5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
39 silc_verify_public_key_internal(SilcServer server, SilcSocketConnection sock,
40 SilcSocketType conn_type,
41 unsigned char *pk, uint32 pk_len,
42 SilcSKEPKType pk_type)
44 char file[256], filename[256], *fingerprint;
47 if (pk_type != SILC_SKE_PK_TYPE_SILC) {
48 SILC_LOG_WARNING(("We don't support %s (%s) port %d public key type %d",
49 sock->hostname, sock->ip, sock->port, pk_type));
53 /* Accept client keys without verification */
54 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
55 SILC_LOG_DEBUG(("Accepting client public key without verification"));
59 memset(filename, 0, sizeof(filename));
60 memset(file, 0, sizeof(file));
61 snprintf(file, sizeof(file) - 1, "serverkey_%s_%d.pub", sock->hostname,
63 snprintf(filename, sizeof(filename) - 1, SILC_ETCDIR "/serverkeys/%s",
66 /* Create serverkeys directory if it doesn't exist. */
67 if (stat(SILC_ETCDIR "/serverkeys", &st) < 0) {
68 /* If dir doesn't exist */
69 if (errno == ENOENT) {
70 if (mkdir(SILC_ETCDIR "/serverkeys", 0755) < 0) {
71 SILC_LOG_ERROR(("Couldn't create `%s' directory\n",
72 SILC_ETCDIR "/serverkeys"));
76 SILC_LOG_ERROR(("%s\n", strerror(errno)));
81 /* Take fingerprint of the public key */
82 fingerprint = silc_hash_fingerprint(NULL, pk, pk_len);
83 SILC_LOG_DEBUG(("Received server %s (%s) port %d public key (%s)",
84 sock->hostname, sock->ip, sock->port, fingerprint));
85 silc_free(fingerprint);
87 /* Check whether this key already exists */
88 if (stat(filename, &st) < 0) {
89 /* We don't have it, then cache it. */
90 SILC_LOG_DEBUG(("New public key from server"));
92 silc_pkcs_save_public_key_data(filename, pk, pk_len,
96 /* The key already exists, verify it. */
97 SilcPublicKey public_key;
101 SILC_LOG_DEBUG(("We have the public key saved locally"));
103 /* Load the key file */
104 if (!silc_pkcs_load_public_key(filename, &public_key,
106 if (!silc_pkcs_load_public_key(filename, &public_key,
107 SILC_PKCS_FILE_BIN)) {
108 SILC_LOG_WARNING(("Could not load local copy of the %s (%s) port %d "
109 "server public key", sock->hostname, sock->ip,
112 /* Save the key for future checking */
114 silc_pkcs_save_public_key_data(filename, pk, pk_len,
119 /* Encode the key data */
120 encpk = silc_pkcs_public_key_encode(public_key, &encpk_len);
122 SILC_LOG_WARNING(("Local copy of the server %s (%s) port %d public key "
123 "is malformed", sock->hostname, sock->ip, sock->port));
125 /* Save the key for future checking */
127 silc_pkcs_save_public_key_data(filename, pk, pk_len,
132 if (memcmp(encpk, pk, encpk_len)) {
133 SILC_LOG_WARNING(("%s (%s) port %d server public key does not match "
134 "with local copy", sock->hostname, sock->ip,
136 SILC_LOG_WARNING(("It is possible that the key has expired or changed"));
137 SILC_LOG_WARNING(("It is also possible that some one is performing "
138 "man-in-the-middle attack"));
139 SILC_LOG_WARNING(("Will not accept the server %s (%s) port %d public "
141 sock->hostname, sock->ip, sock->port));
145 /* Local copy matched */
150 /* Callback that is called when we have received KE2 payload from
151 responder. We try to verify the public key now. */
154 silc_server_protocol_ke_verify_key(SilcSKE ske,
155 unsigned char *pk_data,
157 SilcSKEPKType pk_type,
159 SilcSKEVerifyCbCompletion completion,
160 void *completion_context)
162 SilcProtocol protocol = (SilcProtocol)context;
163 SilcServerKEInternalContext *ctx =
164 (SilcServerKEInternalContext *)protocol->context;
165 SilcServer server = (SilcServer)ctx->server;
167 SILC_LOG_DEBUG(("Start"));
169 if (silc_verify_public_key_internal(server, ctx->sock,
170 (ctx->responder == FALSE ?
171 SILC_SOCKET_TYPE_ROUTER:
172 ctx->sconfig ? SILC_SOCKET_TYPE_SERVER :
173 ctx->rconfig ? SILC_SOCKET_TYPE_ROUTER :
174 SILC_SOCKET_TYPE_CLIENT),
175 pk_data, pk_len, pk_type))
176 completion(ske, SILC_SKE_STATUS_OK, completion_context);
178 completion(ske, SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY,
182 /* Packet sending callback. This function is provided as packet sending
183 routine to the Key Exchange functions. */
185 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
190 SilcProtocol protocol = (SilcProtocol)context;
191 SilcServerKEInternalContext *ctx =
192 (SilcServerKEInternalContext *)protocol->context;
193 SilcServer server = (SilcServer)ctx->server;
195 /* Send the packet immediately */
196 silc_server_packet_send(server, ske->sock,
197 type, 0, packet->data, packet->len, TRUE);
200 /* Sets the negotiated key material into use for particular connection. */
202 int silc_server_protocol_ke_set_keys(SilcSKE ske,
203 SilcSocketConnection sock,
204 SilcSKEKeyMaterial *keymat,
209 SilcSKEDiffieHellmanGroup group,
212 SilcUnknownEntry conn_data;
213 SilcIDListData idata;
215 SILC_LOG_DEBUG(("Setting new key into use"));
217 conn_data = silc_calloc(1, sizeof(*conn_data));
218 idata = (SilcIDListData)conn_data;
220 /* Allocate cipher to be used in the communication */
221 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
222 silc_free(conn_data);
225 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
226 silc_free(conn_data);
230 if (is_responder == TRUE) {
231 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
232 keymat->enc_key_len);
233 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
234 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
235 keymat->enc_key_len);
236 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
238 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
239 keymat->enc_key_len);
240 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
241 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
242 keymat->enc_key_len);
243 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
246 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
247 idata->rekey->send_enc_key =
248 silc_calloc(keymat->enc_key_len / 8,
249 sizeof(*idata->rekey->send_enc_key));
250 memcpy(idata->rekey->send_enc_key,
251 keymat->send_enc_key, keymat->enc_key_len / 8);
252 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
254 if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
255 idata->rekey->pfs = TRUE;
256 idata->rekey->ske_group = silc_ske_group_get_number(group);
258 /* Save the remote host's public key */
259 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
260 ske->ke1_payload->pk_len, &idata->public_key);
263 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
264 silc_cipher_free(idata->send_key);
265 silc_cipher_free(idata->receive_key);
266 silc_free(conn_data);
270 /* Save HMAC key to be used in the communication. */
271 if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac_send)) {
272 silc_cipher_free(idata->send_key);
273 silc_cipher_free(idata->receive_key);
274 silc_hash_free(idata->hash);
275 silc_free(conn_data);
278 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key, keymat->hmac_key_len);
279 idata->hmac_receive = idata->hmac_send;
281 sock->user_data = (void *)conn_data;
286 /* Check remote host version string */
288 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
289 uint32 len, void *context)
291 SilcSKEStatus status = SILC_SKE_STATUS_OK;
293 int maj = 0, min = 0, build = 0, maj2 = 0, min2 = 0, build2 = 0;
295 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
296 ske->sock->ip, version));
298 /* Check for initial version string */
299 if (!strstr(version, "SILC-1.0-"))
300 status = SILC_SKE_STATUS_BAD_VERSION;
302 /* Check software version */
306 status = SILC_SKE_STATUS_BAD_VERSION;
309 cp = strchr(cp, '.');
315 cp = strchr(cp, '.');
317 build = atoi(cp + 1);
320 cp = silc_version_string + 9;
322 status = SILC_SKE_STATUS_BAD_VERSION;
325 cp = strchr(cp, '.');
331 cp = strchr(cp, '.');
333 build2 = atoi(cp + 1);
337 status = SILC_SKE_STATUS_BAD_VERSION;
339 status = SILC_SKE_STATUS_BAD_VERSION;
344 /* Callback that is called by the SKE to indicate that it is safe to
345 continue the execution of the protocol. This is used only if we are
346 initiator. Is given as argument to the silc_ske_initiator_finish or
347 silc_ske_responder_phase_2 functions. This is called due to the fact
348 that the public key verification process is asynchronous and we must
349 not continue the protocl until the public key has been verified and
350 this callback is called. */
352 static void silc_server_protocol_ke_continue(SilcSKE ske, void *context)
354 SilcProtocol protocol = (SilcProtocol)context;
355 SilcServerKEInternalContext *ctx =
356 (SilcServerKEInternalContext *)protocol->context;
357 SilcServer server = (SilcServer)ctx->server;
359 SILC_LOG_DEBUG(("Start"));
361 if (ske->status != SILC_SKE_STATUS_OK) {
362 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
364 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
367 protocol->state = SILC_PROTOCOL_STATE_ERROR;
368 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
372 /* Send Ok to the other end. We will end the protocol as responder
373 sends Ok to us when we will take the new keys into use. */
374 if (ctx->responder == FALSE) {
375 silc_ske_end(ctx->ske);
377 /* End the protocol on the next round */
378 protocol->state = SILC_PROTOCOL_STATE_END;
381 /* Advance protocol state and call the next state if we are responder.
