/* Parses and returns Authentication Payload */
-SilcAuthPayload silc_auth_payload_parse(SilcBuffer buffer)
+SilcAuthPayload silc_auth_payload_parse(unsigned char *data,
+ unsigned int data_len)
{
+ SilcBuffer buffer;
SilcAuthPayload new;
int ret;
SILC_LOG_DEBUG(("Parsing Authentication Payload"));
+ buffer = silc_buffer_alloc(data_len);
+ silc_buffer_pull_tail(buffer, SILC_BUFFER_END(buffer));
+ silc_buffer_put(buffer, data, data_len);
+
new = silc_calloc(1, sizeof(*new));
/* Parse the payload */
SILC_STR_END);
if (ret == -1) {
silc_free(new);
+ silc_buffer_free(buffer);
return NULL;
}
if (new->len != buffer->len) {
silc_auth_payload_free(new);
+ silc_buffer_free(buffer);
return NULL;
}
+ silc_buffer_free(buffer);
+
/* If password authentication, random data must not be set */
if (new->auth_method == SILC_AUTH_PASSWORD && new->random_len) {
silc_auth_payload_free(new);
SILC_LOG_DEBUG(("Encoding Authentication Payload"));
- len = 4 + 4 + random_len + auth_len;
+ len = 2 + 2 + 2 + random_len + 2 + auth_len;
buffer = silc_buffer_alloc(len);
silc_buffer_pull_tail(buffer, SILC_BUFFER_END(buffer));
silc_buffer_format(buffer,
}
}
+/* Get authentication method */
+
+SilcAuthMethod silc_auth_get_method(SilcAuthPayload payload)
+{
+ return payload->auth_method;
+}
+
+/* Get the authentication data */
+
+unsigned char *silc_auth_get_data(SilcAuthPayload payload,
+ unsigned int *auth_len)
+{
+ if (auth_len)
+ *auth_len = payload->auth_len;
+
+ return payload->auth_data;
+}
+
/******************************************************************************
Authentication Routines
dictates. */
static unsigned char *
-silc_auth_public_key_encode_data(SilcPKCS pkcs, unsigned char *random,
+silc_auth_public_key_encode_data(SilcPublicKey public_key,
+ unsigned char *random,
unsigned int random_len, void *id,
SilcIdType type, unsigned int *ret_len)
{
unsigned char *pk, *id_data, *ret;
unsigned int pk_len, id_len;
- pk = silc_pkcs_get_public_key(pkcs, &pk_len);
+ pk = silc_pkcs_public_key_encode(public_key, &pk_len);
if (!pk)
return NULL;
}
id_len = silc_id_get_len(type);
- buf = silc_buffer_alloc(random_len + pk_len);
+ buf = silc_buffer_alloc(random_len + id_len + pk_len);
silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
silc_buffer_format(buf,
SILC_STR_UI_XNSTRING(random, random_len),
SILC_STR_UI_XNSTRING(pk, pk_len),
SILC_STR_END);
- ret = silc_calloc(buf->len, sizeof(*ret));
+ ret = silc_calloc(buf->len + 1, sizeof(*ret));
memcpy(ret, buf->data, buf->len);
if (ret_len)
to do public key based authentication. This generates the random data
and the actual authentication data. Returns NULL on error. */
-SilcBuffer silc_auth_public_key_auth_generate(SilcPKCS pkcs,
+SilcBuffer silc_auth_public_key_auth_generate(SilcPublicKey public_key,
+ SilcPrivateKey private_key,
SilcHash hash,
void *id, SilcIdType type)
{
unsigned char *random;
- unsigned char auth_data[32];
+ unsigned char auth_data[1024];
unsigned int auth_len;
unsigned char *tmp;
unsigned int tmp_len;
SilcBuffer buf;
+ SilcPKCS pkcs;
SILC_LOG_DEBUG(("Generating Authentication Payload with data"));
return NULL;
/* Encode the auth data */
- tmp = silc_auth_public_key_encode_data(pkcs, random, 256, id, type,
+ tmp = silc_auth_public_key_encode_data(public_key, random, 256, id, type,
&tmp_len);
if (!tmp)
return NULL;
+ /* Allocate PKCS object */
+ if (!silc_pkcs_alloc(public_key->name, &pkcs)) {
+ memset(tmp, 0, tmp_len);
+ silc_free(tmp);
+ return NULL;
+ }
+ silc_pkcs_public_key_set(pkcs, public_key);
+ silc_pkcs_private_key_set(pkcs, private_key);
+
/* Compute the hash and the signature. */
if (!silc_pkcs_sign_with_hash(pkcs, hash, tmp, tmp_len, auth_data,
&auth_len)) {
memset(tmp, 0, tmp_len);
silc_free(tmp);
silc_free(random);
+ silc_pkcs_free(pkcs);
return NULL;
}
memset(random, 0, 256);
silc_free(tmp);
silc_free(random);
+ silc_pkcs_free(pkcs);
return buf;
}
/* Verifies the authentication data. Returns TRUE if authentication was
- successfull. */
+ successful. */
int silc_auth_public_key_auth_verify(SilcAuthPayload payload,
- SilcPKCS pkcs, SilcHash hash,
+ SilcPublicKey public_key, SilcHash hash,
void *id, SilcIdType type)
{
unsigned char *tmp;
unsigned int tmp_len;
+ SilcPKCS pkcs;
SILC_LOG_DEBUG(("Verifying authentication data"));
/* Encode auth data */
- tmp = silc_auth_public_key_encode_data(pkcs, payload->random_data,
+ tmp = silc_auth_public_key_encode_data(public_key, payload->random_data,
payload->random_len,
id, type, &tmp_len);
if (!tmp) {
return FALSE;
}
+ /* Allocate PKCS object */
+ if (!silc_pkcs_alloc(public_key->name, &pkcs)) {
+ memset(tmp, 0, tmp_len);
+ silc_free(tmp);
+ return FALSE;
+ }
+ silc_pkcs_public_key_set(pkcs, public_key);
+
/* Verify the authentication data */
if (!silc_pkcs_verify_with_hash(pkcs, hash, payload->auth_data,
payload->auth_len, tmp, tmp_len)) {
memset(tmp, 0, tmp_len);
silc_free(tmp);
+ silc_pkcs_free(pkcs);
SILC_LOG_DEBUG(("Authentication failed"));
return FALSE;
}
memset(tmp, 0, tmp_len);
silc_free(tmp);
+ silc_pkcs_free(pkcs);
- SILC_LOG_DEBUG(("Authentication successfull"));
+ SILC_LOG_DEBUG(("Authentication successful"));
return TRUE;
}
/* Same as above but the payload is not parsed yet. This will parse it. */
int silc_auth_public_key_auth_verify_data(SilcBuffer payload,
- SilcPKCS pkcs, SilcHash hash,
+ SilcPublicKey public_key,
+ SilcHash hash,
void *id, SilcIdType type)
{
SilcAuthPayload auth_payload;
int ret;
- auth_payload = silc_auth_payload_parse(payload);
+ auth_payload = silc_auth_payload_parse(payload->data, payload->len);
if (!auth_payload) {
SILC_LOG_DEBUG(("Authentication failed"));
return FALSE;
}
- ret = silc_auth_public_key_auth_verify(auth_payload, pkcs, hash,
+ ret = silc_auth_public_key_auth_verify(auth_payload, public_key, hash,
id, type);
silc_auth_payload_free(auth_payload);
return ret;
}
+/* Verifies the authentication data directly from the Authentication
+ Payload. Supports all authentication methods. If the authentication
+ method is passphrase based then the `auth_data' and `auth_data_len'
+ are the passphrase and its length. If the method is public key
+ authentication then the `auth_data' is the SilcPublicKey and the
+ `auth_data_len' is ignored. */
+
+int silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method,
+ void *auth_data, unsigned int auth_data_len,
+ SilcHash hash, void *id, SilcIdType type)
+{
+ SILC_LOG_DEBUG(("Verifying authentication"));
+
+ if (auth_method != payload->auth_method)
+ return FALSE;
+
+ switch (payload->auth_method) {
+ case SILC_AUTH_NONE:
+ /* No authentication */
+ SILC_LOG_DEBUG(("No authentication required"));
+ return TRUE;
+
+ case SILC_AUTH_PASSWORD:
+ /* Passphrase based authentication. The `pkcs', `hash', `id' and `type'
+ arguments are not needed. */
+ if (!memcmp(payload->auth_data, auth_data, payload->auth_len)) {
+ SILC_LOG_DEBUG(("Authentication successful"));
+ return TRUE;
+ }
+ break;
+
+ case SILC_AUTH_PUBLIC_KEY:
+ /* Public key based authentication */
+ return silc_auth_public_key_auth_verify(payload, (SilcPublicKey)auth_data,
+ hash, id, type);
+ break;
+
+ default:
+ break;
+ }
+
+ SILC_LOG_DEBUG(("Authentication failed"));
+
+ return FALSE;
+}
+
+/* Same as above but parses the authentication payload before verify. */
+
+int silc_auth_verify_data(unsigned char *payload, unsigned int payload_len,
+ SilcAuthMethod auth_method, void *auth_data,
+ unsigned int auth_data_len, SilcHash hash,
+ void *id, SilcIdType type)
+{
+ SilcAuthPayload auth_payload;
+ int ret;
+
+ auth_payload = silc_auth_payload_parse(payload, payload_len);
+ if (!auth_payload)
+ return FALSE;
+
+ ret = silc_auth_verify(auth_payload, auth_method, auth_data, auth_data_len,
+ hash, id, type);
+
+ silc_auth_payload_free(auth_payload);
+
+ return ret;
+}
+
/******************************************************************************
Key Agreement Payload
unsigned int port)
{
SilcBuffer buffer;
- unsigned int len = strlen(hostname);
+ unsigned int len = hostname ? strlen(hostname) : 0;
SILC_LOG_DEBUG(("Encoding Key Agreement Payload"));
projects / silc.git / blobdiff