int main(int argc, char **argv) { int ret; gnutls_global_set_log_function(tls_log_func); if (argc > 1) gnutls_global_set_log_level(4711); ret = gnutls_crypto_register_cipher(GNUTLS_CIPHER_AES_128_CBC, 1, myaes_init, myaes_setkey, myaes_setiv, myaes_encrypt, myaes_decrypt, myaes_deinit); if (ret < 0) { fprintf(stderr, "%d: cannot register cipher\n", __LINE__); exit(1); } ret = gnutls_crypto_register_aead_cipher(GNUTLS_CIPHER_AES_128_GCM, 1, myaes_gcm_init, myaes_gcm_setkey, myaes_gcm_encrypt, myaes_gcm_decrypt, myaes_gcm_deinit); if (ret < 0) { fprintf(stderr, "%d: cannot register cipher\n", __LINE__); exit(1); } global_init(); if (gnutls_cipher_self_test(1, 0) < 0) return 1; if (used == 0) { fprintf(stderr, "The CBC cipher was not used\n"); exit(1); } if (aead_used == 0) { fprintf(stderr, "The AEAD cipher was not used\n"); exit(1); } gnutls_global_deinit(); return 0; }
void doit(void) { int ret; global_init(); ret = gnutls_crypto_register_cipher(GNUTLS_CIPHER_AES_128_CBC, 1, myaes_init, myaes_setkey, myaes_setiv, myaes_encrypt, myaes_decrypt, myaes_deinit); if (ret < 0) { fail("%d: cannot register cipher\n", __LINE__); } start("NORMAL:-CIPHER-ALL:+AES-128-CBC:-VERS-ALL:+VERS-TLS1.1"); start("NORMAL:-CIPHER-ALL:+AES-128-CBC:-VERS-ALL:+VERS-TLS1.2"); gnutls_global_deinit(); }
static void server(int sd) { gnutls_certificate_credentials_t x509_cred; int ret; gnutls_session_t session; char buffer[MAX_BUF + 1]; /* this must be called once in the program */ global_init(); gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(6); ret = gnutls_crypto_register_cipher(GNUTLS_CIPHER_AES_128_CBC, 1, myaes_init, myaes_setkey, myaes_setiv, myaes_encrypt, myaes_decrypt, myaes_deinit); if (ret < 0) { fail("%d: cannot register cipher\n", __LINE__); } gnutls_certificate_allocate_credentials(&x509_cred); gnutls_certificate_set_x509_trust_mem(x509_cred, &ca, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, &server_key, GNUTLS_X509_FMT_PEM); if (debug) success("Launched, generating DH parameters...\n"); gnutls_init(&session, GNUTLS_SERVER); /* avoid calling all the priority functions, since the defaults * are adequate. */ gnutls_priority_set_direct(session, "NORMAL:-CIPHER-ALL:+AES-128-CBC", NULL); gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); gnutls_transport_set_int(session, sd); ret = gnutls_handshake(session); if (ret < 0) { close(sd); gnutls_deinit(session); fail("server: Handshake has failed (%s)\n\n", gnutls_strerror(ret)); return; } if (debug) { success("server: Handshake was completed\n"); success("server: TLS version is: %s\n", gnutls_protocol_get_name (gnutls_protocol_get_version(session))); } /* see the Getting peer's information example */ if (debug) print_info(session); for (;;) { memset(buffer, 0, MAX_BUF + 1); ret = gnutls_record_recv(session, buffer, MAX_BUF); if (ret == 0) { if (debug) success ("server: Peer has closed the GnuTLS connection\n"); break; } else if (ret < 0) { fail("server: Received corrupted data(%d). Closing...\n", ret); break; } else if (ret > 0) { /* echo data back to the client */ gnutls_record_send(session, buffer, strlen(buffer)); } } /* do not wait for the peer to close the connection. */ gnutls_bye(session, GNUTLS_SHUT_WR); close(sd); gnutls_deinit(session); gnutls_certificate_free_credentials(x509_cred); gnutls_global_deinit(); if (debug) success("server: finished\n"); }