diff options
Diffstat (limited to 'demos')
| -rw-r--r-- | demos/README | 3 | ||||
| -rw-r--r-- | demos/b64.c | 270 | ||||
| -rw-r--r-- | demos/b64.pl | 20 | ||||
| -rw-r--r-- | demos/bio/README | 3 | ||||
| -rw-r--r-- | demos/bio/saccept.c | 107 | ||||
| -rw-r--r-- | demos/bio/sconnect.c | 115 | ||||
| -rw-r--r-- | demos/bio/server.pem | 30 | ||||
| -rw-r--r-- | demos/maurice/Makefile | 23 | ||||
| -rw-r--r-- | demos/maurice/README | 34 | ||||
| -rw-r--r-- | demos/maurice/cert.pem | 77 | ||||
| -rw-r--r-- | demos/maurice/example1.c | 200 | ||||
| -rw-r--r-- | demos/maurice/example2.c | 77 | ||||
| -rw-r--r-- | demos/maurice/example3.c | 86 | ||||
| -rw-r--r-- | demos/maurice/example4.c | 122 | ||||
| -rw-r--r-- | demos/maurice/loadkeys.c | 77 | ||||
| -rw-r--r-- | demos/maurice/loadkeys.h | 19 | ||||
| -rw-r--r-- | demos/maurice/privkey.pem | 27 | ||||
| -rw-r--r-- | demos/prime/prime.c | 100 | ||||
| -rw-r--r-- | demos/privkey.pem | 9 | ||||
| -rw-r--r-- | demos/selfsign.c | 168 | ||||
| -rw-r--r-- | demos/sign/cert.pem | 14 | ||||
| -rw-r--r-- | demos/sign/key.pem | 9 | ||||
| -rw-r--r-- | demos/sign/sig.txt | 158 | ||||
| -rw-r--r-- | demos/sign/sign.c | 137 | ||||
| -rw-r--r-- | demos/sign/sign.txt | 170 | ||||
| -rw-r--r-- | demos/spkigen.c | 160 | ||||
| -rw-r--r-- | demos/ssl/cli.cpp | 102 | ||||
| -rw-r--r-- | demos/ssl/inetdsrv.cpp | 98 | ||||
| -rw-r--r-- | demos/ssl/serv.cpp | 126 |
29 files changed, 2541 insertions, 0 deletions
diff --git a/demos/README b/demos/README new file mode 100644 index 0000000..769965a --- /dev/null +++ b/demos/README @@ -0,0 +1,3 @@ +Some demo programs sent to me by various people + +eric diff --git a/demos/b64.c b/demos/b64.c new file mode 100644 index 0000000..5e3d20e --- /dev/null +++ b/demos/b64.c @@ -0,0 +1,270 @@ +/* demos/b64.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "apps.h" +#include "buffer.h" +#include "err.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "pem.h" + +#undef SIZE +#undef BSIZE +#undef PROG + +#define SIZE (512) +#define BSIZE (8*1024) +#define PROG enc_main + +int main(argc,argv) +int argc; +char **argv; + { + char *strbuf=NULL; + unsigned char *buff=NULL,*bufsize=NULL; + int bsize=BSIZE,verbose=0; + int ret=1,inl; + unsigned char key[24],iv[MD5_DIGEST_LENGTH]; + char *str=NULL; + char *hkey=NULL,*hiv=NULL; + int enc=1,printkey=0,i,base64=0; + int debug=0; + EVP_CIPHER *cipher=NULL,*c; + char *inf=NULL,*outf=NULL; + BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; +#define PROG_NAME_SIZE 16 + char pname[PROG_NAME_SIZE]; + + + apps_startup(); + + if (bio_err == NULL) + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + base64=1; + + argc--; + argv++; + while (argc >= 1) + { + if (strcmp(*argv,"-e") == 0) + enc=1; + if (strcmp(*argv,"-in") == 0) + { + if (--argc < 1) goto bad; + inf= *(++argv); + } + else if (strcmp(*argv,"-out") == 0) + { + if (--argc < 1) goto bad; + outf= *(++argv); + } + else if (strcmp(*argv,"-d") == 0) + enc=0; + else if (strcmp(*argv,"-v") == 0) + verbose=1; + else if (strcmp(*argv,"-debug") == 0) + debug=1; + else if (strcmp(*argv,"-bufsize") == 0) + { + if (--argc < 1) goto bad; + bufsize=(unsigned char *)*(++argv); + } + else + { + BIO_printf(bio_err,"unknown option '%s'\n",*argv); +bad: + BIO_printf(bio_err,"options are\n"); + BIO_printf(bio_err,"%-14s input file\n","-in <file>"); + BIO_printf(bio_err,"%-14s output file\n","-out <file>"); + BIO_printf(bio_err,"%-14s encode\n","-e"); + BIO_printf(bio_err,"%-14s decode\n","-d"); + BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>"); + + goto end; + } + argc--; + argv++; + } + + if (bufsize != NULL) + { + int i; + unsigned long n; + + for (n=0; *bufsize; bufsize++) + { + i= *bufsize; + if ((i <= '9') && (i >= '0')) + n=n*10+i-'0'; + else if (i == 'k') + { + n*=1024; + bufsize++; + break; + } + } + if (*bufsize != '\0') + { + BIO_printf(bio_err,"invalid 'bufsize' specified.\n"); + goto end; + } + + /* It must be large enough for a base64 encoded line */ + if (n < 80) n=80; + + bsize=(int)n; + if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize); + } + + strbuf=Malloc(SIZE); + buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize)); + if ((buff == NULL) || (strbuf == NULL)) + { + BIO_printf(bio_err,"Malloc failure\n"); + goto end; + } + + in=BIO_new(BIO_s_file()); + out=BIO_new(BIO_s_file()); + if ((in == NULL) || (out == NULL)) + { + ERR_print_errors(bio_err); + goto end; + } + if (debug) + { + BIO_set_callback(in,BIO_debug_callback); + BIO_set_callback(out,BIO_debug_callback); + BIO_set_callback_arg(in,bio_err); + BIO_set_callback_arg(out,bio_err); + } + + if (inf == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,inf) <= 0) + { + perror(inf); + goto end; + } + } + + if (outf == NULL) + BIO_set_fp(out,stdout,BIO_NOCLOSE); + else + { + if (BIO_write_filename(out,outf) <= 0) + { + perror(outf); + goto end; + } + } + + rbio=in; + wbio=out; + + if (base64) + { + if ((b64=BIO_new(BIO_f_base64())) == NULL) + goto end; + if (debug) + { + BIO_set_callback(b64,BIO_debug_callback); + BIO_set_callback_arg(b64,bio_err); + } + if (enc) + wbio=BIO_push(b64,wbio); + else + rbio=BIO_push(b64,rbio); + } + + for (;;) + { + inl=BIO_read(rbio,(char *)buff,bsize); + if (inl <= 0) break; + if (BIO_write(wbio,(char *)buff,inl) != inl) + { + BIO_printf(bio_err,"error writing output file\n"); + goto end; + } + } + BIO_flush(wbio); + + ret=0; + if (verbose) + { + BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in)); + BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out)); + } +end: + if (strbuf != NULL) Free(strbuf); + if (buff != NULL) Free(buff); + if (in != NULL) BIO_free(in); + if (out != NULL) BIO_free(out); + if (benc != NULL) BIO_free(benc); + if (b64 != NULL) BIO_free(b64); + EXIT(ret); + } + diff --git a/demos/b64.pl b/demos/b64.pl new file mode 100644 index 0000000..8aa5fb4 --- /dev/null +++ b/demos/b64.pl @@ -0,0 +1,20 @@ +#!/usr/local/bin/perl + +# +# Make PEM encoded data have lines of 64 bytes of data +# + +while (<>) + { + if (/^-----BEGIN/ .. /^-----END/) + { + if (/^-----BEGIN/) { $first=$_; next; } + if (/^-----END/) { $last=$_; next; } + $out.=$_; + } + } +$out =~ s/\s//g; +$out =~ s/(.{64})/$1\n/g; +print "$first$out\n$last\n"; + + diff --git a/demos/bio/README b/demos/bio/README new file mode 100644 index 0000000..0b24e5b --- /dev/null +++ b/demos/bio/README @@ -0,0 +1,3 @@ +This directory contains some simple examples of the use of BIO's +to simplify socket programming. + diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c new file mode 100644 index 0000000..81bf353 --- /dev/null +++ b/demos/bio/saccept.c @@ -0,0 +1,107 @@ +/* NOCW */ +/* demos/bio/saccept.c */ + +/* A minimal program to server an SSL connection. + * It uses blocking. + * saccept host:port + * host is the interface IP to use. If any interface, use *:port + * The default it *:4433 + * + * cc -I../../include saccept.c -L../.. -lssl -lcrypto + */ + +#include <stdio.h> +#include <signal.h> +#include "err.h" +#include "ssl.h" + +#define CERT_FILE "server.pem" + +BIO *in=NULL; + +void close_up() + { + if (in != NULL) + BIO_free(in); + } + +int main(argc,argv) +int argc; +char *argv[]; + { + char *port=NULL; + BIO *ssl_bio,*tmp; + SSL_CTX *ctx; + SSL *ssl; + char buf[512]; + int ret=1,i; + + if (argc <= 1) + port="*:4433"; + else + port=argv[1]; + + signal(SIGINT,close_up); + + SSL_load_error_strings(); + + /* Add ciphers and message digests */ + SSLeay_add_ssl_algorithms(); + + ctx=SSL_CTX_new(SSLv23_server_method()); + if (!SSL_CTX_use_certificate_file(ctx,CERT_FILE,SSL_FILETYPE_PEM)) + goto err; + if (!SSL_CTX_use_PrivateKey_file(ctx,CERT_FILE,SSL_FILETYPE_PEM)) + goto err; + if (!SSL_CTX_check_private_key(ctx)) + goto err; + + /* Setup server side SSL bio */ + ssl=SSL_new(ctx); + ssl_bio=BIO_new_ssl(ctx,0); + + if ((in=BIO_new_accept(port)) == NULL) goto err; + + /* This means that when a new connection is acceptede on 'in', + * The ssl_bio will be 'dupilcated' and have the new socket + * BIO push into it. Basically it means the SSL BIO will be + * automatically setup */ + BIO_set_accept_bios(in,ssl_bio); + +again: + /* The first call will setup the accept socket, and the second + * will get a socket. In this loop, the first actuall accept + * will occur in the BIO_read() function. */ + + if (BIO_do_accept(in) <= 0) goto err; + + for (;;) + { + i=BIO_read(in,buf,512); + if (i == 0) + { + /* If we have finished, remove the underlying + * BIO stack so the next time we call any function + * for this BIO, it will attempt to do an + * accept */ + printf("Done\n"); + tmp=BIO_pop(in); + BIO_free_all(tmp); + goto again; + } + if (i < 0) goto err; + fwrite(buf,1,i,stdout); + fflush(stdout); + } + + ret=0; +err: + if (ret) + { + ERR_print_errors_fp(stderr); + } + if (in != NULL) BIO_free(in); + exit(ret); + return(!ret); + } + diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c new file mode 100644 index 0000000..8a667f5 --- /dev/null +++ b/demos/bio/sconnect.c @@ -0,0 +1,115 @@ +/* NOCW */ +/* demos/bio/sconnect.c */ + +/* A minimal program to do SSL to a passed host and port. + * It is actually using non-blocking IO but in a very simple manner + * sconnect host:port - it does a 'GET / HTTP/1.0' + * + * cc -I../../include sconnect.c -L../.. -lssl -lcrypto + */ +#include <stdio.h> +#include <stdlib.h> +#include "err.h" +#include "ssl.h" + +extern int errno; + +int main(argc,argv) +int argc; +char *argv[]; + { + char *host; + BIO *out; + char buf[1024*10],*p; + SSL_CTX *ssl_ctx=NULL; + SSL *ssl; + BIO *ssl_bio; + int i,len,off,ret=1; + + if (argc <= 1) + host="localhost:4433"; + else + host=argv[1]; + + /* Lets get nice error messages */ + SSL_load_error_strings(); + + /* Setup all the global SSL stuff */ + SSLeay_add_ssl_algorithms(); + ssl_ctx=SSL_CTX_new(SSLv23_client_method()); + + /* Lets make a SSL structure */ + ssl=SSL_new(ssl_ctx); + SSL_set_connect_state(ssl); + + /* Use it inside an SSL BIO */ + ssl_bio=BIO_new(BIO_f_ssl()); + BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE); + + /* Lets use a connect BIO under the SSL BIO */ + out=BIO_new(BIO_s_connect()); + BIO_set_hostname(out,host); + BIO_set_nbio(out,1); + out=BIO_push(ssl_bio,out); + + p="GET / HTTP/1.0\r\n\r\n"; + len=strlen(p); + + off=0; + for (;;) + { + i=BIO_write(out,&(p[off]),len); + if (i <= 0) + { + if (BIO_should_retry(out)) + { + fprintf(stderr,"write DELAY\n"); + sleep(1); + continue; + } + else + { + goto err; + } + } + off+=i; + len-=i; + if (len <= 0) break; + } + + for (;;) + { + i=BIO_read(out,buf,sizeof(buf)); + if (i == 0) break; + if (i < 0) + { + if (BIO_should_retry(out)) + { + fprintf(stderr,"read DELAY\n"); + sleep(1); + continue; + } + goto err; + } + fwrite(buf,1,i,stdout); + } + + ret=1; + + if (0) + { +err: + if (ERR_peek_error() == 0) /* system call error */ + { + fprintf(stderr,"errno=%d ",errno); + perror("error"); + } + else + ERR_print_errors_fp(stderr); + } + BIO_free_all(out); + if (ssl_ctx != NULL) SSL_CTX_free(ssl_ctx); + exit(!ret); + return(ret); + } + diff --git a/demos/bio/server.pem b/demos/bio/server.pem new file mode 100644 index 0000000..5cf1387 --- /dev/null +++ b/demos/bio/server.pem @@ -0,0 +1,30 @@ +subject=/C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server +issuer= /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA +-----BEGIN X509 CERTIFICATE----- + +MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV +BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz +MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM +RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV +BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3 +LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb +/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0 +DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn +IMs6ZOZB +-----END X509 CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- + +MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe +Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ +hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG +sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw +tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq +agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA +g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI= +-----END RSA PRIVATE KEY----- + +-----BEGIN DH PARAMETERS----- +MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn +a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC +-----END DH PARAMETERS----- + diff --git a/demos/maurice/Makefile b/demos/maurice/Makefile new file mode 100644 index 0000000..fa67dcc --- /dev/null +++ b/demos/maurice/Makefile @@ -0,0 +1,23 @@ +CC=cc +CFLAGS= -g -I../../include +LIBS= -L/usr/local/ssl/lib -L../.. -lcrypto +EXAMPLES=example1 example2 example3 example4 + +all: $(EXAMPLES) + +example1: example1.o loadkeys.o + $(CC) -o example1 example1.o loadkeys.o $(LIBS) + +example2: example2.o loadkeys.o + $(CC) -o example2 example2.o loadkeys.o $(LIBS) + +example3: example3.o + $(CC) -o example3 example3.o $(LIBS) + +example4: example4.o + $(CC) -o example4 example4.o $(LIBS) + + +clean: + rm -f $(EXAMPLES) *.o + diff --git a/demos/maurice/README b/demos/maurice/README new file mode 100644 index 0000000..29778d5 --- /dev/null +++ b/demos/maurice/README @@ -0,0 +1,34 @@ +From Maurice Gittens <mgittens@gits.nl> +-- + Example programs, demonstrating some basic SSLeay crypto library + operations, to help you not to make the same mistakes I did. + + The following files are present. + - loadkeys.c Demonstrates the loading and of public and + private keys. + - loadkeys.h The interface for loadkeys.c + - example1.c Demonstrates the sealing and opening API's + - example2.c Demonstrates rsa encryption and decryption + - example3.c Demonstrates the use of symmetric block ciphers + - example4.c Demonstrates base64 and decoding + - Makefile A makefile you probably will have to adjust for + your environment + - README this file + + + The programs were written by Maurice Gittens <mgittens@gits.nl> + with the necesary help from Eric Young <eay@cryptsoft.com> + + You may do as you please with these programs, but please don't + pretend that you wrote them. + + To be complete: If you use these programs you acknowlegde that + you are aware that there is NO warranty of any kind associated + with these programs. I don't even claim that the programs work, + they are provided AS-IS. + + January 1997 + + Maurice + + diff --git a/demos/maurice/cert.pem b/demos/maurice/cert.pem new file mode 100644 index 0000000..e31a9ae --- /dev/null +++ b/demos/maurice/cert.pem @@ -0,0 +1,77 @@ +issuer :/C=NL/SP=Brabant/L=Eindhoven/O=Gittens Information Systems B.V./OU=Certification Services/CN=ca.gits.nl/Email=mgittens@gits.nl +subject:/C=NL/SP=Brabant/O=Gittens Information Systems B.V./OU=Certification Services/CN=caleb.gits.nl/Email=mgittens@gits.nl +serial :01 + +Certificate: + Data: + Version: 0 (0x0) + Serial Number: 1 (0x1) + Signature Algorithm: md5withRSAEncryption + Issuer: C=NL, SP=Brabant, L=Eindhoven, O=Gittens Information Systems B.V., OU=Certification Services, CN=ca.gits.nl/Email=mgittens@gits.nl + Validity + Not Before: Jan 5 13:21:16 1997 GMT + Not After : Jul 24 13:21:16 1997 GMT + Subject: C=NL, SP=Brabant, O=Gittens Information Systems B.V., OU=Certification Services, CN=caleb.gits.nl/Email=mgittens@gits.nl + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Modulus: + 00:dd:82:a0:fe:a9:8d:6a:02:7e:78:d6:33:75:9b: + 82:01:4b:12:80:ea:6b:9b:83:9e:e3:ae:dc:f3:d0: + 71:7c:4b:ea:03:57:b4:cc:ba:44:5b:b8:4b:49:d3: + f6:39:cc:3d:12:1f:da:58:26:27:bc:bc:ab:a4:6d: + 62:d1:91:5a:47:9f:80:40:c1:b9:fa:e3:1e:ef:52: + 78:46:26:43:65:1d:f2:6b:bf:ff:c0:81:66:14:cd: + 81:32:91:f1:f8:51:7d:0e:17:1f:27:fc:c7:51:fd: + 1c:73:41:e5:66:43:3c:67:a3:09:b9:5e:36:50:50: + b1:e8:42:bd:5c:c6:2b:ec:a9:2c:fe:6a:fe:40:26: + 64:9e:b9:bf:2d:1d:fb:d0:48:5b:82:2a:8e:ab:a4: + d5:7b:5f:26:84:8a:9a:69:5e:c1:71:e2:a9:59:4c: + 2a:76:f7:fd:f4:cf:3f:d3:ce:30:72:62:65:1c:e9: + e9:ee:d2:fc:44:00:1e:e0:80:57:e9:41:b3:f0:44: + e5:0f:77:3b:1a:1f:57:5e:94:1d:c3:a5:fa:af:41: + 8c:4c:30:6b:2b:00:84:52:0c:64:0c:a8:5b:17:16: + d1:1e:f8:ea:72:01:47:9a:b9:21:95:f9:71:ed:7c: + d2:93:54:0c:c5:9c:e8:e5:40:28:c5:a0:ca:b1:a9: + 20:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: md5withRSAEncryption + 93:08:f9:e0:d4:c5:ca:95:de:4e:38:3b:28:87:e9:d3:b6:ce: + 4f:69:2e:c9:09:57:2f:fa:e2:50:9f:39:ec:f3:84:e8:3a:8f: + 9b:c3:06:62:90:49:93:6d:23:7a:2b:3d:7b:f9:46:32:18:d3: + 87:44:49:f7:29:2f:f3:58:97:70:c3:45:5b:90:52:1c:df:fb: + a8:a3:a1:29:53:a3:4c:ed:d2:51:d0:44:98:a4:14:6f:76:9d: + 0d:03:76:e5:d3:13:21:ce:a3:4d:2a:77:fe:ad:b3:47:6d:42: + b9:4a:0e:ff:61:f4:ec:62:b2:3b:00:9c:ac:16:a2:ec:19:c8: + c7:3d:d7:7d:97:cd:4d:1a:d2:00:07:4e:40:3d:b9:ba:1e:e2: + fe:81:28:57:b9:ad:2b:74:59:b0:9f:8b:a5:98:d3:75:06:67: + 4a:04:11:b2:ea:1a:8c:e0:d4:be:c8:0c:46:76:7f:5f:5a:7b: + 72:09:dd:b6:d3:6b:97:70:e8:7e:17:74:1c:f7:3a:5f:e3:fa: + c2:f7:95:bd:74:5e:44:4b:9b:bd:27:de:02:7f:87:1f:68:68: + 60:b9:f4:1d:2b:7b:ce:ef:b1:7f:3a:be:b9:66:60:54:6f:0c: + a0:dd:8c:03:a7:f1:9f:f8:0e:8d:bb:c6:ba:77:61:f7:8e:be: + 28:ba:d8:4f + +-----BEGIN CERTIFICATE----- +MIIDzzCCArcCAQEwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAk5MMRAwDgYD +VQQIEwdCcmFiYW50MRIwEAYDVQQHEwlFaW5kaG92ZW4xKTAnBgNVBAoTIEdpdHRl +bnMgSW5mb3JtYXRpb24gU3lzdGVtcyBCLlYuMR8wHQYDVQQLExZDZXJ0aWZpY2F0 +aW9uIFNlcnZpY2VzMRMwEQYDVQQDEwpjYS5naXRzLm5sMR8wHQYJKoZIhvcNAQkB +FhBtZ2l0dGVuc0BnaXRzLm5sMB4XDTk3MDEwNTEzMjExNloXDTk3MDcyNDEzMjEx +NlowgaQxCzAJBgNVBAYTAk5MMRAwDgYDVQQIEwdCcmFiYW50MSkwJwYDVQQKEyBH +aXR0ZW5zIEluZm9ybWF0aW9uIFN5c3RlbXMgQi5WLjEfMB0GA1UECxMWQ2VydGlm +aWNhdGlvbiBTZXJ2aWNlczEWMBQGA1UEAxMNY2FsZWIuZ2l0cy5ubDEfMB0GCSqG +SIb3DQEJARYQbWdpdHRlbnNAZ2l0cy5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAN2CoP6pjWoCfnjWM3WbggFLEoDqa5uDnuOu3PPQcXxL6gNXtMy6 +RFu4S0nT9jnMPRIf2lgmJ7y8q6RtYtGRWkefgEDBufrjHu9SeEYmQ2Ud8mu//8CB +ZhTNgTKR8fhRfQ4XHyf8x1H9HHNB5WZDPGejCbleNlBQsehCvVzGK+ypLP5q/kAm +ZJ65vy0d+9BIW4Iqjquk1XtfJoSKmmlewXHiqVlMKnb3/fTPP9POMHJiZRzp6e7S +/EQAHuCAV+lBs/BE5Q93OxofV16UHcOl+q9BjEwwaysAhFIMZAyoWxcW0R746nIB +R5q5IZX5ce180pNUDMWc6OVAKMWgyrGpIPkCAwEAATANBgkqhkiG9w0BAQQFAAOC +AQEAkwj54NTFypXeTjg7KIfp07bOT2kuyQlXL/riUJ857POE6DqPm8MGYpBJk20j +eis9e/lGMhjTh0RJ9ykv81iXcMNFW5BSHN/7qKOhKVOjTO3SUdBEmKQUb3adDQN2 +5dMTIc6jTSp3/q2zR21CuUoO/2H07GKyOwCcrBai7BnIxz3XfZfNTRrSAAdOQD25 +uh7i/oEoV7mtK3RZsJ+LpZjTdQZnSgQRsuoajODUvsgMRnZ/X1p7cgndttNrl3Do +fhd0HPc6X+P6wveVvXReREubvSfeAn+HH2hoYLn0HSt7zu+xfzq+uWZgVG8MoN2M +A6fxn/gOjbvGundh946+KLrYTw== +-----END CERTIFICATE----- + diff --git a/demos/maurice/example1.c b/demos/maurice/example1.c new file mode 100644 index 0000000..77730d3 --- /dev/null +++ b/demos/maurice/example1.c @@ -0,0 +1,200 @@ +/* NOCW */ +/* + Please read the README file for condition of use, before + using this software. + + Maurice Gittens <mgittens@gits.nl> January 1997 +*/ + +#include <unistd.h> +#include <stdio.h> +#include <netinet/in.h> +#include <fcntl.h> +#include <strings.h> +#include <stdlib.h> + +#include "rsa.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "err.h" +#include "pem.h" +#include "ssl.h" + +#include "loadkeys.h" + +#define PUBFILE "cert.pem" +#define PRIVFILE "privkey.pem" + +#define STDIN 0 +#define STDOUT 1 + +void main_encrypt(void); +void main_decrypt(void); + +static const char *usage = "Usage: example1 [-d]\n"; + +int main(int argc, char *argv[]) +{ + + ERR_load_crypto_strings(); + + if ((argc == 1)) + { + main_encrypt(); + } + else if ((argc == 2) && !strcmp(argv[1],"-d")) + { + main_decrypt(); + } + else + { + printf("%s",usage); + exit(1); + } + + return 0; +} + +void main_encrypt(void) +{ + unsigned int ebuflen; + EVP_CIPHER_CTX ectx; + unsigned char iv[EVP_MAX_IV_LENGTH]; + unsigned char *ekey[1]; + int readlen; + int ekeylen, net_ekeylen; + EVP_PKEY *pubKey[1]; + char buf[512]; + char ebuf[512]; + + memset(iv, '\0', sizeof(iv)); + + pubKey[0] = ReadPublicKey(PUBFILE); + + if(!pubKey) + { + fprintf(stderr,"Error: can't load public key"); + exit(1); + } + + ekey[0] = malloc(EVP_PKEY_size(pubKey[0])); + if (!ekey[0]) + { + EVP_PKEY_free(pubKey[0]); + perror("malloc"); + exit(1); + } + + EVP_SealInit(&ectx, + EVP_des_ede3_cbc(), + ekey, + &ekeylen, + iv, + pubKey, + 1); + + net_ekeylen = htonl(ekeylen); + write(STDOUT, (char*)&net_ekeylen, sizeof(net_ekeylen)); + write(STDOUT, ekey[0], ekeylen); + write(STDOUT, iv, sizeof(iv)); + + while(1) + { + readlen = read(STDIN, buf, sizeof(buf)); + + if (readlen <= 0) + { + if (readlen < 0) + perror("read"); + + break; + } + + EVP_SealUpdate(&ectx, ebuf, &ebuflen, buf, readlen); + + write(STDOUT, ebuf, ebuflen); + } + + EVP_SealFinal(&ectx, ebuf, &ebuflen); + + write(STDOUT, ebuf, ebuflen); + + EVP_PKEY_free(pubKey[0]); + free(ekey[0]); +} + +void main_decrypt(void) +{ + char buf[512]; + char ebuf[512]; + unsigned int buflen; + EVP_CIPHER_CTX ectx; + unsigned char iv[8]; + unsigned char *encryptKey; + unsigned int ekeylen; + EVP_PKEY *privateKey; + + memset(iv, '\0', sizeof(iv)); + + privateKey = ReadPrivateKey(PRIVFILE); + if (!privateKey) + { + fprintf(stderr, "Error: can't load private key"); + exit(1); + } + + read(STDIN, &ekeylen, sizeof(ekeylen)); + ekeylen = ntohl(ekeylen); + + if (ekeylen != EVP_PKEY_size(privateKey)) + { + EVP_PKEY_free(privateKey); + fprintf(stderr, "keylength mismatch"); + exit(1); + } + + encryptKey = malloc(sizeof(char) * ekeylen); + if (!encryptKey) + { + EVP_PKEY_free(privateKey); + perror("malloc"); + exit(1); + } + + read(STDIN, encryptKey, ekeylen); + read(STDIN, iv, sizeof(iv)); + + EVP_OpenInit(&ectx, + EVP_des_ede3_cbc(), + encryptKey, + ekeylen, + iv, + privateKey); + + while(1) + { + int readlen = read(STDIN, ebuf, sizeof(ebuf)); + + if (readlen <= 0) + { + if (readlen < 0) + perror("read"); + + break; + } + + EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen); + + write(STDOUT, buf, buflen); + } + + EVP_OpenFinal(&ectx, buf, &buflen); + + write(STDOUT, buf, buflen); + + EVP_PKEY_free(privateKey); + free(encryptKey); +} + + diff --git a/demos/maurice/example2.c b/demos/maurice/example2.c new file mode 100644 index 0000000..99f7b22 --- /dev/null +++ b/demos/maurice/example2.c @@ -0,0 +1,77 @@ +/* NOCW */ +/* + Please read the README file for condition of use, before + using this software. + + Maurice Gittens <mgittens@gits.nl> January 1997 +*/ + +#include <stdlib.h> +#include <stdio.h> +#include <strings.h> + +#include "rsa.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "err.h" +#include "pem.h" +#include "ssl.h" + +#include "loadkeys.h" + +#define PUBFILE "cert.pem" +#define PRIVFILE "privkey.pem" +#define STDIN 0 +#define STDOUT 1 + +int main() +{ + char *ct = "This the clear text"; + char *buf; + char *buf2; + EVP_PKEY *pubKey; + EVP_PKEY *privKey; + int len; + FILE *fp; + + ERR_load_crypto_strings(); + + privKey = ReadPrivateKey(PRIVFILE); + if (!privKey) + { + ERR_print_errors_fp (stderr); + exit (1); + } + + pubKey = ReadPublicKey(PUBFILE); + if(!pubKey) + { + EVP_PKEY_free(privKey); + fprintf(stderr,"Error: can't load public key"); + exit(1); + } + + /* No error checking */ + buf = malloc(EVP_PKEY_size(pubKey)); + buf2 = malloc(EVP_PKEY_size(pubKey)); + + len = RSA_public_encrypt(strlen(ct)+1, ct, buf, pubKey->pkey.rsa,RSA_PKCS1_PADDING); + + if (len != EVP_PKEY_size(pubKey)) + { + fprintf(stderr,"Error: ciphertext should match length of key\n"); + exit(1); + } + + RSA_private_decrypt(len, buf, buf2, privKey->pkey.rsa,RSA_PKCS1_PADDING); + + printf("%s\n", buf2); + + EVP_PKEY_free(privKey); + EVP_PKEY_free(pubKey); + free(buf); + free(buf2); +} + + diff --git a/demos/maurice/example3.c b/demos/maurice/example3.c new file mode 100644 index 0000000..fcaff00 --- /dev/null +++ b/demos/maurice/example3.c @@ -0,0 +1,86 @@ +/* NOCW */ +/* + Please read the README file for condition of use, before + using this software. + + Maurice Gittens <mgittens@gits.nl> January 1997 + +*/ + +#include <stdio.h> +#include <fcntl.h> +#include <sys/stat.h> +#include <evp.h> + +#define STDIN 0 +#define STDOUT 1 +#define BUFLEN 512 +#define INIT_VECTOR "12345678" +#define ENCRYPT 1 +#define DECRYPT 0 +#define ALG EVP_des_ede3_cbc() + +static const char *usage = "Usage: example3 [-d] password\n"; + +void do_cipher(char *,int); + +int main(int argc, char *argv[]) +{ + if ((argc == 2)) + { + do_cipher(argv[1],ENCRYPT); + } + else if ((argc == 3) && !strcmp(argv[1],"-d")) + { + do_cipher(argv[2],DECRYPT); + } + else + { + fprintf(stderr,"%s", usage); + exit(1); + } + + return 0; +} + +void do_cipher(char *pw, int operation) +{ + char buf[BUFLEN]; + char ebuf[BUFLEN + 8]; + unsigned int ebuflen, rc; + unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH]; + unsigned int ekeylen, net_ekeylen; + EVP_CIPHER_CTX ectx; + + memcpy(iv, INIT_VECTOR, sizeof(iv)); + + EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv); + + EVP_CipherInit(&ectx, ALG, key, iv, operation); + + while(1) + { + int readlen = read(STDIN, buf, sizeof(buf)); + + if (readlen <= 0) + { + if (!readlen) + break; + else + { + perror("read"); + exit(1); + } + } + + EVP_CipherUpdate(&ectx, ebuf, &ebuflen, buf, readlen); + + write(STDOUT, ebuf, ebuflen); + } + + EVP_CipherFinal(&ectx, ebuf, &ebuflen); + + write(STDOUT, ebuf, ebuflen); +} + + diff --git a/demos/maurice/example4.c b/demos/maurice/example4.c new file mode 100644 index 0000000..d436a20 --- /dev/null +++ b/demos/maurice/example4.c @@ -0,0 +1,122 @@ +/* NOCW */ +/* + Please read the README file for condition of use, before + using this software. + + Maurice Gittens <mgittens@gits.nl> January 1997 + +*/ + +#include <stdio.h> +#include <fcntl.h> +#include <sys/stat.h> +#include <evp.h> + +#define STDIN 0 +#define STDOUT 1 +#define BUFLEN 512 + +static const char *usage = "Usage: example4 [-d]\n"; + +void do_encode(void); +void do_decode(void); + +int main(int argc, char *argv[]) +{ + if ((argc == 1)) + { + do_encode(); + } + else if ((argc == 2) && !strcmp(argv[1],"-d")) + { + do_decode(); + } + else + { + fprintf(stderr,"%s", usage); + exit(1); + } + + return 0; +} + +void do_encode() +{ + char buf[BUFLEN]; + char ebuf[BUFLEN+24]; + unsigned int ebuflen, rc; + EVP_ENCODE_CTX ectx; + + EVP_EncodeInit(&ectx); + + while(1) + { + int readlen = read(STDIN, buf, sizeof(buf)); + + if (readlen <= 0) + { + if (!readlen) + break; + else + { + perror("read"); + exit(1); + } + } + + EVP_EncodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen); + + write(STDOUT, ebuf, ebuflen); + } + + EVP_EncodeFinal(&ectx, ebuf, &ebuflen); + + write(STDOUT, ebuf, ebuflen); +} + +void do_decode() +{ + char buf[BUFLEN]; + char ebuf[BUFLEN+24]; + unsigned int ebuflen, rc; + EVP_ENCODE_CTX ectx; + + EVP_DecodeInit(&ectx); + + while(1) + { + int readlen = read(STDIN, buf, sizeof(buf)); + int rc; + + if (readlen <= 0) + { + if (!readlen) + break; + else + { + perror("read"); + exit(1); + } + } + + rc = EVP_DecodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen); + if (rc <= 0) + { + if (!rc) + { + write(STDOUT, ebuf, ebuflen); + break; + } + + fprintf(stderr, "Error: decoding message\n"); + return; + } + + write(STDOUT, ebuf, ebuflen); + } + + EVP_DecodeFinal(&ectx, ebuf, &ebuflen); + + write(STDOUT, ebuf, ebuflen); +} + diff --git a/demos/maurice/loadkeys.c b/demos/maurice/loadkeys.c new file mode 100644 index 0000000..7c89f07 --- /dev/null +++ b/demos/maurice/loadkeys.c @@ -0,0 +1,77 @@ +/* NOCW */ +/* + Please read the README file for condition of use, before + using this software. + + Maurice Gittens <mgittens@gits.nl> January 1997 + +*/ + +#include <unistd.h> +#include <stdio.h> +#include <netinet/in.h> +#include <fcntl.h> +#include <strings.h> +#include <stdlib.h> + +#include "rsa.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "err.h" +#include "pem.h" +#include "ssl.h" + +EVP_PKEY * ReadPublicKey(const char *certfile) +{ + FILE *fp = fopen (certfile, "r"); + X509 *x509; + EVP_PKEY *pkey; + + if (!fp) + return NULL; + + x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509, + PEM_STRING_X509, + fp, NULL, NULL); + + if (x509 == NULL) + { + ERR_print_errors_fp (stderr); + return NULL; + } + + fclose (fp); + + pkey=X509_extract_key(x509); + + X509_free(x509); + + if (pkey == NULL) + ERR_print_errors_fp (stderr); + + return pkey; +} + +EVP_PKEY *ReadPrivateKey(const char *keyfile) +{ + FILE *fp = fopen(keyfile, "r"); + EVP_PKEY *pkey; + + if (!fp) + return NULL; + + pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey, + PEM_STRING_EVP_PKEY, + fp, + NULL, NULL); + + fclose (fp); + + if (pkey == NULL) + ERR_print_errors_fp (stderr); + + return pkey; +} + + diff --git a/demos/maurice/loadkeys.h b/demos/maurice/loadkeys.h new file mode 100644 index 0000000..e42c6f8 --- /dev/null +++ b/demos/maurice/loadkeys.h @@ -0,0 +1,19 @@ +/* NOCW */ +/* + Please read the README file for condition of use, before + using this software. + + Maurice Gittens <mgittens@gits.nl> January 1997 + +*/ + +#ifndef LOADKEYS_H_SEEN +#define LOADKEYS_H_SEEN + +#include "evp.h" + +EVP_PKEY * ReadPublicKey(const char *certfile); +EVP_PKEY *ReadPrivateKey(const char *keyfile); + +#endif + diff --git a/demos/maurice/privkey.pem b/demos/maurice/privkey.pem new file mode 100644 index 0000000..fc3554e --- /dev/null +++ b/demos/maurice/privkey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3YKg/qmNagJ+eNYzdZuCAUsSgOprm4Oe467c89BxfEvqA1e0 +zLpEW7hLSdP2Ocw9Eh/aWCYnvLyrpG1i0ZFaR5+AQMG5+uMe71J4RiZDZR3ya7// +wIFmFM2BMpHx+FF9DhcfJ/zHUf0cc0HlZkM8Z6MJuV42UFCx6EK9XMYr7Kks/mr+ +QCZknrm/LR370EhbgiqOq6TVe18mhIqaaV7BceKpWUwqdvf99M8/084wcmJlHOnp +7tL8RAAe4IBX6UGz8ETlD3c7Gh9XXpQdw6X6r0GMTDBrKwCEUgxkDKhbFxbRHvjq +cgFHmrkhlflx7XzSk1QMxZzo5UAoxaDKsakg+QIDAQABAoIBAQC0hnh083PnuJ6g +Flob+B+stCUhYWtPc6ZzgphaMD+9ABV4oescipWZdooNYiyikBwZgFIvUvFBtTXh +rLBDgUVlZ81beUb7/EvC2aBh818rsotWW0Sw/ARY4d7wetcL/EWBzUA8E5vR6wlb +uZGelR9OiyYqp2h2bj1/v5yaVnuHxBeBj5clTHtPMXc+/70iUNBDMZ0ruZTdSwll +e0DH8pp/5USYewlrKtRIJT7elC8LFMqEz4OpNvfaR2OEY0FatYYmSvQPNwV8/Eor +XlNzRi9qD0uXbVexaAgQZ3/KZuAzUbOgwJZZXEAOGkZ/J1n08jljPXdU0o7bHhNl +7siHbuEBAoGBAP53IvvJkhnH8Akf6E6sXelZkPKHnwDwfywDAiIhXza9DB1DViRS +bZUB5gzcxmLGalex5+LcwZmsqFO5NXZ8SQeE9p0YT8yJsX4J1w9JzSvsWJBS2vyW +Kbt21oG6JAGrWSGMIfxKpuahtWLf4JpGjftti0qIVQ60GKEPc1/xE2PZAoGBAN7Y +nRPaUaqcIwbnH9kovOKwZ/PWREy1ecr3YXj65VYTnwSJHD0+CJa/DX8eB/G4AoNA +Y2LPbq0Xu3+7SaUsO45VkaZuJmNwheUQ4tmyd/YdnVZ0AHXx1tvpR7QeO0WjnlNK +mR+x00fetrff2Ypahs0wtU0Xf3F8ORgVB8jnxBIhAoGAcwf0PpI+g30Im3dbEsWE +poogpiJ81HXjZ0fs3PTtD9eh9FCOTlkcxHFZR5M980TyqbX4t2tH8WpFpaNh8a/5 +a3bF7PoiiLnuDKXyHC0mnKZ42rU53VkcgGwWSAqXYFHPNwUcD+rHTBbp4kqGQ/eF +E5XPk9/RY5YyVAyiAUr/kvECgYBvW1Ua75SxqbZDI8mhbZ79tGMt0NtubZz/1KCL +oOxrGAD1dkJ7Q/1svunSpMIZgvcWeV1wqfFHY72ZNZC2jiTwmkffH9nlBPyTm92Q +JYOWo/PUmMEGLyRL3gWrtxOtV/as7nEYCndmyZ8KwTxmy5fi/z0J2f0gS5AIPbIX +LeGnoQKBgQDapjz9K4HWR5AMxyga4eiLIrmADySP846uz3eZIvTJQZ+6TAamvnno +KbnU21cGq5HBBtxqQvGswLPGW9rZAgykHHJmYBUp0xv4+I4qHfXyD7QNmvq+Vxjj +V2tgIafEpaf2ZsfM7BZeZz8MzeGcDwyrHtIO1FQiYN5Qz9Hq68XmVA== +-----END RSA PRIVATE KEY----- diff --git a/demos/prime/prime.c b/demos/prime/prime.c new file mode 100644 index 0000000..2587373 --- /dev/null +++ b/demos/prime/prime.c @@ -0,0 +1,100 @@ +/* demos/prime/prime.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "bn.h" + +void callback(type,num) +int type,num; + { + if (type == 0) + fprintf(stderr,"."); + else if (type == 1) + fprintf(stderr,"+"); + else if (type == 2) + fprintf(stderr,"*"); + fflush(stderr); + } + +int main(argc,argv) +int argc; +char *argv[]; + { + BIGNUM *rand; + int num=256; + + /* we should really call RAND_seed(char *bytes,int num); + * to fully initalise the random number generator */ + if (argc >= 2) + { + num=atoi(argv[1]); + if (num == 0) num=256; + } + + fprintf(stderr,"generate a strong prime\n"); + rand=BN_generate_prime(num,1,NULL,NULL,callback); + /* change the second parameter to 1 for a strong prime */ + fprintf(stderr,"\n"); + + BN_print_fp(stdout,rand); + fprintf(stdout,"\n"); + BN_free(rand); + exit(0); + return(0); + } + diff --git a/demos/privkey.pem b/demos/privkey.pem new file mode 100644 index 0000000..ddae240 --- /dev/null +++ b/demos/privkey.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAN+FmbxmHVOp/RxtpMGz0DvQEBz1sDktHp19hIoMSu0YZift5MAu +4xAEJYvWVCshDiyOTWsUBXwZkrkt87FyctkCAwEAAQJAG/vxBGpQb6IPo1iC0RF/ +F430BnwoBPCGLbeCOXpSgx5X+19vuTSdEqMgeNB6+aNb+XY/7mvVfCjyD6WZ0oxs +JQIhAPO+uL9cP40lFs62pdL3QSWsh3VNDByvOtr9LpeaxBm/AiEA6sKVfXsDQ5hd +SHt9U61r2r8Lcxmzi9Kw6JNqjMmzqWcCIQCKoRy+aZ8Tjdas9yDVHh+FZ90bEBkl +b1xQFNOdEj8aTQIhAOJWrO6INYNsWTPS6+hLYZtLamyUsQj0H+B8kNQge/mtAiEA +nBfvUl243qbqN8gF7Az1u33uc9FsPVvQPiBzLxZ4ixw= +-----END RSA PRIVATE KEY----- diff --git a/demos/selfsign.c b/demos/selfsign.c new file mode 100644 index 0000000..72146fc --- /dev/null +++ b/demos/selfsign.c @@ -0,0 +1,168 @@ +/* NOCW */ +/* cc -o ssdemo -I../include selfsign.c ../libcrypto.a */ + +#include <stdio.h> +#include <stdlib.h> + +#include "buffer.h" +#include "crypto.h" +#include "objects.h" +#include "asn1.h" +#include "evp.h" +#include "x509.h" +#include "pem.h" + +int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days); + +int main() + { + BIO *bio_err; + X509 *x509=NULL; + EVP_PKEY *pkey=NULL; + + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + X509v3_add_netscape_extensions(); + + if ((bio_err=BIO_new(BIO_s_file())) != NULL) + BIO_set_fp(bio_err,stderr,BIO_NOCLOSE); + + mkit(&x509,&pkey,512,0,365); + + RSA_print_fp(stdout,pkey->pkey.rsa,0); + X509_print_fp(stdout,x509); + + PEM_write_RSAPrivateKey(stdout,pkey->pkey.rsa,NULL,NULL,0,NULL); + PEM_write_X509(stdout,x509); + + X509_free(x509); + EVP_PKEY_free(pkey); + BIO_free(bio_err); + + X509_cleanup_extensions(); + + CRYPTO_mem_leaks(bio_err); + return(0); + } + +#ifdef WIN16 +# define MS_CALLBACK _far _loadds +# define MS_FAR _far +#else +# define MS_CALLBACK +# define MS_FAR +#endif + +static void MS_CALLBACK callback(p, n) +int p; +int n; + { + char c='B'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + fputc(c,stderr); + } + +int mkit(x509p,pkeyp,bits,serial,days) +X509 **x509p; +EVP_PKEY **pkeyp; +int bits; +int serial; +int days; + { + X509 *x; + EVP_PKEY *pk; + RSA *rsa; + char *s; + X509_NAME *name=NULL; + X509_NAME_ENTRY *ne=NULL; + X509_EXTENSION *ex=NULL; + ASN1_OCTET_STRING *data=NULL; + + + if ((pkeyp == NULL) || (*pkeyp == NULL)) + { + if ((pk=EVP_PKEY_new()) == NULL) + { + abort(); + return(0); + } + } + else + pk= *pkeyp; + + if ((x509p == NULL) || (*x509p == NULL)) + { + if ((x=X509_new()) == NULL) + goto err; + } + else + x= *x509p; + + rsa=RSA_generate_key(bits,RSA_F4,callback); + if (!EVP_PKEY_assign_RSA(pk,rsa)) + { + abort(); + goto err; + } + rsa=NULL; + + X509_set_version(x,3); + ASN1_INTEGER_set(X509_get_serialNumber(x),serial); + X509_gmtime_adj(X509_get_notBefore(x),0); + X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days); + X509_set_pubkey(x,pk); + + name=X509_NAME_new(); + + ne=X509_NAME_ENTRY_create_by_NID(NULL,NID_countryName, + V_ASN1_APP_CHOOSE,"AU",-1); + X509_NAME_add_entry(name,ne,0,0); + + X509_NAME_ENTRY_create_by_NID(&ne,NID_commonName, + V_ASN1_APP_CHOOSE,"Eric Young",-1); + X509_NAME_add_entry(name,ne,1,0); + + /* finished with structure */ + X509_NAME_ENTRY_free(ne); + + X509_set_subject_name(x,name); + X509_set_issuer_name(x,name); + + /* finished with structure */ + X509_NAME_free(name); + + data=X509v3_pack_string(NULL,V_ASN1_BIT_STRING, + "\001",1); + ex=X509_EXTENSION_create_by_NID(NULL,NID_netscape_cert_type,0,data); + X509_add_ext(x,ex,-1); + + X509v3_pack_string(&data,V_ASN1_IA5STRING, + "example comment extension",-1); + X509_EXTENSION_create_by_NID(&ex,NID_netscape_comment,0,data); + X509_add_ext(x,ex,-1); + + X509v3_pack_string(&data,V_ASN1_BIT_STRING, + "www.cryptsoft.com",-1); + X509_EXTENSION_create_by_NID(&ex,NID_netscape_ssl_server_name,0,data); + X509_add_ext(x,ex,-1); + + X509_EXTENSION_free(ex); + ASN1_OCTET_STRING_free(data); + + if (!X509_sign(x,pk,EVP_md5())) + goto err; + + *x509p=x; + *pkeyp=pk; + return(1); +err: + return(0); + } + + + + diff --git a/demos/sign/cert.pem b/demos/sign/cert.pem new file mode 100644 index 0000000..9d7ac23 --- /dev/null +++ b/demos/sign/cert.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD +VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv +bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy +dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X +DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw +EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l +dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT +EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp +MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw +L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN +BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX +9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4= +-----END CERTIFICATE----- diff --git a/demos/sign/key.pem b/demos/sign/key.pem new file mode 100644 index 0000000..239ad66 --- /dev/null +++ b/demos/sign/key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ +2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF +oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr +8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc +a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7 +WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA +6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg= +-----END RSA PRIVATE KEY----- diff --git a/demos/sign/sig.txt b/demos/sign/sig.txt new file mode 100644 index 0000000..5613c0e --- /dev/null +++ b/demos/sign/sig.txt @@ -0,0 +1,158 @@ +From ssl-lists-owner@mincom.com Mon Sep 30 02:37:40 1996 +Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11782 + (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 11:46:21 +1000 +Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id LAA18980 for ssl-users-outgoing; Mon, 30 Sep 1996 11:44:56 +1000 (EST) +Received: from minbne.mincom.oz.au (minbne.mincom.oz.au [192.55.196.247]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id LAA18962 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 11:44:51 +1000 (EST) +Received: by minbne.mincom.oz.au id AA22230 + (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 11:38:41 +1000 +Received: from brutus.neuronio.pt (brutus.neuronio.pt [193.126.253.2]) by bunyip.cc.uq.oz.au (8.7.6/8.7.3) with SMTP id LAA15824 for <ssl-users@mincom.com>; Mon, 30 Sep 1996 11:40:07 +1000 +Received: (from sampo@localhost) by brutus.neuronio.pt (8.6.11/8.6.11) id BAA08729; Mon, 30 Sep 1996 01:37:40 +0100 +Date: Mon, 30 Sep 1996 01:37:40 +0100 +Message-Id: <199609300037.BAA08729@brutus.neuronio.pt> +From: Sampo Kellomaki <sampo@neuronio.pt> +To: ssl-users@mincom.com +Cc: sampo@brutus.neuronio.pt +Subject: Signing with envelope routines +Sender: ssl-lists-owner@mincom.com +Precedence: bulk +Status: RO +X-Status: D + + +I have been trying to figure out how to produce signatures with EVP_ +routines. I seem to be able to read in private key and sign some +data ok, but I can't figure out how I am supposed to read in +public key so that I could verify my signature. I use self signed +certificate. + +I figured I should use + EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY, + fp, NULL, NULL); +to read in private key and this seems to work Ok. + +However when I try analogous + EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509, + fp, NULL, NULL); +the program fails with + +error:0D09508D:asn1 encoding routines:D2I_PUBLICKEY:unknown public key type:d2i_pu.c:93 +error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:232 + +I figured that the second argument to PEM_ASN1_read should match the +name in my PEM encoded object, hence PEM_STRING_X509. +PEM_STRING_EVP_PKEY seems to be somehow magical +because it matches whatever private key there happens to be. I could +not find a similar constant to use with getting the certificate, however. + +Is my approach of using PEM_ASN1_read correct? What should I pass in +as name? Can I use normal (or even self signed) X509 certificate for +verifying the signature? + +When will SSLeay documentation be written ;-)? If I would contribute +comments to the code, would Eric take time to review them and include +them in distribution? + +I'm using SSLeay-0.6.4. My program is included below along with the +key and cert that I use. + +--Sampo + +----------------------------------- +/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data + 29.9.1996, Sampo Kellomaki <sampo@iki.fi> */ + +#include <stdio.h> +#include "rsa.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "err.h" +#include "pem.h" +#include "ssl.h" + +void main () +{ + int err; + int sig_len; + unsigned char sig_buf [4096]; + const char certfile[] = "plain-cert.pem"; + const char keyfile[] = "plain-key.pem"; + const char data[] = "I owe you..."; + EVP_MD_CTX md_ctx; + EVP_PKEY* pkey; + FILE* fp; + + SSL_load_error_strings(); + + /* Read private key */ + + fp = fopen (keyfile, "r"); if (fp == NULL) exit (1); + pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey, + PEM_STRING_EVP_PKEY, + fp, + NULL, NULL); + if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } + fclose (fp); + + /* Do the signature */ + + EVP_SignInit (&md_ctx, EVP_md5()); + EVP_SignUpdate (&md_ctx, data, strlen(data)); + sig_len = sizeof(sig_buf); + err = EVP_SignFinal (&md_ctx, + sig_buf, + &sig_len, + pkey); + if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } + EVP_PKEY_free (pkey); + + /* Read public key */ + + fp = fopen (certfile, "r"); if (fp == NULL) exit (1); + pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PublicKey, + PEM_STRING_X509, + fp, + NULL, NULL); + if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } + fclose (fp); + + /* Verify the signature */ + + EVP_VerifyInit (&md_ctx, EVP_md5()); + EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data)); + err = EVP_VerifyFinal (&md_ctx, + sig_buf, + sig_len, + pkey); + if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } + EVP_PKEY_free (pkey); + printf ("Signature Verified Ok.\n"); +} +/* EOF */ +--------------- plain-cert.pem ----------------- +-----BEGIN CERTIFICATE----- +MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD +VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv +bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy +dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X +DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw +EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l +dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT +EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp +MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw +L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN +BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX +9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4= +-----END CERTIFICATE----- +---------------- plain-key.pem ----------------- +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ +2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF +oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr +8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc +a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7 +WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA +6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg= +-----END RSA PRIVATE KEY----- +------------------------------------------------ + diff --git a/demos/sign/sign.c b/demos/sign/sign.c new file mode 100644 index 0000000..280cc63 --- /dev/null +++ b/demos/sign/sign.c @@ -0,0 +1,137 @@ +/* demos/sign/sign.c */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data + 29.9.1996, Sampo Kellomaki <sampo@iki.fi> */ + +/* converted to C - eay :-) */ + +#include <stdio.h> +#include "rsa.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "err.h" +#include "pem.h" +#include "ssl.h" + +void main () +{ + int err; + int sig_len; + unsigned char sig_buf [4096]; + static char certfile[] = "cert.pem"; + static char keyfile[] = "key.pem"; + static char data[] = "I owe you..."; + EVP_MD_CTX md_ctx; + EVP_PKEY * pkey; + FILE * fp; + X509 * x509; + + /* Just load the crypto library error strings, + * SSL_load_error_strings() loads the crypto AND the SSL ones */ + /* SSL_load_error_strings();*/ + ERR_load_crypto_strings(); + + /* Read private key */ + + fp = fopen (keyfile, "r"); if (fp == NULL) exit (1); + pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey, + PEM_STRING_EVP_PKEY, + fp, + NULL, NULL); + if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } + fclose (fp); + + /* Do the signature */ + + EVP_SignInit (&md_ctx, EVP_md5()); + EVP_SignUpdate (&md_ctx, data, strlen(data)); + sig_len = sizeof(sig_buf); + err = EVP_SignFinal (&md_ctx, + sig_buf, + &sig_len, + pkey); + if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } + EVP_PKEY_free (pkey); + + /* Read public key */ + + fp = fopen (certfile, "r"); if (fp == NULL) exit (1); + x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509, + PEM_STRING_X509, + fp, NULL, NULL); + if (x509 == NULL) { ERR_print_errors_fp (stderr); exit (1); } + fclose (fp); + + /* Get public key - eay */ + pkey=X509_extract_key(x509); + if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } + + /* Verify the signature */ + + EVP_VerifyInit (&md_ctx, EVP_md5()); + EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data)); + err = EVP_VerifyFinal (&md_ctx, + sig_buf, + sig_len, + pkey); + if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } + EVP_PKEY_free (pkey); + printf ("Signature Verified Ok.\n"); +} diff --git a/demos/sign/sign.txt b/demos/sign/sign.txt new file mode 100644 index 0000000..2aa2b46 --- /dev/null +++ b/demos/sign/sign.txt @@ -0,0 +1,170 @@ +From ssl-lists-owner@mincom.com Mon Sep 30 22:43:15 1996 +Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA12802 + (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 12:45:43 +1000 +Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id MAA25922 for ssl-users-outgoing; Mon, 30 Sep 1996 12:43:43 +1000 (EST) +Received: from orb.mincom.oz.au (eay@orb.mincom.oz.au [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id MAA25900 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 12:43:39 +1000 (EST) +Received: by orb.mincom.oz.au id AA12688 + (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 12:43:16 +1000 +Date: Mon, 30 Sep 1996 12:43:15 +1000 (EST) +From: Eric Young <eay@mincom.com> +X-Sender: eay@orb +To: Sampo Kellomaki <sampo@neuronio.pt> +Cc: ssl-users@mincom.com, sampo@brutus.neuronio.pt +Subject: Re: Signing with envelope routines +In-Reply-To: <199609300037.BAA08729@brutus.neuronio.pt> +Message-Id: <Pine.SOL.3.91.960930121504.11800Y-100000@orb> +Mime-Version: 1.0 +Content-Type: TEXT/PLAIN; charset=US-ASCII +Sender: ssl-lists-owner@mincom.com +Precedence: bulk +Status: O +X-Status: + + +On Mon, 30 Sep 1996, Sampo Kellomaki wrote: +> I have been trying to figure out how to produce signatures with EVP_ +> routines. I seem to be able to read in private key and sign some +> data ok, but I can't figure out how I am supposed to read in +> public key so that I could verify my signature. I use self signed +> certificate. + +hmm... a rather poorly documented are of the library at this point in time. + +> I figured I should use +> EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY, +> fp, NULL, NULL); +> to read in private key and this seems to work Ok. +> +> However when I try analogous +> EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509, +> fp, NULL, NULL); + +What you should do is + X509 *x509=PEM_read_X509(fp,NULL,NULL); + /* which is the same as PEM_ASN1_read(d2i_X509,PEM_STRING_X509,fp, + * NULL,NULL); */ +Then + EVP_PKEY *pkey=X509_extract_key(x509); + +There is also a X509_REQ_extract_key(req); +which gets the public key from a certificate request. + +I re-worked quite a bit of this when I cleaned up the dependancy on +RSA as the private key. + +> I figured that the second argument to PEM_ASN1_read should match the +> name in my PEM encoded object, hence PEM_STRING_X509. +> PEM_STRING_EVP_PKEY seems to be somehow magical +> because it matches whatever private key there happens to be. I could +> not find a similar constant to use with getting the certificate, however. + +:-), PEM_STRING_EVP_PKEY is 'magical' :-). In theory I should be using a +standard such as PKCS#8 to store the private key so that the type is +encoded in the asn.1 encoding of the object. + +> Is my approach of using PEM_ASN1_read correct? What should I pass in +> as name? Can I use normal (or even self signed) X509 certificate for +> verifying the signature? + +The actual public key is kept in the certificate, so basically you have +to load the certificate and then 'unpack' the public key from the +certificate. + +> When will SSLeay documentation be written ;-)? If I would contribute +> comments to the code, would Eric take time to review them and include +> them in distribution? + +:-) After SSLv3 and PKCS#7 :-). I actually started doing a function list +but what I really need to do is do quite a few 'this is how you do xyz' +type documents. I suppose the current method is to post to ssl-users and +I'll respond :-). + +I'll add a 'demo' directory for the next release, I've appended a +modified version of your program that works, you were very close :-). + +eric + +/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data + 29.9.1996, Sampo Kellomaki <sampo@iki.fi> */ + +/* converted to C - eay :-) */ + +#include <stdio.h> +#include "rsa.h" +#include "evp.h" +#include "objects.h" +#include "x509.h" +#include "err.h" +#include "pem.h" +#include "ssl.h" + +void main () +{ + int err; + int sig_len; + unsigned char sig_buf [4096]; + static char certfile[] = "plain-cert.pem"; + static char keyfile[] = "plain-key.pem"; + static char data[] = "I owe you..."; + EVP_MD_CTX md_ctx; + EVP_PKEY * pkey; + FILE * fp; + X509 * x509; + + /* Just load the crypto library error strings, + * SSL_load_error_strings() loads the crypto AND the SSL ones */ + /* SSL_load_error_strings();*/ + ERR_load_crypto_strings(); + + /* Read private key */ + + fp = fopen (keyfile, "r"); if (fp == NULL) exit (1); + pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey, + PEM_STRING_EVP_PKEY, + fp, + NULL, NULL); + if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } + fclose (fp); + + /* Do the signature */ + + EVP_SignInit (&md_ctx, EVP_md5()); + EVP_SignUpdate (&md_ctx, data, strlen(data)); + sig_len = sizeof(sig_buf); + err = EVP_SignFinal (&md_ctx, + sig_buf, + &sig_len, + pkey); + if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } + EVP_PKEY_free (pkey); + + /* Read public key */ + + fp = fopen (certfile, "r"); if (fp == NULL) exit (1); + x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509, + PEM_STRING_X509, + fp, NULL, NULL); + if (x509 == NULL) { ERR_print_errors_fp (stderr); exit (1); } + fclose (fp); + + /* Get public key - eay */ + pkey=X509_extract_key(x509); + if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); } + + /* Verify the signature */ + + EVP_VerifyInit (&md_ctx, EVP_md5()); + EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data)); + err = EVP_VerifyFinal (&md_ctx, + sig_buf, + sig_len, + pkey); + if (err != 1) { ERR_print_errors_fp (stderr); exit (1); } + EVP_PKEY_free (pkey); + printf ("Signature Verified Ok.\n"); +} + + + + + diff --git a/demos/spkigen.c b/demos/spkigen.c new file mode 100644 index 0000000..01fe625 --- /dev/null +++ b/demos/spkigen.c @@ -0,0 +1,160 @@ +/* NOCW */ +/* demos/spkigen.c + * 18-Mar-1997 - eay - A quick hack :-) + * version 1.1, it would probably help to save or load the + * private key :-) + */ +#include <stdio.h> +#include <stdlib.h> +#include "err.h" +#include "asn1.h" +#include "objects.h" +#include "evp.h" +#include "x509.h" +#include "pem.h" + +/* The following two don't exist in SSLeay but they are in here as + * examples */ +#define PEM_write_SPKI(fp,x) \ + PEM_ASN1_write((int (*)())i2d_NETSCAPE_SPKI,"SPKI",fp,\ + (char *)x,NULL,NULL,0,NULL) +int SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + +/* These are defined in the next version of SSLeay */ +int EVP_PKEY_assign(EVP_PKEY *pkey, int type,char *key); +#define RSA_F4 0x10001 +#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (char *)(rsa)) + +int main(argc,argv) +int argc; +char *argv[]; + { + RSA *rsa=NULL; + NETSCAPE_SPKI *spki=NULL; + EVP_PKEY *pkey=NULL; + char buf[128]; + int ok=0,i; + FILE *fp; + + pkey=EVP_PKEY_new(); + + if (argc < 2) + { + /* Generate an RSA key, the random state should have been seeded + * with lots of calls to RAND_seed(....) */ + fprintf(stderr,"generating RSA key, could take some time...\n"); + if ((rsa=RSA_generate_key(512,RSA_F4,NULL)) == NULL) goto err; + } + else + { + if ((fp=fopen(argv[1],"r")) == NULL) + { perror(argv[1]); goto err; } + if ((rsa=PEM_read_RSAPrivateKey(fp,NULL,NULL)) == NULL) + goto err; + fclose(fp); + } + + if (!EVP_PKEY_assign_RSA(pkey,rsa)) goto err; + rsa=NULL; + + /* lets make the spki and set the public key and challenge */ + if ((spki=NETSCAPE_SPKI_new()) == NULL) goto err; + + if (!SPKI_set_pubkey(spki,pkey)) goto err; + + fprintf(stderr,"please enter challenge string:"); + fflush(stderr); + fgets(buf,120,stdin); + i=strlen(buf); + if (i > 0) buf[--i]='\0'; + if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge, + buf,i)) goto err; + + if (!NETSCAPE_SPKI_sign(spki,pkey,EVP_md5())) goto err; + PEM_write_SPKI(stdout,spki); + if (argc < 2) + PEM_write_RSAPrivateKey(stdout,pkey->pkey.rsa,NULL,NULL,0,NULL); + + ok=1; +err: + if (!ok) + { + fprintf(stderr,"something bad happened...."); + ERR_print_errors_fp(stderr); + } + NETSCAPE_SPKI_free(spki); + EVP_PKEY_free(pkey); + exit(!ok); + } + +/* This function is in the next version of SSLeay */ +int EVP_PKEY_assign(pkey,type,key) +EVP_PKEY *pkey; +int type; +char *key; + { + if (pkey == NULL) return(0); + if (pkey->pkey.ptr != NULL) + { + if (pkey->type == EVP_PKEY_RSA) + RSA_free(pkey->pkey.rsa); + /* else memory leak */ + } + pkey->type=type; + pkey->pkey.ptr=key; + return(1); + } + +/* While I have a + * X509_set_pubkey() and X509_REQ_set_pubkey(), SPKI_set_pubkey() does + * not currently exist so here is a version of it. + * The next SSLeay release will probably have + * X509_set_pubkey(), + * X509_REQ_set_pubkey() and + * NETSCAPE_SPKI_set_pubkey() + * as macros calling the same function */ +int SPKI_set_pubkey(x,pkey) +NETSCAPE_SPKI *x; +EVP_PKEY *pkey; + { + int ok=0; + X509_PUBKEY *pk; + X509_ALGOR *a; + ASN1_OBJECT *o; + unsigned char *s,*p; + int i; + + if (x == NULL) return(0); + + if ((pk=X509_PUBKEY_new()) == NULL) goto err; + a=pk->algor; + + /* set the algorithm id */ + if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err; + ASN1_OBJECT_free(a->algorithm); + a->algorithm=o; + + /* Set the parameter list */ + if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) + { + ASN1_TYPE_free(a->parameter); + a->parameter=ASN1_TYPE_new(); + a->parameter->type=V_ASN1_NULL; + } + i=i2d_PublicKey(pkey,NULL); + if ((s=(unsigned char *)malloc(i+1)) == NULL) goto err; + p=s; + i2d_PublicKey(pkey,&p); + if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err; + free(s); + + X509_PUBKEY_free(x->spkac->pubkey); + x->spkac->pubkey=pk; + pk=NULL; + ok=1; +err: + if (pk != NULL) X509_PUBKEY_free(pk); + return(ok); + } + diff --git a/demos/ssl/cli.cpp b/demos/ssl/cli.cpp new file mode 100644 index 0000000..f52a9c0 --- /dev/null +++ b/demos/ssl/cli.cpp @@ -0,0 +1,102 @@ +/* cli.cpp - Minimal ssleay client for Unix + 30.9.1996, Sampo Kellomaki <sampo@iki.fi> */ + +#include <stdio.h> +#include <memory.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <netdb.h> + +#include "rsa.h" /* SSLeay stuff */ +#include "crypto.h" +#include "x509.h" +#include "pem.h" +#include "ssl.h" +#include "err.h" + +#define CHK_NULL(x) if ((x)==NULL) exit (1) +#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); } + +void main () +{ + int err; + int sd; + struct sockaddr_in sa; + SSL_CTX* ctx; + SSL* ssl; + X509* server_cert; + char* str; + char buf [4096]; + + SSL_load_error_strings(); + ctx = SSL_CTX_new (); CHK_NULL(ctx); + + /* ----------------------------------------------- */ + /* Create a socket and connect to server using normal socket calls. */ + + sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket"); + + memset (&sa, '\0', sizeof(sa)); + sa.sin_family = AF_INET; + sa.sin_addr.s_addr = inet_addr ("127.0.0.1"); /* Server IP */ + sa.sin_port = htons (1111); /* Server Port number */ + + err = connect(sd, (struct sockaddr*) &sa, + sizeof(sa)); CHK_ERR(err, "connect"); + + /* ----------------------------------------------- */ + /* Now we have TCP conncetion. Start SSL negotiation. */ + + ssl = SSL_new (ctx); CHK_NULL(ssl); + SSL_set_fd (ssl, sd); + err = SSL_connect (ssl); CHK_SSL(err); + + /* Following two steps are optional and not required for + data exchange to be successful. */ + + /* Get the cipher - opt */ + + printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); + + /* Get server's certificate (note: beware of dynamic allocation) - opt */ + + server_cert = SSL_get_peer_certificate (ssl); CHK_NULL(server_cert); + printf ("Server certificate:\n"); + + str = X509_NAME_oneline (X509_get_subject_name (server_cert)); + CHK_NULL(str); + printf ("\t subject: %s\n", str); + Free (str); + + str = X509_NAME_oneline (X509_get_issuer_name (server_cert)); + CHK_NULL(str); + printf ("\t issuer: %s\n", str); + Free (str); + + /* We could do all sorts of certificate verification stuff here before + deallocating the certificate. */ + + X509_free (server_cert); + + /* --------------------------------------------------- */ + /* DATA EXCHANGE - Send a message and receive a reply. */ + + err = SSL_write (ssl, "Hello World!", strlen("Hello World!")); CHK_SSL(err); + + shutdown (sd, 1); /* Half close, send EOF to server. */ + + err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); + buf[err] = '\0'; + printf ("Got %d chars:'%s'\n", err, buf); + + /* Clean up. */ + + close (sd); + SSL_free (ssl); + SSL_CTX_free (ctx); +} +/* EOF - cli.cpp */ diff --git a/demos/ssl/inetdsrv.cpp b/demos/ssl/inetdsrv.cpp new file mode 100644 index 0000000..b09c8b6 --- /dev/null +++ b/demos/ssl/inetdsrv.cpp @@ -0,0 +1,98 @@ +/* inetdserv.cpp - Minimal ssleay server for Unix inetd.conf + * 30.9.1996, Sampo Kellomaki <sampo@iki.fi> + * From /etc/inetd.conf: + * 1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv + */ + +#include <stdio.h> +#include <errno.h> + +#include "rsa.h" /* SSLeay stuff */ +#include "crypto.h" +#include "x509.h" +#include "pem.h" +#include "ssl.h" +#include "err.h" + +#define HOME "/usr/users/sampo/demo/" +#define CERTF HOME "plain-cert.pem" +#define KEYF HOME "plain-key.pem" + +#define CHK_NULL(x) if ((x)==NULL) exit (1) +#define CHK_ERR(err,s) if ((err)==-1) \ + { fprintf(log, "%s %d\n", (s), errno); exit(1); } +#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); } + +void main () +{ + int err; + SSL_CTX* ctx; + SSL* ssl; + X509* client_cert; + char* str; + char buf [4096]; + FILE* log; + + log = fopen ("/dev/console", "a"); CHK_NULL(log); + fprintf (log, "inetdserv %ld\n", (long)getpid()); + + SSL_load_error_strings(); + ctx = SSL_CTX_new (); CHK_NULL(ctx); + + err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF, SSL_FILETYPE_PEM); + CHK_SSL (err); + + err = SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM); + CHK_SSL (err); + + /* inetd has already opened the TCP connection, so we can get right + down to business. */ + + ssl = SSL_new (ctx); CHK_NULL(ssl); + SSL_set_fd (ssl, fileno(stdin)); + err = SSL_accept (ssl); CHK_SSL(err); + + /* Get the cipher - opt */ + + fprintf (log, "SSL connection using %s\n", SSL_get_cipher (ssl)); + + /* Get client's certificate (note: beware of dynamic allocation) - opt */ + + client_cert = SSL_get_peer_certificate (ssl); + if (client_cert != NULL) { + fprintf (log, "Client certificate:\n"); + + str = X509_NAME_oneline (X509_get_subject_name (client_cert)); + CHK_NULL(str); + fprintf (log, "\t subject: %s\n", str); + Free (str); + + str = X509_NAME_oneline (X509_get_issuer_name (client_cert)); + CHK_NULL(str); + fprintf (log, "\t issuer: %s\n", str); + Free (str); + + /* We could do all sorts of certificate verification stuff here before + deallocating the certificate. */ + + X509_free (client_cert); + } else + fprintf (log, "Client doe not have certificate.\n"); + + /* ------------------------------------------------- */ + /* DATA EXCHANGE: Receive message and send reply */ + + err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); + buf[err] = '\0'; + fprintf (log, "Got %d chars:'%s'\n", err, buf); + + err = SSL_write (ssl, "Loud and clear.", strlen("Loud and clear.")); + CHK_SSL(err); + + /* Clean up. */ + + fclose (log); + SSL_free (ssl); + SSL_CTX_free (ctx); +} +/* EOF - inetdserv.cpp */ diff --git a/demos/ssl/serv.cpp b/demos/ssl/serv.cpp new file mode 100644 index 0000000..8681f2f --- /dev/null +++ b/demos/ssl/serv.cpp @@ -0,0 +1,126 @@ +/* serv.cpp - Minimal ssleay server for Unix + 30.9.1996, Sampo Kellomaki <sampo@iki.fi> */ + +#include <stdio.h> +#include <memory.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <netdb.h> + +#include "rsa.h" /* SSLeay stuff */ +#include "crypto.h" +#include "x509.h" +#include "pem.h" +#include "ssl.h" +#include "err.h" + +#define HOME "/usr/users/sampo/sibs/tim/" +#define CERTF HOME "plain-cert.pem" +#define KEYF HOME "plain-key.pem" + +#define CHK_NULL(x) if ((x)==NULL) exit (1) +#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } +#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); } + +void main () +{ + int err; + int listen_sd; + int sd; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + int client_len; + SSL_CTX* ctx; + SSL* ssl; + X509* client_cert; + char* str; + char buf [4096]; + + /* SSL preliminaries. We keep the certificate and key with the context. */ + + SSL_load_error_strings(); + ctx = SSL_CTX_new (); CHK_NULL(ctx); + + err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF, SSL_FILETYPE_PEM); + CHK_SSL(err); + + err = SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM); + CHK_SSL(err); + + /* ----------------------------------------------- */ + /* Prepare TCP socket for receiving connections */ + + listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket"); + + memset (&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons (1111); /* Server Port number */ + + err = bind(listen_sd, (struct sockaddr*) &sa_serv, + sizeof (sa_serv)); CHK_ERR(err, "bind"); + + /* Receive a TCP connection. */ + + err = listen (listen_sd, 5); CHK_ERR(err, "listen"); + + client_len = sizeof(sa_cli); + sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len); + CHK_ERR(sd, "accept"); + close (listen_sd); + + printf ("Connection from %lx, port %x\n", + sa_cli.sin_addr.s_addr, sa_cli.sin_port); + + /* ----------------------------------------------- */ + /* TCP connection is ready. Do server side SSL. */ + + ssl = SSL_new (ctx); CHK_NULL(ssl); + SSL_set_fd (ssl, sd); + err = SSL_accept (ssl); CHK_SSL(err); + + /* Get the cipher - opt */ + + printf ("SSL connection using %s\n", SSL_get_cipher (ssl)); + + /* Get client's certificate (note: beware of dynamic allocation) - opt */ + + client_cert = SSL_get_peer_certificate (ssl); + if (client_cert != NULL) { + printf ("Client certificate:\n"); + + str = X509_NAME_oneline (X509_get_subject_name (client_cert)); + CHK_NULL(str); + printf ("\t subject: %s\n", str); + Free (str); + + str = X509_NAME_oneline (X509_get_issuer_name (client_cert)); + CHK_NULL(str); + printf ("\t issuer: %s\n", str); + Free (str); + + /* We could do all sorts of certificate verification stuff here before + deallocating the certificate. */ + + X509_free (client_cert); + } else + printf ("Client does not have certificate.\n"); + + /* DATA EXCHANGE - Receive message and send reply. */ + + err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err); + buf[err] = '\0'; + printf ("Got %d chars:'%s'\n", err, buf); + + err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); CHK_SSL(err); + + /* Clean up. */ + + close (sd); + SSL_free (ssl); + SSL_CTX_free (ctx); +} +/* EOF - serv.cpp */ |