5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
38 /* Packet sending callback. This function is provided as packet sending
39 routine to the Key Exchange functions. */
41 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
46 SilcProtocol protocol = (SilcProtocol)context;
47 SilcServerKEInternalContext *ctx =
48 (SilcServerKEInternalContext *)protocol->context;
49 SilcServer server = (SilcServer)ctx->server;
51 /* Send the packet immediately */
52 silc_server_packet_send(server, ske->sock,
53 type, 0, packet->data, packet->len, TRUE);
56 /* Sets the negotiated key material into use for particular connection. */
58 int silc_server_protocol_ke_set_keys(SilcSKE ske,
59 SilcSocketConnection sock,
60 SilcSKEKeyMaterial *keymat,
65 SilcSKEDiffieHellmanGroup group,
68 SilcUnknownEntry conn_data;
71 SILC_LOG_DEBUG(("Setting new key into use"));
73 conn_data = silc_calloc(1, sizeof(*conn_data));
74 idata = (SilcIDListData)conn_data;
76 /* Allocate cipher to be used in the communication */
77 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
81 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
86 if (is_responder == TRUE) {
87 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
89 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
90 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
92 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
94 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
96 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
97 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
99 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
102 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
103 idata->rekey->send_enc_key =
104 silc_calloc(keymat->enc_key_len / 8,
105 sizeof(*idata->rekey->send_enc_key));
106 memcpy(idata->rekey->send_enc_key,
107 keymat->send_enc_key, keymat->enc_key_len / 8);
108 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
110 if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
111 idata->rekey->pfs = TRUE;
112 idata->rekey->ske_group = silc_ske_group_get_number(group);
114 /* Save the remote host's public key */
115 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
116 ske->ke1_payload->pk_len, &idata->public_key);
119 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
120 silc_cipher_free(idata->send_key);
121 silc_cipher_free(idata->receive_key);
122 silc_free(conn_data);
126 /* Save HMAC key to be used in the communication. */
127 if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac_send)) {
128 silc_cipher_free(idata->send_key);
129 silc_cipher_free(idata->receive_key);
130 silc_hash_free(idata->hash);
131 silc_free(conn_data);
134 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key, keymat->hmac_key_len);
135 idata->hmac_receive = idata->hmac_send;
137 sock->user_data = (void *)conn_data;
142 /* Check remote host version string */
144 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
147 SilcSKEStatus status = SILC_SKE_STATUS_OK;
149 int maj = 0, min = 0, build = 0, maj2, min2, build2;
151 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
152 ske->sock->ip, version));
154 /* Check for initial version string */
155 if (!strstr(version, "SILC-1.0-"))
156 status = SILC_SKE_STATUS_BAD_VERSION;
158 /* Check software version */
160 if (len < strlen(silc_version_string))
161 status = SILC_SKE_STATUS_BAD_VERSION;
165 cp = strchr(cp, '.');
170 cp = strchr(cp, '.');
172 build = atoi(cp + 1);
174 cp = silc_version_string + 9;
176 cp = strchr(cp, '.');
181 cp = strchr(cp, '.');
183 build2 = atoi(cp + 1);
186 status = SILC_SKE_STATUS_BAD_VERSION;
189 status = SILC_SKE_STATUS_BAD_VERSION;
195 /* Performs key exchange protocol. This is used for both initiator
196 and responder key exchange. This is performed always when accepting
197 new connection to the server. This may be called recursively. */
199 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
201 SilcProtocol protocol = (SilcProtocol)context;
202 SilcServerKEInternalContext *ctx =
203 (SilcServerKEInternalContext *)protocol->context;
204 SilcServer server = (SilcServer)ctx->server;
205 SilcSKEStatus status = 0;
207 SILC_LOG_DEBUG(("Start"));
209 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
210 protocol->state = SILC_PROTOCOL_STATE_START;
212 SILC_LOG_DEBUG(("State=%d", protocol->state));
214 switch(protocol->state) {
215 case SILC_PROTOCOL_STATE_START:
222 /* Allocate Key Exchange object */
223 ske = silc_ske_alloc();
225 ske->rng = server->rng;
227 if (ctx->responder == TRUE) {
228 /* Start the key exchange by processing the received security
229 properties packet from initiator. */
230 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
232 ctx->packet->buffer, FALSE,
235 SilcSKEStartPayload *start_payload;
237 /* Assemble security properties. */
238 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
242 /* Start the key exchange by sending our security properties
243 to the remote end. */
244 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
246 silc_server_protocol_ke_send_packet,
250 if (status != SILC_SKE_STATUS_OK) {
251 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
253 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
256 protocol->state = SILC_PROTOCOL_STATE_ERROR;
257 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
261 /* Advance protocol state and call the next state if we are responder */
263 if (ctx->responder == TRUE)
264 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
272 if (ctx->responder == TRUE) {
273 /* Sends the selected security properties to the initiator. */
275 silc_ske_responder_phase_1(ctx->ske,
276 ctx->ske->start_payload,
277 silc_server_protocol_ke_send_packet,
280 /* Call Phase-1 function. This processes the Key Exchange Start
281 paylaod reply we just got from the responder. The callback
282 function will receive the processed payload where we will
284 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer,
288 if (status != SILC_SKE_STATUS_OK) {
289 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
291 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
294 protocol->state = SILC_PROTOCOL_STATE_ERROR;
295 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
299 /* Advance protocol state and call next state if we are initiator */
301 if (ctx->responder == FALSE)
302 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
310 if (ctx->responder == TRUE) {
311 /* Process the received Key Exchange 1 Payload packet from
312 the initiator. This also creates our parts of the Diffie
313 Hellman algorithm. */
314 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
315 NULL, NULL, NULL, NULL);
317 /* Call the Phase-2 function. This creates Diffie Hellman
318 key exchange parameters and sends our public part inside
319 Key Exhange 1 Payload to the responder. */
321 silc_ske_initiator_phase_2(ctx->ske,
324 silc_server_protocol_ke_send_packet,
328 if (status != SILC_SKE_STATUS_OK) {
329 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
331 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
334 protocol->state = SILC_PROTOCOL_STATE_ERROR;
335 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
339 /* Advance protocol state and call the next state if we are responder */
341 if (ctx->responder == TRUE)
342 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
350 if (ctx->responder == TRUE) {
351 /* This creates the key exchange material and sends our
352 public parts to the initiator inside Key Exchange 2 Payload. */
354 silc_ske_responder_finish(ctx->ske,
355 server->public_key, server->private_key,
356 SILC_SKE_PK_TYPE_SILC,
357 silc_server_protocol_ke_send_packet,
360 /* Finish the protocol. This verifies the Key Exchange 2 payload
361 sent by responder. */
362 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
363 NULL, NULL, NULL, NULL);
366 if (status != SILC_SKE_STATUS_OK) {
367 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
369 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
372 protocol->state = SILC_PROTOCOL_STATE_ERROR;
373 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
377 /* Send Ok to the other end. We will end the protocol as responder
378 sends Ok to us when we will take the new keys into use. */
379 if (ctx->responder == FALSE)
380 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
382 /* End the protocol on the next round */
383 protocol->state = SILC_PROTOCOL_STATE_END;
387 case SILC_PROTOCOL_STATE_END:
392 SilcSKEKeyMaterial *keymat;
393 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
394 int hash_len = ctx->ske->prop->hash->hash->hash_len;
396 /* Process the key material */
397 keymat = silc_calloc(1, sizeof(*keymat));
398 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
400 if (status != SILC_SKE_STATUS_OK) {
401 protocol->state = SILC_PROTOCOL_STATE_ERROR;
402 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
403 silc_ske_free_key_material(keymat);
406 ctx->keymat = keymat;
408 /* Send Ok to the other end if we are responder. If we are initiator
409 we have sent this already. */
410 if (ctx->responder == TRUE)
411 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
413 /* Unregister the timeout task since the protocol has ended.
414 This was the timeout task to be executed if the protocol is
415 not completed fast enough. */
416 if (ctx->timeout_task)
417 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
419 /* Call the final callback */
420 if (protocol->final_callback)
421 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
423 silc_protocol_free(protocol);
427 case SILC_PROTOCOL_STATE_ERROR:
432 /* Send abort notification */
433 silc_ske_abort(ctx->ske, ctx->ske->status,
434 silc_server_protocol_ke_send_packet,
437 /* Unregister the timeout task since the protocol has ended.
438 This was the timeout task to be executed if the protocol is
439 not completed fast enough. */
440 if (ctx->timeout_task)
441 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
443 /* On error the final callback is always called. */
444 if (protocol->final_callback)
445 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
447 silc_protocol_free(protocol);
450 case SILC_PROTOCOL_STATE_FAILURE:
452 * We have received failure from remote
455 /* Unregister the timeout task since the protocol has ended.
456 This was the timeout task to be executed if the protocol is
457 not completed fast enough. */
458 if (ctx->timeout_task)
459 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
461 /* On error the final callback is always called. */
462 if (protocol->final_callback)
463 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
465 silc_protocol_free(protocol);
468 case SILC_PROTOCOL_STATE_UNKNOWN:
474 * Connection Authentication protocol functions
478 silc_server_password_authentication(SilcServer server, char *auth1,
481 if (!auth1 || !auth2)
484 if (!memcmp(auth1, auth2, strlen(auth1)))
491 silc_server_public_key_authentication(SilcServer server,
492 SilcPublicKey pub_key,
501 if (!pub_key || !sign)
504 silc_pkcs_alloc(pub_key->name, &pkcs);
505 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
506 silc_pkcs_free(pkcs);
510 /* Make the authentication data. Protocol says it is HASH plus
512 len = ske->hash_len + ske->start_payload_copy->len;
513 auth = silc_buffer_alloc(len);
514 silc_buffer_pull_tail(auth, len);
515 silc_buffer_format(auth,
516 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
517 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
518 ske->start_payload_copy->len),
521 /* Verify signature */
522 if (silc_pkcs_verify(pkcs, sign, sign_len, auth->data, auth->len)) {
523 silc_pkcs_free(pkcs);
524 silc_buffer_free(auth);
528 silc_pkcs_free(pkcs);
529 silc_buffer_free(auth);
534 silc_server_get_public_key_auth(SilcServer server,
535 SilcPublicKey pub_key,
536 unsigned char *auth_data,
537 uint32 *auth_data_len,
547 silc_pkcs_alloc(pub_key->name, &pkcs);
548 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
549 silc_pkcs_free(pkcs);
553 /* Make the authentication data. Protocol says it is HASH plus
555 len = ske->hash_len + ske->start_payload_copy->len;
556 auth = silc_buffer_alloc(len);
557 silc_buffer_pull_tail(auth, len);
558 silc_buffer_format(auth,
559 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
560 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
561 ske->start_payload_copy->len),
564 if (silc_pkcs_sign(pkcs, auth->data, auth->len, auth_data, auth_data_len)) {
565 silc_pkcs_free(pkcs);
566 silc_buffer_free(auth);
570 silc_pkcs_free(pkcs);
571 silc_buffer_free(auth);
575 /* Performs connection authentication protocol. If responder, we
576 authenticate the remote data received. If initiator, we will send
577 authentication data to the remote end. */
