Exemplo n.º 1
0
bool generate_dh_params(gnutls_dh_params_t *const dh_params)
{
	/* int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LOW); */
	int bits = 1248; /* Equivalent, gnutls_sec_param_to_pk_bits is available since 2.12 */
	int ret;

	assert(dh_params != NULL);

	/* Generate Diffie-Hellman parameters - for use with DHE
	 * kx algorithms. When short bit length is used, it might
	 * be wise to regenerate parameters often. */
	ret = gnutls_dh_params_init(dh_params);
	if(ret != GNUTLS_E_SUCCESS)
	{
		trace(LOG_ERR, "failed to initialize Diffie-Hellman parameters");
		goto error;
	}
	ret = gnutls_dh_params_generate2(*dh_params, bits);
	if(ret != GNUTLS_E_SUCCESS)
	{
		trace(LOG_ERR, "failed to generate Diffie-Hellman parameters");
		goto free_dh;
	}

	return true;

free_dh:
	gnutls_dh_params_deinit(*dh_params);
error:
	return false;
}
Exemplo n.º 2
0
static void read_dh_parameters(int fd, const char *fname)
{
	gnutls_datum dbits, prime, generator;
	int ret, bits;

	if ((ret = gnutls_dh_params_init(&dh_params)) < 0) {
		i_fatal("gnutls_dh_params_init() failed: %s",
			gnutls_strerror(ret));
	}

	/* read until bits field is 0 */
	for (;;) {
		read_next_field(fd, &dbits, fname, "DH bits");

		if (dbits.size != sizeof(int)) {
			(void)unlink(fname);
			i_fatal("Corrupted SSL parameter file %s: "
				"Field 'DH bits' has invalid size %u",
				fname, dbits.size);
		}

		bits = *((int *) dbits.data);
		if (bits == 0)
			break;

		read_next_field(fd, &prime, fname, "DH prime");
		read_next_field(fd, &generator, fname, "DH generator");

		ret = gnutls_dh_params_set(dh_params, prime, generator, bits);
		if (ret < 0) {
			i_fatal("gnutls_dh_params_set() failed: %s",
				gnutls_strerror(ret));
		}
	}
}
Exemplo n.º 3
0
int ufwissl_ssl_context_set_dh_file(ufwissl_ssl_context * ctx,
				  const char *filename)
{
	gnutls_datum_t datum_dh;
	int ret;

	datum_dh.data = NULL;

	if (!filename)
		return UFWISSL_ERROR;

	/* read CRL and CA */
	ret = read_to_datum(filename, &datum_dh);
	if (ret != 0)
		return UFWISSL_ERROR;

	if (gnutls_dh_params_init(&ctx->dh) < 0) {
		free(datum_dh.data);
		return UFWISSL_ERROR;
	}

	if (gnutls_dh_params_import_pkcs3(ctx->dh, &datum_dh, GNUTLS_X509_FMT_PEM) < 0) {
		free(datum_dh.data);
		return UFWISSL_ERROR;
	}

	free(datum_dh.data);
	return UFWISSL_OK;
}
Exemplo n.º 4
0
    void TLSSocket::init(const std::string& caPath,
            const std::string& crlPath,
            const std::string& certPath,
            const std::string& keyPath) {
        gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
        gnutls_global_init();    	
        gnutls_certificate_allocate_credentials(&xcred);
        if (!caPath.empty()) {
            gnutls_certificate_set_x509_trust_file(xcred, 
                    caPath.c_str(), 
                    GNUTLS_X509_FMT_PEM);
            gnutls_certificate_set_verify_flags (xcred,
                    GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
        }
        if (!crlPath.empty()) {
            gnutls_certificate_set_x509_crl_file(xcred,
                    crlPath.c_str(), 
                    GNUTLS_X509_FMT_PEM);
        }
        gnutls_certificate_set_x509_key_file(xcred,
                certPath.c_str(),
                keyPath.c_str(),
                GNUTLS_X509_FMT_PEM);
        gnutls_dh_params_init(&dh_params);
        gnutls_dh_params_generate2(dh_params, 1024);
        gnutls_priority_init(&priority_cache, "NORMAL", NULL);
        gnutls_certificate_set_dh_params(xcred, dh_params);

    }
Exemplo n.º 5
0
static int generate_dh_params(struct rfbssl_ctx *ctx)
{
    int ret;
    if (GNUTLS_E_SUCCESS == (ret = gnutls_dh_params_init(&ctx->dh_params)))
	ret = gnutls_dh_params_generate2(ctx->dh_params, 1024);
    return ret;
}
Exemplo n.º 6
0
static int vnc_tls_initialize(void)
{
    static int tlsinitialized = 0;

    if (tlsinitialized)
        return 1;

    if (gnutls_global_init () < 0)
        return 0;

    /* XXX ought to re-generate diffie-hellman params periodically */
    if (gnutls_dh_params_init (&dh_params) < 0)
        return 0;
    if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
        return 0;

#if defined(_VNC_DEBUG) && _VNC_DEBUG >= 2
    gnutls_global_set_log_level(10);
    gnutls_global_set_log_function(vnc_debug_gnutls_log);
#endif

    tlsinitialized = 1;

    return 1;
}
Exemplo n.º 7
0
int
manos_tls_regenerate_dhparams (int bits)
{
	gnutls_dh_params_t params, oldparams;
	int err;

	err = gnutls_dh_params_init (&params);
	if (err != 0) {
		return err;
	}

	err = gnutls_dh_params_generate2 (params, bits);
	if (err != 0) {
		gnutls_dh_params_deinit (params);
		return err;
	}

	oldparams = dh_params;
	dh_params = params;

	if (oldparams != NULL) {
		gnutls_dh_params_deinit (oldparams);
	}

	return 0;
}
Exemplo n.º 8
0
static int generate_dh_params (void)
{
   gnutls_dh_params_init (&dh_params);
   gnutls_dh_params_generate2 (dh_params, DH_BITS);

   return 0;
}
Exemplo n.º 9
0
int
rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile)
{
	int ret;
	gnutls_datum_t *d_cert, *d_key;
	if(cert == NULL)
	{
		rb_lib_log("rb_setup_ssl_server: No certificate file");
		return 0;
	}

	if((d_cert = rb_load_file_into_datum_t(cert)) == NULL)
	{
		rb_lib_log("rb_setup_ssl_server: Error loading certificate: %s", strerror(errno));
		return 0;
	}

	if((d_key = rb_load_file_into_datum_t(keyfile)) == NULL)
	{
		rb_lib_log("rb_setup_ssl_server: Error loading key: %s", strerror(errno));
		return 0;
	}


	if((ret =
	    gnutls_certificate_set_x509_key_mem(x509, d_cert, d_key,
						GNUTLS_X509_FMT_PEM)) != GNUTLS_E_SUCCESS)
	{
		rb_lib_log("rb_setup_ssl_server: Error loading certificate or key file: %s",
			   gnutls_strerror(ret));
		return 0;
	}
	rb_free_datum_t(d_cert);
	rb_free_datum_t(d_key);

	if(dhfile != NULL)
	{
		if(gnutls_dh_params_init(&dh_params) == GNUTLS_E_SUCCESS)
		{
			gnutls_datum_t *data;
			int xret;
			data = rb_load_file_into_datum_t(dhfile);
			if(data != NULL)
			{
				xret = gnutls_dh_params_import_pkcs3(dh_params, data,
								     GNUTLS_X509_FMT_PEM);
				if(xret < 0)
					rb_lib_log
						("rb_setup_ssl_server: Error parsing DH file: %s\n",
						 gnutls_strerror(xret));
				rb_free_datum_t(data);
			}
			gnutls_certificate_set_dh_params(x509, dh_params);
		}
		else
			rb_lib_log("rb_setup_ssl_server: Unable to setup DH parameters");
	}
	return 1;
}
Exemplo n.º 10
0
void dh_info(FILE * infile, FILE * outfile, common_info_st * ci)
{
	gnutls_datum_t params;
	size_t size;
	int ret;
	gnutls_dh_params_t dh_params;
	gnutls_datum_t p, g;
	unsigned int q_bits = 0;

	if (gnutls_dh_params_init(&dh_params) < 0) {
		fprintf(stderr, "Error in dh parameter initialization\n");
		exit(1);
	}

	params.data = (void *) fread_file(infile, &size);
	params.size = size;

	ret =
	    gnutls_dh_params_import_pkcs3(dh_params, &params,
					  ci->incert_format);
	if (ret < 0) {
		fprintf(stderr, "Error parsing dh params: %s\n",
			gnutls_strerror(ret));
		exit(1);
	}

	ret = gnutls_dh_params_export_raw(dh_params, &p, &g, &q_bits);
	if (ret < 0) {
		fprintf(stderr, "Error exporting parameters: %s\n",
			gnutls_strerror(ret));
		exit(1);
	}

	if (ci->outcert_format == GNUTLS_X509_FMT_PEM)
		print_dh_info(outfile, &p, &g, q_bits, ci->cprint);

	if (!ci->cprint) {	/* generate a PKCS#3 structure */
		size_t len = buffer_size;

		ret =
		    gnutls_dh_params_export_pkcs3(dh_params,
						  ci->outcert_format,
						  buffer, &len);

		if (ret == 0) {
			if (ci->outcert_format == GNUTLS_X509_FMT_PEM) {
				fprintf(outfile, "\n%s", buffer);
			} else {
				fwrite(buffer, 1, len, outfile);
			}
		} else {
			fprintf(stderr, "Error: %s\n",
				gnutls_strerror(ret));
		}
	}

	gnutls_dh_params_deinit(dh_params);
}
Exemplo n.º 11
0
/** Generate initial DH and RSA params.
 * Loads the pre-generated DH primes.
 */
static void _crywrap_tls_init(void)
{

	gnutls_dh_params_init(&dh_params);
	gnutls_dh_params_import_pkcs3(dh_params, &dh_file,
				      GNUTLS_X509_FMT_PEM);

	gnutls_certificate_set_dh_params(cred, dh_params);
}
Exemplo n.º 12
0
void TLSServer::init (
  const std::string& ca,
  const std::string& crl,
  const std::string& cert,
  const std::string& key)
{
  _ca   = ca;
  _crl  = crl;
  _cert = cert;
  _key  = key;

  int ret = gnutls_global_init ();
  if (ret < 0)
    throw format ("TLS init error. {1}", gnutls_strerror (ret));

  ret = gnutls_certificate_allocate_credentials (&_credentials);
  if (ret < 0)
    throw format ("TLS allocation error. {1}", gnutls_strerror (ret));

  if (_ca != "" &&
      (ret = gnutls_certificate_set_x509_trust_file (_credentials, _ca.c_str (), GNUTLS_X509_FMT_PEM)) < 0)
    throw format ("Bad CA file. {1}", gnutls_strerror (ret));

  if ( _crl != "" &&
      (ret = gnutls_certificate_set_x509_crl_file (_credentials, _crl.c_str (), GNUTLS_X509_FMT_PEM)) < 0)
    throw format ("Bad CRL file. {1}", gnutls_strerror (ret));

  if (_cert != "" &&
      _key != "" &&
      (ret = gnutls_certificate_set_x509_key_file (_credentials, _cert.c_str (), _key.c_str (), GNUTLS_X509_FMT_PEM)) < 0)
    throw format ("Bad CERT file. {1}", gnutls_strerror (ret));

#if GNUTLS_VERSION_NUMBER >= 0x020b00
#if GNUTLS_VERSION_NUMBER >= 0x03000d
  unsigned int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
#else
  unsigned int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_NORMAL);
#endif
#else
  unsigned int bits = DH_BITS;
#endif
  gnutls_dh_params_init (&_params);
  gnutls_dh_params_generate2 (_params, bits);

  if (_ciphers == "")
    _ciphers = "NORMAL";
  gnutls_priority_init (&_priorities, _ciphers.c_str (), NULL);
  gnutls_certificate_set_dh_params (_credentials, _params);

#if GNUTLS_VERSION_NUMBER >= 0x02090a
  // The automatic verification for the client certificate with
  // gnutls_certificate_set_verify_function only works with gnutls
  // >=2.9.10. So with older versions we should call the verify function
  // manually after the gnutls handshake.
  gnutls_certificate_set_verify_function (_credentials, verify_certificate_callback);
#endif
}
Exemplo n.º 13
0
static int
generate_dh_params (void)
{
  const gnutls_datum_t p3 = { pkcs3, strlen (pkcs3) };
  /* Generate Diffie Hellman parameters - for use with DHE
   * kx algorithms. These should be discarded and regenerated
   * once a day, once a week or once a month. Depending on the
   * security requirements.
   */
  gnutls_dh_params_init (&dh_params);
  return gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
}
Exemplo n.º 14
0
static Ecore_Con_Ssl_Error
_ecore_con_ssl_server_prepare_gnutls(Ecore_Con_Server *svr,
                                     int               ssl_type)
{
   int ret;

   if (ssl_type & ECORE_CON_USE_SSL2)
     return ECORE_CON_SSL_ERROR_SSL2_NOT_SUPPORTED;

   switch (ssl_type)
     {
      case ECORE_CON_USE_SSL3:
      case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
      case ECORE_CON_USE_TLS:
      case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
      case ECORE_CON_USE_MIXED:
      case ECORE_CON_USE_MIXED | ECORE_CON_LOAD_CERT:
        break;

      default:
        return ECORE_CON_SSL_ERROR_NONE;
     }

   SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_certificate_allocate_credentials(&svr->cert));

   if ((!svr->use_cert) && svr->created)
     {
        SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_dh_params_init(&svr->dh_params));
        INF("Generating DH params");
        SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_dh_params_generate2(svr->dh_params, 1024));

        SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_anon_allocate_server_credentials(&svr->anoncred_s));
        /* TODO: implement PSK */
        //  SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_psk_allocate_server_credentials(&svr->pskcred_s));

        gnutls_anon_set_server_dh_params(svr->anoncred_s, svr->dh_params);
        gnutls_certificate_set_dh_params(svr->cert, svr->dh_params);
        //gnutls_psk_set_server_dh_params(svr->pskcred_s, svr->dh_params);
        INF("DH params successfully generated and applied!");
     }
   else if (!svr->use_cert)
     {
        //SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_psk_allocate_client_credentials(&svr->pskcred_c));
          SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_anon_allocate_client_credentials(&svr->anoncred_c));
     }

   return ECORE_CON_SSL_ERROR_NONE;

error:
   _gnutls_print_errors(ret);
   _ecore_con_ssl_server_shutdown_gnutls(svr);
   return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
}
Exemplo n.º 15
0
         void gtlsGlobalServerData::generate_dh_params()
         {
            int ret = 0;

            ret = gnutls_dh_params_init(&dh_params);
            // printerror("gnutls_dh_params_init", ret);
            if (ret < 0) { initialized_ = false; }

            ret = gnutls_dh_params_generate2(dh_params, gtlsGeneric::GNUTLSIF_DH_BITS);
            // printerror("gnutls_dh_params_generate2", ret);
            if (ret < 0) { initialized_ = false; }

         }
Exemplo n.º 16
0
/* Server mode: Set DH parameters */
int ufwissl_ssl_context_set_dh_bits(ufwissl_ssl_context * ctx,
				  unsigned int dh_bits)
{
	ctx->dh_bits = dh_bits;

	if (gnutls_dh_params_init(&ctx->dh) < 0)
		return UFWISSL_ERROR;

	if (gnutls_dh_params_generate2(ctx->dh, ctx->dh_bits) < 0)
		return UFWISSL_ERROR;

	return UFWISSL_OK;
}
Exemplo n.º 17
0
static int
generate_dh_params (void)
{

  /* Generate Diffie-Hellman parameters - for use with DHE
   * kx algorithms. These should be discarded and regenerated
   * once a day, once a week or once a month. Depending on the
   * security requirements.
   */
  gnutls_dh_params_init (&dh_params);
  gnutls_dh_params_generate2 (dh_params, DH_BITS);

  return 0;
}
Exemplo n.º 18
0
static int
generate_dh_params (void)
{
    int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LOW);

    /* Generate Diffie-Hellman parameters - for use with DHE
     * kx algorithms. When short bit length is used, it might
     * be wise to regenerate parameters often.
     */
    gnutls_dh_params_init (&dh_params);
    gnutls_dh_params_generate2 (dh_params, bits);

    return 0;
}
Exemplo n.º 19
0
static int generate_dh_params(void)
{

        /* Generate Diffie-Hellman parameters - for use with DHE
         * kx algorithms. When short bit length is used, it might
         * be wise to regenerate parameters.
         *
         * Check the ex-serv-export.c example for using static
         * parameters.
         */
        gnutls_dh_params_init(&dh_params);
        gnutls_dh_params_generate2(dh_params, DH_BITS);

        return 0;
}
Exemplo n.º 20
0
void initialize_tls_global(void)
{
	gnutls_global_init ();

	gnutls_certificate_allocate_credentials (&x509_cred);
	gnutls_certificate_set_x509_trust_file (x509_cred, CACERT,
						GNUTLS_X509_FMT_PEM);
	gnutls_certificate_set_x509_crl_file (x509_cred, CACRL,
						GNUTLS_X509_FMT_PEM);
	gnutls_certificate_set_x509_key_file (x509_cred, SERVERCERT, SERVERKEY,
						GNUTLS_X509_FMT_PEM);
	gnutls_dh_params_init (&dh_params);
	gnutls_dh_params_generate2 (dh_params, DH_BITS);

	gnutls_certificate_set_dh_params (x509_cred, dh_params);
}
Exemplo n.º 21
0
void doit(void)
{
	gnutls_dh_params_t dh_params;
	gnutls_x509_privkey_t privkey;
	gnutls_datum_t p1, g1, p2, g2, q;
	unsigned bits = 0;
	int ret;

	/* import DH parameters from DSA key and verify they are the same */
	gnutls_dh_params_init(&dh_params);
	gnutls_x509_privkey_init(&privkey);

	ret = gnutls_x509_privkey_import(privkey, &dsa_key, GNUTLS_X509_FMT_PEM);
	if (ret < 0)
		fail("error in %s: %d\n", __FILE__, __LINE__);

	ret = gnutls_dh_params_import_dsa(dh_params, privkey);
	if (ret < 0)
		fail("error in %s: %d\n", __FILE__, __LINE__);

	ret = gnutls_dh_params_export_raw(dh_params, &p1, &g1, &bits);
	if (ret < 0)
		fail("error in %s: %d\n", __FILE__, __LINE__);

	ret = gnutls_x509_privkey_export_dsa_raw(privkey, &p2, &q, &g2, NULL, NULL);
	if (ret < 0)
		fail("error in %s: %d\n", __FILE__, __LINE__);

	if (bits > q.size*8  || bits < q.size*8-8)
		fail("error in %s: %d\n", __FILE__, __LINE__);

	if (compare(&p1, &p2) != 0)
		fail("error in %s: %d\n", __FILE__, __LINE__);

	if (compare(&g1, &g2) != 0)
		fail("error in %s: %d\n", __FILE__, __LINE__);

	gnutls_free(p1.data);
	gnutls_free(g1.data);
	gnutls_free(p2.data);
	gnutls_free(g2.data);
	gnutls_free(q.data);

	gnutls_dh_params_deinit(dh_params);
	gnutls_x509_privkey_deinit(privkey);
	success("all ok\n");
}
Exemplo n.º 22
0
void TLSServer::init (
  const std::string& ca,
  const std::string& crl,
  const std::string& cert,
  const std::string& key)
{
  _ca   = ca;
  _crl  = crl;
  _cert = cert;
  _key  = key;

  gnutls_global_init ();
  gnutls_certificate_allocate_credentials (&_credentials);
  if (_ca != "" &&
      gnutls_certificate_set_x509_trust_file (_credentials, _ca.c_str (), GNUTLS_X509_FMT_PEM) < 0)
    throw std::string ("Missing CA file.");

  if ( _crl != "" &&
      gnutls_certificate_set_x509_crl_file (_credentials, _crl.c_str (), GNUTLS_X509_FMT_PEM) < 0)
    throw std::string ("Missing CRL file.");

  if (_cert != "" &&
      _key != "" &&
      gnutls_certificate_set_x509_key_file (_credentials, _cert.c_str (), _key.c_str (), GNUTLS_X509_FMT_PEM) < 0)
    throw std::string ("Missing CERT file.");

#if GNUTLS_VERSION_NUMBER >= 0x020b00
#if GNUTLS_VERSION_NUMBER >= 0x03000d
  unsigned int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
#else
  unsigned int bits = gnutls_sec_param_to_pk_bits (GNUTLS_PK_DH, GNUTLS_SEC_PARAM_NORMAL);
#endif
#else
  unsigned int bits = DH_BITS;
#endif
  gnutls_dh_params_init (&_params);
  gnutls_dh_params_generate2 (_params, bits);

  if (_ciphers == "")
    _ciphers = "NORMAL";
  gnutls_priority_init (&_priorities, _ciphers.c_str (), NULL);
  gnutls_certificate_set_dh_params (_credentials, _params);

#if GNUTLS_VERSION_NUMBER >= 0x02090a
  gnutls_certificate_set_verify_function (_credentials, verify_certificate_callback);
#endif
}
Exemplo n.º 23
0
static rfbBool
InitializeTLS(void)
{
  int ret;

  if (rfbTLSInitialized) return TRUE;
  if ((ret = gnutls_global_init()) < 0 ||
      (ret = gnutls_dh_params_init(&rfbDHParams)) < 0 ||
      (ret = gnutls_dh_params_generate2(rfbDHParams, DH_BITS)) < 0)
  {
    rfbClientLog("Failed to initialized GnuTLS: %s.\n", gnutls_strerror(ret));
    return FALSE;
  }
  rfbClientLog("GnuTLS initialized.\n");
  rfbTLSInitialized = TRUE;
  return TRUE;
}
Exemplo n.º 24
0
/// Enables TLS on the given server.
static void onion_enable_tls(onion *o){
#ifdef HAVE_PTHREADS
	gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
#endif
	if (!(o->flags&O_USE_DEV_RANDOM)){
		gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
	}
	gnutls_global_init ();
  gnutls_certificate_allocate_credentials (&o->x509_cred);

	gnutls_dh_params_init (&o->dh_params);
  gnutls_dh_params_generate2 (o->dh_params, 1024);
  gnutls_certificate_set_dh_params (o->x509_cred, o->dh_params);
  gnutls_priority_init (&o->priority_cache, "NORMAL", NULL);
	
	o->flags|=O_SSL_ENABLED;
}
Exemplo n.º 25
0
int server_create(prelude_client_profile_t *cp, const char *addr, unsigned int port,
                  prelude_bool_t keepalive, const char *pass, gnutls_x509_privkey_t key, gnutls_x509_crt_t cacrt, gnutls_x509_crt_t crt)
{
        int sock;
        size_t size;
        struct pollfd pfd[128];
        gnutls_dh_params_t dh_params;

#ifdef GNUTLS_SRP_ENABLED
        int ret;

        ret = gnutls_srp_allocate_server_credentials(&srpcred);
        if ( ret < 0 ) {
                fprintf(stderr, "error creating SRP credentials: %s.\n", gnutls_strerror(ret));
                return -1;
        }

        gnutls_srp_set_server_credentials_function(srpcred, srp_callback);
#endif

        one_shot_passwd = pass;
        gnutls_anon_allocate_server_credentials(&anoncred);

        fprintf(stderr, "Generating %d bits Diffie-Hellman key for anonymous authentication...", ANON_DH_BITS);
        gnutls_dh_params_init(&dh_params);
        gnutls_dh_params_generate2(dh_params, ANON_DH_BITS);
        gnutls_anon_set_server_dh_params(anoncred, dh_params);
        fprintf(stderr, "\n");

        size = sizeof(pfd) / sizeof(*pfd);
        sock = setup_server(addr, port, pfd, &size);
        if ( sock < 0 )
                return -1;

        wait_connection(cp, sock, pfd, size, keepalive, key, cacrt, crt);

#ifdef GNUTLS_SRP_ENABLED
        gnutls_srp_free_server_credentials(srpcred);
#endif

        gnutls_anon_free_server_credentials(anoncred);

        return 0;
}
Exemplo n.º 26
0
static gnutls_dh_params
get_dh_params(void)
{
    static gnutls_dh_params dh_params;
    static bool initialized = FALSE;

    if (!initialized) {
        if (gnutls_dh_params_init(&dh_params)) {
            g_warning("%s(): gnutls_dh_params_init() failed", G_STRFUNC);
            return NULL;
        }
        if (gnutls_dh_params_generate2(dh_params, TLS_DH_BITS)) {
            g_warning("%s(): gnutls_dh_params_generate2() failed", G_STRFUNC);
            return NULL;
        }
        initialized = TRUE;
    }
    return dh_params;
}
Exemplo n.º 27
0
SslContext::SslContext() :
	enabled(true),
	certFile(this),
	keyFile(this),
	crlFile(this),
	trustFile(this),
	error_(),
	logger_(0),
	numX509Certs_(0),
	clientVerifyMode_(GNUTLS_CERT_IGNORE),
	caList_(0)
{
	TRACE("SslContext()");

	gnutls_dh_params_init(&dhParams_);
	gnutls_dh_params_generate2(dhParams_, 1024);

	gnutls_certificate_allocate_credentials(&certs_);
	gnutls_anon_allocate_server_credentials(&anonCreds_);
}
Exemplo n.º 28
0
void doit(void)
{
    gnutls_dh_params_t dh_params = NULL;
    int rc;

    rc = global_init();
    if (rc)
        fail("global_init\n");

    if (gnutls_dh_params_init(&dh_params) < 0)
        fail("Error in dh parameter initialization\n");

    if (gnutls_dh_params_generate2(dh_params, 1024) < 0)
        fail("Error in prime generation\n");

    gnutls_dh_params_deinit(dh_params);

    gnutls_global_deinit();

    if (debug)
        success("generated DH params OK\n");
}
Exemplo n.º 29
0
static struct gnutls_dh_params_int* gnutls_dh_params_create (void) {
	struct gnutls_dh_params_int* result = NULL;
	struct gnutls_dh_params_int* _result_ = NULL;
	gint ret = 0;
	struct gnutls_dh_params_int* _tmp0_ = NULL;
	gint _tmp1_ = 0;
	gint _tmp2_ = 0;
	_tmp1_ = gnutls_dh_params_init (&_tmp0_);
	_gnutls_dh_params_deinit0 (_result_);
	_result_ = _tmp0_;
	ret = _tmp1_;
	_tmp2_ = ret;
	if (_tmp2_ != 0) {
		gint _tmp3_ = 0;
		const gchar* _tmp4_ = NULL;
		_tmp3_ = ret;
		_tmp4_ = gnutls_strerror ((int) _tmp3_);
		g_error ("gnutls.vapi:359: %s", _tmp4_);
	}
	result = _result_;
	return result;
}
Exemplo n.º 30
0
  GnuTlsInit::GnuTlsInit()
  {
    int ret;

    cxxtools::MutexLock lock(mutex);
    if (_initCount++ == 0)
    {
      log_debug("gnutls_global_init()");
      ret = gnutls_global_init();
      if (ret != 0)
        throw GnuTlsException("gnutls_global_init", ret);

      log_debug("gnutls_dh_params_init(dhParams)");
      ret = gnutls_dh_params_init(&_dhParams);
      if (ret != 0)
        throw GnuTlsException("gnutls_dh_params_init", ret);

      log_debug("gnutls_dh_params_generate2(dh_params, 1024)");
      ret = gnutls_dh_params_generate2(_dhParams, 1024);
      if (ret != 0)
        throw GnuTlsException("gnutls_dh_params_generate2", ret);
    }
  }