From: Pekka Riikonen Date: Tue, 27 Feb 2001 09:53:00 +0000 (+0000) Subject: updates. X-Git-Tag: SILC.0.1~158 X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff_plain;h=9f7c7f0df8ad34668409608d5a1507da55395f39 updates. --- diff --git a/CHANGES b/CHANGES index f970f7c9..e8a99109 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,15 @@ +Tue Feb 27 11:28:31 EET 2001 Pekka Riikonen + + * Added new packet type: SILC_PACKET_KEY_AGREEMENT. This packet + is used by clients to request key negotiation between another + client in the SILC network. If the negotiation is started it + is performed using the SKE protocol. The result of the + negotiation, the secret key material, can be used for example + as private message key. + + Implemented the Key Agreement payload into the files + lib/silccore/silauth.[ch]. + Mon Feb 26 12:13:58 EET 2001 Pekka Riikonen * Redefined ciphers for the SILC protocol. Added some new ciphers diff --git a/doc/draft-riikonen-silc-pp-01.nroff b/doc/draft-riikonen-silc-pp-01.nroff index 68283cb7..74411196 100644 --- a/doc/draft-riikonen-silc-pp-01.nroff +++ b/doc/draft-riikonen-silc-pp-01.nroff @@ -97,6 +97,7 @@ Table of Contents 2.3.17 New Client Payload ................................. 31 2.3.18 New Server Payload ................................. 32 2.3.19 New Channel Payload ................................ 33 + 2.3.20 Key Agreement Payload .............................. XXX 2.4 SILC ID Types ............................................. 39 2.5 Packet Encryption And Decryption .......................... 39 2.5.1 Normal Packet Encryption And Decryption ............. 39 @@ -648,7 +649,7 @@ List of SILC Packet types are defined as follows. This packet must not be sent as list and the List flag must not be set. - Payload of the packet: See section 2.3.19 New Client Payload + Payload of the packet: See section 2.3.17 New Client Payload 20 SILC_PACKET_NEW_SERVER @@ -664,7 +665,7 @@ List of SILC Packet types are defined as follows. This packet must not be sent as list and the List flag must not be set. - Payload of the packet: See section 2.3.20 New Server Payload + Payload of the packet: See section 2.3.18 New Server Payload 21 SILC_PACKET_NEW_CHANNEL @@ -676,7 +677,7 @@ List of SILC Packet types are defined as follows. packet. This packet maybe sent to entity that is indirectly connected to the sender. - Payload of the packet: See section 2.3.21 New Channel Payload + Payload of the packet: See section 2.3.19 New Channel Payload 22 SILC_PACKET_REKEY @@ -713,7 +714,19 @@ List of SILC Packet types are defined as follows. not be set. - 25 - 199 + 25 SILC_PACKET_KEY_AGREEMENT + + This packet is used by clients to request key negotiation + between another client in the SILC network. If the negotiation + is started it is performed using the SKE protocol. The result of + the negotiation, the secret key material, can be used for + example as private message key. The server and router must not + send this packet. + + Payload of the packet: See section 2.3.20 Key Agreement Payload + + + 26 - 199 Currently undefined commands. @@ -1725,7 +1738,7 @@ The packet uses generic ID Payload as New ID Payload. See section .ti 0 -2.3.18 New Client Payload +2.3.17 New Client Payload When client is connected to the server, keys has been exchanged and connection has been authenticated client must register itself to the @@ -1786,7 +1799,7 @@ o Real Name (variable length) - The real name of the user .ti 0 -2.3.19 New Server Payload +2.3.18 New Server Payload This payload is sent by server when it has completed successfully both key exchange and connection authentication protocols. The server @@ -1841,7 +1854,7 @@ o Server Name (variable length) - The server name. .ti 0 -2.3.20 New Channel Payload +2.3.19 New Channel Payload Information about newly created channel is broadcasted to all routers in the SILC network by sending this packet payload. Channels are @@ -1857,8 +1870,6 @@ It must not be sent in any other packet type. The following diagram represents the New Channel Payload. - - .in 5 .nf 1 2 3 @@ -1895,6 +1906,67 @@ o Channel ID (variable length) - The created Channel ID. .in 3 +.ti 0 +2.3.20 Key Agreement Payload + +This payload is used by clients to request key negotiation between +another client in the SILC Network. The key agreement protocol used +is the SKE protocol. The result of the protocol, the secret key +material, can be used for example as private message key between the +two clients. This significantly adds security as the key agreement +is performed outside the SILC network. The server and router must not +send this payload. + +The sender may tell the receiver of this payload the hostname and the +port where the SKE protocol is running in the sender's end. The +receiver may then initiate the SKE negotiation with the sender. The +sender may also optionally not to include the hostname and the port +of its SKE protocol. In this case the receiver may reply to the +request by sending the same payload filled with the receiver's hostname +and the port where the SKE protocol is running. The sender may then +initiate the SKE negotiation with the receiver. + +The payload may only be sent with SILC_PACKET_KEY_AGREEMENT packet. +It must not be sent in any other packet type. The following diagram +represents the Key Agreement Payload. + + +.in 5 +.nf + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +| Hostname Length | | ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +| | +~ Hostname ~ +| | ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +| Port | ++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +.in 3 + +.ce +Figure 20: Key Agreement Payload + + + +.in 6 +o Hostname Length (2 bytes) - Indicates the length of the Hostname + field. + +o Hostname (variable length) - The hostname or IP address where + the SKE protocol is running. The sender may fill this field + when sending the payload. If the receiver sends this payload + as reply to the request it must fill this field. + +o Port (4 bytes) - The port where the SKE protocol is bound. + The sender may fill this field when sending the payload. If + the receiver sends this payload as reply to the request it + must fill this field. This is a 32 bit MSB first order value. +.in 3 + + .ti 0 2.4 SILC ID Types diff --git a/lib/silccore/silcauth.c b/lib/silccore/silcauth.c index 9a00903b..cd08d5ed 100644 --- a/lib/silccore/silcauth.c +++ b/lib/silccore/silcauth.c @@ -284,3 +284,86 @@ int silc_auth_public_key_auth_verify_data(SilcBuffer payload, return ret; } + +/****************************************************************************** + + Key Agreement Payload + +******************************************************************************/ + +/* The Key Agreement protocol structure */ +struct SilcKeyAgreementPayloadStruct { + unsigned short hostname_len; + unsigned char *hostname; + unsigned int port; +}; + +/* Parses and returns an allocated Key Agreement payload. */ + +SilcKeyAgreementPayload silc_key_agreement_payload_parse(SilcBuffer buffer) +{ + SilcKeyAgreementPayload new; + int ret; + + SILC_LOG_DEBUG(("Parsing Key Agreement Payload")); + + new = silc_calloc(1, sizeof(*new)); + + /* Parse the payload */ + ret = silc_buffer_unformat(buffer, + SILC_STR_UI16_NSTRING_ALLOC(&new->hostname, + &new->hostname_len), + SILC_STR_UI_INT(&new->port), + SILC_STR_END); + if (ret == -1) { + silc_free(new); + return NULL; + } + + return new; +} + +/* Encodes the Key Agreement protocol and returns the encoded buffer */ + +SilcBuffer silc_key_agreement_payload_encode(char *hostname, + unsigned int port) +{ + SilcBuffer buffer; + unsigned int len = strlen(hostname); + + SILC_LOG_DEBUG(("Encoding Key Agreement Payload")); + + buffer = silc_buffer_alloc(2 + len + 4); + silc_buffer_pull_tail(buffer, SILC_BUFFER_END(buffer)); + silc_buffer_format(buffer, + SILC_STR_UI_SHORT(len), + SILC_STR_UI_XNSTRING(hostname, len), + SILC_STR_UI_INT(port), + SILC_STR_END); + + return buffer; +} + +/* Frees the Key Agreement protocol */ + +void silc_key_agreement_payload_free(SilcKeyAgreementPayload payload) +{ + if (payload) { + silc_free(payload->hostname); + silc_free(payload); + } +} + +/* Returns the hostname in the payload */ + +char *silc_key_agreement_get_hostname(SilcKeyAgreementPayload payload) +{ + return payload->hostname; +} + +/* Returns the port in the payload */ + +unsigned int silc_key_agreement_get_port(SilcKeyAgreementPayload payload) +{ + return payload->port; +} diff --git a/lib/silccore/silcauth.h b/lib/silccore/silcauth.h index 07a2466a..c691722c 100644 --- a/lib/silccore/silcauth.h +++ b/lib/silccore/silcauth.h @@ -24,6 +24,9 @@ /* Forward declaration of the Authentication Payload */ typedef struct SilcAuthPayloadStruct *SilcAuthPayload; +/* Forward declaration of the Key Agreement Payload */ +typedef struct SilcKeyAgreementPayloadStruct *SilcKeyAgreementPayload; + /* Authentication method type */ typedef unsigned short SilcAuthMethod; @@ -54,5 +57,11 @@ int silc_auth_public_key_auth_verify(SilcAuthPayload payload, int silc_auth_public_key_auth_verify_data(SilcBuffer payload, SilcPKCS pkcs, SilcHash hash, void *id, SilcIdType type); +SilcKeyAgreementPayload silc_key_agreement_payload_parse(SilcBuffer buffer); +SilcBuffer silc_key_agreement_payload_encode(char *hostname, + unsigned int port); +void silc_key_agreement_payload_free(SilcKeyAgreementPayload payload); +char *silc_key_agreement_get_hostname(SilcKeyAgreementPayload payload); +unsigned int silc_key_agreement_get_port(SilcKeyAgreementPayload payload); #endif diff --git a/lib/silccore/silcpacket.h b/lib/silccore/silcpacket.h index ff047ea8..fd430230 100644 --- a/lib/silccore/silcpacket.h +++ b/lib/silccore/silcpacket.h @@ -213,6 +213,7 @@ typedef void (*SilcPacketParserCallback)(SilcPacketParserContext #define SILC_PACKET_REKEY 22 /* Re-key start */ #define SILC_PACKET_REKEY_DONE 23 /* Re-key done */ #define SILC_PACKET_HEARTBEAT 24 /* Heartbeat */ +#define SILC_PACKET_KEY_AGREEMENT 25 /* Key Agreement request */ #define SILC_PACKET_PRIVATE 200 /* Private range start */ #define SILC_PACKET_MAX 255 /* RESERVED */