5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
38 /* Packet sending callback. This function is provided as packet sending
39 routine to the Key Exchange functions. */
41 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
46 SilcProtocol protocol = (SilcProtocol)context;
47 SilcServerKEInternalContext *ctx =
48 (SilcServerKEInternalContext *)protocol->context;
49 SilcServer server = (SilcServer)ctx->server;
51 /* Send the packet immediately */
52 silc_server_packet_send(server, ske->sock,
53 type, 0, packet->data, packet->len, TRUE);
56 /* Sets the negotiated key material into use for particular connection. */
58 int silc_server_protocol_ke_set_keys(SilcSKE ske,
59 SilcSocketConnection sock,
60 SilcSKEKeyMaterial *keymat,
65 SilcSKEDiffieHellmanGroup group,
68 SilcUnknownEntry conn_data;
71 SILC_LOG_DEBUG(("Setting new key into use"));
73 conn_data = silc_calloc(1, sizeof(*conn_data));
74 idata = (SilcIDListData)conn_data;
76 /* Allocate cipher to be used in the communication */
77 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
81 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
86 if (is_responder == TRUE) {
87 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
89 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
90 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
92 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
94 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
96 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
97 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
99 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
102 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
103 idata->rekey->send_enc_key =
104 silc_calloc(keymat->enc_key_len / 8,
105 sizeof(*idata->rekey->send_enc_key));
106 memcpy(idata->rekey->send_enc_key,
107 keymat->send_enc_key, keymat->enc_key_len / 8);
108 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
110 if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
111 idata->rekey->pfs = TRUE;
112 idata->rekey->ske_group = silc_ske_group_get_number(group);
114 /* Save the remote host's public key */
115 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
116 ske->ke1_payload->pk_len, &idata->public_key);
119 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
120 silc_cipher_free(idata->send_key);
121 silc_cipher_free(idata->receive_key);
122 silc_free(conn_data);
126 /* Save HMAC key to be used in the communication. */
127 if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac_send)) {
128 silc_cipher_free(idata->send_key);
129 silc_cipher_free(idata->receive_key);
130 silc_hash_free(idata->hash);
131 silc_free(conn_data);
134 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key, keymat->hmac_key_len);
135 idata->hmac_receive = idata->hmac_send;
137 sock->user_data = (void *)conn_data;
142 /* Check remote host version string */
144 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
147 SilcSKEStatus status = SILC_SKE_STATUS_OK;
149 int maj = 0, min = 0, build = 0, maj2, min2, build2;
151 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
152 ske->sock->ip, version));
154 /* Check for initial version string */
155 if (!strstr(version, "SILC-1.0-"))
156 status = SILC_SKE_STATUS_BAD_VERSION;
158 /* Check software version */
160 if (len < strlen(silc_version_string))
161 status = SILC_SKE_STATUS_BAD_VERSION;
165 cp = strchr(cp, '.');
171 cp = strchr(cp, '.');
173 build = atoi(cp + 1);
176 cp = silc_version_string + 9;
178 cp = strchr(cp, '.');
184 cp = strchr(cp, '.');
186 build2 = atoi(cp + 1);
190 status = SILC_SKE_STATUS_BAD_VERSION;
193 status = SILC_SKE_STATUS_BAD_VERSION;
199 /* Performs key exchange protocol. This is used for both initiator
200 and responder key exchange. This is performed always when accepting
201 new connection to the server. This may be called recursively. */
203 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
205 SilcProtocol protocol = (SilcProtocol)context;
206 SilcServerKEInternalContext *ctx =
207 (SilcServerKEInternalContext *)protocol->context;
208 SilcServer server = (SilcServer)ctx->server;
209 SilcSKEStatus status = 0;
211 SILC_LOG_DEBUG(("Start"));
213 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
214 protocol->state = SILC_PROTOCOL_STATE_START;
216 SILC_LOG_DEBUG(("State=%d", protocol->state));
218 switch(protocol->state) {
219 case SILC_PROTOCOL_STATE_START:
226 /* Allocate Key Exchange object */
227 ske = silc_ske_alloc();
229 ske->rng = server->rng;
231 if (ctx->responder == TRUE) {
232 /* Start the key exchange by processing the received security
233 properties packet from initiator. */
234 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
236 ctx->packet->buffer, FALSE,
239 SilcSKEStartPayload *start_payload;
241 /* Assemble security properties. */
242 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
246 /* Start the key exchange by sending our security properties
247 to the remote end. */
248 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
250 silc_server_protocol_ke_send_packet,
254 if (status != SILC_SKE_STATUS_OK) {
255 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
257 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
260 protocol->state = SILC_PROTOCOL_STATE_ERROR;
261 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
265 /* Advance protocol state and call the next state if we are responder */
267 if (ctx->responder == TRUE)
268 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
276 if (ctx->responder == TRUE) {
277 /* Sends the selected security properties to the initiator. */
279 silc_ske_responder_phase_1(ctx->ske,
280 ctx->ske->start_payload,
281 silc_server_protocol_ke_send_packet,
284 /* Call Phase-1 function. This processes the Key Exchange Start
285 paylaod reply we just got from the responder. The callback
286 function will receive the processed payload where we will
288 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer,
292 if (status != SILC_SKE_STATUS_OK) {
293 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
295 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
298 protocol->state = SILC_PROTOCOL_STATE_ERROR;
299 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
303 /* Advance protocol state and call next state if we are initiator */
305 if (ctx->responder == FALSE)
306 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
314 if (ctx->responder == TRUE) {
315 /* Process the received Key Exchange 1 Payload packet from
316 the initiator. This also creates our parts of the Diffie
317 Hellman algorithm. */
318 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
319 NULL, NULL, NULL, NULL);
321 /* Call the Phase-2 function. This creates Diffie Hellman
322 key exchange parameters and sends our public part inside
323 Key Exhange 1 Payload to the responder. */
325 silc_ske_initiator_phase_2(ctx->ske,
328 silc_server_protocol_ke_send_packet,
332 if (status != SILC_SKE_STATUS_OK) {
333 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
335 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
338 protocol->state = SILC_PROTOCOL_STATE_ERROR;
339 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
343 /* Advance protocol state and call the next state if we are responder */
345 if (ctx->responder == TRUE)
346 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
354 if (ctx->responder == TRUE) {
355 /* This creates the key exchange material and sends our
356 public parts to the initiator inside Key Exchange 2 Payload. */
358 silc_ske_responder_finish(ctx->ske,
359 server->public_key, server->private_key,
360 SILC_SKE_PK_TYPE_SILC,
361 silc_server_protocol_ke_send_packet,
364 /* Finish the protocol. This verifies the Key Exchange 2 payload
365 sent by responder. */
366 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
367 NULL, NULL, NULL, NULL);
370 if (status != SILC_SKE_STATUS_OK) {
371 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
373 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
376 protocol->state = SILC_PROTOCOL_STATE_ERROR;
377 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
381 /* Send Ok to the other end. We will end the protocol as responder
382 sends Ok to us when we will take the new keys into use. */
383 if (ctx->responder == FALSE)
384 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
386 /* End the protocol on the next round */
387 protocol->state = SILC_PROTOCOL_STATE_END;
391 case SILC_PROTOCOL_STATE_END:
396 SilcSKEKeyMaterial *keymat;
397 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
398 int hash_len = ctx->ske->prop->hash->hash->hash_len;
400 /* Process the key material */
401 keymat = silc_calloc(1, sizeof(*keymat));
402 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
404 if (status != SILC_SKE_STATUS_OK) {
405 protocol->state = SILC_PROTOCOL_STATE_ERROR;
406 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
407 silc_ske_free_key_material(keymat);
410 ctx->keymat = keymat;
412 /* Send Ok to the other end if we are responder. If we are initiator
413 we have sent this already. */
414 if (ctx->responder == TRUE)
415 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
417 /* Unregister the timeout task since the protocol has ended.
418 This was the timeout task to be executed if the protocol is
419 not completed fast enough. */
420 if (ctx->timeout_task)
421 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
423 /* Call the final callback */
424 if (protocol->final_callback)
425 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
427 silc_protocol_free(protocol);
431 case SILC_PROTOCOL_STATE_ERROR:
436 /* Send abort notification */
437 silc_ske_abort(ctx->ske, ctx->ske->status,
438 silc_server_protocol_ke_send_packet,
441 /* Unregister the timeout task since the protocol has ended.
442 This was the timeout task to be executed if the protocol is
443 not completed fast enough. */
444 if (ctx->timeout_task)
445 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
447 /* On error the final callback is always called. */
448 if (protocol->final_callback)
449 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
451 silc_protocol_free(protocol);
454 case SILC_PROTOCOL_STATE_FAILURE:
456 * We have received failure from remote
459 /* Unregister the timeout task since the protocol has ended.
460 This was the timeout task to be executed if the protocol is
461 not completed fast enough. */
462 if (ctx->timeout_task)
463 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
465 /* On error the final callback is always called. */
466 if (protocol->final_callback)
467 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
469 silc_protocol_free(protocol);
472 case SILC_PROTOCOL_STATE_UNKNOWN:
478 * Connection Authentication protocol functions
482 silc_server_password_authentication(SilcServer server, char *auth1,
485 if (!auth1 || !auth2)
488 if (!memcmp(auth1, auth2, strlen(auth1)))
495 silc_server_public_key_authentication(SilcServer server,
496 SilcPublicKey pub_key,
505 if (!pub_key || !sign)
508 silc_pkcs_alloc(pub_key->name, &pkcs);
509 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
510 silc_pkcs_free(pkcs);
514 /* Make the authentication data. Protocol says it is HASH plus
516 len = ske->hash_len + ske->start_payload_copy->len;
517 auth = silc_buffer_alloc(len);
518 silc_buffer_pull_tail(auth, len);
519 silc_buffer_format(auth,
520 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
521 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
522 ske->start_payload_copy->len),
525 /* Verify signature */
526 if (silc_pkcs_verify(pkcs, sign, sign_len, auth->data, auth->len)) {
527 silc_pkcs_free(pkcs);
528 silc_buffer_free(auth);
532 silc_pkcs_free(pkcs);
533 silc_buffer_free(auth);
538 silc_server_get_public_key_auth(SilcServer server,
539 SilcPublicKey pub_key,
540 unsigned char *auth_data,
541 uint32 *auth_data_len,
551 silc_pkcs_alloc(pub_key->name, &pkcs);
552 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
553 silc_pkcs_free(pkcs);
557 /* Make the authentication data. Protocol says it is HASH plus
559 len = ske->hash_len + ske->start_payload_copy->len;
560 auth = silc_buffer_alloc(len);
561 silc_buffer_pull_tail(auth, len);
562 silc_buffer_format(auth,
563 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
564 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
565 ske->start_payload_copy->len),
568 if (silc_pkcs_sign(pkcs, auth->data, auth->len, auth_data, auth_data_len)) {
569 silc_pkcs_free(pkcs);
570 silc_buffer_free(auth);
574 silc_pkcs_free(pkcs);
575 silc_buffer_free(auth);
579 /* Performs connection authentication protocol. If responder, we
580 authenticate the remote data received. If initiator, we will send
581 authentication data to the remote end. */
583 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
585 SilcProtocol protocol = (SilcProtocol)context;
586 SilcServerConnAuthInternalContext *ctx =
587 (SilcServerConnAuthInternalContext *)protocol->context;
588 SilcServer server = (SilcServer)ctx->server;
590 SILC_LOG_DEBUG(("Start"));
592 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
593 protocol->state = SILC_PROTOCOL_STATE_START;
595 SILC_LOG_DEBUG(("State=%d", protocol->state));
597 switch(protocol->state) {
598 case SILC_PROTOCOL_STATE_START:
604 if (ctx->responder == TRUE) {
606 * We are receiving party
611 unsigned char *auth_data = NULL;
613 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
614 ctx->sock->hostname, ctx->sock->ip));
616 /* Parse the received authentication data packet. The received
617 payload is Connection Auth Payload. */
618 ret = silc_buffer_unformat(ctx->packet->buffer,
619 SILC_STR_UI_SHORT(&payload_len),
620 SILC_STR_UI_SHORT(&conn_type),
623 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
624 protocol->state = SILC_PROTOCOL_STATE_ERROR;
625 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
629 if (payload_len != ctx->packet->buffer->len) {
630 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
631 protocol->state = SILC_PROTOCOL_STATE_ERROR;
632 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
638 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
639 conn_type > SILC_SOCKET_TYPE_ROUTER) {
640 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
641 protocol->state = SILC_PROTOCOL_STATE_ERROR;
642 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
646 if (payload_len > 0) {
647 /* Get authentication data */
648 silc_buffer_pull(ctx->packet->buffer, 4);
649 ret = silc_buffer_unformat(ctx->packet->buffer,
650 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
654 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
655 protocol->state = SILC_PROTOCOL_STATE_ERROR;
656 protocol->execute(server->timeout_queue, 0,
657 protocol, fd, 0, 300000);
663 * Check the remote connection type and make sure that we have
664 * configured this connection. If we haven't allowed this connection
665 * the authentication must be failed.
668 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
670 /* Remote end is client */
671 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
672 SilcServerConfigSectionClientConnection *client = ctx->cconfig;
675 switch(client->auth_meth) {
677 /* No authentication required */
678 SILC_LOG_DEBUG(("No authentication required"));
681 case SILC_AUTH_PASSWORD:
682 /* Password authentication */
683 SILC_LOG_DEBUG(("Password authentication"));
684 ret = silc_server_password_authentication(server, auth_data,
690 /* Authentication failed */
691 SILC_LOG_ERROR(("Authentication failed"));
692 SILC_LOG_DEBUG(("Authentication failed"));
693 silc_free(auth_data);
694 protocol->state = SILC_PROTOCOL_STATE_ERROR;
695 protocol->execute(server->timeout_queue, 0,
696 protocol, fd, 0, 300000);
700 case SILC_AUTH_PUBLIC_KEY:
701 /* Public key authentication */
702 SILC_LOG_DEBUG(("Public key authentication"));
703 ret = silc_server_public_key_authentication(server,
712 SILC_LOG_ERROR(("Authentication failed"));
713 SILC_LOG_DEBUG(("Authentication failed"));
714 silc_free(auth_data);
715 protocol->state = SILC_PROTOCOL_STATE_ERROR;
716 protocol->execute(server->timeout_queue, 0,
717 protocol, fd, 0, 300000);
721 SILC_LOG_DEBUG(("No configuration for remote connection"));
722 SILC_LOG_ERROR(("Remote connection not configured"));
723 SILC_LOG_ERROR(("Authentication failed"));
724 silc_free(auth_data);
725 protocol->state = SILC_PROTOCOL_STATE_ERROR;
726 protocol->execute(server->timeout_queue, 0,
727 protocol, fd, 0, 300000);
732 /* Remote end is server */
733 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
734 SilcServerConfigSectionServerConnection *serv = ctx->sconfig;
737 switch(serv->auth_meth) {
739 /* No authentication required */
740 SILC_LOG_DEBUG(("No authentication required"));
743 case SILC_AUTH_PASSWORD:
744 /* Password authentication */
745 SILC_LOG_DEBUG(("Password authentication"));
746 ret = silc_server_password_authentication(server, auth_data,
752 /* Authentication failed */
753 SILC_LOG_ERROR(("Authentication failed"));
754 SILC_LOG_DEBUG(("Authentication failed"));
755 silc_free(auth_data);
756 protocol->state = SILC_PROTOCOL_STATE_ERROR;
757 protocol->execute(server->timeout_queue, 0,
758 protocol, fd, 0, 300000);
762 case SILC_AUTH_PUBLIC_KEY:
763 /* Public key authentication */
764 SILC_LOG_DEBUG(("Public key authentication"));
765 ret = silc_server_public_key_authentication(server,
774 SILC_LOG_ERROR(("Authentication failed"));
775 SILC_LOG_DEBUG(("Authentication failed"));
776 silc_free(auth_data);
777 protocol->state = SILC_PROTOCOL_STATE_ERROR;
778 protocol->execute(server->timeout_queue, 0,
779 protocol, fd, 0, 300000);
783 SILC_LOG_DEBUG(("No configuration for remote connection"));
784 SILC_LOG_ERROR(("Remote connection not configured"));
785 SILC_LOG_ERROR(("Authentication failed"));
786 protocol->state = SILC_PROTOCOL_STATE_ERROR;
787 protocol->execute(server->timeout_queue, 0,
788 protocol, fd, 0, 300000);
789 silc_free(auth_data);
794 /* Remote end is router */
795 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
796 SilcServerConfigSectionServerConnection *serv = ctx->rconfig;
799 switch(serv->auth_meth) {
801 /* No authentication required */
802 SILC_LOG_DEBUG(("No authentication required"));
805 case SILC_AUTH_PASSWORD:
806 /* Password authentication */
807 SILC_LOG_DEBUG(("Password authentication"));
808 ret = silc_server_password_authentication(server, auth_data,
814 /* Authentication failed */
815 SILC_LOG_ERROR(("Authentication failed"));
816 SILC_LOG_DEBUG(("Authentication failed"));
817 silc_free(auth_data);
818 protocol->state = SILC_PROTOCOL_STATE_ERROR;
819 protocol->execute(server->timeout_queue, 0,
820 protocol, fd, 0, 300000);
824 case SILC_AUTH_PUBLIC_KEY:
825 /* Public key authentication */
826 SILC_LOG_DEBUG(("Public key authentication"));
827 ret = silc_server_public_key_authentication(server,
836 SILC_LOG_ERROR(("Authentication failed"));
837 SILC_LOG_DEBUG(("Authentication failed"));
838 silc_free(auth_data);
839 protocol->state = SILC_PROTOCOL_STATE_ERROR;
840 protocol->execute(server->timeout_queue, 0,
841 protocol, fd, 0, 300000);
845 SILC_LOG_DEBUG(("No configuration for remote connection"));
846 SILC_LOG_ERROR(("Remote connection not configured"));
847 SILC_LOG_ERROR(("Authentication failed"));
848 silc_free(auth_data);
849 protocol->state = SILC_PROTOCOL_STATE_ERROR;
850 protocol->execute(server->timeout_queue, 0,
851 protocol, fd, 0, 300000);
856 silc_free(auth_data);
858 /* Save connection type. This is later used to create the
859 ID for the connection. */
860 ctx->conn_type = conn_type;
862 /* Advance protocol state. */
863 protocol->state = SILC_PROTOCOL_STATE_END;
864 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
868 * We are initiator. We are authenticating ourselves to a
869 * remote server. We will send the authentication data to the
870 * other end for verify.
874 unsigned char *auth_data = NULL;
875 uint32 auth_data_len = 0;
877 switch(ctx->auth_meth) {
879 /* No authentication required */
882 case SILC_AUTH_PASSWORD:
883 /* Password authentication */
884 if (ctx->auth_data && ctx->auth_data_len) {
885 auth_data = strdup(ctx->auth_data);
886 auth_data_len = ctx->auth_data_len;
891 case SILC_AUTH_PUBLIC_KEY:
893 unsigned char sign[1024];
895 /* Public key authentication */
896 silc_server_get_public_key_auth(server, ctx->auth_data,
897 sign, &auth_data_len,
899 auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
900 memcpy(auth_data, sign, auth_data_len);
905 payload_len = 4 + auth_data_len;
906 packet = silc_buffer_alloc(payload_len);
907 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
908 silc_buffer_format(packet,
909 SILC_STR_UI_SHORT(payload_len),
910 SILC_STR_UI_SHORT(server->server_type
912 SILC_SOCKET_TYPE_SERVER :
913 SILC_SOCKET_TYPE_ROUTER),
914 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
917 /* Send the packet to server */
918 silc_server_packet_send(server, ctx->sock,
919 SILC_PACKET_CONNECTION_AUTH, 0,
920 packet->data, packet->len, TRUE);
923 memset(auth_data, 0, auth_data_len);
924 silc_free(auth_data);
926 silc_buffer_free(packet);
928 /* Next state is end of protocol */
929 protocol->state = SILC_PROTOCOL_STATE_END;
934 case SILC_PROTOCOL_STATE_END:
941 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
943 /* Authentication successful */
944 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
947 /* Unregister the timeout task since the protocol has ended.
948 This was the timeout task to be executed if the protocol is
949 not completed fast enough. */
950 if (ctx->timeout_task)
951 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
953 /* Protocol has ended, call the final callback */
954 if (protocol->final_callback)
955 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
957 silc_protocol_free(protocol);
960 case SILC_PROTOCOL_STATE_ERROR:
963 * Error. Send notify to remote.
965 unsigned char error[4];
967 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
969 /* Authentication failed */
970 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
973 /* Unregister the timeout task since the protocol has ended.
974 This was the timeout task to be executed if the protocol is
975 not completed fast enough. */
976 if (ctx->timeout_task)
977 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
979 /* On error the final callback is always called. */
980 if (protocol->final_callback)
981 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
983 silc_protocol_free(protocol);
987 case SILC_PROTOCOL_STATE_FAILURE:
989 * We have received failure from remote
992 /* Unregister the timeout task since the protocol has ended.
993 This was the timeout task to be executed if the protocol is
994 not completed fast enough. */
995 if (ctx->timeout_task)
996 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
998 /* On error the final callback is always called. */
999 if (protocol->final_callback)
1000 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1002 silc_protocol_free(protocol);
1005 case SILC_PROTOCOL_STATE_UNKNOWN:
1011 * Re-key protocol routines
1014 /* Actually takes the new keys into use. */
1017 silc_server_protocol_rekey_validate(SilcServer server,
1018 SilcServerRekeyInternalContext *ctx,
1019 SilcIDListData idata,
1020 SilcSKEKeyMaterial *keymat,
1023 if (ctx->responder == TRUE) {
1025 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1026 keymat->enc_key_len);
1027 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1029 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1030 keymat->enc_key_len);
1031 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1035 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1036 keymat->enc_key_len);
1037 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1039 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1040 keymat->enc_key_len);
1041 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1046 silc_hmac_alloc(idata->hmac_send->hmac->name, NULL, &idata->hmac_send);
1047 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key,
1048 keymat->hmac_key_len);
1050 silc_hmac_free(idata->hmac_receive);
1051 idata->hmac_receive = idata->hmac_send;
1054 /* Save the current sending encryption key */
1056 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1057 silc_free(idata->rekey->send_enc_key);
1058 idata->rekey->send_enc_key =
1059 silc_calloc(keymat->enc_key_len / 8,
1060 sizeof(*idata->rekey->send_enc_key));
1061 memcpy(idata->rekey->send_enc_key, keymat->send_enc_key,
1062 keymat->enc_key_len / 8);
1063 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1067 /* This function actually re-generates (when not using PFS) the keys and
1068 takes them into use. */
1070 void silc_server_protocol_rekey_generate(SilcServer server,
1071 SilcServerRekeyInternalContext *ctx,
1074 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1075 SilcSKEKeyMaterial *keymat;
1076 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1077 uint32 hash_len = idata->hash->hash->hash_len;
1079 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1080 send ? "sending" : "receiving"));
1082 /* Generate the new key */
1083 keymat = silc_calloc(1, sizeof(*keymat));
1084 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1085 idata->rekey->enc_key_len,
1086 16, key_len, hash_len,
1087 idata->hash, keymat);
1089 /* Set the keys into use */
1090 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1092 silc_ske_free_key_material(keymat);
1095 /* This function actually re-generates (with PFS) the keys and
1096 takes them into use. */
1099 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1100 SilcServerRekeyInternalContext *ctx,
1103 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1104 SilcSKEKeyMaterial *keymat;
1105 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1106 uint32 hash_len = idata->hash->hash->hash_len;
1107 unsigned char *tmpbuf;
1110 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1111 send ? "sending" : "receiving"));
1113 /* Encode KEY to binary data */
1114 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1116 /* Generate the new key */
1117 keymat = silc_calloc(1, sizeof(*keymat));
1118 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1119 idata->hash, keymat);
1121 /* Set the keys into use */
1122 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1124 memset(tmpbuf, 0, klen);
1126 silc_ske_free_key_material(keymat);
1129 /* Packet sending callback. This function is provided as packet sending
1130 routine to the Key Exchange functions. */
1133 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1135 SilcPacketType type,
1138 SilcProtocol protocol = (SilcProtocol)context;
1139 SilcServerRekeyInternalContext *ctx =
1140 (SilcServerRekeyInternalContext *)protocol->context;
1141 SilcServer server = (SilcServer)ctx->server;
1143 /* Send the packet immediately */
1144 silc_server_packet_send(server, ctx->sock,
1145 type, 0, packet->data, packet->len, FALSE);
1148 /* Performs re-key as defined in the SILC protocol specification. */
1150 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1152 SilcProtocol protocol = (SilcProtocol)context;
1153 SilcServerRekeyInternalContext *ctx =
1154 (SilcServerRekeyInternalContext *)protocol->context;
1155 SilcServer server = (SilcServer)ctx->server;
1156 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1157 SilcSKEStatus status;
1159 SILC_LOG_DEBUG(("Start"));
1161 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1162 protocol->state = SILC_PROTOCOL_STATE_START;
1164 SILC_LOG_DEBUG(("State=%d", protocol->state));
1166 switch(protocol->state) {
1167 case SILC_PROTOCOL_STATE_START:
1173 if (ctx->responder == TRUE) {
1175 * We are receiving party
1178 if (ctx->pfs == TRUE) {
1180 * Use Perfect Forward Secrecy, ie. negotiate the key material
1181 * using the SKE protocol.
1184 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1185 /* Error in protocol */
1186 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1187 protocol->execute(server->timeout_queue, 0, protocol, fd,
1191 ctx->ske = silc_ske_alloc();
1192 ctx->ske->rng = server->rng;
1193 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1194 silc_ske_get_group_by_number(idata->rekey->ske_group,
1195 &ctx->ske->prop->group);
1197 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
1198 NULL, NULL, NULL, NULL);
1199 if (status != SILC_SKE_STATUS_OK) {
1200 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1203 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1204 protocol->execute(server->timeout_queue, 0,
1205 protocol, fd, 0, 300000);
1209 /* Advance the protocol state */
1211 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
1214 * Do normal and simple re-key.
1217 /* Send the REKEY_DONE to indicate we will take new keys into use */
1218 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1221 /* After we send REKEY_DONE we must set the sending encryption
1222 key to the new key since all packets after this packet must
1223 encrypted with the new key. */
1224 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1226 /* The protocol ends in next stage. */
1227 protocol->state = SILC_PROTOCOL_STATE_END;
1232 * We are the initiator of this protocol
1235 /* Start the re-key by sending the REKEY packet */
1236 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1239 if (ctx->pfs == TRUE) {
1241 * Use Perfect Forward Secrecy, ie. negotiate the key material
1242 * using the SKE protocol.
1244 ctx->ske = silc_ske_alloc();
1245 ctx->ske->rng = server->rng;
1246 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1247 silc_ske_get_group_by_number(idata->rekey->ske_group,
1248 &ctx->ske->prop->group);
1251 silc_ske_initiator_phase_2(ctx->ske, NULL, NULL,
1252 silc_server_protocol_rekey_send_packet,
1255 if (status != SILC_SKE_STATUS_OK) {
1256 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1259 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1260 protocol->execute(server->timeout_queue, 0,
1261 protocol, fd, 0, 300000);
1265 /* Advance the protocol state */
1269 * Do normal and simple re-key.
1272 /* Send the REKEY_DONE to indicate we will take new keys into use
1274 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1277 /* After we send REKEY_DONE we must set the sending encryption
1278 key to the new key since all packets after this packet must
1279 encrypted with the new key. */
1280 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1282 /* The protocol ends in next stage. */
1283 protocol->state = SILC_PROTOCOL_STATE_END;
1291 * Second state, used only when oding re-key with PFS.
1293 if (ctx->responder == TRUE) {
1294 if (ctx->pfs == TRUE) {
1296 * Send our KE packe to the initiator now that we've processed
1297 * the initiator's KE packet.
1300 silc_ske_responder_finish(ctx->ske, NULL, NULL,
1301 SILC_SKE_PK_TYPE_SILC,
1302 silc_server_protocol_rekey_send_packet,
1305 if (status != SILC_SKE_STATUS_OK) {
1306 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1309 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1310 protocol->execute(server->timeout_queue, 0,
1311 protocol, fd, 0, 300000);
1317 if (ctx->pfs == TRUE) {
1319 * The packet type must be KE packet
1321 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1322 /* Error in protocol */
1323 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1324 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
1327 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
1328 NULL, NULL, NULL, NULL);
1329 if (status != SILC_SKE_STATUS_OK) {
1330 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1333 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1334 protocol->execute(server->timeout_queue, 0,
1335 protocol, fd, 0, 300000);
1341 /* Send the REKEY_DONE to indicate we will take new keys into use
1343 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1346 /* After we send REKEY_DONE we must set the sending encryption
1347 key to the new key since all packets after this packet must
1348 encrypted with the new key. */
1349 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1351 /* The protocol ends in next stage. */
1352 protocol->state = SILC_PROTOCOL_STATE_END;
1355 case SILC_PROTOCOL_STATE_END:
1360 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1361 /* Error in protocol */
1362 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1363 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
1366 /* We received the REKEY_DONE packet and all packets after this is
1367 encrypted with the new key so set the decryption key to the new key */
1368 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1370 /* Protocol has ended, call the final callback */
1371 if (protocol->final_callback)
1372 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1374 silc_protocol_free(protocol);
1377 case SILC_PROTOCOL_STATE_ERROR:
1382 if (ctx->pfs == TRUE) {
1383 /* Send abort notification */
1384 silc_ske_abort(ctx->ske, ctx->ske->status,
1385 silc_server_protocol_ke_send_packet,
1389 /* On error the final callback is always called. */
1390 if (protocol->final_callback)
1391 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1393 silc_protocol_free(protocol);
1396 case SILC_PROTOCOL_STATE_FAILURE:
1398 * We have received failure from remote
1401 /* On error the final callback is always called. */
1402 if (protocol->final_callback)
1403 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1405 silc_protocol_free(protocol);
1408 case SILC_PROTOCOL_STATE_UNKNOWN:
1414 /* Registers protocols used in server. */
1416 void silc_server_protocols_register(void)
1418 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1419 silc_server_protocol_connection_auth);
1420 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1421 silc_server_protocol_key_exchange);
1422 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1423 silc_server_protocol_rekey);
1426 /* Unregisters protocols */
1428 void silc_server_protocols_unregister(void)
1430 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1431 silc_server_protocol_connection_auth);
1432 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1433 silc_server_protocol_key_exchange);
1434 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1435 silc_server_protocol_rekey);