static fr_tls_server_conf_t *construct_tls(TIDC_INSTANCE *inst, home_server_t *hs, TID_SRVR_BLK *server) { fr_tls_server_conf_t *tls; unsigned char *key_buf = NULL; ssize_t keylen; char *hexbuf = NULL; DH *aaa_server_dh; tls = talloc_zero( hs, fr_tls_server_conf_t); if (!tls) return NULL; aaa_server_dh = tid_srvr_get_dh(server); keylen = tr_compute_dh_key(&key_buf, aaa_server_dh->pub_key, tidc_get_dh(inst)); if (keylen <= 0) { DEBUG2("DH error"); goto error; } hexbuf = talloc_size(tls, keylen*2 + 1); if (!hexbuf) goto error; tr_bin_to_hex(key_buf, keylen, hexbuf, 2*keylen + 1); tls->psk_password = hexbuf; tls->psk_identity = talloc_strdup(tls, tid_srvr_get_key_name(server)->buf); tls->cipher_list = talloc_strdup(tls, "PSK"); tls->fragment_size = 4200; tls->ctx = tls_init_ctx(tls, 1); if (!tls->ctx) goto error; memset(key_buf, 0, keylen); tr_dh_free(key_buf); return tls; error: if (key_buf) { memset(key_buf, 0, keylen); tr_dh_free(key_buf); } if (hexbuf) memset(hexbuf, 0, keylen*2); if (tls) talloc_free(tls); return NULL; }
static void tidc_resp_handler (TIDC_INSTANCE * tidc, TID_REQ *req, TID_RESP *resp, void *cookie) { int c_keylen = 0; unsigned char *c_keybuf = NULL; int i; struct timeval tv; printf ("Response received! Realm = %s, Community = %s.\n", resp->realm->buf, resp->comm->buf); /* Generate the client key -- TBD, handle more than one server */ if (TID_SUCCESS != resp->result) { fprintf(stderr, "tidc_resp_handler: Response is an error.\n"); return; } if (!resp->servers) { fprintf(stderr, "tidc_resp_handler: Response does not contain server info.\n"); return; } if (tid_srvr_get_key_expiration(tid_resp_get_server(resp, 0), &tv)) printf("Error reading key expiration\n"); else printf("Key expiration: %s", ctime(&tv.tv_sec)); if (0 > (c_keylen = tr_compute_dh_key(&c_keybuf, resp->servers->aaa_server_dh->pub_key, req->tidc_dh))) { printf("tidc_resp_handler: Error computing client key.\n"); return; } /* Print out the client key. */ printf("Client Key Generated (len = %d):\n", c_keylen); for (i = 0; i < c_keylen; i++) { printf("%.2x", c_keybuf[i]); } printf("\n"); return; }
int main (int argc, const char *argv[]) { DH *c_dh = NULL; DH *s_dh = NULL; unsigned char *c_keybuf = NULL; unsigned char *s_keybuf = NULL; int c_keylen = 0, s_keylen = 0, i = 0; const BIGNUM *pub_key; /* TBD -- Generate random private keys */ /* Generate initial DH params on the client side */ if (NULL == (c_dh = tr_create_dh_params(NULL, 0))) { printf("Error: Can't create client DH params, exiting.\n"); exit(1); } fprintf(stderr, "Client DH Parameters:\n"); DHparams_print_fp(stdout, c_dh); fprintf(stderr, "\n"); /*** Would now send DH params and client's public key to the server ***/ /* Generate DH params on the server side */ if (NULL == (s_dh = tr_create_matching_dh(NULL, 0, c_dh))) { printf("Error: Can't create server server DH params, exiting.\n"); exit(1); } fprintf(stdout, "Server DH Parameters:\n"); DHparams_print_fp(stdout, s_dh); fprintf(stdout, "\n"); /*** Would now send server's pub key to client ***/ /* Compute key on client */ DH_get0_key(s_dh, &pub_key, NULL); if (0 > (c_keylen = tr_compute_dh_key(&c_keybuf, pub_key, c_dh))) { printf("Error: Can't compute client key.\n"); } /* Compute key on server */ DH_get0_key(c_dh, &pub_key, NULL); if (0 > (s_keylen = tr_compute_dh_key(&s_keybuf, pub_key, s_dh))) { printf("Error: Can't compute server key.\n"); exit(1); } /* Print out the client key. */ printf("Client Key Generated (len = %d):\n", c_keylen); for (i = 0; i < c_keylen; i++) { printf("%2x", c_keybuf[i]); } printf("\n"); /* Print out the server key. */ printf("Server Key Generated (len = %d):\n", s_keylen); for (i = 0; i < s_keylen; i++) { printf("%2x", s_keybuf[i]); } printf("\n"); /* Compare the two keys to see if they match */ if ((c_keylen != s_keylen) || (0 != memcmp(c_keybuf, s_keybuf, c_keylen))) { printf("Error: Different keys generated!\n"); exit(1); } printf("Success: Identical keys generated, key length = %d!\n", c_keylen); exit(0); }