| 1 | /* |
| 2 | * Copyright (c) 1997-1999 The Stanford SRP Authentication Project |
| 3 | * All Rights Reserved. |
| 4 | * |
| 5 | * Permission is hereby granted, free of charge, to any person obtaining |
| 6 | * a copy of this software and associated documentation files (the |
| 7 | * "Software"), to deal in the Software without restriction, including |
| 8 | * without limitation the rights to use, copy, modify, merge, publish, |
| 9 | * distribute, sublicense, and/or sell copies of the Software, and to |
| 10 | * permit persons to whom the Software is furnished to do so, subject to |
| 11 | * the following conditions: |
| 12 | * |
| 13 | * The above copyright notice and this permission notice shall be |
| 14 | * included in all copies or substantial portions of the Software. |
| 15 | * |
| 16 | * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, |
| 17 | * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY |
| 18 | * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. |
| 19 | * |
| 20 | * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, |
| 21 | * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER |
| 22 | * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF |
| 23 | * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT |
| 24 | * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 25 | * |
| 26 | * In addition, the following conditions apply: |
| 27 | * |
| 28 | * 1. Any software that incorporates the SRP authentication technology |
| 29 | * must display the following acknowlegment: |
| 30 | * "This product uses the 'Secure Remote Password' cryptographic |
| 31 | * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." |
| 32 | * |
| 33 | * 2. Any software that incorporates all or part of the SRP distribution |
| 34 | * itself must also display the following acknowledgment: |
| 35 | * "This product includes software developed by Tom Wu and Eugene |
| 36 | * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." |
| 37 | * |
| 38 | * 3. Redistributions in source or binary form must retain an intact copy |
| 39 | * of this copyright notice and list of conditions. |
| 40 | */ |
| 41 | |
| 42 | #include <stdio.h> |
| 43 | #include "t_defines.h" |
| 44 | #include "t_pwd.h" |
| 45 | #include "t_client.h" |
| 46 | |
| 47 | int |
| 48 | main() |
| 49 | { |
| 50 | int index; |
| 51 | struct t_client * tc; |
| 52 | struct t_preconf *tcp; |
| 53 | struct t_num n; |
| 54 | struct t_num g; |
| 55 | struct t_num s; |
| 56 | struct t_num B; |
| 57 | char username[MAXUSERLEN]; |
| 58 | char hexbuf[MAXHEXPARAMLEN]; |
| 59 | char buf1[MAXPARAMLEN], buf2[MAXPARAMLEN], buf3[MAXSALTLEN]; |
| 60 | unsigned char cbuf[20]; |
| 61 | struct t_num * A; |
| 62 | unsigned char * skey; |
| 63 | char pass[128]; |
| 64 | |
| 65 | printf("Enter username: "); |
| 66 | fgets(username, sizeof(username), stdin); |
| 67 | username[strlen(username) - 1] = '\0'; |
| 68 | printf("Enter index (from server): "); |
| 69 | fgets(hexbuf, sizeof(hexbuf), stdin); |
| 70 | index = atoi(hexbuf); |
| 71 | tcp = t_getpreparam(index - 1); |
| 72 | printf("Enter salt (from server): "); |
| 73 | fgets(hexbuf, sizeof(hexbuf), stdin); |
| 74 | s.data = buf3; |
| 75 | s.len = t_fromb64(s.data, hexbuf); |
| 76 | |
| 77 | tc = t_clientopen(username, &tcp->modulus, &tcp->generator, &s); |
| 78 | if (tc == 0) { |
| 79 | printf("invalid n, g\n"); |
| 80 | exit(1); |
| 81 | } |
| 82 | |
| 83 | A = t_clientgenexp(tc); |
| 84 | printf("A (to server): %s\n", t_tob64(hexbuf, A->data, A->len)); |
| 85 | |
| 86 | t_getpass(pass, 128, "Enter password:"); |
| 87 | t_clientpasswd(tc, pass); |
| 88 | |
| 89 | printf("Enter B (from server): "); |
| 90 | fgets(hexbuf, sizeof(hexbuf), stdin); |
| 91 | B.data = buf1; |
| 92 | B.len = t_fromb64(B.data, hexbuf); |
| 93 | |
| 94 | skey = t_clientgetkey(tc, &B); |
| 95 | printf("Session key: %s\n", t_tohex(hexbuf, skey, 40)); |
| 96 | printf("Response (to server): %s\n", |
| 97 | t_tohex(hexbuf, t_clientresponse(tc), RESPONSE_LEN)); |
| 98 | |
| 99 | printf("Enter server response: "); |
| 100 | fgets(hexbuf, sizeof(hexbuf), stdin); |
| 101 | hexbuf[strlen(hexbuf) - 1] = '\0'; |
| 102 | t_fromhex(cbuf, hexbuf); |
| 103 | |
| 104 | if (t_clientverify(tc, cbuf) == 0) |
| 105 | printf("Server authentication successful.\n"); |
| 106 | else |
| 107 | printf("Server authentication failed.\n"); |
| 108 | |
| 109 | t_clientclose(tc); |
| 110 | |
| 111 | return 0; |
| 112 | } |
| 113 | |
