X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=lib%2Fsilccore%2Fsilcauth.c;h=b98f36e84ae7d7e5aa5d42383ad2483b5dc71308;hb=40f8443d8d3a6577336ee66d18e04d9ac4d956bb;hp=63ad694021ee67dffcc767783479f109b95bab5c;hpb=12cdfae7c3509c98b8e34a57afd00a0326f979eb;p=silc.git

diff --git a/lib/silccore/silcauth.c b/lib/silccore/silcauth.c
index 63ad6940..b98f36e8 100644
--- a/lib/silccore/silcauth.c
+++ b/lib/silccore/silcauth.c
@@ -4,12 +4,11 @@
 
   Author: Pekka Riikonen <priikone@silcnet.org>
 
-  Copyright (C) 2001 - 2002 Pekka Riikonen
+  Copyright (C) 2001 - 2005 Pekka Riikonen
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
-  the Free Software Foundation; either version 2 of the License, or
-  (at your option) any later version.
+  the Free Software Foundation; version 2 of the License.
 
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -19,7 +18,7 @@
 */
 /* $Id$ */
 
-#include "silcincludes.h"
+#include "silc.h"
 #include "silcauth.h"
 
 /******************************************************************************
@@ -68,8 +67,8 @@ SilcAuthPayload silc_auth_payload_parse(const unsigned char *data,
     return NULL;
   }
 
-  if (newp->len != buffer.len || 
-      newp->random_len + newp->auth_len > buffer.len - 8) {
+  if (newp->len != silc_buffer_len(&buffer) ||
+      newp->random_len + newp->auth_len > silc_buffer_len(&buffer) - 8) {
     silc_auth_payload_free(newp);
     return NULL;
   }
@@ -164,13 +163,24 @@ SilcAuthMethod silc_auth_get_method(SilcAuthPayload payload)
   return payload->auth_method;
 }
 
+/* Get the public data from the auth payload. */
+
+unsigned char *silc_auth_get_public_data(SilcAuthPayload payload,
+					 SilcUInt32 *pubdata_len)
+{
+  if (pubdata_len)
+    *pubdata_len = (SilcUInt32)payload->random_len;
+
+  return payload->random_data;
+}
+
 /* Get the authentication data. If this is passphrase it is UTF-8 encoded. */
 
 unsigned char *silc_auth_get_data(SilcAuthPayload payload,
 				  SilcUInt32 *auth_len)
 {
   if (auth_len)
-    *auth_len = payload->auth_len;
+    *auth_len = (SilcUInt32)payload->auth_len;
 
   return payload->auth_data;
 }
@@ -191,24 +201,21 @@ silc_auth_public_key_encode_data(SilcPublicKey public_key,
 				 SilcIdType type, SilcUInt32 *ret_len)
 {
   SilcBuffer buf;
-  unsigned char *pk, *id_data, *ret;
+  unsigned char *pk, id_data[32], *ret;
   SilcUInt32 pk_len, id_len;
 
   pk = silc_pkcs_public_key_encode(public_key, &pk_len);
   if (!pk)
     return NULL;
 
-  id_data = silc_id_id2str(id, type);
-  if (!id_data) {
+  if (!silc_id_id2str(id, type, id_data, sizeof(id_data), &id_len)) {
     silc_free(pk);
     return NULL;
   }
-  id_len = silc_id_get_len(id, type);
 
   buf = silc_buffer_alloc_size(random_len + id_len + pk_len);
   if (!buf) {
     silc_free(pk);
-    silc_free(id_data);
     return NULL;
   }
   silc_buffer_format(buf,
@@ -217,15 +224,9 @@ silc_auth_public_key_encode_data(SilcPublicKey public_key,
 		     SILC_STR_UI_XNSTRING(pk, pk_len),
 		     SILC_STR_END);
 
-  ret = silc_memdup(buf->data, buf->len);
-  if (!ret)
-    return NULL;
-
-  if (ret_len)
-    *ret_len = buf->len;
+  ret = silc_buffer_steal(buf, ret_len);
 
   silc_buffer_free(buf);
-  silc_free(id_data);
   silc_free(pk);
 
   return ret;
@@ -241,14 +242,7 @@ SilcBuffer silc_auth_public_key_auth_generate(SilcPublicKey public_key,
 					      const void *id, SilcIdType type)
 {
   unsigned char *randomdata;
-  unsigned char auth_data[2048];
-  SilcUInt32 auth_len;
-  unsigned char *tmp;
-  SilcUInt32 tmp_len;
   SilcBuffer buf;
-  SilcPKCS pkcs;
-
-  SILC_LOG_DEBUG(("Generating Authentication Payload with data"));
 
   /* Get 256 bytes of random data */
   if (rng)
@@ -258,14 +252,45 @@ SilcBuffer silc_auth_public_key_auth_generate(SilcPublicKey public_key,
   if (!randomdata)
     return NULL;
 
+  buf = silc_auth_public_key_auth_generate_wpub(public_key, private_key,
+						randomdata, 256, hash,
+						id, type);
+
+  memset(randomdata, 0, 256);
+  silc_free(randomdata);
+
+  return buf;
+}
+
+/* Generates Authentication Payload with authentication data. This is used
+   to do public key based authentication. This generates the random data
+   and the actual authentication data. Returns NULL on error. */
+
+SilcBuffer
+silc_auth_public_key_auth_generate_wpub(SilcPublicKey public_key,
+					SilcPrivateKey private_key,
+					const unsigned char *pubdata,
+					SilcUInt32 pubdata_len,
+					SilcHash hash,
+					const void *id, SilcIdType type)
+{
+  unsigned char auth_data[2048 + 1];
+  SilcUInt32 auth_len;
+  unsigned char *tmp;
+  SilcUInt32 tmp_len;
+  SilcBuffer buf;
+  SilcPKCS pkcs;
+
+  SILC_LOG_DEBUG(("Generating Authentication Payload with data"));
+
   /* Encode the auth data */
-  tmp = silc_auth_public_key_encode_data(public_key, randomdata, 256, id, 
+  tmp = silc_auth_public_key_encode_data(public_key, pubdata, pubdata_len, id,
 					 type, &tmp_len);
   if (!tmp)
     return NULL;
 
   /* Allocate PKCS object */
-  if (!silc_pkcs_alloc(public_key->name, &pkcs)) {
+  if (!silc_pkcs_alloc(private_key->name, SILC_PKCS_SILC, &pkcs)) {
     memset(tmp, 0, tmp_len);
     silc_free(tmp);
     return NULL;
@@ -274,26 +299,22 @@ SilcBuffer silc_auth_public_key_auth_generate(SilcPublicKey public_key,
   silc_pkcs_private_key_set(pkcs, private_key);
 
   /* Compute the hash and the signature. */
-  if (silc_pkcs_get_key_len(pkcs) > sizeof(auth_data) - 1 ||
+  if (silc_pkcs_get_key_len(pkcs) / 8 > sizeof(auth_data) - 1 ||
       !silc_pkcs_sign_with_hash(pkcs, hash, tmp, tmp_len, auth_data,
 				&auth_len)) {
-    memset(randomdata, 0, 256);
     memset(tmp, 0, tmp_len);
     silc_free(tmp);
-    silc_free(randomdata);
     silc_pkcs_free(pkcs);
     return NULL;
   }
 
   /* Encode Authentication Payload */
-  buf = silc_auth_payload_encode(SILC_AUTH_PUBLIC_KEY, randomdata, 256,
+  buf = silc_auth_payload_encode(SILC_AUTH_PUBLIC_KEY, pubdata, pubdata_len,
 				 auth_data, auth_len);
 
   memset(tmp, 0, tmp_len);
   memset(auth_data, 0, sizeof(auth_data));
-  memset(randomdata, 0, 256);
   silc_free(tmp);
-  silc_free(randomdata);
   silc_pkcs_free(pkcs);
 
   return buf;
@@ -302,9 +323,10 @@ SilcBuffer silc_auth_public_key_auth_generate(SilcPublicKey public_key,
 /* Verifies the authentication data. Returns TRUE if authentication was
    successful. */
 
-bool silc_auth_public_key_auth_verify(SilcAuthPayload payload,
-				      SilcPublicKey public_key, SilcHash hash,
-				      const void *id, SilcIdType type)
+SilcBool silc_auth_public_key_auth_verify(SilcAuthPayload payload,
+					  SilcPublicKey public_key,
+					  SilcHash hash,
+					  const void *id, SilcIdType type)
 {
   unsigned char *tmp;
   SilcUInt32 tmp_len;
@@ -322,7 +344,7 @@ bool silc_auth_public_key_auth_verify(SilcAuthPayload payload,
   }
 
   /* Allocate PKCS object */
-  if (!silc_pkcs_alloc(public_key->name, &pkcs)) {
+  if (!silc_pkcs_alloc(public_key->name, SILC_PKCS_SILC, &pkcs)) {
     memset(tmp, 0, tmp_len);
     silc_free(tmp);
     return FALSE;
@@ -351,11 +373,11 @@ bool silc_auth_public_key_auth_verify(SilcAuthPayload payload,
 
 /* Same as above but the payload is not parsed yet. This will parse it. */
 
-bool silc_auth_public_key_auth_verify_data(const unsigned char *payload,
-					   SilcUInt32 payload_len,
-					   SilcPublicKey public_key,
-					   SilcHash hash,
-					   const void *id, SilcIdType type)
+SilcBool silc_auth_public_key_auth_verify_data(const unsigned char *payload,
+					       SilcUInt32 payload_len,
+					       SilcPublicKey public_key,
+					       SilcHash hash,
+					       const void *id, SilcIdType type)
 {
   SilcAuthPayload auth_payload;
   int ret;
@@ -381,9 +403,9 @@ bool silc_auth_public_key_auth_verify_data(const unsigned char *payload,
    authentication then the `auth_data' is the SilcPublicKey and the
    `auth_data_len' is ignored. */
 
-bool silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method,
-		      const void *auth_data, SilcUInt32 auth_data_len,
-		      SilcHash hash, const void *id, SilcIdType type)
+SilcBool silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method,
+			  const void *auth_data, SilcUInt32 auth_data_len,
+			  SilcHash hash, const void *id, SilcIdType type)
 {
   SILC_LOG_DEBUG(("Verifying authentication"));
 
@@ -428,14 +450,15 @@ bool silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method,
 
 /* Same as above but parses the authentication payload before verify. */
 
-bool silc_auth_verify_data(const unsigned char *payload,
-			   SilcUInt32 payload_len,
-			   SilcAuthMethod auth_method, const void *auth_data,
-			   SilcUInt32 auth_data_len, SilcHash hash,
-			   const void *id, SilcIdType type)
+SilcBool silc_auth_verify_data(const unsigned char *payload,
+			       SilcUInt32 payload_len,
+			       SilcAuthMethod auth_method,
+			       const void *auth_data,
+			       SilcUInt32 auth_data_len, SilcHash hash,
+			       const void *id, SilcIdType type)
 {
   SilcAuthPayload auth_payload;
-  bool ret;
+  SilcBool ret;
 
   auth_payload = silc_auth_payload_parse(payload, payload_len);
   if (!auth_payload || (auth_payload->auth_len == 0))
@@ -485,7 +508,7 @@ silc_key_agreement_payload_parse(const unsigned char *payload,
 							 &newp->hostname_len),
 			     SILC_STR_UI_INT(&newp->port),
 			     SILC_STR_END);
-  if (ret == -1) {
+  if (ret == -1 || newp->hostname_len > silc_buffer_len(&buffer) - 6) {
     silc_free(newp);
     return NULL;
   }