1 /* client-cksum.c --- Sample Shishi authenticated client, with checksum data.
2 * Copyright (C) 2003, 2004 Simon Josefsson
4 * This file is part of Shishi.
6 * Shishi is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * Shishi is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with Shishi; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
28 #define SERVICE "sample"
31 const char *program_name
= "client";
34 doit (Shishi
* handle
, Shishi_ap
* ap
, int verbose
)
39 /* XXX Unfinished application-level security */
40 res
= shishi_safe (handle
, &safe
);
43 printf ("Could not build SAFE: %s\n", shishi_strerror (res
));
47 res
= shishi_safe_set_user_data (handle
, shishi_safe_safe (safe
), "foo", 0);
50 printf ("Could not set application data in SAFE: %s\n",
51 shishi_strerror (res
));
55 res
= shishi_safe_build (safe
, key
);
58 printf ("Could not build SAFE: %s\n", shishi_strerror (res
));
62 res
= shishi_safe_print (handle
, stdout
, shishi_safe_safe (safe
));
65 printf ("Could not print SAFE: %s\n", shishi_strerror (res
));
70 printf ("Application exchange start. Press ^D to finish.\n");
72 while (fgets (line
, sizeof (line
), stdin
))
74 printf ("read: %s", line
);
79 printf ("error reading stdin\n");
87 auth (Shishi
* h
, int verbose
, const char *cname
, const char *sname
)
91 Shishi_tkts_hint hint
;
94 printf ("Client: %s\n", cname
);
95 printf ("Server: %s\n", sname
);
97 /* Get a ticket for the server. */
99 memset (&hint
, 0, sizeof (hint
));
100 hint
.client
= (char *) cname
;
101 hint
.server
= (char *) sname
;
102 tkt
= shishi_tkts_get (shishi_tkts_default (h
), &hint
);
105 printf ("cannot find ticket for \"%s\"\n", sname
);
110 shishi_tkt_pretty_print (tkt
, stderr
);
112 /* Create Authentication context */
114 rc
= shishi_ap_tktoptions (h
, &ap
, tkt
, SHISHI_APOPTIONS_MUTUAL_REQUIRED
);
117 printf ("cannot create authentication context\n");
121 /* Add checksum of some application data to the AP.
123 * Note that only a pointer to this memory area is stored in the AP,
124 * so you MUST keep it allocated, at least until
125 * shishi_ap_req_build(ap) is finished. This might be changed in
126 * the future, probably by copying the data into the AP.
129 shishi_ap_authenticator_cksumdata_set (ap
, "attack at dawn",
130 strlen ("attack at dawn"));
132 /* Build Authentication request */
134 rc
= shishi_ap_req_build (ap
);
137 printf ("cannot build authentication request: %s\n",
138 shishi_strerror (rc
));
143 shishi_authenticator_print (h
, stderr
, shishi_ap_authenticator (ap
));
145 /* Authentication ourself to server */
147 shishi_apreq_print (h
, stdout
, shishi_ap_req (ap
));
148 /* Note: to get the binary blob to send, use:
150 * char *out; int outlen;
152 * rc = shishi_ap_req_der (ap, &out, &outlen);
154 * write(fd, out, outlen);
157 /* For mutual authentication, wait for server reply. */
159 if (shishi_apreq_mutual_required_p (h
, shishi_ap_req (ap
)))
163 printf ("Waiting for server to authenticate itself...\n");
165 rc
= shishi_aprep_parse (h
, stdin
, &aprep
);
168 printf ("Cannot parse AP-REP from server: %s\n",
169 shishi_strerror (rc
));
173 rc
= shishi_ap_rep_verify_asn1 (ap
, aprep
);
175 printf ("AP-REP verification OK...\n");
178 if (rc
== SHISHI_APREP_VERIFY_FAILED
)
179 printf ("AP-REP verification failed...\n");
181 printf ("AP-REP verification error: %s\n", shishi_strerror (rc
));
185 /* The server is authenticated. */
186 printf ("Server authenticated.\n");
189 /* We are now authenticated. */
190 printf ("User authenticated.\n");
196 main (int argc
, char *argv
[])
203 printf ("sample-client (shishi " SHISHI_VERSION
")\n");
205 if (!shishi_check_version (SHISHI_VERSION
))
207 printf ("shishi_check_version() failed:\n"
208 "Header file incompatible with shared library.\n");
212 rc
= shishi_init (&h
);
215 printf ("error initializing shishi: %s\n", shishi_strerror (rc
));
222 sname
= shishi_server_for_local_service (h
, SERVICE
);
224 ap
= auth (h
, 1, shishi_principal_default (h
), sname
);
227 rc
= doit (h
, ap
, 1);