Assignment 4 revised: 9/10/06 Assigned: 9/12/06 Due: 6:00pm 9/23/06 Objective: hash and hmac to the ncp client Points: 30 Description: Modify the client program ncp.c in ~dunigan/cns06/ncp/ Add a stronger user authenticator, message authenticator, and timeliness check (anti-replay). Make the following changes: -fix any coding vulnerabilities (stupid strcpy() etc) Dont' change the command-line logic. -instead of passing the password in the clear, hash (MD5) the current time (time(0) 4 bytes in network byte order) with the password (don't include the null) and copy the resulting 16-byte hash (binary data) into the user_authenticator of the Pkt (see ncp.h) Use the MD5 from the openssl library. -add code to verify the user_authenticator in the packet received back from the server. The server will use the password secret06 and same algorithm as above to build the user_authenticator it sends to your client. If user_authenticator is bad, print a message and exit. -add an HMAC using the openssl HMAC() function and with SHA-1 and the key hmackey06 Careful, the output of HMAC() (binary data) wants a buffer of at least EVP_MAX_MD_SIZE bytes. Don't do the HMAC til all the other fields have been set. Preset the msg_authenticator to 0 before doing the HMAC over the entire Pkt structure memcpy() the first HMAC_LEN (ncp.h) bytes of the HMAC result into msg_authenticator and send the packet. -Verify the msg_authenticator in the Pkt returned by the server. Copy the packet's hmac to a temp, then zero the msg_authenticator in the packet from the server, then do the HMAC over the server's packet and compare HMAC_LEN bytes from the HMAC you just did with the hmac you saved in the temp. If the HMAC's don't match, print an error message and exit. -verify that the secs field of the packet is "fresh" -- e.g., within TIME_WINDOW seconds of the current time(0) value. Print an error message and exit if message is not timely. -if you don't get a Pkt type of OK from the server packet, then also print out the message type and string in data[] -instrument your client to print out the first byte of the msg_authenticator and user_authenticator in both incoming and outgoing packets. Print using "%02x" with informative labels. You must test your client with the server running on whisper. The server is running on port 4321 Your test results must include an ncp to and from whisper. Include in your ANSWERS file the first-byte authenticator values, and the value of the data[] field in the response packet you get back from whisper. whisper will only accept write's to a file called out.tmp and read's from a file called in.tmp. You must use the password secret06 Examples ncp 4321 secret06 myfile.dat whisper:out.tmp ncp 4321 secret06 whisper:in.tmp my.tmp Note: the user_authenticator and msg_authenticator should be valid from the server on whisper, so check your logic/coding if you are getting error codes (not OK) back from the server. For your own testing, you may wish to modify ncpd.c to work with your client ncp.c, but the server program will not be graded. Your client program must work with the server on whisper.cs.utk.edu You will add to this code in assignments 7 and 8! Don't forget to add some documentation to your ncp.c, see the class policy web page for details. Place your ANSWERS and source files, Makefile, etc. in a directory and use 594cns_submit to submit your results to the TA. Your Makefile should include a "clean" option.