/**
* gnutls_certificate_set_openpgp_key_mem - Used to set OpenPGP keys
* @res: the destination context to save the data.
* @cert: the datum that contains the public key.
* @key: the datum that contains the secret key.
* @format: the format of the keys
*
* This funtion is used to load OpenPGP keys into the GnuTLS credential
* structure. The files should contain non encrypted keys.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
int
gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t res,
const gnutls_datum_t * cert,
const gnutls_datum_t * key,
gnutls_openpgp_crt_fmt_t format)
{
return gnutls_certificate_set_openpgp_key_mem2 (res, cert, key,
NULL, format);
}
/**
* gnutls_certificate_set_openpgp_key_file2 - Used to set OpenPGP keys
* @res: the destination context to save the data.
* @certfile: the file that contains the public key.
* @keyfile: the file that contains the secret key.
* @subkey_id: a hex encoded subkey id
* @format: the format of the keys
*
* This funtion is used to load OpenPGP keys into the GnuTLS credential
* structure. The files should contain non encrypted keys.
*
* The special keyword "auto" is also accepted as @subkey_id. In that
* case the gnutls_openpgp_crt_get_auth_subkey() will be used to
* retrieve the subkey.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
*
* Since: 2.4.0
**/
int
gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t res,
const char *certfile,
const char *keyfile,
const char *subkey_id,
gnutls_openpgp_crt_fmt_t format)
{
struct stat statbuf;
gnutls_datum_t key, cert;
int rc;
size_t size;
if (!res || !keyfile || !certfile)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
if (stat (certfile, &statbuf) || stat (keyfile, &statbuf))
{
gnutls_assert ();
return GNUTLS_E_FILE_ERROR;
}
cert.data = read_binary_file (certfile, &size);
cert.size = (unsigned int) size;
if (cert.data == NULL)
{
gnutls_assert ();
return GNUTLS_E_FILE_ERROR;
}
key.data = read_binary_file (keyfile, &size);
key.size = (unsigned int) size;
if (key.data == NULL)
{
gnutls_assert ();
free (cert.data);
return GNUTLS_E_FILE_ERROR;
}
rc =
gnutls_certificate_set_openpgp_key_mem2 (res, &cert, &key, subkey_id,
format);
free (cert.data);
free (key.data);
if (rc < 0)
{
gnutls_assert ();
return rc;
}
return 0;
}
static void
server (void)
{
/* this must be called once in the program
*/
gnutls_global_init ();
gnutls_global_set_log_function (tls_log_func);
if (debug)
gnutls_global_set_log_level (4711);
gnutls_certificate_allocate_credentials (&pgp_cred);
ret = gnutls_certificate_set_openpgp_key_mem2 (pgp_cred, &server_crt,
&server_key, "auto",
GNUTLS_OPENPGP_FMT_BASE64);
if (err < 0)
{
fail ("Could not set server key files...\n");
}
if (debug)
success ("Launched, setting DH parameters...\n");
generate_dh_params ();
gnutls_certificate_set_dh_params (pgp_cred, dh_params);
client_len = sizeof (sa_cli);
session = initialize_tls_session ();
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
if (debug)
success ("server: connection from %s, port %d\n",
inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
if (ret < 0)
{
close (sd);
gnutls_deinit (session);
fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
return;
}
if (debug)
success ("server: Handshake was completed\n");
if (debug)
success ("server: TLS version is: %s\n",
gnutls_protocol_get_name (gnutls_protocol_get_version
(session)));
/* see the Getting peer's information example */
if (debug)
print_info (session);
i = 0;
for (;;)
{
memset (buffer, 0, MAX_BUF + 1);
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
{
if (debug)
success ("server: Peer has closed the GnuTLS connection\n");
break;
}
else if (ret < 0)
{
fail ("server: Received corrupted data(%d). Closing...\n", ret);
break;
}
else if (ret > 0)
{
/* echo data back to the client
*/
gnutls_record_send (session, buffer, strlen (buffer));
}
}
/* do not wait for the peer to close the connection.
*/
gnutls_bye (session, GNUTLS_SHUT_WR);
close (sd);
gnutls_deinit (session);
close (listen_sd);
gnutls_certificate_free_credentials (pgp_cred);
gnutls_dh_params_deinit (dh_params);
gnutls_global_deinit ();
if (debug)
success ("server: finished\n");
}
static void server(int sds[])
{
int j;
/* this must be called once in the program
*/
global_init();
gnutls_global_set_log_function(tls_log_func);
if (debug)
gnutls_global_set_log_level(5);
if (debug)
success("Launched, setting DH parameters...\n");
generate_dh_params();
for (j = 0; j < SESSIONS; j++) {
int sd = sds[j];
if (j == 0) {
gnutls_certificate_allocate_credentials(&pgp_cred);
ret =
gnutls_certificate_set_openpgp_key_mem2
(pgp_cred, &server_crt, &server_key, "auto",
GNUTLS_OPENPGP_FMT_BASE64);
} else {
gnutls_certificate_free_credentials(pgp_cred);
gnutls_certificate_allocate_credentials(&pgp_cred);
ret =
gnutls_certificate_set_openpgp_key_mem2
(pgp_cred, &cert2048, &key2048, "auto",
GNUTLS_OPENPGP_FMT_BASE64);
}
if (ret < 0) {
fail("Could not set server key files...\n");
goto end;
}
gnutls_certificate_set_dh_params(pgp_cred, dh_params);
session = initialize_tls_session();
gnutls_transport_set_int(session, sd);
ret = gnutls_handshake(session);
if (ret < 0) {
close(sd);
gnutls_deinit(session);
fail("server: Handshake %d has failed (%s)\n\n",
j, gnutls_strerror(ret));
goto end;
}
if (debug)
success("server: Handshake %d was completed\n", j);
if (debug)
success("server: TLS version is: %s\n",
gnutls_protocol_get_name
(gnutls_protocol_get_version(session)));
/* see the Getting peer's information example */
if (debug)
print_info(session);
for (;;) {
memset(buffer, 0, MAX_BUF + 1);
ret = gnutls_record_recv(session, buffer, MAX_BUF);
if (ret == 0) {
if (debug)
success
("server: Peer has closed the GnuTLS connection\n");
break;
} else if (ret < 0) {
fail("server: Received corrupted data(%d). Closing...\n", ret);
goto end;
} else if (ret > 0) {
/* echo data back to the client
*/
gnutls_record_send(session, buffer,
strlen(buffer));
}
}
/* do not wait for the peer to close the connection.
*/
gnutls_bye(session, GNUTLS_SHUT_WR);
close(sd);
gnutls_deinit(session);
}
end:
gnutls_certificate_free_credentials(pgp_cred);
gnutls_dh_params_deinit(dh_params);
gnutls_global_deinit();
if (debug)
success("server: finished\n");
}
