예제 #1
0
파일: cli.c 프로젝트: Chronic-Dev/gnutls
/* initializes a gnutls_session_t with some defaults.
 */
static gnutls_session_t
init_tls_session (const char *hostname)
{
  const char *err;

  gnutls_session_t session;

  gnutls_init (&session, GNUTLS_CLIENT);

  if (gnutls_priority_set_direct (session, info.priorities, &err) < 0)
    {
      fprintf (stderr, "Syntax error at: %s\n", err);
      exit (1);
    }

  /* allow the use of private ciphersuites.
   */
  if (disable_extensions == 0)
    {
      gnutls_handshake_set_private_extensions (session, 1);
      gnutls_server_name_set (session, GNUTLS_NAME_DNS, hostname,
			      strlen (hostname));
      if (cert_type_priority[0])
	gnutls_certificate_type_set_priority (session, cert_type_priority);
    }

  if (cipher_priority[0])
    gnutls_cipher_set_priority (session, cipher_priority);
  if (comp_priority[0])
    gnutls_compression_set_priority (session, comp_priority);
  if (kx_priority[0])
    gnutls_kx_set_priority (session, kx_priority);
  if (protocol_priority[0])
    gnutls_protocol_set_priority (session, protocol_priority);
  if (mac_priority[0])
    gnutls_mac_set_priority (session, mac_priority);

  gnutls_dh_set_prime_bits (session, 512);

  gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
  if (srp_cred)
    gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
  if (psk_cred)
    gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred);
  gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);

  gnutls_certificate_client_set_retrieve_function (xcred, cert_callback);
  gnutls_certificate_set_verify_function (xcred, cert_verify_callback);
  gnutls_certificate_set_verify_flags (xcred, 0);

  /* send the fingerprint */
#ifdef ENABLE_OPENPGP
  if (fingerprint != 0)
    gnutls_openpgp_send_cert (session, GNUTLS_OPENPGP_CERT_FINGERPRINT);
#endif

  /* use the max record size extension */
  if (record_max_size > 0 && disable_extensions == 0)
    {
      if (gnutls_record_set_max_size (session, record_max_size) < 0)
	{
	  fprintf (stderr,
		   "Cannot set the maximum record size to %d.\n",
		   record_max_size);
	  fprintf (stderr, "Possible values: 512, 1024, 2048, 4096.\n");
	  exit (1);
	}
    }

#ifdef ENABLE_OPRFI
  if (info.opaque_prf_input)
    gnutls_oprfi_enable_client (session, strlen (info.opaque_prf_input),
				info.opaque_prf_input);
#endif

#ifdef ENABLE_SESSION_TICKET
  if (!info.noticket)
    gnutls_session_ticket_enable_client (session);
#endif

  return session;
}
예제 #2
0
파일: cli.c 프로젝트: philippe-goetz/gnutls
/* initializes a gnutls_session_t with some defaults.
 */
static gnutls_session_t
init_tls_session (const char *hostname)
{
  const char *err;
  int ret;
  gnutls_session_t session;

  if (priorities == NULL)
    priorities = "NORMAL";
  
  if (udp)
    {
      gnutls_init (&session, GNUTLS_CLIENT|GNUTLS_DATAGRAM);
      if (mtu)
        gnutls_dtls_set_mtu(session, mtu);
    }
  else
    gnutls_init (&session, GNUTLS_CLIENT);

  if ((ret = gnutls_priority_set_direct (session, priorities, &err)) < 0)
    {
      if (ret == GNUTLS_E_INVALID_REQUEST) fprintf (stderr, "Syntax error at: %s\n", err);
      else 
        fprintf(stderr, "Error in priorities: %s\n", gnutls_strerror(ret));
      exit (1);
    }

  /* allow the use of private ciphersuites.
   */
  if (disable_extensions == 0)
    {
      if (!isdigit(hostname[0]) && strchr(hostname, ':') == 0)
        gnutls_server_name_set (session, GNUTLS_NAME_DNS, hostname,
                                strlen (hostname));
    }

  gnutls_dh_set_prime_bits (session, 512);

  gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
  if (srp_cred)
    gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
  if (psk_cred)
    gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred);
  gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);

  gnutls_certificate_set_retrieve_function2 (xcred, cert_callback);
  gnutls_certificate_set_verify_function (xcred, cert_verify_callback);
  gnutls_certificate_set_verify_flags (xcred, 0);

  /* send the fingerprint */
#ifdef ENABLE_OPENPGP
  if (fingerprint != 0)
    gnutls_openpgp_send_cert (session, GNUTLS_OPENPGP_CERT_FINGERPRINT);
#endif

  /* use the max record size extension */
  if (record_max_size > 0 && disable_extensions == 0)
    {
      if (gnutls_record_set_max_size (session, record_max_size) < 0)
        {
          fprintf (stderr,
                   "Cannot set the maximum record size to %d.\n",
                   record_max_size);
          fprintf (stderr, "Possible values: 512, 1024, 2048, 4096.\n");
          exit (1);
        }
    }

#ifdef ENABLE_SESSION_TICKET
  if (disable_extensions == 0 && !HAVE_OPT(NOTICKET)t)
    gnutls_session_ticket_enable_client (session);
#endif

  return session;
}
void session::send_openpgp_cert (gnutls_openpgp_crt_status_t status)
{
#ifdef ENABLE_OPENPGP
    gnutls_openpgp_send_cert (s, status);
#endif
}
예제 #4
0
void doit(void)
{
	int err, i;
	int sockets[2];
	const char *srcdir;
	pid_t child;
	char pub_key_path[512], priv_key_path[512];

	global_init();

	srcdir = getenv("srcdir") ? getenv("srcdir") : ".";

	for (i = 0; i < 5; i++) {
		if (i <= 1)
			key_id = NULL;	/* try using the master key */
		else if (i == 2)
			key_id = "auto";	/* test auto */
		else if (i >= 3)
			key_id = "f30fd423c143e7ba";

		if (debug) {
			gnutls_global_set_log_level(5);
			gnutls_global_set_log_function(log_message);
		}

		err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
		if (err != 0)
			fail("socketpair %s\n", strerror(errno));

		if (sizeof(pub_key_path) <
		    strlen(srcdir) + strlen(pub_key_file) + 2)
			abort();

		strcpy(pub_key_path, srcdir);
		strcat(pub_key_path, "/");
		strcat(pub_key_path, pub_key_file);

		if (sizeof(priv_key_path) <
		    strlen(srcdir) + strlen(priv_key_file) + 2)
			abort();

		strcpy(priv_key_path, srcdir);
		strcat(priv_key_path, "/");
		strcat(priv_key_path, priv_key_file);

		child = fork();
		if (child == -1)
			fail("fork %s\n", strerror(errno));

		if (child == 0) {
			/* Child process (client).  */
			gnutls_session_t session;
			gnutls_certificate_credentials_t cred;
			ssize_t sent;

			if (debug)
				printf("client process %i\n", getpid());

			err = gnutls_init(&session, GNUTLS_CLIENT);
			if (err != 0)
				fail("client session %d\n", err);

			if (i == 0)	/* we use the primary key which is RSA. Test the RSA ciphersuite */
				gnutls_priority_set_direct(session,
							   "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+RSA:+CTYPE-OPENPGP",
							   NULL);
			else
				gnutls_priority_set_direct(session,
							   "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
							   NULL);
			gnutls_transport_set_int(session, sockets[0]);

			err =
			    gnutls_certificate_allocate_credentials(&cred);
			if (err != 0)
				fail("client credentials %d\n", err);

			err =
			    gnutls_certificate_set_openpgp_key_file2(cred,
								     pub_key_path,
								     priv_key_path,
								     key_id,
								     GNUTLS_OPENPGP_FMT_BASE64);
			if (err != 0)
				fail("client openpgp keys %s\n",
				     gnutls_strerror(err));

			check_loaded_key(cred);

			err =
			    gnutls_credentials_set(session,
						   GNUTLS_CRD_CERTIFICATE,
						   cred);
			if (err != 0)
				fail("client credential_set %d\n", err);

			gnutls_dh_set_prime_bits(session, 1024);

			if (i == 4)
				gnutls_openpgp_send_cert(session,
							 GNUTLS_OPENPGP_CERT_FINGERPRINT);

			err = gnutls_handshake(session);
			if (err != 0)
				fail("client handshake %s (%d) \n",
				     gnutls_strerror(err), err);
			else if (debug)
				printf("client handshake successful\n");

			sent =
			    gnutls_record_send(session, message,
						sizeof(message));
			if (sent != sizeof(message))
				fail("client sent %li vs. %li\n",
				     (long) sent, (long) sizeof(message));

			err = gnutls_bye(session, GNUTLS_SHUT_RDWR);
			if (err != 0)
				fail("client bye %d\n", err);

			if (debug)
				printf("client done\n");

			gnutls_deinit(session);
			gnutls_certificate_free_credentials(cred);
			gnutls_free(stored_cli_cert.data);
			gnutls_global_deinit();
			return;
		} else {
			/* Parent process (server).  */
			gnutls_session_t session;
			gnutls_dh_params_t dh_params;
			gnutls_certificate_credentials_t cred;
			char greetings[sizeof(message) * 2];
			ssize_t received;
			pid_t done;
			int status;
			const gnutls_datum_t p3 =
			    { (void *) pkcs3, strlen(pkcs3) };

			if (debug)
				printf("server process %i (child %i)\n",
					getpid(), child);

			err = gnutls_init(&session, GNUTLS_SERVER);
			if (err != 0)
				fail("server session %d\n", err);

			gnutls_priority_set_direct(session,
						   "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+RSA:+CTYPE-OPENPGP",
						   NULL);
			gnutls_transport_set_int(session, sockets[1]);

			err =
			    gnutls_certificate_allocate_credentials(&cred);
			if (err != 0)
				fail("server credentials %d\n", err);

			err =
			    gnutls_certificate_set_openpgp_key_file2(cred,
								     pub_key_path,
								     priv_key_path,
								     key_id,
								     GNUTLS_OPENPGP_FMT_BASE64);
			if (err != 0)
				fail("server openpgp keys %s\n",
				     gnutls_strerror(err));

			check_loaded_key(cred);

			err = gnutls_dh_params_init(&dh_params);
			if (err)
				fail("server DH params init %d\n", err);

			err =
			    gnutls_dh_params_import_pkcs3(dh_params, &p3,
							  GNUTLS_X509_FMT_PEM);
			if (err)
				fail("server DH params generate %d\n",
				     err);

			gnutls_certificate_set_dh_params(cred, dh_params);

			err =
			    gnutls_credentials_set(session,
						   GNUTLS_CRD_CERTIFICATE,
						   cred);
			if (err != 0)
				fail("server credential_set %d\n", err);

			gnutls_certificate_server_set_request(session,
							      GNUTLS_CERT_REQUIRE);

			if (i == 4)
				gnutls_openpgp_set_recv_key_function
				    (session, key_recv_func);

			err = gnutls_handshake(session);
			if (err != 0)
				fail("server handshake %s (%d) \n",
				     gnutls_strerror(err), err);

			if (stored_cli_cert.data == NULL) {
				const gnutls_datum_t *d;
				unsigned int d_size;
				d = gnutls_certificate_get_peers(session,
								 &d_size);
				if (d != NULL) {
					stored_cli_cert.data =
					    gnutls_malloc(d[0].size);
					memcpy(stored_cli_cert.data,
						d[0].data, d[0].size);
					stored_cli_cert.size = d[0].size;
				}
			}

			received =
			    gnutls_record_recv(session, greetings,
						sizeof(greetings));
			if (received != sizeof(message)
			    || memcmp(greetings, message, sizeof(message)))
				fail("server received %li vs. %li\n",
				     (long) received,
				     (long) sizeof(message));

			err = gnutls_bye(session, GNUTLS_SHUT_RDWR);
			if (err != 0)
				fail("server bye %s (%d) \n",
				     gnutls_strerror(err), err);

			if (debug)
				printf("server done\n");

			gnutls_deinit(session);
			gnutls_certificate_free_credentials(cred);
			gnutls_dh_params_deinit(dh_params);

			done = wait(&status);
			if (done < 0)
				fail("wait %s\n", strerror(errno));

			if (done != child)
				fail("who's that?! %d\n", done);

			check_wait_status(status);
		}
	}

	gnutls_free(stored_cli_cert.data);
	gnutls_global_deinit();
}
예제 #5
0
파일: cli.c 프로젝트: nobled/gnutls
/* initializes a gnutls_session_t with some defaults.
 */
static gnutls_session_t
init_tls_session (const char *hostname)
{
  const char *err;
  int ret;
  gnutls_session_t session;

  if (priorities == NULL)
    priorities = "NORMAL";
  
  if (udp)
    {
      gnutls_init (&session, GNUTLS_DATAGRAM|init_flags);
      if (mtu)
        gnutls_dtls_set_mtu(session, mtu);
    }
  else
    gnutls_init (&session, init_flags);

  if ((ret = gnutls_priority_set_direct (session, priorities, &err)) < 0)
    {
      if (ret == GNUTLS_E_INVALID_REQUEST) fprintf (stderr, "Syntax error at: %s\n", err);
      else 
        fprintf(stderr, "Error in priorities: %s\n", gnutls_strerror(ret));
      exit (1);
    }

  /* allow the use of private ciphersuites.
   */
  if (disable_extensions == 0)
    {
      if (!isdigit(hostname[0]) && strchr(hostname, ':') == 0)
        gnutls_server_name_set (session, GNUTLS_NAME_DNS, hostname,
                                strlen (hostname));
    }

  if (HAVE_OPT(DH_BITS)) 
    gnutls_dh_set_prime_bits( session, OPT_VALUE_DH_BITS);

  gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred);
  if (srp_cred)
    gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
  if (psk_cred)
    gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred);
  gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred);

  gnutls_certificate_set_retrieve_function2 (xcred, cert_callback);
  gnutls_certificate_set_verify_function (xcred, cert_verify_callback);

  /* send the fingerprint */
#ifdef ENABLE_OPENPGP
  if (fingerprint != 0)
    gnutls_openpgp_send_cert (session, GNUTLS_OPENPGP_CERT_FINGERPRINT);
#endif

  /* use the max record size extension */
  if (record_max_size > 0 && disable_extensions == 0)
    {
      if (gnutls_record_set_max_size (session, record_max_size) < 0)
        {
          fprintf (stderr,
                   "Cannot set the maximum record size to %d.\n",
                   record_max_size);
          fprintf (stderr, "Possible values: 512, 1024, 2048, 4096.\n");
          exit (1);
        }
    }

  if (HAVE_OPT(HEARTBEAT))
    gnutls_heartbeat_enable (session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);

#ifdef ENABLE_DTLS_SRTP
  if (HAVE_OPT(SRTP_PROFILES))
    {
      ret = gnutls_srtp_set_profile_direct (session, OPT_ARG(SRTP_PROFILES), &err);
      if (ret == GNUTLS_E_INVALID_REQUEST) fprintf (stderr, "Syntax error at: %s\n", err);
      else 
        fprintf(stderr, "Error in profiles: %s\n", gnutls_strerror(ret));
      exit (1);
    }
#endif

  return session;
}