963 not completed fast enough. */
964 if (ctx->timeout_task)
965 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
967 /* On error the final callback is always called. */
968 if (protocol->final_callback)
969 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
971 silc_protocol_free(protocol);
975 case SILC_PROTOCOL_STATE_FAILURE:
977 * We have received failure from remote
980 /* Unregister the timeout task since the protocol has ended.
981 This was the timeout task to be executed if the protocol is
982 not completed fast enough. */
983 if (ctx->timeout_task)
984 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
986 /* On error the final callback is always called. */
987 if (protocol->final_callback)
988 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
990 silc_protocol_free(protocol);
993 case SILC_PROTOCOL_STATE_UNKNOWN:
999 * Re-key protocol routines
1002 /* Actually takes the new keys into use. */
1005 silc_server_protocol_rekey_validate(SilcServer server,
1006 SilcServerRekeyInternalContext *ctx,
1007 SilcIDListData idata,
1008 SilcSKEKeyMaterial *keymat)
1010 if (ctx->responder == TRUE) {
1011 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1012 keymat->enc_key_len);
1013 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1014 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1015 keymat->enc_key_len);
1016 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1018 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1019 keymat->enc_key_len);
1020 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1021 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1022 keymat->enc_key_len);
1023 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1026 silc_hmac_set_key(idata->hmac, keymat->hmac_key, keymat->hmac_key_len);
1028 /* Save the current sending encryption key */
1029 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1030 silc_free(idata->rekey->send_enc_key);
1031 idata->rekey->send_enc_key =
1032 silc_calloc(keymat->enc_key_len / 8,
1033 sizeof(*idata->rekey->send_enc_key));
1034 memcpy(idata->rekey->send_enc_key, keymat->send_enc_key,
1035 keymat->enc_key_len / 8);
1036 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1039 /* This function actually re-generates (when not using PFS) the keys and
1040 takes them into use. */
1042 void silc_server_protocol_rekey_generate(SilcServer server,
1043 SilcServerRekeyInternalContext *ctx)
1045 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1046 SilcSKEKeyMaterial *keymat;
1047 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1048 uint32 hash_len = idata->hash->hash->hash_len;
1050 SILC_LOG_DEBUG(("Generating new session keys (no PFS)"));
1052 /* Generate the new key */
1053 keymat = silc_calloc(1, sizeof(*keymat));
1054 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1055 idata->rekey->enc_key_len,
1056 16, key_len, hash_len,
1057 idata->hash, keymat);
1059 /* Set the keys into use */
1060 silc_server_protocol_rekey_validate(server, ctx, idata, keymat);
1062 silc_ske_free_key_material(keymat);
1065 /* This function actually re-generates (with PFS) the keys and
1066 takes them into use. */
1069 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1070 SilcServerRekeyInternalContext *ctx)
1072 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1073 SilcSKEKeyMaterial *keymat;
1074 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1075 uint32 hash_len = idata->hash->hash->hash_len;
1076 unsigned char *tmpbuf;
1079 SILC_LOG_DEBUG(("Generating new session keys (with PFS)"));
1081 /* Encode KEY to binary data */
1082 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1084 /* Generate the new key */
1085 keymat = silc_calloc(1, sizeof(*keymat));
1086 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1087 idata->hash, keymat);
1089 /* Set the keys into use */
1090 silc_server_protocol_rekey_validate(server, ctx, idata, keymat);
1092 memset(tmpbuf, 0, klen);
1094 silc_ske_free_key_material(keymat);
1097 /* Packet sending callback. This function is provided as packet sending
1098 routine to the Key Exchange functions. */
1101 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1103 SilcPacketType type,
1106 SilcProtocol protocol = (SilcProtocol)context;
1107 SilcServerRekeyInternalContext *ctx =
1108 (SilcServerRekeyInternalContext *)protocol->context;
1109 SilcServer server = (SilcServer)ctx->server;
1111 /* Send the packet immediately */
1112 silc_server_packet_send(server, ctx->sock,
1113 type, 0, packet->data, packet->len, FALSE);
1116 /* Performs re-key as defined in the SILC protocol specification. */
1118 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1120 SilcProtocol protocol = (SilcProtocol)context;
1121 SilcServerRekeyInternalContext *ctx =
1122 (SilcServerRekeyInternalContext *)protocol->context;
1123 SilcServer server = (SilcServer)ctx->server;
1124 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1125 SilcSKEStatus status;
1127 SILC_LOG_DEBUG(("Start"));
1129 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1130 protocol->state = SILC_PROTOCOL_STATE_START;
1132 SILC_LOG_DEBUG(("State=%d", protocol->state));
1134 switch(protocol->state) {
1135 case SILC_PROTOCOL_STATE_START:
1141 if (ctx->responder == TRUE) {
1143 * We are receiving party
1146 if (ctx->pfs == TRUE) {
1148 * Use Perfect Forward Secrecy, ie. negotiate the key material
1149 * using the SKE protocol.
1152 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1153 /* Error in protocol */
1154 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1155 protocol->execute(server->timeout_queue, 0, protocol, fd,
1159 ctx->ske = silc_ske_alloc();
1160 ctx->ske->rng = server->rng;
1161 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1162 silc_ske_get_group_by_number(idata->rekey->ske_group,
1163 &ctx->ske->prop->group);
1165 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
1166 NULL, NULL, NULL, NULL);
1167 if (status != SILC_SKE_STATUS_OK) {
1168 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1171 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1172 protocol->execute(server->timeout_queue, 0,
1173 protocol, fd, 0, 300000);
1177 /* Advance the protocol state */
1179 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
1182 * Do normal and simple re-key.
1185 /* Send the REKEY_DONE to indicate we will take new keys into use */
1186 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1189 /* The protocol ends in next stage. */
1190 protocol->state = SILC_PROTOCOL_STATE_END;
1195 * We are the initiator of this protocol
1198 /* Start the re-key by sending the REKEY packet */
1199 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1202 if (ctx->pfs == TRUE) {
1204 * Use Perfect Forward Secrecy, ie. negotiate the key material
1205 * using the SKE protocol.
1207 ctx->ske = silc_ske_alloc();
1208 ctx->ske->rng = server->rng;
1209 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1210 silc_ske_get_group_by_number(idata->rekey->ske_group,
1211 &ctx->ske->prop->group);
1214 silc_ske_initiator_phase_2(ctx->ske, NULL, NULL,
1215 silc_server_protocol_rekey_send_packet,
1218 if (status != SILC_SKE_STATUS_OK) {
1219 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1222 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1223 protocol->execute(server->timeout_queue, 0,
1224 protocol, fd, 0, 300000);
1228 /* Advance the protocol state */
1232 * Do normal and simple re-key.
1235 /* Send the REKEY_DONE to indicate we will take new keys into use
1237 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1240 /* The protocol ends in next stage. */
1241 protocol->state = SILC_PROTOCOL_STATE_END;
1249 * Second state, used only when oding re-key with PFS.
1251 if (ctx->responder == TRUE) {
1252 if (ctx->pfs == TRUE) {
1254 * Send our KE packe to the initiator now that we've processed
1255 * the initiator's KE packet.
1258 silc_ske_responder_finish(ctx->ske, NULL, NULL,
1259 SILC_SKE_PK_TYPE_SILC,
1260 silc_server_protocol_rekey_send_packet,
1263 if (status != SILC_SKE_STATUS_OK) {
1264 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1267 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1268 protocol->execute(server->timeout_queue, 0,
1269 protocol, fd, 0, 300000);
1275 if (ctx->pfs == TRUE) {
1277 * The packet type must be KE packet
1279 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1280 /* Error in protocol */
1281 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1282 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
1285 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
1286 NULL, NULL, NULL, NULL);
1287 if (status != SILC_SKE_STATUS_OK) {
1288 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1291 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1292 protocol->execute(server->timeout_queue, 0,
1293 protocol, fd, 0, 300000);
1299 /* Send the REKEY_DONE to indicate we will take new keys into use
1301 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1304 /* The protocol ends in next stage. */
1305 protocol->state = SILC_PROTOCOL_STATE_END;
1308 case SILC_PROTOCOL_STATE_END:
1313 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1314 /* Error in protocol */
1315 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1316 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
1319 /* Protocol has ended, call the final callback */
1320 if (protocol->final_callback)
1321 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1323 silc_protocol_free(protocol);
1326 case SILC_PROTOCOL_STATE_ERROR:
1331 if (ctx->pfs == TRUE) {
1332 /* Send abort notification */
1333 silc_ske_abort(ctx->ske, ctx->ske->status,
1334 silc_server_protocol_ke_send_packet,
1338 /* On error the final callback is always called. */
1339 if (protocol->final_callback)
1340 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1342 silc_protocol_free(protocol);
1345 case SILC_PROTOCOL_STATE_FAILURE:
1347 * We have received failure from remote
1350 /* On error the final callback is always called. */
1351 if (protocol->final_callback)
1352 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1354 silc_protocol_free(protocol);
1357 case SILC_PROTOCOL_STATE_UNKNOWN:
1363 /* Registers protocols used in server. */
1365 void silc_server_protocols_register(void)
1367 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1368 silc_server_protocol_connection_auth);
1369 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1370 silc_server_protocol_key_exchange);
1371 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1372 silc_server_protocol_rekey);
1375 /* Unregisters protocols */
1377 void silc_server_protocols_unregister(void)
1379 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1380 silc_server_protocol_connection_auth);
1381 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1382 silc_server_protocol_key_exchange);
1383 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1384 silc_server_protocol_rekey);