doc/examples/ex-serv-srp.c

   1 /* This example code is placed in the public domain. */
   2
   3 #ifdef HAVE_CONFIG_H
   4 #include <config.h>
   5 #endif
   6
   7 #include <stdio.h>
   8 #include <stdlib.h>
   9 #include <errno.h>
  10 #include <sys/types.h>
  11 #include <sys/socket.h>
  12 #include <arpa/inet.h>
  13 #include <netinet/in.h>
  14 #include <string.h>
  15 #include <unistd.h>
  16 #include <gnutls/gnutls.h>
  17
  18 #define SRP_PASSWD "tpasswd"
  19 #define SRP_PASSWD_CONF "tpasswd.conf"
  20
  21 #define KEYFILE "key.pem"
  22 #define CERTFILE "cert.pem"
  23 #define CAFILE "/etc/ssl/certs/ca-certificates.crt"
  24
  25 /* This is a sample TLS-SRP echo server.
  26  */
  27
  28 #define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
  29 #define MAX_BUF 1024
  30 #define PORT 5556               /* listen to 5556 port */
  31
  32 /* These are global */
  33 gnutls_srp_server_credentials_t srp_cred;
  34 gnutls_certificate_credentials_t cert_cred;
  35
  36 static gnutls_session_t
  37 initialize_tls_session (void)
  38 {
  39   gnutls_session_t session;
  40
  41   gnutls_init (&session, GNUTLS_SERVER);
  42
  43   gnutls_priority_set_direct (session, "NORMAL:-KX-ALL:+SRP:+SRP-DSS:+SRP-RSA", NULL);
  44
  45   gnutls_credentials_set (session, GNUTLS_CRD_SRP, srp_cred);
  46   /* for the certificate authenticated ciphersuites.
  47    */
  48   gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cert_cred);
  49
  50   /* request client certificate if any.
  51    */
  52   gnutls_certificate_server_set_request (session, GNUTLS_CERT_IGNORE);
  53
  54   return session;
  55 }
  56
  57 int
  58 main (void)
  59 {
  60   int err, listen_sd;
  61   int sd, ret;
  62   struct sockaddr_in sa_serv;
  63   struct sockaddr_in sa_cli;
  64   socklen_t client_len;
  65   char topbuf[512];
  66   gnutls_session_t session;
  67   char buffer[MAX_BUF + 1];
  68   int optval = 1;
  69   char name[256];
  70
  71   strcpy (name, "Echo Server");
  72
  73   gnutls_global_init ();
  74
  75   /* SRP_PASSWD a password file (created with the included srptool utility)
  76    */
  77   gnutls_srp_allocate_server_credentials (&srp_cred);
  78   gnutls_srp_set_server_credentials_file (srp_cred, SRP_PASSWD,
  79                                           SRP_PASSWD_CONF);
  80
  81   gnutls_certificate_allocate_credentials (&cert_cred);
  82   gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE,
  83                                           GNUTLS_X509_FMT_PEM);
  84   gnutls_certificate_set_x509_key_file (cert_cred, CERTFILE, KEYFILE,
  85                                         GNUTLS_X509_FMT_PEM);
  86
  87   /* TCP socket operations
  88    */
  89   listen_sd = socket (AF_INET, SOCK_STREAM, 0);
  90   SOCKET_ERR (listen_sd, "socket");
  91
  92   memset (&sa_serv, '\0', sizeof (sa_serv));
  93   sa_serv.sin_family = AF_INET;
  94   sa_serv.sin_addr.s_addr = INADDR_ANY;
  95   sa_serv.sin_port = htons (PORT);      /* Server Port number */
  96
  97   setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval,
  98               sizeof (int));
  99
 100   err = bind (listen_sd, (struct sockaddr *) & sa_serv, sizeof (sa_serv));
 101   SOCKET_ERR (err, "bind");
 102   err = listen (listen_sd, 1024);
 103   SOCKET_ERR (err, "listen");
 104
 105   printf ("%s ready. Listening to port '%d'.\n\n", name, PORT);
 106
 107   client_len = sizeof (sa_cli);
 108   for (;;)
 109     {
 110       session = initialize_tls_session ();
 111
 112       sd = accept (listen_sd, (struct sockaddr *) & sa_cli, &client_len);
 113
 114       printf ("- connection from %s, port %d\n",
 115               inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
 116                          sizeof (topbuf)), ntohs (sa_cli.sin_port));
 117
 118       gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
 119
 120       do
 121         {
 122           ret = gnutls_handshake (session);
 123         }
 124       while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
 125
 126       if (ret < 0)
 127         {
 128           close (sd);
 129           gnutls_deinit (session);
 130           fprintf (stderr, "*** Handshake has failed (%s)\n\n",
 131                    gnutls_strerror (ret));
 132           continue;
 133         }
 134       printf ("- Handshake was completed\n");
 135       printf ("- User %s was connected\n", gnutls_srp_server_get_username(session));
 136
 137       /* print_info(session); */
 138
 139       for (;;)
 140         {
 141           memset (buffer, 0, MAX_BUF + 1);
 142           ret = gnutls_record_recv (session, buffer, MAX_BUF);
 143
 144           if (ret == 0)
 145             {
 146               printf ("\n- Peer has closed the GnuTLS connection\n");
 147               break;
 148             }
 149           else if (ret < 0)
 150             {
 151               fprintf (stderr, "\n*** Received corrupted "
 152                        "data(%d). Closing the connection.\n\n", ret);
 153               break;
 154             }
 155           else if (ret > 0)
 156             {
 157               /* echo data back to the client
 158                */
 159               gnutls_record_send (session, buffer, strlen (buffer));
 160             }
 161         }
 162       printf ("\n");
 163       /* do not wait for the peer to close the connection. */
 164       gnutls_bye (session, GNUTLS_SHUT_WR);
 165
 166       close (sd);
 167       gnutls_deinit (session);
 168
 169     }
 170   close (listen_sd);
 171
 172   gnutls_srp_free_server_credentials (srp_cred);
 173   gnutls_certificate_free_credentials (cert_cred);
 174
 175   gnutls_global_deinit ();
 176
 177   return 0;
 178
 179 }