|
Packit Service |
4684c1 |
/* This example code is placed in the public domain. */
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#ifdef HAVE_CONFIG_H
|
|
Packit Service |
4684c1 |
#include <config.h>
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include <stdio.h>
|
|
Packit Service |
4684c1 |
#include <stdlib.h>
|
|
Packit Service |
4684c1 |
#include <string.h>
|
|
Packit Service |
4684c1 |
#include <sys/types.h>
|
|
Packit Service |
4684c1 |
#include <sys/socket.h>
|
|
Packit Service |
4684c1 |
#include <arpa/inet.h>
|
|
Packit Service |
4684c1 |
#include <unistd.h>
|
|
Packit Service |
4684c1 |
#include <gnutls/gnutls.h>
|
|
Packit Service |
4684c1 |
#include <gnutls/x509.h>
|
|
Packit Service |
4684c1 |
#include <gnutls/pkcs11.h>
|
|
Packit Service |
4684c1 |
#include <assert.h>
|
|
Packit Service |
4684c1 |
#include <sys/types.h>
|
|
Packit Service |
4684c1 |
#include <sys/stat.h>
|
|
Packit Service |
4684c1 |
#include <fcntl.h>
|
|
Packit Service |
4684c1 |
#include <getpass.h> /* for getpass() */
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* A TLS client that loads the certificate and key.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define CHECK(x) assert((x)>=0)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define MAX_BUF 1024
|
|
Packit Service |
4684c1 |
#define MSG "GET / HTTP/1.0\r\n\r\n"
|
|
Packit Service |
4684c1 |
#define MIN(x,y) (((x)<(y))?(x):(y))
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* The URLs of the objects can be obtained
|
|
Packit Service |
4684c1 |
* using p11tool --list-all --login
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
#define KEY_URL "pkcs11:manufacturer=SomeManufacturer;object=Private%20Key" \
|
|
Packit Service |
4684c1 |
";objecttype=private;id=%db%5b%3e%b5%72%33"
|
|
Packit Service |
4684c1 |
#define CERT_URL "pkcs11:manufacturer=SomeManufacturer;object=Certificate;" \
|
|
Packit Service |
4684c1 |
"objecttype=cert;id=db%5b%3e%b5%72%33"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
extern int tcp_connect(void);
|
|
Packit Service |
4684c1 |
extern void tcp_close(int sd);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
pin_callback(void *user, int attempt, const char *token_url,
|
|
Packit Service |
4684c1 |
const char *token_label, unsigned int flags, char *pin,
|
|
Packit Service |
4684c1 |
size_t pin_max)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
const char *password;
|
|
Packit Service |
4684c1 |
int len;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
printf("PIN required for token '%s' with URL '%s'\n", token_label,
|
|
Packit Service |
4684c1 |
token_url);
|
|
Packit Service |
4684c1 |
if (flags & GNUTLS_PIN_FINAL_TRY)
|
|
Packit Service |
4684c1 |
printf("*** This is the final try before locking!\n");
|
|
Packit Service |
4684c1 |
if (flags & GNUTLS_PIN_COUNT_LOW)
|
|
Packit Service |
4684c1 |
printf("*** Only few tries left before locking!\n");
|
|
Packit Service |
4684c1 |
if (flags & GNUTLS_PIN_WRONG)
|
|
Packit Service |
4684c1 |
printf("*** Wrong PIN\n");
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
password = getpass("Enter pin: ");
|
|
Packit Service |
4684c1 |
/* FIXME: ensure that we are in UTF-8 locale */
|
|
Packit Service |
4684c1 |
if (password == NULL || password[0] == 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "No password given\n");
|
|
Packit Service |
4684c1 |
exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
len = MIN(pin_max - 1, strlen(password));
|
|
Packit Service |
4684c1 |
memcpy(pin, password, len);
|
|
Packit Service |
4684c1 |
pin[len] = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int main(void)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret, sd, ii;
|
|
Packit Service |
4684c1 |
gnutls_session_t session;
|
|
Packit Service |
4684c1 |
char buffer[MAX_BUF + 1];
|
|
Packit Service |
4684c1 |
gnutls_certificate_credentials_t xcred;
|
|
Packit Service |
4684c1 |
/* Allow connections to servers that have OpenPGP keys as well.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (gnutls_check_version("3.1.4") == NULL) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n");
|
|
Packit Service |
4684c1 |
exit(1);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* for backwards compatibility with gnutls < 3.3.0 */
|
|
Packit Service |
4684c1 |
CHECK(gnutls_global_init());
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* The PKCS11 private key operations may require PIN.
|
|
Packit Service |
4684c1 |
* Register a callback. */
|
|
Packit Service |
4684c1 |
gnutls_pkcs11_set_pin_function(pin_callback, NULL);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* X509 stuff */
|
|
Packit Service |
4684c1 |
CHECK(gnutls_certificate_allocate_credentials(&xcred));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* sets the trusted cas file
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
CHECK(gnutls_certificate_set_x509_trust_file(xcred, CAFILE,
|
|
Packit Service |
4684c1 |
GNUTLS_X509_FMT_PEM));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
CHECK(gnutls_certificate_set_x509_key_file(xcred, CERT_URL, KEY_URL,
|
|
Packit Service |
4684c1 |
GNUTLS_X509_FMT_DER));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Note that there is no server certificate verification in this example
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Initialize TLS session
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
CHECK(gnutls_init(&session, GNUTLS_CLIENT));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Use default priorities */
|
|
Packit Service |
4684c1 |
CHECK(gnutls_set_default_priority(session));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* put the x509 credentials to the current session
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* connect to the peer
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
sd = tcp_connect();
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_transport_set_int(session, sd);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Perform the TLS handshake
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
ret = gnutls_handshake(session);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "*** Handshake failed\n");
|
|
Packit Service |
4684c1 |
gnutls_perror(ret);
|
|
Packit Service |
4684c1 |
goto end;
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
char *desc;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
desc = gnutls_session_get_desc(session);
|
|
Packit Service |
4684c1 |
printf("- Session info: %s\n", desc);
|
|
Packit Service |
4684c1 |
gnutls_free(desc);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
CHECK(gnutls_record_send(session, MSG, strlen(MSG)));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_record_recv(session, buffer, MAX_BUF);
|
|
Packit Service |
4684c1 |
if (ret == 0) {
|
|
Packit Service |
4684c1 |
printf("- Peer has closed the TLS connection\n");
|
|
Packit Service |
4684c1 |
goto end;
|
|
Packit Service |
4684c1 |
} else if (ret < 0) {
|
|
Packit Service |
4684c1 |
fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
|
|
Packit Service |
4684c1 |
goto end;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
printf("- Received %d bytes: ", ret);
|
|
Packit Service |
4684c1 |
for (ii = 0; ii < ret; ii++) {
|
|
Packit Service |
4684c1 |
fputc(buffer[ii], stdout);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
fputs("\n", stdout);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
CHECK(gnutls_bye(session, GNUTLS_SHUT_RDWR));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
end:
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
tcp_close(sd);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_deinit(session);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_certificate_free_credentials(xcred);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_global_deinit();
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|