safe renegotiation tests only run under valgrind in the devel environment.
[gnutls.git] / tests / openpgp-auth2.c
blobd87f79f94f198eca69fefd5c29137e56843bca6f
1 /*
2 * Copyright (C) 2010-2012 Free Software Foundation, Inc.
3 * Author: Ludovic Courtès
5 * This file is part of GNUTLS.
7 * GNUTLS is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GNUTLS is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with GNUTLS; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
22 #ifdef HAVE_CONFIG_H
23 #include <config.h>
24 #endif
26 #if !defined(_WIN32)
28 #include <gnutls/gnutls.h>
29 #include <gnutls/openpgp.h>
31 #include "utils.h"
32 #include <read-file.h>
34 #include <unistd.h>
35 #include <stdlib.h>
36 #include <sys/types.h>
37 #include <sys/socket.h>
38 #include <sys/wait.h>
39 #include <string.h>
40 #include <errno.h>
41 #include <stdio.h>
44 /* This is the same test as openpgp-auth but tests
45 * openpgp under the latest TLS protocol (TLSv1.2). In
46 * addition it tests DSS signatures under that.
49 static const char message[] = "Hello, brave GNU world!";
51 /* The OpenPGP key pair for use and the key ID in those keys. */
52 static const char pub_key_file[] = "../guile/tests/openpgp-pub.asc";
53 static const char priv_key_file[] = "../guile/tests/openpgp-sec.asc";
54 static const char *key_id = NULL
55 /* FIXME: The values below don't work as expected. */
56 /* "auto" */
57 /* "bd572cdcccc07c35" */ ;
59 static void
60 log_message (int level, const char *message)
62 fprintf (stderr, "[%5d|%2d] %s", getpid (), level, message);
66 void
67 doit ()
69 int err;
70 int sockets[2];
71 const char *srcdir;
72 char *pub_key_path, *priv_key_path;
73 pid_t child;
75 gnutls_global_init ();
77 srcdir = getenv ("srcdir") ? getenv ("srcdir") : ".";
79 if (debug)
81 gnutls_global_set_log_level (10);
82 gnutls_global_set_log_function (log_message);
85 err = socketpair (PF_UNIX, SOCK_STREAM, 0, sockets);
86 if (err != 0)
87 fail ("socketpair %s\n", strerror (errno));
89 pub_key_path = alloca (strlen (srcdir) + strlen (pub_key_file) + 2);
90 strcpy (pub_key_path, srcdir);
91 strcat (pub_key_path, "/");
92 strcat (pub_key_path, pub_key_file);
94 priv_key_path = alloca (strlen (srcdir) + strlen (priv_key_file) + 2);
95 strcpy (priv_key_path, srcdir);
96 strcat (priv_key_path, "/");
97 strcat (priv_key_path, priv_key_file);
99 child = fork ();
100 if (child == -1)
101 fail ("fork %s\n", strerror (errno));
103 if (child == 0)
105 /* Child process (client). */
106 gnutls_session_t session;
107 gnutls_certificate_credentials_t cred;
108 ssize_t sent;
110 if (debug)
111 printf ("client process %i\n", getpid ());
113 err = gnutls_init (&session, GNUTLS_CLIENT);
114 if (err != 0)
115 fail ("client session %d\n", err);
117 gnutls_priority_set_direct (session, "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP", NULL);
118 gnutls_transport_set_ptr (session,
119 (gnutls_transport_ptr_t) (intptr_t)
120 sockets[0]);
122 err = gnutls_certificate_allocate_credentials (&cred);
123 if (err != 0)
124 fail ("client credentials %d\n", err);
126 err =
127 gnutls_certificate_set_openpgp_key_file2 (cred,
128 pub_key_path, priv_key_path,
129 key_id,
130 GNUTLS_OPENPGP_FMT_BASE64);
131 if (err != 0)
132 fail ("client openpgp keys %d\n", err);
134 err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
135 if (err != 0)
136 fail ("client credential_set %d\n", err);
138 gnutls_dh_set_prime_bits (session, 1024);
140 err = gnutls_handshake (session);
141 if (err != 0)
142 fail ("client handshake %s (%d) \n", gnutls_strerror(err), err);
143 else if (debug)
144 printf ("client handshake successful\n");
146 sent = gnutls_record_send (session, message, sizeof (message));
147 if (sent != sizeof (message))
148 fail ("client sent %li vs. %li\n",
149 (long) sent, (long) sizeof (message));
151 err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
152 if (err != 0)
153 fail ("client bye %d\n", err);
155 if (debug)
156 printf ("client done\n");
158 gnutls_deinit(session);
159 gnutls_certificate_free_credentials (cred);
161 else
163 /* Parent process (server). */
164 gnutls_session_t session;
165 gnutls_dh_params_t dh_params;
166 gnutls_certificate_credentials_t cred;
167 char greetings[sizeof (message) * 2];
168 ssize_t received;
169 pid_t done;
170 int status;
171 const gnutls_datum_t p3 = { (void*) pkcs3, strlen (pkcs3) };
173 if (debug)
174 printf ("server process %i (child %i)\n", getpid (), child);
176 err = gnutls_init (&session, GNUTLS_SERVER);
177 if (err != 0)
178 fail ("server session %d\n", err);
180 gnutls_priority_set_direct (session, "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP", NULL);
181 gnutls_transport_set_ptr (session,
182 (gnutls_transport_ptr_t) (intptr_t)
183 sockets[1]);
185 err = gnutls_certificate_allocate_credentials (&cred);
186 if (err != 0)
187 fail ("server credentials %d\n", err);
189 err =
190 gnutls_certificate_set_openpgp_key_file2 (cred,
191 pub_key_path, priv_key_path,
192 key_id,
193 GNUTLS_OPENPGP_FMT_BASE64);
194 if (err != 0)
195 fail ("server openpgp keys %d\n", err);
197 err = gnutls_dh_params_init (&dh_params);
198 if (err)
199 fail ("server DH params init %d\n", err);
201 err =
202 gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
203 if (err)
204 fail ("server DH params generate %d\n", err);
206 gnutls_certificate_set_dh_params (cred, dh_params);
208 err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
209 if (err != 0)
210 fail ("server credential_set %d\n", err);
212 gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
214 err = gnutls_handshake (session);
215 if (err != 0)
216 fail ("server handshake %s (%d) \n", gnutls_strerror(err), err);
218 received = gnutls_record_recv (session, greetings, sizeof (greetings));
219 if (received != sizeof (message)
220 || memcmp (greetings, message, sizeof (message)))
221 fail ("server received %li vs. %li\n",
222 (long) received, (long) sizeof (message));
224 err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
225 if (err != 0)
226 fail ("server bye %s (%d) \n", gnutls_strerror(err), err);
228 if (debug)
229 printf ("server done\n");
231 gnutls_deinit(session);
232 gnutls_certificate_free_credentials (cred);
233 gnutls_dh_params_deinit (dh_params);
235 done = wait (&status);
236 if (done < 0)
237 fail ("wait %s\n", strerror (errno));
239 if (done != child)
240 fail ("who's that?! %d\n", done);
242 if (WIFEXITED (status))
244 if (WEXITSTATUS (status) != 0)
245 fail ("child exited with status %d\n", WEXITSTATUS (status));
247 else if (WIFSIGNALED (status))
248 fail ("child stopped by signal %d\n", WTERMSIG (status));
249 else
250 fail ("child failed: %d\n", status);
253 gnutls_global_deinit ();
255 #else
256 void
257 doit ()
259 exit (77);
261 #endif