client2.c (5872B)
1 #! /usr/bin/env sheepy 2 3 /* 4 client2 and server2 are following request/response model. 5 6 Steps in client 7 - generate keys 8 - connect to server 9 - send signature, identity public key, session public key, write 0 for id key and signature if 10 the client doesn't have an id 11 - check server identity with signature, store nonce 12 - store remote public key 13 - send encrypted message 14 - get encrypted response 15 16 Steps in server 17 - generate keys 18 - start event loop 19 - store remote session public key 20 - check identity with signature 21 - send signature, identity public key, session public key, nonce 22 - get encrypted message 23 - send encrypted response 24 25 This version uses secret/symetric key encryption after the key exchange. 26 27 For more nonce randomness, the server can provide the first nonce with the public keys when the session opens 28 29 >> when sending large amount of data, use stream functions 30 >> use aead functions only if there are metadata 31 >> privelege separation: have a seperate process with the secrets 32 >> to change id: sign id public key, sign id public key and signature and the new id public key with the new id key 33 34 */ 35 36 #include "libsheepyObject.h" 37 38 #include <sys/types.h> 39 #include <sys/socket.h> 40 #include <netdb.h> 41 #include <netinet/in.h> 42 43 #include "sel.h" 44 45 int main(int ac, char **av) { 46 47 setLogMode(LOG_FUNC); 48 49 if (not selInit()) ret 1; 50 51 // generate keys 52 bool isKnownServer = no; 53 const char* remoteIdFilename = "remoteId.bin"; 54 bool sendClientIdToServer = yes; 55 56 newKeys(); 57 newSignKeys(); 58 59 // load server id if possible 60 if (isPath(remoteIdFilename)) { 61 logI("Server is known"); 62 pError0(bLReadFile(remoteIdFilename, remoteId, sizeof(remoteId))); 63 isKnownServer = yes; 64 } 65 66 char *msg = "Hello"; 67 68 logI("message: %s\n", msg); 69 70 71 // connect to server 72 int sock; 73 struct sockaddr_in server; 74 struct hostent *hp; 75 int mysock; 76 char buf[128*1024]; 77 int rval; 78 79 sock = socket(AF_INET, SOCK_STREAM, 0); 80 if (sock < 0){ 81 perror("Failed to create socket"); 82 } 83 84 server.sin_family = AF_INET; 85 86 hp = gethostbyname(av[1]); 87 if (hp==0) { 88 perror("gethostbyname failed"); 89 close(sock); 90 exit(1); 91 } 92 93 memcpy(&server.sin_addr, hp->h_addr, hp->h_length); 94 server.sin_port = htons(5000); 95 96 if (connect(sock,(struct sockaddr *) &server, sizeof(server))){ 97 perror("connect failed"); 98 close(sock); 99 exit(1); 100 } 101 102 void snd(void *buf, size_t sz) { 103 logVarG(sz); 104 if(send(sock, buf, sz, 0) < 0){ 105 perror("send failed"); 106 close(sock); 107 exit(1); 108 } 109 } 110 111 void rcv(void *buf, size_t sz) { 112 while (sz > 0) { 113 rval = recv(sock, buf, sz, MSG_WAITALL); 114 if (rval < 0) { 115 perror("reading message"); 116 exit(1); 117 } 118 else if (rval == 0) { 119 logI("Ending connection"); 120 close(sock); 121 exit(0); 122 } 123 sz -= rval; 124 } 125 logVarG(rval); 126 } 127 128 // send public key 129 // store remote public key 130 void getServerPublicKey(void) { 131 u8 exchange[crypto_sign_BYTES + crypto_sign_PUBLICKEYBYTES + sizeof(keys.publicKey)] = init0Var; 132 memcpy(exchange+crypto_sign_BYTES+crypto_sign_PUBLICKEYBYTES, &keys.publicKey, sizeof(keys.publicKey)); 133 if (not sendClientIdToServer) { 134 snd(exchange, sizeof(exchange)); 135 } 136 else { 137 // send client id 138 // sign keys with id key 139 memcpy(exchange+crypto_sign_BYTES, &identityKeys.publicKey, sizeof(identityKeys.publicKey)); 140 u8 signed_message[sizeof(exchange)] = init0Var; 141 unsigned long long signed_message_len = 0; 142 crypto_sign(signed_message, &signed_message_len, exchange+crypto_sign_BYTES, sizeof(exchange)-crypto_sign_BYTES, identityKeys.secretKey); 143 snd(signed_message, sizeof(signed_message)); 144 } 145 146 u8 serverInfo[crypto_sign_BYTES + crypto_sign_PUBLICKEYBYTES + sizeof(keys.remotePublicKey) + crypto_box_NONCEBYTES] = init0Var; 147 rcv(serverInfo, sizeof(serverInfo)); 148 149 // check remote server 150 u8 unsigned_message[crypto_sign_PUBLICKEYBYTES + sizeof(keys.remotePublicKey) + crypto_box_NONCEBYTES] = init0Var; 151 unsigned long long unsigned_message_len; 152 const u8 *idPublicKey = remoteId; 153 if (not isKnownServer) { 154 // TOFU - trust on first use 155 idPublicKey = serverInfo + crypto_sign_BYTES; 156 } 157 158 if (crypto_sign_open(unsigned_message, &unsigned_message_len, serverInfo, sizeof(serverInfo), idPublicKey) != 0) { 159 logE("Incorrect signature!"); 160 } 161 else { 162 logP("Correct signature"); 163 } 164 165 memcpy(keys.remotePublicKey, unsigned_message + crypto_sign_PUBLICKEYBYTES, sizeof(keys.remotePublicKey)); 166 memcpy(sessionKeys.nonce, unsigned_message + crypto_sign_PUBLICKEYBYTES + sizeof(keys.remotePublicKey), crypto_box_NONCEBYTES); 167 168 if (not isKnownServer) { 169 // store server id key 170 pError0(writeFile(remoteIdFilename, (u8*)idPublicKey, crypto_sign_PUBLICKEYBYTES)); 171 logI("Saved server id"); 172 } 173 174 logD("Remote public key"); 175 loghex(keys.remotePublicKey, sizeof(keys.remotePublicKey)); 176 put; 177 178 // key exchange 179 if (not computeSharedKeys(CLIENT_SESSION_KEYS)) { 180 logE("Invalid server key"); 181 exit(1); 182 } 183 } 184 185 getServerPublicKey(); 186 187 // send encrypted message 188 // *nonce is incremented by after sending or receiving a message 189 // *nonce is allowed to wrap from the max value 190 u64 *nonce = (u64*)sessionKeys.nonce; 191 logVarG(*nonce); 192 int len = selEncrypt(buf, sizeof(buf), msg, strlen(msg)); 193 inc *nonce; 194 195 logVarG(len); 196 197 snd(&len, sizeof(len)); 198 snd(buf, len); 199 200 // get encrypted response 201 rcv(&len, sizeof(len)); 202 rcv(buf, len); 203 204 u8 decrypted[1000]; 205 logVarG(*nonce); 206 len = selDecrypt(decrypted, sizeof(decrypted), buf, len); 207 inc *nonce; 208 209 if (!len) { 210 logE("failed to decrypt"); 211 ret 1; 212 } 213 214 decrypted[len] = 0; 215 216 logI("decrypted: %s", decrypted); 217 218 close(sock); 219 } 220 // vim: set expandtab ts=2 sw=2: