From e2ef7d59c5a32bfd80d812a4ed41e3f53af8fc33 Mon Sep 17 00:00:00 2001
From: Pekka Riikonen <priikone@silcnet.org>
Date: Tue, 20 Feb 2001 22:17:54 +0000
Subject: [PATCH] 	updates.

---
 CHANGES                               |  6 +++++
 doc/draft-riikonen-silc-spec-01.nroff | 24 ++++++++++-------
 lib/silccore/silcauth.c               | 38 +++++++++++++++++++--------
 lib/silccore/silcauth.h               | 11 +++++---
 4 files changed, 54 insertions(+), 25 deletions(-)

diff --git a/CHANGES b/CHANGES
index 2894edaf..cca91038 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+Wed Feb 21 00:10:00 EET 2001  Pekka Riikonen <priikone@poseidon.pspt.fi>
+
+	* Associated the ID (client or server ID) to the Authentication
+	  Payload to avoid any possibility of forging.  Updated the
+	  protocol specification and the code accordingly.
+
 Tue Feb 20 14:14:14 EET 2001  Pekka Riikonen <priikone@poseidon.pspt.fi>
 
 	* The RSA key length is now save to the RsaKey context in the
diff --git a/doc/draft-riikonen-silc-spec-01.nroff b/doc/draft-riikonen-silc-spec-01.nroff
index da521280..31f490f0 100644
--- a/doc/draft-riikonen-silc-spec-01.nroff
+++ b/doc/draft-riikonen-silc-spec-01.nroff
@@ -1101,18 +1101,22 @@ plaintext password since the entire payload is encrypted.
 If the authentication method is public key based (or certificate)
 the Authentication Data is computed as follows:
 
-  HASH = hash(random bytes | public key (or certificate));
+  HASH = hash(random bytes | ID | public key (or certificate));
   Authentication Data = sign(HASH);
 
-The hash() and sign() are the hash funtion and the public key cryptography
-function selected in the SKE protocol.  The public key is SILC style
-public key unless certificates are used.  The random bytes are non-zero
-random bytes of length between 128 and 4096 bytes, and will be included
-into the Public Data field as is.  The receiver will compute the signature
-using the random data received in the payload and the public key (or
-certificate) received in the SKE protocol.  After computing the receiver
-must verify the signature.  In this case also, the entire payload is
-encrypted.
+The hash() and the sign() are the hash funtion and the public key
+cryptography function selected in the SKE protocol.  The public key
+is SILC style public key unless certificates are used.  The ID is the
+entity's ID (Client or Server ID) who is authenticating itself.  The ID
+is raw ID data.  The random bytes are non-zero random bytes of length
+between 128 and 4096 bytes, and will be included into the Public Data
+field as is.
+
+The receiver will compute the signature using the random data received
+in the payload, the ID associated to the connection and the public key
+(or certificate) received in the SKE protocol.  After computing the
+receiver must verify the signature.  In this case also, the entire
+payload is encrypted.
 
 
 .ti 0
diff --git a/lib/silccore/silcauth.c b/lib/silccore/silcauth.c
index ba2f5c8e..4bee9bad 100644
--- a/lib/silccore/silcauth.c
+++ b/lib/silccore/silcauth.c
@@ -132,21 +132,30 @@ void silc_auth_payload_free(SilcAuthPayload payload)
    dictates. */
 
 static unsigned char *
-silc_auth_public_key_encode(SilcPKCS pkcs, unsigned char *random,
-			    unsigned int random_len, unsigned int *ret_len)
+silc_auth_public_key_encode_data(SilcPKCS pkcs, unsigned char *random,
+				 unsigned int random_len, void *id,
+				 SilcIdType type, unsigned int *ret_len)
 {
   SilcBuffer buf;
-  unsigned char *pk, *ret;
-  unsigned int pk_len;
+  unsigned char *pk, *id_data, *ret;
+  unsigned int pk_len, id_len;
 
   pk = silc_pkcs_get_public_key(pkcs, &pk_len);
   if (!pk)
     return NULL;
 
+  id_data = silc_id_id2str(id, type);
+  if (!id_data) {
+    silc_free(pk);
+    return NULL;
+  }
+  id_len = silc_id_get_len(type);
+
   buf = silc_buffer_alloc(random_len + pk_len);
   silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
   silc_buffer_format(buf,
 		     SILC_STR_UI_XNSTRING(random, random_len),
+		     SILC_STR_UI_XNSTRING(id_data, id_len),
 		     SILC_STR_UI_XNSTRING(pk, pk_len),
 		     SILC_STR_END);
   
@@ -157,6 +166,7 @@ silc_auth_public_key_encode(SilcPKCS pkcs, unsigned char *random,
     *ret_len = buf->len;
 
   silc_buffer_free(buf);
+  silc_free(id_data);
   silc_free(pk);
 
   return ret;
@@ -167,7 +177,8 @@ silc_auth_public_key_encode(SilcPKCS pkcs, unsigned char *random,
    and the actual authentication data. Returns NULL on error. */
 
 SilcBuffer silc_auth_public_key_auth_generate(SilcPKCS pkcs,
-					      SilcHash hash)
+					      SilcHash hash,
+					      void *id, SilcIdType type)
 {
   unsigned char *random;
   unsigned char auth_data[32];
@@ -184,7 +195,8 @@ SilcBuffer silc_auth_public_key_auth_generate(SilcPKCS pkcs,
     return NULL;
   
   /* Encode the auth data */
-  tmp = silc_auth_public_key_encode(pkcs, random, 256, &tmp_len);
+  tmp = silc_auth_public_key_encode_data(pkcs, random, 256, id, type, 
+					 &tmp_len);
   if (!tmp)
     return NULL;
 
@@ -215,7 +227,8 @@ SilcBuffer silc_auth_public_key_auth_generate(SilcPKCS pkcs,
    successfull. */
 
 int silc_auth_public_key_auth_verify(SilcAuthPayload payload,
-				     SilcPKCS pkcs, SilcHash hash)
+				     SilcPKCS pkcs, SilcHash hash,
+				     void *id, SilcIdType type)
 {
   unsigned char *tmp;
   unsigned int tmp_len;
@@ -223,8 +236,9 @@ int silc_auth_public_key_auth_verify(SilcAuthPayload payload,
   SILC_LOG_DEBUG(("Verifying authentication data"));
 
   /* Encode auth data */
-  tmp = silc_auth_public_key_encode(pkcs, payload->random_data, 
-				    payload->random_len, &tmp_len);
+  tmp = silc_auth_public_key_encode_data(pkcs, payload->random_data, 
+					 payload->random_len, 
+					 id, type, &tmp_len);
   if (!tmp) {
     SILC_LOG_DEBUG(("Authentication failed"));
     return FALSE;
@@ -251,7 +265,8 @@ int silc_auth_public_key_auth_verify(SilcAuthPayload payload,
 /* Same as above but the payload is not parsed yet. This will parse it. */
 
 int silc_auth_public_key_auth_verify_data(SilcBuffer payload,
-					  SilcPKCS pkcs, SilcHash hash)
+					  SilcPKCS pkcs, SilcHash hash,
+					  void *id, SilcIdType type)
 {
   SilcAuthPayload auth_payload;
   int ret;
@@ -262,7 +277,8 @@ int silc_auth_public_key_auth_verify_data(SilcBuffer payload,
     return FALSE;
   }
 
-  ret = silc_auth_public_key_auth_verify(auth_payload, pkcs, hash);
+  ret = silc_auth_public_key_auth_verify(auth_payload, pkcs, hash, 
+					 id, type);
 
   silc_auth_payload_free(auth_payload);
 
diff --git a/lib/silccore/silcauth.h b/lib/silccore/silcauth.h
index a7a74a5a..07a2466a 100644
--- a/lib/silccore/silcauth.h
+++ b/lib/silccore/silcauth.h
@@ -46,10 +46,13 @@ SilcBuffer silc_auth_payload_encode(SilcAuthMethod method,
 				    unsigned short auth_len);
 void silc_auth_payload_free(SilcAuthPayload payload);
 SilcBuffer silc_auth_public_key_auth_generate(SilcPKCS pkcs,
-					      SilcHash hash);
-int silc_auth_public_key_auth_verify(SilcAuthPayload paylaod,
-				     SilcPKCS pkcs, SilcHash hash);
+					      SilcHash hash,
+					      void *id, SilcIdType type);
+int silc_auth_public_key_auth_verify(SilcAuthPayload payload,
+				     SilcPKCS pkcs, SilcHash hash,
+				     void *id, SilcIdType type);
 int silc_auth_public_key_auth_verify_data(SilcBuffer payload,
-					  SilcPKCS pkcs, SilcHash hash);
+					  SilcPKCS pkcs, SilcHash hash,
+					  void *id, SilcIdType type);
 
 #endif
-- 
2.24.0