Author: Pekka Riikonen <priikone@silcnet.org>
- Copyright (C) 2000 - 2006 Pekka Riikonen
+ Copyright (C) 2000 - 2007 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
SILC_FSM_STATE(silc_ske_st_rekey_initiator_start);
SILC_FSM_STATE(silc_ske_st_rekey_initiator_done);
SILC_FSM_STATE(silc_ske_st_rekey_initiator_end);
+SILC_FSM_STATE(silc_ske_st_rekey_responder_wait);
+SILC_FSM_STATE(silc_ske_st_rekey_responder_start);
+SILC_FSM_STATE(silc_ske_st_rekey_responder_done);
+SILC_FSM_STATE(silc_ske_st_rekey_responder_end);
+SILC_TASK_CALLBACK(silc_ske_packet_send_retry);
SilcSKEKeyMaterial
silc_ske_process_key_material(SilcSKE ske,
/* Clear retransmission */
ske->retry_timer = SILC_SKE_RETRY_MIN;
ske->retry_count = 0;
- silc_schedule_task_del_by_context(ske->schedule, ske);
+ silc_schedule_task_del_by_callback(ske->schedule,
+ silc_ske_packet_send_retry);
/* Signal for new packet */
ske->packet = packet;
silc_fsm_next(&ske->fsm, silc_ske_st_initiator_failure);
}
- /* Handle rekey synchronously */
- if (ske->rekeying)
+ /* Handle rekey and SUCCESS packets synchronously. After SUCCESS packets
+ they keys are taken into use immediately, hence the synchronous
+ processing to get the keys in use as soon as possible. */
+ if (ske->rekeying || packet->type == SILC_PACKET_SUCCESS)
silc_fsm_continue_sync(&ske->fsm);
else
silc_fsm_continue(&ske->fsm);
static SilcSKEStatus silc_ske_check_version(SilcSKE ske)
{
- SilcUInt32 l_protocol_version = 0, r_protocol_version = 0;
SilcUInt32 r_software_version = 0;
+ char *r_software_string = NULL;
if (!ske->remote_version || !ske->version)
return SILC_SKE_STATUS_BAD_VERSION;
- if (!silc_parse_version_string(ske->remote_version, &r_protocol_version,
- NULL, &r_software_version, NULL, NULL))
- return SILC_SKE_STATUS_BAD_VERSION;
-
- if (!silc_parse_version_string(ske->version, &l_protocol_version,
- NULL, NULL, NULL, NULL))
- return SILC_SKE_STATUS_BAD_VERSION;
-
- /* If remote is too new, don't connect */
- if (l_protocol_version < r_protocol_version)
+ if (!silc_parse_version_string(ske->remote_version, NULL, NULL,
+ &r_software_version,
+ &r_software_string, NULL))
return SILC_SKE_STATUS_BAD_VERSION;
- /* Backwards compatibility checks */
-
- /* Old server versions requires "valid" looking Source ID in the SILC
- packets during initial key exchange. All version before 1.1.0. */
- if (r_software_version < 110) {
- SilcClientID id;
- memset(&id, 0, sizeof(id));
- id.ip.data_len = 4;
- SILC_LOG_DEBUG(("Remote is old version, add dummy Source ID to packets"));
- silc_packet_set_ids(ske->stream, SILC_ID_CLIENT, &id, 0, NULL);
- }
-
return SILC_SKE_STATUS_OK;
}
{
SilcSKEStatus status = SILC_SKE_STATUS_OK;
SilcBuffer buf;
- unsigned char *e, *f, *KEY;
- SilcUInt32 e_len, f_len, KEY_len;
+ unsigned char *e, *f, *KEY, *s_data;
+ SilcUInt32 e_len, f_len, KEY_len, s_len;
int ret;
SILC_LOG_DEBUG(("Start"));
if (initiator == FALSE) {
+ s_data = (ske->start_payload_copy ?
+ silc_buffer_data(ske->start_payload_copy) : NULL);
+ s_len = (ske->start_payload_copy ?
+ silc_buffer_len(ske->start_payload_copy) : 0);
e = silc_mp_mp2bin(&ske->ke1_payload->x, 0, &e_len);
f = silc_mp_mp2bin(&ske->ke2_payload->x, 0, &f_len);
KEY = silc_mp_mp2bin(ske->KEY, 0, &KEY_len);
/* Format the buffer used to compute the hash value */
- buf = silc_buffer_alloc_size(silc_buffer_len(ske->start_payload_copy) +
+ buf = silc_buffer_alloc_size(s_len +
ske->ke2_payload->pk_len +
ske->ke1_payload->pk_len +
e_len + f_len + KEY_len);
if (!ske->ke1_payload->pk_data) {
ret =
silc_buffer_format(buf,
- SILC_STR_UI_XNSTRING(
- ske->start_payload_copy->data,
- silc_buffer_len(ske->start_payload_copy)),
- SILC_STR_UI_XNSTRING(ske->ke2_payload->pk_data,
- ske->ke2_payload->pk_len),
- SILC_STR_UI_XNSTRING(e, e_len),
- SILC_STR_UI_XNSTRING(f, f_len),
- SILC_STR_UI_XNSTRING(KEY, KEY_len),
+ SILC_STR_DATA(s_data, s_len),
+ SILC_STR_DATA(ske->ke2_payload->pk_data,
+ ske->ke2_payload->pk_len),
+ SILC_STR_DATA(e, e_len),
+ SILC_STR_DATA(f, f_len),
+ SILC_STR_DATA(KEY, KEY_len),
SILC_STR_END);
} else {
ret =
silc_buffer_format(buf,
- SILC_STR_UI_XNSTRING(
- ske->start_payload_copy->data,
- silc_buffer_len(ske->start_payload_copy)),
- SILC_STR_UI_XNSTRING(ske->ke2_payload->pk_data,
- ske->ke2_payload->pk_len),
- SILC_STR_UI_XNSTRING(ske->ke1_payload->pk_data,
- ske->ke1_payload->pk_len),
- SILC_STR_UI_XNSTRING(e, e_len),
- SILC_STR_UI_XNSTRING(f, f_len),
- SILC_STR_UI_XNSTRING(KEY, KEY_len),
+ SILC_STR_DATA(s_data, s_len),
+ SILC_STR_DATA(ske->ke2_payload->pk_data,
+ ske->ke2_payload->pk_len),
+ SILC_STR_DATA(ske->ke1_payload->pk_data,
+ ske->ke1_payload->pk_len),
+ SILC_STR_DATA(e, e_len),
+ SILC_STR_DATA(f, f_len),
+ SILC_STR_DATA(KEY, KEY_len),
SILC_STR_END);
}
if (ret == -1) {
silc_free(f);
silc_free(KEY);
} else {
+ s_data = (ske->start_payload_copy ?
+ silc_buffer_data(ske->start_payload_copy) : NULL);
+ s_len = (ske->start_payload_copy ?
+ silc_buffer_len(ske->start_payload_copy) : 0);
e = silc_mp_mp2bin(&ske->ke1_payload->x, 0, &e_len);
- buf = silc_buffer_alloc_size(silc_buffer_len(ske->start_payload_copy) +
- ske->ke1_payload->pk_len + e_len);
+ buf = silc_buffer_alloc_size(s_len + ske->ke1_payload->pk_len + e_len);
if (!buf)
return SILC_SKE_STATUS_OUT_OF_MEMORY;
/* Format the buffer used to compute the hash value */
ret =
silc_buffer_format(buf,
- SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
- silc_buffer_len(ske->start_payload_copy)),
- SILC_STR_UI_XNSTRING(ske->ke1_payload->pk_data,
- ske->ke1_payload->pk_len),
- SILC_STR_UI_XNSTRING(e, e_len),
+ SILC_STR_DATA(s_data, s_len),
+ SILC_STR_DATA(ske->ke1_payload->pk_data,
+ ske->ke1_payload->pk_len),
+ SILC_STR_DATA(e, e_len),
SILC_STR_END);
if (ret == -1) {
silc_buffer_free(buf);
return ret;
}
-/* SKE FSM destructor. We call completion callback here. All SKE
- machines go here and call the completion. Completion must not be called
- from any other place. */
+/* Calls completion callback. Completion is called always in this function
+ and must not be called anywhere else. */
-static void silc_ske_finished(SilcFSM fsm, void *fsm_context,
- void *destructor_context)
+static void silc_ske_completion(SilcSKE ske)
{
- SilcSKE ske = fsm_context;
-
/* Call the completion callback */
if (!ske->freed && !ske->aborted && ske->callbacks->completed) {
if (ske->status != SILC_SKE_STATUS_OK)
ske->callbacks->completed(ske, ske->status, ske->prop, ske->keymat,
ske->rekey, ske->callbacks->context);
}
+}
+/* SKE FSM destructor. */
+
+static void silc_ske_finished(SilcFSM fsm, void *fsm_context,
+ void *destructor_context)
+{
+ SilcSKE ske = fsm_context;
ske->running = FALSE;
if (ske->freed)
silc_ske_free(ske);
}
+/* Key exchange timeout task callback */
+
+SILC_TASK_CALLBACK(silc_ske_timeout)
+{
+ SilcSKE ske = context;
+
+ SILC_LOG_DEBUG(("Timeout"));
+
+ ske->packet = NULL;
+ ske->status = SILC_SKE_STATUS_TIMEOUT;
+ if (ske->responder)
+ silc_fsm_next(&ske->fsm, silc_ske_st_responder_failure);
+ else
+ silc_fsm_next(&ske->fsm, silc_ske_st_initiator_failure);
+
+ silc_fsm_continue_sync(&ske->fsm);
+}
+
/******************************* Protocol API *******************************/
/* Allocates new SKE object. */
ske->public_key = public_key;
ske->private_key = private_key;
ske->retry_timer = SILC_SKE_RETRY_MIN;
+ ske->refcnt = 1;
return ske;
}
if (ske->running) {
ske->freed = TRUE;
+
+ if (ske->aborted) {
+ /* If already aborted, destroy the session immediately */
+ ske->packet = NULL;
+ ske->status = SILC_SKE_STATUS_ERROR;
+ if (ske->responder)
+ silc_fsm_next(&ske->fsm, silc_ske_st_responder_failure);
+ else
+ silc_fsm_next(&ske->fsm, silc_ske_st_initiator_failure);
+ silc_fsm_continue_sync(&ske->fsm);
+ }
return;
}
+ ske->refcnt--;
+ if (ske->refcnt > 0)
+ return;
+
/* Free start payload */
if (ske->start_payload)
silc_ske_payload_start_free(ske->start_payload);
silc_hash_free(ske->prop->hash);
if (ske->prop->hmac)
silc_hmac_free(ske->prop->hmac);
+ if (ske->prop->public_key)
+ silc_pkcs_public_key_free(ske->prop->public_key);
silc_free(ske->prop);
}
if (ske->keymat)
return SILC_FSM_CONTINUE;
}
- /* XXX timeout */
+ /* Add key exchange timeout */
+ silc_schedule_task_add_timeout(ske->schedule, silc_ske_timeout,
+ ske, ske->timeout, 0);
/** Wait for responder proposal */
- SILC_LOG_DEBUG(("Waiting for reponder proposal"));
+ SILC_LOG_DEBUG(("Waiting for responder proposal"));
silc_fsm_next(fsm, silc_ske_st_initiator_phase1);
return SILC_FSM_WAIT;
}
/* Sign the hash value */
if (!silc_pkcs_sign(ske->private_key, hash, hash_len, sign,
- sizeof(sign) - 1, &sign_len, NULL)) {
+ sizeof(sign) - 1, &sign_len, FALSE, ske->prop->hash)) {
/** Error computing signature */
silc_mp_uninit(x);
silc_free(x);
silc_skr_find_set_usage(find, SILC_SKR_USAGE_KEY_AGREEMENT);
/* Find key from repository */
- SILC_FSM_CALL(silc_skr_find(ske->repository, find,
- silc_ske_skr_callback, ske));
+ SILC_FSM_CALL(silc_skr_find(ske->repository, silc_fsm_get_schedule(fsm),
+ find, silc_ske_skr_callback, ske));
} else {
/* Verify from application */
SILC_FSM_CALL(ske->callbacks->verify_key(ske, ske->prop->public_key,
payload = ske->ke2_payload;
+ /* Compute the HASH value */
+ SILC_LOG_DEBUG(("Computing HASH value"));
+ status = silc_ske_make_hash(ske, hash, &hash_len, FALSE);
+ if (status != SILC_SKE_STATUS_OK)
+ goto err;
+ ske->hash = silc_memdup(hash, hash_len);
+ ske->hash_len = hash_len;
+
if (ske->prop->public_key) {
SILC_LOG_DEBUG(("Public key is authentic"));
-
- /* Compute the hash value */
- status = silc_ske_make_hash(ske, hash, &hash_len, FALSE);
- if (status != SILC_SKE_STATUS_OK)
- goto err;
-
SILC_LOG_DEBUG(("Verifying signature (HASH)"));
/* Verify signature */
}
SILC_LOG_DEBUG(("Signature is Ok"));
-
- ske->hash = silc_memdup(hash, hash_len);
- ske->hash_len = hash_len;
memset(hash, 'F', hash_len);
}
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
SilcSKE ske = fsm_context;
SilcUInt32 error = SILC_SKE_STATUS_ERROR;
- SILC_LOG_DEBUG(("Error %s (%d) received during key exchange",
- silc_ske_map_status(ske->status), ske->status));
-
if (ske->packet && silc_buffer_len(&ske->packet->buffer) == 4) {
SILC_GET32_MSB(error, ske->packet->buffer.data);
ske->status = error;
ske->packet = NULL;
}
+ SILC_LOG_DEBUG(("Error %s (%d) received during key exchange",
+ silc_ske_map_status(ske->status), ske->status));
+
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
/* Starts the protocol as initiator */
-SilcAsyncOperation
-silc_ske_initiator(SilcSKE ske,
- SilcPacketStream stream,
- SilcSKEParams params,
- SilcSKEStartPayload start_payload)
+SilcAsyncOperation silc_ske_initiator(SilcSKE ske,
+ SilcPacketStream stream,
+ SilcSKEParams params,
+ SilcSKEStartPayload start_payload)
{
SILC_LOG_DEBUG(("Start SKE as initiator"));
return NULL;
}
+ ske->timeout = params->timeout_secs ? params->timeout_secs : 30;
ske->start_payload = start_payload;
ske->version = params->version;
ske->running = TRUE;
return SILC_FSM_CONTINUE;
}
- /* Start timeout */
- /* XXX */
+ /* Add key exchange timeout */
+ silc_schedule_task_add_timeout(ske->schedule, silc_ske_timeout,
+ ske, ske->timeout, 0);
/** Wait for initiator */
silc_fsm_next(fsm, silc_ske_st_responder_phase1);
SilcSKEStatus status;
SilcSKEStartPayload remote_payload = NULL;
SilcBuffer packet_buf = &ske->packet->buffer;
+ SilcID id;
SILC_LOG_DEBUG(("Start"));
return SILC_FSM_CONTINUE;
}
+ /* Get remote ID and set it to stream */
+ if (ske->packet->src_id_len) {
+ silc_id_str2id(ske->packet->src_id, ske->packet->src_id_len,
+ ske->packet->src_id_type,
+ (ske->packet->src_id_type == SILC_ID_SERVER ?
+ (void *)&id.u.server_id : (void *)&id.u.client_id),
+ (ske->packet->src_id_type == SILC_ID_SERVER ?
+ sizeof(id.u.server_id) : sizeof(id.u.client_id)));
+ silc_packet_set_ids(ske->stream, 0, NULL, ske->packet->src_id_type,
+ (ske->packet->src_id_type == SILC_ID_SERVER ?
+ (void *)&id.u.server_id : (void *)&id.u.client_id));
+ }
+
/* Take a copy of the payload buffer for future use. It is used to
compute the HASH value. */
ske->start_payload_copy = silc_buffer_copy(packet_buf);
silc_skr_find_set_usage(find, SILC_SKR_USAGE_KEY_AGREEMENT);
/* Find key from repository */
- SILC_FSM_CALL(silc_skr_find(ske->repository, find,
+ SILC_FSM_CALL(silc_skr_find(ske->repository,
+ silc_fsm_get_schedule(fsm), find,
silc_ske_skr_callback, ske));
} else {
/* Verify from application */
}
ske->ke2_payload->pk_data = pk;
ske->ke2_payload->pk_len = pk_len;
+ }
- SILC_LOG_DEBUG(("Computing HASH value"));
+ SILC_LOG_DEBUG(("Computing HASH value"));
- /* Compute the hash value */
- memset(hash, 0, sizeof(hash));
- status = silc_ske_make_hash(ske, hash, &hash_len, FALSE);
- if (status != SILC_SKE_STATUS_OK) {
- /** Error computing hash */
- ske->status = status;
- silc_fsm_next(fsm, silc_ske_st_responder_error);
- return SILC_FSM_CONTINUE;
- }
-
- ske->hash = silc_memdup(hash, hash_len);
- ske->hash_len = hash_len;
+ /* Compute the hash value */
+ memset(hash, 0, sizeof(hash));
+ status = silc_ske_make_hash(ske, hash, &hash_len, FALSE);
+ if (status != SILC_SKE_STATUS_OK) {
+ /** Error computing hash */
+ ske->status = status;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
+ ske->hash = silc_memdup(hash, hash_len);
+ ske->hash_len = hash_len;
+ if (ske->public_key && ske->private_key) {
SILC_LOG_DEBUG(("Signing HASH value"));
/* Sign the hash value */
if (!silc_pkcs_sign(ske->private_key, hash, hash_len, sign,
- sizeof(sign) - 1, &sign_len, NULL)) {
+ sizeof(sign) - 1, &sign_len, FALSE, ske->prop->hash)) {
/** Error computing signature */
status = SILC_SKE_STATUS_SIGNATURE_ERROR;
silc_fsm_next(fsm, silc_ske_st_responder_error);
silc_buffer_free(payload_buf);
+ /* In case we are doing rekey move to finish it. */
+ if (ske->rekey) {
+ /** Finish rekey */
+ silc_fsm_next(fsm, silc_ske_st_rekey_responder_done);
+ return SILC_FSM_CONTINUE;
+ }
+
/** Waiting completion */
silc_fsm_next(fsm, silc_ske_st_responder_end);
return SILC_FSM_WAIT;
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
/* Starts the protocol as responder. */
-SilcAsyncOperation
-silc_ske_responder(SilcSKE ske,
- SilcPacketStream stream,
- SilcSKEParams params)
+SilcAsyncOperation silc_ske_responder(SilcSKE ske,
+ SilcPacketStream stream,
+ SilcSKEParams params)
{
SILC_LOG_DEBUG(("Start SKE as responder"));
ske->responder = TRUE;
ske->flags = params->flags;
+ ske->timeout = params->timeout_secs ? params->timeout_secs : 30;
if (ske->flags & SILC_SKE_SP_FLAG_IV_INCLUDED)
ske->session_port = params->session_port;
ske->version = strdup(params->version);
return SILC_FSM_CONTINUE;
}
- /* XXX timeout */
+ /* Add rekey exchange timeout */
+ silc_schedule_task_add_timeout(ske->schedule, silc_ske_timeout,
+ ske, 30, 0);
ske->prop = silc_calloc(1, sizeof(*ske->prop));
if (!ske->prop) {
return SILC_FSM_CONTINUE;
}
+ if (!silc_hash_alloc(ske->rekey->hash, &ske->prop->hash)) {
+ /** Cannot allocate hash */
+ ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ silc_fsm_next(fsm, silc_ske_st_initiator_error);
+ return SILC_FSM_CONTINUE;
+ }
+
/* Send REKEY packet to start rekey protocol */
if (!silc_ske_packet_send(ske, SILC_PACKET_REKEY, 0, NULL, 0)) {
/** Error sending packet */
silc_packet_get_keys(ske->stream, &send_key, NULL, &hmac_send, NULL);
key_len = silc_cipher_get_key_len(send_key);
block_len = silc_cipher_get_block_len(send_key);
-
- if (!silc_hash_alloc(ske->rekey->hash, &hash)) {
- /** Cannot allocate hash */
- ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
- silc_fsm_next(fsm, silc_ske_st_initiator_error);
- return SILC_FSM_CONTINUE;
- }
+ hash = ske->prop->hash;
hash_len = silc_hash_len(hash);
/* Process key material */
ske->prop->cipher = send_key;
ske->prop->hmac = hmac_send;
- ske->prop->hash = hash;
/* Get sending keys */
if (!silc_ske_set_keys(ske, ske->keymat, ske->prop, &send_key, NULL,
&hmac_send, NULL, NULL)) {
/** Cannot get keys */
ske->status = SILC_SKE_STATUS_ERROR;
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
return SILC_FSM_CONTINUE;
}
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
+
/* Set the new keys into use. This will also send REKEY_DONE packet. Any
packet sent after this call will be protected with the new keys. */
if (!silc_packet_set_keys(ske->stream, send_key, NULL, hmac_send, NULL,
/** Cannot set keys */
SILC_LOG_DEBUG(("Cannot set new keys, error sending REKEY_DONE"));
ske->status = SILC_SKE_STATUS_ERROR;
+ silc_cipher_free(send_key);
+ silc_hmac_free(hmac_send);
silc_fsm_next(fsm, silc_ske_st_initiator_error);
return SILC_FSM_CONTINUE;
}
NULL, &hmac_receive, NULL)) {
/** Cannot get keys */
ske->status = SILC_SKE_STATUS_ERROR;
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
return SILC_FSM_CONTINUE;
}
/** Cannot set keys */
SILC_LOG_DEBUG(("Cannot set new keys"));
ske->status = SILC_SKE_STATUS_ERROR;
+ silc_cipher_free(receive_key);
+ silc_hmac_free(hmac_receive);
silc_fsm_next(fsm, silc_ske_st_initiator_error);
return SILC_FSM_CONTINUE;
}
if (!rekey) {
/** No memory */
ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
silc_fsm_next(fsm, silc_ske_st_initiator_error);
return SILC_FSM_CONTINUE;
}
silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
silc_schedule_task_del_by_context(ske->schedule, ske);
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
{
SILC_LOG_DEBUG(("Start SKE rekey as initator"));
- if (!ske || !stream || !rekey)
+ if (!ske || !stream || !rekey) {
+ SILC_LOG_ERROR(("Missing arguments to silc_ske_rekey_initiator"));
+ SILC_ASSERT(rekey);
return NULL;
+ }
if (!silc_async_init(&ske->op, silc_ske_abort, NULL, ske))
return NULL;
/***************************** Responder Rekey ******************************/
-SILC_FSM_STATE(silc_ske_st_rekey_responder_start);
+/* Wait for initiator's packet */
+
+SILC_FSM_STATE(silc_ske_st_rekey_responder_wait)
+{
+ SilcSKE ske = fsm_context;
+
+ SILC_LOG_DEBUG(("Start rekey (%s)", ske->rekey->pfs ? "PFS" : "No PFS"));
+
+ if (ske->aborted) {
+ /** Aborted */
+ silc_fsm_next(fsm, silc_ske_st_responder_aborted);
+ return SILC_FSM_CONTINUE;
+ }
+
+ /* Add rekey exchange timeout */
+ silc_schedule_task_add_timeout(ske->schedule, silc_ske_timeout,
+ ske, 30, 0);
+
+ silc_fsm_next(fsm, silc_ske_st_rekey_responder_start);
+
+ /* If REKEY packet already received process it directly */
+ if (ske->packet && ske->packet->type == SILC_PACKET_REKEY)
+ return SILC_FSM_CONTINUE;
+
+ /* Wait for REKEY */
+ return SILC_FSM_WAIT;
+}
+
+/* Process initiator's REKEY packet */
SILC_FSM_STATE(silc_ske_st_rekey_responder_start)
{
+ SilcSKE ske = fsm_context;
+ SilcSKEStatus status;
+
+ SILC_LOG_DEBUG(("Start"));
+
+ if (ske->packet->type != SILC_PACKET_REKEY) {
+ ske->status = SILC_SKE_STATUS_ERROR;
+ silc_packet_free(ske->packet);
+ ske->packet = NULL;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
+
+ ske->prop = silc_calloc(1, sizeof(*ske->prop));
+ if (!ske->prop) {
+ /** No memory */
+ ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
+
+ if (!silc_hash_alloc(ske->rekey->hash, &ske->prop->hash)) {
+ /** Cannot allocate hash */
+ ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
+
+ /* If doing rekey without PFS, move directly to the end of the protocol. */
+ if (!ske->rekey->pfs) {
+ /** Rekey without PFS */
+ silc_fsm_next(fsm, silc_ske_st_rekey_responder_done);
+ return SILC_FSM_CONTINUE;
+ }
+
+ status = silc_ske_group_get_by_number(ske->rekey->ske_group,
+ &ske->prop->group);
+ if (status != SILC_SKE_STATUS_OK) {
+ /** Unknown group */
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
+
+ /** Rekey with PFS */
+ silc_fsm_next(fsm, silc_ske_st_responder_phase2);
+ return SILC_FSM_WAIT;
+}
+
+/* Sends REKEY_DONE packet to finish the protocol. */
+
+SILC_FSM_STATE(silc_ske_st_rekey_responder_done)
+{
+ SilcSKE ske = fsm_context;
+ SilcCipher send_key;
+ SilcHmac hmac_send;
+ SilcHash hash;
+ SilcUInt32 key_len, block_len, hash_len, x_len;
+ unsigned char *pfsbuf;
+
+ SILC_LOG_DEBUG(("Start"));
+
+ silc_packet_get_keys(ske->stream, &send_key, NULL, &hmac_send, NULL);
+ key_len = silc_cipher_get_key_len(send_key);
+ block_len = silc_cipher_get_block_len(send_key);
+ hash = ske->prop->hash;
+ hash_len = silc_hash_len(hash);
+
+ /* Process key material */
+ if (ske->rekey->pfs) {
+ /* PFS */
+ pfsbuf = silc_mp_mp2bin(ske->KEY, 0, &x_len);
+ if (pfsbuf) {
+ ske->keymat = silc_ske_process_key_material_data(pfsbuf, x_len,
+ block_len, key_len,
+ hash_len, hash);
+ memset(pfsbuf, 0, x_len);
+ silc_free(pfsbuf);
+ }
+ } else {
+ /* No PFS */
+ ske->keymat =
+ silc_ske_process_key_material_data(ske->rekey->send_enc_key,
+ ske->rekey->enc_key_len / 8,
+ block_len, key_len,
+ hash_len, hash);
+ }
+
+ if (!ske->keymat) {
+ SILC_LOG_ERROR(("Error processing key material"));
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
+
+ ske->prop->cipher = send_key;
+ ske->prop->hmac = hmac_send;
+
+ /* Get sending keys */
+ if (!silc_ske_set_keys(ske, ske->keymat, ske->prop, &send_key, NULL,
+ &hmac_send, NULL, NULL)) {
+ /** Cannot get keys */
+ ske->status = SILC_SKE_STATUS_ERROR;
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
+
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
+
+ /* Set the new keys into use. This will also send REKEY_DONE packet. Any
+ packet sent after this call will be protected with the new keys. */
+ if (!silc_packet_set_keys(ske->stream, send_key, NULL, hmac_send, NULL,
+ TRUE)) {
+ /** Cannot set keys */
+ SILC_LOG_DEBUG(("Cannot set new keys, error sending REKEY_DONE"));
+ ske->status = SILC_SKE_STATUS_ERROR;
+ silc_cipher_free(send_key);
+ silc_hmac_free(hmac_send);
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
+
+ /** Wait for REKEY_DONE */
+ silc_fsm_next(fsm, silc_ske_st_rekey_responder_end);
+ return SILC_FSM_WAIT;
+}
+
+/* Rekey protocol end */
+
+SILC_FSM_STATE(silc_ske_st_rekey_responder_end)
+{
+ SilcSKE ske = fsm_context;
+ SilcCipher receive_key;
+ SilcHmac hmac_receive;
+ SilcSKERekeyMaterial rekey;
+
+ SILC_LOG_DEBUG(("Start"));
+
+ if (ske->packet->type != SILC_PACKET_REKEY_DONE) {
+ SILC_LOG_DEBUG(("Remote retransmitted an old packet"));
+ silc_packet_free(ske->packet);
+ ske->packet = NULL;
+ return SILC_FSM_WAIT;
+ }
+
+ silc_packet_get_keys(ske->stream, NULL, &receive_key, NULL, &hmac_receive);
+ ske->prop->cipher = receive_key;
+ ske->prop->hmac = hmac_receive;
+
+ /* Get receiving keys */
+ if (!silc_ske_set_keys(ske, ske->keymat, ske->prop, NULL, &receive_key,
+ NULL, &hmac_receive, NULL)) {
+ /** Cannot get keys */
+ ske->status = SILC_SKE_STATUS_ERROR;
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
+
+ /* Set new receiving keys into use. All packets received after this will
+ be decrypted with the new keys. */
+ if (!silc_packet_set_keys(ske->stream, NULL, receive_key, NULL,
+ hmac_receive, FALSE)) {
+ /** Cannot set keys */
+ SILC_LOG_DEBUG(("Cannot set new keys"));
+ ske->status = SILC_SKE_STATUS_ERROR;
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
+ silc_cipher_free(receive_key);
+ silc_hmac_free(hmac_receive);
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
+
+ SILC_LOG_DEBUG(("Rekey completed successfully"));
+
+ /* Generate new rekey material */
+ rekey = silc_ske_make_rekey_material(ske, ske->keymat);
+ if (!rekey) {
+ /** No memory */
+ ske->status = SILC_SKE_STATUS_OUT_OF_MEMORY;
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
+ silc_fsm_next(fsm, silc_ske_st_responder_error);
+ return SILC_FSM_CONTINUE;
+ }
+ rekey->pfs = ske->rekey->pfs;
+ ske->rekey = rekey;
+
+ ske->prop->cipher = NULL;
+ ske->prop->hmac = NULL;
+ silc_packet_free(ske->packet);
+ ske->packet = NULL;
+ silc_packet_stream_unlink(ske->stream, &silc_ske_stream_cbs, ske);
+ silc_schedule_task_del_by_context(ske->schedule, ske);
+
+ /* Call completion */
+ silc_ske_completion(ske);
+
return SILC_FSM_FINISH;
}
SilcAsyncOperation
silc_ske_rekey_responder(SilcSKE ske,
SilcPacketStream stream,
- SilcSKERekeyMaterial rekey)
+ SilcSKERekeyMaterial rekey,
+ SilcPacket packet)
{
SILC_LOG_DEBUG(("Start SKE rekey as responder"));
ske->responder = TRUE;
ske->running = TRUE;
ske->rekeying = TRUE;
+ ske->packet = packet;
/* Link to packet stream to get key exchange packets */
ske->stream = stream;
SILC_PACKET_FAILURE, -1);
/* Start SKE rekey as responder */
- silc_fsm_start(&ske->fsm, silc_ske_st_rekey_responder_start);
+ silc_fsm_start_sync(&ske->fsm, silc_ske_st_rekey_responder_wait);
return &ske->op;
}
return NULL;
silc_buffer_format(buf,
SILC_STR_UI_CHAR(0),
- SILC_STR_UI_XNSTRING(data, data_len),
+ SILC_STR_DATA(data, data_len),
SILC_STR_END);
/* Take IVs */
if (!dist)
return NULL;
silc_buffer_format(dist,
- SILC_STR_UI_XNSTRING(data, data_len),
- SILC_STR_UI_XNSTRING(k1, hash_len),
+ SILC_STR_DATA(data, data_len),
+ SILC_STR_DATA(k1, hash_len),
SILC_STR_END);
memset(k2, 0, sizeof(k2));
silc_hash_make(hash, dist->data, silc_buffer_len(dist), k2);
silc_buffer_pull_tail(dist, hash_len);
silc_buffer_pull(dist, data_len + hash_len);
silc_buffer_format(dist,
- SILC_STR_UI_XNSTRING(k2, hash_len),
+ SILC_STR_DATA(k2, hash_len),
SILC_STR_END);
silc_buffer_push(dist, data_len + hash_len);
memset(k3, 0, sizeof(k3));
if (!dist)
return NULL;
silc_buffer_format(dist,
- SILC_STR_UI_XNSTRING(data, data_len),
- SILC_STR_UI_XNSTRING(k1, hash_len),
+ SILC_STR_DATA(data, data_len),
+ SILC_STR_DATA(k1, hash_len),
SILC_STR_END);
memset(k2, 0, sizeof(k2));
silc_hash_make(hash, dist->data, silc_buffer_len(dist), k2);
silc_buffer_pull_tail(dist, hash_len);
silc_buffer_pull(dist, data_len + hash_len);
silc_buffer_format(dist,
- SILC_STR_UI_XNSTRING(k2, hash_len),
+ SILC_STR_DATA(k2, hash_len),
SILC_STR_END);
silc_buffer_push(dist, data_len + hash_len);
memset(k3, 0, sizeof(k3));
if (!buf)
return NULL;
silc_buffer_format(buf,
- SILC_STR_UI_XNSTRING(tmpbuf, klen),
- SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
+ SILC_STR_DATA(tmpbuf, klen),
+ SILC_STR_DATA(ske->hash, ske->hash_len),
SILC_STR_END);
/* Process the key material */
SilcHmac *ret_hmac_receive,
SilcHash *ret_hash)
{
+ unsigned char iv[SILC_HASH_MAXLEN];
+ SilcBool iv_included = (prop->flags & SILC_SKE_SP_FLAG_IV_INCLUDED);
+
/* Allocate ciphers to be used in the communication */
if (ret_send_key) {
if (!silc_cipher_alloc((char *)silc_cipher_get_name(prop->cipher),
return FALSE;
}
+ /* Allocate hash */
+ if (ret_hash) {
+ if (!silc_hash_alloc(silc_hash_get_name(prop->hash), ret_hash))
+ return FALSE;
+ }
+
/* Set key material */
+ memset(iv, 0, sizeof(iv));
if (ske->responder) {
if (ret_send_key) {
silc_cipher_set_key(*ret_send_key, keymat->receive_enc_key,
keymat->enc_key_len, TRUE);
- silc_cipher_set_iv(*ret_send_key, keymat->receive_iv);
+
+ if (silc_cipher_get_mode(*ret_send_key) == SILC_CIPHER_MODE_CTR) {
+ /* Counter mode */
+ if (!ske->rekeying) {
+ /* Set IV. */
+ memcpy(iv, ske->hash, 4);
+ if (!iv_included)
+ memcpy(iv + 4, keymat->receive_iv, 8);
+ } else {
+ /* Rekey, recompute the truncated hash value. */
+ silc_hash_make(prop->hash, keymat->receive_iv, 8, iv);
+ if (!iv_included)
+ memcpy(iv + 4, keymat->receive_iv, 8);
+ else
+ memset(iv + 4, 0, 12);
+ }
+
+ silc_cipher_set_iv(*ret_send_key, iv);
+ } else {
+ /* Other modes */
+ silc_cipher_set_iv(*ret_send_key, keymat->receive_iv);
+ }
}
if (ret_receive_key) {
silc_cipher_set_key(*ret_receive_key, keymat->send_enc_key,
keymat->enc_key_len, FALSE);
- silc_cipher_set_iv(*ret_receive_key, keymat->send_iv);
+
+ if (silc_cipher_get_mode(*ret_receive_key) == SILC_CIPHER_MODE_CTR) {
+ /* Counter mode */
+ if (!ske->rekeying) {
+ /* Set IV. */
+ memcpy(iv, ske->hash, 4);
+ if (!iv_included)
+ memcpy(iv + 4, keymat->send_iv, 8);
+ } else {
+ /* Rekey, recompute the truncated hash value. */
+ silc_hash_make(prop->hash, keymat->send_iv, 8, iv);
+ if (!iv_included)
+ memcpy(iv + 4, keymat->send_iv, 8);
+ else
+ memset(iv + 4, 0, 12);
+ }
+
+ silc_cipher_set_iv(*ret_receive_key, iv);
+ } else {
+ /* Other modes */
+ silc_cipher_set_iv(*ret_receive_key, keymat->send_iv);
+ }
}
if (ret_hmac_send)
silc_hmac_set_key(*ret_hmac_send, keymat->receive_hmac_key,
if (ret_send_key) {
silc_cipher_set_key(*ret_send_key, keymat->send_enc_key,
keymat->enc_key_len, TRUE);
- silc_cipher_set_iv(*ret_send_key, keymat->send_iv);
+
+ if (silc_cipher_get_mode(*ret_send_key) == SILC_CIPHER_MODE_CTR) {
+ /* Counter mode */
+ if (!ske->rekeying) {
+ /* Set IV. */
+ memcpy(iv, ske->hash, 4);
+ if (!iv_included)
+ memcpy(iv + 4, keymat->send_iv, 8);
+ } else {
+ /* Rekey, recompute the truncated hash value. */
+ silc_hash_make(prop->hash, keymat->send_iv, 8, iv);
+ if (!iv_included)
+ memcpy(iv + 4, keymat->send_iv, 8);
+ else
+ memset(iv + 4, 0, 12);
+ }
+
+ silc_cipher_set_iv(*ret_send_key, iv);
+ } else {
+ /* Other modes */
+ silc_cipher_set_iv(*ret_send_key, keymat->send_iv);
+ }
}
if (ret_receive_key) {
silc_cipher_set_key(*ret_receive_key, keymat->receive_enc_key,
keymat->enc_key_len, FALSE);
- silc_cipher_set_iv(*ret_receive_key, keymat->receive_iv);
+
+ if (silc_cipher_get_mode(*ret_receive_key) == SILC_CIPHER_MODE_CTR) {
+ /* Counter mode */
+ if (!ske->rekeying) {
+ /* Set IV. If IV Included flag was negotiated we only set the
+ truncated hash value. */
+ memcpy(iv, ske->hash, 4);
+ if (!iv_included)
+ memcpy(iv + 4, keymat->receive_iv, 8);
+ } else {
+ /* Rekey, recompute the truncated hash value. */
+ silc_hash_make(prop->hash, keymat->receive_iv, 8, iv);
+ if (!iv_included)
+ memcpy(iv + 4, keymat->receive_iv, 8);
+ else
+ memset(iv + 4, 0, 12);
+ }
+
+ silc_cipher_set_iv(*ret_receive_key, iv);
+ } else {
+ /* Other modes */
+ silc_cipher_set_iv(*ret_receive_key, keymat->receive_iv);
+ }
}
if (ret_hmac_send)
silc_hmac_set_key(*ret_hmac_send, keymat->send_hmac_key,
keymat->hmac_key_len);
}
- /* Allocate hash */
- if (ret_hash) {
- if (!silc_hash_alloc(silc_hash_get_name(prop->hash), ret_hash))
- return FALSE;
- }
-
return TRUE;
}
{
/* Official */
"Ok",
- "Unkown error occurred",
+ "Unexpected error occurred",
"Bad payload in packet",
"Unsupported group",
"Unsupported cipher",
"Bad payload length in packet",
"Error computing signature",
"System out of memory",
+ "Key exchange timeout",
NULL
};