1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
/* This example code is placed in the public domain. */
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <assert.h>
#include <gnutls/gnutls.h>
/* A very basic TLS client, with PSK authentication.
*/
#define CHECK(x) assert((x)>=0)
#define LOOP_CHECK(rval, cmd) \
do { \
rval = cmd; \
} while(rval == GNUTLS_E_AGAIN || rval == GNUTLS_E_INTERRUPTED); \
assert(rval >= 0)
#define MAX_BUF 1024
#define MSG "GET / HTTP/1.0\r\n\r\n"
extern int tcp_connect(void);
extern void tcp_close(int sd);
int main(void)
{
int ret, sd, ii;
gnutls_session_t session;
char buffer[MAX_BUF + 1];
const char *err;
gnutls_psk_client_credentials_t pskcred;
const gnutls_datum_t key = { (void *)"DEADBEEF", 8 };
if (gnutls_check_version("3.6.3") == NULL) {
fprintf(stderr,
"GnuTLS 3.6.3 or later is required for this example\n");
exit(1);
}
CHECK(gnutls_global_init());
CHECK(gnutls_psk_allocate_client_credentials(&pskcred));
CHECK(gnutls_psk_set_client_credentials(pskcred, "test", &key,
GNUTLS_PSK_KEY_HEX));
/* Initialize TLS session
*/
CHECK(gnutls_init(&session, GNUTLS_CLIENT));
ret =
gnutls_set_default_priority_append(session,
"-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK",
&err, 0);
/* Alternative for pre-3.6.3 versions:
* gnutls_priority_set_direct(session, "NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK", &err)
*/
if (ret < 0) {
if (ret == GNUTLS_E_INVALID_REQUEST) {
fprintf(stderr, "Syntax error at: %s\n", err);
}
exit(1);
}
/* put the x509 credentials to the current session
*/
CHECK(gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred));
/* connect to the peer
*/
sd = tcp_connect();
gnutls_transport_set_int(session, sd);
gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
/* Perform the TLS handshake
*/
do {
ret = gnutls_handshake(session);
}
while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
if (ret < 0) {
fprintf(stderr, "*** Handshake failed\n");
gnutls_perror(ret);
goto end;
} else {
char *desc;
desc = gnutls_session_get_desc(session);
printf("- Session info: %s\n", desc);
gnutls_free(desc);
}
LOOP_CHECK(ret, gnutls_record_send(session, MSG, strlen(MSG)));
LOOP_CHECK(ret, gnutls_record_recv(session, buffer, MAX_BUF));
if (ret == 0) {
printf("- Peer has closed the TLS connection\n");
goto end;
} else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) {
fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret));
} else if (ret < 0) {
fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret));
goto end;
}
if (ret > 0) {
printf("- Received %d bytes: ", ret);
for (ii = 0; ii < ret; ii++) {
fputc(buffer[ii], stdout);
}
fputs("\n", stdout);
}
CHECK(gnutls_bye(session, GNUTLS_SHUT_RDWR));
end:
tcp_close(sd);
gnutls_deinit(session);
gnutls_psk_free_client_credentials(pskcred);
gnutls_global_deinit();
return 0;
}
|
