5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
39 silc_verify_public_key_internal(SilcServer server, SilcSocketConnection sock,
40 SilcSocketType conn_type,
41 unsigned char *pk, uint32 pk_len,
42 SilcSKEPKType pk_type)
44 char file[256], filename[256], *fingerprint;
47 if (pk_type != SILC_SKE_PK_TYPE_SILC) {
48 SILC_LOG_WARNING(("We don't support %s (%s) port %d public key type %d",
49 sock->hostname, sock->ip, sock->port, pk_type));
53 /* Accept client keys without verification */
54 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
55 SILC_LOG_DEBUG(("Accepting client public key without verification"));
59 memset(filename, 0, sizeof(filename));
60 memset(file, 0, sizeof(file));
61 snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", sock->hostname,
63 snprintf(filename, sizeof(filename) - 1, SILC_ETCDIR "/serverkeys/%s",
66 /* Create serverkeys directory if it doesn't exist. */
67 if (stat(SILC_ETCDIR "/serverkeys", &st) < 0) {
68 /* If dir doesn't exist */
69 if (errno == ENOENT) {
70 if (mkdir(SILC_ETCDIR "/serverkeys", 0755) < 0) {
71 SILC_LOG_ERROR(("Couldn't create `%s' directory\n",
72 SILC_ETCDIR "/serverkeys"));
76 SILC_LOG_ERROR(("%s\n", strerror(errno)));
81 /* Take fingerprint of the public key */
82 fingerprint = silc_hash_fingerprint(NULL, pk, pk_len);
83 SILC_LOG_DEBUG(("Received server %s (%s) port %d public key (%s)",
84 sock->hostname, sock->ip, sock->port, fingerprint));
85 silc_free(fingerprint);
87 /* Check whether this key already exists */
88 if (stat(filename, &st) < 0) {
89 /* We don't have it, then cache it. */
90 SILC_LOG_DEBUG(("New public key from server"));
92 silc_pkcs_save_public_key_data(filename, pk, pk_len,
96 /* The key already exists, verify it. */
97 SilcPublicKey public_key;
101 SILC_LOG_DEBUG(("We have the public key saved locally"));
103 /* Load the key file */
104 if (!silc_pkcs_load_public_key(filename, &public_key,
106 if (!silc_pkcs_load_public_key(filename, &public_key,
107 SILC_PKCS_FILE_BIN)) {
108 SILC_LOG_WARNING(("Could not load local copy of the %s (%s) port %d "
109 "server public key", sock->hostname, sock->ip,
112 /* Save the key for future checking */
114 silc_pkcs_save_public_key_data(filename, pk, pk_len,
119 /* Encode the key data */
120 encpk = silc_pkcs_public_key_encode(public_key, &encpk_len);
122 SILC_LOG_WARNING(("Local copy of the server %s (%s) port %d public key "
123 "is malformed", sock->hostname, sock->ip, sock->port));
125 /* Save the key for future checking */
127 silc_pkcs_save_public_key_data(filename, pk, pk_len,
132 if (memcmp(encpk, pk, encpk_len)) {
133 SILC_LOG_WARNING(("%s (%s) port %d server public key does not match "
134 "with local copy", sock->hostname, sock->ip,
136 SILC_LOG_WARNING(("It is possible that the key has expired or changed"));
137 SILC_LOG_WARNING(("It is also possible that some one is performing "
138 "man-in-the-middle attack"));
139 SILC_LOG_WARNING(("Will not accept the server %s (%s) port %d public "
141 sock->hostname, sock->ip, sock->port));
145 /* Local copy matched */
150 /* Callback that is called when we have received KE2 payload from
151 responder. We try to verify the public key now. */
154 silc_server_protocol_ke_verify_key(SilcSKE ske,
155 unsigned char *pk_data,
157 SilcSKEPKType pk_type,
159 SilcSKEVerifyCbCompletion completion,
160 void *completion_context)
162 SilcProtocol protocol = (SilcProtocol)context;
163 SilcServerKEInternalContext *ctx =
164 (SilcServerKEInternalContext *)protocol->context;
165 SilcServer server = (SilcServer)ctx->server;
167 SILC_LOG_DEBUG(("Start"));
169 if (silc_verify_public_key_internal(server, ctx->sock,
170 (ctx->responder == FALSE ?
171 SILC_SOCKET_TYPE_ROUTER:
172 ctx->sconfig ? SILC_SOCKET_TYPE_SERVER :
173 ctx->rconfig ? SILC_SOCKET_TYPE_ROUTER :
174 SILC_SOCKET_TYPE_CLIENT),
175 pk_data, pk_len, pk_type))
176 completion(ske, SILC_SKE_STATUS_OK, completion_context);
178 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
182 /* Packet sending callback. This function is provided as packet sending
183 routine to the Key Exchange functions. */
185 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
190 SilcProtocol protocol = (SilcProtocol)context;
191 SilcServerKEInternalContext *ctx =
192 (SilcServerKEInternalContext *)protocol->context;
193 SilcServer server = (SilcServer)ctx->server;
195 /* Send the packet immediately */
196 silc_server_packet_send(server, ske->sock,
197 type, 0, packet->data, packet->len, TRUE);
200 /* Sets the negotiated key material into use for particular connection. */
202 int silc_server_protocol_ke_set_keys(SilcSKE ske,
203 SilcSocketConnection sock,
204 SilcSKEKeyMaterial *keymat,
209 SilcSKEDiffieHellmanGroup group,
212 SilcUnknownEntry conn_data;
213 SilcIDListData idata;
215 SILC_LOG_DEBUG(("Setting new key into use"));
217 conn_data = silc_calloc(1, sizeof(*conn_data));
218 idata = (SilcIDListData)conn_data;
220 /* Allocate cipher to be used in the communication */
221 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
222 silc_free(conn_data);
225 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
226 silc_free(conn_data);
230 if (is_responder == TRUE) {
231 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
232 keymat->enc_key_len);
233 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
234 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
235 keymat->enc_key_len);
236 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
238 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
239 keymat->enc_key_len);
240 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
241 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
242 keymat->enc_key_len);
243 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
246 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
247 idata->rekey->send_enc_key =
248 silc_calloc(keymat->enc_key_len / 8,
249 sizeof(*idata->rekey->send_enc_key));
250 memcpy(idata->rekey->send_enc_key,
251 keymat->send_enc_key, keymat->enc_key_len / 8);
252 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
254 if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
255 idata->rekey->pfs = TRUE;
256 idata->rekey->ske_group = silc_ske_group_get_number(group);
258 /* Save the remote host's public key */
259 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
260 ske->ke1_payload->pk_len, &idata->public_key);
263 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
264 silc_cipher_free(idata->send_key);
265 silc_cipher_free(idata->receive_key);
266 silc_free(conn_data);
270 /* Save HMAC key to be used in the communication. */
271 if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac_send)) {
272 silc_cipher_free(idata->send_key);
273 silc_cipher_free(idata->receive_key);
274 silc_hash_free(idata->hash);
275 silc_free(conn_data);
278 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key, keymat->hmac_key_len);
279 idata->hmac_receive = idata->hmac_send;
281 sock->user_data = (void *)conn_data;
286 /* Check remote host version string */
288 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
289 uint32 len, void *context)
291 SilcSKEStatus status = SILC_SKE_STATUS_OK;
293 int maj = 0, min = 0, build = 0, maj2 = 0, min2 = 0, build2 = 0;
295 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
296 ske->sock->ip, version));
298 /* Check for initial version string */
299 if (!strstr(version, "SILC-1.0-"))
300 status = SILC_SKE_STATUS_BAD_VERSION;
302 /* Check software version */
306 status = SILC_SKE_STATUS_BAD_VERSION;
309 cp = strchr(cp, '.');
315 cp = strchr(cp, '.');
317 build = atoi(cp + 1);
320 cp = silc_version_string + 9;
322 status = SILC_SKE_STATUS_BAD_VERSION;
325 cp = strchr(cp, '.');
331 cp = strchr(cp, '.');
333 build2 = atoi(cp + 1);
337 status = SILC_SKE_STATUS_BAD_VERSION;
339 status = SILC_SKE_STATUS_BAD_VERSION;
344 /* Callback that is called by the SKE to indicate that it is safe to
345 continue the execution of the protocol. This is used only if we are
346 initiator. Is given as argument to the silc_ske_initiator_finish or
347 silc_ske_responder_phase_2 functions. This is called due to the fact
348 that the public key verification process is asynchronous and we must
349 not continue the protocl until the public key has been verified and
350 this callback is called. */
352 static void silc_server_protocol_ke_continue(SilcSKE ske, void *context)
354 SilcProtocol protocol = (SilcProtocol)context;
355 SilcServerKEInternalContext *ctx =
356 (SilcServerKEInternalContext *)protocol->context;
357 SilcServer server = (SilcServer)ctx->server;
359 SILC_LOG_DEBUG(("Start"));
361 if (ske->status != SILC_SKE_STATUS_OK) {
362 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
364 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
367 protocol->state = SILC_PROTOCOL_STATE_ERROR;
368 silc_protocol_execute(protocol, server->schedule, 0, 300000);
372 /* Send Ok to the other end. We will end the protocol as responder
373 sends Ok to us when we will take the new keys into use. */
374 if (ctx->responder == FALSE) {
375 silc_ske_end(ctx->ske);
377 /* End the protocol on the next round */
378 protocol->state = SILC_PROTOCOL_STATE_END;
381 /* Advance protocol state and call the next state if we are responder.
382 This happens when this callback was sent to silc_ske_responder_phase_2
384 if (ctx->responder == TRUE) {
386 silc_protocol_execute(protocol, server->schedule, 0, 100000);
390 /* Performs key exchange protocol. This is used for both initiator
391 and responder key exchange. This is performed always when accepting
392 new connection to the server. This may be called recursively. */
394 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
396 SilcProtocol protocol = (SilcProtocol)context;
397 SilcServerKEInternalContext *ctx =
398 (SilcServerKEInternalContext *)protocol->context;
399 SilcServer server = (SilcServer)ctx->server;
400 SilcSKEStatus status = SILC_SKE_STATUS_OK;
402 SILC_LOG_DEBUG(("Start"));
404 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
405 protocol->state = SILC_PROTOCOL_STATE_START;
407 SILC_LOG_DEBUG(("State=%d", protocol->state));
409 switch(protocol->state) {
410 case SILC_PROTOCOL_STATE_START:
417 /* Allocate Key Exchange object */
418 ske = silc_ske_alloc();
420 ske->rng = server->rng;
422 silc_ske_set_callbacks(ske, silc_server_protocol_ke_send_packet, NULL,
423 silc_server_protocol_ke_verify_key,
424 silc_server_protocol_ke_continue,
425 silc_ske_check_version, context);
427 if (ctx->responder == TRUE) {
428 /* Start the key exchange by processing the received security
429 properties packet from initiator. */
430 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
432 ctx->packet->buffer, FALSE);
434 SilcSKEStartPayload *start_payload;
436 /* Assemble security properties. */
437 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
441 /* Start the key exchange by sending our security properties
442 to the remote end. */
443 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
447 /* Return now if the procedure is pending. */
448 if (status == SILC_SKE_STATUS_PENDING)
451 if (status != SILC_SKE_STATUS_OK) {
452 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
454 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
457 protocol->state = SILC_PROTOCOL_STATE_ERROR;
458 silc_protocol_execute(protocol, server->schedule, 0, 300000);
462 /* Advance protocol state and call the next state if we are responder */
464 if (ctx->responder == TRUE)
465 silc_protocol_execute(protocol, server->schedule, 0, 100000);
473 if (ctx->responder == TRUE) {
474 /* Sends the selected security properties to the initiator. */
475 status = silc_ske_responder_phase_1(ctx->ske,
476 ctx->ske->start_payload);
478 /* Call Phase-1 function. This processes the Key Exchange Start
479 paylaod reply we just got from the responder. The callback
480 function will receive the processed payload where we will
482 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer);
485 /* Return now if the procedure is pending. */
486 if (status == SILC_SKE_STATUS_PENDING)
489 if (status != SILC_SKE_STATUS_OK) {
490 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
492 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
495 protocol->state = SILC_PROTOCOL_STATE_ERROR;
496 silc_protocol_execute(protocol, server->schedule, 0, 300000);
500 /* Advance protocol state and call next state if we are initiator */
502 if (ctx->responder == FALSE)
503 silc_protocol_execute(protocol, server->schedule, 0, 100000);
511 if (ctx->responder == TRUE) {
512 /* Process the received Key Exchange 1 Payload packet from
513 the initiator. This also creates our parts of the Diffie
514 Hellman algorithm. The silc_server_protocol_ke_continue
515 will be called after the public key has been verified. */
516 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
518 /* Call the Phase-2 function. This creates Diffie Hellman
519 key exchange parameters and sends our public part inside
520 Key Exhange 1 Payload to the responder. */
521 status = silc_ske_initiator_phase_2(ctx->ske,
523 server->private_key);
527 /* Return now if the procedure is pending. */
528 if (status == SILC_SKE_STATUS_PENDING)
531 if (status != SILC_SKE_STATUS_OK) {
532 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
534 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
537 protocol->state = SILC_PROTOCOL_STATE_ERROR;
538 silc_protocol_execute(protocol, server->schedule, 0, 300000);
548 if (ctx->responder == TRUE) {
549 /* This creates the key exchange material and sends our
550 public parts to the initiator inside Key Exchange 2 Payload. */
551 status = silc_ske_responder_finish(ctx->ske,
554 SILC_SKE_PK_TYPE_SILC);
556 /* End the protocol on the next round */
557 protocol->state = SILC_PROTOCOL_STATE_END;
559 /* Finish the protocol. This verifies the Key Exchange 2 payload
560 sent by responder. The silc_server_protocol_ke_continue will
561 be called after the public key has been verified. */
562 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
565 /* Return now if the procedure is pending. */
566 if (status == SILC_SKE_STATUS_PENDING)
569 if (status != SILC_SKE_STATUS_OK) {
570 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
572 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
575 protocol->state = SILC_PROTOCOL_STATE_ERROR;
576 silc_protocol_execute(protocol, server->schedule, 0, 300000);
582 case SILC_PROTOCOL_STATE_END:
587 SilcSKEKeyMaterial *keymat;
588 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
589 int hash_len = ctx->ske->prop->hash->hash->hash_len;
591 /* Process the key material */
592 keymat = silc_calloc(1, sizeof(*keymat));
593 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
595 if (status != SILC_SKE_STATUS_OK) {
596 protocol->state = SILC_PROTOCOL_STATE_ERROR;
597 silc_protocol_execute(protocol, server->schedule, 0, 300000);
598 silc_ske_free_key_material(keymat);
601 ctx->keymat = keymat;
603 /* Send Ok to the other end if we are responder. If we are initiator
604 we have sent this already. */
605 if (ctx->responder == TRUE)
606 silc_ske_end(ctx->ske);
608 /* Unregister the timeout task since the protocol has ended.
609 This was the timeout task to be executed if the protocol is
610 not completed fast enough. */
611 if (ctx->timeout_task)
612 silc_schedule_task_del(server->schedule, ctx->timeout_task);
614 /* Call the final callback */
615 if (protocol->final_callback)
616 silc_protocol_execute_final(protocol, server->schedule);
618 silc_protocol_free(protocol);
622 case SILC_PROTOCOL_STATE_ERROR:
627 /* Send abort notification */
628 silc_ske_abort(ctx->ske, ctx->ske->status);
630 /* Unregister the timeout task since the protocol has ended.
631 This was the timeout task to be executed if the protocol is
632 not completed fast enough. */
633 if (ctx->timeout_task)
634 silc_schedule_task_del(server->schedule, ctx->timeout_task);
636 /* On error the final callback is always called. */
637 if (protocol->final_callback)
638 silc_protocol_execute_final(protocol, server->schedule);
640 silc_protocol_free(protocol);
643 case SILC_PROTOCOL_STATE_FAILURE:
645 * We have received failure from remote
648 /* Unregister the timeout task since the protocol has ended.
649 This was the timeout task to be executed if the protocol is
650 not completed fast enough. */
651 if (ctx->timeout_task)
652 silc_schedule_task_del(server->schedule, ctx->timeout_task);
654 /* On error the final callback is always called. */
655 if (protocol->final_callback)
656 silc_protocol_execute_final(protocol, server->schedule);
658 silc_protocol_free(protocol);
661 case SILC_PROTOCOL_STATE_UNKNOWN:
667 * Connection Authentication protocol functions
671 silc_server_password_authentication(SilcServer server, char *auth1,
674 if (!auth1 || !auth2)
677 if (!memcmp(auth1, auth2, strlen(auth1)))
684 silc_server_public_key_authentication(SilcServer server,
685 SilcPublicKey pub_key,
694 if (!pub_key || !sign)
697 silc_pkcs_alloc(pub_key->name, &pkcs);
698 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
699 silc_pkcs_free(pkcs);
703 /* Make the authentication data. Protocol says it is HASH plus
705 len = ske->hash_len + ske->start_payload_copy->len;
706 auth = silc_buffer_alloc(len);
707 silc_buffer_pull_tail(auth, len);
708 silc_buffer_format(auth,
709 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
710 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
711 ske->start_payload_copy->len),
714 /* Verify signature */
715 if (silc_pkcs_verify_with_hash(pkcs, ske->prop->hash, sign, sign_len,
716 auth->data, auth->len)) {
717 silc_pkcs_free(pkcs);
718 silc_buffer_free(auth);
722 silc_pkcs_free(pkcs);
723 silc_buffer_free(auth);
728 silc_server_get_public_key_auth(SilcServer server,
729 unsigned char *auth_data,
730 uint32 *auth_data_len,
739 /* Make the authentication data. Protocol says it is HASH plus
741 len = ske->hash_len + ske->start_payload_copy->len;
742 auth = silc_buffer_alloc(len);
743 silc_buffer_pull_tail(auth, len);
744 silc_buffer_format(auth,
745 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
746 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
747 ske->start_payload_copy->len),
750 if (silc_pkcs_sign_with_hash(pkcs, ske->prop->hash, auth->data,
751 auth->len, auth_data, auth_data_len)) {
752 silc_buffer_free(auth);
756 silc_buffer_free(auth);
760 /* Performs connection authentication protocol. If responder, we
761 authenticate the remote data received. If initiator, we will send
762 authentication data to the remote end. */
764 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
766 SilcProtocol protocol = (SilcProtocol)context;
767 SilcServerConnAuthInternalContext *ctx =
768 (SilcServerConnAuthInternalContext *)protocol->context;
769 SilcServer server = (SilcServer)ctx->server;
771 SILC_LOG_DEBUG(("Start"));
773 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
774 protocol->state = SILC_PROTOCOL_STATE_START;
776 SILC_LOG_DEBUG(("State=%d", protocol->state));
778 switch(protocol->state) {
779 case SILC_PROTOCOL_STATE_START:
785 if (ctx->responder == TRUE) {
787 * We are receiving party
792 unsigned char *auth_data = NULL;
794 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
795 ctx->sock->hostname, ctx->sock->ip));
797 /* Parse the received authentication data packet. The received
798 payload is Connection Auth Payload. */
799 ret = silc_buffer_unformat(ctx->packet->buffer,
800 SILC_STR_UI_SHORT(&payload_len),
801 SILC_STR_UI_SHORT(&conn_type),
804 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
805 protocol->state = SILC_PROTOCOL_STATE_ERROR;
806 silc_protocol_execute(protocol, server->schedule, 0, 300000);
810 if (payload_len != ctx->packet->buffer->len) {
811 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
812 protocol->state = SILC_PROTOCOL_STATE_ERROR;
813 silc_protocol_execute(protocol, server->schedule, 0, 300000);
819 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
820 conn_type > SILC_SOCKET_TYPE_ROUTER) {
821 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
822 protocol->state = SILC_PROTOCOL_STATE_ERROR;
823 silc_protocol_execute(protocol, server->schedule, 0, 300000);
827 if (payload_len > 0) {
828 /* Get authentication data */
829 silc_buffer_pull(ctx->packet->buffer, 4);
830 ret = silc_buffer_unformat(ctx->packet->buffer,
831 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
835 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
836 protocol->state = SILC_PROTOCOL_STATE_ERROR;
837 silc_protocol_execute(protocol, server->schedule, 0, 300000);
843 * Check the remote connection type and make sure that we have
844 * configured this connection. If we haven't allowed this connection
845 * the authentication must be failed.
848 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
850 /* Remote end is client */
851 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
852 SilcServerConfigSectionClientConnection *client = ctx->cconfig;
855 switch(client->auth_meth) {
857 /* No authentication required */
858 SILC_LOG_DEBUG(("No authentication required"));
861 case SILC_AUTH_PASSWORD:
862 /* Password authentication */
863 SILC_LOG_DEBUG(("Password authentication"));
864 ret = silc_server_password_authentication(server, auth_data,
870 /* Authentication failed */
871 SILC_LOG_ERROR(("Authentication failed"));
872 SILC_LOG_DEBUG(("Authentication failed"));
873 silc_free(auth_data);
874 protocol->state = SILC_PROTOCOL_STATE_ERROR;
875 silc_protocol_execute(protocol, server->schedule,
880 case SILC_AUTH_PUBLIC_KEY:
881 /* Public key authentication */
882 SILC_LOG_DEBUG(("Public key authentication"));
883 ret = silc_server_public_key_authentication(server,
892 SILC_LOG_ERROR(("Authentication failed"));
893 SILC_LOG_DEBUG(("Authentication failed"));
894 silc_free(auth_data);
895 protocol->state = SILC_PROTOCOL_STATE_ERROR;
896 silc_protocol_execute(protocol, server->schedule,
901 SILC_LOG_DEBUG(("No configuration for remote connection"));
902 SILC_LOG_ERROR(("Remote connection not configured"));
903 SILC_LOG_ERROR(("Authentication failed"));
904 silc_free(auth_data);
905 protocol->state = SILC_PROTOCOL_STATE_ERROR;
906 silc_protocol_execute(protocol, server->schedule,
912 /* Remote end is server */
913 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
914 SilcServerConfigSectionServerConnection *serv = ctx->sconfig;
917 switch(serv->auth_meth) {
919 /* No authentication required */
920 SILC_LOG_DEBUG(("No authentication required"));
923 case SILC_AUTH_PASSWORD:
924 /* Password authentication */
925 SILC_LOG_DEBUG(("Password authentication"));
926 ret = silc_server_password_authentication(server, auth_data,
932 /* Authentication failed */
933 SILC_LOG_ERROR(("Authentication failed"));
934 SILC_LOG_DEBUG(("Authentication failed"));
935 silc_free(auth_data);
936 protocol->state = SILC_PROTOCOL_STATE_ERROR;
937 silc_protocol_execute(protocol, server->schedule,
942 case SILC_AUTH_PUBLIC_KEY:
943 /* Public key authentication */
944 SILC_LOG_DEBUG(("Public key authentication"));
945 ret = silc_server_public_key_authentication(server,
954 SILC_LOG_ERROR(("Authentication failed"));
955 SILC_LOG_DEBUG(("Authentication failed"));
956 silc_free(auth_data);
957 protocol->state = SILC_PROTOCOL_STATE_ERROR;
958 silc_protocol_execute(protocol, server->schedule,
963 SILC_LOG_DEBUG(("No configuration for remote connection"));
964 SILC_LOG_ERROR(("Remote connection not configured"));
965 SILC_LOG_ERROR(("Authentication failed"));
966 protocol->state = SILC_PROTOCOL_STATE_ERROR;
967 silc_protocol_execute(protocol, server->schedule,
969 silc_free(auth_data);
974 /* Remote end is router */
975 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
976 SilcServerConfigSectionServerConnection *serv = ctx->rconfig;
979 switch(serv->auth_meth) {
981 /* No authentication required */
982 SILC_LOG_DEBUG(("No authentication required"));
985 case SILC_AUTH_PASSWORD:
986 /* Password authentication */
987 SILC_LOG_DEBUG(("Password authentication"));
988 ret = silc_server_password_authentication(server, auth_data,
994 /* Authentication failed */
995 SILC_LOG_ERROR(("Authentication failed"));
996 SILC_LOG_DEBUG(("Authentication failed"));
997 silc_free(auth_data);
998 protocol->state = SILC_PROTOCOL_STATE_ERROR;
999 silc_protocol_execute(protocol, server->schedule,
1004 case SILC_AUTH_PUBLIC_KEY:
1005 /* Public key authentication */
1006 SILC_LOG_DEBUG(("Public key authentication"));
1007 ret = silc_server_public_key_authentication(server,
1016 SILC_LOG_ERROR(("Authentication failed"));
1017 SILC_LOG_DEBUG(("Authentication failed"));
1018 silc_free(auth_data);
1019 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1020 silc_protocol_execute(protocol, server->schedule,
1025 SILC_LOG_DEBUG(("No configuration for remote connection"));
1026 SILC_LOG_ERROR(("Remote connection not configured"));
1027 SILC_LOG_ERROR(("Authentication failed"));
1028 silc_free(auth_data);
1029 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1030 silc_protocol_execute(protocol, server->schedule,
1036 silc_free(auth_data);
1038 /* Save connection type. This is later used to create the
1039 ID for the connection. */
1040 ctx->conn_type = conn_type;
1042 /* Advance protocol state. */
1043 protocol->state = SILC_PROTOCOL_STATE_END;
1044 silc_protocol_execute(protocol, server->schedule, 0, 0);
1048 * We are initiator. We are authenticating ourselves to a
1049 * remote server. We will send the authentication data to the
1050 * other end for verify.
1053 int payload_len = 0;
1054 unsigned char *auth_data = NULL;
1055 uint32 auth_data_len = 0;
1057 switch(ctx->auth_meth) {
1058 case SILC_AUTH_NONE:
1059 /* No authentication required */
1062 case SILC_AUTH_PASSWORD:
1063 /* Password authentication */
1064 if (ctx->auth_data && ctx->auth_data_len) {
1065 auth_data = strdup(ctx->auth_data);
1066 auth_data_len = ctx->auth_data_len;
1071 case SILC_AUTH_PUBLIC_KEY:
1073 unsigned char sign[1024];
1075 /* Public key authentication */
1076 silc_server_get_public_key_auth(server, sign, &auth_data_len,
1078 auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
1079 memcpy(auth_data, sign, auth_data_len);
1084 payload_len = 4 + auth_data_len;
1085 packet = silc_buffer_alloc(payload_len);
1086 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
1087 silc_buffer_format(packet,
1088 SILC_STR_UI_SHORT(payload_len),
1089 SILC_STR_UI_SHORT(server->server_type
1091 SILC_SOCKET_TYPE_SERVER :
1092 SILC_SOCKET_TYPE_ROUTER),
1093 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
1096 /* Send the packet to server */
1097 silc_server_packet_send(server, ctx->sock,
1098 SILC_PACKET_CONNECTION_AUTH, 0,
1099 packet->data, packet->len, TRUE);
1102 memset(auth_data, 0, auth_data_len);
1103 silc_free(auth_data);
1105 silc_buffer_free(packet);
1107 /* Next state is end of protocol */
1108 protocol->state = SILC_PROTOCOL_STATE_END;
1113 case SILC_PROTOCOL_STATE_END:
1118 unsigned char ok[4];
1120 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
1122 /* Authentication successful */
1123 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
1126 /* Unregister the timeout task since the protocol has ended.
1127 This was the timeout task to be executed if the protocol is
1128 not completed fast enough. */
1129 if (ctx->timeout_task)
1130 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1132 /* Protocol has ended, call the final callback */
1133 if (protocol->final_callback)
1134 silc_protocol_execute_final(protocol, server->schedule);
1136 silc_protocol_free(protocol);
1139 case SILC_PROTOCOL_STATE_ERROR:
1142 * Error. Send notify to remote.
1144 unsigned char error[4];
1146 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
1148 /* Authentication failed */
1149 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
1152 /* Unregister the timeout task since the protocol has ended.
1153 This was the timeout task to be executed if the protocol is
1154 not completed fast enough. */
1155 if (ctx->timeout_task)
1156 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1158 /* On error the final callback is always called. */
1159 if (protocol->final_callback)
1160 silc_protocol_execute_final(protocol, server->schedule);
1162 silc_protocol_free(protocol);
1166 case SILC_PROTOCOL_STATE_FAILURE:
1168 * We have received failure from remote
1171 /* Unregister the timeout task since the protocol has ended.
1172 This was the timeout task to be executed if the protocol is
1173 not completed fast enough. */
1174 if (ctx->timeout_task)
1175 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1177 /* On error the final callback is always called. */
1178 if (protocol->final_callback)
1179 silc_protocol_execute_final(protocol, server->schedule);
1181 silc_protocol_free(protocol);
1184 case SILC_PROTOCOL_STATE_UNKNOWN:
1190 * Re-key protocol routines
1193 /* Actually takes the new keys into use. */
1196 silc_server_protocol_rekey_validate(SilcServer server,
1197 SilcServerRekeyInternalContext *ctx,
1198 SilcIDListData idata,
1199 SilcSKEKeyMaterial *keymat,
1202 if (ctx->responder == TRUE) {
1204 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1205 keymat->enc_key_len);
1206 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1208 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1209 keymat->enc_key_len);
1210 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1214 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1215 keymat->enc_key_len);
1216 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1218 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1219 keymat->enc_key_len);
1220 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1225 silc_hmac_alloc(idata->hmac_send->hmac->name, NULL, &idata->hmac_send);
1226 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key,
1227 keymat->hmac_key_len);
1229 silc_hmac_free(idata->hmac_receive);
1230 idata->hmac_receive = idata->hmac_send;
1233 /* Save the current sending encryption key */
1235 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1236 silc_free(idata->rekey->send_enc_key);
1237 idata->rekey->send_enc_key =
1238 silc_calloc(keymat->enc_key_len / 8,
1239 sizeof(*idata->rekey->send_enc_key));
1240 memcpy(idata->rekey->send_enc_key, keymat->send_enc_key,
1241 keymat->enc_key_len / 8);
1242 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1246 /* This function actually re-generates (when not using PFS) the keys and
1247 takes them into use. */
1249 void silc_server_protocol_rekey_generate(SilcServer server,
1250 SilcServerRekeyInternalContext *ctx,
1253 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1254 SilcSKEKeyMaterial *keymat;
1255 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1256 uint32 hash_len = idata->hash->hash->hash_len;
1258 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1259 send ? "sending" : "receiving"));
1261 /* Generate the new key */
1262 keymat = silc_calloc(1, sizeof(*keymat));
1263 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1264 idata->rekey->enc_key_len,
1265 16, key_len, hash_len,
1266 idata->hash, keymat);
1268 /* Set the keys into use */
1269 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1271 silc_ske_free_key_material(keymat);
1274 /* This function actually re-generates (with PFS) the keys and
1275 takes them into use. */
1278 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1279 SilcServerRekeyInternalContext *ctx,
1282 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1283 SilcSKEKeyMaterial *keymat;
1284 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1285 uint32 hash_len = idata->hash->hash->hash_len;
1286 unsigned char *tmpbuf;
1289 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1290 send ? "sending" : "receiving"));
1292 /* Encode KEY to binary data */
1293 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1295 /* Generate the new key */
1296 keymat = silc_calloc(1, sizeof(*keymat));
1297 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1298 idata->hash, keymat);
1300 /* Set the keys into use */
1301 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1303 memset(tmpbuf, 0, klen);
1305 silc_ske_free_key_material(keymat);
1308 /* Packet sending callback. This function is provided as packet sending
1309 routine to the Key Exchange functions. */
1312 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1314 SilcPacketType type,
1317 SilcProtocol protocol = (SilcProtocol)context;
1318 SilcServerRekeyInternalContext *ctx =
1319 (SilcServerRekeyInternalContext *)protocol->context;
1320 SilcServer server = (SilcServer)ctx->server;
1322 /* Send the packet immediately */
1323 silc_server_packet_send(server, ctx->sock,
1324 type, 0, packet->data, packet->len, FALSE);
1327 /* Performs re-key as defined in the SILC protocol specification. */
1329 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1331 SilcProtocol protocol = (SilcProtocol)context;
1332 SilcServerRekeyInternalContext *ctx =
1333 (SilcServerRekeyInternalContext *)protocol->context;
1334 SilcServer server = (SilcServer)ctx->server;
1335 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1336 SilcSKEStatus status;
1338 SILC_LOG_DEBUG(("Start"));
1340 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1341 protocol->state = SILC_PROTOCOL_STATE_START;
1343 SILC_LOG_DEBUG(("State=%d", protocol->state));
1345 switch(protocol->state) {
1346 case SILC_PROTOCOL_STATE_START:
1352 if (ctx->responder == TRUE) {
1354 * We are receiving party
1357 if (ctx->pfs == TRUE) {
1359 * Use Perfect Forward Secrecy, ie. negotiate the key material
1360 * using the SKE protocol.
1363 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1364 /* Error in protocol */
1365 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1366 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1370 ctx->ske = silc_ske_alloc();
1371 ctx->ske->rng = server->rng;
1372 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1373 silc_ske_get_group_by_number(idata->rekey->ske_group,
1374 &ctx->ske->prop->group);
1376 silc_ske_set_callbacks(ctx->ske,
1377 silc_server_protocol_rekey_send_packet,
1378 NULL, NULL, NULL, silc_ske_check_version,
1381 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
1382 if (status != SILC_SKE_STATUS_OK) {
1383 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1386 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1387 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1391 /* Advance the protocol state */
1393 silc_protocol_execute(protocol, server->schedule, 0, 0);
1396 * Do normal and simple re-key.
1399 /* Send the REKEY_DONE to indicate we will take new keys into use */
1400 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1403 /* After we send REKEY_DONE we must set the sending encryption
1404 key to the new key since all packets after this packet must
1405 encrypted with the new key. */
1406 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1408 /* The protocol ends in next stage. */
1409 protocol->state = SILC_PROTOCOL_STATE_END;
1414 * We are the initiator of this protocol
1417 /* Start the re-key by sending the REKEY packet */
1418 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1421 if (ctx->pfs == TRUE) {
1423 * Use Perfect Forward Secrecy, ie. negotiate the key material
1424 * using the SKE protocol.
1426 ctx->ske = silc_ske_alloc();
1427 ctx->ske->rng = server->rng;
1428 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1429 silc_ske_get_group_by_number(idata->rekey->ske_group,
1430 &ctx->ske->prop->group);
1432 silc_ske_set_callbacks(ctx->ske,
1433 silc_server_protocol_rekey_send_packet,
1434 NULL, NULL, NULL, silc_ske_check_version,
1437 status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL);
1438 if (status != SILC_SKE_STATUS_OK) {
1439 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1442 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1443 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1447 /* Advance the protocol state */
1451 * Do normal and simple re-key.
1454 /* Send the REKEY_DONE to indicate we will take new keys into use
1456 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1459 /* After we send REKEY_DONE we must set the sending encryption
1460 key to the new key since all packets after this packet must
1461 encrypted with the new key. */
1462 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1464 /* The protocol ends in next stage. */
1465 protocol->state = SILC_PROTOCOL_STATE_END;
1473 * Second state, used only when oding re-key with PFS.
1475 if (ctx->responder == TRUE) {
1476 if (ctx->pfs == TRUE) {
1478 * Send our KE packe to the initiator now that we've processed
1479 * the initiator's KE packet.
1481 status = silc_ske_responder_finish(ctx->ske, NULL, NULL,
1482 SILC_SKE_PK_TYPE_SILC);
1483 if (status != SILC_SKE_STATUS_OK) {
1484 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1487 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1488 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1494 if (ctx->pfs == TRUE) {
1496 * The packet type must be KE packet
1498 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1499 /* Error in protocol */
1500 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1501 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1505 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
1506 if (status != SILC_SKE_STATUS_OK) {
1507 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1510 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1511 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1517 /* Send the REKEY_DONE to indicate we will take new keys into use
1519 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1522 /* After we send REKEY_DONE we must set the sending encryption
1523 key to the new key since all packets after this packet must
1524 encrypted with the new key. */
1525 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1527 /* The protocol ends in next stage. */
1528 protocol->state = SILC_PROTOCOL_STATE_END;
1531 case SILC_PROTOCOL_STATE_END:
1536 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1537 /* Error in protocol */
1538 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1539 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1543 /* We received the REKEY_DONE packet and all packets after this is
1544 encrypted with the new key so set the decryption key to the new key */
1545 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1547 /* Protocol has ended, call the final callback */
1548 if (protocol->final_callback)
1549 silc_protocol_execute_final(protocol, server->schedule);
1551 silc_protocol_free(protocol);
1554 case SILC_PROTOCOL_STATE_ERROR:
1559 if (ctx->pfs == TRUE) {
1560 /* Send abort notification */
1561 silc_ske_abort(ctx->ske, ctx->ske->status);
1564 /* On error the final callback is always called. */
1565 if (protocol->final_callback)
1566 silc_protocol_execute_final(protocol, server->schedule);
1568 silc_protocol_free(protocol);
1571 case SILC_PROTOCOL_STATE_FAILURE:
1573 * We have received failure from remote
1576 /* On error the final callback is always called. */
1577 if (protocol->final_callback)
1578 silc_protocol_execute_final(protocol, server->schedule);
1580 silc_protocol_free(protocol);
1583 case SILC_PROTOCOL_STATE_UNKNOWN:
1589 /* Registers protocols used in server. */
1591 void silc_server_protocols_register(void)
1593 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1594 silc_server_protocol_connection_auth);
1595 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1596 silc_server_protocol_key_exchange);
1597 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1598 silc_server_protocol_rekey);
1601 /* Unregisters protocols */
1603 void silc_server_protocols_unregister(void)
1605 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1606 silc_server_protocol_connection_auth);
1607 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1608 silc_server_protocol_key_exchange);
1609 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1610 silc_server_protocol_rekey);