tests/anonself.c

   1 /*
   2  * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
   3  * Foundation, Inc.
   4  *
   5  * Author: Simon Josefsson
   6  *
   7  * This file is part of GnuTLS.
   8  *
   9  * GnuTLS is free software; you can redistribute it and/or modify it
  10  * under the terms of the GNU General Public License as published by
  11  * the Free Software Foundation; either version 3 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * GnuTLS is distributed in the hope that it will be useful, but
  15  * WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17  * General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU General Public License
  20  * along with GnuTLS; if not, write to the Free Software Foundation,
  21  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  22  */
  23
  24 /* Parts copied from GnuTLS example programs. */
  25
  26 #ifdef HAVE_CONFIG_H
  27 #include <config.h>
  28 #endif
  29
  30 #include <stdio.h>
  31 #include <stdlib.h>
  32 #include <string.h>
  33 #include <sys/types.h>
  34 #include <netinet/in.h>
  35 #include <sys/socket.h>
  36 #include <sys/wait.h>
  37 #include <arpa/inet.h>
  38 #include <unistd.h>
  39 #include <gnutls/gnutls.h>
  40
  41 #include "tcp.c"
  42
  43 #include "utils.h"
  44
  45 static void
  46 tls_log_func (int level, const char *str)
  47 {
  48   fprintf (stderr, "|<%d>| %s", level, str);
  49 }
  50
  51 /* A very basic TLS client, with anonymous authentication.
  52  */
  53
  54 #define MAX_BUF 1024
  55 #define MSG "Hello TLS"
  56
  57 static void
  58 client (void)
  59 {
  60   int ret, sd, ii;
  61   gnutls_session_t session;
  62   char buffer[MAX_BUF + 1];
  63   gnutls_anon_client_credentials_t anoncred;
  64   /* Need to enable anonymous KX specifically. */
  65
  66   gnutls_global_init ();
  67
  68   gnutls_global_set_log_function (tls_log_func);
  69   if (debug)
  70     gnutls_global_set_log_level (4711);
  71
  72   gnutls_anon_allocate_client_credentials (&anoncred);
  73
  74   /* Initialize TLS session
  75    */
  76   gnutls_init (&session, GNUTLS_CLIENT);
  77
  78   /* Use default priorities */
  79   gnutls_priority_set_direct (session, "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
  80
  81   /* put the anonymous credentials to the current session
  82    */
  83   gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
  84
  85   /* connect to the peer
  86    */
  87   sd = tcp_connect ();
  88
  89   gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
  90
  91   /* Perform the TLS handshake
  92    */
  93   ret = gnutls_handshake (session);
  94
  95   if (ret < 0)
  96     {
  97       fail ("client: Handshake failed\n");
  98       gnutls_perror (ret);
  99       goto end;
 100     }
 101   else
 102     {
 103       if (debug)
 104         success ("client: Handshake was completed\n");
 105     }
 106
 107   if (debug)
 108     success ("client: TLS version is: %s\n",
 109              gnutls_protocol_get_name (gnutls_protocol_get_version
 110                                        (session)));
 111
 112   gnutls_record_send (session, MSG, strlen (MSG));
 113
 114   ret = gnutls_record_recv (session, buffer, MAX_BUF);
 115   if (ret == 0)
 116     {
 117       if (debug)
 118         success ("client: Peer has closed the TLS connection\n");
 119       goto end;
 120     }
 121   else if (ret < 0)
 122     {
 123       fail ("client: Error: %s\n", gnutls_strerror (ret));
 124       goto end;
 125     }
 126
 127   if (debug)
 128     {
 129       printf ("- Received %d bytes: ", ret);
 130       for (ii = 0; ii < ret; ii++)
 131         {
 132           fputc (buffer[ii], stdout);
 133         }
 134       fputs ("\n", stdout);
 135     }
 136
 137   gnutls_bye (session, GNUTLS_SHUT_RDWR);
 138
 139 end:
 140
 141   tcp_close (sd);
 142
 143   gnutls_deinit (session);
 144
 145   gnutls_anon_free_client_credentials (anoncred);
 146
 147   gnutls_global_deinit ();
 148 }
 149
 150 /* This is a sample TLS 1.0 echo server, for anonymous authentication only.
 151  */
 152
 153 #define SA struct sockaddr
 154 #define MAX_BUF 1024
 155 #define PORT 5556               /* listen to 5556 port */
 156 #define DH_BITS 1024
 157
 158 /* These are global */
 159 gnutls_anon_server_credentials_t anoncred;
 160
 161 static gnutls_session_t
 162 initialize_tls_session (void)
 163 {
 164   gnutls_session_t session;
 165
 166   gnutls_init (&session, GNUTLS_SERVER);
 167
 168   /* avoid calling all the priority functions, since the defaults
 169    * are adequate.
 170    */
 171   gnutls_priority_set_direct (session, "NONE:+VERS-TLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
 172
 173   gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
 174
 175   gnutls_dh_set_prime_bits (session, DH_BITS);
 176
 177   return session;
 178 }
 179
 180 static gnutls_dh_params_t dh_params;
 181
 182 static int
 183 generate_dh_params (void)
 184 {
 185   const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) };
 186   /* Generate Diffie-Hellman parameters - for use with DHE
 187    * kx algorithms. These should be discarded and regenerated
 188    * once a day, once a week or once a month. Depending on the
 189    * security requirements.
 190    */
 191   gnutls_dh_params_init (&dh_params);
 192   return gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
 193 }
 194
 195 int err, listen_sd, i;
 196 int sd, ret;
 197 struct sockaddr_in sa_serv;
 198 struct sockaddr_in sa_cli;
 199 int client_len;
 200 char topbuf[512];
 201 gnutls_session_t session;
 202 char buffer[MAX_BUF + 1];
 203 int optval = 1;
 204
 205 static void
 206 server_start (void)
 207 {
 208   /* Socket operations
 209    */
 210   listen_sd = socket (AF_INET, SOCK_STREAM, 0);
 211   if (err == -1)
 212     {
 213       perror ("socket");
 214       fail ("server: socket failed\n");
 215       return;
 216     }
 217
 218   memset (&sa_serv, '\0', sizeof (sa_serv));
 219   sa_serv.sin_family = AF_INET;
 220   sa_serv.sin_addr.s_addr = INADDR_ANY;
 221   sa_serv.sin_port = htons (PORT);      /* Server Port number */
 222
 223   setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
 224               sizeof (int));
 225
 226   err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
 227   if (err == -1)
 228     {
 229       perror ("bind");
 230       fail ("server: bind failed\n");
 231       return;
 232     }
 233
 234   err = listen (listen_sd, 1024);
 235   if (err == -1)
 236     {
 237       perror ("listen");
 238       fail ("server: listen failed\n");
 239       return;
 240     }
 241
 242   if (debug)
 243     success ("server: ready. Listening to port '%d'.\n", PORT);
 244 }
 245
 246 static void
 247 server (void)
 248 {
 249   /* this must be called once in the program
 250    */
 251   gnutls_global_init ();
 252
 253   gnutls_global_set_log_function (tls_log_func);
 254   if (debug)
 255     gnutls_global_set_log_level (4711);
 256
 257   gnutls_anon_allocate_server_credentials (&anoncred);
 258
 259   if (debug)
 260     success ("Launched, generating DH parameters...\n");
 261
 262   generate_dh_params ();
 263
 264   gnutls_anon_set_server_dh_params (anoncred, dh_params);
 265
 266   client_len = sizeof (sa_cli);
 267
 268   session = initialize_tls_session ();
 269
 270   sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
 271
 272   if (debug)
 273     success ("server: connection from %s, port %d\n",
 274              inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
 275                         sizeof (topbuf)), ntohs (sa_cli.sin_port));
 276
 277   gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
 278   ret = gnutls_handshake (session);
 279   if (ret < 0)
 280     {
 281       close (sd);
 282       gnutls_deinit (session);
 283       fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
 284       return;
 285     }
 286   if (debug)
 287     success ("server: Handshake was completed\n");
 288
 289   if (debug)
 290     success ("server: TLS version is: %s\n",
 291              gnutls_protocol_get_name (gnutls_protocol_get_version
 292                                        (session)));
 293
 294   /* see the Getting peer's information example */
 295   /* print_info(session); */
 296
 297   i = 0;
 298   for (;;)
 299     {
 300       memset (buffer, 0, MAX_BUF + 1);
 301       ret = gnutls_record_recv (session, buffer, MAX_BUF);
 302
 303       if (ret == 0)
 304         {
 305           if (debug)
 306             success ("server: Peer has closed the GnuTLS connection\n");
 307           break;
 308         }
 309       else if (ret < 0)
 310         {
 311           fail ("server: Received corrupted data(%d). Closing...\n", ret);
 312           break;
 313         }
 314       else if (ret > 0)
 315         {
 316           /* echo data back to the client
 317            */
 318           gnutls_record_send (session, buffer, strlen (buffer));
 319         }
 320     }
 321   /* do not wait for the peer to close the connection.
 322    */
 323   gnutls_bye (session, GNUTLS_SHUT_WR);
 324
 325   close (sd);
 326   gnutls_deinit (session);
 327
 328   close (listen_sd);
 329
 330   gnutls_anon_free_server_credentials (anoncred);
 331
 332   gnutls_dh_params_deinit (dh_params);
 333
 334   gnutls_global_deinit ();
 335
 336   if (debug)
 337     success ("server: finished\n");
 338 }
 339
 340 void
 341 doit (void)
 342 {
 343   pid_t child;
 344
 345   server_start ();
 346   if (error_count)
 347     return;
 348
 349   child = fork ();
 350   if (child < 0)
 351     {
 352       perror ("fork");
 353       fail ("fork");
 354       return;
 355     }
 356
 357   if (child)
 358     {
 359       int status;
 360       /* parent */
 361       server ();
 362       wait (&status);
 363     }
 364   else
 365     client ();
 366 }