documented update
[gnutls.git] / doc / examples / ex-serv-psk.c
blob1f2af6c4727ca155fbe41f97956d3e01891e95c6
1 /* This example code is placed in the public domain. */
3 #ifdef HAVE_CONFIG_H
4 #include <config.h>
5 #endif
7 #include <stdio.h>
8 #include <stdlib.h>
9 #include <errno.h>
10 #include <sys/types.h>
11 #include <sys/socket.h>
12 #include <arpa/inet.h>
13 #include <netinet/in.h>
14 #include <string.h>
15 #include <unistd.h>
16 #include <gnutls/gnutls.h>
18 #define KEYFILE "key.pem"
19 #define CERTFILE "cert.pem"
20 #define CAFILE "/etc/ssl/certs/ca-certificates.crt"
21 #define CRLFILE "crl.pem"
23 /* This is a sample TLS echo server, supporting X.509 and PSK
24 authentication.
27 #define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
28 #define MAX_BUF 1024
29 #define PORT 5556 /* listen to 5556 port */
30 #define DH_BITS 1024
32 /* These are global */
33 gnutls_certificate_credentials_t x509_cred;
34 gnutls_psk_server_credentials_t psk_cred;
35 gnutls_priority_t priority_cache;
37 static gnutls_session_t
38 initialize_tls_session (void)
40 gnutls_session_t session;
42 gnutls_init (&session, GNUTLS_SERVER);
44 gnutls_priority_set (session, priority_cache);
46 gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
47 gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred);
49 /* request client certificate if any.
51 gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
53 return session;
56 static gnutls_dh_params_t dh_params;
58 static int
59 generate_dh_params (void)
62 /* Generate Diffie-Hellman parameters - for use with DHE
63 * kx algorithms. When short bit length is used, it might
64 * be wise to regenerate parameters.
66 * Check the ex-serv-export.c example for using static
67 * parameters.
69 gnutls_dh_params_init (&dh_params);
70 gnutls_dh_params_generate2 (dh_params, DH_BITS);
72 return 0;
75 static int
76 pskfunc (gnutls_session_t session, const char *username, gnutls_datum_t * key)
78 printf ("psk: username %s\n", username);
79 key->data = gnutls_malloc (4);
80 key->data[0] = 0xDE;
81 key->data[1] = 0xAD;
82 key->data[2] = 0xBE;
83 key->data[3] = 0xEF;
84 key->size = 4;
85 return 0;
88 int
89 main (void)
91 int err, listen_sd;
92 int sd, ret;
93 struct sockaddr_in sa_serv;
94 struct sockaddr_in sa_cli;
95 socklen_t client_len;
96 char topbuf[512];
97 gnutls_session_t session;
98 char buffer[MAX_BUF + 1];
99 int optval = 1;
100 int kx;
102 /* this must be called once in the program
104 gnutls_global_init ();
106 gnutls_certificate_allocate_credentials (&x509_cred);
107 gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE,
108 GNUTLS_X509_FMT_PEM);
110 gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE,
111 GNUTLS_X509_FMT_PEM);
113 gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE,
114 GNUTLS_X509_FMT_PEM);
116 gnutls_psk_allocate_server_credentials (&psk_cred);
117 gnutls_psk_set_server_credentials_function (psk_cred, pskfunc);
119 generate_dh_params ();
121 gnutls_priority_init (&priority_cache, "NORMAL:+PSK:+ECDHE-PSK:+DHE-PSK", NULL);
123 gnutls_certificate_set_dh_params (x509_cred, dh_params);
125 /* Socket operations
127 listen_sd = socket (AF_INET, SOCK_STREAM, 0);
128 SOCKET_ERR (listen_sd, "socket");
130 memset (&sa_serv, '\0', sizeof (sa_serv));
131 sa_serv.sin_family = AF_INET;
132 sa_serv.sin_addr.s_addr = INADDR_ANY;
133 sa_serv.sin_port = htons (PORT); /* Server Port number */
135 setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
136 sizeof (int));
138 err = bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv));
139 SOCKET_ERR (err, "bind");
140 err = listen (listen_sd, 1024);
141 SOCKET_ERR (err, "listen");
143 printf ("Server ready. Listening to port '%d'.\n\n", PORT);
145 client_len = sizeof (sa_cli);
146 for (;;)
148 session = initialize_tls_session ();
150 sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
152 printf ("- connection from %s, port %d\n",
153 inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
154 sizeof (topbuf)), ntohs (sa_cli.sin_port));
156 gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
157 ret = gnutls_handshake (session);
158 if (ret < 0)
160 close (sd);
161 gnutls_deinit (session);
162 fprintf (stderr, "*** Handshake has failed (%s)\n\n",
163 gnutls_strerror (ret));
164 continue;
166 printf ("- Handshake was completed\n");
168 kx = gnutls_kx_get(session);
169 if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK ||
170 kx == GNUTLS_KX_ECDHE_PSK)
172 printf("- User %s was connected\n", gnutls_psk_server_get_username(session));
175 /* see the Getting peer's information example */
176 /* print_info(session); */
178 for (;;)
180 memset (buffer, 0, MAX_BUF + 1);
181 ret = gnutls_record_recv (session, buffer, MAX_BUF);
183 if (ret == 0)
185 printf ("\n- Peer has closed the GnuTLS connection\n");
186 break;
188 else if (ret < 0)
190 fprintf (stderr, "\n*** Received corrupted "
191 "data(%d). Closing the connection.\n\n", ret);
192 break;
194 else if (ret > 0)
196 /* echo data back to the client
198 gnutls_record_send (session, buffer, strlen (buffer));
201 printf ("\n");
202 /* do not wait for the peer to close the connection.
204 gnutls_bye (session, GNUTLS_SHUT_WR);
206 close (sd);
207 gnutls_deinit (session);
210 close (listen_sd);
212 gnutls_certificate_free_credentials (x509_cred);
213 gnutls_psk_free_server_credentials (psk_cred);
215 gnutls_priority_deinit (priority_cache);
217 gnutls_global_deinit ();
219 return 0;