added documentation
parent
d6be151bbc
commit
4f10717fa9
|
@ -0,0 +1,25 @@
|
||||||
|
Copyright (c) 2010, Tom Cocagne
|
||||||
|
All rights reserved.
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
modification, are permitted provided that the following conditions are met:
|
||||||
|
* Redistributions of source code must retain the above copyright
|
||||||
|
notice, this list of conditions and the following disclaimer.
|
||||||
|
* Redistributions in binary form must reproduce the above copyright
|
||||||
|
notice, this list of conditions and the following disclaimer in the
|
||||||
|
documentation and/or other materials provided with the distribution.
|
||||||
|
* Neither the name of the Python Software Foundation nor the
|
||||||
|
names of its contributors may be used to endorse or promote products
|
||||||
|
derived from this software without specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||||
|
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||||
|
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||||
|
DISCLAIMED. IN NO EVENT SHALL TOM COCAGNE BE LIABLE FOR ANY
|
||||||
|
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||||
|
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||||
|
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
||||||
|
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||||
|
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
*** OVERVIEW ***
|
||||||
|
|
||||||
|
This library is a straight-forward implementation of the Secure Remote Password
|
||||||
|
protocol version 6a as defined at http://srp.stanford.edu. The API documentation
|
||||||
|
is a little light but it's really just a direct C function for each step in the
|
||||||
|
SRP protocol. The easiest way to learn the library is to simply follow the
|
||||||
|
steps in "example.c"
|
||||||
|
|
||||||
|
There is a compatible Python module at http://code.google.com/p/pysrp that
|
||||||
|
contains complete, user-friendly API documentation. As this library serves
|
||||||
|
as the basis for the C-extension module for pysrp, the APIs are very simmilar
|
||||||
|
so the pysrp documentation is a good reference for understanding this package.
|
||||||
|
|
||||||
|
*** USAGE ***
|
||||||
|
|
||||||
|
While it is certainly possile to create a shared library form of this packge,
|
||||||
|
it's really intended for direct inclusion into the source of using applications.
|
||||||
|
The only dependency srp.c has is on the OpenSSL library.
|
||||||
|
|
||||||
|
*** Compiling the example and test code ***
|
||||||
|
|
||||||
|
gcc -o srp_example example.c -lssl
|
||||||
|
gcc -o test_srp test_srp.c -lssl
|
|
@ -0,0 +1,99 @@
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
#include "srp.h"
|
||||||
|
|
||||||
|
|
||||||
|
int main( int argc, char * argv[] )
|
||||||
|
{
|
||||||
|
int auth_failed = 1;
|
||||||
|
|
||||||
|
struct SRPVerifier * ver;
|
||||||
|
struct SRPUser * usr;
|
||||||
|
|
||||||
|
const unsigned char * bytes_s = 0;
|
||||||
|
const unsigned char * bytes_v = 0;
|
||||||
|
const unsigned char * bytes_A = 0;
|
||||||
|
const unsigned char * bytes_B = 0;
|
||||||
|
|
||||||
|
const unsigned char * bytes_M = 0;
|
||||||
|
const unsigned char * bytes_HAMK = 0;
|
||||||
|
|
||||||
|
int len_s = 0;
|
||||||
|
int len_v = 0;
|
||||||
|
int len_A = 0;
|
||||||
|
int len_B = 0;
|
||||||
|
int len_M = 0;
|
||||||
|
|
||||||
|
const char * username = "testuser";
|
||||||
|
const char * password = "password";
|
||||||
|
|
||||||
|
const char * auth_username = 0;
|
||||||
|
|
||||||
|
SRP_HashAlgorithm alg = SRP_SHA1;
|
||||||
|
SRP_NGType ng_type = SRP_NG_2048;
|
||||||
|
|
||||||
|
/* Create a salt+verification key for the user's password. The salt and
|
||||||
|
* key need to be computed at the time the user's password is set and
|
||||||
|
* must be stored by the server-side application for use during the
|
||||||
|
* authentication process.
|
||||||
|
*/
|
||||||
|
srp_create_salted_verification_key( alg, ng_type, username,
|
||||||
|
(const unsigned char *)password,
|
||||||
|
strlen(password),
|
||||||
|
&bytes_s, &len_s,
|
||||||
|
&bytes_v, &len_v,
|
||||||
|
NULL, NULL );
|
||||||
|
|
||||||
|
/* Begin authentication process */
|
||||||
|
usr = srp_user_new( alg, ng_type, username,
|
||||||
|
(const unsigned char *)password,
|
||||||
|
strlen(password), NULL, NULL );
|
||||||
|
|
||||||
|
srp_user_start_authentication( usr, &auth_username, &bytes_A, &len_A );
|
||||||
|
|
||||||
|
/* User -> Host: (username, bytes_A) */
|
||||||
|
ver = srp_verifier_new( alg, ng_type, username, bytes_s, len_s, bytes_v, len_v,
|
||||||
|
bytes_A, len_A, & bytes_B, &len_B, NULL, NULL );
|
||||||
|
|
||||||
|
if ( !bytes_B ) {
|
||||||
|
printf("Verifier SRP-6a safety check violated!\n");
|
||||||
|
goto auth_failed;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Host -> User: (bytes_s, bytes_B) */
|
||||||
|
srp_user_process_challenge( usr, bytes_s, len_s, bytes_B, len_B, &bytes_M, &len_M );
|
||||||
|
|
||||||
|
if ( !bytes_M ) {
|
||||||
|
printf("User SRP-6a safety check violation!\n");
|
||||||
|
goto auth_failed;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* User -> Host: (bytes_M) */
|
||||||
|
srp_verifier_verify_session( ver, bytes_M, &bytes_HAMK );
|
||||||
|
|
||||||
|
if ( !bytes_HAMK ) {
|
||||||
|
printf("User authentication failed!\n");
|
||||||
|
goto auth_failed;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Host -> User: (HAMK) */
|
||||||
|
srp_user_verify_session( usr, bytes_HAMK );
|
||||||
|
|
||||||
|
if ( !srp_user_is_authenticated(usr) ) {
|
||||||
|
printf("Server authentication failed!\n");
|
||||||
|
goto auth_failed;
|
||||||
|
}
|
||||||
|
|
||||||
|
auth_failed = 0; /* auth success! */
|
||||||
|
|
||||||
|
auth_failed:
|
||||||
|
srp_verifier_delete( ver );
|
||||||
|
srp_user_delete( usr );
|
||||||
|
|
||||||
|
free( (char *)bytes_s );
|
||||||
|
free( (char *)bytes_v );
|
||||||
|
|
||||||
|
return auth_failed;
|
||||||
|
}
|
Loading…
Reference in New Issue