lib/silcske/silcconnauth.c

   1 /*
   2
   3   silcconnauth.c
   4
   5   Author: Pekka Riikonen <priikone@silcnet.org>
   6
   7   Copyright (C) 2005 - 2007 Pekka Riikonen
   8
   9   This program is free software; you can redistribute it and/or modify
  10   it under the terms of the GNU General Public License as published by
  11   the Free Software Foundation; version 2 of the License.
  12
  13   This program is distributed in the hope that it will be useful,
  14   but WITHOUT ANY WARRANTY; without even the implied warranty of
  15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16   GNU General Public License for more details.
  17
  18 */
  19
  20 #include "silc.h"
  21 #include "silcconnauth.h"
  22
  23 /************************** Types and definitions ***************************/
  24
  25 static SilcBool silc_connauth_packet_receive(SilcPacketEngine engine,
  26                                              SilcPacketStream stream,
  27                                              SilcPacket packet,
  28                                              void *callback_context,
  29                                              void *app_context);
  30
  31 /* Connection authentication context */
  32 struct SilcConnAuthStruct {
  33   SilcSKE ske;
  34   SilcFSM fsm;
  35   SilcAsyncOperationStruct op;
  36   SilcConnectionType conn_type;
  37   SilcAuthMethod auth_method;
  38   void *auth_data;
  39   SilcUInt32 auth_data_len;
  40   SilcConnAuthCompletion completion;
  41   SilcConnAuthGetAuthData get_auth_data;
  42   void *context;
  43   SilcDList public_keys;
  44   SilcSKRStatus skr_status;
  45   SilcUInt32 timeout_secs;
  46   SilcPacket packet;
  47   unsigned int aborted   : 1;
  48   unsigned int success   : 1;
  49 };
  50
  51 /* Packet stream callbacks */
  52 static SilcPacketCallbacks silc_connauth_stream_cbs =
  53 {
  54   silc_connauth_packet_receive, NULL, NULL
  55 };
  56
  57
  58 /************************ Static utility functions **************************/
  59
  60 /* Packet callback */
  61
  62 static SilcBool silc_connauth_packet_receive(SilcPacketEngine engine,
  63                                              SilcPacketStream stream,
  64                                              SilcPacket packet,
  65                                              void *callback_context,
  66                                              void *app_context)
  67 {
  68   SilcConnAuth connauth = callback_context;
  69   connauth->packet = packet;
  70   silc_fsm_continue(connauth->fsm);
  71   return TRUE;
  72 }
  73
  74 /* Async operation abortion callback */
  75
  76 static void silc_connauth_abort(SilcAsyncOperation op, void *context)
  77 {
  78   SilcConnAuth connauth = context;
  79   connauth->aborted = TRUE;
  80 }
  81
  82 /* Generates signature for public key based authentication */
  83
  84 static SilcBool silc_connauth_get_signature(SilcConnAuth connauth,
  85                                             unsigned char **auth_data,
  86                                             SilcUInt32 *auth_data_len)
  87 {
  88   int len;
  89   SilcSKE ske;
  90   SilcPrivateKey private_key;
  91   SilcBuffer auth;
  92
  93   SILC_LOG_DEBUG(("Compute signature"));
  94
  95   ske = connauth->ske;
  96   private_key = connauth->auth_data;
  97
  98   /* Make the authentication data. Protocol says it is HASH plus
  99      KE Start Payload. */
 100   len = ske->hash_len + silc_buffer_len(ske->start_payload_copy);
 101   auth = silc_buffer_alloc_size(len);
 102   if (!auth)
 103     return FALSE;
 104   silc_buffer_format(auth,
 105                      SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
 106                      SILC_STR_UI_XNSTRING(
 107                                ske->start_payload_copy->data,
 108                                silc_buffer_len(ske->start_payload_copy)),
 109                      SILC_STR_END);
 110
 111   len = ((silc_pkcs_private_key_get_len(private_key) + 7) / 8) + 1;
 112   *auth_data = silc_calloc(len, sizeof(**auth_data));
 113   if (*auth_data == NULL) {
 114     silc_buffer_free(auth);
 115     return FALSE;
 116   }
 117
 118   /* Compute signature */
 119   if (!silc_pkcs_sign(private_key, auth->data, silc_buffer_len(auth),
 120                       *auth_data, len, auth_data_len, TRUE, ske->prop->hash)) {
 121     silc_free(*auth_data);
 122     silc_buffer_free(auth);
 123     return FALSE;
 124   }
 125
 126   silc_buffer_free(auth);
 127   return TRUE;
 128 }
 129
 130 /* Verifies digital signature */
 131
 132 static SilcBool silc_connauth_verify_signature(SilcConnAuth connauth,
 133                                                SilcPublicKey pub_key,
 134                                                unsigned char *sign,
 135                                                SilcUInt32 sign_len)
 136 {
 137   int len;
 138   SilcBuffer auth;
 139   SilcSKE ske = connauth->ske;
 140
 141   if (!pub_key || !sign)
 142     return FALSE;
 143
 144   /* Make the authentication data. Protocol says it is HASH plus
 145      KE Start Payload. */
 146   len = ske->hash_len + silc_buffer_len(ske->start_payload_copy);
 147   auth = silc_buffer_alloc_size(len);
 148   if (!auth)
 149     return FALSE;
 150   silc_buffer_format(auth,
 151                      SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
 152                      SILC_STR_UI_XNSTRING(
 153                                   ske->start_payload_copy->data,
 154                                   silc_buffer_len(ske->start_payload_copy)),
 155                      SILC_STR_END);
 156
 157   /* Verify signature */
 158   if (!silc_pkcs_verify(pub_key, sign, sign_len, auth->data,
 159                         silc_buffer_len(auth), ske->prop->hash)) {
 160     silc_buffer_free(auth);
 161     return FALSE;
 162   }
 163
 164   silc_buffer_free(auth);
 165
 166   return TRUE;
 167 }
 168
 169 /* Timeout */
 170
 171 SILC_TASK_CALLBACK(silc_connauth_timeout)
 172 {
 173   SilcConnAuth connauth = context;
 174   SILC_LOG_DEBUG(("Protocol timeout"));
 175   connauth->aborted = TRUE;
 176   silc_fsm_continue_sync(connauth->fsm);
 177 }
 178
 179 /* SKR callback */
 180
 181 static void silc_connauth_skr_callback(SilcSKR skr, SilcSKRFind find,
 182                                        SilcSKRStatus status,
 183                                        SilcDList results, void *context)
 184 {
 185   SilcConnAuth connauth = context;
 186
 187   silc_skr_find_free(find);
 188
 189   connauth->public_keys = results;
 190   connauth->skr_status = status;
 191
 192   SILC_FSM_CALL_CONTINUE(connauth->fsm);
 193 }
 194
 195 /* FSM destructor */
 196
 197 static void silc_connauth_fsm_destructor(SilcFSM fsm, void *fsm_context,
 198                                          void *destructor_context)
 199 {
 200   silc_fsm_free(fsm);
 201 }
 202
 203
 204 /******************************* Protocol API *******************************/
 205
 206 /* Allocate connection authentication context */
 207
 208 SilcConnAuth silc_connauth_alloc(SilcSchedule schedule,
 209                                  SilcSKE ske,
 210                                  SilcUInt32 timeout_secs)
 211 {
 212   SilcConnAuth connauth;
 213
 214   if (!schedule || !ske)
 215     return NULL;
 216
 217   connauth = silc_calloc(1, sizeof(*connauth));
 218   if (!connauth)
 219     return NULL;
 220
 221   connauth->fsm = silc_fsm_alloc(connauth, silc_connauth_fsm_destructor,
 222                                  NULL, schedule);
 223   if (!connauth->fsm) {
 224     silc_connauth_free(connauth);
 225     return NULL;
 226   }
 227
 228   connauth->timeout_secs = timeout_secs;
 229   connauth->ske = ske;
 230   ske->refcnt++;
 231
 232   return connauth;
 233 }
 234
 235 /* Free connection authentication context */
 236
 237 void silc_connauth_free(SilcConnAuth connauth)
 238 {
 239   if (connauth->public_keys)
 240     silc_dlist_uninit(connauth->public_keys);
 241
 242   /* Free reference */
 243   silc_ske_free(connauth->ske);
 244
 245   silc_free(connauth);
 246 }
 247
 248 /* Return associated SKE context */
 249
 250 SilcSKE silc_connauth_get_ske(SilcConnAuth connauth)
 251 {
 252   return connauth->ske;
 253 }
 254
 255
 256 /******************************** Initiator *********************************/
 257
 258 SILC_FSM_STATE(silc_connauth_st_initiator_start);
 259 SILC_FSM_STATE(silc_connauth_st_initiator_result);
 260 SILC_FSM_STATE(silc_connauth_st_initiator_failure);
 261
 262 SILC_FSM_STATE(silc_connauth_st_initiator_start)
 263 {
 264   SilcConnAuth connauth = fsm_context;
 265   SilcBuffer packet;
 266   int payload_len = 0;
 267   unsigned char *auth_data = NULL;
 268   SilcUInt32 auth_data_len = 0;
 269   SilcPacketFlags flags = 0;
 270
 271   SILC_LOG_DEBUG(("Start"));
 272
 273   if (connauth->aborted) {
 274     /** Aborted */
 275     silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 276     return SILC_FSM_CONTINUE;
 277   }
 278
 279   /* Start timeout */
 280   if (connauth->timeout_secs)
 281     silc_schedule_task_add_timeout(silc_fsm_get_schedule(fsm),
 282                                    silc_connauth_timeout, connauth,
 283                                    connauth->timeout_secs, 0);
 284
 285   switch (connauth->auth_method) {
 286   case SILC_AUTH_NONE:
 287     /* No authentication required */
 288     break;
 289
 290   case SILC_AUTH_PASSWORD:
 291     auth_data = silc_memdup(connauth->auth_data, connauth->auth_data_len);
 292     if (!auth_data) {
 293       /** Out of memory */
 294       silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 295       return SILC_FSM_CONTINUE;
 296     }
 297     auth_data_len = connauth->auth_data_len;
 298     flags = SILC_PACKET_FLAG_LONG_PAD;
 299     break;
 300
 301   case SILC_AUTH_PUBLIC_KEY:
 302     if (!silc_connauth_get_signature(connauth, &auth_data, &auth_data_len)) {
 303       /** Error computing signature */
 304       silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 305       return SILC_FSM_CONTINUE;
 306     }
 307     break;
 308   }
 309
 310   payload_len = 4 + auth_data_len;
 311   packet = silc_buffer_alloc_size(payload_len);
 312   if (!packet) {
 313     /** Out of memory */
 314     silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 315     return SILC_FSM_CONTINUE;
 316   }
 317
 318   silc_buffer_format(packet,
 319                      SILC_STR_UI_SHORT(payload_len),
 320                      SILC_STR_UI_SHORT(connauth->conn_type),
 321                      SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
 322                      SILC_STR_END);
 323
 324   /* Send the packet */
 325   if (!silc_packet_send(connauth->ske->stream, SILC_PACKET_CONNECTION_AUTH,
 326                         flags, packet->data, silc_buffer_len(packet))) {
 327     /** Error sending packet */
 328     silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 329     return SILC_FSM_CONTINUE;
 330   }
 331
 332   if (auth_data) {
 333     memset(auth_data, 0, auth_data_len);
 334     silc_free(auth_data);
 335   }
 336   silc_buffer_free(packet);
 337
 338   /** Wait for responder */
 339   silc_fsm_next(fsm, silc_connauth_st_initiator_result);
 340   return SILC_FSM_WAIT;
 341 }
 342
 343 SILC_FSM_STATE(silc_connauth_st_initiator_result)
 344 {
 345   SilcConnAuth connauth = fsm_context;
 346
 347   SILC_LOG_DEBUG(("Start"));
 348
 349   if (connauth->aborted) {
 350     /** Aborted */
 351     silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 352     return SILC_FSM_CONTINUE;
 353   }
 354
 355   /* Check the status of authentication */
 356   if (connauth->packet->type == SILC_PACKET_SUCCESS) {
 357     SILC_LOG_DEBUG(("Authentication successful"));
 358     connauth->success = TRUE;
 359   } else {
 360     SILC_LOG_DEBUG(("Authentication failed, packet %s received",
 361                     silc_get_packet_name(connauth->packet->type)));
 362     connauth->success = FALSE;
 363   }
 364   silc_packet_free(connauth->packet);
 365
 366   silc_packet_stream_unlink(connauth->ske->stream,
 367                             &silc_connauth_stream_cbs, connauth);
 368   silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
 369
 370   /* Call completion callback */
 371   connauth->completion(connauth, connauth->success, connauth->context);
 372
 373   return SILC_FSM_FINISH;
 374 }
 375
 376 SILC_FSM_STATE(silc_connauth_st_initiator_failure)
 377 {
 378   SilcConnAuth connauth = fsm_context;
 379   unsigned char error[4];
 380
 381   SILC_LOG_DEBUG(("Start"));
 382
 383   if (!connauth->aborted) {
 384     /* Send FAILURE packet */
 385     SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
 386     silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4);
 387
 388     silc_packet_stream_unlink(connauth->ske->stream,
 389                               &silc_connauth_stream_cbs, connauth);
 390     silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
 391
 392     /* Call completion callback */
 393     connauth->completion(connauth, FALSE, connauth->context);
 394     return SILC_FSM_FINISH;
 395   }
 396
 397   silc_packet_stream_unlink(connauth->ske->stream,
 398                             &silc_connauth_stream_cbs, connauth);
 399   silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
 400
 401   return SILC_FSM_FINISH;
 402 }
 403
 404 SilcAsyncOperation
 405 silc_connauth_initiator(SilcConnAuth connauth,
 406                         SilcConnectionType conn_type,
 407                         SilcAuthMethod auth_method, void *auth_data,
 408                         SilcUInt32 auth_data_len,
 409                         SilcConnAuthCompletion completion,
 410                         void *context)
 411 {
 412   SILC_LOG_DEBUG(("Connection authentication as initiator"));
 413
 414   if (auth_method == SILC_AUTH_PASSWORD && !auth_data) {
 415     completion(connauth, FALSE, context);
 416     return NULL;
 417   }
 418
 419   if (auth_method == SILC_AUTH_PUBLIC_KEY && !auth_data) {
 420     completion(connauth, FALSE, context);
 421     return NULL;
 422   }
 423
 424   connauth->conn_type = conn_type;
 425   connauth->auth_method = auth_method;
 426   connauth->auth_data = auth_data;
 427   connauth->auth_data_len = auth_data_len;
 428   connauth->completion = completion;
 429   connauth->context = context;
 430
 431   /* Link to packet stream to get packets */
 432   silc_packet_stream_link(connauth->ske->stream,
 433                           &silc_connauth_stream_cbs, connauth, 1000000,
 434                           SILC_PACKET_SUCCESS,
 435                           SILC_PACKET_FAILURE, -1);
 436
 437   /* Start the protocol */
 438   silc_async_init(&connauth->op, silc_connauth_abort, NULL, connauth);
 439   silc_fsm_start(connauth->fsm, silc_connauth_st_initiator_start);
 440
 441   return &connauth->op;
 442 }
 443
 444
 445 /******************************** Responder *********************************/
 446
 447 SILC_FSM_STATE(silc_connauth_st_responder_start);
 448 SILC_FSM_STATE(silc_connauth_st_responder_authenticate);
 449 SILC_FSM_STATE(silc_connauth_st_responder_authenticate_pk);
 450 SILC_FSM_STATE(silc_connauth_st_responder_success);
 451 SILC_FSM_STATE(silc_connauth_st_responder_failure);
 452
 453 SILC_FSM_STATE(silc_connauth_st_responder_start)
 454 {
 455   SilcConnAuth connauth = fsm_context;
 456
 457   SILC_LOG_DEBUG(("Start"));
 458
 459   if (connauth->aborted) {
 460     /** Aborted */
 461     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 462     return SILC_FSM_CONTINUE;
 463   }
 464
 465   /* Start timeout */
 466   if (connauth->timeout_secs)
 467     silc_schedule_task_add_timeout(silc_fsm_get_schedule(fsm),
 468                                    silc_connauth_timeout, connauth,
 469                                    connauth->timeout_secs, 0);
 470
 471   /** Wait for initiator */
 472   silc_fsm_next(fsm, silc_connauth_st_responder_authenticate);
 473   return SILC_FSM_WAIT;
 474 }
 475
 476 SILC_FSM_STATE(silc_connauth_st_responder_authenticate)
 477 {
 478   SilcConnAuth connauth = fsm_context;
 479   SilcUInt16 payload_len;
 480   SilcUInt16 conn_type;
 481   unsigned char *auth_data = NULL, *passphrase = NULL;
 482   SilcUInt32 passphrase_len;
 483   SilcSKR repository = NULL;
 484   int ret;
 485
 486   SILC_LOG_DEBUG(("Start"));
 487
 488   if (connauth->aborted) {
 489     /** Aborted */
 490     if (connauth->packet)
 491       silc_packet_free(connauth->packet);
 492     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 493     return SILC_FSM_CONTINUE;
 494   }
 495
 496   if (connauth->packet->type != SILC_PACKET_CONNECTION_AUTH) {
 497     /** Protocol failure */
 498     silc_packet_free(connauth->packet);
 499     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 500     return SILC_FSM_CONTINUE;
 501   }
 502
 503   /* Parse the received authentication data packet. The received
 504      payload is Connection Auth Payload. */
 505   ret = silc_buffer_unformat(&connauth->packet->buffer,
 506                              SILC_STR_UI_SHORT(&payload_len),
 507                              SILC_STR_UI_SHORT(&conn_type),
 508                              SILC_STR_END);
 509   if (ret == -1) {
 510     /** Bad payload */
 511     SILC_LOG_ERROR(("Bad payload in authentication packet"));
 512     silc_packet_free(connauth->packet);
 513     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 514     return SILC_FSM_CONTINUE;
 515   }
 516
 517   if (payload_len != silc_buffer_len(&connauth->packet->buffer)) {
 518     /** Bad payload length */
 519     SILC_LOG_ERROR(("Bad payload length in authentication packet"));
 520     silc_packet_free(connauth->packet);
 521     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 522     return SILC_FSM_CONTINUE;
 523   }
 524
 525   payload_len -= 4;
 526
 527   if (conn_type < SILC_CONN_CLIENT || conn_type > SILC_CONN_ROUTER) {
 528     /** Bad connection type */
 529     SILC_LOG_ERROR(("Bad connection type (%d) in authentication packet",
 530                     conn_type));
 531     silc_packet_free(connauth->packet);
 532     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 533     return SILC_FSM_CONTINUE;
 534   }
 535
 536   if (payload_len > 0) {
 537     /* Get authentication data */
 538     ret = silc_buffer_unformat(&connauth->packet->buffer,
 539                                SILC_STR_OFFSET(4),
 540                                SILC_STR_UI_XNSTRING(&auth_data,
 541                                                     payload_len),
 542                                SILC_STR_END);
 543     if (ret == -1) {
 544       /** Bad payload */
 545       SILC_LOG_DEBUG(("Bad payload in authentication payload"));
 546       silc_packet_free(connauth->packet);
 547       silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 548       return SILC_FSM_CONTINUE;
 549     }
 550   }
 551   silc_packet_free(connauth->packet);
 552
 553   SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
 554
 555   /* Get authentication data */
 556   if (!connauth->get_auth_data(connauth, conn_type, &passphrase,
 557                                &passphrase_len, &repository,
 558                                connauth->context)) {
 559     /** Connection not configured */
 560     SILC_LOG_ERROR(("Remote connection not configured"));
 561     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 562     return SILC_FSM_CONTINUE;
 563   }
 564
 565   /* Verify */
 566
 567   /* Passphrase authentication */
 568   if (passphrase && passphrase_len) {
 569     SILC_LOG_DEBUG(("Passphrase authentication"));
 570     if (!auth_data || payload_len != passphrase_len ||
 571         memcmp(auth_data, passphrase, passphrase_len)) {
 572       /** Authentication failed */
 573       silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 574       return SILC_FSM_CONTINUE;
 575     }
 576   } else if (repository) {
 577     /* Digital signature */
 578     SilcSKRFind find;
 579
 580     SILC_LOG_DEBUG(("Digital signature authentication"));
 581
 582     if (!auth_data) {
 583       /** Authentication failed */
 584       silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 585       return SILC_FSM_CONTINUE;
 586     }
 587
 588     connauth->auth_data = silc_memdup(auth_data, payload_len);
 589     connauth->auth_data_len = payload_len;
 590
 591     /* Allocate search constraints for finding the key */
 592     find = silc_skr_find_alloc();
 593
 594     if (!find || !connauth->auth_data || !connauth->ske->prop->public_key) {
 595       /** Out of memory */
 596       silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 597       return SILC_FSM_CONTINUE;
 598     }
 599
 600     silc_skr_find_set_pkcs_type(
 601                   find, silc_pkcs_get_type(connauth->ske->prop->public_key));
 602     silc_skr_find_set_public_key(find, connauth->ske->prop->public_key);
 603     silc_skr_find_set_usage(find, (SILC_SKR_USAGE_AUTH |
 604                                    SILC_SKR_USAGE_KEY_AGREEMENT));
 605
 606     /** Find public key */
 607     silc_fsm_next(fsm, silc_connauth_st_responder_authenticate_pk);
 608     SILC_FSM_CALL(silc_skr_find(repository, silc_fsm_get_schedule(fsm),
 609                                 find, silc_connauth_skr_callback,
 610                                 connauth));
 611     /* NOT REACHED */
 612   }
 613
 614   /* Passphrase auth Ok, or no authentication required */
 615
 616   /** Authentication successful */
 617   silc_fsm_next(fsm, silc_connauth_st_responder_success);
 618   return SILC_FSM_CONTINUE;
 619 }
 620
 621 SILC_FSM_STATE(silc_connauth_st_responder_authenticate_pk)
 622 {
 623   SilcConnAuth connauth = fsm_context;
 624   SilcSKRKey key;
 625
 626   if (connauth->aborted) {
 627     /** Aborted */
 628     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 629     return SILC_FSM_CONTINUE;
 630   }
 631
 632   if (connauth->skr_status != SILC_SKR_OK) {
 633     /** Public key not found */
 634     SILC_LOG_DEBUG(("Public key not found, error %d", connauth->skr_status));
 635     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 636     return SILC_FSM_CONTINUE;
 637   }
 638
 639   SILC_LOG_DEBUG(("Found %d public keys",
 640                   silc_dlist_count(connauth->public_keys)));
 641
 642   /* Verify signature */
 643   key = silc_dlist_get(connauth->public_keys);
 644   if (!silc_connauth_verify_signature(connauth, key->key,
 645                                       connauth->auth_data,
 646                                       connauth->auth_data_len)) {
 647     /** Invalid signature */
 648     SILC_LOG_DEBUG(("Invalid signature"));
 649     silc_free(connauth->auth_data);
 650     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 651     return SILC_FSM_CONTINUE;
 652   }
 653
 654   silc_free(connauth->auth_data);
 655
 656   SILC_LOG_DEBUG(("Signature is Ok"));
 657
 658   /** Authentication successful */
 659   silc_fsm_next(fsm, silc_connauth_st_responder_success);
 660   return SILC_FSM_CONTINUE;
 661 }
 662
 663 SILC_FSM_STATE(silc_connauth_st_responder_success)
 664 {
 665   SilcConnAuth connauth = fsm_context;
 666   unsigned char tmp[4];
 667
 668   SILC_LOG_DEBUG(("Authentication successful"));
 669
 670   /* Send FAILURE packet */
 671   SILC_PUT32_MSB(SILC_AUTH_OK, tmp);
 672   silc_packet_send(connauth->ske->stream, SILC_PACKET_SUCCESS, 0, tmp, 4);
 673
 674   silc_packet_stream_unlink(connauth->ske->stream,
 675                             &silc_connauth_stream_cbs, connauth);
 676   silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
 677
 678   /* Call completion callback */
 679   connauth->completion(connauth, TRUE, connauth->context);
 680
 681   return SILC_FSM_FINISH;
 682 }
 683
 684 SILC_FSM_STATE(silc_connauth_st_responder_failure)
 685 {
 686   SilcConnAuth connauth = fsm_context;
 687   unsigned char error[4];
 688
 689   SILC_LOG_ERROR(("Authentication failed"));
 690
 691   if (!connauth->aborted) {
 692     /* Send FAILURE packet */
 693     SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
 694     silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4);
 695
 696     silc_packet_stream_unlink(connauth->ske->stream,
 697                               &silc_connauth_stream_cbs, connauth);
 698     silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
 699
 700     /* Call completion callback */
 701     connauth->completion(connauth, FALSE, connauth->context);
 702
 703     return SILC_FSM_FINISH;
 704   }
 705
 706   silc_packet_stream_unlink(connauth->ske->stream,
 707                             &silc_connauth_stream_cbs, connauth);
 708   silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
 709
 710   return SILC_FSM_FINISH;
 711 }
 712
 713 SilcAsyncOperation
 714 silc_connauth_responder(SilcConnAuth connauth,
 715                         SilcConnAuthGetAuthData get_auth_data,
 716                         SilcConnAuthCompletion completion,
 717                         void *context)
 718 {
 719   SILC_LOG_DEBUG(("Connection authentication as responder"));
 720
 721   connauth->get_auth_data = get_auth_data;
 722   connauth->completion = completion;
 723   connauth->context = context;
 724
 725   /* Link to packet stream to get packets */
 726   silc_packet_stream_link(connauth->ske->stream,
 727                           &silc_connauth_stream_cbs, connauth, 1000000,
 728                           SILC_PACKET_CONNECTION_AUTH,
 729                           SILC_PACKET_FAILURE, -1);
 730
 731   /* Start the protocol */
 732   silc_async_init(&connauth->op, silc_connauth_abort, NULL, connauth);
 733   silc_fsm_start(connauth->fsm, silc_connauth_st_responder_start);
 734
 735   return &connauth->op;
 736 }