Author: Pekka Riikonen <priikone@silcnet.org>
- Copyright (C) 2001 - 2002 Pekka Riikonen
+ Copyright (C) 2001 - 2007 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
+ the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
*/
/* $Id$ */
-#include "silcincludes.h"
+#include "silc.h"
#include "silcauth.h"
/******************************************************************************
return NULL;
}
- if (newp->len != buffer.len) {
+ if (newp->len != silc_buffer_len(&buffer) ||
+ newp->random_len + newp->auth_len > silc_buffer_len(&buffer) - 8) {
silc_auth_payload_free(newp);
return NULL;
}
return payload->auth_method;
}
+/* Get the public data from the auth payload. */
+
+unsigned char *silc_auth_get_public_data(SilcAuthPayload payload,
+ SilcUInt32 *pubdata_len)
+{
+ if (pubdata_len)
+ *pubdata_len = (SilcUInt32)payload->random_len;
+
+ return payload->random_data;
+}
+
/* Get the authentication data. If this is passphrase it is UTF-8 encoded. */
unsigned char *silc_auth_get_data(SilcAuthPayload payload,
SilcUInt32 *auth_len)
{
if (auth_len)
- *auth_len = payload->auth_len;
+ *auth_len = (SilcUInt32)payload->auth_len;
return payload->auth_data;
}
static unsigned char *
silc_auth_public_key_encode_data(SilcPublicKey public_key,
- const unsigned char *random,
+ const unsigned char *randomdata,
SilcUInt32 random_len, const void *id,
SilcIdType type, SilcUInt32 *ret_len)
{
SilcBuffer buf;
- unsigned char *pk, *id_data, *ret;
+ unsigned char *pk, id_data[32], *ret;
SilcUInt32 pk_len, id_len;
pk = silc_pkcs_public_key_encode(public_key, &pk_len);
if (!pk)
return NULL;
- id_data = silc_id_id2str(id, type);
- if (!id_data) {
+ if (!silc_id_id2str(id, type, id_data, sizeof(id_data), &id_len)) {
silc_free(pk);
return NULL;
}
- id_len = silc_id_get_len(id, type);
buf = silc_buffer_alloc_size(random_len + id_len + pk_len);
if (!buf) {
silc_free(pk);
- silc_free(id_data);
return NULL;
}
silc_buffer_format(buf,
- SILC_STR_UI_XNSTRING(random, random_len),
+ SILC_STR_UI_XNSTRING(randomdata, random_len),
SILC_STR_UI_XNSTRING(id_data, id_len),
SILC_STR_UI_XNSTRING(pk, pk_len),
SILC_STR_END);
- ret = silc_memdup(buf->data, buf->len);
- if (!ret)
- return NULL;
-
- if (ret_len)
- *ret_len = buf->len;
+ ret = silc_buffer_steal(buf, ret_len);
silc_buffer_free(buf);
- silc_free(id_data);
silc_free(pk);
return ret;
SilcRng rng, SilcHash hash,
const void *id, SilcIdType type)
{
- unsigned char *random;
- unsigned char auth_data[1024];
- SilcUInt32 auth_len;
- unsigned char *tmp;
- SilcUInt32 tmp_len;
+ unsigned char *randomdata;
SilcBuffer buf;
- SilcPKCS pkcs;
-
- SILC_LOG_DEBUG(("Generating Authentication Payload with data"));
/* Get 256 bytes of random data */
if (rng)
- random = silc_rng_get_rn_data(rng, 256);
+ randomdata = silc_rng_get_rn_data(rng, 256);
else
- random = silc_rng_global_get_rn_data(256);
- if (!random)
+ randomdata = silc_rng_global_get_rn_data(256);
+ if (!randomdata)
return NULL;
+ buf = silc_auth_public_key_auth_generate_wpub(public_key, private_key,
+ randomdata, 256, hash,
+ id, type);
+
+ memset(randomdata, 0, 256);
+ silc_free(randomdata);
+
+ return buf;
+}
+
+/* Generates Authentication Payload with authentication data. This is used
+ to do public key based authentication. This generates the random data
+ and the actual authentication data. Returns NULL on error. */
+
+SilcBuffer
+silc_auth_public_key_auth_generate_wpub(SilcPublicKey public_key,
+ SilcPrivateKey private_key,
+ const unsigned char *pubdata,
+ SilcUInt32 pubdata_len,
+ SilcHash hash,
+ const void *id, SilcIdType type)
+{
+ unsigned char auth_data[2048 + 1];
+ SilcUInt32 auth_len;
+ unsigned char *tmp;
+ SilcUInt32 tmp_len;
+ SilcBuffer buf;
+
+ SILC_LOG_DEBUG(("Generating Authentication Payload with data"));
+
/* Encode the auth data */
- tmp = silc_auth_public_key_encode_data(public_key, random, 256, id, type,
- &tmp_len);
+ tmp = silc_auth_public_key_encode_data(public_key, pubdata, pubdata_len, id,
+ type, &tmp_len);
if (!tmp)
return NULL;
- /* Allocate PKCS object */
- if (!silc_pkcs_alloc(public_key->name, &pkcs)) {
- memset(tmp, 0, tmp_len);
- silc_free(tmp);
- return NULL;
- }
- silc_pkcs_public_key_set(pkcs, public_key);
- silc_pkcs_private_key_set(pkcs, private_key);
-
/* Compute the hash and the signature. */
- if (!silc_pkcs_sign_with_hash(pkcs, hash, tmp, tmp_len, auth_data,
- &auth_len)) {
- memset(random, 0, 256);
+ if (!silc_pkcs_sign(private_key, tmp, tmp_len, auth_data,
+ sizeof(auth_data) - 1, &auth_len, TRUE, hash)) {
memset(tmp, 0, tmp_len);
silc_free(tmp);
- silc_free(random);
- silc_pkcs_free(pkcs);
return NULL;
}
/* Encode Authentication Payload */
- buf = silc_auth_payload_encode(SILC_AUTH_PUBLIC_KEY, random, 256,
+ buf = silc_auth_payload_encode(SILC_AUTH_PUBLIC_KEY, pubdata, pubdata_len,
auth_data, auth_len);
memset(tmp, 0, tmp_len);
memset(auth_data, 0, sizeof(auth_data));
- memset(random, 0, 256);
silc_free(tmp);
- silc_free(random);
- silc_pkcs_free(pkcs);
return buf;
}
/* Verifies the authentication data. Returns TRUE if authentication was
successful. */
-bool silc_auth_public_key_auth_verify(SilcAuthPayload payload,
- SilcPublicKey public_key, SilcHash hash,
- const void *id, SilcIdType type)
+SilcBool silc_auth_public_key_auth_verify(SilcAuthPayload payload,
+ SilcPublicKey public_key,
+ SilcHash hash,
+ const void *id, SilcIdType type)
{
unsigned char *tmp;
SilcUInt32 tmp_len;
- SilcPKCS pkcs;
SILC_LOG_DEBUG(("Verifying authentication data"));
return FALSE;
}
- /* Allocate PKCS object */
- if (!silc_pkcs_alloc(public_key->name, &pkcs)) {
- memset(tmp, 0, tmp_len);
- silc_free(tmp);
- return FALSE;
- }
- silc_pkcs_public_key_set(pkcs, public_key);
-
/* Verify the authentication data */
- if (!silc_pkcs_verify_with_hash(pkcs, hash, payload->auth_data,
- payload->auth_len, tmp, tmp_len)) {
+ if (!silc_pkcs_verify(public_key, payload->auth_data,
+ payload->auth_len, tmp, tmp_len, hash)) {
memset(tmp, 0, tmp_len);
silc_free(tmp);
- silc_pkcs_free(pkcs);
SILC_LOG_DEBUG(("Authentication failed"));
return FALSE;
}
memset(tmp, 0, tmp_len);
silc_free(tmp);
- silc_pkcs_free(pkcs);
SILC_LOG_DEBUG(("Authentication successful"));
/* Same as above but the payload is not parsed yet. This will parse it. */
-bool silc_auth_public_key_auth_verify_data(const unsigned char *payload,
- SilcUInt32 payload_len,
- SilcPublicKey public_key,
- SilcHash hash,
- const void *id, SilcIdType type)
+SilcBool silc_auth_public_key_auth_verify_data(const unsigned char *payload,
+ SilcUInt32 payload_len,
+ SilcPublicKey public_key,
+ SilcHash hash,
+ const void *id, SilcIdType type)
{
SilcAuthPayload auth_payload;
int ret;
authentication then the `auth_data' is the SilcPublicKey and the
`auth_data_len' is ignored. */
-bool silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method,
- const void *auth_data, SilcUInt32 auth_data_len,
- SilcHash hash, const void *id, SilcIdType type)
+SilcBool silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method,
+ const void *auth_data, SilcUInt32 auth_data_len,
+ SilcHash hash, const void *id, SilcIdType type)
{
SILC_LOG_DEBUG(("Verifying authentication"));
/* Same as above but parses the authentication payload before verify. */
-bool silc_auth_verify_data(const unsigned char *payload,
- SilcUInt32 payload_len,
- SilcAuthMethod auth_method, const void *auth_data,
- SilcUInt32 auth_data_len, SilcHash hash,
- const void *id, SilcIdType type)
+SilcBool silc_auth_verify_data(const unsigned char *payload,
+ SilcUInt32 payload_len,
+ SilcAuthMethod auth_method,
+ const void *auth_data,
+ SilcUInt32 auth_data_len, SilcHash hash,
+ const void *id, SilcIdType type)
{
SilcAuthPayload auth_payload;
- bool ret;
+ SilcBool ret;
auth_payload = silc_auth_payload_parse(payload, payload_len);
if (!auth_payload || (auth_payload->auth_len == 0))
struct SilcKeyAgreementPayloadStruct {
SilcUInt16 hostname_len;
unsigned char *hostname;
- SilcUInt32 port;
+ SilcUInt16 protocol;
+ SilcUInt16 port;
};
/* Parses and returns an allocated Key Agreement payload. */
SILC_LOG_DEBUG(("Parsing Key Agreement Payload"));
- silc_buffer_set(&buffer, (unsigned char *)payload, payload_len);
newp = silc_calloc(1, sizeof(*newp));
if (!newp)
return NULL;
/* Parse the payload */
+ silc_buffer_set(&buffer, (unsigned char *)payload, payload_len);
ret = silc_buffer_unformat(&buffer,
SILC_STR_UI16_NSTRING_ALLOC(&newp->hostname,
&newp->hostname_len),
- SILC_STR_UI_INT(&newp->port),
+ SILC_STR_UI_SHORT(&newp->protocol),
+ SILC_STR_UI_SHORT(&newp->port),
SILC_STR_END);
- if (ret == -1) {
+ if (ret == -1 || newp->hostname_len > silc_buffer_len(&buffer) - 6) {
silc_free(newp);
return NULL;
}
/* Encodes the Key Agreement protocol and returns the encoded buffer */
SilcBuffer silc_key_agreement_payload_encode(const char *hostname,
- SilcUInt32 port)
+ SilcUInt16 protocol,
+ SilcUInt16 port)
{
SilcBuffer buffer;
SilcUInt32 len = hostname ? strlen(hostname) : 0;
silc_buffer_format(buffer,
SILC_STR_UI_SHORT(len),
SILC_STR_UI_XNSTRING(hostname, len),
- SILC_STR_UI_INT(port),
+ SILC_STR_UI_SHORT(protocol),
+ SILC_STR_UI_SHORT(port),
SILC_STR_END);
return buffer;
return payload->hostname;
}
+/* Returns the protocol in the payload */
+
+SilcUInt16 silc_key_agreement_get_protocol(SilcKeyAgreementPayload payload)
+{
+ return payload->protocol;
+}
+
/* Returns the port in the payload */
-SilcUInt32 silc_key_agreement_get_port(SilcKeyAgreementPayload payload)
+SilcUInt16 silc_key_agreement_get_port(SilcKeyAgreementPayload payload)
{
return payload->port;
}