static void init_global_tls_stuff (void) { int ret; /* X509 stuff */ if (gnutls_certificate_allocate_credentials (&xcred) < 0) { fprintf (stderr, "Certificate allocation memory error\n"); exit (1); } if (x509_cafile != NULL) { ret = gnutls_certificate_set_x509_trust_file (xcred, x509_cafile, x509ctype); if (ret < 0) { fprintf (stderr, "Error setting the x509 trust file\n"); } else { printf ("Processed %d CA certificate(s).\n", ret); } } #ifdef ENABLE_PKI if (x509_crlfile != NULL) { ret = gnutls_certificate_set_x509_crl_file (xcred, x509_crlfile, x509ctype); if (ret < 0) { fprintf (stderr, "Error setting the x509 CRL file\n"); } else { printf ("Processed %d CRL(s).\n", ret); } } #endif load_keys (); #ifdef ENABLE_OPENPGP if (pgp_keyring != NULL) { ret = gnutls_certificate_set_openpgp_keyring_file (xcred, pgp_keyring, GNUTLS_OPENPGP_FMT_BASE64); if (ret < 0) { fprintf (stderr, "Error setting the OpenPGP keyring file\n"); } } #endif #ifdef ENABLE_SRP if (srp_username && srp_passwd) { /* SRP stuff */ if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0) { fprintf (stderr, "SRP authentication error\n"); } gnutls_srp_set_client_credentials_function (srp_cred, srp_username_callback); } #endif #ifdef ENABLE_PSK /* PSK stuff */ if (gnutls_psk_allocate_client_credentials (&psk_cred) < 0) { fprintf (stderr, "PSK authentication error\n"); } if (psk_username && psk_key.data) { ret = gnutls_psk_set_client_credentials (psk_cred, psk_username, &psk_key, GNUTLS_PSK_KEY_HEX); if (ret < 0) { fprintf (stderr, "Error setting the PSK credentials: %s\n", gnutls_strerror (ret)); } } gnutls_psk_set_client_credentials_function (psk_cred, psk_callback); #endif #ifdef ENABLE_ANON /* ANON stuff */ if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0) { fprintf (stderr, "Anonymous authentication error\n"); } #endif }
static void init_global_tls_stuff (void) { int ret; if ((ret = gnutls_global_init ()) < 0) { fprintf (stderr, "global_init: %s\n", gnutls_strerror (ret)); exit (1); } gnutls_global_set_log_function (tls_log_func); gnutls_global_set_log_level (debug); if ((ret = gnutls_global_init_extra ()) < 0) { fprintf (stderr, "global_init_extra: %s\n", gnutls_strerror (ret)); // exit (1); } /* X509 stuff */ if (gnutls_certificate_allocate_credentials (&xcred) < 0) { fprintf (stderr, "Certificate allocation memory error\n"); exit (1); } /* there are some CAs that have a v1 certificate *%&@#*%& */ gnutls_certificate_set_verify_flags (xcred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); if (x509_cafile != NULL) { ret = gnutls_certificate_set_x509_trust_file (xcred, x509_cafile, x509ctype); if (ret < 0) { fprintf (stderr, "Error setting the x509 trust file\n"); } else { printf ("Processed %d CA certificate(s).\n", ret); } } #ifdef ENABLE_PKI if (x509_crlfile != NULL) { ret = gnutls_certificate_set_x509_crl_file (xcred, x509_crlfile, x509ctype); if (ret < 0) { fprintf (stderr, "Error setting the x509 CRL file\n"); } else { printf ("Processed %d CRL(s).\n", ret); } } #endif load_keys (); #ifdef ENABLE_OPENPGP if (pgp_keyring != NULL) { ret = gnutls_certificate_set_openpgp_keyring_file (xcred, pgp_keyring); if (ret < 0) { fprintf (stderr, "Error setting the OpenPGP keyring file\n"); } } if (pgp_trustdb != NULL) { ret = gnutls_certificate_set_openpgp_trustdb (xcred, pgp_trustdb); if (ret < 0) { fprintf (stderr, "Error setting the OpenPGP trustdb file\n"); } } #endif #ifdef ENABLE_SRP /* SRP stuff */ if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0) { fprintf (stderr, "SRP authentication error\n"); } gnutls_srp_set_client_credentials_function (srp_cred, srp_username_callback); #endif #ifdef ENABLE_PSK /* SRP stuff */ if (gnutls_psk_allocate_client_credentials (&psk_cred) < 0) { fprintf (stderr, "PSK authentication error\n"); } gnutls_psk_set_client_credentials (psk_cred, psk_username, &psk_key, GNUTLS_PSK_KEY_HEX); #endif #ifdef ENABLE_ANON /* ANON stuff */ if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0) { fprintf (stderr, "Anonymous authentication error\n"); } #endif }
int main (void) { int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; int client_len; char topbuf[512]; gnutls_session_t session; char buffer[MAX_BUF + 1]; int optval = 1; char name[256]; strcpy (name, "Echo Server"); /* this must be called once in the program */ gnutls_global_init (); gnutls_certificate_allocate_credentials (&cred); gnutls_certificate_set_openpgp_keyring_file (cred, RINGFILE, GNUTLS_OPENPGP_FMT_BASE64); gnutls_certificate_set_openpgp_key_file (cred, CERTFILE, KEYFILE, GNUTLS_OPENPGP_FMT_BASE64); generate_dh_params (); gnutls_certificate_set_dh_params (cred, dh_params); /* Socket operations */ listen_sd = socket (AF_INET, SOCK_STREAM, 0); SOCKET_ERR (listen_sd, "socket"); memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); err = listen (listen_sd, 1024); SOCKET_ERR (err, "listen"); printf ("%s ready. Listening to port '%d'.\n\n", name, PORT); client_len = sizeof (sa_cli); for (;;) { session = initialize_tls_session (); sd = accept (listen_sd, (SA *) & sa_cli, &client_len); printf ("- connection from %s, port %d\n", inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) { close (sd); gnutls_deinit (session); fprintf (stderr, "*** Handshake has failed (%s)\n\n", gnutls_strerror (ret)); continue; } printf ("- Handshake was completed\n"); /* see the Getting peer's information example */ /* print_info(session); */ for (;;) { memset (buffer, 0, MAX_BUF + 1); ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) { printf ("\n- Peer has closed the GnuTLS connection\n"); break; } else if (ret < 0) { fprintf (stderr, "\n*** Received corrupted " "data(%d). Closing the connection.\n\n", ret); break; } else if (ret > 0) { /* echo data back to the client */ gnutls_record_send (session, buffer, strlen (buffer)); } } printf ("\n"); /* do not wait for the peer to close the connection. */ gnutls_bye (session, GNUTLS_SHUT_WR); close (sd); gnutls_deinit (session); } close (listen_sd); gnutls_certificate_free_credentials (cred); gnutls_global_deinit (); return 0; }
int main(int argc, char **argv) { gnutls_certificate_credentials ctx; gnutls_datum_t dat, xml, pk; gnutls_openpgp_name uid; gnutls_privkey *pkey; gnutls_cert *cert; unsigned char fpr[20], keyid[8]; char *s, *t; size_t fprlen = 0; int rc, nbits = 0, i; rc = gnutls_certificate_allocate_credentials(&ctx); assert(rc == 0); s = "../doc/credentials/openpgp/cli_ring.gpg"; rc = gnutls_certificate_set_openpgp_keyring_file(ctx, s); assert(rc == 0); s = "../doc/credentials/openpgp/pub.asc"; t = "../doc/credentials/openpgp/sec.asc"; rc = gnutls_certificate_set_openpgp_key_file(ctx, s, t); assert(rc == 0); dat = ctx->cert_list[0]->raw; assert(ctx->cert_list[0]); printf("Key v%d\n", gnutls_openpgp_extract_key_version(&dat)); rc = gnutls_openpgp_extract_key_name(&dat, 1, &uid); assert(rc == 0); printf("userID %s\n", uid.name); rc = gnutls_openpgp_extract_key_pk_algorithm(&dat, &nbits); printf("pk-algorithm %s %d bits\n", get_pkalgo(rc), nbits); rc = gnutls_openpgp_extract_key_creation_time(&dat); printf("creation time %s\n", get_pktime(rc)); rc = gnutls_openpgp_extract_key_expiration_time(&dat); printf("expiration time %lu\n", rc); printf("key fingerprint: "); rc = gnutls_openpgp_fingerprint(&dat, fpr, &fprlen); assert(rc == 0); for (i = 0; i < fprlen / 2; i++) printf("%02X%02X ", fpr[2 * i], fpr[2 * i + 1]); printf("\n"); printf("key id: "); rc = gnutls_openpgp_extract_key_id(&dat, keyid); assert(rc == 0); for (i = 0; i < 8; i++) printf("%02X", keyid[i]); printf("\n\n"); printf("Check MPIs\n"); cert = ctx->cert_list[0]; printf("number of certs %d\n", *ctx->cert_list_length); assert(*ctx->cert_list_length == 1); printf("number of items %d\n", cert->params_size); for (i = 0; i < cert->params_size; i++) { nbits = gcry_mpi_get_nbits(cert->params[i]); printf("mpi %d %d bits\n", i, nbits); } printf("\nCheck key\n"); rc = gnutls_openpgp_verify_key(NULL, &ctx->keyring, &dat, 1); printf("certifiacte status...%d\n", rc); printf("\nSeckey\n"); pkey = ctx->pkey; assert(pkey); assert(pkey->params_size); nbits = gcry_mpi_get_nbits(pkey->params[0]); rc = pkey->pk_algorithm; printf("pk-algorithm %s %d bits\n", get_pkalgo(rc), nbits); printf("number of items %d\n", pkey->params_size); for (i = 0; i < pkey->params_size; i++) { nbits = gcry_mpi_get_nbits(pkey->params[i]); printf("mpi %d %d bits\n", i, nbits); } printf("\nGet public key\n"); rc = get_pubkey(&pk, &ctx->keyring, 0xA7D93C3F); assert(rc == 0); printf("key fingerprint: "); gnutls_openpgp_fingerprint(&pk, fpr, &fprlen); for (i = 0; i < fprlen / 2; i++) printf("%02X%02X ", fpr[2 * i], fpr[2 * i + 1]); printf("\n"); _gnutls_free_datum(&pk); #if 0 rc = gnutls_openpgp_key_to_xml(&dat, &xml, 1); printf("rc=%d\n", rc); assert(rc == 0); xml.data[xml.size] = '\0'; printf("%s\n", xml.data); _gnutls_free_datum(&xml); #endif _gnutls_free_datum(&dat); gnutls_certificate_free_credentials(ctx); return 0; }