579 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
581 SilcProtocol protocol = (SilcProtocol)context;
582 SilcServerConnAuthInternalContext *ctx =
583 (SilcServerConnAuthInternalContext *)protocol->context;
584 SilcServer server = (SilcServer)ctx->server;
586 SILC_LOG_DEBUG(("Start"));
588 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
589 protocol->state = SILC_PROTOCOL_STATE_START;
591 SILC_LOG_DEBUG(("State=%d", protocol->state));
593 switch(protocol->state) {
594 case SILC_PROTOCOL_STATE_START:
600 if (ctx->responder == TRUE) {
602 * We are receiving party
607 unsigned char *auth_data = NULL;
609 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
610 ctx->sock->hostname, ctx->sock->ip));
612 /* Parse the received authentication data packet. The received
613 payload is Connection Auth Payload. */
614 ret = silc_buffer_unformat(ctx->packet->buffer,
615 SILC_STR_UI_SHORT(&payload_len),
616 SILC_STR_UI_SHORT(&conn_type),
619 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
620 protocol->state = SILC_PROTOCOL_STATE_ERROR;
621 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
625 if (payload_len != ctx->packet->buffer->len) {
626 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
627 protocol->state = SILC_PROTOCOL_STATE_ERROR;
628 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
634 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
635 conn_type > SILC_SOCKET_TYPE_ROUTER) {
636 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
637 protocol->state = SILC_PROTOCOL_STATE_ERROR;
638 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
642 if (payload_len > 0) {
643 /* Get authentication data */
644 silc_buffer_pull(ctx->packet->buffer, 4);
645 ret = silc_buffer_unformat(ctx->packet->buffer,
646 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
650 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
651 protocol->state = SILC_PROTOCOL_STATE_ERROR;
652 protocol->execute(server->timeout_queue, 0,
653 protocol, fd, 0, 300000);
659 * Check the remote connection type and make sure that we have
660 * configured this connection. If we haven't allowed this connection
661 * the authentication must be failed.
664 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
666 /* Remote end is client */
667 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
668 SilcServerConfigSectionClientConnection *client = ctx->config;
671 switch(client->auth_meth) {
673 /* No authentication required */
674 SILC_LOG_DEBUG(("No authentication required"));
677 case SILC_AUTH_PASSWORD:
678 /* Password authentication */
679 SILC_LOG_DEBUG(("Password authentication"));
680 ret = silc_server_password_authentication(server, auth_data,
686 /* Authentication failed */
687 SILC_LOG_ERROR(("Authentication failed"));
688 SILC_LOG_DEBUG(("Authentication failed"));
689 silc_free(auth_data);
690 protocol->state = SILC_PROTOCOL_STATE_ERROR;
691 protocol->execute(server->timeout_queue, 0,
692 protocol, fd, 0, 300000);
696 case SILC_AUTH_PUBLIC_KEY:
697 /* Public key authentication */
698 SILC_LOG_DEBUG(("Public key authentication"));
699 ret = silc_server_public_key_authentication(server,
708 SILC_LOG_ERROR(("Authentication failed"));
709 SILC_LOG_DEBUG(("Authentication failed"));
710 silc_free(auth_data);
711 protocol->state = SILC_PROTOCOL_STATE_ERROR;
712 protocol->execute(server->timeout_queue, 0,
713 protocol, fd, 0, 300000);
717 SILC_LOG_DEBUG(("No configuration for remote connection"));
718 SILC_LOG_ERROR(("Remote connection not configured"));
719 SILC_LOG_ERROR(("Authentication failed"));
720 silc_free(auth_data);
721 protocol->state = SILC_PROTOCOL_STATE_ERROR;
722 protocol->execute(server->timeout_queue, 0,
723 protocol, fd, 0, 300000);
728 /* Remote end is server */
729 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
730 SilcServerConfigSectionServerConnection *serv = ctx->config;
733 switch(serv->auth_meth) {
735 /* No authentication required */
736 SILC_LOG_DEBUG(("No authentication required"));
739 case SILC_AUTH_PASSWORD:
740 /* Password authentication */
741 SILC_LOG_DEBUG(("Password authentication"));
742 ret = silc_server_password_authentication(server, auth_data,
748 /* Authentication failed */
749 SILC_LOG_ERROR(("Authentication failed"));
750 SILC_LOG_DEBUG(("Authentication failed"));
751 silc_free(auth_data);
752 protocol->state = SILC_PROTOCOL_STATE_ERROR;
753 protocol->execute(server->timeout_queue, 0,
754 protocol, fd, 0, 300000);
758 case SILC_AUTH_PUBLIC_KEY:
759 /* Public key authentication */
760 SILC_LOG_DEBUG(("Public key authentication"));
761 ret = silc_server_public_key_authentication(server,
770 SILC_LOG_ERROR(("Authentication failed"));
771 SILC_LOG_DEBUG(("Authentication failed"));
772 silc_free(auth_data);
773 protocol->state = SILC_PROTOCOL_STATE_ERROR;
774 protocol->execute(server->timeout_queue, 0,
775 protocol, fd, 0, 300000);
779 SILC_LOG_DEBUG(("No configuration for remote connection"));
780 SILC_LOG_ERROR(("Remote connection not configured"));
781 SILC_LOG_ERROR(("Authentication failed"));
782 protocol->state = SILC_PROTOCOL_STATE_ERROR;
783 protocol->execute(server->timeout_queue, 0,
784 protocol, fd, 0, 300000);
785 silc_free(auth_data);
790 /* Remote end is router */
791 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
792 SilcServerConfigSectionServerConnection *serv = ctx->config;
795 switch(serv->auth_meth) {
797 /* No authentication required */
798 SILC_LOG_DEBUG(("No authentication required"));
801 case SILC_AUTH_PASSWORD:
802 /* Password authentication */
803 SILC_LOG_DEBUG(("Password authentication"));
804 ret = silc_server_password_authentication(server, auth_data,
810 /* Authentication failed */
811 SILC_LOG_ERROR(("Authentication failed"));
812 SILC_LOG_DEBUG(("Authentication failed"));
813 silc_free(auth_data);
814 protocol->state = SILC_PROTOCOL_STATE_ERROR;
815 protocol->execute(server->timeout_queue, 0,
816 protocol, fd, 0, 300000);
820 case SILC_AUTH_PUBLIC_KEY:
821 /* Public key authentication */
822 SILC_LOG_DEBUG(("Public key authentication"));
823 ret = silc_server_public_key_authentication(server,
832 SILC_LOG_ERROR(("Authentication failed"));
833 SILC_LOG_DEBUG(("Authentication failed"));
834 silc_free(auth_data);
835 protocol->state = SILC_PROTOCOL_STATE_ERROR;
836 protocol->execute(server->timeout_queue, 0,
837 protocol, fd, 0, 300000);
841 SILC_LOG_DEBUG(("No configuration for remote connection"));
842 SILC_LOG_ERROR(("Remote connection not configured"));
843 SILC_LOG_ERROR(("Authentication failed"));
844 silc_free(auth_data);
845 protocol->state = SILC_PROTOCOL_STATE_ERROR;
846 protocol->execute(server->timeout_queue, 0,
847 protocol, fd, 0, 300000);
852 silc_free(auth_data);
854 /* Save connection type. This is later used to create the
855 ID for the connection. */
856 ctx->conn_type = conn_type;
858 /* Advance protocol state. */
859 protocol->state = SILC_PROTOCOL_STATE_END;
860 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
864 * We are initiator. We are authenticating ourselves to a
865 * remote server. We will send the authentication data to the
866 * other end for verify.
870 unsigned char *auth_data = NULL;
871 uint32 auth_data_len = 0;
873 switch(ctx->auth_meth) {
875 /* No authentication required */
878 case SILC_AUTH_PASSWORD:
879 /* Password authentication */
880 if (ctx->auth_data && ctx->auth_data_len) {
881 auth_data = strdup(ctx->auth_data);
882 auth_data_len = ctx->auth_data_len;
887 case SILC_AUTH_PUBLIC_KEY:
889 unsigned char sign[1024];
891 /* Public key authentication */
892 silc_server_get_public_key_auth(server, ctx->auth_data,
893 sign, &auth_data_len,
895 auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
896 memcpy(auth_data, sign, auth_data_len);
901 payload_len = 4 + auth_data_len;
902 packet = silc_buffer_alloc(payload_len);
903 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
904 silc_buffer_format(packet,
905 SILC_STR_UI_SHORT(payload_len),
906 SILC_STR_UI_SHORT(server->server_type
908 SILC_SOCKET_TYPE_SERVER :
909 SILC_SOCKET_TYPE_ROUTER),
910 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
913 /* Send the packet to server */
914 silc_server_packet_send(server, ctx->sock,
915 SILC_PACKET_CONNECTION_AUTH, 0,
916 packet->data, packet->len, TRUE);
919 memset(auth_data, 0, auth_data_len);
920 silc_free(auth_data);
922 silc_buffer_free(packet);
924 /* Next state is end of protocol */
925 protocol->state = SILC_PROTOCOL_STATE_END;
930 case SILC_PROTOCOL_STATE_END:
937 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
939 /* Authentication successful */
940 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
943 /* Unregister the timeout task since the protocol has ended.
944 This was the timeout task to be executed if the protocol is
945 not completed fast enough. */
946 if (ctx->timeout_task)
947 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
949 /* Protocol has ended, call the final callback */
950 if (protocol->final_callback)
951 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
953 silc_protocol_free(protocol);
956 case SILC_PROTOCOL_STATE_ERROR:
959 * Error. Send notify to remote.
961 unsigned char error[4];
963 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
965 /* Authentication failed */
966 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
969 /* Unregister the timeout task since the protocol has ended.
970 This was the timeout task to be executed if the protocol is
971 not completed fast enough. */
972 if (ctx->timeout_task)
973 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
975 /* On error the final callback is always called. */
976 if (protocol->final_callback)
977 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
979 silc_protocol_free(protocol);
983 case SILC_PROTOCOL_STATE_FAILURE:
985 * We have received failure from remote
988 /* Unregister the timeout task since the protocol has ended.
989 This was the timeout task to be executed if the protocol is
990 not completed fast enough. */
991 if (ctx->timeout_task)
992 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
994 /* On error the final callback is always called. */
995 if (protocol->final_callback)
996 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
998 silc_protocol_free(protocol);
1001 case SILC_PROTOCOL_STATE_UNKNOWN:
1007 * Re-key protocol routines
1010 /* Actually takes the new keys into use. */
1013 silc_server_protocol_rekey_validate(SilcServer server,
1014 SilcServerRekeyInternalContext *ctx,
1015 SilcIDListData idata,
1016 SilcSKEKeyMaterial *keymat,
1019 if (ctx->responder == TRUE) {
1021 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1022 keymat->enc_key_len);
1023 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1025 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1026 keymat->enc_key_len);
1027 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1031 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1032 keymat->enc_key_len);
1033 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1035 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1036 keymat->enc_key_len);
1037 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1042 silc_hmac_alloc(idata->hmac_send->hmac->name, NULL, &idata->hmac_send);
1043 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key,
1044 keymat->hmac_key_len);
1046 silc_hmac_free(idata->hmac_receive);
1047 idata->hmac_receive = idata->hmac_send;
1050 /* Save the current sending encryption key */
1052 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1053 silc_free(idata->rekey->send_enc_key);
1054 idata->rekey->send_enc_key =
1055 silc_calloc(keymat->enc_key_len / 8,
1056 sizeof(*idata->rekey->send_enc_key));
1057 memcpy(idata->rekey->send_enc_key, keymat->send_enc_key,
1058 keymat->enc_key_len / 8);
1059 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1063 /* This function actually re-generates (when not using PFS) the keys and
1064 takes them into use. */
1066 void silc_server_protocol_rekey_generate(SilcServer server,
1067 SilcServerRekeyInternalContext *ctx,
1070 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1071 SilcSKEKeyMaterial *keymat;
1072 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1073 uint32 hash_len = idata->hash->hash->hash_len;
1075 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1076 send ? "sending" : "receiving"));
1078 /* Generate the new key */
1079 keymat = silc_calloc(1, sizeof(*keymat));
1080 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1081 idata->rekey->enc_key_len,
1082 16, key_len, hash_len,
1083 idata->hash, keymat);
1085 /* Set the keys into use */
1086 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1088 silc_ske_free_key_material(keymat);
1091 /* This function actually re-generates (with PFS) the keys and
1092 takes them into use. */
1095 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1096 SilcServerRekeyInternalContext *ctx,
1099 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1100 SilcSKEKeyMaterial *keymat;
1101 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1102 uint32 hash_len = idata->hash->hash->hash_len;
1103 unsigned char *tmpbuf;
1106 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1107 send ? "sending" : "receiving"));
1109 /* Encode KEY to binary data */
1110 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1112 /* Generate the new key */
1113 keymat = silc_calloc(1, sizeof(*keymat));
1114 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1115 idata->hash, keymat);
1117 /* Set the keys into use */
1118 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1120 memset(tmpbuf, 0, klen);
1122 silc_ske_free_key_material(keymat);
1125 /* Packet sending callback. This function is provided as packet sending
1126 routine to the Key Exchange functions. */
1129 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1131 SilcPacketType type,
1134 SilcProtocol protocol = (SilcProtocol)context;
1135 SilcServerRekeyInternalContext *ctx =
1136 (SilcServerRekeyInternalContext *)protocol->context;
1137 SilcServer server = (SilcServer)ctx->server;
1139 /* Send the packet immediately */
1140 silc_server_packet_send(server, ctx->sock,
1141 type, 0, packet->data, packet->len, FALSE);
1144 /* Performs re-key as defined in the SILC protocol specification. */
1146 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1148 SilcProtocol protocol = (SilcProtocol)context;
1149 SilcServerRekeyInternalContext *ctx =
1150 (SilcServerRekeyInternalContext *)protocol->context;
1151 SilcServer server = (SilcServer)ctx->server;
1152 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1153 SilcSKEStatus status;
1155 SILC_LOG_DEBUG(("Start"));
1157 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1158 protocol->state = SILC_PROTOCOL_STATE_START;
1160 SILC_LOG_DEBUG(("State=%d", protocol->state));
1162 switch(protocol->state) {
1163 case SILC_PROTOCOL_STATE_START:
1169 if (ctx->responder == TRUE) {
1171 * We are receiving party
1174 if (ctx->pfs == TRUE) {
1176 * Use Perfect Forward Secrecy, ie. negotiate the key material
1177 * using the SKE protocol.
1180 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1181 /* Error in protocol */
1182 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1183 protocol->execute(server->timeout_queue, 0, protocol, fd,
1187 ctx->ske = silc_ske_alloc();
1188 ctx->ske->rng = server->rng;
1189 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1190 silc_ske_get_group_by_number(idata->rekey->ske_group,
1191 &ctx->ske->prop->group);
1193 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
1194 NULL, NULL, NULL, NULL);
1195 if (status != SILC_SKE_STATUS_OK) {
1196 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1199 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1200 protocol->execute(server->timeout_queue, 0,
1201 protocol, fd, 0, 300000);
1205 /* Advance the protocol state */
1207 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
1210 * Do normal and simple re-key.
1213 /* Send the REKEY_DONE to indicate we will take new keys into use */
1214 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1217 /* After we send REKEY_DONE we must set the sending encryption
1218 key to the new key since all packets after this packet must
1219 encrypted with the new key. */
1220 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1222 /* The protocol ends in next stage. */
1223 protocol->state = SILC_PROTOCOL_STATE_END;
1228 * We are the initiator of this protocol
1231 /* Start the re-key by sending the REKEY packet */
1232 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1235 if (ctx->pfs == TRUE) {
1237 * Use Perfect Forward Secrecy, ie. negotiate the key material
1238 * using the SKE protocol.
1240 ctx->ske = silc_ske_alloc();
1241 ctx->ske->rng = server->rng;
1242 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1243 silc_ske_get_group_by_number(idata->rekey->ske_group,
1244 &ctx->ske->prop->group);
1247 silc_ske_initiator_phase_2(ctx->ske, NULL, NULL,
1248 silc_server_protocol_rekey_send_packet,
1251 if (status != SILC_SKE_STATUS_OK) {
1252 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1255 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1256 protocol->execute(server->timeout_queue, 0,
1257 protocol, fd, 0, 300000);
1261 /* Advance the protocol state */
1265 * Do normal and simple re-key.
1268 /* Send the REKEY_DONE to indicate we will take new keys into use
1270 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1273 /* After we send REKEY_DONE we must set the sending encryption
1274 key to the new key since all packets after this packet must
1275 encrypted with the new key. */
1276 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1278 /* The protocol ends in next stage. */
1279 protocol->state = SILC_PROTOCOL_STATE_END;
1287 * Second state, used only when oding re-key with PFS.
1289 if (ctx->responder == TRUE) {
1290 if (ctx->pfs == TRUE) {
1292 * Send our KE packe to the initiator now that we've processed
1293 * the initiator's KE packet.
1296 silc_ske_responder_finish(ctx->ske, NULL, NULL,
1297 SILC_SKE_PK_TYPE_SILC,
1298 silc_server_protocol_rekey_send_packet,
1301 if (status != SILC_SKE_STATUS_OK) {
1302 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1305 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1306 protocol->execute(server->timeout_queue, 0,
1307 protocol, fd, 0, 300000);
1313 if (ctx->pfs == TRUE) {
1315 * The packet type must be KE packet
1317 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1318 /* Error in protocol */
1319 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1320 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
1323 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
1324 NULL, NULL, NULL, NULL);
1325 if (status != SILC_SKE_STATUS_OK) {
1326 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1329 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1330 protocol->execute(server->timeout_queue, 0,
1331 protocol, fd, 0, 300000);
1337 /* Send the REKEY_DONE to indicate we will take new keys into use
1339 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1342 /* After we send REKEY_DONE we must set the sending encryption
1343 key to the new key since all packets after this packet must
1344 encrypted with the new key. */
1345 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1347 /* The protocol ends in next stage. */
1348 protocol->state = SILC_PROTOCOL_STATE_END;
1351 case SILC_PROTOCOL_STATE_END:
1356 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1357 /* Error in protocol */
1358 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1359 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
1362 /* We received the REKEY_DONE packet and all packets after this is
1363 encrypted with the new key so set the decryption key to the new key */
1364 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1366 /* Protocol has ended, call the final callback */
1367 if (protocol->final_callback)
1368 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1370 silc_protocol_free(protocol);
1373 case SILC_PROTOCOL_STATE_ERROR:
1378 if (ctx->pfs == TRUE) {
1379 /* Send abort notification */
1380 silc_ske_abort(ctx->ske, ctx->ske->status,
1381 silc_server_protocol_ke_send_packet,
1385 /* On error the final callback is always called. */
1386 if (protocol->final_callback)
1387 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1389 silc_protocol_free(protocol);
1392 case SILC_PROTOCOL_STATE_FAILURE:
1394 * We have received failure from remote
1397 /* On error the final callback is always called. */
1398 if (protocol->final_callback)
1399 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1401 silc_protocol_free(protocol);
1404 case SILC_PROTOCOL_STATE_UNKNOWN:
1410 /* Registers protocols used in server. */
1412 void silc_server_protocols_register(void)
1414 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1415 silc_server_protocol_connection_auth);
1416 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1417 silc_server_protocol_key_exchange);
1418 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1419 silc_server_protocol_rekey);
1422 /* Unregisters protocols */
1424 void silc_server_protocols_unregister(void)
1426 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1427 silc_server_protocol_connection_auth);
1428 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1429 silc_server_protocol_key_exchange);
1430 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1431 silc_server_protocol_rekey);