5 Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
7 Copyright (C) 1997 - 2001 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
21 * Server side of the protocols.
25 #include "serverincludes.h"
26 #include "server_internal.h"
28 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth);
29 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange);
31 extern char *silc_version_string;
34 * Key Exhange protocol functions
37 /* Packet sending callback. This function is provided as packet sending
38 routine to the Key Exchange functions. */
40 static void silc_server_protocol_ke_send_packet(SilcSKE ske,
45 SilcProtocol protocol = (SilcProtocol)context;
46 SilcServerKEInternalContext *ctx =
47 (SilcServerKEInternalContext *)protocol->context;
48 SilcServer server = (SilcServer)ctx->server;
50 /* Send the packet immediately */
51 silc_server_packet_send(server, ske->sock,
52 type, 0, packet->data, packet->len, TRUE);
55 /* Sets the negotiated key material into use for particular connection. */
57 int silc_server_protocol_ke_set_keys(SilcSKE ske,
58 SilcSocketConnection sock,
59 SilcSKEKeyMaterial *keymat,
66 SilcUnknownEntry conn_data;
69 SILC_LOG_DEBUG(("Setting new key into use"));
71 conn_data = silc_calloc(1, sizeof(*conn_data));
72 idata = (SilcIDListData)conn_data;
74 /* Allocate cipher to be used in the communication */
75 if (!silc_cipher_alloc(cipher->cipher->name, &idata->send_key)) {
79 if (!silc_cipher_alloc(cipher->cipher->name, &idata->receive_key)) {
84 if (is_responder == TRUE) {
85 idata->send_key->cipher->set_key(idata->send_key->context,
86 keymat->receive_enc_key,
88 idata->send_key->set_iv(idata->send_key, keymat->receive_iv);
89 idata->receive_key->cipher->set_key(idata->receive_key->context,
92 idata->receive_key->set_iv(idata->receive_key, keymat->send_iv);
95 idata->send_key->cipher->set_key(idata->send_key->context,
98 idata->send_key->set_iv(idata->send_key, keymat->send_iv);
99 idata->receive_key->cipher->set_key(idata->receive_key->context,
100 keymat->receive_enc_key,
101 keymat->enc_key_len);
102 idata->receive_key->set_iv(idata->receive_key, keymat->receive_iv);
106 if (!silc_hash_alloc(hash->hash->name, &idata->hash)) {
107 silc_cipher_free(idata->send_key);
108 silc_cipher_free(idata->receive_key);
109 silc_free(conn_data);
113 /* Save HMAC key to be used in the communication. */
114 if (!silc_hmac_alloc(hmac->hmac->name, NULL, &idata->hmac)) {
115 silc_cipher_free(idata->send_key);
116 silc_cipher_free(idata->receive_key);
117 silc_hash_free(idata->hash);
118 silc_free(conn_data);
121 silc_hmac_set_key(idata->hmac, keymat->hmac_key, keymat->hmac_key_len);
123 sock->user_data = (void *)conn_data;
128 /* Check remote host version string */
130 SilcSKEStatus silc_ske_check_version(SilcSKE ske, unsigned char *version,
133 SilcSKEStatus status = SILC_SKE_STATUS_OK;
135 SILC_LOG_INFO(("%s (%s) is version %s", ske->sock->hostname,
136 ske->sock->ip, version));
138 /* Check for initial version string */
139 if (!strstr(version, "SILC-1.0-"))
140 status = SILC_SKE_STATUS_BAD_VERSION;
142 /* Check software version */
144 if (len < strlen(silc_version_string))
145 status = SILC_SKE_STATUS_BAD_VERSION;
147 /* XXX for now there is no other tests due to the abnormal version
148 string that is used */
153 /* Performs key exchange protocol. This is used for both initiator
154 and responder key exchange. This is performed always when accepting
155 new connection to the server. This may be called recursively. */
157 SILC_TASK_CALLBACK(silc_server_protocol_key_exchange)
159 SilcProtocol protocol = (SilcProtocol)context;
160 SilcServerKEInternalContext *ctx =
161 (SilcServerKEInternalContext *)protocol->context;
162 SilcServer server = (SilcServer)ctx->server;
163 SilcSKEStatus status = 0;
165 SILC_LOG_DEBUG(("Start"));
167 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
168 protocol->state = SILC_PROTOCOL_STATE_START;
170 SILC_LOG_DEBUG(("State=%d", protocol->state));
172 switch(protocol->state) {
173 case SILC_PROTOCOL_STATE_START:
180 /* Allocate Key Exchange object */
181 ske = silc_ske_alloc();
183 ske->rng = server->rng;
185 if (ctx->responder == TRUE) {
186 /* Start the key exchange by processing the received security
187 properties packet from initiator. */
188 status = silc_ske_responder_start(ske, ctx->rng, ctx->sock,
190 ctx->packet->buffer, NULL, NULL);
192 SilcSKEStartPayload *start_payload;
194 /* Assemble security properties. */
195 silc_ske_assemble_security_properties(ske, SILC_SKE_SP_FLAG_NONE,
199 /* Start the key exchange by sending our security properties
200 to the remote end. */
201 status = silc_ske_initiator_start(ske, ctx->rng, ctx->sock,
203 silc_server_protocol_ke_send_packet,
207 if (status != SILC_SKE_STATUS_OK) {
208 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
210 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
213 protocol->state = SILC_PROTOCOL_STATE_ERROR;
214 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
218 /* Advance protocol state and call the next state if we are responder */
220 if (ctx->responder == TRUE)
221 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
229 if (ctx->responder == TRUE) {
230 /* Sends the selected security properties to the initiator. */
232 silc_ske_responder_phase_1(ctx->ske,
233 ctx->ske->start_payload,
234 silc_server_protocol_ke_send_packet,
237 /* Call Phase-1 function. This processes the Key Exchange Start
238 paylaod reply we just got from the responder. The callback
239 function will receive the processed payload where we will
241 status = silc_ske_initiator_phase_1(ctx->ske, ctx->packet->buffer,
245 if (status != SILC_SKE_STATUS_OK) {
246 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
248 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
251 protocol->state = SILC_PROTOCOL_STATE_ERROR;
252 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
256 /* Advance protocol state and call next state if we are initiator */
258 if (ctx->responder == FALSE)
259 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
267 if (ctx->responder == TRUE) {
268 /* Process the received Key Exchange 1 Payload packet from
269 the initiator. This also creates our parts of the Diffie
270 Hellman algorithm. */
271 status = silc_ske_responder_phase_2(ctx->ske, ctx->packet->buffer,
274 /* Call the Phase-2 function. This creates Diffie Hellman
275 key exchange parameters and sends our public part inside
276 Key Exhange 1 Payload to the responder. */
278 silc_ske_initiator_phase_2(ctx->ske,
280 silc_server_protocol_ke_send_packet,
284 if (status != SILC_SKE_STATUS_OK) {
285 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
287 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
290 protocol->state = SILC_PROTOCOL_STATE_ERROR;
291 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
295 /* Advance protocol state and call the next state if we are responder */
297 if (ctx->responder == TRUE)
298 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 100000);
306 if (ctx->responder == TRUE) {
307 /* This creates the key exchange material and sends our
308 public parts to the initiator inside Key Exchange 2 Payload. */
310 silc_ske_responder_finish(ctx->ske,
311 server->public_key, server->private_key,
312 SILC_SKE_PK_TYPE_SILC,
313 silc_server_protocol_ke_send_packet,
316 /* Finish the protocol. This verifies the Key Exchange 2 payload
317 sent by responder. */
318 status = silc_ske_initiator_finish(ctx->ske, ctx->packet->buffer,
319 NULL, NULL, NULL, NULL);
322 if (status != SILC_SKE_STATUS_OK) {
323 SILC_LOG_WARNING(("Error (type %d) during Key Exchange protocol",
325 SILC_LOG_DEBUG(("Error (type %d) during Key Exchange protocol",
328 protocol->state = SILC_PROTOCOL_STATE_ERROR;
329 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
333 /* Send Ok to the other end. We will end the protocol as responder
334 sends Ok to us when we will take the new keys into use. */
335 if (ctx->responder == FALSE)
336 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
338 /* End the protocol on the next round */
339 protocol->state = SILC_PROTOCOL_STATE_END;
343 case SILC_PROTOCOL_STATE_END:
348 SilcSKEKeyMaterial *keymat;
349 int key_len = silc_cipher_get_key_len(ctx->ske->prop->cipher);
350 int hash_len = ctx->ske->prop->hash->hash->hash_len;
352 /* Process the key material */
353 keymat = silc_calloc(1, sizeof(*keymat));
354 status = silc_ske_process_key_material(ctx->ske, 16, key_len, hash_len,
356 if (status != SILC_SKE_STATUS_OK) {
357 protocol->state = SILC_PROTOCOL_STATE_ERROR;
358 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
359 silc_ske_free_key_material(keymat);
362 ctx->keymat = keymat;
364 /* Send Ok to the other end if we are responder. If we are initiator
365 we have sent this already. */
366 if (ctx->responder == TRUE)
367 silc_ske_end(ctx->ske, silc_server_protocol_ke_send_packet, context);
369 /* Unregister the timeout task since the protocol has ended.
