Skip to content
Snippets Groups Projects

gnutls_ecdsa.c

  • Clone with SSH
  • Clone with HTTPS
  • Embed
  • Share
    The snippet can be accessed without any authentication.
    Authored by Nicolas Mora

    Sample code to explain how I use ecdsa signing/verification

    Edited
    gnutls_ecdsa.c 3.05 KiB
    /**
     * gnutls_ecdsa.c
     *
     * Test ECDSA Sign/Verify with GnuTLS
     *
     * Usage ./gnutls_ecdsa <private_key_file> <public_key_file>
     *
     * Example to generate private/public key files:
     * openssl ecparam -genkey -name secp521r1 -noout -out private-ecdsa.key
     * openssl ec -in private-ecdsa.key -pubout -out public-ecdsa.pem
     *
     */
    #include <stdlib.h>
    #include <string.h>
    #include <stdio.h>
    #include <errno.h>
    
    #include <gnutls/gnutls.h>
    #include <gnutls/crypto.h>
    #include <gnutls/x509.h>
    #include <gnutls/abstract.h>
    
    #define MESSAGE "Hello World!"
    
    static char * read_file(const char * filename) {
      char * buffer = NULL;
      long length;
      FILE * f;
      if (filename != NULL) {
        f = fopen (filename, "rb");
        if (f) {
          fseek (f, 0, SEEK_END);
          length = ftell (f);
          fseek (f, 0, SEEK_SET);
          buffer = malloc (length + 1);
          if (buffer) {
            fread (buffer, 1, length, f);
            buffer[length] = '\0';
          }
          fclose (f);
        }
        return buffer;
      } else {
        return NULL;
      }
    }
    
    int main(int argc, char ** argv) {
    	gnutls_x509_privkey_t key;
    	gnutls_privkey_t privkey;
    	gnutls_pubkey_t pubkey;
    	gnutls_datum_t key_dat, cert_dat, sig_dat, plain_data = {
        MESSAGE,
        strlen(MESSAGE)
      };
      
      char * key_str, * cert_str;
      int pkg_alg, alg = GNUTLS_DIG_SHA256, ret;
      
      if (argc > 2) {
        key_str = read_file(argv[1]);
        cert_str = read_file(argv[2]);
        
        if (key_str != NULL && cert_str != NULL) {
          key_dat.data = key_str;
          key_dat.size = strlen(key_str);
          
          cert_dat.data = cert_str;
          cert_dat.size = strlen(cert_str);
          
          if (gnutls_x509_privkey_init(&key)) {
            printf("Error gnutls_x509_privkey_init\n");
            return 1;
          }
          
          if (gnutls_x509_privkey_import(key, &key_dat, GNUTLS_X509_FMT_PEM)) {
            printf("Error gnutls_x509_privkey_import\n");
            return 1;
          }
          
          if (gnutls_privkey_init(&privkey)) {
            printf("Error gnutls_privkey_init\n");
            return 1;
          }
          
          if (gnutls_privkey_import_x509(privkey, key, 0)) {
            printf("Error gnutls_privkey_import_x509\n");
            return 1;
          }
          
          /* Sign data */
          if (gnutls_privkey_sign_data(privkey, alg, 0, &plain_data, &sig_dat)) {
            printf("Error gnutls_privkey_sign_data\n");
            return 1;
          } else {
            printf("Sign message succesful\n");
          }
          
          if (gnutls_pubkey_init(&pubkey)) {
            printf("Error gnutls_pubkey_init\n");
            return 1;
          }
    
          if (gnutls_pubkey_import(pubkey, &cert_dat, GNUTLS_X509_FMT_PEM)) {
            printf("Error gnutls_pubkey_import\n");
            return 1;
          }
    
          if ((ret = gnutls_pubkey_verify_data2(pubkey, alg, 0, &plain_data, &sig_dat))) {
            printf("Error gnutls_pubkey_verify_data2 %d\n", ret);
            return 1;
          } else {
            printf("Verify message succesful\n");
          }
          
          gnutls_pubkey_deinit(pubkey);
          gnutls_free(sig_dat.data);
          gnutls_privkey_deinit(privkey);
          gnutls_x509_privkey_deinit(key);
        }
        
        free(key_str);
        free(cert_str);
      }
      return 0;
    }
    0% Loading or .
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment