quickjs-tart

quickjs-based runtime for wallet-core logic
Log | Files | Refs | README | LICENSE

dh_client.c (8546B)

      1 /*
      2  *  Diffie-Hellman-Merkle key exchange (client side)
      3  *
      4  *  Copyright The Mbed TLS Contributors
      5  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
      6  */
      7 
      8 #include "mbedtls/build_info.h"
      9 
     10 #include "mbedtls/platform.h"
     11 /* md.h is included this early since MD_CAN_XXX macros are defined there. */
     12 #include "mbedtls/md.h"
     13 
     14 #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
     15     defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
     16     defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \
     17     defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C)
     18 #include "mbedtls/net_sockets.h"
     19 #include "mbedtls/aes.h"
     20 #include "mbedtls/dhm.h"
     21 #include "mbedtls/rsa.h"
     22 #include "mbedtls/sha256.h"
     23 #include "mbedtls/entropy.h"
     24 #include "mbedtls/ctr_drbg.h"
     25 
     26 #include <stdio.h>
     27 #include <string.h>
     28 #endif
     29 
     30 #define SERVER_NAME "localhost"
     31 #define SERVER_PORT "11999"
     32 
     33 #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) ||     \
     34     !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) ||  \
     35     !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) ||    \
     36     !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C)
     37 int main(void)
     38 {
     39     mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
     40                    "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
     41                    "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO and/or "
     42                    "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n");
     43     mbedtls_exit(0);
     44 }
     45 
     46 #elif defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
     47 int main(void)
     48 {
     49     mbedtls_printf("MBEDTLS_BLOCK_CIPHER_NO_DECRYPT defined.\n");
     50     mbedtls_exit(0);
     51 }
     52 #else
     53 
     54 
     55 int main(void)
     56 {
     57     FILE *f;
     58 
     59     int ret = 1;
     60     int exit_code = MBEDTLS_EXIT_FAILURE;
     61     unsigned int mdlen;
     62     size_t n, buflen;
     63     mbedtls_net_context server_fd;
     64 
     65     unsigned char *p, *end;
     66     unsigned char buf[2048];
     67     unsigned char hash[MBEDTLS_MD_MAX_SIZE];
     68     mbedtls_mpi N, E;
     69     const char *pers = "dh_client";
     70 
     71     mbedtls_entropy_context entropy;
     72     mbedtls_ctr_drbg_context ctr_drbg;
     73     mbedtls_rsa_context rsa;
     74     mbedtls_dhm_context dhm;
     75     mbedtls_aes_context aes;
     76 
     77     mbedtls_net_init(&server_fd);
     78     mbedtls_dhm_init(&dhm);
     79     mbedtls_aes_init(&aes);
     80     mbedtls_ctr_drbg_init(&ctr_drbg);
     81     mbedtls_mpi_init(&N);
     82     mbedtls_mpi_init(&E);
     83 
     84     /*
     85      * 1. Setup the RNG
     86      */
     87     mbedtls_printf("\n  . Seeding the random number generator");
     88     fflush(stdout);
     89 
     90     mbedtls_entropy_init(&entropy);
     91     if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
     92                                      (const unsigned char *) pers,
     93                                      strlen(pers))) != 0) {
     94         mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
     95         goto exit;
     96     }
     97 
     98     /*
     99      * 2. Read the server's public RSA key
    100      */
    101     mbedtls_printf("\n  . Reading public key from rsa_pub.txt");
    102     fflush(stdout);
    103 
    104     if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
    105         mbedtls_printf(" failed\n  ! Could not open rsa_pub.txt\n" \
    106                        "  ! Please run rsa_genkey first\n\n");
    107         goto exit;
    108     }
    109 
    110     mbedtls_rsa_init(&rsa);
    111     if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
    112         (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
    113         (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) {
    114         mbedtls_printf(" failed\n  ! mbedtls_mpi_read_file returned %d\n\n", ret);
    115         fclose(f);
    116         goto exit;
    117     }
    118     fclose(f);
    119 
    120     /*
    121      * 3. Initiate the connection
    122      */
    123     mbedtls_printf("\n  . Connecting to tcp/%s/%s", SERVER_NAME,
    124                    SERVER_PORT);
    125     fflush(stdout);
    126 
    127     if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME,
    128                                    SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
    129         mbedtls_printf(" failed\n  ! mbedtls_net_connect returned %d\n\n", ret);
    130         goto exit;
    131     }
    132 
    133     /*
    134      * 4a. First get the buffer length
    135      */
    136     mbedtls_printf("\n  . Receiving the server's DH parameters");
    137     fflush(stdout);
    138 
    139     memset(buf, 0, sizeof(buf));
    140 
    141     if ((ret = mbedtls_net_recv(&server_fd, buf, 2)) != 2) {
    142         mbedtls_printf(" failed\n  ! mbedtls_net_recv returned %d\n\n", ret);
    143         goto exit;
    144     }
    145 
    146     n = buflen = (buf[0] << 8) | buf[1];
    147     if (buflen < 1 || buflen > sizeof(buf)) {
    148         mbedtls_printf(" failed\n  ! Got an invalid buffer length\n\n");
    149         goto exit;
    150     }
    151 
    152     /*
    153      * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P
    154      */
    155     memset(buf, 0, sizeof(buf));
    156 
    157     if ((ret = mbedtls_net_recv(&server_fd, buf, n)) != (int) n) {
    158         mbedtls_printf(" failed\n  ! mbedtls_net_recv returned %d\n\n", ret);
    159         goto exit;
    160     }
    161 
    162     p = buf, end = buf + buflen;
    163 
    164     if ((ret = mbedtls_dhm_read_params(&dhm, &p, end)) != 0) {
    165         mbedtls_printf(" failed\n  ! mbedtls_dhm_read_params returned %d\n\n", ret);
    166         goto exit;
    167     }
    168 
    169     n = mbedtls_dhm_get_len(&dhm);
    170     if (n < 64 || n > 512) {
    171         mbedtls_printf(" failed\n  ! Invalid DHM modulus size\n\n");
    172         goto exit;
    173     }
    174 
    175     /*
    176      * 5. Check that the server's RSA signature matches
    177      *    the SHA-256 hash of (P,G,Ys)
    178      */
    179     mbedtls_printf("\n  . Verifying the server's RSA signature");
    180     fflush(stdout);
    181 
    182     p += 2;
    183 
    184     if ((n = (size_t) (end - p)) != mbedtls_rsa_get_len(&rsa)) {
    185         mbedtls_printf(" failed\n  ! Invalid RSA signature size\n\n");
    186         goto exit;
    187     }
    188 
    189     mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256));
    190     if (mdlen == 0) {
    191         mbedtls_printf(" failed\n  ! Invalid digest type\n\n");
    192         goto exit;
    193     }
    194 
    195     if ((ret = mbedtls_sha256(buf, (int) (p - 2 - buf), hash, 0)) != 0) {
    196         mbedtls_printf(" failed\n  ! mbedtls_sha256 returned %d\n\n", ret);
    197         goto exit;
    198     }
    199 
    200     if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256,
    201                                         mdlen, hash, p)) != 0) {
    202         mbedtls_printf(" failed\n  ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret);
    203         goto exit;
    204     }
    205 
    206     /*
    207      * 6. Send our public value: Yc = G ^ Xc mod P
    208      */
    209     mbedtls_printf("\n  . Sending own public value to server");
    210     fflush(stdout);
    211 
    212     n = mbedtls_dhm_get_len(&dhm);
    213     if ((ret = mbedtls_dhm_make_public(&dhm, (int) n, buf, n,
    214                                        mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
    215         mbedtls_printf(" failed\n  ! mbedtls_dhm_make_public returned %d\n\n", ret);
    216         goto exit;
    217     }
    218 
    219     if ((ret = mbedtls_net_send(&server_fd, buf, n)) != (int) n) {
    220         mbedtls_printf(" failed\n  ! mbedtls_net_send returned %d\n\n", ret);
    221         goto exit;
    222     }
    223 
    224     /*
    225      * 7. Derive the shared secret: K = Ys ^ Xc mod P
    226      */
    227     mbedtls_printf("\n  . Shared secret: ");
    228     fflush(stdout);
    229 
    230     if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n,
    231                                        mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
    232         mbedtls_printf(" failed\n  ! mbedtls_dhm_calc_secret returned %d\n\n", ret);
    233         goto exit;
    234     }
    235 
    236     for (n = 0; n < 16; n++) {
    237         mbedtls_printf("%02x", buf[n]);
    238     }
    239 
    240     /*
    241      * 8. Setup the AES-256 decryption key
    242      *
    243      * This is an overly simplified example; best practice is
    244      * to hash the shared secret with a random value to derive
    245      * the keying material for the encryption/decryption keys,
    246      * IVs and MACs.
    247      */
    248     mbedtls_printf("...\n  . Receiving and decrypting the ciphertext");
    249     fflush(stdout);
    250 
    251     ret = mbedtls_aes_setkey_dec(&aes, buf, 256);
    252     if (ret != 0) {
    253         goto exit;
    254     }
    255 
    256     memset(buf, 0, sizeof(buf));
    257 
    258     if ((ret = mbedtls_net_recv(&server_fd, buf, 16)) != 16) {
    259         mbedtls_printf(" failed\n  ! mbedtls_net_recv returned %d\n\n", ret);
    260         goto exit;
    261     }
    262 
    263     ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_DECRYPT, buf, buf);
    264     if (ret != 0) {
    265         goto exit;
    266     }
    267     buf[16] = '\0';
    268     mbedtls_printf("\n  . Plaintext is \"%s\"\n\n", (char *) buf);
    269 
    270     exit_code = MBEDTLS_EXIT_SUCCESS;
    271 
    272 exit:
    273 
    274     mbedtls_net_free(&server_fd);
    275 
    276     mbedtls_aes_free(&aes);
    277     mbedtls_rsa_free(&rsa);
    278     mbedtls_dhm_free(&dhm);
    279     mbedtls_ctr_drbg_free(&ctr_drbg);
    280     mbedtls_entropy_free(&entropy);
    281     mbedtls_mpi_free(&N);
    282     mbedtls_mpi_free(&E);
    283 
    284     mbedtls_exit(exit_code);
    285 }
    286 #endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
    287           MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 &&
    288           MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */