5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2002 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
39 silc_verify_public_key_internal(SilcServer server, SilcSocketConnection sock,
40 SilcSocketType conn_type,
41 unsigned char *pk, SilcUInt32 pk_len,
42 SilcSKEPKType pk_type)
44 char file[256], filename[256], *fingerprint;
47 if (pk_type != SILC_SKE_PK_TYPE_SILC) {
48 SILC_LOG_WARNING(("We don't support %s (%s) port %d public key type %d",
49 sock->hostname, sock->ip, sock->port, pk_type));
53 /* Accept client keys without verification */
54 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
55 SILC_LOG_DEBUG(("Accepting client public key without verification"));
59 /* XXX For now, accept server keys without verification too. We are
60 currently always doing mutual authentication so the proof of posession
61 of the private key is verified, and if server is authenticated in
62 conn auth protocol with public key we MUST have the key already. */
64 /* Rest is unreachable code! */
66 memset(filename, 0, sizeof(filename));
67 memset(file, 0, sizeof(file));
68 snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", sock->hostname,
70 snprintf(filename, sizeof(filename) - 1, SILC_ETCDIR "/serverkeys/%s",
73 /* Create serverkeys directory if it doesn't exist. */
74 if (stat(SILC_ETCDIR "/serverkeys", &st) < 0) {
75 /* If dir doesn't exist */
76 if (errno == ENOENT) {
77 if (mkdir(SILC_ETCDIR "/serverkeys", 0755) < 0) {
78 SILC_LOG_ERROR(("Couldn't create `%s' directory\n",
79 SILC_ETCDIR "/serverkeys"));
83 SILC_LOG_ERROR(("%s\n", strerror(errno)));
88 /* Take fingerprint of the public key */
89 fingerprint = silc_hash_fingerprint(NULL, pk, pk_len);
90 SILC_LOG_DEBUG(("Received server %s (%s) port %d public key (%s)",
91 sock->hostname, sock->ip, sock->port, fingerprint));
92 silc_free(fingerprint);
94 /* Check whether this key already exists */
95 if (stat(filename, &st) < 0) {
96 /* We don't have it, then cache it. */
97 SILC_LOG_DEBUG(("New public key from server"));
99 silc_pkcs_save_public_key_data(filename, pk, pk_len,
103 /* The key already exists, verify it. */
104 SilcPublicKey public_key;
105 unsigned char *encpk;
106 SilcUInt32 encpk_len;
108 SILC_LOG_DEBUG(("We have the public key saved locally"));
110 /* Load the key file */
111 if (!silc_pkcs_load_public_key(filename, &public_key,
113 if (!silc_pkcs_load_public_key(filename, &public_key,
114 SILC_PKCS_FILE_BIN)) {
115 SILC_LOG_WARNING(("Could not load local copy of the %s (%s) port %d "
116 "server public key", sock->hostname, sock->ip,
119 /* Save the key for future checking */
121 silc_pkcs_save_public_key_data(filename, pk, pk_len,
126 /* Encode the key data */
127 encpk = silc_pkcs_public_key_encode(public_key, &encpk_len);
129 SILC_LOG_WARNING(("Local copy of the server %s (%s) port %d public key "
130 "is malformed", sock->hostname, sock->ip, sock->port));
132 /* Save the key for future checking */
134 silc_pkcs_save_public_key_data(filename, pk, pk_len, SILC_PKCS_FILE_PEM);
138 if (memcmp(pk, encpk, encpk_len)) {
139 SILC_LOG_WARNING(("%s (%s) port %d server public key does not match "
140 "with local copy", sock->hostname, sock->ip,
142 SILC_LOG_WARNING(("It is possible that the key has expired or changed"));
143 SILC_LOG_WARNING(("It is also possible that some one is performing "
144 "man-in-the-middle attack"));
145 SILC_LOG_WARNING(("Will not accept the server %s (%s) port %d public "
147 sock->hostname, sock->ip, sock->port));
151 /* Local copy matched */
156 /* Callback that is called when we have received KE2 payload from
157 responder. We try to verify the public key now. */
160 silc_server_protocol_ke_verify_key(SilcSKE ske,
161 unsigned char *pk_data,
163 SilcSKEPKType pk_type,
165 SilcSKEVerifyCbCompletion completion,
166 void *completion_context)
168 SilcProtocol protocol = (SilcProtocol)context;
169 SilcServerKEInternalContext *ctx =
170 (SilcServerKEInternalContext *)protocol->context;
171 SilcServer server = (SilcServer)ctx->server;
173 SILC_LOG_DEBUG(("Start"));
175 if (silc_verify_public_key_internal(server, ctx->sock,
176 (ctx->responder == FALSE ?
177 SILC_SOCKET_TYPE_ROUTER:
178 ctx->sconfig.ref_ptr ? SILC_SOCKET_TYPE_SERVER :
179 ctx->rconfig.ref_ptr ? SILC_SOCKET_TYPE_ROUTER :
180 SILC_SOCKET_TYPE_CLIENT),
181 pk_data, pk_len, pk_type))
182 completion(ske, SILC_SKE_STATUS_OK, completion_context);
184 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
188 /* Packet sending callback. This function is provided as packet sending
189 routine to the Key Exchange functions. */
191 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
196 SilcProtocol protocol = (SilcProtocol)context;
197 SilcServerKEInternalContext *ctx =
198 (SilcServerKEInternalContext *)protocol->context;
199 SilcServer server = (SilcServer)ctx->server;
201 /* Send the packet immediately */
202 silc_server_packet_send(server, ske->sock,
203 type, 0, packet->data, packet->len, TRUE);
206 /* Sets the negotiated key material into use for particular connection. */
208 int silc_server_protocol_ke_set_keys(SilcServer server,
210 SilcSocketConnection sock,
211 SilcSKEKeyMaterial *keymat,
216 SilcSKEDiffieHellmanGroup group,
219 SilcUnknownEntry conn_data;
220 SilcIDListData idata;
222 SILC_LOG_DEBUG(("Setting new key into use"));
224 conn_data = silc_calloc(1, sizeof(*conn_data));
225 idata = (SilcIDListData)conn_data;
227 /* Allocate cipher to be used in the communication */
228 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
229 silc_free(conn_data);
230 SILC_LOG_ERROR(("Cannot allocate algorithm: %s", cipher->cipher->name));
233 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
234 silc_free(conn_data);
235 SILC_LOG_ERROR(("Cannot allocate algorithm: %s", cipher->cipher->name));
239 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
240 &idata->hmac_send)) {
241 silc_cipher_free(idata->send_key);
242 silc_cipher_free(idata->receive_key);
243 silc_free(conn_data);
244 SILC_LOG_ERROR(("Cannot allocate algorithm: %s",
245 silc_hmac_get_name(hmac)));
249 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
250 &idata->hmac_receive)) {
251 silc_cipher_free(idata->send_key);
252 silc_cipher_free(idata->receive_key);
253 silc_hmac_free(idata->hmac_send);
254 silc_free(conn_data);
255 SILC_LOG_ERROR(("Cannot allocate algorithm: %s",
256 silc_hmac_get_name(hmac)));
260 if (is_responder == TRUE) {
261 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
262 keymat->enc_key_len);
263 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
264 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
265 keymat->enc_key_len);
266 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
267 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
268 keymat->hmac_key_len);
269 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
270 keymat->hmac_key_len);
272 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
273 keymat->enc_key_len);
274 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
275 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
276 keymat->enc_key_len);
277 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
278 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
279 keymat->hmac_key_len);
280 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
281 keymat->hmac_key_len);
284 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
285 idata->rekey->send_enc_key = silc_memdup(keymat->send_enc_key,
286 keymat->enc_key_len / 8);
287 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
289 if (ske->prop->flags & SILC_SKE_SP_FLAG_PFS)
290 idata->rekey->pfs = TRUE;
291 idata->rekey->ske_group = silc_ske_group_get_number(group);
294 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
295 silc_cipher_free(idata->send_key);
296 silc_cipher_free(idata->receive_key);
297 silc_hmac_free(idata->hmac_send);
298 silc_hmac_free(idata->hmac_receive);
299 silc_free(conn_data);
300 SILC_LOG_ERROR(("Cannot allocate algorithm: %s", hash->hash->name));
304 /* Save the remote host's public key */
305 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
306 ske->ke1_payload->pk_len, &idata->public_key);
307 if (ske->prop->flags & SILC_SKE_SP_FLAG_MUTUAL)
308 silc_hash_make(server->sha1hash, ske->ke1_payload->pk_data,
309 ske->ke1_payload->pk_len, idata->fingerprint);
311 sock->user_data = (void *)conn_data;
313 SILC_LOG_INFO(("%s (%s) security properties: %s %s %s %s",
314 sock->hostname, sock->ip,
315 idata->send_key->cipher->name,
316 (char *)silc_hmac_get_name(idata->hmac_send),
317 idata->hash->hash->name,
318 ske->prop->flags & SILC_SKE_SP_FLAG_PFS ? "PFS" : ""));
323 /* Check remote host version string */
325 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
326 SilcUInt32 len, void *context)
328 SilcSKEStatus status = SILC_SKE_STATUS_OK;
330 int maj = 0, min = 0, build = 0, maj2 = 0, min2 = 0, build2 = 0;
332 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
333 ske->sock->ip, version));
335 /* Check for initial version string. Allowed "SILC-x.x-". More
336 specific protocol version is checked later in session. */
337 if (!strstr(version, "SILC-"))
338 status = SILC_SKE_STATUS_BAD_VERSION;
340 /* Check software version */
344 status = SILC_SKE_STATUS_BAD_VERSION;
347 cp = strchr(cp, '.');
353 cp = strchr(cp, '.');
355 build = atoi(cp + 1);
358 cp = silc_version_string + 9;
360 status = SILC_SKE_STATUS_BAD_VERSION;
363 cp = strchr(cp, '.');
369 cp = strchr(cp, '.');
371 build2 = atoi(cp + 1);
375 status = SILC_SKE_STATUS_BAD_VERSION;
377 if (status == SILC_SKE_STATUS_BAD_VERSION)
378 SILC_LOG_ERROR(("%s (%s) %s is not allowed/supported version",
379 ske->sock->hostname, ske->sock->ip, version));
384 /* Callback that is called by the SKE to indicate that it is safe to
385 continue the execution of the protocol. This is used only if we are
386 initiator. Is given as argument to the silc_ske_initiator_finish or
387 silc_ske_responder_phase_2 functions. This is called due to the fact
388 that the public key verification process is asynchronous and we must
389 not continue the protocl until the public key has been verified and
390 this callback is called. */
392 static void silc_server_protocol_ke_continue(SilcSKE ske, void *context)
394 SilcProtocol protocol = (SilcProtocol)context;
395 SilcServerKEInternalContext *ctx =
396 (SilcServerKEInternalContext *)protocol->context;
397 SilcServer server = (SilcServer)ctx->server;
399 SILC_LOG_DEBUG(("Start"));
401 if (ske->status != SILC_SKE_STATUS_OK) {
402 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
403 silc_ske_map_status(ske->status)));
405 protocol->state = SILC_PROTOCOL_STATE_ERROR;
406 silc_protocol_execute(protocol, server->schedule, 0, 300000);
410 /* Send Ok to the other end. We will end the protocol as responder
411 sends Ok to us when we will take the new keys into use. */
412 if (ctx->responder == FALSE) {
413 silc_ske_end(ctx->ske);
415 /* End the protocol on the next round */
416 protocol->state = SILC_PROTOCOL_STATE_END;
419 /* Advance protocol state and call the next state if we are responder.
420 This happens when this callback was sent to silc_ske_responder_phase_2
422 if (ctx->responder == TRUE) {
424 silc_protocol_execute(protocol, server->schedule, 0, 100000);
428 /* Performs key exchange protocol. This is used for both initiator
429 and responder key exchange. This is performed always when accepting
430 new connection to the server. This may be called recursively. */
432 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
434 SilcProtocol protocol = (SilcProtocol)context;
435 SilcServerKEInternalContext *ctx =
436 (SilcServerKEInternalContext *)protocol->context;
437 SilcServer server = (SilcServer)ctx->server;
438 SilcSKEStatus status = SILC_SKE_STATUS_OK;
440 SILC_LOG_DEBUG(("Start"));
442 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
443 protocol->state = SILC_PROTOCOL_STATE_START;
445 SILC_LOG_DEBUG(("State=%d", protocol->state));
447 switch(protocol->state) {
448 case SILC_PROTOCOL_STATE_START:
455 /* Allocate Key Exchange object */
456 ctx->ske = ske = silc_ske_alloc(server->rng, server);
458 silc_ske_set_callbacks(ske, silc_server_protocol_ke_send_packet, NULL,
459 silc_server_protocol_ke_verify_key,
460 silc_server_protocol_ke_continue,
461 silc_ske_check_version, context);
463 if (ctx->responder == TRUE) {
464 /* Start the key exchange by processing the received security
465 properties packet from initiator. */
466 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
468 ctx->packet->buffer, ctx->flags);
470 SilcSKEStartPayload *start_payload;
472 /* Assemble security properties. */
473 silc_ske_assemble_security_properties(ske, ctx->flags,
477 /* Start the key exchange by sending our security properties
478 to the remote end. */
479 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
483 /* Return now if the procedure is pending. */
484 if (status == SILC_SKE_STATUS_PENDING)
487 if (status != SILC_SKE_STATUS_OK) {
488 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
489 silc_ske_map_status(status)));
491 protocol->state = SILC_PROTOCOL_STATE_ERROR;
492 silc_protocol_execute(protocol, server->schedule, 0, 300000);
496 /* Advance protocol state and call the next state if we are responder */
498 if (ctx->responder == TRUE)
499 silc_protocol_execute(protocol, server->schedule, 0, 100000);
507 if (ctx->responder == TRUE) {
508 /* Sends the selected security properties to the initiator. */
509 status = silc_ske_responder_phase_1(ctx->ske);
511 /* Call Phase-1 function. This processes the Key Exchange Start
512 paylaod reply we just got from the responder. The callback
513 function will receive the processed payload where we will
515 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer);
518 /* Return now if the procedure is pending. */
519 if (status == SILC_SKE_STATUS_PENDING)
522 if (status != SILC_SKE_STATUS_OK) {
523 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
524 silc_ske_map_status(status)));
526 protocol->state = SILC_PROTOCOL_STATE_ERROR;
527 silc_protocol_execute(protocol, server->schedule, 0, 300000);
531 /* Advance protocol state and call next state if we are initiator */
533 if (ctx->responder == FALSE)
534 silc_protocol_execute(protocol, server->schedule, 0, 100000);
542 if (ctx->responder == TRUE) {
543 /* Process the received Key Exchange 1 Payload packet from
544 the initiator. This also creates our parts of the Diffie
545 Hellman algorithm. The silc_server_protocol_ke_continue
546 will be called after the public key has been verified. */
547 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
549 /* Call the Phase-2 function. This creates Diffie Hellman
550 key exchange parameters and sends our public part inside
551 Key Exhange 1 Payload to the responder. */
552 status = silc_ske_initiator_phase_2(ctx->ske,
555 SILC_SKE_PK_TYPE_SILC);
559 /* Return now if the procedure is pending. */
560 if (status == SILC_SKE_STATUS_PENDING)
563 if (status != SILC_SKE_STATUS_OK) {
564 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
565 silc_ske_map_status(status)));
567 protocol->state = SILC_PROTOCOL_STATE_ERROR;
568 silc_protocol_execute(protocol, server->schedule, 0, 300000);
578 if (ctx->responder == TRUE) {
579 /* This creates the key exchange material and sends our
580 public parts to the initiator inside Key Exchange 2 Payload. */
581 status = silc_ske_responder_finish(ctx->ske,
584 SILC_SKE_PK_TYPE_SILC);
586 /* End the protocol on the next round */
587 protocol->state = SILC_PROTOCOL_STATE_END;
589 /* Finish the protocol. This verifies the Key Exchange 2 payload
590 sent by responder. The silc_server_protocol_ke_continue will
591 be called after the public key has been verified. */
592 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
595 /* Return now if the procedure is pending. */
596 if (status == SILC_SKE_STATUS_PENDING)
599 if (status != SILC_SKE_STATUS_OK) {
600 SILC_LOG_ERROR(("Error (%s) during Key Exchange protocol",
601 silc_ske_map_status(status)));
603 protocol->state = SILC_PROTOCOL_STATE_ERROR;
604 silc_protocol_execute(protocol, server->schedule, 0, 300000);
610 case SILC_PROTOCOL_STATE_END:
615 SilcSKEKeyMaterial *keymat;
616 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
617 int hash_len = ctx->ske->prop->hash->hash->hash_len;
619 /* Process the key material */
620 keymat = silc_calloc(1, sizeof(*keymat));
621 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
623 if (status != SILC_SKE_STATUS_OK) {
624 SILC_LOG_ERROR(("Error during Key Exchange protocol: "
625 "could not process key material"));
627 protocol->state = SILC_PROTOCOL_STATE_ERROR;
628 silc_protocol_execute(protocol, server->schedule, 0, 300000);
629 silc_ske_free_key_material(keymat);
632 ctx->keymat = keymat;
634 /* Send Ok to the other end if we are responder. If we are initiator
635 we have sent this already. */
636 if (ctx->responder == TRUE)
637 silc_ske_end(ctx->ske);
639 /* Unregister the timeout task since the protocol has ended.
640 This was the timeout task to be executed if the protocol is
641 not completed fast enough. */
642 if (ctx->timeout_task)
643 silc_schedule_task_del(server->schedule, ctx->timeout_task);
645 /* Assure that after calling final callback there cannot be pending
646 executions for this protocol anymore. This just unregisters any
647 timeout callbacks for this protocol. */
648 silc_protocol_cancel(protocol, server->schedule);
650 /* Call the final callback */
651 if (protocol->final_callback)
652 silc_protocol_execute_final(protocol, server->schedule);
654 silc_protocol_free(protocol);
658 case SILC_PROTOCOL_STATE_ERROR:
663 /* Send abort notification */
664 silc_ske_abort(ctx->ske, ctx->ske->status);
666 /* Unregister the timeout task since the protocol has ended.
667 This was the timeout task to be executed if the protocol is
668 not completed fast enough. */
669 if (ctx->timeout_task)
670 silc_schedule_task_del(server->schedule, ctx->timeout_task);
672 /* Assure that after calling final callback there cannot be pending
673 executions for this protocol anymore. This just unregisters any
674 timeout callbacks for this protocol. */
675 silc_protocol_cancel(protocol, server->schedule);
677 /* On error the final callback is always called. */
678 if (protocol->final_callback)
679 silc_protocol_execute_final(protocol, server->schedule);
681 silc_protocol_free(protocol);
684 case SILC_PROTOCOL_STATE_FAILURE:
686 * We have received failure from remote
689 /* Unregister the timeout task since the protocol has ended.
690 This was the timeout task to be executed if the protocol is
691 not completed fast enough. */
692 if (ctx->timeout_task)
693 silc_schedule_task_del(server->schedule, ctx->timeout_task);
695 /* Assure that after calling final callback there cannot be pending
696 executions for this protocol anymore. This just unregisters any
697 timeout callbacks for this protocol. */
698 silc_protocol_cancel(protocol, server->schedule);
700 /* On error the final callback is always called. */
701 if (protocol->final_callback)
702 silc_protocol_execute_final(protocol, server->schedule);
704 silc_protocol_free(protocol);
707 case SILC_PROTOCOL_STATE_UNKNOWN:
713 * Connection Authentication protocol functions
717 silc_server_password_authentication(SilcServer server, char *remote_auth,
720 if (!remote_auth || !local_auth)
723 if (!memcmp(remote_auth, local_auth, strlen(local_auth)))
730 silc_server_public_key_authentication(SilcServer server,
731 SilcPublicKey pub_key,
740 if (!pub_key || !sign)
743 silc_pkcs_alloc(pub_key->name, &pkcs);
744 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
745 silc_pkcs_free(pkcs);
749 /* Make the authentication data. Protocol says it is HASH plus
751 len = ske->hash_len + ske->start_payload_copy->len;
752 auth = silc_buffer_alloc(len);
753 silc_buffer_pull_tail(auth, len);
754 silc_buffer_format(auth,
755 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
756 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
757 ske->start_payload_copy->len),
760 /* Verify signature */
761 if (silc_pkcs_verify_with_hash(pkcs, ske->prop->hash, sign, sign_len,
762 auth->data, auth->len)) {
763 silc_pkcs_free(pkcs);
764 silc_buffer_free(auth);
768 silc_pkcs_free(pkcs);
769 silc_buffer_free(auth);
774 silc_server_get_public_key_auth(SilcServer server,
775 unsigned char **auth_data,
776 SilcUInt32 *auth_data_len,
785 /* Make the authentication data. Protocol says it is HASH plus
787 len = ske->hash_len + ske->start_payload_copy->len;
788 auth = silc_buffer_alloc(len);
789 silc_buffer_pull_tail(auth, len);
790 silc_buffer_format(auth,
791 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
792 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
793 ske->start_payload_copy->len),
796 *auth_data = silc_calloc(silc_pkcs_get_key_len(pkcs), sizeof(**auth_data));
797 if (silc_pkcs_sign_with_hash(pkcs, ske->prop->hash, auth->data,
798 auth->len, *auth_data, auth_data_len)) {
799 silc_buffer_free(auth);
803 silc_free(*auth_data);
804 silc_buffer_free(auth);
808 /* Function that actually performs the authentication to the remote. This
809 supports both passphrase and public key authentication. */
812 silc_server_get_authentication(SilcServerConnAuthInternalContext *ctx,
813 char *local_passphrase,
814 SilcHashTable local_publickeys,
815 unsigned char *remote_auth,
816 SilcUInt32 remote_auth_len)
818 SilcServer server = (SilcServer)ctx->server;
819 SilcSKE ske = ctx->ske;
822 /* If we don't have authentication data set at all we do not require
823 authentication at all */
824 if (!local_passphrase && (!local_publickeys ||
825 !silc_hash_table_count(local_publickeys))) {
826 SILC_LOG_DEBUG(("No authentication required"));
830 /* If both passphrase and public key is provided then we'll try both of
831 them and see which one of them authenticates. If only one of them is
832 set, then try only that. */
834 /* Try first passphrase (as it is faster to check) */
835 if (local_passphrase) {
836 SILC_LOG_DEBUG(("Password authentication"));
837 result = silc_server_password_authentication(server, local_passphrase,
841 /* Try public key authenetication */
842 if (!result && local_publickeys) {
843 SilcPublicKey cached_key;
844 SilcPublicKey remote_key =
845 ((SilcIDListData)ctx->sock->user_data)->public_key;
847 SILC_LOG_DEBUG(("Public key authentication"));
849 /* Find the public key to be used in authentication */
850 cached_key = silc_server_find_public_key(server, local_publickeys,
855 result = silc_server_public_key_authentication(server, cached_key,
857 remote_auth_len, ske);
863 /* Performs connection authentication protocol. If responder, we
864 authenticate the remote data received. If initiator, we will send
865 authentication data to the remote end. */
867 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
869 SilcProtocol protocol = (SilcProtocol)context;
870 SilcServerConnAuthInternalContext *ctx =
871 (SilcServerConnAuthInternalContext *)protocol->context;
872 SilcServer server = (SilcServer)ctx->server;
874 SILC_LOG_DEBUG(("Start"));
876 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
877 protocol->state = SILC_PROTOCOL_STATE_START;
879 SILC_LOG_DEBUG(("State=%d", protocol->state));
881 switch(protocol->state) {
882 case SILC_PROTOCOL_STATE_START:
888 if (ctx->responder == TRUE) {
890 * We are receiving party
893 SilcUInt16 payload_len;
894 SilcUInt16 conn_type;
895 unsigned char *auth_data = NULL;
897 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
898 ctx->sock->hostname, ctx->sock->ip));
900 /* Parse the received authentication data packet. The received
901 payload is Connection Auth Payload. */
902 ret = silc_buffer_unformat(ctx->packet->buffer,
903 SILC_STR_UI_SHORT(&payload_len),
904 SILC_STR_UI_SHORT(&conn_type),
907 SILC_LOG_ERROR(("Bad payload in authentication packet"));
908 protocol->state = SILC_PROTOCOL_STATE_ERROR;
909 silc_protocol_execute(protocol, server->schedule, 0, 300000);
913 if (payload_len != ctx->packet->buffer->len) {
914 SILC_LOG_ERROR(("Bad payload length in authentication packet"));
915 protocol->state = SILC_PROTOCOL_STATE_ERROR;
916 silc_protocol_execute(protocol, server->schedule, 0, 300000);
922 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
923 conn_type > SILC_SOCKET_TYPE_ROUTER) {
924 SILC_LOG_ERROR(("Bad connection type (%d) in authentication packet",
926 protocol->state = SILC_PROTOCOL_STATE_ERROR;
927 silc_protocol_execute(protocol, server->schedule, 0, 300000);
931 if (payload_len > 0) {
932 /* Get authentication data */
933 silc_buffer_pull(ctx->packet->buffer, 4);
934 ret = silc_buffer_unformat(ctx->packet->buffer,
935 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
939 SILC_LOG_DEBUG(("Bad payload in authentication payload"));
940 protocol->state = SILC_PROTOCOL_STATE_ERROR;
941 silc_protocol_execute(protocol, server->schedule, 0, 300000);
947 * Check the remote connection type and make sure that we have
948 * configured this connection. If we haven't allowed this connection
949 * the authentication must be failed.
952 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
954 /* Remote end is client */
955 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
956 SilcServerConfigClient *client = ctx->cconfig.ref_ptr;
959 ret = silc_server_get_authentication(ctx, client->passphrase,
961 auth_data, payload_len);
963 /* Authentication failed */
964 SILC_LOG_ERROR(("Authentication failed"));
965 silc_free(auth_data);
966 protocol->state = SILC_PROTOCOL_STATE_ERROR;
967 silc_protocol_execute(protocol, server->schedule, 0, 300000);
971 SILC_LOG_ERROR(("Remote client connection not configured"));
972 SILC_LOG_ERROR(("Authentication failed"));
973 silc_free(auth_data);
974 protocol->state = SILC_PROTOCOL_STATE_ERROR;
975 silc_protocol_execute(protocol, server->schedule,
981 /* Remote end is server */
982 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
983 SilcServerConfigServer *serv = ctx->sconfig.ref_ptr;
986 ret = silc_server_get_authentication(ctx, serv->passphrase,
988 auth_data, payload_len);
990 /* Authentication failed */
991 SILC_LOG_ERROR(("Authentication failed"));
992 silc_free(auth_data);
993 protocol->state = SILC_PROTOCOL_STATE_ERROR;
994 silc_protocol_execute(protocol, server->schedule, 0, 300000);
998 SILC_LOG_ERROR(("Remote server connection not configured"));
999 SILC_LOG_ERROR(("Authentication failed"));
1000 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1001 silc_protocol_execute(protocol, server->schedule,
1003 silc_free(auth_data);
1008 /* Remote end is router */
1009 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
1010 SilcServerConfigRouter *serv = ctx->rconfig.ref_ptr;
1013 ret = silc_server_get_authentication(ctx, serv->passphrase,
1015 auth_data, payload_len);
1017 /* Authentication failed */
1018 SILC_LOG_ERROR(("Authentication failed"));
1019 silc_free(auth_data);
1020 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1021 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1025 SILC_LOG_ERROR(("Remote router connection not configured"));
1026 SILC_LOG_ERROR(("Authentication failed"));
1027 silc_free(auth_data);
1028 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1029 silc_protocol_execute(protocol, server->schedule,
1035 silc_free(auth_data);
1037 /* Save connection type. This is later used to create the
1038 ID for the connection. */
1039 ctx->conn_type = conn_type;
1041 /* Advance protocol state. */
1042 protocol->state = SILC_PROTOCOL_STATE_END;
1043 silc_protocol_execute(protocol, server->schedule, 0, 0);
1047 * We are initiator. We are authenticating ourselves to a
1048 * remote server. We will send the authentication data to the
1049 * other end for verify.
1052 int payload_len = 0;
1053 unsigned char *auth_data = NULL;
1054 SilcUInt32 auth_data_len = 0;
1056 switch(ctx->auth_meth) {
1057 case SILC_AUTH_NONE:
1058 /* No authentication required */
1061 case SILC_AUTH_PASSWORD:
1062 /* Password authentication */
1063 if (ctx->auth_data && ctx->auth_data_len) {
1064 auth_data = strdup(ctx->auth_data);
1065 auth_data_len = ctx->auth_data_len;
1070 case SILC_AUTH_PUBLIC_KEY:
1072 /* Public key authentication */
1073 silc_server_get_public_key_auth(server, &auth_data, &auth_data_len,
1079 payload_len = 4 + auth_data_len;
1080 packet = silc_buffer_alloc(payload_len);
1081 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
1082 silc_buffer_format(packet,
1083 SILC_STR_UI_SHORT(payload_len),
1084 SILC_STR_UI_SHORT(server->server_type
1086 SILC_SOCKET_TYPE_SERVER :
1087 SILC_SOCKET_TYPE_ROUTER),
1088 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
1091 /* Send the packet to server */
1092 silc_server_packet_send(server, ctx->sock,
1093 SILC_PACKET_CONNECTION_AUTH, 0,
1094 packet->data, packet->len, TRUE);
1097 memset(auth_data, 0, auth_data_len);
1098 silc_free(auth_data);
1100 silc_buffer_free(packet);
1102 /* Next state is end of protocol */
1103 protocol->state = SILC_PROTOCOL_STATE_END;
1108 case SILC_PROTOCOL_STATE_END:
1113 unsigned char ok[4];
1115 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
1117 /* Authentication successful */
1118 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
1121 /* Unregister the timeout task since the protocol has ended.
1122 This was the timeout task to be executed if the protocol is
1123 not completed fast enough. */
1124 if (ctx->timeout_task)
1125 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1127 /* Assure that after calling final callback there cannot be pending
1128 executions for this protocol anymore. This just unregisters any
1129 timeout callbacks for this protocol. */
1130 silc_protocol_cancel(protocol, server->schedule);
1132 /* Protocol has ended, call the final callback */
1133 if (protocol->final_callback)
1134 silc_protocol_execute_final(protocol, server->schedule);
1136 silc_protocol_free(protocol);
1139 case SILC_PROTOCOL_STATE_ERROR:
1142 * Error. Send notify to remote.
1144 unsigned char error[4];
1146 /* Authentication failed */
1147 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
1148 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
1151 /* Unregister the timeout task since the protocol has ended.
1152 This was the timeout task to be executed if the protocol is
1153 not completed fast enough. */
1154 if (ctx->timeout_task)
1155 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1157 /* Assure that after calling final callback there cannot be pending
1158 executions for this protocol anymore. This just unregisters any
1159 timeout callbacks for this protocol. */
1160 silc_protocol_cancel(protocol, server->schedule);
1162 /* On error the final callback is always called. */
1163 if (protocol->final_callback)
1164 silc_protocol_execute_final(protocol, server->schedule);
1166 silc_protocol_free(protocol);
1170 case SILC_PROTOCOL_STATE_FAILURE:
1172 * We have received failure from remote
1175 SILC_LOG_ERROR(("Received Authentication Failure"));
1177 /* Unregister the timeout task since the protocol has ended.
1178 This was the timeout task to be executed if the protocol is
1179 not completed fast enough. */
1180 if (ctx->timeout_task)
1181 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1183 /* Assure that after calling final callback there cannot be pending
1184 executions for this protocol anymore. This just unregisters any
1185 timeout callbacks for this protocol. */
1186 silc_protocol_cancel(protocol, server->schedule);
1188 /* On error the final callback is always called. */
1189 if (protocol->final_callback)
1190 silc_protocol_execute_final(protocol, server->schedule);
1192 silc_protocol_free(protocol);
1195 case SILC_PROTOCOL_STATE_UNKNOWN:
1201 * Re-key protocol routines
1204 /* Actually takes the new keys into use. */
1207 silc_server_protocol_rekey_validate(SilcServer server,
1208 SilcServerRekeyInternalContext *ctx,
1209 SilcIDListData idata,
1210 SilcSKEKeyMaterial *keymat,
1213 if (ctx->responder == TRUE) {
1215 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1216 keymat->enc_key_len);
1217 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1218 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
1219 keymat->hmac_key_len);
1221 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1222 keymat->enc_key_len);
1223 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1224 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
1225 keymat->hmac_key_len);
1229 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1230 keymat->enc_key_len);
1231 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1232 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
1233 keymat->hmac_key_len);
1235 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1236 keymat->enc_key_len);
1237 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1238 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
1239 keymat->hmac_key_len);
1243 /* Save the current sending encryption key */
1245 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1246 silc_free(idata->rekey->send_enc_key);
1247 idata->rekey->send_enc_key = silc_memdup(keymat->send_enc_key,
1248 keymat->enc_key_len / 8);
1249 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1253 /* This function actually re-generates (when not using PFS) the keys and
1254 takes them into use. */
1256 void silc_server_protocol_rekey_generate(SilcServer server,
1257 SilcServerRekeyInternalContext *ctx,
1260 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1261 SilcSKEKeyMaterial *keymat;
1262 SilcUInt32 key_len = silc_cipher_get_key_len(idata->send_key);
1263 SilcUInt32 hash_len = idata->hash->hash->hash_len;
1265 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1266 send ? "sending" : "receiving"));
1268 /* Generate the new key */
1269 keymat = silc_calloc(1, sizeof(*keymat));
1270 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1271 idata->rekey->enc_key_len,
1272 16, key_len, hash_len,
1273 idata->hash, keymat);
1275 /* Set the keys into use */
1276 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1278 silc_ske_free_key_material(keymat);
1281 /* This function actually re-generates (with PFS) the keys and
1282 takes them into use. */
1285 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1286 SilcServerRekeyInternalContext *ctx,
1289 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1290 SilcSKEKeyMaterial *keymat;
1291 SilcUInt32 key_len = silc_cipher_get_key_len(idata->send_key);
1292 SilcUInt32 hash_len = idata->hash->hash->hash_len;
1293 unsigned char *tmpbuf;
1296 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1297 send ? "sending" : "receiving"));
1299 /* Encode KEY to binary data */
1300 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1302 /* Generate the new key */
1303 keymat = silc_calloc(1, sizeof(*keymat));
1304 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1305 idata->hash, keymat);
1307 /* Set the keys into use */
1308 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1310 memset(tmpbuf, 0, klen);
1312 silc_ske_free_key_material(keymat);
1315 /* Packet sending callback. This function is provided as packet sending
1316 routine to the Key Exchange functions. */
1319 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1321 SilcPacketType type,
1324 SilcProtocol protocol = (SilcProtocol)context;
1325 SilcServerRekeyInternalContext *ctx =
1326 (SilcServerRekeyInternalContext *)protocol->context;
1327 SilcServer server = (SilcServer)ctx->server;
1329 /* Send the packet immediately */
1330 silc_server_packet_send(server, ctx->sock,
1331 type, 0, packet->data, packet->len, FALSE);
1334 /* Performs re-key as defined in the SILC protocol specification. */
1336 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1338 SilcProtocol protocol = (SilcProtocol)context;
1339 SilcServerRekeyInternalContext *ctx =
1340 (SilcServerRekeyInternalContext *)protocol->context;
1341 SilcServer server = (SilcServer)ctx->server;
1342 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1343 SilcSKEStatus status;
1345 SILC_LOG_DEBUG(("Start"));
1347 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1348 protocol->state = SILC_PROTOCOL_STATE_START;
1350 SILC_LOG_DEBUG(("State=%d", protocol->state));
1352 switch(protocol->state) {
1353 case SILC_PROTOCOL_STATE_START:
1359 if (ctx->responder == TRUE) {
1361 * We are receiving party
1364 if (ctx->pfs == TRUE) {
1366 * Use Perfect Forward Secrecy, ie. negotiate the key material
1367 * using the SKE protocol.
1370 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1371 SILC_LOG_ERROR(("Error during Re-key (R PFS): re-key state is "
1372 "incorrect (received %d, expected %d packet), "
1373 "with %s (%s)", ctx->packet->type,
1374 SILC_PACKET_KEY_EXCHANGE_1, ctx->sock->hostname,
1376 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1377 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1381 ctx->ske = silc_ske_alloc(server->rng, server);
1382 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1383 silc_ske_group_get_by_number(idata->rekey->ske_group,
1384 &ctx->ske->prop->group);
1386 silc_ske_set_callbacks(ctx->ske,
1387 silc_server_protocol_rekey_send_packet,
1388 NULL, NULL, NULL, silc_ske_check_version,
1391 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
1392 if (status != SILC_SKE_STATUS_OK) {
1393 SILC_LOG_ERROR(("Error (%s) during Re-key (R PFS), with %s (%s)",
1394 silc_ske_map_status(status), ctx->sock->hostname,
1396 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1397 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1401 /* Advance the protocol state */
1403 silc_protocol_execute(protocol, server->schedule, 0, 0);
1406 * Do normal and simple re-key.
1409 /* Send the REKEY_DONE to indicate we will take new keys into use */
1410 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1413 /* After we send REKEY_DONE we must set the sending encryption
1414 key to the new key since all packets after this packet must
1415 encrypted with the new key. */
1416 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1418 /* The protocol ends in next stage. */
1419 protocol->state = SILC_PROTOCOL_STATE_END;
1424 * We are the initiator of this protocol
1427 /* Start the re-key by sending the REKEY packet */
1428 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1431 if (ctx->pfs == TRUE) {
1433 * Use Perfect Forward Secrecy, ie. negotiate the key material
1434 * using the SKE protocol.
1436 ctx->ske = silc_ske_alloc(server->rng, server);
1437 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1438 silc_ske_group_get_by_number(idata->rekey->ske_group,
1439 &ctx->ske->prop->group);
1441 silc_ske_set_callbacks(ctx->ske,
1442 silc_server_protocol_rekey_send_packet,
1443 NULL, NULL, NULL, silc_ske_check_version,
1446 status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL, 0);
1447 if (status != SILC_SKE_STATUS_OK) {
1448 SILC_LOG_ERROR(("Error (%s) during Re-key (I PFS), with %s (%s)",
1449 silc_ske_map_status(status), ctx->sock->hostname,
1451 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1452 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1456 /* Advance the protocol state */
1460 * Do normal and simple re-key.
1463 /* Send the REKEY_DONE to indicate we will take new keys into use
1465 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1468 /* After we send REKEY_DONE we must set the sending encryption
1469 key to the new key since all packets after this packet must
1470 encrypted with the new key. */
1471 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1473 /* The protocol ends in next stage. */
1474 protocol->state = SILC_PROTOCOL_STATE_END;
1482 * Second state, used only when oding re-key with PFS.
1484 if (ctx->responder == TRUE) {
1485 if (ctx->pfs == TRUE) {
1487 * Send our KE packe to the initiator now that we've processed
1488 * the initiator's KE packet.
1490 status = silc_ske_responder_finish(ctx->ske, NULL, NULL,
1491 SILC_SKE_PK_TYPE_SILC);
1492 if (status != SILC_SKE_STATUS_OK) {
1493 SILC_LOG_ERROR(("Error (%s) during Re-key (R PFS), with %s (%s)",
1494 silc_ske_map_status(status), ctx->sock->hostname,
1496 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1497 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1503 if (ctx->pfs == TRUE) {
1505 * The packet type must be KE packet
1507 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1508 SILC_LOG_ERROR(("Error during Re-key (I PFS): re-key state is "
1509 "incorrect (received %d, expected %d packet), "
1510 "with %s (%s)", ctx->packet->type,
1511 SILC_PACKET_KEY_EXCHANGE_2, ctx->sock->hostname,
1513 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1514 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1518 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
1519 if (status != SILC_SKE_STATUS_OK) {
1520 SILC_LOG_ERROR(("Error (%s) during Re-key (I PFS), with %s (%s)",
1521 silc_ske_map_status(status), ctx->sock->hostname,
1523 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1524 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1530 /* Send the REKEY_DONE to indicate we will take new keys into use
1532 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1535 /* After we send REKEY_DONE we must set the sending encryption
1536 key to the new key since all packets after this packet must
1537 encrypted with the new key. */
1538 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1540 /* The protocol ends in next stage. */
1541 protocol->state = SILC_PROTOCOL_STATE_END;
1544 case SILC_PROTOCOL_STATE_END:
1549 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1550 SILC_LOG_ERROR(("Error during Re-key (%s PFS): re-key state is "
1551 "incorrect (received %d, expected %d packet), "
1552 "with %s (%s)", ctx->responder ? "R" : "I",
1553 ctx->packet->type, SILC_PACKET_REKEY_DONE,
1554 ctx->sock->hostname, ctx->sock->ip));
1555 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1556 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1560 /* We received the REKEY_DONE packet and all packets after this is
1561 encrypted with the new key so set the decryption key to the new key */
1562 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1564 /* Assure that after calling final callback there cannot be pending
1565 executions for this protocol anymore. This just unregisters any
1566 timeout callbacks for this protocol. */
1567 silc_protocol_cancel(protocol, server->schedule);
1569 /* Protocol has ended, call the final callback */
1570 if (protocol->final_callback)
1571 silc_protocol_execute_final(protocol, server->schedule);
1573 silc_protocol_free(protocol);
1576 case SILC_PROTOCOL_STATE_ERROR:
1581 if (ctx->pfs == TRUE)
1582 /* Send abort notification */
1583 silc_ske_abort(ctx->ske, ctx->ske->status);
1585 /* Assure that after calling final callback there cannot be pending
1586 executions for this protocol anymore. This just unregisters any
1587 timeout callbacks for this protocol. */
1588 silc_protocol_cancel(protocol, server->schedule);
1590 /* On error the final callback is always called. */
1591 if (protocol->final_callback)
1592 silc_protocol_execute_final(protocol, server->schedule);
1594 silc_protocol_free(protocol);
1597 case SILC_PROTOCOL_STATE_FAILURE:
1599 * We have received failure from remote
1602 SILC_LOG_ERROR(("Error during Re-Key: received Failure"));
1604 /* Assure that after calling final callback there cannot be pending
1605 executions for this protocol anymore. This just unregisters any
1606 timeout callbacks for this protocol. */
1607 silc_protocol_cancel(protocol, server->schedule);
1609 /* On error the final callback is always called. */
1610 if (protocol->final_callback)
1611 silc_protocol_execute_final(protocol, server->schedule);
1613 silc_protocol_free(protocol);
1616 case SILC_PROTOCOL_STATE_UNKNOWN:
1622 /* Registers protocols used in server. */
1624 void silc_server_protocols_register(void)
1626 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1627 silc_server_protocol_connection_auth);
1628 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1629 silc_server_protocol_key_exchange);
1630 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1631 silc_server_protocol_rekey);
1632 silc_protocol_register(SILC_PROTOCOL_SERVER_BACKUP,
1633 silc_server_protocol_backup);
1636 /* Unregisters protocols */
1638 void silc_server_protocols_unregister(void)
1640 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1641 silc_server_protocol_connection_auth);
1642 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1643 silc_server_protocol_key_exchange);
1644 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1645 silc_server_protocol_rekey);
1646 silc_protocol_unregister(SILC_PROTOCOL_SERVER_BACKUP,
1647 silc_server_protocol_backup);