/** * gnutls_certificate_set_openpgp_key_mem - Used to set OpenPGP keys * @res: the destination context to save the data. * @cert: the datum that contains the public key. * @key: the datum that contains the secret key. * @format: the format of the keys * * This funtion is used to load OpenPGP keys into the GnuTLS credential * structure. The files should contain non encrypted keys. * * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ int gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t res, const gnutls_datum_t * cert, const gnutls_datum_t * key, gnutls_openpgp_crt_fmt_t format) { return gnutls_certificate_set_openpgp_key_mem2 (res, cert, key, NULL, format); }
/** * gnutls_certificate_set_openpgp_key_file2 - Used to set OpenPGP keys * @res: the destination context to save the data. * @certfile: the file that contains the public key. * @keyfile: the file that contains the secret key. * @subkey_id: a hex encoded subkey id * @format: the format of the keys * * This funtion is used to load OpenPGP keys into the GnuTLS credential * structure. The files should contain non encrypted keys. * * The special keyword "auto" is also accepted as @subkey_id. In that * case the gnutls_openpgp_crt_get_auth_subkey() will be used to * retrieve the subkey. * * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. * * Since: 2.4.0 **/ int gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t res, const char *certfile, const char *keyfile, const char *subkey_id, gnutls_openpgp_crt_fmt_t format) { struct stat statbuf; gnutls_datum_t key, cert; int rc; size_t size; if (!res || !keyfile || !certfile) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } if (stat (certfile, &statbuf) || stat (keyfile, &statbuf)) { gnutls_assert (); return GNUTLS_E_FILE_ERROR; } cert.data = read_binary_file (certfile, &size); cert.size = (unsigned int) size; if (cert.data == NULL) { gnutls_assert (); return GNUTLS_E_FILE_ERROR; } key.data = read_binary_file (keyfile, &size); key.size = (unsigned int) size; if (key.data == NULL) { gnutls_assert (); free (cert.data); return GNUTLS_E_FILE_ERROR; } rc = gnutls_certificate_set_openpgp_key_mem2 (res, &cert, &key, subkey_id, format); free (cert.data); free (key.data); if (rc < 0) { gnutls_assert (); return rc; } return 0; }
static void server (void) { /* this must be called once in the program */ gnutls_global_init (); gnutls_global_set_log_function (tls_log_func); if (debug) gnutls_global_set_log_level (4711); gnutls_certificate_allocate_credentials (&pgp_cred); ret = gnutls_certificate_set_openpgp_key_mem2 (pgp_cred, &server_crt, &server_key, "auto", GNUTLS_OPENPGP_FMT_BASE64); if (err < 0) { fail ("Could not set server key files...\n"); } if (debug) success ("Launched, setting DH parameters...\n"); generate_dh_params (); gnutls_certificate_set_dh_params (pgp_cred, dh_params); client_len = sizeof (sa_cli); session = initialize_tls_session (); sd = accept (listen_sd, (SA *) & sa_cli, &client_len); if (debug) success ("server: connection from %s, port %d\n", inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) { close (sd); gnutls_deinit (session); fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret)); return; } if (debug) success ("server: Handshake was completed\n"); if (debug) success ("server: TLS version is: %s\n", gnutls_protocol_get_name (gnutls_protocol_get_version (session))); /* see the Getting peer's information example */ if (debug) print_info (session); i = 0; for (;;) { memset (buffer, 0, MAX_BUF + 1); ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) { if (debug) success ("server: Peer has closed the GnuTLS connection\n"); break; } else if (ret < 0) { fail ("server: Received corrupted data(%d). Closing...\n", ret); break; } else if (ret > 0) { /* echo data back to the client */ gnutls_record_send (session, buffer, strlen (buffer)); } } /* do not wait for the peer to close the connection. */ gnutls_bye (session, GNUTLS_SHUT_WR); close (sd); gnutls_deinit (session); close (listen_sd); gnutls_certificate_free_credentials (pgp_cred); gnutls_dh_params_deinit (dh_params); gnutls_global_deinit (); if (debug) success ("server: finished\n"); }
static void server(int sds[]) { int j; /* this must be called once in the program */ global_init(); gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(5); if (debug) success("Launched, setting DH parameters...\n"); generate_dh_params(); for (j = 0; j < SESSIONS; j++) { int sd = sds[j]; if (j == 0) { gnutls_certificate_allocate_credentials(&pgp_cred); ret = gnutls_certificate_set_openpgp_key_mem2 (pgp_cred, &server_crt, &server_key, "auto", GNUTLS_OPENPGP_FMT_BASE64); } else { gnutls_certificate_free_credentials(pgp_cred); gnutls_certificate_allocate_credentials(&pgp_cred); ret = gnutls_certificate_set_openpgp_key_mem2 (pgp_cred, &cert2048, &key2048, "auto", GNUTLS_OPENPGP_FMT_BASE64); } if (ret < 0) { fail("Could not set server key files...\n"); goto end; } gnutls_certificate_set_dh_params(pgp_cred, dh_params); session = initialize_tls_session(); gnutls_transport_set_int(session, sd); ret = gnutls_handshake(session); if (ret < 0) { close(sd); gnutls_deinit(session); fail("server: Handshake %d has failed (%s)\n\n", j, gnutls_strerror(ret)); goto end; } if (debug) success("server: Handshake %d was completed\n", j); if (debug) success("server: TLS version is: %s\n", gnutls_protocol_get_name (gnutls_protocol_get_version(session))); /* see the Getting peer's information example */ if (debug) print_info(session); for (;;) { memset(buffer, 0, MAX_BUF + 1); ret = gnutls_record_recv(session, buffer, MAX_BUF); if (ret == 0) { if (debug) success ("server: Peer has closed the GnuTLS connection\n"); break; } else if (ret < 0) { fail("server: Received corrupted data(%d). Closing...\n", ret); goto end; } else if (ret > 0) { /* echo data back to the client */ gnutls_record_send(session, buffer, strlen(buffer)); } } /* do not wait for the peer to close the connection. */ gnutls_bye(session, GNUTLS_SHUT_WR); close(sd); gnutls_deinit(session); } end: gnutls_certificate_free_credentials(pgp_cred); gnutls_dh_params_deinit(dh_params); gnutls_global_deinit(); if (debug) success("server: finished\n"); }