5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
39 silc_verify_public_key_internal(SilcServer server, SilcSocketConnection sock,
40 SilcSocketType conn_type,
41 unsigned char *pk, uint32 pk_len,
42 SilcSKEPKType pk_type)
44 char file[256], filename[256], *fingerprint;
47 if (pk_type != SILC_SKE_PK_TYPE_SILC) {
48 SILC_LOG_WARNING(("We don't support %s (%s) port %d public key type %d",
49 sock->hostname, sock->ip, sock->port, pk_type));
53 /* Accept client keys without verification */
54 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
55 SILC_LOG_DEBUG(("Accepting client public key without verification"));
59 /* XXX For now, accept server keys without verification too. We are
60 currently always doing mutual authentication so the proof of posession
61 of the private key is verified, and if server is authenticated in
62 conn auth protocol with public key we MUST have the key already. */
64 /* Rest is unreachable code! */
66 memset(filename, 0, sizeof(filename));
67 memset(file, 0, sizeof(file));
68 snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", sock->hostname,
70 snprintf(filename, sizeof(filename) - 1, SILC_ETCDIR "/serverkeys/%s",
73 /* Create serverkeys directory if it doesn't exist. */
74 if (stat(SILC_ETCDIR "/serverkeys", &st) < 0) {
75 /* If dir doesn't exist */
76 if (errno == ENOENT) {
77 if (mkdir(SILC_ETCDIR "/serverkeys", 0755) < 0) {
78 SILC_LOG_ERROR(("Couldn't create `%s' directory\n",
79 SILC_ETCDIR "/serverkeys"));
83 SILC_LOG_ERROR(("%s\n", strerror(errno)));
88 /* Take fingerprint of the public key */
89 fingerprint = silc_hash_fingerprint(NULL, pk, pk_len);
90 SILC_LOG_DEBUG(("Received server %s (%s) port %d public key (%s)",
91 sock->hostname, sock->ip, sock->port, fingerprint));
92 silc_free(fingerprint);
94 /* Check whether this key already exists */
95 if (stat(filename, &st) < 0) {
96 /* We don't have it, then cache it. */
97 SILC_LOG_DEBUG(("New public key from server"));
99 silc_pkcs_save_public_key_data(filename, pk, pk_len,
103 /* The key already exists, verify it. */
104 SilcPublicKey public_key;
105 unsigned char *encpk;
108 SILC_LOG_DEBUG(("We have the public key saved locally"));
110 /* Load the key file */
111 if (!silc_pkcs_load_public_key(filename, &public_key,
113 if (!silc_pkcs_load_public_key(filename, &public_key,
114 SILC_PKCS_FILE_BIN)) {
115 SILC_LOG_WARNING(("Could not load local copy of the %s (%s) port %d "
116 "server public key", sock->hostname, sock->ip,
119 /* Save the key for future checking */
121 silc_pkcs_save_public_key_data(filename, pk, pk_len,
126 /* Encode the key data */
127 encpk = silc_pkcs_public_key_encode(public_key, &encpk_len);
129 SILC_LOG_WARNING(("Local copy of the server %s (%s) port %d public key "
130 "is malformed", sock->hostname, sock->ip, sock->port));
132 /* Save the key for future checking */
134 silc_pkcs_save_public_key_data(filename, pk, pk_len,
139 if (memcmp(encpk, pk, encpk_len)) {
140 SILC_LOG_WARNING(("%s (%s) port %d server public key does not match "
141 "with local copy", sock->hostname, sock->ip,
143 SILC_LOG_WARNING(("It is possible that the key has expired or changed"));
144 SILC_LOG_WARNING(("It is also possible that some one is performing "
145 "man-in-the-middle attack"));
146 SILC_LOG_WARNING(("Will not accept the server %s (%s) port %d public "
148 sock->hostname, sock->ip, sock->port));
152 /* Local copy matched */
157 /* Callback that is called when we have received KE2 payload from
158 responder. We try to verify the public key now. */
161 silc_server_protocol_ke_verify_key(SilcSKE ske,
162 unsigned char *pk_data,
164 SilcSKEPKType pk_type,
166 SilcSKEVerifyCbCompletion completion,
167 void *completion_context)
169 SilcProtocol protocol = (SilcProtocol)context;
170 SilcServerKEInternalContext *ctx =
171 (SilcServerKEInternalContext *)protocol->context;
172 SilcServer server = (SilcServer)ctx->server;
174 SILC_LOG_DEBUG(("Start"));
176 if (silc_verify_public_key_internal(server, ctx->sock,
177 (ctx->responder == FALSE ?
178 SILC_SOCKET_TYPE_ROUTER:
179 ctx->sconfig ? SILC_SOCKET_TYPE_SERVER :
180 ctx->rconfig ? SILC_SOCKET_TYPE_ROUTER :
181 SILC_SOCKET_TYPE_CLIENT),
182 pk_data, pk_len, pk_type))
183 completion(ske, SILC_SKE_STATUS_OK, completion_context);
185 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
189 /* Packet sending callback. This function is provided as packet sending
190 routine to the Key Exchange functions. */
192 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
197 SilcProtocol protocol = (SilcProtocol)context;
198 SilcServerKEInternalContext *ctx =
199 (SilcServerKEInternalContext *)protocol->context;
200 SilcServer server = (SilcServer)ctx->server;
202 /* Send the packet immediately */
203 silc_server_packet_send(server, ske->sock,
204 type, 0, packet->data, packet->len, TRUE);
207 /* Sets the negotiated key material into use for particular connection. */
209 int silc_server_protocol_ke_set_keys(SilcSKE ske,
210 SilcSocketConnection sock,
211 SilcSKEKeyMaterial *keymat,
216 SilcSKEDiffieHellmanGroup group,
219 SilcUnknownEntry conn_data;
220 SilcIDListData idata;
222 SILC_LOG_DEBUG(("Setting new key into use"));
224 conn_data = silc_calloc(1, sizeof(*conn_data));
225 idata = (SilcIDListData)conn_data;
227 /* Allocate cipher to be used in the communication */
228 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
229 silc_free(conn_data);
232 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
233 silc_free(conn_data);
237 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
238 &idata->hmac_send)) {
239 silc_cipher_free(idata->send_key);
240 silc_cipher_free(idata->receive_key);
241 silc_free(conn_data);
245 if (!silc_hmac_alloc((char *)silc_hmac_get_name(hmac), NULL,
246 &idata->hmac_receive)) {
247 silc_cipher_free(idata->send_key);
248 silc_cipher_free(idata->receive_key);
249 silc_hmac_free(idata->hmac_send);
250 silc_free(conn_data);
254 if (is_responder == TRUE) {
255 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
256 keymat->enc_key_len);
257 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
258 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
259 keymat->enc_key_len);
260 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
261 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
262 keymat->hmac_key_len);
263 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
264 keymat->hmac_key_len);
266 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
267 keymat->enc_key_len);
268 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
269 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
270 keymat->enc_key_len);
271 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
272 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
273 keymat->hmac_key_len);
274 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
275 keymat->hmac_key_len);
278 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
279 idata->rekey->send_enc_key =
280 silc_calloc(keymat->enc_key_len / 8,
281 sizeof(*idata->rekey->send_enc_key));
282 memcpy(idata->rekey->send_enc_key,
283 keymat->send_enc_key, keymat->enc_key_len / 8);
284 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
286 if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
287 idata->rekey->pfs = TRUE;
288 idata->rekey->ske_group = silc_ske_group_get_number(group);
291 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
292 silc_cipher_free(idata->send_key);
293 silc_cipher_free(idata->receive_key);
294 silc_hmac_free(idata->hmac_send);
295 silc_hmac_free(idata->hmac_receive);
296 silc_free(conn_data);
300 /* Save the remote host's public key */
301 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
302 ske->ke1_payload->pk_len, &idata->public_key);
304 sock->user_data = (void *)conn_data;
306 SILC_LOG_INFO(("%s (%s) security properties: %s %s %s",
307 sock->hostname, sock->ip,
308 idata->send_key->cipher->name,
309 (char *)silc_hmac_get_name(idata->hmac_send),
310 idata->hash->hash->name));
315 /* Check remote host version string */
317 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
318 uint32 len, void *context)
320 SilcSKEStatus status = SILC_SKE_STATUS_OK;
322 int maj = 0, min = 0, build = 0, maj2 = 0, min2 = 0, build2 = 0;
324 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
325 ske->sock->ip, version));
327 /* Check for initial version string */
328 if (!strstr(version, "SILC-1.0-"))
329 status = SILC_SKE_STATUS_BAD_VERSION;
331 /* Check software version */
335 status = SILC_SKE_STATUS_BAD_VERSION;
338 cp = strchr(cp, '.');
344 cp = strchr(cp, '.');
346 build = atoi(cp + 1);
349 cp = silc_version_string + 9;
351 status = SILC_SKE_STATUS_BAD_VERSION;
354 cp = strchr(cp, '.');
360 cp = strchr(cp, '.');
362 build2 = atoi(cp + 1);
366 status = SILC_SKE_STATUS_BAD_VERSION;
368 status = SILC_SKE_STATUS_BAD_VERSION;
370 /* XXX < 0.6 is not allowed */
371 if (maj == 0 && min < 5)
372 status = SILC_SKE_STATUS_BAD_VERSION;
374 /* XXX backward support for 0.6.1 */
375 if (maj == 0 && min == 6 && build < 2)
376 ske->backward_version = 1;
381 /* Callback that is called by the SKE to indicate that it is safe to
382 continue the execution of the protocol. This is used only if we are
383 initiator. Is given as argument to the silc_ske_initiator_finish or
384 silc_ske_responder_phase_2 functions. This is called due to the fact
385 that the public key verification process is asynchronous and we must
386 not continue the protocl until the public key has been verified and
387 this callback is called. */
389 static void silc_server_protocol_ke_continue(SilcSKE ske, void *context)
391 SilcProtocol protocol = (SilcProtocol)context;
392 SilcServerKEInternalContext *ctx =
393 (SilcServerKEInternalContext *)protocol->context;
394 SilcServer server = (SilcServer)ctx->server;
396 SILC_LOG_DEBUG(("Start"));
398 if (ske->status != SILC_SKE_STATUS_OK) {
399 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
400 silc_ske_map_status(ske->status)));
401 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
402 silc_ske_map_status(ske->status)));
404 protocol->state = SILC_PROTOCOL_STATE_ERROR;
405 silc_protocol_execute(protocol, server->schedule, 0, 300000);
409 /* Send Ok to the other end. We will end the protocol as responder
410 sends Ok to us when we will take the new keys into use. */
411 if (ctx->responder == FALSE) {
412 silc_ske_end(ctx->ske);
414 /* End the protocol on the next round */
415 protocol->state = SILC_PROTOCOL_STATE_END;
418 /* Advance protocol state and call the next state if we are responder.
419 This happens when this callback was sent to silc_ske_responder_phase_2
421 if (ctx->responder == TRUE) {
423 silc_protocol_execute(protocol, server->schedule, 0, 100000);
427 /* Performs key exchange protocol. This is used for both initiator
428 and responder key exchange. This is performed always when accepting
429 new connection to the server. This may be called recursively. */
431 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
433 SilcProtocol protocol = (SilcProtocol)context;
434 SilcServerKEInternalContext *ctx =
435 (SilcServerKEInternalContext *)protocol->context;
436 SilcServer server = (SilcServer)ctx->server;
437 SilcSKEStatus status = SILC_SKE_STATUS_OK;
439 SILC_LOG_DEBUG(("Start"));
441 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
442 protocol->state = SILC_PROTOCOL_STATE_START;
444 SILC_LOG_DEBUG(("State=%d", protocol->state));
446 switch(protocol->state) {
447 case SILC_PROTOCOL_STATE_START:
454 /* Allocate Key Exchange object */
455 ske = silc_ske_alloc();
457 ske->rng = server->rng;
459 silc_ske_set_callbacks(ske, silc_server_protocol_ke_send_packet, NULL,
460 silc_server_protocol_ke_verify_key,
461 silc_server_protocol_ke_continue,
462 silc_ske_check_version, context);
464 if (ctx->responder == TRUE) {
465 /* Start the key exchange by processing the received security
466 properties packet from initiator. */
467 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
469 ctx->packet->buffer, TRUE);
471 SilcSKEStartPayload *start_payload;
473 /* Assemble security properties. */
474 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_MUTUAL,
478 /* Start the key exchange by sending our security properties
479 to the remote end. */
480 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
484 /* Return now if the procedure is pending. */
485 if (status == SILC_SKE_STATUS_PENDING)
488 if (status != SILC_SKE_STATUS_OK) {
489 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
490 silc_ske_map_status(status)));
491 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
492 silc_ske_map_status(status)));
494 protocol->state = SILC_PROTOCOL_STATE_ERROR;
495 silc_protocol_execute(protocol, server->schedule, 0, 300000);
499 /* Advance protocol state and call the next state if we are responder */
501 if (ctx->responder == TRUE)
502 silc_protocol_execute(protocol, server->schedule, 0, 100000);
510 if (ctx->responder == TRUE) {
511 /* Sends the selected security properties to the initiator. */
512 status = silc_ske_responder_phase_1(ctx->ske,
513 ctx->ske->start_payload);
515 /* Call Phase-1 function. This processes the Key Exchange Start
516 paylaod reply we just got from the responder. The callback
517 function will receive the processed payload where we will
519 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer);
522 /* Return now if the procedure is pending. */
523 if (status == SILC_SKE_STATUS_PENDING)
526 if (status != SILC_SKE_STATUS_OK) {
527 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
528 silc_ske_map_status(status)));
529 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
530 silc_ske_map_status(status)));
532 protocol->state = SILC_PROTOCOL_STATE_ERROR;
533 silc_protocol_execute(protocol, server->schedule, 0, 300000);
537 /* Advance protocol state and call next state if we are initiator */
539 if (ctx->responder == FALSE)
540 silc_protocol_execute(protocol, server->schedule, 0, 100000);
548 if (ctx->responder == TRUE) {
549 /* Process the received Key Exchange 1 Payload packet from
550 the initiator. This also creates our parts of the Diffie
551 Hellman algorithm. The silc_server_protocol_ke_continue
552 will be called after the public key has been verified. */
553 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
555 /* Call the Phase-2 function. This creates Diffie Hellman
556 key exchange parameters and sends our public part inside
557 Key Exhange 1 Payload to the responder. */
558 status = silc_ske_initiator_phase_2(ctx->ske,
560 server->private_key);
564 /* Return now if the procedure is pending. */
565 if (status == SILC_SKE_STATUS_PENDING)
568 if (status != SILC_SKE_STATUS_OK) {
569 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
570 silc_ske_map_status(status)));
571 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
572 silc_ske_map_status(status)));
574 protocol->state = SILC_PROTOCOL_STATE_ERROR;
575 silc_protocol_execute(protocol, server->schedule, 0, 300000);
585 if (ctx->responder == TRUE) {
586 /* This creates the key exchange material and sends our
587 public parts to the initiator inside Key Exchange 2 Payload. */
588 status = silc_ske_responder_finish(ctx->ske,
591 SILC_SKE_PK_TYPE_SILC);
593 /* End the protocol on the next round */
594 protocol->state = SILC_PROTOCOL_STATE_END;
596 /* Finish the protocol. This verifies the Key Exchange 2 payload
597 sent by responder. The silc_server_protocol_ke_continue will
598 be called after the public key has been verified. */
599 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
602 /* Return now if the procedure is pending. */
603 if (status == SILC_SKE_STATUS_PENDING)
606 if (status != SILC_SKE_STATUS_OK) {
607 SILC_LOG_WARNING(("Error (%s) during Key Exchange protocol",
608 silc_ske_map_status(status)));
609 SILC_LOG_DEBUG(("Error (%s) during Key Exchange protocol",
610 silc_ske_map_status(status)));
612 protocol->state = SILC_PROTOCOL_STATE_ERROR;
613 silc_protocol_execute(protocol, server->schedule, 0, 300000);
619 case SILC_PROTOCOL_STATE_END:
624 SilcSKEKeyMaterial *keymat;
625 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
626 int hash_len = ctx->ske->prop->hash->hash->hash_len;
628 /* Process the key material */
629 keymat = silc_calloc(1, sizeof(*keymat));
630 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
632 if (status != SILC_SKE_STATUS_OK) {
633 protocol->state = SILC_PROTOCOL_STATE_ERROR;
634 silc_protocol_execute(protocol, server->schedule, 0, 300000);
635 silc_ske_free_key_material(keymat);
638 ctx->keymat = keymat;
640 /* Send Ok to the other end if we are responder. If we are initiator
641 we have sent this already. */
642 if (ctx->responder == TRUE)
643 silc_ske_end(ctx->ske);
645 /* Unregister the timeout task since the protocol has ended.
646 This was the timeout task to be executed if the protocol is
647 not completed fast enough. */
648 if (ctx->timeout_task)
649 silc_schedule_task_del(server->schedule, ctx->timeout_task);
651 /* Call the final callback */
652 if (protocol->final_callback)
653 silc_protocol_execute_final(protocol, server->schedule);
655 silc_protocol_free(protocol);
659 case SILC_PROTOCOL_STATE_ERROR:
664 /* Send abort notification */
665 silc_ske_abort(ctx->ske, ctx->ske->status);
667 /* Unregister the timeout task since the protocol has ended.
668 This was the timeout task to be executed if the protocol is
669 not completed fast enough. */
670 if (ctx->timeout_task)
671 silc_schedule_task_del(server->schedule, ctx->timeout_task);
673 /* On error the final callback is always called. */
674 if (protocol->final_callback)
675 silc_protocol_execute_final(protocol, server->schedule);
677 silc_protocol_free(protocol);
680 case SILC_PROTOCOL_STATE_FAILURE:
682 * We have received failure from remote
685 /* Unregister the timeout task since the protocol has ended.
686 This was the timeout task to be executed if the protocol is
687 not completed fast enough. */
688 if (ctx->timeout_task)
689 silc_schedule_task_del(server->schedule, ctx->timeout_task);
691 /* On error the final callback is always called. */
692 if (protocol->final_callback)
693 silc_protocol_execute_final(protocol, server->schedule);
695 silc_protocol_free(protocol);
698 case SILC_PROTOCOL_STATE_UNKNOWN:
704 * Connection Authentication protocol functions
708 silc_server_password_authentication(SilcServer server, char *auth1,
711 if (!auth1 || !auth2)
714 if (!memcmp(auth1, auth2, strlen(auth1)))
721 silc_server_public_key_authentication(SilcServer server,
722 SilcPublicKey pub_key,
731 if (!pub_key || !sign)
734 silc_pkcs_alloc(pub_key->name, &pkcs);
735 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
736 silc_pkcs_free(pkcs);
740 /* Make the authentication data. Protocol says it is HASH plus
742 len = ske->hash_len + ske->start_payload_copy->len;
743 auth = silc_buffer_alloc(len);
744 silc_buffer_pull_tail(auth, len);
745 silc_buffer_format(auth,
746 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
747 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
748 ske->start_payload_copy->len),
751 /* Verify signature */
752 if (silc_pkcs_verify_with_hash(pkcs, ske->prop->hash, sign, sign_len,
753 auth->data, auth->len)) {
754 silc_pkcs_free(pkcs);
755 silc_buffer_free(auth);
759 silc_pkcs_free(pkcs);
760 silc_buffer_free(auth);
765 silc_server_get_public_key_auth(SilcServer server,
766 unsigned char *auth_data,
767 uint32 *auth_data_len,
776 /* Make the authentication data. Protocol says it is HASH plus
778 len = ske->hash_len + ske->start_payload_copy->len;
779 auth = silc_buffer_alloc(len);
780 silc_buffer_pull_tail(auth, len);
781 silc_buffer_format(auth,
782 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
783 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
784 ske->start_payload_copy->len),
787 if (silc_pkcs_sign_with_hash(pkcs, ske->prop->hash, auth->data,
788 auth->len, auth_data, auth_data_len)) {
789 silc_buffer_free(auth);
793 silc_buffer_free(auth);
797 /* Performs connection authentication protocol. If responder, we
798 authenticate the remote data received. If initiator, we will send
799 authentication data to the remote end. */
801 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
803 SilcProtocol protocol = (SilcProtocol)context;
804 SilcServerConnAuthInternalContext *ctx =
805 (SilcServerConnAuthInternalContext *)protocol->context;
806 SilcServer server = (SilcServer)ctx->server;
808 SILC_LOG_DEBUG(("Start"));
810 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
811 protocol->state = SILC_PROTOCOL_STATE_START;
813 SILC_LOG_DEBUG(("State=%d", protocol->state));
815 switch(protocol->state) {
816 case SILC_PROTOCOL_STATE_START:
822 if (ctx->responder == TRUE) {
824 * We are receiving party
829 unsigned char *auth_data = NULL;
831 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
832 ctx->sock->hostname, ctx->sock->ip));
834 /* Parse the received authentication data packet. The received
835 payload is Connection Auth Payload. */
836 ret = silc_buffer_unformat(ctx->packet->buffer,
837 SILC_STR_UI_SHORT(&payload_len),
838 SILC_STR_UI_SHORT(&conn_type),
841 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
842 protocol->state = SILC_PROTOCOL_STATE_ERROR;
843 silc_protocol_execute(protocol, server->schedule, 0, 300000);
847 if (payload_len != ctx->packet->buffer->len) {
848 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
849 protocol->state = SILC_PROTOCOL_STATE_ERROR;
850 silc_protocol_execute(protocol, server->schedule, 0, 300000);
856 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
857 conn_type > SILC_SOCKET_TYPE_ROUTER) {
858 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
859 protocol->state = SILC_PROTOCOL_STATE_ERROR;
860 silc_protocol_execute(protocol, server->schedule, 0, 300000);
864 if (payload_len > 0) {
865 /* Get authentication data */
866 silc_buffer_pull(ctx->packet->buffer, 4);
867 ret = silc_buffer_unformat(ctx->packet->buffer,
868 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
872 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
873 protocol->state = SILC_PROTOCOL_STATE_ERROR;
874 silc_protocol_execute(protocol, server->schedule, 0, 300000);
880 * Check the remote connection type and make sure that we have
881 * configured this connection. If we haven't allowed this connection
882 * the authentication must be failed.
885 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
887 /* Remote end is client */
888 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
889 SilcServerConfigSectionClientConnection *client = ctx->cconfig;
892 switch(client->auth_meth) {
894 /* No authentication required */
895 SILC_LOG_DEBUG(("No authentication required"));
898 case SILC_AUTH_PASSWORD:
899 /* Password authentication */
900 SILC_LOG_DEBUG(("Password authentication"));
901 ret = silc_server_password_authentication(server, auth_data,
907 /* Authentication failed */
908 SILC_LOG_ERROR(("Authentication failed"));
909 SILC_LOG_DEBUG(("Authentication failed"));
910 silc_free(auth_data);
911 protocol->state = SILC_PROTOCOL_STATE_ERROR;
912 silc_protocol_execute(protocol, server->schedule,
917 case SILC_AUTH_PUBLIC_KEY:
918 /* Public key authentication */
919 SILC_LOG_DEBUG(("Public key authentication"));
920 ret = silc_server_public_key_authentication(server,
929 SILC_LOG_ERROR(("Authentication failed"));
930 SILC_LOG_DEBUG(("Authentication failed"));
931 silc_free(auth_data);
932 protocol->state = SILC_PROTOCOL_STATE_ERROR;
933 silc_protocol_execute(protocol, server->schedule,
938 SILC_LOG_DEBUG(("No configuration for remote connection"));
939 SILC_LOG_ERROR(("Remote connection not configured"));
940 SILC_LOG_ERROR(("Authentication failed"));
941 silc_free(auth_data);
942 protocol->state = SILC_PROTOCOL_STATE_ERROR;
943 silc_protocol_execute(protocol, server->schedule,
949 /* Remote end is server */
950 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
951 SilcServerConfigSectionServerConnection *serv = ctx->sconfig;
954 switch(serv->auth_meth) {
956 /* No authentication required */
957 SILC_LOG_DEBUG(("No authentication required"));
960 case SILC_AUTH_PASSWORD:
961 /* Password authentication */
962 SILC_LOG_DEBUG(("Password authentication"));
963 ret = silc_server_password_authentication(server, auth_data,
969 /* Authentication failed */
970 SILC_LOG_ERROR(("Authentication failed"));
971 SILC_LOG_DEBUG(("Authentication failed"));
972 silc_free(auth_data);
973 protocol->state = SILC_PROTOCOL_STATE_ERROR;
974 silc_protocol_execute(protocol, server->schedule,
979 case SILC_AUTH_PUBLIC_KEY:
980 /* Public key authentication */
981 SILC_LOG_DEBUG(("Public key authentication"));
982 ret = silc_server_public_key_authentication(server,
991 SILC_LOG_ERROR(("Authentication failed"));
992 SILC_LOG_DEBUG(("Authentication failed"));
993 silc_free(auth_data);
994 protocol->state = SILC_PROTOCOL_STATE_ERROR;
995 silc_protocol_execute(protocol, server->schedule,
1000 SILC_LOG_DEBUG(("No configuration for remote connection"));
1001 SILC_LOG_ERROR(("Remote connection not configured"));
1002 SILC_LOG_ERROR(("Authentication failed"));
1003 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1004 silc_protocol_execute(protocol, server->schedule,
1006 silc_free(auth_data);
1011 /* Remote end is router */
1012 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
1013 SilcServerConfigSectionServerConnection *serv = ctx->rconfig;
1016 switch(serv->auth_meth) {
1017 case SILC_AUTH_NONE:
1018 /* No authentication required */
1019 SILC_LOG_DEBUG(("No authentication required"));
1022 case SILC_AUTH_PASSWORD:
1023 /* Password authentication */
1024 SILC_LOG_DEBUG(("Password authentication"));
1025 ret = silc_server_password_authentication(server, auth_data,
1031 /* Authentication failed */
1032 SILC_LOG_ERROR(("Authentication failed"));
1033 SILC_LOG_DEBUG(("Authentication failed"));
1034 silc_free(auth_data);
1035 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1036 silc_protocol_execute(protocol, server->schedule,
1041 case SILC_AUTH_PUBLIC_KEY:
1042 /* Public key authentication */
1043 SILC_LOG_DEBUG(("Public key authentication"));
1044 ret = silc_server_public_key_authentication(server,
1053 SILC_LOG_ERROR(("Authentication failed"));
1054 SILC_LOG_DEBUG(("Authentication failed"));
1055 silc_free(auth_data);
1056 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1057 silc_protocol_execute(protocol, server->schedule,
1062 SILC_LOG_DEBUG(("No configuration for remote connection"));
1063 SILC_LOG_ERROR(("Remote connection not configured"));
1064 SILC_LOG_ERROR(("Authentication failed"));
1065 silc_free(auth_data);
1066 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1067 silc_protocol_execute(protocol, server->schedule,
1073 silc_free(auth_data);
1075 /* Save connection type. This is later used to create the
1076 ID for the connection. */
1077 ctx->conn_type = conn_type;
1079 /* Advance protocol state. */
1080 protocol->state = SILC_PROTOCOL_STATE_END;
1081 silc_protocol_execute(protocol, server->schedule, 0, 0);
1085 * We are initiator. We are authenticating ourselves to a
1086 * remote server. We will send the authentication data to the
1087 * other end for verify.
1090 int payload_len = 0;
1091 unsigned char *auth_data = NULL;
1092 uint32 auth_data_len = 0;
1094 switch(ctx->auth_meth) {
1095 case SILC_AUTH_NONE:
1096 /* No authentication required */
1099 case SILC_AUTH_PASSWORD:
1100 /* Password authentication */
1101 if (ctx->auth_data && ctx->auth_data_len) {
1102 auth_data = strdup(ctx->auth_data);
1103 auth_data_len = ctx->auth_data_len;
1108 case SILC_AUTH_PUBLIC_KEY:
1110 unsigned char sign[1024];
1112 /* Public key authentication */
1113 silc_server_get_public_key_auth(server, sign, &auth_data_len,
1115 auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
1116 memcpy(auth_data, sign, auth_data_len);
1121 payload_len = 4 + auth_data_len;
1122 packet = silc_buffer_alloc(payload_len);
1123 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
1124 silc_buffer_format(packet,
1125 SILC_STR_UI_SHORT(payload_len),
1126 SILC_STR_UI_SHORT(server->server_type
1128 SILC_SOCKET_TYPE_SERVER :
1129 SILC_SOCKET_TYPE_ROUTER),
1130 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
1133 /* Send the packet to server */
1134 silc_server_packet_send(server, ctx->sock,
1135 SILC_PACKET_CONNECTION_AUTH, 0,
1136 packet->data, packet->len, TRUE);
1139 memset(auth_data, 0, auth_data_len);
1140 silc_free(auth_data);
1142 silc_buffer_free(packet);
1144 /* Next state is end of protocol */
1145 protocol->state = SILC_PROTOCOL_STATE_END;
1150 case SILC_PROTOCOL_STATE_END:
1155 unsigned char ok[4];
1157 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
1159 /* Authentication successful */
1160 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
1163 /* Unregister the timeout task since the protocol has ended.
1164 This was the timeout task to be executed if the protocol is
1165 not completed fast enough. */
1166 if (ctx->timeout_task)
1167 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1169 /* Protocol has ended, call the final callback */
1170 if (protocol->final_callback)
1171 silc_protocol_execute_final(protocol, server->schedule);
1173 silc_protocol_free(protocol);
1176 case SILC_PROTOCOL_STATE_ERROR:
1179 * Error. Send notify to remote.
1181 unsigned char error[4];
1183 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
1185 /* Authentication failed */
1186 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
1189 /* Unregister the timeout task since the protocol has ended.
1190 This was the timeout task to be executed if the protocol is
1191 not completed fast enough. */
1192 if (ctx->timeout_task)
1193 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1195 /* On error the final callback is always called. */
1196 if (protocol->final_callback)
1197 silc_protocol_execute_final(protocol, server->schedule);
1199 silc_protocol_free(protocol);
1203 case SILC_PROTOCOL_STATE_FAILURE:
1205 * We have received failure from remote
1208 /* Unregister the timeout task since the protocol has ended.
1209 This was the timeout task to be executed if the protocol is
1210 not completed fast enough. */
1211 if (ctx->timeout_task)
1212 silc_schedule_task_del(server->schedule, ctx->timeout_task);
1214 /* On error the final callback is always called. */
1215 if (protocol->final_callback)
1216 silc_protocol_execute_final(protocol, server->schedule);
1218 silc_protocol_free(protocol);
1221 case SILC_PROTOCOL_STATE_UNKNOWN:
1227 * Re-key protocol routines
1230 /* Actually takes the new keys into use. */
1233 silc_server_protocol_rekey_validate(SilcServer server,
1234 SilcServerRekeyInternalContext *ctx,
1235 SilcIDListData idata,
1236 SilcSKEKeyMaterial *keymat,
1239 if (ctx->responder == TRUE) {
1241 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1242 keymat->enc_key_len);
1243 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1244 silc_hmac_set_key(idata->hmac_send, keymat->receive_hmac_key,
1245 keymat->hmac_key_len);
1247 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1248 keymat->enc_key_len);
1249 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1250 silc_hmac_set_key(idata->hmac_receive, keymat->send_hmac_key,
1251 keymat->hmac_key_len);
1255 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1256 keymat->enc_key_len);
1257 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1258 silc_hmac_set_key(idata->hmac_send, keymat->send_hmac_key,
1259 keymat->hmac_key_len);
1261 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1262 keymat->enc_key_len);
1263 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1264 silc_hmac_set_key(idata->hmac_receive, keymat->receive_hmac_key,
1265 keymat->hmac_key_len);
1269 /* Save the current sending encryption key */
1271 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1272 silc_free(idata->rekey->send_enc_key);
1273 idata->rekey->send_enc_key =
1274 silc_calloc(keymat->enc_key_len / 8,
1275 sizeof(*idata->rekey->send_enc_key));
1276 memcpy(idata->rekey->send_enc_key, keymat->send_enc_key,
1277 keymat->enc_key_len / 8);
1278 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1282 /* This function actually re-generates (when not using PFS) the keys and
1283 takes them into use. */
1285 void silc_server_protocol_rekey_generate(SilcServer server,
1286 SilcServerRekeyInternalContext *ctx,
1289 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1290 SilcSKEKeyMaterial *keymat;
1291 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1292 uint32 hash_len = idata->hash->hash->hash_len;
1294 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1295 send ? "sending" : "receiving"));
1297 /* Generate the new key */
1298 keymat = silc_calloc(1, sizeof(*keymat));
1299 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1300 idata->rekey->enc_key_len,
1301 16, key_len, hash_len,
1302 idata->hash, keymat);
1304 /* Set the keys into use */
1305 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1307 silc_ske_free_key_material(keymat);
1310 /* This function actually re-generates (with PFS) the keys and
1311 takes them into use. */
1314 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1315 SilcServerRekeyInternalContext *ctx,
1318 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1319 SilcSKEKeyMaterial *keymat;
1320 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1321 uint32 hash_len = idata->hash->hash->hash_len;
1322 unsigned char *tmpbuf;
1325 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1326 send ? "sending" : "receiving"));
1328 /* Encode KEY to binary data */
1329 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1331 /* Generate the new key */
1332 keymat = silc_calloc(1, sizeof(*keymat));
1333 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1334 idata->hash, keymat);
1336 /* Set the keys into use */
1337 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1339 memset(tmpbuf, 0, klen);
1341 silc_ske_free_key_material(keymat);
1344 /* Packet sending callback. This function is provided as packet sending
1345 routine to the Key Exchange functions. */
1348 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1350 SilcPacketType type,
1353 SilcProtocol protocol = (SilcProtocol)context;
1354 SilcServerRekeyInternalContext *ctx =
1355 (SilcServerRekeyInternalContext *)protocol->context;
1356 SilcServer server = (SilcServer)ctx->server;
1358 /* Send the packet immediately */
1359 silc_server_packet_send(server, ctx->sock,
1360 type, 0, packet->data, packet->len, FALSE);
1363 /* Performs re-key as defined in the SILC protocol specification. */
1365 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1367 SilcProtocol protocol = (SilcProtocol)context;
1368 SilcServerRekeyInternalContext *ctx =
1369 (SilcServerRekeyInternalContext *)protocol->context;
1370 SilcServer server = (SilcServer)ctx->server;
1371 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1372 SilcSKEStatus status;
1374 SILC_LOG_DEBUG(("Start"));
1376 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1377 protocol->state = SILC_PROTOCOL_STATE_START;
1379 SILC_LOG_DEBUG(("State=%d", protocol->state));
1381 switch(protocol->state) {
1382 case SILC_PROTOCOL_STATE_START:
1388 if (ctx->responder == TRUE) {
1390 * We are receiving party
1393 if (ctx->pfs == TRUE) {
1395 * Use Perfect Forward Secrecy, ie. negotiate the key material
1396 * using the SKE protocol.
1399 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1400 /* Error in protocol */
1401 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1402 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1406 ctx->ske = silc_ske_alloc();
1407 ctx->ske->rng = server->rng;
1408 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1409 silc_ske_get_group_by_number(idata->rekey->ske_group,
1410 &ctx->ske->prop->group);
1412 silc_ske_set_callbacks(ctx->ske,
1413 silc_server_protocol_rekey_send_packet,
1414 NULL, NULL, NULL, silc_ske_check_version,
1417 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
1418 if (status != SILC_SKE_STATUS_OK) {
1419 SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
1420 silc_ske_map_status(status)));
1422 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1423 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1427 /* Advance the protocol state */
1429 silc_protocol_execute(protocol, server->schedule, 0, 0);
1432 * Do normal and simple re-key.
1435 /* Send the REKEY_DONE to indicate we will take new keys into use */
1436 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1439 /* After we send REKEY_DONE we must set the sending encryption
1440 key to the new key since all packets after this packet must
1441 encrypted with the new key. */
1442 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1444 /* The protocol ends in next stage. */
1445 protocol->state = SILC_PROTOCOL_STATE_END;
1450 * We are the initiator of this protocol
1453 /* Start the re-key by sending the REKEY packet */
1454 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1457 if (ctx->pfs == TRUE) {
1459 * Use Perfect Forward Secrecy, ie. negotiate the key material
1460 * using the SKE protocol.
1462 ctx->ske = silc_ske_alloc();
1463 ctx->ske->rng = server->rng;
1464 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1465 silc_ske_get_group_by_number(idata->rekey->ske_group,
1466 &ctx->ske->prop->group);
1468 silc_ske_set_callbacks(ctx->ske,
1469 silc_server_protocol_rekey_send_packet,
1470 NULL, NULL, NULL, silc_ske_check_version,
1473 status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL);
1474 if (status != SILC_SKE_STATUS_OK) {
1475 SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
1476 silc_ske_map_status(status)));
1478 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1479 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1483 /* Advance the protocol state */
1487 * Do normal and simple re-key.
1490 /* Send the REKEY_DONE to indicate we will take new keys into use
1492 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1495 /* After we send REKEY_DONE we must set the sending encryption
1496 key to the new key since all packets after this packet must
1497 encrypted with the new key. */
1498 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1500 /* The protocol ends in next stage. */
1501 protocol->state = SILC_PROTOCOL_STATE_END;
1509 * Second state, used only when oding re-key with PFS.
1511 if (ctx->responder == TRUE) {
1512 if (ctx->pfs == TRUE) {
1514 * Send our KE packe to the initiator now that we've processed
1515 * the initiator's KE packet.
1517 status = silc_ske_responder_finish(ctx->ske, NULL, NULL,
1518 SILC_SKE_PK_TYPE_SILC);
1519 if (status != SILC_SKE_STATUS_OK) {
1520 SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
1521 silc_ske_map_status(status)));
1523 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1524 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1530 if (ctx->pfs == TRUE) {
1532 * The packet type must be KE packet
1534 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1535 /* Error in protocol */
1536 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1537 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1541 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
1542 if (status != SILC_SKE_STATUS_OK) {
1543 SILC_LOG_WARNING(("Error (%s) during Re-key (PFS)",
1544 silc_ske_map_status(status)));
1546 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1547 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1553 /* Send the REKEY_DONE to indicate we will take new keys into use
1555 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1558 /* After we send REKEY_DONE we must set the sending encryption
1559 key to the new key since all packets after this packet must
1560 encrypted with the new key. */
1561 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1563 /* The protocol ends in next stage. */
1564 protocol->state = SILC_PROTOCOL_STATE_END;
1567 case SILC_PROTOCOL_STATE_END:
1572 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1573 /* Error in protocol */
1574 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1575 silc_protocol_execute(protocol, server->schedule, 0, 300000);
1579 /* We received the REKEY_DONE packet and all packets after this is
1580 encrypted with the new key so set the decryption key to the new key */
1581 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1583 /* Protocol has ended, call the final callback */
1584 if (protocol->final_callback)
1585 silc_protocol_execute_final(protocol, server->schedule);
1587 silc_protocol_free(protocol);
1590 case SILC_PROTOCOL_STATE_ERROR:
1595 if (ctx->pfs == TRUE) {
1596 /* Send abort notification */
1597 silc_ske_abort(ctx->ske, ctx->ske->status);
1600 /* On error the final callback is always called. */
1601 if (protocol->final_callback)
1602 silc_protocol_execute_final(protocol, server->schedule);
1604 silc_protocol_free(protocol);
1607 case SILC_PROTOCOL_STATE_FAILURE:
1609 * We have received failure from remote
1612 /* On error the final callback is always called. */
1613 if (protocol->final_callback)
1614 silc_protocol_execute_final(protocol, server->schedule);
1616 silc_protocol_free(protocol);
1619 case SILC_PROTOCOL_STATE_UNKNOWN:
1625 /* Registers protocols used in server. */
1627 void silc_server_protocols_register(void)
1629 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1630 silc_server_protocol_connection_auth);
1631 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1632 silc_server_protocol_key_exchange);
1633 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1634 silc_server_protocol_rekey);
1635 silc_protocol_register(SILC_PROTOCOL_SERVER_BACKUP,
1636 silc_server_protocol_backup);
1639 /* Unregisters protocols */
1641 void silc_server_protocols_unregister(void)
1643 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1644 silc_server_protocol_connection_auth);
1645 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1646 silc_server_protocol_key_exchange);
1647 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1648 silc_server_protocol_rekey);
1649 silc_protocol_unregister(SILC_PROTOCOL_SERVER_BACKUP,
1650 silc_server_protocol_backup);