Blame - programs/pkey/dh_client.c - mirror/mbed-tls

blob: 599e806a5ebbbcc6d9bf6f2c43d925a38aca2949 [file] [log] [blame]

Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	1	/*
				2	* Diffie-Hellman-Merkle key exchange (client side)
				3	*
Paul Bakker	77b385e	2009-07-28 17:23:11 +0000	[diff] [blame^]	4	* Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
				5	* All rights reserved.
Paul Bakker	e0ccd0a	2009-01-04 16:27:10 +0000	[diff] [blame]	6	*
Paul Bakker	77b385e	2009-07-28 17:23:11 +0000	[diff] [blame^]	7	* Joined copyright on original XySSL code with: Christophe Devine
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	8	*
				9	* This program is free software; you can redistribute it and/or modify
				10	* it under the terms of the GNU General Public License as published by
				11	* the Free Software Foundation; either version 2 of the License, or
				12	* (at your option) any later version.
				13	*
				14	* This program is distributed in the hope that it will be useful,
				15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				17	* GNU General Public License for more details.
				18	*
				19	* You should have received a copy of the GNU General Public License along
				20	* with this program; if not, write to the Free Software Foundation, Inc.,
				21	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				22	*/
				23
				24	#ifndef _CRT_SECURE_NO_DEPRECATE
				25	#define _CRT_SECURE_NO_DEPRECATE 1
				26	#endif
				27
				28	#include <string.h>
				29	#include <stdio.h>
				30
Paul Bakker	40e4694	2009-01-03 21:51:57 +0000	[diff] [blame]	31	#include "polarssl/net.h"
				32	#include "polarssl/aes.h"
				33	#include "polarssl/dhm.h"
				34	#include "polarssl/rsa.h"
				35	#include "polarssl/sha1.h"
				36	#include "polarssl/havege.h"
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	37
				38	#define SERVER_NAME "localhost"
				39	#define SERVER_PORT 11999
				40
				41	int main( void )
				42	{
				43	FILE *f;
				44
				45	int ret, n, buflen;
				46	int server_fd = -1;
				47
				48	unsigned char p, end;
				49	unsigned char buf[1024];
				50	unsigned char hash[20];
				51
				52	havege_state hs;
				53	rsa_context rsa;
				54	dhm_context dhm;
				55	aes_context aes;
				56
				57	memset( &rsa, 0, sizeof( rsa ) );
				58	memset( &dhm, 0, sizeof( dhm ) );
				59
				60	/*
				61	* 1. Setup the RNG
				62	*/
				63	printf( "\n . Seeding the random number generator" );
				64	fflush( stdout );
				65
				66	havege_init( &hs );
				67
				68	/*
				69	* 2. Read the server's public RSA key
				70	*/
				71	printf( "\n . Reading public key from rsa_pub.txt" );
				72	fflush( stdout );
				73
				74	if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
				75	{
				76	ret = 1;
				77	printf( " failed\n ! Could not open rsa_pub.txt\n" \
				78	" ! Please run rsa_genkey first\n\n" );
				79	goto exit;
				80	}
				81
				82	rsa_init( &rsa, RSA_PKCS_V15, 0, NULL, NULL );
				83
				84	if( ( ret = mpi_read_file( &rsa.N, 16, f ) ) != 0 \|\|
				85	( ret = mpi_read_file( &rsa.E, 16, f ) ) != 0 )
				86	{
				87	printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
				88	goto exit;
				89	}
				90
				91	rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3;
				92
				93	fclose( f );
				94
				95	/*
				96	* 3. Initiate the connection
				97	*/
				98	printf( "\n . Connecting to tcp/%s/%d", SERVER_NAME,
				99	SERVER_PORT );
				100	fflush( stdout );
				101
				102	if( ( ret = net_connect( &server_fd, SERVER_NAME,
				103	SERVER_PORT ) ) != 0 )
				104	{
				105	printf( " failed\n ! net_connect returned %d\n\n", ret );
				106	goto exit;
				107	}
				108
				109	/*
				110	* 4a. First get the buffer length
				111	*/
				112	printf( "\n . Receiving the server's DH parameters" );
				113	fflush( stdout );
				114
				115	memset( buf, 0, sizeof( buf ) );
				116
				117	if( ( ret = net_recv( &server_fd, buf, 2 ) ) != 2 )
				118	{
				119	printf( " failed\n ! net_recv returned %d\n\n", ret );
				120	goto exit;
				121	}
				122
				123	n = buflen = ( buf[0] << 8 ) \| buf[1];
				124	if( buflen < 1 \|\| buflen > (int) sizeof( buf ) )
				125	{
				126	printf( " failed\n ! Got an invalid buffer length\n\n" );
				127	goto exit;
				128	}
				129
				130	/*
				131	* 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P
				132	*/
				133	memset( buf, 0, sizeof( buf ) );
				134
				135	if( ( ret = net_recv( &server_fd, buf, n ) ) != n )
				136	{
				137	printf( " failed\n ! net_recv returned %d\n\n", ret );
				138	goto exit;
				139	}
				140
				141	p = buf, end = buf + buflen;
				142
				143	if( ( ret = dhm_read_params( &dhm, &p, end ) ) != 0 )
				144	{
				145	printf( " failed\n ! dhm_read_params returned %d\n\n", ret );
				146	goto exit;
				147	}
				148
				149	if( dhm.len < 64 \|\| dhm.len > 256 )
				150	{
				151	ret = 1;
				152	printf( " failed\n ! Invalid DHM modulus size\n\n" );
				153	goto exit;
				154	}
				155
				156	/*
				157	* 5. Check that the server's RSA signature matches
				158	* the SHA-1 hash of (P,G,Ys)
				159	*/
				160	printf( "\n . Verifying the server's RSA signature" );
				161	fflush( stdout );
				162
				163	if( ( n = (int)( end - p ) ) != rsa.len )
				164	{
				165	ret = 1;
				166	printf( " failed\n ! Invalid RSA signature size\n\n" );
				167	goto exit;
				168	}
				169
				170	sha1( buf, (int)( p - 2 - buf ), hash );
				171
Paul Bakker	4593aea	2009-02-09 22:32:35 +0000	[diff] [blame]	172	if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1,
Paul Bakker	5121ce5	2009-01-03 21:22:43 +0000	[diff] [blame]	173	0, hash, p ) ) != 0 )
				174	{
				175	printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret );
				176	goto exit;
				177	}
				178
				179	/*
				180	* 6. Send our public value: Yc = G ^ Xc mod P
				181	*/
				182	printf( "\n . Sending own public value to server" );
				183	fflush( stdout );
				184
				185	n = dhm.len;
				186	if( ( ret = dhm_make_public( &dhm, 256, buf, n,
				187	havege_rand, &hs ) ) != 0 )
				188	{
				189	printf( " failed\n ! dhm_make_public returned %d\n\n", ret );
				190	goto exit;
				191	}
				192
				193	if( ( ret = net_send( &server_fd, buf, n ) ) != n )
				194	{
				195	printf( " failed\n ! net_send returned %d\n\n", ret );
				196	goto exit;
				197	}
				198
				199	/*
				200	* 7. Derive the shared secret: K = Ys ^ Xc mod P
				201	*/
				202	printf( "\n . Shared secret: " );
				203	fflush( stdout );
				204
				205	n = dhm.len;
				206	if( ( ret = dhm_calc_secret( &dhm, buf, &n ) ) != 0 )
				207	{
				208	printf( " failed\n ! dhm_calc_secret returned %d\n\n", ret );
				209	goto exit;
				210	}
				211
				212	for( n = 0; n < 16; n++ )
				213	printf( "%02x", buf[n] );
				214
				215	/*
				216	* 8. Setup the AES-256 decryption key
				217	*
				218	* This is an overly simplified example; best practice is
				219	* to hash the shared secret with a random value to derive
				220	* the keying material for the encryption/decryption keys,
				221	* IVs and MACs.
				222	*/
				223	printf( "...\n . Receiving and decrypting the ciphertext" );
				224	fflush( stdout );
				225
				226	aes_setkey_dec( &aes, buf, 256 );
				227
				228	memset( buf, 0, sizeof( buf ) );
				229
				230	if( ( ret = net_recv( &server_fd, buf, 16 ) ) != 16 )
				231	{
				232	printf( " failed\n ! net_recv returned %d\n\n", ret );
				233	goto exit;
				234	}
				235
				236	aes_crypt_ecb( &aes, AES_DECRYPT, buf, buf );
				237	buf[16] = '\0';
				238	printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf );
				239
				240	exit:
				241
				242	net_close( server_fd );
				243	rsa_free( &rsa );
				244	dhm_free( &dhm );
				245
				246	#ifdef WIN32
				247	printf( " + Press Enter to exit this program.\n" );
				248	fflush( stdout ); getchar();
				249	#endif
				250
				251	return( ret );
				252	}