search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Improve GTK-DOC coverage.
[gnutls.git] / tests / oprfi.c
blobaaacc255ded929fb293aed4c50fd8b7c02056b50
1 /*
2 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
3 * Foundation, Inc.
4 *
5 * Author: Simon Josefsson
6 *
7 * This file is part of GNUTLS.
8 *
9 * GNUTLS is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * GNUTLS is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with GNUTLS; if not, write to the Free Software Foundation,
21 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
22 */
23
24 /* Parts copied from GnuTLS example programs. */
25
26 #ifdef HAVE_CONFIG_H
27 # include <config.h>
28 #endif
29
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <sys/types.h>
34 #include <netinet/in.h>
35 #include <sys/socket.h>
36 #include <sys/wait.h>
37 #include <arpa/inet.h>
38 #include <unistd.h>
39 #include <gnutls/gnutls.h>
40
41 #include "utils.h"
42
43 static void
44 tls_log_func (int level, const char *str)
45 {
46 fprintf (stderr, "|<%d>| %s", level, str);
47 }
48
49 /* A very basic TLS client, with anonymous authentication.
50 */
51
52 #define MAX_BUF 1024
53 #define MSG "Hello TLS"
54
55 /* Connects to the peer and returns a socket
56 * descriptor.
57 */
58 int
59 tcp_connect (void)
60 {
61 const char *PORT = "5556";
62 const char *SERVER = "127.0.0.1";
63 int err, sd;
64 struct sockaddr_in sa;
65
66 /* connects to server
67 */
68 sd = socket (AF_INET, SOCK_STREAM, 0);
69
70 memset (&sa, '\0', sizeof (sa));
71 sa.sin_family = AF_INET;
72 sa.sin_port = htons (atoi (PORT));
73 inet_pton (AF_INET, SERVER, &sa.sin_addr);
74
75 err = connect (sd, (struct sockaddr *) &sa, sizeof (sa));
76 if (err < 0)
77 {
78 fprintf (stderr, "Connect error\n");
79 exit (1);
80 }
81
82 return sd;
83 }
84
85 /* closes the given socket descriptor.
86 */
87 void
88 tcp_close (int sd)
89 {
90 shutdown (sd, SHUT_RDWR); /* no more receptions */
91 close (sd);
92 }
93
94 void
95 client (void)
96 {
97 int ret, sd, ii;
98 gnutls_session_t session;
99 char buffer[MAX_BUF + 1];
100 gnutls_anon_client_credentials_t anoncred;
101 /* Need to enable anonymous KX specifically. */
102 const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 };
103
104 gnutls_global_init ();
105
106 gnutls_global_set_log_function (tls_log_func);
107 if (debug)
108 gnutls_global_set_log_level (4711);
109
110 gnutls_anon_allocate_client_credentials (&anoncred);
111
112 /* Initialize TLS session
113 */
114 gnutls_init (&session, GNUTLS_CLIENT);
115
116 /* Use default priorities */
117 gnutls_set_default_priority (session);
118 gnutls_kx_set_priority (session, kx_prio);
119
120 /* put the anonymous credentials to the current session
121 */
122 gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
123
124 gnutls_oprfi_enable_client (session, 3, "foo");
125
126 /* connect to the peer
127 */
128 sd = tcp_connect ();
129
130 gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
131
132 /* Perform the TLS handshake
133 */
134 ret = gnutls_handshake (session);
135
136 if (ret < 0)
137 {
138 fail ("client: Handshake failed\n");
139 gnutls_perror (ret);
140 goto end;
141 }
142 else
143 {
144 success ("client: Handshake was completed\n");
145 }
146
147 success ("client: TLS version is: %s\n",
148 gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
149
150 gnutls_record_send (session, MSG, strlen (MSG));
151
152 ret = gnutls_record_recv (session, buffer, MAX_BUF);
153 if (ret == 0)
154 {
155 success ("client: Peer has closed the TLS connection\n");
156 goto end;
157 }
158 else if (ret < 0)
159 {
160 fail ("client: Error: %s\n", gnutls_strerror (ret));
161 goto end;
162 }
163
164 printf ("- Received %d bytes: ", ret);
165 for (ii = 0; ii < ret; ii++)
166 {
167 fputc (buffer[ii], stdout);
168 }
169 fputs ("\n", stdout);
170
171 gnutls_bye (session, GNUTLS_SHUT_RDWR);
172
173 end:
174
175 tcp_close (sd);
176
177 gnutls_deinit (session);
178
179 gnutls_anon_free_client_credentials (anoncred);
180
181 gnutls_global_deinit ();
182 }
183
184 /* This is a sample TLS 1.0 echo server, for anonymous authentication only.
185 */
186
187 #define SA struct sockaddr
188 #define MAX_BUF 1024
189 #define PORT 5556 /* listen to 5556 port */
190 #define DH_BITS 1024
191
192 /* These are global */
193 gnutls_anon_server_credentials_t anoncred;
194
195 int
196 oprfi_callback (gnutls_session_t session,
197 void *userdata,
198 size_t oprfi_len,
199 const unsigned char *in_oprfi, unsigned char *out_oprfi)
200 {
201 size_t i;
202
203 puts ("cb");
204
205 for (i = 0; i < oprfi_len; i++)
206 printf ("OPRF[%d]: %02x %03d %c\n", i, in_oprfi[i],
207 in_oprfi[i], in_oprfi[i]);
208
209 memset (out_oprfi, 42, oprfi_len);
210
211 return 0;
212 }
213
214 gnutls_session_t
215 initialize_tls_session (void)
216 {
217 gnutls_session_t session;
218 const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 };
219
220 gnutls_init (&session, GNUTLS_SERVER);
221
222 /* avoid calling all the priority functions, since the defaults
223 * are adequate.
224 */
225 gnutls_set_default_priority (session);
226 gnutls_kx_set_priority (session, kx_prio);
227
228 gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
229
230 gnutls_dh_set_prime_bits (session, DH_BITS);
231
232 gnutls_oprfi_enable_server (session, oprfi_callback, NULL);
233
234 return session;
235 }
236
237 static gnutls_dh_params_t dh_params;
238
239 static int
240 generate_dh_params (void)
241 {
242 const gnutls_datum_t p3 = { pkcs3, strlen (pkcs3) };
243 /* Generate Diffie-Hellman parameters - for use with DHE
244 * kx algorithms. These should be discarded and regenerated
245 * once a day, once a week or once a month. Depending on the
246 * security requirements.
247 */
248 gnutls_dh_params_init (&dh_params);
249 return gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
250 }
251
252 int err, listen_sd, i;
253 int sd, ret;
254 struct sockaddr_in sa_serv;
255 struct sockaddr_in sa_cli;
256 int client_len;
257 char topbuf[512];
258 gnutls_session_t session;
259 char buffer[MAX_BUF + 1];
260 int optval = 1;
261
262 void
263 server_start (void)
264 {
265 /* this must be called once in the program
266 */
267 gnutls_global_init ();
268
269 gnutls_global_set_log_function (tls_log_func);
270 if (debug)
271 gnutls_global_set_log_level (4711);
272
273 gnutls_anon_allocate_server_credentials (&anoncred);
274
275 success ("Launched, generating DH parameters...\n");
276
277 generate_dh_params ();
278
279 gnutls_anon_set_server_dh_params (anoncred, dh_params);
280
281 /* Socket operations
282 */
283 listen_sd = socket (AF_INET, SOCK_STREAM, 0);
284 if (err == -1)
285 {
286 perror ("socket");
287 fail ("server: socket failed\n");
288 return;
289 }
290
291 memset (&sa_serv, '\0', sizeof (sa_serv));
292 sa_serv.sin_family = AF_INET;
293 sa_serv.sin_addr.s_addr = INADDR_ANY;
294 sa_serv.sin_port = htons (PORT); /* Server Port number */
295
296 setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
297 sizeof (int));
298
299 err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
300 if (err == -1)
301 {
302 perror ("bind");
303 fail ("server: bind failed\n");
304 return;
305 }
306
307 err = listen (listen_sd, 1024);
308 if (err == -1)
309 {
310 perror ("listen");
311 fail ("server: listen failed\n");
312 return;
313 }
314
315 success ("server: ready. Listening to port '%d'.\n", PORT);
316 }
317
318 void
319 server (void)
320 {
321 client_len = sizeof (sa_cli);
322
323 session = initialize_tls_session ();
324
325 sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
326
327 success ("server: connection from %s, port %d\n",
328 inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
329 sizeof (topbuf)), ntohs (sa_cli.sin_port));
330
331 gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
332 ret = gnutls_handshake (session);
333 if (ret < 0)
334 {
335 close (sd);
336 gnutls_deinit (session);
337 fail ("server: Handshake has failed (%s)\n\n", gnutls_strerror (ret));
338 return;
339 }
340 success ("server: Handshake was completed\n");
341
342 success ("server: TLS version is: %s\n",
343 gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
344
345 /* see the Getting peer's information example */
346 /* print_info(session); */
347
348 i = 0;
349 for (;;)
350 {
351 memset (buffer, 0, MAX_BUF + 1);
352 ret = gnutls_record_recv (session, buffer, MAX_BUF);
353
354 if (ret == 0)
355 {
356 success ("server: Peer has closed the GNUTLS connection\n");
357 break;
358 }
359 else if (ret < 0)
360 {
361 fail ("server: Received corrupted data(%d). Closing...\n", ret);
362 break;
363 }
364 else if (ret > 0)
365 {
366 /* echo data back to the client
367 */
368 gnutls_record_send (session, buffer, strlen (buffer));
369 }
370 }
371 /* do not wait for the peer to close the connection.
372 */
373 gnutls_bye (session, GNUTLS_SHUT_WR);
374
375 close (sd);
376 gnutls_deinit (session);
377
378 close (listen_sd);
379
380 gnutls_anon_free_server_credentials (anoncred);
381
382 gnutls_global_deinit ();
383
384 success ("server: finished\n");
385 }
386
387 void
388 doit (void)
389 {
390 pid_t child;
391
392 server_start ();
393 if (error_count)
394 return;
395
396 child = fork ();
397 if (child < 0)
398 {
399 perror ("fork");
400 fail ("fork");
401 return;
402 }
403
404 if (child)
405 {
406 int status;
407 /* parent */
408 server ();
409 wait (&status);
410 }
411 else
412 client ();
413 }
Implementation of the SSL/TLS protocol