5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2000 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
31 extern char *silc_version_string;
34 * Key Exhange protocol functions
37 /* Packet sending callback. This function is provided as packet sending
38 routine to the Key Exchange functions. */
40 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
45 SilcProtocol protocol = (SilcProtocol)context;
46 SilcServerKEInternalContext *ctx =
47 (SilcServerKEInternalContext *)protocol->context;
48 SilcServer server = (SilcServer)ctx->server;
50 /* Send the packet immediately */
51 silc_server_packet_send(server, ske->sock,
52 type, 0, packet->data, packet->len, TRUE);
55 /* Sets the negotiated key material into use for particular connection. */
57 static void silc_server_protocol_ke_set_keys(SilcSKE ske,
58 SilcSocketConnection sock,
59 SilcSKEKeyMaterial *keymat,
65 SilcUnknownEntry conn_data;
68 SILC_LOG_DEBUG(("Setting new key into use"));
70 conn_data = silc_calloc(1, sizeof(*conn_data));
72 /* Allocate cipher to be used in the communication */
73 silc_cipher_alloc(cipher->cipher->name, &conn_data->send_key);
74 silc_cipher_alloc(cipher->cipher->name, &conn_data->receive_key);
76 if (is_responder == TRUE) {
77 conn_data->send_key->cipher->set_key(conn_data->send_key->context,
78 keymat->receive_enc_key,
80 conn_data->send_key->set_iv(conn_data->send_key, keymat->receive_iv);
81 conn_data->receive_key->cipher->set_key(conn_data->receive_key->context,
84 conn_data->receive_key->set_iv(conn_data->receive_key, keymat->send_iv);
87 conn_data->send_key->cipher->set_key(conn_data->send_key->context,
90 conn_data->send_key->set_iv(conn_data->send_key, keymat->send_iv);
91 conn_data->receive_key->cipher->set_key(conn_data->receive_key->context,
92 keymat->receive_enc_key,
94 conn_data->receive_key->set_iv(conn_data->receive_key, keymat->receive_iv);
97 /* Allocate PKCS to be used */
99 /* XXX Do we ever need to allocate PKCS for the connection??
100 If yes, we need to change KE protocol to get the initiators
102 silc_pkcs_alloc(pkcs->pkcs->name, &conn_data->pkcs);
103 conn_data->public_key = silc_pkcs_public_key_alloc(XXX);
104 silc_pkcs_set_public_key(conn_data->pkcs, ske->ke2_payload->pk_data,
105 ske->ke2_payload->pk_len);
108 /* Save HMAC key to be used in the communication. */
109 silc_hash_alloc(hash->hash->name, &nhash);
110 silc_hmac_alloc(nhash, &conn_data->hmac);
111 silc_hmac_set_key(conn_data->hmac, keymat->hmac_key, keymat->hmac_key_len);
113 sock->user_data = (void *)conn_data;
118 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
121 return SILC_SKE_STATUS_OK;
124 /* Performs key exchange protocol. This is used for both initiator
125 and responder key exchange. This is performed always when accepting
126 new connection to the server. This may be called recursively. */
128 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
130 SilcProtocol protocol = (SilcProtocol)context;
131 SilcServerKEInternalContext *ctx =
132 (SilcServerKEInternalContext *)protocol->context;
133 SilcServer server = (SilcServer)ctx->server;
134 SilcSKEStatus status = 0;
136 SILC_LOG_DEBUG(("Start"));
138 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
139 protocol->state = SILC_PROTOCOL_STATE_START;
141 SILC_LOG_DEBUG(("State=%d", protocol->state));
143 switch(protocol->state) {
144 case SILC_PROTOCOL_STATE_START:
151 /* Allocate Key Exchange object */
152 ske = silc_ske_alloc();
154 ske->rng = server->rng;
156 if (ctx->responder == TRUE) {
157 /* Start the key exchange by processing the received security
158 properties packet from initiator. */
159 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
161 ctx->packet, NULL, NULL);
163 SilcSKEStartPayload *start_payload;
165 /* Assemble security properties. */
166 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
170 /* Start the key exchange by sending our security properties
171 to the remote end. */
172 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
174 silc_server_protocol_ke_send_packet,
178 if (status != SILC_SKE_STATUS_OK) {
179 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
181 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
184 protocol->state = SILC_PROTOCOL_STATE_ERROR;
185 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
189 /* Advance protocol state and call the next state if we are responder */
191 if (ctx->responder == TRUE)
192 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
200 if (ctx->responder == TRUE) {
201 /* Sends the selected security properties to the initiator. */
203 silc_ske_responder_phase_1(ctx->ske,
204 ctx->ske->start_payload,
205 silc_server_protocol_ke_send_packet,
208 /* Call Phase-1 function. This processes the Key Exchange Start
209 paylaod reply we just got from the responder. The callback
210 function will receive the processed payload where we will
213 silc_ske_initiator_phase_1(ctx->ske,
218 if (status != SILC_SKE_STATUS_OK) {
219 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
221 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
224 protocol->state = SILC_PROTOCOL_STATE_ERROR;
225 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
229 /* Advance protocol state and call next state if we are initiator */
231 if (ctx->responder == FALSE)
232 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
240 if (ctx->responder == TRUE) {
241 /* Process the received Key Exchange 1 Payload packet from
242 the initiator. This also creates our parts of the Diffie
243 Hellman algorithm. */
245 silc_ske_responder_phase_2(ctx->ske, ctx->packet, NULL, NULL);
247 /* Call the Phase-2 function. This creates Diffie Hellman
248 key exchange parameters and sends our public part inside
249 Key Exhange 1 Payload to the responder. */
251 silc_ske_initiator_phase_2(ctx->ske,
253 silc_server_protocol_ke_send_packet,
257 if (status != SILC_SKE_STATUS_OK) {
258 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
260 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
263 protocol->state = SILC_PROTOCOL_STATE_ERROR;
264 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
268 /* Advance protocol state and call the next state if we are responder */
270 if (ctx->responder == TRUE)
271 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
279 if (ctx->responder == TRUE) {
280 /* This creates the key exchange material and sends our
281 public parts to the initiator inside Key Exchange 2 Payload. */
283 silc_ske_responder_finish(ctx->ske,
284 server->public_key, server->private_key,
285 SILC_SKE_PK_TYPE_SILC,
286 silc_server_protocol_ke_send_packet,
289 /* Finish the protocol. This verifies the Key Exchange 2 payload
290 sent by responder. */
292 silc_ske_initiator_finish(ctx->ske,
293 ctx->packet, NULL, NULL, NULL, NULL);
296 if (status != SILC_SKE_STATUS_OK) {
297 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
299 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
302 protocol->state = SILC_PROTOCOL_STATE_ERROR;
303 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
307 /* Send Ok to the other end. We will end the protocol as responder
308 sends Ok to us when we will take the new keys into use. */
309 if (ctx->responder == FALSE)
310 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
312 /* End the protocol on the next round */
313 protocol->state = SILC_PROTOCOL_STATE_END;
317 case SILC_PROTOCOL_STATE_END:
322 SilcSKEKeyMaterial *keymat;
324 /* Send Ok to the other end if we are responder. If we are
325 initiator we have sent this already. */
326 if (ctx->responder == TRUE)
327 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
329 /* Process the key material */
330 keymat = silc_calloc(1, sizeof(*keymat));
331 silc_ske_process_key_material(ctx->ske, 16, (16 * 8), 16, keymat);
333 /* Take the new keys into use. */
334 silc_server_protocol_ke_set_keys(ctx->ske, ctx->sock, keymat,
335 ctx->ske->prop->cipher,
336 ctx->ske->prop->pkcs,
337 ctx->ske->prop->hash,
340 /* Unregister the timeout task since the protocol has ended.
341 This was the timeout task to be executed if the protocol is
342 not completed fast enough. */
343 if (ctx->timeout_task)
344 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
346 /* Call the final callback */
347 if (protocol->final_callback)
348 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
350 silc_protocol_free(protocol);
354 case SILC_PROTOCOL_STATE_ERROR:
359 /* Send abort notification */
360 silc_ske_abort(ctx->ske, ctx->ske->status,
361 silc_server_protocol_ke_send_packet,
364 /* Unregister the timeout task since the protocol has ended.
365 This was the timeout task to be executed if the protocol is
366 not completed fast enough. */
367 if (ctx->timeout_task)
368 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
370 /* On error the final callback is always called. */
371 if (protocol->final_callback)
372 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
374 silc_protocol_free(protocol);
377 case SILC_PROTOCOL_STATE_FAILURE:
379 * We have received failure from remote
382 /* Unregister the timeout task since the protocol has ended.
383 This was the timeout task to be executed if the protocol is
384 not completed fast enough. */
385 if (ctx->timeout_task)
386 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
388 /* On error the final callback is always called. */
389 if (protocol->final_callback)
390 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
392 silc_protocol_free(protocol);
395 case SILC_PROTOCOL_STATE_UNKNOWN:
401 * Connection Authentication protocol functions
404 /* XXX move these to somehwere else */
406 int silc_server_password_authentication(SilcServer server, char *auth1,
409 if (!auth1 || !auth2)
412 if (!memcmp(auth1, auth2, strlen(auth1)))
418 int silc_server_public_key_authentication(SilcServer server,
421 unsigned int sign_len,
424 SilcPublicKey pub_key;
429 if (!pkfile || !sign)
432 /* Load public key from file */
433 if (!silc_pkcs_load_public_key(pkfile, &pub_key, SILC_PKCS_FILE_PEM))
434 if (!silc_pkcs_load_public_key(pkfile, &pub_key, SILC_PKCS_FILE_BIN))
437 silc_pkcs_alloc(pub_key->name, &pkcs);
438 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
439 silc_pkcs_free(pkcs);
443 /* Make the authentication data. Protocol says it is HASH plus
445 len = ske->hash_len + ske->start_payload_copy->len;
446 auth = silc_buffer_alloc(len);
447 silc_buffer_pull_tail(auth, len);
448 silc_buffer_format(auth,
449 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
450 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
451 ske->start_payload_copy->len),
454 /* Verify signature */
455 if (pkcs->pkcs->verify(pkcs->context, sign, sign_len,
456 auth->data, auth->len))
458 silc_pkcs_free(pkcs);
459 silc_pkcs_public_key_free(pub_key);
460 silc_buffer_free(auth);
464 silc_pkcs_free(pkcs);
465 silc_pkcs_public_key_free(pub_key);
466 silc_buffer_free(auth);
470 /* Performs connection authentication protocol. If responder, we
471 authenticate the remote data received. If initiator, we will send
472 authentication data to the remote end. */
474 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
476 SilcProtocol protocol = (SilcProtocol)context;
477 SilcServerConnAuthInternalContext *ctx =
478 (SilcServerConnAuthInternalContext *)protocol->context;
479 SilcServer server = (SilcServer)ctx->server;
481 SILC_LOG_DEBUG(("Start"));
483 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
484 protocol->state = SILC_PROTOCOL_STATE_START;
486 SILC_LOG_DEBUG(("State=%d", protocol->state));
488 switch(protocol->state) {
489 case SILC_PROTOCOL_STATE_START:
495 if (ctx->responder == TRUE) {
497 * We are receiving party
500 unsigned short payload_len;
501 unsigned short conn_type;
502 unsigned char *auth_data;
504 SILC_LOG_INFO(("Performing authentication protocol for %s",
505 ctx->sock->hostname ? ctx->sock->hostname :
508 /* Parse the received authentication data packet. The received
509 payload is Connection Auth Payload. */
510 silc_buffer_unformat(ctx->packet,
511 SILC_STR_UI_SHORT(&payload_len),
512 SILC_STR_UI_SHORT(&conn_type),
515 if (payload_len != ctx->packet->len) {
516 SILC_LOG_ERROR(("Bad payload in authentication packet"));
517 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
518 protocol->state = SILC_PROTOCOL_STATE_ERROR;
519 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
525 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
526 conn_type > SILC_SOCKET_TYPE_ROUTER) {
527 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
528 SILC_LOG_DEBUG(("Bad connection type %d", conn_type));
529 protocol->state = SILC_PROTOCOL_STATE_ERROR;
530 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
534 if (payload_len > 0) {
535 /* Get authentication data */
536 silc_buffer_pull(ctx->packet, 4);
537 silc_buffer_unformat(ctx->packet,
538 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
546 * Check the remote connection type and make sure that we have
547 * configured this connection. If we haven't allowed this connection
548 * the authentication must be failed.
551 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
553 /* Remote end is client */
554 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
555 SilcConfigServerSectionClientConnection *client = NULL;
557 silc_config_server_find_client_conn(server->config,
562 silc_config_server_find_client_conn(server->config,
567 switch(client->auth_meth) {
568 case SILC_PROTOCOL_CONN_AUTH_NONE:
569 /* No authentication required */
570 SILC_LOG_DEBUG(("No authentication required"));
573 case SILC_PROTOCOL_CONN_AUTH_PASSWORD:
574 /* Password authentication */
575 SILC_LOG_DEBUG(("Password authentication"));
576 ret = silc_server_password_authentication(server, auth_data,
580 memset(auth_data, 0, payload_len);
581 silc_free(auth_data);
586 /* Authentication failed */
587 SILC_LOG_ERROR(("Authentication failed"));
588 SILC_LOG_DEBUG(("Authentication failed"));
589 protocol->state = SILC_PROTOCOL_STATE_ERROR;
590 protocol->execute(server->timeout_queue, 0,
591 protocol, fd, 0, 300000);
595 case SILC_PROTOCOL_CONN_AUTH_PUBLIC_KEY:
596 /* Public key authentication */
597 SILC_LOG_DEBUG(("Public key authentication"));
598 ret = silc_server_public_key_authentication(server,
605 memset(auth_data, 0, payload_len);
606 silc_free(auth_data);
611 SILC_LOG_ERROR(("Authentication failed"));
612 SILC_LOG_DEBUG(("Authentication failed"));
613 protocol->state = SILC_PROTOCOL_STATE_ERROR;
614 protocol->execute(server->timeout_queue, 0,
615 protocol, fd, 0, 300000);
619 SILC_LOG_DEBUG(("No configuration for remote connection"));
620 SILC_LOG_ERROR(("Remote connection not configured"));
621 SILC_LOG_ERROR(("Authentication failed"));
622 memset(auth_data, 0, payload_len);
623 silc_free(auth_data);
625 protocol->state = SILC_PROTOCOL_STATE_ERROR;
626 protocol->execute(server->timeout_queue, 0,
627 protocol, fd, 0, 300000);
632 /* Remote end is server */
633 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
634 SilcConfigServerSectionServerConnection *serv = NULL;
636 silc_config_server_find_server_conn(server->config,
641 silc_config_server_find_server_conn(server->config,
646 switch(serv->auth_meth) {
647 case SILC_PROTOCOL_CONN_AUTH_NONE:
648 /* No authentication required */
649 SILC_LOG_DEBUG(("No authentication required"));
652 case SILC_PROTOCOL_CONN_AUTH_PASSWORD:
653 /* Password authentication */
654 SILC_LOG_DEBUG(("Password authentication"));
655 ret = silc_server_password_authentication(server, auth_data,
659 memset(auth_data, 0, payload_len);
660 silc_free(auth_data);
665 /* Authentication failed */
666 SILC_LOG_ERROR(("Authentication failed"));
667 SILC_LOG_DEBUG(("Authentication failed"));
668 protocol->state = SILC_PROTOCOL_STATE_ERROR;
669 protocol->execute(server->timeout_queue, 0,
670 protocol, fd, 0, 300000);
674 case SILC_PROTOCOL_CONN_AUTH_PUBLIC_KEY:
675 /* Public key authentication */
676 SILC_LOG_DEBUG(("Public key authentication"));
677 ret = silc_server_public_key_authentication(server,
684 memset(auth_data, 0, payload_len);
685 silc_free(auth_data);
690 SILC_LOG_ERROR(("Authentication failed"));
691 SILC_LOG_DEBUG(("Authentication failed"));
692 protocol->state = SILC_PROTOCOL_STATE_ERROR;
693 protocol->execute(server->timeout_queue, 0,
694 protocol, fd, 0, 300000);
698 SILC_LOG_DEBUG(("No configuration for remote connection"));
699 SILC_LOG_ERROR(("Remote connection not configured"));
700 SILC_LOG_ERROR(("Authentication failed"));
701 memset(auth_data, 0, payload_len);
702 silc_free(auth_data);
704 protocol->state = SILC_PROTOCOL_STATE_ERROR;
705 protocol->execute(server->timeout_queue, 0,
706 protocol, fd, 0, 300000);
711 /* Remote end is router */
712 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
713 SilcConfigServerSectionServerConnection *serv = NULL;
715 silc_config_server_find_router_conn(server->config,
720 silc_config_server_find_router_conn(server->config,
725 switch(serv->auth_meth) {
726 case SILC_PROTOCOL_CONN_AUTH_NONE:
727 /* No authentication required */
728 SILC_LOG_DEBUG(("No authentication required"));
731 case SILC_PROTOCOL_CONN_AUTH_PASSWORD:
732 /* Password authentication */
733 SILC_LOG_DEBUG(("Password authentication"));
734 ret = silc_server_password_authentication(server, auth_data,
738 memset(auth_data, 0, payload_len);
739 silc_free(auth_data);
744 /* Authentication failed */
745 SILC_LOG_ERROR(("Authentication failed"));
746 SILC_LOG_DEBUG(("Authentication failed"));
747 protocol->state = SILC_PROTOCOL_STATE_ERROR;
748 protocol->execute(server->timeout_queue, 0,
749 protocol, fd, 0, 300000);
753 case SILC_PROTOCOL_CONN_AUTH_PUBLIC_KEY:
754 /* Public key authentication */
755 SILC_LOG_DEBUG(("Public key authentication"));
756 ret = silc_server_public_key_authentication(server,
763 memset(auth_data, 0, payload_len);
764 silc_free(auth_data);
769 SILC_LOG_ERROR(("Authentication failed"));
770 SILC_LOG_DEBUG(("Authentication failed"));
771 protocol->state = SILC_PROTOCOL_STATE_ERROR;
772 protocol->execute(server->timeout_queue, 0,
773 protocol, fd, 0, 300000);
777 SILC_LOG_DEBUG(("No configuration for remote connection"));
778 SILC_LOG_ERROR(("Remote connection not configured"));
779 SILC_LOG_ERROR(("Authentication failed"));
780 memset(auth_data, 0, payload_len);
781 silc_free(auth_data);
783 protocol->state = SILC_PROTOCOL_STATE_ERROR;
784 protocol->execute(server->timeout_queue, 0,
785 protocol, fd, 0, 300000);
791 memset(auth_data, 0, payload_len);
792 silc_free(auth_data);
795 /* Save connection type. This is later used to create the
796 ID for the connection. */
797 ctx->conn_type = conn_type;
799 /* Advance protocol state. */
800 protocol->state = SILC_PROTOCOL_STATE_END;
801 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
805 * We are initiator. We are authenticating ourselves to a
806 * remote server. We will send the authentication data to the
807 * other end for verify.
