/*
- silcauth.h
+ silcauth.h
Author: Pekka Riikonen <priikone@silcnet.org>
- Copyright (C) 2001 - 2002 Pekka Riikonen
+ Copyright (C) 2001 - 2007 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
* DESCRIPTION
*
* Implementations of the SILC Authentication Payload and authentication
- * routines. The SILC Authentication Payload is used to deliver
- * authentication data usually from client to server in purpose of
+ * routines. The SILC Authentication Payload is used to deliver
+ * authentication data usually from client to server in purpose of
* gaining access to some service. The Payload and the authentication
* routines supports both passphrase and public key (signature) based
* authentication.
* used by client to agree on key material usually with another client
* in the network.
*
- * This interface defines also the SILC_MESSAGE_FLAG_SIGNED Payload,
- * which defines how channel messages and private messages can be digitally
- * signed. This interface provides the payload parsing, encoding,
- * signature computing and signature verification routines.
- *
***/
#ifndef SILCAUTH_H
/****d* silccore/SilcAuthAPI/SilcAuthMethod
*
* NAME
- *
+ *
* typedef SilcUInt16 SilcAuthMethod;
*
* DESCRIPTION
#define SILC_AUTH_PASSWORD 1 /* Passphrase authentication */
#define SILC_AUTH_PUBLIC_KEY 2 /* Public key authentication */
-/* Authentication protocol status message (used by all authentication
- protocols in the SILC). */
-#define SILC_AUTH_OK 0
-#define SILC_AUTH_FAILED 1
+/****d* silccore/SilcAuthAPI/SilcAuthResult
+ *
+ * NAME
+ *
+ * typedef SilcUInt32 SilcAuthResult;
+ *
+ * DESCRIPTION
+ *
+ * Authentication protocol status. Used by all authentication protocols
+ * in SILC.
+ *
+ * SOURCE
+ */
+typedef SilcUInt32 SilcAuthResult;
+
+#define SILC_AUTH_OK 0 /* Authentication successful */
+#define SILC_AUTH_FAILED 1 /* Authentication failed */
/***/
/****s* silccore/SilcAuthAPI/SilcAuthPayload
*
* NAME
- *
- * typedef struct SilcAuthPayloadStruct *SilcAuthPayload;
+ *
+ * typedef struct SilcAuthPayloadStruct *SilcAuthPayload;
*
*
* DESCRIPTION
***/
SilcAuthMethod silc_auth_get_method(SilcAuthPayload payload);
+/****f* silccore/SilcAuthAPI/silc_auth_get_public_data
+ *
+ * SYNOPSIS
+ *
+ * unsigned char *silc_auth_get_public_data(SilcAuthPayload payload,
+ * SilcUInt32 *pubdata_len);
+ *
+ * DESCRIPTION
+ *
+ * Returns the public data (usually random data) from the payload.
+ * Caller must not free the returned data.
+ *
+ ***/
+unsigned char *silc_auth_get_public_data(SilcAuthPayload payload,
+ SilcUInt32 *pubdata_len);
+
/****f* silccore/SilcAuthAPI/silc_auth_get_data
*
* SYNOPSIS
* SilcPrivateKey private_key,
* SilcRng rng,
* SilcHash hash,
- * const void *id,
+ * const void *id,
* SilcIdType type);
*
* DESCRIPTION
SilcRng rng, SilcHash hash,
const void *id, SilcIdType type);
+/****f* silccore/SilcAuthAPI/silc_auth_public_key_auth_generate_wpub
+ *
+ * SYNOPSIS
+ *
+ * SilcBuffer
+ * silc_auth_public_key_auth_generate_wpub(SilcPublicKey public_key,
+ * SilcPrivateKey private_key,
+ * const unsigned char *pubdata,
+ * SilcUInt32 pubdata_len,
+ * SilcHash hash,
+ * const void *id,
+ * SilcIdType type);
+ *
+ * DESCRIPTION
+ *
+ * Same as silc_auth_public_key_auth_generate but takes the public data
+ * (usually random data) as argument. This function can be used when
+ * the public data must be something else than purely random or its
+ * structure mut be set before signing.
+ *
+ ***/
+SilcBuffer
+silc_auth_public_key_auth_generate_wpub(SilcPublicKey public_key,
+ SilcPrivateKey private_key,
+ const unsigned char *pubdata,
+ SilcUInt32 pubdata_len,
+ SilcHash hash,
+ const void *id, SilcIdType type);
+
/****f* silccore/SilcAuthAPI/silc_auth_public_key_auth_verify
*
* SYNOPSIS
*
- * bool silc_auth_public_key_auth_verify(SilcAuthPayload payload,
- * SilcPublicKey public_key,
+ * SilcBool silc_auth_public_key_auth_verify(SilcAuthPayload payload,
+ * SilcPublicKey public_key,
* SilcHash hash,
* const void *id, SilcIdType type);
*
* successful.
*
***/
-bool silc_auth_public_key_auth_verify(SilcAuthPayload payload,
- SilcPublicKey public_key, SilcHash hash,
- const void *id, SilcIdType type);
+SilcBool silc_auth_public_key_auth_verify(SilcAuthPayload payload,
+ SilcPublicKey public_key,
+ SilcHash hash,
+ const void *id,
+ SilcIdType type);
/****f* silccore/SilcAuthAPI/silc_auth_public_key_auth_verify_data
*
* SYNOPSIS
*
- * bool silc_auth_public_key_auth_verify_data(const unsigned char *payload,
+ * SilcBool silc_auth_public_key_auth_verify_data(const unsigned char *payload,
* SilcUInt32 payload_len,
- * SilcPublicKey public_key,
+ * SilcPublicKey public_key,
* SilcHash hash,
- * const void *id,
+ * const void *id,
* SilcIdType type);
*
* DESCRIPTION
* was successful.
*
***/
-bool silc_auth_public_key_auth_verify_data(const unsigned char *payload,
- SilcUInt32 payload_len,
- SilcPublicKey public_key,
- SilcHash hash,
- const void *id, SilcIdType type);
+SilcBool silc_auth_public_key_auth_verify_data(const unsigned char *payload,
+ SilcUInt32 payload_len,
+ SilcPublicKey public_key,
+ SilcHash hash,
+ const void *id,
+ SilcIdType type);
/****f* silccore/SilcAuthAPI/silc_auth_verify
*
* SYNOPSIS
*
- * bool silc_auth_verify(SilcAuthPayload payload,
+ * SilcBool silc_auth_verify(SilcAuthPayload payload,
* SilcAuthMethod auth_method,
- * const void *auth_data, SilcUInt32 auth_data_len,
+ * const void *auth_data, SilcUInt32 auth_data_len,
* SilcHash hash, const void *id, SilcIdType type);
*
* DESCRIPTION
*
- * Verifies the authentication data directly from the Authentication
+ * Verifies the authentication data directly from the Authentication
* Payload. Supports all authentication methods. If the authentication
* method is passphrase based then the `auth_data' and `auth_data_len'
* are the passphrase and its length. The passphrase MUST be UTF-8
* `auth_data' is the SilcPublicKey and the `auth_data_len' is ignored.
*
***/
-bool silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method,
- const void *auth_data, SilcUInt32 auth_data_len,
- SilcHash hash, const void *id, SilcIdType type);
+SilcBool silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method,
+ const void *auth_data, SilcUInt32 auth_data_len,
+ SilcHash hash, const void *id, SilcIdType type);
/****f* silccore/SilcAuthAPI/silc_auth_verify_data
*
* SYNOPSIS
*
- * bool silc_auth_verify_data(const unsigned char *payload,
+ * SilcBool silc_auth_verify_data(const unsigned char *payload,
* SilcUInt32 payload_len,
- * SilcAuthMethod auth_method,
+ * SilcAuthMethod auth_method,
* const void *auth_data,
- * SilcUInt32 auth_data_len, SilcHash hash,
+ * SilcUInt32 auth_data_len, SilcHash hash,
* const void *id, SilcIdType type);
- *
+ *
* DESCRIPTION
*
* Same as silc_auth_verify but the payload has not been parsed yet.
- * Verifies the authentication data directly from the Authentication
+ * Verifies the authentication data directly from the Authentication
* Payload. Supports all authentication methods. If the authentication
* method is passphrase based then the `auth_data' and `auth_data_len'
* are the passphrase and its length. The passphrase MUST be UTF-8
* `auth_data' is the SilcPublicKey and the `auth_data_len' is ignored.
*
***/
-bool silc_auth_verify_data(const unsigned char *payload,
- SilcUInt32 payload_len,
- SilcAuthMethod auth_method, const void *auth_data,
- SilcUInt32 auth_data_len, SilcHash hash,
- const void *id, SilcIdType type);
+SilcBool silc_auth_verify_data(const unsigned char *payload,
+ SilcUInt32 payload_len,
+ SilcAuthMethod auth_method,
+ const void *auth_data,
+ SilcUInt32 auth_data_len, SilcHash hash,
+ const void *id, SilcIdType type);
/****s* silccore/SilcAuthAPI/SilcKeyAgreementPayload
*
* NAME
- *
+ *
* typedef struct SilcKeyAgreementPayloadStruct *SilcKeyAgreementPayload;
*
* DESCRIPTION
*
* SYNOPSIS
*
- * SilcKeyAgreementPayload
+ * SilcKeyAgreementPayload
* silc_key_agreement_payload_parse(const unsigned char *payload,
* SilcUInt32 payload_len);
*
* Parses and returns an allocated Key Agreement payload.
*
***/
-SilcKeyAgreementPayload
+SilcKeyAgreementPayload
silc_key_agreement_payload_parse(const unsigned char *payload,
SilcUInt32 payload_len);
* SYNOPSIS
*
* SilcBuffer silc_key_agreement_payload_encode(char *hostname,
- * SilcUInt32 port);
+ * SilcUInt16 protocol,
+ * SilcUInt16 port);
*
* DESCRIPTION
*
- * Encodes the Key Agreement protocol and returns the encoded buffer
+ * Encodes the Key Agreement payload and returns the encoded buffer.
+ * The `protocol' is 0 for TCP and 1 for UDP.
*
***/
SilcBuffer silc_key_agreement_payload_encode(const char *hostname,
- SilcUInt32 port);
+ SilcUInt16 protocol,
+ SilcUInt16 port);
/****f* silccore/SilcAuthAPI/silc_key_agreement_payload_free
*
*
* DESCRIPTION
*
- * Frees the Key Agreement protocol and all data in it.
+ * Frees the Key Agreement payload and all data in it.
*
***/
void silc_key_agreement_payload_free(SilcKeyAgreementPayload payload);
***/
char *silc_key_agreement_get_hostname(SilcKeyAgreementPayload payload);
-/****f* silccore/SilcAuthAPI/silc_key_agreement_get_port
- *
- * SYNOPSIS
- *
- * SilcUInt32 silc_key_agreement_get_port(SilcKeyAgreementPayload payload);
- *
- * DESCRIPTION
- *
- * Returns the port in the payload. The port is the port on the
- * host returned by silc_key_agreement_get_hostname that is running
- * the SILC Key Exchange protocol.
- *
- ***/
-SilcUInt32 silc_key_agreement_get_port(SilcKeyAgreementPayload payload);
-
-/****s* silccore/SilcAuthAPI/SilcSignedPayload
- *
- * NAME
- *
- * typedef struct SilcSignedPayloadStruct *SilcSignedPayload;
- *
- *
- * DESCRIPTION
- *
- * This context represents the SILC_MESSAGE_FLAG_SIGNED Payload which
- * is used with channel messages and private messages to indicate that
- * the message is digitally signed. This payload may include the
- * message sender's public key and it includes the digital signature.
- * This payload MUST NOT be used in any other context except with
- * channel and private message sending and reception.
- *
- ***/
-typedef struct SilcSignedPayloadStruct *SilcSignedPayload;
-
-/****f* silccore/SilcAuthAPI/silc_signed_payload_parse
- *
- * SYNOPSIS
- *
- * SilcSignedPayload silc_signed_payload_parse(const unsigned char *data,
- * SilcUInt32 data_len);
- *
- * DESCRIPTION
- *
- * Parses the SILC_MESSAGE_FLAG_SIGNED Payload from the `data' of
- * length of `data_len' bytes. The `data' must be payload without
- * the actual message payload. Returns the parsed payload or NULL
- * on error. Caller must free the returned payload.
- *
- ***/
-SilcSignedPayload silc_signed_payload_parse(const unsigned char *data,
- SilcUInt32 data_len);
-
-/****f* silccore/SilcAuthAPI/silc_signed_payload_encode
- *
- * SYNOPSIS
- *
- * SilcBuffer
- * silc_signed_payload_encode(const unsigned char *message_payload,
- * SilcUInt32 message_payload_len,
- * SilcPublicKey public_key,
- * SilcPrivateKey private_key,
- * bool include_public_key);
- *
- * DESCRIPTION
- *
- * Encodes the SILC_MESSAGE_FLAG_SIGNED Payload and computes the
- * digital signature. The `message_payload' is the message data that
- * is used in the signature computation. The encoding of the buffer
- * is specified in the SILC protocol. If `include_public_key' is
- * TRUE then the public key included in the payload. The `private_key'
- * is used to produce the signature. This function returns the encoded
- * payload with the signature or NULL on error. Caller must free the
- * returned buffer.
- *
- ***/
-SilcBuffer silc_signed_payload_encode(const unsigned char *message_payload,
- SilcUInt32 message_payload_len,
- SilcPublicKey public_key,
- SilcPrivateKey private_key,
- SilcHash hash,
- bool include_public_key);
-
-/****f* silccore/SilcAuthAPI/silc_signed_payload_free
- *
- * SYNOPSIS
- *
- * void silc_signed_payload_free(SilcSignedPayload sig);
- *
- * DESCRIPTION
- *
- * Frees the SILC_MESSAGE_FLAG_SIGNED Payload.
- *
- ***/
-void silc_signed_payload_free(SilcSignedPayload sig);
-
-/****f* silccore/SilcAuthAPI/silc_signed_payload_verify
+/****f* silccore/SilcAuthAPI/silc_key_agreement_get_protocol
*
* SYNOPSIS
*
- * int silc_signed_payload_verify(SilcSignedPayload sig,
- * bool channel_message,
- * void *message_payload,
- * SilcPublicKey remote_public_key,
- * SilcHash hash);
+ * SilcUInt16
+ * silc_key_agreement_get_protocol(SilcKeyAgreementPayload payload);
*
* DESCRIPTION
*
- * This routine can be used to verify the signature found in
- * SILC_MESSAGE_FLAG_SIGNED Payload. The `remote_public_key' is the
- * sender's public key and is used in the verification. If the
- * `channel_message' is TRUE then `message_payload' must include the
- * SilcChannelMessagePayload. If it is FALSE then it must include
- * SilcPrivateMessagePayload. This returns SILC_AUTH_OK if the
- * signature verification was successful.
+ * Returns the protocol in the payload. The protocol is either TCP (0)
+ * or UDP (1).
*
***/
-int silc_signed_payload_verify(SilcSignedPayload sig,
- bool channel_message,
- void *message_payload,
- SilcPublicKey remote_public_key,
- SilcHash hash);
+SilcUInt16 silc_key_agreement_get_protocol(SilcKeyAgreementPayload payload);
-/****f* silccore/SilcAuthAPI/silc_signed_payload_get_public_key
+/****f* silccore/SilcAuthAPI/silc_key_agreement_get_port
*
* SYNOPSIS
*
- * SilcPublicKey silc_signed_payload_get_public_key(SilcSignedPayload sig);
+ * SilcUInt16 silc_key_agreement_get_port(SilcKeyAgreementPayload payload);
*
* DESCRIPTION
*
- * Returns the public key from the SILC_MESSAGE_FLAG_SIGNED Payload
- * or NULL if it does not include public key. The caller must free
- * the returned public key.
+ * Returns the port in the payload. The port is the port on the
+ * host returned by silc_key_agreement_get_hostname that is running
+ * the SILC Key Exchange protocol.
*
***/
-SilcPublicKey silc_signed_payload_get_public_key(SilcSignedPayload sig);
+SilcUInt16 silc_key_agreement_get_port(SilcKeyAgreementPayload payload);
#endif