5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
38 /* Packet sending callback. This function is provided as packet sending
39 routine to the Key Exchange functions. */
41 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
46 SilcProtocol protocol = (SilcProtocol)context;
47 SilcServerKEInternalContext *ctx =
48 (SilcServerKEInternalContext *)protocol->context;
49 SilcServer server = (SilcServer)ctx->server;
51 /* Send the packet immediately */
52 silc_server_packet_send(server, ske->sock,
53 type, 0, packet->data, packet->len, TRUE);
56 /* Sets the negotiated key material into use for particular connection. */
58 int silc_server_protocol_ke_set_keys(SilcSKE ske,
59 SilcSocketConnection sock,
60 SilcSKEKeyMaterial *keymat,
65 SilcSKEDiffieHellmanGroup group,
68 SilcUnknownEntry conn_data;
71 SILC_LOG_DEBUG(("Setting new key into use"));
73 conn_data = silc_calloc(1, sizeof(*conn_data));
74 idata = (SilcIDListData)conn_data;
76 /* Allocate cipher to be used in the communication */
77 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
81 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
86 if (is_responder == TRUE) {
87 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
89 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
90 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
92 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
94 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
96 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
97 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
99 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
102 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
103 idata->rekey->send_enc_key =
104 silc_calloc(keymat->enc_key_len / 8,
105 sizeof(*idata->rekey->send_enc_key));
106 memcpy(idata->rekey->send_enc_key,
107 keymat->send_enc_key, keymat->enc_key_len / 8);
108 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
110 if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
111 idata->rekey->pfs = TRUE;
112 idata->rekey->ske_group = silc_ske_group_get_number(group);
114 /* Save the remote host's public key */
115 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
116 ske->ke1_payload->pk_len, &idata->public_key);
119 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
120 silc_cipher_free(idata->send_key);
121 silc_cipher_free(idata->receive_key);
122 silc_free(conn_data);
126 /* Save HMAC key to be used in the communication. */
127 if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac_send)) {
128 silc_cipher_free(idata->send_key);
129 silc_cipher_free(idata->receive_key);
130 silc_hash_free(idata->hash);
131 silc_free(conn_data);
134 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key, keymat->hmac_key_len);
135 idata->hmac_receive = idata->hmac_send;
137 sock->user_data = (void *)conn_data;
142 /* Check remote host version string */
144 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
147 SilcSKEStatus status = SILC_SKE_STATUS_OK;
149 int maj = 0, min = 0, build = 0, maj2, min2, build2;
151 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
152 ske->sock->ip, version));
154 /* Check for initial version string */
155 if (!strstr(version, "SILC-1.0-"))
156 status = SILC_SKE_STATUS_BAD_VERSION;
158 /* Check software version */
162 status = SILC_SKE_STATUS_BAD_VERSION;
165 cp = strchr(cp, '.');
171 cp = strchr(cp, '.');
173 build = atoi(cp + 1);
176 cp = silc_version_string + 9;
178 status = SILC_SKE_STATUS_BAD_VERSION;
181 cp = strchr(cp, '.');
187 cp = strchr(cp, '.');
189 build2 = atoi(cp + 1);
193 status = SILC_SKE_STATUS_BAD_VERSION;
196 status = SILC_SKE_STATUS_BAD_VERSION;
202 /* Performs key exchange protocol. This is used for both initiator
203 and responder key exchange. This is performed always when accepting
204 new connection to the server. This may be called recursively. */
206 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
208 SilcProtocol protocol = (SilcProtocol)context;
209 SilcServerKEInternalContext *ctx =
210 (SilcServerKEInternalContext *)protocol->context;
211 SilcServer server = (SilcServer)ctx->server;
212 SilcSKEStatus status = 0;
214 SILC_LOG_DEBUG(("Start"));
216 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
217 protocol->state = SILC_PROTOCOL_STATE_START;
219 SILC_LOG_DEBUG(("State=%d", protocol->state));
221 switch(protocol->state) {
222 case SILC_PROTOCOL_STATE_START:
229 /* Allocate Key Exchange object */
230 ske = silc_ske_alloc();
232 ske->rng = server->rng;
234 if (ctx->responder == TRUE) {
235 /* Start the key exchange by processing the received security
236 properties packet from initiator. */
237 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
239 ctx->packet->buffer, FALSE,
242 SilcSKEStartPayload *start_payload;
244 /* Assemble security properties. */
245 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
249 /* Start the key exchange by sending our security properties
250 to the remote end. */
251 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
253 silc_server_protocol_ke_send_packet,
257 if (status != SILC_SKE_STATUS_OK) {
258 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
260 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
263 protocol->state = SILC_PROTOCOL_STATE_ERROR;
264 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
268 /* Advance protocol state and call the next state if we are responder */
270 if (ctx->responder == TRUE)
271 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
279 if (ctx->responder == TRUE) {
280 /* Sends the selected security properties to the initiator. */
282 silc_ske_responder_phase_1(ctx->ske,
283 ctx->ske->start_payload,
284 silc_server_protocol_ke_send_packet,
287 /* Call Phase-1 function. This processes the Key Exchange Start
288 paylaod reply we just got from the responder. The callback
289 function will receive the processed payload where we will
291 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer,
295 if (status != SILC_SKE_STATUS_OK) {
296 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
298 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
301 protocol->state = SILC_PROTOCOL_STATE_ERROR;
302 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
306 /* Advance protocol state and call next state if we are initiator */
308 if (ctx->responder == FALSE)
309 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
317 if (ctx->responder == TRUE) {
318 /* Process the received Key Exchange 1 Payload packet from
319 the initiator. This also creates our parts of the Diffie
320 Hellman algorithm. */
321 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
322 NULL, NULL, NULL, NULL);
324 /* Call the Phase-2 function. This creates Diffie Hellman
325 key exchange parameters and sends our public part inside
326 Key Exhange 1 Payload to the responder. */
328 silc_ske_initiator_phase_2(ctx->ske,
331 silc_server_protocol_ke_send_packet,
335 if (status != SILC_SKE_STATUS_OK) {
336 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
338 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
341 protocol->state = SILC_PROTOCOL_STATE_ERROR;
342 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
346 /* Advance protocol state and call the next state if we are responder */
348 if (ctx->responder == TRUE)
349 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
357 if (ctx->responder == TRUE) {
358 /* This creates the key exchange material and sends our
359 public parts to the initiator inside Key Exchange 2 Payload. */
361 silc_ske_responder_finish(ctx->ske,
362 server->public_key, server->private_key,
363 SILC_SKE_PK_TYPE_SILC,
364 silc_server_protocol_ke_send_packet,
367 /* Finish the protocol. This verifies the Key Exchange 2 payload
368 sent by responder. */
369 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
370 NULL, NULL, NULL, NULL);
373 if (status != SILC_SKE_STATUS_OK) {
374 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
376 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
379 protocol->state = SILC_PROTOCOL_STATE_ERROR;
380 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
384 /* Send Ok to the other end. We will end the protocol as responder
385 sends Ok to us when we will take the new keys into use. */
386 if (ctx->responder == FALSE)
387 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
389 /* End the protocol on the next round */
390 protocol->state = SILC_PROTOCOL_STATE_END;
394 case SILC_PROTOCOL_STATE_END:
399 SilcSKEKeyMaterial *keymat;
400 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
401 int hash_len = ctx->ske->prop->hash->hash->hash_len;
403 /* Process the key material */
404 keymat = silc_calloc(1, sizeof(*keymat));
405 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
407 if (status != SILC_SKE_STATUS_OK) {
408 protocol->state = SILC_PROTOCOL_STATE_ERROR;
409 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
410 silc_ske_free_key_material(keymat);
413 ctx->keymat = keymat;
415 /* Send Ok to the other end if we are responder. If we are initiator
416 we have sent this already. */
417 if (ctx->responder == TRUE)
418 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
420 /* Unregister the timeout task since the protocol has ended.
421 This was the timeout task to be executed if the protocol is
422 not completed fast enough. */
423 if (ctx->timeout_task)
424 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
426 /* Call the final callback */
427 if (protocol->final_callback)
428 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
430 silc_protocol_free(protocol);
434 case SILC_PROTOCOL_STATE_ERROR:
439 /* Send abort notification */
440 silc_ske_abort(ctx->ske, ctx->ske->status,
441 silc_server_protocol_ke_send_packet,
444 /* Unregister the timeout task since the protocol has ended.
445 This was the timeout task to be executed if the protocol is
446 not completed fast enough. */
447 if (ctx->timeout_task)
448 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
450 /* On error the final callback is always called. */
451 if (protocol->final_callback)
452 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
454 silc_protocol_free(protocol);
457 case SILC_PROTOCOL_STATE_FAILURE:
459 * We have received failure from remote
462 /* Unregister the timeout task since the protocol has ended.
463 This was the timeout task to be executed if the protocol is
464 not completed fast enough. */
465 if (ctx->timeout_task)
466 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
468 /* On error the final callback is always called. */
469 if (protocol->final_callback)
470 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
472 silc_protocol_free(protocol);
475 case SILC_PROTOCOL_STATE_UNKNOWN:
481 * Connection Authentication protocol functions
485 silc_server_password_authentication(SilcServer server, char *auth1,
488 if (!auth1 || !auth2)
491 if (!memcmp(auth1, auth2, strlen(auth1)))
498 silc_server_public_key_authentication(SilcServer server,
499 SilcPublicKey pub_key,
508 if (!pub_key || !sign)
511 silc_pkcs_alloc(pub_key->name, &pkcs);
512 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
513 silc_pkcs_free(pkcs);
517 /* Make the authentication data. Protocol says it is HASH plus
519 len = ske->hash_len + ske->start_payload_copy->len;
520 auth = silc_buffer_alloc(len);
521 silc_buffer_pull_tail(auth, len);
522 silc_buffer_format(auth,
523 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
524 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
525 ske->start_payload_copy->len),
528 /* Verify signature */
529 if (silc_pkcs_verify(pkcs, sign, sign_len, auth->data, auth->len)) {
530 silc_pkcs_free(pkcs);
531 silc_buffer_free(auth);
535 silc_pkcs_free(pkcs);
536 silc_buffer_free(auth);
541 silc_server_get_public_key_auth(SilcServer server,
542 SilcPublicKey pub_key,
543 unsigned char *auth_data,
544 uint32 *auth_data_len,
554 silc_pkcs_alloc(pub_key->name, &pkcs);
555 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
556 silc_pkcs_free(pkcs);
560 /* Make the authentication data. Protocol says it is HASH plus
562 len = ske->hash_len + ske->start_payload_copy->len;
563 auth = silc_buffer_alloc(len);
564 silc_buffer_pull_tail(auth, len);
565 silc_buffer_format(auth,
566 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
567 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
568 ske->start_payload_copy->len),
571 if (silc_pkcs_sign(pkcs, auth->data, auth->len, auth_data, auth_data_len)) {
572 silc_pkcs_free(pkcs);
573 silc_buffer_free(auth);
577 silc_pkcs_free(pkcs);
578 silc_buffer_free(auth);
582 /* Performs connection authentication protocol. If responder, we
583 authenticate the remote data received. If initiator, we will send
584 authentication data to the remote end. */
586 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
588 SilcProtocol protocol = (SilcProtocol)context;
589 SilcServerConnAuthInternalContext *ctx =
590 (SilcServerConnAuthInternalContext *)protocol->context;
591 SilcServer server = (SilcServer)ctx->server;
593 SILC_LOG_DEBUG(("Start"));
595 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
596 protocol->state = SILC_PROTOCOL_STATE_START;
598 SILC_LOG_DEBUG(("State=%d", protocol->state));
600 switch(protocol->state) {
601 case SILC_PROTOCOL_STATE_START:
607 if (ctx->responder == TRUE) {
609 * We are receiving party
614 unsigned char *auth_data = NULL;
616 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
617 ctx->sock->hostname, ctx->sock->ip));
619 /* Parse the received authentication data packet. The received
620 payload is Connection Auth Payload. */
621 ret = silc_buffer_unformat(ctx->packet->buffer,
622 SILC_STR_UI_SHORT(&payload_len),
623 SILC_STR_UI_SHORT(&conn_type),
626 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
627 protocol->state = SILC_PROTOCOL_STATE_ERROR;
628 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
632 if (payload_len != ctx->packet->buffer->len) {
633 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
634 protocol->state = SILC_PROTOCOL_STATE_ERROR;
635 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
641 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
642 conn_type > SILC_SOCKET_TYPE_ROUTER) {
643 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
644 protocol->state = SILC_PROTOCOL_STATE_ERROR;
645 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
649 if (payload_len > 0) {
650 /* Get authentication data */
651 silc_buffer_pull(ctx->packet->buffer, 4);
652 ret = silc_buffer_unformat(ctx->packet->buffer,
653 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
657 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
658 protocol->state = SILC_PROTOCOL_STATE_ERROR;
659 protocol->execute(server->timeout_queue, 0,
660 protocol, fd, 0, 300000);
666 * Check the remote connection type and make sure that we have
667 * configured this connection. If we haven't allowed this connection
668 * the authentication must be failed.
671 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
673 /* Remote end is client */
674 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
675 SilcServerConfigSectionClientConnection *client = ctx->cconfig;
678 switch(client->auth_meth) {
680 /* No authentication required */
681 SILC_LOG_DEBUG(("No authentication required"));
684 case SILC_AUTH_PASSWORD:
685 /* Password authentication */
686 SILC_LOG_DEBUG(("Password authentication"));
687 ret = silc_server_password_authentication(server, auth_data,
693 /* Authentication failed */
694 SILC_LOG_ERROR(("Authentication failed"));
695 SILC_LOG_DEBUG(("Authentication failed"));
696 silc_free(auth_data);
697 protocol->state = SILC_PROTOCOL_STATE_ERROR;
698 protocol->execute(server->timeout_queue, 0,
699 protocol, fd, 0, 300000);
703 case SILC_AUTH_PUBLIC_KEY:
704 /* Public key authentication */
705 SILC_LOG_DEBUG(("Public key authentication"));
706 ret = silc_server_public_key_authentication(server,
715 SILC_LOG_ERROR(("Authentication failed"));
716 SILC_LOG_DEBUG(("Authentication failed"));
717 silc_free(auth_data);
718 protocol->state = SILC_PROTOCOL_STATE_ERROR;
719 protocol->execute(server->timeout_queue, 0,
720 protocol, fd, 0, 300000);
724 SILC_LOG_DEBUG(("No configuration for remote connection"));
725 SILC_LOG_ERROR(("Remote connection not configured"));
726 SILC_LOG_ERROR(("Authentication failed"));
727 silc_free(auth_data);
728 protocol->state = SILC_PROTOCOL_STATE_ERROR;
729 protocol->execute(server->timeout_queue, 0,
730 protocol, fd, 0, 300000);
735 /* Remote end is server */
736 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
737 SilcServerConfigSectionServerConnection *serv = ctx->sconfig;
740 switch(serv->auth_meth) {
742 /* No authentication required */
743 SILC_LOG_DEBUG(("No authentication required"));
746 case SILC_AUTH_PASSWORD:
747 /* Password authentication */
748 SILC_LOG_DEBUG(("Password authentication"));
749 ret = silc_server_password_authentication(server, auth_data,
755 /* Authentication failed */
756 SILC_LOG_ERROR(("Authentication failed"));
757 SILC_LOG_DEBUG(("Authentication failed"));
758 silc_free(auth_data);
759 protocol->state = SILC_PROTOCOL_STATE_ERROR;
760 protocol->execute(server->timeout_queue, 0,
761 protocol, fd, 0, 300000);
765 case SILC_AUTH_PUBLIC_KEY:
766 /* Public key authentication */
767 SILC_LOG_DEBUG(("Public key authentication"));
768 ret = silc_server_public_key_authentication(server,
777 SILC_LOG_ERROR(("Authentication failed"));
778 SILC_LOG_DEBUG(("Authentication failed"));
779 silc_free(auth_data);
780 protocol->state = SILC_PROTOCOL_STATE_ERROR;
781 protocol->execute(server->timeout_queue, 0,
782 protocol, fd, 0, 300000);
786 SILC_LOG_DEBUG(("No configuration for remote connection"));
787 SILC_LOG_ERROR(("Remote connection not configured"));
788 SILC_LOG_ERROR(("Authentication failed"));
789 protocol->state = SILC_PROTOCOL_STATE_ERROR;
790 protocol->execute(server->timeout_queue, 0,
791 protocol, fd, 0, 300000);
792 silc_free(auth_data);
797 /* Remote end is router */
798 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
799 SilcServerConfigSectionServerConnection *serv = ctx->rconfig;
802 switch(serv->auth_meth) {
804 /* No authentication required */
805 SILC_LOG_DEBUG(("No authentication required"));
808 case SILC_AUTH_PASSWORD:
809 /* Password authentication */
810 SILC_LOG_DEBUG(("Password authentication"));
811 ret = silc_server_password_authentication(server, auth_data,
817 /* Authentication failed */
818 SILC_LOG_ERROR(("Authentication failed"));
819 SILC_LOG_DEBUG(("Authentication failed"));
820 silc_free(auth_data);
821 protocol->state = SILC_PROTOCOL_STATE_ERROR;
822 protocol->execute(server->timeout_queue, 0,
823 protocol, fd, 0, 300000);
827 case SILC_AUTH_PUBLIC_KEY:
828 /* Public key authentication */
829 SILC_LOG_DEBUG(("Public key authentication"));
830 ret = silc_server_public_key_authentication(server,
839 SILC_LOG_ERROR(("Authentication failed"));
840 SILC_LOG_DEBUG(("Authentication failed"));
841 silc_free(auth_data);
842 protocol->state = SILC_PROTOCOL_STATE_ERROR;
843 protocol->execute(server->timeout_queue, 0,
844 protocol, fd, 0, 300000);
848 SILC_LOG_DEBUG(("No configuration for remote connection"));
849 SILC_LOG_ERROR(("Remote connection not configured"));
850 SILC_LOG_ERROR(("Authentication failed"));
851 silc_free(auth_data);
852 protocol->state = SILC_PROTOCOL_STATE_ERROR;
853 protocol->execute(server->timeout_queue, 0,
854 protocol, fd, 0, 300000);
859 silc_free(auth_data);
861 /* Save connection type. This is later used to create the
862 ID for the connection. */
863 ctx->conn_type = conn_type;
865 /* Advance protocol state. */
866 protocol->state = SILC_PROTOCOL_STATE_END;
867 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
871 * We are initiator. We are authenticating ourselves to a
872 * remote server. We will send the authentication data to the
873 * other end for verify.
877 unsigned char *auth_data = NULL;
878 uint32 auth_data_len = 0;
880 switch(ctx->auth_meth) {
882 /* No authentication required */
885 case SILC_AUTH_PASSWORD:
886 /* Password authentication */
887 if (ctx->auth_data && ctx->auth_data_len) {
888 auth_data = strdup(ctx->auth_data);
889 auth_data_len = ctx->auth_data_len;
894 case SILC_AUTH_PUBLIC_KEY:
896 unsigned char sign[1024];
898 /* Public key authentication */
899 silc_server_get_public_key_auth(server, ctx->auth_data,
900 sign, &auth_data_len,
902 auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
903 memcpy(auth_data, sign, auth_data_len);
908 payload_len = 4 + auth_data_len;
909 packet = silc_buffer_alloc(payload_len);
910 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
911 silc_buffer_format(packet,
912 SILC_STR_UI_SHORT(payload_len),
913 SILC_STR_UI_SHORT(server->server_type
915 SILC_SOCKET_TYPE_SERVER :
916 SILC_SOCKET_TYPE_ROUTER),
917 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
920 /* Send the packet to server */
921 silc_server_packet_send(server, ctx->sock,
922 SILC_PACKET_CONNECTION_AUTH, 0,
923 packet->data, packet->len, TRUE);
926 memset(auth_data, 0, auth_data_len);
927 silc_free(auth_data);
929 silc_buffer_free(packet);
931 /* Next state is end of protocol */
932 protocol->state = SILC_PROTOCOL_STATE_END;
937 case SILC_PROTOCOL_STATE_END:
944 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
946 /* Authentication successful */
947 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
950 /* Unregister the timeout task since the protocol has ended.
951 This was the timeout task to be executed if the protocol is
952 not completed fast enough. */
953 if (ctx->timeout_task)
954 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
956 /* Protocol has ended, call the final callback */
957 if (protocol->final_callback)
958 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
960 silc_protocol_free(protocol);
963 case SILC_PROTOCOL_STATE_ERROR:
966 * Error. Send notify to remote.
968 unsigned char error[4];
970 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
972 /* Authentication failed */
973 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
976 /* Unregister the timeout task since the protocol has ended.
977 This was the timeout task to be executed if the protocol is
978 not completed fast enough. */
979 if (ctx->timeout_task)
980 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
982 /* On error the final callback is always called. */
983 if (protocol->final_callback)
984 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
986 silc_protocol_free(protocol);
990 case SILC_PROTOCOL_STATE_FAILURE:
992 * We have received failure from remote
995 /* Unregister the timeout task since the protocol has ended.
996 This was the timeout task to be executed if the protocol is
997 not completed fast enough. */
998 if (ctx->timeout_task)
999 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
1001 /* On error the final callback is always called. */
1002 if (protocol->final_callback)
1003 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1005 silc_protocol_free(protocol);
1008 case SILC_PROTOCOL_STATE_UNKNOWN:
1014 * Re-key protocol routines
1017 /* Actually takes the new keys into use. */
1020 silc_server_protocol_rekey_validate(SilcServer server,
1021 SilcServerRekeyInternalContext *ctx,
1022 SilcIDListData idata,
1023 SilcSKEKeyMaterial *keymat,
1026 if (ctx->responder == TRUE) {
1028 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1029 keymat->enc_key_len);
1030 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1032 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1033 keymat->enc_key_len);
1034 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1038 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1039 keymat->enc_key_len);
1040 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1042 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1043 keymat->enc_key_len);
1044 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1049 silc_hmac_alloc(idata->hmac_send->hmac->name, NULL, &idata->hmac_send);
1050 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key,
1051 keymat->hmac_key_len);
1053 silc_hmac_free(idata->hmac_receive);
1054 idata->hmac_receive = idata->hmac_send;
1057 /* Save the current sending encryption key */
1059 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1060 silc_free(idata->rekey->send_enc_key);
1061 idata->rekey->send_enc_key =
1062 silc_calloc(keymat->enc_key_len / 8,
1063 sizeof(*idata->rekey->send_enc_key));
1064 memcpy(idata->rekey->send_enc_key, keymat->send_enc_key,
1065 keymat->enc_key_len / 8);
1066 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1070 /* This function actually re-generates (when not using PFS) the keys and
1071 takes them into use. */
1073 void silc_server_protocol_rekey_generate(SilcServer server,
1074 SilcServerRekeyInternalContext *ctx,
1077 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1078 SilcSKEKeyMaterial *keymat;
1079 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1080 uint32 hash_len = idata->hash->hash->hash_len;
1082 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1083 send ? "sending" : "receiving"));
1085 /* Generate the new key */
1086 keymat = silc_calloc(1, sizeof(*keymat));
1087 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1088 idata->rekey->enc_key_len,
1089 16, key_len, hash_len,
1090 idata->hash, keymat);
1092 /* Set the keys into use */
1093 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1095 silc_ske_free_key_material(keymat);
1098 /* This function actually re-generates (with PFS) the keys and
1099 takes them into use. */
1102 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1103 SilcServerRekeyInternalContext *ctx,
1106 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1107 SilcSKEKeyMaterial *keymat;
1108 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1109 uint32 hash_len = idata->hash->hash->hash_len;
1110 unsigned char *tmpbuf;
1113 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1114 send ? "sending" : "receiving"));
1116 /* Encode KEY to binary data */
1117 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1119 /* Generate the new key */
1120 keymat = silc_calloc(1, sizeof(*keymat));
1121 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1122 idata->hash, keymat);
1124 /* Set the keys into use */
1125 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1127 memset(tmpbuf, 0, klen);
1129 silc_ske_free_key_material(keymat);
1132 /* Packet sending callback. This function is provided as packet sending
1133 routine to the Key Exchange functions. */
1136 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1138 SilcPacketType type,
1141 SilcProtocol protocol = (SilcProtocol)context;
1142 SilcServerRekeyInternalContext *ctx =
1143 (SilcServerRekeyInternalContext *)protocol->context;
1144 SilcServer server = (SilcServer)ctx->server;
1146 /* Send the packet immediately */
1147 silc_server_packet_send(server, ctx->sock,
1148 type, 0, packet->data, packet->len, FALSE);
1151 /* Performs re-key as defined in the SILC protocol specification. */
1153 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1155 SilcProtocol protocol = (SilcProtocol)context;
1156 SilcServerRekeyInternalContext *ctx =
1157 (SilcServerRekeyInternalContext *)protocol->context;
1158 SilcServer server = (SilcServer)ctx->server;
1159 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1160 SilcSKEStatus status;
1162 SILC_LOG_DEBUG(("Start"));
1164 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1165 protocol->state = SILC_PROTOCOL_STATE_START;
1167 SILC_LOG_DEBUG(("State=%d", protocol->state));
1169 switch(protocol->state) {
1170 case SILC_PROTOCOL_STATE_START:
1176 if (ctx->responder == TRUE) {
1178 * We are receiving party
1181 if (ctx->pfs == TRUE) {
1183 * Use Perfect Forward Secrecy, ie. negotiate the key material
1184 * using the SKE protocol.
1187 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1188 /* Error in protocol */
1189 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1190 protocol->execute(server->timeout_queue, 0, protocol, fd,
1194 ctx->ske = silc_ske_alloc();
1195 ctx->ske->rng = server->rng;
1196 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1197 silc_ske_get_group_by_number(idata->rekey->ske_group,
1198 &ctx->ske->prop->group);
1200 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
1201 NULL, NULL, NULL, NULL);
1202 if (status != SILC_SKE_STATUS_OK) {
1203 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1206 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1207 protocol->execute(server->timeout_queue, 0,
1208 protocol, fd, 0, 300000);
1212 /* Advance the protocol state */
1214 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
1217 * Do normal and simple re-key.
1220 /* Send the REKEY_DONE to indicate we will take new keys into use */
1221 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1224 /* After we send REKEY_DONE we must set the sending encryption
1225 key to the new key since all packets after this packet must
1226 encrypted with the new key. */
1227 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1229 /* The protocol ends in next stage. */
1230 protocol->state = SILC_PROTOCOL_STATE_END;
1235 * We are the initiator of this protocol
1238 /* Start the re-key by sending the REKEY packet */
1239 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1242 if (ctx->pfs == TRUE) {
1244 * Use Perfect Forward Secrecy, ie. negotiate the key material
1245 * using the SKE protocol.
1247 ctx->ske = silc_ske_alloc();
1248 ctx->ske->rng = server->rng;
1249 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1250 silc_ske_get_group_by_number(idata->rekey->ske_group,
1251 &ctx->ske->prop->group);
1254 silc_ske_initiator_phase_2(ctx->ske, NULL, NULL,
1255 silc_server_protocol_rekey_send_packet,
1258 if (status != SILC_SKE_STATUS_OK) {
1259 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1262 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1263 protocol->execute(server->timeout_queue, 0,
1264 protocol, fd, 0, 300000);
1268 /* Advance the protocol state */
1272 * Do normal and simple re-key.
1275 /* Send the REKEY_DONE to indicate we will take new keys into use
1277 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1280 /* After we send REKEY_DONE we must set the sending encryption
1281 key to the new key since all packets after this packet must
1282 encrypted with the new key. */
1283 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1285 /* The protocol ends in next stage. */
1286 protocol->state = SILC_PROTOCOL_STATE_END;
1294 * Second state, used only when oding re-key with PFS.
1296 if (ctx->responder == TRUE) {
1297 if (ctx->pfs == TRUE) {
1299 * Send our KE packe to the initiator now that we've processed
1300 * the initiator's KE packet.
1303 silc_ske_responder_finish(ctx->ske, NULL, NULL,
1304 SILC_SKE_PK_TYPE_SILC,
1305 silc_server_protocol_rekey_send_packet,
1308 if (status != SILC_SKE_STATUS_OK) {
1309 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1312 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1313 protocol->execute(server->timeout_queue, 0,
1314 protocol, fd, 0, 300000);
1320 if (ctx->pfs == TRUE) {
1322 * The packet type must be KE packet
1324 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1325 /* Error in protocol */
1326 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1327 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
1330 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
1331 NULL, NULL, NULL, NULL);
1332 if (status != SILC_SKE_STATUS_OK) {
1333 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1336 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1337 protocol->execute(server->timeout_queue, 0,
1338 protocol, fd, 0, 300000);
1344 /* Send the REKEY_DONE to indicate we will take new keys into use
1346 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1349 /* After we send REKEY_DONE we must set the sending encryption
1350 key to the new key since all packets after this packet must
1351 encrypted with the new key. */
1352 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1354 /* The protocol ends in next stage. */
1355 protocol->state = SILC_PROTOCOL_STATE_END;
1358 case SILC_PROTOCOL_STATE_END:
1363 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1364 /* Error in protocol */
1365 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1366 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
1369 /* We received the REKEY_DONE packet and all packets after this is
1370 encrypted with the new key so set the decryption key to the new key */
1371 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1373 /* Protocol has ended, call the final callback */
1374 if (protocol->final_callback)
1375 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1377 silc_protocol_free(protocol);
1380 case SILC_PROTOCOL_STATE_ERROR:
1385 if (ctx->pfs == TRUE) {
1386 /* Send abort notification */
1387 silc_ske_abort(ctx->ske, ctx->ske->status,
1388 silc_server_protocol_ke_send_packet,
1392 /* On error the final callback is always called. */
1393 if (protocol->final_callback)
1394 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1396 silc_protocol_free(protocol);
1399 case SILC_PROTOCOL_STATE_FAILURE:
1401 * We have received failure from remote
1404 /* On error the final callback is always called. */
1405 if (protocol->final_callback)
1406 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1408 silc_protocol_free(protocol);
1411 case SILC_PROTOCOL_STATE_UNKNOWN:
1417 /* Registers protocols used in server. */
1419 void silc_server_protocols_register(void)
1421 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1422 silc_server_protocol_connection_auth);
1423 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1424 silc_server_protocol_key_exchange);
1425 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1426 silc_server_protocol_rekey);
1429 /* Unregisters protocols */
1431 void silc_server_protocols_unregister(void)
1433 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1434 silc_server_protocol_connection_auth);
1435 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1436 silc_server_protocol_key_exchange);
1437 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1438 silc_server_protocol_rekey);