• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  Diffie-Hellman-Merkle key exchange (client side)
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  */
19 
20 #include "mbedtls/build_info.h"
21 
22 #if defined(MBEDTLS_PLATFORM_C)
23 #include "mbedtls/platform.h"
24 #else
25 #include <stdio.h>
26 #include <stdlib.h>
27 #define mbedtls_printf          printf
28 #define mbedtls_time_t          time_t
29 #define mbedtls_exit            exit
30 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
31 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
32 #endif /* MBEDTLS_PLATFORM_C */
33 
34 #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
35     defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
36     defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \
37     defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \
38     defined(MBEDTLS_SHA1_C)
39 #include "mbedtls/net_sockets.h"
40 #include "mbedtls/aes.h"
41 #include "mbedtls/dhm.h"
42 #include "mbedtls/rsa.h"
43 #include "mbedtls/sha1.h"
44 #include "mbedtls/entropy.h"
45 #include "mbedtls/ctr_drbg.h"
46 
47 #include <stdio.h>
48 #include <string.h>
49 #endif
50 
51 #define SERVER_NAME "localhost"
52 #define SERVER_PORT "11999"
53 
54 #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) ||     \
55     !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) ||  \
56     !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) ||    \
57     !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
58     !defined(MBEDTLS_SHA1_C)
main(void)59 int main( void )
60 {
61     mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
62            "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
63            "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
64            "MBEDTLS_CTR_DRBG_C not defined.\n");
65     mbedtls_exit( 0 );
66 }
67 #else
68 
69 
main(void)70 int main( void )
71 {
72     FILE *f;
73 
74     int ret = 1;
75     int exit_code = MBEDTLS_EXIT_FAILURE;
76     size_t n, buflen;
77     mbedtls_net_context server_fd;
78 
79     unsigned char *p, *end;
80     unsigned char buf[2048];
81     unsigned char hash[32];
82     const char *pers = "dh_client";
83 
84     mbedtls_entropy_context entropy;
85     mbedtls_ctr_drbg_context ctr_drbg;
86     mbedtls_rsa_context rsa;
87     mbedtls_dhm_context dhm;
88     mbedtls_aes_context aes;
89 
90     mbedtls_net_init( &server_fd );
91     mbedtls_dhm_init( &dhm );
92     mbedtls_aes_init( &aes );
93     mbedtls_ctr_drbg_init( &ctr_drbg );
94 
95     /*
96      * 1. Setup the RNG
97      */
98     mbedtls_printf( "\n  . Seeding the random number generator" );
99     fflush( stdout );
100 
101     mbedtls_entropy_init( &entropy );
102     if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
103                                (const unsigned char *) pers,
104                                strlen( pers ) ) ) != 0 )
105     {
106         mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret );
107         goto exit;
108     }
109 
110     /*
111      * 2. Read the server's public RSA key
112      */
113     mbedtls_printf( "\n  . Reading public key from rsa_pub.txt" );
114     fflush( stdout );
115 
116     if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
117     {
118         mbedtls_printf( " failed\n  ! Could not open rsa_pub.txt\n" \
119                 "  ! Please run rsa_genkey first\n\n" );
120         goto exit;
121     }
122 
123     mbedtls_rsa_init( &rsa );
124 
125     if( ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(N), 16, f ) ) != 0 ||
126         ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(E), 16, f ) ) != 0 )
127     {
128         mbedtls_printf( " failed\n  ! mbedtls_mpi_read_file returned %d\n\n", ret );
129         fclose( f );
130         goto exit;
131     }
132 
133     rsa.MBEDTLS_PRIVATE(len) = ( mbedtls_mpi_bitlen( &rsa.MBEDTLS_PRIVATE(N) ) + 7 ) >> 3;
134 
135     fclose( f );
136 
137     /*
138      * 3. Initiate the connection
139      */
140     mbedtls_printf( "\n  . Connecting to tcp/%s/%s", SERVER_NAME,
141                                              SERVER_PORT );
142     fflush( stdout );
143 
144     if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME,
145                                          SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
146     {
147         mbedtls_printf( " failed\n  ! mbedtls_net_connect returned %d\n\n", ret );
148         goto exit;
149     }
150 
151     /*
152      * 4a. First get the buffer length
153      */
154     mbedtls_printf( "\n  . Receiving the server's DH parameters" );
155     fflush( stdout );
156 
157     memset( buf, 0, sizeof( buf ) );
158 
159     if( ( ret = mbedtls_net_recv( &server_fd, buf, 2 ) ) != 2 )
160     {
161         mbedtls_printf( " failed\n  ! mbedtls_net_recv returned %d\n\n", ret );
162         goto exit;
163     }
164 
165     n = buflen = ( buf[0] << 8 ) | buf[1];
166     if( buflen < 1 || buflen > sizeof( buf ) )
167     {
168         mbedtls_printf( " failed\n  ! Got an invalid buffer length\n\n" );
169         goto exit;
170     }
171 
172     /*
173      * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P
174      */
175     memset( buf, 0, sizeof( buf ) );
176 
177     if( ( ret = mbedtls_net_recv( &server_fd, buf, n ) ) != (int) n )
178     {
179         mbedtls_printf( " failed\n  ! mbedtls_net_recv returned %d\n\n", ret );
180         goto exit;
181     }
182 
183     p = buf, end = buf + buflen;
184 
185     if( ( ret = mbedtls_dhm_read_params( &dhm, &p, end ) ) != 0 )
186     {
187         mbedtls_printf( " failed\n  ! mbedtls_dhm_read_params returned %d\n\n", ret );
188         goto exit;
189     }
190 
191     n = mbedtls_dhm_get_len( &dhm );
192     if( n < 64 || n > 512 )
193     {
194         mbedtls_printf( " failed\n  ! Invalid DHM modulus size\n\n" );
195         goto exit;
196     }
197 
198     /*
199      * 5. Check that the server's RSA signature matches
200      *    the SHA-256 hash of (P,G,Ys)
201      */
202     mbedtls_printf( "\n  . Verifying the server's RSA signature" );
203     fflush( stdout );
204 
205     p += 2;
206 
207     if( ( n = (size_t) ( end - p ) ) != rsa.MBEDTLS_PRIVATE(len) )
208     {
209         mbedtls_printf( " failed\n  ! Invalid RSA signature size\n\n" );
210         goto exit;
211     }
212 
213     if( ( ret = mbedtls_sha1( buf, (int)( p - 2 - buf ), hash ) ) != 0 )
214     {
215         mbedtls_printf( " failed\n  ! mbedtls_sha1 returned %d\n\n", ret );
216         goto exit;
217     }
218 
219     if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256,
220                                           32, hash, p ) ) != 0 )
221     {
222         mbedtls_printf( " failed\n  ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret );
223         goto exit;
224     }
225 
226     /*
227      * 6. Send our public value: Yc = G ^ Xc mod P
228      */
229     mbedtls_printf( "\n  . Sending own public value to server" );
230     fflush( stdout );
231 
232     n = mbedtls_dhm_get_len( &dhm );
233     if( ( ret = mbedtls_dhm_make_public( &dhm, (int) n, buf, n,
234                                  mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
235     {
236         mbedtls_printf( " failed\n  ! mbedtls_dhm_make_public returned %d\n\n", ret );
237         goto exit;
238     }
239 
240     if( ( ret = mbedtls_net_send( &server_fd, buf, n ) ) != (int) n )
241     {
242         mbedtls_printf( " failed\n  ! mbedtls_net_send returned %d\n\n", ret );
243         goto exit;
244     }
245 
246     /*
247      * 7. Derive the shared secret: K = Ys ^ Xc mod P
248      */
249     mbedtls_printf( "\n  . Shared secret: " );
250     fflush( stdout );
251 
252     if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n,
253                                  mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
254     {
255         mbedtls_printf( " failed\n  ! mbedtls_dhm_calc_secret returned %d\n\n", ret );
256         goto exit;
257     }
258 
259     for( n = 0; n < 16; n++ )
260         mbedtls_printf( "%02x", buf[n] );
261 
262     /*
263      * 8. Setup the AES-256 decryption key
264      *
265      * This is an overly simplified example; best practice is
266      * to hash the shared secret with a random value to derive
267      * the keying material for the encryption/decryption keys,
268      * IVs and MACs.
269      */
270     mbedtls_printf( "...\n  . Receiving and decrypting the ciphertext" );
271     fflush( stdout );
272 
273     ret = mbedtls_aes_setkey_dec( &aes, buf, 256 );
274     if( ret != 0 )
275         goto exit;
276 
277     memset( buf, 0, sizeof( buf ) );
278 
279     if( ( ret = mbedtls_net_recv( &server_fd, buf, 16 ) ) != 16 )
280     {
281         mbedtls_printf( " failed\n  ! mbedtls_net_recv returned %d\n\n", ret );
282         goto exit;
283     }
284 
285     ret = mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf );
286     if( ret != 0 )
287         goto exit;
288     buf[16] = '\0';
289     mbedtls_printf( "\n  . Plaintext is \"%s\"\n\n", (char *) buf );
290 
291     exit_code = MBEDTLS_EXIT_SUCCESS;
292 
293 exit:
294 
295     mbedtls_net_free( &server_fd );
296 
297     mbedtls_aes_free( &aes );
298     mbedtls_rsa_free( &rsa );
299     mbedtls_dhm_free( &dhm );
300     mbedtls_ctr_drbg_free( &ctr_drbg );
301     mbedtls_entropy_free( &entropy );
302 
303 #if defined(_WIN32)
304     mbedtls_printf( "  + Press Enter to exit this program.\n" );
305     fflush( stdout ); getchar();
306 #endif
307 
308     mbedtls_exit( exit_code );
309 }
310 #endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
311           MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
312           MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
313