/home/dko/projects/mobilec/trunk/src/security/xyssl-0.7/programs/pkey/dh_server.c

Go to the documentation of this file.
00001 /*
00002  *  Diffie-Hellman-Merkle key exchange (server side)
00003  *
00004  *  Copyright (C) 2006-2007  Christophe Devine
00005  *
00006  *  This library is free software; you can redistribute it and/or
00007  *  modify it under the terms of the GNU Lesser General Public
00008  *  License, version 2.1 as published by the Free Software Foundation.
00009  *
00010  *  This library is distributed in the hope that it will be useful,
00011  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00012  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00013  *  Lesser General Public License for more details.
00014  *
00015  *  You should have received a copy of the GNU Lesser General Public
00016  *  License along with this library; if not, write to the Free Software
00017  *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
00018  *  MA  02110-1301  USA
00019  */
00020 
00021 #ifndef _CRT_SECURE_NO_DEPRECATE
00022 #define _CRT_SECURE_NO_DEPRECATE 1
00023 #endif
00024 
00025 #include <string.h>
00026 #include <stdio.h>
00027 
00028 #include "xyssl/net.h"
00029 #include "xyssl/aes.h"
00030 #include "xyssl/dhm.h"
00031 #include "xyssl/rsa.h"
00032 #include "xyssl/sha1.h"
00033 #include "xyssl/havege.h"
00034 
00035 #define SERVER_PORT 11999
00036 #define PLAINTEXT "0123456_89ABCDE_"
00037 
00038 int main( void )
00039 {
00040     FILE *f;
00041 
00042     int ret, n, buflen;
00043     int listen_fd = -1;
00044     int client_fd = -1;
00045 
00046     unsigned char buf[1024];
00047     unsigned char hash[20];
00048     unsigned char buf2[2];
00049 
00050     havege_state hs;
00051     rsa_context rsa;
00052     dhm_context dhm;
00053     aes_context aes;
00054 
00055     memset( &rsa, 0, sizeof( rsa ) );
00056     memset( &dhm, 0, sizeof( dhm ) );
00057 
00058     /*
00059      * 1. Setup the RNG
00060      */
00061     printf( "\n  . Seeding the random number generator" );
00062     fflush( stdout );
00063 
00064     havege_init( &hs );
00065 
00066     /*
00067      * 2a. Read the server's private RSA key
00068      */
00069     printf( "\n  . Reading private key from rsa_priv.txt" );
00070     fflush( stdout );
00071 
00072     if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
00073     {
00074         ret = 1;
00075         printf( " failed\n  ! Could not open rsa_priv.txt\n" \
00076                 "  ! Please run rsa_genkey first\n\n" );
00077         goto exit;
00078     }
00079 
00080     if( ( ret = rsa_read_private( &rsa, f ) ) != 0 )
00081     {
00082         printf( " failed\n  ! rsa_read_private returned %08x\n\n", ret );
00083         goto exit;
00084     }
00085 
00086     fclose( f );
00087 
00088     /*
00089      * 2b. Get the DHM modulus and generator
00090      */
00091     printf( "\n  . Reading DH parameters from dh_prime.txt" );
00092     fflush( stdout );
00093 
00094     if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL )
00095     {
00096         ret = 1;
00097         printf( " failed\n  ! Could not open dh_prime.txt\n" \
00098                 "  ! Please run dh_genprime first\n\n" );
00099         goto exit;
00100     }
00101 
00102     if( mpi_read_file( &dhm.P, 16, f ) != 0 ||
00103         mpi_read_file( &dhm.G, 16, f ) != 0 )
00104     {
00105         printf( " failed\n  ! Invalid DH parameter file\n\n" );
00106         goto exit;
00107     }
00108 
00109     /*
00110      * 3. Wait for a client to connect
00111      */
00112     printf( "\n  . Waiting for a remote connection" );
00113     fflush( stdout );
00114 
00115     if( ( ret = net_bind( &listen_fd, NULL, SERVER_PORT ) ) != 0 )
00116     {
00117         printf( " failed\n  ! net_bind returned %08x\n\n", ret );
00118         goto exit;
00119     }
00120 
00121     if( ( ret = net_accept( listen_fd, &client_fd, NULL ) ) != 0 )
00122     {
00123         printf( " failed\n  ! net_accept returned %08x\n\n", ret );
00124         goto exit;
00125     }
00126 
00127     /*
00128      * 4. Setup the DH parameters (P,G,Ys)
00129      */
00130     printf( "\n  . Sending the server's DH parameters" );
00131     fflush( stdout );
00132 
00133     memset( buf, 0, sizeof( buf ) );
00134 
00135     if( ( ret = dhm_make_params( &dhm, havege_rand, &hs,
00136                                  buf, &n ) ) != 0 )
00137     {
00138         printf( " failed\n  ! dhm_make_params returned %08x\n\n", ret );
00139         goto exit;
00140     }
00141 
00142     /*
00143      * 5. Sign the parameters and send them
00144      */
00145     sha1( buf, n, hash );
00146 
00147     buf[n] = rsa.len >> 8;
00148     buf[n + 1] = rsa.len;
00149 
00150     if( ( ret = rsa_pkcs1_sign( &rsa, RSA_SHA1, hash, 20,
00151                                 buf + n + 2, rsa.len ) ) != 0 )
00152     {
00153         printf( " failed\n  ! rsa_pkcs1_sign returned %08x\n\n", ret );
00154         goto exit;
00155     }
00156 
00157     buflen = n + 2 + rsa.len;
00158     buf2[0] = buflen >> 8;
00159     buf2[1] = buflen;
00160     n = 2;
00161 
00162     if( ( ret = net_send( client_fd, buf2, &n ) ) != 0 )
00163     {
00164         printf( " failed\n  ! net_send returned %08x\n\n", ret );
00165         goto exit;
00166     }
00167 
00168     if( ( ret = net_send( client_fd, buf, &buflen ) ) != 0 )
00169     {
00170         printf( " failed\n  ! net_send returned %08x\n\n", ret );
00171         goto exit;
00172     }
00173 
00174     /*
00175      * 6. Get the client's public value: Yc = G ^ Xc mod P
00176      */
00177     printf( "\n  . Receiving the client's public value" );
00178     fflush( stdout );
00179 
00180     n = dhm.len;
00181     if( ( ret = net_recv( client_fd, buf, &n ) ) != 0 )
00182     {
00183         printf( " failed\n  ! net_recv returned %08x\n\n", ret );
00184         goto exit;
00185     }
00186 
00187     if( ( ret = dhm_read_public( &dhm, buf, n ) ) != 0 )
00188     {
00189         printf( " failed\n  ! net_recv returned %08x\n\n", ret );
00190         goto exit;
00191     }
00192 
00193     /*
00194      * 7. Derive the shared secret: K = Ys ^ Xc mod P
00195      */
00196     printf( "\n  . Shared secret: " );
00197     fflush( stdout );
00198 
00199     if( ( ret = dhm_calc_secret( &dhm, buf, &n ) ) != 0 )
00200     {
00201         printf( " failed\n  ! dhm_calc_secret returned %08x\n\n", ret );
00202         goto exit;
00203     }
00204 
00205     for( n = 0; n < 16; n++ )
00206         printf( "%02x", buf[n] );
00207 
00208     /*
00209      * 8. Setup the AES-256 encryption key
00210      *
00211      * This is an overly simplified example; best practice is
00212      * to hash the shared secret with a random value to derive
00213      * the keying material for the encryption/decryption keys
00214      * and MACs.
00215      */
00216     printf( "...\n  . Encrypting and sending the ciphertext" );
00217     fflush( stdout );
00218 
00219     aes_set_key( &aes, buf, 256 );
00220     memcpy( buf, PLAINTEXT, 16 );
00221     aes_encrypt( &aes, buf, buf );
00222 
00223     n = 16;
00224     if( ( ret = net_send( client_fd, buf, &n ) ) != 0 )
00225     {
00226         printf( " failed\n  ! net_send returned %08x\n\n", ret );
00227         goto exit;
00228     }
00229 
00230     printf( "\n\n" );
00231 
00232 exit:
00233 
00234     net_close( client_fd );
00235     rsa_free( &rsa );
00236     dhm_free( &dhm );
00237 
00238 #ifdef WIN32
00239     printf( "  + Press Enter to exit this program.\n" );
00240     fflush( stdout ); getchar();
00241 #endif
00242 
00243     return( ret );
00244 }
Generated on Fri May 16 14:49:55 2008 for Mobile-C by  doxygen 1.5.4