tests/openpgp-auth2.c

   1 /*
   2  * Copyright (C) 2010 Free Software Foundation
   3  * Author: Ludovic Courtès
   4  *
   5  * This file is part of GNUTLS.
   6  *
   7  * GNUTLS is free software; you can redistribute it and/or modify it
   8  * under the terms of the GNU General Public License as published by
   9  * the Free Software Foundation; either version 3 of the License, or
  10  * (at your option) any later version.
  11  *
  12  * GNUTLS is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15  * General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU General Public License
  18  * along with GNUTLS; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  20  */
  21
  22 #ifdef HAVE_CONFIG_H
  23 #include <config.h>
  24 #endif
  25
  26 #include <gnutls/gnutls.h>
  27 #include <gnutls/openpgp.h>
  28
  29 #include "utils.h"
  30 #include <read-file.h>
  31
  32 #include <unistd.h>
  33 #include <stdlib.h>
  34 #include <sys/types.h>
  35 #include <sys/socket.h>
  36 #include <sys/wait.h>
  37 #include <string.h>
  38 #include <errno.h>
  39 #include <stdio.h>
  40
  41 /* This is the same test as openpgp-auth but tests
  42  * openpgp under the latest TLS protocol (TLSv1.2). In
  43  * addition it tests DSS signatures under that.
  44  */
  45
  46 static const char message[] = "Hello, brave GNU world!";
  47
  48 /* The OpenPGP key pair for use and the key ID in those keys.  */
  49 static const char pub_key_file[] = "../guile/tests/openpgp-pub.asc";
  50 static const char priv_key_file[] = "../guile/tests/openpgp-sec.asc";
  51 static const char *key_id = NULL
  52   /* FIXME: The values below don't work as expected.  */
  53   /* "auto" */
  54   /* "bd572cdcccc07c35" */ ;
  55
  56 static const char rsa_params_file[] = "../guile/tests/rsa-parameters.pem";
  57
  58 static void
  59 log_message (int level, const char *message)
  60 {
  61   fprintf (stderr, "[%5d|%2d] %s", getpid (), level, message);
  62 }
  63 \f
  64
  65 void
  66 doit ()
  67 {
  68   int err;
  69   int sockets[2];
  70   const char *srcdir;
  71   char *pub_key_path, *priv_key_path, *rsa_params_path;
  72   pid_t child;
  73
  74   gnutls_global_init ();
  75
  76   srcdir = getenv ("srcdir") ? getenv ("srcdir") : ".";
  77
  78   if (debug)
  79     {
  80       gnutls_global_set_log_level (10);
  81       gnutls_global_set_log_function (log_message);
  82     }
  83
  84   err = socketpair (PF_UNIX, SOCK_STREAM, 0, sockets);
  85   if (err != 0)
  86     fail ("socketpair %s\n", strerror (errno));
  87
  88   pub_key_path = alloca (strlen (srcdir) + strlen (pub_key_file) + 2);
  89   strcpy (pub_key_path, srcdir);
  90   strcat (pub_key_path, "/");
  91   strcat (pub_key_path, pub_key_file);
  92
  93   priv_key_path = alloca (strlen (srcdir) + strlen (priv_key_file) + 2);
  94   strcpy (priv_key_path, srcdir);
  95   strcat (priv_key_path, "/");
  96   strcat (priv_key_path, priv_key_file);
  97
  98   rsa_params_path = alloca (strlen (srcdir) + strlen (rsa_params_file) + 2);
  99   strcpy (rsa_params_path, srcdir);
 100   strcat (rsa_params_path, "/");
 101   strcat (rsa_params_path, rsa_params_file);
 102
 103   child = fork ();
 104   if (child == -1)
 105     fail ("fork %s\n", strerror (errno));
 106
 107   if (child == 0)
 108     {
 109       /* Child process (client).  */
 110       gnutls_session_t session;
 111       gnutls_certificate_credentials_t cred;
 112       ssize_t sent;
 113
 114       if (debug)
 115         printf ("client process %i\n", getpid ());
 116
 117       err = gnutls_init (&session, GNUTLS_CLIENT);
 118       if (err != 0)
 119         fail ("client session %d\n", err);
 120
 121       gnutls_priority_set_direct (session, "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+CTYPE-OPENPGP", NULL);
 122       gnutls_transport_set_ptr (session,
 123                                 (gnutls_transport_ptr_t) (intptr_t)
 124                                 sockets[0]);
 125
 126       err = gnutls_certificate_allocate_credentials (&cred);
 127       if (err != 0)
 128         fail ("client credentials %d\n", err);
 129
 130       err =
 131         gnutls_certificate_set_openpgp_key_file2 (cred,
 132                                                   pub_key_path, priv_key_path,
 133                                                   key_id,
 134                                                   GNUTLS_OPENPGP_FMT_BASE64);
 135       if (err != 0)
