static void
init_global_tls_stuff (void)
{
int ret;
/* X509 stuff */
if (gnutls_certificate_allocate_credentials (&xcred) < 0)
{
fprintf (stderr, "Certificate allocation memory error\n");
exit (1);
}
if (x509_cafile != NULL)
{
ret = gnutls_certificate_set_x509_trust_file (xcred,
x509_cafile, x509ctype);
if (ret < 0)
{
fprintf (stderr, "Error setting the x509 trust file\n");
}
else
{
printf ("Processed %d CA certificate(s).\n", ret);
}
}
#ifdef ENABLE_PKI
if (x509_crlfile != NULL)
{
ret = gnutls_certificate_set_x509_crl_file (xcred, x509_crlfile,
x509ctype);
if (ret < 0)
{
fprintf (stderr, "Error setting the x509 CRL file\n");
}
else
{
printf ("Processed %d CRL(s).\n", ret);
}
}
#endif
load_keys ();
#ifdef ENABLE_OPENPGP
if (pgp_keyring != NULL)
{
ret =
gnutls_certificate_set_openpgp_keyring_file (xcred, pgp_keyring,
GNUTLS_OPENPGP_FMT_BASE64);
if (ret < 0)
{
fprintf (stderr, "Error setting the OpenPGP keyring file\n");
}
}
#endif
#ifdef ENABLE_SRP
if (srp_username && srp_passwd)
{
/* SRP stuff */
if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0)
{
fprintf (stderr, "SRP authentication error\n");
}
gnutls_srp_set_client_credentials_function (srp_cred,
srp_username_callback);
}
#endif
#ifdef ENABLE_PSK
/* PSK stuff */
if (gnutls_psk_allocate_client_credentials (&psk_cred) < 0)
{
fprintf (stderr, "PSK authentication error\n");
}
if (psk_username && psk_key.data)
{
ret = gnutls_psk_set_client_credentials (psk_cred,
psk_username, &psk_key,
GNUTLS_PSK_KEY_HEX);
if (ret < 0)
{
fprintf (stderr, "Error setting the PSK credentials: %s\n",
gnutls_strerror (ret));
}
}
gnutls_psk_set_client_credentials_function (psk_cred, psk_callback);
#endif
#ifdef ENABLE_ANON
/* ANON stuff */
if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0)
{
fprintf (stderr, "Anonymous authentication error\n");
}
#endif
}
static void
init_global_tls_stuff (void)
{
int ret;
if ((ret = gnutls_global_init ()) < 0)
{
fprintf (stderr, "global_init: %s\n", gnutls_strerror (ret));
exit (1);
}
gnutls_global_set_log_function (tls_log_func);
gnutls_global_set_log_level (debug);
if ((ret = gnutls_global_init_extra ()) < 0)
{
fprintf (stderr, "global_init_extra: %s\n", gnutls_strerror (ret));
// exit (1);
}
/* X509 stuff */
if (gnutls_certificate_allocate_credentials (&xcred) < 0)
{
fprintf (stderr, "Certificate allocation memory error\n");
exit (1);
}
/* there are some CAs that have a v1 certificate *%&@#*%&
*/
gnutls_certificate_set_verify_flags (xcred,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
if (x509_cafile != NULL)
{
ret =
gnutls_certificate_set_x509_trust_file (xcred,
x509_cafile, x509ctype);
if (ret < 0)
{
fprintf (stderr, "Error setting the x509 trust file\n");
}
else
{
printf ("Processed %d CA certificate(s).\n", ret);
}
}
#ifdef ENABLE_PKI
if (x509_crlfile != NULL)
{
ret =
gnutls_certificate_set_x509_crl_file (xcred, x509_crlfile, x509ctype);
if (ret < 0)
{
fprintf (stderr, "Error setting the x509 CRL file\n");
}
else
{
printf ("Processed %d CRL(s).\n", ret);
}
}
#endif
load_keys ();
#ifdef ENABLE_OPENPGP
if (pgp_keyring != NULL)
{
ret = gnutls_certificate_set_openpgp_keyring_file (xcred, pgp_keyring);
if (ret < 0)
{
fprintf (stderr, "Error setting the OpenPGP keyring file\n");
}
}
if (pgp_trustdb != NULL)
{
ret = gnutls_certificate_set_openpgp_trustdb (xcred, pgp_trustdb);
if (ret < 0)
{
fprintf (stderr, "Error setting the OpenPGP trustdb file\n");
}
}
#endif
#ifdef ENABLE_SRP
/* SRP stuff */
if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0)
{
fprintf (stderr, "SRP authentication error\n");
}
gnutls_srp_set_client_credentials_function (srp_cred,
srp_username_callback);
#endif
#ifdef ENABLE_PSK
/* SRP stuff */
if (gnutls_psk_allocate_client_credentials (&psk_cred) < 0)
{
fprintf (stderr, "PSK authentication error\n");
}
gnutls_psk_set_client_credentials (psk_cred,
psk_username, &psk_key,
GNUTLS_PSK_KEY_HEX);
#endif
#ifdef ENABLE_ANON
/* ANON stuff */
if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0)
{
fprintf (stderr, "Anonymous authentication error\n");
}
#endif
}
int
main (void)
{
int err, listen_sd;
int sd, ret;
struct sockaddr_in sa_serv;
struct sockaddr_in sa_cli;
int client_len;
char topbuf[512];
gnutls_session_t session;
char buffer[MAX_BUF + 1];
int optval = 1;
char name[256];
strcpy (name, "Echo Server");
/* this must be called once in the program
*/
gnutls_global_init ();
gnutls_certificate_allocate_credentials (&cred);
gnutls_certificate_set_openpgp_keyring_file (cred, RINGFILE,
GNUTLS_OPENPGP_FMT_BASE64);
gnutls_certificate_set_openpgp_key_file (cred, CERTFILE, KEYFILE,
GNUTLS_OPENPGP_FMT_BASE64);
generate_dh_params ();
gnutls_certificate_set_dh_params (cred, dh_params);
/* Socket operations
*/
listen_sd = socket (AF_INET, SOCK_STREAM, 0);
SOCKET_ERR (listen_sd, "socket");
memset (&sa_serv, '\0', sizeof (sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
sa_serv.sin_port = htons (PORT); /* Server Port number */
setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
sizeof (int));
err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
SOCKET_ERR (err, "bind");
err = listen (listen_sd, 1024);
SOCKET_ERR (err, "listen");
printf ("%s ready. Listening to port '%d'.\n\n", name, PORT);
client_len = sizeof (sa_cli);
for (;;)
{
session = initialize_tls_session ();
sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
printf ("- connection from %s, port %d\n",
inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
sizeof (topbuf)), ntohs (sa_cli.sin_port));
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
ret = gnutls_handshake (session);
if (ret < 0)
{
close (sd);
gnutls_deinit (session);
fprintf (stderr, "*** Handshake has failed (%s)\n\n",
gnutls_strerror (ret));
continue;
}
printf ("- Handshake was completed\n");
/* see the Getting peer's information example */
/* print_info(session); */
for (;;)
{
memset (buffer, 0, MAX_BUF + 1);
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
{
printf ("\n- Peer has closed the GnuTLS connection\n");
break;
}
else if (ret < 0)
{
fprintf (stderr, "\n*** Received corrupted "
"data(%d). Closing the connection.\n\n", ret);
break;
}
else if (ret > 0)
{
/* echo data back to the client
*/
gnutls_record_send (session, buffer, strlen (buffer));
}
}
printf ("\n");
/* do not wait for the peer to close the connection.
*/
gnutls_bye (session, GNUTLS_SHUT_WR);
close (sd);
gnutls_deinit (session);
}
close (listen_sd);
gnutls_certificate_free_credentials (cred);
gnutls_global_deinit ();
return 0;
}
int main(int argc, char **argv)
{
gnutls_certificate_credentials ctx;
gnutls_datum_t dat, xml, pk;
gnutls_openpgp_name uid;
gnutls_privkey *pkey;
gnutls_cert *cert;
unsigned char fpr[20], keyid[8];
char *s, *t;
size_t fprlen = 0;
int rc, nbits = 0, i;
rc = gnutls_certificate_allocate_credentials(&ctx);
assert(rc == 0);
s = "../doc/credentials/openpgp/cli_ring.gpg";
rc = gnutls_certificate_set_openpgp_keyring_file(ctx, s);
assert(rc == 0);
s = "../doc/credentials/openpgp/pub.asc";
t = "../doc/credentials/openpgp/sec.asc";
rc = gnutls_certificate_set_openpgp_key_file(ctx, s, t);
assert(rc == 0);
dat = ctx->cert_list[0]->raw;
assert(ctx->cert_list[0]);
printf("Key v%d\n", gnutls_openpgp_extract_key_version(&dat));
rc = gnutls_openpgp_extract_key_name(&dat, 1, &uid);
assert(rc == 0);
printf("userID %s\n", uid.name);
rc = gnutls_openpgp_extract_key_pk_algorithm(&dat, &nbits);
printf("pk-algorithm %s %d bits\n", get_pkalgo(rc), nbits);
rc = gnutls_openpgp_extract_key_creation_time(&dat);
printf("creation time %s\n", get_pktime(rc));
rc = gnutls_openpgp_extract_key_expiration_time(&dat);
printf("expiration time %lu\n", rc);
printf("key fingerprint: ");
rc = gnutls_openpgp_fingerprint(&dat, fpr, &fprlen);
assert(rc == 0);
for (i = 0; i < fprlen / 2; i++)
printf("%02X%02X ", fpr[2 * i], fpr[2 * i + 1]);
printf("\n");
printf("key id: ");
rc = gnutls_openpgp_extract_key_id(&dat, keyid);
assert(rc == 0);
for (i = 0; i < 8; i++)
printf("%02X", keyid[i]);
printf("\n\n");
printf("Check MPIs\n");
cert = ctx->cert_list[0];
printf("number of certs %d\n", *ctx->cert_list_length);
assert(*ctx->cert_list_length == 1);
printf("number of items %d\n", cert->params_size);
for (i = 0; i < cert->params_size; i++) {
nbits = gcry_mpi_get_nbits(cert->params[i]);
printf("mpi %d %d bits\n", i, nbits);
}
printf("\nCheck key\n");
rc = gnutls_openpgp_verify_key(NULL, &ctx->keyring, &dat, 1);
printf("certifiacte status...%d\n", rc);
printf("\nSeckey\n");
pkey = ctx->pkey;
assert(pkey);
assert(pkey->params_size);
nbits = gcry_mpi_get_nbits(pkey->params[0]);
rc = pkey->pk_algorithm;
printf("pk-algorithm %s %d bits\n", get_pkalgo(rc), nbits);
printf("number of items %d\n", pkey->params_size);
for (i = 0; i < pkey->params_size; i++) {
nbits = gcry_mpi_get_nbits(pkey->params[i]);
printf("mpi %d %d bits\n", i, nbits);
}
printf("\nGet public key\n");
rc = get_pubkey(&pk, &ctx->keyring, 0xA7D93C3F);
assert(rc == 0);
printf("key fingerprint: ");
gnutls_openpgp_fingerprint(&pk, fpr, &fprlen);
for (i = 0; i < fprlen / 2; i++)
printf("%02X%02X ", fpr[2 * i], fpr[2 * i + 1]);
printf("\n");
_gnutls_free_datum(&pk);
#if 0
rc = gnutls_openpgp_key_to_xml(&dat, &xml, 1);
printf("rc=%d\n", rc);
assert(rc == 0);
xml.data[xml.size] = '\0';
printf("%s\n", xml.data);
_gnutls_free_datum(&xml);
#endif
_gnutls_free_datum(&dat);
gnutls_certificate_free_credentials(ctx);
return 0;
}
