5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
31 extern char *silc_version_string;
34 * Key Exhange protocol functions
37 /* Packet sending callback. This function is provided as packet sending
38 routine to the Key Exchange functions. */
40 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
45 SilcProtocol protocol = (SilcProtocol)context;
46 SilcServerKEInternalContext *ctx =
47 (SilcServerKEInternalContext *)protocol->context;
48 SilcServer server = (SilcServer)ctx->server;
50 /* Send the packet immediately */
51 silc_server_packet_send(server, ske->sock,
52 type, 0, packet->data, packet->len, TRUE);
55 /* Sets the negotiated key material into use for particular connection. */
57 int silc_server_protocol_ke_set_keys(SilcSKE ske,
58 SilcSocketConnection sock,
59 SilcSKEKeyMaterial *keymat,
66 SilcUnknownEntry conn_data;
69 SILC_LOG_DEBUG(("Setting new key into use"));
71 conn_data = silc_calloc(1, sizeof(*conn_data));
72 idata = (SilcIDListData)conn_data;
74 /* Allocate cipher to be used in the communication */
75 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
79 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
84 if (is_responder == TRUE) {
85 idata->send_key->cipher->set_key(idata->send_key->context,
86 keymat->receive_enc_key,
88 idata->send_key->set_iv(idata->send_key, keymat->receive_iv);
89 idata->receive_key->cipher->set_key(idata->receive_key->context,
92 idata->receive_key->set_iv(idata->receive_key, keymat->send_iv);
95 idata->send_key->cipher->set_key(idata->send_key->context,
98 idata->send_key->set_iv(idata->send_key, keymat->send_iv);
99 idata->receive_key->cipher->set_key(idata->receive_key->context,
100 keymat->receive_enc_key,
101 keymat->enc_key_len);
102 idata->receive_key->set_iv(idata->receive_key, keymat->receive_iv);
106 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
107 silc_cipher_free(idata->send_key);
108 silc_cipher_free(idata->receive_key);
109 silc_free(conn_data);
113 /* Save HMAC key to be used in the communication. */
114 if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac)) {
115 silc_cipher_free(idata->send_key);
116 silc_cipher_free(idata->receive_key);
117 silc_hash_free(idata->hash);
118 silc_free(conn_data);
121 silc_hmac_set_key(idata->hmac, keymat->hmac_key, keymat->hmac_key_len);
123 sock->user_data = (void *)conn_data;
128 /* Check remote host version string */
130 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
133 SilcSKEStatus status = SILC_SKE_STATUS_OK;
135 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
136 ske->sock->ip, version));
138 /* Check for initial version string */
139 if (!strstr(version, "SILC-1.0-"))
140 status = SILC_SKE_STATUS_BAD_VERSION;
142 /* Check software version */
144 if (len < strlen(silc_version_string))
145 status = SILC_SKE_STATUS_BAD_VERSION;
147 /* XXX for now there is no other tests due to the abnormal version
148 string that is used */
153 /* Performs key exchange protocol. This is used for both initiator
154 and responder key exchange. This is performed always when accepting
155 new connection to the server. This may be called recursively. */
157 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
159 SilcProtocol protocol = (SilcProtocol)context;
160 SilcServerKEInternalContext *ctx =
161 (SilcServerKEInternalContext *)protocol->context;
162 SilcServer server = (SilcServer)ctx->server;
163 SilcSKEStatus status = 0;
165 SILC_LOG_DEBUG(("Start"));
167 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
168 protocol->state = SILC_PROTOCOL_STATE_START;
170 SILC_LOG_DEBUG(("State=%d", protocol->state));
172 switch(protocol->state) {
173 case SILC_PROTOCOL_STATE_START:
180 /* Allocate Key Exchange object */
181 ske = silc_ske_alloc();
183 ske->rng = server->rng;
185 if (ctx->responder == TRUE) {
186 /* Start the key exchange by processing the received security
187 properties packet from initiator. */
188 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
190 ctx->packet->buffer, NULL, NULL);
192 SilcSKEStartPayload *start_payload;
194 /* Assemble security properties. */
195 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
199 /* Start the key exchange by sending our security properties
200 to the remote end. */
201 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
203 silc_server_protocol_ke_send_packet,
207 if (status != SILC_SKE_STATUS_OK) {
208 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
210 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
213 protocol->state = SILC_PROTOCOL_STATE_ERROR;
214 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
218 /* Advance protocol state and call the next state if we are responder */
220 if (ctx->responder == TRUE)
221 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
229 if (ctx->responder == TRUE) {
230 /* Sends the selected security properties to the initiator. */
232 silc_ske_responder_phase_1(ctx->ske,
233 ctx->ske->start_payload,
234 silc_server_protocol_ke_send_packet,
237 /* Call Phase-1 function. This processes the Key Exchange Start
238 paylaod reply we just got from the responder. The callback
239 function will receive the processed payload where we will
241 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer,
245 if (status != SILC_SKE_STATUS_OK) {
246 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
248 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
251 protocol->state = SILC_PROTOCOL_STATE_ERROR;
252 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
256 /* Advance protocol state and call next state if we are initiator */
258 if (ctx->responder == FALSE)
259 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
267 if (ctx->responder == TRUE) {
268 /* Process the received Key Exchange 1 Payload packet from
269 the initiator. This also creates our parts of the Diffie
270 Hellman algorithm. */
271 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
274 /* Call the Phase-2 function. This creates Diffie Hellman
275 key exchange parameters and sends our public part inside
276 Key Exhange 1 Payload to the responder. */
278 silc_ske_initiator_phase_2(ctx->ske,
280 silc_server_protocol_ke_send_packet,
284 if (status != SILC_SKE_STATUS_OK) {
285 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
287 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
290 protocol->state = SILC_PROTOCOL_STATE_ERROR;
291 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
295 /* Advance protocol state and call the next state if we are responder */
297 if (ctx->responder == TRUE)
298 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
306 if (ctx->responder == TRUE) {
307 /* This creates the key exchange material and sends our
308 public parts to the initiator inside Key Exchange 2 Payload. */
310 silc_ske_responder_finish(ctx->ske,
311 server->public_key, server->private_key,
312 SILC_SKE_PK_TYPE_SILC,
313 silc_server_protocol_ke_send_packet,
316 /* Finish the protocol. This verifies the Key Exchange 2 payload
317 sent by responder. */
318 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
319 NULL, NULL, NULL, NULL);
322 if (status != SILC_SKE_STATUS_OK) {
323 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
325 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
328 protocol->state = SILC_PROTOCOL_STATE_ERROR;
329 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
333 /* Send Ok to the other end. We will end the protocol as responder
334 sends Ok to us when we will take the new keys into use. */
335 if (ctx->responder == FALSE)
336 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
338 /* End the protocol on the next round */
339 protocol->state = SILC_PROTOCOL_STATE_END;
343 case SILC_PROTOCOL_STATE_END:
348 SilcSKEKeyMaterial *keymat;
349 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
350 int hash_len = ctx->ske->prop->hash->hash->hash_len;
352 /* Process the key material */
353 keymat = silc_calloc(1, sizeof(*keymat));
354 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
356 if (status != SILC_SKE_STATUS_OK) {
357 protocol->state = SILC_PROTOCOL_STATE_ERROR;
358 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
359 silc_ske_free_key_material(keymat);
362 ctx->keymat = keymat;
364 /* Send Ok to the other end if we are responder. If we are initiator
365 we have sent this already. */
366 if (ctx->responder == TRUE)
367 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
369 /* Unregister the timeout task since the protocol has ended.
370 This was the timeout task to be executed if the protocol is
371 not completed fast enough. */
372 if (ctx->timeout_task)
373 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
375 /* Call the final callback */
376 if (protocol->final_callback)
377 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
379 silc_protocol_free(protocol);
383 case SILC_PROTOCOL_STATE_ERROR:
388 /* Send abort notification */
389 silc_ske_abort(ctx->ske, ctx->ske->status,
390 silc_server_protocol_ke_send_packet,
393 /* Unregister the timeout task since the protocol has ended.
394 This was the timeout task to be executed if the protocol is
395 not completed fast enough. */
396 if (ctx->timeout_task)
397 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
399 /* On error the final callback is always called. */
400 if (protocol->final_callback)
401 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
403 silc_protocol_free(protocol);
406 case SILC_PROTOCOL_STATE_FAILURE:
408 * We have received failure from remote
411 /* Unregister the timeout task since the protocol has ended.
412 This was the timeout task to be executed if the protocol is
413 not completed fast enough. */
414 if (ctx->timeout_task)
415 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
417 /* On error the final callback is always called. */
418 if (protocol->final_callback)
419 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
421 silc_protocol_free(protocol);
424 case SILC_PROTOCOL_STATE_UNKNOWN:
430 * Connection Authentication protocol functions
434 silc_server_password_authentication(SilcServer server, char *auth1,
437 if (!auth1 || !auth2)
440 if (!memcmp(auth1, auth2, strlen(auth1)))
447 silc_server_public_key_authentication(SilcServer server,
448 SilcPublicKey pub_key,
450 unsigned int sign_len,
457 if (!pub_key || !sign)
460 silc_pkcs_alloc(pub_key->name, &pkcs);
461 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
462 silc_pkcs_free(pkcs);
466 /* Make the authentication data. Protocol says it is HASH plus
468 len = ske->hash_len + ske->start_payload_copy->len;
469 auth = silc_buffer_alloc(len);
470 silc_buffer_pull_tail(auth, len);
471 silc_buffer_format(auth,
472 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
473 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
474 ske->start_payload_copy->len),
477 /* Verify signature */
478 if (silc_pkcs_verify(pkcs, sign, sign_len, auth->data, auth->len)) {
479 silc_pkcs_free(pkcs);
480 silc_buffer_free(auth);
484 silc_pkcs_free(pkcs);
485 silc_buffer_free(auth);
490 silc_server_get_public_key_auth(SilcServer server,
491 SilcPublicKey pub_key,
492 unsigned char *auth_data,
493 unsigned int *auth_data_len,
503 silc_pkcs_alloc(pub_key->name, &pkcs);
504 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
505 silc_pkcs_free(pkcs);
509 /* Make the authentication data. Protocol says it is HASH plus
511 len = ske->hash_len + ske->start_payload_copy->len;
512 auth = silc_buffer_alloc(len);
513 silc_buffer_pull_tail(auth, len);
514 silc_buffer_format(auth,
515 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
516 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
517 ske->start_payload_copy->len),
520 if (silc_pkcs_sign(pkcs, auth->data, auth->len, auth_data, auth_data_len)) {
521 silc_pkcs_free(pkcs);
522 silc_buffer_free(auth);
526 silc_pkcs_free(pkcs);
527 silc_buffer_free(auth);
531 /* Performs connection authentication protocol. If responder, we
532 authenticate the remote data received. If initiator, we will send
533 authentication data to the remote end. */
535 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
537 SilcProtocol protocol = (SilcProtocol)context;
538 SilcServerConnAuthInternalContext *ctx =
539 (SilcServerConnAuthInternalContext *)protocol->context;
540 SilcServer server = (SilcServer)ctx->server;
542 SILC_LOG_DEBUG(("Start"));
544 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
545 protocol->state = SILC_PROTOCOL_STATE_START;
547 SILC_LOG_DEBUG(("State=%d", protocol->state));
549 switch(protocol->state) {
550 case SILC_PROTOCOL_STATE_START:
556 if (ctx->responder == TRUE) {
558 * We are receiving party
561 unsigned short payload_len;
562 unsigned short conn_type;
563 unsigned char *auth_data = NULL;
565 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
566 ctx->sock->hostname, ctx->sock->ip));
568 /* Parse the received authentication data packet. The received
569 payload is Connection Auth Payload. */
570 ret = silc_buffer_unformat(ctx->packet->buffer,
571 SILC_STR_UI_SHORT(&payload_len),
572 SILC_STR_UI_SHORT(&conn_type),
575 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
576 protocol->state = SILC_PROTOCOL_STATE_ERROR;
577 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
581 if (payload_len != ctx->packet->buffer->len) {
582 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
583 protocol->state = SILC_PROTOCOL_STATE_ERROR;
584 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
590 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
591 conn_type > SILC_SOCKET_TYPE_ROUTER) {
592 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
593 protocol->state = SILC_PROTOCOL_STATE_ERROR;
594 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
598 if (payload_len > 0) {
599 /* Get authentication data */
600 silc_buffer_pull(ctx->packet->buffer, 4);
601 ret = silc_buffer_unformat(ctx->packet->buffer,
602 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
606 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
607 protocol->state = SILC_PROTOCOL_STATE_ERROR;
608 protocol->execute(server->timeout_queue, 0,
609 protocol, fd, 0, 300000);
615 * Check the remote connection type and make sure that we have
616 * configured this connection. If we haven't allowed this connection
617 * the authentication must be failed.
620 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
622 /* Remote end is client */
623 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
624 SilcServerConfigSectionClientConnection *client = NULL;
625 client = silc_server_config_find_client_conn(server->config,
629 client = silc_server_config_find_client_conn(server->config,
634 switch(client->auth_meth) {
636 /* No authentication required */
637 SILC_LOG_DEBUG(("No authentication required"));
640 case SILC_AUTH_PASSWORD:
641 /* Password authentication */
642 SILC_LOG_DEBUG(("Password authentication"));
643 ret = silc_server_password_authentication(server, auth_data,
649 /* Authentication failed */
650 SILC_LOG_ERROR(("Authentication failed"));
651 SILC_LOG_DEBUG(("Authentication failed"));
652 silc_free(auth_data);
653 protocol->state = SILC_PROTOCOL_STATE_ERROR;
654 protocol->execute(server->timeout_queue, 0,
655 protocol, fd, 0, 300000);
659 case SILC_AUTH_PUBLIC_KEY:
660 /* Public key authentication */
661 SILC_LOG_DEBUG(("Public key authentication"));
662 ret = silc_server_public_key_authentication(server,
671 SILC_LOG_ERROR(("Authentication failed"));
672 SILC_LOG_DEBUG(("Authentication failed"));
673 silc_free(auth_data);
674 protocol->state = SILC_PROTOCOL_STATE_ERROR;
675 protocol->execute(server->timeout_queue, 0,
676 protocol, fd, 0, 300000);
680 SILC_LOG_DEBUG(("No configuration for remote connection"));
681 SILC_LOG_ERROR(("Remote connection not configured"));
682 SILC_LOG_ERROR(("Authentication failed"));
683 silc_free(auth_data);
684 protocol->state = SILC_PROTOCOL_STATE_ERROR;
685 protocol->execute(server->timeout_queue, 0,
686 protocol, fd, 0, 300000);
691 /* Remote end is server */
692 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
693 SilcServerConfigSectionServerConnection *serv = NULL;
694 serv = silc_server_config_find_server_conn(server->config,
698 serv = silc_server_config_find_server_conn(server->config,
703 switch(serv->auth_meth) {
705 /* No authentication required */
706 SILC_LOG_DEBUG(("No authentication required"));
709 case SILC_AUTH_PASSWORD:
710 /* Password authentication */
711 SILC_LOG_DEBUG(("Password authentication"));
712 ret = silc_server_password_authentication(server, auth_data,
718 /* Authentication failed */
719 SILC_LOG_ERROR(("Authentication failed"));
720 SILC_LOG_DEBUG(("Authentication failed"));
721 silc_free(auth_data);
722 protocol->state = SILC_PROTOCOL_STATE_ERROR;
723 protocol->execute(server->timeout_queue, 0,
724 protocol, fd, 0, 300000);
728 case SILC_AUTH_PUBLIC_KEY:
729 /* Public key authentication */
730 SILC_LOG_DEBUG(("Public key authentication"));
731 ret = silc_server_public_key_authentication(server,
740 SILC_LOG_ERROR(("Authentication failed"));
741 SILC_LOG_DEBUG(("Authentication failed"));
742 silc_free(auth_data);
743 protocol->state = SILC_PROTOCOL_STATE_ERROR;
744 protocol->execute(server->timeout_queue, 0,
745 protocol, fd, 0, 300000);
749 SILC_LOG_DEBUG(("No configuration for remote connection"));
750 SILC_LOG_ERROR(("Remote connection not configured"));
751 SILC_LOG_ERROR(("Authentication failed"));
752 protocol->state = SILC_PROTOCOL_STATE_ERROR;
753 protocol->execute(server->timeout_queue, 0,
754 protocol, fd, 0, 300000);
755 silc_free(auth_data);
760 /* Remote end is router */
761 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
762 SilcServerConfigSectionServerConnection *serv = NULL;
763 serv = silc_server_config_find_router_conn(server->config,
767 serv = silc_server_config_find_router_conn(server->config,
772 switch(serv->auth_meth) {
774 /* No authentication required */
775 SILC_LOG_DEBUG(("No authentication required"));
778 case SILC_AUTH_PASSWORD:
779 /* Password authentication */
780 SILC_LOG_DEBUG(("Password authentication"));
781 ret = silc_server_password_authentication(server, auth_data,
787 /* Authentication failed */
788 SILC_LOG_ERROR(("Authentication failed"));
789 SILC_LOG_DEBUG(("Authentication failed"));
790 silc_free(auth_data);
791 protocol->state = SILC_PROTOCOL_STATE_ERROR;
792 protocol->execute(server->timeout_queue, 0,
793 protocol, fd, 0, 300000);
797 case SILC_AUTH_PUBLIC_KEY:
798 /* Public key authentication */
799 SILC_LOG_DEBUG(("Public key authentication"));
800 ret = silc_server_public_key_authentication(server,
809 SILC_LOG_ERROR(("Authentication failed"));
810 SILC_LOG_DEBUG(("Authentication failed"));
811 silc_free(auth_data);
812 protocol->state = SILC_PROTOCOL_STATE_ERROR;
813 protocol->execute(server->timeout_queue, 0,
814 protocol, fd, 0, 300000);
818 SILC_LOG_DEBUG(("No configuration for remote connection"));
819 SILC_LOG_ERROR(("Remote connection not configured"));
820 SILC_LOG_ERROR(("Authentication failed"));
821 silc_free(auth_data);
822 protocol->state = SILC_PROTOCOL_STATE_ERROR;
823 protocol->execute(server->timeout_queue, 0,
824 protocol, fd, 0, 300000);
829 silc_free(auth_data);
831 /* Save connection type. This is later used to create the
832 ID for the connection. */
833 ctx->conn_type = conn_type;
835 /* Advance protocol state. */
836 protocol->state = SILC_PROTOCOL_STATE_END;
837 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
841 * We are initiator. We are authenticating ourselves to a
842 * remote server. We will send the authentication data to the
843 * other end for verify.
847 unsigned char *auth_data = NULL;
848 unsigned int auth_data_len = 0;
850 switch(ctx->auth_meth) {
852 /* No authentication required */
855 case SILC_AUTH_PASSWORD:
856 /* Password authentication */
857 if (ctx->auth_data && ctx->auth_data_len) {
858 auth_data = strdup(ctx->auth_data);
859 auth_data_len = ctx->auth_data_len;
864 case SILC_AUTH_PUBLIC_KEY:
866 unsigned char sign[1024];
868 /* Public key authentication */
869 silc_server_get_public_key_auth(server, ctx->auth_data,
870 sign, &auth_data_len,
876 payload_len = 4 + auth_data_len;
877 packet = silc_buffer_alloc(payload_len);
878 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
879 silc_buffer_format(packet,
880 SILC_STR_UI_SHORT(payload_len),
881 SILC_STR_UI_SHORT(server->server_type
883 SILC_SOCKET_TYPE_SERVER :
884 SILC_SOCKET_TYPE_ROUTER),
885 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
888 /* Send the packet to server */
889 silc_server_packet_send(server, ctx->sock,
890 SILC_PACKET_CONNECTION_AUTH, 0,
891 packet->data, packet->len, TRUE);
894 memset(auth_data, 0, auth_data_len);
895 silc_free(auth_data);
897 silc_buffer_free(packet);
899 /* Next state is end of protocol */
900 protocol->state = SILC_PROTOCOL_STATE_END;
905 case SILC_PROTOCOL_STATE_END:
912 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
914 /* Authentication failed */
915 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
918 /* Unregister the timeout task since the protocol has ended.
919 This was the timeout task to be executed if the protocol is
920 not completed fast enough. */
921 if (ctx->timeout_task)
922 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
924 /* Protocol has ended, call the final callback */
925 if (protocol->final_callback)
926 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
928 silc_protocol_free(protocol);
931 case SILC_PROTOCOL_STATE_ERROR:
934 * Error. Send notify to remote.
936 unsigned char error[4];
938 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
940 /* Authentication failed */
941 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
944 /* Unregister the timeout task since the protocol has ended.
945 This was the timeout task to be executed if the protocol is
946 not completed fast enough. */
947 if (ctx->timeout_task)
948 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
950 /* On error the final callback is always called. */
951 if (protocol->final_callback)
952 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
954 silc_protocol_free(protocol);
958 case SILC_PROTOCOL_STATE_FAILURE:
960 * We have received failure from remote
963 /* Unregister the timeout task since the protocol has ended.
964 This was the timeout task to be executed if the protocol is
965 not completed fast enough. */
966 if (ctx->timeout_task)
967 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
969 /* On error the final callback is always called. */
970 if (protocol->final_callback)
971 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
973 silc_protocol_free(protocol);
976 case SILC_PROTOCOL_STATE_UNKNOWN:
981 /* Registers protocols used in server. */
983 void silc_server_protocols_register(void)
985 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
986 silc_server_protocol_connection_auth);
987 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
988 silc_server_protocol_key_exchange);
991 /* Unregisters protocols */
993 void silc_server_protocols_unregister(void)
995 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
996 silc_server_protocol_connection_auth);
997 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
998 silc_server_protocol_key_exchange);