/*
* $Id$
* $Log$
+ * Revision 1.6 2000/07/19 07:04:37 priikone
+ * Added version detection support to SKE. Minor bugfixes.
+ *
+ * Revision 1.5 2000/07/10 05:34:22 priikone
+ * Added mp binary encoding as protocols defines.
+ *
+ * Revision 1.4 2000/07/07 06:46:43 priikone
+ * Removed ske_verify_public_key function as it is not needed
+ * anymore. Added support to the public key verification as callback
+ * function. Other minor changes and bug fixes.
+ *
* Revision 1.3 2000/07/06 07:12:39 priikone
* Support for SILC style public keys added.
*
silc_buffer_free(ske->start_payload_copy);
if (ske->pk)
silc_free(ske->pk);
+ /* XXX
silc_mp_clear(&ske->x);
silc_mp_clear(&ske->KEY);
+ */
if (ske->hash)
silc_free(ske->hash);
silc_free(ske);
Key Exchange 1 Payload. */
SilcSKEStatus silc_ske_initiator_phase_2(SilcSKE ske,
+ SilcPublicKey public_key,
SilcSKESendPacketCb send_packet,
void *context)
{
SilcBuffer payload_buf;
SilcInt x, e;
SilcSKEOnePayload *payload;
+ unsigned int pk_len;
SILC_LOG_DEBUG(("Start"));
/* Encode the result to Key Exchange 1 Payload. */
payload = silc_calloc(1, sizeof(*payload));
payload->e = e;
+ payload->pk_data = silc_pkcs_public_key_encode(public_key, &pk_len);
+ payload->pk_len = pk_len;
+ payload->pk_type = SILC_SKE_PK_TYPE_SILC;
status = silc_ske_payload_one_encode(ske, payload, &payload_buf);
if (status != SILC_SKE_STATUS_OK) {
silc_mp_clear(&x);
SilcSKEStatus silc_ske_initiator_finish(SilcSKE ske,
SilcBuffer ke2_payload,
+ SilcSKEVerifyCb verify_key,
+ void *verify_context,
SilcSKECb callback,
void *context)
{
SilcSKEStatus status = SILC_SKE_STATUS_OK;
SilcSKETwoPayload *payload;
+ SilcPublicKey public_key = NULL;
SilcInt KEY;
unsigned char hash[32];
unsigned int hash_len;
SILC_LOG_DEBUG(("Verifying public key"));
- /* Verify the public key */ /* XXX */
- status = silc_ske_verify_public_key(ske, payload->pk_data,
- payload->pk_len);
- if (status != SILC_SKE_STATUS_OK)
+ if (!silc_pkcs_public_key_decode(payload->pk_data, payload->pk_len,
+ &public_key)) {
+ status = SILC_SKE_STATUS_UNSUPPORTED_PUBLIC_KEY;
goto err;
-
+ }
+
+ if (verify_key) {
+ status = (*verify_key)(ske, payload->pk_data, payload->pk_len,
+ payload->pk_type, verify_context);
+ if (status != SILC_SKE_STATUS_OK)
+ goto err;
+ }
+
SILC_LOG_DEBUG(("Public key is authentic"));
/* Compute the hash value */
SILC_LOG_DEBUG(("Verifying signature"));
/* Verify signature */
- silc_pkcs_public_key_data_set(ske->prop->pkcs, payload->pk_data,
- payload->pk_len);
+ silc_pkcs_public_key_data_set(ske->prop->pkcs, public_key->pk,
+ public_key->pk_len);
if (ske->prop->pkcs->pkcs->verify(ske->prop->pkcs->context,
payload->sign_data, payload->sign_len,
hash, hash_len) == FALSE) {
SILC_LOG_DEBUG(("Signature is Ok"));
+ silc_pkcs_public_key_free(public_key);
memset(hash, 'F', hash_len);
/* Call the callback. */
return status;
err:
- memset(hash, 'F', hash_len);
+ memset(hash, 'F', sizeof(hash));
silc_ske_payload_two_free(payload);
+ ske->ke2_payload = NULL;
silc_mp_clear(&ske->KEY);
+ if (public_key)
+ silc_pkcs_public_key_free(public_key);
+
if (ske->hash) {
memset(ske->hash, 'F', hash_len);
silc_free(ske->hash);
SilcSKEStatus silc_ske_responder_start(SilcSKE ske, SilcRng rng,
SilcSocketConnection sock,
+ char *version,
SilcBuffer start_payload,
SilcSKECb callback,
void *context)
/* Parse and select the security properties from the payload */
payload = silc_calloc(1, sizeof(*payload));
- status = silc_ske_select_security_properties(ske, payload, remote_payload);
+ status = silc_ske_select_security_properties(ske, version,
+ payload, remote_payload);
if (status != SILC_SKE_STATUS_OK)
goto err;
encodes Key Exchange 2 Payload and sends it to the other end. */
SilcSKEStatus silc_ske_responder_finish(SilcSKE ske,
- unsigned char *pk,
- unsigned int pk_len,
- unsigned char *prv,
- unsigned int prv_len,
+ SilcPublicKey public_key,
+ SilcPrivateKey private_key,
SilcSKEPKType pk_type,
SilcSKESendPacketCb send_packet,
void *context)
SilcSKEStatus status = SILC_SKE_STATUS_OK;
SilcBuffer payload_buf;
SilcInt KEY;
- unsigned char hash[32], sign[256];
- unsigned int hash_len, sign_len;
+ unsigned char hash[32], sign[256], *pk;
+ unsigned int hash_len, sign_len, pk_len;
SILC_LOG_DEBUG(("Start"));
SILC_LOG_DEBUG(("Getting public key"));
/* Get the public key */
- ske->ke2_payload->pk_data = silc_calloc(pk_len, sizeof(unsigned char));
- memcpy(ske->ke2_payload->pk_data, pk, pk_len);
+ pk = silc_pkcs_public_key_encode(public_key, &pk_len);
+ ske->ke2_payload->pk_data = pk;
ske->ke2_payload->pk_len = pk_len;
ske->ke2_payload->pk_type = pk_type;
SILC_LOG_DEBUG(("Signing HASH value"));
/* Sign the hash value */
- silc_pkcs_private_key_data_set(ske->prop->pkcs, prv, prv_len);
+ silc_pkcs_private_key_data_set(ske->prop->pkcs, private_key->prv,
+ private_key->prv_len);
ske->prop->pkcs->pkcs->sign(ske->prop->pkcs->context,
hash, hash_len,
sign, &sign_len);
SilcSKEStatus
silc_ske_assemble_security_properties(SilcSKE ske,
+ char *version,
SilcSKEStartPayload **return_payload)
{
SilcSKEStartPayload *rp;
rp->cookie_len = SILC_SKE_COOKIE_LEN;
memcpy(rp->cookie, "1234567890123456", SILC_SKE_COOKIE_LEN);
+ /* Put version */
+ rp->version = strdup(version);
+ rp->version_len = strlen(version);
+
/* Get supported Key Exhange groups */
rp->ke_grp_list = silc_ske_get_supported_groups();
rp->ke_grp_len = strlen(rp->ke_grp_list);
rp->comp_alg_len = 0;
rp->len = 1 + 1 + 2 + SILC_SKE_COOKIE_LEN +
+ 2 + rp->version_len +
2 + rp->ke_grp_len + 2 + rp->pkcs_alg_len +
2 + rp->enc_alg_len + 2 + rp->hash_alg_len +
2 + rp->comp_alg_len;
SilcSKEStatus
silc_ske_select_security_properties(SilcSKE ske,
+ char *version,
SilcSKEStartPayload *payload,
SilcSKEStartPayload *remote_payload)
{
/* Flags are returned unchanged. */
payload->flags = rp->flags;
- /* XXX Cookie check?? */
+ /* Take cookie */
payload->cookie = silc_calloc(SILC_SKE_COOKIE_LEN, sizeof(unsigned char));
payload->cookie_len = SILC_SKE_COOKIE_LEN;
memcpy(payload->cookie, rp->cookie, SILC_SKE_COOKIE_LEN);
+ /* XXX Do version check */
+
+ /* Put our version to our reply */
+ payload->version = strdup(version);
+ payload->version_len = strlen(version);
+
/* Get supported Key Exchange groups */
cp = rp->ke_grp_list;
if (cp && strchr(cp, ',')) {
#endif
payload->len = 1 + 1 + 2 + SILC_SKE_COOKIE_LEN +
+ 2 + payload->version_len +
2 + payload->ke_grp_len + 2 + payload->pkcs_alg_len +
2 + payload->enc_alg_len + 2 + payload->hash_alg_len +
2 + payload->comp_alg_len;
SILC_LOG_DEBUG(("Creating random number"));
/* Get the random number as string */
- string = silc_rng_get_rn_string(ske->rng, (len / 8));
+ string = silc_rng_get_rn_data(ske->rng, (len / 8));
/* Decode the string into a MP integer */
- silc_mp_set_str(rnd, string, 16);
+ silc_mp_bin2mp(string, (len / 8), rnd);
silc_mp_mod_2exp(rnd, rnd, len);
/* Checks */
return status;
}
-/* XXX TODO */
-
-SilcSKEStatus silc_ske_verify_public_key(SilcSKE ske,
- unsigned char *pubkey,
- unsigned int pubkey_len)
-{
- SilcSKEStatus status = SILC_SKE_STATUS_OK;
-
- return status;
-}
-
/* Creates a hash value HASH as defined in the SKE protocol. */
SilcSKEStatus silc_ske_make_hash(SilcSKE ske,
SILC_LOG_DEBUG(("Start"));
- e_len = silc_mp_sizeinbase(&ske->ke1_payload->e, 16);
- e = silc_calloc(e_len + 1, sizeof(unsigned char));
- silc_mp_get_str(e, 16, &ske->ke1_payload->e);
-
- f_len = silc_mp_sizeinbase(&ske->ke2_payload->f, 16);
- f = silc_calloc(f_len + 1, sizeof(unsigned char));
- silc_mp_get_str(f, 16, &ske->ke2_payload->f);
-
- KEY_len = silc_mp_sizeinbase(&ske->KEY, 16);
- KEY = silc_calloc(KEY_len + 1, sizeof(unsigned char));
- silc_mp_get_str(KEY, 16, &ske->KEY);
+ e = silc_mp_mp2bin(&ske->ke1_payload->e, &e_len);
+ f = silc_mp_mp2bin(&ske->ke2_payload->f, &f_len);
+ KEY = silc_mp_mp2bin(&ske->KEY, &KEY_len);
buf = silc_buffer_alloc(ske->start_payload_copy->len +
ske->pk_len + e_len + f_len + KEY_len);
unsigned int req_hmac_key_len,
SilcSKEKeyMaterial *key)
{
- int i, klen;
+ int klen;
SilcBuffer buf;
- SilcInt tmp;
unsigned char *tmpbuf;
unsigned char hash[32];
unsigned int hash_len = ske->prop->hash->hash->hash_len;
SILC_LOG_DEBUG(("Start"));
- silc_mp_init_set(&tmp, &ske->KEY);
-
- klen = silc_mp_size(&tmp);
-
- /* Format the KEY material into binary data */
- tmpbuf = silc_calloc(klen, sizeof(unsigned char));
- for (i = klen; i > 0; i--) {
- tmpbuf[i - 1] = (unsigned char)(silc_mp_get_ui(&tmp) & 0xff);
- silc_mp_fdiv_q_2exp(&tmp, &tmp, 8);
- }
+ /* Encode KEY to binary data */
+ tmpbuf = silc_mp_mp2bin(&ske->KEY, &klen);
buf = silc_buffer_alloc(1 + klen + hash_len);
-
silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
silc_buffer_format(buf,
SILC_STR_UI_CHAR(0),