test_code_t test_export_info (gnutls_session session) { int ret2, ret; gnutls_datum exp2, mod2; const char *print; if (verbose == 0 || export_true == 0) return TEST_IGNORE; ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_KX (session, GNUTLS_KX_RSA_EXPORT); ADD_CIPHER (session, GNUTLS_CIPHER_ARCFOUR_40); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_SUCCEED) { ret2 = gnutls_rsa_export_get_pubkey (session, &exp2, &mod2); if (ret2 >= 0) { printf ("\n"); print = raw_to_string (exp2.data, exp2.size); if (print) printf (" Exponent [%d bits]: %s\n", exp2.size * 8, print); print = raw_to_string (mod2.data, mod2.size); if (print) printf (" Modulus [%d bits]: %s\n", mod2.size * 8, print); if (mod2.size != mod.size || exp2.size != exp.size || memcmp (mod2.data, mod.data, mod.size) != 0 || memcmp (exp2.data, exp.data, exp.size) != 0) { printf (" (server uses different public keys per connection)\n"); } } } return ret; }
test_code_t test_dhe_group (gnutls_session session) { int ret, ret2; gnutls_datum gen, prime, pubkey2; const char *print; if (verbose == 0 || pubkey.data == NULL) return TEST_IGNORE; ADD_ALL_CIPHERS (session); ADD_ALL_COMP (session); ADD_ALL_CERTTYPES (session); ADD_ALL_PROTOCOLS (session); ADD_ALL_MACS (session); ADD_KX2 (session, GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); ret2 = gnutls_dh_get_group (session, &gen, &prime); if (ret2 >= 0) { printf ("\n"); print = raw_to_string (gen.data, gen.size); if (print) printf (" Generator [%d bits]: %s\n", gen.size * 8, print); print = raw_to_string (prime.data, prime.size); if (print) printf (" Prime [%d bits]: %s\n", prime.size * 8, print); gnutls_dh_get_pubkey (session, &pubkey2); print = raw_to_string (pubkey2.data, pubkey2.size); if (print) printf (" Pubkey [%d bits]: %s\n", pubkey2.size * 8, print); if (pubkey2.data && pubkey2.size == pubkey.size && memcmp (pubkey.data, pubkey2.data, pubkey.size) == 0) { printf (" (public key seems to be static among sessions)\n"); } } return ret; }
test_code_t test_export_info (gnutls_session_t session) { int ret2, ret; gnutls_datum_t exp2, mod2; const char *print; if (verbose == 0 || export_true == 0) return TEST_IGNORE; sprintf (prio_str, INIT_STR "+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); if (ret == TEST_SUCCEED) { ret2 = gnutls_rsa_export_get_pubkey (session, &exp2, &mod2); if (ret2 >= 0) { printf ("\n"); print = raw_to_string (exp2.data, exp2.size); if (print) printf (" Exponent [%d bits]: %s\n", exp2.size * 8, print); print = raw_to_string (mod2.data, mod2.size); if (print) printf (" Modulus [%d bits]: %s\n", mod2.size * 8, print); if (mod2.size != mod.size || exp2.size != exp.size || memcmp (mod2.data, mod.data, mod.size) != 0 || memcmp (exp2.data, exp.data, exp.size) != 0) { printf (" (server uses different public keys per connection)\n"); } } } return ret; }
SEXP raw_list_to_character(SEXP _source) { Rcpp::List source(_source); Rcpp::CharacterVector dest(source.size()); for(int i = 0; i < source.size(); i++) { dest[i] = raw_to_string(source[i]); } return Rcpp::wrap(dest); }
test_code_t test_dhe_group (gnutls_session_t session) { int ret, ret2; gnutls_datum_t gen, prime, pubkey2; const char *print; if (verbose == 0 || pubkey.data == NULL) return TEST_IGNORE; sprintf (prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); ret2 = gnutls_dh_get_group (session, &gen, &prime); if (ret2 >= 0) { printf ("\n"); print = raw_to_string (gen.data, gen.size); if (print) printf (" Generator [%d bits]: %s\n", gen.size * 8, print); print = raw_to_string (prime.data, prime.size); if (print) printf (" Prime [%d bits]: %s\n", prime.size * 8, print); gnutls_dh_get_pubkey (session, &pubkey2); print = raw_to_string (pubkey2.data, pubkey2.size); if (print) printf (" Pubkey [%d bits]: %s\n", pubkey2.size * 8, print); if (pubkey2.data && pubkey2.size == pubkey.size && memcmp (pubkey.data, pubkey2.data, pubkey.size) == 0) { printf (" (public key seems to be static among sessions)\n"); } } return ret; }
int handle_rep(zmq_msg_t * msg) { msgpack_object obj; msgpack_unpacked pack; char *errmsg; msgpack_unpacked_init(&pack); if (!msgpack_unpack_next (&pack, zmq_msg_data(msg), zmq_msg_size(msg), NULL)) { LOG_ERROR("handle_rep: msgpack_unpack_next failed\n"); return (-1); } obj = pack.data; if (obj.type != MSGPACK_OBJECT_ARRAY) { LOG_ERROR("handle_rep: not an array\n"); return (-2); } if (obj.via.array.size < 1) { LOG_ERROR("handle_rep: empty array\n"); return (-3); } if (obj.via.array.ptr[0].type != MSGPACK_OBJECT_BOOLEAN) { LOG_ERROR("handle_rep: first entry is nota boolean\n"); return (-4); } if (obj.via.array.ptr[0].via.boolean == false) { if (obj.via.array.size > 1 && obj.via.array.ptr[1].type == MSGPACK_OBJECT_RAW) { errmsg = raw_to_string(&(obj.via.array.ptr[1].via.raw)); if (errmsg) { LOG_SERV("%s\n", errmsg); free(errmsg); } } msgpack_unpacked_destroy(&pack); return (1); } if (obj.via.array.size > 1) { /* Technically speaking unspecified, but I feel lazy */ msgpack_object_print(stdout, obj.via.array.ptr[1]); printf("\n"); } return (0); }
int print_info (gnutls_session_t session, int print_cert) { const char *tmp; gnutls_credentials_type_t cred; gnutls_kx_algorithm_t kx; unsigned char session_id[33]; size_t session_id_size = sizeof (session_id); /* print session ID */ gnutls_session_get_id (session, session_id, &session_id_size); printf ("- Session ID: %s\n", raw_to_string (session_id, session_id_size)); /* print the key exchange's algorithm name */ kx = gnutls_kx_get (session); cred = gnutls_auth_get_type (session); switch (cred) { #ifdef ENABLE_ANON case GNUTLS_CRD_ANON: if (kx == GNUTLS_KX_ANON_ECDH) print_ecdh_info (session, "Anonymous "); else print_dh_info (session, "Anonymous ", verbose); break; #endif #ifdef ENABLE_SRP case GNUTLS_CRD_SRP: /* This should be only called in server * side. */ if (gnutls_srp_server_get_username (session) != NULL) printf ("- SRP authentication. Connected as '%s'\n", gnutls_srp_server_get_username (session)); break; #endif #ifdef ENABLE_PSK case GNUTLS_CRD_PSK: /* This returns NULL in server side. */ if (gnutls_psk_client_get_hint (session) != NULL) printf ("- PSK authentication. PSK hint '%s'\n", gnutls_psk_client_get_hint (session)); /* This returns NULL in client side. */ if (gnutls_psk_server_get_username (session) != NULL) printf ("- PSK authentication. Connected as '%s'\n", gnutls_psk_server_get_username (session)); if (kx == GNUTLS_KX_DHE_PSK) print_dh_info (session, "Ephemeral ", verbose); if (kx == GNUTLS_KX_ECDHE_PSK) print_ecdh_info (session, "Ephemeral "); break; #endif case GNUTLS_CRD_IA: printf ("- TLS/IA authentication\n"); break; case GNUTLS_CRD_CERTIFICATE: { char dns[256]; size_t dns_size = sizeof (dns); unsigned int type; /* This fails in client side */ if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0) { printf ("- Given server name[%d]: %s\n", type, dns); } } print_cert_info (session, verbose?GNUTLS_CRT_PRINT_FULL:GNUTLS_CRT_PRINT_COMPACT, print_cert); if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) print_dh_info (session, "Ephemeral ", verbose); else if (kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA) print_ecdh_info (session, "Ephemeral "); } tmp = SU (gnutls_protocol_get_name (gnutls_protocol_get_version (session))); printf ("- Version: %s\n", tmp); tmp = SU (gnutls_kx_get_name (kx)); printf ("- Key Exchange: %s\n", tmp); tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session))); printf ("- Cipher: %s\n", tmp); tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session))); printf ("- MAC: %s\n", tmp); tmp = SU (gnutls_compression_get_name (gnutls_compression_get (session))); printf ("- Compression: %s\n", tmp); if (verbose) { gnutls_datum_t cb; int rc; rc = gnutls_session_channel_binding (session, GNUTLS_CB_TLS_UNIQUE, &cb); if (rc) fprintf (stderr, "Channel binding error: %s\n", gnutls_strerror (rc)); else { size_t i; printf ("- Channel binding 'tls-unique': "); for (i = 0; i < cb.size; i++) printf ("%02x", cb.data[i]); printf ("\n"); } } /* Warning: Do not print anything more here. The 'Compression:' output MUST be the last non-verbose output. This is used by Emacs starttls.el code. */ fflush (stdout); return 0; }
int handle_req(void *socket, zmq_msg_t * msg) { int command_id; char *query; char *path = NULL; msgpack_object obj; msgpack_unpacked pack; msgpack_unpacked_init(&pack); if (!msgpack_unpack_next (&pack, zmq_msg_data(msg), zmq_msg_size(msg), NULL)) { LOG_ERROR("handle_req: msgpack_unpack_next failed\n"); return (-1); } obj = pack.data; if (obj.type != MSGPACK_OBJECT_ARRAY) { LOG_ERROR("handle_req: not an array\n"); pcma_send(socket, failed_packfn, "not an array"); return (-2); } const char *command = (const char *) obj.via.array.ptr[0].via.raw.ptr; int command_size = obj.via.array.ptr[0].via.raw.size; if (!command) { LOG_ERROR("handle_req: no command\n"); pcma_send(socket, failed_packfn, "no command"); return (-3); } if (command_size == PING_COMMAND_SIZE && !bcmp(PING_COMMAND, command, PING_COMMAND_SIZE)) { command_id = PING_COMMAND_ID; } else if (command_size == LIST_COMMAND_SIZE && !bcmp(LIST_COMMAND, command, LIST_COMMAND_SIZE)) { command_id = LIST_COMMAND_ID; } else if (command_size == LOCK_COMMAND_SIZE && !bcmp(LOCK_COMMAND, command, LOCK_COMMAND_SIZE)) { command_id = LOCK_COMMAND_ID; } else if (command_size == UNLOCK_COMMAND_SIZE && !bcmp(UNLOCK_COMMAND, command, UNLOCK_COMMAND_SIZE)) { command_id = UNLOCK_COMMAND_ID; } else { LOG_ERROR("handle_req: unknown command\n"); pcma_send(socket, failed_packfn, "unknown command"); return (-4); } switch (command_id) { case PING_COMMAND_ID: case LIST_COMMAND_ID: if (obj.via.array.size != 1) { LOG_ERROR("handle_req: no parameter expected\n"); pcma_send(socket, failed_packfn, "no parameter expected"); return (-5); } break; case LOCK_COMMAND_ID: case UNLOCK_COMMAND_ID: if (obj.via.array.size != 2) { LOG_ERROR("handle_req: 1 parameter expected\n"); pcma_send(socket, failed_packfn, "1 parameter expected"); return (-6); } if (obj.via.array.ptr[1].type != MSGPACK_OBJECT_RAW) { LOG_ERROR("handle_req: RAW parameter expected\n"); pcma_send(socket, failed_packfn, "RAW parameter expected"); return (-7); } path = raw_to_string(&obj.via.array.ptr[1].via.raw); if (!path) { perror("raw_to_string"); pcma_send(socket, failed_packfn, "raw_to_string failure"); } } switch (command_id) { case PING_COMMAND_ID: handle_ping_request(socket); break; case LIST_COMMAND_ID: handle_list_request(socket); break; case LOCK_COMMAND_ID: handle_lock_request(socket, path); break; case UNLOCK_COMMAND_ID: handle_unlock_request(socket, path); break; } msgpack_unpacked_destroy(&pack); if (path) free(path); return 0; }
static void privkey_info_int(FILE *outfile, common_info_st * cinfo, gnutls_x509_privkey_t key) { int ret, key_type; unsigned int bits = 0; size_t size; const char *cprint; /* Public key algorithm */ fprintf(outfile, "Public Key Info:\n"); ret = gnutls_x509_privkey_get_pk_algorithm2(key, &bits); fprintf(outfile, "\tPublic Key Algorithm: "); key_type = ret; cprint = gnutls_pk_algorithm_get_name(key_type); fprintf(outfile, "%s\n", cprint ? cprint : "Unknown"); fprintf(outfile, "\tKey Security Level: %s (%u bits)\n\n", gnutls_sec_param_get_name(gnutls_x509_privkey_sec_param (key)), bits); /* Print the raw public and private keys */ if (key_type == GNUTLS_PK_RSA) { gnutls_datum_t m, e, d, p, q, u, exp1, exp2; ret = gnutls_x509_privkey_export_rsa_raw2(key, &m, &e, &d, &p, &q, &u, &exp1, &exp2); if (ret < 0) fprintf(stderr, "Error in key RSA data export: %s\n", gnutls_strerror(ret)); else { print_rsa_pkey(outfile, &m, &e, &d, &p, &q, &u, &exp1, &exp2, cinfo->cprint); gnutls_free(m.data); gnutls_free(e.data); gnutls_free(d.data); gnutls_free(p.data); gnutls_free(q.data); gnutls_free(u.data); gnutls_free(exp1.data); gnutls_free(exp2.data); } } else if (key_type == GNUTLS_PK_DSA) { gnutls_datum_t p, q, g, y, x; ret = gnutls_x509_privkey_export_dsa_raw(key, &p, &q, &g, &y, &x); if (ret < 0) fprintf(stderr, "Error in key DSA data export: %s\n", gnutls_strerror(ret)); else { print_dsa_pkey(outfile, &x, &y, &p, &q, &g, cinfo->cprint); gnutls_free(x.data); gnutls_free(y.data); gnutls_free(p.data); gnutls_free(q.data); gnutls_free(g.data); } } else if (key_type == GNUTLS_PK_EC) { gnutls_datum_t y, x, k; gnutls_ecc_curve_t curve; ret = gnutls_x509_privkey_export_ecc_raw(key, &curve, &x, &y, &k); if (ret < 0) fprintf(stderr, "Error in key ECC data export: %s\n", gnutls_strerror(ret)); else { cprint = gnutls_ecc_curve_get_name(curve); bits = 0; print_ecc_pkey(outfile, curve, &k, &x, &y, cinfo->cprint); gnutls_free(x.data); gnutls_free(y.data); gnutls_free(k.data); } } fprintf(outfile, "\n"); size = lbuffer_size; ret = gnutls_x509_privkey_get_seed(key, NULL, lbuffer, &size); if (ret >= 0) { fprintf(outfile, "Seed: %s\n", raw_to_string(lbuffer, size)); } size = lbuffer_size; ret = gnutls_x509_privkey_get_key_id(key, GNUTLS_KEYID_USE_SHA256, lbuffer, &size); if (ret < 0) { fprintf(stderr, "Error in key id calculation: %s\n", gnutls_strerror(ret)); } else { gnutls_datum_t art; fprintf(outfile, "Public Key ID:\n\tsha256:%s\n", raw_to_string(lbuffer, size)); size = lbuffer_size; ret = gnutls_x509_privkey_get_key_id(key, GNUTLS_KEYID_USE_SHA1, lbuffer, &size); if (ret >= 0) { fprintf(outfile, "\tsha1:%s\n", raw_to_string(lbuffer, size)); } ret = gnutls_random_art(GNUTLS_RANDOM_ART_OPENSSH, cprint, bits, lbuffer, size, &art); if (ret >= 0) { fprintf(outfile, "Public key's random art:\n%s\n", art.data); gnutls_free(art.data); } } fprintf(outfile, "\n"); }
int print_info (gnutls_session_t session, const char *hostname, int insecure) { const char *tmp; gnutls_credentials_type_t cred; gnutls_kx_algorithm_t kx; /* print the key exchange's algorithm name */ kx = gnutls_kx_get (session); cred = gnutls_auth_get_type (session); switch (cred) { #ifdef ENABLE_ANON case GNUTLS_CRD_ANON: print_dh_info (session, "Anonymous "); break; #endif #ifdef ENABLE_SRP case GNUTLS_CRD_SRP: /* This should be only called in server * side. */ if (gnutls_srp_server_get_username (session) != NULL) printf ("- SRP authentication. Connected as '%s'\n", gnutls_srp_server_get_username (session)); break; #endif #ifdef ENABLE_PSK case GNUTLS_CRD_PSK: /* This returns NULL in server side. */ if (gnutls_psk_client_get_hint (session) != NULL) printf ("- PSK authentication. PSK hint '%s'\n", gnutls_psk_client_get_hint (session)); /* This returns NULL in client side. */ if (gnutls_psk_server_get_username (session) != NULL) printf ("- PSK authentication. Connected as '%s'\n", gnutls_psk_server_get_username (session)); if (kx == GNUTLS_KX_DHE_PSK) print_dh_info (session, "Ephemeral "); break; #endif case GNUTLS_CRD_IA: printf ("- TLS/IA authentication\n"); break; case GNUTLS_CRD_CERTIFICATE: { char dns[256]; size_t dns_size = sizeof (dns); unsigned int type; /* This fails in client side */ if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0) { printf ("- Given server name[%d]: %s\n", type, dns); } } if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) print_dh_info (session, "Ephemeral "); print_cert_info (session, hostname, insecure); print_cert_vrfy (session); } tmp = SU (gnutls_protocol_get_name (gnutls_protocol_get_version (session))); printf ("- Version: %s\n", tmp); tmp = SU (gnutls_kx_get_name (kx)); printf ("- Key Exchange: %s\n", tmp); tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session))); printf ("- Cipher: %s\n", tmp); tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session))); printf ("- MAC: %s\n", tmp); tmp = SU (gnutls_compression_get_name (gnutls_compression_get (session))); printf ("- Compression: %s\n", tmp); if (verbose) { char id[32]; size_t id_size = sizeof (id); gnutls_session_get_id (session, id, &id_size); printf ("- Session ID: %s\n", raw_to_string (id, id_size)); } fflush (stdout); return 0; }