370 This was the timeout task to be executed if the protocol is
371 not completed fast enough. */
372 if (ctx->timeout_task)
373 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
375 /* Call the final callback */
376 if (protocol->final_callback)
377 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
379 silc_protocol_free(protocol);
383 case SILC_PROTOCOL_STATE_ERROR:
388 /* Send abort notification */
389 silc_ske_abort(ctx->ske, ctx->ske->status,
390 silc_server_protocol_ke_send_packet,
393 /* Unregister the timeout task since the protocol has ended.
394 This was the timeout task to be executed if the protocol is
395 not completed fast enough. */
396 if (ctx->timeout_task)
397 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
399 /* On error the final callback is always called. */
400 if (protocol->final_callback)
401 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
403 silc_protocol_free(protocol);
406 case SILC_PROTOCOL_STATE_FAILURE:
408 * We have received failure from remote
411 /* Unregister the timeout task since the protocol has ended.
412 This was the timeout task to be executed if the protocol is
413 not completed fast enough. */
414 if (ctx->timeout_task)
415 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
417 /* On error the final callback is always called. */
418 if (protocol->final_callback)
419 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
421 silc_protocol_free(protocol);
424 case SILC_PROTOCOL_STATE_UNKNOWN:
430 * Connection Authentication protocol functions
433 int silc_server_password_authentication(SilcServer server, char *auth1,
436 if (!auth1 || !auth2)
439 if (!memcmp(auth1, auth2, strlen(auth1)))
445 int silc_server_public_key_authentication(SilcServer server,
448 unsigned int sign_len,
451 SilcPublicKey pub_key;
456 if (!pkfile || !sign)
459 /* Load public key from file */
460 if (!silc_pkcs_load_public_key(pkfile, &pub_key, SILC_PKCS_FILE_PEM))
461 if (!silc_pkcs_load_public_key(pkfile, &pub_key, SILC_PKCS_FILE_BIN))
464 silc_pkcs_alloc(pub_key->name, &pkcs);
465 if (!silc_pkcs_public_key_set(pkcs, pub_key)) {
466 silc_pkcs_free(pkcs);
470 /* Make the authentication data. Protocol says it is HASH plus
472 len = ske->hash_len + ske->start_payload_copy->len;
473 auth = silc_buffer_alloc(len);
474 silc_buffer_pull_tail(auth, len);
475 silc_buffer_format(auth,
476 SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
477 SILC_STR_UI_XNSTRING(ske->start_payload_copy->data,
478 ske->start_payload_copy->len),
481 /* Verify signature */
482 if (pkcs->pkcs->verify(pkcs->context, sign, sign_len,
483 auth->data, auth->len))
485 silc_pkcs_free(pkcs);
486 silc_pkcs_public_key_free(pub_key);
487 silc_buffer_free(auth);
491 silc_pkcs_free(pkcs);
492 silc_pkcs_public_key_free(pub_key);
493 silc_buffer_free(auth);
497 /* Performs connection authentication protocol. If responder, we
498 authenticate the remote data received. If initiator, we will send
499 authentication data to the remote end. */
501 SILC_TASK_CALLBACK(silc_server_protocol_connection_auth)
503 SilcProtocol protocol = (SilcProtocol)context;
504 SilcServerConnAuthInternalContext *ctx =
505 (SilcServerConnAuthInternalContext *)protocol->context;
506 SilcServer server = (SilcServer)ctx->server;
508 SILC_LOG_DEBUG(("Start"));
510 if (protocol->state == SILC_PROTOCOL_STATE_UNKNOWN)
511 protocol->state = SILC_PROTOCOL_STATE_START;
513 SILC_LOG_DEBUG(("State=%d", protocol->state));
515 switch(protocol->state) {
516 case SILC_PROTOCOL_STATE_START:
522 if (ctx->responder == TRUE) {
524 * We are receiving party
527 unsigned short payload_len;
528 unsigned short conn_type;
529 unsigned char *auth_data;
531 SILC_LOG_INFO(("Performing authentication protocol for %s (%s)",
532 ctx->sock->hostname, ctx->sock->ip));
534 /* Parse the received authentication data packet. The received
535 payload is Connection Auth Payload. */
536 ret = silc_buffer_unformat(ctx->packet->buffer,
537 SILC_STR_UI_SHORT(&payload_len),
538 SILC_STR_UI_SHORT(&conn_type),
541 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
542 protocol->state = SILC_PROTOCOL_STATE_ERROR;
543 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
547 if (payload_len != ctx->packet->buffer->len) {
548 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
549 protocol->state = SILC_PROTOCOL_STATE_ERROR;
550 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
556 if (conn_type < SILC_SOCKET_TYPE_CLIENT ||
557 conn_type > SILC_SOCKET_TYPE_ROUTER) {
558 SILC_LOG_ERROR(("Bad connection type %d", conn_type));
559 protocol->state = SILC_PROTOCOL_STATE_ERROR;
560 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 300000);
564 if (payload_len > 0) {
565 /* Get authentication data */
566 silc_buffer_pull(ctx->packet->buffer, 4);
567 ret = silc_buffer_unformat(ctx->packet->buffer,
568 SILC_STR_UI_XNSTRING_ALLOC(&auth_data,
572 SILC_LOG_DEBUG(("Bad payload in authentication packet"));
573 protocol->state = SILC_PROTOCOL_STATE_ERROR;
574 protocol->execute(server->timeout_queue, 0,
575 protocol, fd, 0, 300000);
583 * Check the remote connection type and make sure that we have
584 * configured this connection. If we haven't allowed this connection
585 * the authentication must be failed.
588 SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
590 /* Remote end is client */
591 if (conn_type == SILC_SOCKET_TYPE_CLIENT) {
592 SilcServerConfigSectionClientConnection *client = NULL;
594 silc_server_config_find_client_conn(server->config,
599 silc_server_config_find_client_conn(server->config,
604 switch(client->auth_meth) {
606 /* No authentication required */
607 SILC_LOG_DEBUG(("No authentication required"));
610 case SILC_AUTH_PASSWORD:
611 /* Password authentication */
612 SILC_LOG_DEBUG(("Password authentication"));
613 ret = silc_server_password_authentication(server, auth_data,
617 memset(auth_data, 0, payload_len);
618 silc_free(auth_data);
623 /* Authentication failed */
624 SILC_LOG_ERROR(("Authentication failed"));
625 SILC_LOG_DEBUG(("Authentication failed"));
626 protocol->state = SILC_PROTOCOL_STATE_ERROR;
627 protocol->execute(server->timeout_queue, 0,
628 protocol, fd, 0, 300000);
632 case SILC_AUTH_PUBLIC_KEY:
633 /* Public key authentication */
634 SILC_LOG_DEBUG(("Public key authentication"));
635 ret = silc_server_public_key_authentication(server,
642 memset(auth_data, 0, payload_len);
643 silc_free(auth_data);
648 SILC_LOG_ERROR(("Authentication failed"));
649 SILC_LOG_DEBUG(("Authentication failed"));
650 protocol->state = SILC_PROTOCOL_STATE_ERROR;
651 protocol->execute(server->timeout_queue, 0,
652 protocol, fd, 0, 300000);
656 SILC_LOG_DEBUG(("No configuration for remote connection"));
657 SILC_LOG_ERROR(("Remote connection not configured"));
658 SILC_LOG_ERROR(("Authentication failed"));
659 memset(auth_data, 0, payload_len);
660 silc_free(auth_data);
662 protocol->state = SILC_PROTOCOL_STATE_ERROR;
663 protocol->execute(server->timeout_queue, 0,
664 protocol, fd, 0, 300000);
669 /* Remote end is server */
670 if (conn_type == SILC_SOCKET_TYPE_SERVER) {
671 SilcServerConfigSectionServerConnection *serv = NULL;
673 silc_server_config_find_server_conn(server->config,
678 silc_server_config_find_server_conn(server->config,
683 switch(serv->auth_meth) {
685 /* No authentication required */
686 SILC_LOG_DEBUG(("No authentication required"));
689 case SILC_AUTH_PASSWORD:
690 /* Password authentication */
691 SILC_LOG_DEBUG(("Password authentication"));
692 ret = silc_server_password_authentication(server, auth_data,
696 memset(auth_data, 0, payload_len);
697 silc_free(auth_data);
702 /* Authentication failed */
703 SILC_LOG_ERROR(("Authentication failed"));
704 SILC_LOG_DEBUG(("Authentication failed"));
705 protocol->state = SILC_PROTOCOL_STATE_ERROR;
706 protocol->execute(server->timeout_queue, 0,
707 protocol, fd, 0, 300000);
711 case SILC_AUTH_PUBLIC_KEY:
712 /* Public key authentication */
713 SILC_LOG_DEBUG(("Public key authentication"));
714 ret = silc_server_public_key_authentication(server,
721 memset(auth_data, 0, payload_len);
722 silc_free(auth_data);
727 SILC_LOG_ERROR(("Authentication failed"));
728 SILC_LOG_DEBUG(("Authentication failed"));
729 protocol->state = SILC_PROTOCOL_STATE_ERROR;
730 protocol->execute(server->timeout_queue, 0,
731 protocol, fd, 0, 300000);
735 SILC_LOG_DEBUG(("No configuration for remote connection"));
736 SILC_LOG_ERROR(("Remote connection not configured"));
737 SILC_LOG_ERROR(("Authentication failed"));
738 memset(auth_data, 0, payload_len);
739 silc_free(auth_data);
741 protocol->state = SILC_PROTOCOL_STATE_ERROR;
742 protocol->execute(server->timeout_queue, 0,
743 protocol, fd, 0, 300000);
748 /* Remote end is router */
749 if (conn_type == SILC_SOCKET_TYPE_ROUTER) {
750 SilcServerConfigSectionServerConnection *serv = NULL;
752 silc_server_config_find_router_conn(server->config,
757 silc_server_config_find_router_conn(server->config,
762 switch(serv->auth_meth) {
764 /* No authentication required */
765 SILC_LOG_DEBUG(("No authentication required"));
768 case SILC_AUTH_PASSWORD:
769 /* Password authentication */
770 SILC_LOG_DEBUG(("Password authentication"));
771 ret = silc_server_password_authentication(server, auth_data,
775 memset(auth_data, 0, payload_len);
776 silc_free(auth_data);
781 /* Authentication failed */
782 SILC_LOG_ERROR(("Authentication failed"));
783 SILC_LOG_DEBUG(("Authentication failed"));
784 protocol->state = SILC_PROTOCOL_STATE_ERROR;
785 protocol->execute(server->timeout_queue, 0,
786 protocol, fd, 0, 300000);
790 case SILC_AUTH_PUBLIC_KEY:
791 /* Public key authentication */
792 SILC_LOG_DEBUG(("Public key authentication"));
793 ret = silc_server_public_key_authentication(server,
800 memset(auth_data, 0, payload_len);
801 silc_free(auth_data);
806 SILC_LOG_ERROR(("Authentication failed"));
807 SILC_LOG_DEBUG(("Authentication failed"));
808 protocol->state = SILC_PROTOCOL_STATE_ERROR;
809 protocol->execute(server->timeout_queue, 0,
810 protocol, fd, 0, 300000);
814 SILC_LOG_DEBUG(("No configuration for remote connection"));
815 SILC_LOG_ERROR(("Remote connection not configured"));
816 SILC_LOG_ERROR(("Authentication failed"));
817 memset(auth_data, 0, payload_len);
818 silc_free(auth_data);
820 protocol->state = SILC_PROTOCOL_STATE_ERROR;
821 protocol->execute(server->timeout_queue, 0,
822 protocol, fd, 0, 300000);
828 memset(auth_data, 0, payload_len);
829 silc_free(auth_data);
832 /* Save connection type. This is later used to create the
833 ID for the connection. */
834 ctx->conn_type = conn_type;
836 /* Advance protocol state. */
837 protocol->state = SILC_PROTOCOL_STATE_END;
838 protocol->execute(server->timeout_queue, 0, protocol, fd, 0, 0);
842 * We are initiator. We are authenticating ourselves to a
843 * remote server. We will send the authentication data to the
844 * other end for verify.
848 unsigned char *auth_data = NULL;
849 unsigned int auth_data_len = 0;
851 switch(ctx->auth_meth) {
853 /* No authentication required */
856 case SILC_AUTH_PASSWORD:
857 /* Password authentication */
858 if (ctx->auth_data && ctx->auth_data_len) {
859 auth_data = ctx->auth_data;
860 auth_data_len = ctx->auth_data_len;
865 case SILC_AUTH_PUBLIC_KEY:
866 /* Public key authentication */
871 payload_len = 4 + auth_data_len;
872 packet = silc_buffer_alloc(payload_len);
873 silc_buffer_pull_tail(packet, SILC_BUFFER_END(packet));
874 silc_buffer_format(packet,
875 SILC_STR_UI_SHORT(payload_len),
876 SILC_STR_UI_SHORT(server->server_type
878 SILC_SOCKET_TYPE_SERVER :
879 SILC_SOCKET_TYPE_ROUTER),
880 SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
883 /* Send the packet to server */
884 silc_server_packet_send(server, ctx->sock,
885 SILC_PACKET_CONNECTION_AUTH, 0,
886 packet->data, packet->len, TRUE);
889 memset(auth_data, 0, auth_data_len);
890 silc_free(auth_data);
892 silc_buffer_free(packet);
894 /* Next state is end of protocol */
895 protocol->state = SILC_PROTOCOL_STATE_END;
900 case SILC_PROTOCOL_STATE_END:
907 SILC_PUT32_MSB(SILC_AUTH_OK, ok);
909 /* Authentication failed */
910 silc_server_packet_send(server, ctx->sock, SILC_PACKET_SUCCESS,
913 /* Unregister the timeout task since the protocol has ended.
914 This was the timeout task to be executed if the protocol is
915 not completed fast enough. */
916 if (ctx->timeout_task)
917 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
919 /* Protocol has ended, call the final callback */
920 if (protocol->final_callback)
921 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
923 silc_protocol_free(protocol);
926 case SILC_PROTOCOL_STATE_ERROR:
929 * Error. Send notify to remote.
931 unsigned char error[4];
933 SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
935 /* Authentication failed */
936 silc_server_packet_send(server, ctx->sock, SILC_PACKET_FAILURE,
939 /* Unregister the timeout task since the protocol has ended.
940 This was the timeout task to be executed if the protocol is
941 not completed fast enough. */
942 if (ctx->timeout_task)
943 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
945 /* On error the final callback is always called. */
946 if (protocol->final_callback)
947 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
949 silc_protocol_free(protocol);
953 case SILC_PROTOCOL_STATE_FAILURE:
955 * We have received failure from remote
958 /* Unregister the timeout task since the protocol has ended.
959 This was the timeout task to be executed if the protocol is
960 not completed fast enough. */
961 if (ctx->timeout_task)
962 silc_task_unregister(server->timeout_queue, ctx->timeout_task);
964 /* On error the final callback is always called. */
965 if (protocol->final_callback)
966 protocol->execute_final(server->timeout_queue, 0, protocol, fd);
968 silc_protocol_free(protocol);
971 case SILC_PROTOCOL_STATE_UNKNOWN:
976 /* Registers protocols used in server. */
978 void silc_server_protocols_register(void)
980 silc_protocol_register(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
981 silc_server_protocol_connection_auth);
982 silc_protocol_register(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
983 silc_server_protocol_key_exchange);
986 /* Unregisters protocols */
988 void silc_server_protocols_unregister(void)
990 silc_protocol_unregister(SILC_PROTOCOL_SERVER_CONNECTION_AUTH,
991 silc_server_protocol_connection_auth);
992 silc_protocol_unregister(SILC_PROTOCOL_SERVER_KEY_EXCHANGE,
993 silc_server_protocol_key_exchange);