diff options
author | Adam Harrison <adamdharrison@gmail.com> | 2022-11-26 16:20:59 -0500 |
---|---|---|
committer | Adam Harrison <adamdharrison@gmail.com> | 2022-11-29 18:39:46 -0500 |
commit | fc0c4ed9a3103e0e6534311923668879fc8e0875 (patch) | |
tree | 6e7723c3f45d39f06c243d9c18a3c038da948793 /lib/mbedtls-2.27.0/programs/pkey/dh_client.c | |
parent | 3836606e2b735ba7b2dc0f580231843660587fb4 (diff) | |
download | lite-xl-plugin-manager-fc0c4ed9a3103e0e6534311923668879fc8e0875.tar.gz lite-xl-plugin-manager-fc0c4ed9a3103e0e6534311923668879fc8e0875.zip |
Removed openssl, and curl, and added mbedded tls.curl-removal
Almost fully removed curl, needs more testing.
Fixed most issues, now trying to cross compile.
Fix?
Sigh.
Diffstat (limited to 'lib/mbedtls-2.27.0/programs/pkey/dh_client.c')
-rw-r--r-- | lib/mbedtls-2.27.0/programs/pkey/dh_client.c | 312 |
1 files changed, 312 insertions, 0 deletions
diff --git a/lib/mbedtls-2.27.0/programs/pkey/dh_client.c b/lib/mbedtls-2.27.0/programs/pkey/dh_client.c new file mode 100644 index 0000000..d6e4990 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/dh_client.c @@ -0,0 +1,312 @@ +/* + * Diffie-Hellman-Merkle key exchange (client side) + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_printf printf +#define mbedtls_time_t time_t +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ + defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ + defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \ + defined(MBEDTLS_SHA1_C) +#include "mbedtls/net_sockets.h" +#include "mbedtls/aes.h" +#include "mbedtls/dhm.h" +#include "mbedtls/rsa.h" +#include "mbedtls/sha1.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" + +#include <stdio.h> +#include <string.h> +#endif + +#define SERVER_NAME "localhost" +#define SERVER_PORT "11999" + +#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ + !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ + !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ + !defined(MBEDTLS_SHA1_C) +int main( void ) +{ + mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " + "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " + "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_CTR_DRBG_C not defined.\n"); + mbedtls_exit( 0 ); +} +#else + + +int main( void ) +{ + FILE *f; + + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + size_t n, buflen; + mbedtls_net_context server_fd; + + unsigned char *p, *end; + unsigned char buf[2048]; + unsigned char hash[32]; + const char *pers = "dh_client"; + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_rsa_context rsa; + mbedtls_dhm_context dhm; + mbedtls_aes_context aes; + + mbedtls_net_init( &server_fd ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 ); + mbedtls_dhm_init( &dhm ); + mbedtls_aes_init( &aes ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + + /* + * 1. Setup the RNG + */ + mbedtls_printf( "\n . Seeding the random number generator" ); + fflush( stdout ); + + mbedtls_entropy_init( &entropy ); + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + goto exit; + } + + /* + * 2. Read the server's public RSA key + */ + mbedtls_printf( "\n . Reading public key from rsa_pub.txt" ); + fflush( stdout ); + + if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \ + " ! Please run rsa_genkey first\n\n" ); + goto exit; + } + + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + + if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); + goto exit; + } + + rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3; + + fclose( f ); + + /* + * 3. Initiate the connection + */ + mbedtls_printf( "\n . Connecting to tcp/%s/%s", SERVER_NAME, + SERVER_PORT ); + fflush( stdout ); + + if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME, + SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret ); + goto exit; + } + + /* + * 4a. First get the buffer length + */ + mbedtls_printf( "\n . Receiving the server's DH parameters" ); + fflush( stdout ); + + memset( buf, 0, sizeof( buf ) ); + + if( ( ret = mbedtls_net_recv( &server_fd, buf, 2 ) ) != 2 ) + { + mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret ); + goto exit; + } + + n = buflen = ( buf[0] << 8 ) | buf[1]; + if( buflen < 1 || buflen > sizeof( buf ) ) + { + mbedtls_printf( " failed\n ! Got an invalid buffer length\n\n" ); + goto exit; + } + + /* + * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P + */ + memset( buf, 0, sizeof( buf ) ); + + if( ( ret = mbedtls_net_recv( &server_fd, buf, n ) ) != (int) n ) + { + mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret ); + goto exit; + } + + p = buf, end = buf + buflen; + + if( ( ret = mbedtls_dhm_read_params( &dhm, &p, end ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_dhm_read_params returned %d\n\n", ret ); + goto exit; + } + + if( dhm.len < 64 || dhm.len > 512 ) + { + mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" ); + goto exit; + } + + /* + * 5. Check that the server's RSA signature matches + * the SHA-256 hash of (P,G,Ys) + */ + mbedtls_printf( "\n . Verifying the server's RSA signature" ); + fflush( stdout ); + + p += 2; + + if( ( n = (size_t) ( end - p ) ) != rsa.len ) + { + mbedtls_printf( " failed\n ! Invalid RSA signature size\n\n" ); + goto exit; + } + + if( ( ret = mbedtls_sha1_ret( buf, (int)( p - 2 - buf ), hash ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, + MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret ); + goto exit; + } + + /* + * 6. Send our public value: Yc = G ^ Xc mod P + */ + mbedtls_printf( "\n . Sending own public value to server" ); + fflush( stdout ); + + n = dhm.len; + if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, n, + mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_net_send( &server_fd, buf, n ) ) != (int) n ) + { + mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret ); + goto exit; + } + + /* + * 7. Derive the shared secret: K = Ys ^ Xc mod P + */ + mbedtls_printf( "\n . Shared secret: " ); + fflush( stdout ); + + if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n, + mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret ); + goto exit; + } + + for( n = 0; n < 16; n++ ) + mbedtls_printf( "%02x", buf[n] ); + + /* + * 8. Setup the AES-256 decryption key + * + * This is an overly simplified example; best practice is + * to hash the shared secret with a random value to derive + * the keying material for the encryption/decryption keys, + * IVs and MACs. + */ + mbedtls_printf( "...\n . Receiving and decrypting the ciphertext" ); + fflush( stdout ); + + mbedtls_aes_setkey_dec( &aes, buf, 256 ); + + memset( buf, 0, sizeof( buf ) ); + + if( ( ret = mbedtls_net_recv( &server_fd, buf, 16 ) ) != 16 ) + { + mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret ); + goto exit; + } + + mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf ); + buf[16] = '\0'; + mbedtls_printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + + mbedtls_net_free( &server_fd ); + + mbedtls_aes_free( &aes ); + mbedtls_rsa_free( &rsa ); + mbedtls_dhm_free( &dhm ); + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C && + MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && + MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ |