lib/silcske/silcconnauth.c

   1 /*
   2
   3   silcconnauth.c
   4
   5   Author: Pekka Riikonen <priikone@silcnet.org>
   6
   7   Copyright (C) 2005 - 2007 Pekka Riikonen
   8
   9   This program is free software; you can redistribute it and/or modify
  10   it under the terms of the GNU General Public License as published by
  11   the Free Software Foundation; version 2 of the License.
  12
  13   This program is distributed in the hope that it will be useful,
  14   but WITHOUT ANY WARRANTY; without even the implied warranty of
  15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16   GNU General Public License for more details.
  17
  18 */
  19
  20 #include "silc.h"
  21 #include "silcconnauth.h"
  22
  23 /************************** Types and definitions ***************************/
  24
  25 static SilcBool silc_connauth_packet_receive(SilcPacketEngine engine,
  26                                              SilcPacketStream stream,
  27                                              SilcPacket packet,
  28                                              void *callback_context,
  29                                              void *app_context);
  30
  31 /* Connection authentication context */
  32 struct SilcConnAuthStruct {
  33   SilcSKE ske;
  34   SilcFSM fsm;
  35   SilcAsyncOperationStruct op;
  36   SilcConnectionType conn_type;
  37   SilcAuthMethod auth_method;
  38   void *auth_data;
  39   SilcUInt32 auth_data_len;
  40   SilcConnAuthCompletion completion;
  41   SilcConnAuthGetAuthData get_auth_data;
  42   void *context;
  43   SilcDList public_keys;
  44   SilcSKRStatus skr_status;
  45   SilcUInt32 timeout_secs;
  46   SilcPacket packet;
  47   unsigned int aborted   : 1;
  48   unsigned int success   : 1;
  49 };
  50
  51 /* Packet stream callbacks */
  52 static SilcPacketCallbacks silc_connauth_stream_cbs =
  53 {
  54   silc_connauth_packet_receive, NULL, NULL
  55 };
  56
  57
  58 /************************ Static utility functions **************************/
  59
  60 /* Packet callback */
  61
  62 static SilcBool silc_connauth_packet_receive(SilcPacketEngine engine,
  63                                              SilcPacketStream stream,
  64                                              SilcPacket packet,
  65                                              void *callback_context,
  66                                              void *app_context)
  67 {
  68   SilcConnAuth connauth = callback_context;
  69   connauth->packet = packet;
  70   silc_fsm_continue(connauth->fsm);
  71   return TRUE;
  72 }
  73
  74 /* Async operation abortion callback */
  75
  76 static void silc_connauth_abort(SilcAsyncOperation op, void *context)
  77 {
  78   SilcConnAuth connauth = context;
  79   connauth->aborted = TRUE;
  80 }
  81
  82 /* Generates signature for public key based authentication */
  83
  84 static SilcBool silc_connauth_get_signature(SilcConnAuth connauth,
  85                                             unsigned char **auth_data,
  86                                             SilcUInt32 *auth_data_len)
  87 {
  88   int len;
  89   SilcSKE ske;
  90   SilcPrivateKey private_key;
  91   SilcBuffer auth;
  92
  93   SILC_LOG_DEBUG(("Compute signature"));
  94
  95   ske = connauth->ske;
  96   private_key = connauth->auth_data;
  97
  98   /* Make the authentication data. Protocol says it is HASH plus
  99      KE Start Payload. */
 100   len = ske->hash_len + silc_buffer_len(ske->start_payload_copy);
 101   auth = silc_buffer_alloc_size(len);
 102   if (!auth)
 103     return FALSE;
 104   silc_buffer_format(auth,
 105                      SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
 106                      SILC_STR_UI_XNSTRING(
 107                                ske->start_payload_copy->data,
 108                                silc_buffer_len(ske->start_payload_copy)),
 109                      SILC_STR_END);
 110
 111   len = ((silc_pkcs_private_key_get_len(private_key) + 7) / 8) + 1;
 112   *auth_data = silc_calloc(len, sizeof(**auth_data));
 113   if (*auth_data == NULL) {
 114     silc_buffer_free(auth);
 115     return FALSE;
 116   }
 117
 118   /* Compute signature */
 119   if (!silc_pkcs_sign(private_key, auth->data, silc_buffer_len(auth),
 120                       *auth_data, len, auth_data_len, TRUE, ske->prop->hash)) {
 121     silc_free(*auth_data);
 122     silc_buffer_free(auth);
 123     return FALSE;
 124   }
 125
 126   silc_buffer_free(auth);
 127   return TRUE;
 128 }
 129
 130 /* Verifies digital signature */
 131
 132 static SilcBool silc_connauth_verify_signature(SilcConnAuth connauth,
 133                                                SilcPublicKey pub_key,
 134                                                unsigned char *sign,
 135                                                SilcUInt32 sign_len)
 136 {
 137   int len;
 138   SilcBuffer auth;
 139   SilcSKE ske = connauth->ske;
 140
 141   if (!pub_key || !sign)
 142     return FALSE;
 143
 144   /* Make the authentication data. Protocol says it is HASH plus
 145      KE Start Payload. */
 146   len = ske->hash_len + silc_buffer_len(ske->start_payload_copy);
 147   auth = silc_buffer_alloc_size(len);
 148   if (!auth)
 149     return FALSE;
 150   silc_buffer_format(auth,
 151                      SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
 152                      SILC_STR_UI_XNSTRING(
 153                                   ske->start_payload_copy->data,
 154                                   silc_buffer_len(ske->start_payload_copy)),
 155                      SILC_STR_END);
 156
 157   /* Verify signature */
 158   if (!silc_pkcs_verify(pub_key, sign, sign_len, auth->data,
 159                         silc_buffer_len(auth), ske->prop->hash)) {
 160     silc_buffer_free(auth);
 161     return FALSE;
 162   }
 163
 164   silc_buffer_free(auth);
 165
 166   return TRUE;
 167 }
 168
 169 /* Timeout */
 170
 171 SILC_TASK_CALLBACK(silc_connauth_timeout)
 172 {
 173   SilcConnAuth connauth = context;
 174   SILC_LOG_DEBUG(("Protocol timeout"));
 175   connauth->aborted = TRUE;
 176   silc_fsm_continue_sync(connauth->fsm);
 177 }
 178
 179 /* SKR callback */
 180
 181 static void silc_connauth_skr_callback(SilcSKR skr, SilcSKRFind find,
 182                                        SilcSKRStatus status,
 183                                        SilcDList results, void *context)
 184 {
 185   SilcConnAuth connauth = context;
 186
 187   silc_skr_find_free(find);
 188
 189   connauth->public_keys = results;
 190   connauth->skr_status = status;
 191
 192   SILC_FSM_CALL_CONTINUE(connauth->fsm);
 193 }
 194
 195 /* FSM destructor */
 196
 197 static void silc_connauth_fsm_destructor(SilcFSM fsm, void *fsm_context,
 198                                          void *destructor_context)
 199 {
 200   silc_fsm_free(fsm);
 201 }
 202
 203
 204 /******************************* Protocol API *******************************/
 205
 206 /* Allocate connection authentication context */
 207
 208 SilcConnAuth silc_connauth_alloc(SilcSchedule schedule,
 209                                  SilcSKE ske,
 210                                  SilcUInt32 timeout_secs)
 211 {
 212   SilcConnAuth connauth;
 213
 214   if (!schedule || !ske)
 215     return NULL;
 216
 217   connauth = silc_calloc(1, sizeof(*connauth));
 218   if (!connauth)
 219     return NULL;
 220
 221   connauth->fsm = silc_fsm_alloc(connauth, silc_connauth_fsm_destructor,
 222                                  NULL, schedule);
 223   if (!connauth->fsm) {
 224     silc_connauth_free(connauth);
 225     return NULL;
 226   }
 227
 228   connauth->timeout_secs = timeout_secs;
 229   connauth->ske = ske;
 230   ske->refcnt++;
 231
 232   return connauth;
 233 }
 234
 235 /* Free connection authentication context */
 236
 237 void silc_connauth_free(SilcConnAuth connauth)
 238 {
 239   if (connauth->public_keys)
 240     silc_dlist_uninit(connauth->public_keys);
 241
 242   /* Free reference */
 243   silc_ske_free(connauth->ske);
 244
 245   silc_free(connauth);
 246 }
 247
 248 /* Return associated SKE context */
 249
 250 SilcSKE silc_connauth_get_ske(SilcConnAuth connauth)
 251 {
 252   return connauth->ske;
 253 }
 254
 255
 256 /******************************** Initiator *********************************/
 257
 258 SILC_FSM_STATE(silc_connauth_st_initiator_start);
 259 SILC_FSM_STATE(silc_connauth_st_initiator_result);
 260 SILC_FSM_STATE(silc_connauth_st_initiator_failure);
 261
 262 SILC_FSM_STATE(silc_connauth_st_initiator_start)
 263 {
 264   SilcConnAuth connauth = fsm_context;
 265   SilcBuffer packet;
 266   int payload_len = 0;
 267   unsigned char *auth_data = NULL;
 268   SilcUInt32 auth_data_len = 0;
 269   SilcPacketFlags flags = 0;
 270
 271   SILC_LOG_DEBUG(("Start"));
 272
 273   if (connauth->aborted) {
 274     /** Aborted */
 275     silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 276     return SILC_FSM_CONTINUE;
 277   }
 278
 279   /* Start timeout */
 280   if (connauth->timeout_secs)
 281     silc_schedule_task_add_timeout(silc_fsm_get_schedule(fsm),
 282                                    silc_connauth_timeout, connauth,
 283                                    connauth->timeout_secs, 0);
 284
 285   switch (connauth->auth_method) {
 286   case SILC_AUTH_NONE:
 287     /* No authentication required */
 288     break;
 289
 290   case SILC_AUTH_PASSWORD:
 291     auth_data = silc_memdup(connauth->auth_data, connauth->auth_data_len);
 292     if (!auth_data) {
 293       /** Out of memory */
 294       silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 295       return SILC_FSM_CONTINUE;
 296     }
 297     auth_data_len = connauth->auth_data_len;
 298     flags = SILC_PACKET_FLAG_LONG_PAD;
 299     break;
 300
 301   case SILC_AUTH_PUBLIC_KEY:
 302     if (!silc_connauth_get_signature(connauth, &auth_data, &auth_data_len)) {
 303       /** Error computing signature */
 304       silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 305       return SILC_FSM_CONTINUE;
 306     }
 307     break;
 308   }
 309
 310   payload_len = 4 + auth_data_len;
 311   packet = silc_buffer_alloc_size(payload_len);
 312   if (!packet) {
 313     /** Out of memory */
 314     silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 315     return SILC_FSM_CONTINUE;
 316   }
 317
 318   silc_buffer_format(packet,
 319                      SILC_STR_UI_SHORT(payload_len),
 320                      SILC_STR_UI_SHORT(connauth->conn_type),
 321                      SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
 322                      SILC_STR_END);
 323
 324   /* Send the packet */
 325   if (!silc_packet_send(connauth->ske->stream, SILC_PACKET_CONNECTION_AUTH,
 326                         flags, packet->data, silc_buffer_len(packet))) {
 327     /** Error sending packet */
 328     silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 329     return SILC_FSM_CONTINUE;
 330   }
 331
 332   if (auth_data) {
 333     memset(auth_data, 0, auth_data_len);
 334     silc_free(auth_data);
 335   }
 336   silc_buffer_free(packet);
 337
 338   /** Wait for responder */
 339   silc_fsm_next(fsm, silc_connauth_st_initiator_result);
 340   return SILC_FSM_WAIT;
 341 }
 342
 343 SILC_FSM_STATE(silc_connauth_st_initiator_result)
 344 {
 345   SilcConnAuth connauth = fsm_context;
 346
 347   SILC_LOG_DEBUG(("Start"));
 348
 349   if (connauth->aborted) {
 350     /** Aborted */
 351     silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 352     return SILC_FSM_CONTINUE;
 353   }
 354
 355   /* Check the status of authentication */
 356   if (connauth->packet->type == SILC_PACKET_SUCCESS) {
 357     SILC_LOG_DEBUG(("Authentication successful"));
 358     connauth->success = TRUE;
 359   } else {
 360     SILC_LOG_DEBUG(("Authentication failed"));
 361     connauth->success = FALSE;
 362   }
 363   silc_packet_free(connauth->packet);
 364
 365   silc_packet_stream_unlink(connauth->ske->stream,
 366                             &silc_connauth_stream_cbs, connauth);
 367   silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
 368
 369   /* Call completion callback */
 370   connauth->completion(connauth, connauth->success, connauth->context);
 371
 372   return SILC_FSM_FINISH;
 373 }
 374
 375 SILC_FSM_STATE(silc_connauth_st_initiator_failure)
 376 {
 377   SilcConnAuth connauth = fsm_context;
 378   unsigned char error[4];
 379
 380   SILC_LOG_DEBUG(("Start"));
 381
 382   if (!connauth->aborted) {
 383     /* Send FAILURE packet */
 384     SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
 385     silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4);
 386
 387     /* Call completion callback */
 388     connauth->completion(connauth, FALSE, connauth->context);
 389   }
 390
 391   silc_packet_stream_unlink(connauth->ske->stream,
 392                             &silc_connauth_stream_cbs, connauth);
 393   silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
 394
 395   return SILC_FSM_FINISH;
 396 }
 397
 398 SilcAsyncOperation
 399 silc_connauth_initiator(SilcConnAuth connauth,
 400                         SilcConnectionType conn_type,
 401                         SilcAuthMethod auth_method, void *auth_data,
 402                         SilcUInt32 auth_data_len,
 403                         SilcConnAuthCompletion completion,
 404                         void *context)
 405 {
 406   SILC_LOG_DEBUG(("Connection authentication as initiator"));
 407
 408   if (auth_method == SILC_AUTH_PASSWORD && !auth_data) {
 409     completion(connauth, FALSE, context);
 410     return NULL;
 411   }
 412
 413   if (auth_method == SILC_AUTH_PUBLIC_KEY && !auth_data) {
 414     completion(connauth, FALSE, context);
 415     return NULL;
 416   }
 417
 418   connauth->conn_type = conn_type;
 419   connauth->auth_method = auth_method;
 420   connauth->auth_data = auth_data;
 421   connauth->auth_data_len = auth_data_len;
 422   connauth->completion = completion;
 423   connauth->context = context;
 424
 425   /* Link to packet stream to get packets */
 426   silc_packet_stream_link(connauth->ske->stream,
 427                           &silc_connauth_stream_cbs, connauth, 1000000,
 428                           SILC_PACKET_SUCCESS,
 429                           SILC_PACKET_FAILURE, -1);
 430
 431   /* Start the protocol */
 432   silc_async_init(&connauth->op, silc_connauth_abort, NULL, connauth);
 433   silc_fsm_start(connauth->fsm, silc_connauth_st_initiator_start);
 434
 435   return &connauth->op;
 436 }
 437
 438
 439 /******************************** Responder *********************************/
 440
 441 SILC_FSM_STATE(silc_connauth_st_responder_start);
 442 SILC_FSM_STATE(silc_connauth_st_responder_authenticate);
 443 SILC_FSM_STATE(silc_connauth_st_responder_authenticate_pk);
 444 SILC_FSM_STATE(silc_connauth_st_responder_success);
 445 SILC_FSM_STATE(silc_connauth_st_responder_failure);
 446
 447 SILC_FSM_STATE(silc_connauth_st_responder_start)
 448 {
 449   SilcConnAuth connauth = fsm_context;
 450
 451   SILC_LOG_DEBUG(("Start"));
 452
 453   if (connauth->aborted) {
 454     /** Aborted */
 455     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 456     return SILC_FSM_CONTINUE;
 457   }
 458
 459   /* Start timeout */
 460   if (connauth->timeout_secs)
 461     silc_schedule_task_add_timeout(silc_fsm_get_schedule(fsm),
 462                                    silc_connauth_timeout, connauth,
 463                                    connauth->timeout_secs, 0);
 464
 465   /** Wait for initiator */
 466   silc_fsm_next(fsm, silc_connauth_st_responder_authenticate);
 467   return SILC_FSM_WAIT;
 468 }
 469
 470 SILC_FSM_STATE(silc_connauth_st_responder_authenticate)
 471 {
 472   SilcConnAuth connauth = fsm_context;
 473   SilcUInt16 payload_len;
 474   SilcUInt16 conn_type;
 475   unsigned char *auth_data = NULL, *passphrase = NULL;
 476   SilcUInt32 passphrase_len;
 477   SilcSKR repository = NULL;
 478   int ret;
 479
 480   SILC_LOG_DEBUG(("Start"));
 481
 482   if (connauth->aborted) {
 483     /** Aborted */
 484     silc_packet_free(connauth->packet);
 485     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 486     return SILC_FSM_CONTINUE;
 487   }
 488
 489   if (connauth->packet->type != SILC_PACKET_CONNECTION_AUTH) {
 490     /** Protocol failure */
 491     silc_packet_free(connauth->packet);
 492     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 493     return SILC_FSM_CONTINUE;
 494   }
 495
 496   /* Parse the received authentication data packet. The received
 497      payload is Connection Auth Payload. */
 498   ret = silc_buffer_unformat(&connauth->packet->buffer,
 499                              SILC_STR_UI_SHORT(&payload_len),
 500                              SILC_STR_UI_SHORT(&conn_type),
 501                              SILC_STR_END);
 502   if (ret == -1) {
 503     /** Bad payload */
 504     SILC_LOG_ERROR(("Bad payload in authentication packet"));
 505     silc_packet_free(connauth->packet);
 506     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 507     return SILC_FSM_CONTINUE;
 508   }
 509
 510   if (payload_len != silc_buffer_len(&connauth->packet->buffer)) {
 511     /** Bad payload length */
 512     SILC_LOG_ERROR(("Bad payload length in authentication packet"));
 513     silc_packet_free(connauth->packet);
 514     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 515     return SILC_FSM_CONTINUE;
 516   }
 517
 518   payload_len -= 4;
 519
 520   if (conn_type < SILC_CONN_CLIENT || conn_type > SILC_CONN_ROUTER) {
 521     /** Bad connection type */
 522     SILC_LOG_ERROR(("Bad connection type (%d) in authentication packet",
 523                     conn_type));
 524     silc_packet_free(connauth->packet);
 525     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 526     return SILC_FSM_CONTINUE;
 527   }
 528
 529   if (payload_len > 0) {
 530     /* Get authentication data */
 531     ret = silc_buffer_unformat(&connauth->packet->buffer,
 532                                SILC_STR_OFFSET(4),
 533                                SILC_STR_UI_XNSTRING(&auth_data,
 534                                                     payload_len),
 535                                SILC_STR_END);
 536     if (ret == -1) {
 537       /** Bad payload */
 538       SILC_LOG_DEBUG(("Bad payload in authentication payload"));
 539       silc_packet_free(connauth->packet);
 540       silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 541       return SILC_FSM_CONTINUE;
 542     }
 543   }
 544   silc_packet_free(connauth->packet);
 545
 546   SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
 547
 548   /* Get authentication data */
 549   if (!connauth->get_auth_data(connauth, conn_type, &passphrase,
 550                                &passphrase_len, &repository,
 551                                connauth->context)) {
 552     /** Connection not configured */
 553     SILC_LOG_ERROR(("Remote connection not configured"));
 554     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 555     return SILC_FSM_CONTINUE;
 556   }
 557
 558   /* Verify */
 559
 560   /* Passphrase authentication */
 561   if (passphrase && passphrase_len) {
 562     SILC_LOG_DEBUG(("Passphrase authentication"));
 563     if (!memcmp(auth_data, passphrase, passphrase_len)) {
 564       /** Authentication failed */
 565       silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 566       return SILC_FSM_CONTINUE;
 567     }
 568   } else if (repository) {
 569     /* Digital signature */
 570     SilcSKRFind find;
 571
 572     SILC_LOG_DEBUG(("Digital signature authentication"));
 573
 574     connauth->auth_data = silc_memdup(auth_data, payload_len);
 575     connauth->auth_data_len = payload_len;
 576
 577     /* Allocate search constraints for finding the key */
 578     find = silc_skr_find_alloc();
 579
 580     if (!find || !connauth->auth_data) {
 581       /** Out of memory */
 582       silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 583       return SILC_FSM_CONTINUE;
 584     }
 585
 586     silc_skr_find_set_pkcs_type(find, connauth->ske->pk_type);
 587     silc_skr_find_set_public_key(find, connauth->ske->public_key);
 588     silc_skr_find_set_usage(find, (SILC_SKR_USAGE_AUTH |
 589                                    SILC_SKR_USAGE_KEY_AGREEMENT));
 590
 591     /** Find public key */
 592     silc_fsm_next(fsm, silc_connauth_st_responder_authenticate_pk);
 593     SILC_FSM_CALL(silc_skr_find(repository, find, silc_connauth_skr_callback,
 594                                 connauth));
 595     /* NOT REACHED */
 596   }
 597
 598   /* Passphrase auth Ok, or no authentication required */
 599
 600   /** Authentication successful */
 601   silc_fsm_next(fsm, silc_connauth_st_responder_success);
 602   return SILC_FSM_CONTINUE;
 603 }
 604
 605 SILC_FSM_STATE(silc_connauth_st_responder_authenticate_pk)
 606 {
 607   SilcConnAuth connauth = fsm_context;
 608   SilcSKRKey key;
 609
 610   if (connauth->aborted) {
 611     /** Aborted */
 612     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 613     return SILC_FSM_CONTINUE;
 614   }
 615
 616   if (connauth->skr_status != SILC_SKR_OK) {
 617     /** Public key not found */
 618     SILC_LOG_DEBUG(("Public key not found, error %d", connauth->skr_status));
 619     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 620     return SILC_FSM_CONTINUE;
 621   }
 622
 623   SILC_LOG_DEBUG(("Found %d public keys",
 624                   silc_dlist_count(connauth->public_keys)));
 625
 626   /* Verify signature */
 627   key = silc_dlist_get(connauth->public_keys);
 628   if (!silc_connauth_verify_signature(connauth, key->key,
 629                                       connauth->auth_data,
 630                                       connauth->auth_data_len)) {
 631     /** Invalid signature */
 632     SILC_LOG_DEBUG(("Invalid signature"));
 633     silc_free(connauth->auth_data);
 634     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 635     return SILC_FSM_CONTINUE;
 636   }
 637
 638   silc_free(connauth->auth_data);
 639
 640   /** Authentication successful */
 641   silc_fsm_next(fsm, silc_connauth_st_responder_success);
 642   return SILC_FSM_CONTINUE;
 643 }
 644
 645 SILC_FSM_STATE(silc_connauth_st_responder_success)
 646 {
 647   SilcConnAuth connauth = fsm_context;
 648   unsigned char tmp[4];
 649
 650   SILC_LOG_DEBUG(("Authentication successful"));
 651
 652   /* Send FAILURE packet */
 653   SILC_PUT32_MSB(SILC_AUTH_OK, tmp);
 654   silc_packet_send(connauth->ske->stream, SILC_PACKET_SUCCESS, 0, tmp, 4);
 655
 656   /* Call completion callback */
 657   connauth->completion(connauth, TRUE, connauth->context);
 658
 659   silc_packet_stream_unlink(connauth->ske->stream,
 660                             &silc_connauth_stream_cbs, connauth);
 661   silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
 662
 663   return SILC_FSM_FINISH;
 664 }
 665
 666 SILC_FSM_STATE(silc_connauth_st_responder_failure)
 667 {
 668   SilcConnAuth connauth = fsm_context;
 669   unsigned char error[4];
 670
 671   SILC_LOG_ERROR(("Authentication failed"));
 672
 673   if (!connauth->aborted) {
 674     /* Send FAILURE packet */
 675     SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
 676     silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4);
 677
 678     /* Call completion callback */
 679     connauth->completion(connauth, FALSE, connauth->context);
 680   }
 681
 682   silc_packet_stream_unlink(connauth->ske->stream,
 683                             &silc_connauth_stream_cbs, connauth);
 684   silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
 685
 686   return SILC_FSM_FINISH;
 687 }
 688
 689 SilcAsyncOperation
 690 silc_connauth_responder(SilcConnAuth connauth,
 691                         SilcConnAuthGetAuthData get_auth_data,
 692                         SilcConnAuthCompletion completion,
 693                         void *context)
 694 {
 695   SILC_LOG_DEBUG(("Connection authentication as responder"));
 696
 697   connauth->get_auth_data = get_auth_data;
 698   connauth->completion = completion;
 699   connauth->context = context;
 700
 701   /* Link to packet stream to get packets */
 702   silc_packet_stream_link(connauth->ske->stream,
 703                           &silc_connauth_stream_cbs, connauth, 1000000,
 704                           SILC_PACKET_CONNECTION_AUTH,
 705                           SILC_PACKET_FAILURE, -1);
 706
 707   /* Start the protocol */
 708   silc_async_init(&connauth->op, silc_connauth_abort, NULL, connauth);
 709   silc_fsm_start(connauth->fsm, silc_connauth_st_responder_start);
 710
 711   return &connauth->op;
 712 }