2 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
5 * Author: Simon Josefsson
7 * This file is part of GNUTLS.
9 * GNUTLS is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * GNUTLS is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with GNUTLS; if not, write to the Free Software Foundation,
21 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
24 /* Parts copied from GnuTLS example programs. */
33 #include <sys/types.h>
34 #include <netinet/in.h>
35 #include <sys/socket.h>
37 #include <arpa/inet.h>
39 #include <gnutls/gnutls.h>
44 tls_log_func (int level
, const char *str
)
46 fprintf (stderr
, "|<%d>| %s", level
, str
);
49 /* A very basic TLS client, with anonymous authentication.
53 #define MSG "Hello TLS"
55 /* Connects to the peer and returns a socket
61 const char *PORT
= "5556";
62 const char *SERVER
= "127.0.0.1";
64 struct sockaddr_in sa
;
68 sd
= socket (AF_INET
, SOCK_STREAM
, 0);
70 memset (&sa
, '\0', sizeof (sa
));
71 sa
.sin_family
= AF_INET
;
72 sa
.sin_port
= htons (atoi (PORT
));
73 inet_pton (AF_INET
, SERVER
, &sa
.sin_addr
);
75 err
= connect (sd
, (struct sockaddr
*) &sa
, sizeof (sa
));
78 fprintf (stderr
, "Connect error\n");
85 /* closes the given socket descriptor.
90 shutdown (sd
, SHUT_RDWR
); /* no more receptions */
98 gnutls_session_t session
;
99 char buffer
[MAX_BUF
+ 1];
100 gnutls_anon_client_credentials_t anoncred
;
101 /* Need to enable anonymous KX specifically. */
102 const int kx_prio
[] = { GNUTLS_KX_ANON_DH
, 0 };
104 gnutls_global_init ();
106 gnutls_global_set_log_function (tls_log_func
);
108 gnutls_global_set_log_level (4711);
110 gnutls_anon_allocate_client_credentials (&anoncred
);
112 /* Initialize TLS session
114 gnutls_init (&session
, GNUTLS_CLIENT
);
116 /* Use default priorities */
117 gnutls_set_default_priority (session
);
118 gnutls_kx_set_priority (session
, kx_prio
);
120 /* put the anonymous credentials to the current session
122 gnutls_credentials_set (session
, GNUTLS_CRD_ANON
, anoncred
);
124 gnutls_oprfi_enable_client (session
, 3, "foo");
126 /* connect to the peer
130 gnutls_transport_set_ptr (session
, (gnutls_transport_ptr_t
) sd
);
132 /* Perform the TLS handshake
134 ret
= gnutls_handshake (session
);
138 fail ("client: Handshake failed\n");
144 success ("client: Handshake was completed\n");
147 success ("client: TLS version is: %s\n",
148 gnutls_protocol_get_name (gnutls_protocol_get_version (session
)));
150 gnutls_record_send (session
, MSG
, strlen (MSG
));
152 ret
= gnutls_record_recv (session
, buffer
, MAX_BUF
);
155 success ("client: Peer has closed the TLS connection\n");
160 fail ("client: Error: %s\n", gnutls_strerror (ret
));
164 printf ("- Received %d bytes: ", ret
);
165 for (ii
= 0; ii
< ret
; ii
++)
167 fputc (buffer
[ii
], stdout
);
169 fputs ("\n", stdout
);
171 gnutls_bye (session
, GNUTLS_SHUT_RDWR
);
177 gnutls_deinit (session
);
179 gnutls_anon_free_client_credentials (anoncred
);
181 gnutls_global_deinit ();
184 /* This is a sample TLS 1.0 echo server, for anonymous authentication only.
187 #define SA struct sockaddr
189 #define PORT 5556 /* listen to 5556 port */
192 /* These are global */
193 gnutls_anon_server_credentials_t anoncred
;
196 oprfi_callback (gnutls_session_t session
,
199 const unsigned char *in_oprfi
, unsigned char *out_oprfi
)
205 for (i
= 0; i
< oprfi_len
; i
++)
206 printf ("OPRF[%d]: %02x %03d %c\n", i
, in_oprfi
[i
],
207 in_oprfi
[i
], in_oprfi
[i
]);
209 memset (out_oprfi
, 42, oprfi_len
);
215 initialize_tls_session (void)
217 gnutls_session_t session
;
218 const int kx_prio
[] = { GNUTLS_KX_ANON_DH
, 0 };
220 gnutls_init (&session
, GNUTLS_SERVER
);
222 /* avoid calling all the priority functions, since the defaults
225 gnutls_set_default_priority (session
);
226 gnutls_kx_set_priority (session
, kx_prio
);
228 gnutls_credentials_set (session
, GNUTLS_CRD_ANON
, anoncred
);
230 gnutls_dh_set_prime_bits (session
, DH_BITS
);
232 gnutls_oprfi_enable_server (session
, oprfi_callback
, NULL
);
237 static gnutls_dh_params_t dh_params
;
240 generate_dh_params (void)
242 const gnutls_datum_t p3
= { pkcs3
, strlen (pkcs3
) };
243 /* Generate Diffie-Hellman parameters - for use with DHE
244 * kx algorithms. These should be discarded and regenerated
245 * once a day, once a week or once a month. Depending on the
246 * security requirements.
248 gnutls_dh_params_init (&dh_params
);
249 return gnutls_dh_params_import_pkcs3 (dh_params
, &p3
, GNUTLS_X509_FMT_PEM
);
252 int err
, listen_sd
, i
;
254 struct sockaddr_in sa_serv
;
255 struct sockaddr_in sa_cli
;
258 gnutls_session_t session
;
259 char buffer
[MAX_BUF
+ 1];
265 /* this must be called once in the program
267 gnutls_global_init ();
269 gnutls_global_set_log_function (tls_log_func
);
271 gnutls_global_set_log_level (4711);
273 gnutls_anon_allocate_server_credentials (&anoncred
);
275 success ("Launched, generating DH parameters...\n");
277 generate_dh_params ();
279 gnutls_anon_set_server_dh_params (anoncred
, dh_params
);
283 listen_sd
= socket (AF_INET
, SOCK_STREAM
, 0);
287 fail ("server: socket failed\n");
291 memset (&sa_serv
, '\0', sizeof (sa_serv
));
292 sa_serv
.sin_family
= AF_INET
;
293 sa_serv
.sin_addr
.s_addr
= INADDR_ANY
;
294 sa_serv
.sin_port
= htons (PORT
); /* Server Port number */
296 setsockopt (listen_sd
, SOL_SOCKET
, SO_REUSEADDR
, (void *) &optval
,
299 err
= bind (listen_sd
, (SA
*) & sa_serv
, sizeof (sa_serv
));
303 fail ("server: bind failed\n");
307 err
= listen (listen_sd
, 1024);
311 fail ("server: listen failed\n");
315 success ("server: ready. Listening to port '%d'.\n", PORT
);
321 client_len
= sizeof (sa_cli
);
323 session
= initialize_tls_session ();
325 sd
= accept (listen_sd
, (SA
*) & sa_cli
, &client_len
);
327 success ("server: connection from %s, port %d\n",
328 inet_ntop (AF_INET
, &sa_cli
.sin_addr
, topbuf
,
329 sizeof (topbuf
)), ntohs (sa_cli
.sin_port
));
331 gnutls_transport_set_ptr (session
, (gnutls_transport_ptr_t
) sd
);
332 ret
= gnutls_handshake (session
);
336 gnutls_deinit (session
);
337 fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret
));
340 success ("server: Handshake was completed\n");
342 success ("server: TLS version is: %s\n",
343 gnutls_protocol_get_name (gnutls_protocol_get_version (session
)));
345 /* see the Getting peer's information example */
346 /* print_info(session); */
351 memset (buffer
, 0, MAX_BUF
+ 1);
352 ret
= gnutls_record_recv (session
, buffer
, MAX_BUF
);
356 success ("server: Peer has closed the GNUTLS connection\n");
361 fail ("server: Received corrupted data(%d). Closing...\n", ret
);
366 /* echo data back to the client
368 gnutls_record_send (session
, buffer
, strlen (buffer
));
371 /* do not wait for the peer to close the connection.
373 gnutls_bye (session
, GNUTLS_SHUT_WR
);
376 gnutls_deinit (session
);
380 gnutls_anon_free_server_credentials (anoncred
);
382 gnutls_global_deinit ();
384 success ("server: finished\n");