blob: 40fee6e0613879b0dd4285f5fdea0d7d28758ca8 [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +00001/*
2 * Diffie-Hellman-Merkle key exchange (client side)
3 *
Paul Bakkerfc8c4362010-03-21 17:37:16 +00004 * Copyright (C) 2006-2010, Paul Bakker <polarssl_maintainer at polarssl.org>
Paul Bakker77b385e2009-07-28 17:23:11 +00005 * All rights reserved.
Paul Bakkere0ccd0a2009-01-04 16:27:10 +00006 *
Paul Bakker5121ce52009-01-03 21:22:43 +00007 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 */
21
22#ifndef _CRT_SECURE_NO_DEPRECATE
23#define _CRT_SECURE_NO_DEPRECATE 1
24#endif
25
26#include <string.h>
27#include <stdio.h>
28
Paul Bakker40e46942009-01-03 21:51:57 +000029#include "polarssl/net.h"
30#include "polarssl/aes.h"
31#include "polarssl/dhm.h"
32#include "polarssl/rsa.h"
33#include "polarssl/sha1.h"
34#include "polarssl/havege.h"
Paul Bakker5121ce52009-01-03 21:22:43 +000035
36#define SERVER_NAME "localhost"
37#define SERVER_PORT 11999
38
39int main( void )
40{
41 FILE *f;
42
43 int ret, n, buflen;
44 int server_fd = -1;
45
46 unsigned char *p, *end;
47 unsigned char buf[1024];
48 unsigned char hash[20];
49
50 havege_state hs;
51 rsa_context rsa;
52 dhm_context dhm;
53 aes_context aes;
54
55 memset( &rsa, 0, sizeof( rsa ) );
56 memset( &dhm, 0, sizeof( dhm ) );
57
58 /*
59 * 1. Setup the RNG
60 */
61 printf( "\n . Seeding the random number generator" );
62 fflush( stdout );
63
64 havege_init( &hs );
65
66 /*
67 * 2. Read the server's public RSA key
68 */
69 printf( "\n . Reading public key from rsa_pub.txt" );
70 fflush( stdout );
71
72 if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
73 {
74 ret = 1;
75 printf( " failed\n ! Could not open rsa_pub.txt\n" \
76 " ! Please run rsa_genkey first\n\n" );
77 goto exit;
78 }
79
80 rsa_init( &rsa, RSA_PKCS_V15, 0, NULL, NULL );
81
82 if( ( ret = mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
83 ( ret = mpi_read_file( &rsa.E, 16, f ) ) != 0 )
84 {
85 printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
86 goto exit;
87 }
88
89 rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3;
90
91 fclose( f );
92
93 /*
94 * 3. Initiate the connection
95 */
96 printf( "\n . Connecting to tcp/%s/%d", SERVER_NAME,
97 SERVER_PORT );
98 fflush( stdout );
99
100 if( ( ret = net_connect( &server_fd, SERVER_NAME,
101 SERVER_PORT ) ) != 0 )
102 {
103 printf( " failed\n ! net_connect returned %d\n\n", ret );
104 goto exit;
105 }
106
107 /*
108 * 4a. First get the buffer length
109 */
110 printf( "\n . Receiving the server's DH parameters" );
111 fflush( stdout );
112
113 memset( buf, 0, sizeof( buf ) );
114
115 if( ( ret = net_recv( &server_fd, buf, 2 ) ) != 2 )
116 {
117 printf( " failed\n ! net_recv returned %d\n\n", ret );
118 goto exit;
119 }
120
121 n = buflen = ( buf[0] << 8 ) | buf[1];
122 if( buflen < 1 || buflen > (int) sizeof( buf ) )
123 {
124 printf( " failed\n ! Got an invalid buffer length\n\n" );
125 goto exit;
126 }
127
128 /*
129 * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P
130 */
131 memset( buf, 0, sizeof( buf ) );
132
133 if( ( ret = net_recv( &server_fd, buf, n ) ) != n )
134 {
135 printf( " failed\n ! net_recv returned %d\n\n", ret );
136 goto exit;
137 }
138
139 p = buf, end = buf + buflen;
140
141 if( ( ret = dhm_read_params( &dhm, &p, end ) ) != 0 )
142 {
143 printf( " failed\n ! dhm_read_params returned %d\n\n", ret );
144 goto exit;
145 }
146
147 if( dhm.len < 64 || dhm.len > 256 )
148 {
149 ret = 1;
150 printf( " failed\n ! Invalid DHM modulus size\n\n" );
151 goto exit;
152 }
153
154 /*
155 * 5. Check that the server's RSA signature matches
156 * the SHA-1 hash of (P,G,Ys)
157 */
158 printf( "\n . Verifying the server's RSA signature" );
159 fflush( stdout );
160
161 if( ( n = (int)( end - p ) ) != rsa.len )
162 {
163 ret = 1;
164 printf( " failed\n ! Invalid RSA signature size\n\n" );
165 goto exit;
166 }
167
168 sha1( buf, (int)( p - 2 - buf ), hash );
169
Paul Bakker4593aea2009-02-09 22:32:35 +0000170 if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1,
Paul Bakker5121ce52009-01-03 21:22:43 +0000171 0, hash, p ) ) != 0 )
172 {
173 printf( " failed\n ! rsa_pkcs1_verify returned %d\n\n", ret );
174 goto exit;
175 }
176
177 /*
178 * 6. Send our public value: Yc = G ^ Xc mod P
179 */
180 printf( "\n . Sending own public value to server" );
181 fflush( stdout );
182
183 n = dhm.len;
184 if( ( ret = dhm_make_public( &dhm, 256, buf, n,
185 havege_rand, &hs ) ) != 0 )
186 {
187 printf( " failed\n ! dhm_make_public returned %d\n\n", ret );
188 goto exit;
189 }
190
191 if( ( ret = net_send( &server_fd, buf, n ) ) != n )
192 {
193 printf( " failed\n ! net_send returned %d\n\n", ret );
194 goto exit;
195 }
196
197 /*
198 * 7. Derive the shared secret: K = Ys ^ Xc mod P
199 */
200 printf( "\n . Shared secret: " );
201 fflush( stdout );
202
203 n = dhm.len;
204 if( ( ret = dhm_calc_secret( &dhm, buf, &n ) ) != 0 )
205 {
206 printf( " failed\n ! dhm_calc_secret returned %d\n\n", ret );
207 goto exit;
208 }
209
210 for( n = 0; n < 16; n++ )
211 printf( "%02x", buf[n] );
212
213 /*
214 * 8. Setup the AES-256 decryption key
215 *
216 * This is an overly simplified example; best practice is
217 * to hash the shared secret with a random value to derive
218 * the keying material for the encryption/decryption keys,
219 * IVs and MACs.
220 */
221 printf( "...\n . Receiving and decrypting the ciphertext" );
222 fflush( stdout );
223
224 aes_setkey_dec( &aes, buf, 256 );
225
226 memset( buf, 0, sizeof( buf ) );
227
228 if( ( ret = net_recv( &server_fd, buf, 16 ) ) != 16 )
229 {
230 printf( " failed\n ! net_recv returned %d\n\n", ret );
231 goto exit;
232 }
233
234 aes_crypt_ecb( &aes, AES_DECRYPT, buf, buf );
235 buf[16] = '\0';
236 printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf );
237
238exit:
239
240 net_close( server_fd );
241 rsa_free( &rsa );
242 dhm_free( &dhm );
243
244#ifdef WIN32
245 printf( " + Press Enter to exit this program.\n" );
246 fflush( stdout ); getchar();
247#endif
248
249 return( ret );
250}