static void print_ecdh_info(gnutls_session_t session, const char *str) { int curve; printf("- %sEC Diffie-Hellman parameters\n", str); curve = gnutls_ecc_curve_get(session); printf(" - Using curve: %s\n", gnutls_ecc_curve_get_name(curve)); printf(" - Curve size: %d bits\n", gnutls_ecc_curve_get_size(curve) * 8); }
test_code_t test_ecdhe (gnutls_session_t session) { int ret; sprintf (prio_str, INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":+ECDHE-RSA:+ECDHE-ECDSA:+CURVE-ALL:%s", protocol_all_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); ret = do_handshake (session); curve = gnutls_ecc_curve_get(session); return ret; }
/** * gnutls_session_get_desc: * @session: is a gnutls session * * This function returns a string describing the current session. * The string is null terminated and allocated using gnutls_malloc(). * * Returns: a description of the protocols and algorithms in the current session. * * Since: 3.1.10 **/ char *gnutls_session_get_desc(gnutls_session_t session) { gnutls_kx_algorithm_t kx; unsigned type; char kx_name[32]; char proto_name[32]; const char *curve_name = NULL; unsigned dh_bits = 0; unsigned mac_id; char *desc; kx = session->security_parameters.kx_algorithm; if (kx == GNUTLS_KX_ANON_ECDH || kx == GNUTLS_KX_ECDHE_PSK || kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA) { curve_name = gnutls_ecc_curve_get_name(gnutls_ecc_curve_get (session)); } else if (kx == GNUTLS_KX_ANON_DH || kx == GNUTLS_KX_DHE_PSK || kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) { dh_bits = gnutls_dh_get_prime_bits(session); } if (curve_name != NULL) snprintf(kx_name, sizeof(kx_name), "%s-%s", gnutls_kx_get_name(kx), curve_name); else if (dh_bits != 0) snprintf(kx_name, sizeof(kx_name), "%s-%u", gnutls_kx_get_name(kx), dh_bits); else snprintf(kx_name, sizeof(kx_name), "%s", gnutls_kx_get_name(kx)); type = gnutls_certificate_type_get(session); if (type == GNUTLS_CRT_X509) snprintf(proto_name, sizeof(proto_name), "%s", gnutls_protocol_get_name(get_num_version (session))); else snprintf(proto_name, sizeof(proto_name), "%s-%s", gnutls_protocol_get_name(get_num_version (session)), gnutls_certificate_type_get_name(type)); gnutls_protocol_get_name(get_num_version(session)), desc = gnutls_malloc(DESC_SIZE); if (desc == NULL) return NULL; mac_id = gnutls_mac_get(session); if (mac_id == GNUTLS_MAC_AEAD) { /* no need to print */ snprintf(desc, DESC_SIZE, "(%s)-(%s)-(%s)", proto_name, kx_name, gnutls_cipher_get_name(gnutls_cipher_get(session))); } else { snprintf(desc, DESC_SIZE, "(%s)-(%s)-(%s)-(%s)", proto_name, kx_name, gnutls_cipher_get_name(gnutls_cipher_get(session)), gnutls_mac_get_name(mac_id)); } return desc; }
/** * gnutls_session_get_desc: * @session: is a gnutls session * * This function returns a string describing the current session. * The string is null terminated and allocated using gnutls_malloc(). * * If initial negotiation is not complete when this function is called, * %NULL will be returned. * * Returns: a description of the protocols and algorithms in the current session. * * Since: 3.1.10 **/ char *gnutls_session_get_desc(gnutls_session_t session) { gnutls_kx_algorithm_t kx; const char *kx_str; unsigned type; char kx_name[32]; char proto_name[32]; const char *curve_name = NULL; unsigned dh_bits = 0; unsigned mac_id; char *desc; if (session->internals.initial_negotiation_completed == 0) return NULL; kx = session->security_parameters.kx_algorithm; if (kx == GNUTLS_KX_ANON_ECDH || kx == GNUTLS_KX_ECDHE_PSK || kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA) { curve_name = gnutls_ecc_curve_get_name(gnutls_ecc_curve_get (session)); #if defined(ENABLE_DHE) || defined(ENABLE_ANON) } else if (kx == GNUTLS_KX_ANON_DH || kx == GNUTLS_KX_DHE_PSK || kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) { dh_bits = gnutls_dh_get_prime_bits(session); #endif } kx_str = gnutls_kx_get_name(kx); if (kx_str) { if (curve_name != NULL) snprintf(kx_name, sizeof(kx_name), "%s-%s", kx_str, curve_name); else if (dh_bits != 0) snprintf(kx_name, sizeof(kx_name), "%s-%u", kx_str, dh_bits); else snprintf(kx_name, sizeof(kx_name), "%s", kx_str); } else { strcpy(kx_name, "NULL"); } type = gnutls_certificate_type_get(session); if (type == GNUTLS_CRT_X509) snprintf(proto_name, sizeof(proto_name), "%s", gnutls_protocol_get_name(get_num_version (session))); else snprintf(proto_name, sizeof(proto_name), "%s-%s", gnutls_protocol_get_name(get_num_version (session)), gnutls_certificate_type_get_name(type)); desc = gnutls_malloc(DESC_SIZE); if (desc == NULL) return NULL; mac_id = gnutls_mac_get(session); if (mac_id == GNUTLS_MAC_AEAD) { /* no need to print */ snprintf(desc, DESC_SIZE, "(%s)-(%s)-(%s)", proto_name, kx_name, gnutls_cipher_get_name(gnutls_cipher_get(session))); } else { snprintf(desc, DESC_SIZE, "(%s)-(%s)-(%s)-(%s)", proto_name, kx_name, gnutls_cipher_get_name(gnutls_cipher_get(session)), gnutls_mac_get_name(mac_id)); } return desc; }
static void client(int fd, const char *prio) { int ret; gnutls_anon_client_credentials_t anoncred; gnutls_certificate_credentials_t x509_cred; gnutls_session_t session; /* Need to enable anonymous KX specifically. */ gnutls_global_init(); if (debug) { gnutls_global_set_log_function(client_log_func); gnutls_global_set_log_level(7); } gnutls_anon_allocate_client_credentials(&anoncred); gnutls_certificate_allocate_credentials(&x509_cred); /* Initialize TLS session */ gnutls_init(&session, GNUTLS_CLIENT); /* Use default priorities */ gnutls_priority_set_direct(session, prio, NULL); /* put the anonymous credentials to the current session */ gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); gnutls_transport_set_int(session, fd); /* Perform the TLS handshake */ do { ret = gnutls_handshake(session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); if (gnutls_ecc_curve_get(session) == 0xffffffff) { fprintf(stderr, "memory was overwritten\n"); kill(getpid(), SIGSEGV); } if (ret < 0) { fprintf(stderr, "client: Handshake failed (expected)\n"); gnutls_perror(ret); exit(0); } else { if (debug) fprintf(stderr, "client: Handshake was completed\n"); } close(fd); gnutls_deinit(session); gnutls_anon_free_client_credentials(anoncred); gnutls_certificate_free_credentials(x509_cred); gnutls_global_deinit(); }
/* This function will print some details of the * given session. */ int print_info (gnutls_session_t session) { const char *tmp; gnutls_credentials_type_t cred; gnutls_kx_algorithm_t kx; int dhe, ecdh; dhe = ecdh = 0; /* print the key exchange's algorithm name */ kx = gnutls_kx_get (session); tmp = gnutls_kx_get_name (kx); printf ("- Key Exchange: %s\n", tmp); /* Check the authentication type used and switch * to the appropriate. */ cred = gnutls_auth_get_type (session); switch (cred) { case GNUTLS_CRD_IA: printf ("- TLS/IA session\n"); break; #ifdef ENABLE_SRP case GNUTLS_CRD_SRP: printf ("- SRP session with username %s\n", gnutls_srp_server_get_username (session)); break; #endif case GNUTLS_CRD_PSK: /* This returns NULL in server side. */ if (gnutls_psk_client_get_hint (session) != NULL) printf ("- PSK authentication. PSK hint '%s'\n", gnutls_psk_client_get_hint (session)); /* This returns NULL in client side. */ if (gnutls_psk_server_get_username (session) != NULL) printf ("- PSK authentication. Connected as '%s'\n", gnutls_psk_server_get_username (session)); if (kx == GNUTLS_KX_ECDHE_PSK) ecdh = 1; else if (kx == GNUTLS_KX_DHE_PSK) dhe = 1; break; case GNUTLS_CRD_ANON: /* anonymous authentication */ printf ("- Anonymous authentication.\n"); if (kx == GNUTLS_KX_ANON_ECDH) ecdh = 1; else if (kx == GNUTLS_KX_ANON_DH) dhe = 1; break; case GNUTLS_CRD_CERTIFICATE: /* certificate authentication */ /* Check if we have been using ephemeral Diffie-Hellman. */ if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) dhe = 1; else if (kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA) ecdh = 1; /* if the certificate list is available, then * print some information about it. */ print_x509_certificate_info (session); } /* switch */ if (ecdh != 0) printf ("- Ephemeral ECDH using curve %s\n", gnutls_ecc_curve_get_name (gnutls_ecc_curve_get (session))); else if (dhe != 0) printf ("- Ephemeral DH using prime of %d bits\n", gnutls_dh_get_prime_bits (session)); /* print the protocol's name (ie TLS 1.0) */ tmp = gnutls_protocol_get_name (gnutls_protocol_get_version (session)); printf ("- Protocol: %s\n", tmp); /* print the certificate type of the peer. * ie X.509 */ tmp = gnutls_certificate_type_get_name (gnutls_certificate_type_get (session)); printf ("- Certificate Type: %s\n", tmp); /* print the compression algorithm (if any) */ tmp = gnutls_compression_get_name (gnutls_compression_get (session)); printf ("- Compression: %s\n", tmp); /* print the name of the cipher used. * ie 3DES. */ tmp = gnutls_cipher_get_name (gnutls_cipher_get (session)); printf ("- Cipher: %s\n", tmp); /* Print the MAC algorithms name. * ie SHA1 */ tmp = gnutls_mac_get_name (gnutls_mac_get (session)); printf ("- MAC: %s\n", tmp); return 0; }