5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
39 silc_verify_public_key_internal(SilcServer server, SilcSocketConnection sock,
40 SilcSocketType conn_type,
41 unsigned char *pk, uint32 pk_len,
42 SilcSKEPKType pk_type)
44 char file[256], filename[256], *fingerprint;
47 if (pk_type != SILC_SKE_PK_TYPE_SILC) {
48 SILC_LOG_WARNING(("We don't support %s (%s) port %d public key type %d",
49 sock->hostname, sock->ip, sock->port, pk_type));
53 /* Accept client keys without verification */
54 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
55 SILC_LOG_DEBUG(("Accepting client public key without verification"));
59 memset(filename, 0, sizeof(filename));
60 memset(file, 0, sizeof(file));
61 snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", sock->hostname,
63 snprintf(filename, sizeof(filename) - 1, SILC_ETCDIR "/serverkeys/%s",
66 /* Create serverkeys directory if it doesn't exist. */
67 if (stat(SILC_ETCDIR "/serverkeys", &st) < 0) {
68 /* If dir doesn't exist */
69 if (errno == ENOENT) {
70 if (mkdir(SILC_ETCDIR "/serverkeys", 0755) < 0) {
71 SILC_LOG_ERROR(("Couldn't create `%s' directory\n",
72 SILC_ETCDIR "/serverkeys"));
76 SILC_LOG_ERROR(("%s\n", strerror(errno)));
81 /* Take fingerprint of the public key */
82 fingerprint = silc_hash_fingerprint(NULL, pk, pk_len);
83 SILC_LOG_DEBUG(("Received server %s (%s) port %d public key (%s)",
84 sock->hostname, sock->ip, sock->port, fingerprint));
85 silc_free(fingerprint);
87 /* Check whether this key already exists */
88 if (stat(filename, &st) < 0) {
89 /* We don't have it, then cache it. */
90 SILC_LOG_DEBUG(("New public key from server"));
92 silc_pkcs_save_public_key_data(filename, pk, pk_len,
96 /* The key already exists, verify it. */
97 SilcPublicKey public_key;
101 SILC_LOG_DEBUG(("We have the public key saved locally"));
103 /* Load the key file */
104 if (!silc_pkcs_load_public_key(filename, &public_key,
106 if (!silc_pkcs_load_public_key(filename, &public_key,
107 SILC_PKCS_FILE_BIN)) {
108 SILC_LOG_WARNING(("Could not load local copy of the %s (%s) port %d "
109 "server public key", sock->hostname, sock->ip,
112 /* Save the key for future checking */
114 silc_pkcs_save_public_key_data(filename, pk, pk_len,
119 /* Encode the key data */
120 encpk = silc_pkcs_public_key_encode(public_key, &encpk_len);
122 SILC_LOG_WARNING(("Local copy of the server %s (%s) port %d public key "
123 "is malformed", sock->hostname, sock->ip, sock->port));
125 /* Save the key for future checking */
127 silc_pkcs_save_public_key_data(filename, pk, pk_len,
132 if (memcmp(encpk, pk, encpk_len)) {
133 SILC_LOG_WARNING(("%s (%s) port %d server public key does not match "
134 "with local copy", sock->hostname, sock->ip,
136 SILC_LOG_WARNING(("It is possible that the key has expired or changed"));
137 SILC_LOG_WARNING(("It is also possible that some one is performing "
138 "man-in-the-middle attack"));
139 SILC_LOG_WARNING(("Will not accept the server %s (%s) port %d public "
141 sock->hostname, sock->ip, sock->port));
145 /* Local copy matched */
150 /* Callback that is called when we have received KE2 payload from
151 responder. We try to verify the public key now. */
154 silc_server_protocol_ke_verify_key(SilcSKE ske,
155 unsigned char *pk_data,
157 SilcSKEPKType pk_type,
159 SilcSKEVerifyCbCompletion completion,
160 void *completion_context)
162 SilcProtocol protocol = (SilcProtocol)context;
163 SilcServerKEInternalContext *ctx =
164 (SilcServerKEInternalContext *)protocol->context;
165 SilcServer server = (SilcServer)ctx->server;
167 SILC_LOG_DEBUG(("Start"));
169 if (silc_verify_public_key_internal(server, ctx->sock,
170 (ctx->responder == FALSE ?
171 SILC_SOCKET_TYPE_ROUTER:
172 ctx->sconfig ? SILC_SOCKET_TYPE_SERVER :
173 ctx->rconfig ? SILC_SOCKET_TYPE_ROUTER :
174 SILC_SOCKET_TYPE_CLIENT),
175 pk_data, pk_len, pk_type))
176 completion(ske, SILC_SKE_STATUS_OK, completion_context);
178 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
182 /* Packet sending callback. This function is provided as packet sending
183 routine to the Key Exchange functions. */
185 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
190 SilcProtocol protocol = (SilcProtocol)context;
191 SilcServerKEInternalContext *ctx =
192 (SilcServerKEInternalContext *)protocol->context;
193 SilcServer server = (SilcServer)ctx->server;
195 /* Send the packet immediately */
196 silc_server_packet_send(server, ske->sock,
197 type, 0, packet->data, packet->len, TRUE);
200 /* Sets the negotiated key material into use for particular connection. */
202 int silc_server_protocol_ke_set_keys(SilcSKE ske,
203 SilcSocketConnection sock,
204 SilcSKEKeyMaterial *keymat,
209 SilcSKEDiffieHellmanGroup group,
212 SilcUnknownEntry conn_data;
213 SilcIDListData idata;
215 SILC_LOG_DEBUG(("Setting new key into use"));
217 conn_data = silc_calloc(1, sizeof(*conn_data));
218 idata = (SilcIDListData)conn_data;
220 /* Allocate cipher to be used in the communication */
221 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
222 silc_free(conn_data);
225 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
226 silc_free(conn_data);
230 if (is_responder == TRUE) {
231 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
232 keymat->enc_key_len);
233 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
234 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
235 keymat->enc_key_len);
236 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
238 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
239 keymat->enc_key_len);
240 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
241 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
242 keymat->enc_key_len);
243 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
246 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
247 idata->rekey->send_enc_key =
248 silc_calloc(keymat->enc_key_len / 8,
249 sizeof(*idata->rekey->send_enc_key));
250 memcpy(idata->rekey->send_enc_key,
251 keymat->send_enc_key, keymat->enc_key_len / 8);
252 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
254 if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
255 idata->rekey->pfs = TRUE;
256 idata->rekey->ske_group = silc_ske_group_get_number(group);
258 /* Save the remote host's public key */
259 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
260 ske->ke1_payload->pk_len, &idata->public_key);
263 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
264 silc_cipher_free(idata->send_key);
265 silc_cipher_free(idata->receive_key);
266 silc_free(conn_data);
270 /* Save HMAC key to be used in the communication. */
271 if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac_send)) {
272 silc_cipher_free(idata->send_key);
273 silc_cipher_free(idata->receive_key);
274 silc_hash_free(idata->hash);
275 silc_free(conn_data);
278 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key, keymat->hmac_key_len);
279 idata->hmac_receive = idata->hmac_send;
281 sock->user_data = (void *)conn_data;
283 SILC_LOG_INFO(("%s (%s) security properties: %s %s %s",
284 sock->hostname, sock->ip,
285 idata->send_key->cipher->name,
286 idata->hmac_send->hmac->name,
287 idata->hash->hash->name));
292 /* Check remote host version string */
294 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
295 uint32 len, void *context)
297 SilcSKEStatus status = SILC_SKE_STATUS_OK;
299 int maj = 0, min = 0, build = 0, maj2 = 0, min2 = 0, build2 = 0;
301 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
302 ske->sock->ip, version));
304 /* Check for initial version string */
305 if (!strstr(version, "SILC-1.0-"))
306 status = SILC_SKE_STATUS_BAD_VERSION;
308 /* Check software version */
312 status = SILC_SKE_STATUS_BAD_VERSION;
315 cp = strchr(cp, '.');
321 cp = strchr(cp, '.');
323 build = atoi(cp + 1);
326 cp = silc_version_string + 9;
328 status = SILC_SKE_STATUS_BAD_VERSION;
331 cp = strchr(cp, '.');
337 cp = strchr(cp, '.');
339 build2 = atoi(cp + 1);
343 status = SILC_SKE_STATUS_BAD_VERSION;
345 status = SILC_SKE_STATUS_BAD_VERSION;
350 /* Callback that is called by the SKE to indicate that it is safe to
351 continue the execution of the protocol. This is used only if we are
352 initiator. Is given as argument to the silc_ske_initiator_finish or
353 silc_ske_responder_phase_2 functions. This is called due to the fact
354 that the public key verification process is asynchronous and we must
355 not continue the protocl until the public key has been verified and
356 this callback is called. */
358 static void silc_server_protocol_ke_continue(SilcSKE ske, void *context)
360 SilcProtocol protocol = (SilcProtocol)context;
361 SilcServerKEInternalContext *ctx =
362 (SilcServerKEInternalContext *)protocol->context;
363 SilcServer server = (SilcServer)ctx->server;
365 SILC_LOG_DEBUG(("Start"));
367 if (ske->status != SILC_SKE_STATUS_OK) {
368 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
369 silc_ske_map_status(ske->status)));
370 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
371 silc_ske_map_status(ske->status)));
373 protocol->state = SILC_PROTOCOL_STATE_ERROR;
374 silc_protocol_execute(protocol, server->schedule, 0, 300000);
378 /* Send Ok to the other end. We will end the protocol as responder
379 sends Ok to us when we will take the new keys into use. */
380 if (ctx->responder == FALSE) {
381 silc_ske_end(ctx->ske);
383 /* End the protocol on the next round */
384 protocol->state = SILC_PROTOCOL_STATE_END;
387 /* Advance protocol state and call the next state if we are responder.
388 This happens when this callback was sent to silc_ske_responder_phase_2
390 if (ctx->responder == TRUE) {
392 silc_protocol_execute(protocol, server->schedule, 0, 100000);
396 /* Performs key exchange protocol. This is used for both initiator
397 and responder key exchange. This is performed always when accepting
398 new connection to the server. This may be called recursively. */
400 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
402 SilcProtocol protocol = (SilcProtocol)context;
403 SilcServerKEInternalContext *ctx =
404 (SilcServerKEInternalContext *)protocol->context;
405 SilcServer server = (SilcServer)ctx->server;
406 SilcSKEStatus status = SILC_SKE_STATUS_OK;
408 SILC_LOG_DEBUG(("Start"));
410 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
411 protocol->state = SILC_PROTOCOL_STATE_START;
413 SILC_LOG_DEBUG(("State=%d", protocol->state));
415 switch(protocol->state) {
416 case SILC_PROTOCOL_STATE_START:
423 /* Allocate Key Exchange object */
424 ske = silc_ske_alloc();
426 ske->rng = server->rng;
428 silc_ske_set_callbacks(ske, silc_server_protocol_ke_send_packet, NULL,
429 silc_server_protocol_ke_verify_key,
430 silc_server_protocol_ke_continue,
431 silc_ske_check_version, context);
433 if (ctx->responder == TRUE) {
434 /* Start the key exchange by processing the received security
435 properties packet from initiator. */
436 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
438 ctx->packet->buffer, FALSE);
440 SilcSKEStartPayload *start_payload;
442 /* Assemble security properties. */
443 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
447 /* Start the key exchange by sending our security properties
448 to the remote end. */
449 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
453 /* Return now if the procedure is pending. */
454 if (status == SILC_SKE_STATUS_PENDING)
457 if (status != SILC_SKE_STATUS_OK) {
458 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
459 silc_ske_map_status(status)));
460 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
461 silc_ske_map_status(status)));
463 protocol->state = SILC_PROTOCOL_STATE_ERROR;
464 silc_protocol_execute(protocol, server->schedule, 0, 300000);
468 /* Advance protocol state and call the next state if we are responder */
470 if (ctx->responder == TRUE)
471 silc_protocol_execute(protocol, server->schedule, 0, 100000);
479 if (ctx->responder == TRUE) {
480 /* Sends the selected security properties to the initiator. */
481 status = silc_ske_responder_phase_1(ctx->ske,
482 ctx->ske->start_payload);
484 /* Call Phase-1 function. This processes the Key Exchange Start
485 paylaod reply we just got from the responder. The callback
486 function will receive the processed payload where we will
488 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer);
491 /* Return now if the procedure is pending. */
492 if (status == SILC_SKE_STATUS_PENDING)
495 if (status != SILC_SKE_STATUS_OK) {
496 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
497 silc_ske_map_status(status)));
498 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
499 silc_ske_map_status(status)));
501 protocol->state = SILC_PROTOCOL_STATE_ERROR;
502 silc_protocol_execute(protocol, server->schedule, 0, 300000);
506 /* Advance protocol state and call next state if we are initiator */
508 if (ctx->responder == FALSE)
509 silc_protocol_execute(protocol, server->schedule, 0, 100000);
517 if (ctx->responder == TRUE) {
518 /* Process the received Key Exchange 1 Payload packet from
519 the initiator. This also creates our parts of the Diffie
520 Hellman algorithm. The silc_server_protocol_ke_continue
521 will be called after the public key has been verified. */
522 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
524 /* Call the Phase-2 function. This creates Diffie Hellman
525 key exchange parameters and sends our public part inside
526 Key Exhange 1 Payload to the responder. */
527 status = silc_ske_initiator_phase_2(ctx->ske,
529 server->private_key);
533 /* Return now if the procedure is pending. */
534 if (status == SILC_SKE_STATUS_PENDING)
537 if (status != SILC_SKE_STATUS_OK) {
538 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
539 silc_ske_map_status(status)));
540 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
541 silc_ske_map_status(status)));
543 protocol->state = SILC_PROTOCOL_STATE_ERROR;
544 silc_protocol_execute(protocol, server->schedule, 0, 300000);
554 if (ctx->responder == TRUE) {
555 /* This creates the key exchange material and sends our
556 public parts to the initiator inside Key Exchange 2 Payload. */
557 status = silc_ske_responder_finish(ctx->ske,
560 SILC_SKE_PK_TYPE_SILC);
562 /* End the protocol on the next round */
563 protocol->state = SILC_PROTOCOL_STATE_END;
565 /* Finish the protocol. This verifies the Key Exchange 2 payload
566 sent by responder. The silc_server_protocol_ke_continue will
567 be called after the public key has been verified. */
568 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
571 /* Return now if the procedure is pending. */
572 if (status == SILC_SKE_STATUS_PENDING)
575 if (status != SILC_SKE_STATUS_OK) {
576 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
577 silc_ske_map_status(status)));
578 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
579 silc_ske_map_status(status)));
581 protocol->state = SILC_PROTOCOL_STATE_ERROR;
582 silc_protocol_execute(protocol, server->schedule, 0, 300000);
588 case SILC_PROTOCOL_STATE_END:
593 SilcSKEKeyMaterial *keymat;
594 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
595 int hash_len = ctx->ske->prop->hash->hash->hash_len;
597 /* Process the key material */
598 keymat = silc_calloc(1, sizeof(*keymat));
599 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
601 if (status != SILC_SKE_STATUS_OK) {
602 protocol->state = SILC_PROTOCOL_STATE_ERROR;
603 silc_protocol_execute(protocol, server->schedule, 0, 300000);
604 silc_ske_free_key_material(keymat);
607 ctx->keymat = keymat;
609 /* Send Ok to the other end if we are responder. If we are initiator
610 we have sent this already. */
611 if (ctx->responder == TRUE)
612 silc_ske_end(ctx->ske);
614 /* Unregister the timeout task since the protocol has ended.
615 This was the timeout task to be executed if the protocol is
616 not completed fast enough. */
617 if (ctx->timeout_task)
618 silc_schedule_task_del(server->schedule, ctx->timeout_task);
620 /* Call the final callback */
621 if (protocol->final_callback)
622 silc_protocol_execute_final(protocol, server->schedule);
624 silc_protocol_free(protocol);
628 case SILC_PROTOCOL_STATE_ERROR:
633 /* Send abort notification */
634 silc_ske_abort(ctx->ske, ctx->ske->status);
636 /* Unregister the timeout task since the protocol has ended.
637 This was the timeout task to be executed if the protocol is
638 not completed fast enough. */
639 if (ctx->timeout_task)
640 silc_schedule_task_del(server->schedule, ctx->timeout_task);
642 /* On error the final callback is always called. */
643 if (protocol->final_callback)
644 silc_protocol_execute_final(protocol, server->schedule);
646 silc_protocol_free(protocol);
649 case SILC_PROTOCOL_STATE_FAILURE:
651 * We have received failure from remote
654 /* Unregister the timeout task since the protocol has ended.
655 This was the timeout task to be executed if the protocol is
656 not completed fast enough. */
657 if (ctx->timeout_task)
658 silc_schedule_task_del(server->schedule, ctx->timeout_task);
660 /* On error the final callback is always called. */
661 if (protocol->final_callback)
662 silc_protocol_execute_final(protocol, server->schedule);
664 silc_protocol_free(protocol);
667 case SILC_PROTOCOL_STATE_UNKNOWN:
673 * Connection Authentication protocol functions
677 silc_server_password_authentication(SilcServer server, char *auth1,
680 if (!auth1 || !auth2)
683 if (!memcmp(auth1, auth2, strlen(auth1)))
690 silc_server_public_key_authentication(SilcServer server,
691 SilcPublicKey pub_key,
700 if (!pub_key || !sign)
703 silc_pkcs_alloc(pub_key->name, &pkcs);
704 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
705 silc_pkcs_free(pkcs);
709 /* Make the authentication data. Protocol says it is HASH plus
711 len = ske->hash_len + ske->start_payload_copy->len;
712 auth = silc_buffer_alloc(len);
713 silc_buffer_pull_tail(auth, len);
714 silc_buffer_format(auth,
715 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
716 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
717 ske->start_payload_copy->len),
720 /* Verify signature */
721 if (silc_pkcs_verify_with_hash(pkcs, ske->prop->hash, sign, sign_len,
722 auth->data, auth->len)) {
723 silc_pkcs_free(pkcs);
724 silc_buffer_free(auth);
728 silc_pkcs_free(pkcs);
729 silc_buffer_free(auth);
734 silc_server_get_public_key_auth(SilcServer server,
735 unsigned char *auth_data,
736 uint32 *auth_data_len,
745 /* Make the authentication data. Protocol says it is HASH plus
747 len = ske->hash_len + ske->start_payload_copy->len;
748 auth = silc_buffer_alloc(len);
749 silc_buffer_pull_tail(auth, len);
750 silc_buffer_format(auth,
751 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
752 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
753 ske->start_payload_copy->len),
756 if (silc_pkcs_sign_with_hash(pkcs, ske->prop->hash, auth->data,
757 auth->len, auth_data, auth_data_len)) {
758 silc_buffer_free(auth);
762 silc_buffer_free(auth);
766 /* Performs connection authentication protocol. If responder, we
767 authenticate the remote data received. If initiator, we will send
768 authentication data to the remote end. */
770 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
772 SilcProtocol protocol = (SilcProtocol)context;
773 SilcServerConnAuthInternalContext *ctx =
774 (SilcServerConnAuthInternalContext *)protocol->context;
775 SilcServer server = (SilcServer)ctx->server;
777 SILC_LOG_DEBUG(("Start"));
779 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
780 protocol->state = SILC_PROTOCOL_STATE_START;
782 SILC_LOG_DEBUG(("State=%d", protocol->state));
784 switch(protocol->state) {
785 case SILC_PROTOCOL_STATE_START:
791 if (ctx->responder == TRUE) {
793 * We are receiving party
798 unsigned char *auth_data = NULL;
800 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
801 ctx->sock->hostname, ctx->sock->ip));
803 /* Parse the received authentication data packet. The received
804 payload is Connection Auth Payload. */
805 ret = silc_buffer_unformat(ctx->packet->buffer,
806 SILC_STR_UI_SHORT(&payload_len),
807 SILC_STR_UI_SHORT(&conn_type),
810 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
811 protocol->state = SILC_PROTOCOL_STATE_ERROR;
812 silc_protocol_execute(protocol, server->schedule, 0, 300000);
816 if (payload_len != ctx->packet->buffer->len) {
817 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
818 protocol->state = SILC_PROTOCOL_STATE_ERROR;
819 silc_protocol_execute(protocol, server->schedule, 0, 300000);
825 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
826 conn_type > SILC_SOCKET_TYPE_ROUTER) {
827 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
828 protocol->state = SILC_PROTOCOL_STATE_ERROR;
829 silc_protocol_execute(protocol, server->schedule, 0, 300000);
833 if (payload_len > 0) {
834 /* Get authentication data */
835 silc_buffer_pull(ctx->packet->buffer, 4);
836 ret = silc_buffer_unformat(ctx->packet->buffer,
837 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
841 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
842 protocol->state = SILC_PROTOCOL_STATE_ERROR;
843 silc_protocol_execute(protocol, server->schedule, 0, 300000);
849 * Check the remote connection type and make sure that we have
850 * configured this connection. If we haven't allowed this connection
851 * the authentication must be failed.
854 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
856 /* Remote end is client */
857 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
858 SilcServerConfigSectionClientConnection *client = ctx->cconfig;
861 switch(client->auth_meth) {
863 /* No authentication required */
864 SILC_LOG_DEBUG(("No authentication required"));
867 case SILC_AUTH_PASSWORD:
868 /* Password authentication */
869 SILC_LOG_DEBUG(("Password authentication"));
870 ret = silc_server_password_authentication(server, auth_data,
876 /* Authentication failed */
877 SILC_LOG_ERROR(("Authentication failed"));
878 SILC_LOG_DEBUG(("Authentication failed"));
879 silc_free(auth_data);
880 protocol->state = SILC_PROTOCOL_STATE_ERROR;
881 silc_protocol_execute(protocol, server->schedule,
886 case SILC_AUTH_PUBLIC_KEY:
887 /* Public key authentication */
888 SILC_LOG_DEBUG(("Public key authentication"));
889 ret = silc_server_public_key_authentication(server,
898 SILC_LOG_ERROR(("Authentication failed"));
899 SILC_LOG_DEBUG(("Authentication failed"));
900 silc_free(auth_data);
901 protocol->state = SILC_PROTOCOL_STATE_ERROR;
902 silc_protocol_execute(protocol, server->schedule,
907 SILC_LOG_DEBUG(("No configuration for remote connection"));
908 SILC_LOG_ERROR(("Remote connection not configured"));
909 SILC_LOG_ERROR(("Authentication failed"));
910 silc_free(auth_data);
911 protocol->state = SILC_PROTOCOL_STATE_ERROR;
912 silc_protocol_execute(protocol, server->schedule,
918 /* Remote end is server */
919 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
920 SilcServerConfigSectionServerConnection *serv = ctx->sconfig;
923 switch(serv->auth_meth) {
925 /* No authentication required */
926 SILC_LOG_DEBUG(("No authentication required"));
929 case SILC_AUTH_PASSWORD:
930 /* Password authentication */
931 SILC_LOG_DEBUG(("Password authentication"));
932 ret = silc_server_password_authentication(server, auth_data,
938 /* Authentication failed */
939 SILC_LOG_ERROR(("Authentication failed"));
940 SILC_LOG_DEBUG(("Authentication failed"));
941 silc_free(auth_data);
942 protocol->state = SILC_PROTOCOL_STATE_ERROR;
943 silc_protocol_execute(protocol, server->schedule,
948 case SILC_AUTH_PUBLIC_KEY:
949 /* Public key authentication */
950 SILC_LOG_DEBUG(("Public key authentication"));
951 ret = silc_server_public_key_authentication(server,
960 SILC_LOG_ERROR(("Authentication failed"));
961 SILC_LOG_DEBUG(("Authentication failed"));
962 silc_free(auth_data);
963 protocol->state = SILC_PROTOCOL_STATE_ERROR;
964 silc_protocol_execute(protocol, server->schedule,
969 SILC_LOG_DEBUG(("No configuration for remote connection"));
970 SILC_LOG_ERROR(("Remote connection not configured"));
971 SILC_LOG_ERROR(("Authentication failed"));
972 protocol->state = SILC_PROTOCOL_STATE_ERROR;
973 silc_protocol_execute(protocol, server->schedule,
975 silc_free(auth_data);
980 /* Remote end is router */
981 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
982 SilcServerConfigSectionServerConnection *serv = ctx->rconfig;
985 switch(serv->auth_meth) {
987 /* No authentication required */
988 SILC_LOG_DEBUG(("No authentication required"));
991 case SILC_AUTH_PASSWORD:
992 /* Password authentication */
993 SILC_LOG_DEBUG(("Password authentication"));
994 ret = silc_server_password_authentication(server, auth_data,
1000 /* Authentication failed */
1001 SILC_LOG_ERROR(("Authentication failed"));
1002 SILC_LOG_DEBUG(("Authentication failed"));
1003 silc_free(auth_data);
1004 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1005 silc_protocol_execute(protocol, server->schedule,
1010 case SILC_AUTH_PUBLIC_KEY:
1011 /* Public key authentication */
1012 SILC_LOG_DEBUG(("Public key authentication"));
1013 ret = silc_server_public_key_authentication(server,
1022 SILC_LOG_ERROR(("Authentication failed"));
1023 SILC_LOG_DEBUG(("Authentication failed"));
1024 silc_free(auth_data);
1025 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1026 silc_protocol_execute(protocol, server->schedule,
1031 SILC_LOG_DEBUG(("No configuration for remote connection"));
1032 SILC_LOG_ERROR(("Remote connection not configured"));
1033 SILC_LOG_ERROR(("Authentication failed"));
1034 silc_free(auth_data);
1035 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1036 silc_protocol_execute(protocol, server->schedule,
1042 silc_free(auth_data);
1044 /* Save connection type. This is later used to create the
1045 ID for the connection. */
1046 ctx->conn_type = conn_type;
1048 /* Advance protocol state. */
1049 protocol->state = SILC_PROTOCOL_STATE_END;
1050 silc_protocol_execute(protocol, server->schedule, 0, 0);
1054 * We are initiator. We are authenticating ourselves to a
1055 * remote server. We will send the authentication data to the
1056 * other end for verify.
1059 int payload_len = 0;
1060 unsigned char *auth_data = NULL;
1061 uint32 auth_data_len = 0;
1063 switch(ctx->auth_meth) {
1064 case SILC_AUTH_NONE:
1065 /* No authentication required */
1068 case SILC_AUTH_PASSWORD:
1069 /* Password authentication */
1070 if (ctx->auth_data && ctx->auth_data_len) {
1071 auth_data = strdup(ctx->auth_data);
1072 auth_data_len = ctx->auth_data_len;
1077 case SILC_AUTH_PUBLIC_KEY:
1079 unsigned char sign[1024];
1081 /* Public key authentication */
1082 silc_server_get_public_key_auth(server, sign, &auth_data_len,
1084 auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
1085 memcpy(auth_data, sign, auth_data_len);
1090 payload_len = 4 + auth_data_len;
1091 packet = silc_buffer_alloc(payload_len);
1092 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
1093 silc_buffer_format(packet,
1094 SILC_STR_UI_SHORT(payload_len),
1095 SILC_STR_UI_SHORT(server->server_type
1097 SILC_SOCKET_TYPE_SERVER :
1098 SILC_SOCKET_TYPE_ROUTER),
1099 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
1102 /* Send the packet to server */
1103 silc_server_packet_send(server, ctx->sock,
1104 SILC_PACKET_CONNECTION_AUTH, 0,
1105 packet->data, packet->len, TRUE);
1108 memset(auth_data, 0, auth_data_len);
1109 silc_free(auth_data);
1111 silc_buffer_free(packet);
1113 /* Next state is end of protocol */
1114 protocol->state = SILC_PROTOCOL_STATE_END;
1119 case SILC_PROTOCOL_STATE_END:
1124 unsigned char ok[4];
1126 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
1128 /* Authentication successful */
1129 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
1132 /* Unregister the timeout task since the protocol has ended.
1133 This was the timeout task to be executed if the protocol is
1134 not completed fast enough. */
1135 if (ctx->timeout_task)
1136 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1138 /* Protocol has ended, call the final callback */
1139 if (protocol->final_callback)
1140 silc_protocol_execute_final(protocol, server->schedule);
1142 silc_protocol_free(protocol);
1145 case SILC_PROTOCOL_STATE_ERROR:
1148 * Error. Send notify to remote.
1150 unsigned char error[4];
1152 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
1154 /* Authentication failed */
1155 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
1158 /* Unregister the timeout task since the protocol has ended.
1159 This was the timeout task to be executed if the protocol is
1160 not completed fast enough. */
1161 if (ctx->timeout_task)
1162 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1164 /* On error the final callback is always called. */
1165 if (protocol->final_callback)
1166 silc_protocol_execute_final(protocol, server->schedule);
1168 silc_protocol_free(protocol);
1172 case SILC_PROTOCOL_STATE_FAILURE:
1174 * We have received failure from remote
1177 /* Unregister the timeout task since the protocol has ended.
1178 This was the timeout task to be executed if the protocol is
1179 not completed fast enough. */
1180 if (ctx->timeout_task)
1181 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1183 /* On error the final callback is always called. */
1184 if (protocol->final_callback)
1185 silc_protocol_execute_final(protocol, server->schedule);
1187 silc_protocol_free(protocol);
1190 case SILC_PROTOCOL_STATE_UNKNOWN:
1196 * Re-key protocol routines
1199 /* Actually takes the new keys into use. */
1202 silc_server_protocol_rekey_validate(SilcServer server,
1203 SilcServerRekeyInternalContext *ctx,
1204 SilcIDListData idata,
1205 SilcSKEKeyMaterial *keymat,
1208 if (ctx->responder == TRUE) {
1210 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1211 keymat->enc_key_len);
1212 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1214 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1215 keymat->enc_key_len);
1216 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1220 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1221 keymat->enc_key_len);
1222 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1224 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1225 keymat->enc_key_len);
1226 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1231 silc_hmac_alloc(idata->hmac_send->hmac->name, NULL, &idata->hmac_send);
1232 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key,
1233 keymat->hmac_key_len);
1235 silc_hmac_free(idata->hmac_receive);
1236 idata->hmac_receive = idata->hmac_send;
1239 /* Save the current sending encryption key */
1241 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1242 silc_free(idata->rekey->send_enc_key);
1243 idata->rekey->send_enc_key =
1244 silc_calloc(keymat->enc_key_len / 8,
1245 sizeof(*idata->rekey->send_enc_key));
1246 memcpy(idata->rekey->send_enc_key, keymat->send_enc_key,
1247 keymat->enc_key_len / 8);
1248 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1252 /* This function actually re-generates (when not using PFS) the keys and
1253 takes them into use. */
1255 void silc_server_protocol_rekey_generate(SilcServer server,
1256 SilcServerRekeyInternalContext *ctx,
1259 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1260 SilcSKEKeyMaterial *keymat;
1261 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1262 uint32 hash_len = idata->hash->hash->hash_len;
1264 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1265 send ? "sending" : "receiving"));
1267 /* Generate the new key */
1268 keymat = silc_calloc(1, sizeof(*keymat));
1269 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1270 idata->rekey->enc_key_len,
1271 16, key_len, hash_len,
1272 idata->hash, keymat);
1274 /* Set the keys into use */
1275 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1277 silc_ske_free_key_material(keymat);
1280 /* This function actually re-generates (with PFS) the keys and
1281 takes them into use. */
1284 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1285 SilcServerRekeyInternalContext *ctx,
1288 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1289 SilcSKEKeyMaterial *keymat;
1290 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1291 uint32 hash_len = idata->hash->hash->hash_len;
1292 unsigned char *tmpbuf;
1295 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1296 send ? "sending" : "receiving"));
1298 /* Encode KEY to binary data */
1299 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1301 /* Generate the new key */
1302 keymat = silc_calloc(1, sizeof(*keymat));
1303 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1304 idata->hash, keymat);
1306 /* Set the keys into use */
1307 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1309 memset(tmpbuf, 0, klen);
1311 silc_ske_free_key_material(keymat);
1314 /* Packet sending callback. This function is provided as packet sending
1315 routine to the Key Exchange functions. */
1318 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1320 SilcPacketType type,
1323 SilcProtocol protocol = (SilcProtocol)context;
1324 SilcServerRekeyInternalContext *ctx =
1325 (SilcServerRekeyInternalContext *)protocol->context;
1326 SilcServer server = (SilcServer)ctx->server;
1328 /* Send the packet immediately */
1329 silc_server_packet_send(server, ctx->sock,
1330 type, 0, packet->data, packet->len, FALSE);
1333 /* Performs re-key as defined in the SILC protocol specification. */
1335 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1337 SilcProtocol protocol = (SilcProtocol)context;
1338 SilcServerRekeyInternalContext *ctx =
1339 (SilcServerRekeyInternalContext *)protocol->context;
1340 SilcServer server = (SilcServer)ctx->server;
1341 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1342 SilcSKEStatus status;
1344 SILC_LOG_DEBUG(("Start"));
1346 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1347 protocol->state = SILC_PROTOCOL_STATE_START;
1349 SILC_LOG_DEBUG(("State=%d", protocol->state));
1351 switch(protocol->state) {
1352 case SILC_PROTOCOL_STATE_START:
1358 if (ctx->responder == TRUE) {
1360 * We are receiving party
1363 if (ctx->pfs == TRUE) {
1365 * Use Perfect Forward Secrecy, ie. negotiate the key material
1366 * using the SKE protocol.
1369 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1370 /* Error in protocol */
1371 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1372 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1376 ctx->ske = silc_ske_alloc();
1377 ctx->ske->rng = server->rng;
1378 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1379 silc_ske_get_group_by_number(idata->rekey->ske_group,
1380 &ctx->ske->prop->group);
1382 silc_ske_set_callbacks(ctx->ske,
1383 silc_server_protocol_rekey_send_packet,
1384 NULL, NULL, NULL, silc_ske_check_version,
1387 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
1388 if (status != SILC_SKE_STATUS_OK) {
1389 SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
1390 silc_ske_map_status(status)));
1392 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1393 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1397 /* Advance the protocol state */
1399 silc_protocol_execute(protocol, server->schedule, 0, 0);
1402 * Do normal and simple re-key.
1405 /* Send the REKEY_DONE to indicate we will take new keys into use */
1406 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1409 /* After we send REKEY_DONE we must set the sending encryption
1410 key to the new key since all packets after this packet must
1411 encrypted with the new key. */
1412 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1414 /* The protocol ends in next stage. */
1415 protocol->state = SILC_PROTOCOL_STATE_END;
1420 * We are the initiator of this protocol
1423 /* Start the re-key by sending the REKEY packet */
1424 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1427 if (ctx->pfs == TRUE) {
1429 * Use Perfect Forward Secrecy, ie. negotiate the key material
1430 * using the SKE protocol.
1432 ctx->ske = silc_ske_alloc();
1433 ctx->ske->rng = server->rng;
1434 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1435 silc_ske_get_group_by_number(idata->rekey->ske_group,
1436 &ctx->ske->prop->group);
1438 silc_ske_set_callbacks(ctx->ske,
1439 silc_server_protocol_rekey_send_packet,
1440 NULL, NULL, NULL, silc_ske_check_version,
1443 status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL);
1444 if (status != SILC_SKE_STATUS_OK) {
1445 SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
1446 silc_ske_map_status(status)));
1448 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1449 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1453 /* Advance the protocol state */
1457 * Do normal and simple re-key.
1460 /* Send the REKEY_DONE to indicate we will take new keys into use
1462 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1465 /* After we send REKEY_DONE we must set the sending encryption
1466 key to the new key since all packets after this packet must
1467 encrypted with the new key. */
1468 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1470 /* The protocol ends in next stage. */
1471 protocol->state = SILC_PROTOCOL_STATE_END;
1479 * Second state, used only when oding re-key with PFS.
1481 if (ctx->responder == TRUE) {
1482 if (ctx->pfs == TRUE) {
1484 * Send our KE packe to the initiator now that we've processed
1485 * the initiator's KE packet.
1487 status = silc_ske_responder_finish(ctx->ske, NULL, NULL,
1488 SILC_SKE_PK_TYPE_SILC);
1489 if (status != SILC_SKE_STATUS_OK) {
1490 SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
1491 silc_ske_map_status(status)));
1493 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1494 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1500 if (ctx->pfs == TRUE) {
1502 * The packet type must be KE packet
1504 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1505 /* Error in protocol */
1506 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1507 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1511 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
1512 if (status != SILC_SKE_STATUS_OK) {
1513 SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
1514 silc_ske_map_status(status)));
1516 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1517 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1523 /* Send the REKEY_DONE to indicate we will take new keys into use
1525 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1528 /* After we send REKEY_DONE we must set the sending encryption
1529 key to the new key since all packets after this packet must
1530 encrypted with the new key. */
1531 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1533 /* The protocol ends in next stage. */
1534 protocol->state = SILC_PROTOCOL_STATE_END;
1537 case SILC_PROTOCOL_STATE_END:
1542 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1543 /* Error in protocol */
1544 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1545 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1549 /* We received the REKEY_DONE packet and all packets after this is
1550 encrypted with the new key so set the decryption key to the new key */
1551 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1553 /* Protocol has ended, call the final callback */
1554 if (protocol->final_callback)
1555 silc_protocol_execute_final(protocol, server->schedule);
1557 silc_protocol_free(protocol);
1560 case SILC_PROTOCOL_STATE_ERROR:
1565 if (ctx->pfs == TRUE) {
1566 /* Send abort notification */
1567 silc_ske_abort(ctx->ske, ctx->ske->status);
1570 /* On error the final callback is always called. */
1571 if (protocol->final_callback)
1572 silc_protocol_execute_final(protocol, server->schedule);
1574 silc_protocol_free(protocol);
1577 case SILC_PROTOCOL_STATE_FAILURE:
1579 * We have received failure from remote
1582 /* On error the final callback is always called. */
1583 if (protocol->final_callback)
1584 silc_protocol_execute_final(protocol, server->schedule);
1586 silc_protocol_free(protocol);
1589 case SILC_PROTOCOL_STATE_UNKNOWN:
1595 /* Registers protocols used in server. */
1597 void silc_server_protocols_register(void)
1599 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1600 silc_server_protocol_connection_auth);
1601 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1602 silc_server_protocol_key_exchange);
1603 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1604 silc_server_protocol_rekey);
1607 /* Unregisters protocols */
1609 void silc_server_protocols_unregister(void)
1611 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1612 silc_server_protocol_connection_auth);
1613 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1614 silc_server_protocol_key_exchange);
1615 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1616 silc_server_protocol_rekey);