• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  Diffie-Hellman-Merkle key exchange (server side)
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  */
19 
20 #include "mbedtls/build_info.h"
21 
22 #include "mbedtls/platform.h"
23 
24 #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
25     defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
26     defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \
27     defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \
28     defined(MBEDTLS_SHA1_C)
29 #include "mbedtls/net_sockets.h"
30 #include "mbedtls/aes.h"
31 #include "mbedtls/dhm.h"
32 #include "mbedtls/rsa.h"
33 #include "mbedtls/sha1.h"
34 #include "mbedtls/entropy.h"
35 #include "mbedtls/ctr_drbg.h"
36 
37 #include <stdio.h>
38 #include <string.h>
39 #endif
40 
41 #define SERVER_PORT "11999"
42 #define PLAINTEXT "==Hello there!=="
43 
44 #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) ||     \
45     !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) ||  \
46     !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) ||    \
47     !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
48     !defined(MBEDTLS_SHA1_C)
main(void)49 int main(void)
50 {
51     mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
52                    "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
53                    "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
54                    "MBEDTLS_CTR_DRBG_C not defined.\n");
55     mbedtls_exit(0);
56 }
57 #else
58 
59 
main(void)60 int main(void)
61 {
62     FILE *f;
63 
64     int ret = 1;
65     int exit_code = MBEDTLS_EXIT_FAILURE;
66     size_t n, buflen;
67     mbedtls_net_context listen_fd, client_fd;
68 
69     unsigned char buf[2048];
70     unsigned char hash[32];
71     unsigned char buf2[2];
72     const char *pers = "dh_server";
73 
74     mbedtls_entropy_context entropy;
75     mbedtls_ctr_drbg_context ctr_drbg;
76     mbedtls_rsa_context rsa;
77     mbedtls_dhm_context dhm;
78     mbedtls_aes_context aes;
79 
80     mbedtls_mpi N, P, Q, D, E;
81 
82     mbedtls_net_init(&listen_fd);
83     mbedtls_net_init(&client_fd);
84     mbedtls_dhm_init(&dhm);
85     mbedtls_aes_init(&aes);
86     mbedtls_ctr_drbg_init(&ctr_drbg);
87 
88     mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
89     mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
90 
91     /*
92      * 1. Setup the RNG
93      */
94     mbedtls_printf("\n  . Seeding the random number generator");
95     fflush(stdout);
96 
97     mbedtls_entropy_init(&entropy);
98     if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
99                                      (const unsigned char *) pers,
100                                      strlen(pers))) != 0) {
101         mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
102         goto exit;
103     }
104 
105     /*
106      * 2a. Read the server's private RSA key
107      */
108     mbedtls_printf("\n  . Reading private key from rsa_priv.txt");
109     fflush(stdout);
110 
111     if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
112         mbedtls_printf(" failed\n  ! Could not open rsa_priv.txt\n" \
113                        "  ! Please run rsa_genkey first\n\n");
114         goto exit;
115     }
116 
117     mbedtls_rsa_init(&rsa);
118 
119     if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
120         (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
121         (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
122         (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
123         (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0) {
124         mbedtls_printf(" failed\n  ! mbedtls_mpi_read_file returned %d\n\n",
125                        ret);
126         fclose(f);
127         goto exit;
128     }
129     fclose(f);
130 
131     if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
132         mbedtls_printf(" failed\n  ! mbedtls_rsa_import returned %d\n\n",
133                        ret);
134         goto exit;
135     }
136 
137     if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
138         mbedtls_printf(" failed\n  ! mbedtls_rsa_complete returned %d\n\n",
139                        ret);
140         goto exit;
141     }
142 
143     /*
144      * 2b. Get the DHM modulus and generator
145      */
146     mbedtls_printf("\n  . Reading DH parameters from dh_prime.txt");
147     fflush(stdout);
148 
149     if ((f = fopen("dh_prime.txt", "rb")) == NULL) {
150         mbedtls_printf(" failed\n  ! Could not open dh_prime.txt\n" \
151                        "  ! Please run dh_genprime first\n\n");
152         goto exit;
153     }
154 
155     if (mbedtls_mpi_read_file(&dhm.MBEDTLS_PRIVATE(P), 16, f) != 0 ||
156         mbedtls_mpi_read_file(&dhm.MBEDTLS_PRIVATE(G), 16, f) != 0) {
157         mbedtls_printf(" failed\n  ! Invalid DH parameter file\n\n");
158         fclose(f);
159         goto exit;
160     }
161 
162     fclose(f);
163 
164     /*
