5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2000 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
31 extern char *silc_version_string;
34 * Key Exhange protocol functions
37 /* Packet sending callback. This function is provided as packet sending
38 routine to the Key Exchange functions. */
40 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
45 SilcProtocol protocol = (SilcProtocol)context;
46 SilcServerKEInternalContext *ctx =
47 (SilcServerKEInternalContext *)protocol->context;
48 SilcServer server = (SilcServer)ctx->server;
50 /* Send the packet immediately */
51 silc_server_packet_send(server, ske->sock,
52 type, 0, packet->data, packet->len, TRUE);
55 /* Sets the negotiated key material into use for particular connection. */
57 static void silc_server_protocol_ke_set_keys(SilcSKE ske,
58 SilcSocketConnection sock,
59 SilcSKEKeyMaterial *keymat,
65 SilcUnknownEntry conn_data;
69 SILC_LOG_DEBUG(("Setting new key into use"));
71 conn_data = silc_calloc(1, sizeof(*conn_data));
72 idata = (SilcIDListData)conn_data;
74 /* Allocate cipher to be used in the communication */
75 silc_cipher_alloc(cipher->cipher->name, &idata->send_key);
76 silc_cipher_alloc(cipher->cipher->name, &idata->receive_key);
78 if (is_responder == TRUE) {
79 idata->send_key->cipher->set_key(idata->send_key->context,
80 keymat->receive_enc_key,
82 idata->send_key->set_iv(idata->send_key, keymat->receive_iv);
83 idata->receive_key->cipher->set_key(idata->receive_key->context,
86 idata->receive_key->set_iv(idata->receive_key, keymat->send_iv);
89 idata->send_key->cipher->set_key(idata->send_key->context,
92 idata->send_key->set_iv(idata->send_key, keymat->send_iv);
93 idata->receive_key->cipher->set_key(idata->receive_key->context,
94 keymat->receive_enc_key,
96 idata->receive_key->set_iv(idata->receive_key, keymat->receive_iv);
99 /* Allocate PKCS to be used */
101 /* XXX Do we ever need to allocate PKCS for the connection??
102 If yes, we need to change KE protocol to get the initiators
104 silc_pkcs_alloc(pkcs->pkcs->name, &idata->pkcs);
105 idata->public_key = silc_pkcs_public_key_alloc(XXX);
106 silc_pkcs_set_public_key(idata->pkcs, ske->ke2_payload->pk_data,
107 ske->ke2_payload->pk_len);
110 /* Save HMAC key to be used in the communication. */
111 silc_hash_alloc(hash->hash->name, &nhash);
112 silc_hmac_alloc(nhash, &idata->hmac);
113 silc_hmac_set_key(idata->hmac, keymat->hmac_key, keymat->hmac_key_len);
115 sock->user_data = (void *)conn_data;
120 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
123 return SILC_SKE_STATUS_OK;
126 /* Performs key exchange protocol. This is used for both initiator
127 and responder key exchange. This is performed always when accepting
128 new connection to the server. This may be called recursively. */
130 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
132 SilcProtocol protocol = (SilcProtocol)context;
133 SilcServerKEInternalContext *ctx =
134 (SilcServerKEInternalContext *)protocol->context;
135 SilcServer server = (SilcServer)ctx->server;
136 SilcSKEStatus status = 0;
138 SILC_LOG_DEBUG(("Start"));
140 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
141 protocol->state = SILC_PROTOCOL_STATE_START;
143 SILC_LOG_DEBUG(("State=%d", protocol->state));
145 switch(protocol->state) {
146 case SILC_PROTOCOL_STATE_START:
153 /* Allocate Key Exchange object */
154 ske = silc_ske_alloc();
156 ske->rng = server->rng;
158 if (ctx->responder == TRUE) {
159 /* Start the key exchange by processing the received security
160 properties packet from initiator. */
161 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
163 ctx->packet->buffer, NULL, NULL);
165 SilcSKEStartPayload *start_payload;
167 /* Assemble security properties. */
168 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
172 /* Start the key exchange by sending our security properties
173 to the remote end. */
174 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
176 silc_server_protocol_ke_send_packet,
180 if (status != SILC_SKE_STATUS_OK) {
181 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
183 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
186 protocol->state = SILC_PROTOCOL_STATE_ERROR;
187 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
191 /* Advance protocol state and call the next state if we are responder */
193 if (ctx->responder == TRUE)
194 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
202 if (ctx->responder == TRUE) {
203 /* Sends the selected security properties to the initiator. */
205 silc_ske_responder_phase_1(ctx->ske,
206 ctx->ske->start_payload,
207 silc_server_protocol_ke_send_packet,
210 /* Call Phase-1 function. This processes the Key Exchange Start
211 paylaod reply we just got from the responder. The callback
212 function will receive the processed payload where we will
214 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer,
218 if (status != SILC_SKE_STATUS_OK) {
219 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
221 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
224 protocol->state = SILC_PROTOCOL_STATE_ERROR;
225 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
229 /* Advance protocol state and call next state if we are initiator */
231 if (ctx->responder == FALSE)
232 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
240 if (ctx->responder == TRUE) {
241 /* Process the received Key Exchange 1 Payload packet from
242 the initiator. This also creates our parts of the Diffie
243 Hellman algorithm. */
244 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
247 /* Call the Phase-2 function. This creates Diffie Hellman
248 key exchange parameters and sends our public part inside
249 Key Exhange 1 Payload to the responder. */
251 silc_ske_initiator_phase_2(ctx->ske,
253 silc_server_protocol_ke_send_packet,
257 if (status != SILC_SKE_STATUS_OK) {
258 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
260 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
263 protocol->state = SILC_PROTOCOL_STATE_ERROR;
264 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
268 /* Advance protocol state and call the next state if we are responder */
270 if (ctx->responder == TRUE)
271 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
279 if (ctx->responder == TRUE) {
280 /* This creates the key exchange material and sends our
281 public parts to the initiator inside Key Exchange 2 Payload. */
283 silc_ske_responder_finish(ctx->ske,
284 server->public_key, server->private_key,
285 SILC_SKE_PK_TYPE_SILC,
286 silc_server_protocol_ke_send_packet,
289 /* Finish the protocol. This verifies the Key Exchange 2 payload
290 sent by responder. */
291 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
292 NULL, NULL, NULL, NULL);
295 if (status != SILC_SKE_STATUS_OK) {
296 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
298 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
301 protocol->state = SILC_PROTOCOL_STATE_ERROR;
302 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
306 /* Send Ok to the other end. We will end the protocol as responder
307 sends Ok to us when we will take the new keys into use. */
308 if (ctx->responder == FALSE)
309 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
311 /* End the protocol on the next round */
312 protocol->state = SILC_PROTOCOL_STATE_END;
316 case SILC_PROTOCOL_STATE_END:
321 SilcSKEKeyMaterial *keymat;
323 /* Send Ok to the other end if we are responder. If we are
324 initiator we have sent this already. */
325 if (ctx->responder == TRUE)
326 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
328 /* Process the key material */
329 keymat = silc_calloc(1, sizeof(*keymat));
330 silc_ske_process_key_material(ctx->ske, 16, (16 * 8), 16, keymat);
332 /* Take the new keys into use. */
333 silc_server_protocol_ke_set_keys(ctx->ske, ctx->sock, keymat,
334 ctx->ske->prop->cipher,
335 ctx->ske->prop->pkcs,
336 ctx->ske->prop->hash,
339 /* Unregister the timeout task since the protocol has ended.
340 This was the timeout task to be executed if the protocol is
341 not completed fast enough. */
342 if (ctx->timeout_task)
343 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
345 /* Call the final callback */
346 if (protocol->final_callback)
347 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
349 silc_protocol_free(protocol);
353 case SILC_PROTOCOL_STATE_ERROR:
358 /* Send abort notification */
359 silc_ske_abort(ctx->ske, ctx->ske->status,
360 silc_server_protocol_ke_send_packet,
363 /* Unregister the timeout task since the protocol has ended.
364 This was the timeout task to be executed if the protocol is
365 not completed fast enough. */
366 if (ctx->timeout_task)
367 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
369 /* On error the final callback is always called. */
370 if (protocol->final_callback)
371 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
373 silc_protocol_free(protocol);
376 case SILC_PROTOCOL_STATE_FAILURE:
378 * We have received failure from remote
381 /* Unregister the timeout task since the protocol has ended.
382 This was the timeout task to be executed if the protocol is
383 not completed fast enough. */
384 if (ctx->timeout_task)
385 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
387 /* On error the final callback is always called. */
388 if (protocol->final_callback)
389 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
391 silc_protocol_free(protocol);
394 case SILC_PROTOCOL_STATE_UNKNOWN:
400 * Connection Authentication protocol functions
403 /* XXX move these to somehwere else */
405 int silc_server_password_authentication(SilcServer server, char *auth1,
408 if (!auth1 || !auth2)
411 if (!memcmp(auth1, auth2, strlen(auth1)))
417 int silc_server_public_key_authentication(SilcServer server,
420 unsigned int sign_len,
423 SilcPublicKey pub_key;
428 if (!pkfile || !sign)
431 /* Load public key from file */
432 if (!silc_pkcs_load_public_key(pkfile, &pub_key, SILC_PKCS_FILE_PEM))
433 if (!silc_pkcs_load_public_key(pkfile, &pub_key, SILC_PKCS_FILE_BIN))
436 silc_pkcs_alloc(pub_key->name, &pkcs);
437 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
438 silc_pkcs_free(pkcs);
442 /* Make the authentication data. Protocol says it is HASH plus
444 len = ske->hash_len + ske->start_payload_copy->len;
445 auth = silc_buffer_alloc(len);
446 silc_buffer_pull_tail(auth, len);
447 silc_buffer_format(auth,
448 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
449 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
450 ske->start_payload_copy->len),
453 /* Verify signature */
454 if (pkcs->pkcs->verify(pkcs->context, sign, sign_len,
455 auth->data, auth->len))
457 silc_pkcs_free(pkcs);
458 silc_pkcs_public_key_free(pub_key);
459 silc_buffer_free(auth);
463 silc_pkcs_free(pkcs);
464 silc_pkcs_public_key_free(pub_key);
465 silc_buffer_free(auth);
469 /* Performs connection authentication protocol. If responder, we
470 authenticate the remote data received. If initiator, we will send
471 authentication data to the remote end. */
473 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
475 SilcProtocol protocol = (SilcProtocol)context;
476 SilcServerConnAuthInternalContext *ctx =
477 (SilcServerConnAuthInternalContext *)protocol->context;
478 SilcServer server = (SilcServer)ctx->server;
480 SILC_LOG_DEBUG(("Start"));
482 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
483 protocol->state = SILC_PROTOCOL_STATE_START;
485 SILC_LOG_DEBUG(("State=%d", protocol->state));
487 switch(protocol->state) {
488 case SILC_PROTOCOL_STATE_START:
494 if (ctx->responder == TRUE) {
496 * We are receiving party
499 unsigned short payload_len;
500 unsigned short conn_type;
501 unsigned char *auth_data;
503 SILC_LOG_INFO(("Performing authentication protocol for %s",
504 ctx->sock->hostname ? ctx->sock->hostname :
507 /* Parse the received authentication data packet. The received
508 payload is Connection Auth Payload. */
509 silc_buffer_unformat(ctx->packet->buffer,
510 SILC_STR_UI_SHORT(&payload_len),
511 SILC_STR_UI_SHORT(&conn_type),
514 if (payload_len != ctx->packet->buffer->len) {
515 SILC_LOG_ERROR(("Bad payload in authentication packet"));
516 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
517 protocol->state = SILC_PROTOCOL_STATE_ERROR;
518 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
524 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
525 conn_type > SILC_SOCKET_TYPE_ROUTER) {
526 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
527 SILC_LOG_DEBUG(("Bad connection type %d", conn_type));
528 protocol->state = SILC_PROTOCOL_STATE_ERROR;
529 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
533 if (payload_len > 0) {
534 /* Get authentication data */
535 silc_buffer_pull(ctx->packet->buffer, 4);
536 silc_buffer_unformat(ctx->packet->buffer,
537 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
545 * Check the remote connection type and make sure that we have
546 * configured this connection. If we haven't allowed this connection
547 * the authentication must be failed.