811 unsigned char *auth_data = NULL;
812 unsigned int auth_data_len = 0;
814 switch(ctx->auth_meth) {
815 case SILC_PROTOCOL_CONN_AUTH_NONE:
816 /* No authentication required */
819 case SILC_PROTOCOL_CONN_AUTH_PASSWORD:
820 /* Password authentication */
821 if (ctx->auth_data && ctx->auth_data_len) {
822 auth_data = ctx->auth_data;
823 auth_data_len = ctx->auth_data_len;
827 /* No authentication data exits. Ask interactively from user. */
832 case SILC_PROTOCOL_CONN_AUTH_PUBLIC_KEY:
833 /* Public key authentication */
838 payload_len = 4 + auth_data_len;
839 packet = silc_buffer_alloc(payload_len);
840 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
841 silc_buffer_format(packet,
842 SILC_STR_UI_SHORT(payload_len),
843 SILC_STR_UI_SHORT(server->server_type
845 SILC_SOCKET_TYPE_SERVER :
846 SILC_SOCKET_TYPE_ROUTER),
847 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
850 /* Send the packet to server */
851 silc_server_packet_send(server, ctx->sock,
852 SILC_PACKET_CONNECTION_AUTH, 0,
853 packet->data, packet->len, TRUE);
856 memset(auth_data, 0, auth_data_len);
857 silc_free(auth_data);
859 silc_buffer_free(packet);
861 /* Next state is end of protocol */
862 protocol->state = SILC_PROTOCOL_STATE_END;
867 case SILC_PROTOCOL_STATE_END:
874 SILC_PUT32_MSB(SILC_CONN_AUTH_OK, ok);
876 /* Authentication failed */
877 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
880 /* Unregister the timeout task since the protocol has ended.
881 This was the timeout task to be executed if the protocol is
882 not completed fast enough. */
883 if (ctx->timeout_task)
884 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
886 /* Protocol has ended, call the final callback */
887 if (protocol->final_callback)
888 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
890 silc_protocol_free(protocol);
893 case SILC_PROTOCOL_STATE_ERROR:
896 * Error. Send notify to remote.
898 unsigned char error[4];
900 SILC_PUT32_MSB(SILC_CONN_AUTH_FAILED, error);
902 /* Authentication failed */
903 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
906 /* Unregister the timeout task since the protocol has ended.
907 This was the timeout task to be executed if the protocol is
908 not completed fast enough. */
909 if (ctx->timeout_task)
910 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
912 /* On error the final callback is always called. */
913 if (protocol->final_callback)
914 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
916 silc_protocol_free(protocol);
920 case SILC_PROTOCOL_STATE_FAILURE:
922 * We have received failure from remote
925 /* Unregister the timeout task since the protocol has ended.
926 This was the timeout task to be executed if the protocol is
927 not completed fast enough. */
928 if (ctx->timeout_task)
929 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
931 /* On error the final callback is always called. */
932 if (protocol->final_callback)
933 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
935 silc_protocol_free(protocol);
938 case SILC_PROTOCOL_STATE_UNKNOWN:
943 /* Registers protocols used in server. */
945 void silc_server_protocols_register(void)
947 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
948 silc_server_protocol_connection_auth);
949 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
950 silc_server_protocol_key_exchange);
953 /* Unregisters protocols */
955 void silc_server_protocols_unregister(void)
957 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
958 silc_server_protocol_connection_auth);
959 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
960 silc_server_protocol_key_exchange);