abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 00:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

All tests passed

Browse Source
This commit is contained in:
Zhi Guan
2022-03-22 22:30:22 +08:00
parent 5ea884ce8f
commit c21972168d
21 changed files with 700 additions and 598 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
tools/certgen.c
View File

@@ -1,4 +1,4 @@
/*
/*
* Copyright (c) 2021 - 2021 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -51,17 +51,32 @@
#include <stdlib.h>
#include <gmssl/pem.h>
#include <gmssl/x509.h>
#include <gmssl/x509_ext.h>
#include <gmssl/pkcs8.h>
#include <gmssl/rand.h>
#include <gmssl/error.h>
static int ext_key_usage_set(int *usages, const char *usage_name)
{
int flag;
if (x509_key_usage_from_name(&flag, usage_name) != 1) {
error_print();
return -1;
}
*usages |= flag;
return 1;
}
#ifndef WIN32
#include <pwd.h>
#include <unistd.h>
#endif
static const char *options = "[-C str] [-ST str] [-L str] [-O str] [-OU str] -CN str -days num -key file [-pass pass]";
static const char *options =
"[-C str] [-ST str] [-L str] [-O str] [-OU str] -CN str -days num "
"-key file [-pass pass] "
"[-key_usage str]*";
int main(int argc, char **argv)
@@ -75,11 +90,11 @@ int main(int argc, char **argv)
char *org_unit = NULL;
char *common_name = NULL;
int days = 0;
char *keyfile = NULL;
int key_usage = 0;
char *file = NULL;
FILE *outfp = stdout;
FILE *keyfp = NULL;
char *pass = NULL;
char *outfile = NULL;
FILE *outfp = stdout;
SM2_KEY sm2_key;
uint8_t serial[12];
@@ -88,6 +103,8 @@ int main(int argc, char **argv)
time_t not_before;
time_t not_after;
uint8_t uniq_id[32];
uint8_t exts[512];
size_t extslen = 0;
uint8_t cert[1024];
size_t certlen;
@@ -117,18 +134,32 @@ help:
} else if (!strcmp(*argv, "-L")) {
if (--argc < 1) goto bad;
locality = *(++argv);
} else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad;
keyfile = *(++argv);
} else if (!strcmp(*argv, "-days")) {
if (--argc < 1) goto bad;
days = atoi(*(++argv));
} else if (!strcmp(*argv, "-key_usage")) {
if (--argc < 1) goto bad;
if (ext_key_usage_set(&key_usage, *(++argv)) != 1) {
error_print();
return -1;
}
} else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad;
file = *(++argv);
if (!(keyfp = fopen(file, "r"))) {
error_print();
return -1;
}
} else if (!strcmp(*argv, "-pass")) {
if (--argc < 1) goto bad;
pass = *(++argv);
} else if (!strcmp(*argv, "-out")) {
if (--argc < 1) goto bad;
outfile = *(++argv);
file = *(++argv);
if (!(outfp = fopen(file, "w"))) {
error_print();
return -1;
}
} else {
bad:
fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv);
@@ -140,7 +171,7 @@ bad:
argv++;
}
if (!common_name || days <= 0 || !keyfile) {
if (!common_name || days <= 0) {
fprintf(stderr, "%s: missing options\n", prog);
fprintf(stderr, "usage: %s %s\n", prog, options);
return 1;
@@ -154,24 +185,22 @@ bad:
error_print();
return -1;
}
if (!(keyfp = fopen(keyfile, "r"))
|| sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
if (keyfp == NULL) {
error_print();
return -1;
}
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
error_print();
goto end;
}
if (outfile) {
if (!(outfp = fopen(outfile, "wb"))) {
error_print();
return -1;
}
}
time(&not_before);
if (rand_bytes(serial, sizeof(serial)) != 1
|| x509_name_set(name, &namelen, sizeof(name),
country, state, locality, org, org_unit, common_name) != 1
|| x509_validity_add_days(&not_after, not_before, days) != 1
|| x509_exts_add_key_usage(exts, &extslen, sizeof(exts), 1, key_usage) != 1
|| x509_cert_sign(
cert, &certlen, sizeof(cert),
X509_version_v3,
@@ -183,7 +212,7 @@ bad:
&sm2_key,
NULL, 0,
NULL, 0,
NULL, 0,
exts, extslen,
&sm2_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID)) != 1
|| x509_cert_to_pem(cert, certlen, outfp) != 1) {
error_print();

29
tools/reqgen.c
View File

@@ -76,9 +76,9 @@ int main(int argc, char **argv)
char *org = NULL;
char *org_unit = NULL;
char *common_name = NULL;
char *keyfile = NULL;
char *file = NULL;
char *pass = NULL;
char *outfile = NULL;
int days = 0;
FILE *keyfp = NULL;
@@ -124,7 +124,11 @@ int main(int argc, char **argv)
common_name = *(++argv);
} else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad;
keyfile = *(++argv);
file = *(++argv);
if (!(keyfp = fopen(file, "r"))) {
error_print();
return -1;
}
} else if (!strcmp(*argv, "-pass")) {
if (--argc < 1) goto bad;
pass = *(++argv);
@@ -133,7 +137,11 @@ int main(int argc, char **argv)
days = atoi(*(++argv));
} else if (!strcmp(*argv, "-out")) {
if (--argc < 1) goto bad;
outfile = *(++argv);
file = *(++argv);
if (!(outfp = fopen(file, "w"))) {
error_print();
return -1;
}
} else {
bad:
fprintf(stderr, "usage: %s %s\n", prog, options);
@@ -143,19 +151,11 @@ bad:
argv++;
}
if (!common_name || days <= 0 || !keyfile) {
if (!common_name || days <= 0 || !keyfp) {
fprintf(stderr, "%s: missing options\n", prog);
fprintf(stderr, "usage: %s %s\n", prog, options);
return 1;
}
if (outfile) {
if (!(outfp = fopen(outfile, "wb"))) {
error_print();
return -1;
}
}
if (!pass) {
pass = getpass("Encryption Password : ");
}
@@ -164,8 +164,7 @@ bad:
error_print();
return -1;
}
if (!(keyfp = fopen(keyfile, "r"))
|| sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
error_print();
return -1;
}

100
tools/reqsign.c
View File

@@ -52,24 +52,39 @@
#include <unistd.h>
#include <gmssl/pem.h>
#include <gmssl/x509.h>
#include <gmssl/x509_ext.h>
#include <gmssl/x509_req.h>
#include <gmssl/pkcs8.h>
#include <gmssl/rand.h>
#include <gmssl/error.h>
static int ext_key_usage_set(int *usages, const char *usage_name)
{
int flag = 0;
if (x509_key_usage_from_name(&flag, usage_name) != 1) {
error_print();
return -1;
}
*usages |= flag;
printf("flag = %08x", flag);
printf("usage = %08x", *usages);
return 1;
}
static const char *usage = "usage: %s [-in file] -days num -cacert file -key file [-pass str] [-out file]\n";
int main(int argc, char **argv)
{
char *prog = argv[0];
char *infile = NULL;
char *outfile = NULL;
char *cacertfile = NULL;
char *keyfile = NULL;
char *file;
char *pass = NULL;
int days = 0;
FILE *infp = stdin;
uint8_t req[512];
size_t reqlen;
const uint8_t *subject;
@@ -92,6 +107,9 @@ int main(int argc, char **argv)
size_t certlen;
uint8_t serial[12];
time_t not_before, not_after;
uint8_t exts[512];
size_t extslen = 0;
int key_usage = 0;
if (argc < 2) {
@@ -108,22 +126,45 @@ help:
return 0;
} else if (!strcmp(*argv, "-in")) {
if (--argc < 1) goto bad;
infile = *(++argv);
} else if (!strcmp(*argv, "-cacert")) {
if (--argc < 1) goto bad;
cacertfile = *(++argv);
} else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad;
keyfile = *(++argv);
} else if (!strcmp(*argv, "-pass")) {
if (--argc < 1) goto bad;
pass = *(++argv);
file = *(++argv);
if (!(infp = fopen(file, "r"))) {
error_print();
return -1;
}
} else if (!strcmp(*argv, "-days")) {
if (--argc < 1) goto bad;
days = atoi(*(++argv));
} else if (!strcmp(*argv, "-key_usage")) {
if (--argc < 1) goto bad;
if (ext_key_usage_set(&key_usage, *(++argv)) != 1) {
error_print();
return -1;
}
} else if (!strcmp(*argv, "-cacert")) {
if (--argc < 1) goto bad;
file = *(++argv);
if (!(cacertfp = fopen(file, "r"))) {
error_print();
return -1;
}
} else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad;
file = *(++argv);
if (!(keyfp = fopen(file, "r"))) {
error_print();
return -1;
}
} else if (!strcmp(*argv, "-pass")) {
if (--argc < 1) goto bad;
pass = *(++argv);
} else if (!strcmp(*argv, "-out")) {
if (--argc < 1) goto bad;
outfile = *(++argv);
file = *(++argv);
if (!(outfp = fopen(file, "w"))) {
error_print();
return -1;
}
} else {
bad:
error_print();
@@ -134,19 +175,13 @@ bad:
argv++;
}
if (days <= 0
|| !cacertfile
|| !keyfile) {
|| !infp
|| !cacertfp
|| !keyfp) {
error_print();
return -1;
}
if (infile) {
if (!(infp = fopen(infile, "r"))) {
error_print();
return -1;
}
}
if (x509_req_from_pem(req, &reqlen, sizeof(req), infp) != 1
|| x509_req_get_details(req, reqlen,
NULL, &subject, &subject_len, &subject_public_key,
@@ -155,21 +190,13 @@ bad:
return -1;
}
if (!(cacertfp = fopen(cacertfile, "r"))
|| x509_cert_from_pem(cacert, &cacertlen, sizeof(cacert), cacertfp) != 1
if (x509_cert_from_pem(cacert, &cacertlen, sizeof(cacert), cacertfp) != 1
|| x509_cert_get_subject(cacert, cacertlen, &issuer, &issuer_len) != 1
|| x509_cert_get_subject_public_key(cacert, cacertlen, &issuer_public_key) != 1) {
error_print();
return -1;
}
if (outfile) {
if (!(outfp = fopen(outfile, "w"))) {
error_print();
return -1;
}
}
if (!pass) {
pass = getpass("Password : ");
}
@@ -177,8 +204,7 @@ bad:
error_print();
return -1;
}
if (!(keyfp = fopen(keyfile, "r"))
|| sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1
|| sm2_public_key_equ(&sm2_key, &issuer_public_key) != 1) {
error_print();
memset(&sm2_key, 0, sizeof(SM2_KEY));
@@ -189,6 +215,7 @@ bad:
time(&not_before);
if (x509_validity_add_days(&not_after, not_before, days) != 1
|| x509_exts_add_key_usage(exts, &extslen, sizeof(exts), 1, key_usage) != 1
|| x509_cert_sign(
cert, &certlen, sizeof(cert),
X509_version_v3,
@@ -200,7 +227,7 @@ bad:
&subject_public_key,
NULL, 0,
NULL, 0,
NULL, 0,
exts, extslen,
&sm2_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH) != 1
|| x509_cert_to_pem(cert, certlen, outfp) != 1) {
memset(&sm2_key, 0, sizeof(SM2_KEY));
@@ -208,6 +235,7 @@ bad:
return -1;
}
// FIXME: fclose() ....
memset(&sm2_key, 0, sizeof(SM2_KEY));
return 0;
}

95
tools/tlcp_client.c
View File

@@ -49,6 +49,7 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <gmssl/tls.h>
#include <gmssl/error.h>
@@ -58,100 +59,94 @@ const char *http_get =
"Hostname: aaa\r\n"
"\r\n\r\n";
void print_usage(const char *prog)
{
printf("Usage: %s [options]\n", prog);
printf(" -host <str>\n");
printf(" -port <num>\n");
printf(" -cacerts <file>\n");
printf(" -cert <file>\n");
printf(" -key <file>\n");
}
int main(int argc , char *argv[])
// 虽然服务器可以用双证书,但是客户端只能使用一个证书,也就是签名证书
static const char *options = "-host str [-port num] [-cacert file] [-cert file -key file [-pass str]]";
int main(int argc, char *argv[])
{
int ret = -1;
char *prog = argv[0];
char *host = NULL;
int port = 443;
char *pass = NULL;
TLS_CONNECT conn;
char buf[100] = {0};
size_t len = sizeof(buf);
char *file;
char *cacertsfile = NULL;
char *certfile = NULL;
char *keyfile = NULL;
FILE *cacertsfp = NULL;
FILE *cacertfp = NULL;
FILE *certfp = NULL;
FILE *keyfp = NULL;
SM2_KEY sign_key;
if (argc < 2) {
print_usage(prog);
return 0;
fprintf(stderr, "usage: %s %s\n", prog, options);
return 1;
}
argc--;
argv++;
while (argc >= 1) {
if (!strcmp(*argv, "-help")) {
print_usage(prog);
printf("usage: %s %s\n", prog, options);
return 0;
} else if (!strcmp(*argv, "-host")) {
if (--argc < 1) goto bad;
host = *(++argv);
} else if (!strcmp(*argv, "-port")) {
if (--argc < 1) goto bad;
port = atoi(*(++argv));
} else if (!strcmp(*argv, "-cacerts")) {
} else if (!strcmp(*argv, "-cacert")) {
if (--argc < 1) goto bad;
cacertsfile = *(++argv);
file = *(++argv);
if (!(cacertfp = fopen(file, "r"))) {
error_print();
return -1;
}
} else if (!strcmp(*argv, "-cert")) {
if (--argc < 1) goto bad;
certfile = *(++argv);
file = *(++argv);
if (!(certfp = fopen(file, "r"))) {
error_print();
return -1;
}
} else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad;
keyfile = *(++argv);
file = *(++argv);
if (!(keyfp = fopen(file, "r"))) {
error_print();
return -1;
}
} else if (!strcmp(*argv, "-pass")) {
if (--argc < 1) goto bad;
pass = *(++argv);
} else {
print_usage(prog);
fprintf(stderr, "%s: invalid option '%s'\n", prog, *argv);
return 1;
bad:
fprintf(stderr, "%s: option '%s' argument required\n", prog, *argv);
return 0;
}
argc--;
argv++;
}
if (!host || !certfile || !keyfile) {
print_usage(prog);
if (!host) {
error_print();
return -1;
}
if (cacertsfile) {
if (!(cacertsfp = fopen(cacertsfile, "r"))) {
if (certfp) {
if (!keyfp) {
error_print();
return -1;
}
}
if (certfile) {
if (!(certfp = fopen(certfile, "r"))) {
error_print();
return -1;
if (!pass) {
pass = getpass("Password : ");
}
}
if (keyfile) {
if (!(keyfp = fopen(keyfile, "r"))) {
error_print();
return -1;
}
if (sm2_private_key_from_pem(&sign_key, keyfp) != 1) {
if (sm2_private_key_info_decrypt_from_pem(&sign_key, pass, keyfp) != 1) {
error_print();
return -1;
}
@@ -159,7 +154,7 @@ int main(int argc , char *argv[])
memset(&conn, 0, sizeof(conn));
if (tlcp_connect(&conn, host, port, cacertsfp, certfp, &sign_key) != 1) {
if (tlcp_connect(&conn, host, port, cacertfp, certfp, &sign_key) != 1) {
error_print();
return -1;
}
@@ -184,11 +179,5 @@ int main(int argc , char *argv[])
}
}
return 1;
bad:
fprintf(stderr, "%s: command error\n", prog);
return 0;
}

99
tools/tlcp_server.c
View File

@@ -55,31 +55,25 @@
#include <gmssl/error.h>
void print_usage(const char *prog)
{
printf("Usage: %s [options]\n", prog);
printf(" -port <num>\n");
printf(" -cert <file>\n");
printf(" -signkey <file>\n");
printf(" -enckey <file>\n");
}
static const char *options = "[-port num] -cert file -key file [-pass str] -ex_key file [-ex_pass str] [-cacert file]";
int main(int argc , char *argv[])
int main(int argc , char **argv)
{
int ret = -1;
char *prog = argv[0];
int port = 443;
char *certfile = NULL;
char *signkeyfile = NULL;
char *enckeyfile = NULL;
char *file = NULL;
FILE *certfp = NULL;
FILE *signkeyfp = NULL;
FILE *enckeyfp = NULL;
SM2_KEY signkey;
SM2_KEY enckey;
char *pass = NULL;
char *ex_pass = NULL;
uint8_t verify_buf[4096];
@@ -88,73 +82,89 @@ int main(int argc , char *argv[])
size_t len = sizeof(buf);
if (argc < 2) {
print_usage(prog);
return 0;
fprintf(stderr, "usage: %s %s\n", prog, options);
return 1;
}
argc--;
argv++;
while (argc >= 1) {
if (!strcmp(*argv, "-help")) {
print_usage(prog);
printf("usage: %s %s\n", prog, options);
return 0;
} else if (!strcmp(*argv, "-port")) {
if (--argc < 1) goto bad;
port = atoi(*(++argv));
} else if (!strcmp(*argv, "-cert")) {
if (--argc < 1) goto bad;
certfile = *(++argv);
} else if (!strcmp(*argv, "-signkey")) {
file = *(++argv);
if (!(certfp = fopen(file, "r"))) {
error_print();
return -1;
}
} else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad;
signkeyfile = *(++argv);
} else if (!strcmp(*argv, "-enckey")) {
file = *(++argv);
if (!(signkeyfp = fopen(file, "r"))) {
error_print();
return -1;
}
} else if (!strcmp(*argv, "-pass")) {
if (--argc < 1) goto bad;
enckeyfile = *(++argv);
pass = *(++argv);
} else if (!strcmp(*argv, "-ex_key")) {
if (--argc < 1) goto bad;
file = *(++argv);
if (!(enckeyfp = fopen(file, "r"))) {
error_print();
return -1;
}
} else if (!strcmp(*argv, "-ex_pass")) {
if (--argc < 1) goto bad;
ex_pass = *(++argv);
} else {
print_usage(prog);
return 0;
fprintf(stderr, "%s: invalid option '%s'\n", prog, *argv);
return 1;
bad:
fprintf(stderr, "%s: option '%s' argument required\n", prog, *argv);
return 1;
}
argc--;
argv++;
}
if (!certfile || !signkeyfile || !enckeyfile) {
print_usage(prog);
if (!certfp) {
error_print();
return -1;
}
if (!(certfp = fopen(certfile, "r"))) {
if (!signkeyfp) {
error_print();
return -1;
}
if (!enckeyfp) {
error_print();
return -1;
}
if (!(signkeyfp = fopen(signkeyfile, "r"))) {
error_print();
return -1;
if (!pass) {
pass = getpass("Sign Key Password : ");
}
if (sm2_private_key_from_pem(&signkey, signkeyfp) != 1) {
if (sm2_private_key_info_decrypt_from_pem(&signkey, pass, signkeyfp) != 1) {
error_print();
return -1;
}
if (!(enckeyfp = fopen(enckeyfile, "r"))) {
error_print();
return -1;
if (!ex_pass) {
ex_pass = getpass("Encryption Key Password : ");
}
if (sm2_private_key_from_pem(&enckey, enckeyfp) != 1) {
if (sm2_private_key_info_decrypt_from_pem(&enckey, ex_pass, enckeyfp) != 1) {
error_print();
return -1;
}
memset(&conn, 0, sizeof(conn));
if (tlcp_accept(&conn, port, certfp, &signkey, &enckey,
certfp, verify_buf, 4096) != 1) {
NULL, verify_buf, 4096) != 1) {
error_print();
return -1;
}
@@ -184,10 +194,5 @@ int main(int argc , char *argv[])
}
return 1;
bad:
fprintf(stderr, "%s: command error\n", prog);
return 0;
}

