main2.c

加解密包

#include "config.h"

#include <stdio.h>
#ifdef HAVE_STRINGS_H
#include <strings.h>
#endif
#ifdef HAVE_STRING_H
#include <string.h>
#endif

#include <stdlib.h>

#ifdef HAVE_HW_PKCS11_H
#include "hw_pkcs11.h"
#endif


#include "EDtk.h"

void usage() {
  fprintf(stderr,"Usage:\n"
"\tEDtk2 verify CERT CA\n"
"\tEDtk2 enc [-o OUT.DATA] IN.DATA CERT1 CERT2 ...\n"
"\tEDtk2 enc-sign [-p pass] [-o OUT.DATA] IN.DATA PKEY SIGNCERT CERT1 CERT2 ...\n"
"\tEDtk2 dec [-p pass] [-o OUT.DATA] IN.DATA PKEY SIGNCERT\n"
"\tEDtk2 srvr port [cert.pem] [key.pem] [pass]\n"
"\tEDtk2 clnt HOST port [cert.pem] [key.pem] [pass]\n"
"\tEDtk2 info IN.DATA\n"
          );
  exit(1);
}

int main(int argc, char *argv[])
{
  int ret=0;
  char buf[1024];
  if (argc<2) { usage(); }
  EDtkInit();
#ifdef HAVE_HW_PKCS11_H
  ENGINE_load_slbck();
#endif
  if (!strcmp(argv[1],"verify") && argc>3) {
    char *subject=NULL;
    struct X509_crl_st *crl=NULL;
    struct x509_st * cert=NULL;
    struct x509_st * ca=NULL;
#ifdef HAVE_HW_PKCS11_H
      if(!cert) cert=PKCS11_load_certificate(argv[2]);
#endif
    if (!cert)cert=EDtkLoadCertificateFile(argv[2]);
    if (!cert) {
      fprintf(stderr, "%s is not a certificate\n",argv[2]);
      ret=1;
      goto done;
    }
#ifdef HAVE_HW_PKCS11_H
    if(!ca) ca=PKCS11_load_certificate(argv[3]);
#endif
    if (!ca) ca=EDtkLoadCertificateFile(argv[3]);
    if (!ca) {
      fprintf(stderr, "%s is not a certificate\n",argv[3]);
      ret=1;
      goto done;
    }
    if (argc>4) {
      crl=EDtkLoadCRLFile(argv[4]);
      if (!crl) {
        fprintf(stderr, "%s is not a CRL\n",argv[4]);
        ret=1;
        goto done;
      }
    }
    subject=EDtkCertificateSubject(cert);
    if (EDtkCertificateVerifyCRL(cert,ca,crl)==0) {
      EDtk_print_errors_fp(stderr);
      fprintf(stderr,"%s is fake!\n",subject);
      ret=1;
    } else {
      printf("%s is signed!\n",subject);
    }
done:
    EDtkFree(subject);
    EDtkFreeCertificate(cert);
    EDtkFreeCertificate(ca);
    EDtkFreeCRL(crl);
  } else if (!strcmp(argv[1],"enc") && argc>3) {
    int i;
    struct x509_st * cert=NULL;
    struct stack_st * certs=NULL;
    char buf[256];
    char *out;
    if (!strcmp(argv[2],"-o")) {
      out=argv[3];
      argc-=2;
      argv+=2;
    }else {
      sprintf(buf,"%s.p7m",argv[2]);
      out=buf;
    }
    certs=EDtkNewStack();
    for (i=3; i<argc;i++) {
      cert=NULL;
#ifdef HAVE_HW_PKCS11_H
      if(!cert) cert=PKCS11_load_certificate(argv[i]);
#endif
      if(!cert) cert=EDtkLoadCertificateFile(argv[i]);
      if (!cert) {
        fprintf(stderr,"%s is not a certificate\n",argv[i]);
        goto done1;
      }
      EDtkAddCertificate(certs,cert);
    }
    if (EDtkFileEncrypt(argv[2],out,NULL,NULL,certs,NULL)) {
      ret=1;
    } else {
      EDtk_print_errors_fp(stderr);
      fprintf(stderr,"Error in encrypt\n");
    }
  done1:
    EDtkFreeStack(certs);
  } else if (!strcmp(argv[1],"enc-sign") && argc>5) {
    int i;
    struct x509_st * cert=NULL;
    struct stack_st * certs=NULL;
    struct evp_pkey_st *pkey=NULL;
    struct x509_st *signer=NULL;
    char buf[256];
    char *out;
    char *pass=NULL;
    if (!strcmp(argv[2],"-p")) {
      pass=argv[3];
      argc-=2;
      argv+=2;
    }
    if (!strcmp(argv[2],"-o")) {
      out=argv[3];
      argc-=2;
      argv+=2;
    }else {
      sprintf(buf,"%s.p7m",argv[2]);
      out=buf;
    }
    if (argc<=5) {
      goto err;
    }
#ifdef HAVE_HW_PKCS11_H
    if(!pkey) pkey=PKCS11_load_privatekey(argv[3]);
#endif
    if(!pkey) pkey=EDtkLoadPrivateKeyFile(argv[3],pass);
    if (!pkey) {
      fprintf(stderr,"%s is not a private key\n",argv[3]);
      goto done2;
    }
    
#ifdef HAVE_HW_PKCS11_H
    if(!signer) signer=PKCS11_load_certificate(argv[4]);
#endif
    if (!signer) signer=EDtkLoadCertificateFile(argv[4]);
    if (!signer) {
      fprintf(stderr,"%s is not a certificate\n",argv[4]);
      goto done2;
    }
    certs=EDtkNewStack();
    for (i=5; i<argc;i++) {
      cert=NULL;
#ifdef HAVE_HW_PKCS11_H
      if(!cert) cert=PKCS11_load_certificate(argv[i]);
#endif
      if(!cert) cert=EDtkLoadCertificateFile(argv[i]);
      if (!cert) { 
        EDtk_print_errors_fp(stderr);
        fprintf(stderr,"%s is not a certificate\n",argv[i]);
        goto done2;
      }
      EDtkAddCertificate(certs,cert);
    }
    if (EDtkFileEncrypt(argv[2],out,pkey,signer,certs,NULL)) {
      ret=1;
    } else {
      EDtk_print_errors_fp(stderr);
      fprintf(stderr,"Error in encrypt\n");
    }
  done2:
    EDtkFreeStack(certs);
    EDtkFreeCertificate(signer);
    EDtkFreePrivateKey(pkey);
  } else if (!strcmp(argv[1],"dec") && argc>4) {
    struct evp_pkey_st *pkey=NULL;
    struct x509_st *cert=NULL;
    char buf[256];
    char *out;
    char *pass=NULL;
    if (!strcmp(argv[2],"-p")) {
      pass=argv[3];
      argc-=2;
      argv+=2;
    }
    if (!strcmp(argv[2],"-o")) {
      out=argv[3];
      argc-=2;
      argv+=2;
    }else {
      sprintf(buf,"%s.out",argv[2]);
      out=buf;
    }
    if (argc<=4) {
      goto err;
    }
#ifdef HAVE_HW_PKCS11_H
    if(!pkey) pkey=PKCS11_load_privatekey(argv[3]);
#endif
    if(!pkey) pkey=EDtkLoadPrivateKeyFile(argv[3],pass);
    if (!pkey) {
      EDtk_print_errors_fp(stderr);
      fprintf(stderr,"%s is not a private key\n",argv[3]);
      goto done4;
    }
    
#ifdef HAVE_HW_PKCS11_H
    if(!cert) cert=PKCS11_load_certificate(argv[4]);
#endif
    if (!cert) cert=EDtkLoadCertificateFile(argv[4]);
    if (!cert) {
      EDtk_print_errors_fp(stderr);
      fprintf(stderr,"%s is not a certificate\n",argv[4]);
      goto done4;
    }
    if (EDtkFileDecrypt(argv[2],out,pkey,cert)) {
      ret=1;
    } else {
      EDtk_print_errors_fp(stderr);
      fprintf(stderr,"Error in encrypt\n");
    }
  done4:
    EDtkFreeCertificate(cert);
    EDtkFreePrivateKey(pkey);
  } else if (!strcmp(argv[1],"info") && argc>2) {
    EDtkFileInfo(argv[2]);
  } else if (!strcmp(argv[1],"clnt") && argc>3) {
    struct evp_pkey_st *pkey=NULL;
    struct x509_st * cert=NULL;
    EDtkSSL *e;
    int port=atoi(argv[3]);
    if (argc>6) {
      pkey=EDtkLoadPrivateKeyFile(argv[5],argv[6]);
      cert=EDtkLoadCertificateFile(argv[4]);
    }
    e=EDtkSSLnew(cert,pkey,NULL,NULL);
    if (!e) return 1;
    EDtkSSLconnect(e, argv[2],port);
    EDtkSSLread(e,buf,14);
    buf[14]=0;
    printf("%s\n",buf);
    EDtkSSLwrite(e,"Hello, world!\n",14);
    EDtkSSLclose(e);
    ret=1;
  } else if (!strcmp(argv[1],"srvr") && argc>5) {
    struct evp_pkey_st *pkey=NULL;
    struct x509_st * cert=NULL;
    EDtkSSL *e;
    EDtkSSL *v;
    int port=atoi(argv[2]);
    if (argc>5) {
      pkey=EDtkLoadPrivateKeyFile(argv[4],argv[5]);
      cert=EDtkLoadCertificateFile(argv[3]);
    } else {
      printf("No certificate\n");
    }
    e=EDtkSSLnew(cert,pkey,NULL,NULL);
    v=EDtkSSLnew(NULL,NULL,NULL,NULL);
    if (!e) return 1;
    EDtkSSLbind(e, port);
    while (EDtkSSLaccept(e,v)) {
      EDtkSSLwrite(v,"Hello, world!\n",14);
      EDtkSSLread(v,buf,14);
      buf[14]=0;
      printf("%s\n",buf);
      EDtkSSLclose(v);
    }
    EDtkSSLclose(e);
    ret=1;
  } else {
  err:
    usage();
  }
  EDtkFinish();
  return !ret;
}