doc/examples/ex-serv-anon.c

   1 /* This example code is placed in the public domain. */
   2
   3 #ifdef HAVE_CONFIG_H
   4 #include <config.h>
   5 #endif
   6
   7 #include <stdio.h>
   8 #include <stdlib.h>
   9 #include <errno.h>
  10 #include <sys/types.h>
  11 #include <sys/socket.h>
  12 #include <arpa/inet.h>
  13 #include <netinet/in.h>
  14 #include <string.h>
  15 #include <unistd.h>
  16 #include <gnutls/gnutls.h>
  17
  18 /* This is a sample TLS 1.0 echo server, for anonymous authentication only.
  19  */
  20
  21
  22 #define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
  23 #define MAX_BUF 1024
  24 #define PORT 5556               /* listen to 5556 port */
  25 #define DH_BITS 1024
  26
  27 /* These are global */
  28 gnutls_anon_server_credentials_t anoncred;
  29
  30 static gnutls_session_t
  31 initialize_tls_session (void)
  32 {
  33   gnutls_session_t session;
  34
  35   gnutls_init (&session, GNUTLS_SERVER);
  36
  37   gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL);
  38
  39   gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
  40
  41   gnutls_dh_set_prime_bits (session, DH_BITS);
  42
  43   return session;
  44 }
  45
  46 static gnutls_dh_params_t dh_params;
  47
  48 static int
  49 generate_dh_params (void)
  50 {
  51
  52   /* Generate Diffie-Hellman parameters - for use with DHE
  53    * kx algorithms. These should be discarded and regenerated
  54    * once a day, once a week or once a month. Depending on the
  55    * security requirements.
  56    */
  57   gnutls_dh_params_init (&dh_params);
  58   gnutls_dh_params_generate2 (dh_params, DH_BITS);
  59
  60   return 0;
  61 }
  62
  63 int
  64 main (void)
  65 {
  66   int err, listen_sd;
  67   int sd, ret;
  68   struct sockaddr_in sa_serv;
  69   struct sockaddr_in sa_cli;
  70   socklen_t client_len;
  71   char topbuf[512];
  72   gnutls_session_t session;
  73   char buffer[MAX_BUF + 1];
  74   int optval = 1;
  75
  76   /* this must be called once in the program
  77    */
  78   gnutls_global_init ();
  79
  80   gnutls_anon_allocate_server_credentials (&anoncred);
  81
  82   generate_dh_params ();
  83
  84   gnutls_anon_set_server_dh_params (anoncred, dh_params);
  85
  86   /* Socket operations
  87    */
  88   listen_sd = socket (AF_INET, SOCK_STREAM, 0);
  89   SOCKET_ERR (listen_sd, "socket");
  90
  91   memset (&sa_serv, '\0', sizeof (sa_serv));
  92   sa_serv.sin_family = AF_INET;
  93   sa_serv.sin_addr.s_addr = INADDR_ANY;
  94   sa_serv.sin_port = htons (PORT);      /* Server Port number */
  95
  96   setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
  97               sizeof (int));
  98
  99   err = bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv));
 100   SOCKET_ERR (err, "bind");
 101   err = listen (listen_sd, 1024);
 102   SOCKET_ERR (err, "listen");
 103
 104   printf ("Server ready. Listening to port '%d'.\n\n", PORT);
 105
 106   client_len = sizeof (sa_cli);
 107   for (;;)
 108     {
 109       session = initialize_tls_session ();
 110
 111       sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
 112
 113       printf ("- connection from %s, port %d\n",
 114               inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
 115                          sizeof (topbuf)), ntohs (sa_cli.sin_port));
 116
 117       gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) ((ptrdiff_t) sd));
 118
 119       do
 120         {
 121           ret = gnutls_handshake (session);
 122         }
 123       while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
 124
 125       if (ret < 0)
 126         {
 127           close (sd);
 128           gnutls_deinit (session);
 129           fprintf (stderr, "*** Handshake has failed (%s)\n\n",
 130                    gnutls_strerror (ret));
 131           continue;
 132         }
 133       printf ("- Handshake was completed\n");
 134
 135       /* see the Getting peer's information example */
 136       /* print_info(session); */
 137
 138       for (;;)
 139         {
 140           memset (buffer, 0, MAX_BUF + 1);
 141           ret = gnutls_record_recv (session, buffer, MAX_BUF);
 142
 143           if (ret == 0)
 144             {
 145               printf ("\n- Peer has closed the GnuTLS connection\n");
 146               break;
 147             }
 148           else if (ret < 0)
 149             {
 150               fprintf (stderr, "\n*** Received corrupted "
 151                        "data(%d). Closing the connection.\n\n", ret);
 152               break;
 153             }
 154           else if (ret > 0)
 155             {
 156               /* echo data back to the client
 157                */
 158               gnutls_record_send (session, buffer, strlen (buffer));
 159             }
 160         }
 161       printf ("\n");
 162       /* do not wait for the peer to close the connection.
 163        */
 164       gnutls_bye (session, GNUTLS_SHUT_WR);
 165
 166       close (sd);
 167       gnutls_deinit (session);
 168
 169     }
 170   close (listen_sd);
 171
 172   gnutls_anon_free_server_credentials (anoncred);
 173
 174   gnutls_global_deinit ();
 175
 176   return 0;
 177
 178 }