lib/silcske/silcconnauth.c

   1 /*
   2
   3   silcconnauth.c
   4
   5   Author: Pekka Riikonen <priikone@silcnet.org>
   6
   7   Copyright (C) 2005 - 2007 Pekka Riikonen
   8
   9   This program is free software; you can redistribute it and/or modify
  10   it under the terms of the GNU General Public License as published by
  11   the Free Software Foundation; version 2 of the License.
  12
  13   This program is distributed in the hope that it will be useful,
  14   but WITHOUT ANY WARRANTY; without even the implied warranty of
  15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16   GNU General Public License for more details.
  17
  18 */
  19
  20 #include "silc.h"
  21 #include "silcconnauth.h"
  22
  23 /************************** Types and definitions ***************************/
  24
  25 static SilcBool silc_connauth_packet_receive(SilcPacketEngine engine,
  26                                              SilcPacketStream stream,
  27                                              SilcPacket packet,
  28                                              void *callback_context,
  29                                              void *app_context);
  30
  31 /* Connection authentication context */
  32 struct SilcConnAuthStruct {
  33   SilcSKE ske;
  34   SilcFSM fsm;
  35   SilcAsyncOperationStruct op;
  36   SilcConnectionType conn_type;
  37   SilcAuthMethod auth_method;
  38   void *auth_data;
  39   SilcUInt32 auth_data_len;
  40   SilcConnAuthCompletion completion;
  41   SilcConnAuthGetAuthData get_auth_data;
  42   void *context;
  43   SilcDList public_keys;
  44   SilcSKRStatus skr_status;
  45   SilcUInt32 timeout_secs;
  46   SilcPacket packet;
  47   unsigned int aborted   : 1;
  48   unsigned int success   : 1;
  49 };
  50
  51 /* Packet stream callbacks */
  52 static SilcPacketCallbacks silc_connauth_stream_cbs =
  53 {
  54   silc_connauth_packet_receive, NULL, NULL
  55 };
  56
  57
  58 /************************ Static utility functions **************************/
  59
  60 /* Packet callback */
  61
  62 static SilcBool silc_connauth_packet_receive(SilcPacketEngine engine,
  63                                              SilcPacketStream stream,
  64                                              SilcPacket packet,
  65                                              void *callback_context,
  66                                              void *app_context)
  67 {
  68   SilcConnAuth connauth = callback_context;
  69   connauth->packet = packet;
  70   silc_fsm_continue(connauth->fsm);
  71   return TRUE;
  72 }
  73
  74 /* Async operation abortion callback */
  75
  76 static void silc_connauth_abort(SilcAsyncOperation op, void *context)
  77 {
  78   SilcConnAuth connauth = context;
  79   connauth->aborted = TRUE;
  80 }
  81
  82 /* Generates signature for public key based authentication */
  83
  84 static SilcBool silc_connauth_get_signature(SilcConnAuth connauth,
  85                                             unsigned char **auth_data,
  86                                             SilcUInt32 *auth_data_len)
  87 {
  88   int len;
  89   SilcSKE ske;
  90   SilcPrivateKey private_key;
  91   SilcBuffer auth;
  92
  93   SILC_LOG_DEBUG(("Compute signature"));
  94
  95   ske = connauth->ske;
  96   private_key = connauth->auth_data;
  97
  98   /* Make the authentication data. Protocol says it is HASH plus
  99      KE Start Payload. */
 100   len = ske->hash_len + silc_buffer_len(ske->start_payload_copy);
 101   auth = silc_buffer_alloc_size(len);
 102   if (!auth)
 103     return FALSE;
 104   silc_buffer_format(auth,
 105                      SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
 106                      SILC_STR_UI_XNSTRING(
 107                                ske->start_payload_copy->data,
 108                                silc_buffer_len(ske->start_payload_copy)),
 109                      SILC_STR_END);
 110
 111   len = ((silc_pkcs_private_key_get_len(private_key) + 7) / 8) + 1;
 112   *auth_data = silc_calloc(len, sizeof(**auth_data));
 113   if (*auth_data == NULL) {
 114     silc_buffer_free(auth);
 115     return FALSE;
 116   }
 117
 118   /* Compute signature */
 119   if (!silc_pkcs_sign(private_key, auth->data, silc_buffer_len(auth),
 120                       *auth_data, len, auth_data_len, TRUE, ske->prop->hash)) {
 121     silc_free(*auth_data);
 122     silc_buffer_free(auth);
 123     return FALSE;
 124   }
 125
 126   silc_buffer_free(auth);
 127   return TRUE;
 128 }
 129
 130 /* Verifies digital signature */
 131
 132 static SilcBool silc_connauth_verify_signature(SilcConnAuth connauth,
 133                                                SilcPublicKey pub_key,
 134                                                unsigned char *sign,
 135                                                SilcUInt32 sign_len)
 136 {
 137   int len;
 138   SilcBuffer auth;
 139   SilcSKE ske = connauth->ske;
 140
 141   if (!pub_key || !sign)
 142     return FALSE;
 143
 144   /* Make the authentication data. Protocol says it is HASH plus
 145      KE Start Payload. */
 146   len = ske->hash_len + silc_buffer_len(ske->start_payload_copy);
 147   auth = silc_buffer_alloc_size(len);
 148   if (!auth)
 149     return FALSE;
 150   silc_buffer_format(auth,
 151                      SILC_STR_UI_XNSTRING(ske->hash, ske->hash_len),
 152                      SILC_STR_UI_XNSTRING(
 153                                   ske->start_payload_copy->data,
 154                                   silc_buffer_len(ske->start_payload_copy)),
 155                      SILC_STR_END);
 156
 157   /* Verify signature */
 158   if (!silc_pkcs_verify(pub_key, sign, sign_len, auth->data,
 159                         silc_buffer_len(auth), ske->prop->hash)) {
 160     silc_buffer_free(auth);
 161     return FALSE;
 162   }
 163
 164   silc_buffer_free(auth);
 165
 166   return TRUE;
 167 }
 168
 169 /* Timeout */
 170
 171 SILC_TASK_CALLBACK(silc_connauth_timeout)
 172 {
 173   SilcConnAuth connauth = context;
 174   SILC_LOG_DEBUG(("Protocol timeout"));
 175   connauth->aborted = TRUE;
 176   silc_fsm_continue_sync(connauth->fsm);
 177 }
 178
 179 /* SKR callback */
 180
 181 static void silc_connauth_skr_callback(SilcSKR skr, SilcSKRFind find,
 182                                        SilcSKRStatus status,
 183                                        SilcDList results, void *context)
 184 {
 185   SilcConnAuth connauth = context;
 186
 187   silc_skr_find_free(find);
 188
 189   connauth->public_keys = results;
 190   connauth->skr_status = status;
 191
 192   SILC_FSM_CALL_CONTINUE(connauth->fsm);
 193 }
 194
 195 /* FSM destructor */
 196
 197 static void silc_connauth_fsm_destructor(SilcFSM fsm, void *fsm_context,
 198                                          void *destructor_context)
 199 {
 200   silc_fsm_free(fsm);
 201 }
 202
 203
 204 /******************************* Protocol API *******************************/
 205
 206 /* Allocate connection authentication context */
 207
 208 SilcConnAuth silc_connauth_alloc(SilcSchedule schedule,
 209                                  SilcSKE ske,
 210                                  SilcUInt32 timeout_secs)
 211 {
 212   SilcConnAuth connauth;
 213
 214   if (!schedule || !ske)
 215     return NULL;
 216
 217   connauth = silc_calloc(1, sizeof(*connauth));
 218   if (!connauth)
 219     return NULL;
 220
 221   connauth->fsm = silc_fsm_alloc(connauth, silc_connauth_fsm_destructor,
 222                                  NULL, schedule);
 223   if (!connauth->fsm) {
 224     silc_connauth_free(connauth);
 225     return NULL;
 226   }
 227
 228   connauth->timeout_secs = timeout_secs;
 229   connauth->ske = ske;
 230
 231   return connauth;
 232 }
 233
 234 /* Free connection authentication context */
 235
 236 void silc_connauth_free(SilcConnAuth connauth)
 237 {
 238   if (connauth->public_keys)
 239     silc_dlist_uninit(connauth->public_keys);
 240   silc_free(connauth);
 241 }
 242
 243 /* Return associated SKE context */
 244
 245 SilcSKE silc_connauth_get_ske(SilcConnAuth connauth)
 246 {
 247   return connauth->ske;
 248 }
 249
 250
 251 /******************************** Initiator *********************************/
 252
 253 SILC_FSM_STATE(silc_connauth_st_initiator_start);
 254 SILC_FSM_STATE(silc_connauth_st_initiator_result);
 255 SILC_FSM_STATE(silc_connauth_st_initiator_failure);
 256
 257 SILC_FSM_STATE(silc_connauth_st_initiator_start)
 258 {
 259   SilcConnAuth connauth = fsm_context;
 260   SilcBuffer packet;
 261   int payload_len = 0;
 262   unsigned char *auth_data = NULL;
 263   SilcUInt32 auth_data_len = 0;
 264   SilcPacketFlags flags = 0;
 265
 266   SILC_LOG_DEBUG(("Start"));
 267
 268   if (connauth->aborted) {
 269     /** Aborted */
 270     silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 271     return SILC_FSM_CONTINUE;
 272   }
 273
 274   /* Start timeout */
 275   if (connauth->timeout_secs)
 276     silc_schedule_task_add_timeout(silc_fsm_get_schedule(fsm),
 277                                    silc_connauth_timeout, connauth,
 278                                    connauth->timeout_secs, 0);
 279
 280   switch (connauth->auth_method) {
 281   case SILC_AUTH_NONE:
 282     /* No authentication required */
 283     break;
 284
 285   case SILC_AUTH_PASSWORD:
 286     auth_data = silc_memdup(connauth->auth_data, connauth->auth_data_len);
 287     if (!auth_data) {
 288       /** Out of memory */
 289       silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 290       return SILC_FSM_CONTINUE;
 291     }
 292     auth_data_len = connauth->auth_data_len;
 293     flags = SILC_PACKET_FLAG_LONG_PAD;
 294     break;
 295
 296   case SILC_AUTH_PUBLIC_KEY:
 297     if (!silc_connauth_get_signature(connauth, &auth_data, &auth_data_len)) {
 298       /** Error computing signature */
 299       silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 300       return SILC_FSM_CONTINUE;
 301     }
 302     break;
 303   }
 304
 305   payload_len = 4 + auth_data_len;
 306   packet = silc_buffer_alloc_size(payload_len);
 307   if (!packet) {
 308     /** Out of memory */
 309     silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 310     return SILC_FSM_CONTINUE;
 311   }
 312
 313   silc_buffer_format(packet,
 314                      SILC_STR_UI_SHORT(payload_len),
 315                      SILC_STR_UI_SHORT(connauth->conn_type),
 316                      SILC_STR_UI_XNSTRING(auth_data, auth_data_len),
 317                      SILC_STR_END);
 318
 319   /* Send the packet */
 320   if (!silc_packet_send(connauth->ske->stream, SILC_PACKET_CONNECTION_AUTH,
 321                         flags, packet->data, silc_buffer_len(packet))) {
 322     /** Error sending packet */
 323     silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 324     return SILC_FSM_CONTINUE;
 325   }
 326
 327   if (auth_data) {
 328     memset(auth_data, 0, auth_data_len);
 329     silc_free(auth_data);
 330   }
 331   silc_buffer_free(packet);
 332
 333   /** Wait for responder */
 334   silc_fsm_next(fsm, silc_connauth_st_initiator_result);
 335   return SILC_FSM_WAIT;
 336 }
 337
 338 SILC_FSM_STATE(silc_connauth_st_initiator_result)
 339 {
 340   SilcConnAuth connauth = fsm_context;
 341
 342   SILC_LOG_DEBUG(("Start"));
 343
 344   if (connauth->aborted) {
 345     /** Aborted */
 346     silc_fsm_next(fsm, silc_connauth_st_initiator_failure);
 347     return SILC_FSM_CONTINUE;
 348   }
 349
 350   /* Check the status of authentication */
 351   if (connauth->packet->type == SILC_PACKET_SUCCESS) {
 352     SILC_LOG_DEBUG(("Authentication successful"));
 353     connauth->success = TRUE;
 354   } else {
 355     SILC_LOG_DEBUG(("Authentication failed"));
 356     connauth->success = FALSE;
 357   }
 358   silc_packet_free(connauth->packet);
 359
 360   silc_packet_stream_unlink(connauth->ske->stream,
 361                             &silc_connauth_stream_cbs, connauth);
 362   silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
 363
 364   /* Call completion callback */
 365   connauth->completion(connauth, connauth->success, connauth->context);
 366
 367   return SILC_FSM_FINISH;
 368 }
 369
 370 SILC_FSM_STATE(silc_connauth_st_initiator_failure)
 371 {
 372   SilcConnAuth connauth = fsm_context;
 373   unsigned char error[4];
 374
 375   SILC_LOG_DEBUG(("Start"));
 376
 377   /* Send FAILURE packet */
 378   SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
 379   silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4);
 380
 381   /* Call completion callback */
 382   connauth->completion(connauth, FALSE, connauth->context);
 383
 384   silc_packet_stream_unlink(connauth->ske->stream,
 385                             &silc_connauth_stream_cbs, connauth);
 386   silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
 387
 388   return SILC_FSM_FINISH;
 389 }
 390
 391 SilcAsyncOperation
 392 silc_connauth_initiator(SilcConnAuth connauth,
 393                         SilcConnectionType conn_type,
 394                         SilcAuthMethod auth_method, void *auth_data,
 395                         SilcUInt32 auth_data_len,
 396                         SilcConnAuthCompletion completion,
 397                         void *context)
 398 {
 399   SILC_LOG_DEBUG(("Connection authentication as initiator"));
 400
 401   if (auth_method == SILC_AUTH_PASSWORD && !auth_data) {
 402     completion(connauth, FALSE, context);
 403     return NULL;
 404   }
 405
 406   if (auth_method == SILC_AUTH_PUBLIC_KEY && !auth_data) {
 407     completion(connauth, FALSE, context);
 408     return NULL;
 409   }
 410
 411   connauth->conn_type = conn_type;
 412   connauth->auth_method = auth_method;
 413   connauth->auth_data = auth_data;
 414   connauth->auth_data_len = auth_data_len;
 415   connauth->completion = completion;
 416   connauth->context = context;
 417
 418   /* Link to packet stream to get packets */
 419   silc_packet_stream_link(connauth->ske->stream,
 420                           &silc_connauth_stream_cbs, connauth, 1000000,
 421                           SILC_PACKET_SUCCESS,
 422                           SILC_PACKET_FAILURE, -1);
 423
 424   /* Start the protocol */
 425   silc_async_init(&connauth->op, silc_connauth_abort, NULL, connauth);
 426   silc_fsm_start(connauth->fsm, silc_connauth_st_initiator_start);
 427
 428   return &connauth->op;
 429 }
 430
 431
 432 /******************************** Responder *********************************/
 433
 434 SILC_FSM_STATE(silc_connauth_st_responder_start);
 435 SILC_FSM_STATE(silc_connauth_st_responder_authenticate);
 436 SILC_FSM_STATE(silc_connauth_st_responder_authenticate_pk);
 437 SILC_FSM_STATE(silc_connauth_st_responder_success);
 438 SILC_FSM_STATE(silc_connauth_st_responder_failure);
 439
 440 SILC_FSM_STATE(silc_connauth_st_responder_start)
 441 {
 442   SilcConnAuth connauth = fsm_context;
 443
 444   SILC_LOG_DEBUG(("Start"));
 445
 446   if (connauth->aborted) {
 447     /** Aborted */
 448     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 449     return SILC_FSM_CONTINUE;
 450   }
 451
 452   /* Start timeout */
 453   if (connauth->timeout_secs)
 454     silc_schedule_task_add_timeout(silc_fsm_get_schedule(fsm),
 455                                    silc_connauth_timeout, connauth,
 456                                    connauth->timeout_secs, 0);
 457
 458   /** Wait for initiator */
 459   silc_fsm_next(fsm, silc_connauth_st_responder_authenticate);
 460   return SILC_FSM_WAIT;
 461 }
 462
 463 SILC_FSM_STATE(silc_connauth_st_responder_authenticate)
 464 {
 465   SilcConnAuth connauth = fsm_context;
 466   SilcUInt16 payload_len;
 467   SilcUInt16 conn_type;
 468   unsigned char *auth_data = NULL, *passphrase = NULL;
 469   SilcUInt32 passphrase_len;
 470   SilcSKR repository = NULL;
 471   int ret;
 472
 473   SILC_LOG_DEBUG(("Start"));
 474
 475   if (connauth->aborted) {
 476     /** Aborted */
 477     silc_packet_free(connauth->packet);
 478     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 479     return SILC_FSM_CONTINUE;
 480   }
 481
 482   if (connauth->packet->type != SILC_PACKET_CONNECTION_AUTH) {
 483     /** Protocol failure */
 484     silc_packet_free(connauth->packet);
 485     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 486     return SILC_FSM_CONTINUE;
 487   }
 488
 489   /* Parse the received authentication data packet. The received
 490      payload is Connection Auth Payload. */
 491   ret = silc_buffer_unformat(&connauth->packet->buffer,
 492                              SILC_STR_UI_SHORT(&payload_len),
 493                              SILC_STR_UI_SHORT(&conn_type),
 494                              SILC_STR_END);
 495   if (ret == -1) {
 496     /** Bad payload */
 497     SILC_LOG_ERROR(("Bad payload in authentication packet"));
 498     silc_packet_free(connauth->packet);
 499     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 500     return SILC_FSM_CONTINUE;
 501   }
 502
 503   if (payload_len != silc_buffer_len(&connauth->packet->buffer)) {
 504     /** Bad payload length */
 505     SILC_LOG_ERROR(("Bad payload length in authentication packet"));
 506     silc_packet_free(connauth->packet);
 507     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 508     return SILC_FSM_CONTINUE;
 509   }
 510
 511   payload_len -= 4;
 512
 513   if (conn_type < SILC_CONN_CLIENT || conn_type > SILC_CONN_ROUTER) {
 514     /** Bad connection type */
 515     SILC_LOG_ERROR(("Bad connection type (%d) in authentication packet",
 516                     conn_type));
 517     silc_packet_free(connauth->packet);
 518     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 519     return SILC_FSM_CONTINUE;
 520   }
 521
 522   if (payload_len > 0) {
 523     /* Get authentication data */
 524     ret = silc_buffer_unformat(&connauth->packet->buffer,
 525                                SILC_STR_OFFSET(4),
 526                                SILC_STR_UI_XNSTRING(&auth_data,
 527                                                     payload_len),
 528                                SILC_STR_END);
 529     if (ret == -1) {
 530       /** Bad payload */
 531       SILC_LOG_DEBUG(("Bad payload in authentication payload"));
 532       silc_packet_free(connauth->packet);
 533       silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 534       return SILC_FSM_CONTINUE;
 535     }
 536   }
 537   silc_packet_free(connauth->packet);
 538
 539   SILC_LOG_DEBUG(("Remote connection type %d", conn_type));
 540
 541   /* Get authentication data */
 542   if (!connauth->get_auth_data(connauth, conn_type, &passphrase,
 543                                &passphrase_len, &repository,
 544                                connauth->context)) {
 545     /** Connection not configured */
 546     SILC_LOG_ERROR(("Remote connection not configured"));
 547     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 548     return SILC_FSM_CONTINUE;
 549   }
 550
 551   /* Verify */
 552
 553   /* Passphrase authentication */
 554   if (passphrase && passphrase_len) {
 555     SILC_LOG_DEBUG(("Passphrase authentication"));
 556     if (!memcmp(auth_data, passphrase, passphrase_len)) {
 557       /** Authentication failed */
 558       silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 559       return SILC_FSM_CONTINUE;
 560     }
 561   } else if (repository) {
 562     /* Digital signature */
 563     SilcSKRFind find;
 564
 565     SILC_LOG_DEBUG(("Digital signature authentication"));
 566
 567     connauth->auth_data = silc_memdup(auth_data, payload_len);
 568     connauth->auth_data_len = payload_len;
 569
 570     /* Allocate search constraints for finding the key */
 571     find = silc_skr_find_alloc();
 572
 573     if (!find || !connauth->auth_data) {
 574       /** Out of memory */
 575       silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 576       return SILC_FSM_CONTINUE;
 577     }
 578
 579     silc_skr_find_set_pkcs_type(find, connauth->ske->pk_type);
 580     silc_skr_find_set_public_key(find, connauth->ske->public_key);
 581     silc_skr_find_set_usage(find, (SILC_SKR_USAGE_AUTH |
 582                                    SILC_SKR_USAGE_KEY_AGREEMENT));
 583
 584     /** Find public key */
 585     silc_fsm_next(fsm, silc_connauth_st_responder_authenticate_pk);
 586     SILC_FSM_CALL(silc_skr_find(repository, find, silc_connauth_skr_callback,
 587                                 connauth));
 588     /* NOT REACHED */
 589   }
 590
 591   /* Passphrase auth Ok, or no authentication required */
 592
 593   /** Authentication successful */
 594   silc_fsm_next(fsm, silc_connauth_st_responder_success);
 595   return SILC_FSM_CONTINUE;
 596 }
 597
 598 SILC_FSM_STATE(silc_connauth_st_responder_authenticate_pk)
 599 {
 600   SilcConnAuth connauth = fsm_context;
 601   SilcSKRKey key;
 602
 603   if (connauth->aborted) {
 604     /** Aborted */
 605     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 606     return SILC_FSM_CONTINUE;
 607   }
 608
 609   if (connauth->skr_status != SILC_SKR_OK) {
 610     /** Public key not found */
 611     SILC_LOG_DEBUG(("Public key not found, error %d", connauth->skr_status));
 612     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 613     return SILC_FSM_CONTINUE;
 614   }
 615
 616   SILC_LOG_DEBUG(("Found %d public keys",
 617                   silc_dlist_count(connauth->public_keys)));
 618
 619   /* Verify signature */
 620   key = silc_dlist_get(connauth->public_keys);
 621   if (!silc_connauth_verify_signature(connauth, key->key,
 622                                       connauth->auth_data,
 623                                       connauth->auth_data_len)) {
 624     /** Invalid signature */
 625     SILC_LOG_DEBUG(("Invalid signature"));
 626     silc_free(connauth->auth_data);
 627     silc_fsm_next(fsm, silc_connauth_st_responder_failure);
 628     return SILC_FSM_CONTINUE;
 629   }
 630
 631   silc_free(connauth->auth_data);
 632
 633   /** Authentication successful */
 634   silc_fsm_next(fsm, silc_connauth_st_responder_success);
 635   return SILC_FSM_CONTINUE;
 636 }
 637
 638 SILC_FSM_STATE(silc_connauth_st_responder_success)
 639 {
 640   SilcConnAuth connauth = fsm_context;
 641   unsigned char tmp[4];
 642
 643   SILC_LOG_DEBUG(("Authentication successful"));
 644
 645   /* Send FAILURE packet */
 646   SILC_PUT32_MSB(SILC_AUTH_OK, tmp);
 647   silc_packet_send(connauth->ske->stream, SILC_PACKET_SUCCESS, 0, tmp, 4);
 648
 649   /* Call completion callback */
 650   connauth->completion(connauth, TRUE, connauth->context);
 651
 652   silc_packet_stream_unlink(connauth->ske->stream,
 653                             &silc_connauth_stream_cbs, connauth);
 654   silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
 655
 656   return SILC_FSM_FINISH;
 657 }
 658
 659 SILC_FSM_STATE(silc_connauth_st_responder_failure)
 660 {
 661   SilcConnAuth connauth = fsm_context;
 662   unsigned char error[4];
 663
 664   SILC_LOG_ERROR(("Authentication failed"));
 665
 666   /* Send FAILURE packet */
 667   SILC_PUT32_MSB(SILC_AUTH_FAILED, error);
 668   silc_packet_send(connauth->ske->stream, SILC_PACKET_FAILURE, 0, error, 4);
 669
 670   /* Call completion callback */
 671   connauth->completion(connauth, FALSE, connauth->context);
 672
 673   silc_packet_stream_unlink(connauth->ske->stream,
 674                             &silc_connauth_stream_cbs, connauth);
 675   silc_schedule_task_del_by_context(silc_fsm_get_schedule(fsm), connauth);
 676
 677   return SILC_FSM_FINISH;
 678 }
 679
 680 SilcAsyncOperation
 681 silc_connauth_responder(SilcConnAuth connauth,
 682                         SilcConnAuthGetAuthData get_auth_data,
 683                         SilcConnAuthCompletion completion,
 684                         void *context)
 685 {
 686   SILC_LOG_DEBUG(("Connection authentication as responder"));
 687
 688   connauth->get_auth_data = get_auth_data;
 689   connauth->completion = completion;
 690   connauth->context = context;
 691
 692   /* Link to packet stream to get packets */
 693   silc_packet_stream_link(connauth->ske->stream,
 694                           &silc_connauth_stream_cbs, connauth, 1000000,
 695                           SILC_PACKET_CONNECTION_AUTH,
 696                           SILC_PACKET_FAILURE, -1);
 697
 698   /* Start the protocol */
 699   silc_async_init(&connauth->op, silc_connauth_abort, NULL, connauth);
 700   silc_fsm_start(connauth->fsm, silc_connauth_st_responder_start);
 701
 702   return &connauth->op;
 703 }