Server and client implementation for encrypted udp logger

author: Dirk Engling <erdgeist@erdgeist.org> 2020-12-04 06:11:14 +0100
committer: Dirk Engling <erdgeist@erdgeist.org> 2020-12-04 06:11:14 +0100
commit: 4638e0dfc3be720962990e5529587ee22d62f219 (patch)
tree: b55c4320db2615016691c9d7c74b57f9d0b34cdb /sender.c
1 files changed, 110 insertions, 0 deletions
diff --git a/sender.c b/sender.c
new file mode 100644
index 0000000..3469735
--- /dev/null
+++ b/sender.c
@@ -0,0 +1,110 @@
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <string.h>
+#include <err.h>
+#include <inttypes.h>
+#include <arpa/inet.h>
+#include <unistd.h>
+#include <mbedtls/pk.h>
+#include <mbedtls/entropy.h>
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/gcm.h"
+const unsigned short PORT = 58132;
+static const unsigned char pubkey[] =
+"-----BEGIN PUBLIC KEY-----\n"
+"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWlNmLHOOzZpdrfp+EAA\n"
+"Nwqab0FhQwCyZ/u+ySBW5XxPf6mobySvtJrLdsWzdwnup/UfwZiEhJk/4wpD4Qf/\n"
+"2+syuJi3Rf7L+Jfh//Qf9uXAS80+LYad7dW0c1r5nt+F9Can5fBn7futnd8n672T\n"
+"+y8QpHRwX9GtaILvYQe5GQac8cfq2rGUd5iYj5KSdcaIZnJ4YgnjLHg2PMbtEJwq\n"
+"cV+2oAkcOPzTAJoNE7XjLZTwXmLlFgL/2cN4uJZBDnwv3RZSAhpdYF4KOJmE2GFs\n"
+"2jdvRUrYO7WSl8fM16vRH4vz5MNNcaprg2MlXheVTPQa+WMdcz7dyQx8s9kRVPPU\n"
+"SwIDAQAB \n"
+"-----END PUBLIC KEY----- \n";
+static const unsigned char pp[] = "IJUHZGFDXTZKHJKHGFDHZLUÖDRTFGHHJGHH";
+enum { SESSION_ID_LENGTH = 8, AES_KEY_LENGTH = 16, GCM_IV_LENGTH = 16, GCM_TAG_LENGTH = 16 };
+static uint8_t session_id[8] = { 0xef, 0xcd, 0xab, 0x89, 0x67, 0x45, 0x23, 0x01 };
+static uint8_t aes_key[16] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
+void send_udp(int sock, mbedtls_ctr_drbg_context *ctr_drbg, const uint8_t *text, size_t len) {
+    uint8_t iv[GCM_IV_LENGTH];
+    mbedtls_ctr_drbg_random(ctr_drbg, iv, sizeof(GCM_IV_LENGTH));
+    const size_t total_length = 1 + SESSION_ID_LENGTH + GCM_IV_LENGTH + GCM_TAG_LENGTH + len;
+    uint8_t *output = alloca(total_length);
+    output[0] = 1;
+    memcpy(output + 1, session_id, SESSION_ID_LENGTH);
+    memcpy(output + 1 + SESSION_ID_LENGTH, iv, GCM_IV_LENGTH);
+    mbedtls_gcm_context ctx;
+    mbedtls_gcm_init(&ctx);
+    mbedtls_gcm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, aes_key, 8 * AES_KEY_LENGTH);
+    if (!mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, len, iv, GCM_IV_LENGTH, session_id, SESSION_ID_LENGTH,
+                                  text, output + 1 + SESSION_ID_LENGTH + GCM_IV_LENGTH + GCM_TAG_LENGTH, GCM_TAG_LENGTH,
+                                  output + 1 + SESSION_ID_LENGTH + GCM_IV_LENGTH)) {
+        struct sockaddr_in to;
+        memset(&to, 0, sizeof(to));
+        to.sin_family      = AF_INET;
+        to.sin_addr.s_addr = inet_addr("127.0.0.1");
+        to.sin_port        = htons(PORT);
+        sendto(sock, output, total_length, 0, (struct sockaddr*)&to, sizeof(to));
+    }
+    mbedtls_gcm_free(&ctx);
+}
+void new_session(int sock, mbedtls_ctr_drbg_context *ctr_drbg) {
+    mbedtls_ctr_drbg_random(ctr_drbg, session_id, sizeof(session_id));
+    mbedtls_ctr_drbg_random(ctr_drbg, aes_key, sizeof(aes_key));
+    unsigned char output[512];
+    output[0] = 0;
+    memcpy(output + 1, session_id, SESSION_ID_LENGTH);
+    mbedtls_pk_context pk;
+    mbedtls_pk_init(&pk);
+    int ret = 0;
+    if ((ret = mbedtls_pk_parse_public_key(&pk, pubkey, sizeof(pubkey)) ) != 0 )
+        errx(-1, "mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret );
+    size_t olen = 0;
+    if ((ret = mbedtls_pk_encrypt(&pk, aes_key, AES_KEY_LENGTH, output + 1 + SESSION_ID_LENGTH, &olen,
+                                  sizeof(output) - 1 - SESSION_ID_LENGTH, mbedtls_ctr_drbg_random, ctr_drbg)) != 0)
+        errx(-1, "mbedtls_pk_encrypt returned -0x%04x\n", -ret );
+    mbedtls_pk_free(&pk);
+    struct sockaddr_in to;
+    memset(&to, 0, sizeof(to));
+    to.sin_family      = AF_INET;
+    to.sin_addr.s_addr = inet_addr("127.0.0.1");
+    to.sin_port        = htons(PORT);
+    sendto(sock, output, olen + 1 + SESSION_ID_LENGTH, 0, (struct sockaddr*)&to, sizeof(to));
+}
+int main() {
+    mbedtls_ctr_drbg_context ctr_drbg;
+    mbedtls_entropy_context entropy;
+    mbedtls_entropy_init(&entropy);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+    mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, pp, sizeof(pp));
+    int sock = socket(AF_INET, SOCK_DGRAM, 0);
+    new_session(sock, &ctr_drbg);
+    sleep(3);
+    const unsigned char *logline = (const unsigned char*)"Juchuuu, es klappt!\n";
+    send_udp(sock, &ctr_drbg, logline, strlen((char*)logline));
+    close(sock);
+}
author	Dirk Engling <erdgeist@erdgeist.org>	2020-12-04 06:11:14 +0100
committer	Dirk Engling <erdgeist@erdgeist.org>	2020-12-04 06:11:14 +0100
commit	4638e0dfc3be720962990e5529587ee22d62f219 (patch)
tree	b55c4320db2615016691c9d7c74b57f9d0b34cdb /sender.c

diff --git a/sender.c b/sender.c new file mode 100644 index 0000000..3469735 --- /dev/null +++ b/sender.c
@@ -0,0 +1,110 @@
	1	#include <sys/socket.h>
	2	#include <netinet/in.h>
	3	#include <string.h>
	4	#include <err.h>
	5	#include <inttypes.h>
	6	#include <arpa/inet.h>
	7	#include <unistd.h>
	8
	9	#include <mbedtls/pk.h>
	10	#include <mbedtls/entropy.h>
	11	#include "mbedtls/ctr_drbg.h"
	12	#include "mbedtls/gcm.h"
	13
	14	const unsigned short PORT = 58132;
	15
	16	static const unsigned char pubkey[] =
	17	"-----BEGIN PUBLIC KEY-----\n"
	18	"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWlNmLHOOzZpdrfp+EAA\n"
	19	"Nwqab0FhQwCyZ/u+ySBW5XxPf6mobySvtJrLdsWzdwnup/UfwZiEhJk/4wpD4Qf/\n"
	20	"2+syuJi3Rf7L+Jfh//Qf9uXAS80+LYad7dW0c1r5nt+F9Can5fBn7futnd8n672T\n"
	21	"+y8QpHRwX9GtaILvYQe5GQac8cfq2rGUd5iYj5KSdcaIZnJ4YgnjLHg2PMbtEJwq\n"
	22	"cV+2oAkcOPzTAJoNE7XjLZTwXmLlFgL/2cN4uJZBDnwv3RZSAhpdYF4KOJmE2GFs\n"
	23	"2jdvRUrYO7WSl8fM16vRH4vz5MNNcaprg2MlXheVTPQa+WMdcz7dyQx8s9kRVPPU\n"
	24	"SwIDAQAB \n"
	25	"-----END PUBLIC KEY----- \n";
	26
	27	static const unsigned char pp[] = "IJUHZGFDXTZKHJKHGFDHZLUÖDRTFGHHJGHH";
	28
	29	enum { SESSION_ID_LENGTH = 8, AES_KEY_LENGTH = 16, GCM_IV_LENGTH = 16, GCM_TAG_LENGTH = 16 };
	30	static uint8_t session_id[8] = { 0xef, 0xcd, 0xab, 0x89, 0x67, 0x45, 0x23, 0x01 };
	31	static uint8_t aes_key[16] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
	32
	33	void send_udp(int sock, mbedtls_ctr_drbg_context ctr_drbg, const uint8_t text, size_t len) {
	34	uint8_t iv[GCM_IV_LENGTH];
	35	mbedtls_ctr_drbg_random(ctr_drbg, iv, sizeof(GCM_IV_LENGTH));
	36
	37	const size_t total_length = 1 + SESSION_ID_LENGTH + GCM_IV_LENGTH + GCM_TAG_LENGTH + len;
	38	uint8_t *output = alloca(total_length);
	39	output[0] = 1;
	40	memcpy(output + 1, session_id, SESSION_ID_LENGTH);
	41	memcpy(output + 1 + SESSION_ID_LENGTH, iv, GCM_IV_LENGTH);
	42
	43	mbedtls_gcm_context ctx;
	44	mbedtls_gcm_init(&ctx);
	45	mbedtls_gcm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, aes_key, 8 * AES_KEY_LENGTH);
	46
	47	if (!mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, len, iv, GCM_IV_LENGTH, session_id, SESSION_ID_LENGTH,
	48	text, output + 1 + SESSION_ID_LENGTH + GCM_IV_LENGTH + GCM_TAG_LENGTH, GCM_TAG_LENGTH,
	49	output + 1 + SESSION_ID_LENGTH + GCM_IV_LENGTH)) {
	50	struct sockaddr_in to;
	51	memset(&to, 0, sizeof(to));
	52	to.sin_family = AF_INET;
	53	to.sin_addr.s_addr = inet_addr("127.0.0.1");
	54	to.sin_port = htons(PORT);
	55
	56	sendto(sock, output, total_length, 0, (struct sockaddr*)&to, sizeof(to));
	57	}
	58
	59	mbedtls_gcm_free(&ctx);
	60	}
	61
	62	void new_session(int sock, mbedtls_ctr_drbg_context *ctr_drbg) {
	63	mbedtls_ctr_drbg_random(ctr_drbg, session_id, sizeof(session_id));
	64	mbedtls_ctr_drbg_random(ctr_drbg, aes_key, sizeof(aes_key));
	65
	66	unsigned char output[512];
	67	output[0] = 0;
	68	memcpy(output + 1, session_id, SESSION_ID_LENGTH);
	69
	70	mbedtls_pk_context pk;
	71	mbedtls_pk_init(&pk);
	72	int ret = 0;
	73	if ((ret = mbedtls_pk_parse_public_key(&pk, pubkey, sizeof(pubkey)) ) != 0 )
	74	errx(-1, "mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret );
	75
	76	size_t olen = 0;
	77	if ((ret = mbedtls_pk_encrypt(&pk, aes_key, AES_KEY_LENGTH, output + 1 + SESSION_ID_LENGTH, &olen,
	78	sizeof(output) - 1 - SESSION_ID_LENGTH, mbedtls_ctr_drbg_random, ctr_drbg)) != 0)
	79	errx(-1, "mbedtls_pk_encrypt returned -0x%04x\n", -ret );
	80
	81	mbedtls_pk_free(&pk);
	82
	83	struct sockaddr_in to;
	84	memset(&to, 0, sizeof(to));
	85	to.sin_family = AF_INET;
	86	to.sin_addr.s_addr = inet_addr("127.0.0.1");
	87	to.sin_port = htons(PORT);
	88
	89	sendto(sock, output, olen + 1 + SESSION_ID_LENGTH, 0, (struct sockaddr*)&to, sizeof(to));
	90	}
	91
	92	int main() {
	93	mbedtls_ctr_drbg_context ctr_drbg;
	94	mbedtls_entropy_context entropy;
	95
	96	mbedtls_entropy_init(&entropy);
	97	mbedtls_ctr_drbg_init(&ctr_drbg);
	98	mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, pp, sizeof(pp));
	99
	100	int sock = socket(AF_INET, SOCK_DGRAM, 0);
	101
	102	new_session(sock, &ctr_drbg);
	103
	104	sleep(3);
	105
	106	const unsigned char logline = (const unsigned char)"Juchuuu, es klappt!\n";
	107	send_udp(sock, &ctr_drbg, logline, strlen((char*)logline));
	108
	109	close(sock);
	110	}