165      * 3. Wait for a client to connect
166      */
167     mbedtls_printf("\n  . Waiting for a remote connection");
168     fflush(stdout);
169 
170     if ((ret = mbedtls_net_bind(&listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
171         mbedtls_printf(" failed\n  ! mbedtls_net_bind returned %d\n\n", ret);
172         goto exit;
173     }
174 
175     if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
176                                   NULL, 0, NULL)) != 0) {
177         mbedtls_printf(" failed\n  ! mbedtls_net_accept returned %d\n\n", ret);
178         goto exit;
179     }
180 
181     /*
182      * 4. Setup the DH parameters (P,G,Ys)
183      */
184     mbedtls_printf("\n  . Sending the server's DH parameters");
185     fflush(stdout);
186 
187     memset(buf, 0, sizeof(buf));
188 
189     if ((ret =
190              mbedtls_dhm_make_params(&dhm, (int) mbedtls_mpi_size(&dhm.MBEDTLS_PRIVATE(P)), buf, &n,
191                                      mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
192         mbedtls_printf(" failed\n  ! mbedtls_dhm_make_params returned %d\n\n", ret);
193         goto exit;
194     }
195 
196     /*
197      * 5. Sign the parameters and send them
198      */
199     if ((ret = mbedtls_sha1(buf, n, hash)) != 0) {
200         mbedtls_printf(" failed\n  ! mbedtls_sha1 returned %d\n\n", ret);
201         goto exit;
202     }
203 
204     buf[n] = (unsigned char) (rsa.MBEDTLS_PRIVATE(len) >> 8);
205     buf[n + 1] = (unsigned char) (rsa.MBEDTLS_PRIVATE(len));
206 
207     if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_MD_SHA256,
208                                       32, hash, buf + n + 2)) != 0) {
209         mbedtls_printf(" failed\n  ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret);
210         goto exit;
211     }
212 
213     buflen = n + 2 + rsa.MBEDTLS_PRIVATE(len);
214     buf2[0] = (unsigned char) (buflen >> 8);
215     buf2[1] = (unsigned char) (buflen);
216 
217     if ((ret = mbedtls_net_send(&client_fd, buf2, 2)) != 2 ||
218         (ret = mbedtls_net_send(&client_fd, buf, buflen)) != (int) buflen) {
219         mbedtls_printf(" failed\n  ! mbedtls_net_send returned %d\n\n", ret);
220         goto exit;
221     }
222 
223     /*
224      * 6. Get the client's public value: Yc = G ^ Xc mod P
225      */
226     mbedtls_printf("\n  . Receiving the client's public value");
227     fflush(stdout);
228 
229     memset(buf, 0, sizeof(buf));
230 
231     n = mbedtls_dhm_get_len(&dhm);
232     if ((ret = mbedtls_net_recv(&client_fd, buf, n)) != (int) n) {
233         mbedtls_printf(" failed\n  ! mbedtls_net_recv returned %d\n\n", ret);
234         goto exit;
235     }
236 
237     if ((ret = mbedtls_dhm_read_public(&dhm, buf, n)) != 0) {
238         mbedtls_printf(" failed\n  ! mbedtls_dhm_read_public returned %d\n\n", ret);
239         goto exit;
240     }
241 
242     /*
243      * 7. Derive the shared secret: K = Ys ^ Xc mod P
244      */
245     mbedtls_printf("\n  . Shared secret: ");
246     fflush(stdout);
247 
248     if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n,
249                                        mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
250         mbedtls_printf(" failed\n  ! mbedtls_dhm_calc_secret returned %d\n\n", ret);
251         goto exit;
252     }
253 
254     for (n = 0; n < 16; n++) {
255         mbedtls_printf("%02x", buf[n]);
256     }
257 
258     /*
259      * 8. Setup the AES-256 encryption key
260      *
261      * This is an overly simplified example; best practice is
262      * to hash the shared secret with a random value to derive
263      * the keying material for the encryption/decryption keys
264      * and MACs.
265      */
266     mbedtls_printf("...\n  . Encrypting and sending the ciphertext");
267     fflush(stdout);
268 
269     ret = mbedtls_aes_setkey_enc(&aes, buf, 256);
270     if (ret != 0) {
271         goto exit;
272     }
273     memcpy(buf, PLAINTEXT, 16);
274     ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_ENCRYPT, buf, buf);
275     if (ret != 0) {
276         goto exit;
277     }
278 
279     if ((ret = mbedtls_net_send(&client_fd, buf, 16)) != 16) {
280         mbedtls_printf(" failed\n  ! mbedtls_net_send returned %d\n\n", ret);
281         goto exit;
282     }
283 
284     mbedtls_printf("\n\n");
285 
286     exit_code = MBEDTLS_EXIT_SUCCESS;
287 
288 exit:
289 
290     mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
291     mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
292 
293     mbedtls_net_free(&client_fd);
294     mbedtls_net_free(&listen_fd);
295 
296     mbedtls_aes_free(&aes);
297     mbedtls_rsa_free(&rsa);
298     mbedtls_dhm_free(&dhm);
299     mbedtls_ctr_drbg_free(&ctr_drbg);
300     mbedtls_entropy_free(&entropy);
301 
302     mbedtls_exit(exit_code);
303 }
304 #endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
305           MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
306           MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
307