1 /*
2 * Diffie-Hellman-Merkle key exchange (server side)
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22 #if !defined(MBEDTLS_CONFIG_FILE)
23 #include "mbedtls/config.h"
24 #else
25 #include MBEDTLS_CONFIG_FILE
26 #endif
27
28 #if defined(MBEDTLS_PLATFORM_C)
29 #include "mbedtls/platform.h"
30 #else
31 #include <stdio.h>
32 #define mbedtls_printf printf
33 #define mbedtls_time_t time_t
34 #endif
35
36 #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
37 defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
38 defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \
39 defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \
40 defined(MBEDTLS_SHA1_C)
41 #include "mbedtls/net_sockets.h"
42 #include "mbedtls/aes.h"
43 #include "mbedtls/dhm.h"
44 #include "mbedtls/rsa.h"
45 #include "mbedtls/sha1.h"
46 #include "mbedtls/entropy.h"
47 #include "mbedtls/ctr_drbg.h"
48
49 #include <stdio.h>
50 #include <string.h>
51 #endif
52
53 #define SERVER_PORT "11999"
54 #define PLAINTEXT "==Hello there!=="
55
56 #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \
57 !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \
58 !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
59 !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
60 !defined(MBEDTLS_SHA1_C)
main(void)61 int main( void )
62 {
63 mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
64 "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
65 "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
66 "MBEDTLS_CTR_DRBG_C not defined.\n");
67 return( 0 );
68 }
69 #else
main(void)70 int main( void )
71 {
72 FILE *f;
73
74 int ret;
75 size_t n, buflen;
76 mbedtls_net_context listen_fd, client_fd;
77
78 unsigned char buf[2048];
79 unsigned char hash[32];
80 unsigned char buf2[2];
81 const char *pers = "dh_server";
82
83 mbedtls_entropy_context entropy;
84 mbedtls_ctr_drbg_context ctr_drbg;
85 mbedtls_rsa_context rsa;
86 mbedtls_dhm_context dhm;
87 mbedtls_aes_context aes;
88
89 mbedtls_net_init( &listen_fd );
90 mbedtls_net_init( &client_fd );
91 mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 );
92 mbedtls_dhm_init( &dhm );
93 mbedtls_aes_init( &aes );
94 mbedtls_ctr_drbg_init( &ctr_drbg );
95
96 /*
97 * 1. Setup the RNG
98 */
99 mbedtls_printf( "\n . Seeding the random number generator" );
100 fflush( stdout );
101
102 mbedtls_entropy_init( &entropy );
103 if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
104 (const unsigned char *) pers,
105 strlen( pers ) ) ) != 0 )
106 {
107 mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
108 goto exit;
109 }
110
111 /*
112 * 2a. Read the server's private RSA key
113 */
114 mbedtls_printf( "\n . Reading private key from rsa_priv.txt" );
115 fflush( stdout );
116
117 if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
118 {
119 ret = 1;
120 mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
121 " ! Please run rsa_genkey first\n\n" );
122 goto exit;
123 }
124
125 mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
126
127 if( ( ret = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
128 ( ret = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
129 ( ret = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
130 ( ret = mbedtls_mpi_read_file( &rsa.P , 16, f ) ) != 0 ||
131 ( ret = mbedtls_mpi_read_file( &rsa.Q , 16, f ) ) != 0 ||
132 ( ret = mbedtls_mpi_read_file( &rsa.DP, 16, f ) ) != 0 ||
133 ( ret = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
134 ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
135 {
136 mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
137 fclose( f );
138 goto exit;
139 }
140
141 rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
142
143 fclose( f );
144
145 /*
146 * 2b. Get the DHM modulus and generator
147 */
148 mbedtls_printf( "\n . Reading DH parameters from dh_prime.txt" );
149 fflush( stdout );
150
151 if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL )
152 {
153 ret = 1;
154 mbedtls_printf( " failed\n ! Could not open dh_prime.txt\n" \
155 " ! Please run dh_genprime first\n\n" );
156 goto exit;
157 }
158
159 if( mbedtls_mpi_read_file( &dhm.P, 16, f ) != 0 ||
160 mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 )
161 {
162 mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" );
163 fclose( f );
164 goto exit;
165 }
166
167 fclose( f );
168
169 /*
170 * 3. Wait for a client to connect
171 */
172 mbedtls_printf( "\n . Waiting for a remote connection" );
173 fflush( stdout );
174
175 if( ( ret = mbedtls_net_bind( &listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
176 {
177 mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
178 goto exit;
179 }
180
181 if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
182 NULL, 0, NULL ) ) != 0 )
183 {
184 mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
185 goto exit;
186 }
187
188 /*
189 * 4. Setup the DH parameters (P,G,Ys)
190 */
191 mbedtls_printf( "\n . Sending the server's DH parameters" );
192 fflush( stdout );
193
194 memset( buf, 0, sizeof( buf ) );
195
196 if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.P ), buf, &n,
197 mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
198 {
199 mbedtls_printf( " failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret );
200 goto exit;
201 }
202
203 /*
204 * 5. Sign the parameters and send them
205 */
206 mbedtls_sha1( buf, n, hash );
207
208 buf[n ] = (unsigned char)( rsa.len >> 8 );
209 buf[n + 1] = (unsigned char)( rsa.len );
210
211 if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
212 0, hash, buf + n + 2 ) ) != 0 )
213 {
214 mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret );
215 goto exit;
216 }
217
218 buflen = n + 2 + rsa.len;
219 buf2[0] = (unsigned char)( buflen >> 8 );
220 buf2[1] = (unsigned char)( buflen );
221
222 if( ( ret = mbedtls_net_send( &client_fd, buf2, 2 ) ) != 2 ||
223 ( ret = mbedtls_net_send( &client_fd, buf, buflen ) ) != (int) buflen )
224 {
225 mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
226 goto exit;
227 }
228
229 /*
230 * 6. Get the client's public value: Yc = G ^ Xc mod P
231 */
232 mbedtls_printf( "\n . Receiving the client's public value" );
233 fflush( stdout );
234
235 memset( buf, 0, sizeof( buf ) );
236
237 if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n )
238 {
239 mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
240 goto exit;
241 }
242
243 if( ( ret = mbedtls_dhm_read_public( &dhm, buf, dhm.len ) ) != 0 )
244 {
245 mbedtls_printf( " failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret );
246 goto exit;
247 }
248
249 /*
250 * 7. Derive the shared secret: K = Ys ^ Xc mod P
251 */
252 mbedtls_printf( "\n . Shared secret: " );
253 fflush( stdout );
254
255 if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n,
256 mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
257 {
258 mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret );
259 goto exit;
260 }
261
262 for( n = 0; n < 16; n++ )
263 mbedtls_printf( "%02x", buf[n] );
264
265 /*
266 * 8. Setup the AES-256 encryption key
267 *
268 * This is an overly simplified example; best practice is
269 * to hash the shared secret with a random value to derive
270 * the keying material for the encryption/decryption keys
271 * and MACs.
272 */
273 mbedtls_printf( "...\n . Encrypting and sending the ciphertext" );
274 fflush( stdout );
275
276 mbedtls_aes_setkey_enc( &aes, buf, 256 );
277 memcpy( buf, PLAINTEXT, 16 );
278 mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_ENCRYPT, buf, buf );
279
280 if( ( ret = mbedtls_net_send( &client_fd, buf, 16 ) ) != 16 )
281 {
282 mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
283 goto exit;
284 }
285
286 mbedtls_printf( "\n\n" );
287
288 exit:
289
290 mbedtls_net_free( &client_fd );
291 mbedtls_net_free( &listen_fd );
292
293 mbedtls_aes_free( &aes );
294 mbedtls_rsa_free( &rsa );
295 mbedtls_dhm_free( &dhm );
296 mbedtls_ctr_drbg_free( &ctr_drbg );
297 mbedtls_entropy_free( &entropy );
298
299 #if defined(_WIN32)
300 mbedtls_printf( " + Press Enter to exit this program.\n" );
301 fflush( stdout ); getchar();
302 #endif
303
304 return( ret );
305 }
306 #endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
307 MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
308 MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
309
