diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-12-03 20:35:22 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-12-03 20:35:22 +0100 |
commit | f97082d162912524d417239b2b143fb52430cf7d (patch) | |
tree | 2f5a471582b36230daf210e1c3b4a545b39acb53 /manual/html_node/Echo-server-with-OpenPGP-authentication.html | |
download | gnutls-f97082d162912524d417239b2b143fb52430cf7d.tar.gz |
added web
Diffstat (limited to 'manual/html_node/Echo-server-with-OpenPGP-authentication.html')
-rw-r--r-- | manual/html_node/Echo-server-with-OpenPGP-authentication.html | 369 |
1 files changed, 369 insertions, 0 deletions
diff --git a/manual/html_node/Echo-server-with-OpenPGP-authentication.html b/manual/html_node/Echo-server-with-OpenPGP-authentication.html new file mode 100644 index 0000000000..035e6fc43b --- /dev/null +++ b/manual/html_node/Echo-server-with-OpenPGP-authentication.html @@ -0,0 +1,369 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<!-- This manual is last updated 17 November 2012 for version +3.1.5 of GnuTLS. + +Copyright (C) 2001-2012 Free Software Foundation, Inc. + +Permission is granted to copy, distribute and/or modify this document +under the terms of the GNU Free Documentation License, Version 1.3 or +any later version published by the Free Software Foundation; with no +Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A +copy of the license is included in the section entitled "GNU Free +Documentation License". --> +<!-- Created by GNU Texinfo 4.13.90, http://www.gnu.org/software/texinfo/ --> +<head> +<title>GnuTLS 3.1.5: Echo server with OpenPGP authentication</title> + +<meta name="description" content="GnuTLS 3.1.5: Echo server with OpenPGP authentication"> +<meta name="keywords" content="GnuTLS 3.1.5: Echo server with OpenPGP authentication"> +<meta name="resource-type" content="document"> +<meta name="distribution" content="global"> +<meta name="Generator" content="makeinfo"> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link href="index.html#Top" rel="start" title="Top"> +<link href="Function-and-Data-Index.html#Function-and-Data-Index" rel="index" title="Function and Data Index"> +<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents"> +<link href="Server-examples.html#Server-examples" rel="up" title="Server examples"> +<link href="Echo-server-with-SRP-authentication.html#Echo-server-with-SRP-authentication" rel="next" title="Echo server with SRP authentication"> +<link href="Echo-server-with-X_002e509-authentication.html#Echo-server-with-X_002e509-authentication" rel="previous" title="Echo server with X.509 authentication"> +<style type="text/css"> +<!-- +a.summary-letter {text-decoration: none} +blockquote.smallquotation {font-size: smaller} +div.display {margin-left: 3.2em} +div.example {margin-left: 3.2em} +div.indentedblock {margin-left: 3.2em} +div.lisp {margin-left: 3.2em} +div.smalldisplay {margin-left: 3.2em} +div.smallexample {margin-left: 3.2em} +div.smallindentedblock {margin-left: 3.2em; font-size: smaller} +div.smalllisp {margin-left: 3.2em} +kbd {font-style:oblique} +pre.display {font-family: inherit} +pre.format {font-family: inherit} +pre.menu-comment {font-family: serif} +pre.menu-preformatted {font-family: serif} +pre.smalldisplay {font-family: inherit; font-size: smaller} +pre.smallexample {font-size: smaller} +pre.smallformat {font-family: inherit; font-size: smaller} +pre.smalllisp {font-size: smaller} +span.nocodebreak {white-space:nowrap} +span.nolinebreak {white-space:nowrap} +span.roman {font-family:serif; font-weight:normal} +span.sansserif {font-family:sans-serif; font-weight:normal} +ul.no-bullet {list-style: none} +body { + margin: 2%; + padding: 0 5%; + background: #ffffff; +} +h1,h2,h3,h4,h5 { + font-weight: bold; + padding: 5px 5px 5px 5px; + background-color: #c2e0ff; + color: #336699; +} +h1 { + padding: 2em 2em 2em 5%; + color: white; + background: #336699; + text-align: center; + letter-spacing: 3px; +} +h2 { text-decoration: underline; } +pre { + margin: 0 5%; + padding: 0.5em; +} +pre.example,pre.verbatim { + padding-bottom: 1em; + + border: solid #c2e0ff; + background: #f0faff; + border-width: 1px 1px 1px 5px; + margin: 1em auto; + width: 90%; +} + +div.node { + margin: 0 -5% 0 -2%; + padding: 0.5em 0.5em; + margin-top: 0.5em; + margin-bottom: 0.5em; + font-weight: bold; +} +dd, li { + padding-top: 0.1em; + padding-bottom: 0.1em; +} +div.float { + + margin-bottom: 0.5em; + text-align: center; +} + +table { + text-align: left; + margin-left:auto; + margin-right:auto; + width: 50%; +} + +th { + padding: 0; + color: #336699; + background-color: #c2e0ff; + border: solid #000000; + border-width: 0px; + margin: 1em auto; + text-align: center; + margin-left:auto; + margin-right:auto; +} + +td { + padding: 0; + border: solid #000000; + background-color: #f0faff; + border-width: 0px; + margin: 1em auto; + text-align: left; + margin-left:auto; + margin-right:auto; + padding-left: 1em; +} + +dl { + text-align: left; + margin-left:auto; + margin-right:auto; + width: 50%; + + padding-left: 1em; + border: solid #c2e0ff; + background: #f0faff; + border-width: 5px 1px 1px 1px; + margin: 1em auto; +} + +--> +</style> + + +</head> + +<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000"> +<a name="Echo-server-with-OpenPGP-authentication"></a> +<div class="header"> +<p> +Next: <a href="Echo-server-with-SRP-authentication.html#Echo-server-with-SRP-authentication" accesskey="n" rel="next">Echo server with SRP authentication</a>, Previous: <a href="Echo-server-with-X_002e509-authentication.html#Echo-server-with-X_002e509-authentication" accesskey="p" rel="previous">Echo server with X.509 authentication</a>, Up: <a href="Server-examples.html#Server-examples" accesskey="u" rel="up">Server examples</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> +</div> +<hr> +<a name="Echo-server-with-OpenPGP-authentication-1"></a> +<h4 class="subsection">9.2.2 Echo server with <acronym>OpenPGP</acronym> authentication</h4> +<a name="index-OpenPGP-server"></a> + +<p>The following example is an echo server which supports +<acronym>OpenPGP</acronym> key authentication. You can easily combine +this functionality —that is have a server that supports both +<acronym>X.509</acronym> and <acronym>OpenPGP</acronym> certificates— but we separated +them to keep these examples as simple as possible. +</p> +<pre class="verbatim">/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <arpa/inet.h> +#include <netinet/in.h> +#include <string.h> +#include <unistd.h> +#include <gnutls/gnutls.h> +#include <gnutls/openpgp.h> + +#define KEYFILE "secret.asc" +#define CERTFILE "public.asc" +#define RINGFILE "ring.gpg" + +/* This is a sample TLS 1.0-OpenPGP echo server. + */ + + +#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);} +#define MAX_BUF 1024 +#define PORT 5556 /* listen to 5556 port */ +#define DH_BITS 1024 + +/* These are global */ +gnutls_certificate_credentials_t cred; +gnutls_dh_params_t dh_params; + +static int +generate_dh_params (void) +{ + + /* Generate Diffie-Hellman parameters - for use with DHE + * kx algorithms. These should be discarded and regenerated + * once a day, once a week or once a month. Depending on the + * security requirements. + */ + gnutls_dh_params_init (&dh_params); + gnutls_dh_params_generate2 (dh_params, DH_BITS); + + return 0; +} + +static gnutls_session_t +initialize_tls_session (void) +{ + gnutls_session_t session; + + gnutls_init (&session, GNUTLS_SERVER); + + gnutls_priority_set_direct (session, "NORMAL:+CTYPE-OPENPGP", NULL); + + /* request client certificate if any. + */ + gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); + + gnutls_dh_set_prime_bits (session, DH_BITS); + + return session; +} + +int +main (void) +{ + int err, listen_sd; + int sd, ret; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + socklen_t client_len; + char topbuf[512]; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + int optval = 1; + char name[256]; + + strcpy (name, "Echo Server"); + + /* this must be called once in the program + */ + gnutls_global_init (); + + gnutls_certificate_allocate_credentials (&cred); + gnutls_certificate_set_openpgp_keyring_file (cred, RINGFILE, + GNUTLS_OPENPGP_FMT_BASE64); + + gnutls_certificate_set_openpgp_key_file (cred, CERTFILE, KEYFILE, + GNUTLS_OPENPGP_FMT_BASE64); + + generate_dh_params (); + + gnutls_certificate_set_dh_params (cred, dh_params); + + /* Socket operations + */ + listen_sd = socket (AF_INET, SOCK_STREAM, 0); + SOCKET_ERR (listen_sd, "socket"); + + memset (&sa_serv, '\0', sizeof (sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons (PORT); /* Server Port number */ + + setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof (int)); + + err = bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv)); + SOCKET_ERR (err, "bind"); + err = listen (listen_sd, 1024); + SOCKET_ERR (err, "listen"); + + printf ("%s ready. Listening to port '%d'.\n\n", name, PORT); + + client_len = sizeof (sa_cli); + for (;;) + { + session = initialize_tls_session (); + + sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len); + + printf ("- connection from %s, port %d\n", + inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, + sizeof (topbuf)), ntohs (sa_cli.sin_port)); + + gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); + ret = gnutls_handshake (session); + if (ret < 0) + { + close (sd); + gnutls_deinit (session); + fprintf (stderr, "*** Handshake has failed (%s)\n\n", + gnutls_strerror (ret)); + continue; + } + printf ("- Handshake was completed\n"); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) + { + memset (buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv (session, buffer, MAX_BUF); + + if (ret == 0) + { + printf ("\n- Peer has closed the GnuTLS connection\n"); + break; + } + else if (ret < 0) + { + fprintf (stderr, "\n*** Received corrupted " + "data(%d). Closing the connection.\n\n", ret); + break; + } + else if (ret > 0) + { + /* echo data back to the client + */ + gnutls_record_send (session, buffer, strlen (buffer)); + } + } + printf ("\n"); + /* do not wait for the peer to close the connection. + */ + gnutls_bye (session, GNUTLS_SHUT_WR); + + close (sd); + gnutls_deinit (session); + + } + close (listen_sd); + + gnutls_certificate_free_credentials (cred); + + gnutls_global_deinit (); + + return 0; + +} +</pre> +<hr> +<div class="header"> +<p> +Next: <a href="Echo-server-with-SRP-authentication.html#Echo-server-with-SRP-authentication" accesskey="n" rel="next">Echo server with SRP authentication</a>, Previous: <a href="Echo-server-with-X_002e509-authentication.html#Echo-server-with-X_002e509-authentication" accesskey="p" rel="previous">Echo server with X.509 authentication</a>, Up: <a href="Server-examples.html#Server-examples" accesskey="u" rel="up">Server examples</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p> +</div> + + + +</body> +</html> |