5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
39 silc_verify_public_key_internal(SilcServer server, SilcSocketConnection sock,
40 SilcSocketType conn_type,
41 unsigned char *pk, uint32 pk_len,
42 SilcSKEPKType pk_type)
44 char file[256], filename[256], *fingerprint;
47 if (pk_type != SILC_SKE_PK_TYPE_SILC) {
48 SILC_LOG_WARNING(("We don't support %s (%s) port %d public key type %d",
49 sock->hostname, sock->ip, sock->port, pk_type));
53 /* Accept client keys without verification */
54 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
55 SILC_LOG_DEBUG(("Accepting client public key without verification"));
59 /* XXX For now, accept server keys without verification too. We are
60 currently always doing mutual authentication so the proof of posession
61 of the private key is verified, and if server is authenticated in
62 conn auth protocol with public key we MUST have the key already. */
64 /* Rest is unreachable code! */
66 memset(filename, 0, sizeof(filename));
67 memset(file, 0, sizeof(file));
68 snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", sock->hostname,
70 snprintf(filename, sizeof(filename) - 1, SILC_ETCDIR "/serverkeys/%s",
73 /* Create serverkeys directory if it doesn't exist. */
74 if (stat(SILC_ETCDIR "/serverkeys", &st) < 0) {
75 /* If dir doesn't exist */
76 if (errno == ENOENT) {
77 if (mkdir(SILC_ETCDIR "/serverkeys", 0755) < 0) {
78 SILC_LOG_ERROR(("Couldn't create `%s' directory\n",
79 SILC_ETCDIR "/serverkeys"));
83 SILC_LOG_ERROR(("%s\n", strerror(errno)));
88 /* Take fingerprint of the public key */
89 fingerprint = silc_hash_fingerprint(NULL, pk, pk_len);
90 SILC_LOG_DEBUG(("Received server %s (%s) port %d public key (%s)",
91 sock->hostname, sock->ip, sock->port, fingerprint));
92 silc_free(fingerprint);
94 /* Check whether this key already exists */
95 if (stat(filename, &st) < 0) {
96 /* We don't have it, then cache it. */
97 SILC_LOG_DEBUG(("New public key from server"));
99 silc_pkcs_save_public_key_data(filename, pk, pk_len,
103 /* The key already exists, verify it. */
104 SilcPublicKey public_key;
105 unsigned char *encpk;
108 SILC_LOG_DEBUG(("We have the public key saved locally"));
110 /* Load the key file */
111 if (!silc_pkcs_load_public_key(filename, &public_key,
113 if (!silc_pkcs_load_public_key(filename, &public_key,
114 SILC_PKCS_FILE_BIN)) {
115 SILC_LOG_WARNING(("Could not load local copy of the %s (%s) port %d "
116 "server public key", sock->hostname, sock->ip,
119 /* Save the key for future checking */
121 silc_pkcs_save_public_key_data(filename, pk, pk_len,
126 /* Encode the key data */
127 encpk = silc_pkcs_public_key_encode(public_key, &encpk_len);
129 SILC_LOG_WARNING(("Local copy of the server %s (%s) port %d public key "
130 "is malformed", sock->hostname, sock->ip, sock->port));
132 /* Save the key for future checking */
134 silc_pkcs_save_public_key_data(filename, pk, pk_len, SILC_PKCS_FILE_PEM);
138 if (memcmp(pk, encpk, encpk_len)) {
139 SILC_LOG_WARNING(("%s (%s) port %d server public key does not match "
140 "with local copy", sock->hostname, sock->ip,
142 SILC_LOG_WARNING(("It is possible that the key has expired or changed"));
143 SILC_LOG_WARNING(("It is also possible that some one is performing "
144 "man-in-the-middle attack"));
145 SILC_LOG_WARNING(("Will not accept the server %s (%s) port %d public "
147 sock->hostname, sock->ip, sock->port));
151 /* Local copy matched */
156 /* Callback that is called when we have received KE2 payload from
157 responder. We try to verify the public key now. */
160 silc_server_protocol_ke_verify_key(SilcSKE ske,
161 unsigned char *pk_data,
163 SilcSKEPKType pk_type,
165 SilcSKEVerifyCbCompletion completion,
166 void *completion_context)
168 SilcProtocol protocol = (SilcProtocol)context;
169 SilcServerKEInternalContext *ctx =
170 (SilcServerKEInternalContext *)protocol->context;
171 SilcServer server = (SilcServer)ctx->server;
173 SILC_LOG_DEBUG(("Start"));
175 if (silc_verify_public_key_internal(server, ctx->sock,
176 (ctx->responder == FALSE ?
177 SILC_SOCKET_TYPE_ROUTER:
178 ctx->sconfig ? SILC_SOCKET_TYPE_SERVER :
179 ctx->rconfig ? SILC_SOCKET_TYPE_ROUTER :
180 SILC_SOCKET_TYPE_CLIENT),
181 pk_data, pk_len, pk_type))
182 completion(ske, SILC_SKE_STATUS_OK, completion_context);
184 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
188 /* Packet sending callback. This function is provided as packet sending
189 routine to the Key Exchange functions. */
191 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
196 SilcProtocol protocol = (SilcProtocol)context;
197 SilcServerKEInternalContext *ctx =
198 (SilcServerKEInternalContext *)protocol->context;
199 SilcServer server = (SilcServer)ctx->server;
201 /* Send the packet immediately */
202 silc_server_packet_send(server, ske->sock,
203 type, 0, packet->data, packet->len, TRUE);
206 /* Sets the negotiated key material into use for particular connection. */
208 int silc_server_protocol_ke_set_keys(SilcServer server,
210 SilcSocketConnection sock,
211 SilcSKEKeyMaterial *keymat,
216 SilcSKEDiffieHellmanGroup group,
219 SilcUnknownEntry conn_data;
220 SilcIDListData idata;
222 SILC_LOG_DEBUG(("Setting new key into use"));
224 conn_data = silc_calloc(1, sizeof(*conn_data));
225 idata = (SilcIDListData)conn_data;
227 /* Allocate cipher to be used in the communication */
228 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
229 silc_free(conn_data);
232 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
233 silc_free(conn_data);
237 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
238 &idata->hmac_send)) {
239 silc_cipher_free(idata->send_key);
240 silc_cipher_free(idata->receive_key);
241 silc_free(conn_data);
245 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
246 &idata->hmac_receive)) {
247 silc_cipher_free(idata->send_key);
248 silc_cipher_free(idata->receive_key);
249 silc_hmac_free(idata->hmac_send);
250 silc_free(conn_data);
254 if (is_responder == TRUE) {
255 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
256 keymat->enc_key_len);
257 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
258 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
259 keymat->enc_key_len);
260 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
261 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
262 keymat->hmac_key_len);
263 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
264 keymat->hmac_key_len);
266 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
267 keymat->enc_key_len);
268 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
269 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
270 keymat->enc_key_len);
271 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
272 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
273 keymat->hmac_key_len);
274 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
275 keymat->hmac_key_len);
278 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
279 idata->rekey->send_enc_key =
280 silc_calloc(keymat->enc_key_len / 8,
281 sizeof(*idata->rekey->send_enc_key));
282 memcpy(idata->rekey->send_enc_key,
283 keymat->send_enc_key, keymat->enc_key_len / 8);
284 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
286 if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
287 idata->rekey->pfs = TRUE;
288 idata->rekey->ske_group = silc_ske_group_get_number(group);
291 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
292 silc_cipher_free(idata->send_key);
293 silc_cipher_free(idata->receive_key);
294 silc_hmac_free(idata->hmac_send);
295 silc_hmac_free(idata->hmac_receive);
296 silc_free(conn_data);
300 /* Save the remote host's public key */
301 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
302 ske->ke1_payload->pk_len, &idata->public_key);
303 if (ske->prop->flags & SILC_SKE_SP_FLAG_MUTUAL)
304 silc_hash_make(server->sha1hash, ske->ke1_payload->pk_data,
305 ske->ke1_payload->pk_len, idata->fingerprint);
307 sock->user_data = (void *)conn_data;
309 SILC_LOG_INFO(("%s (%s) security properties: %s %s %s",
310 sock->hostname, sock->ip,
311 idata->send_key->cipher->name,
312 (char *)silc_hmac_get_name(idata->hmac_send),
313 idata->hash->hash->name));
318 /* Check remote host version string */
320 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
321 uint32 len, void *context)
323 SilcSKEStatus status = SILC_SKE_STATUS_OK;
325 int maj = 0, min = 0, build = 0, maj2 = 0, min2 = 0, build2 = 0;
327 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
328 ske->sock->ip, version));
330 /* Check for initial version string */
331 if (!strstr(version, "SILC-1.0-"))
332 status = SILC_SKE_STATUS_BAD_VERSION;
334 /* Check software version */
338 status = SILC_SKE_STATUS_BAD_VERSION;
341 cp = strchr(cp, '.');
347 cp = strchr(cp, '.');
349 build = atoi(cp + 1);
352 cp = silc_version_string + 9;
354 status = SILC_SKE_STATUS_BAD_VERSION;
357 cp = strchr(cp, '.');
363 cp = strchr(cp, '.');
365 build2 = atoi(cp + 1);
369 status = SILC_SKE_STATUS_BAD_VERSION;
372 status = SILC_SKE_STATUS_BAD_VERSION;
375 /* XXX < 0.6 is not allowed */
376 if (maj == 0 && min < 5)
377 status = SILC_SKE_STATUS_BAD_VERSION;
379 /* XXX backward support for 0.6.1 */
380 if (maj == 0 && min == 6 && build < 2)
381 ske->backward_version = 1;
386 /* Callback that is called by the SKE to indicate that it is safe to
387 continue the execution of the protocol. This is used only if we are
388 initiator. Is given as argument to the silc_ske_initiator_finish or
389 silc_ske_responder_phase_2 functions. This is called due to the fact
390 that the public key verification process is asynchronous and we must
391 not continue the protocl until the public key has been verified and
392 this callback is called. */
394 static void silc_server_protocol_ke_continue(SilcSKE ske, void *context)
396 SilcProtocol protocol = (SilcProtocol)context;
397 SilcServerKEInternalContext *ctx =
398 (SilcServerKEInternalContext *)protocol->context;
399 SilcServer server = (SilcServer)ctx->server;
401 SILC_LOG_DEBUG(("Start"));
403 if (ske->status != SILC_SKE_STATUS_OK) {
404 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
405 silc_ske_map_status(ske->status)));
406 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
407 silc_ske_map_status(ske->status)));
409 protocol->state = SILC_PROTOCOL_STATE_ERROR;
410 silc_protocol_execute(protocol, server->schedule, 0, 300000);
414 /* Send Ok to the other end. We will end the protocol as responder
415 sends Ok to us when we will take the new keys into use. */
416 if (ctx->responder == FALSE) {
417 silc_ske_end(ctx->ske);
419 /* End the protocol on the next round */
420 protocol->state = SILC_PROTOCOL_STATE_END;
423 /* Advance protocol state and call the next state if we are responder.
424 This happens when this callback was sent to silc_ske_responder_phase_2
426 if (ctx->responder == TRUE) {
428 silc_protocol_execute(protocol, server->schedule, 0, 100000);
432 /* Performs key exchange protocol. This is used for both initiator
433 and responder key exchange. This is performed always when accepting
434 new connection to the server. This may be called recursively. */
436 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
438 SilcProtocol protocol = (SilcProtocol)context;
439 SilcServerKEInternalContext *ctx =
440 (SilcServerKEInternalContext *)protocol->context;
441 SilcServer server = (SilcServer)ctx->server;
442 SilcSKEStatus status = SILC_SKE_STATUS_OK;
444 SILC_LOG_DEBUG(("Start"));
446 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
447 protocol->state = SILC_PROTOCOL_STATE_START;
449 SILC_LOG_DEBUG(("State=%d", protocol->state));
451 switch(protocol->state) {
452 case SILC_PROTOCOL_STATE_START:
459 /* Allocate Key Exchange object */
460 ske = silc_ske_alloc();
462 ske->rng = server->rng;
464 silc_ske_set_callbacks(ske, silc_server_protocol_ke_send_packet, NULL,
465 silc_server_protocol_ke_verify_key,
466 silc_server_protocol_ke_continue,
467 silc_ske_check_version, context);
469 if (ctx->responder == TRUE) {
470 /* Start the key exchange by processing the received security
471 properties packet from initiator. */
472 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
474 ctx->packet->buffer, TRUE);
476 SilcSKEStartPayload *start_payload;
478 /* Assemble security properties. */
479 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_MUTUAL,
483 /* Start the key exchange by sending our security properties
484 to the remote end. */
485 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
489 /* Return now if the procedure is pending. */
490 if (status == SILC_SKE_STATUS_PENDING)
493 if (status != SILC_SKE_STATUS_OK) {
494 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
495 silc_ske_map_status(status)));
496 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
497 silc_ske_map_status(status)));
499 protocol->state = SILC_PROTOCOL_STATE_ERROR;
500 silc_protocol_execute(protocol, server->schedule, 0, 300000);
504 /* Advance protocol state and call the next state if we are responder */
506 if (ctx->responder == TRUE)
507 silc_protocol_execute(protocol, server->schedule, 0, 100000);
515 if (ctx->responder == TRUE) {
516 /* Sends the selected security properties to the initiator. */
517 status = silc_ske_responder_phase_1(ctx->ske,
518 ctx->ske->start_payload);
520 /* Call Phase-1 function. This processes the Key Exchange Start
521 paylaod reply we just got from the responder. The callback
522 function will receive the processed payload where we will
524 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer);
527 /* Return now if the procedure is pending. */
528 if (status == SILC_SKE_STATUS_PENDING)
531 if (status != SILC_SKE_STATUS_OK) {
532 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
533 silc_ske_map_status(status)));
534 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
535 silc_ske_map_status(status)));
537 protocol->state = SILC_PROTOCOL_STATE_ERROR;
538 silc_protocol_execute(protocol, server->schedule, 0, 300000);
542 /* Advance protocol state and call next state if we are initiator */
544 if (ctx->responder == FALSE)
545 silc_protocol_execute(protocol, server->schedule, 0, 100000);
553 if (ctx->responder == TRUE) {
554 /* Process the received Key Exchange 1 Payload packet from
555 the initiator. This also creates our parts of the Diffie
556 Hellman algorithm. The silc_server_protocol_ke_continue
557 will be called after the public key has been verified. */
558 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
560 /* Call the Phase-2 function. This creates Diffie Hellman
561 key exchange parameters and sends our public part inside
562 Key Exhange 1 Payload to the responder. */
563 status = silc_ske_initiator_phase_2(ctx->ske,
565 server->private_key);
569 /* Return now if the procedure is pending. */
570 if (status == SILC_SKE_STATUS_PENDING)
573 if (status != SILC_SKE_STATUS_OK) {
574 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
575 silc_ske_map_status(status)));
576 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
577 silc_ske_map_status(status)));
579 protocol->state = SILC_PROTOCOL_STATE_ERROR;
580 silc_protocol_execute(protocol, server->schedule, 0, 300000);
590 if (ctx->responder == TRUE) {
591 /* This creates the key exchange material and sends our
592 public parts to the initiator inside Key Exchange 2 Payload. */
593 status = silc_ske_responder_finish(ctx->ske,
596 SILC_SKE_PK_TYPE_SILC);
598 /* End the protocol on the next round */
599 protocol->state = SILC_PROTOCOL_STATE_END;
601 /* Finish the protocol. This verifies the Key Exchange 2 payload
602 sent by responder. The silc_server_protocol_ke_continue will
603 be called after the public key has been verified. */
604 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
607 /* Return now if the procedure is pending. */
608 if (status == SILC_SKE_STATUS_PENDING)
611 if (status != SILC_SKE_STATUS_OK) {
612 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
613 silc_ske_map_status(status)));
614 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
615 silc_ske_map_status(status)));
617 protocol->state = SILC_PROTOCOL_STATE_ERROR;
618 silc_protocol_execute(protocol, server->schedule, 0, 300000);
624 case SILC_PROTOCOL_STATE_END:
629 SilcSKEKeyMaterial *keymat;
630 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
631 int hash_len = ctx->ske->prop->hash->hash->hash_len;
633 /* Process the key material */
634 keymat = silc_calloc(1, sizeof(*keymat));
635 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
637 if (status != SILC_SKE_STATUS_OK) {
638 protocol->state = SILC_PROTOCOL_STATE_ERROR;
639 silc_protocol_execute(protocol, server->schedule, 0, 300000);
640 silc_ske_free_key_material(keymat);
643 ctx->keymat = keymat;
645 /* Send Ok to the other end if we are responder. If we are initiator
646 we have sent this already. */
647 if (ctx->responder == TRUE)
648 silc_ske_end(ctx->ske);
650 /* Unregister the timeout task since the protocol has ended.
651 This was the timeout task to be executed if the protocol is
652 not completed fast enough. */
653 if (ctx->timeout_task)
654 silc_schedule_task_del(server->schedule, ctx->timeout_task);
656 /* Assure that after calling final callback there cannot be pending
657 executions for this protocol anymore. This just unregisters any
658 timeout callbacks for this protocol. */
659 silc_protocol_cancel(protocol, server->schedule);
661 /* Call the final callback */
662 if (protocol->final_callback)
663 silc_protocol_execute_final(protocol, server->schedule);
665 silc_protocol_free(protocol);
669 case SILC_PROTOCOL_STATE_ERROR:
674 /* Send abort notification */
675 silc_ske_abort(ctx->ske, ctx->ske->status);
677 /* Unregister the timeout task since the protocol has ended.
678 This was the timeout task to be executed if the protocol is
679 not completed fast enough. */
680 if (ctx->timeout_task)
681 silc_schedule_task_del(server->schedule, ctx->timeout_task);
683 /* Assure that after calling final callback there cannot be pending
684 executions for this protocol anymore. This just unregisters any
685 timeout callbacks for this protocol. */
686 silc_protocol_cancel(protocol, server->schedule);
688 /* On error the final callback is always called. */
689 if (protocol->final_callback)
690 silc_protocol_execute_final(protocol, server->schedule);
692 silc_protocol_free(protocol);
695 case SILC_PROTOCOL_STATE_FAILURE:
697 * We have received failure from remote
700 /* Unregister the timeout task since the protocol has ended.
701 This was the timeout task to be executed if the protocol is
702 not completed fast enough. */
703 if (ctx->timeout_task)
704 silc_schedule_task_del(server->schedule, ctx->timeout_task);
706 /* Assure that after calling final callback there cannot be pending
707 executions for this protocol anymore. This just unregisters any
708 timeout callbacks for this protocol. */
709 silc_protocol_cancel(protocol, server->schedule);
711 /* On error the final callback is always called. */
712 if (protocol->final_callback)
713 silc_protocol_execute_final(protocol, server->schedule);
715 silc_protocol_free(protocol);
718 case SILC_PROTOCOL_STATE_UNKNOWN:
724 * Connection Authentication protocol functions
728 silc_server_password_authentication(SilcServer server, char *remote_auth,
731 if (!remote_auth || !local_auth)
734 if (!memcmp(remote_auth, local_auth, strlen(local_auth)))
741 silc_server_public_key_authentication(SilcServer server,
742 SilcPublicKey pub_key,
751 if (!pub_key || !sign)
754 silc_pkcs_alloc(pub_key->name, &pkcs);
755 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
756 silc_pkcs_free(pkcs);
760 /* Make the authentication data. Protocol says it is HASH plus
762 len = ske->hash_len + ske->start_payload_copy->len;
763 auth = silc_buffer_alloc(len);
764 silc_buffer_pull_tail(auth, len);
765 silc_buffer_format(auth,
766 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
767 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
768 ske->start_payload_copy->len),
771 /* Verify signature */
772 if (silc_pkcs_verify_with_hash(pkcs, ske->prop->hash, sign, sign_len,
773 auth->data, auth->len)) {
774 silc_pkcs_free(pkcs);
775 silc_buffer_free(auth);
779 silc_pkcs_free(pkcs);
780 silc_buffer_free(auth);
785 silc_server_get_public_key_auth(SilcServer server,
786 unsigned char *auth_data,
787 uint32 *auth_data_len,
796 /* Make the authentication data. Protocol says it is HASH plus
798 len = ske->hash_len + ske->start_payload_copy->len;
799 auth = silc_buffer_alloc(len);
800 silc_buffer_pull_tail(auth, len);
801 silc_buffer_format(auth,
802 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
803 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
804 ske->start_payload_copy->len),
807 if (silc_pkcs_sign_with_hash(pkcs, ske->prop->hash, auth->data,
808 auth->len, auth_data, auth_data_len)) {
809 silc_buffer_free(auth);
813 silc_buffer_free(auth);
817 /* Performs connection authentication protocol. If responder, we
818 authenticate the remote data received. If initiator, we will send
819 authentication data to the remote end. */
821 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
823 SilcProtocol protocol = (SilcProtocol)context;
824 SilcServerConnAuthInternalContext *ctx =
825 (SilcServerConnAuthInternalContext *)protocol->context;
826 SilcServer server = (SilcServer)ctx->server;
828 SILC_LOG_DEBUG(("Start"));
830 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
831 protocol->state = SILC_PROTOCOL_STATE_START;
833 SILC_LOG_DEBUG(("State=%d", protocol->state));
835 switch(protocol->state) {
836 case SILC_PROTOCOL_STATE_START:
842 if (ctx->responder == TRUE) {
844 * We are receiving party
849 unsigned char *auth_data = NULL;
851 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
852 ctx->sock->hostname, ctx->sock->ip));
854 /* Parse the received authentication data packet. The received
855 payload is Connection Auth Payload. */
856 ret = silc_buffer_unformat(ctx->packet->buffer,
857 SILC_STR_UI_SHORT(&payload_len),
858 SILC_STR_UI_SHORT(&conn_type),
861 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
862 protocol->state = SILC_PROTOCOL_STATE_ERROR;
863 silc_protocol_execute(protocol, server->schedule, 0, 300000);
867 if (payload_len != ctx->packet->buffer->len) {
868 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
869 protocol->state = SILC_PROTOCOL_STATE_ERROR;
870 silc_protocol_execute(protocol, server->schedule, 0, 300000);
876 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
877 conn_type > SILC_SOCKET_TYPE_ROUTER) {
878 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
879 protocol->state = SILC_PROTOCOL_STATE_ERROR;
880 silc_protocol_execute(protocol, server->schedule, 0, 300000);
884 if (payload_len > 0) {
885 /* Get authentication data */
886 silc_buffer_pull(ctx->packet->buffer, 4);
887 ret = silc_buffer_unformat(ctx->packet->buffer,
888 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
892 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
893 protocol->state = SILC_PROTOCOL_STATE_ERROR;
894 silc_protocol_execute(protocol, server->schedule, 0, 300000);
900 * Check the remote connection type and make sure that we have
901 * configured this connection. If we haven't allowed this connection
902 * the authentication must be failed.
905 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
907 /* Remote end is client */
908 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
909 SilcServerConfigSectionClientConnection *client = ctx->cconfig;
912 switch(client->auth_meth) {
914 /* No authentication required */
915 SILC_LOG_DEBUG(("No authentication required"));
918 case SILC_AUTH_PASSWORD:
919 /* Password authentication */
920 SILC_LOG_DEBUG(("Password authentication"));
921 ret = silc_server_password_authentication(server, auth_data,
927 /* Authentication failed */
928 SILC_LOG_ERROR(("Authentication failed"));
929 SILC_LOG_DEBUG(("Authentication failed"));
930 silc_free(auth_data);
931 protocol->state = SILC_PROTOCOL_STATE_ERROR;
932 silc_protocol_execute(protocol, server->schedule,
937 case SILC_AUTH_PUBLIC_KEY:
938 /* Public key authentication */
939 SILC_LOG_DEBUG(("Public key authentication"));
940 ret = silc_server_public_key_authentication(server,
949 SILC_LOG_ERROR(("Authentication failed"));
950 SILC_LOG_DEBUG(("Authentication failed"));
951 silc_free(auth_data);
952 protocol->state = SILC_PROTOCOL_STATE_ERROR;
953 silc_protocol_execute(protocol, server->schedule,
958 SILC_LOG_DEBUG(("No configuration for remote client connection"));
959 SILC_LOG_ERROR(("Remote client connection not configured"));
960 SILC_LOG_ERROR(("Authentication failed"));
961 silc_free(auth_data);
962 protocol->state = SILC_PROTOCOL_STATE_ERROR;
963 silc_protocol_execute(protocol, server->schedule,
969 /* Remote end is server */
970 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
971 SilcServerConfigSectionServerConnection *serv = ctx->sconfig;
974 switch(serv->auth_meth) {
976 /* No authentication required */
977 SILC_LOG_DEBUG(("No authentication required"));
980 case SILC_AUTH_PASSWORD:
981 /* Password authentication */
982 SILC_LOG_DEBUG(("Password authentication"));
983 ret = silc_server_password_authentication(server, auth_data,
989 /* Authentication failed */
990 SILC_LOG_ERROR(("Authentication failed"));
991 SILC_LOG_DEBUG(("Authentication failed"));
992 silc_free(auth_data);
993 protocol->state = SILC_PROTOCOL_STATE_ERROR;
994 silc_protocol_execute(protocol, server->schedule,
999 case SILC_AUTH_PUBLIC_KEY:
1000 /* Public key authentication */
1001 SILC_LOG_DEBUG(("Public key authentication"));
1002 ret = silc_server_public_key_authentication(server,
1011 SILC_LOG_ERROR(("Authentication failed"));
1012 SILC_LOG_DEBUG(("Authentication failed"));
1013 silc_free(auth_data);
1014 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1015 silc_protocol_execute(protocol, server->schedule,
1020 SILC_LOG_DEBUG(("No configuration for remote server connection"));
1021 SILC_LOG_ERROR(("Remote server connection not configured"));
1022 SILC_LOG_ERROR(("Authentication failed"));
1023 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1024 silc_protocol_execute(protocol, server->schedule,
1026 silc_free(auth_data);
1031 /* Remote end is router */
1032 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
1033 SilcServerConfigSectionServerConnection *serv = ctx->rconfig;
1036 switch(serv->auth_meth) {
1037 case SILC_AUTH_NONE:
1038 /* No authentication required */
1039 SILC_LOG_DEBUG(("No authentication required"));
1042 case SILC_AUTH_PASSWORD:
1043 /* Password authentication */
1044 SILC_LOG_DEBUG(("Password authentication"));
1045 ret = silc_server_password_authentication(server, auth_data,
1051 /* Authentication failed */
1052 SILC_LOG_ERROR(("Authentication failed"));
1053 SILC_LOG_DEBUG(("Authentication failed"));
1054 silc_free(auth_data);
1055 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1056 silc_protocol_execute(protocol, server->schedule,
1061 case SILC_AUTH_PUBLIC_KEY:
1062 /* Public key authentication */
1063 SILC_LOG_DEBUG(("Public key authentication"));
1064 ret = silc_server_public_key_authentication(server,
1073 SILC_LOG_ERROR(("Authentication failed"));
1074 SILC_LOG_DEBUG(("Authentication failed"));
1075 silc_free(auth_data);
1076 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1077 silc_protocol_execute(protocol, server->schedule,
1082 SILC_LOG_DEBUG(("No configuration for remote router connection"));
1083 SILC_LOG_ERROR(("Remote router connection not configured"));
1084 SILC_LOG_ERROR(("Authentication failed"));
1085 silc_free(auth_data);
1086 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1087 silc_protocol_execute(protocol, server->schedule,
1093 silc_free(auth_data);
1095 /* Save connection type. This is later used to create the
1096 ID for the connection. */
1097 ctx->conn_type = conn_type;
1099 /* Advance protocol state. */
1100 protocol->state = SILC_PROTOCOL_STATE_END;
1101 silc_protocol_execute(protocol, server->schedule, 0, 0);
1105 * We are initiator. We are authenticating ourselves to a
1106 * remote server. We will send the authentication data to the
1107 * other end for verify.
1110 int payload_len = 0;
1111 unsigned char *auth_data = NULL;
1112 uint32 auth_data_len = 0;
1114 switch(ctx->auth_meth) {
1115 case SILC_AUTH_NONE:
1116 /* No authentication required */
1119 case SILC_AUTH_PASSWORD:
1120 /* Password authentication */
1121 if (ctx->auth_data && ctx->auth_data_len) {
1122 auth_data = strdup(ctx->auth_data);
1123 auth_data_len = ctx->auth_data_len;
1128 case SILC_AUTH_PUBLIC_KEY:
1130 unsigned char sign[1024];
1132 /* Public key authentication */
1133 silc_server_get_public_key_auth(server, sign, &auth_data_len,
1135 auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
1136 memcpy(auth_data, sign, auth_data_len);
1141 payload_len = 4 + auth_data_len;
1142 packet = silc_buffer_alloc(payload_len);
1143 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
1144 silc_buffer_format(packet,
1145 SILC_STR_UI_SHORT(payload_len),
1146 SILC_STR_UI_SHORT(server->server_type
1148 SILC_SOCKET_TYPE_SERVER :
1149 SILC_SOCKET_TYPE_ROUTER),
1150 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
1153 /* Send the packet to server */
1154 silc_server_packet_send(server, ctx->sock,
1155 SILC_PACKET_CONNECTION_AUTH, 0,
1156 packet->data, packet->len, TRUE);
1159 memset(auth_data, 0, auth_data_len);
1160 silc_free(auth_data);
1162 silc_buffer_free(packet);
1164 /* Next state is end of protocol */
1165 protocol->state = SILC_PROTOCOL_STATE_END;
1170 case SILC_PROTOCOL_STATE_END:
1175 unsigned char ok[4];
1177 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
1179 /* Authentication successful */
1180 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
1183 /* Unregister the timeout task since the protocol has ended.
1184 This was the timeout task to be executed if the protocol is
1185 not completed fast enough. */
1186 if (ctx->timeout_task)
1187 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1189 /* Assure that after calling final callback there cannot be pending
1190 executions for this protocol anymore. This just unregisters any
1191 timeout callbacks for this protocol. */
1192 silc_protocol_cancel(protocol, server->schedule);
1194 /* Protocol has ended, call the final callback */
1195 if (protocol->final_callback)
1196 silc_protocol_execute_final(protocol, server->schedule);
1198 silc_protocol_free(protocol);
1201 case SILC_PROTOCOL_STATE_ERROR:
1204 * Error. Send notify to remote.
1206 unsigned char error[4];
1208 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
1210 /* Authentication failed */
1211 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
1214 /* Unregister the timeout task since the protocol has ended.
1215 This was the timeout task to be executed if the protocol is
1216 not completed fast enough. */
1217 if (ctx->timeout_task)
1218 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1220 /* Assure that after calling final callback there cannot be pending
1221 executions for this protocol anymore. This just unregisters any
1222 timeout callbacks for this protocol. */
1223 silc_protocol_cancel(protocol, server->schedule);
1225 /* On error the final callback is always called. */
1226 if (protocol->final_callback)
1227 silc_protocol_execute_final(protocol, server->schedule);
1229 silc_protocol_free(protocol);
1233 case SILC_PROTOCOL_STATE_FAILURE:
1235 * We have received failure from remote
1238 /* Unregister the timeout task since the protocol has ended.
1239 This was the timeout task to be executed if the protocol is
1240 not completed fast enough. */
1241 if (ctx->timeout_task)
1242 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1244 /* Assure that after calling final callback there cannot be pending
1245 executions for this protocol anymore. This just unregisters any
1246 timeout callbacks for this protocol. */
1247 silc_protocol_cancel(protocol, server->schedule);
1249 /* On error the final callback is always called. */
1250 if (protocol->final_callback)
1251 silc_protocol_execute_final(protocol, server->schedule);
1253 silc_protocol_free(protocol);
1256 case SILC_PROTOCOL_STATE_UNKNOWN:
1262 * Re-key protocol routines
1265 /* Actually takes the new keys into use. */
1268 silc_server_protocol_rekey_validate(SilcServer server,
1269 SilcServerRekeyInternalContext *ctx,
1270 SilcIDListData idata,
1271 SilcSKEKeyMaterial *keymat,
1274 if (ctx->responder == TRUE) {
1276 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1277 keymat->enc_key_len);
1278 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1279 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
1280 keymat->hmac_key_len);
1282 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1283 keymat->enc_key_len);
1284 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1285 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
1286 keymat->hmac_key_len);
1290 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1291 keymat->enc_key_len);
1292 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1293 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
1294 keymat->hmac_key_len);
1296 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1297 keymat->enc_key_len);
1298 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1299 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
1300 keymat->hmac_key_len);
1304 /* Save the current sending encryption key */
1306 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1307 silc_free(idata->rekey->send_enc_key);
1308 idata->rekey->send_enc_key =
1309 silc_calloc(keymat->enc_key_len / 8,
1310 sizeof(*idata->rekey->send_enc_key));
1311 memcpy(idata->rekey->send_enc_key, keymat->send_enc_key,
1312 keymat->enc_key_len / 8);
1313 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1317 /* This function actually re-generates (when not using PFS) the keys and
1318 takes them into use. */
1320 void silc_server_protocol_rekey_generate(SilcServer server,
1321 SilcServerRekeyInternalContext *ctx,
1324 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1325 SilcSKEKeyMaterial *keymat;
1326 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1327 uint32 hash_len = idata->hash->hash->hash_len;
1329 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1330 send ? "sending" : "receiving"));
1332 /* Generate the new key */
1333 keymat = silc_calloc(1, sizeof(*keymat));
1334 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1335 idata->rekey->enc_key_len,
1336 16, key_len, hash_len,
1337 idata->hash, keymat);
1339 /* Set the keys into use */
1340 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1342 silc_ske_free_key_material(keymat);
1345 /* This function actually re-generates (with PFS) the keys and
1346 takes them into use. */
1349 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1350 SilcServerRekeyInternalContext *ctx,
1353 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1354 SilcSKEKeyMaterial *keymat;
1355 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1356 uint32 hash_len = idata->hash->hash->hash_len;
1357 unsigned char *tmpbuf;
1360 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1361 send ? "sending" : "receiving"));
1363 /* Encode KEY to binary data */
1364 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1366 /* Generate the new key */
1367 keymat = silc_calloc(1, sizeof(*keymat));
1368 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1369 idata->hash, keymat);
1371 /* Set the keys into use */
1372 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1374 memset(tmpbuf, 0, klen);
1376 silc_ske_free_key_material(keymat);
1379 /* Packet sending callback. This function is provided as packet sending
1380 routine to the Key Exchange functions. */
1383 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1385 SilcPacketType type,
1388 SilcProtocol protocol = (SilcProtocol)context;
1389 SilcServerRekeyInternalContext *ctx =
1390 (SilcServerRekeyInternalContext *)protocol->context;
1391 SilcServer server = (SilcServer)ctx->server;
1393 /* Send the packet immediately */
1394 silc_server_packet_send(server, ctx->sock,
1395 type, 0, packet->data, packet->len, FALSE);
1398 /* Performs re-key as defined in the SILC protocol specification. */
1400 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1402 SilcProtocol protocol = (SilcProtocol)context;
1403 SilcServerRekeyInternalContext *ctx =
1404 (SilcServerRekeyInternalContext *)protocol->context;
1405 SilcServer server = (SilcServer)ctx->server;
1406 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1407 SilcSKEStatus status;
1409 SILC_LOG_DEBUG(("Start"));
1411 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1412 protocol->state = SILC_PROTOCOL_STATE_START;
1414 SILC_LOG_DEBUG(("State=%d", protocol->state));
1416 switch(protocol->state) {
1417 case SILC_PROTOCOL_STATE_START:
1423 if (ctx->responder == TRUE) {
1425 * We are receiving party
1428 if (ctx->pfs == TRUE) {
1430 * Use Perfect Forward Secrecy, ie. negotiate the key material
1431 * using the SKE protocol.
1434 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1435 /* Error in protocol */
1436 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1437 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1441 ctx->ske = silc_ske_alloc();
1442 ctx->ske->rng = server->rng;
1443 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1444 silc_ske_group_get_by_number(idata->rekey->ske_group,
1445 &ctx->ske->prop->group);
1447 silc_ske_set_callbacks(ctx->ske,
1448 silc_server_protocol_rekey_send_packet,
1449 NULL, NULL, NULL, silc_ske_check_version,
1452 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
1453 if (status != SILC_SKE_STATUS_OK) {
1454 SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
1455 silc_ske_map_status(status)));
1457 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1458 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1462 /* Advance the protocol state */
1464 silc_protocol_execute(protocol, server->schedule, 0, 0);
1467 * Do normal and simple re-key.
1470 /* Send the REKEY_DONE to indicate we will take new keys into use */
1471 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1474 /* After we send REKEY_DONE we must set the sending encryption
1475 key to the new key since all packets after this packet must
1476 encrypted with the new key. */
1477 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1479 /* The protocol ends in next stage. */
1480 protocol->state = SILC_PROTOCOL_STATE_END;
1485 * We are the initiator of this protocol
1488 /* Start the re-key by sending the REKEY packet */
1489 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1492 if (ctx->pfs == TRUE) {
1494 * Use Perfect Forward Secrecy, ie. negotiate the key material
1495 * using the SKE protocol.
1497 ctx->ske = silc_ske_alloc();
1498 ctx->ske->rng = server->rng;
1499 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1500 silc_ske_group_get_by_number(idata->rekey->ske_group,
1501 &ctx->ske->prop->group);
1503 silc_ske_set_callbacks(ctx->ske,
1504 silc_server_protocol_rekey_send_packet,
1505 NULL, NULL, NULL, silc_ske_check_version,
1508 status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL);
1509 if (status != SILC_SKE_STATUS_OK) {
1510 SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
1511 silc_ske_map_status(status)));
1513 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1514 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1518 /* Advance the protocol state */
1522 * Do normal and simple re-key.
1525 /* Send the REKEY_DONE to indicate we will take new keys into use
1527 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1530 /* After we send REKEY_DONE we must set the sending encryption
1531 key to the new key since all packets after this packet must
1532 encrypted with the new key. */
1533 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1535 /* The protocol ends in next stage. */
1536 protocol->state = SILC_PROTOCOL_STATE_END;
1544 * Second state, used only when oding re-key with PFS.
1546 if (ctx->responder == TRUE) {
1547 if (ctx->pfs == TRUE) {
1549 * Send our KE packe to the initiator now that we've processed
1550 * the initiator's KE packet.
1552 status = silc_ske_responder_finish(ctx->ske, NULL, NULL,
1553 SILC_SKE_PK_TYPE_SILC);
1554 if (status != SILC_SKE_STATUS_OK) {
1555 SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
1556 silc_ske_map_status(status)));
1558 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1559 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1565 if (ctx->pfs == TRUE) {
1567 * The packet type must be KE packet
1569 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1570 /* Error in protocol */
1571 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1572 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1576 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
1577 if (status != SILC_SKE_STATUS_OK) {
1578 SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
1579 silc_ske_map_status(status)));
1581 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1582 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1588 /* Send the REKEY_DONE to indicate we will take new keys into use
1590 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1593 /* After we send REKEY_DONE we must set the sending encryption
1594 key to the new key since all packets after this packet must
1595 encrypted with the new key. */
1596 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1598 /* The protocol ends in next stage. */
1599 protocol->state = SILC_PROTOCOL_STATE_END;
1602 case SILC_PROTOCOL_STATE_END:
1607 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1608 /* Error in protocol */
1609 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1610 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1614 /* We received the REKEY_DONE packet and all packets after this is
1615 encrypted with the new key so set the decryption key to the new key */
1616 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1618 /* Assure that after calling final callback there cannot be pending
1619 executions for this protocol anymore. This just unregisters any
1620 timeout callbacks for this protocol. */
1621 silc_protocol_cancel(protocol, server->schedule);
1623 /* Protocol has ended, call the final callback */
1624 if (protocol->final_callback)
1625 silc_protocol_execute_final(protocol, server->schedule);
1627 silc_protocol_free(protocol);
1630 case SILC_PROTOCOL_STATE_ERROR:
1635 if (ctx->pfs == TRUE) {
1636 /* Send abort notification */
1637 silc_ske_abort(ctx->ske, ctx->ske->status);
1640 /* Assure that after calling final callback there cannot be pending
1641 executions for this protocol anymore. This just unregisters any
1642 timeout callbacks for this protocol. */
1643 silc_protocol_cancel(protocol, server->schedule);
1645 /* On error the final callback is always called. */
1646 if (protocol->final_callback)
1647 silc_protocol_execute_final(protocol, server->schedule);
1649 silc_protocol_free(protocol);
1652 case SILC_PROTOCOL_STATE_FAILURE:
1654 * We have received failure from remote
1657 /* Assure that after calling final callback there cannot be pending
1658 executions for this protocol anymore. This just unregisters any
1659 timeout callbacks for this protocol. */
1660 silc_protocol_cancel(protocol, server->schedule);
1662 /* On error the final callback is always called. */
1663 if (protocol->final_callback)
1664 silc_protocol_execute_final(protocol, server->schedule);
1666 silc_protocol_free(protocol);
1669 case SILC_PROTOCOL_STATE_UNKNOWN:
1675 /* Registers protocols used in server. */
1677 void silc_server_protocols_register(void)
1679 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1680 silc_server_protocol_connection_auth);
1681 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1682 silc_server_protocol_key_exchange);
1683 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1684 silc_server_protocol_rekey);
1685 silc_protocol_register(SILC_PROTOCOL_SERVER_BACKUP,
1686 silc_server_protocol_backup);
1689 /* Unregisters protocols */
1691 void silc_server_protocols_unregister(void)
1693 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1694 silc_server_protocol_connection_auth);
1695 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1696 silc_server_protocol_key_exchange);
1697 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1698 silc_server_protocol_rekey);
1699 silc_protocol_unregister(SILC_PROTOCOL_SERVER_BACKUP,
1700 silc_server_protocol_backup);