void srp_server_credentials:: set_credentials_file (const char *password_file, const char *password_conf_file) { RETWRAP (gnutls_srp_set_server_credentials_file (cred, password_file, password_conf_file)); }
bool mrutils::TLSServer::init(const char * tpasswd, const char * tpasswdconf) { mrutils::mutexAcquire(connectionMutex); #ifndef MR_TLS_NO_THREADS std::cout << "gcry_control" << std::endl; gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); #endif std::cout << "gnutls_global_init" << std::endl; gnutls_global_init(); std::cout << "gnutls_global_init_extra" << std::endl; gnutls_global_init_extra(); // for srp std::cout << "gnutls_srp_allocate_server_credentials" << std::endl; gnutls_srp_allocate_server_credentials (&srp_cred); std::cout << "gnutls_srp_set_server_credentials_file" << std::endl; gnutls_srp_set_server_credentials_file (srp_cred, tpasswd, tpasswdconf); mrutils::mutexRelease(connectionMutex); return (init_ = true); }
int main (void) { int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; int client_len; char topbuf[512]; gnutls_session_t session; char buffer[MAX_BUF + 1]; int optval = 1; char name[256]; strcpy (name, "Echo Server"); /* these must be called once in the program */ gnutls_global_init (); gnutls_global_init_extra (); /* for SRP */ /* SRP_PASSWD a password file (created with the included srptool utility) */ gnutls_srp_allocate_server_credentials (&srp_cred); gnutls_srp_set_server_credentials_file (srp_cred, SRP_PASSWD, SRP_PASSWD_CONF); gnutls_certificate_allocate_credentials (&cert_cred); gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_file (cert_cred, CERTFILE, KEYFILE, GNUTLS_X509_FMT_PEM); /* TCP socket operations */ listen_sd = socket (AF_INET, SOCK_STREAM, 0); SOCKET_ERR (listen_sd, "socket"); memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); err = listen (listen_sd, 1024); SOCKET_ERR (err, "listen"); printf ("%s ready. Listening to port '%d'.\n\n", name, PORT); client_len = sizeof (sa_cli); for (;;) { session = initialize_tls_session (); sd = accept (listen_sd, (SA *) & sa_cli, &client_len); printf ("- connection from %s, port %d\n", inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) { close (sd); gnutls_deinit (session); fprintf (stderr, "*** Handshake has failed (%s)\n\n", gnutls_strerror (ret)); continue; } printf ("- Handshake was completed\n"); /* print_info(session); */ for (;;) { memset (buffer, 0, MAX_BUF + 1); ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) { printf ("\n- Peer has closed the GNUTLS connection\n"); break; } else if (ret < 0) { fprintf (stderr, "\n*** Received corrupted " "data(%d). Closing the connection.\n\n", ret); break; } else if (ret > 0) { /* echo data back to the client */ gnutls_record_send (session, buffer, strlen (buffer)); } } printf ("\n"); /* do not wait for the peer to close the connection. */ gnutls_bye (session, GNUTLS_SHUT_WR); close (sd); gnutls_deinit (session); } close (listen_sd); gnutls_srp_free_server_credentials (srp_cred); gnutls_certificate_free_credentials (cert_cred); gnutls_global_deinit (); return 0; }
const struct remote_security_filter *load_security_filter(int tType, const char **dData, load_reference lLoad) { if (initialized) return NULL; #ifdef HAVE_GCRYPT_H if (!gcry_control(GCRYCTL_ANY_INITIALIZATION_P)) { gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); gcry_check_version(NULL); //no need to check as of now gcry_control(GCRYCTL_DISABLE_SECMEM, 0); gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); } #endif gnutls_global_set_log_function(&gnutls_logging); gnutls_global_set_log_level(PARAM_RSVX_TLS_LOGGING); gnutls_global_init(); forwarder_type = tType; const char **initializers = dData, **current = initializers; int argument_count = 0; if (current) while (*current++) argument_count++; if (argument_count > 0 && (current = initializers)) //srp initialization { use_srp_auth = true; const char *passwd = (*current)? *current++ : NULL; const char *srp_passwd = (*current)? *current++ : NULL; const char *srp_passwd_conf = (*current)? *current++ : NULL; if (passwd && strlen(passwd)) { srp_file = passwd; if (!parse_passwd()) { gnutls_global_deinit(); return NULL; } } gnutls_global_init_extra(); if (srp_passwd && strlen(srp_passwd) && srp_passwd_conf && strlen(srp_passwd_conf)) { gnutls_srp_allocate_server_credentials(&srp_server); gnutls_srp_set_server_credentials_file(srp_server, srp_passwd, srp_passwd_conf); } } else //anonymouns initialization { gnutls_anon_allocate_server_credentials(&credentials); gnutls_dh_params_init(&dh_params); gnutls_dh_params_generate2(dh_params, 1024); gnutls_anon_set_server_dh_params(credentials, dh_params); } return &internal_filter; }