gnutls_session_t session(int sock, int server)
{
gnutls_session_t r;
gnutls_init(&r, GNUTLS_DATAGRAM | (server ? GNUTLS_SERVER : GNUTLS_CLIENT)
| GNUTLS_NONBLOCK * nonblock);
gnutls_priority_set_direct(r, "NORMAL:+ANON-ECDH", 0);
gnutls_transport_set_ptr(r, (gnutls_transport_ptr_t) sock);
if (server) {
gnutls_anon_server_credentials_t cred;
gnutls_anon_allocate_server_credentials(&cred);
gnutls_credentials_set(r, GNUTLS_CRD_ANON, cred);
} else {
gnutls_anon_client_credentials_t cred;
gnutls_anon_allocate_client_credentials(&cred);
gnutls_credentials_set(r, GNUTLS_CRD_ANON, cred);
}
gnutls_transport_set_push_function(r, writefn);
gnutls_dtls_set_mtu(r, 1400);
gnutls_dtls_set_timeouts(r, 100, 60000);
return r;
}
void
network_client_init(int security_policy)
{
security = malloc(sizeof(*security));
int kx_prio[2];
gnutls_global_init ();
if (security_policy == CRED_ANON) {
gnutls_anon_allocate_client_credentials(&(security->anoncred));
}
/* Initialize TLS session */
gnutls_init(&(security->session), GNUTLS_CLIENT);
/* Use default priorities */
gnutls_set_default_priority(security->session);
if (security_policy == CRED_ANON) {
kx_prio[0] = GNUTLS_KX_ANON_DH;
kx_prio[1] = 0;
gnutls_kx_set_priority (security->session, kx_prio);
/* Put the anonymous credentials to the current session */
gnutls_credentials_set(security->session, GNUTLS_CRD_ANON,
security->anoncred);
} else
printf("Unknown credentials requested\n");
}
static void session_init(int sock, int server)
{
gnutls_init(&session, GNUTLS_DATAGRAM | (server ? GNUTLS_SERVER : GNUTLS_CLIENT)
| GNUTLS_NONBLOCK * nonblock);
gnutls_priority_set_direct(session, "+CTYPE-OPENPGP:+CIPHER-ALL:+MAC-ALL:+ECDHE-RSA:+ANON-ECDH", 0);
gnutls_transport_set_ptr(session, (gnutls_transport_ptr_t) (intptr_t) sock);
if (full) {
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred);
if (server) {
gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUIRE);
}
} else if (server) {
gnutls_anon_server_credentials_t cred;
gnutls_anon_allocate_server_credentials(&cred);
gnutls_credentials_set(session, GNUTLS_CRD_ANON, cred);
} else {
gnutls_anon_client_credentials_t cred;
gnutls_anon_allocate_client_credentials(&cred);
gnutls_credentials_set(session, GNUTLS_CRD_ANON, cred);
}
gnutls_transport_set_push_function(session, writefn);
gnutls_dtls_set_mtu(session, 1400);
gnutls_dtls_set_timeouts(session, retransmit_milliseconds, timeout_seconds * 1000);
}
extern int xlibgnutls_tls_handshake(gnutls_session_t *session, int tcp_sd, unsigned verbose_level) {
int ret, ii;
/* Need to enable anonymous KX specifically. */
gnutls_global_init();
gnutls_anon_allocate_client_credentials(&anoncred);
gnutls_init(session, GNUTLS_CLIENT);
gnutls_priority_set_direct(*session, "NORMAL:+ANON-ECDH:+ANON-DH", NULL);
gnutls_credentials_set(*session, GNUTLS_CRD_ANON, anoncred);
gnutls_transport_set_int(*session, tcp_sd);
gnutls_handshake_set_timeout(*session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
do {
ret = gnutls_handshake(*session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0) {
print_error("handshake failed");
gnutls_perror(ret);
} else {
char *desc;
desc = gnutls_session_get_desc(*session);
print_info("- Session info: %s\n", desc);
gnutls_free(desc);
}
return ret;
}
static void
init_gnutls(struct module *module)
{
int ret = gnutls_global_init();
unsigned char *ca_file = get_opt_str("connection.ssl.trusted_ca_file",
NULL);
if (ret < 0)
INTERNAL("GNUTLS init failed: %s", gnutls_strerror(ret));
ret = gnutls_anon_allocate_client_credentials(&anon_cred);
if (ret < 0)
INTERNAL("GNUTLS anon credentials alloc failed: %s",
gnutls_strerror(ret));
ret = gnutls_certificate_allocate_credentials(&xcred);
if (ret < 0)
INTERNAL("GNUTLS X509 credentials alloc failed: %s",
gnutls_strerror(ret));
/* Here, we should load certificate files etc. */
if (*ca_file) {
/* FIXME: check returned values. --witekfl */
gnutls_certificate_set_x509_trust_file(xcred, ca_file,
GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_verify_flags(xcred,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
}
}
static void client(int fd, int packet)
{
int ret;
gnutls_anon_client_credentials_t anoncred;
/* Need to enable anonymous KX specifically. */
global_init();
if (debug) {
gnutls_global_set_log_function(client_log_func);
gnutls_global_set_log_level(4711);
}
gnutls_anon_allocate_client_credentials(&anoncred);
/* Initialize TLS session
*/
gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
gnutls_dtls_set_mtu(session, 1500);
/* Use default priorities */
gnutls_priority_set_direct(session,
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
NULL);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
counter = 0;
packet_to_lose = packet;
gnutls_transport_set_int(session, fd);
gnutls_transport_set_push_function(session, push);
/* Perform the TLS handshake
*/
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
gnutls_deinit(session);
gnutls_global_deinit();
if (ret < 0) {
if (ret == GNUTLS_E_TIMEDOUT)
return;
fail("client: Handshake failed\n");
gnutls_perror(ret);
exit(1);
} else {
if (debug)
success("client: Handshake was completed\n");
}
exit(1);
}
static void client(int fd)
{
int ret;
gnutls_anon_client_credentials_t anoncred;
gnutls_session_t session;
/* Need to enable anonymous KX specifically. */
global_init();
if (debug) {
gnutls_global_set_log_function(client_log_func);
gnutls_global_set_log_level(4711);
}
gnutls_anon_allocate_client_credentials(&anoncred);
/* Initialize TLS session
*/
gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
gnutls_dtls_set_mtu(session, 1500);
gnutls_handshake_set_timeout(session, 20 * 1000);
/* Use default priorities */
gnutls_priority_set_direct(session,
"NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
NULL);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
gnutls_transport_set_int(session, fd);
gnutls_transport_set_push_function(session, push);
/* Perform the TLS handshake
*/
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0) {
success("client: Handshake failed as expected\n");
gnutls_perror(ret);
goto exit;
} else {
fail("client: Handshake completed unexpectedly\n");
goto exit;
}
exit:
gnutls_deinit(session);
gnutls_anon_free_client_credentials(anoncred);
gnutls_global_deinit();
}
int
main (void)
{
/* credentials */
gnutls_anon_client_credentials_t c_anoncred;
gnutls_certificate_credentials_t c_certcred;
gnutls_session_t client;
int sd, i;
/* General init. */
gnutls_global_init ();
ecore_init();
// gnutls_global_set_log_function (tls_log_func);
// gnutls_global_set_log_level (2);
/* Init client */
gnutls_anon_allocate_client_credentials (&c_anoncred);
gnutls_certificate_allocate_credentials (&c_certcred);
for (i=0;i<5;i++)
{
gnutls_init (&client, GNUTLS_CLIENT);
/* set very specific priorities */
gnutls_priority_set_direct(client, "NORMAL:+ANON-DH", NULL);
gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, c_certcred);
gnutls_server_name_set(client, GNUTLS_NAME_DNS, "localhost", strlen("localhost"));
/* connect to the peer
*/
sd = tcp_connect ();
/* associate gnutls with socket */
gnutls_transport_set_ptr (client, (gnutls_transport_ptr_t) sd);
/* add a callback for data being available for send/receive on socket */
if (!ecore_main_fd_handler_add(sd, ECORE_FD_READ | ECORE_FD_WRITE, (Ecore_Fd_Cb)_process_data, client, NULL, NULL))
{
print("could not create fd handler!");
exit(1);
}
/* begin main loop */
ecore_main_loop_begin();
gnutls_bye (client, GNUTLS_SHUT_RDWR);
gnutls_deinit (client);
tcp_close (sd);
}
return 0;
}
static Ecore_Con_Ssl_Error
_ecore_con_ssl_server_prepare_gnutls(Ecore_Con_Server *svr,
int ssl_type)
{
int ret;
if (ssl_type & ECORE_CON_USE_SSL2)
return ECORE_CON_SSL_ERROR_SSL2_NOT_SUPPORTED;
switch (ssl_type)
{
case ECORE_CON_USE_SSL3:
case ECORE_CON_USE_SSL3 | ECORE_CON_LOAD_CERT:
case ECORE_CON_USE_TLS:
case ECORE_CON_USE_TLS | ECORE_CON_LOAD_CERT:
case ECORE_CON_USE_MIXED:
case ECORE_CON_USE_MIXED | ECORE_CON_LOAD_CERT:
break;
default:
return ECORE_CON_SSL_ERROR_NONE;
}
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_certificate_allocate_credentials(&svr->cert));
if ((!svr->use_cert) && svr->created)
{
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_dh_params_init(&svr->dh_params));
INF("Generating DH params");
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_dh_params_generate2(svr->dh_params, 1024));
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_anon_allocate_server_credentials(&svr->anoncred_s));
/* TODO: implement PSK */
// SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_psk_allocate_server_credentials(&svr->pskcred_s));
gnutls_anon_set_server_dh_params(svr->anoncred_s, svr->dh_params);
gnutls_certificate_set_dh_params(svr->cert, svr->dh_params);
//gnutls_psk_set_server_dh_params(svr->pskcred_s, svr->dh_params);
INF("DH params successfully generated and applied!");
}
else if (!svr->use_cert)
{
//SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_psk_allocate_client_credentials(&svr->pskcred_c));
SSL_ERROR_CHECK_GOTO_ERROR(ret = gnutls_anon_allocate_client_credentials(&svr->anoncred_c));
}
return ECORE_CON_SSL_ERROR_NONE;
error:
_gnutls_print_errors(ret);
_ecore_con_ssl_server_shutdown_gnutls(svr);
return ECORE_CON_SSL_ERROR_SERVER_INIT_FAILED;
}
int
main (void)
{
/* credentials */
gnutls_anon_client_credentials_t c_anoncred;
gnutls_certificate_credentials_t c_certcred;
gnutls_session_t client;
int sd;
/* General init. */
gnutls_global_init ();
ecore_init();
gnutls_global_set_log_function (tls_log_func);
gnutls_global_set_log_level (6);
/* Init client */
gnutls_anon_allocate_client_credentials (&c_anoncred);
gnutls_certificate_allocate_credentials (&c_certcred);
gnutls_init (&client, GNUTLS_CLIENT);
/* set very specific priorities */
gnutls_priority_set_direct(client, "NONE:%VERIFY_ALLOW_X509_V1_CA_CRT:+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+COMP-DEFLATE:+COMP-NULL:+CTYPE-X509:+SHA1:+SHA256:+SHA384:+SHA512:+AES-256-CBC:+AES-128-CBC:+3DES-CBC:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0", NULL);
gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, c_certcred);
gnutls_server_name_set(client, GNUTLS_NAME_DNS, "www.verisign.com", strlen("www.verisign.com"));
/* connect to the peer
*/
sd = tcp_connect ();
/* associate gnutls with socket */
gnutls_transport_set_ptr (client, (gnutls_transport_ptr_t) sd);
/* add a callback for data being available for send/receive on socket */
if (!ecore_main_fd_handler_add(sd, ECORE_FD_READ | ECORE_FD_WRITE, (Ecore_Fd_Cb)_process_data, client, NULL, NULL))
{
print("could not create fd handler!");
exit(1);
}
/* begin main loop */
ecore_main_loop_begin();
gnutls_bye (client, GNUTLS_SHUT_RDWR);
gnutls_deinit (client);
tcp_close (sd);
return 0;
}
void anon_tls_client (evcom_stream *stream)
{
gnutls_session_t client_session;
gnutls_anon_client_credentials_t client_credentials;
gnutls_anon_allocate_client_credentials (&client_credentials);
gnutls_init(&client_session, GNUTLS_CLIENT);
gnutls_set_default_priority(client_session);
gnutls_kx_set_priority(client_session, kx_prio);
/* Need to enable anonymous KX specifically. */
gnutls_credentials_set(client_session, GNUTLS_CRD_ANON, client_credentials);
evcom_stream_set_secure_session(stream, client_session);
assert(stream->flags & EVCOM_SECURE);
}
static rfbBool
SetTLSAnonCredential(rfbClient* client)
{
gnutls_anon_client_credentials anonCred;
int ret;
if ((ret = gnutls_anon_allocate_client_credentials(&anonCred)) < 0 ||
(ret = gnutls_credentials_set((gnutls_session_t)client->tlsSession, GNUTLS_CRD_ANON, anonCred)) < 0)
{
FreeTLS(client);
rfbClientLog("Failed to create anonymous credentials: %s", gnutls_strerror(ret));
return FALSE;
}
rfbClientLog("TLS anonymous credential created.\n");
return TRUE;
}
static int
qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds,
Error **errp)
{
char *dhparams = NULL;
int ret;
int rv = -1;
trace_qcrypto_tls_creds_anon_load(creds,
creds->parent_obj.dir ? creds->parent_obj.dir : "<nodir>");
if (creds->parent_obj.endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
if (qcrypto_tls_creds_get_path(&creds->parent_obj,
QCRYPTO_TLS_CREDS_DH_PARAMS,
false, &dhparams, errp) < 0) {
goto cleanup;
}
ret = gnutls_anon_allocate_server_credentials(&creds->data.server);
if (ret < 0) {
error_setg(errp, "Cannot allocate credentials: %s",
gnutls_strerror(ret));
goto cleanup;
}
if (qcrypto_tls_creds_get_dh_params_file(&creds->parent_obj, dhparams,
&creds->parent_obj.dh_params,
errp) < 0) {
goto cleanup;
}
gnutls_anon_set_server_dh_params(creds->data.server,
creds->parent_obj.dh_params);
} else {
ret = gnutls_anon_allocate_client_credentials(&creds->data.client);
if (ret < 0) {
error_setg(errp, "Cannot allocate credentials: %s",
gnutls_strerror(ret));
goto cleanup;
}
}
rv = 0;
cleanup:
g_free(dhparams);
return rv;
}
bool GnuTLSClientAnon::init( const std::string&,
const std::string&,
const StringList& )
{
if( m_initLib && gnutls_global_init() != 0 )
return false;
if( gnutls_anon_allocate_client_credentials( &m_anoncred ) < 0 )
return false;
if( gnutls_init( m_session, GNUTLS_CLIENT ) != 0 )
return false;
#if GNUTLS_VERSION_NUMBER >= 0x020600
int ret = gnutls_priority_set_direct( *m_session, "SECURE128:+PFS:+COMP-ALL:+VERS-TLS-ALL:-VERS-SSL3.0:+SIGN-ALL:+CURVE-ALL", 0 );
if( ret != GNUTLS_E_SUCCESS )
return false;
#else
const int protocolPriority[] = {
#ifdef GNUTLS_TLS1_2
GNUTLS_TLS1_2,
#endif
GNUTLS_TLS1_1, GNUTLS_TLS1, 0 };
const int protocolPriority[] = { GNUTLS_TLS1, 0 };
const int kxPriority[] = { GNUTLS_KX_ANON_DH, 0 };
const int cipherPriority[] = { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC,
GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR, 0 };
const int compPriority[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 };
const int macPriority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 };
gnutls_protocol_set_priority( *m_session, protocolPriority );
gnutls_cipher_set_priority( *m_session, cipherPriority );
gnutls_compression_set_priority( *m_session, compPriority );
gnutls_kx_set_priority( *m_session, kxPriority );
gnutls_mac_set_priority( *m_session, macPriority );
#endif
gnutls_credentials_set( *m_session, GNUTLS_CRD_ANON, m_anoncred );
gnutls_transport_set_ptr( *m_session, (gnutls_transport_ptr_t)this );
gnutls_transport_set_push_function( *m_session, pushFunc );
gnutls_transport_set_pull_function( *m_session, pullFunc );
m_valid = true;
return true;
}
TLSGlobal()
{
#if VMIME_HAVE_PTHREAD && defined(GCRY_THREAD_OPTION_PTHREAD_IMPL)
#if VMIME_GNUTLS_NEEDS_GCRYPT
gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
#endif // VMIME_GNUTLS_NEEDS_GCRYPT
#endif // VMIME_HAVE_PTHREAD && defined(GCRY_THREAD_OPTION_PTHREAD_IMPL
gnutls_global_init();
//gnutls_global_init_extra();
#if VMIME_DEBUG && GNUTLS_DEBUG
gnutls_global_set_log_function(TLSLogFunc);
gnutls_global_set_log_level(10);
#endif // VMIME_DEBUG && GNUTLS_DEBUG
gnutls_anon_allocate_client_credentials(&anonCred);
gnutls_certificate_allocate_credentials(&certCred);
}
int main(int argc, char *argv[])
{
gnutls_anon_client_credentials_t c_anoncred;
gnutls_session_t client;
global_init();
gnutls_anon_allocate_client_credentials(&c_anoncred);
gnutls_init(&client, GNUTLS_CLIENT);
gnutls_priority_set_direct(client, "NORMAL", NULL);
/* Test setting the same credential type twice. Earlier GnuTLS had
a bug that crashed when this happened. */
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
gnutls_deinit(client);
gnutls_anon_free_client_credentials(c_anoncred);
gnutls_global_deinit();
return 0;
}
void
doit (void)
{
/* Server stuff. */
gnutls_anon_server_credentials_t s_anoncred;
const gnutls_datum_t p3 = { (void *) pkcs3, strlen (pkcs3) };
static gnutls_dh_params_t dh_params;
gnutls_session_t server;
int sret, cret;
/* Client stuff. */
gnutls_anon_client_credentials_t c_anoncred;
gnutls_session_t client;
/* Need to enable anonymous KX specifically. */
char buffer[MAX_BUF + 1];
ssize_t ns;
int ret, transferred = 0, msglen;
/* General init. */
gnutls_global_init ();
gnutls_global_set_log_function (tls_log_func);
if (debug)
gnutls_global_set_log_level (99);
/* Init server */
gnutls_anon_allocate_server_credentials (&s_anoncred);
gnutls_dh_params_init (&dh_params);
gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
gnutls_anon_set_server_dh_params (s_anoncred, dh_params);