550 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
552 /* Remote end is client */
553 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
554 SilcConfigServerSectionClientConnection *client = NULL;
556 silc_config_server_find_client_conn(server->config,
561 silc_config_server_find_client_conn(server->config,
566 switch(client->auth_meth) {
567 case SILC_PROTOCOL_CONN_AUTH_NONE:
568 /* No authentication required */
569 SILC_LOG_DEBUG(("No authentication required"));
572 case SILC_PROTOCOL_CONN_AUTH_PASSWORD:
573 /* Password authentication */
574 SILC_LOG_DEBUG(("Password authentication"));
575 ret = silc_server_password_authentication(server, auth_data,
579 memset(auth_data, 0, payload_len);
580 silc_free(auth_data);
585 /* Authentication failed */
586 SILC_LOG_ERROR(("Authentication failed"));
587 SILC_LOG_DEBUG(("Authentication failed"));
588 protocol->state = SILC_PROTOCOL_STATE_ERROR;
589 protocol->execute(server->timeout_queue, 0,
590 protocol, fd, 0, 300000);
594 case SILC_PROTOCOL_CONN_AUTH_PUBLIC_KEY:
595 /* Public key authentication */
596 SILC_LOG_DEBUG(("Public key authentication"));
597 ret = silc_server_public_key_authentication(server,
604 memset(auth_data, 0, payload_len);
605 silc_free(auth_data);
610 SILC_LOG_ERROR(("Authentication failed"));
611 SILC_LOG_DEBUG(("Authentication failed"));
612 protocol->state = SILC_PROTOCOL_STATE_ERROR;
613 protocol->execute(server->timeout_queue, 0,
614 protocol, fd, 0, 300000);
618 SILC_LOG_DEBUG(("No configuration for remote connection"));
619 SILC_LOG_ERROR(("Remote connection not configured"));
620 SILC_LOG_ERROR(("Authentication failed"));
621 memset(auth_data, 0, payload_len);
622 silc_free(auth_data);
624 protocol->state = SILC_PROTOCOL_STATE_ERROR;
625 protocol->execute(server->timeout_queue, 0,
626 protocol, fd, 0, 300000);
631 /* Remote end is server */
632 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
633 SilcConfigServerSectionServerConnection *serv = NULL;
635 silc_config_server_find_server_conn(server->config,
640 silc_config_server_find_server_conn(server->config,
645 switch(serv->auth_meth) {
646 case SILC_PROTOCOL_CONN_AUTH_NONE:
647 /* No authentication required */
648 SILC_LOG_DEBUG(("No authentication required"));
651 case SILC_PROTOCOL_CONN_AUTH_PASSWORD:
652 /* Password authentication */
653 SILC_LOG_DEBUG(("Password authentication"));
654 ret = silc_server_password_authentication(server, auth_data,
658 memset(auth_data, 0, payload_len);
659 silc_free(auth_data);
664 /* Authentication failed */
665 SILC_LOG_ERROR(("Authentication failed"));
666 SILC_LOG_DEBUG(("Authentication failed"));
667 protocol->state = SILC_PROTOCOL_STATE_ERROR;
668 protocol->execute(server->timeout_queue, 0,
669 protocol, fd, 0, 300000);
673 case SILC_PROTOCOL_CONN_AUTH_PUBLIC_KEY:
674 /* Public key authentication */
675 SILC_LOG_DEBUG(("Public key authentication"));
676 ret = silc_server_public_key_authentication(server,
683 memset(auth_data, 0, payload_len);
684 silc_free(auth_data);
689 SILC_LOG_ERROR(("Authentication failed"));
690 SILC_LOG_DEBUG(("Authentication failed"));
691 protocol->state = SILC_PROTOCOL_STATE_ERROR;
692 protocol->execute(server->timeout_queue, 0,
693 protocol, fd, 0, 300000);
697 SILC_LOG_DEBUG(("No configuration for remote connection"));
698 SILC_LOG_ERROR(("Remote connection not configured"));
699 SILC_LOG_ERROR(("Authentication failed"));
700 memset(auth_data, 0, payload_len);
701 silc_free(auth_data);
703 protocol->state = SILC_PROTOCOL_STATE_ERROR;
704 protocol->execute(server->timeout_queue, 0,
705 protocol, fd, 0, 300000);
710 /* Remote end is router */
711 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
712 SilcConfigServerSectionServerConnection *serv = NULL;
714 silc_config_server_find_router_conn(server->config,
719 silc_config_server_find_router_conn(server->config,
724 switch(serv->auth_meth) {
725 case SILC_PROTOCOL_CONN_AUTH_NONE:
726 /* No authentication required */
727 SILC_LOG_DEBUG(("No authentication required"));
730 case SILC_PROTOCOL_CONN_AUTH_PASSWORD:
731 /* Password authentication */
732 SILC_LOG_DEBUG(("Password authentication"));
733 ret = silc_server_password_authentication(server, auth_data,
737 memset(auth_data, 0, payload_len);
738 silc_free(auth_data);
743 /* Authentication failed */
744 SILC_LOG_ERROR(("Authentication failed"));
745 SILC_LOG_DEBUG(("Authentication failed"));
746 protocol->state = SILC_PROTOCOL_STATE_ERROR;
747 protocol->execute(server->timeout_queue, 0,
748 protocol, fd, 0, 300000);
752 case SILC_PROTOCOL_CONN_AUTH_PUBLIC_KEY:
753 /* Public key authentication */
754 SILC_LOG_DEBUG(("Public key authentication"));
755 ret = silc_server_public_key_authentication(server,
762 memset(auth_data, 0, payload_len);
763 silc_free(auth_data);
768 SILC_LOG_ERROR(("Authentication failed"));
769 SILC_LOG_DEBUG(("Authentication failed"));
770 protocol->state = SILC_PROTOCOL_STATE_ERROR;
771 protocol->execute(server->timeout_queue, 0,
772 protocol, fd, 0, 300000);
776 SILC_LOG_DEBUG(("No configuration for remote connection"));
777 SILC_LOG_ERROR(("Remote connection not configured"));
778 SILC_LOG_ERROR(("Authentication failed"));
779 memset(auth_data, 0, payload_len);
780 silc_free(auth_data);
782 protocol->state = SILC_PROTOCOL_STATE_ERROR;
783 protocol->execute(server->timeout_queue, 0,
784 protocol, fd, 0, 300000);
790 memset(auth_data, 0, payload_len);
791 silc_free(auth_data);
794 /* Save connection type. This is later used to create the
795 ID for the connection. */
796 ctx->conn_type = conn_type;
798 /* Advance protocol state. */
799 protocol->state = SILC_PROTOCOL_STATE_END;
800 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
804 * We are initiator. We are authenticating ourselves to a
805 * remote server. We will send the authentication data to the
806 * other end for verify.
810 unsigned char *auth_data = NULL;
811 unsigned int auth_data_len = 0;
813 switch(ctx->auth_meth) {
814 case SILC_PROTOCOL_CONN_AUTH_NONE:
815 /* No authentication required */
818 case SILC_PROTOCOL_CONN_AUTH_PASSWORD:
819 /* Password authentication */
820 if (ctx->auth_data && ctx->auth_data_len) {
821 auth_data = ctx->auth_data;
822 auth_data_len = ctx->auth_data_len;
826 /* No authentication data exits. Ask interactively from user. */
831 case SILC_PROTOCOL_CONN_AUTH_PUBLIC_KEY:
832 /* Public key authentication */
837 payload_len = 4 + auth_data_len;
838 packet = silc_buffer_alloc(payload_len);
839 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
840 silc_buffer_format(packet,
841 SILC_STR_UI_SHORT(payload_len),
842 SILC_STR_UI_SHORT(server->server_type
844 SILC_SOCKET_TYPE_SERVER :
845 SILC_SOCKET_TYPE_ROUTER),
846 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
849 /* Send the packet to server */
850 silc_server_packet_send(server, ctx->sock,
851 SILC_PACKET_CONNECTION_AUTH, 0,
852 packet->data, packet->len, TRUE);
855 memset(auth_data, 0, auth_data_len);
856 silc_free(auth_data);
858 silc_buffer_free(packet);
860 /* Next state is end of protocol */
861 protocol->state = SILC_PROTOCOL_STATE_END;
866 case SILC_PROTOCOL_STATE_END:
873 SILC_PUT32_MSB(SILC_CONN_AUTH_OK, ok);
875 /* Authentication failed */
876 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
879 /* Unregister the timeout task since the protocol has ended.
880 This was the timeout task to be executed if the protocol is
881 not completed fast enough. */
882 if (ctx->timeout_task)
883 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
885 /* Protocol has ended, call the final callback */
886 if (protocol->final_callback)
887 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
889 silc_protocol_free(protocol);
892 case SILC_PROTOCOL_STATE_ERROR:
895 * Error. Send notify to remote.
897 unsigned char error[4];
899 SILC_PUT32_MSB(SILC_CONN_AUTH_FAILED, error);
901 /* Authentication failed */
902 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
905 /* Unregister the timeout task since the protocol has ended.
906 This was the timeout task to be executed if the protocol is
907 not completed fast enough. */
908 if (ctx->timeout_task)
909 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
911 /* On error the final callback is always called. */
912 if (protocol->final_callback)
913 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
915 silc_protocol_free(protocol);
919 case SILC_PROTOCOL_STATE_FAILURE:
921 * We have received failure from remote
924 /* Unregister the timeout task since the protocol has ended.
925 This was the timeout task to be executed if the protocol is
926 not completed fast enough. */
927 if (ctx->timeout_task)
928 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
930 /* On error the final callback is always called. */
931 if (protocol->final_callback)
932 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
934 silc_protocol_free(protocol);
937 case SILC_PROTOCOL_STATE_UNKNOWN:
942 /* Registers protocols used in server. */
944 void silc_server_protocols_register(void)
946 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
947 silc_server_protocol_connection_auth);
948 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
949 silc_server_protocol_key_exchange);
952 /* Unregisters protocols */
954 void silc_server_protocols_unregister(void)
956 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
957 silc_server_protocol_connection_auth);
958 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
959 silc_server_protocol_key_exchange);