5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
38 /* Packet sending callback. This function is provided as packet sending
39 routine to the Key Exchange functions. */
41 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
46 SilcProtocol protocol = (SilcProtocol)context;
47 SilcServerKEInternalContext *ctx =
48 (SilcServerKEInternalContext *)protocol->context;
49 SilcServer server = (SilcServer)ctx->server;
51 /* Send the packet immediately */
52 silc_server_packet_send(server, ske->sock,
53 type, 0, packet->data, packet->len, TRUE);
56 /* Sets the negotiated key material into use for particular connection. */
58 int silc_server_protocol_ke_set_keys(SilcSKE ske,
59 SilcSocketConnection sock,
60 SilcSKEKeyMaterial *keymat,
65 SilcSKEDiffieHellmanGroup group,
68 SilcUnknownEntry conn_data;
71 SILC_LOG_DEBUG(("Setting new key into use"));
73 conn_data = silc_calloc(1, sizeof(*conn_data));
74 idata = (SilcIDListData)conn_data;
76 /* Allocate cipher to be used in the communication */
77 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
81 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
86 if (is_responder == TRUE) {
87 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
89 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
90 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
92 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
94 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
96 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
97 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
99 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
102 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
103 idata->rekey->send_enc_key =
104 silc_calloc(keymat->enc_key_len / 8,
105 sizeof(*idata->rekey->send_enc_key));
106 memcpy(idata->rekey->send_enc_key,
107 keymat->send_enc_key, keymat->enc_key_len / 8);
108 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
110 if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
111 idata->rekey->pfs = TRUE;
112 idata->rekey->ske_group = silc_ske_group_get_number(group);
114 /* Save the remote host's public key */
115 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
116 ske->ke1_payload->pk_len, &idata->public_key);
119 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
120 silc_cipher_free(idata->send_key);
121 silc_cipher_free(idata->receive_key);
122 silc_free(conn_data);
126 /* Save HMAC key to be used in the communication. */
127 if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac_send)) {
128 silc_cipher_free(idata->send_key);
129 silc_cipher_free(idata->receive_key);
130 silc_hash_free(idata->hash);
131 silc_free(conn_data);
134 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key, keymat->hmac_key_len);
135 idata->hmac_receive = idata->hmac_send;
137 sock->user_data = (void *)conn_data;
142 /* Check remote host version string */
144 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
147 SilcSKEStatus status = SILC_SKE_STATUS_OK;
149 int maj = 0, min = 0, build = 0, maj2, min2, build2;
151 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
152 ske->sock->ip, version));
154 /* Check for initial version string */
155 if (!strstr(version, "SILC-1.0-"))
156 status = SILC_SKE_STATUS_BAD_VERSION;
158 /* Check software version */
162 cp = strchr(cp, '.');
168 cp = strchr(cp, '.');
170 build = atoi(cp + 1);
173 cp = silc_version_string + 9;
175 cp = strchr(cp, '.');
181 cp = strchr(cp, '.');
183 build2 = atoi(cp + 1);
187 status = SILC_SKE_STATUS_BAD_VERSION;
190 status = SILC_SKE_STATUS_BAD_VERSION;
196 /* Performs key exchange protocol. This is used for both initiator
197 and responder key exchange. This is performed always when accepting
198 new connection to the server. This may be called recursively. */
200 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
202 SilcProtocol protocol = (SilcProtocol)context;
203 SilcServerKEInternalContext *ctx =
204 (SilcServerKEInternalContext *)protocol->context;
205 SilcServer server = (SilcServer)ctx->server;
206 SilcSKEStatus status = 0;
208 SILC_LOG_DEBUG(("Start"));
210 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
211 protocol->state = SILC_PROTOCOL_STATE_START;
213 SILC_LOG_DEBUG(("State=%d", protocol->state));
215 switch(protocol->state) {
216 case SILC_PROTOCOL_STATE_START:
223 /* Allocate Key Exchange object */
224 ske = silc_ske_alloc();
226 ske->rng = server->rng;
228 if (ctx->responder == TRUE) {
229 /* Start the key exchange by processing the received security
230 properties packet from initiator. */
231 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
233 ctx->packet->buffer, FALSE,
236 SilcSKEStartPayload *start_payload;
238 /* Assemble security properties. */
239 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
243 /* Start the key exchange by sending our security properties
244 to the remote end. */
245 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
247 silc_server_protocol_ke_send_packet,
251 if (status != SILC_SKE_STATUS_OK) {
252 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
254 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
257 protocol->state = SILC_PROTOCOL_STATE_ERROR;
258 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
262 /* Advance protocol state and call the next state if we are responder */
264 if (ctx->responder == TRUE)
265 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
273 if (ctx->responder == TRUE) {
274 /* Sends the selected security properties to the initiator. */
276 silc_ske_responder_phase_1(ctx->ske,
277 ctx->ske->start_payload,
278 silc_server_protocol_ke_send_packet,
281 /* Call Phase-1 function. This processes the Key Exchange Start
282 paylaod reply we just got from the responder. The callback
283 function will receive the processed payload where we will
285 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer,
289 if (status != SILC_SKE_STATUS_OK) {
290 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
292 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
295 protocol->state = SILC_PROTOCOL_STATE_ERROR;
296 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
300 /* Advance protocol state and call next state if we are initiator */
302 if (ctx->responder == FALSE)
303 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
311 if (ctx->responder == TRUE) {
312 /* Process the received Key Exchange 1 Payload packet from
313 the initiator. This also creates our parts of the Diffie
314 Hellman algorithm. */
315 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
316 NULL, NULL, NULL, NULL);
318 /* Call the Phase-2 function. This creates Diffie Hellman
319 key exchange parameters and sends our public part inside
320 Key Exhange 1 Payload to the responder. */
322 silc_ske_initiator_phase_2(ctx->ske,
325 silc_server_protocol_ke_send_packet,
329 if (status != SILC_SKE_STATUS_OK) {
330 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
332 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
335 protocol->state = SILC_PROTOCOL_STATE_ERROR;
336 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
340 /* Advance protocol state and call the next state if we are responder */
342 if (ctx->responder == TRUE)
343 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
351 if (ctx->responder == TRUE) {
352 /* This creates the key exchange material and sends our
353 public parts to the initiator inside Key Exchange 2 Payload. */
355 silc_ske_responder_finish(ctx->ske,
356 server->public_key, server->private_key,
357 SILC_SKE_PK_TYPE_SILC,
358 silc_server_protocol_ke_send_packet,
361 /* Finish the protocol. This verifies the Key Exchange 2 payload
362 sent by responder. */
363 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
364 NULL, NULL, NULL, NULL);
367 if (status != SILC_SKE_STATUS_OK) {
368 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
370 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
373 protocol->state = SILC_PROTOCOL_STATE_ERROR;
374 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
378 /* Send Ok to the other end. We will end the protocol as responder
379 sends Ok to us when we will take the new keys into use. */
380 if (ctx->responder == FALSE)
381 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
383 /* End the protocol on the next round */
384 protocol->state = SILC_PROTOCOL_STATE_END;
388 case SILC_PROTOCOL_STATE_END:
393 SilcSKEKeyMaterial *keymat;
394 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
395 int hash_len = ctx->ske->prop->hash->hash->hash_len;
397 /* Process the key material */
398 keymat = silc_calloc(1, sizeof(*keymat));
399 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
401 if (status != SILC_SKE_STATUS_OK) {
402 protocol->state = SILC_PROTOCOL_STATE_ERROR;
403 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
404 silc_ske_free_key_material(keymat);
407 ctx->keymat = keymat;
409 /* Send Ok to the other end if we are responder. If we are initiator
410 we have sent this already. */
411 if (ctx->responder == TRUE)
412 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
414 /* Unregister the timeout task since the protocol has ended.
415 This was the timeout task to be executed if the protocol is
416 not completed fast enough. */
417 if (ctx->timeout_task)
418 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
420 /* Call the final callback */
421 if (protocol->final_callback)
422 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
424 silc_protocol_free(protocol);
428 case SILC_PROTOCOL_STATE_ERROR:
433 /* Send abort notification */
434 silc_ske_abort(ctx->ske, ctx->ske->status,
435 silc_server_protocol_ke_send_packet,
438 /* Unregister the timeout task since the protocol has ended.
439 This was the timeout task to be executed if the protocol is
440 not completed fast enough. */
441 if (ctx->timeout_task)
442 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
444 /* On error the final callback is always called. */
445 if (protocol->final_callback)
446 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
448 silc_protocol_free(protocol);
451 case SILC_PROTOCOL_STATE_FAILURE:
453 * We have received failure from remote
456 /* Unregister the timeout task since the protocol has ended.
457 This was the timeout task to be executed if the protocol is
458 not completed fast enough. */
459 if (ctx->timeout_task)
460 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
462 /* On error the final callback is always called. */
463 if (protocol->final_callback)
464 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
466 silc_protocol_free(protocol);
469 case SILC_PROTOCOL_STATE_UNKNOWN:
475 * Connection Authentication protocol functions
479 silc_server_password_authentication(SilcServer server, char *auth1,
482 if (!auth1 || !auth2)
485 if (!memcmp(auth1, auth2, strlen(auth1)))
492 silc_server_public_key_authentication(SilcServer server,
493 SilcPublicKey pub_key,
502 if (!pub_key || !sign)
505 silc_pkcs_alloc(pub_key->name, &pkcs);
506 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
507 silc_pkcs_free(pkcs);
511 /* Make the authentication data. Protocol says it is HASH plus
513 len = ske->hash_len + ske->start_payload_copy->len;
514 auth = silc_buffer_alloc(len);
515 silc_buffer_pull_tail(auth, len);
516 silc_buffer_format(auth,
517 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
518 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
519 ske->start_payload_copy->len),
522 /* Verify signature */
523 if (silc_pkcs_verify(pkcs, sign, sign_len, auth->data, auth->len)) {
524 silc_pkcs_free(pkcs);
525 silc_buffer_free(auth);
529 silc_pkcs_free(pkcs);
530 silc_buffer_free(auth);
535 silc_server_get_public_key_auth(SilcServer server,
536 SilcPublicKey pub_key,
537 unsigned char *auth_data,
538 uint32 *auth_data_len,
548 silc_pkcs_alloc(pub_key->name, &pkcs);
549 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
550 silc_pkcs_free(pkcs);
554 /* Make the authentication data. Protocol says it is HASH plus
556 len = ske->hash_len + ske->start_payload_copy->len;
557 auth = silc_buffer_alloc(len);
558 silc_buffer_pull_tail(auth, len);
559 silc_buffer_format(auth,
560 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
561 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
562 ske->start_payload_copy->len),
565 if (silc_pkcs_sign(pkcs, auth->data, auth->len, auth_data, auth_data_len)) {
566 silc_pkcs_free(pkcs);
567 silc_buffer_free(auth);
571 silc_pkcs_free(pkcs);
572 silc_buffer_free(auth);
576 /* Performs connection authentication protocol. If responder, we
577 authenticate the remote data received. If initiator, we will send
578 authentication data to the remote end. */
580 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
582 SilcProtocol protocol = (SilcProtocol)context;
583 SilcServerConnAuthInternalContext *ctx =
584 (SilcServerConnAuthInternalContext *)protocol->context;
585 SilcServer server = (SilcServer)ctx->server;
587 SILC_LOG_DEBUG(("Start"));
589 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
590 protocol->state = SILC_PROTOCOL_STATE_START;
592 SILC_LOG_DEBUG(("State=%d", protocol->state));
594 switch(protocol->state) {
595 case SILC_PROTOCOL_STATE_START:
601 if (ctx->responder == TRUE) {
603 * We are receiving party
608 unsigned char *auth_data = NULL;
610 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
611 ctx->sock->hostname, ctx->sock->ip));
613 /* Parse the received authentication data packet. The received
614 payload is Connection Auth Payload. */
615 ret = silc_buffer_unformat(ctx->packet->buffer,
616 SILC_STR_UI_SHORT(&payload_len),
617 SILC_STR_UI_SHORT(&conn_type),
620 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
621 protocol->state = SILC_PROTOCOL_STATE_ERROR;
622 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
626 if (payload_len != ctx->packet->buffer->len) {
627 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
628 protocol->state = SILC_PROTOCOL_STATE_ERROR;
629 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
635 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
636 conn_type > SILC_SOCKET_TYPE_ROUTER) {
637 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
638 protocol->state = SILC_PROTOCOL_STATE_ERROR;
639 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
643 if (payload_len > 0) {
644 /* Get authentication data */
645 silc_buffer_pull(ctx->packet->buffer, 4);
646 ret = silc_buffer_unformat(ctx->packet->buffer,
647 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
651 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
652 protocol->state = SILC_PROTOCOL_STATE_ERROR;
653 protocol->execute(server->timeout_queue, 0,
654 protocol, fd, 0, 300000);
660 * Check the remote connection type and make sure that we have
661 * configured this connection. If we haven't allowed this connection
662 * the authentication must be failed.
665 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
667 /* Remote end is client */
668 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
669 SilcServerConfigSectionClientConnection *client = ctx->cconfig;
672 switch(client->auth_meth) {
674 /* No authentication required */
675 SILC_LOG_DEBUG(("No authentication required"));
678 case SILC_AUTH_PASSWORD:
679 /* Password authentication */
680 SILC_LOG_DEBUG(("Password authentication"));
681 ret = silc_server_password_authentication(server, auth_data,
687 /* Authentication failed */
688 SILC_LOG_ERROR(("Authentication failed"));
689 SILC_LOG_DEBUG(("Authentication failed"));
690 silc_free(auth_data);
691 protocol->state = SILC_PROTOCOL_STATE_ERROR;
692 protocol->execute(server->timeout_queue, 0,
693 protocol, fd, 0, 300000);
697 case SILC_AUTH_PUBLIC_KEY:
698 /* Public key authentication */
699 SILC_LOG_DEBUG(("Public key authentication"));
700 ret = silc_server_public_key_authentication(server,
709 SILC_LOG_ERROR(("Authentication failed"));
710 SILC_LOG_DEBUG(("Authentication failed"));
711 silc_free(auth_data);
712 protocol->state = SILC_PROTOCOL_STATE_ERROR;
713 protocol->execute(server->timeout_queue, 0,
714 protocol, fd, 0, 300000);
718 SILC_LOG_DEBUG(("No configuration for remote connection"));
719 SILC_LOG_ERROR(("Remote connection not configured"));
720 SILC_LOG_ERROR(("Authentication failed"));
721 silc_free(auth_data);
722 protocol->state = SILC_PROTOCOL_STATE_ERROR;
723 protocol->execute(server->timeout_queue, 0,
724 protocol, fd, 0, 300000);
729 /* Remote end is server */
730 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
731 SilcServerConfigSectionServerConnection *serv = ctx->sconfig;
734 switch(serv->auth_meth) {
736 /* No authentication required */
737 SILC_LOG_DEBUG(("No authentication required"));
740 case SILC_AUTH_PASSWORD:
741 /* Password authentication */
742 SILC_LOG_DEBUG(("Password authentication"));
743 ret = silc_server_password_authentication(server, auth_data,
749 /* Authentication failed */
750 SILC_LOG_ERROR(("Authentication failed"));
751 SILC_LOG_DEBUG(("Authentication failed"));
752 silc_free(auth_data);
753 protocol->state = SILC_PROTOCOL_STATE_ERROR;
754 protocol->execute(server->timeout_queue, 0,
755 protocol, fd, 0, 300000);
759 case SILC_AUTH_PUBLIC_KEY:
760 /* Public key authentication */
761 SILC_LOG_DEBUG(("Public key authentication"));
762 ret = silc_server_public_key_authentication(server,
771 SILC_LOG_ERROR(("Authentication failed"));
772 SILC_LOG_DEBUG(("Authentication failed"));
773 silc_free(auth_data);
774 protocol->state = SILC_PROTOCOL_STATE_ERROR;
775 protocol->execute(server->timeout_queue, 0,
776 protocol, fd, 0, 300000);
780 SILC_LOG_DEBUG(("No configuration for remote connection"));
781 SILC_LOG_ERROR(("Remote connection not configured"));
782 SILC_LOG_ERROR(("Authentication failed"));
783 protocol->state = SILC_PROTOCOL_STATE_ERROR;
784 protocol->execute(server->timeout_queue, 0,
785 protocol, fd, 0, 300000);
786 silc_free(auth_data);
791 /* Remote end is router */
792 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
793 SilcServerConfigSectionServerConnection *serv = ctx->rconfig;
796 switch(serv->auth_meth) {
798 /* No authentication required */
799 SILC_LOG_DEBUG(("No authentication required"));
802 case SILC_AUTH_PASSWORD:
803 /* Password authentication */
804 SILC_LOG_DEBUG(("Password authentication"));
805 ret = silc_server_password_authentication(server, auth_data,
811 /* Authentication failed */
812 SILC_LOG_ERROR(("Authentication failed"));
813 SILC_LOG_DEBUG(("Authentication failed"));
814 silc_free(auth_data);
815 protocol->state = SILC_PROTOCOL_STATE_ERROR;
816 protocol->execute(server->timeout_queue, 0,
817 protocol, fd, 0, 300000);
821 case SILC_AUTH_PUBLIC_KEY:
822 /* Public key authentication */
823 SILC_LOG_DEBUG(("Public key authentication"));
824 ret = silc_server_public_key_authentication(server,
833 SILC_LOG_ERROR(("Authentication failed"));
834 SILC_LOG_DEBUG(("Authentication failed"));
835 silc_free(auth_data);
836 protocol->state = SILC_PROTOCOL_STATE_ERROR;
837 protocol->execute(server->timeout_queue, 0,
838 protocol, fd, 0, 300000);
842 SILC_LOG_DEBUG(("No configuration for remote connection"));
843 SILC_LOG_ERROR(("Remote connection not configured"));
844 SILC_LOG_ERROR(("Authentication failed"));
845 silc_free(auth_data);
846 protocol->state = SILC_PROTOCOL_STATE_ERROR;
847 protocol->execute(server->timeout_queue, 0,
848 protocol, fd, 0, 300000);
853 silc_free(auth_data);
855 /* Save connection type. This is later used to create the
856 ID for the connection. */
857 ctx->conn_type = conn_type;
859 /* Advance protocol state. */
860 protocol->state = SILC_PROTOCOL_STATE_END;
861 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
865 * We are initiator. We are authenticating ourselves to a
866 * remote server. We will send the authentication data to the
867 * other end for verify.
871 unsigned char *auth_data = NULL;
872 uint32 auth_data_len = 0;
874 switch(ctx->auth_meth) {
876 /* No authentication required */
879 case SILC_AUTH_PASSWORD:
880 /* Password authentication */
881 if (ctx->auth_data && ctx->auth_data_len) {
882 auth_data = strdup(ctx->auth_data);
883 auth_data_len = ctx->auth_data_len;
888 case SILC_AUTH_PUBLIC_KEY:
890 unsigned char sign[1024];
892 /* Public key authentication */
893 silc_server_get_public_key_auth(server, ctx->auth_data,
894 sign, &auth_data_len,
896 auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
897 memcpy(auth_data, sign, auth_data_len);
902 payload_len = 4 + auth_data_len;
903 packet = silc_buffer_alloc(payload_len);
904 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
905 silc_buffer_format(packet,
906 SILC_STR_UI_SHORT(payload_len),
907 SILC_STR_UI_SHORT(server->server_type
909 SILC_SOCKET_TYPE_SERVER :
910 SILC_SOCKET_TYPE_ROUTER),
911 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
914 /* Send the packet to server */
915 silc_server_packet_send(server, ctx->sock,
916 SILC_PACKET_CONNECTION_AUTH, 0,
917 packet->data, packet->len, TRUE);
920 memset(auth_data, 0, auth_data_len);
921 silc_free(auth_data);
923 silc_buffer_free(packet);
925 /* Next state is end of protocol */
926 protocol->state = SILC_PROTOCOL_STATE_END;
931 case SILC_PROTOCOL_STATE_END:
938 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
940 /* Authentication successful */
941 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
944 /* Unregister the timeout task since the protocol has ended.
945 This was the timeout task to be executed if the protocol is
946 not completed fast enough. */
947 if (ctx->timeout_task)
948 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
950 /* Protocol has ended, call the final callback */
951 if (protocol->final_callback)
952 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
954 silc_protocol_free(protocol);
957 case SILC_PROTOCOL_STATE_ERROR:
960 * Error. Send notify to remote.
962 unsigned char error[4];
964 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
966 /* Authentication failed */
967 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
970 /* Unregister the timeout task since the protocol has ended.
971 This was the timeout task to be executed if the protocol is
972 not completed fast enough. */
973 if (ctx->timeout_task)
974 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
976 /* On error the final callback is always called. */
977 if (protocol->final_callback)
978 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
980 silc_protocol_free(protocol);
984 case SILC_PROTOCOL_STATE_FAILURE:
986 * We have received failure from remote
989 /* Unregister the timeout task since the protocol has ended.
990 This was the timeout task to be executed if the protocol is
991 not completed fast enough. */
992 if (ctx->timeout_task)
993 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
995 /* On error the final callback is always called. */
996 if (protocol->final_callback)
997 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
999 silc_protocol_free(protocol);
1002 case SILC_PROTOCOL_STATE_UNKNOWN:
1008 * Re-key protocol routines
1011 /* Actually takes the new keys into use. */
1014 silc_server_protocol_rekey_validate(SilcServer server,
1015 SilcServerRekeyInternalContext *ctx,
1016 SilcIDListData idata,
1017 SilcSKEKeyMaterial *keymat,
1020 if (ctx->responder == TRUE) {
1022 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1023 keymat->enc_key_len);
1024 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1026 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1027 keymat->enc_key_len);
1028 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1032 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1033 keymat->enc_key_len);
1034 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1036 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1037 keymat->enc_key_len);
1038 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1043 silc_hmac_alloc(idata->hmac_send->hmac->name, NULL, &idata->hmac_send);
1044 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key,
1045 keymat->hmac_key_len);
1047 silc_hmac_free(idata->hmac_receive);
1048 idata->hmac_receive = idata->hmac_send;
1051 /* Save the current sending encryption key */
1053 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1054 silc_free(idata->rekey->send_enc_key);
1055 idata->rekey->send_enc_key =
1056 silc_calloc(keymat->enc_key_len / 8,
1057 sizeof(*idata->rekey->send_enc_key));
1058 memcpy(idata->rekey->send_enc_key, keymat->send_enc_key,
1059 keymat->enc_key_len / 8);
1060 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1064 /* This function actually re-generates (when not using PFS) the keys and
1065 takes them into use. */
1067 void silc_server_protocol_rekey_generate(SilcServer server,
1068 SilcServerRekeyInternalContext *ctx,
1071 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1072 SilcSKEKeyMaterial *keymat;
1073 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1074 uint32 hash_len = idata->hash->hash->hash_len;
1076 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1077 send ? "sending" : "receiving"));
1079 /* Generate the new key */
1080 keymat = silc_calloc(1, sizeof(*keymat));
1081 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1082 idata->rekey->enc_key_len,
1083 16, key_len, hash_len,
1084 idata->hash, keymat);
1086 /* Set the keys into use */
1087 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1089 silc_ske_free_key_material(keymat);
1092 /* This function actually re-generates (with PFS) the keys and
1093 takes them into use. */
1096 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1097 SilcServerRekeyInternalContext *ctx,
1100 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1101 SilcSKEKeyMaterial *keymat;
1102 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1103 uint32 hash_len = idata->hash->hash->hash_len;
1104 unsigned char *tmpbuf;
1107 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1108 send ? "sending" : "receiving"));
1110 /* Encode KEY to binary data */
1111 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1113 /* Generate the new key */
1114 keymat = silc_calloc(1, sizeof(*keymat));
1115 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1116 idata->hash, keymat);
1118 /* Set the keys into use */
1119 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1121 memset(tmpbuf, 0, klen);
1123 silc_ske_free_key_material(keymat);
1126 /* Packet sending callback. This function is provided as packet sending
1127 routine to the Key Exchange functions. */
1130 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1132 SilcPacketType type,
1135 SilcProtocol protocol = (SilcProtocol)context;
1136 SilcServerRekeyInternalContext *ctx =
1137 (SilcServerRekeyInternalContext *)protocol->context;
1138 SilcServer server = (SilcServer)ctx->server;
1140 /* Send the packet immediately */
1141 silc_server_packet_send(server, ctx->sock,
1142 type, 0, packet->data, packet->len, FALSE);
1145 /* Performs re-key as defined in the SILC protocol specification. */
1147 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1149 SilcProtocol protocol = (SilcProtocol)context;
1150 SilcServerRekeyInternalContext *ctx =
1151 (SilcServerRekeyInternalContext *)protocol->context;
1152 SilcServer server = (SilcServer)ctx->server;
1153 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1154 SilcSKEStatus status;
1156 SILC_LOG_DEBUG(("Start"));
1158 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1159 protocol->state = SILC_PROTOCOL_STATE_START;
1161 SILC_LOG_DEBUG(("State=%d", protocol->state));
1163 switch(protocol->state) {
1164 case SILC_PROTOCOL_STATE_START:
1170 if (ctx->responder == TRUE) {
1172 * We are receiving party
1175 if (ctx->pfs == TRUE) {
1177 * Use Perfect Forward Secrecy, ie. negotiate the key material
1178 * using the SKE protocol.
1181 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1182 /* Error in protocol */
1183 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1184 protocol->execute(server->timeout_queue, 0, protocol, fd,
1188 ctx->ske = silc_ske_alloc();
1189 ctx->ske->rng = server->rng;
1190 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1191 silc_ske_get_group_by_number(idata->rekey->ske_group,
1192 &ctx->ske->prop->group);
1194 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
1195 NULL, NULL, NULL, NULL);
1196 if (status != SILC_SKE_STATUS_OK) {
1197 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1200 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1201 protocol->execute(server->timeout_queue, 0,
1202 protocol, fd, 0, 300000);
1206 /* Advance the protocol state */
1208 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
1211 * Do normal and simple re-key.
1214 /* Send the REKEY_DONE to indicate we will take new keys into use */
1215 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1218 /* After we send REKEY_DONE we must set the sending encryption
1219 key to the new key since all packets after this packet must
1220 encrypted with the new key. */
1221 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1223 /* The protocol ends in next stage. */
1224 protocol->state = SILC_PROTOCOL_STATE_END;
1229 * We are the initiator of this protocol
1232 /* Start the re-key by sending the REKEY packet */
1233 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1236 if (ctx->pfs == TRUE) {
1238 * Use Perfect Forward Secrecy, ie. negotiate the key material
1239 * using the SKE protocol.
1241 ctx->ske = silc_ske_alloc();
1242 ctx->ske->rng = server->rng;
1243 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1244 silc_ske_get_group_by_number(idata->rekey->ske_group,
1245 &ctx->ske->prop->group);
1248 silc_ske_initiator_phase_2(ctx->ske, NULL, NULL,
1249 silc_server_protocol_rekey_send_packet,
1252 if (status != SILC_SKE_STATUS_OK) {
1253 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1256 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1257 protocol->execute(server->timeout_queue, 0,
1258 protocol, fd, 0, 300000);
1262 /* Advance the protocol state */
1266 * Do normal and simple re-key.
1269 /* Send the REKEY_DONE to indicate we will take new keys into use
1271 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1274 /* After we send REKEY_DONE we must set the sending encryption
1275 key to the new key since all packets after this packet must
1276 encrypted with the new key. */
1277 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1279 /* The protocol ends in next stage. */
1280 protocol->state = SILC_PROTOCOL_STATE_END;
1288 * Second state, used only when oding re-key with PFS.
1290 if (ctx->responder == TRUE) {
1291 if (ctx->pfs == TRUE) {
1293 * Send our KE packe to the initiator now that we've processed
1294 * the initiator's KE packet.
1297 silc_ske_responder_finish(ctx->ske, NULL, NULL,
1298 SILC_SKE_PK_TYPE_SILC,
1299 silc_server_protocol_rekey_send_packet,
1302 if (status != SILC_SKE_STATUS_OK) {
1303 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1306 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1307 protocol->execute(server->timeout_queue, 0,
1308 protocol, fd, 0, 300000);
1314 if (ctx->pfs == TRUE) {
1316 * The packet type must be KE packet
1318 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1319 /* Error in protocol */
1320 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1321 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
1324 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
1325 NULL, NULL, NULL, NULL);
1326 if (status != SILC_SKE_STATUS_OK) {
1327 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1330 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1331 protocol->execute(server->timeout_queue, 0,
1332 protocol, fd, 0, 300000);
1338 /* Send the REKEY_DONE to indicate we will take new keys into use
1340 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1343 /* After we send REKEY_DONE we must set the sending encryption
1344 key to the new key since all packets after this packet must
1345 encrypted with the new key. */
1346 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1348 /* The protocol ends in next stage. */
1349 protocol->state = SILC_PROTOCOL_STATE_END;
1352 case SILC_PROTOCOL_STATE_END:
1357 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1358 /* Error in protocol */
1359 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1360 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
1363 /* We received the REKEY_DONE packet and all packets after this is
1364 encrypted with the new key so set the decryption key to the new key */
1365 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1367 /* Protocol has ended, call the final callback */
1368 if (protocol->final_callback)
1369 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1371 silc_protocol_free(protocol);
1374 case SILC_PROTOCOL_STATE_ERROR:
1379 if (ctx->pfs == TRUE) {
1380 /* Send abort notification */
1381 silc_ske_abort(ctx->ske, ctx->ske->status,
1382 silc_server_protocol_ke_send_packet,
1386 /* On error the final callback is always called. */
1387 if (protocol->final_callback)
1388 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1390 silc_protocol_free(protocol);
1393 case SILC_PROTOCOL_STATE_FAILURE:
1395 * We have received failure from remote
1398 /* On error the final callback is always called. */
1399 if (protocol->final_callback)
1400 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1402 silc_protocol_free(protocol);
1405 case SILC_PROTOCOL_STATE_UNKNOWN:
1411 /* Registers protocols used in server. */
1413 void silc_server_protocols_register(void)
1415 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1416 silc_server_protocol_connection_auth);
1417 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1418 silc_server_protocol_key_exchange);
1419 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1420 silc_server_protocol_rekey);
1423 /* Unregisters protocols */
1425 void silc_server_protocols_unregister(void)
1427 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1428 silc_server_protocol_connection_auth);
1429 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1430 silc_server_protocol_key_exchange);
1431 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1432 silc_server_protocol_rekey);