static gnutls_x509_privkey gen_crypto(requiem_client_profile_t *cp, const char *filename, requiem_uid_t uid, requiem_gid_t gid) { int ret; char buf[65535]; gnutls_x509_privkey key; size_t size = sizeof(buf); key = generate_private_key(); if ( ! key ) { fprintf(stderr, "error while generating RSA private key.\n"); return NULL; } ret = gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buf, &size); if ( ret < 0 ) { fprintf(stderr, "error exporting private key: %s\n", gnutls_strerror(ret)); gnutls_x509_privkey_deinit(key); return NULL; } ret = save_buf(filename, uid, gid, (unsigned char *) buf, size); if ( ret < 0 ) { fprintf(stderr, "error saving private key.\n"); return NULL; } return key; }
void ExtractFile(struct file *sFile, DWORD dwPos) { DWORD dwOffset; DWORD dwSize; BYTE bName[40]; GetValue(dwPos, 1, "%X", &dwOffset); GetValue(dwPos, 2, "%d", &dwSize); GetValue(dwPos, 0, "%s", bName); save_buf(bName, sFile->bMap + dwOffset, dwSize); }
static int crt_export(requiem_client_profile_t *cp, gnutls_x509_crt *crt, const char *filename) { int ret; size_t size; unsigned char buf[65535]; size = sizeof(buf); ret = gnutls_x509_crt_export(*crt, GNUTLS_X509_FMT_PEM, buf, &size); if ( ret < 0 ) { fprintf(stderr, "error exporting self-signed certificate: %s.\n", gnutls_strerror(ret)); gnutls_x509_crt_deinit(*crt); return -1; } ret = save_buf(filename, requiem_client_profile_get_uid(cp), requiem_client_profile_get_gid(cp), buf, size); if ( ret < 0 ) { fprintf(stderr, "error saving private key certificate.\n"); gnutls_x509_crt_deinit(*crt); return -1; } return 0; }
int tls_revoke_analyzer(requiem_client_profile_t *cp, gnutls_x509_privkey key, gnutls_x509_crt crt, uint64_t revoked_analyzerid) { int ret, i; size_t len, dsize; gnutls_datum data; gnutls_x509_crl crl; uint64_t analyzerid; char crlfile[PATH_MAX], buf[65535]; ret = gnutls_x509_crl_init(&crl); requiem_client_profile_get_tls_server_crl_filename(cp, crlfile, sizeof(crlfile)); ret = access(crlfile, R_OK); if ( ret == 0 ) { ret = _requiem_load_file(crlfile, &data.data, &dsize); if ( ret < 0 ) { fprintf(stderr, "error loading '%s': %s.\n", crlfile, requiem_strerror(ret)); return ret; } data.size = (unsigned int) dsize; ret = gnutls_x509_crl_import(crl, &data, GNUTLS_X509_FMT_PEM); if ( ret < 0 ) { fprintf(stderr, "error importing CRL: %s.\n", gnutls_strerror(ret)); return -1; } } for ( i = 0; i < gnutls_x509_crl_get_crt_count(crl); i++ ) { len = sizeof(analyzerid); gnutls_x509_crl_get_crt_serial(crl, i, (unsigned char *) &analyzerid, &len, NULL); if ( analyzerid == revoked_analyzerid ) return 0; } ret = gnutls_x509_crl_set_crt_serial(crl, &revoked_analyzerid, sizeof(revoked_analyzerid), time(NULL)); if ( ret < 0 ) { fprintf(stderr, "error setting CRL certificate serial: %s.\n", gnutls_strerror(ret)); return -1; } gnutls_x509_crl_set_version(crl, 2); gnutls_x509_crl_set_next_update(crl, time(NULL)); gnutls_x509_crl_set_this_update(crl, time(NULL)); ret = gnutls_x509_crl_sign(crl, crt, key); if ( ret < 0 ) { fprintf(stderr, "error signing CRL: %s.\n", gnutls_strerror(ret)); return -1; } len = sizeof(buf); ret = gnutls_x509_crl_export(crl, GNUTLS_X509_FMT_PEM, buf, &len); if ( ret < 0 ) { fprintf(stderr, "error exporting certificate revocation list: %s\n", gnutls_strerror(ret)); gnutls_x509_crl_deinit(crl); return -1; } gnutls_x509_crl_deinit(crl); unlink(crlfile); ret = save_buf(crlfile, requiem_client_profile_get_uid(cp), requiem_client_profile_get_gid(cp), (unsigned char *) buf, len); if ( ret < 0 ) { fprintf(stderr, "error saving private key.\n"); return -1; } return 1; }
int tls_request_certificate(requiem_client_profile_t *cp, requiem_io_t *fd, gnutls_x509_privkey key, requiem_connection_permission_t permission) { ssize_t ret; ssize_t rsize; char buf[65535]; unsigned char *rbuf; gnutls_x509_crq crq; size_t size = sizeof(buf); requiem_log_debug(1, "Sending certificate request.\n"); crq = generate_certificate_request(cp, permission, key, (unsigned char *) buf, &size); if ( ! crq ) return -1; gnutls_x509_crq_deinit(crq); ret = requiem_io_write_delimited(fd, buf, size); if ( ret < 0 || (size_t) ret != size ) { requiem_perror(ret, "error sending certificate request"); return -1; } requiem_log_debug(1, "Receiving signed certificate.\n"); rsize = requiem_io_read_delimited(fd, &rbuf); if ( rsize < 0 ) { requiem_perror(rsize, "error receiving CA-signed certificate"); return -1; } requiem_client_profile_get_tls_client_keycert_filename(cp, buf, sizeof(buf)); ret = remove_old(buf, rbuf, rsize); if ( ret < 0 ) return ret; ret = save_buf(buf, requiem_client_profile_get_uid(cp), requiem_client_profile_get_gid(cp), rbuf, rsize); if ( ret < 0 ) return ret; free(rbuf); requiem_log_debug(1, "Receiving CA certificate.\n"); rsize = requiem_io_read_delimited(fd, &rbuf); if ( rsize < 0 ) { requiem_perror(rsize, "error receiving server certificate"); return rsize; } requiem_client_profile_get_tls_client_trusted_cert_filename(cp, buf, sizeof(buf)); ret = remove_old(buf, rbuf, rsize); if ( ret < 0 ) return ret; ret = save_buf(buf, requiem_client_profile_get_uid(cp), requiem_client_profile_get_gid(cp), rbuf, rsize); if ( ret < 0 ) return ret; free(rbuf); return 0; }