5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
30 SILC_TASK_CALLBACK(silc_server_protocol_rekey);
32 extern char *silc_version_string;
35 * Key Exhange protocol functions
38 /* Packet sending callback. This function is provided as packet sending
39 routine to the Key Exchange functions. */
41 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
46 SilcProtocol protocol = (SilcProtocol)context;
47 SilcServerKEInternalContext *ctx =
48 (SilcServerKEInternalContext *)protocol->context;
49 SilcServer server = (SilcServer)ctx->server;
51 /* Send the packet immediately */
52 silc_server_packet_send(server, ske->sock,
53 type, 0, packet->data, packet->len, TRUE);
56 /* Sets the negotiated key material into use for particular connection. */
58 int silc_server_protocol_ke_set_keys(SilcSKE ske,
59 SilcSocketConnection sock,
60 SilcSKEKeyMaterial *keymat,
65 SilcSKEDiffieHellmanGroup group,
68 SilcUnknownEntry conn_data;
71 SILC_LOG_DEBUG(("Setting new key into use"));
73 conn_data = silc_calloc(1, sizeof(*conn_data));
74 idata = (SilcIDListData)conn_data;
76 /* Allocate cipher to be used in the communication */
77 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
81 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
86 if (is_responder == TRUE) {
87 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
89 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
90 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
92 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
94 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
96 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
97 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
99 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
102 idata->rekey = silc_calloc(1, sizeof(*idata->rekey));
103 idata->rekey->send_enc_key =
104 silc_calloc(keymat->enc_key_len / 8,
105 sizeof(*idata->rekey->send_enc_key));
106 memcpy(idata->rekey->send_enc_key,
107 keymat->send_enc_key, keymat->enc_key_len / 8);
108 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
110 if (ske->start_payload->flags & SILC_SKE_SP_FLAG_PFS)
111 idata->rekey->pfs = TRUE;
112 idata->rekey->ske_group = silc_ske_group_get_number(group);
114 /* Save the remote host's public key */
115 silc_pkcs_public_key_decode(ske->ke1_payload->pk_data,
116 ske->ke1_payload->pk_len, &idata->public_key);
119 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
120 silc_cipher_free(idata->send_key);
121 silc_cipher_free(idata->receive_key);
122 silc_free(conn_data);
126 /* Save HMAC key to be used in the communication. */
127 if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac_send)) {
128 silc_cipher_free(idata->send_key);
129 silc_cipher_free(idata->receive_key);
130 silc_hash_free(idata->hash);
131 silc_free(conn_data);
134 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key, keymat->hmac_key_len);
135 idata->hmac_receive = idata->hmac_send;
137 sock->user_data = (void *)conn_data;
142 /* Check remote host version string */
144 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
147 SilcSKEStatus status = SILC_SKE_STATUS_OK;
149 int maj = 0, min = 0, build = 0, maj2 = 0, min2 = 0, build2 = 0;
151 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
152 ske->sock->ip, version));
154 /* Check for initial version string */
155 if (!strstr(version, "SILC-1.0-"))
156 status = SILC_SKE_STATUS_BAD_VERSION;
158 /* Check software version */
162 status = SILC_SKE_STATUS_BAD_VERSION;
165 cp = strchr(cp, '.');
171 cp = strchr(cp, '.');
173 build = atoi(cp + 1);
176 cp = silc_version_string + 9;
178 status = SILC_SKE_STATUS_BAD_VERSION;
181 cp = strchr(cp, '.');
187 cp = strchr(cp, '.');
189 build2 = atoi(cp + 1);
193 status = SILC_SKE_STATUS_BAD_VERSION;
195 status = SILC_SKE_STATUS_BAD_VERSION;
200 /* Performs key exchange protocol. This is used for both initiator
201 and responder key exchange. This is performed always when accepting
202 new connection to the server. This may be called recursively. */
204 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
206 SilcProtocol protocol = (SilcProtocol)context;
207 SilcServerKEInternalContext *ctx =
208 (SilcServerKEInternalContext *)protocol->context;
209 SilcServer server = (SilcServer)ctx->server;
210 SilcSKEStatus status = 0;
212 SILC_LOG_DEBUG(("Start"));
214 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
215 protocol->state = SILC_PROTOCOL_STATE_START;
217 SILC_LOG_DEBUG(("State=%d", protocol->state));
219 switch(protocol->state) {
220 case SILC_PROTOCOL_STATE_START:
227 /* Allocate Key Exchange object */
228 ske = silc_ske_alloc();
230 ske->rng = server->rng;
232 if (ctx->responder == TRUE) {
233 /* Start the key exchange by processing the received security
234 properties packet from initiator. */
235 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
237 ctx->packet->buffer, FALSE,
240 SilcSKEStartPayload *start_payload;
242 /* Assemble security properties. */
243 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
247 /* Start the key exchange by sending our security properties
248 to the remote end. */
249 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
251 silc_server_protocol_ke_send_packet,
255 if (status != SILC_SKE_STATUS_OK) {
256 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
258 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
261 protocol->state = SILC_PROTOCOL_STATE_ERROR;
262 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
266 /* Advance protocol state and call the next state if we are responder */
268 if (ctx->responder == TRUE)
269 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
277 if (ctx->responder == TRUE) {
278 /* Sends the selected security properties to the initiator. */
280 silc_ske_responder_phase_1(ctx->ske,
281 ctx->ske->start_payload,
282 silc_server_protocol_ke_send_packet,
285 /* Call Phase-1 function. This processes the Key Exchange Start
286 paylaod reply we just got from the responder. The callback
287 function will receive the processed payload where we will
289 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer,
293 if (status != SILC_SKE_STATUS_OK) {
294 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
296 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
299 protocol->state = SILC_PROTOCOL_STATE_ERROR;
300 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
304 /* Advance protocol state and call next state if we are initiator */
306 if (ctx->responder == FALSE)
307 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
315 if (ctx->responder == TRUE) {
316 /* Process the received Key Exchange 1 Payload packet from
317 the initiator. This also creates our parts of the Diffie
318 Hellman algorithm. */
319 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
320 NULL, NULL, NULL, NULL);
322 /* Call the Phase-2 function. This creates Diffie Hellman
323 key exchange parameters and sends our public part inside
324 Key Exhange 1 Payload to the responder. */
326 silc_ske_initiator_phase_2(ctx->ske,
329 silc_server_protocol_ke_send_packet,
333 if (status != SILC_SKE_STATUS_OK) {
334 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
336 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
339 protocol->state = SILC_PROTOCOL_STATE_ERROR;
340 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
344 /* Advance protocol state and call the next state if we are responder */
346 if (ctx->responder == TRUE)
347 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
355 if (ctx->responder == TRUE) {
356 /* This creates the key exchange material and sends our
357 public parts to the initiator inside Key Exchange 2 Payload. */
359 silc_ske_responder_finish(ctx->ske,
360 server->public_key, server->private_key,
361 SILC_SKE_PK_TYPE_SILC,
362 silc_server_protocol_ke_send_packet,
365 /* Finish the protocol. This verifies the Key Exchange 2 payload
366 sent by responder. */
367 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
368 NULL, NULL, NULL, NULL);
371 if (status != SILC_SKE_STATUS_OK) {
372 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
374 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
377 protocol->state = SILC_PROTOCOL_STATE_ERROR;
378 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
382 /* Send Ok to the other end. We will end the protocol as responder
383 sends Ok to us when we will take the new keys into use. */
384 if (ctx->responder == FALSE)
385 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
387 /* End the protocol on the next round */
388 protocol->state = SILC_PROTOCOL_STATE_END;
392 case SILC_PROTOCOL_STATE_END:
397 SilcSKEKeyMaterial *keymat;
398 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
399 int hash_len = ctx->ske->prop->hash->hash->hash_len;
401 /* Process the key material */
402 keymat = silc_calloc(1, sizeof(*keymat));
403 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
405 if (status != SILC_SKE_STATUS_OK) {
406 protocol->state = SILC_PROTOCOL_STATE_ERROR;
407 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
408 silc_ske_free_key_material(keymat);
411 ctx->keymat = keymat;
413 /* Send Ok to the other end if we are responder. If we are initiator
414 we have sent this already. */
415 if (ctx->responder == TRUE)
416 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
418 /* Unregister the timeout task since the protocol has ended.
419 This was the timeout task to be executed if the protocol is
420 not completed fast enough. */
421 if (ctx->timeout_task)
422 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
424 /* Call the final callback */
425 if (protocol->final_callback)
426 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
428 silc_protocol_free(protocol);
432 case SILC_PROTOCOL_STATE_ERROR:
437 /* Send abort notification */
438 silc_ske_abort(ctx->ske, ctx->ske->status,
439 silc_server_protocol_ke_send_packet,
442 /* Unregister the timeout task since the protocol has ended.
443 This was the timeout task to be executed if the protocol is
444 not completed fast enough. */
445 if (ctx->timeout_task)
446 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
448 /* On error the final callback is always called. */
449 if (protocol->final_callback)
450 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
452 silc_protocol_free(protocol);
455 case SILC_PROTOCOL_STATE_FAILURE:
457 * We have received failure from remote
460 /* Unregister the timeout task since the protocol has ended.
461 This was the timeout task to be executed if the protocol is
462 not completed fast enough. */
463 if (ctx->timeout_task)
464 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
466 /* On error the final callback is always called. */
467 if (protocol->final_callback)
468 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
470 silc_protocol_free(protocol);
473 case SILC_PROTOCOL_STATE_UNKNOWN:
479 * Connection Authentication protocol functions
483 silc_server_password_authentication(SilcServer server, char *auth1,
486 if (!auth1 || !auth2)
489 if (!memcmp(auth1, auth2, strlen(auth1)))
496 silc_server_public_key_authentication(SilcServer server,
497 SilcPublicKey pub_key,
506 if (!pub_key || !sign)
509 silc_pkcs_alloc(pub_key->name, &pkcs);
510 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
511 silc_pkcs_free(pkcs);
515 /* Make the authentication data. Protocol says it is HASH plus
517 len = ske->hash_len + ske->start_payload_copy->len;
518 auth = silc_buffer_alloc(len);
519 silc_buffer_pull_tail(auth, len);
520 silc_buffer_format(auth,
521 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
522 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
523 ske->start_payload_copy->len),
526 /* Verify signature */
527 if (silc_pkcs_verify(pkcs, sign, sign_len, auth->data, auth->len)) {
528 silc_pkcs_free(pkcs);
529 silc_buffer_free(auth);
533 silc_pkcs_free(pkcs);
534 silc_buffer_free(auth);
539 silc_server_get_public_key_auth(SilcServer server,
540 SilcPublicKey pub_key,
541 unsigned char *auth_data,
542 uint32 *auth_data_len,
552 silc_pkcs_alloc(pub_key->name, &pkcs);
553 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
554 silc_pkcs_free(pkcs);
558 /* Make the authentication data. Protocol says it is HASH plus
560 len = ske->hash_len + ske->start_payload_copy->len;
561 auth = silc_buffer_alloc(len);
562 silc_buffer_pull_tail(auth, len);
563 silc_buffer_format(auth,
564 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
565 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
566 ske->start_payload_copy->len),
569 if (silc_pkcs_sign(pkcs, auth->data, auth->len, auth_data, auth_data_len)) {
570 silc_pkcs_free(pkcs);
571 silc_buffer_free(auth);
575 silc_pkcs_free(pkcs);
576 silc_buffer_free(auth);
580 /* Performs connection authentication protocol. If responder, we
581 authenticate the remote data received. If initiator, we will send
582 authentication data to the remote end. */
584 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
586 SilcProtocol protocol = (SilcProtocol)context;
587 SilcServerConnAuthInternalContext *ctx =
588 (SilcServerConnAuthInternalContext *)protocol->context;
589 SilcServer server = (SilcServer)ctx->server;
591 SILC_LOG_DEBUG(("Start"));
593 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
594 protocol->state = SILC_PROTOCOL_STATE_START;
596 SILC_LOG_DEBUG(("State=%d", protocol->state));
598 switch(protocol->state) {
599 case SILC_PROTOCOL_STATE_START:
605 if (ctx->responder == TRUE) {
607 * We are receiving party
612 unsigned char *auth_data = NULL;
614 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
615 ctx->sock->hostname, ctx->sock->ip));
617 /* Parse the received authentication data packet. The received
618 payload is Connection Auth Payload. */
619 ret = silc_buffer_unformat(ctx->packet->buffer,
620 SILC_STR_UI_SHORT(&payload_len),
621 SILC_STR_UI_SHORT(&conn_type),
624 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
625 protocol->state = SILC_PROTOCOL_STATE_ERROR;
626 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
630 if (payload_len != ctx->packet->buffer->len) {
631 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
632 protocol->state = SILC_PROTOCOL_STATE_ERROR;
633 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
639 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
640 conn_type > SILC_SOCKET_TYPE_ROUTER) {
641 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
642 protocol->state = SILC_PROTOCOL_STATE_ERROR;
643 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
647 if (payload_len > 0) {
648 /* Get authentication data */
649 silc_buffer_pull(ctx->packet->buffer, 4);
650 ret = silc_buffer_unformat(ctx->packet->buffer,
651 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
655 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
656 protocol->state = SILC_PROTOCOL_STATE_ERROR;
657 protocol->execute(server->timeout_queue, 0,
658 protocol, fd, 0, 300000);
664 * Check the remote connection type and make sure that we have
665 * configured this connection. If we haven't allowed this connection
666 * the authentication must be failed.
669 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
671 /* Remote end is client */
672 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
673 SilcServerConfigSectionClientConnection *client = ctx->cconfig;
676 switch(client->auth_meth) {
678 /* No authentication required */
679 SILC_LOG_DEBUG(("No authentication required"));
682 case SILC_AUTH_PASSWORD:
683 /* Password authentication */
684 SILC_LOG_DEBUG(("Password authentication"));
685 ret = silc_server_password_authentication(server, auth_data,
691 /* Authentication failed */
692 SILC_LOG_ERROR(("Authentication failed"));
693 SILC_LOG_DEBUG(("Authentication failed"));
694 silc_free(auth_data);
695 protocol->state = SILC_PROTOCOL_STATE_ERROR;
696 protocol->execute(server->timeout_queue, 0,
697 protocol, fd, 0, 300000);
701 case SILC_AUTH_PUBLIC_KEY:
702 /* Public key authentication */
703 SILC_LOG_DEBUG(("Public key authentication"));
704 ret = silc_server_public_key_authentication(server,
713 SILC_LOG_ERROR(("Authentication failed"));
714 SILC_LOG_DEBUG(("Authentication failed"));
715 silc_free(auth_data);
716 protocol->state = SILC_PROTOCOL_STATE_ERROR;
717 protocol->execute(server->timeout_queue, 0,
718 protocol, fd, 0, 300000);
722 SILC_LOG_DEBUG(("No configuration for remote connection"));
723 SILC_LOG_ERROR(("Remote connection not configured"));
724 SILC_LOG_ERROR(("Authentication failed"));
725 silc_free(auth_data);
726 protocol->state = SILC_PROTOCOL_STATE_ERROR;
727 protocol->execute(server->timeout_queue, 0,
728 protocol, fd, 0, 300000);
733 /* Remote end is server */
734 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
735 SilcServerConfigSectionServerConnection *serv = ctx->sconfig;
738 switch(serv->auth_meth) {
740 /* No authentication required */
741 SILC_LOG_DEBUG(("No authentication required"));
744 case SILC_AUTH_PASSWORD:
745 /* Password authentication */
746 SILC_LOG_DEBUG(("Password authentication"));
747 ret = silc_server_password_authentication(server, auth_data,
753 /* Authentication failed */
754 SILC_LOG_ERROR(("Authentication failed"));
755 SILC_LOG_DEBUG(("Authentication failed"));
756 silc_free(auth_data);
757 protocol->state = SILC_PROTOCOL_STATE_ERROR;
758 protocol->execute(server->timeout_queue, 0,
759 protocol, fd, 0, 300000);
763 case SILC_AUTH_PUBLIC_KEY:
764 /* Public key authentication */
765 SILC_LOG_DEBUG(("Public key authentication"));
766 ret = silc_server_public_key_authentication(server,
775 SILC_LOG_ERROR(("Authentication failed"));
776 SILC_LOG_DEBUG(("Authentication failed"));
777 silc_free(auth_data);
778 protocol->state = SILC_PROTOCOL_STATE_ERROR;
779 protocol->execute(server->timeout_queue, 0,
780 protocol, fd, 0, 300000);
784 SILC_LOG_DEBUG(("No configuration for remote connection"));
785 SILC_LOG_ERROR(("Remote connection not configured"));
786 SILC_LOG_ERROR(("Authentication failed"));
787 protocol->state = SILC_PROTOCOL_STATE_ERROR;
788 protocol->execute(server->timeout_queue, 0,
789 protocol, fd, 0, 300000);
790 silc_free(auth_data);
795 /* Remote end is router */
796 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
797 SilcServerConfigSectionServerConnection *serv = ctx->rconfig;
800 switch(serv->auth_meth) {
802 /* No authentication required */
803 SILC_LOG_DEBUG(("No authentication required"));
806 case SILC_AUTH_PASSWORD:
807 /* Password authentication */
808 SILC_LOG_DEBUG(("Password authentication"));
809 ret = silc_server_password_authentication(server, auth_data,
