int main(int argc, char **argv)
{
int ret;
gnutls_global_set_log_function(tls_log_func);
if (argc > 1)
gnutls_global_set_log_level(4711);
ret = gnutls_crypto_register_cipher(GNUTLS_CIPHER_AES_128_CBC, 1,
myaes_init,
myaes_setkey,
myaes_setiv,
myaes_encrypt,
myaes_decrypt,
myaes_deinit);
if (ret < 0) {
fprintf(stderr, "%d: cannot register cipher\n", __LINE__);
exit(1);
}
ret = gnutls_crypto_register_aead_cipher(GNUTLS_CIPHER_AES_128_GCM, 1,
myaes_gcm_init,
myaes_gcm_setkey,
myaes_gcm_encrypt,
myaes_gcm_decrypt,
myaes_gcm_deinit);
if (ret < 0) {
fprintf(stderr, "%d: cannot register cipher\n", __LINE__);
exit(1);
}
global_init();
if (gnutls_cipher_self_test(1, 0) < 0)
return 1;
if (used == 0) {
fprintf(stderr, "The CBC cipher was not used\n");
exit(1);
}
if (aead_used == 0) {
fprintf(stderr, "The AEAD cipher was not used\n");
exit(1);
}
gnutls_global_deinit();
return 0;
}
void doit(void)
{
int ret;
global_init();
ret = gnutls_crypto_register_cipher(GNUTLS_CIPHER_AES_128_CBC, 1,
myaes_init,
myaes_setkey,
myaes_setiv,
myaes_encrypt,
myaes_decrypt,
myaes_deinit);
if (ret < 0) {
fail("%d: cannot register cipher\n", __LINE__);
}
start("NORMAL:-CIPHER-ALL:+AES-128-CBC:-VERS-ALL:+VERS-TLS1.1");
start("NORMAL:-CIPHER-ALL:+AES-128-CBC:-VERS-ALL:+VERS-TLS1.2");
gnutls_global_deinit();
}
static void server(int sd)
{
gnutls_certificate_credentials_t x509_cred;
int ret;
gnutls_session_t session;
char buffer[MAX_BUF + 1];
/* this must be called once in the program
*/
global_init();
gnutls_global_set_log_function(tls_log_func);
if (debug)
gnutls_global_set_log_level(6);
ret = gnutls_crypto_register_cipher(GNUTLS_CIPHER_AES_128_CBC, 1,
myaes_init,
myaes_setkey,
myaes_setiv,
myaes_encrypt,
myaes_decrypt,
myaes_deinit);
if (ret < 0) {
fail("%d: cannot register cipher\n", __LINE__);
}
gnutls_certificate_allocate_credentials(&x509_cred);
gnutls_certificate_set_x509_trust_mem(x509_cred, &ca,
GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
&server_key,
GNUTLS_X509_FMT_PEM);
if (debug)
success("Launched, generating DH parameters...\n");
gnutls_init(&session, GNUTLS_SERVER);
/* avoid calling all the priority functions, since the defaults
* are adequate.
*/
gnutls_priority_set_direct(session, "NORMAL:-CIPHER-ALL:+AES-128-CBC", NULL);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_transport_set_int(session, sd);
ret = gnutls_handshake(session);
if (ret < 0) {
close(sd);
gnutls_deinit(session);
fail("server: Handshake has failed (%s)\n\n",
gnutls_strerror(ret));
return;
}
if (debug) {
success("server: Handshake was completed\n");
success("server: TLS version is: %s\n",
gnutls_protocol_get_name
(gnutls_protocol_get_version(session)));
}
/* see the Getting peer's information example */
if (debug)
print_info(session);
for (;;) {
memset(buffer, 0, MAX_BUF + 1);
ret = gnutls_record_recv(session, buffer, MAX_BUF);
if (ret == 0) {
if (debug)
success
("server: Peer has closed the GnuTLS connection\n");
break;
} else if (ret < 0) {
fail("server: Received corrupted data(%d). Closing...\n", ret);
break;
} else if (ret > 0) {
/* echo data back to the client
*/
gnutls_record_send(session, buffer,
strlen(buffer));
}
}
/* do not wait for the peer to close the connection.
*/
gnutls_bye(session, GNUTLS_SHUT_WR);
close(sd);
gnutls_deinit(session);
gnutls_certificate_free_credentials(x509_cred);
gnutls_global_deinit();
if (debug)
success("server: finished\n");
}