382 This happens when this callback was sent to silc_ske_responder_phase_2
384 if (ctx->responder == TRUE) {
386 silc_protocol_execute(protocol, server->timeout_queue, 0, 100000);
390 /* Performs key exchange protocol. This is used for both initiator
391 and responder key exchange. This is performed always when accepting
392 new connection to the server. This may be called recursively. */
394 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
396 SilcProtocol protocol = (SilcProtocol)context;
397 SilcServerKEInternalContext *ctx =
398 (SilcServerKEInternalContext *)protocol->context;
399 SilcServer server = (SilcServer)ctx->server;
400 SilcSKEStatus status = SILC_SKE_STATUS_OK;
402 SILC_LOG_DEBUG(("Start"));
404 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
405 protocol->state = SILC_PROTOCOL_STATE_START;
407 SILC_LOG_DEBUG(("State=%d", protocol->state));
409 switch(protocol->state) {
410 case SILC_PROTOCOL_STATE_START:
417 /* Allocate Key Exchange object */
418 ske = silc_ske_alloc();
420 ske->rng = server->rng;
422 silc_ske_set_callbacks(ske, silc_server_protocol_ke_send_packet, NULL,
423 silc_server_protocol_ke_verify_key,
424 silc_server_protocol_ke_continue,
425 silc_ske_check_version, context);
427 if (ctx->responder == TRUE) {
428 /* Start the key exchange by processing the received security
429 properties packet from initiator. */
430 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
432 ctx->packet->buffer, FALSE);
434 SilcSKEStartPayload *start_payload;
436 /* Assemble security properties. */
437 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
441 /* Start the key exchange by sending our security properties
442 to the remote end. */
443 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
447 /* Return now if the procedure is pending. */
448 if (status == SILC_SKE_STATUS_PENDING)
451 if (status != SILC_SKE_STATUS_OK) {
452 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
454 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
457 protocol->state = SILC_PROTOCOL_STATE_ERROR;
458 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
462 /* Advance protocol state and call the next state if we are responder */
464 if (ctx->responder == TRUE)
465 silc_protocol_execute(protocol, server->timeout_queue, 0, 100000);
473 if (ctx->responder == TRUE) {
474 /* Sends the selected security properties to the initiator. */
475 status = silc_ske_responder_phase_1(ctx->ske,
476 ctx->ske->start_payload);
478 /* Call Phase-1 function. This processes the Key Exchange Start
479 paylaod reply we just got from the responder. The callback
480 function will receive the processed payload where we will
482 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer);
485 /* Return now if the procedure is pending. */
486 if (status == SILC_SKE_STATUS_PENDING)
489 if (status != SILC_SKE_STATUS_OK) {
490 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
492 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
495 protocol->state = SILC_PROTOCOL_STATE_ERROR;
496 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
500 /* Advance protocol state and call next state if we are initiator */
502 if (ctx->responder == FALSE)
503 silc_protocol_execute(protocol, server->timeout_queue, 0, 100000);
511 if (ctx->responder == TRUE) {
512 /* Process the received Key Exchange 1 Payload packet from
513 the initiator. This also creates our parts of the Diffie
514 Hellman algorithm. The silc_server_protocol_ke_continue
515 will be called after the public key has been verified. */
516 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
518 /* Call the Phase-2 function. This creates Diffie Hellman
519 key exchange parameters and sends our public part inside
520 Key Exhange 1 Payload to the responder. */
521 status = silc_ske_initiator_phase_2(ctx->ske,
523 server->private_key);
527 /* Return now if the procedure is pending. */
528 if (status == SILC_SKE_STATUS_PENDING)
531 if (status != SILC_SKE_STATUS_OK) {
532 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
534 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
537 protocol->state = SILC_PROTOCOL_STATE_ERROR;
538 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
548 if (ctx->responder == TRUE) {
549 /* This creates the key exchange material and sends our
550 public parts to the initiator inside Key Exchange 2 Payload. */
551 status = silc_ske_responder_finish(ctx->ske,
554 SILC_SKE_PK_TYPE_SILC);
556 /* End the protocol on the next round */
557 protocol->state = SILC_PROTOCOL_STATE_END;
559 /* Finish the protocol. This verifies the Key Exchange 2 payload
560 sent by responder. The silc_server_protocol_ke_continue will
561 be called after the public key has been verified. */
562 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
565 /* Return now if the procedure is pending. */
566 if (status == SILC_SKE_STATUS_PENDING)
569 if (status != SILC_SKE_STATUS_OK) {
570 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
572 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
575 protocol->state = SILC_PROTOCOL_STATE_ERROR;
576 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
582 case SILC_PROTOCOL_STATE_END:
587 SilcSKEKeyMaterial *keymat;
588 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
589 int hash_len = ctx->ske->prop->hash->hash->hash_len;
591 /* Process the key material */
592 keymat = silc_calloc(1, sizeof(*keymat));
593 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
595 if (status != SILC_SKE_STATUS_OK) {
596 protocol->state = SILC_PROTOCOL_STATE_ERROR;
597 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
598 silc_ske_free_key_material(keymat);
601 ctx->keymat = keymat;
603 /* Send Ok to the other end if we are responder. If we are initiator
604 we have sent this already. */
605 if (ctx->responder == TRUE)
606 silc_ske_end(ctx->ske);
608 /* Unregister the timeout task since the protocol has ended.
609 This was the timeout task to be executed if the protocol is
610 not completed fast enough. */
611 if (ctx->timeout_task)
612 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
614 /* Call the final callback */
615 if (protocol->final_callback)
616 silc_protocol_execute_final(protocol, server->timeout_queue);
618 silc_protocol_free(protocol);
622 case SILC_PROTOCOL_STATE_ERROR:
627 /* Send abort notification */
628 silc_ske_abort(ctx->ske, ctx->ske->status);
630 /* Unregister the timeout task since the protocol has ended.
631 This was the timeout task to be executed if the protocol is
632 not completed fast enough. */
633 if (ctx->timeout_task)
634 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
636 /* On error the final callback is always called. */
637 if (protocol->final_callback)
638 silc_protocol_execute_final(protocol, server->timeout_queue);
640 silc_protocol_free(protocol);
643 case SILC_PROTOCOL_STATE_FAILURE:
645 * We have received failure from remote
648 /* Unregister the timeout task since the protocol has ended.
649 This was the timeout task to be executed if the protocol is
650 not completed fast enough. */
651 if (ctx->timeout_task)
652 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
654 /* On error the final callback is always called. */
655 if (protocol->final_callback)
656 silc_protocol_execute_final(protocol, server->timeout_queue);
658 silc_protocol_free(protocol);
661 case SILC_PROTOCOL_STATE_UNKNOWN:
667 * Connection Authentication protocol functions
671 silc_server_password_authentication(SilcServer server, char *auth1,
674 if (!auth1 || !auth2)
677 if (!memcmp(auth1, auth2, strlen(auth1)))
684 silc_server_public_key_authentication(SilcServer server,
685 SilcPublicKey pub_key,
694 if (!pub_key || !sign)
697 silc_pkcs_alloc(pub_key->name, &pkcs);
698 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
699 silc_pkcs_free(pkcs);
703 /* Make the authentication data. Protocol says it is HASH plus
705 len = ske->hash_len + ske->start_payload_copy->len;
706 auth = silc_buffer_alloc(len);
707 silc_buffer_pull_tail(auth, len);
708 silc_buffer_format(auth,
709 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
710 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
711 ske->start_payload_copy->len),
714 /* Verify signature */
715 if (silc_pkcs_verify(pkcs, sign, sign_len, auth->data, auth->len)) {
716 silc_pkcs_free(pkcs);
717 silc_buffer_free(auth);
721 silc_pkcs_free(pkcs);
722 silc_buffer_free(auth);
727 silc_server_get_public_key_auth(SilcServer server,
728 SilcPublicKey pub_key,
729 unsigned char *auth_data,
730 uint32 *auth_data_len,
740 silc_pkcs_alloc(pub_key->name, &pkcs);
741 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
742 silc_pkcs_free(pkcs);
746 /* Make the authentication data. Protocol says it is HASH plus
748 len = ske->hash_len + ske->start_payload_copy->len;
749 auth = silc_buffer_alloc(len);
750 silc_buffer_pull_tail(auth, len);
751 silc_buffer_format(auth,
752 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
753 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
754 ske->start_payload_copy->len),
757 if (silc_pkcs_sign(pkcs, auth->data, auth->len, auth_data, auth_data_len)) {
758 silc_pkcs_free(pkcs);
759 silc_buffer_free(auth);
763 silc_pkcs_free(pkcs);
764 silc_buffer_free(auth);
768 /* Performs connection authentication protocol. If responder, we
769 authenticate the remote data received. If initiator, we will send
770 authentication data to the remote end. */
772 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
774 SilcProtocol protocol = (SilcProtocol)context;
775 SilcServerConnAuthInternalContext *ctx =
776 (SilcServerConnAuthInternalContext *)protocol->context;
777 SilcServer server = (SilcServer)ctx->server;
779 SILC_LOG_DEBUG(("Start"));
781 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
782 protocol->state = SILC_PROTOCOL_STATE_START;
784 SILC_LOG_DEBUG(("State=%d", protocol->state));
786 switch(protocol->state) {
787 case SILC_PROTOCOL_STATE_START:
793 if (ctx->responder == TRUE) {
795 * We are receiving party
800 unsigned char *auth_data = NULL;
802 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
803 ctx->sock->hostname, ctx->sock->ip));
805 /* Parse the received authentication data packet. The received
806 payload is Connection Auth Payload. */
807 ret = silc_buffer_unformat(ctx->packet->buffer,
808 SILC_STR_UI_SHORT(&payload_len),
809 SILC_STR_UI_SHORT(&conn_type),
812 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
813 protocol->state = SILC_PROTOCOL_STATE_ERROR;
814 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
818 if (payload_len != ctx->packet->buffer->len) {
819 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
820 protocol->state = SILC_PROTOCOL_STATE_ERROR;
821 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
827 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
828 conn_type > SILC_SOCKET_TYPE_ROUTER) {
829 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
830 protocol->state = SILC_PROTOCOL_STATE_ERROR;
831 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
835 if (payload_len > 0) {
836 /* Get authentication data */
837 silc_buffer_pull(ctx->packet->buffer, 4);
838 ret = silc_buffer_unformat(ctx->packet->buffer,
839 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
843 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
844 protocol->state = SILC_PROTOCOL_STATE_ERROR;
845 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
851 * Check the remote connection type and make sure that we have
852 * configured this connection. If we haven't allowed this connection
853 * the authentication must be failed.
856 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
858 /* Remote end is client */
859 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
860 SilcServerConfigSectionClientConnection *client = ctx->cconfig;
863 switch(client->auth_meth) {
865 /* No authentication required */
866 SILC_LOG_DEBUG(("No authentication required"));
869 case SILC_AUTH_PASSWORD:
870 /* Password authentication */
871 SILC_LOG_DEBUG(("Password authentication"));
872 ret = silc_server_password_authentication(server, auth_data,
878 /* Authentication failed */
879 SILC_LOG_ERROR(("Authentication failed"));
880 SILC_LOG_DEBUG(("Authentication failed"));
881 silc_free(auth_data);
882 protocol->state = SILC_PROTOCOL_STATE_ERROR;
883 silc_protocol_execute(protocol, server->timeout_queue,
888 case SILC_AUTH_PUBLIC_KEY:
889 /* Public key authentication */
890 SILC_LOG_DEBUG(("Public key authentication"));
891 ret = silc_server_public_key_authentication(server,
900 SILC_LOG_ERROR(("Authentication failed"));
901 SILC_LOG_DEBUG(("Authentication failed"));
902 silc_free(auth_data);
903 protocol->state = SILC_PROTOCOL_STATE_ERROR;
904 silc_protocol_execute(protocol, server->timeout_queue,
909 SILC_LOG_DEBUG(("No configuration for remote connection"));
910 SILC_LOG_ERROR(("Remote connection not configured"));
911 SILC_LOG_ERROR(("Authentication failed"));
912 silc_free(auth_data);
913 protocol->state = SILC_PROTOCOL_STATE_ERROR;
914 silc_protocol_execute(protocol, server->timeout_queue,
920 /* Remote end is server */
921 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
922 SilcServerConfigSectionServerConnection *serv = ctx->sconfig;
925 switch(serv->auth_meth) {
927 /* No authentication required */
928 SILC_LOG_DEBUG(("No authentication required"));
931 case SILC_AUTH_PASSWORD:
932 /* Password authentication */
933 SILC_LOG_DEBUG(("Password authentication"));
934 ret = silc_server_password_authentication(server, auth_data,
940 /* Authentication failed */
941 SILC_LOG_ERROR(("Authentication failed"));
942 SILC_LOG_DEBUG(("Authentication failed"));
943 silc_free(auth_data);
944 protocol->state = SILC_PROTOCOL_STATE_ERROR;
945 silc_protocol_execute(protocol, server->timeout_queue,
950 case SILC_AUTH_PUBLIC_KEY:
951 /* Public key authentication */
952 SILC_LOG_DEBUG(("Public key authentication"));
953 ret = silc_server_public_key_authentication(server,
962 SILC_LOG_ERROR(("Authentication failed"));
963 SILC_LOG_DEBUG(("Authentication failed"));
964 silc_free(auth_data);
965 protocol->state = SILC_PROTOCOL_STATE_ERROR;
966 silc_protocol_execute(protocol, server->timeout_queue,
971 SILC_LOG_DEBUG(("No configuration for remote connection"));
972 SILC_LOG_ERROR(("Remote connection not configured"));
973 SILC_LOG_ERROR(("Authentication failed"));
974 protocol->state = SILC_PROTOCOL_STATE_ERROR;
975 silc_protocol_execute(protocol, server->timeout_queue,
977 silc_free(auth_data);
982 /* Remote end is router */
983 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
984 SilcServerConfigSectionServerConnection *serv = ctx->rconfig;
987 switch(serv->auth_meth) {
989 /* No authentication required */
990 SILC_LOG_DEBUG(("No authentication required"));
993 case SILC_AUTH_PASSWORD:
994 /* Password authentication */
995 SILC_LOG_DEBUG(("Password authentication"));
996 ret = silc_server_password_authentication(server, auth_data,
1002 /* Authentication failed */
1003 SILC_LOG_ERROR(("Authentication failed"));
1004 SILC_LOG_DEBUG(("Authentication failed"));
1005 silc_free(auth_data);
1006 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1007 silc_protocol_execute(protocol, server->timeout_queue,
1012 case SILC_AUTH_PUBLIC_KEY:
1013 /* Public key authentication */
1014 SILC_LOG_DEBUG(("Public key authentication"));
1015 ret = silc_server_public_key_authentication(server,
1024 SILC_LOG_ERROR(("Authentication failed"));
1025 SILC_LOG_DEBUG(("Authentication failed"));
1026 silc_free(auth_data);
1027 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1028 silc_protocol_execute(protocol, server->timeout_queue,
1033 SILC_LOG_DEBUG(("No configuration for remote connection"));
1034 SILC_LOG_ERROR(("Remote connection not configured"));
1035 SILC_LOG_ERROR(("Authentication failed"));
1036 silc_free(auth_data);
1037 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1038 silc_protocol_execute(protocol, server->timeout_queue,
1044 silc_free(auth_data);
1046 /* Save connection type. This is later used to create the
1047 ID for the connection. */
1048 ctx->conn_type = conn_type;
1050 /* Advance protocol state. */
1051 protocol->state = SILC_PROTOCOL_STATE_END;
1052 silc_protocol_execute(protocol, server->timeout_queue, 0, 0);
1056 * We are initiator. We are authenticating ourselves to a
1057 * remote server. We will send the authentication data to the
1058 * other end for verify.
1061 int payload_len = 0;
1062 unsigned char *auth_data = NULL;
1063 uint32 auth_data_len = 0;
1065 switch(ctx->auth_meth) {
1066 case SILC_AUTH_NONE:
1067 /* No authentication required */
1070 case SILC_AUTH_PASSWORD:
1071 /* Password authentication */
1072 if (ctx->auth_data && ctx->auth_data_len) {
1073 auth_data = strdup(ctx->auth_data);
1074 auth_data_len = ctx->auth_data_len;
1079 case SILC_AUTH_PUBLIC_KEY:
1081 unsigned char sign[1024];
1083 /* Public key authentication */
1084 silc_server_get_public_key_auth(server, ctx->auth_data,
1085 sign, &auth_data_len,
1087 auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
1088 memcpy(auth_data, sign, auth_data_len);
1093 payload_len = 4 + auth_data_len;
1094 packet = silc_buffer_alloc(payload_len);
1095 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
1096 silc_buffer_format(packet,
1097 SILC_STR_UI_SHORT(payload_len),
1098 SILC_STR_UI_SHORT(server->server_type
1100 SILC_SOCKET_TYPE_SERVER :
1101 SILC_SOCKET_TYPE_ROUTER),
1102 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
1105 /* Send the packet to server */
1106 silc_server_packet_send(server, ctx->sock,
1107 SILC_PACKET_CONNECTION_AUTH, 0,
1108 packet->data, packet->len, TRUE);
1111 memset(auth_data, 0, auth_data_len);
1112 silc_free(auth_data);
1114 silc_buffer_free(packet);
1116 /* Next state is end of protocol */
1117 protocol->state = SILC_PROTOCOL_STATE_END;
1122 case SILC_PROTOCOL_STATE_END:
1127 unsigned char ok[4];
1129 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
1131 /* Authentication successful */
1132 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
1135 /* Unregister the timeout task since the protocol has ended.
1136 This was the timeout task to be executed if the protocol is
1137 not completed fast enough. */
1138 if (ctx->timeout_task)
1139 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
1141 /* Protocol has ended, call the final callback */
1142 if (protocol->final_callback)
1143 silc_protocol_execute_final(protocol, server->timeout_queue);
1145 silc_protocol_free(protocol);
1148 case SILC_PROTOCOL_STATE_ERROR:
1151 * Error. Send notify to remote.
1153 unsigned char error[4];
1155 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
1157 /* Authentication failed */
1158 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
1161 /* Unregister the timeout task since the protocol has ended.
1162 This was the timeout task to be executed if the protocol is
1163 not completed fast enough. */
1164 if (ctx->timeout_task)
1165 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
1167 /* On error the final callback is always called. */
1168 if (protocol->final_callback)
1169 silc_protocol_execute_final(protocol, server->timeout_queue);
1171 silc_protocol_free(protocol);
1175 case SILC_PROTOCOL_STATE_FAILURE:
1177 * We have received failure from remote
1180 /* Unregister the timeout task since the protocol has ended.
1181 This was the timeout task to be executed if the protocol is
1182 not completed fast enough. */
1183 if (ctx->timeout_task)
1184 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
1186 /* On error the final callback is always called. */
1187 if (protocol->final_callback)
1188 silc_protocol_execute_final(protocol, server->timeout_queue);
1190 silc_protocol_free(protocol);
1193 case SILC_PROTOCOL_STATE_UNKNOWN:
1199 * Re-key protocol routines
1202 /* Actually takes the new keys into use. */
1205 silc_server_protocol_rekey_validate(SilcServer server,
1206 SilcServerRekeyInternalContext *ctx,
1207 SilcIDListData idata,
1208 SilcSKEKeyMaterial *keymat,
1211 if (ctx->responder == TRUE) {
1213 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1214 keymat->enc_key_len);
1215 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1217 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1218 keymat->enc_key_len);
1219 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1223 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1224 keymat->enc_key_len);
1225 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1227 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1228 keymat->enc_key_len);
1229 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1234 silc_hmac_alloc(idata->hmac_send->hmac->name, NULL, &idata->hmac_send);
1235 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key,
1236 keymat->hmac_key_len);
1238 silc_hmac_free(idata->hmac_receive);
1239 idata->hmac_receive = idata->hmac_send;
1242 /* Save the current sending encryption key */
1244 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1245 silc_free(idata->rekey->send_enc_key);
1246 idata->rekey->send_enc_key =
1247 silc_calloc(keymat->enc_key_len / 8,
1248 sizeof(*idata->rekey->send_enc_key));
1249 memcpy(idata->rekey->send_enc_key, keymat->send_enc_key,
1250 keymat->enc_key_len / 8);
1251 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1255 /* This function actually re-generates (when not using PFS) the keys and
1256 takes them into use. */
1258 void silc_server_protocol_rekey_generate(SilcServer server,
1259 SilcServerRekeyInternalContext *ctx,
1262 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1263 SilcSKEKeyMaterial *keymat;
1264 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1265 uint32 hash_len = idata->hash->hash->hash_len;
1267 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1268 send ? "sending" : "receiving"));
1270 /* Generate the new key */
1271 keymat = silc_calloc(1, sizeof(*keymat));
1272 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1273 idata->rekey->enc_key_len,
1274 16, key_len, hash_len,
1275 idata->hash, keymat);
1277 /* Set the keys into use */
1278 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1280 silc_ske_free_key_material(keymat);
1283 /* This function actually re-generates (with PFS) the keys and
1284 takes them into use. */
1287 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1288 SilcServerRekeyInternalContext *ctx,
1291 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1292 SilcSKEKeyMaterial *keymat;
1293 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1294 uint32 hash_len = idata->hash->hash->hash_len;
1295 unsigned char *tmpbuf;
1298 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1299 send ? "sending" : "receiving"));
1301 /* Encode KEY to binary data */
1302 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1304 /* Generate the new key */
1305 keymat = silc_calloc(1, sizeof(*keymat));
1306 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1307 idata->hash, keymat);
1309 /* Set the keys into use */
1310 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1312 memset(tmpbuf, 0, klen);
1314 silc_ske_free_key_material(keymat);
1317 /* Packet sending callback. This function is provided as packet sending
1318 routine to the Key Exchange functions. */
1321 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1323 SilcPacketType type,
1326 SilcProtocol protocol = (SilcProtocol)context;
1327 SilcServerRekeyInternalContext *ctx =
1328 (SilcServerRekeyInternalContext *)protocol->context;
1329 SilcServer server = (SilcServer)ctx->server;
1331 /* Send the packet immediately */
1332 silc_server_packet_send(server, ctx->sock,
1333 type, 0, packet->data, packet->len, FALSE);
1336 /* Performs re-key as defined in the SILC protocol specification. */
1338 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1340 SilcProtocol protocol = (SilcProtocol)context;
1341 SilcServerRekeyInternalContext *ctx =
1342 (SilcServerRekeyInternalContext *)protocol->context;
1343 SilcServer server = (SilcServer)ctx->server;
1344 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1345 SilcSKEStatus status;
1347 SILC_LOG_DEBUG(("Start"));
1349 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1350 protocol->state = SILC_PROTOCOL_STATE_START;
1352 SILC_LOG_DEBUG(("State=%d", protocol->state));
1354 switch(protocol->state) {
1355 case SILC_PROTOCOL_STATE_START:
1361 if (ctx->responder == TRUE) {
1363 * We are receiving party
1366 if (ctx->pfs == TRUE) {
1368 * Use Perfect Forward Secrecy, ie. negotiate the key material
1369 * using the SKE protocol.
1372 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1373 /* Error in protocol */
1374 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1375 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
1378 ctx->ske = silc_ske_alloc();
1379 ctx->ske->rng = server->rng;
1380 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1381 silc_ske_get_group_by_number(idata->rekey->ske_group,
1382 &ctx->ske->prop->group);
1384 silc_ske_set_callbacks(ctx->ske,
1385 silc_server_protocol_rekey_send_packet,
1386 NULL, NULL, NULL, silc_ske_check_version,
1389 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer);
1390 if (status != SILC_SKE_STATUS_OK) {
1391 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1394 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1395 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
1399 /* Advance the protocol state */
1401 silc_protocol_execute(protocol, server->timeout_queue, 0, 0);
1404 * Do normal and simple re-key.
1407 /* Send the REKEY_DONE to indicate we will take new keys into use */
1408 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1411 /* After we send REKEY_DONE we must set the sending encryption
1412 key to the new key since all packets after this packet must
1413 encrypted with the new key. */
1414 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1416 /* The protocol ends in next stage. */
1417 protocol->state = SILC_PROTOCOL_STATE_END;
1422 * We are the initiator of this protocol
1425 /* Start the re-key by sending the REKEY packet */
1426 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1429 if (ctx->pfs == TRUE) {
1431 * Use Perfect Forward Secrecy, ie. negotiate the key material
1432 * using the SKE protocol.
1434 ctx->ske = silc_ske_alloc();
1435 ctx->ske->rng = server->rng;
1436 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1437 silc_ske_get_group_by_number(idata->rekey->ske_group,
1438 &ctx->ske->prop->group);
1440 silc_ske_set_callbacks(ctx->ske,
1441 silc_server_protocol_rekey_send_packet,
1442 NULL, NULL, NULL, silc_ske_check_version,
1445 status = silc_ske_initiator_phase_2(ctx->ske, NULL, NULL);
1446 if (status != SILC_SKE_STATUS_OK) {
1447 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1450 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1451 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
1455 /* Advance the protocol state */
1459 * Do normal and simple re-key.
1462 /* Send the REKEY_DONE to indicate we will take new keys into use
1464 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1467 /* After we send REKEY_DONE we must set the sending encryption
1468 key to the new key since all packets after this packet must
1469 encrypted with the new key. */
1470 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1472 /* The protocol ends in next stage. */
1473 protocol->state = SILC_PROTOCOL_STATE_END;
1481 * Second state, used only when oding re-key with PFS.
1483 if (ctx->responder == TRUE) {
1484 if (ctx->pfs == TRUE) {
1486 * Send our KE packe to the initiator now that we've processed
1487 * the initiator's KE packet.
1489 status = silc_ske_responder_finish(ctx->ske, NULL, NULL,
1490 SILC_SKE_PK_TYPE_SILC);
1491 if (status != SILC_SKE_STATUS_OK) {
1492 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1495 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1496 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
1502 if (ctx->pfs == TRUE) {
1504 * The packet type must be KE packet
1506 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1507 /* Error in protocol */
1508 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1509 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
1512 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer);
1513 if (status != SILC_SKE_STATUS_OK) {
1514 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1517 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1518 silc_protocol_execute(protocol, server->timeout_queue, 0, 300000);
1524 /* Send the REKEY_DONE to indicate we will take new keys into use
1526 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1529 /* After we send REKEY_DONE we must set the sending encryption
1530 key to the new key since all packets after this packet must
1531 encrypted with the new key. */
1532 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1534 /* The protocol ends in next stage. */
1535 protocol->state = SILC_PROTOCOL_STATE_END;
1538 case SILC_PROTOCOL_STATE_END:
1543 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1544 /* Error in protocol */
1545 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1546 silc_protocol_execute(protocol, server->timeout_queue, 0, 0);
1549 /* We received the REKEY_DONE packet and all packets after this is
1550 encrypted with the new key so set the decryption key to the new key */
1551 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1553 /* Protocol has ended, call the final callback */
1554 if (protocol->final_callback)
1555 silc_protocol_execute_final(protocol, server->timeout_queue);
1557 silc_protocol_free(protocol);
1560 case SILC_PROTOCOL_STATE_ERROR:
1565 if (ctx->pfs == TRUE) {
1566 /* Send abort notification */
1567 silc_ske_abort(ctx->ske, ctx->ske->status);
1570 /* On error the final callback is always called. */
1571 if (protocol->final_callback)
1572 silc_protocol_execute_final(protocol, server->timeout_queue);
1574 silc_protocol_free(protocol);
1577 case SILC_PROTOCOL_STATE_FAILURE:
1579 * We have received failure from remote
1582 /* On error the final callback is always called. */
1583 if (protocol->final_callback)
1584 silc_protocol_execute_final(protocol, server->timeout_queue);
1586 silc_protocol_free(protocol);
1589 case SILC_PROTOCOL_STATE_UNKNOWN:
1595 /* Registers protocols used in server. */
1597 void silc_server_protocols_register(void)
1599 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1600 silc_server_protocol_connection_auth);
1601 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1602 silc_server_protocol_key_exchange);
1603 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1604 silc_server_protocol_rekey);
1607 /* Unregisters protocols */
1609 void silc_server_protocols_unregister(void)
1611 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1612 silc_server_protocol_connection_auth);
1613 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1614 silc_server_protocol_key_exchange);
1615 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1616 silc_server_protocol_rekey);