2 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
5 * Author: Simon Josefsson
7 * This file is part of GNUTLS.
9 * GNUTLS is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * GNUTLS is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with GNUTLS; if not, write to the Free Software Foundation,
21 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
24 /* Parts copied from GnuTLS example programs. */
33 #include <sys/types.h>
34 #include <netinet/in.h>
35 #include <sys/socket.h>
37 #include <arpa/inet.h>
39 #include <gnutls/gnutls.h>
46 tls_log_func (int level
, const char *str
)
48 fprintf (stderr
, "|<%d>| %s", level
, str
);
51 /* A very basic TLS client, with anonymous authentication.
55 #define MSG "Hello TLS"
61 gnutls_session_t session
;
62 char buffer
[MAX_BUF
+ 1];
63 gnutls_anon_client_credentials_t anoncred
;
64 /* Need to enable anonymous KX specifically. */
65 const int kx_prio
[] = { GNUTLS_KX_ANON_DH
, 0 };
67 gnutls_global_init ();
69 gnutls_global_set_log_function (tls_log_func
);
71 gnutls_global_set_log_level (4711);
73 gnutls_anon_allocate_client_credentials (&anoncred
);
75 /* Initialize TLS session
77 gnutls_init (&session
, GNUTLS_CLIENT
);
79 /* Use default priorities */
80 gnutls_set_default_priority (session
);
81 gnutls_kx_set_priority (session
, kx_prio
);
83 /* put the anonymous credentials to the current session
85 gnutls_credentials_set (session
, GNUTLS_CRD_ANON
, anoncred
);
87 /* connect to the peer
91 gnutls_transport_set_ptr (session
, (gnutls_transport_ptr_t
) sd
);
93 /* Perform the TLS handshake
95 ret
= gnutls_handshake (session
);
99 fail ("client: Handshake failed\n");
105 success ("client: Handshake was completed\n");
108 success ("client: TLS version is: %s\n",
109 gnutls_protocol_get_name (gnutls_protocol_get_version (session
)));
111 gnutls_record_send (session
, MSG
, strlen (MSG
));
113 ret
= gnutls_record_recv (session
, buffer
, MAX_BUF
);
116 success ("client: Peer has closed the TLS connection\n");
121 fail ("client: Error: %s\n", gnutls_strerror (ret
));
125 printf ("- Received %d bytes: ", ret
);
126 for (ii
= 0; ii
< ret
; ii
++)
128 fputc (buffer
[ii
], stdout
);
130 fputs ("\n", stdout
);
132 gnutls_bye (session
, GNUTLS_SHUT_RDWR
);
138 gnutls_deinit (session
);
140 gnutls_anon_free_client_credentials (anoncred
);
142 gnutls_global_deinit ();
145 /* This is a sample TLS 1.0 echo server, for anonymous authentication only.
148 #define SA struct sockaddr
150 #define PORT 5556 /* listen to 5556 port */
153 /* These are global */
154 gnutls_anon_server_credentials_t anoncred
;
156 static gnutls_session_t
157 initialize_tls_session (void)
159 gnutls_session_t session
;
160 const int kx_prio
[] = { GNUTLS_KX_ANON_DH
, 0 };
162 gnutls_init (&session
, GNUTLS_SERVER
);
164 /* avoid calling all the priority functions, since the defaults
167 gnutls_set_default_priority (session
);
168 gnutls_kx_set_priority (session
, kx_prio
);
170 gnutls_credentials_set (session
, GNUTLS_CRD_ANON
, anoncred
);
172 gnutls_dh_set_prime_bits (session
, DH_BITS
);
177 static gnutls_dh_params_t dh_params
;
180 generate_dh_params (void)
182 const gnutls_datum_t p3
= { (char *) pkcs3
, strlen (pkcs3
) };
183 /* Generate Diffie-Hellman parameters - for use with DHE
184 * kx algorithms. These should be discarded and regenerated
185 * once a day, once a week or once a month. Depending on the
186 * security requirements.
188 gnutls_dh_params_init (&dh_params
);
189 return gnutls_dh_params_import_pkcs3 (dh_params
, &p3
, GNUTLS_X509_FMT_PEM
);
192 int err
, listen_sd
, i
;
194 struct sockaddr_in sa_serv
;
195 struct sockaddr_in sa_cli
;
198 gnutls_session_t session
;
199 char buffer
[MAX_BUF
+ 1];
207 listen_sd
= socket (AF_INET
, SOCK_STREAM
, 0);
211 fail ("server: socket failed\n");
215 memset (&sa_serv
, '\0', sizeof (sa_serv
));
216 sa_serv
.sin_family
= AF_INET
;
217 sa_serv
.sin_addr
.s_addr
= INADDR_ANY
;
218 sa_serv
.sin_port
= htons (PORT
); /* Server Port number */
220 setsockopt (listen_sd
, SOL_SOCKET
, SO_REUSEADDR
, (void *) &optval
,
223 err
= bind (listen_sd
, (SA
*) & sa_serv
, sizeof (sa_serv
));
227 fail ("server: bind failed\n");
231 err
= listen (listen_sd
, 1024);
235 fail ("server: listen failed\n");
239 success ("server: ready. Listening to port '%d'.\n", PORT
);
245 /* this must be called once in the program
247 gnutls_global_init ();
249 gnutls_global_set_log_function (tls_log_func
);
251 gnutls_global_set_log_level (4711);
253 gnutls_anon_allocate_server_credentials (&anoncred
);
255 success ("Launched, generating DH parameters...\n");
257 generate_dh_params ();
259 gnutls_anon_set_server_dh_params (anoncred
, dh_params
);
261 client_len
= sizeof (sa_cli
);
263 session
= initialize_tls_session ();
265 sd
= accept (listen_sd
, (SA
*) & sa_cli
, &client_len
);
267 success ("server: connection from %s, port %d\n",
268 inet_ntop (AF_INET
, &sa_cli
.sin_addr
, topbuf
,
269 sizeof (topbuf
)), ntohs (sa_cli
.sin_port
));
271 gnutls_transport_set_ptr (session
, (gnutls_transport_ptr_t
) sd
);
272 ret
= gnutls_handshake (session
);
276 gnutls_deinit (session
);
277 fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret
));
280 success ("server: Handshake was completed\n");
282 success ("server: TLS version is: %s\n",
283 gnutls_protocol_get_name (gnutls_protocol_get_version (session
)));
285 /* see the Getting peer's information example */
286 /* print_info(session); */
291 memset (buffer
, 0, MAX_BUF
+ 1);
292 ret
= gnutls_record_recv (session
, buffer
, MAX_BUF
);
296 success ("server: Peer has closed the GNUTLS connection\n");
301 fail ("server: Received corrupted data(%d). Closing...\n", ret
);
306 /* echo data back to the client
308 gnutls_record_send (session
, buffer
, strlen (buffer
));
311 /* do not wait for the peer to close the connection.
313 gnutls_bye (session
, GNUTLS_SHUT_WR
);
316 gnutls_deinit (session
);
320 gnutls_anon_free_server_credentials (anoncred
);
322 gnutls_dh_params_deinit (dh_params
);
324 gnutls_global_deinit ();
326 success ("server: finished\n");