summaryrefslogtreecommitdiffstats
path: root/examples/util_gnutls.cc
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--examples/util_gnutls.cc136
1 files changed, 136 insertions, 0 deletions
diff --git a/examples/util_gnutls.cc b/examples/util_gnutls.cc
new file mode 100644
index 0000000..a33ca6e
--- /dev/null
+++ b/examples/util_gnutls.cc
@@ -0,0 +1,136 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2020 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#include "util.h"
+
+#include <cassert>
+#include <iostream>
+#include <fstream>
+#include <array>
+
+#include <ngtcp2/ngtcp2_crypto.h>
+
+#include <gnutls/crypto.h>
+
+#include "template.h"
+
+// Based on https://github.com/ueno/ngtcp2-gnutls-examples
+
+namespace ngtcp2 {
+
+namespace util {
+
+int generate_secure_random(uint8_t *data, size_t datalen) {
+ if (gnutls_rnd(GNUTLS_RND_RANDOM, data, datalen) != 0) {
+ return -1;
+ }
+
+ return 0;
+}
+
+int generate_secret(uint8_t *secret, size_t secretlen) {
+ std::array<uint8_t, 16> rand;
+ std::array<uint8_t, 32> md;
+
+ assert(md.size() == secretlen);
+
+ if (generate_secure_random(rand.data(), rand.size()) != 0) {
+ return -1;
+ }
+
+ if (gnutls_hash_fast(GNUTLS_DIG_SHA256, rand.data(), rand.size(),
+ md.data()) != 0) {
+ return -1;
+ }
+
+ std::copy_n(std::begin(md), secretlen, secret);
+ return 0;
+}
+
+std::optional<std::string> read_token(const std::string_view &filename) {
+ auto f = std::ifstream(filename.data());
+ if (!f) {
+ std::cerr << "Could not read token file " << filename << std::endl;
+ return {};
+ }
+
+ auto pos = f.tellg();
+ std::vector<char> content(pos);
+ f.seekg(0, std::ios::beg);
+ f.read(content.data(), pos);
+
+ gnutls_datum_t s;
+ s.data = reinterpret_cast<unsigned char *>(content.data());
+ s.size = content.size();
+
+ gnutls_datum_t d;
+ if (auto rv = gnutls_pem_base64_decode2("QUIC TOKEN", &s, &d); rv < 0) {
+ std::cerr << "Could not read token in " << filename << std::endl;
+ return {};
+ }
+
+ auto res = std::string{d.data, d.data + d.size};
+
+ gnutls_free(d.data);
+
+ return res;
+}
+
+int write_token(const std::string_view &filename, const uint8_t *token,
+ size_t tokenlen) {
+ auto f = std::ofstream(filename.data());
+ if (!f) {
+ std::cerr << "Could not write token in " << filename << std::endl;
+ return -1;
+ }
+
+ gnutls_datum_t s;
+ s.data = const_cast<uint8_t *>(token);
+ s.size = tokenlen;
+
+ gnutls_datum_t d;
+ if (auto rv = gnutls_pem_base64_encode2("QUIC TOKEN", &s, &d); rv < 0) {
+ std::cerr << "Could not encode token in " << filename << std::endl;
+ return -1;
+ }
+
+ f.write(reinterpret_cast<const char *>(d.data), d.size);
+ gnutls_free(d.data);
+
+ return 0;
+}
+
+const char *crypto_default_ciphers() {
+ return "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+AES-256-GCM:"
+ "+CHACHA20-POLY1305:+AES-128-CCM";
+}
+
+const char *crypto_default_groups() {
+ return "-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:"
+ "+GROUP-SECP521R1";
+}
+
+} // namespace util
+
+} // namespace ngtcp2