gnutls_init (&server, GNUTLS_SERVER|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK);
ret = gnutls_priority_set_direct (server, "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
if (ret < 0)
exit(1);
gnutls_credentials_set (server, GNUTLS_CRD_ANON, s_anoncred);
gnutls_dh_set_prime_bits (server, 1024);
gnutls_transport_set_push_function (server, server_push);
gnutls_transport_set_pull_function (server, server_pull);
gnutls_transport_set_pull_timeout_function (server, server_pull_timeout_func);
gnutls_transport_set_ptr (server, (gnutls_transport_ptr_t)server);
/* Init client */
gnutls_anon_allocate_client_credentials (&c_anoncred);
gnutls_init (&client, GNUTLS_CLIENT|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK);
cret = gnutls_priority_set_direct (client, "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", NULL);
if (cret < 0)
exit(1);
gnutls_credentials_set (client, GNUTLS_CRD_ANON, c_anoncred);
gnutls_transport_set_push_function (client, client_push);
gnutls_transport_set_pull_function (client, client_pull);
gnutls_transport_set_pull_timeout_function (client, client_pull_timeout_func);
gnutls_transport_set_ptr (client, (gnutls_transport_ptr_t)client);
handshake = 1;
HANDSHAKE(client, server);
handshake = 0;
if (debug)
success ("Handshake established\n");
do
{
ret = gnutls_record_send (client, MSG, strlen (MSG));
}
while(ret == GNUTLS_E_AGAIN);
//success ("client: sent %d\n", ns);
msglen = strlen(MSG);
TRANSFER(client, server, MSG, msglen, buffer, MAX_BUF);
if (debug)
fputs ("\n", stdout);
gnutls_bye (client, GNUTLS_SHUT_WR);
gnutls_bye (server, GNUTLS_SHUT_WR);
gnutls_deinit (client);
gnutls_deinit (server);
gnutls_anon_free_client_credentials (c_anoncred);
gnutls_anon_free_server_credentials (s_anoncred);
gnutls_dh_params_deinit (dh_params);
gnutls_global_deinit ();
}
static void client(int fd, int profile)
{
gnutls_session_t session;
int ret;
gnutls_anon_client_credentials_t anoncred;
uint8_t km[MAX_KEY_MATERIAL];
char buf[2 * MAX_KEY_MATERIAL];
gnutls_datum_t cli_key, cli_salt, server_key, server_salt;
/* Need to enable anonymous KX specifically. */
global_init();
if (debug) {
gnutls_global_set_log_function(client_log_func);
gnutls_global_set_log_level(4711);
}
gnutls_anon_allocate_client_credentials(&anoncred);
/* Initialize TLS session
*/
gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
gnutls_dtls_set_mtu(session, 1500);
/* Use default priorities */
gnutls_priority_set_direct(session,
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
NULL);
if (profile)
ret =
gnutls_srtp_set_profile_direct(session,
"SRTP_AES128_CM_HMAC_SHA1_80",
NULL);
else
ret =
gnutls_srtp_set_profile_direct(session,
"SRTP_NULL_HMAC_SHA1_80",
NULL);
if (ret < 0) {
gnutls_perror(ret);
exit(1);
}
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
gnutls_transport_set_int(session, fd);
/* Perform the TLS handshake
*/
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0) {
fail("client: Handshake failed\n");
gnutls_perror(ret);
exit(1);
} else {
if (debug)
success("client: Handshake was completed\n");
}
if (debug)
success("client: DTLS version is: %s\n",
gnutls_protocol_get_name
(gnutls_protocol_get_version(session)));
ret =
gnutls_srtp_get_keys(session, km, sizeof(km), &cli_key,
&cli_salt, &server_key, &server_salt);
if (ret < 0) {
gnutls_perror(ret);
exit(1);
}
if (debug) {
size_t size = sizeof(buf);
gnutls_hex_encode(&cli_key, buf, &size);
success("Client key: %s\n", buf);
size = sizeof(buf);
gnutls_hex_encode(&cli_salt, buf, &size);
success("Client salt: %s\n", buf);
size = sizeof(buf);
gnutls_hex_encode(&server_key, buf, &size);
success("Server key: %s\n", buf);
size = sizeof(buf);
gnutls_hex_encode(&server_salt, buf, &size);
success("Server salt: %s\n", buf);
}
gnutls_bye(session, GNUTLS_SHUT_WR);
close(fd);
gnutls_deinit(session);
gnutls_anon_free_client_credentials(anoncred);
gnutls_global_deinit();
}
static void client(int sds[], struct params_res *params)
{
int ret, ii;
gnutls_session_t session;
char buffer[MAX_BUF + 1];
gnutls_anon_client_credentials_t anoncred;
/* Need to enable anonymous KX specifically. */
/* variables used in session resuming
*/
int t;
gnutls_datum_t session_data;
if (debug) {
gnutls_global_set_log_function(tls_log_func);
gnutls_global_set_log_level(3);
}
global_init();
gnutls_anon_allocate_client_credentials(&anoncred);
for (t = 0; t < SESSIONS; t++) {
int sd = sds[t];
/* Initialize TLS session
*/
gnutls_init(&session,
GNUTLS_CLIENT | GNUTLS_DATAGRAM);
/* Use default priorities */
if (params->enable_session_ticket_client)
gnutls_priority_set_direct(session,
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
NULL);
else
gnutls_priority_set_direct(session,
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH:%NO_TICKETS",
NULL);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
if (t > 0) {
/* if this is not the first time we connect */
gnutls_session_set_data(session, session_data.data,
session_data.size);
gnutls_free(session_data.data);
}
gnutls_transport_set_int(session, sd);
/* Perform the TLS handshake
*/
gnutls_dtls_set_timeouts(session, 3*1000, 240 * 1000);
do {
ret = gnutls_handshake(session);
} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0) {
gnutls_perror(ret);
fail("client: Handshake failed\n");
goto end;
} else {
if (debug)
success
("client: Handshake was completed\n");
}
if (t == 0) { /* the first time we connect */
/* get the session data size */
ret =
gnutls_session_get_data2(session,
&session_data);
if (ret < 0)
fail("Getting resume data failed\n");
} else { /* the second time we connect */
/* check if we actually resumed the previous session */
if (gnutls_session_is_resumed(session) != 0) {
if (params->expect_resume) {
if (debug)
success
("- Previous session was resumed\n");
} else
fail("- Previous session was resumed\n");
} else {
if (params->expect_resume) {
fail("*** Previous session was NOT resumed\n");
} else {
if (debug)
success
("*** Previous session was NOT resumed (expected)\n");
}
}
}
gnutls_record_send(session, MSG, strlen(MSG));
ret = gnutls_record_recv(session, buffer, MAX_BUF);
if (ret == 0) {
if (debug)
success
("client: Peer has closed the TLS connection\n");
goto end;
} else if (ret < 0) {
fail("client: Error: %s\n", gnutls_strerror(ret));
goto end;
}
if (debug) {
printf("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++) {
fputc(buffer[ii], stdout);
}
fputs("\n", stdout);
}
gnutls_bye(session, GNUTLS_SHUT_RDWR);
close(sd);
gnutls_deinit(session);
}
end:
gnutls_anon_free_client_credentials(anoncred);
}
static void client(int fd)
{
gnutls_session_t session;
int ret;
char buffer[MAX_BUF + 1];
gnutls_anon_client_credentials_t anoncred;
unsigned char seq[8];
uint32_t useq;
memset(buffer, 0, sizeof(buffer));
/* Need to enable anonymous KX specifically. */
/* gnutls_global_set_audit_log_function (tls_audit_log_func); */
global_init();
if (debug) {
gnutls_global_set_log_function(client_log_func);
gnutls_global_set_log_level(2);
}
gnutls_anon_allocate_client_credentials(&anoncred);
/* Initialize TLS session
*/
gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
gnutls_dtls_set_timeouts(session, 50 * 1000, 600 * 1000);
gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
gnutls_dtls_set_mtu(session, 1500);
/* Use default priorities */
gnutls_priority_set_direct(session,
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
NULL);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
gnutls_transport_set_int(session, fd);
/* Perform the TLS handshake
*/
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0) {
fail("client: Handshake failed\n");
gnutls_perror(ret);
exit(1);
} else {
if (debug)
success("client: Handshake was completed\n");
}
gnutls_record_send(session, buffer, 1);
if (debug)
success("client: DTLS version is: %s\n",
gnutls_protocol_get_name
(gnutls_protocol_get_version(session)));
do {
ret =
gnutls_record_recv_seq(session, buffer, sizeof(buffer),
seq);
if (ret > 0) {
useq =
seq[7] | (seq[6] << 8) | (seq[5] << 16) |
(seq[4] << 24);
if (debug)
success("received %u\n", (unsigned int)useq);
if (recv_msg_seq[current] == -1) {
fail("received message sequence differs\n");
terminate();
}
if (((uint32_t)recv_msg_seq[current]) != useq) {
fail("received message sequence differs (current: %u, got: %u, expected: %u)\n",
(unsigned)current, (unsigned)useq, (unsigned)recv_msg_seq[current]);
terminate();
}
current++;
}
}
while ((ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED
|| ret > 0));
gnutls_bye(session, GNUTLS_SHUT_WR);
close(fd);
gnutls_deinit(session);
gnutls_anon_free_client_credentials(anoncred);
gnutls_global_deinit();
}
void
client (void)
{
int ret, sd, ii;
gnutls_session_t session;
char buffer[MAX_BUF + 1];
gnutls_anon_client_credentials_t anoncred;
/* Need to enable anonymous KX specifically. */
const int kx_prio[] = { GNUTLS_KX_ANON_DH, 0 };
/* variables used in session resuming
*/
int t;
gnutls_datum session_data;
gnutls_global_init ();
gnutls_anon_allocate_client_credentials (&anoncred);
for (t = 0; t < 2; t++)
{ /* connect 2 times to the server */
/* connect to the peer
*/
sd = tcp_connect ();
/* Initialize TLS session
*/
gnutls_init (&session, GNUTLS_CLIENT);
/* Use default priorities */
gnutls_set_default_priority (session);
gnutls_kx_set_priority (session, kx_prio);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
if (t > 0)
{
/* if this is not the first time we connect */
gnutls_session_set_data (session, session_data.data,
session_data.size);
gnutls_free (session_data.data);
}
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
/* Perform the TLS handshake
*/
ret = gnutls_handshake (session);
if (ret < 0)
{
fail ("client: Handshake failed\n");
gnutls_perror (ret);
goto end;
}
else
{
success ("client: Handshake was completed\n");
}
if (t == 0)
{ /* the first time we connect */
/* get the session data size */
ret = gnutls_session_get_data2 (session, &session_data);
if (ret < 0)
fail ("Getting resume data failed\n");
}
else
{ /* the second time we connect */
/* check if we actually resumed the previous session */
if (gnutls_session_is_resumed (session) != 0)
{
success ("- Previous session was resumed\n");
}
else
{
success ("*** Previous session was NOT resumed\n");
}
}
gnutls_record_send (session, MSG, strlen (MSG));
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
{
success ("client: Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
{
fail ("client: Error: %s\n", gnutls_strerror (ret));
goto end;
}
if (debug)
{
printf ("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++)
{
fputc (buffer[ii], stdout);
}
fputs ("\n", stdout);
}
gnutls_bye (session, GNUTLS_SHUT_RDWR);
end:
tcp_close (sd);
gnutls_deinit (session);
}
gnutls_anon_free_client_credentials (anoncred);
}
static void client(int fd)
{
int ret;
gnutls_anon_client_credentials_t anoncred;
gnutls_session_t session;
/* Need to enable anonymous KX specifically. */
