5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
38 /* Packet sending callback. This function is provided as packet sending
39 routine to the Key Exchange functions. */
41 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
46 SilcProtocol protocol = (SilcProtocol)context;
47 SilcServerKEInternalContext *ctx =
48 (SilcServerKEInternalContext *)protocol->context;
49 SilcServer server = (SilcServer)ctx->server;
51 /* Send the packet immediately */
52 silc_server_packet_send(server, ske->sock,
53 type, 0, packet->data, packet->len, TRUE);
56 /* Sets the negotiated key material into use for particular connection. */
58 int silc_server_protocol_ke_set_keys(SilcSKE ske,
59 SilcSocketConnection sock,
60 SilcSKEKeyMaterial *keymat,
65 SilcSKEDiffieHellmanGroup group,
68 SilcUnknownEntry conn_data;
71 SILC_LOG_DEBUG(("Setting new key into use"));
73 conn_data = silc_calloc(1, sizeof(*conn_data));
74 idata = (SilcIDListData)conn_data;
76 /* Allocate cipher to be used in the communication */
77 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
81 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
86 if (is_responder == TRUE) {
87 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
89 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
90 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
92 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
94 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
96 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
97 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
99 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
102 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
103 idata->rekey->send_enc_key =
104 silc_calloc(keymat->enc_key_len / 8,
105 sizeof(*idata->rekey->send_enc_key));
106 memcpy(idata->rekey->send_enc_key,
107 keymat->send_enc_key, keymat->enc_key_len / 8);
108 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
110 if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
111 idata->rekey->pfs = TRUE;
112 idata->rekey->ske_group = silc_ske_group_get_number(group);
114 /* Save the remote host's public key */
115 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
116 ske->ke1_payload->pk_len, &idata->public_key);
119 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
120 silc_cipher_free(idata->send_key);
121 silc_cipher_free(idata->receive_key);
122 silc_free(conn_data);
126 /* Save HMAC key to be used in the communication. */
127 if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac_send)) {
128 silc_cipher_free(idata->send_key);
129 silc_cipher_free(idata->receive_key);
130 silc_hash_free(idata->hash);
131 silc_free(conn_data);
134 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key, keymat->hmac_key_len);
135 idata->hmac_receive = idata->hmac_send;
137 sock->user_data = (void *)conn_data;
142 /* Check remote host version string */
144 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
147 SilcSKEStatus status = SILC_SKE_STATUS_OK;
149 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
150 ske->sock->ip, version));
152 /* Check for initial version string */
153 if (!strstr(version, "SILC-1.0-"))
154 status = SILC_SKE_STATUS_BAD_VERSION;
156 /* Check software version */
158 if (len < strlen(silc_version_string))
159 status = SILC_SKE_STATUS_BAD_VERSION;
161 /* XXX for now there is no other tests due to the abnormal version
162 string that is used */
167 /* Performs key exchange protocol. This is used for both initiator
168 and responder key exchange. This is performed always when accepting
169 new connection to the server. This may be called recursively. */
171 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
173 SilcProtocol protocol = (SilcProtocol)context;
174 SilcServerKEInternalContext *ctx =
175 (SilcServerKEInternalContext *)protocol->context;
176 SilcServer server = (SilcServer)ctx->server;
177 SilcSKEStatus status = 0;
179 SILC_LOG_DEBUG(("Start"));
181 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
182 protocol->state = SILC_PROTOCOL_STATE_START;
184 SILC_LOG_DEBUG(("State=%d", protocol->state));
186 switch(protocol->state) {
187 case SILC_PROTOCOL_STATE_START:
194 /* Allocate Key Exchange object */
195 ske = silc_ske_alloc();
197 ske->rng = server->rng;
199 if (ctx->responder == TRUE) {
200 /* Start the key exchange by processing the received security
201 properties packet from initiator. */
202 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
204 ctx->packet->buffer, FALSE,
207 SilcSKEStartPayload *start_payload;
209 /* Assemble security properties. */
210 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
214 /* Start the key exchange by sending our security properties
215 to the remote end. */
216 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
218 silc_server_protocol_ke_send_packet,
222 if (status != SILC_SKE_STATUS_OK) {
223 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
225 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
228 protocol->state = SILC_PROTOCOL_STATE_ERROR;
229 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
233 /* Advance protocol state and call the next state if we are responder */
235 if (ctx->responder == TRUE)
236 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
244 if (ctx->responder == TRUE) {
245 /* Sends the selected security properties to the initiator. */
247 silc_ske_responder_phase_1(ctx->ske,
248 ctx->ske->start_payload,
249 silc_server_protocol_ke_send_packet,
252 /* Call Phase-1 function. This processes the Key Exchange Start
253 paylaod reply we just got from the responder. The callback
254 function will receive the processed payload where we will
256 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer,
260 if (status != SILC_SKE_STATUS_OK) {
261 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
263 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
266 protocol->state = SILC_PROTOCOL_STATE_ERROR;
267 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
271 /* Advance protocol state and call next state if we are initiator */
273 if (ctx->responder == FALSE)
274 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
282 if (ctx->responder == TRUE) {
283 /* Process the received Key Exchange 1 Payload packet from
284 the initiator. This also creates our parts of the Diffie
285 Hellman algorithm. */
286 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
287 NULL, NULL, NULL, NULL);
289 /* Call the Phase-2 function. This creates Diffie Hellman
290 key exchange parameters and sends our public part inside
291 Key Exhange 1 Payload to the responder. */
293 silc_ske_initiator_phase_2(ctx->ske,
296 silc_server_protocol_ke_send_packet,
300 if (status != SILC_SKE_STATUS_OK) {
301 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
303 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
306 protocol->state = SILC_PROTOCOL_STATE_ERROR;
307 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
311 /* Advance protocol state and call the next state if we are responder */
313 if (ctx->responder == TRUE)
314 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
322 if (ctx->responder == TRUE) {
323 /* This creates the key exchange material and sends our
324 public parts to the initiator inside Key Exchange 2 Payload. */
326 silc_ske_responder_finish(ctx->ske,
327 server->public_key, server->private_key,
328 SILC_SKE_PK_TYPE_SILC,
329 silc_server_protocol_ke_send_packet,
332 /* Finish the protocol. This verifies the Key Exchange 2 payload
333 sent by responder. */
334 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
335 NULL, NULL, NULL, NULL);
338 if (status != SILC_SKE_STATUS_OK) {
339 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
341 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
344 protocol->state = SILC_PROTOCOL_STATE_ERROR;
345 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
349 /* Send Ok to the other end. We will end the protocol as responder
350 sends Ok to us when we will take the new keys into use. */
351 if (ctx->responder == FALSE)
352 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
354 /* End the protocol on the next round */
355 protocol->state = SILC_PROTOCOL_STATE_END;
359 case SILC_PROTOCOL_STATE_END:
364 SilcSKEKeyMaterial *keymat;
365 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
366 int hash_len = ctx->ske->prop->hash->hash->hash_len;
368 /* Process the key material */
369 keymat = silc_calloc(1, sizeof(*keymat));
370 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
372 if (status != SILC_SKE_STATUS_OK) {
373 protocol->state = SILC_PROTOCOL_STATE_ERROR;
374 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
375 silc_ske_free_key_material(keymat);
378 ctx->keymat = keymat;
380 /* Send Ok to the other end if we are responder. If we are initiator
381 we have sent this already. */
382 if (ctx->responder == TRUE)
383 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
385 /* Unregister the timeout task since the protocol has ended.
386 This was the timeout task to be executed if the protocol is
387 not completed fast enough. */
388 if (ctx->timeout_task)
389 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
391 /* Call the final callback */
392 if (protocol->final_callback)
393 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
395 silc_protocol_free(protocol);
399 case SILC_PROTOCOL_STATE_ERROR:
404 /* Send abort notification */
405 silc_ske_abort(ctx->ske, ctx->ske->status,
406 silc_server_protocol_ke_send_packet,
409 /* Unregister the timeout task since the protocol has ended.
410 This was the timeout task to be executed if the protocol is
411 not completed fast enough. */
412 if (ctx->timeout_task)
413 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
415 /* On error the final callback is always called. */
416 if (protocol->final_callback)
417 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
419 silc_protocol_free(protocol);
422 case SILC_PROTOCOL_STATE_FAILURE:
424 * We have received failure from remote
427 /* Unregister the timeout task since the protocol has ended.
428 This was the timeout task to be executed if the protocol is
429 not completed fast enough. */
430 if (ctx->timeout_task)
431 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
433 /* On error the final callback is always called. */
434 if (protocol->final_callback)
435 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
437 silc_protocol_free(protocol);
440 case SILC_PROTOCOL_STATE_UNKNOWN:
446 * Connection Authentication protocol functions
450 silc_server_password_authentication(SilcServer server, char *auth1,
453 if (!auth1 || !auth2)
456 if (!memcmp(auth1, auth2, strlen(auth1)))
463 silc_server_public_key_authentication(SilcServer server,
464 SilcPublicKey pub_key,
473 if (!pub_key || !sign)
476 silc_pkcs_alloc(pub_key->name, &pkcs);
477 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
478 silc_pkcs_free(pkcs);
482 /* Make the authentication data. Protocol says it is HASH plus
484 len = ske->hash_len + ske->start_payload_copy->len;
485 auth = silc_buffer_alloc(len);
486 silc_buffer_pull_tail(auth, len);
487 silc_buffer_format(auth,
488 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
489 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
490 ske->start_payload_copy->len),
493 /* Verify signature */
494 if (silc_pkcs_verify(pkcs, sign, sign_len, auth->data, auth->len)) {
495 silc_pkcs_free(pkcs);
496 silc_buffer_free(auth);
500 silc_pkcs_free(pkcs);
501 silc_buffer_free(auth);
506 silc_server_get_public_key_auth(SilcServer server,
507 SilcPublicKey pub_key,
508 unsigned char *auth_data,
509 uint32 *auth_data_len,
519 silc_pkcs_alloc(pub_key->name, &pkcs);
520 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
521 silc_pkcs_free(pkcs);
525 /* Make the authentication data. Protocol says it is HASH plus
527 len = ske->hash_len + ske->start_payload_copy->len;
528 auth = silc_buffer_alloc(len);
529 silc_buffer_pull_tail(auth, len);
530 silc_buffer_format(auth,
531 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
532 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
533 ske->start_payload_copy->len),
536 if (silc_pkcs_sign(pkcs, auth->data, auth->len, auth_data, auth_data_len)) {
537 silc_pkcs_free(pkcs);
538 silc_buffer_free(auth);
542 silc_pkcs_free(pkcs);
543 silc_buffer_free(auth);
547 /* Performs connection authentication protocol. If responder, we
548 authenticate the remote data received. If initiator, we will send
549 authentication data to the remote end. */
551 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
553 SilcProtocol protocol = (SilcProtocol)context;
554 SilcServerConnAuthInternalContext *ctx =
555 (SilcServerConnAuthInternalContext *)protocol->context;
556 SilcServer server = (SilcServer)ctx->server;
558 SILC_LOG_DEBUG(("Start"));
560 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
561 protocol->state = SILC_PROTOCOL_STATE_START;
563 SILC_LOG_DEBUG(("State=%d", protocol->state));
565 switch(protocol->state) {
566 case SILC_PROTOCOL_STATE_START:
572 if (ctx->responder == TRUE) {
574 * We are receiving party
579 unsigned char *auth_data = NULL;
581 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
582 ctx->sock->hostname, ctx->sock->ip));
584 /* Parse the received authentication data packet. The received
585 payload is Connection Auth Payload. */
586 ret = silc_buffer_unformat(ctx->packet->buffer,
587 SILC_STR_UI_SHORT(&payload_len),
588 SILC_STR_UI_SHORT(&conn_type),
591 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
592 protocol->state = SILC_PROTOCOL_STATE_ERROR;
593 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
597 if (payload_len != ctx->packet->buffer->len) {
598 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
599 protocol->state = SILC_PROTOCOL_STATE_ERROR;
600 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
606 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
607 conn_type > SILC_SOCKET_TYPE_ROUTER) {
608 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
609 protocol->state = SILC_PROTOCOL_STATE_ERROR;
610 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
614 if (payload_len > 0) {
615 /* Get authentication data */
616 silc_buffer_pull(ctx->packet->buffer, 4);
617 ret = silc_buffer_unformat(ctx->packet->buffer,
618 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
622 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
623 protocol->state = SILC_PROTOCOL_STATE_ERROR;
624 protocol->execute(server->timeout_queue, 0,
625 protocol, fd, 0, 300000);
631 * Check the remote connection type and make sure that we have
632 * configured this connection. If we haven't allowed this connection
633 * the authentication must be failed.
636 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
638 /* Remote end is client */
639 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
640 SilcServerConfigSectionClientConnection *client = NULL;
641 client = silc_server_config_find_client_conn(server->config,
645 client = silc_server_config_find_client_conn(server->config,
650 switch(client->auth_meth) {
652 /* No authentication required */
653 SILC_LOG_DEBUG(("No authentication required"));
656 case SILC_AUTH_PASSWORD:
657 /* Password authentication */
658 SILC_LOG_DEBUG(("Password authentication"));
659 ret = silc_server_password_authentication(server, auth_data,
665 /* Authentication failed */
666 SILC_LOG_ERROR(("Authentication failed"));
667 SILC_LOG_DEBUG(("Authentication failed"));
668 silc_free(auth_data);
669 protocol->state = SILC_PROTOCOL_STATE_ERROR;
670 protocol->execute(server->timeout_queue, 0,
671 protocol, fd, 0, 300000);
675 case SILC_AUTH_PUBLIC_KEY:
676 /* Public key authentication */
677 SILC_LOG_DEBUG(("Public key authentication"));
678 ret = silc_server_public_key_authentication(server,
687 SILC_LOG_ERROR(("Authentication failed"));
688 SILC_LOG_DEBUG(("Authentication failed"));
689 silc_free(auth_data);
690 protocol->state = SILC_PROTOCOL_STATE_ERROR;
691 protocol->execute(server->timeout_queue, 0,
692 protocol, fd, 0, 300000);
696 SILC_LOG_DEBUG(("No configuration for remote connection"));
697 SILC_LOG_ERROR(("Remote connection not configured"));
698 SILC_LOG_ERROR(("Authentication failed"));
699 silc_free(auth_data);
700 protocol->state = SILC_PROTOCOL_STATE_ERROR;
701 protocol->execute(server->timeout_queue, 0,
702 protocol, fd, 0, 300000);
707 /* Remote end is server */
708 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
709 SilcServerConfigSectionServerConnection *serv = NULL;
710 serv = silc_server_config_find_server_conn(server->config,
714 serv = silc_server_config_find_server_conn(server->config,
719 switch(serv->auth_meth) {
721 /* No authentication required */
722 SILC_LOG_DEBUG(("No authentication required"));
725 case SILC_AUTH_PASSWORD:
726 /* Password authentication */
727 SILC_LOG_DEBUG(("Password authentication"));
728 ret = silc_server_password_authentication(server, auth_data,
734 /* Authentication failed */
735 SILC_LOG_ERROR(("Authentication failed"));
736 SILC_LOG_DEBUG(("Authentication failed"));
737 silc_free(auth_data);
738 protocol->state = SILC_PROTOCOL_STATE_ERROR;
739 protocol->execute(server->timeout_queue, 0,
740 protocol, fd, 0, 300000);
744 case SILC_AUTH_PUBLIC_KEY:
745 /* Public key authentication */
746 SILC_LOG_DEBUG(("Public key authentication"));
747 ret = silc_server_public_key_authentication(server,
756 SILC_LOG_ERROR(("Authentication failed"));
757 SILC_LOG_DEBUG(("Authentication failed"));
758 silc_free(auth_data);
759 protocol->state = SILC_PROTOCOL_STATE_ERROR;
760 protocol->execute(server->timeout_queue, 0,
761 protocol, fd, 0, 300000);
765 SILC_LOG_DEBUG(("No configuration for remote connection"));
766 SILC_LOG_ERROR(("Remote connection not configured"));
767 SILC_LOG_ERROR(("Authentication failed"));
768 protocol->state = SILC_PROTOCOL_STATE_ERROR;
769 protocol->execute(server->timeout_queue, 0,
770 protocol, fd, 0, 300000);
771 silc_free(auth_data);
776 /* Remote end is router */
777 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
778 SilcServerConfigSectionServerConnection *serv = NULL;
779 serv = silc_server_config_find_router_conn(server->config,
783 serv = silc_server_config_find_router_conn(server->config,
788 switch(serv->auth_meth) {
790 /* No authentication required */
791 SILC_LOG_DEBUG(("No authentication required"));
794 case SILC_AUTH_PASSWORD:
795 /* Password authentication */
796 SILC_LOG_DEBUG(("Password authentication"));
797 ret = silc_server_password_authentication(server, auth_data,
803 /* Authentication failed */
804 SILC_LOG_ERROR(("Authentication failed"));
805 SILC_LOG_DEBUG(("Authentication failed"));
806 silc_free(auth_data);
807 protocol->state = SILC_PROTOCOL_STATE_ERROR;
808 protocol->execute(server->timeout_queue, 0,
809 protocol, fd, 0, 300000);
813 case SILC_AUTH_PUBLIC_KEY:
814 /* Public key authentication */
815 SILC_LOG_DEBUG(("Public key authentication"));
816 ret = silc_server_public_key_authentication(server,
825 SILC_LOG_ERROR(("Authentication failed"));
826 SILC_LOG_DEBUG(("Authentication failed"));
827 silc_free(auth_data);
828 protocol->state = SILC_PROTOCOL_STATE_ERROR;
829 protocol->execute(server->timeout_queue, 0,
830 protocol, fd, 0, 300000);
834 SILC_LOG_DEBUG(("No configuration for remote connection"));
835 SILC_LOG_ERROR(("Remote connection not configured"));
836 SILC_LOG_ERROR(("Authentication failed"));
837 silc_free(auth_data);
838 protocol->state = SILC_PROTOCOL_STATE_ERROR;
839 protocol->execute(server->timeout_queue, 0,
840 protocol, fd, 0, 300000);
845 silc_free(auth_data);
847 /* Save connection type. This is later used to create the
848 ID for the connection. */
849 ctx->conn_type = conn_type;
851 /* Advance protocol state. */
852 protocol->state = SILC_PROTOCOL_STATE_END;
853 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
857 * We are initiator. We are authenticating ourselves to a
858 * remote server. We will send the authentication data to the
859 * other end for verify.
863 unsigned char *auth_data = NULL;
864 uint32 auth_data_len = 0;
866 switch(ctx->auth_meth) {
868 /* No authentication required */
871 case SILC_AUTH_PASSWORD:
872 /* Password authentication */
873 if (ctx->auth_data && ctx->auth_data_len) {
874 auth_data = strdup(ctx->auth_data);
875 auth_data_len = ctx->auth_data_len;
880 case SILC_AUTH_PUBLIC_KEY:
882 unsigned char sign[1024];
884 /* Public key authentication */
885 silc_server_get_public_key_auth(server, ctx->auth_data,
886 sign, &auth_data_len,
888 auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
889 memcpy(auth_data, sign, auth_data_len);
894 payload_len = 4 + auth_data_len;
895 packet = silc_buffer_alloc(payload_len);
896 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
897 silc_buffer_format(packet,
898 SILC_STR_UI_SHORT(payload_len),
899 SILC_STR_UI_SHORT(server->server_type
901 SILC_SOCKET_TYPE_SERVER :
902 SILC_SOCKET_TYPE_ROUTER),
903 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
906 /* Send the packet to server */
907 silc_server_packet_send(server, ctx->sock,
908 SILC_PACKET_CONNECTION_AUTH, 0,
909 packet->data, packet->len, TRUE);
912 memset(auth_data, 0, auth_data_len);
913 silc_free(auth_data);
915 silc_buffer_free(packet);
917 /* Next state is end of protocol */
918 protocol->state = SILC_PROTOCOL_STATE_END;
923 case SILC_PROTOCOL_STATE_END:
930 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
932 /* Authentication successful */
933 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
936 /* Unregister the timeout task since the protocol has ended.
937 This was the timeout task to be executed if the protocol is
938 not completed fast enough. */
939 if (ctx->timeout_task)
940 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
942 /* Protocol has ended, call the final callback */
943 if (protocol->final_callback)
944 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
946 silc_protocol_free(protocol);
949 case SILC_PROTOCOL_STATE_ERROR:
952 * Error. Send notify to remote.
954 unsigned char error[4];
956 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
958 /* Authentication failed */
959 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
962 /* Unregister the timeout task since the protocol has ended.
963 This was the timeout task to be executed if the protocol is
964 not completed fast enough. */
965 if (ctx->timeout_task)
966 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
968 /* On error the final callback is always called. */
969 if (protocol->final_callback)
970 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
972 silc_protocol_free(protocol);
976 case SILC_PROTOCOL_STATE_FAILURE:
978 * We have received failure from remote
981 /* Unregister the timeout task since the protocol has ended.
982 This was the timeout task to be executed if the protocol is
983 not completed fast enough. */
984 if (ctx->timeout_task)
985 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
987 /* On error the final callback is always called. */
988 if (protocol->final_callback)
989 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
991 silc_protocol_free(protocol);
994 case SILC_PROTOCOL_STATE_UNKNOWN:
1000 * Re-key protocol routines
1003 /* Actually takes the new keys into use. */
1006 silc_server_protocol_rekey_validate(SilcServer server,
1007 SilcServerRekeyInternalContext *ctx,
1008 SilcIDListData idata,
1009 SilcSKEKeyMaterial *keymat,
1012 if (ctx->responder == TRUE) {
1014 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1015 keymat->enc_key_len);
1016 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1018 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1019 keymat->enc_key_len);
1020 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1024 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1025 keymat->enc_key_len);
1026 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1028 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1029 keymat->enc_key_len);
1030 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1035 silc_hmac_alloc(idata->hmac_send->hmac->name, NULL, &idata->hmac_send);
1036 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key,
1037 keymat->hmac_key_len);
1039 silc_hmac_free(idata->hmac_receive);
1040 idata->hmac_receive = idata->hmac_send;
1043 /* Save the current sending encryption key */
1045 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1046 silc_free(idata->rekey->send_enc_key);
1047 idata->rekey->send_enc_key =
1048 silc_calloc(keymat->enc_key_len / 8,
1049 sizeof(*idata->rekey->send_enc_key));
1050 memcpy(idata->rekey->send_enc_key, keymat->send_enc_key,
1051 keymat->enc_key_len / 8);
1052 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1056 /* This function actually re-generates (when not using PFS) the keys and
1057 takes them into use. */
1059 void silc_server_protocol_rekey_generate(SilcServer server,
1060 SilcServerRekeyInternalContext *ctx,
1063 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1064 SilcSKEKeyMaterial *keymat;
1065 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1066 uint32 hash_len = idata->hash->hash->hash_len;
1068 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1069 send ? "sending" : "receiving"));
1071 /* Generate the new key */
1072 keymat = silc_calloc(1, sizeof(*keymat));
1073 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1074 idata->rekey->enc_key_len,
1075 16, key_len, hash_len,
1076 idata->hash, keymat);
1078 /* Set the keys into use */
1079 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1081 silc_ske_free_key_material(keymat);
1084 /* This function actually re-generates (with PFS) the keys and
1085 takes them into use. */
1088 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1089 SilcServerRekeyInternalContext *ctx,
1092 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1093 SilcSKEKeyMaterial *keymat;
1094 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1095 uint32 hash_len = idata->hash->hash->hash_len;
1096 unsigned char *tmpbuf;
1099 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1100 send ? "sending" : "receiving"));
1102 /* Encode KEY to binary data */
1103 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1105 /* Generate the new key */
1106 keymat = silc_calloc(1, sizeof(*keymat));
1107 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1108 idata->hash, keymat);
1110 /* Set the keys into use */
1111 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1113 memset(tmpbuf, 0, klen);
1115 silc_ske_free_key_material(keymat);
1118 /* Packet sending callback. This function is provided as packet sending
1119 routine to the Key Exchange functions. */
1122 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1124 SilcPacketType type,
1127 SilcProtocol protocol = (SilcProtocol)context;
1128 SilcServerRekeyInternalContext *ctx =
1129 (SilcServerRekeyInternalContext *)protocol->context;
1130 SilcServer server = (SilcServer)ctx->server;
1132 /* Send the packet immediately */
1133 silc_server_packet_send(server, ctx->sock,
1134 type, 0, packet->data, packet->len, FALSE);
1137 /* Performs re-key as defined in the SILC protocol specification. */
1139 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1141 SilcProtocol protocol = (SilcProtocol)context;
1142 SilcServerRekeyInternalContext *ctx =
1143 (SilcServerRekeyInternalContext *)protocol->context;
1144 SilcServer server = (SilcServer)ctx->server;
1145 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1146 SilcSKEStatus status;
1148 SILC_LOG_DEBUG(("Start"));
1150 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1151 protocol->state = SILC_PROTOCOL_STATE_START;
1153 SILC_LOG_DEBUG(("State=%d", protocol->state));
1155 switch(protocol->state) {
1156 case SILC_PROTOCOL_STATE_START:
1162 if (ctx->responder == TRUE) {
1164 * We are receiving party
1167 if (ctx->pfs == TRUE) {
1169 * Use Perfect Forward Secrecy, ie. negotiate the key material
1170 * using the SKE protocol.
1173 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1174 /* Error in protocol */
1175 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1176 protocol->execute(server->timeout_queue, 0, protocol, fd,
1180 ctx->ske = silc_ske_alloc();
1181 ctx->ske->rng = server->rng;
1182 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1183 silc_ske_get_group_by_number(idata->rekey->ske_group,
1184 &ctx->ske->prop->group);
1186 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
1187 NULL, NULL, NULL, NULL);
1188 if (status != SILC_SKE_STATUS_OK) {
1189 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1192 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1193 protocol->execute(server->timeout_queue, 0,
1194 protocol, fd, 0, 300000);
1198 /* Advance the protocol state */
1200 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
1203 * Do normal and simple re-key.
1206 /* Send the REKEY_DONE to indicate we will take new keys into use */
1207 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1210 /* After we send REKEY_DONE we must set the sending encryption
1211 key to the new key since all packets after this packet must
1212 encrypted with the new key. */
1213 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1215 /* The protocol ends in next stage. */
1216 protocol->state = SILC_PROTOCOL_STATE_END;
1221 * We are the initiator of this protocol
1224 /* Start the re-key by sending the REKEY packet */
1225 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1228 if (ctx->pfs == TRUE) {
1230 * Use Perfect Forward Secrecy, ie. negotiate the key material
1231 * using the SKE protocol.
1233 ctx->ske = silc_ske_alloc();
1234 ctx->ske->rng = server->rng;
1235 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1236 silc_ske_get_group_by_number(idata->rekey->ske_group,
1237 &ctx->ske->prop->group);
1240 silc_ske_initiator_phase_2(ctx->ske, NULL, NULL,
1241 silc_server_protocol_rekey_send_packet,
1244 if (status != SILC_SKE_STATUS_OK) {
1245 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1248 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1249 protocol->execute(server->timeout_queue, 0,
1250 protocol, fd, 0, 300000);
1254 /* Advance the protocol state */
1258 * Do normal and simple re-key.
1261 /* Send the REKEY_DONE to indicate we will take new keys into use
1263 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1266 /* After we send REKEY_DONE we must set the sending encryption
1267 key to the new key since all packets after this packet must
1268 encrypted with the new key. */
1269 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1271 /* The protocol ends in next stage. */
1272 protocol->state = SILC_PROTOCOL_STATE_END;
1280 * Second state, used only when oding re-key with PFS.
1282 if (ctx->responder == TRUE) {
1283 if (ctx->pfs == TRUE) {
1285 * Send our KE packe to the initiator now that we've processed
1286 * the initiator's KE packet.
1289 silc_ske_responder_finish(ctx->ske, NULL, NULL,
1290 SILC_SKE_PK_TYPE_SILC,
1291 silc_server_protocol_rekey_send_packet,
1294 if (status != SILC_SKE_STATUS_OK) {
1295 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1298 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1299 protocol->execute(server->timeout_queue, 0,
1300 protocol, fd, 0, 300000);
1306 if (ctx->pfs == TRUE) {
1308 * The packet type must be KE packet
1310 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1311 /* Error in protocol */
1312 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1313 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
1316 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
1317 NULL, NULL, NULL, NULL);
1318 if (status != SILC_SKE_STATUS_OK) {
1319 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1322 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1323 protocol->execute(server->timeout_queue, 0,
1324 protocol, fd, 0, 300000);
1330 /* Send the REKEY_DONE to indicate we will take new keys into use
1332 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1335 /* After we send REKEY_DONE we must set the sending encryption
1336 key to the new key since all packets after this packet must
1337 encrypted with the new key. */
1338 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1340 /* The protocol ends in next stage. */
1341 protocol->state = SILC_PROTOCOL_STATE_END;
1344 case SILC_PROTOCOL_STATE_END:
1349 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1350 /* Error in protocol */
1351 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1352 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
1355 /* We received the REKEY_DONE packet and all packets after this is
1356 encrypted with the new key so set the decryption key to the new key */
1357 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1359 /* Protocol has ended, call the final callback */
1360 if (protocol->final_callback)
1361 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1363 silc_protocol_free(protocol);
1366 case SILC_PROTOCOL_STATE_ERROR:
1371 if (ctx->pfs == TRUE) {
1372 /* Send abort notification */
1373 silc_ske_abort(ctx->ske, ctx->ske->status,
1374 silc_server_protocol_ke_send_packet,
1378 /* On error the final callback is always called. */
1379 if (protocol->final_callback)
1380 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1382 silc_protocol_free(protocol);
1385 case SILC_PROTOCOL_STATE_FAILURE:
1387 * We have received failure from remote
1390 /* On error the final callback is always called. */
1391 if (protocol->final_callback)
1392 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1394 silc_protocol_free(protocol);
1397 case SILC_PROTOCOL_STATE_UNKNOWN:
1403 /* Registers protocols used in server. */
1405 void silc_server_protocols_register(void)
1407 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1408 silc_server_protocol_connection_auth);
1409 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1410 silc_server_protocol_key_exchange);
1411 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1412 silc_server_protocol_rekey);
1415 /* Unregisters protocols */
1417 void silc_server_protocols_unregister(void)
1419 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1420 silc_server_protocol_connection_auth);
1421 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1422 silc_server_protocol_key_exchange);
1423 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1424 silc_server_protocol_rekey);