static fr_tls_server_conf_t *construct_tls(TIDC_INSTANCE *inst,
home_server_t *hs,
TID_SRVR_BLK *server)
{
fr_tls_server_conf_t *tls;
unsigned char *key_buf = NULL;
ssize_t keylen;
char *hexbuf = NULL;
DH *aaa_server_dh;
tls = talloc_zero( hs, fr_tls_server_conf_t);
if (!tls) return NULL;
aaa_server_dh = tid_srvr_get_dh(server);
keylen = tr_compute_dh_key(&key_buf, aaa_server_dh->pub_key,
tidc_get_dh(inst));
if (keylen <= 0) {
DEBUG2("DH error");
goto error;
}
hexbuf = talloc_size(tls, keylen*2 + 1);
if (!hexbuf) goto error;
tr_bin_to_hex(key_buf, keylen, hexbuf, 2*keylen + 1);
tls->psk_password = hexbuf;
tls->psk_identity = talloc_strdup(tls, tid_srvr_get_key_name(server)->buf);
tls->cipher_list = talloc_strdup(tls, "PSK");
tls->fragment_size = 4200;
tls->ctx = tls_init_ctx(tls, 1);
if (!tls->ctx) goto error;
memset(key_buf, 0, keylen);
tr_dh_free(key_buf);
return tls;
error:
if (key_buf) {
memset(key_buf, 0, keylen);
tr_dh_free(key_buf);
}
if (hexbuf) memset(hexbuf, 0, keylen*2);
if (tls) talloc_free(tls);
return NULL;
}
static void tidc_resp_handler (TIDC_INSTANCE * tidc,
TID_REQ *req,
TID_RESP *resp,
void *cookie)
{
int c_keylen = 0;
unsigned char *c_keybuf = NULL;
int i;
struct timeval tv;
printf ("Response received! Realm = %s, Community = %s.\n", resp->realm->buf, resp->comm->buf);
/* Generate the client key -- TBD, handle more than one server */
if (TID_SUCCESS != resp->result) {
fprintf(stderr, "tidc_resp_handler: Response is an error.\n");
return;
}
if (!resp->servers) {
fprintf(stderr, "tidc_resp_handler: Response does not contain server info.\n");
return;
}
if (tid_srvr_get_key_expiration(tid_resp_get_server(resp, 0), &tv))
printf("Error reading key expiration\n");
else
printf("Key expiration: %s", ctime(&tv.tv_sec));
if (0 > (c_keylen = tr_compute_dh_key(&c_keybuf,
resp->servers->aaa_server_dh->pub_key,
req->tidc_dh))) {
printf("tidc_resp_handler: Error computing client key.\n");
return;
}
/* Print out the client key. */
printf("Client Key Generated (len = %d):\n", c_keylen);
for (i = 0; i < c_keylen; i++) {
printf("%.2x", c_keybuf[i]);
}
printf("\n");
return;
}
int main (int argc,
const char *argv[])
{
DH *c_dh = NULL;
DH *s_dh = NULL;
unsigned char *c_keybuf = NULL;
unsigned char *s_keybuf = NULL;
int c_keylen = 0, s_keylen = 0, i = 0;
const BIGNUM *pub_key;
/* TBD -- Generate random private keys */
/* Generate initial DH params on the client side */
if (NULL == (c_dh = tr_create_dh_params(NULL, 0))) {
printf("Error: Can't create client DH params, exiting.\n");
exit(1);
}
fprintf(stderr, "Client DH Parameters:\n");
DHparams_print_fp(stdout, c_dh);
fprintf(stderr, "\n");
/*** Would now send DH params and client's public key to the server ***/
/* Generate DH params on the server side */
if (NULL == (s_dh = tr_create_matching_dh(NULL, 0, c_dh))) {
printf("Error: Can't create server server DH params, exiting.\n");
exit(1);
}
fprintf(stdout, "Server DH Parameters:\n");
DHparams_print_fp(stdout, s_dh);
fprintf(stdout, "\n");
/*** Would now send server's pub key to client ***/
/* Compute key on client */
DH_get0_key(s_dh, &pub_key, NULL);
if (0 > (c_keylen = tr_compute_dh_key(&c_keybuf,
pub_key,
c_dh))) {
printf("Error: Can't compute client key.\n");
}
/* Compute key on server */
DH_get0_key(c_dh, &pub_key, NULL);
if (0 > (s_keylen = tr_compute_dh_key(&s_keybuf,
pub_key,
s_dh))) {
printf("Error: Can't compute server key.\n");
exit(1);
}
/* Print out the client key. */
printf("Client Key Generated (len = %d):\n", c_keylen);
for (i = 0; i < c_keylen; i++) {
printf("%2x", c_keybuf[i]);
}
printf("\n");
/* Print out the server key. */
printf("Server Key Generated (len = %d):\n", s_keylen);
for (i = 0; i < s_keylen; i++) {
printf("%2x", s_keybuf[i]);
}
printf("\n");
/* Compare the two keys to see if they match */
if ((c_keylen != s_keylen) ||
(0 != memcmp(c_keybuf, s_keybuf, c_keylen))) {
printf("Error: Different keys generated!\n");
exit(1);
}
printf("Success: Identical keys generated, key length = %d!\n", c_keylen);
exit(0);
}
