5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
38 /* Packet sending callback. This function is provided as packet sending
39 routine to the Key Exchange functions. */
41 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
46 SilcProtocol protocol = (SilcProtocol)context;
47 SilcServerKEInternalContext *ctx =
48 (SilcServerKEInternalContext *)protocol->context;
49 SilcServer server = (SilcServer)ctx->server;
51 /* Send the packet immediately */
52 silc_server_packet_send(server, ske->sock,
53 type, 0, packet->data, packet->len, TRUE);
56 /* Sets the negotiated key material into use for particular connection. */
58 int silc_server_protocol_ke_set_keys(SilcSKE ske,
59 SilcSocketConnection sock,
60 SilcSKEKeyMaterial *keymat,
65 SilcSKEDiffieHellmanGroup group,
68 SilcUnknownEntry conn_data;
71 SILC_LOG_DEBUG(("Setting new key into use"));
73 conn_data = silc_calloc(1, sizeof(*conn_data));
74 idata = (SilcIDListData)conn_data;
76 /* Allocate cipher to be used in the communication */
77 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
81 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
86 if (is_responder == TRUE) {
87 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
89 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
90 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
92 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
94 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
96 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
97 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
99 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
102 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
103 idata->rekey->send_enc_key =
104 silc_calloc(keymat->enc_key_len / 8,
105 sizeof(*idata->rekey->send_enc_key));
106 memcpy(idata->rekey->send_enc_key,
107 keymat->send_enc_key, keymat->enc_key_len / 8);
108 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
110 if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
111 idata->rekey->pfs = TRUE;
112 idata->rekey->ske_group = silc_ske_group_get_number(group);
114 /* Save the remote host's public key */
115 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
116 ske->ke1_payload->pk_len, &idata->public_key);
119 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
120 silc_cipher_free(idata->send_key);
121 silc_cipher_free(idata->receive_key);
122 silc_free(conn_data);
126 /* Save HMAC key to be used in the communication. */
127 if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac_send)) {
128 silc_cipher_free(idata->send_key);
129 silc_cipher_free(idata->receive_key);
130 silc_hash_free(idata->hash);
131 silc_free(conn_data);
134 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key, keymat->hmac_key_len);
135 idata->hmac_receive = idata->hmac_send;
137 sock->user_data = (void *)conn_data;
142 /* Check remote host version string */
144 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
147 SilcSKEStatus status = SILC_SKE_STATUS_OK;
149 int maj = 0, min = 0, build = 0, maj2 = 0, min2 = 0, build2 = 0;
151 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
152 ske->sock->ip, version));
154 /* Check for initial version string */
155 if (!strstr(version, "SILC-1.0-"))
156 status = SILC_SKE_STATUS_BAD_VERSION;
158 /* Check software version */
162 status = SILC_SKE_STATUS_BAD_VERSION;
165 cp = strchr(cp, '.');
171 cp = strchr(cp, '.');
173 build = atoi(cp + 1);
176 cp = silc_version_string + 9;
178 status = SILC_SKE_STATUS_BAD_VERSION;
181 cp = strchr(cp, '.');
187 cp = strchr(cp, '.');
189 build2 = atoi(cp + 1);
193 status = SILC_SKE_STATUS_BAD_VERSION;
195 status = SILC_SKE_STATUS_BAD_VERSION;
200 /* Callback that is called by the SKE to indicate that it is safe to
201 continue the execution of the protocol. This is used only if we are
202 initiator. Is given as argument to the silc_ske_initiator_finish
203 function. This is called due to the fact that the public key verification
204 process is asynchronous and we must not continue the protocl until
205 the public key has been verified and this callback is called. */
207 static void silc_server_protocol_ke_finish(SilcSKE ske, void *context)
209 SilcProtocol protocol = (SilcProtocol)context;
210 SilcServerKEInternalContext *ctx =
211 (SilcServerKEInternalContext *)protocol->context;
212 SilcServer server = (SilcServer)ctx->server;
214 SILC_LOG_DEBUG(("Start"));
216 if (ske->status != SILC_SKE_STATUS_OK) {
217 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
219 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
222 protocol->state = SILC_PROTOCOL_STATE_ERROR;
223 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
227 /* Send Ok to the other end. We will end the protocol as responder
228 sends Ok to us when we will take the new keys into use. */
229 if (ctx->responder == FALSE)
230 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
232 /* End the protocol on the next round */
233 protocol->state = SILC_PROTOCOL_STATE_END;
236 /* Performs key exchange protocol. This is used for both initiator
237 and responder key exchange. This is performed always when accepting
238 new connection to the server. This may be called recursively. */
240 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
242 SilcProtocol protocol = (SilcProtocol)context;
243 SilcServerKEInternalContext *ctx =
244 (SilcServerKEInternalContext *)protocol->context;
245 SilcServer server = (SilcServer)ctx->server;
246 SilcSKEStatus status = SILC_SKE_STATUS_OK;
248 SILC_LOG_DEBUG(("Start"));
250 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
251 protocol->state = SILC_PROTOCOL_STATE_START;
253 SILC_LOG_DEBUG(("State=%d", protocol->state));
255 switch(protocol->state) {
256 case SILC_PROTOCOL_STATE_START:
263 /* Allocate Key Exchange object */
264 ske = silc_ske_alloc();
266 ske->rng = server->rng;
268 if (ctx->responder == TRUE) {
269 /* Start the key exchange by processing the received security
270 properties packet from initiator. */
271 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
273 ctx->packet->buffer, FALSE,
276 SilcSKEStartPayload *start_payload;
278 /* Assemble security properties. */
279 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
283 /* Start the key exchange by sending our security properties
284 to the remote end. */
285 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
287 silc_server_protocol_ke_send_packet,
291 /* Return now if the procedure is pending. */
292 if (status == SILC_SKE_STATUS_PENDING)
295 if (status != SILC_SKE_STATUS_OK) {
296 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
298 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
301 protocol->state = SILC_PROTOCOL_STATE_ERROR;
302 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
306 /* Advance protocol state and call the next state if we are responder */
308 if (ctx->responder == TRUE)
309 silc_protocol_execute(protocol, server->timeout_queue, 0, 100000);
317 if (ctx->responder == TRUE) {
318 /* Sends the selected security properties to the initiator. */
320 silc_ske_responder_phase_1(ctx->ske,
321 ctx->ske->start_payload,
322 silc_server_protocol_ke_send_packet,
325 /* Call Phase-1 function. This processes the Key Exchange Start
326 paylaod reply we just got from the responder. The callback
327 function will receive the processed payload where we will
329 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer,
333 /* Return now if the procedure is pending. */
334 if (status == SILC_SKE_STATUS_PENDING)
337 if (status != SILC_SKE_STATUS_OK) {
338 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
340 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
343 protocol->state = SILC_PROTOCOL_STATE_ERROR;
344 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
348 /* Advance protocol state and call next state if we are initiator */
350 if (ctx->responder == FALSE)
351 silc_protocol_execute(protocol, server->timeout_queue, 0, 100000);
359 if (ctx->responder == TRUE) {
360 /* Process the received Key Exchange 1 Payload packet from
361 the initiator. This also creates our parts of the Diffie
362 Hellman algorithm. */
363 /* XXX TODO: If mutual authentication flag is set then the
364 verify_key callback should be set to verify the remote ends
366 /* XXX TODO: when the verify_key is set then the `callback'
367 must be set as well as the verify_key is asynchronous
368 (take a look to silc_ske_initiator_finish for example. */
369 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
370 NULL, NULL, NULL, NULL);
372 /* Call the Phase-2 function. This creates Diffie Hellman
373 key exchange parameters and sends our public part inside
374 Key Exhange 1 Payload to the responder. */
376 silc_ske_initiator_phase_2(ctx->ske,
379 silc_server_protocol_ke_send_packet,
383 /* Return now if the procedure is pending. */
384 if (status == SILC_SKE_STATUS_PENDING)
387 if (status != SILC_SKE_STATUS_OK) {
388 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
390 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
393 protocol->state = SILC_PROTOCOL_STATE_ERROR;
394 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
398 /* Advance protocol state and call the next state if we are responder */
400 if (ctx->responder == TRUE)
401 silc_protocol_execute(protocol, server->timeout_queue, 0, 100000);
409 if (ctx->responder == TRUE) {
410 /* This creates the key exchange material and sends our
411 public parts to the initiator inside Key Exchange 2 Payload. */
413 silc_ske_responder_finish(ctx->ske,
414 server->public_key, server->private_key,
415 SILC_SKE_PK_TYPE_SILC,
416 silc_server_protocol_ke_send_packet,
419 /* End the protocol on the next round */
420 protocol->state = SILC_PROTOCOL_STATE_END;
422 /* Finish the protocol. This verifies the Key Exchange 2 payload
423 sent by responder. */
424 /* XXX TODO: the verify_key callback is not set!!! */
425 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
427 silc_server_protocol_ke_finish,
431 /* Return now if the procedure is pending. */
432 if (status == SILC_SKE_STATUS_PENDING)
435 if (status != SILC_SKE_STATUS_OK) {
436 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
438 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
441 protocol->state = SILC_PROTOCOL_STATE_ERROR;
442 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
448 case SILC_PROTOCOL_STATE_END:
453 SilcSKEKeyMaterial *keymat;
454 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
455 int hash_len = ctx->ske->prop->hash->hash->hash_len;
457 /* Process the key material */
458 keymat = silc_calloc(1, sizeof(*keymat));
459 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
461 if (status != SILC_SKE_STATUS_OK) {
462 protocol->state = SILC_PROTOCOL_STATE_ERROR;
463 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
464 silc_ske_free_key_material(keymat);
467 ctx->keymat = keymat;
469 /* Send Ok to the other end if we are responder. If we are initiator
470 we have sent this already. */
471 if (ctx->responder == TRUE)
472 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
474 /* Unregister the timeout task since the protocol has ended.
475 This was the timeout task to be executed if the protocol is
476 not completed fast enough. */
477 if (ctx->timeout_task)
478 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
480 /* Call the final callback */
481 if (protocol->final_callback)
482 silc_protocol_execute_final(protocol, server->timeout_queue);
484 silc_protocol_free(protocol);
488 case SILC_PROTOCOL_STATE_ERROR:
493 /* Send abort notification */
494 silc_ske_abort(ctx->ske, ctx->ske->status,
495 silc_server_protocol_ke_send_packet,
498 /* Unregister the timeout task since the protocol has ended.
499 This was the timeout task to be executed if the protocol is
500 not completed fast enough. */
501 if (ctx->timeout_task)
502 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
504 /* On error the final callback is always called. */
505 if (protocol->final_callback)
506 silc_protocol_execute_final(protocol, server->timeout_queue);
508 silc_protocol_free(protocol);
511 case SILC_PROTOCOL_STATE_FAILURE:
513 * We have received failure from remote
516 /* Unregister the timeout task since the protocol has ended.
517 This was the timeout task to be executed if the protocol is
518 not completed fast enough. */
519 if (ctx->timeout_task)
520 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
522 /* On error the final callback is always called. */
523 if (protocol->final_callback)
524 silc_protocol_execute_final(protocol, server->timeout_queue);
526 silc_protocol_free(protocol);
529 case SILC_PROTOCOL_STATE_UNKNOWN:
535 * Connection Authentication protocol functions
539 silc_server_password_authentication(SilcServer server, char *auth1,
542 if (!auth1 || !auth2)
545 if (!memcmp(auth1, auth2, strlen(auth1)))
552 silc_server_public_key_authentication(SilcServer server,
553 SilcPublicKey pub_key,
562 if (!pub_key || !sign)
565 silc_pkcs_alloc(pub_key->name, &pkcs);
566 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
567 silc_pkcs_free(pkcs);
571 /* Make the authentication data. Protocol says it is HASH plus
573 len = ske->hash_len + ske->start_payload_copy->len;
574 auth = silc_buffer_alloc(len);
575 silc_buffer_pull_tail(auth, len);
576 silc_buffer_format(auth,
577 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
578 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
579 ske->start_payload_copy->len),
582 /* Verify signature */
583 if (silc_pkcs_verify(pkcs, sign, sign_len, auth->data, auth->len)) {
584 silc_pkcs_free(pkcs);
585 silc_buffer_free(auth);
589 silc_pkcs_free(pkcs);
590 silc_buffer_free(auth);
595 silc_server_get_public_key_auth(SilcServer server,
596 SilcPublicKey pub_key,
597 unsigned char *auth_data,
598 uint32 *auth_data_len,
608 silc_pkcs_alloc(pub_key->name, &pkcs);
609 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
610 silc_pkcs_free(pkcs);
614 /* Make the authentication data. Protocol says it is HASH plus
616 len = ske->hash_len + ske->start_payload_copy->len;
617 auth = silc_buffer_alloc(len);
618 silc_buffer_pull_tail(auth, len);
619 silc_buffer_format(auth,
620 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
621 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
622 ske->start_payload_copy->len),
625 if (silc_pkcs_sign(pkcs, auth->data, auth->len, auth_data, auth_data_len)) {
626 silc_pkcs_free(pkcs);
627 silc_buffer_free(auth);
631 silc_pkcs_free(pkcs);
632 silc_buffer_free(auth);
636 /* Performs connection authentication protocol. If responder, we
637 authenticate the remote data received. If initiator, we will send
638 authentication data to the remote end. */
640 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
642 SilcProtocol protocol = (SilcProtocol)context;
643 SilcServerConnAuthInternalContext *ctx =
644 (SilcServerConnAuthInternalContext *)protocol->context;
645 SilcServer server = (SilcServer)ctx->server;
647 SILC_LOG_DEBUG(("Start"));
649 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
650 protocol->state = SILC_PROTOCOL_STATE_START;
652 SILC_LOG_DEBUG(("State=%d", protocol->state));
654 switch(protocol->state) {
655 case SILC_PROTOCOL_STATE_START:
661 if (ctx->responder == TRUE) {
663 * We are receiving party
668 unsigned char *auth_data = NULL;
670 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
671 ctx->sock->hostname, ctx->sock->ip));
673 /* Parse the received authentication data packet. The received
674 payload is Connection Auth Payload. */
675 ret = silc_buffer_unformat(ctx->packet->buffer,
676 SILC_STR_UI_SHORT(&payload_len),
677 SILC_STR_UI_SHORT(&conn_type),
680 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
681 protocol->state = SILC_PROTOCOL_STATE_ERROR;
682 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
686 if (payload_len != ctx->packet->buffer->len) {
687 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
688 protocol->state = SILC_PROTOCOL_STATE_ERROR;
689 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
695 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
696 conn_type > SILC_SOCKET_TYPE_ROUTER) {
697 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
698 protocol->state = SILC_PROTOCOL_STATE_ERROR;
699 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
703 if (payload_len > 0) {
704 /* Get authentication data */
705 silc_buffer_pull(ctx->packet->buffer, 4);
706 ret = silc_buffer_unformat(ctx->packet->buffer,
707 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
711 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
712 protocol->state = SILC_PROTOCOL_STATE_ERROR;
713 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
719 * Check the remote connection type and make sure that we have
720 * configured this connection. If we haven't allowed this connection
721 * the authentication must be failed.
724 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
726 /* Remote end is client */
727 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
728 SilcServerConfigSectionClientConnection *client = ctx->cconfig;
731 switch(client->auth_meth) {
733 /* No authentication required */
734 SILC_LOG_DEBUG(("No authentication required"));
737 case SILC_AUTH_PASSWORD:
738 /* Password authentication */
739 SILC_LOG_DEBUG(("Password authentication"));
740 ret = silc_server_password_authentication(server, auth_data,
746 /* Authentication failed */
747 SILC_LOG_ERROR(("Authentication failed"));
748 SILC_LOG_DEBUG(("Authentication failed"));
749 silc_free(auth_data);
750 protocol->state = SILC_PROTOCOL_STATE_ERROR;
751 silc_protocol_execute(protocol, server->timeout_queue,
756 case SILC_AUTH_PUBLIC_KEY:
757 /* Public key authentication */
758 SILC_LOG_DEBUG(("Public key authentication"));
759 ret = silc_server_public_key_authentication(server,
768 SILC_LOG_ERROR(("Authentication failed"));
769 SILC_LOG_DEBUG(("Authentication failed"));
770 silc_free(auth_data);
771 protocol->state = SILC_PROTOCOL_STATE_ERROR;
772 silc_protocol_execute(protocol, server->timeout_queue,
777 SILC_LOG_DEBUG(("No configuration for remote connection"));
778 SILC_LOG_ERROR(("Remote connection not configured"));
779 SILC_LOG_ERROR(("Authentication failed"));
780 silc_free(auth_data);
781 protocol->state = SILC_PROTOCOL_STATE_ERROR;
782 silc_protocol_execute(protocol, server->timeout_queue,
788 /* Remote end is server */
789 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
790 SilcServerConfigSectionServerConnection *serv = ctx->sconfig;
793 switch(serv->auth_meth) {
795 /* No authentication required */
796 SILC_LOG_DEBUG(("No authentication required"));
799 case SILC_AUTH_PASSWORD:
800 /* Password authentication */
801 SILC_LOG_DEBUG(("Password authentication"));
802 ret = silc_server_password_authentication(server, auth_data,
808 /* Authentication failed */
809 SILC_LOG_ERROR(("Authentication failed"));
810 SILC_LOG_DEBUG(("Authentication failed"));
811 silc_free(auth_data);
812 protocol->state = SILC_PROTOCOL_STATE_ERROR;
813 silc_protocol_execute(protocol, server->timeout_queue,
818 case SILC_AUTH_PUBLIC_KEY:
819 /* Public key authentication */
820 SILC_LOG_DEBUG(("Public key authentication"));
821 ret = silc_server_public_key_authentication(server,
830 SILC_LOG_ERROR(("Authentication failed"));
831 SILC_LOG_DEBUG(("Authentication failed"));
832 silc_free(auth_data);
833 protocol->state = SILC_PROTOCOL_STATE_ERROR;
834 silc_protocol_execute(protocol, server->timeout_queue,
839 SILC_LOG_DEBUG(("No configuration for remote connection"));
840 SILC_LOG_ERROR(("Remote connection not configured"));
841 SILC_LOG_ERROR(("Authentication failed"));
842 protocol->state = SILC_PROTOCOL_STATE_ERROR;
843 silc_protocol_execute(protocol, server->timeout_queue,
845 silc_free(auth_data);
850 /* Remote end is router */
851 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
852 SilcServerConfigSectionServerConnection *serv = ctx->rconfig;
855 switch(serv->auth_meth) {
857 /* No authentication required */
858 SILC_LOG_DEBUG(("No authentication required"));
861 case SILC_AUTH_PASSWORD:
862 /* Password authentication */
863 SILC_LOG_DEBUG(("Password authentication"));
864 ret = silc_server_password_authentication(server, auth_data,
870 /* Authentication failed */
871 SILC_LOG_ERROR(("Authentication failed"));
872 SILC_LOG_DEBUG(("Authentication failed"));
873 silc_free(auth_data);
874 protocol->state = SILC_PROTOCOL_STATE_ERROR;
875 silc_protocol_execute(protocol, server->timeout_queue,
880 case SILC_AUTH_PUBLIC_KEY:
881 /* Public key authentication */
882 SILC_LOG_DEBUG(("Public key authentication"));
883 ret = silc_server_public_key_authentication(server,
892 SILC_LOG_ERROR(("Authentication failed"));
893 SILC_LOG_DEBUG(("Authentication failed"));
894 silc_free(auth_data);
895 protocol->state = SILC_PROTOCOL_STATE_ERROR;
896 silc_protocol_execute(protocol, server->timeout_queue,
901 SILC_LOG_DEBUG(("No configuration for remote connection"));
902 SILC_LOG_ERROR(("Remote connection not configured"));
903 SILC_LOG_ERROR(("Authentication failed"));
904 silc_free(auth_data);
905 protocol->state = SILC_PROTOCOL_STATE_ERROR;
906 silc_protocol_execute(protocol, server->timeout_queue,
912 silc_free(auth_data);
914 /* Save connection type. This is later used to create the
915 ID for the connection. */
916 ctx->conn_type = conn_type;
918 /* Advance protocol state. */
919 protocol->state = SILC_PROTOCOL_STATE_END;
920 silc_protocol_execute(protocol, server->timeout_queue, 0, 0);
924 * We are initiator. We are authenticating ourselves to a
925 * remote server. We will send the authentication data to the
926 * other end for verify.
930 unsigned char *auth_data = NULL;
931 uint32 auth_data_len = 0;
933 switch(ctx->auth_meth) {
935 /* No authentication required */
938 case SILC_AUTH_PASSWORD:
939 /* Password authentication */
940 if (ctx->auth_data && ctx->auth_data_len) {
941 auth_data = strdup(ctx->auth_data);
942 auth_data_len = ctx->auth_data_len;
947 case SILC_AUTH_PUBLIC_KEY:
949 unsigned char sign[1024];
951 /* Public key authentication */
952 silc_server_get_public_key_auth(server, ctx->auth_data,
953 sign, &auth_data_len,
955 auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
956 memcpy(auth_data, sign, auth_data_len);
961 payload_len = 4 + auth_data_len;
962 packet = silc_buffer_alloc(payload_len);
963 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
964 silc_buffer_format(packet,
965 SILC_STR_UI_SHORT(payload_len),
966 SILC_STR_UI_SHORT(server->server_type
968 SILC_SOCKET_TYPE_SERVER :
969 SILC_SOCKET_TYPE_ROUTER),
970 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
973 /* Send the packet to server */
974 silc_server_packet_send(server, ctx->sock,
975 SILC_PACKET_CONNECTION_AUTH, 0,
976 packet->data, packet->len, TRUE);
979 memset(auth_data, 0, auth_data_len);
980 silc_free(auth_data);
982 silc_buffer_free(packet);
984 /* Next state is end of protocol */
985 protocol->state = SILC_PROTOCOL_STATE_END;
990 case SILC_PROTOCOL_STATE_END:
997 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
999 /* Authentication successful */
1000 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
1003 /* Unregister the timeout task since the protocol has ended.
1004 This was the timeout task to be executed if the protocol is
1005 not completed fast enough. */
1006 if (ctx->timeout_task)
1007 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
1009 /* Protocol has ended, call the final callback */
1010 if (protocol->final_callback)
1011 silc_protocol_execute_final(protocol, server->timeout_queue);
1013 silc_protocol_free(protocol);
1016 case SILC_PROTOCOL_STATE_ERROR:
1019 * Error. Send notify to remote.
1021 unsigned char error[4];
1023 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
1025 /* Authentication failed */
1026 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
1029 /* Unregister the timeout task since the protocol has ended.
1030 This was the timeout task to be executed if the protocol is
1031 not completed fast enough. */
1032 if (ctx->timeout_task)
1033 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
1035 /* On error the final callback is always called. */
1036 if (protocol->final_callback)
1037 silc_protocol_execute_final(protocol, server->timeout_queue);
1039 silc_protocol_free(protocol);
1043 case SILC_PROTOCOL_STATE_FAILURE:
1045 * We have received failure from remote
1048 /* Unregister the timeout task since the protocol has ended.
1049 This was the timeout task to be executed if the protocol is
1050 not completed fast enough. */
1051 if (ctx->timeout_task)
1052 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
1054 /* On error the final callback is always called. */
1055 if (protocol->final_callback)
1056 silc_protocol_execute_final(protocol, server->timeout_queue);
1058 silc_protocol_free(protocol);
1061 case SILC_PROTOCOL_STATE_UNKNOWN:
1067 * Re-key protocol routines
1070 /* Actually takes the new keys into use. */
1073 silc_server_protocol_rekey_validate(SilcServer server,
1074 SilcServerRekeyInternalContext *ctx,
1075 SilcIDListData idata,
1076 SilcSKEKeyMaterial *keymat,
1079 if (ctx->responder == TRUE) {
1081 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1082 keymat->enc_key_len);
1083 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1085 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1086 keymat->enc_key_len);
1087 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1091 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1092 keymat->enc_key_len);
1093 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1095 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1096 keymat->enc_key_len);
1097 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1102 silc_hmac_alloc(idata->hmac_send->hmac->name, NULL, &idata->hmac_send);
1103 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key,
1104 keymat->hmac_key_len);
1106 silc_hmac_free(idata->hmac_receive);
1107 idata->hmac_receive = idata->hmac_send;
1110 /* Save the current sending encryption key */
1112 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1113 silc_free(idata->rekey->send_enc_key);
1114 idata->rekey->send_enc_key =
1115 silc_calloc(keymat->enc_key_len / 8,
1116 sizeof(*idata->rekey->send_enc_key));
1117 memcpy(idata->rekey->send_enc_key, keymat->send_enc_key,
1118 keymat->enc_key_len / 8);
1119 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1123 /* This function actually re-generates (when not using PFS) the keys and
1124 takes them into use. */
1126 void silc_server_protocol_rekey_generate(SilcServer server,
1127 SilcServerRekeyInternalContext *ctx,
1130 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1131 SilcSKEKeyMaterial *keymat;
1132 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1133 uint32 hash_len = idata->hash->hash->hash_len;
1135 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1136 send ? "sending" : "receiving"));
1138 /* Generate the new key */
1139 keymat = silc_calloc(1, sizeof(*keymat));
1140 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1141 idata->rekey->enc_key_len,
1142 16, key_len, hash_len,
1143 idata->hash, keymat);
1145 /* Set the keys into use */
1146 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1148 silc_ske_free_key_material(keymat);
1151 /* This function actually re-generates (with PFS) the keys and
1152 takes them into use. */
1155 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1156 SilcServerRekeyInternalContext *ctx,
1159 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1160 SilcSKEKeyMaterial *keymat;
1161 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1162 uint32 hash_len = idata->hash->hash->hash_len;
1163 unsigned char *tmpbuf;
1166 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1167 send ? "sending" : "receiving"));
1169 /* Encode KEY to binary data */
1170 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1172 /* Generate the new key */
1173 keymat = silc_calloc(1, sizeof(*keymat));
1174 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1175 idata->hash, keymat);
1177 /* Set the keys into use */
1178 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1180 memset(tmpbuf, 0, klen);
1182 silc_ske_free_key_material(keymat);
1185 /* Packet sending callback. This function is provided as packet sending
1186 routine to the Key Exchange functions. */
1189 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1191 SilcPacketType type,
1194 SilcProtocol protocol = (SilcProtocol)context;
1195 SilcServerRekeyInternalContext *ctx =
1196 (SilcServerRekeyInternalContext *)protocol->context;
1197 SilcServer server = (SilcServer)ctx->server;
1199 /* Send the packet immediately */
1200 silc_server_packet_send(server, ctx->sock,
1201 type, 0, packet->data, packet->len, FALSE);
1204 /* Performs re-key as defined in the SILC protocol specification. */
1206 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1208 SilcProtocol protocol = (SilcProtocol)context;
1209 SilcServerRekeyInternalContext *ctx =
1210 (SilcServerRekeyInternalContext *)protocol->context;
1211 SilcServer server = (SilcServer)ctx->server;
1212 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1213 SilcSKEStatus status;
1215 SILC_LOG_DEBUG(("Start"));
1217 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1218 protocol->state = SILC_PROTOCOL_STATE_START;
1220 SILC_LOG_DEBUG(("State=%d", protocol->state));
1222 switch(protocol->state) {
1223 case SILC_PROTOCOL_STATE_START:
1229 if (ctx->responder == TRUE) {
1231 * We are receiving party
1234 if (ctx->pfs == TRUE) {
1236 * Use Perfect Forward Secrecy, ie. negotiate the key material
1237 * using the SKE protocol.
1240 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1241 /* Error in protocol */
1242 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1243 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
1246 ctx->ske = silc_ske_alloc();
1247 ctx->ske->rng = server->rng;
1248 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1249 silc_ske_get_group_by_number(idata->rekey->ske_group,
1250 &ctx->ske->prop->group);
1252 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
1253 NULL, NULL, NULL, NULL);
1254 if (status != SILC_SKE_STATUS_OK) {
1255 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1258 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1259 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
1263 /* Advance the protocol state */
1265 silc_protocol_execute(protocol, server->timeout_queue, 0, 0);
1268 * Do normal and simple re-key.
1271 /* Send the REKEY_DONE to indicate we will take new keys into use */
1272 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1275 /* After we send REKEY_DONE we must set the sending encryption
1276 key to the new key since all packets after this packet must
1277 encrypted with the new key. */
1278 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1280 /* The protocol ends in next stage. */
1281 protocol->state = SILC_PROTOCOL_STATE_END;
1286 * We are the initiator of this protocol
1289 /* Start the re-key by sending the REKEY packet */
1290 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1293 if (ctx->pfs == TRUE) {
1295 * Use Perfect Forward Secrecy, ie. negotiate the key material
1296 * using the SKE protocol.
1298 ctx->ske = silc_ske_alloc();
1299 ctx->ske->rng = server->rng;
1300 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1301 silc_ske_get_group_by_number(idata->rekey->ske_group,
1302 &ctx->ske->prop->group);
1305 silc_ske_initiator_phase_2(ctx->ske, NULL, NULL,
1306 silc_server_protocol_rekey_send_packet,
1309 if (status != SILC_SKE_STATUS_OK) {
1310 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1313 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1314 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
1318 /* Advance the protocol state */
1322 * Do normal and simple re-key.
1325 /* Send the REKEY_DONE to indicate we will take new keys into use
1327 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1330 /* After we send REKEY_DONE we must set the sending encryption
1331 key to the new key since all packets after this packet must
1332 encrypted with the new key. */
1333 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1335 /* The protocol ends in next stage. */
1336 protocol->state = SILC_PROTOCOL_STATE_END;
1344 * Second state, used only when oding re-key with PFS.
1346 if (ctx->responder == TRUE) {
1347 if (ctx->pfs == TRUE) {
1349 * Send our KE packe to the initiator now that we've processed
1350 * the initiator's KE packet.
1353 silc_ske_responder_finish(ctx->ske, NULL, NULL,
1354 SILC_SKE_PK_TYPE_SILC,
1355 silc_server_protocol_rekey_send_packet,
1358 if (status != SILC_SKE_STATUS_OK) {
1359 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1362 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1363 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
1369 if (ctx->pfs == TRUE) {
1371 * The packet type must be KE packet
1373 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1374 /* Error in protocol */
1375 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1376 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
1379 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
1380 NULL, NULL, NULL, NULL);
1381 if (status != SILC_SKE_STATUS_OK) {
1382 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1385 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1386 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
1392 /* Send the REKEY_DONE to indicate we will take new keys into use
1394 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1397 /* After we send REKEY_DONE we must set the sending encryption
1398 key to the new key since all packets after this packet must
1399 encrypted with the new key. */
1400 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1402 /* The protocol ends in next stage. */
1403 protocol->state = SILC_PROTOCOL_STATE_END;
1406 case SILC_PROTOCOL_STATE_END:
1411 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1412 /* Error in protocol */
1413 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1414 silc_protocol_execute(protocol, server->timeout_queue, 0, 0);
1417 /* We received the REKEY_DONE packet and all packets after this is
1418 encrypted with the new key so set the decryption key to the new key */
1419 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1421 /* Protocol has ended, call the final callback */
1422 if (protocol->final_callback)
1423 silc_protocol_execute_final(protocol, server->timeout_queue);
1425 silc_protocol_free(protocol);
1428 case SILC_PROTOCOL_STATE_ERROR:
1433 if (ctx->pfs == TRUE) {
1434 /* Send abort notification */
1435 silc_ske_abort(ctx->ske, ctx->ske->status,
1436 silc_server_protocol_ke_send_packet,
1440 /* On error the final callback is always called. */
1441 if (protocol->final_callback)
1442 silc_protocol_execute_final(protocol, server->timeout_queue);
1444 silc_protocol_free(protocol);
1447 case SILC_PROTOCOL_STATE_FAILURE:
1449 * We have received failure from remote
1452 /* On error the final callback is always called. */
1453 if (protocol->final_callback)
1454 silc_protocol_execute_final(protocol, server->timeout_queue);
1456 silc_protocol_free(protocol);
1459 case SILC_PROTOCOL_STATE_UNKNOWN:
1465 /* Registers protocols used in server. */
1467 void silc_server_protocols_register(void)
1469 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1470 silc_server_protocol_connection_auth);
1471 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1472 silc_server_protocol_key_exchange);
1473 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1474 silc_server_protocol_rekey);
1477 /* Unregisters protocols */
1479 void silc_server_protocols_unregister(void)
1481 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1482 silc_server_protocol_connection_auth);
1483 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1484 silc_server_protocol_key_exchange);
1485 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1486 silc_server_protocol_rekey);