SRP_CLIENT_builtin_param_verify_cb(SRP * srp, const unsigned char * mod, int modlen, const unsigned char * gen, int genlen)
{
struct t_preconf * tpc;
int i;
for(i = 0; i < t_getprecount(); ++i) {
tpc = t_getpreparam(i);
if(tpc->modulus.len == modlen && tpc->generator.len == genlen &&
memcmp(tpc->modulus.data, mod, modlen) == 0 &&
memcmp(tpc->generator.data, gen, genlen) == 0) {
return SRP_SUCCESS; /* Match found, done */
}
}
return SRP_ERROR;
}
void ssrp_setup(int pindex, cstr **out_mod, cstr **out_gen) {
SRP_initialize_library();
struct t_preconf *pc = NULL;
pc = t_getpreparam(pindex);
assert(pc != NULL && "Failed to get preparam.");
CONFIG.modulus.len = pc->modulus.len;
CONFIG.modulus.data = pc->modulus.data;
CONFIG.generator.len = pc->generator.len;
CONFIG.generator.data = pc->generator.data;
CONFIG.index = pindex - 1;
*out_mod = cstr_createn(pc->modulus.data, pc->modulus.len);
assert(*out_mod != NULL && "Failed to create modulus string.");
*out_gen = cstr_createn(pc->generator.data, pc->generator.len);
assert(*out_gen != NULL && "Failed to create generator string.");
}
static bool
handle_prime(void)
{
struct ead_msg_salt *sb = EAD_DATA(msg, salt);
salt.len = sb->len;
memcpy(salt.data, sb->salt, salt.len);
if (auth_type == EAD_AUTH_MD5) {
memcpy(pw_salt, sb->ext_salt, MAXSALTLEN);
pw_salt[MAXSALTLEN - 1] = 0;
}
tcp = t_getpreparam(sb->prime);
tc = t_clientopen(username, &tcp->modulus, &tcp->generator, &salt);
if (!tc) {
fprintf(stderr, "Client open failed\n");
return false;
}
return true;
}
int
main()
{
int index;
struct t_client * tc;
struct t_preconf *tcp;
struct t_num n;
struct t_num g;
struct t_num s;
struct t_num B;
char username[MAXUSERLEN];
char hexbuf[MAXHEXPARAMLEN];
char buf1[MAXPARAMLEN], buf2[MAXPARAMLEN], buf3[MAXSALTLEN];
unsigned char cbuf[20];
struct t_num * A;
unsigned char * skey;
char pass[128];
printf("Enter username: "******"Enter index (from server): ");
fgets(hexbuf, sizeof(hexbuf), stdin);
index = atoi(hexbuf);
tcp = t_getpreparam(index - 1);
printf("Enter salt (from server): ");
fgets(hexbuf, sizeof(hexbuf), stdin);
s.data = buf3;
s.len = t_fromb64(s.data, hexbuf);
tc = t_clientopen(username, &tcp->modulus, &tcp->generator, &s);
if (tc == 0) {
printf("invalid n, g\n");
exit(1);
}
A = t_clientgenexp(tc);
printf("A (to server): %s\n", t_tob64(hexbuf, A->data, A->len));
t_getpass(pass, 128, "Enter password:"******"Enter B (from server): ");
fgets(hexbuf, sizeof(hexbuf), stdin);
B.data = buf1;
B.len = t_fromb64(B.data, hexbuf);
skey = t_clientgetkey(tc, &B);
printf("Session key: %s\n", t_tohex(hexbuf, skey, 40));
printf("Response (to server): %s\n",
t_tohex(hexbuf, t_clientresponse(tc), RESPONSE_LEN));
printf("Enter server response: ");
fgets(hexbuf, sizeof(hexbuf), stdin);
hexbuf[strlen(hexbuf) - 1] = '\0';
t_fromhex(cbuf, hexbuf);
if (t_clientverify(tc, cbuf) == 0)
printf("Server authentication successful.\n");
else
printf("Server authentication failed.\n");
t_clientclose(tc);
return 0;
}
int tsrp_client_authenticate(int s, char *user, char *pass, TSRP_SESSION *tsrp)
{
int i, index;
unsigned char username[MAXUSERLEN + 1], sbuf[MAXSALTLEN];
unsigned char msgbuf[MAXPARAMLEN + 1], bbuf[MAXPARAMLEN];
unsigned char passbuf[128], *skey;
struct t_client *tc;
struct t_preconf *tcp; /* @@@ should go away */
struct t_num salt, *A, B;
/* Send the username. */
i = strlen(user);
if (i > MAXUSERLEN) {
i = MAXUSERLEN;
}
msgbuf[0] = i;
memcpy(msgbuf + 1, user, i);
if (send(s, msgbuf, i + 1, 0) < 0) {
return 0;
}
memcpy(username, user, i);
username[i] = '\0';
/* Get the prime index and salt. */
i = recv(s, msgbuf, 2, MSG_WAITALL);
if (i <= 0) {
return 0;
}
index = msgbuf[0];
if (index <= 0 || index > t_getprecount()) {
return 0;
}
tcp = t_getpreparam(index - 1);
salt.len = msgbuf[1];
if (salt.len > MAXSALTLEN) {
return 0;
}
salt.data = sbuf;
i = recv(s, sbuf, salt.len, MSG_WAITALL);
if (i <= 0) {
return 0;
}
/* @@@ t_clientopen() needs a variant that takes the index */
tc = t_clientopen(username, &tcp->modulus, &tcp->generator, &salt);
if (tc == NULL) {
return 0;
}
/* Calculate A and send it to the server. */
A = t_clientgenexp(tc);
msgbuf[0] = A->len - 1; /* len is max 256 */
memcpy(msgbuf + 1, A->data, A->len);
if (send(s, msgbuf, A->len + 1, 0) < 0) {
return 0;
}
/* Ask the user for the passphrase. */
if (pass == NULL) {
t_getpass(passbuf, sizeof(passbuf), "Enter password:");
pass = passbuf;
}
t_clientpasswd(tc, pass);
/* Get B from the server. */
i = recv(s, msgbuf, 1, 0);
if (i <= 0) {
return 0;
}
B.len = msgbuf[0] + 1;
B.data = bbuf;
i = recv(s, bbuf, B.len, MSG_WAITALL);
if (i <= 0) {
return 0;
}
/* Compute the session key. */
skey = t_clientgetkey(tc, &B);
if (skey == NULL) {
return 0;
}
/* Send the response. */
if (send(s, t_clientresponse(tc), RESPONSE_LEN, 0) < 0) {
return 0;
}
/* Get the server's response. */
i = recv(s, msgbuf, RESPONSE_LEN, MSG_WAITALL);
if (i <= 0) {
return 0;
}
if (t_clientverify(tc, msgbuf) != 0) {
return 0;
}
/* All done. Now copy the key and clean up. */
if (tsrp) {
memcpy(tsrp->username, username, strlen(username) + 1);
memcpy(tsrp->key, skey, SESSION_KEY_LEN);
}
t_clientclose(tc);
return 1;
}
