updates.

diff --git a/CHANGES b/CHANGES
index f970f7c93c6aa60fc8a2a537e5847d44235df85e..e8a991092d4d460194785070eb0f5396e51a0e60 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,15 @@
+Tue Feb 27 11:28:31 EET 2001  Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+       * Added new packet type: SILC_PACKET_KEY_AGREEMENT.  This packet
+          is used by clients to request key negotiation  between another
+          client in the SILC network.  If the negotiation is started it
+          is performed using the SKE protocol.  The result of the
+          negotiation, the secret key material, can be used for example
+          as private message key.
+
+         Implemented the Key Agreement payload into the files
+         lib/silccore/silauth.[ch].
+

 Mon Feb 26 12:13:58 EET 2001  Pekka Riikonen <priikone@poseidon.pspt.fi>
 
        * Redefined ciphers for the SILC protocol.  Added some new ciphers
 Mon Feb 26 12:13:58 EET 2001  Pekka Riikonen <priikone@poseidon.pspt.fi>
 
        * Redefined ciphers for the SILC protocol.  Added some new ciphers

diff --git a/doc/draft-riikonen-silc-pp-01.nroff b/doc/draft-riikonen-silc-pp-01.nroff
index 68283cb7e4eba210337e3ec855148b435128ec1c..7441119604f81eec225778cf3baa0c2d18624d19 100644 (file)
--- a/doc/draft-riikonen-silc-pp-01.nroff
+++ b/doc/draft-riikonen-silc-pp-01.nroff
@@ -97,6 +97,7 @@ Table of Contents
       2.3.17 New Client Payload ................................. 31
       2.3.18 New Server Payload ................................. 32
       2.3.19 New Channel Payload ................................ 33
       2.3.17 New Client Payload ................................. 31
       2.3.18 New Server Payload ................................. 32
       2.3.19 New Channel Payload ................................ 33

+      2.3.20 Key Agreement Payload .............................. XXX

   2.4 SILC ID Types ............................................. 39
   2.5 Packet Encryption And Decryption .......................... 39
       2.5.1 Normal Packet Encryption And Decryption ............. 39
   2.4 SILC ID Types ............................................. 39
   2.5 Packet Encryption And Decryption .......................... 39
       2.5.1 Normal Packet Encryption And Decryption ............. 39


@@ -648,7 +649,7 @@ List of SILC Packet types are defined as follows.
           This packet must not be sent as list and the List flag must
          not be set.
 
           This packet must not be sent as list and the List flag must
          not be set.
 

-          Payload of the packet:  See section 2.3.19 New Client Payload
+          Payload of the packet:  See section 2.3.17 New Client Payload

 
 
      20   SILC_PACKET_NEW_SERVER
 
 
      20   SILC_PACKET_NEW_SERVER


@@ -664,7 +665,7 @@ List of SILC Packet types are defined as follows.
           This packet must not be sent as list and the List flag must
          not be set.
 
           This packet must not be sent as list and the List flag must
          not be set.
 

-          Payload of the packet:  See section 2.3.20 New Server Payload
+          Payload of the packet:  See section 2.3.18 New Server Payload

 
 
      21   SILC_PACKET_NEW_CHANNEL
 
 
      21   SILC_PACKET_NEW_CHANNEL


@@ -676,7 +677,7 @@ List of SILC Packet types are defined as follows.
           packet.  This packet maybe sent to entity that is indirectly
           connected to the sender.
 
           packet.  This packet maybe sent to entity that is indirectly
           connected to the sender.
 

-          Payload of the packet:  See section 2.3.21 New Channel Payload
+          Payload of the packet:  See section 2.3.19 New Channel Payload

 
 
      22   SILC_PACKET_REKEY
 
 
      22   SILC_PACKET_REKEY


@@ -713,7 +714,19 @@ List of SILC Packet types are defined as follows.
          not be set.
 
 
          not be set.
 
 

-     25 - 199
+     25   SILC_PACKET_KEY_AGREEMENT
+
+          This packet is used by clients to request key negotiation 
+          between another client in the SILC network.  If the negotiation
+          is started it is performed using the SKE protocol.  The result of
+          the negotiation, the secret key material, can be used for
+          example as private message key.  The server and router must not
+          send this packet.
+
+          Payload of the packet:  See section 2.3.20 Key Agreement Payload
+
+
+     26 - 199

 
          Currently undefined commands.
 
 
          Currently undefined commands.
 


@@ -1725,7 +1738,7 @@ The packet uses generic ID Payload as New ID Payload.  See section
 
 
 .ti 0
 
 
 .ti 0

-2.3.18 New Client Payload
+2.3.17 New Client Payload

 
 When client is connected to the server, keys has been exchanged and
 connection has been authenticated client must register itself to the 
 
 When client is connected to the server, keys has been exchanged and
 connection has been authenticated client must register itself to the 


@@ -1786,7 +1799,7 @@ o Real Name (variable length) - The real name of the user
 
 
 .ti 0
 
 
 .ti 0

-2.3.19 New Server Payload
+2.3.18 New Server Payload

 
 This payload is sent by server when it has completed successfully both
 key exchange and connection authentication protocols.  The server
 
 This payload is sent by server when it has completed successfully both
 key exchange and connection authentication protocols.  The server


@@ -1841,7 +1854,7 @@ o Server Name (variable length) - The server name.
 
 
 .ti 0
 
 
 .ti 0

-2.3.20 New Channel Payload
+2.3.19 New Channel Payload

 
 Information about newly created channel is broadcasted to all routers
 in the SILC network by sending this packet payload.  Channels are
 
 Information about newly created channel is broadcasted to all routers
 in the SILC network by sending this packet payload.  Channels are


@@ -1857,8 +1870,6 @@ It must not be sent in any other packet type.  The following diagram
 represents the New Channel Payload.
 
 
 represents the New Channel Payload.
 
 

-
-

 .in 5
 .nf
                      1                   2                   3
 .in 5
 .nf
                      1                   2                   3


@@ -1895,6 +1906,67 @@ o Channel ID (variable length) - The created Channel ID.
 .in 3
 
 
 .in 3
 
 

+.ti 0
+2.3.20 Key Agreement Payload
+
+This payload is used by clients to request key negotiation between
+another client in the SILC Network.  The key agreement protocol used
+is the SKE protocol.  The result of the protocol, the secret key
+material, can be used for example as private message key between the
+two clients.  This significantly adds security as the key agreement
+is performed outside the SILC network.  The server and router must not
+send this payload.
+
+The sender may tell the receiver of this payload the hostname and the
+port where the SKE protocol is running in the sender's end.  The 
+receiver may then initiate the SKE negotiation with the sender.  The
+sender may also optionally not to include the hostname and the port
+of its SKE protocol.  In this case the receiver may reply to the
+request by sending the same payload filled with the receiver's hostname
+and the port where the SKE protocol is running.  The sender may then
+initiate the SKE negotiation with the receiver.
+
+The payload may only be sent with SILC_PACKET_KEY_AGREEMENT packet.
+It must not be sent in any other packet type.  The following diagram
+represents the Key Agreement Payload.
+
+
+.in 5
+.nf
+                     1                   2                   3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|        Hostname Length        |                               |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
+|                                                               |
+~                           Hostname                            ~
+|                                                               |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+|                             Port                              |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+.in 3
+
+.ce
+Figure 20:  Key Agreement Payload
+
+
+
+.in 6
+o Hostname Length (2 bytes) - Indicates the length of the Hostname
+  field.
+
+o Hostname (variable length) - The hostname or IP address where
+  the SKE protocol is running.  The sender may fill this field
+  when sending the payload.  If the receiver sends this payload
+  as reply to the request it must fill this field.
+
+o Port (4 bytes) - The port where the SKE protocol is bound.
+  The sender may fill this field when sending the payload.  If
+  the receiver sends this payload as reply to the request it 
+  must fill this field.  This is a 32 bit MSB first order value.
+.in 3
+
+

 .ti 0
 2.4 SILC ID Types
 
 .ti 0
 2.4 SILC ID Types
 

diff --git a/lib/silccore/silcauth.c b/lib/silccore/silcauth.c
index 9a00903b4d814b8a37eb555f5617e32d2be9022b..cd08d5edf7545f8b27d598c7ce8b7ce336b975af 100644 (file)
--- a/lib/silccore/silcauth.c
+++ b/lib/silccore/silcauth.c
@@ -284,3 +284,86 @@ int silc_auth_public_key_auth_verify_data(SilcBuffer payload,
 
   return ret;
 }
 
   return ret;
 }

+
+/******************************************************************************
+
+                            Key Agreement Payload
+
+******************************************************************************/
+
+/* The Key Agreement protocol structure */
+struct SilcKeyAgreementPayloadStruct {
+  unsigned short hostname_len;
+  unsigned char *hostname;
+  unsigned int port;
+};
+
+/* Parses and returns an allocated Key Agreement payload. */
+
+SilcKeyAgreementPayload silc_key_agreement_payload_parse(SilcBuffer buffer)
+{
+  SilcKeyAgreementPayload new;
+  int ret;
+
+  SILC_LOG_DEBUG(("Parsing Key Agreement Payload"));
+
+  new = silc_calloc(1, sizeof(*new));
+
+  /* Parse the payload */
+  ret = silc_buffer_unformat(buffer, 
+                            SILC_STR_UI16_NSTRING_ALLOC(&new->hostname,
+                                                        &new->hostname_len),
+                            SILC_STR_UI_INT(&new->port),
+                            SILC_STR_END);
+  if (ret == -1) {
+    silc_free(new);
+    return NULL;
+  }
+
+  return new;
+}
+
+/* Encodes the Key Agreement protocol and returns the encoded buffer */
+
+SilcBuffer silc_key_agreement_payload_encode(char *hostname,
+                                            unsigned int port)
+{
+  SilcBuffer buffer;
+  unsigned int len = strlen(hostname);
+
+  SILC_LOG_DEBUG(("Encoding Key Agreement Payload"));
+
+  buffer = silc_buffer_alloc(2 + len + 4);
+  silc_buffer_pull_tail(buffer, SILC_BUFFER_END(buffer));
+  silc_buffer_format(buffer,
+                    SILC_STR_UI_SHORT(len),
+                    SILC_STR_UI_XNSTRING(hostname, len),
+                    SILC_STR_UI_INT(port),
+                    SILC_STR_END);
+
+  return buffer;
+}
+
+/* Frees the Key Agreement protocol */
+
+void silc_key_agreement_payload_free(SilcKeyAgreementPayload payload)
+{
+  if (payload) {
+    silc_free(payload->hostname);
+    silc_free(payload);
+  }
+}
+
+/* Returns the hostname in the payload */
+
+char *silc_key_agreement_get_hostname(SilcKeyAgreementPayload payload)
+{
+  return payload->hostname;
+}
+
+/* Returns the port in the payload */
+
+unsigned int silc_key_agreement_get_port(SilcKeyAgreementPayload payload)
+{
+  return payload->port;
+}

diff --git a/lib/silccore/silcauth.h b/lib/silccore/silcauth.h
index 07a2466a39a57f0ec7a54ea0c1c34b497ea279d3..c691722c1e6e93c1717a2f6c2c512363b1b30496 100644 (file)
--- a/lib/silccore/silcauth.h
+++ b/lib/silccore/silcauth.h
@@ -24,6 +24,9 @@
 /* Forward declaration of the Authentication Payload */
 typedef struct SilcAuthPayloadStruct *SilcAuthPayload;
 
 /* Forward declaration of the Authentication Payload */
 typedef struct SilcAuthPayloadStruct *SilcAuthPayload;
 

+/* Forward declaration of the Key Agreement Payload */
+typedef struct SilcKeyAgreementPayloadStruct *SilcKeyAgreementPayload;
+

 /* Authentication method type */
 typedef unsigned short SilcAuthMethod;
 
 /* Authentication method type */
 typedef unsigned short SilcAuthMethod;
 


@@ -54,5 +57,11 @@ int silc_auth_public_key_auth_verify(SilcAuthPayload payload,
 int silc_auth_public_key_auth_verify_data(SilcBuffer payload,
                                          SilcPKCS pkcs, SilcHash hash,
                                          void *id, SilcIdType type);
 int silc_auth_public_key_auth_verify_data(SilcBuffer payload,
                                          SilcPKCS pkcs, SilcHash hash,
                                          void *id, SilcIdType type);

+SilcKeyAgreementPayload silc_key_agreement_payload_parse(SilcBuffer buffer);
+SilcBuffer silc_key_agreement_payload_encode(char *hostname,
+                                            unsigned int port);
+void silc_key_agreement_payload_free(SilcKeyAgreementPayload payload);
+char *silc_key_agreement_get_hostname(SilcKeyAgreementPayload payload);
+unsigned int silc_key_agreement_get_port(SilcKeyAgreementPayload payload);

 
 #endif
 
 #endif

diff --git a/lib/silccore/silcpacket.h b/lib/silccore/silcpacket.h
index ff047ea852830bc1f98d84fd440aa2dacff3a26f..fd4302303f50f10eaaac75cf8db1e72a4cd0f9ba 100644 (file)
--- a/lib/silccore/silcpacket.h
+++ b/lib/silccore/silcpacket.h
@@ -213,6 +213,7 @@ typedef void (*SilcPacketParserCallback)(SilcPacketParserContext
 #define SILC_PACKET_REKEY                22      /* Re-key start */
 #define SILC_PACKET_REKEY_DONE           23      /* Re-key done */
 #define SILC_PACKET_HEARTBEAT            24      /* Heartbeat */
 #define SILC_PACKET_REKEY                22      /* Re-key start */
 #define SILC_PACKET_REKEY_DONE           23      /* Re-key done */
 #define SILC_PACKET_HEARTBEAT            24      /* Heartbeat */

+#define SILC_PACKET_KEY_AGREEMENT        25      /* Key Agreement request */

 
 #define SILC_PACKET_PRIVATE              200     /* Private range start  */
 #define SILC_PACKET_MAX                  255     /* RESERVED */
 
 #define SILC_PACKET_PRIVATE              200     /* Private range start  */
 #define SILC_PACKET_MAX                  255     /* RESERVED */