updates.

diff --git a/CHANGES b/CHANGES
index 2894edaf133bee80db2c76e793733a563c27a39b..cca910386bc7f3f470c7b31773908217d3115a98 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+Wed Feb 21 00:10:00 EET 2001  Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+       * Associated the ID (client or server ID) to the Authentication
+         Payload to avoid any possibility of forging.  Updated the
+         protocol specification and the code accordingly.
+
 Tue Feb 20 14:14:14 EET 2001  Pekka Riikonen <priikone@poseidon.pspt.fi>
 
        * The RSA key length is now save to the RsaKey context in the

diff --git a/doc/draft-riikonen-silc-spec-01.nroff b/doc/draft-riikonen-silc-spec-01.nroff
index da521280f3eec8696c4f93f8954f51ccb68eea2a..31f490f00d6836b03708e589f49e65bcc06b93f0 100644 (file)
--- a/doc/draft-riikonen-silc-spec-01.nroff
+++ b/doc/draft-riikonen-silc-spec-01.nroff
@@ -1101,18 +1101,22 @@ plaintext password since the entire payload is encrypted.
 If the authentication method is public key based (or certificate)
 the Authentication Data is computed as follows:
 
-  HASH = hash(random bytes | public key (or certificate));
+  HASH = hash(random bytes | ID | public key (or certificate));
   Authentication Data = sign(HASH);
 
-The hash() and sign() are the hash funtion and the public key cryptography
-function selected in the SKE protocol.  The public key is SILC style
-public key unless certificates are used.  The random bytes are non-zero
-random bytes of length between 128 and 4096 bytes, and will be included
-into the Public Data field as is.  The receiver will compute the signature
-using the random data received in the payload and the public key (or
-certificate) received in the SKE protocol.  After computing the receiver
-must verify the signature.  In this case also, the entire payload is
-encrypted.
+The hash() and the sign() are the hash funtion and the public key
+cryptography function selected in the SKE protocol.  The public key
+is SILC style public key unless certificates are used.  The ID is the
+entity's ID (Client or Server ID) who is authenticating itself.  The ID
+is raw ID data.  The random bytes are non-zero random bytes of length
+between 128 and 4096 bytes, and will be included into the Public Data
+field as is.
+
+The receiver will compute the signature using the random data received
+in the payload, the ID associated to the connection and the public key
+(or certificate) received in the SKE protocol.  After computing the
+receiver must verify the signature.  In this case also, the entire
+payload is encrypted.
 
 
 .ti 0

diff --git a/lib/silccore/silcauth.c b/lib/silccore/silcauth.c
index ba2f5c8e1008873556b5e15baacf328d34b5e6bc..4bee9bada246cd2ab4d14277adb3fd2412dbb684 100644 (file)
--- a/lib/silccore/silcauth.c
+++ b/lib/silccore/silcauth.c
@@ -132,21 +132,30 @@ void silc_auth_payload_free(SilcAuthPayload payload)
    dictates. */
 
 static unsigned char *
-silc_auth_public_key_encode(SilcPKCS pkcs, unsigned char *random,
-                           unsigned int random_len, unsigned int *ret_len)
+silc_auth_public_key_encode_data(SilcPKCS pkcs, unsigned char *random,
+                                unsigned int random_len, void *id,
+                                SilcIdType type, unsigned int *ret_len)
 {
   SilcBuffer buf;
-  unsigned char *pk, *ret;
-  unsigned int pk_len;
+  unsigned char *pk, *id_data, *ret;
+  unsigned int pk_len, id_len;
 
   pk = silc_pkcs_get_public_key(pkcs, &pk_len);
   if (!pk)
     return NULL;
 
+  id_data = silc_id_id2str(id, type);
+  if (!id_data) {
+    silc_free(pk);
+    return NULL;
+  }
+  id_len = silc_id_get_len(type);
+
   buf = silc_buffer_alloc(random_len + pk_len);
   silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
   silc_buffer_format(buf,
                     SILC_STR_UI_XNSTRING(random, random_len),
+                    SILC_STR_UI_XNSTRING(id_data, id_len),
                     SILC_STR_UI_XNSTRING(pk, pk_len),
                     SILC_STR_END);
   
@@ -157,6 +166,7 @@ silc_auth_public_key_encode(SilcPKCS pkcs, unsigned char *random,
     *ret_len = buf->len;
 
   silc_buffer_free(buf);
+  silc_free(id_data);
   silc_free(pk);
 
   return ret;
@@ -167,7 +177,8 @@ silc_auth_public_key_encode(SilcPKCS pkcs, unsigned char *random,
    and the actual authentication data. Returns NULL on error. */
 
 SilcBuffer silc_auth_public_key_auth_generate(SilcPKCS pkcs,
-                                             SilcHash hash)
+                                             SilcHash hash,
+                                             void *id, SilcIdType type)
 {
   unsigned char *random;
   unsigned char auth_data[32];
@@ -184,7 +195,8 @@ SilcBuffer silc_auth_public_key_auth_generate(SilcPKCS pkcs,
     return NULL;
   
   /* Encode the auth data */
-  tmp = silc_auth_public_key_encode(pkcs, random, 256, &tmp_len);
+  tmp = silc_auth_public_key_encode_data(pkcs, random, 256, id, type, 
+                                        &tmp_len);
   if (!tmp)
     return NULL;
 
@@ -215,7 +227,8 @@ SilcBuffer silc_auth_public_key_auth_generate(SilcPKCS pkcs,
    successfull. */
 
 int silc_auth_public_key_auth_verify(SilcAuthPayload payload,
-                                    SilcPKCS pkcs, SilcHash hash)
+                                    SilcPKCS pkcs, SilcHash hash,
+                                    void *id, SilcIdType type)
 {
   unsigned char *tmp;
   unsigned int tmp_len;
@@ -223,8 +236,9 @@ int silc_auth_public_key_auth_verify(SilcAuthPayload payload,
   SILC_LOG_DEBUG(("Verifying authentication data"));
 
   /* Encode auth data */
-  tmp = silc_auth_public_key_encode(pkcs, payload->random_data, 
-                                   payload->random_len, &tmp_len);
+  tmp = silc_auth_public_key_encode_data(pkcs, payload->random_data, 
+                                        payload->random_len, 
+                                        id, type, &tmp_len);
   if (!tmp) {
     SILC_LOG_DEBUG(("Authentication failed"));
     return FALSE;
@@ -251,7 +265,8 @@ int silc_auth_public_key_auth_verify(SilcAuthPayload payload,
 /* Same as above but the payload is not parsed yet. This will parse it. */
 
 int silc_auth_public_key_auth_verify_data(SilcBuffer payload,
-                                         SilcPKCS pkcs, SilcHash hash)
+                                         SilcPKCS pkcs, SilcHash hash,
+                                         void *id, SilcIdType type)
 {
   SilcAuthPayload auth_payload;
   int ret;
@@ -262,7 +277,8 @@ int silc_auth_public_key_auth_verify_data(SilcBuffer payload,
     return FALSE;
   }
 
-  ret = silc_auth_public_key_auth_verify(auth_payload, pkcs, hash);
+  ret = silc_auth_public_key_auth_verify(auth_payload, pkcs, hash, 
+                                        id, type);
 
   silc_auth_payload_free(auth_payload);
 

diff --git a/lib/silccore/silcauth.h b/lib/silccore/silcauth.h
index a7a74a5a8011c847289b31274242b6e076e3d988..07a2466a39a57f0ec7a54ea0c1c34b497ea279d3 100644 (file)
--- a/lib/silccore/silcauth.h
+++ b/lib/silccore/silcauth.h
@@ -46,10 +46,13 @@ SilcBuffer silc_auth_payload_encode(SilcAuthMethod method,
                                    unsigned short auth_len);
 void silc_auth_payload_free(SilcAuthPayload payload);
 SilcBuffer silc_auth_public_key_auth_generate(SilcPKCS pkcs,
-                                             SilcHash hash);
-int silc_auth_public_key_auth_verify(SilcAuthPayload paylaod,
-                                    SilcPKCS pkcs, SilcHash hash);
+                                             SilcHash hash,
+                                             void *id, SilcIdType type);
+int silc_auth_public_key_auth_verify(SilcAuthPayload payload,
+                                    SilcPKCS pkcs, SilcHash hash,
+                                    void *id, SilcIdType type);
 int silc_auth_public_key_auth_verify_data(SilcBuffer payload,
-                                         SilcPKCS pkcs, SilcHash hash);
+                                         SilcPKCS pkcs, SilcHash hash,
+                                         void *id, SilcIdType type);
 
 #endif