global_init();
if (debug) {
gnutls_global_set_log_function(client_log_func);
gnutls_global_set_log_level(4711);
}
gnutls_anon_allocate_client_credentials(&anoncred);
/* Initialize TLS session
*/
gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
gnutls_dtls_set_mtu(session, 1500);
gnutls_handshake_set_timeout(session, 20 * 1000);
/* Use default priorities */
gnutls_priority_set_direct(session,
"NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
NULL);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
gnutls_transport_set_int(session, fd);
/* Perform the TLS handshake
*/
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0) {
fail("client: Handshake failed\n");
gnutls_perror(ret);
exit(1);
} else {
if (debug)
success("client: Handshake was completed\n");
}
if (debug)
success("client: TLS version is: %s\n",
gnutls_protocol_get_name
(gnutls_protocol_get_version(session)));
gnutls_transport_set_push_function(session, push);
do {
ret = gnutls_record_send(session, TXT1, TXT1_SIZE);
if (ret == GNUTLS_E_AGAIN) {
if (debug) success("discarding\n");
gnutls_record_discard_queued(session);
}
} while (ret == GNUTLS_E_INTERRUPTED);
do {
ret = gnutls_record_send(session, TXT2, TXT2_SIZE);
} while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
gnutls_bye(session, GNUTLS_SHUT_WR);
close(fd);
gnutls_deinit(session);
gnutls_anon_free_client_credentials(anoncred);
gnutls_global_deinit();
}
static void
init_global_tls_stuff (void)
{
int ret;
/* X509 stuff */
if (gnutls_certificate_allocate_credentials (&xcred) < 0)
{
fprintf (stderr, "Certificate allocation memory error\n");
exit (1);
}
if (x509_cafile != NULL)
{
ret = gnutls_certificate_set_x509_trust_file (xcred,
x509_cafile, x509ctype);
if (ret < 0)
{
fprintf (stderr, "Error setting the x509 trust file\n");
}
else
{
printf ("Processed %d CA certificate(s).\n", ret);
}
}
#ifdef ENABLE_PKI
if (x509_crlfile != NULL)
{
ret = gnutls_certificate_set_x509_crl_file (xcred, x509_crlfile,
x509ctype);
if (ret < 0)
{
fprintf (stderr, "Error setting the x509 CRL file\n");
}
else
{
printf ("Processed %d CRL(s).\n", ret);
}
}
#endif
load_keys ();
#ifdef ENABLE_OPENPGP
if (pgp_keyring != NULL)
{
ret =
gnutls_certificate_set_openpgp_keyring_file (xcred, pgp_keyring,
GNUTLS_OPENPGP_FMT_BASE64);
if (ret < 0)
{
fprintf (stderr, "Error setting the OpenPGP keyring file\n");
}
}
#endif
#ifdef ENABLE_SRP
if (srp_username && srp_passwd)
{
/* SRP stuff */
if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0)
{
fprintf (stderr, "SRP authentication error\n");
}
gnutls_srp_set_client_credentials_function (srp_cred,
srp_username_callback);
}
#endif
#ifdef ENABLE_PSK
/* PSK stuff */
if (gnutls_psk_allocate_client_credentials (&psk_cred) < 0)
{
fprintf (stderr, "PSK authentication error\n");
}
if (psk_username && psk_key.data)
{
ret = gnutls_psk_set_client_credentials (psk_cred,
psk_username, &psk_key,
GNUTLS_PSK_KEY_HEX);
if (ret < 0)
{
fprintf (stderr, "Error setting the PSK credentials: %s\n",
gnutls_strerror (ret));
}
}
gnutls_psk_set_client_credentials_function (psk_cred, psk_callback);
#endif
#ifdef ENABLE_ANON
/* ANON stuff */
if (gnutls_anon_allocate_client_credentials (&anon_cred) < 0)
{
fprintf (stderr, "Anonymous authentication error\n");
}
#endif
}
static void test_ciphersuite_kx(const char *cipher_prio)
{
/* Server stuff. */
gnutls_anon_server_credentials_t s_anoncred;
const gnutls_datum_t p3 = { (char *) pkcs3, strlen(pkcs3) };
static gnutls_dh_params_t dh_params;
gnutls_session_t server;
int sret, cret;
const char *str;
const char *suite = NULL;
/* Client stuff. */
gnutls_anon_client_credentials_t c_anoncred;
gnutls_session_t client;
/* Need to enable anonymous KX specifically. */
int ret;
struct benchmark_st st;
/* Init server */
gnutls_anon_allocate_server_credentials(&s_anoncred);
gnutls_dh_params_init(&dh_params);
gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM);
gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
start_benchmark(&st);
do {
gnutls_init(&server, GNUTLS_SERVER);
ret = gnutls_priority_set_direct(server, cipher_prio, &str);
if (ret < 0) {
fprintf(stderr, "Error in %s\n", str);
exit(1);
}
gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
gnutls_transport_set_ptr(server, (gnutls_transport_ptr_t) server);
reset_buffers();
/* Init client */
gnutls_anon_allocate_client_credentials(&c_anoncred);
gnutls_init(&client, GNUTLS_CLIENT);
ret = gnutls_priority_set_direct(client, cipher_prio, &str);
if (ret < 0) {
fprintf(stderr, "Error in %s\n", str);
exit(1);
}
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
gnutls_transport_set_ptr(client, (gnutls_transport_ptr_t) client);
HANDSHAKE(client, server);
if (suite == NULL)
suite = gnutls_cipher_suite_get_name(gnutls_kx_get(server),
gnutls_cipher_get(server),
gnutls_mac_get(server));
gnutls_deinit(client);
gnutls_deinit(server);
st.size += 1;
}
while (benchmark_must_finish == 0);
fprintf(stdout, "Tested %s: ", suite);
stop_benchmark(&st, "transactions");
gnutls_anon_free_client_credentials(c_anoncred);
gnutls_anon_free_server_credentials(s_anoncred);
gnutls_dh_params_deinit(dh_params);
}
static void client(int fd, const char *protocol0, const char *protocol1, const char *protocol2)
{
gnutls_session_t session;
int ret;
gnutls_datum_t proto;
gnutls_anon_client_credentials_t anoncred;
/* Need to enable anonymous KX specifically. */
global_init();
if (debug) {
gnutls_global_set_log_function(client_log_func);
gnutls_global_set_log_level(4711);
}
gnutls_anon_allocate_client_credentials(&anoncred);
/* Initialize TLS session
*/
gnutls_init(&session, GNUTLS_CLIENT);
/* Use default priorities */
gnutls_priority_set_direct(session,
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
NULL);
if (protocol1) {
gnutls_datum_t t[3];
t[0].data = (void *) protocol0;
t[0].size = strlen(protocol0);
t[1].data = (void *) protocol1;
t[1].size = strlen(protocol1);
t[2].data = (void *) protocol2;
t[2].size = strlen(protocol2);
ret = gnutls_alpn_set_protocols(session, t, 3, 0);
if (ret < 0) {
gnutls_perror(ret);
exit(1);
}
}
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
gnutls_transport_set_int(session, fd);
/* Perform the TLS handshake
*/
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0) {
fail("client: Handshake failed\n");
gnutls_perror(ret);
exit(1);
} else {
if (debug)
success("client: Handshake was completed\n");
}
if (debug)
success("client: TLS version is: %s\n",
gnutls_protocol_get_name
(gnutls_protocol_get_version(session)));
ret = gnutls_alpn_get_selected_protocol(session, &proto);
if (ret < 0) {
gnutls_perror(ret);
exit(1);
}
if (debug) {
fprintf(stderr, "selected protocol: %.*s\n",
(int) proto.size, proto.data);
}
gnutls_bye(session, GNUTLS_SHUT_WR);
close(fd);
gnutls_deinit(session);
gnutls_anon_free_client_credentials(anoncred);
gnutls_global_deinit();
}
static void test_ciphersuite(const char *cipher_prio, int size)
{
/* Server stuff. */
gnutls_anon_server_credentials_t s_anoncred;
const gnutls_datum_t p3 = { (char *) pkcs3, strlen(pkcs3) };
static gnutls_dh_params_t dh_params;
gnutls_session_t server;
int sret, cret;
const char *str;
/* Client stuff. */
gnutls_anon_client_credentials_t c_anoncred;
gnutls_session_t client;
/* Need to enable anonymous KX specifically. */
int ret;
struct benchmark_st st;
/* Init server */
gnutls_anon_allocate_server_credentials(&s_anoncred);
gnutls_dh_params_init(&dh_params);
gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM);
gnutls_anon_set_server_dh_params(s_anoncred, dh_params);
gnutls_init(&server, GNUTLS_SERVER);
ret = gnutls_priority_set_direct(server, cipher_prio, &str);
if (ret < 0) {
fprintf(stderr, "Error in %s\n", str);
exit(1);
}
gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
gnutls_dh_set_prime_bits(server, 1024);
gnutls_transport_set_push_function(server, server_push);
gnutls_transport_set_pull_function(server, server_pull);
gnutls_transport_set_ptr(server, (gnutls_transport_ptr_t) server);
reset_buffers();
/* Init client */
gnutls_anon_allocate_client_credentials(&c_anoncred);
gnutls_init(&client, GNUTLS_CLIENT);
ret = gnutls_priority_set_direct(client, cipher_prio, &str);
if (ret < 0) {
fprintf(stderr, "Error in %s\n", str);
exit(1);
}
gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
gnutls_transport_set_push_function(client, client_push);
gnutls_transport_set_pull_function(client, client_pull);
gnutls_transport_set_ptr(client, (gnutls_transport_ptr_t) client);
HANDSHAKE(client, server);
fprintf(stdout, "Testing %s with %d packet size: ",
gnutls_cipher_suite_get_name(gnutls_kx_get(server),
gnutls_cipher_get(server),
gnutls_mac_get(server)), size);
fflush(stdout);
gnutls_rnd(GNUTLS_RND_NONCE, buffer, sizeof(buffer));
start_benchmark(&st);
do {
do {
ret = gnutls_record_send(client, buffer, size);
}
while (ret == GNUTLS_E_AGAIN);
if (ret < 0) {
fprintf(stderr, "Failed sending to server\n");
exit(1);
}
do {
ret = gnutls_record_recv(server, buffer, sizeof(buffer));
}
while (ret == GNUTLS_E_AGAIN);
if (ret < 0) {
fprintf(stderr, "Failed receiving from client\n");
exit(1);
}
st.size += size;
}
while (benchmark_must_finish == 0);
stop_benchmark(&st, NULL);
gnutls_bye(client, GNUTLS_SHUT_WR);
gnutls_bye(server, GNUTLS_SHUT_WR);
gnutls_deinit(client);
gnutls_deinit(server);
gnutls_anon_free_client_credentials(c_anoncred);
gnutls_anon_free_server_credentials(s_anoncred);
gnutls_dh_params_deinit(dh_params);
}
static void client(int fd, const char *prio)
{
int ret;
gnutls_anon_client_credentials_t anoncred;
gnutls_certificate_credentials_t x509_cred;
gnutls_session_t session;
/* Need to enable anonymous KX specifically. */
gnutls_global_init();
if (debug) {
gnutls_global_set_log_function(client_log_func);
gnutls_global_set_log_level(7);
}
gnutls_anon_allocate_client_credentials(&anoncred);
gnutls_certificate_allocate_credentials(&x509_cred);
/* Initialize TLS session
*/
gnutls_init(&session, GNUTLS_CLIENT);
/* Use default priorities */
gnutls_priority_set_direct(session, prio, NULL);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
gnutls_transport_set_int(session, fd);
/* Perform the TLS handshake
*/
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (gnutls_ecc_curve_get(session) == 0xffffffff) {
fprintf(stderr, "memory was overwritten\n");
kill(getpid(), SIGSEGV);
}
if (ret < 0) {
fprintf(stderr, "client: Handshake failed (expected)\n");
gnutls_perror(ret);
exit(0);
} else {
if (debug)
fprintf(stderr, "client: Handshake was completed\n");
}
close(fd);
gnutls_deinit(session);
gnutls_anon_free_client_credentials(anoncred);
gnutls_certificate_free_credentials(x509_cred);
gnutls_global_deinit();
}
int
main (void)
{
int ret, sd, ii;
gnutls_session_t session;
char buffer[MAX_BUF + 1];
gnutls_anon_client_credentials_t anoncred;
/* Need to enable anonymous KX specifically. */
gnutls_global_init ();
gnutls_anon_allocate_client_credentials (&anoncred);
/* Initialize TLS session
*/
gnutls_init (&session, GNUTLS_CLIENT);
/* Use default priorities */
gnutls_priority_set_direct (session, "PERFORMANCE:+ANON-ECDH:+ANON-DH",
NULL);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
/* connect to the peer
*/
sd = tcp_connect ();
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
gnutls_handshake_set_timeout (session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
/* Perform the TLS handshake
*/
do
{
ret = gnutls_handshake (session);
}
while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
if (ret < 0)
{
fprintf (stderr, "*** Handshake failed\n");
gnutls_perror (ret);
goto end;
}
else
{
printf ("- Handshake was completed\n");
}
gnutls_record_send (session, MSG, strlen (MSG));
ret = gnutls_record_recv (session, buffer, MAX_BUF);
if (ret == 0)
{
printf ("- Peer has closed the TLS connection\n");
goto end;
}
else if (ret < 0)
{
fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
goto end;
}
printf ("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++)
{
fputc (buffer[ii], stdout);
}
fputs ("\n", stdout);
gnutls_bye (session, GNUTLS_SHUT_RDWR);
end:
tcp_close (sd);
gnutls_deinit (session);
gnutls_anon_free_client_credentials (anoncred);
gnutls_global_deinit ();
return 0;
}
static void client(int fd, int server_init)
{
int ret;
char buffer[MAX_BUF + 1];
gnutls_anon_client_credentials_t anoncred;
gnutls_session_t session;
/* Need to enable anonymous KX specifically. */
global_init();
if (debug) {
gnutls_global_set_log_function(client_log_func);
gnutls_global_set_log_level(4711);
}
gnutls_anon_allocate_client_credentials(&anoncred);
/* Initialize TLS session
*/
gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
gnutls_dtls_set_mtu(session, 1500);
/* Use default priorities */
gnutls_priority_set_direct(session,
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
NULL);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
gnutls_transport_set_int(session, fd);
gnutls_transport_set_push_function(session, push);
/* Perform the TLS handshake
*/
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0) {
fail("client: Handshake failed\n");
gnutls_perror(ret);
exit(1);
} else {
if (debug)
success("client: Handshake was completed\n");
}
if (debug)
success("client: TLS version is: %s\n",
gnutls_protocol_get_name
(gnutls_protocol_get_version(session)));
if (!server_init) {
sec_sleep(60);
if (debug)
success("Initiating client rehandshake\n");
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0) {
fail("2nd client gnutls_handshake: %s\n",
gnutls_strerror(ret));
terminate();
}
} else {
do {
ret = gnutls_record_recv(session, buffer, MAX_BUF);
} while (ret == GNUTLS_E_AGAIN
|| ret == GNUTLS_E_INTERRUPTED);
}
if (ret == 0) {
if (debug)
success
("client: Peer has closed the TLS connection\n");
goto end;
} else if (ret < 0) {
if (server_init && ret == GNUTLS_E_REHANDSHAKE) {
if (debug)
success
("Initiating rehandshake due to server request\n");
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
}
if (ret != 0) {
fail("client: Error: %s\n", gnutls_strerror(ret));
exit(1);
}
}
do {
ret = gnutls_record_send(session, MSG, strlen(MSG));
} while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
gnutls_bye(session, GNUTLS_SHUT_WR);
end:
close(fd);
gnutls_deinit(session);
gnutls_anon_free_client_credentials(anoncred);
gnutls_global_deinit();
}
static void
client (int fd, int server_init)
{
gnutls_session_t session;
int ret, ret2;
char buffer[MAX_BUF + 1];
gnutls_anon_client_credentials_t anoncred;
/* Need to enable anonymous KX specifically. */
gnutls_global_init ();
if (debug)
{
gnutls_global_set_log_function (client_log_func);
gnutls_global_set_log_level (4711);
}
gnutls_anon_allocate_client_credentials (&anoncred);
/* Initialize TLS session
*/
gnutls_init (&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM);
gnutls_heartbeat_enable (session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
gnutls_dtls_set_mtu (session, 1500);
/* Use default priorities */
gnutls_priority_set_direct (session,
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
NULL);
/* put the anonymous credentials to the current session
*/
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) fd);
/* Perform the TLS handshake
*/
do
{
ret = gnutls_handshake (session);
}
while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
if (ret < 0)
{
fail ("client: Handshake failed\n");
gnutls_perror (ret);
exit (1);
}
else
{
if (debug)
success ("client: Handshake was completed\n");
}
if (debug)
success ("client: DTLS version is: %s\n",
gnutls_protocol_get_name (gnutls_protocol_get_version
(session)));
if (!server_init)
{
do
{
ret =
gnutls_record_recv (session, buffer, sizeof (buffer));
if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED)
{
if (debug)
success ("Ping received. Replying with pong.\n");
ret2 = gnutls_heartbeat_pong (session, 0);
if (ret2 < 0)
{
fail ("pong: %s\n", gnutls_strerror (ret));
terminate ();
}
}
}
while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED
|| ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
}
else
{
do
{
ret =
gnutls_heartbeat_ping (session, 256, 5,
GNUTLS_HEARTBEAT_WAIT);
if (debug)
success ("Ping sent.\n");
}
while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
if (ret < 0)
{
fail ("ping: %s\n", gnutls_strerror (ret));
terminate ();
}
}
gnutls_bye (session, GNUTLS_SHUT_WR);
close (fd);
gnutls_deinit (session);
gnutls_anon_free_client_credentials (anoncred);
gnutls_global_deinit ();
}
