1 /* IPSec VPN client compatible with Cisco equipment.
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; either version 2 of the License, or
6 (at your option) any later version.
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
13 You should have received a copy of the GNU General Public License
14 along with this program; if not, write to the Free Software
15 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 #include <sys/types.h>
29 static unsigned char *read_binfile(const char *filename
, size_t *len
)
35 if (filename
== NULL
|| len
==NULL
)
38 fd
= open(filename
, O_RDONLY
);
40 fprintf(stderr
, "Error opening file %s\n", filename
);
46 fprintf(stderr
, "Error while stat() file %s\n", filename
);
51 fprintf(stderr
, "Empty file %s\n", filename
);
56 b
= malloc(s
.st_size
);
58 fprintf(stderr
, "Error allocating memory\n");
63 ret
= read(fd
, b
, s
.st_size
);
64 if (ret
!= s
.st_size
) {
65 fprintf(stderr
, "Error reading file %s\n", filename
);
76 int main(int argc
, char *argv
[])
79 crypto_error
*error
= NULL
;
82 size_t size
= 0, sig_len
, dec_len
;
83 unsigned char *sig_data
, *dec_data
;
86 fprintf(stderr
, "Need at least 5 arguments: <sig> <dec> <ca> <cert1> <server>\n");
90 cctx
= crypto_ctx_new(&error
);
92 fprintf(stderr
, "Error initializing crypto: %s\n", error
->msg
);
96 /* Load certificates */
97 for (i
= 4; i
< argc
; i
++) {
98 data
= crypto_read_cert(argv
[i
], &size
, &error
);
100 fprintf(stderr
, "Error reading cert %d: %s\n", i
+ 1, error
->msg
);
103 if (crypto_push_cert(cctx
, data
, size
, &error
)) {
105 fprintf(stderr
, "Error pushing cert %d: %s\n", i
+ 1, error
->msg
);
111 /* Verify the cert chain */
112 if (crypto_verify_chain(cctx
, argv
[3], NULL
, &error
) != 0) {
113 fprintf(stderr
, "Error verifying chain: %s\n", error
&& error
->msg
? error
->msg
: "(none)");
117 /* Decrypt something using the public key of the server certificate */
118 sig_data
= read_binfile(argv
[1], &sig_len
);
119 if (sig_data
== NULL
)
122 dec_data
= read_binfile(argv
[2], &dec_len
);
123 if (dec_data
== NULL
) {
129 data
= crypto_decrypt_signature(cctx
, &sig_data
[0], sig_len
, &size
, CRYPTO_PAD_NONE
, &error
);
130 if (!data
|| !size
) {
131 fprintf(stderr
, "Error decrypting signature: %s\n", error
&& error
->msg
? error
->msg
: "(none)");
137 if (size
!= dec_len
) {
138 fprintf(stderr
, "Error decrypting signature: unexpected "
139 "decrypted size %zd (expected %zu)\n", size
, dec_len
);
146 if (memcmp(data
, dec_data
, dec_len
)) {
147 fprintf(stderr
, "Error decrypting signature: decrypted data did"
148 " not match expected decrypted data\n");
158 fprintf(stdout
, "Success\n");
160 crypto_ctx_free(cctx
);