void doit (void) { gnutls_openpgp_keyring_t keyring; gnutls_datum_t data; int ret; ret = gnutls_global_init (); if (ret < 0) fail ("init %d\n", ret); gnutls_global_set_log_function (tls_log_func); if (debug) gnutls_global_set_log_level (2); ret = gnutls_global_init_extra (); if (ret < 0) fail ("extra-init %d\n", ret); ret = gnutls_openpgp_keyring_init (&keyring); if (ret < 0) fail ("keyring-init %d\n", ret); data.data = raw_keyring; data.size = sizeof (raw_keyring) / sizeof (raw_keyring[0]); ret = gnutls_openpgp_keyring_import (keyring, &data, GNUTLS_OPENPGP_FMT_RAW); if (ret < 0) fail ("keyring-import %d\n", ret); ret = gnutls_openpgp_keyring_check_id (keyring, id_not_in_keyring, 0); if (ret == 0) fail ("keyring-check-id (not-in-keyring) %d\n", ret); ret = gnutls_openpgp_keyring_check_id (keyring, id_in_keyring, 0); if (ret != 0) fail ("keyring-check-id first key %d\n", ret); ret = gnutls_openpgp_keyring_check_id (keyring, id2_in_keyring, 0); if (ret != 0) fail ("keyring-check-id second key %d\n", ret); if (debug) success ("done\n"); gnutls_openpgp_keyring_deinit (keyring); gnutls_global_deinit (); }
bool mrutils::TLSServer::init(const char * tpasswd, const char * tpasswdconf) { mrutils::mutexAcquire(connectionMutex); #ifndef MR_TLS_NO_THREADS std::cout << "gcry_control" << std::endl; gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); #endif std::cout << "gnutls_global_init" << std::endl; gnutls_global_init(); std::cout << "gnutls_global_init_extra" << std::endl; gnutls_global_init_extra(); // for srp std::cout << "gnutls_srp_allocate_server_credentials" << std::endl; gnutls_srp_allocate_server_credentials (&srp_cred); std::cout << "gnutls_srp_set_server_credentials_file" << std::endl; gnutls_srp_set_server_credentials_file (srp_cred, tpasswd, tpasswdconf); mrutils::mutexRelease(connectionMutex); return (init_ = true); }
int main (void) { int ret; int sd, ii; gnutls_session_t session; char buffer[MAX_BUF + 1]; gnutls_srp_client_credentials_t srp_cred; gnutls_certificate_credentials_t cert_cred; gnutls_global_init (); /* now enable the gnutls-extra library which contains the * SRP stuff. */ gnutls_global_init_extra (); gnutls_srp_allocate_client_credentials (&srp_cred); gnutls_certificate_allocate_credentials (&cert_cred); gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE, GNUTLS_X509_FMT_PEM); gnutls_srp_set_client_credentials (srp_cred, USERNAME, PASSWORD); /* connects to server */ sd = tcp_connect (); /* Initialize TLS session */ gnutls_init (&session, GNUTLS_CLIENT); /* Set the priorities. */ gnutls_priority_set_direct (session, "NORMAL:+SRP:+SRP-RSA:+SRP-DSS", NULL); /* put the SRP credentials to the current session */ gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cert_cred); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); /* Perform the TLS handshake */ ret = gnutls_handshake (session); if (ret < 0) { fprintf (stderr, "*** Handshake failed\n"); gnutls_perror (ret); goto end; } else { printf ("- Handshake was completed\n"); } gnutls_record_send (session, MSG, strlen (MSG)); ret = gnutls_record_recv (session, buffer, MAX_BUF); if (gnutls_error_is_fatal (ret) == 1 || ret == 0) { if (ret == 0) { printf ("- Peer has closed the GNUTLS connection\n"); goto end; } else { fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret)); goto end; } } else check_alert (session, ret); if (ret > 0) { printf ("- Received %d bytes: ", ret); for (ii = 0; ii < ret; ii++) { fputc (buffer[ii], stdout); } fputs ("\n", stdout); } gnutls_bye (session, GNUTLS_SHUT_RDWR); end: tcp_close (sd); gnutls_deinit (session); gnutls_srp_free_client_credentials (srp_cred); gnutls_certificate_free_credentials (cert_cred); gnutls_global_deinit (); return 0; }
int main (void) { int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; int client_len; char topbuf[512]; gnutls_session_t session; char buffer[MAX_BUF + 1]; int optval = 1; char name[256]; strcpy (name, "Echo Server"); /* these must be called once in the program */ gnutls_global_init (); gnutls_global_init_extra (); /* for SRP */ /* SRP_PASSWD a password file (created with the included srptool utility) */ gnutls_srp_allocate_server_credentials (&srp_cred); gnutls_srp_set_server_credentials_file (srp_cred, SRP_PASSWD, SRP_PASSWD_CONF); gnutls_certificate_allocate_credentials (&cert_cred); gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_file (cert_cred, CERTFILE, KEYFILE, GNUTLS_X509_FMT_PEM); /* TCP socket operations */ listen_sd = socket (AF_INET, SOCK_STREAM, 0); SOCKET_ERR (listen_sd, "socket"); memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); err = listen (listen_sd, 1024); SOCKET_ERR (err, "listen"); printf ("%s ready. Listening to port '%d'.\n\n", name, PORT); client_len = sizeof (sa_cli); for (;;) { session = initialize_tls_session (); sd = accept (listen_sd, (SA *) & sa_cli, &client_len); printf ("- connection from %s, port %d\n", inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) { close (sd); gnutls_deinit (session); fprintf (stderr, "*** Handshake has failed (%s)\n\n", gnutls_strerror (ret)); continue; } printf ("- Handshake was completed\n"); /* print_info(session); */ for (;;) { memset (buffer, 0, MAX_BUF + 1); ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) { printf ("\n- Peer has closed the GNUTLS connection\n"); break; } else if (ret < 0) { fprintf (stderr, "\n*** Received corrupted " "data(%d). Closing the connection.\n\n", ret); break; } else if (ret > 0) { /* echo data back to the client */ gnutls_record_send (session, buffer, strlen (buffer)); } } printf ("\n"); /* do not wait for the peer to close the connection. */ gnutls_bye (session, GNUTLS_SHUT_WR); close (sd); gnutls_deinit (session); } close (listen_sd); gnutls_srp_free_server_credentials (srp_cred); gnutls_certificate_free_credentials (cert_cred); gnutls_global_deinit (); return 0; }
int main (int argc, char **argv) { int err, ret; int ii, i; char buffer[MAX_BUF + 1]; char *session_data = NULL; char *session_id = NULL; size_t session_data_size; size_t session_id_size; fd_set rset; int maxfd; struct timeval tv; int user_term = 0, retval = 0; socket_st hd; ssize_t bytes; set_program_name (argv[0]); gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); #ifdef gcry_fips_mode_active /* Libgcrypt manual says that gcry_version_check must be called before calling gcry_fips_mode_active. */ gcry_check_version (NULL); if (gcry_fips_mode_active ()) { ret = gnutls_register_md5_handler (); if (ret) fprintf (stderr, "gnutls_register_md5_handler: %s\n", gnutls_strerror (ret)); } #endif if ((ret = gnutls_global_init ()) < 0) { fprintf (stderr, "global_init: %s\n", gnutls_strerror (ret)); exit (1); } if ((ret = gnutls_global_init_extra ()) < 0) { fprintf (stderr, "global_init_extra: %s\n", gnutls_strerror (ret)); exit (1); } gaa_parser (argc, argv); if (hostname == NULL) { fprintf (stderr, "No hostname given\n"); exit (1); } gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (info.debug); sockets_init (); #ifndef _WIN32 signal (SIGPIPE, SIG_IGN); #endif init_global_tls_stuff (); socket_open (&hd, hostname, service); socket_connect (&hd); hd.session = init_tls_session (hostname); if (starttls) goto after_handshake; for (i = 0; i < 2; i++) { if (i == 1) { hd.session = init_tls_session (hostname); gnutls_session_set_data (hd.session, session_data, session_data_size); free (session_data); } ret = do_handshake (&hd); if (ret < 0) { fprintf (stderr, "*** Handshake has failed\n"); gnutls_perror (ret); gnutls_deinit (hd.session); return 1; } else { printf ("- Handshake was completed\n"); if (gnutls_session_is_resumed (hd.session) != 0) printf ("*** This is a resumed session\n"); } if (resume != 0 && i == 0) { gnutls_session_get_data (hd.session, NULL, &session_data_size); session_data = malloc (session_data_size); gnutls_session_get_data (hd.session, session_data, &session_data_size); gnutls_session_get_id (hd.session, NULL, &session_id_size); session_id = malloc (session_id_size); gnutls_session_get_id (hd.session, session_id, &session_id_size); /* print some information */ print_info (hd.session, hostname, info.insecure); printf ("- Disconnecting\n"); socket_bye (&hd); printf ("\n\n- Connecting again- trying to resume previous session\n"); socket_open (&hd, hostname, service); socket_connect (&hd); } else { break; } } after_handshake: /* Warning! Do not touch this text string, it is used by external programs to search for when gnutls-cli has reached this point. */ printf ("\n- Simple Client Mode:\n\n"); if (rehandshake) { ret = do_handshake (&hd); if (ret < 0) { fprintf (stderr, "*** ReHandshake has failed\n"); gnutls_perror (ret); gnutls_deinit (hd.session); return 1; } else { printf ("- ReHandshake was completed\n"); } } #ifndef _WIN32 signal (SIGALRM, &starttls_alarm); #endif fflush(stdout); fflush(stderr); /* do not buffer */ #if !(defined _WIN32 || defined __WIN32__) setbuf (stdin, NULL); #endif setbuf (stdout, NULL); setbuf (stderr, NULL); for (;;) { if (starttls_alarmed && !hd.secure) { /* Warning! Do not touch this text string, it is used by external programs to search for when gnutls-cli has reached this point. */ fprintf (stderr, "*** Starting TLS handshake\n"); ret = do_handshake (&hd); if (ret < 0) { fprintf (stderr, "*** Handshake has failed\n"); user_term = 1; retval = 1; break; } } FD_ZERO (&rset); FD_SET (fileno (stdin), &rset); FD_SET (hd.fd, &rset); maxfd = MAX (fileno (stdin), hd.fd); tv.tv_sec = 3; tv.tv_usec = 0; err = select (maxfd + 1, &rset, NULL, NULL, &tv); if (err < 0) continue; if (FD_ISSET (hd.fd, &rset)) { memset (buffer, 0, MAX_BUF + 1); ret = socket_recv (&hd, buffer, MAX_BUF); if (ret == 0) { printf ("- Peer has closed the GnuTLS connection\n"); break; } else if (handle_error (&hd, ret) < 0 && user_term == 0) { fprintf (stderr, "*** Server has terminated the connection abnormally.\n"); retval = 1; break; } else if (ret > 0) { if (verbose != 0) printf ("- Received[%d]: ", ret); for (ii = 0; ii < ret; ii++) { fputc (buffer[ii], stdout); } fflush (stdout); } if (user_term != 0) break; } if (FD_ISSET (fileno (stdin), &rset)) { if ((bytes = read (fileno (stdin), buffer, MAX_BUF - 1)) <= 0) { if (hd.secure == 0) { /* Warning! Do not touch this text string, it is used by external programs to search for when gnutls-cli has reached this point. */ fprintf (stderr, "*** Starting TLS handshake\n"); ret = do_handshake (&hd); clearerr (stdin); if (ret < 0) { fprintf (stderr, "*** Handshake has failed\n"); user_term = 1; retval = 1; break; } } else { user_term = 1; break; } continue; } if (crlf != 0) { char *b = strchr (buffer, '\n'); if (b != NULL) { strcpy (b, "\r\n"); bytes++; } } ret = socket_send (&hd, buffer, bytes); if (ret > 0) { if (verbose != 0) printf ("- Sent: %d bytes\n", ret); } else handle_error (&hd, ret); } } if (info.debug) gcry_control (GCRYCTL_DUMP_RANDOM_STATS); if (user_term != 0) socket_bye (&hd); else gnutls_deinit (hd.session); #ifdef ENABLE_SRP if (srp_cred) gnutls_srp_free_client_credentials (srp_cred); #endif #ifdef ENABLE_PSK if (psk_cred) gnutls_psk_free_client_credentials (psk_cred); #endif gnutls_certificate_free_credentials (xcred); #ifdef ENABLE_ANON gnutls_anon_free_client_credentials (anon_cred); #endif gnutls_global_deinit (); return retval; }
static void init_global_tls_stuff (void) { int ret; if ((ret = gnutls_global_init ()) < 0) { fprintf (stderr, "global_init: %s\n", gnutls_strerror (ret)); exit (1); } gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (debug); if ((ret = gnutls_global_init_extra ()) < 0) { fprintf (stderr, "global_init_extra: %s\n", gnutls_strerror (ret)); // exit (1); } /* X509 stuff */ if (gnutls_certificate_allocate_credentials (&xcred) < 0) { fprintf (stderr, "Certificate allocation memory error\n"); exit (1); } /* there are some CAs that have a v1 certificate *%&@#*%& */ gnutls_certificate_set_verify_flags (xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); if (x509_cafile != NULL) { ret = gnutls_certificate_set_x509_trust_file (xcred, x509_cafile, x509ctype); if (ret < 0) { fprintf (stderr, "Error setting the x509 trust file\n"); } else { printf ("Processed %d CA certificate(s).\n", ret); } } #ifdef ENABLE_PKI if (x509_crlfile != NULL) { ret = gnutls_certificate_set_x509_crl_file (xcred, x509_crlfile, x509ctype); if (ret < 0) { fprintf (stderr, "Error setting the x509 CRL file\n"); } else { printf ("Processed %d CRL(s).\n", ret); } } #endif load_keys (); #ifdef ENABLE_OPENPGP if (pgp_keyring != NULL) { ret = gnutls_certificate_set_openpgp_keyring_file (xcred, pgp_keyring); if (ret < 0) { fprintf (stderr, "Error setting the OpenPGP keyring file\n"); } } if (pgp_trustdb != NULL) { ret = gnutls_certificate_set_openpgp_trustdb (xcred, pgp_trustdb); if (ret < 0) { fprintf (stderr, "Error setting the OpenPGP trustdb file\n"); } } #endif #ifdef ENABLE_SRP /* SRP stuff */ if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0) { fprintf (stderr, "SRP authentication error\n"); } gnutls_srp_set_client_credentials_function (srp_cred, srp_username_callback); #endif #ifdef ENABLE_PSK /* SRP stuff */ if (gnutls_psk_allocate_client_credentials (&psk_cred) < 0) { fprintf (stderr, "PSK authentication error\n"); } gnutls_psk_set_client_credentials (psk_cred, psk_username, &psk_key, GNUTLS_PSK_KEY_HEX); #endif #ifdef ENABLE_ANON /* ANON stuff */ if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0) { fprintf (stderr, "Anonymous authentication error\n"); } #endif }
const struct remote_security_filter *load_security_filter(int tType, const char **dData, load_reference lLoad) { if (initialized) return NULL; #ifdef HAVE_GCRYPT_H if (!gcry_control(GCRYCTL_ANY_INITIALIZATION_P)) { gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); gcry_check_version(NULL); //no need to check as of now gcry_control(GCRYCTL_DISABLE_SECMEM, 0); gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); } #endif gnutls_global_set_log_function(&gnutls_logging); gnutls_global_set_log_level(PARAM_RSVX_TLS_LOGGING); gnutls_global_init(); forwarder_type = tType; const char **initializers = dData, **current = initializers; int argument_count = 0; if (current) while (*current++) argument_count++; if (argument_count > 0 && (current = initializers)) //srp initialization { use_srp_auth = true; const char *passwd = (*current)? *current++ : NULL; const char *srp_passwd = (*current)? *current++ : NULL; const char *srp_passwd_conf = (*current)? *current++ : NULL; if (passwd && strlen(passwd)) { srp_file = passwd; if (!parse_passwd()) { gnutls_global_deinit(); return NULL; } } gnutls_global_init_extra(); if (srp_passwd && strlen(srp_passwd) && srp_passwd_conf && strlen(srp_passwd_conf)) { gnutls_srp_allocate_server_credentials(&srp_server); gnutls_srp_set_server_credentials_file(srp_server, srp_passwd, srp_passwd_conf); } } else //anonymouns initialization { gnutls_anon_allocate_server_credentials(&credentials); gnutls_dh_params_init(&dh_params); gnutls_dh_params_generate2(dh_params, 1024); gnutls_anon_set_server_dh_params(credentials, dh_params); } return &internal_filter; }