search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Allow for bit strings that are not a multiple of 8.
[gnutls.git] / src / common.c
blob412e776dc8625d0b91bdb8b60a7994b15db9b211
1 /*
2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
3 * Author: Nikos Mavrogiannopoulos
4 *
5 * This file is part of GnuTLS.
6 *
7 * GnuTLS is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22
23 /* Work around problem reported in
24 <http://permalink.gmane.org/gmane.comp.lib.gnulib.bugs/15755>.*/
25 #if GETTIMEOFDAY_CLOBBERS_LOCALTIME
26 #undef localtime
27 #endif
28
29 #include <getpass.h>
30
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <gnutls/gnutls.h>
35 #include <gnutls/x509.h>
36 #include <gnutls/openpgp.h>
37 #include <gnutls/crypto.h>
38 #include <time.h>
39 #include <common.h>
40
41 #ifdef ENABLE_PKCS11
42 # include <gnutls/pkcs11.h>
43 #endif
44
45 #define SU(x) (x!=NULL?x:"Unknown")
46
47 const char str_unknown[] = "(unknown)";
48
49 /* Hex encodes the given data.
50 */
51 const char *
52 raw_to_string (const unsigned char *raw, size_t raw_size)
53 {
54 static char buf[1024];
55 size_t i;
56 if (raw_size == 0)
57 return "(empty)";
58
59 if (raw_size * 3 + 1 >= sizeof (buf))
60 return "(too large)";
61
62 for (i = 0; i < raw_size; i++)
63 {
64 sprintf (&(buf[i * 3]), "%02X%s", raw[i],
65 (i == raw_size - 1) ? "" : ":");
66 }
67 buf[sizeof (buf) - 1] = '\0';
68
69 return buf;
70 }
71
72 static void
73 print_x509_info_compact (gnutls_session_t session)
74 {
75 gnutls_x509_crt_t crt;
76 const gnutls_datum_t *cert_list;
77 unsigned int cert_list_size = 0;
78 int ret;
79 gnutls_datum_t cinfo;
80
81 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
82 if (cert_list_size == 0)
83 {
84 fprintf (stderr, "No certificates found!\n");
85 return;
86 }
87
88 gnutls_x509_crt_init (&crt);
89 ret =
90 gnutls_x509_crt_import (crt, &cert_list[0],
91 GNUTLS_X509_FMT_DER);
92 if (ret < 0)
93 {
94 fprintf (stderr, "Decoding error: %s\n",
95 gnutls_strerror (ret));
96 return;
97 }
98
99 ret =
100 gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_COMPACT, &cinfo);
101 if (ret == 0)
102 {
103 printf ("- X.509 cert: %s\n", cinfo.data);
104 gnutls_free (cinfo.data);
105 }
106
107 gnutls_x509_crt_deinit (crt);
108 }
109
110 static void
111 print_x509_info (gnutls_session_t session, int flag, int print_cert)
112 {
113 gnutls_x509_crt_t crt;
114 const gnutls_datum_t *cert_list;
115 unsigned int cert_list_size = 0, j;
116 int ret;
117
118 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
119 if (cert_list_size == 0)
120 {
121 fprintf (stderr, "No certificates found!\n");
122 return;
123 }
124
125 printf ("- Certificate type: X.509\n");
126 printf ("- Got a certificate list of %d certificates.\n",
127 cert_list_size);
128
129 for (j = 0; j < cert_list_size; j++)
130 {
131 gnutls_datum_t cinfo;
132
133 gnutls_x509_crt_init (&crt);
134 ret =
135 gnutls_x509_crt_import (crt, &cert_list[j],
136 GNUTLS_X509_FMT_DER);
137 if (ret < 0)
138 {
139 fprintf (stderr, "Decoding error: %s\n",
140 gnutls_strerror (ret));
141 return;
142 }
143
144 printf ("- Certificate[%d] info:\n - ", j);
145 if (flag == GNUTLS_CRT_PRINT_COMPACT && j > 0) flag = GNUTLS_CRT_PRINT_ONELINE;
146
147 ret =
148 gnutls_x509_crt_print (crt, flag, &cinfo);
149 if (ret == 0)
150 {
151 printf ("%s\n", cinfo.data);
152 gnutls_free (cinfo.data);
153 }
154
155 if (print_cert)
156 {
157 size_t size = 0;
158 char *p = NULL;
159
160 ret =
161 gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p,
162 &size);
163 if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
164 {
165 p = malloc (size+1);
166 if (!p)
167 {
168 fprintf (stderr, "gnutls_malloc\n");
169 exit (1);
170 }
171
172 ret =
173 gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM,
174 p, &size);
175 }
176 if (ret < 0)
177 {
178 fprintf (stderr, "Encoding error: %s\n",
179 gnutls_strerror (ret));
180 return;
181 }
182
183 p[size] = 0;
184 fputs ("\n", stdout);
185 fputs (p, stdout);
186 fputs ("\n", stdout);
187
188 gnutls_free (p);
189 }
190
191 gnutls_x509_crt_deinit (crt);
192 }
193 }
194
195 #ifdef ENABLE_OPENPGP
196 static void
197 print_openpgp_info_compact (gnutls_session_t session)
198 {
199
200 gnutls_openpgp_crt_t crt;
201 const gnutls_datum_t *cert_list;
202 unsigned int cert_list_size = 0;
203 int ret;
204
205 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
206
207 if (cert_list_size > 0)
208 {
209 gnutls_datum_t cinfo;
210
211 gnutls_openpgp_crt_init (&crt);
212 ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
213 GNUTLS_OPENPGP_FMT_RAW);
214 if (ret < 0)
215 {
216 fprintf (stderr, "Decoding error: %s\n",
217 gnutls_strerror (ret));
218 return;
219 }
220
221 ret =
222 gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_COMPACT, &cinfo);
223 if (ret == 0)
224 {
225 printf ("- OpenPGP cert: %s\n", cinfo.data);
226 gnutls_free (cinfo.data);
227 }
228
229 gnutls_openpgp_crt_deinit (crt);
230 }
231 }
232
233 static void
234 print_openpgp_info (gnutls_session_t session, int flag, int print_cert)
235 {
236
237 gnutls_openpgp_crt_t crt;
238 const gnutls_datum_t *cert_list;
239 unsigned int cert_list_size = 0;
240 int ret;
241
242 printf ("- Certificate type: OpenPGP\n");
243
244 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
245
246 if (cert_list_size > 0)
247 {
248 gnutls_datum_t cinfo;
249
250 gnutls_openpgp_crt_init (&crt);
251 ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
252 GNUTLS_OPENPGP_FMT_RAW);
253 if (ret < 0)
254 {
255 fprintf (stderr, "Decoding error: %s\n",
256 gnutls_strerror (ret));
257 return;
258 }
259
260 ret =
261 gnutls_openpgp_crt_print (crt, flag, &cinfo);
262 if (ret == 0)
263 {
264 printf ("- %s\n", cinfo.data);
265 gnutls_free (cinfo.data);
266 }
267
268 if (print_cert)
269 {
270 size_t size = 0;
271 char *p = NULL;
272
273 ret =
274 gnutls_openpgp_crt_export (crt,
275 GNUTLS_OPENPGP_FMT_BASE64,
276 p, &size);
277 if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
278 {
279 p = malloc (size);
280 if (!p)
281 {
282 fprintf (stderr, "gnutls_malloc\n");
283 exit (1);
284 }
285
286 ret =
287 gnutls_openpgp_crt_export (crt,
288 GNUTLS_OPENPGP_FMT_BASE64,
289 p, &size);
290 }
291 if (ret < 0)
292 {
293 fprintf (stderr, "Encoding error: %s\n",
294 gnutls_strerror (ret));
295 return;
296 }
297
298 fputs (p, stdout);
299 fputs ("\n", stdout);
300
301 gnutls_free (p);
302 }
303
304 gnutls_openpgp_crt_deinit (crt);
305 }
306 }
307
308 #endif
309
310 /* returns false (0) if not verified, or true (1) otherwise
311 */
312 int
313 cert_verify (gnutls_session_t session, const char* hostname)
314 {
315 int rc;
316 unsigned int status = 0;
317 gnutls_datum_t out;
318 int type;
319
320 rc = gnutls_certificate_verify_peers3 (session, hostname, &status);
321 if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
322 {
323 printf ("- Peer did not send any certificate.\n");
324 return 0;
325 }
326
327 if (rc < 0)
328 {
329 printf ("- Could not verify certificate (err: %s)\n",
330 gnutls_strerror (rc));
331 return 0;
332 }
333
334 type = gnutls_certificate_type_get (session);
335 rc = gnutls_certificate_verification_status_print( status, type, &out, 0);
336 if (rc < 0)
337 {
338 printf ("- Could not print verification flags (err: %s)\n",
339 gnutls_strerror (rc));
340 return 0;
341 }
342
343 printf ("- Status: %s\n", out.data);
344
345 gnutls_free(out.data);
346
347 if (status)
348 return 0;
349
350 return 1;
351 }
352
353 static void
354 print_dh_info (gnutls_session_t session, const char *str, int print)
355 {
356 printf ("- %sDiffie-Hellman parameters\n", str);
357 printf (" - Using prime: %d bits\n",
358 gnutls_dh_get_prime_bits (session));
359 printf (" - Secret key: %d bits\n",
360 gnutls_dh_get_secret_bits (session));
361 printf (" - Peer's public key: %d bits\n",
362 gnutls_dh_get_peers_public_bits (session));
363
364 if (print)
365 {
366 int ret;
367 gnutls_datum_t raw_gen = { NULL, 0 };
368 gnutls_datum_t raw_prime = { NULL, 0 };
369 gnutls_dh_params_t dh_params = NULL;
370 unsigned char *params_data = NULL;
371 size_t params_data_size = 0;
372
373 ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime);
374 if (ret)
375 {
376 fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
377 goto out;
378 }
379
380 ret = gnutls_dh_params_init (&dh_params);
381 if (ret)
382 {
383 fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
384 goto out;
385 }
386
387 ret =
388 gnutls_dh_params_import_raw (dh_params, &raw_prime,
389 &raw_gen);
390 if (ret)
391 {
392 fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
393 goto out;
394 }
395
396 ret = gnutls_dh_params_export_pkcs3 (dh_params,
397 GNUTLS_X509_FMT_PEM,
398 params_data,
399 &params_data_size);
400 if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
401 {
402 fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n",
403 ret);
404 goto out;
405 }
406
407 params_data = gnutls_malloc (params_data_size);
408 if (!params_data)
409 {
410 fprintf (stderr, "gnutls_malloc %d\n", ret);
411 goto out;
412 }
413
414 ret = gnutls_dh_params_export_pkcs3 (dh_params,
415 GNUTLS_X509_FMT_PEM,
416 params_data,
417 &params_data_size);
418 if (ret)
419 {
420 fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n",
421 ret);
422 goto out;
423 }
424
425 printf (" - PKCS#3 format:\n\n%.*s\n", (int) params_data_size,
426 params_data);
427
428 out:
429 gnutls_free (params_data);
430 gnutls_free (raw_prime.data);
431 gnutls_free (raw_gen.data);
432 gnutls_dh_params_deinit (dh_params);
433 }
434 }
435
436 static void
437 print_ecdh_info (gnutls_session_t session, const char *str)
438 {
439 int curve;
440
441 printf ("- %sEC Diffie-Hellman parameters\n", str);
442
443 curve = gnutls_ecc_curve_get (session);
444
445 printf (" - Using curve: %s\n", gnutls_ecc_curve_get_name (curve));
446 printf (" - Curve size: %d bits\n",
447 gnutls_ecc_curve_get_size (curve) * 8);
448
449 }
450
451 int
452 print_info (gnutls_session_t session, int verbose, int print_cert)
453 {
454 const char *tmp;
455 gnutls_credentials_type_t cred;
456 gnutls_kx_algorithm_t kx;
457 unsigned char session_id[33];
458 size_t session_id_size = sizeof (session_id);
459 gnutls_srtp_profile_t srtp_profile;
460 int rc;
461
462 /* print session ID */
463 gnutls_session_get_id (session, session_id, &session_id_size);
464 printf ("- Session ID: %s\n",
465 raw_to_string (session_id, session_id_size));
466
467 /* print the key exchange's algorithm name
468 */
469 kx = gnutls_kx_get (session);
470
471 cred = gnutls_auth_get_type (session);
472 switch (cred)
473 {
474 #ifdef ENABLE_ANON
475 case GNUTLS_CRD_ANON:
476 if (kx == GNUTLS_KX_ANON_ECDH)
477 print_ecdh_info (session, "Anonymous ");
478 else
479 print_dh_info (session, "Anonymous ", verbose);
480 break;
481 #endif
482 #ifdef ENABLE_SRP
483 case GNUTLS_CRD_SRP:
484 /* This should be only called in server
485 * side.
486 */
487 if (gnutls_srp_server_get_username (session) != NULL)
488 printf ("- SRP authentication. Connected as '%s'\n",
489 gnutls_srp_server_get_username (session));
490 break;
491 #endif
492 #ifdef ENABLE_PSK
493 case GNUTLS_CRD_PSK:
494 /* This returns NULL in server side.
495 */
496 if (gnutls_psk_client_get_hint (session) != NULL)
497 printf ("- PSK authentication. PSK hint '%s'\n",
498 gnutls_psk_client_get_hint (session));
499 /* This returns NULL in client side.
500 */
501 if (gnutls_psk_server_get_username (session) != NULL)
502 printf ("- PSK authentication. Connected as '%s'\n",
503 gnutls_psk_server_get_username (session));
504 if (kx == GNUTLS_KX_DHE_PSK)
505 print_dh_info (session, "Ephemeral ", verbose);
506 if (kx == GNUTLS_KX_ECDHE_PSK)
507 print_ecdh_info (session, "Ephemeral ");
508 break;
509 #endif
510 case GNUTLS_CRD_IA:
511 printf ("- TLS/IA authentication\n");
512 break;
513 case GNUTLS_CRD_CERTIFICATE:
514 {
515 char dns[256];
516 size_t dns_size = sizeof (dns);
517 unsigned int type;
518
519 /* This fails in client side */
520 if (gnutls_server_name_get
521 (session, dns, &dns_size, &type, 0) == 0)
522 {
523 printf ("- Given server name[%d]: %s\n", type, dns);
524 }
525 }
526
527 if (print_cert)
528 print_cert_info (session, verbose, print_cert);
529
530 if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
531 print_dh_info (session, "Ephemeral ", verbose);
532 else if (kx == GNUTLS_KX_ECDHE_RSA
533 || kx == GNUTLS_KX_ECDHE_ECDSA)
534 print_ecdh_info (session, "Ephemeral ");
535 }
536
537 tmp =
538 SU (gnutls_protocol_get_name
539 (gnutls_protocol_get_version (session)));
540 printf ("- Version: %s\n", tmp);
541
542 tmp = SU (gnutls_kx_get_name (kx));
543 printf ("- Key Exchange: %s\n", tmp);
544
545 tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
546 printf ("- Cipher: %s\n", tmp);
547
548 tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
549 printf ("- MAC: %s\n", tmp);
550
551 tmp =
552 SU (gnutls_compression_get_name
553 (gnutls_compression_get (session)));
554 printf ("- Compression: %s\n", tmp);
555
556 #ifdef ENABLE_DTLS_SRTP
557 rc = gnutls_srtp_get_selected_profile (session, &srtp_profile);
558 if (rc == 0)
559 printf ("- SRTP profile: %s\n", gnutls_srtp_get_profile_name (srtp_profile));
560 #endif
561
562 if (verbose)
563 {
564 gnutls_datum_t cb;
565
566 rc = gnutls_session_channel_binding (session,
567 GNUTLS_CB_TLS_UNIQUE, &cb);
568 if (rc)
569 fprintf (stderr, "Channel binding error: %s\n",
570 gnutls_strerror (rc));
571 else
572 {
573 size_t i;
574
575 printf ("- Channel binding 'tls-unique': ");
576 for (i = 0; i < cb.size; i++)
577 printf ("%02x", cb.data[i]);
578 printf ("\n");
579 }
580 }
581
582 /* Warning: Do not print anything more here. The 'Compression:'
583 output MUST be the last non-verbose output. This is used by
584 Emacs starttls.el code. */
585
586 fflush (stdout);
587
588 return 0;
589 }
590
591 void
592 print_cert_info (gnutls_session_t session, int verbose, int print_cert)
593 {
594 int flag;
595
596 if (verbose) flag = GNUTLS_CRT_PRINT_FULL;
597 else flag = GNUTLS_CRT_PRINT_COMPACT;
598
599 if (gnutls_certificate_client_get_request_status (session) != 0)
600 printf ("- Server has requested a certificate.\n");
601
602 switch (gnutls_certificate_type_get (session))
603 {
604 case GNUTLS_CRT_X509:
605 print_x509_info (session, flag, print_cert);
606 break;
607 #ifdef ENABLE_OPENPGP
608 case GNUTLS_CRT_OPENPGP:
609 print_openpgp_info (session, flag, print_cert);
610 break;
611 #endif
612 default:
613 printf ("Unknown type\n");
614 break;
615 }
616 }
617
618 void
619 print_cert_info_compact (gnutls_session_t session)
620 {
621
622 if (gnutls_certificate_client_get_request_status (session) != 0)
623 printf ("- Server has requested a certificate.\n");
624
625 switch (gnutls_certificate_type_get (session))
626 {
627 case GNUTLS_CRT_X509:
628 print_x509_info_compact (session);
629 break;
630 #ifdef ENABLE_OPENPGP
631 case GNUTLS_CRT_OPENPGP:
632 print_openpgp_info_compact (session);
633 break;
634 #endif
635 default:
636 printf ("Unknown type\n");
637 break;
638 }
639 }
640
641 void
642 print_list (const char *priorities, int verbose)
643 {
644 size_t i;
645 int ret;
646 unsigned int idx;
647 const char *name;
648 const char *err;
649 unsigned char id[2];
650 gnutls_kx_algorithm_t kx;
651 gnutls_cipher_algorithm_t cipher;
652 gnutls_mac_algorithm_t mac;
653 gnutls_protocol_t version;
654 gnutls_priority_t pcache;
655 const unsigned int *list;
656
657 if (priorities != NULL)
658 {
659 printf ("Cipher suites for %s\n", priorities);
660
661 ret = gnutls_priority_init (&pcache, priorities, &err);
662 if (ret < 0)
663 {
664 fprintf (stderr, "Syntax error at: %s\n", err);
665 exit (1);
666 }
667
668 for (i = 0;; i++)
669 {
670 ret =
671 gnutls_priority_get_cipher_suite_index (pcache, i,
672 &idx);
673 if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
674 break;
675 if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
676 continue;
677
678 name =
679 gnutls_cipher_suite_info (idx, id, NULL, NULL, NULL,
680 &version);
681
682 if (name != NULL)
683 printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
684 name, (unsigned char) id[0],
685 (unsigned char) id[1],
686 gnutls_protocol_get_name (version));
687 }
688
689 printf("\n");
690 {
691 ret = gnutls_priority_certificate_type_list (pcache, &list);
692
693 printf ("Certificate types: ");
694 if (ret == 0) printf("none\n");
695 for (i = 0; i < (unsigned)ret; i++)
696 {
697 printf ("CTYPE-%s",
698 gnutls_certificate_type_get_name (list[i]));
699 if (i+1!=(unsigned)ret)
700 printf (", ");
701 else
702 printf ("\n");
703 }
704 }
705
706 {
707 ret = gnutls_priority_protocol_list (pcache, &list);
708
709 printf ("Protocols: ");
710 if (ret == 0) printf("none\n");
711 for (i = 0; i < (unsigned)ret; i++)
712 {
713 printf ("VERS-%s", gnutls_protocol_get_name (list[i]));
714 if (i+1!=(unsigned)ret)
715 printf (", ");
716 else
717 printf ("\n");
718 }
719 }
720
721 {
722 ret = gnutls_priority_compression_list (pcache, &list);
723
724 printf ("Compression: ");
725 if (ret == 0) printf("none\n");
726 for (i = 0; i < (unsigned)ret; i++)
727 {
728 printf ("COMP-%s",
729 gnutls_compression_get_name (list[i]));
730 if (i+1!=(unsigned)ret)
731 printf (", ");
732 else
733 printf ("\n");
734 }
735 }
736
737 {
738 ret = gnutls_priority_ecc_curve_list (pcache, &list);
739
740 printf ("Elliptic curves: ");
741 if (ret == 0) printf("none\n");
742 for (i = 0; i < (unsigned)ret; i++)
743 {
744 printf ("CURVE-%s",
745 gnutls_ecc_curve_get_name (list[i]));
746 if (i+1!=(unsigned)ret)
747 printf (", ");
748 else
749 printf ("\n");
750 }
751 }
752
753 {
754 ret = gnutls_priority_sign_list (pcache, &list);
755
756 printf ("PK-signatures: ");
757 if (ret == 0) printf("none\n");
758 for (i = 0; i < (unsigned)ret; i++)
759 {
760 printf ("SIGN-%s",
761 gnutls_sign_algorithm_get_name (list[i]));
762 if (i+1!=(unsigned)ret)
763 printf (", ");
764 else
765 printf ("\n");
766 }
767 }
768
769 return;
770 }
771
772 printf ("Cipher suites:\n");
773 for (i = 0; (name = gnutls_cipher_suite_info
774 (i, id, &kx, &cipher, &mac, &version)); i++)
775 {
776 printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
777 name,
778 (unsigned char) id[0], (unsigned char) id[1],
779 gnutls_protocol_get_name (version));
780 if (verbose)
781 printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
782 gnutls_kx_get_name (kx),
783 gnutls_cipher_get_name (cipher),
784 gnutls_mac_get_name (mac));
785 }
786
787 printf("\n");
788 {
789 const gnutls_certificate_type_t *p =
790 gnutls_certificate_type_list ();
791
792 printf ("Certificate types: ");
793 for (; *p; p++)
794 {
795 printf ("CTYPE-%s", gnutls_certificate_type_get_name (*p));
796 if (*(p + 1))
797 printf (", ");
798 else
799 printf ("\n");
800 }
801 }
802
803 {
804 const gnutls_protocol_t *p = gnutls_protocol_list ();
805
806 printf ("Protocols: ");
807 for (; *p; p++)
808 {
809 printf ("VERS-%s", gnutls_protocol_get_name (*p));
810 if (*(p + 1))
811 printf (", ");
812 else
813 printf ("\n");
814 }
815 }
816
817 {
818 const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
819
820 printf ("Ciphers: ");
821 for (; *p; p++)
822 {
823 printf ("%s", gnutls_cipher_get_name (*p));
824 if (*(p + 1))
825 printf (", ");
826 else
827 printf ("\n");
828 }
829 }
830
831 {
832 const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
833
834 printf ("MACs: ");
835 for (; *p; p++)
836 {
837 printf ("%s", gnutls_mac_get_name (*p));
838 if (*(p + 1))
839 printf (", ");
840 else
841 printf ("\n");
842 }
843 }
844
845 {
846 const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
847
848 printf ("Key exchange algorithms: ");
849 for (; *p; p++)
850 {
851 printf ("%s", gnutls_kx_get_name (*p));
852 if (*(p + 1))
853 printf (", ");
854 else
855 printf ("\n");
856 }
857 }
858
859 {
860 const gnutls_compression_method_t *p = gnutls_compression_list ();
861
862 printf ("Compression: ");
863 for (; *p; p++)
864 {
865 printf ("COMP-%s", gnutls_compression_get_name (*p));
866 if (*(p + 1))
867 printf (", ");
868 else
869 printf ("\n");
870 }
871 }
872
873 {
874 const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list ();
875
876 printf ("Elliptic curves: ");
877 for (; *p; p++)
878 {
879 printf ("CURVE-%s", gnutls_ecc_curve_get_name (*p));
880 if (*(p + 1))
881 printf (", ");
882 else
883 printf ("\n");
884 }
885 }
886
887 {
888 const gnutls_pk_algorithm_t *p = gnutls_pk_list ();
889
890 printf ("Public Key Systems: ");
891 for (; *p; p++)
892 {
893 printf ("%s", gnutls_pk_algorithm_get_name (*p));
894 if (*(p + 1))
895 printf (", ");
896 else
897 printf ("\n");
898 }
899 }
900
901 {
902 const gnutls_sign_algorithm_t *p = gnutls_sign_list ();
903
904 printf ("PK-signatures: ");
905 for (; *p; p++)
906 {
907 printf ("SIGN-%s", gnutls_sign_algorithm_get_name (*p));
908 if (*(p + 1))
909 printf (", ");
910 else
911 printf ("\n");
912 }
913 }
914 }
915
916 int check_command(gnutls_session_t session, const char* str)
917 {
918 size_t len = strnlen(str, 128);
919 int ret;
920
921 fprintf (stderr, "*** Processing %zu bytes command: %s\n", len, str);
922 if (len > 2 && str[0] == str[1] && str[0] == '*')
923 {
924 if (strncmp(str, "**REHANDSHAKE**", sizeof ("**REHANDSHAKE**") - 1) == 0)
925 {
926 fprintf (stderr, "*** Sending rehandshake request\n");
927 gnutls_rehandshake (session);
928 return 1;
929 } else if (strncmp(str, "**HEARTBEAT**", sizeof ("**HEARTBEAT**") - 1) == 0) {
930 ret = gnutls_heartbeat_ping (session, 300, 5, GNUTLS_HEARTBEAT_WAIT);
931 if (ret < 0)
932 {
933 if (ret == GNUTLS_E_INVALID_REQUEST)
934 {
935 fprintf(stderr, "No heartbeat in this session\n");
936 }
937 else
938 {
939 fprintf(stderr, "ping: %s\n", gnutls_strerror(ret));
940 exit(1);
941 }
942 }
943 return 2;
944 }
945 }
946 return 0;
947 }
948
949 #define MIN(x,y) ((x)<(y))?(x):(y)
950 #define MAX_CACHE_TRIES 5
951 int
952 pin_callback (void *user, int attempt, const char *token_url,
953 const char *token_label, unsigned int flags, char *pin,
954 size_t pin_max)
955 {
956 const char *password;
957 const char * desc;
958 int len, cache = MAX_CACHE_TRIES;
959 /* allow caching of PIN */
960 static char *cached_url = NULL;
961 static char cached_pin[32] = "";
962
963 if (flags & GNUTLS_PIN_SO)
964 desc = "security officer";
965 else
966 desc = "user";
967
968 if (flags & GNUTLS_PIN_FINAL_TRY)
969 {
970 cache = 0;
971 printf ("*** This is the final try before locking!\n");
972 }
973 if (flags & GNUTLS_PIN_COUNT_LOW)
974 {
975 cache = 0;
976 printf ("*** Only few tries left before locking!\n");
977 }
978
979 if (flags & GNUTLS_PIN_WRONG)
980 {
981 cache = 0;
982 printf ("*** Wrong PIN has been provided!\n");
983 }
984
985 if (cache > 0 && cached_url != NULL)
986 {
987 if (strcmp (cached_url, token_url) == 0)
988 {
989 if (strlen(pin) >= sizeof(cached_pin))
990 {
991 fprintf (stderr, "Too long PIN given\n");
992 exit (1);
993 }
994
995 fprintf(stderr, "Re-using cached PIN for token '%s'\n", token_label);
996 strcpy (pin, cached_pin);
997 cache--;
998 return 0;
999 }
1000 }
1001
1002 printf ("Token '%s' with URL '%s' ", token_label, token_url);
1003 printf ("requires %s PIN\n", desc);
1004
1005 password = getpass ("Enter PIN: ");
1006 if (password == NULL || password[0] == 0)
1007 {
1008 fprintf (stderr, "No password given\n");
1009 exit (1);
1010 }
1011
1012 len = MIN (pin_max, strlen (password));
1013 memcpy (pin, password, len);
1014 pin[len] = 0;
1015
1016 /* cache */
1017 strcpy (cached_pin, pin);
1018 free (cached_url);
1019 cached_url = strdup (token_url);
1020 cache = MAX_CACHE_TRIES;
1021
1022 return 0;
1023 }
1024
1025 #ifdef ENABLE_PKCS11
1026
1027 static int
1028 token_callback (void *user, const char *label, const unsigned retry)
1029 {
1030 char buf[32];
1031
1032 if (retry > 0)
1033 {
1034 fprintf (stderr, "Could not find token %s\n", label);
1035 return -1;
1036 }
1037 printf ("Please insert token '%s' in slot and press enter\n", label);
1038 fgets (buf, sizeof (buf), stdin);
1039
1040 return 0;
1041 }
1042
1043 void
1044 pkcs11_common (void)
1045 {
1046
1047 gnutls_pkcs11_set_pin_function (pin_callback, NULL);
1048 gnutls_pkcs11_set_token_function (token_callback, NULL);
1049
1050 }
1051
1052 #endif
Implementation of the SSL/TLS protocol