92
tools/tls12_client.c
View File

@@ -59,70 +59,62 @@ const char *http_get =
"Hostname: aaa\r\n"
"\r\n\r\n";
void print_usage(const char *prog)
{
printf("Usage: %s [options]\n", prog);
printf(" -host <str>\n");
printf(" -port <num>\n");
printf(" -cacerts <file>\n");
printf(" -cert <file>\n");
printf(" -key <file>\n");
}
static const char *options = "-host str [-port num] [-cacert file] [-cert file -key file [-pass str]]";
int main(int argc , char *argv[])
{
int ret = -1;
char *prog = argv[0];
char *host = NULL;
int port = 443;
char *cacertfile = NULL;
char *certfile = NULL;
char *keyfile = NULL;
char *pass = NULL;
FILE *cacertfp = NULL;
FILE *certfp = NULL;
FILE *keyfp = NULL;
SM2_KEY sm2_key;
TLS_CONNECT conn;
char buf[100] = {0};
size_t len = sizeof(buf);
char *cacertsfile = NULL;
char *certfile = NULL;
char *keyfile = NULL;
FILE *cacertsfp = NULL;
FILE *certfp = NULL;
FILE *keyfp = NULL;
SM2_KEY sign_key;
if (argc < 2) {
print_usage(prog);
return 0;
fprintf(stderr, "usage: %s %s\n", prog, options);
return 1;
}
argc--;
argv++;
while (argc >= 1) {
while (argc > 0) {
if (!strcmp(*argv, "-help")) {
print_usage(prog);
printf("usage: %s %s\n", prog, options);
return 0;
} else if (!strcmp(*argv, "-host")) {
if (--argc < 1) goto bad;
host = *(++argv);
} else if (!strcmp(*argv, "-port")) {
if (--argc < 1) goto bad;
port = atoi(*(++argv));
} else if (!strcmp(*argv, "-cacerts")) {
} else if (!strcmp(*argv, "-cacert")) {
if (--argc < 1) goto bad;
cacertsfile = *(++argv);
cacertfile = *(++argv);
} else if (!strcmp(*argv, "-cert")) {
if (--argc < 1) goto bad;
certfile = *(++argv);
} else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad;
keyfile = *(++argv);
} else if (!strcmp(*argv, "-pass")) {
if (--argc < 1) goto bad;
pass = *(++argv);
} else {
print_usage(prog);
fprintf(stderr, "%s: invalid option '%s'\n", prog, *argv);
return 1;
bad:
fprintf(stderr, "%s: option '%s' argument required\n", prog, *argv);
return 0;
}
argc--;
@@ -130,28 +122,34 @@ int main(int argc , char *argv[])
}
if (!host) {
print_usage(prog);
return -1;
error_print();
return 1;
}
if (cacertsfile) {
if (!(cacertsfp = fopen(cacertsfile, "r"))) {
if (cacertfile) {
if (!(cacertfp = fopen(cacertfile, "r"))) {
error_print();
return -1;
return 1;
}
}
if (certfile) {
if (!(certfp = fopen(certfile, "r"))) {
error_print();
return -1;
return 1;
}
if (!pass) {
pass = getpass("Password : ");
}
if (!keyfile) {
error_print();
return 1;
}
}
if (keyfile) {
if (!(keyfp = fopen(keyfile, "r"))) {
error_print();
return -1;
}
if (sm2_private_key_from_pem(&sign_key, keyfp) != 1) {
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
error_print();
return -1;
}
@@ -159,12 +157,11 @@ int main(int argc , char *argv[])
memset(&conn, 0, sizeof(conn));
if (tls12_connect(&conn, host, port, cacertsfp, certfp, &sign_key) != 1) {
if (tls12_connect(&conn, host, port, cacertfp, certfp, &sm2_key) != 1) {
error_print();
return -1;
}
// 这个client 发收了一个消息就结束了
if (tls_send(&conn, (uint8_t *)"12345\n", 6) != 1) {
error_print();
return -1;
@@ -182,12 +179,5 @@ int main(int argc , char *argv[])
break;
}
}
return 1;
bad:
fprintf(stderr, "%s: command error\n", prog);
return 0;
}

83
tools/tls12_server.c
View File

@@ -1,4 +1,4 @@
/*
/*
* Copyright (c) 2021 - 2021 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -54,25 +54,25 @@
#include <gmssl/tls.h>
#include <gmssl/error.h>
void print_usage(const char *prog)
{
printf("Usage: %s [options]\n", prog);
printf(" -port <num>\n");
printf(" -cert <file>\n");
printf(" -signkey <file>\n");
}
// [-cacert file] 如果服务器需要客户端提供证书那么自己必须准备可以验证客户端证书的CA证书
// 因此如果提供了CA证书那么等同于要求客户端验证
static const char *options = " [-port num] -cert file -key file [-pass str] [-cacert file]";
int main(int argc , char *argv[])
{
int ret = -1;
char *prog = argv[0];
int port = 443;
char *certfile = NULL;
char *signkeyfile = NULL;
char *keyfile = NULL;
char *pass = NULL;
char *cacertfile = NULL;
FILE *certfp = NULL;
FILE *signkeyfp = NULL;
SM2_KEY signkey;
FILE *keyfp = NULL;
FILE *cacertfp = NULL;
SM2_KEY sm2_key;
uint8_t verify_buf[4096];
@@ -82,40 +82,52 @@ int main(int argc , char *argv[])
size_t len = sizeof(buf);
if (argc < 2) {
print_usage(prog);
return 0;
fprintf(stderr, "usage: %s %s\n", prog, options);
return 1;
}
argc--;
argv++;
while (argc >= 1) {
if (!strcmp(*argv, "-help")) {
print_usage(prog);
printf("usage: %s %s\n", prog, options);
return 0;
} else if (!strcmp(*argv, "-port")) {
if (--argc < 1) goto bad;
port = atoi(*(++argv));
} else if (!strcmp(*argv, "-cert")) {
if (--argc < 1) goto bad;
certfile = *(++argv);
} else if (!strcmp(*argv, "-signkey")) {
} else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad;
signkeyfile = *(++argv);
keyfile = *(++argv);
} else if (!strcmp(*argv, "-pass")) {
if (--argc < 1) goto bad;
pass = *(++argv);
} else if (!strcmp(*argv, "-cacert")) {
if (--argc < 1) goto bad;
cacertfile = *(++argv);
} else {
print_usage(prog);
return 0;
fprintf(stderr, "%s: invalid option '%s'\n", prog, *argv);
return 1;
bad:
fprintf(stderr, "%s: option '%s' argument required\n", prog, *argv);
return 1;
}
argc--;
argv++;
}
if (!certfile || !signkeyfile) {
print_usage(prog);
return -1;
if (!certfile || !keyfile) {
error_print();
return 1;
}
if (cacertfile) {
if (!(cacertfp = fopen(cacertfile, "r"))) {
error_print();
return -1;
}
}
if (!(certfp = fopen(certfile, "r"))) {
@@ -123,19 +135,21 @@ int main(int argc , char *argv[])
return -1;
}
if (!(signkeyfp = fopen(signkeyfile, "r"))) {
if (!pass) {
pass = getpass("Password : ");
}
if (!(keyfp = fopen(keyfile, "r"))) {
error_print();
return -1;
}
if (sm2_private_key_from_pem(&signkey, signkeyfp) != 1) {
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
error_print();
return -1;
}
memset(&conn, 0, sizeof(conn));
if (tls12_accept(&conn, port, certfp, &signkey,
NULL /* certfp */, verify_buf, 4096) != 1) {
if (tls12_accept(&conn, port, certfp, &sm2_key, cacertfp, verify_buf, 4096) != 1) {
//if (tls12_accept(&conn, port, certfp, &sm2_key, NULL, NULL, 0) != 1) {
error_print();
return -1;
}
@@ -163,12 +177,5 @@ int main(int argc , char *argv[])
fprintf(stderr, "-----------------\n\n\n\n\n\n");
}
return 1;
bad:
fprintf(stderr, "%s: command error\n", prog);
return 0;
}