From 4638e0dfc3be720962990e5529587ee22d62f219 Mon Sep 17 00:00:00 2001
From: Dirk Engling <erdgeist@erdgeist.org>
Date: Fri, 4 Dec 2020 06:11:14 +0100
Subject: Server and client implementation for encrypted udp logger

---
 sender.c | 110 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 110 insertions(+)
 create mode 100644 sender.c

(limited to 'sender.c')

diff --git a/sender.c b/sender.c
new file mode 100644
index 0000000..3469735
--- /dev/null
+++ b/sender.c
@@ -0,0 +1,110 @@
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <string.h>
+#include <err.h>
+#include <inttypes.h>
+#include <arpa/inet.h>
+#include <unistd.h>
+
+#include <mbedtls/pk.h>
+#include <mbedtls/entropy.h>
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/gcm.h"
+
+const unsigned short PORT = 58132;
+
+static const unsigned char pubkey[] =
+"-----BEGIN PUBLIC KEY-----\n"
+"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWlNmLHOOzZpdrfp+EAA\n"
+"Nwqab0FhQwCyZ/u+ySBW5XxPf6mobySvtJrLdsWzdwnup/UfwZiEhJk/4wpD4Qf/\n"
+"2+syuJi3Rf7L+Jfh//Qf9uXAS80+LYad7dW0c1r5nt+F9Can5fBn7futnd8n672T\n"
+"+y8QpHRwX9GtaILvYQe5GQac8cfq2rGUd5iYj5KSdcaIZnJ4YgnjLHg2PMbtEJwq\n"
+"cV+2oAkcOPzTAJoNE7XjLZTwXmLlFgL/2cN4uJZBDnwv3RZSAhpdYF4KOJmE2GFs\n"
+"2jdvRUrYO7WSl8fM16vRH4vz5MNNcaprg2MlXheVTPQa+WMdcz7dyQx8s9kRVPPU\n"
+"SwIDAQAB \n"
+"-----END PUBLIC KEY----- \n";
+
+static const unsigned char pp[] = "IJUHZGFDXTZKHJKHGFDHZLUÖDRTFGHHJGHH";
+
+enum { SESSION_ID_LENGTH = 8, AES_KEY_LENGTH = 16, GCM_IV_LENGTH = 16, GCM_TAG_LENGTH = 16 };
+static uint8_t session_id[8] = { 0xef, 0xcd, 0xab, 0x89, 0x67, 0x45, 0x23, 0x01 };
+static uint8_t aes_key[16] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
+
+void send_udp(int sock, mbedtls_ctr_drbg_context *ctr_drbg, const uint8_t *text, size_t len) {
+    uint8_t iv[GCM_IV_LENGTH];
+    mbedtls_ctr_drbg_random(ctr_drbg, iv, sizeof(GCM_IV_LENGTH));
+
+    const size_t total_length = 1 + SESSION_ID_LENGTH + GCM_IV_LENGTH + GCM_TAG_LENGTH + len;
+    uint8_t *output = alloca(total_length);
+    output[0] = 1;
+    memcpy(output + 1, session_id, SESSION_ID_LENGTH);
+    memcpy(output + 1 + SESSION_ID_LENGTH, iv, GCM_IV_LENGTH);
+
+    mbedtls_gcm_context ctx;
+    mbedtls_gcm_init(&ctx);
+    mbedtls_gcm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, aes_key, 8 * AES_KEY_LENGTH);
+
+    if (!mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, len, iv, GCM_IV_LENGTH, session_id, SESSION_ID_LENGTH,
+                                  text, output + 1 + SESSION_ID_LENGTH + GCM_IV_LENGTH + GCM_TAG_LENGTH, GCM_TAG_LENGTH,
+                                  output + 1 + SESSION_ID_LENGTH + GCM_IV_LENGTH)) {
+        struct sockaddr_in to;
+        memset(&to, 0, sizeof(to));
+        to.sin_family      = AF_INET;
+        to.sin_addr.s_addr = inet_addr("127.0.0.1");
+        to.sin_port        = htons(PORT);
+
+        sendto(sock, output, total_length, 0, (struct sockaddr*)&to, sizeof(to));
+    }
+
+    mbedtls_gcm_free(&ctx);
+}
+
+void new_session(int sock, mbedtls_ctr_drbg_context *ctr_drbg) {
+    mbedtls_ctr_drbg_random(ctr_drbg, session_id, sizeof(session_id));
+    mbedtls_ctr_drbg_random(ctr_drbg, aes_key, sizeof(aes_key));
+
+    unsigned char output[512];
+    output[0] = 0;
+    memcpy(output + 1, session_id, SESSION_ID_LENGTH);
+
+    mbedtls_pk_context pk;
+    mbedtls_pk_init(&pk);
+    int ret = 0;
+    if ((ret = mbedtls_pk_parse_public_key(&pk, pubkey, sizeof(pubkey)) ) != 0 )
+        errx(-1, "mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret );
+
+    size_t olen = 0;
+    if ((ret = mbedtls_pk_encrypt(&pk, aes_key, AES_KEY_LENGTH, output + 1 + SESSION_ID_LENGTH, &olen,
+                                  sizeof(output) - 1 - SESSION_ID_LENGTH, mbedtls_ctr_drbg_random, ctr_drbg)) != 0)
+        errx(-1, "mbedtls_pk_encrypt returned -0x%04x\n", -ret );
+
+    mbedtls_pk_free(&pk);
+
+    struct sockaddr_in to;
+    memset(&to, 0, sizeof(to));
+    to.sin_family      = AF_INET;
+    to.sin_addr.s_addr = inet_addr("127.0.0.1");
+    to.sin_port        = htons(PORT);
+
+    sendto(sock, output, olen + 1 + SESSION_ID_LENGTH, 0, (struct sockaddr*)&to, sizeof(to));
+}
+
+int main() {
+    mbedtls_ctr_drbg_context ctr_drbg;
+    mbedtls_entropy_context entropy;
+
+    mbedtls_entropy_init(&entropy);
+    mbedtls_ctr_drbg_init(&ctr_drbg);
+    mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, pp, sizeof(pp));
+
+    int sock = socket(AF_INET, SOCK_DGRAM, 0);
+
+    new_session(sock, &ctr_drbg);
+
+    sleep(3);
+
+    const unsigned char *logline = (const unsigned char*)"Juchuuu, es klappt!\n";
+    send_udp(sock, &ctr_drbg, logline, strlen((char*)logline));
+
+    close(sock);
+}
-- 
cgit v1.2.3