gnutls_ecdsa.c
The snippet can be accessed without any authentication.
Authored by
Nicolas Mora
Sample code to explain how I use ecdsa signing/verification
gnutls_ecdsa.c 3.05 KiB
/**
* gnutls_ecdsa.c
*
* Test ECDSA Sign/Verify with GnuTLS
*
* Usage ./gnutls_ecdsa <private_key_file> <public_key_file>
*
* Example to generate private/public key files:
* openssl ecparam -genkey -name secp521r1 -noout -out private-ecdsa.key
* openssl ec -in private-ecdsa.key -pubout -out public-ecdsa.pem
*
*/
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <errno.h>
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
#include <gnutls/x509.h>
#include <gnutls/abstract.h>
#define MESSAGE "Hello World!"
static char * read_file(const char * filename) {
char * buffer = NULL;
long length;
FILE * f;
if (filename != NULL) {
f = fopen (filename, "rb");
if (f) {
fseek (f, 0, SEEK_END);
length = ftell (f);
fseek (f, 0, SEEK_SET);
buffer = malloc (length + 1);
if (buffer) {
fread (buffer, 1, length, f);
buffer[length] = '\0';
}
fclose (f);
}
return buffer;
} else {
return NULL;
}
}
int main(int argc, char ** argv) {
gnutls_x509_privkey_t key;
gnutls_privkey_t privkey;
gnutls_pubkey_t pubkey;
gnutls_datum_t key_dat, cert_dat, sig_dat, plain_data = {
MESSAGE,
strlen(MESSAGE)
};
char * key_str, * cert_str;
int pkg_alg, alg = GNUTLS_DIG_SHA256, ret;
if (argc > 2) {
key_str = read_file(argv[1]);
cert_str = read_file(argv[2]);
if (key_str != NULL && cert_str != NULL) {
key_dat.data = key_str;
key_dat.size = strlen(key_str);
cert_dat.data = cert_str;
cert_dat.size = strlen(cert_str);
if (gnutls_x509_privkey_init(&key)) {
printf("Error gnutls_x509_privkey_init\n");
return 1;
}
if (gnutls_x509_privkey_import(key, &key_dat, GNUTLS_X509_FMT_PEM)) {
printf("Error gnutls_x509_privkey_import\n");
return 1;
}
if (gnutls_privkey_init(&privkey)) {
printf("Error gnutls_privkey_init\n");
return 1;
}
if (gnutls_privkey_import_x509(privkey, key, 0)) {
printf("Error gnutls_privkey_import_x509\n");
return 1;
}
/* Sign data */
if (gnutls_privkey_sign_data(privkey, alg, 0, &plain_data, &sig_dat)) {
printf("Error gnutls_privkey_sign_data\n");
return 1;
} else {
printf("Sign message succesful\n");
}
if (gnutls_pubkey_init(&pubkey)) {
printf("Error gnutls_pubkey_init\n");
return 1;
}
if (gnutls_pubkey_import(pubkey, &cert_dat, GNUTLS_X509_FMT_PEM)) {
printf("Error gnutls_pubkey_import\n");
return 1;
}
if ((ret = gnutls_pubkey_verify_data2(pubkey, alg, 0, &plain_data, &sig_dat))) {
printf("Error gnutls_pubkey_verify_data2 %d\n", ret);
return 1;
} else {
printf("Verify message succesful\n");
}
gnutls_pubkey_deinit(pubkey);
gnutls_free(sig_dat.data);
gnutls_privkey_deinit(privkey);
gnutls_x509_privkey_deinit(key);
}
free(key_str);
free(cert_str);
}
return 0;
}
Please register or sign in to comment