5 Author: Pekka Riikonen <priikone@silcnet.org>
7 Copyright (C) 2001 - 2003, 2006 Pekka Riikonen
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; version 2 of the License.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
20 /****h* silccore/SILC Authentication Interface
24 * Implementations of the SILC Authentication Payload and authentication
25 * routines. The SILC Authentication Payload is used to deliver
26 * authentication data usually from client to server in purpose of
27 * gaining access to some service. The Payload and the authentication
28 * routines supports both passphrase and public key (signature) based
31 * This interface defines also the SILC Key Agreement Payload that is
32 * used by client to agree on key material usually with another client
40 /****d* silccore/SilcAuthAPI/SilcAuthMethod
44 * typedef SilcUInt16 SilcAuthMethod;
48 * Authentication method type definition, the authentication methods
49 * and the authentication status'. The status defines are used by
50 * all authentication protocols in the SILC.
54 typedef SilcUInt16 SilcAuthMethod;
56 #define SILC_AUTH_NONE 0 /* No authentication */
57 #define SILC_AUTH_PASSWORD 1 /* Passphrase authentication */
58 #define SILC_AUTH_PUBLIC_KEY 2 /* Public key authentication */
60 /* Authentication protocol status message (used by all authentication
61 protocols in the SILC). */
62 #define SILC_AUTH_OK 0
63 #define SILC_AUTH_FAILED 1
66 /****s* silccore/SilcAuthAPI/SilcAuthPayload
70 * typedef struct SilcAuthPayloadStruct *SilcAuthPayload;
75 * This context is the actual Authentication Payload and is allocated
76 * by silc_auth_payload_parse and given as argument usually to all
77 * silc_auth_payload_* functions. It is freed by silc_auth_payload_free
81 typedef struct SilcAuthPayloadStruct *SilcAuthPayload;
83 /****f* silccore/SilcAuthAPI/silc_auth_payload_parse
87 * SilcAuthPayload silc_auth_payload_parse(const unsigned char *data,
88 * SilcUInt32 data_len);
92 * Parses and returns Authentication Payload. The `data' and the
93 * `data_len' are the raw payload buffer.
96 SilcAuthPayload silc_auth_payload_parse(const unsigned char *data,
99 /****f* silccore/SilcAuthAPI/silc_auth_payload_encode
103 * SilcBuffer silc_auth_payload_encode(SilcAuthMethod method,
104 * const unsigned char *random_data,
105 * SilcUInt16 random_len,
106 * const unsigned char *auth_data,
107 * SilcUInt16 auth_len);
111 * Encodes authentication payload into buffer and returns it.
112 * The `random_data' is provided only if doing public key authentication.
113 * The `auth_data' is the actual authentication data. If the
114 * `method' is SILC_AUTH_PASSWORD the passphase in `auth_data' sent as
115 * argument SHOULD be UTF-8 encoded, if not library will attempt to
119 SilcBuffer silc_auth_payload_encode(SilcAuthMethod method,
120 const unsigned char *random_data,
121 SilcUInt16 random_len,
122 const unsigned char *auth_data,
123 SilcUInt16 auth_len);
125 /****f* silccore/SilcAuthAPI/silc_auth_payload_free
129 * void silc_auth_payload_free(SilcAuthPayload payload);
133 * Frees authentication payload and all data in it.
136 void silc_auth_payload_free(SilcAuthPayload payload);
138 /****f* silccore/SilcAuthAPI/silc_auth_get_method
142 * SilcAuthMethod silc_auth_get_method(SilcAuthPayload payload);
146 * Get authentication method.
149 SilcAuthMethod silc_auth_get_method(SilcAuthPayload payload);
151 /****f* silccore/SilcAuthAPI/silc_auth_get_public_data
155 * unsigned char *silc_auth_get_public_data(SilcAuthPayload payload,
156 * SilcUInt32 *pubdata_len);
160 * Returns the public data (usually random data) from the payload.
161 * Caller must not free the returned data.
164 unsigned char *silc_auth_get_public_data(SilcAuthPayload payload,
165 SilcUInt32 *pubdata_len);
167 /****f* silccore/SilcAuthAPI/silc_auth_get_data
171 * unsigned char *silc_auth_get_data(SilcAuthPayload payload,
172 * SilcUInt32 *auth_len);
176 * Get the authentication data. The caller must not free the data. If
177 * the authentication method is passphrase, then the returned string
178 * is UTF-8 encoded passphrase.
181 unsigned char *silc_auth_get_data(SilcAuthPayload payload,
182 SilcUInt32 *auth_len);
184 /****f* silccore/SilcAuthAPI/silc_auth_public_key_auth_generate
188 * SilcBuffer silc_auth_public_key_auth_generate(SilcPublicKey public_key,
189 * SilcPrivateKey private_key,
197 * Generates Authentication Payload with authentication data. This is used
198 * to do public key based authentication. This generates the random data
199 * and the actual authentication data. Returns NULL on error and the
200 * encoded Authentication Payload on success.
202 * The `private_key' is used to sign the payload. The `public_key', the
203 * and the `id' is encoded in the payload and signed. If the `rng' is
204 * NULL then global RNG is used, if non-NULL then `rng' is used as
205 * random number generator. Also random number is encoded in the
206 * payload before signing it with `private_key'.
209 SilcBuffer silc_auth_public_key_auth_generate(SilcPublicKey public_key,
210 SilcPrivateKey private_key,
211 SilcRng rng, SilcHash hash,
212 const void *id, SilcIdType type);
214 /****f* silccore/SilcAuthAPI/silc_auth_public_key_auth_generate_wpub
219 * silc_auth_public_key_auth_generate_wpub(SilcPublicKey public_key,
220 * SilcPrivateKey private_key,
221 * const unsigned char *pubdata,
222 * SilcUInt32 pubdata_len,
229 * Same as silc_auth_public_key_auth_generate but takes the public data
230 * (usually random data) as argument. This function can be used when
231 * the public data must be something else than purely random or its
232 * structure mut be set before signing.
236 silc_auth_public_key_auth_generate_wpub(SilcPublicKey public_key,
237 SilcPrivateKey private_key,
238 const unsigned char *pubdata,
239 SilcUInt32 pubdata_len,
241 const void *id, SilcIdType type);
243 /****f* silccore/SilcAuthAPI/silc_auth_public_key_auth_verify
247 * SilcBool silc_auth_public_key_auth_verify(SilcAuthPayload payload,
248 * SilcPublicKey public_key,
250 * const void *id, SilcIdType type);
254 * Verifies the authentication data. Returns TRUE if authentication was
258 SilcBool silc_auth_public_key_auth_verify(SilcAuthPayload payload,
259 SilcPublicKey public_key,
264 /****f* silccore/SilcAuthAPI/silc_auth_public_key_auth_verify_data
268 * SilcBool silc_auth_public_key_auth_verify_data(const unsigned char *payload,
269 * SilcUInt32 payload_len,
270 * SilcPublicKey public_key,
277 * Same as silc_auth_public_key_auth_verify but the payload has not
278 * been parsed yet. This will parse it. Returns TRUE if authentication
282 SilcBool silc_auth_public_key_auth_verify_data(const unsigned char *payload,
283 SilcUInt32 payload_len,
284 SilcPublicKey public_key,
289 /****f* silccore/SilcAuthAPI/silc_auth_verify
293 * SilcBool silc_auth_verify(SilcAuthPayload payload,
294 * SilcAuthMethod auth_method,
295 * const void *auth_data, SilcUInt32 auth_data_len,
296 * SilcHash hash, const void *id, SilcIdType type);
300 * Verifies the authentication data directly from the Authentication
301 * Payload. Supports all authentication methods. If the authentication
302 * method is passphrase based then the `auth_data' and `auth_data_len'
303 * are the passphrase and its length. The passphrase MUST be UTF-8
304 * encoded. If the method is public key authentication then the
305 * `auth_data' is the SilcPublicKey and the `auth_data_len' is ignored.
308 SilcBool silc_auth_verify(SilcAuthPayload payload, SilcAuthMethod auth_method,
309 const void *auth_data, SilcUInt32 auth_data_len,
310 SilcHash hash, const void *id, SilcIdType type);
312 /****f* silccore/SilcAuthAPI/silc_auth_verify_data
316 * SilcBool silc_auth_verify_data(const unsigned char *payload,
317 * SilcUInt32 payload_len,
318 * SilcAuthMethod auth_method,
319 * const void *auth_data,
320 * SilcUInt32 auth_data_len, SilcHash hash,
321 * const void *id, SilcIdType type);
325 * Same as silc_auth_verify but the payload has not been parsed yet.
326 * Verifies the authentication data directly from the Authentication
327 * Payload. Supports all authentication methods. If the authentication
328 * method is passphrase based then the `auth_data' and `auth_data_len'
329 * are the passphrase and its length. The passphrase MUST be UTF-8
330 * encoded. If the method is public key authentication then the
331 * `auth_data' is the SilcPublicKey and the `auth_data_len' is ignored.
334 SilcBool silc_auth_verify_data(const unsigned char *payload,
335 SilcUInt32 payload_len,
336 SilcAuthMethod auth_method,
337 const void *auth_data,
338 SilcUInt32 auth_data_len, SilcHash hash,
339 const void *id, SilcIdType type);
341 /****s* silccore/SilcAuthAPI/SilcKeyAgreementPayload
345 * typedef struct SilcKeyAgreementPayloadStruct *SilcKeyAgreementPayload;
349 * This context is the actual Key Agreement Payload and is allocated
350 * by silc_key_agreement_payload_parse and given as argument usually to all
351 * silc_key_agreement_* functions. It is freed by the function
352 * silc_key_agreement_payload_free.
355 typedef struct SilcKeyAgreementPayloadStruct *SilcKeyAgreementPayload;
357 /****f* silccore/SilcAuthAPI/silc_key_agreement_payload_parse
361 * SilcKeyAgreementPayload
362 * silc_key_agreement_payload_parse(const unsigned char *payload,
363 * SilcUInt32 payload_len);
367 * Parses and returns an allocated Key Agreement payload.
370 SilcKeyAgreementPayload
371 silc_key_agreement_payload_parse(const unsigned char *payload,
372 SilcUInt32 payload_len);
374 /****f* silccore/SilcAuthAPI/silc_key_agreement_payload_encode
378 * SilcBuffer silc_key_agreement_payload_encode(char *hostname,
383 * Encodes the Key Agreement protocol and returns the encoded buffer
386 SilcBuffer silc_key_agreement_payload_encode(const char *hostname,
389 /****f* silccore/SilcAuthAPI/silc_key_agreement_payload_free
393 * void silc_key_agreement_payload_free(SilcKeyAgreementPayload payload);
397 * Frees the Key Agreement protocol and all data in it.
400 void silc_key_agreement_payload_free(SilcKeyAgreementPayload payload);
402 /****f* silccore/SilcAuthAPI/silc_key_agreement_get_hostname
406 * char *silc_key_agreement_get_hostname(SilcKeyAgreementPayload payload);
410 * Returns the hostname in the payload. Caller must not free it.
411 * The hostname is the host that is able to accept key negotiation
412 * using the SILC Key Exchange protocol.
415 char *silc_key_agreement_get_hostname(SilcKeyAgreementPayload payload);
417 /****f* silccore/SilcAuthAPI/silc_key_agreement_get_port
421 * SilcUInt32 silc_key_agreement_get_port(SilcKeyAgreementPayload payload);
425 * Returns the port in the payload. The port is the port on the
426 * host returned by silc_key_agreement_get_hostname that is running
427 * the SILC Key Exchange protocol.
430 SilcUInt32 silc_key_agreement_get_port(SilcKeyAgreementPayload payload);