xref: /netbsd-src/crypto/external/bsd/netpgp/dist/src/libpaa/server.c (revision 9e52ba5c80fd6488b521dba802d2f376b8d129c2)
13fb45f3cSagc /*-
23fb45f3cSagc  * Copyright (c) 2010 Alistair Crooks <agc@NetBSD.org>
33fb45f3cSagc  * All rights reserved.
43fb45f3cSagc  *
53fb45f3cSagc  * Redistribution and use in source and binary forms, with or without
63fb45f3cSagc  * modification, are permitted provided that the following conditions
73fb45f3cSagc  * are met:
83fb45f3cSagc  * 1. Redistributions of source code must retain the above copyright
93fb45f3cSagc  *    notice, this list of conditions and the following disclaimer.
103fb45f3cSagc  * 2. Redistributions in binary form must reproduce the above copyright
113fb45f3cSagc  *    notice, this list of conditions and the following disclaimer in the
123fb45f3cSagc  *    documentation and/or other materials provided with the distribution.
133fb45f3cSagc  *
143fb45f3cSagc  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
153fb45f3cSagc  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
163fb45f3cSagc  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
173fb45f3cSagc  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
183fb45f3cSagc  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
193fb45f3cSagc  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
203fb45f3cSagc  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
213fb45f3cSagc  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
223fb45f3cSagc  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
233fb45f3cSagc  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
243fb45f3cSagc  */
253fb45f3cSagc #include <sys/types.h>
263fb45f3cSagc 
273fb45f3cSagc #include <netdb.h>
283fb45f3cSagc 
293fb45f3cSagc #include <netpgp.h>
303fb45f3cSagc #include <regex.h>
313fb45f3cSagc #include <sha1.h>
323fb45f3cSagc #include <stdio.h>
333fb45f3cSagc #include <stdlib.h>
343fb45f3cSagc #include <string.h>
353fb45f3cSagc #include <time.h>
363fb45f3cSagc #include <unistd.h>
373fb45f3cSagc 
383fb45f3cSagc #include "libpaa.h"
393fb45f3cSagc 
403fb45f3cSagc #define DEFAULT_HASH_ALG "SHA256"
413fb45f3cSagc 
423fb45f3cSagc int
main(int argc,char ** argv)433fb45f3cSagc main(int argc, char **argv)
443fb45f3cSagc {
453fb45f3cSagc 	paa_server_info_t	server;
463fb45f3cSagc 	paa_challenge_t		challenge;
473fb45f3cSagc 	paa_identity_t		id;
483fb45f3cSagc 	netpgp_t		netpgp;
493fb45f3cSagc 	char			buf[2048];
503fb45f3cSagc 	int			secretc;
513fb45f3cSagc 	int			cc;
523fb45f3cSagc 	int			i;
533fb45f3cSagc 
543fb45f3cSagc 	(void) memset(&server, 0x0, sizeof(server));
553fb45f3cSagc 	(void) memset(&challenge, 0x0, sizeof(challenge));
563fb45f3cSagc 	(void) memset(&id, 0x0, sizeof(id));
573fb45f3cSagc 	(void) memset(&netpgp, 0x0, sizeof(netpgp));
583fb45f3cSagc 	secretc = 64;
593fb45f3cSagc 	while ((i = getopt(argc, argv, "S:c:d:r:u:")) != -1) {
603fb45f3cSagc 		switch(i) {
613fb45f3cSagc 		case 'S':
623fb45f3cSagc 			netpgp_setvar(&netpgp, "ssh keys", "1");
633fb45f3cSagc 			netpgp_setvar(&netpgp, "sshkeyfile", optarg);
643fb45f3cSagc 			break;
653fb45f3cSagc 		case 'c':
663fb45f3cSagc 			secretc = atoi(optarg);
673fb45f3cSagc 			break;
683fb45f3cSagc 		case 'd':
693fb45f3cSagc 			challenge.domain = optarg;
703fb45f3cSagc 			break;
713fb45f3cSagc 		case 'r':
723fb45f3cSagc 			challenge.realm = optarg;
733fb45f3cSagc 			break;
743fb45f3cSagc 		case 'u':
753fb45f3cSagc 			netpgp_setvar(&netpgp, "userid", optarg);
763fb45f3cSagc 			break;
773fb45f3cSagc 		}
783fb45f3cSagc 	}
793fb45f3cSagc 	netpgp_setvar(&netpgp, "hash", DEFAULT_HASH_ALG);
803fb45f3cSagc 	netpgp_setvar(&netpgp, "need seckey", "1");
813fb45f3cSagc 	netpgp_setvar(&netpgp, "need userid", "1");
823fb45f3cSagc 	netpgp_set_homedir(&netpgp, getenv("HOME"),
833fb45f3cSagc 			netpgp_getvar(&netpgp, "ssh keys") ? "/.ssh" : "/.gnupg", 1);
843fb45f3cSagc 	if (!netpgp_init(&netpgp)) {
853fb45f3cSagc 		(void) fprintf(stderr, "can't initialise netpgp\n");
863fb45f3cSagc 		exit(EXIT_FAILURE);
873fb45f3cSagc 	}
883fb45f3cSagc 	if (!paa_server_init(&server, secretc)) {
893fb45f3cSagc 		(void) fprintf(stderr, "can't initialise paa server\n");
903fb45f3cSagc 		exit(EXIT_FAILURE);
913fb45f3cSagc 	}
923fb45f3cSagc 	/* format the challenge */
933fb45f3cSagc 	cc = paa_format_challenge(&challenge, &server, buf, sizeof(buf));
943fb45f3cSagc 	/* write challenge to temp file */
953fb45f3cSagc 	paa_write_file("challenge", buf, cc);
963fb45f3cSagc 	/* get the client to authenticate via paa, writing to temp response file */
97*9e52ba5cSagc 	system("client/paaclient -r authentication@bigco.com < challenge > response");
983fb45f3cSagc 	/* read in response */
993fb45f3cSagc 	cc = paa_read_file("response", buf, sizeof(buf));
1003fb45f3cSagc 	if (!paa_check_response(&challenge, &id, &netpgp, buf)) {
1013fb45f3cSagc 		(void) fprintf(stderr, "server: paa_check failed\n");
1023fb45f3cSagc 		exit(EXIT_FAILURE);
1033fb45f3cSagc 	}
1043fb45f3cSagc 	printf("paa_check_response verified challenge: signature authenticated:\n");
1053fb45f3cSagc 	paa_print_identity(stdout, &id);
1063fb45f3cSagc 	printf("Changing buf[%d] from '%c' to '%c'\n", cc / 2, buf[cc / 2], buf[cc / 2] - 1);
1073fb45f3cSagc 	buf[cc / 2] = buf[cc / 2] - 1;
1083fb45f3cSagc 	if (paa_check_response(&challenge, &id, &netpgp, buf)) {
1093fb45f3cSagc 		(void) fprintf(stderr, "server: unexpected paa_check pass\n");
1103fb45f3cSagc 		exit(EXIT_FAILURE);
1113fb45f3cSagc 	}
1123fb45f3cSagc 	printf("paa_check_response verified challenge: signature not authenticated:\n");
1133fb45f3cSagc 	exit(EXIT_SUCCESS);
1143fb45f3cSagc }
115