5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 2001 - 2007 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; version 2 of the License.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
20 /****h* silccore/SILC Authentication Interface
24 * Implementations of the SILC Authentication Payload and authentication
25 * routines. The SILC Authentication Payload is used to deliver
26 * authentication data usually from client to server in purpose of
27 * gaining access to some service. The Payload and the authentication
28 * routines supports both passphrase and public key (signature) based
31 * This interface defines also the SILC Key Agreement Payload that is
32 * used by client to agree on key material usually with another client
40 /****d* silccore/SilcAuthAPI/SilcAuthMethod
44 * typedef SilcUInt16 SilcAuthMethod;
48 * Authentication method type definition, the authentication methods
49 * and the authentication status'. The status defines are used by
50 * all authentication protocols in the SILC.
54 typedef SilcUInt16 SilcAuthMethod;
56 #define SILC_AUTH_NONE 0 /* No authentication */
57 #define SILC_AUTH_PASSWORD 1 /* Passphrase authentication */
58 #define SILC_AUTH_PUBLIC_KEY 2 /* Public key authentication */
60 /****d* silccore/SilcAuthAPI/SilcAuthResult
64 * typedef SilcUInt32 SilcAuthResult;
68 * Authentication protocol status. Used by all authentication protocols
73 typedef SilcUInt32 SilcAuthResult;
75 #define SILC_AUTH_OK 0 /* Authentication successful */
76 #define SILC_AUTH_FAILED 1 /* Authentication failed */
79 /****s* silccore/SilcAuthAPI/SilcAuthPayload
83 * typedef struct SilcAuthPayloadStruct *SilcAuthPayload;
88 * This context is the actual Authentication Payload and is allocated
89 * by silc_auth_payload_parse and given as argument usually to all
90 * silc_auth_payload_* functions. It is freed by silc_auth_payload_free
94 typedef struct SilcAuthPayloadStruct *SilcAuthPayload;
96 /****f* silccore/SilcAuthAPI/silc_auth_payload_parse
100 * SilcAuthPayload silc_auth_payload_parse(SilcStack stack,
101 * const unsigned char *data,
102 * SilcUInt32 data_len);
106 * Parses and returns Authentication Payload. The `data' and the
107 * `data_len' are the raw payload buffer. If `stack' is non-NULL the
108 * memory is allcoated from `stack'.
111 SilcAuthPayload silc_auth_payload_parse(SilcStack stack,
112 const unsigned char *data,
113 SilcUInt32 data_len);
115 /****f* silccore/SilcAuthAPI/silc_auth_payload_encode
119 * SilcBuffer silc_auth_payload_encode(SilcStack stack,
120 * SilcAuthMethod method,
121 * const unsigned char *random_data,
122 * SilcUInt16 random_len,
123 * const unsigned char *auth_data,
124 * SilcUInt16 auth_len);
128 * Encodes authentication payload into buffer and returns it.
129 * The `random_data' is provided only if doing public key authentication.
130 * The `auth_data' is the actual authentication data. If the
131 * `method' is SILC_AUTH_PASSWORD the passphase in `auth_data' sent as
132 * argument SHOULD be UTF-8 encoded, if not library will attempt to
135 * If `stack' is non-NULL the returned buffer is allocated from `stack'.
136 * This call consumes the `stack' so caller should push the stack before
137 * calling this function and then later pop it.
140 SilcBuffer silc_auth_payload_encode(SilcStack stack,
141 SilcAuthMethod method,
142 const unsigned char *random_data,
143 SilcUInt16 random_len,
144 const unsigned char *auth_data,
145 SilcUInt16 auth_len);
147 /****f* silccore/SilcAuthAPI/silc_auth_payload_free
151 * void silc_auth_payload_free(SilcAuthPayload payload);
155 * Frees authentication payload and all data in it.
158 void silc_auth_payload_free(SilcAuthPayload payload);
160 /****f* silccore/SilcAuthAPI/silc_auth_get_method
164 * SilcAuthMethod silc_auth_get_method(SilcAuthPayload payload);
168 * Get authentication method.
171 SilcAuthMethod silc_auth_get_method(SilcAuthPayload payload);
173 /****f* silccore/SilcAuthAPI/silc_auth_get_public_data
177 * unsigned char *silc_auth_get_public_data(SilcAuthPayload payload,
178 * SilcUInt32 *pubdata_len);
182 * Returns the public data (usually random data) from the payload.
183 * Caller must not free the returned data.
186 unsigned char *silc_auth_get_public_data(SilcAuthPayload payload,
187 SilcUInt32 *pubdata_len);
189 /****f* silccore/SilcAuthAPI/silc_auth_get_data
193 * unsigned char *silc_auth_get_data(SilcAuthPayload payload,
194 * SilcUInt32 *auth_len);
198 * Get the authentication data. The caller must not free the data. If
199 * the authentication method is passphrase, then the returned string
200 * is UTF-8 encoded passphrase.
203 unsigned char *silc_auth_get_data(SilcAuthPayload payload,
204 SilcUInt32 *auth_len);
206 /****f* silccore/SilcAuthAPI/SilcAuthGenerated
210 * typedef void (*SilcAuthGenerated)(const SilcBuffer data, void *context);
214 * Callback of this type is given as argument to
215 * silc_auth_public_key_auth_generate and
216 * silc_auth_public_key_auth_generate_wpub to deliver the generated
217 * Authentication Payload. If `data' is NULL the generating failed.
220 typedef void (*SilcAuthGenerated)(const SilcBuffer data, void *context);
222 /****f* silccore/SilcAuthAPI/silc_auth_public_key_auth_generate
227 * silc_auth_public_key_auth_generate(SilcPublicKey public_key,
228 * SilcPrivateKey private_key,
233 * SilcAuthGenerated generated,
238 * Generates Authentication Payload with authentication data. This is used
239 * to do public key based authentication. This generates the random data
240 * and the actual authentication data.
242 * The `private_key' is used to sign the payload. The `public_key', the
243 * and the `id' is encoded in the payload and signed. If the `rng' is
244 * NULL then global RNG is used, if non-NULL then `rng' is used as
245 * random number generator. Also random number is encoded in the
246 * payload before signing it with `private_key'.
248 * The `generated' is called to deliver the generated Authentication
253 silc_auth_public_key_auth_generate(SilcPublicKey public_key,
254 SilcPrivateKey private_key,
255 SilcRng rng, SilcHash hash,
256 const void *id, SilcIdType type,
257 SilcAuthGenerated generated,
260 /****f* silccore/SilcAuthAPI/silc_auth_public_key_auth_generate_wpub
265 * silc_auth_public_key_auth_generate_wpub(SilcPublicKey public_key,
266 * SilcPrivateKey private_key,
267 * const unsigned char *pubdata,
268 * SilcUInt32 pubdata_len,
272 * SilcAuthGenerated generated,
277 * Same as silc_auth_public_key_auth_generate but takes the public data
278 * (usually random data) as argument. This function can be used when
279 * the public data must be something else than purely random or its
280 * structure mut be set before signing.
282 * The `generated' is called to deliver the generated Authentication
287 silc_auth_public_key_auth_generate_wpub(SilcPublicKey public_key,
288 SilcPrivateKey private_key,
289 const unsigned char *pubdata,
290 SilcUInt32 pubdata_len,
292 const void *id, SilcIdType type,
293 SilcAuthGenerated generated,
296 /****f* silccore/SilcAuthAPI/SilcAuthResult
300 * typedef void (*SilcAuthResult)(SilcBool success, void *context);
304 * Callback of this type is given as argument to silc_auth_verify,
305 * silc_auth_verify_data, silc_auth_public_key_auth_verify and
306 * silc_auth_public_key_auth_verify_data to deliver the result of
307 * the authentication verification. If `success' is FALSE the
308 * authentication failed.
311 typedef void (*SilcAuthResultCb)(SilcBool success, void *context);
313 /****f* silccore/SilcAuthAPI/silc_auth_public_key_auth_verify
318 * silc_auth_public_key_auth_verify(SilcAuthPayload payload,
319 * SilcPublicKey public_key,
323 * SilcAuthResult result,
328 * Verifies the authentication data. Calls the `result' to deliver
329 * the result of the verification.
333 silc_auth_public_key_auth_verify(SilcAuthPayload payload,
334 SilcPublicKey public_key,
338 SilcAuthResultCb result,
341 /****f* silccore/SilcAuthAPI/silc_auth_public_key_auth_verify_data
346 * silc_auth_public_key_auth_verify_data(const unsigned char *payload,
347 * SilcUInt32 payload_len,
348 * SilcPublicKey public_key,
352 * SilcAuthResult result,
357 * Same as silc_auth_public_key_auth_verify but the payload has not
358 * been parsed yet. This will parse it. Calls the `result' to deliver
359 * the result of the verification.
363 silc_auth_public_key_auth_verify_data(const unsigned char *payload,
364 SilcUInt32 payload_len,
365 SilcPublicKey public_key,
369 SilcAuthResultCb result,
372 /****f* silccore/SilcAuthAPI/silc_auth_verify
377 * silc_auth_verify(SilcAuthPayload payload,
378 * SilcAuthMethod auth_method,
379 * const void *auth_data,
380 * SilcUInt32 auth_data_len,
382 * const void *id, SilcIdType type,
383 * SilcAuthResult result, void *context);
387 * Verifies the authentication data directly from the Authentication
388 * Payload. Supports all authentication methods. If the authentication
389 * method is passphrase based then the `auth_data' and `auth_data_len'
390 * are the passphrase and its length. The passphrase MUST be UTF-8
391 * encoded. If the method is public key authentication then the
392 * `auth_data' is the SilcPublicKey and the `auth_data_len' is ignored.
393 * Calls the `result' to deliver the result of the verification.
397 silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method,
398 const void *auth_data, SilcUInt32 auth_data_len,
399 SilcHash hash, const void *id, SilcIdType type,
400 SilcAuthResultCb result, void *context);
402 /****f* silccore/SilcAuthAPI/silc_auth_verify_data
407 * silc_auth_verify_data(const unsigned char *payload,
408 * SilcUInt32 payload_len,
409 * SilcAuthMethod auth_method,
410 * const void *auth_data,
411 * SilcUInt32 auth_data_len, SilcHash hash,
412 * const void *id, SilcIdType type,
413 * SilcAuthResult result, void *context);
417 * Same as silc_auth_verify but the payload has not been parsed yet.
418 * Verifies the authentication data directly from the Authentication
419 * Payload. Supports all authentication methods. If the authentication
420 * method is passphrase based then the `auth_data' and `auth_data_len'
421 * are the passphrase and its length. The passphrase MUST be UTF-8
422 * encoded. If the method is public key authentication then the
423 * `auth_data' is the SilcPublicKey and the `auth_data_len' is ignored.
424 * Calls the `result' to deliver the result of the verification.
428 silc_auth_verify_data(const unsigned char *payload,
429 SilcUInt32 payload_len,
430 SilcAuthMethod auth_method,
431 const void *auth_data,
432 SilcUInt32 auth_data_len, SilcHash hash,
433 const void *id, SilcIdType type,
434 SilcAuthResultCb result, void *context);
436 /****s* silccore/SilcAuthAPI/SilcKeyAgreementPayload
440 * typedef struct SilcKeyAgreementPayloadStruct *SilcKeyAgreementPayload;
444 * This context is the actual Key Agreement Payload and is allocated
445 * by silc_key_agreement_payload_parse and given as argument usually to all
446 * silc_key_agreement_* functions. It is freed by the function
447 * silc_key_agreement_payload_free.
450 typedef struct SilcKeyAgreementPayloadStruct *SilcKeyAgreementPayload;
452 /****f* silccore/SilcAuthAPI/silc_key_agreement_payload_parse
456 * SilcKeyAgreementPayload
457 * silc_key_agreement_payload_parse(const unsigned char *payload,
458 * SilcUInt32 payload_len);
462 * Parses and returns an allocated Key Agreement payload.
465 SilcKeyAgreementPayload
466 silc_key_agreement_payload_parse(const unsigned char *payload,
467 SilcUInt32 payload_len);
469 /****f* silccore/SilcAuthAPI/silc_key_agreement_payload_encode
473 * SilcBuffer silc_key_agreement_payload_encode(char *hostname,
474 * SilcUInt16 protocol,
479 * Encodes the Key Agreement payload and returns the encoded buffer.
480 * The `protocol' is 0 for TCP and 1 for UDP.
483 SilcBuffer silc_key_agreement_payload_encode(const char *hostname,
487 /****f* silccore/SilcAuthAPI/silc_key_agreement_payload_free
491 * void silc_key_agreement_payload_free(SilcKeyAgreementPayload payload);
495 * Frees the Key Agreement payload and all data in it.
498 void silc_key_agreement_payload_free(SilcKeyAgreementPayload payload);
500 /****f* silccore/SilcAuthAPI/silc_key_agreement_get_hostname
504 * char *silc_key_agreement_get_hostname(SilcKeyAgreementPayload payload);
508 * Returns the hostname in the payload. Caller must not free it.
509 * The hostname is the host that is able to accept key negotiation
510 * using the SILC Key Exchange protocol.
513 char *silc_key_agreement_get_hostname(SilcKeyAgreementPayload payload);
515 /****f* silccore/SilcAuthAPI/silc_key_agreement_get_protocol
520 * silc_key_agreement_get_protocol(SilcKeyAgreementPayload payload);
524 * Returns the protocol in the payload. The protocol is either TCP (0)
528 SilcUInt16 silc_key_agreement_get_protocol(SilcKeyAgreementPayload payload);
530 /****f* silccore/SilcAuthAPI/silc_key_agreement_get_port
534 * SilcUInt16 silc_key_agreement_get_port(SilcKeyAgreementPayload payload);
538 * Returns the port in the payload. The port is the port on the
539 * host returned by silc_key_agreement_get_hostname that is running
540 * the SILC Key Exchange protocol.
543 SilcUInt16 silc_key_agreement_get_port(SilcKeyAgreementPayload payload);