programs: remove dh_client and dh_server

These sample programs depend on MBEDTLS_DHM_C which is being removed, so they should be as well. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-14 07:20:52 +00:00 · 2025-02-12 10:29:32 +01:00 · 2025-02-12 10:29:32 +01:00 · 540e7f3738
commit 540e7f3738
parent 3b3c652ddc
5 changed files with 1 additions and 620 deletions
--- a/programs/Makefile
+++ b/programs/Makefile
@ -41,9 +41,7 @@ APPS = \
 	hash/generic_sum \
 	hash/hello \
 	hash/md_hmac_demo \
-	pkey/dh_client \
 	pkey/dh_genprime \
-	pkey/dh_server \
 	pkey/ecdh_curve25519 \
 	pkey/ecdsa \
 	pkey/gen_key \
@ -177,18 +175,10 @@ hash/md_hmac_demo$(EXEXT): hash/md_hmac_demo.c $(DEP)
 	echo "  CC    hash/md_hmac_demo.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/md_hmac_demo.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

-pkey/dh_client$(EXEXT): pkey/dh_client.c $(DEP)
-	echo "  CC    pkey/dh_client.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_client.c   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
 pkey/dh_genprime$(EXEXT): pkey/dh_genprime.c $(DEP)
 	echo "  CC    pkey/dh_genprime.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_genprime.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

-pkey/dh_server$(EXEXT): pkey/dh_server.c $(DEP)
-	echo "  CC    pkey/dh_server.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_server.c   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
 pkey/ecdh_curve25519$(EXEXT): pkey/ecdh_curve25519.c $(DEP)
 	echo "  CC    pkey/ecdh_curve25519.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdh_curve25519.c   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
--- a/programs/README.md
+++ b/programs/README.md
@ -41,8 +41,6 @@ This subdirectory mostly contains sample programs that illustrate specific featu

 ### Diffie-Hellman key exchange examples

-* [`pkey/dh_client.c`](pkey/dh_client.c), [`pkey/dh_server.c`](pkey/dh_server.c): secure channel demonstrators (client, server). This pair of programs illustrates how to set up a secure channel using RSA for authentication and Diffie-Hellman to generate a shared AES session key.
-
 * [`pkey/ecdh_curve25519.c`](pkey/ecdh_curve25519.c): demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement.

 ### Bignum (`mpi`) usage examples
--- a/programs/pkey/CMakeLists.txt
+++ b/programs/pkey/CMakeLists.txt
@ -1,16 +1,3 @@
-set(executables_mbedtls
-    dh_client
-    dh_server
-)
-add_dependencies(${programs_target} ${executables_mbedtls})
-
-foreach(exe IN LISTS executables_mbedtls)
-    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-    set_base_compile_options(${exe})
-    target_link_libraries(${exe} ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT})
-    target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
-endforeach()
-
 set(executables_mbedcrypto
    dh_genprime
    ecdh_curve25519
@ -40,6 +27,6 @@ foreach(exe IN LISTS executables_mbedcrypto)
    target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
 endforeach()

-install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto}
+install(TARGETS ${executables_mbedcrypto}
        DESTINATION "bin"
        PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@ -1,288 +0,0 @@
-/*
- *  Diffie-Hellman-Merkle key exchange (client side)
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-/* md.h is included this early since MD_CAN_XXX macros are defined there. */
-#include "mbedtls/md.h"
-
-#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
-    defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
-    defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \
-    defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/net_sockets.h"
-#include "mbedtls/aes.h"
-#include "mbedtls/dhm.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <stdio.h>
-#include <string.h>
-#endif
-
-#define SERVER_NAME "localhost"
-#define SERVER_PORT "11999"
-
-#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) ||     \
-    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) ||  \
-    !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) ||    \
-    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
-                   "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
-                   "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO and/or "
-                   "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n");
-    mbedtls_exit(0);
-}
-
-#elif defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_BLOCK_CIPHER_NO_DECRYPT defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-
-int main(void)
-{
-    FILE *f;
-
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    unsigned int mdlen;
-    size_t n, buflen;
-    mbedtls_net_context server_fd;
-
-    unsigned char *p, *end;
-    unsigned char buf[2048];
-    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-    mbedtls_mpi N, E;
-    const char *pers = "dh_client";
-
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    mbedtls_rsa_context rsa;
-    mbedtls_dhm_context dhm;
-    mbedtls_aes_context aes;
-
-    mbedtls_net_init(&server_fd);
-    mbedtls_dhm_init(&dhm);
-    mbedtls_aes_init(&aes);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    mbedtls_mpi_init(&N);
-    mbedtls_mpi_init(&E);
-
-    /*
-     * 1. Setup the RNG
-     */
-    mbedtls_printf("\n  . Seeding the random number generator");
-    fflush(stdout);
-
-    mbedtls_entropy_init(&entropy);
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
-        goto exit;
-    }
-
-    /*
-     * 2. Read the server's public RSA key
-     */
-    mbedtls_printf("\n  . Reading public key from rsa_pub.txt");
-    fflush(stdout);
-
-    if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
-        mbedtls_printf(" failed\n  ! Could not open rsa_pub.txt\n" \
-                       "  ! Please run rsa_genkey first\n\n");
-        goto exit;
-    }
-
-    mbedtls_rsa_init(&rsa);
-    if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
-        (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) {
-        mbedtls_printf(" failed\n  ! mbedtls_mpi_read_file returned %d\n\n", ret);
-        fclose(f);
-        goto exit;
-    }
-    fclose(f);
-
-    /*
-     * 3. Initiate the connection
-     */
-    mbedtls_printf("\n  . Connecting to tcp/%s/%s", SERVER_NAME,
-                   SERVER_PORT);
-    fflush(stdout);
-
-    if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME,
-                                   SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_net_connect returned %d\n\n", ret);
-        goto exit;
-    }
-
-    /*
-     * 4a. First get the buffer length
-     */
-    mbedtls_printf("\n  . Receiving the server's DH parameters");
-    fflush(stdout);
-
-    memset(buf, 0, sizeof(buf));
-
-    if ((ret = mbedtls_net_recv(&server_fd, buf, 2)) != 2) {
-        mbedtls_printf(" failed\n  ! mbedtls_net_recv returned %d\n\n", ret);
-        goto exit;
-    }
-
-    n = buflen = (buf[0] << 8) | buf[1];
-    if (buflen < 1 || buflen > sizeof(buf)) {
-        mbedtls_printf(" failed\n  ! Got an invalid buffer length\n\n");
-        goto exit;
-    }
-
-    /*
-     * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P
-     */
-    memset(buf, 0, sizeof(buf));
-
-    if ((ret = mbedtls_net_recv(&server_fd, buf, n)) != (int) n) {
-        mbedtls_printf(" failed\n  ! mbedtls_net_recv returned %d\n\n", ret);
-        goto exit;
-    }
-
-    p = buf, end = buf + buflen;
-
-    if ((ret = mbedtls_dhm_read_params(&dhm, &p, end)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_dhm_read_params returned %d\n\n", ret);
-        goto exit;
-    }
-
-    n = mbedtls_dhm_get_len(&dhm);
-    if (n < 64 || n > 512) {
-        mbedtls_printf(" failed\n  ! Invalid DHM modulus size\n\n");
-        goto exit;
-    }
-
-    /*
-     * 5. Check that the server's RSA signature matches
-     *    the SHA-256 hash of (P,G,Ys)
-     */
-    mbedtls_printf("\n  . Verifying the server's RSA signature");
-    fflush(stdout);
-
-    p += 2;
-
-    if ((n = (size_t) (end - p)) != mbedtls_rsa_get_len(&rsa)) {
-        mbedtls_printf(" failed\n  ! Invalid RSA signature size\n\n");
-        goto exit;
-    }
-
-    mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256));
-    if (mdlen == 0) {
-        mbedtls_printf(" failed\n  ! Invalid digest type\n\n");
-        goto exit;
-    }
-
-    if ((ret = mbedtls_sha256(buf, (int) (p - 2 - buf), hash, 0)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_sha256 returned %d\n\n", ret);
-        goto exit;
-    }
-
-    if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256,
-                                        mdlen, hash, p)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret);
-        goto exit;
-    }
-
-    /*
-     * 6. Send our public value: Yc = G ^ Xc mod P
-     */
-    mbedtls_printf("\n  . Sending own public value to server");
-    fflush(stdout);
-
-    n = mbedtls_dhm_get_len(&dhm);
-    if ((ret = mbedtls_dhm_make_public(&dhm, (int) n, buf, n,
-                                       mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_dhm_make_public returned %d\n\n", ret);
-        goto exit;
-    }
-
-    if ((ret = mbedtls_net_send(&server_fd, buf, n)) != (int) n) {
-        mbedtls_printf(" failed\n  ! mbedtls_net_send returned %d\n\n", ret);
-        goto exit;
-    }
-
-    /*
-     * 7. Derive the shared secret: K = Ys ^ Xc mod P
-     */
-    mbedtls_printf("\n  . Shared secret: ");
-    fflush(stdout);
-
-    if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n,
-                                       mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_dhm_calc_secret returned %d\n\n", ret);
-        goto exit;
-    }
-
-    for (n = 0; n < 16; n++) {
-        mbedtls_printf("%02x", buf[n]);
-    }
-
-    /*
-     * 8. Setup the AES-256 decryption key
-     *
-     * This is an overly simplified example; best practice is
-     * to hash the shared secret with a random value to derive
-     * the keying material for the encryption/decryption keys,
-     * IVs and MACs.
-     */
-    mbedtls_printf("...\n  . Receiving and decrypting the ciphertext");
-    fflush(stdout);
-
-    ret = mbedtls_aes_setkey_dec(&aes, buf, 256);
-    if (ret != 0) {
-        goto exit;
-    }
-
-    memset(buf, 0, sizeof(buf));
-
-    if ((ret = mbedtls_net_recv(&server_fd, buf, 16)) != 16) {
-        mbedtls_printf(" failed\n  ! mbedtls_net_recv returned %d\n\n", ret);
-        goto exit;
-    }
-
-    ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_DECRYPT, buf, buf);
-    if (ret != 0) {
-        goto exit;
-    }
-    buf[16] = '\0';
-    mbedtls_printf("\n  . Plaintext is \"%s\"\n\n", (char *) buf);
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
-    mbedtls_net_free(&server_fd);
-
-    mbedtls_aes_free(&aes);
-    mbedtls_rsa_free(&rsa);
-    mbedtls_dhm_free(&dhm);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
-    mbedtls_mpi_free(&N);
-    mbedtls_mpi_free(&E);
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
-          MBEDTLS_NET_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 &&
-          MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@ -1,306 +0,0 @@
-/*
- *  Diffie-Hellman-Merkle key exchange (server side)
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-/* md.h is included this early since MD_CAN_XXX macros are defined there. */
-#include "mbedtls/md.h"
-
-#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
-    defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
-    defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \
-    defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/net_sockets.h"
-#include "mbedtls/aes.h"
-#include "mbedtls/dhm.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <stdio.h>
-#include <string.h>
-#endif
-
-#define SERVER_PORT "11999"
-#define PLAINTEXT "==Hello there!=="
-
-#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) ||     \
-    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) ||  \
-    !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) ||    \
-    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
-                   "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
-                   "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO and/or "
-                   "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-
-int main(void)
-{
-    FILE *f;
-
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    unsigned int mdlen;
-    size_t n, buflen;
-    mbedtls_net_context listen_fd, client_fd;
-
-    unsigned char buf[2048];
-    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-    unsigned char buf2[2];
-    const char *pers = "dh_server";
-
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    mbedtls_rsa_context rsa;
-    mbedtls_dhm_context dhm;
-    mbedtls_aes_context aes;
-
-    mbedtls_mpi N, P, Q, D, E, dhm_P, dhm_G;
-
-    mbedtls_net_init(&listen_fd);
-    mbedtls_net_init(&client_fd);
-    mbedtls_dhm_init(&dhm);
-    mbedtls_aes_init(&aes);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-
-    mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
-    mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&dhm_P);
-    mbedtls_mpi_init(&dhm_G);
-    /*
-     * 1. Setup the RNG
-     */
-    mbedtls_printf("\n  . Seeding the random number generator");
-    fflush(stdout);
-
-    mbedtls_entropy_init(&entropy);
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
-        goto exit;
-    }
-
-    /*
-     * 2a. Read the server's private RSA key
-     */
-    mbedtls_printf("\n  . Reading private key from rsa_priv.txt");
-    fflush(stdout);
-
-    if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
-        mbedtls_printf(" failed\n  ! Could not open rsa_priv.txt\n" \
-                       "  ! Please run rsa_genkey first\n\n");
-        goto exit;
-    }
-
-    mbedtls_rsa_init(&rsa);
-
-    if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_mpi_read_file returned %d\n\n",
-                       ret);
-        fclose(f);
-        goto exit;
-    }
-    fclose(f);
-
-    if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_rsa_import returned %d\n\n",
-                       ret);
-        goto exit;
-    }
-
-    if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_rsa_complete returned %d\n\n",
-                       ret);
-        goto exit;
-    }
-
-    /*
-     * 2b. Get the DHM modulus and generator
-     */
-    mbedtls_printf("\n  . Reading DH parameters from dh_prime.txt");
-    fflush(stdout);
-
-    if ((f = fopen("dh_prime.txt", "rb")) == NULL) {
-        mbedtls_printf(" failed\n  ! Could not open dh_prime.txt\n" \
-                       "  ! Please run dh_genprime first\n\n");
-        goto exit;
-    }
-
-    if ((ret = mbedtls_mpi_read_file(&dhm_P, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&dhm_G, 16, f)) != 0 ||
-        (ret = mbedtls_dhm_set_group(&dhm, &dhm_P, &dhm_G) != 0)) {
-        mbedtls_printf(" failed\n  ! Invalid DH parameter file\n\n");
-        fclose(f);
-        goto exit;
-    }
-
-    fclose(f);
-
-    /*
-     * 3. Wait for a client to connect
-     */
-    mbedtls_printf("\n  . Waiting for a remote connection");
-    fflush(stdout);
-
-    if ((ret = mbedtls_net_bind(&listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_net_bind returned %d\n\n", ret);
-        goto exit;
-    }
-
-    if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
-                                  NULL, 0, NULL)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_net_accept returned %d\n\n", ret);
-        goto exit;
-    }
-
-    /*
-     * 4. Setup the DH parameters (P,G,Ys)
-     */
-    mbedtls_printf("\n  . Sending the server's DH parameters");
-    fflush(stdout);
-
-    memset(buf, 0, sizeof(buf));
-
-    if ((ret =
-             mbedtls_dhm_make_params(&dhm, (int) mbedtls_dhm_get_len(&dhm), buf, &n,
-                                     mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_dhm_make_params returned %d\n\n", ret);
-        goto exit;
-    }
-
-    /*
-     * 5. Sign the parameters and send them
-     */
-
-    mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256));
-    if (mdlen == 0) {
-        mbedtls_printf(" failed\n  ! Invalid digest type\n\n");
-        goto exit;
-    }
-
-    if ((ret = mbedtls_sha256(buf, n, hash, 0)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_sha256 returned %d\n\n", ret);
-        goto exit;
-    }
-
-    const size_t rsa_key_len = mbedtls_rsa_get_len(&rsa);
-    buf[n] = (unsigned char) (rsa_key_len >> 8);
-    buf[n + 1] = (unsigned char) (rsa_key_len);
-
-    if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg,
-                                      MBEDTLS_MD_SHA256, mdlen,
-                                      hash, buf + n + 2)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret);
-        goto exit;
-    }
-
-    buflen = n + 2 + rsa_key_len;
-    buf2[0] = (unsigned char) (buflen >> 8);
-    buf2[1] = (unsigned char) (buflen);
-
-    if ((ret = mbedtls_net_send(&client_fd, buf2, 2)) != 2 ||
-        (ret = mbedtls_net_send(&client_fd, buf, buflen)) != (int) buflen) {
-        mbedtls_printf(" failed\n  ! mbedtls_net_send returned %d\n\n", ret);
-        goto exit;
-    }
-
-    /*
-     * 6. Get the client's public value: Yc = G ^ Xc mod P
-     */
-    mbedtls_printf("\n  . Receiving the client's public value");
-    fflush(stdout);
-
-    memset(buf, 0, sizeof(buf));
-
-    n = mbedtls_dhm_get_len(&dhm);
-    if ((ret = mbedtls_net_recv(&client_fd, buf, n)) != (int) n) {
-        mbedtls_printf(" failed\n  ! mbedtls_net_recv returned %d\n\n", ret);
-        goto exit;
-    }
-
-    if ((ret = mbedtls_dhm_read_public(&dhm, buf, n)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_dhm_read_public returned %d\n\n", ret);
-        goto exit;
-    }
-
-    /*
-     * 7. Derive the shared secret: K = Ys ^ Xc mod P
-     */
-    mbedtls_printf("\n  . Shared secret: ");
-    fflush(stdout);
-
-    if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n,
-                                       mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_dhm_calc_secret returned %d\n\n", ret);
-        goto exit;
-    }
-
-    for (n = 0; n < 16; n++) {
-        mbedtls_printf("%02x", buf[n]);
-    }
-
-    /*
-     * 8. Setup the AES-256 encryption key
-     *
-     * This is an overly simplified example; best practice is
-     * to hash the shared secret with a random value to derive
-     * the keying material for the encryption/decryption keys
-     * and MACs.
-     */
-    mbedtls_printf("...\n  . Encrypting and sending the ciphertext");
-    fflush(stdout);
-
-    ret = mbedtls_aes_setkey_enc(&aes, buf, 256);
-    if (ret != 0) {
-        goto exit;
-    }
-    memcpy(buf, PLAINTEXT, 16);
-    ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_ENCRYPT, buf, buf);
-    if (ret != 0) {
-        goto exit;
-    }
-
-    if ((ret = mbedtls_net_send(&client_fd, buf, 16)) != 16) {
-        mbedtls_printf(" failed\n  ! mbedtls_net_send returned %d\n\n", ret);
-        goto exit;
-    }
-
-    mbedtls_printf("\n\n");
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
-    mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
-    mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&dhm_P);
-    mbedtls_mpi_free(&dhm_G);
-
-    mbedtls_net_free(&client_fd);
-    mbedtls_net_free(&listen_fd);
-
-    mbedtls_aes_free(&aes);
-    mbedtls_rsa_free(&rsa);
-    mbedtls_dhm_free(&dhm);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
-          MBEDTLS_NET_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 &&
-          MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */