5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
39 silc_verify_public_key_internal(SilcServer server, SilcSocketConnection sock,
40 SilcSocketType conn_type,
41 unsigned char *pk, uint32 pk_len,
42 SilcSKEPKType pk_type)
44 char file[256], filename[256], *fingerprint;
47 if (pk_type != SILC_SKE_PK_TYPE_SILC) {
48 SILC_LOG_WARNING(("We don't support %s (%s) port %d public key type %d",
49 sock->hostname, sock->ip, sock->port, pk_type));
53 /* Accept client keys without verification */
54 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
55 SILC_LOG_DEBUG(("Accepting client public key without verification"));
59 memset(filename, 0, sizeof(filename));
60 memset(file, 0, sizeof(file));
61 snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", sock->hostname,
63 snprintf(filename, sizeof(filename) - 1, SILC_ETCDIR "/serverkeys/%s",
66 /* Create serverkeys directory if it doesn't exist. */
67 if (stat(SILC_ETCDIR "/serverkeys", &st) < 0) {
68 /* If dir doesn't exist */
69 if (errno == ENOENT) {
70 if (mkdir(SILC_ETCDIR "/serverkeys", 0755) < 0) {
71 SILC_LOG_ERROR(("Couldn't create `%s' directory\n",
72 SILC_ETCDIR "/serverkeys"));
76 SILC_LOG_ERROR(("%s\n", strerror(errno)));
81 /* Take fingerprint of the public key */
82 fingerprint = silc_hash_fingerprint(NULL, pk, pk_len);
83 SILC_LOG_DEBUG(("Received server %s (%s) port %d public key (%s)",
84 sock->hostname, sock->ip, sock->port, fingerprint));
85 silc_free(fingerprint);
87 /* Check whether this key already exists */
88 if (stat(filename, &st) < 0) {
89 /* We don't have it, then cache it. */
90 SILC_LOG_DEBUG(("New public key from server"));
92 silc_pkcs_save_public_key_data(filename, pk, pk_len,
96 /* The key already exists, verify it. */
97 SilcPublicKey public_key;
101 SILC_LOG_DEBUG(("We have the public key saved locally"));
103 /* Load the key file */
104 if (!silc_pkcs_load_public_key(filename, &public_key,
106 if (!silc_pkcs_load_public_key(filename, &public_key,
107 SILC_PKCS_FILE_BIN)) {
108 SILC_LOG_WARNING(("Could not load local copy of the %s (%s) port %d "
109 "server public key", sock->hostname, sock->ip,
112 /* Save the key for future checking */
114 silc_pkcs_save_public_key_data(filename, pk, pk_len,
119 /* Encode the key data */
120 encpk = silc_pkcs_public_key_encode(public_key, &encpk_len);
122 SILC_LOG_WARNING(("Local copy of the server %s (%s) port %d public key "
123 "is malformed", sock->hostname, sock->ip, sock->port));
125 /* Save the key for future checking */
127 silc_pkcs_save_public_key_data(filename, pk, pk_len,
132 if (memcmp(encpk, pk, encpk_len)) {
133 SILC_LOG_WARNING(("%s (%s) port %d server public key does not match "
134 "with local copy", sock->hostname, sock->ip,
136 SILC_LOG_WARNING(("It is possible that the key has expired or changed"));
137 SILC_LOG_WARNING(("It is also possible that some one is performing "
138 "man-in-the-middle attack"));
139 SILC_LOG_WARNING(("Will not accept the server %s (%s) port %d public "
141 sock->hostname, sock->ip, sock->port));
145 /* Local copy matched */
150 /* Callback that is called when we have received KE2 payload from
151 responder. We try to verify the public key now. */
154 silc_server_protocol_ke_verify_key(SilcSKE ske,
155 unsigned char *pk_data,
157 SilcSKEPKType pk_type,
159 SilcSKEVerifyCbCompletion completion,
160 void *completion_context)
162 SilcProtocol protocol = (SilcProtocol)context;
163 SilcServerKEInternalContext *ctx =
164 (SilcServerKEInternalContext *)protocol->context;
165 SilcServer server = (SilcServer)ctx->server;
167 SILC_LOG_DEBUG(("Start"));
169 if (silc_verify_public_key_internal(server, ctx->sock,
170 (ctx->responder == FALSE ?
171 SILC_SOCKET_TYPE_ROUTER:
172 ctx->sconfig ? SILC_SOCKET_TYPE_SERVER :
173 ctx->rconfig ? SILC_SOCKET_TYPE_ROUTER :
174 SILC_SOCKET_TYPE_CLIENT),
175 pk_data, pk_len, pk_type))
176 completion(ske, SILC_SKE_STATUS_OK, completion_context);
178 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
182 /* Packet sending callback. This function is provided as packet sending
183 routine to the Key Exchange functions. */
185 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
190 SilcProtocol protocol = (SilcProtocol)context;
191 SilcServerKEInternalContext *ctx =
192 (SilcServerKEInternalContext *)protocol->context;
193 SilcServer server = (SilcServer)ctx->server;
195 /* Send the packet immediately */
196 silc_server_packet_send(server, ske->sock,
197 type, 0, packet->data, packet->len, TRUE);
200 /* Sets the negotiated key material into use for particular connection. */
202 int silc_server_protocol_ke_set_keys(SilcSKE ske,
203 SilcSocketConnection sock,
204 SilcSKEKeyMaterial *keymat,
209 SilcSKEDiffieHellmanGroup group,
212 SilcUnknownEntry conn_data;
213 SilcIDListData idata;
215 SILC_LOG_DEBUG(("Setting new key into use"));
217 conn_data = silc_calloc(1, sizeof(*conn_data));
218 idata = (SilcIDListData)conn_data;
220 /* Allocate cipher to be used in the communication */
221 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
222 silc_free(conn_data);
225 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
226 silc_free(conn_data);
230 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
231 &idata->hmac_send)) {
232 silc_cipher_free(idata->send_key);
233 silc_cipher_free(idata->receive_key);
234 silc_free(conn_data);
238 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
239 &idata->hmac_receive)) {
240 silc_cipher_free(idata->send_key);
241 silc_cipher_free(idata->receive_key);
242 silc_hmac_free(idata->hmac_send);
243 silc_free(conn_data);
247 if (is_responder == TRUE) {
248 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
249 keymat->enc_key_len);
250 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
251 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
252 keymat->enc_key_len);
253 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
254 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
255 keymat->hmac_key_len);
256 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
257 keymat->hmac_key_len);
259 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
260 keymat->enc_key_len);
261 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
262 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
263 keymat->enc_key_len);
264 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
265 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
266 keymat->hmac_key_len);
267 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
268 keymat->hmac_key_len);
271 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
272 idata->rekey->send_enc_key =
273 silc_calloc(keymat->enc_key_len / 8,
274 sizeof(*idata->rekey->send_enc_key));
275 memcpy(idata->rekey->send_enc_key,
276 keymat->send_enc_key, keymat->enc_key_len / 8);
277 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
279 if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
280 idata->rekey->pfs = TRUE;
281 idata->rekey->ske_group = silc_ske_group_get_number(group);
284 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
285 silc_cipher_free(idata->send_key);
286 silc_cipher_free(idata->receive_key);
287 silc_hmac_free(idata->hmac_send);
288 silc_hmac_free(idata->hmac_receive);
289 silc_free(conn_data);
293 /* Save the remote host's public key */
294 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
295 ske->ke1_payload->pk_len, &idata->public_key);
297 sock->user_data = (void *)conn_data;
299 SILC_LOG_INFO(("%s (%s) security properties: %s %s %s",
300 sock->hostname, sock->ip,
301 idata->send_key->cipher->name,
302 (char *)silc_hmac_get_name(idata->hmac_send),
303 idata->hash->hash->name));
308 /* Check remote host version string */
310 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
311 uint32 len, void *context)
313 SilcSKEStatus status = SILC_SKE_STATUS_OK;
315 int maj = 0, min = 0, build = 0, maj2 = 0, min2 = 0, build2 = 0;
317 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
318 ske->sock->ip, version));
320 /* Check for initial version string */
321 if (!strstr(version, "SILC-1.0-"))
322 status = SILC_SKE_STATUS_BAD_VERSION;
324 /* Check software version */
328 status = SILC_SKE_STATUS_BAD_VERSION;
331 cp = strchr(cp, '.');
337 cp = strchr(cp, '.');
339 build = atoi(cp + 1);
342 cp = silc_version_string + 9;
344 status = SILC_SKE_STATUS_BAD_VERSION;
347 cp = strchr(cp, '.');
353 cp = strchr(cp, '.');
355 build2 = atoi(cp + 1);
359 status = SILC_SKE_STATUS_BAD_VERSION;
361 status = SILC_SKE_STATUS_BAD_VERSION;
363 /* XXX < 0.6 is not allowed */
364 if (maj == 0 && min < 5)
365 status = SILC_SKE_STATUS_BAD_VERSION;
370 /* Callback that is called by the SKE to indicate that it is safe to
371 continue the execution of the protocol. This is used only if we are
372 initiator. Is given as argument to the silc_ske_initiator_finish or
373 silc_ske_responder_phase_2 functions. This is called due to the fact
374 that the public key verification process is asynchronous and we must
375 not continue the protocl until the public key has been verified and
376 this callback is called. */
378 static void silc_server_protocol_ke_continue(SilcSKE ske, void *context)
380 SilcProtocol protocol = (SilcProtocol)context;
381 SilcServerKEInternalContext *ctx =
382 (SilcServerKEInternalContext *)protocol->context;
383 SilcServer server = (SilcServer)ctx->server;
385 SILC_LOG_DEBUG(("Start"));
387 if (ske->status != SILC_SKE_STATUS_OK) {
388 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
389 silc_ske_map_status(ske->status)));
390 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
391 silc_ske_map_status(ske->status)));
393 protocol->state = SILC_PROTOCOL_STATE_ERROR;
394 silc_protocol_execute(protocol, server->schedule, 0, 300000);
398 /* Send Ok to the other end. We will end the protocol as responder
399 sends Ok to us when we will take the new keys into use. */
400 if (ctx->responder == FALSE) {
401 silc_ske_end(ctx->ske);
403 /* End the protocol on the next round */
404 protocol->state = SILC_PROTOCOL_STATE_END;
407 /* Advance protocol state and call the next state if we are responder.
408 This happens when this callback was sent to silc_ske_responder_phase_2
410 if (ctx->responder == TRUE) {
412 silc_protocol_execute(protocol, server->schedule, 0, 100000);
416 /* Performs key exchange protocol. This is used for both initiator
417 and responder key exchange. This is performed always when accepting
418 new connection to the server. This may be called recursively. */
420 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
422 SilcProtocol protocol = (SilcProtocol)context;
423 SilcServerKEInternalContext *ctx =
424 (SilcServerKEInternalContext *)protocol->context;
425 SilcServer server = (SilcServer)ctx->server;
426 SilcSKEStatus status = SILC_SKE_STATUS_OK;
428 SILC_LOG_DEBUG(("Start"));
430 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
431 protocol->state = SILC_PROTOCOL_STATE_START;
433 SILC_LOG_DEBUG(("State=%d", protocol->state));
435 switch(protocol->state) {
436 case SILC_PROTOCOL_STATE_START:
443 /* Allocate Key Exchange object */
444 ske = silc_ske_alloc();
446 ske->rng = server->rng;
448 silc_ske_set_callbacks(ske, silc_server_protocol_ke_send_packet, NULL,
449 silc_server_protocol_ke_verify_key,
450 silc_server_protocol_ke_continue,
451 silc_ske_check_version, context);
453 if (ctx->responder == TRUE) {
454 /* Start the key exchange by processing the received security
455 properties packet from initiator. */
456 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
458 ctx->packet->buffer, FALSE);
460 SilcSKEStartPayload *start_payload;
462 /* Assemble security properties. */
463 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
467 /* Start the key exchange by sending our security properties
468 to the remote end. */
469 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
473 /* Return now if the procedure is pending. */
474 if (status == SILC_SKE_STATUS_PENDING)
477 if (status != SILC_SKE_STATUS_OK) {
478 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
479 silc_ske_map_status(status)));
480 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
481 silc_ske_map_status(status)));
483 protocol->state = SILC_PROTOCOL_STATE_ERROR;
484 silc_protocol_execute(protocol, server->schedule, 0, 300000);
488 /* Advance protocol state and call the next state if we are responder */
490 if (ctx->responder == TRUE)
491 silc_protocol_execute(protocol, server->schedule, 0, 100000);
499 if (ctx->responder == TRUE) {
500 /* Sends the selected security properties to the initiator. */
501 status = silc_ske_responder_phase_1(ctx->ske,
502 ctx->ske->start_payload);
504 /* Call Phase-1 function. This processes the Key Exchange Start
505 paylaod reply we just got from the responder. The callback
506 function will receive the processed payload where we will
508 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer);
511 /* Return now if the procedure is pending. */
512 if (status == SILC_SKE_STATUS_PENDING)
515 if (status != SILC_SKE_STATUS_OK) {
516 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
517 silc_ske_map_status(status)));
518 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
519 silc_ske_map_status(status)));
521 protocol->state = SILC_PROTOCOL_STATE_ERROR;
522 silc_protocol_execute(protocol, server->schedule, 0, 300000);
526 /* Advance protocol state and call next state if we are initiator */
528 if (ctx->responder == FALSE)
529 silc_protocol_execute(protocol, server->schedule, 0, 100000);
537 if (ctx->responder == TRUE) {
538 /* Process the received Key Exchange 1 Payload packet from
539 the initiator. This also creates our parts of the Diffie
540 Hellman algorithm. The silc_server_protocol_ke_continue
541 will be called after the public key has been verified. */
542 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
544 /* Call the Phase-2 function. This creates Diffie Hellman
545 key exchange parameters and sends our public part inside
546 Key Exhange 1 Payload to the responder. */
547 status = silc_ske_initiator_phase_2(ctx->ske,
549 server->private_key);
553 /* Return now if the procedure is pending. */
554 if (status == SILC_SKE_STATUS_PENDING)
557 if (status != SILC_SKE_STATUS_OK) {
558 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
559 silc_ske_map_status(status)));
560 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
561 silc_ske_map_status(status)));
563 protocol->state = SILC_PROTOCOL_STATE_ERROR;
564 silc_protocol_execute(protocol, server->schedule, 0, 300000);
574 if (ctx->responder == TRUE) {
575 /* This creates the key exchange material and sends our
576 public parts to the initiator inside Key Exchange 2 Payload. */
577 status = silc_ske_responder_finish(ctx->ske,
580 SILC_SKE_PK_TYPE_SILC);
582 /* End the protocol on the next round */
583 protocol->state = SILC_PROTOCOL_STATE_END;
585 /* Finish the protocol. This verifies the Key Exchange 2 payload
586 sent by responder. The silc_server_protocol_ke_continue will
587 be called after the public key has been verified. */
588 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
591 /* Return now if the procedure is pending. */
592 if (status == SILC_SKE_STATUS_PENDING)
595 if (status != SILC_SKE_STATUS_OK) {
596 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
597 silc_ske_map_status(status)));
598 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
599 silc_ske_map_status(status)));
601 protocol->state = SILC_PROTOCOL_STATE_ERROR;
602 silc_protocol_execute(protocol, server->schedule, 0, 300000);
608 case SILC_PROTOCOL_STATE_END:
613 SilcSKEKeyMaterial *keymat;
614 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
615 int hash_len = ctx->ske->prop->hash->hash->hash_len;
617 /* Process the key material */
618 keymat = silc_calloc(1, sizeof(*keymat));
619 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
621 if (status != SILC_SKE_STATUS_OK) {
622 protocol->state = SILC_PROTOCOL_STATE_ERROR;
623 silc_protocol_execute(protocol, server->schedule, 0, 300000);
624 silc_ske_free_key_material(keymat);
627 ctx->keymat = keymat;
629 /* Send Ok to the other end if we are responder. If we are initiator
630 we have sent this already. */
631 if (ctx->responder == TRUE)
632 silc_ske_end(ctx->ske);
634 /* Unregister the timeout task since the protocol has ended.
635 This was the timeout task to be executed if the protocol is
636 not completed fast enough. */
637 if (ctx->timeout_task)
638 silc_schedule_task_del(server->schedule, ctx->timeout_task);
640 /* Call the final callback */
641 if (protocol->final_callback)
642 silc_protocol_execute_final(protocol, server->schedule);
644 silc_protocol_free(protocol);
648 case SILC_PROTOCOL_STATE_ERROR:
653 /* Send abort notification */
654 silc_ske_abort(ctx->ske, ctx->ske->status);
656 /* Unregister the timeout task since the protocol has ended.
657 This was the timeout task to be executed if the protocol is
658 not completed fast enough. */
659 if (ctx->timeout_task)
660 silc_schedule_task_del(server->schedule, ctx->timeout_task);
662 /* On error the final callback is always called. */
663 if (protocol->final_callback)
664 silc_protocol_execute_final(protocol, server->schedule);
666 silc_protocol_free(protocol);
669 case SILC_PROTOCOL_STATE_FAILURE:
671 * We have received failure from remote
674 /* Unregister the timeout task since the protocol has ended.
675 This was the timeout task to be executed if the protocol is
676 not completed fast enough. */
677 if (ctx->timeout_task)
678 silc_schedule_task_del(server->schedule, ctx->timeout_task);
680 /* On error the final callback is always called. */
681 if (protocol->final_callback)
682 silc_protocol_execute_final(protocol, server->schedule);
684 silc_protocol_free(protocol);
687 case SILC_PROTOCOL_STATE_UNKNOWN:
693 * Connection Authentication protocol functions
697 silc_server_password_authentication(SilcServer server, char *auth1,
700 if (!auth1 || !auth2)
703 if (!memcmp(auth1, auth2, strlen(auth1)))
710 silc_server_public_key_authentication(SilcServer server,
711 SilcPublicKey pub_key,
720 if (!pub_key || !sign)
723 silc_pkcs_alloc(pub_key->name, &pkcs);
724 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
725 silc_pkcs_free(pkcs);
729 /* Make the authentication data. Protocol says it is HASH plus
731 len = ske->hash_len + ske->start_payload_copy->len;
732 auth = silc_buffer_alloc(len);
733 silc_buffer_pull_tail(auth, len);
734 silc_buffer_format(auth,
735 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
736 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
737 ske->start_payload_copy->len),
740 /* Verify signature */
741 if (silc_pkcs_verify_with_hash(pkcs, ske->prop->hash, sign, sign_len,
742 auth->data, auth->len)) {
743 silc_pkcs_free(pkcs);
744 silc_buffer_free(auth);
748 silc_pkcs_free(pkcs);
749 silc_buffer_free(auth);
754 silc_server_get_public_key_auth(SilcServer server,
755 unsigned char *auth_data,
756 uint32 *auth_data_len,
765 /* Make the authentication data. Protocol says it is HASH plus
767 len = ske->hash_len + ske->start_payload_copy->len;
768 auth = silc_buffer_alloc(len);
769 silc_buffer_pull_tail(auth, len);
770 silc_buffer_format(auth,
771 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
772 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
773 ske->start_payload_copy->len),
776 if (silc_pkcs_sign_with_hash(pkcs, ske->prop->hash, auth->data,
777 auth->len, auth_data, auth_data_len)) {
778 silc_buffer_free(auth);
782 silc_buffer_free(auth);
786 /* Performs connection authentication protocol. If responder, we
787 authenticate the remote data received. If initiator, we will send
788 authentication data to the remote end. */
790 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
792 SilcProtocol protocol = (SilcProtocol)context;
793 SilcServerConnAuthInternalContext *ctx =
794 (SilcServerConnAuthInternalContext *)protocol->context;
795 SilcServer server = (SilcServer)ctx->server;
797 SILC_LOG_DEBUG(("Start"));
799 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
800 protocol->state = SILC_PROTOCOL_STATE_START;
802 SILC_LOG_DEBUG(("State=%d", protocol->state));
804 switch(protocol->state) {
805 case SILC_PROTOCOL_STATE_START:
811 if (ctx->responder == TRUE) {
813 * We are receiving party
818 unsigned char *auth_data = NULL;
820 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
821 ctx->sock->hostname, ctx->sock->ip));
823 /* Parse the received authentication data packet. The received
824 payload is Connection Auth Payload. */
825 ret = silc_buffer_unformat(ctx->packet->buffer,
826 SILC_STR_UI_SHORT(&payload_len),
827 SILC_STR_UI_SHORT(&conn_type),
830 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
831 protocol->state = SILC_PROTOCOL_STATE_ERROR;
832 silc_protocol_execute(protocol, server->schedule, 0, 300000);
836 if (payload_len != ctx->packet->buffer->len) {
837 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
838 protocol->state = SILC_PROTOCOL_STATE_ERROR;
839 silc_protocol_execute(protocol, server->schedule, 0, 300000);
845 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
846 conn_type > SILC_SOCKET_TYPE_ROUTER) {
847 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
848 protocol->state = SILC_PROTOCOL_STATE_ERROR;
849 silc_protocol_execute(protocol, server->schedule, 0, 300000);
853 if (payload_len > 0) {
854 /* Get authentication data */
855 silc_buffer_pull(ctx->packet->buffer, 4);
856 ret = silc_buffer_unformat(ctx->packet->buffer,
857 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
861 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
862 protocol->state = SILC_PROTOCOL_STATE_ERROR;
863 silc_protocol_execute(protocol, server->schedule, 0, 300000);
869 * Check the remote connection type and make sure that we have
870 * configured this connection. If we haven't allowed this connection
871 * the authentication must be failed.
874 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
876 /* Remote end is client */
877 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
878 SilcServerConfigSectionClientConnection *client = ctx->cconfig;
881 switch(client->auth_meth) {
883 /* No authentication required */
884 SILC_LOG_DEBUG(("No authentication required"));
887 case SILC_AUTH_PASSWORD:
888 /* Password authentication */
889 SILC_LOG_DEBUG(("Password authentication"));
890 ret = silc_server_password_authentication(server, auth_data,
896 /* Authentication failed */
897 SILC_LOG_ERROR(("Authentication failed"));
898 SILC_LOG_DEBUG(("Authentication failed"));
899 silc_free(auth_data);
900 protocol->state = SILC_PROTOCOL_STATE_ERROR;
901 silc_protocol_execute(protocol, server->schedule,
906 case SILC_AUTH_PUBLIC_KEY:
907 /* Public key authentication */
908 SILC_LOG_DEBUG(("Public key authentication"));
909 ret = silc_server_public_key_authentication(server,
918 SILC_LOG_ERROR(("Authentication failed"));
919 SILC_LOG_DEBUG(("Authentication failed"));
920 silc_free(auth_data);
921 protocol->state = SILC_PROTOCOL_STATE_ERROR;
922 silc_protocol_execute(protocol, server->schedule,
927 SILC_LOG_DEBUG(("No configuration for remote connection"));
928 SILC_LOG_ERROR(("Remote connection not configured"));
929 SILC_LOG_ERROR(("Authentication failed"));
930 silc_free(auth_data);
931 protocol->state = SILC_PROTOCOL_STATE_ERROR;
932 silc_protocol_execute(protocol, server->schedule,
938 /* Remote end is server */
939 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
940 SilcServerConfigSectionServerConnection *serv = ctx->sconfig;
943 switch(serv->auth_meth) {
945 /* No authentication required */
946 SILC_LOG_DEBUG(("No authentication required"));
949 case SILC_AUTH_PASSWORD:
950 /* Password authentication */
951 SILC_LOG_DEBUG(("Password authentication"));
952 ret = silc_server_password_authentication(server, auth_data,
958 /* Authentication failed */
959 SILC_LOG_ERROR(("Authentication failed"));
960 SILC_LOG_DEBUG(("Authentication failed"));
961 silc_free(auth_data);
962 protocol->state = SILC_PROTOCOL_STATE_ERROR;
963 silc_protocol_execute(protocol, server->schedule,
968 case SILC_AUTH_PUBLIC_KEY:
969 /* Public key authentication */
970 SILC_LOG_DEBUG(("Public key authentication"));
971 ret = silc_server_public_key_authentication(server,
980 SILC_LOG_ERROR(("Authentication failed"));
981 SILC_LOG_DEBUG(("Authentication failed"));
982 silc_free(auth_data);
983 protocol->state = SILC_PROTOCOL_STATE_ERROR;
984 silc_protocol_execute(protocol, server->schedule,
989 SILC_LOG_DEBUG(("No configuration for remote connection"));
990 SILC_LOG_ERROR(("Remote connection not configured"));
991 SILC_LOG_ERROR(("Authentication failed"));
992 protocol->state = SILC_PROTOCOL_STATE_ERROR;
993 silc_protocol_execute(protocol, server->schedule,
995 silc_free(auth_data);
1000 /* Remote end is router */
1001 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
1002 SilcServerConfigSectionServerConnection *serv = ctx->rconfig;
1005 switch(serv->auth_meth) {
1006 case SILC_AUTH_NONE:
1007 /* No authentication required */
1008 SILC_LOG_DEBUG(("No authentication required"));
1011 case SILC_AUTH_PASSWORD:
1012 /* Password authentication */
1013 SILC_LOG_DEBUG(("Password authentication"));
1014 ret = silc_server_password_authentication(server, auth_data,
1020 /* Authentication failed */
1021 SILC_LOG_ERROR(("Authentication failed"));
1022 SILC_LOG_DEBUG(("Authentication failed"));
1023 silc_free(auth_data);
1024 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1025 silc_protocol_execute(protocol, server->schedule,
1030 case SILC_AUTH_PUBLIC_KEY:
1031 /* Public key authentication */
1032 SILC_LOG_DEBUG(("Public key authentication"));
1033 ret = silc_server_public_key_authentication(server,
1042 SILC_LOG_ERROR(("Authentication failed"));
1043 SILC_LOG_DEBUG(("Authentication failed"));
1044 silc_free(auth_data);
1045 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1046 silc_protocol_execute(protocol, server->schedule,
1051 SILC_LOG_DEBUG(("No configuration for remote connection"));
1052 SILC_LOG_ERROR(("Remote connection not configured"));
1053 SILC_LOG_ERROR(("Authentication failed"));
1054 silc_free(auth_data);
1055 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1056 silc_protocol_execute(protocol, server->schedule,
1062 silc_free(auth_data);
1064 /* Save connection type. This is later used to create the
1065 ID for the connection. */
1066 ctx->conn_type = conn_type;
1068 /* Advance protocol state. */
1069 protocol->state = SILC_PROTOCOL_STATE_END;
1070 silc_protocol_execute(protocol, server->schedule, 0, 0);
1074 * We are initiator. We are authenticating ourselves to a
1075 * remote server. We will send the authentication data to the
1076 * other end for verify.
1079 int payload_len = 0;
1080 unsigned char *auth_data = NULL;
1081 uint32 auth_data_len = 0;
1083 switch(ctx->auth_meth) {
1084 case SILC_AUTH_NONE:
1085 /* No authentication required */
1088 case SILC_AUTH_PASSWORD:
1089 /* Password authentication */
1090 if (ctx->auth_data && ctx->auth_data_len) {
1091 auth_data = strdup(ctx->auth_data);
1092 auth_data_len = ctx->auth_data_len;
1097 case SILC_AUTH_PUBLIC_KEY:
1099 unsigned char sign[1024];
1101 /* Public key authentication */
1102 silc_server_get_public_key_auth(server, sign, &auth_data_len,
1104 auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
1105 memcpy(auth_data, sign, auth_data_len);
1110 payload_len = 4 + auth_data_len;
1111 packet = silc_buffer_alloc(payload_len);
1112 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
1113 silc_buffer_format(packet,
1114 SILC_STR_UI_SHORT(payload_len),
1115 SILC_STR_UI_SHORT(server->server_type
1117 SILC_SOCKET_TYPE_SERVER :
1118 SILC_SOCKET_TYPE_ROUTER),
1119 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
1122 /* Send the packet to server */
1123 silc_server_packet_send(server, ctx->sock,
1124 SILC_PACKET_CONNECTION_AUTH, 0,
1125 packet->data, packet->len, TRUE);
1128 memset(auth_data, 0, auth_data_len);
1129 silc_free(auth_data);
1131 silc_buffer_free(packet);
1133 /* Next state is end of protocol */
1134 protocol->state = SILC_PROTOCOL_STATE_END;
1139 case SILC_PROTOCOL_STATE_END:
1144 unsigned char ok[4];
1146 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
1148 /* Authentication successful */
1149 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
1152 /* Unregister the timeout task since the protocol has ended.
1153 This was the timeout task to be executed if the protocol is
1154 not completed fast enough. */
1155 if (ctx->timeout_task)
1156 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1158 /* Protocol has ended, call the final callback */
1159 if (protocol->final_callback)
1160 silc_protocol_execute_final(protocol, server->schedule);
1162 silc_protocol_free(protocol);
1165 case SILC_PROTOCOL_STATE_ERROR:
1168 * Error. Send notify to remote.
1170 unsigned char error[4];
1172 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
1174 /* Authentication failed */
1175 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
1178 /* Unregister the timeout task since the protocol has ended.
1179 This was the timeout task to be executed if the protocol is
1180 not completed fast enough. */
1181 if (ctx->timeout_task)
1182 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1184 /* On error the final callback is always called. */
1185 if (protocol->final_callback)
1186 silc_protocol_execute_final(protocol, server->schedule);
1188 silc_protocol_free(protocol);
1192 case SILC_PROTOCOL_STATE_FAILURE:
1194 * We have received failure from remote
1197 /* Unregister the timeout task since the protocol has ended.
1198 This was the timeout task to be executed if the protocol is
1199 not completed fast enough. */
1200 if (ctx->timeout_task)
1201 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1203 /* On error the final callback is always called. */
1204 if (protocol->final_callback)
1205 silc_protocol_execute_final(protocol, server->schedule);
1207 silc_protocol_free(protocol);
1210 case SILC_PROTOCOL_STATE_UNKNOWN:
1216 * Re-key protocol routines
1219 /* Actually takes the new keys into use. */
1222 silc_server_protocol_rekey_validate(SilcServer server,
1223 SilcServerRekeyInternalContext *ctx,
1224 SilcIDListData idata,
1225 SilcSKEKeyMaterial *keymat,
1228 if (ctx->responder == TRUE) {
1230 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1231 keymat->enc_key_len);
1232 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1233 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
1234 keymat->hmac_key_len);
1236 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1237 keymat->enc_key_len);
1238 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1239 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
1240 keymat->hmac_key_len);
1244 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1245 keymat->enc_key_len);
1246 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1247 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
1248 keymat->hmac_key_len);
1250 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1251 keymat->enc_key_len);
1252 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1253 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
1254 keymat->hmac_key_len);
1258 /* Save the current sending encryption key */
1260 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1261 silc_free(idata->rekey->send_enc_key);
1262 idata->rekey->send_enc_key =
1263 silc_calloc(keymat->enc_key_len / 8,
1264 sizeof(*idata->rekey->send_enc_key));
1265 memcpy(idata->rekey->send_enc_key, keymat->send_enc_key,
1266 keymat->enc_key_len / 8);
1267 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1271 /* This function actually re-generates (when not using PFS) the keys and
1272 takes them into use. */
1274 void silc_server_protocol_rekey_generate(SilcServer server,
1275 SilcServerRekeyInternalContext *ctx,
1278 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1279 SilcSKEKeyMaterial *keymat;
1280 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1281 uint32 hash_len = idata->hash->hash->hash_len;
1283 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1284 send ? "sending" : "receiving"));
1286 /* Generate the new key */
1287 keymat = silc_calloc(1, sizeof(*keymat));
1288 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1289 idata->rekey->enc_key_len,
1290 16, key_len, hash_len,
1291 idata->hash, keymat);
1293 /* Set the keys into use */
1294 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1296 silc_ske_free_key_material(keymat);
1299 /* This function actually re-generates (with PFS) the keys and
1300 takes them into use. */
1303 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1304 SilcServerRekeyInternalContext *ctx,
1307 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1308 SilcSKEKeyMaterial *keymat;
1309 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1310 uint32 hash_len = idata->hash->hash->hash_len;
1311 unsigned char *tmpbuf;
1314 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1315 send ? "sending" : "receiving"));
1317 /* Encode KEY to binary data */
1318 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1320 /* Generate the new key */
1321 keymat = silc_calloc(1, sizeof(*keymat));
1322 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1323 idata->hash, keymat);
1325 /* Set the keys into use */
1326 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1328 memset(tmpbuf, 0, klen);
1330 silc_ske_free_key_material(keymat);
1333 /* Packet sending callback. This function is provided as packet sending
1334 routine to the Key Exchange functions. */
1337 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1339 SilcPacketType type,
1342 SilcProtocol protocol = (SilcProtocol)context;
1343 SilcServerRekeyInternalContext *ctx =
1344 (SilcServerRekeyInternalContext *)protocol->context;
1345 SilcServer server = (SilcServer)ctx->server;
1347 /* Send the packet immediately */
1348 silc_server_packet_send(server, ctx->sock,
1349 type, 0, packet->data, packet->len, FALSE);
1352 /* Performs re-key as defined in the SILC protocol specification. */
1354 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1356 SilcProtocol protocol = (SilcProtocol)context;
1357 SilcServerRekeyInternalContext *ctx =
1358 (SilcServerRekeyInternalContext *)protocol->context;
1359 SilcServer server = (SilcServer)ctx->server;
1360 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1361 SilcSKEStatus status;
1363 SILC_LOG_DEBUG(("Start"));
1365 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1366 protocol->state = SILC_PROTOCOL_STATE_START;
1368 SILC_LOG_DEBUG(("State=%d", protocol->state));
1370 switch(protocol->state) {
1371 case SILC_PROTOCOL_STATE_START:
1377 if (ctx->responder == TRUE) {
1379 * We are receiving party
1382 if (ctx->pfs == TRUE) {
1384 * Use Perfect Forward Secrecy, ie. negotiate the key material
1385 * using the SKE protocol.
1388 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1389 /* Error in protocol */
1390 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1391 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1395 ctx->ske = silc_ske_alloc();
1396 ctx->ske->rng = server->rng;
1397 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1398 silc_ske_get_group_by_number(idata->rekey->ske_group,
1399 &ctx->ske->prop->group);
1401 silc_ske_set_callbacks(ctx->ske,
1402 silc_server_protocol_rekey_send_packet,
1403 NULL, NULL, NULL, silc_ske_check_version,
1406 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
1407 if (status != SILC_SKE_STATUS_OK) {
1408 SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
1409 silc_ske_map_status(status)));
1411 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1412 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1416 /* Advance the protocol state */
1418 silc_protocol_execute(protocol, server->schedule, 0, 0);
1421 * Do normal and simple re-key.
1424 /* Send the REKEY_DONE to indicate we will take new keys into use */
1425 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1428 /* After we send REKEY_DONE we must set the sending encryption
1429 key to the new key since all packets after this packet must
1430 encrypted with the new key. */
1431 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1433 /* The protocol ends in next stage. */
1434 protocol->state = SILC_PROTOCOL_STATE_END;
1439 * We are the initiator of this protocol
1442 /* Start the re-key by sending the REKEY packet */
1443 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1446 if (ctx->pfs == TRUE) {
1448 * Use Perfect Forward Secrecy, ie. negotiate the key material
1449 * using the SKE protocol.
1451 ctx->ske = silc_ske_alloc();
1452 ctx->ske->rng = server->rng;
1453 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1454 silc_ske_get_group_by_number(idata->rekey->ske_group,
1455 &ctx->ske->prop->group);
1457 silc_ske_set_callbacks(ctx->ske,
1458 silc_server_protocol_rekey_send_packet,
1459 NULL, NULL, NULL, silc_ske_check_version,
1462 status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL);
1463 if (status != SILC_SKE_STATUS_OK) {
1464 SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
1465 silc_ske_map_status(status)));
1467 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1468 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1472 /* Advance the protocol state */
1476 * Do normal and simple re-key.
1479 /* Send the REKEY_DONE to indicate we will take new keys into use
1481 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1484 /* After we send REKEY_DONE we must set the sending encryption
1485 key to the new key since all packets after this packet must
1486 encrypted with the new key. */
1487 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1489 /* The protocol ends in next stage. */
1490 protocol->state = SILC_PROTOCOL_STATE_END;
1498 * Second state, used only when oding re-key with PFS.
1500 if (ctx->responder == TRUE) {
1501 if (ctx->pfs == TRUE) {
1503 * Send our KE packe to the initiator now that we've processed
1504 * the initiator's KE packet.
1506 status = silc_ske_responder_finish(ctx->ske, NULL, NULL,
1507 SILC_SKE_PK_TYPE_SILC);
1508 if (status != SILC_SKE_STATUS_OK) {
1509 SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
1510 silc_ske_map_status(status)));
1512 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1513 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1519 if (ctx->pfs == TRUE) {
1521 * The packet type must be KE packet
1523 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1524 /* Error in protocol */
1525 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1526 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1530 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
1531 if (status != SILC_SKE_STATUS_OK) {
1532 SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
1533 silc_ske_map_status(status)));
1535 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1536 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1542 /* Send the REKEY_DONE to indicate we will take new keys into use
1544 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1547 /* After we send REKEY_DONE we must set the sending encryption
1548 key to the new key since all packets after this packet must
1549 encrypted with the new key. */
1550 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1552 /* The protocol ends in next stage. */
1553 protocol->state = SILC_PROTOCOL_STATE_END;
1556 case SILC_PROTOCOL_STATE_END:
1561 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1562 /* Error in protocol */
1563 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1564 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1568 /* We received the REKEY_DONE packet and all packets after this is
1569 encrypted with the new key so set the decryption key to the new key */
1570 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1572 /* Protocol has ended, call the final callback */
1573 if (protocol->final_callback)
1574 silc_protocol_execute_final(protocol, server->schedule);
1576 silc_protocol_free(protocol);
1579 case SILC_PROTOCOL_STATE_ERROR:
1584 if (ctx->pfs == TRUE) {
1585 /* Send abort notification */
1586 silc_ske_abort(ctx->ske, ctx->ske->status);
1589 /* On error the final callback is always called. */
1590 if (protocol->final_callback)
1591 silc_protocol_execute_final(protocol, server->schedule);
1593 silc_protocol_free(protocol);
1596 case SILC_PROTOCOL_STATE_FAILURE:
1598 * We have received failure from remote
1601 /* On error the final callback is always called. */
1602 if (protocol->final_callback)
1603 silc_protocol_execute_final(protocol, server->schedule);
1605 silc_protocol_free(protocol);
1608 case SILC_PROTOCOL_STATE_UNKNOWN:
1614 /* Registers protocols used in server. */
1616 void silc_server_protocols_register(void)
1618 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1619 silc_server_protocol_connection_auth);
1620 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1621 silc_server_protocol_key_exchange);
1622 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1623 silc_server_protocol_rekey);
1624 silc_protocol_register(SILC_PROTOCOL_SERVER_BACKUP,
1625 silc_server_protocol_backup);
1628 /* Unregisters protocols */
1630 void silc_server_protocols_unregister(void)
1632 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1633 silc_server_protocol_connection_auth);
1634 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1635 silc_server_protocol_key_exchange);
1636 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1637 silc_server_protocol_rekey);
1638 silc_protocol_unregister(SILC_PROTOCOL_SERVER_BACKUP,
1639 silc_server_protocol_backup);