815 /* Authentication failed */
816 SILC_LOG_ERROR(("Authentication failed"));
817 SILC_LOG_DEBUG(("Authentication failed"));
818 silc_free(auth_data);
819 protocol->state = SILC_PROTOCOL_STATE_ERROR;
820 protocol->execute(server->timeout_queue, 0,
821 protocol, fd, 0, 300000);
825 case SILC_AUTH_PUBLIC_KEY:
826 /* Public key authentication */
827 SILC_LOG_DEBUG(("Public key authentication"));
828 ret = silc_server_public_key_authentication(server,
837 SILC_LOG_ERROR(("Authentication failed"));
838 SILC_LOG_DEBUG(("Authentication failed"));
839 silc_free(auth_data);
840 protocol->state = SILC_PROTOCOL_STATE_ERROR;
841 protocol->execute(server->timeout_queue, 0,
842 protocol, fd, 0, 300000);
846 SILC_LOG_DEBUG(("No configuration for remote connection"));
847 SILC_LOG_ERROR(("Remote connection not configured"));
848 SILC_LOG_ERROR(("Authentication failed"));
849 silc_free(auth_data);
850 protocol->state = SILC_PROTOCOL_STATE_ERROR;
851 protocol->execute(server->timeout_queue, 0,
852 protocol, fd, 0, 300000);
857 silc_free(auth_data);
859 /* Save connection type. This is later used to create the
860 ID for the connection. */
861 ctx->conn_type = conn_type;
863 /* Advance protocol state. */
864 protocol->state = SILC_PROTOCOL_STATE_END;
865 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
869 * We are initiator. We are authenticating ourselves to a
870 * remote server. We will send the authentication data to the
871 * other end for verify.
875 unsigned char *auth_data = NULL;
876 uint32 auth_data_len = 0;
878 switch(ctx->auth_meth) {
880 /* No authentication required */
883 case SILC_AUTH_PASSWORD:
884 /* Password authentication */
885 if (ctx->auth_data && ctx->auth_data_len) {
886 auth_data = strdup(ctx->auth_data);
887 auth_data_len = ctx->auth_data_len;
892 case SILC_AUTH_PUBLIC_KEY:
894 unsigned char sign[1024];
896 /* Public key authentication */
897 silc_server_get_public_key_auth(server, ctx->auth_data,
898 sign, &auth_data_len,
900 auth_data = silc_calloc(auth_data_len, sizeof(*auth_data));
901 memcpy(auth_data, sign, auth_data_len);
906 payload_len = 4 + auth_data_len;
907 packet = silc_buffer_alloc(payload_len);
908 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
909 silc_buffer_format(packet,
910 SILC_STR_UI_SHORT(payload_len),
911 SILC_STR_UI_SHORT(server->server_type
913 SILC_SOCKET_TYPE_SERVER :
914 SILC_SOCKET_TYPE_ROUTER),
915 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
918 /* Send the packet to server */
919 silc_server_packet_send(server, ctx->sock,
920 SILC_PACKET_CONNECTION_AUTH, 0,
921 packet->data, packet->len, TRUE);
924 memset(auth_data, 0, auth_data_len);
925 silc_free(auth_data);
927 silc_buffer_free(packet);
929 /* Next state is end of protocol */
930 protocol->state = SILC_PROTOCOL_STATE_END;
935 case SILC_PROTOCOL_STATE_END:
942 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
944 /* Authentication successful */
945 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
948 /* Unregister the timeout task since the protocol has ended.
949 This was the timeout task to be executed if the protocol is
950 not completed fast enough. */
951 if (ctx->timeout_task)
952 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
954 /* Protocol has ended, call the final callback */
955 if (protocol->final_callback)
956 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
958 silc_protocol_free(protocol);
961 case SILC_PROTOCOL_STATE_ERROR:
964 * Error. Send notify to remote.
966 unsigned char error[4];
968 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
970 /* Authentication failed */
971 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
974 /* Unregister the timeout task since the protocol has ended.
975 This was the timeout task to be executed if the protocol is
976 not completed fast enough. */
977 if (ctx->timeout_task)
978 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
980 /* On error the final callback is always called. */
981 if (protocol->final_callback)
982 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
984 silc_protocol_free(protocol);
988 case SILC_PROTOCOL_STATE_FAILURE:
990 * We have received failure from remote
993 /* Unregister the timeout task since the protocol has ended.
994 This was the timeout task to be executed if the protocol is
995 not completed fast enough. */
996 if (ctx->timeout_task)
997 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
999 /* On error the final callback is always called. */
1000 if (protocol->final_callback)
1001 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1003 silc_protocol_free(protocol);
1006 case SILC_PROTOCOL_STATE_UNKNOWN:
1012 * Re-key protocol routines
1015 /* Actually takes the new keys into use. */
1018 silc_server_protocol_rekey_validate(SilcServer server,
1019 SilcServerRekeyInternalContext *ctx,
1020 SilcIDListData idata,
1021 SilcSKEKeyMaterial *keymat,
1024 if (ctx->responder == TRUE) {
1026 silc_cipher_set_key(idata->send_key, keymat->receive_enc_key,
1027 keymat->enc_key_len);
1028 silc_cipher_set_iv(idata->send_key, keymat->receive_iv);
1030 silc_cipher_set_key(idata->receive_key, keymat->send_enc_key,
1031 keymat->enc_key_len);
1032 silc_cipher_set_iv(idata->receive_key, keymat->send_iv);
1036 silc_cipher_set_key(idata->send_key, keymat->send_enc_key,
1037 keymat->enc_key_len);
1038 silc_cipher_set_iv(idata->send_key, keymat->send_iv);
1040 silc_cipher_set_key(idata->receive_key, keymat->receive_enc_key,
1041 keymat->enc_key_len);
1042 silc_cipher_set_iv(idata->receive_key, keymat->receive_iv);
1047 silc_hmac_alloc(idata->hmac_send->hmac->name, NULL, &idata->hmac_send);
1048 silc_hmac_set_key(idata->hmac_send, keymat->hmac_key,
1049 keymat->hmac_key_len);
1051 silc_hmac_free(idata->hmac_receive);
1052 idata->hmac_receive = idata->hmac_send;
1055 /* Save the current sending encryption key */
1057 memset(idata->rekey->send_enc_key, 0, idata->rekey->enc_key_len);
1058 silc_free(idata->rekey->send_enc_key);
1059 idata->rekey->send_enc_key =
1060 silc_calloc(keymat->enc_key_len / 8,
1061 sizeof(*idata->rekey->send_enc_key));
1062 memcpy(idata->rekey->send_enc_key, keymat->send_enc_key,
1063 keymat->enc_key_len / 8);
1064 idata->rekey->enc_key_len = keymat->enc_key_len / 8;
1068 /* This function actually re-generates (when not using PFS) the keys and
1069 takes them into use. */
1071 void silc_server_protocol_rekey_generate(SilcServer server,
1072 SilcServerRekeyInternalContext *ctx,
1075 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1076 SilcSKEKeyMaterial *keymat;
1077 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1078 uint32 hash_len = idata->hash->hash->hash_len;
1080 SILC_LOG_DEBUG(("Generating new %s session keys (no PFS)",
1081 send ? "sending" : "receiving"));
1083 /* Generate the new key */
1084 keymat = silc_calloc(1, sizeof(*keymat));
1085 silc_ske_process_key_material_data(idata->rekey->send_enc_key,
1086 idata->rekey->enc_key_len,
1087 16, key_len, hash_len,
1088 idata->hash, keymat);
1090 /* Set the keys into use */
1091 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1093 silc_ske_free_key_material(keymat);
1096 /* This function actually re-generates (with PFS) the keys and
1097 takes them into use. */
1100 silc_server_protocol_rekey_generate_pfs(SilcServer server,
1101 SilcServerRekeyInternalContext *ctx,
1104 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1105 SilcSKEKeyMaterial *keymat;
1106 uint32 key_len = silc_cipher_get_key_len(idata->send_key);
1107 uint32 hash_len = idata->hash->hash->hash_len;
1108 unsigned char *tmpbuf;
1111 SILC_LOG_DEBUG(("Generating new %s session keys (with PFS)",
1112 send ? "sending" : "receiving"));
1114 /* Encode KEY to binary data */
1115 tmpbuf = silc_mp_mp2bin(ctx->ske->KEY, 0, &klen);
1117 /* Generate the new key */
1118 keymat = silc_calloc(1, sizeof(*keymat));
1119 silc_ske_process_key_material_data(tmpbuf, klen, 16, key_len, hash_len,
1120 idata->hash, keymat);
1122 /* Set the keys into use */
1123 silc_server_protocol_rekey_validate(server, ctx, idata, keymat, send);
1125 memset(tmpbuf, 0, klen);
1127 silc_ske_free_key_material(keymat);
1130 /* Packet sending callback. This function is provided as packet sending
1131 routine to the Key Exchange functions. */
1134 silc_server_protocol_rekey_send_packet(SilcSKE ske,
1136 SilcPacketType type,
1139 SilcProtocol protocol = (SilcProtocol)context;
1140 SilcServerRekeyInternalContext *ctx =
1141 (SilcServerRekeyInternalContext *)protocol->context;
1142 SilcServer server = (SilcServer)ctx->server;
1144 /* Send the packet immediately */
1145 silc_server_packet_send(server, ctx->sock,
1146 type, 0, packet->data, packet->len, FALSE);
1149 /* Performs re-key as defined in the SILC protocol specification. */
1151 SILC_TASK_CALLBACK(silc_server_protocol_rekey)
1153 SilcProtocol protocol = (SilcProtocol)context;
1154 SilcServerRekeyInternalContext *ctx =
1155 (SilcServerRekeyInternalContext *)protocol->context;
1156 SilcServer server = (SilcServer)ctx->server;
1157 SilcIDListData idata = (SilcIDListData)ctx->sock->user_data;
1158 SilcSKEStatus status;
1160 SILC_LOG_DEBUG(("Start"));
1162 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
1163 protocol->state = SILC_PROTOCOL_STATE_START;
1165 SILC_LOG_DEBUG(("State=%d", protocol->state));
1167 switch(protocol->state) {
1168 case SILC_PROTOCOL_STATE_START:
1174 if (ctx->responder == TRUE) {
1176 * We are receiving party
1179 if (ctx->pfs == TRUE) {
1181 * Use Perfect Forward Secrecy, ie. negotiate the key material
1182 * using the SKE protocol.
1185 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_1) {
1186 /* Error in protocol */
1187 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1188 protocol->execute(server->timeout_queue, 0, protocol, fd,
1192 ctx->ske = silc_ske_alloc();
1193 ctx->ske->rng = server->rng;
1194 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1195 silc_ske_get_group_by_number(idata->rekey->ske_group,
1196 &ctx->ske->prop->group);
1198 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
1199 NULL, NULL, NULL, NULL);
1200 if (status != SILC_SKE_STATUS_OK) {
1201 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1204 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1205 protocol->execute(server->timeout_queue, 0,
1206 protocol, fd, 0, 300000);
1210 /* Advance the protocol state */
1212 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
1215 * Do normal and simple re-key.
1218 /* Send the REKEY_DONE to indicate we will take new keys into use */
1219 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1222 /* After we send REKEY_DONE we must set the sending encryption
1223 key to the new key since all packets after this packet must
1224 encrypted with the new key. */
1225 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1227 /* The protocol ends in next stage. */
1228 protocol->state = SILC_PROTOCOL_STATE_END;
1233 * We are the initiator of this protocol
1236 /* Start the re-key by sending the REKEY packet */
1237 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY,
1240 if (ctx->pfs == TRUE) {
1242 * Use Perfect Forward Secrecy, ie. negotiate the key material
1243 * using the SKE protocol.
1245 ctx->ske = silc_ske_alloc();
1246 ctx->ske->rng = server->rng;
1247 ctx->ske->prop = silc_calloc(1, sizeof(*ctx->ske->prop));
1248 silc_ske_get_group_by_number(idata->rekey->ske_group,
1249 &ctx->ske->prop->group);
1252 silc_ske_initiator_phase_2(ctx->ske, NULL, NULL,
1253 silc_server_protocol_rekey_send_packet,
1256 if (status != SILC_SKE_STATUS_OK) {
1257 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1260 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1261 protocol->execute(server->timeout_queue, 0,
1262 protocol, fd, 0, 300000);
1266 /* Advance the protocol state */
1270 * Do normal and simple re-key.
1273 /* Send the REKEY_DONE to indicate we will take new keys into use
1275 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1278 /* After we send REKEY_DONE we must set the sending encryption
1279 key to the new key since all packets after this packet must
1280 encrypted with the new key. */
1281 silc_server_protocol_rekey_generate(server, ctx, TRUE);
1283 /* The protocol ends in next stage. */
1284 protocol->state = SILC_PROTOCOL_STATE_END;
1292 * Second state, used only when oding re-key with PFS.
1294 if (ctx->responder == TRUE) {
1295 if (ctx->pfs == TRUE) {
1297 * Send our KE packe to the initiator now that we've processed
1298 * the initiator's KE packet.
1301 silc_ske_responder_finish(ctx->ske, NULL, NULL,
1302 SILC_SKE_PK_TYPE_SILC,
1303 silc_server_protocol_rekey_send_packet,
1306 if (status != SILC_SKE_STATUS_OK) {
1307 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1310 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1311 protocol->execute(server->timeout_queue, 0,
1312 protocol, fd, 0, 300000);
1318 if (ctx->pfs == TRUE) {
1320 * The packet type must be KE packet
1322 if (ctx->packet->type != SILC_PACKET_KEY_EXCHANGE_2) {
1323 /* Error in protocol */
1324 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1325 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
1328 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
1329 NULL, NULL, NULL, NULL);
1330 if (status != SILC_SKE_STATUS_OK) {
1331 SILC_LOG_WARNING(("Error (type %d) during Re-key (PFS)",
1334 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1335 protocol->execute(server->timeout_queue, 0,
1336 protocol, fd, 0, 300000);
1342 /* Send the REKEY_DONE to indicate we will take new keys into use
1344 silc_server_packet_send(server, ctx->sock, SILC_PACKET_REKEY_DONE,
1347 /* After we send REKEY_DONE we must set the sending encryption
1348 key to the new key since all packets after this packet must
1349 encrypted with the new key. */
1350 silc_server_protocol_rekey_generate_pfs(server, ctx, TRUE);
1352 /* The protocol ends in next stage. */
1353 protocol->state = SILC_PROTOCOL_STATE_END;
1356 case SILC_PROTOCOL_STATE_END:
1361 if (ctx->packet->type != SILC_PACKET_REKEY_DONE) {
1362 /* Error in protocol */
1363 protocol->state = SILC_PROTOCOL_STATE_ERROR;
1364 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
1367 /* We received the REKEY_DONE packet and all packets after this is
1368 encrypted with the new key so set the decryption key to the new key */
1369 silc_server_protocol_rekey_generate(server, ctx, FALSE);
1371 /* Protocol has ended, call the final callback */
1372 if (protocol->final_callback)
1373 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1375 silc_protocol_free(protocol);
1378 case SILC_PROTOCOL_STATE_ERROR:
1383 if (ctx->pfs == TRUE) {
1384 /* Send abort notification */
1385 silc_ske_abort(ctx->ske, ctx->ske->status,
1386 silc_server_protocol_ke_send_packet,
1390 /* On error the final callback is always called. */
1391 if (protocol->final_callback)
1392 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1394 silc_protocol_free(protocol);
1397 case SILC_PROTOCOL_STATE_FAILURE:
1399 * We have received failure from remote
1402 /* On error the final callback is always called. */
1403 if (protocol->final_callback)
1404 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
1406 silc_protocol_free(protocol);
1409 case SILC_PROTOCOL_STATE_UNKNOWN:
1415 /* Registers protocols used in server. */
1417 void silc_server_protocols_register(void)
1419 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1420 silc_server_protocol_connection_auth);
1421 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1422 silc_server_protocol_key_exchange);
1423 silc_protocol_register(SILC_PROTOCOL_SERVER_REKEY,
1424 silc_server_protocol_rekey);
1427 /* Unregisters protocols */
1429 void silc_server_protocols_unregister(void)
1431 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
1432 silc_server_protocol_connection_auth);
1433 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
1434 silc_server_protocol_key_exchange);
1435 silc_protocol_unregister(SILC_PROTOCOL_SERVER_REKEY,
1436 silc_server_protocol_rekey);