 136         fail ("client openpgp keys %d\n", err);
 137
 138       err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
 139       if (err != 0)
 140         fail ("client credential_set %d\n", err);
 141
 142       gnutls_dh_set_prime_bits (session, 1024);
 143
 144       err = gnutls_handshake (session);
 145       if (err != 0)
 146         fail ("client handshake %s (%d) \n", gnutls_strerror(err), err);
 147       else if (debug)
 148         printf ("client handshake successful\n");
 149
 150       sent = gnutls_record_send (session, message, sizeof (message));
 151       if (sent != sizeof (message))
 152         fail ("client sent %li vs. %li\n",
 153               (long) sent, (long) sizeof (message));
 154
 155       err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
 156       if (err != 0)
 157         fail ("client bye %d\n", err);
 158
 159       if (debug)
 160         printf ("client done\n");
 161     }
 162   else
 163     {
 164       /* Parent process (server).  */
 165       gnutls_session_t session;
 166       gnutls_dh_params_t dh_params;
 167       gnutls_rsa_params_t rsa_params;
 168       gnutls_certificate_credentials_t cred;
 169       char greetings[sizeof (message) * 2];
 170       ssize_t received;
 171       pid_t done;
 172       int status;
 173       size_t rsa_size;
 174       gnutls_datum_t rsa_data;
 175       const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) };
 176
 177       if (debug)
 178         printf ("server process %i (child %i)\n", getpid (), child);
 179
 180       err = gnutls_init (&session, GNUTLS_SERVER);
 181       if (err != 0)
 182         fail ("server session %d\n", err);
 183
 184       gnutls_priority_set_direct (session, "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+CTYPE-OPENPGP", NULL);
 185       gnutls_transport_set_ptr (session,
 186                                 (gnutls_transport_ptr_t) (intptr_t)
 187                                 sockets[1]);
 188
 189       err = gnutls_certificate_allocate_credentials (&cred);
 190       if (err != 0)
 191         fail ("server credentials %d\n", err);
 192
 193       err =
 194         gnutls_certificate_set_openpgp_key_file2 (cred,
 195                                                   pub_key_path, priv_key_path,
 196                                                   key_id,
 197                                                   GNUTLS_OPENPGP_FMT_BASE64);
 198       if (err != 0)
 199         fail ("server openpgp keys %d\n", err);
 200
 201       err = gnutls_dh_params_init (&dh_params);
 202       if (err)
 203         fail ("server DH params init %d\n", err);
 204
 205       err =
 206         gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
 207       if (err)
 208         fail ("server DH params generate %d\n", err);
 209
 210       gnutls_certificate_set_dh_params (cred, dh_params);
 211
 212       rsa_data.data =
 213         (unsigned char *) read_binary_file (rsa_params_path, &rsa_size);
 214       if (rsa_data.data == NULL)
 215         fail ("server rsa params error\n");
 216       rsa_data.size = rsa_size;
 217
 218       err = gnutls_rsa_params_init (&rsa_params);
 219       if (err)
 220         fail ("server RSA params init %d\n", err);
 221
 222       err = gnutls_rsa_params_import_pkcs1 (rsa_params, &rsa_data,
 223                                             GNUTLS_X509_FMT_PEM);
 224       if (err)
 225         fail ("server RSA params import %d\n", err);
 226
 227       gnutls_certificate_set_rsa_export_params (cred, rsa_params);
 228
 229       err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
 230       if (err != 0)
 231         fail ("server credential_set %d\n", err);
 232
 233       gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
 234
 235       err = gnutls_handshake (session);
 236       if (err != 0)
 237         fail ("server handshake %s (%d) \n", gnutls_strerror(err), err);
 238
 239       received = gnutls_record_recv (session, greetings, sizeof (greetings));
 240       if (received != sizeof (message)
 241           || memcmp (greetings, message, sizeof (message)))
 242         fail ("server received %li vs. %li\n",
 243               (long) received, (long) sizeof (message));
 244
 245       err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
 246       if (err != 0)
 247         fail ("server bye %s (%d) \n", gnutls_strerror(err), err);
 248
 249       if (debug)
 250         printf ("server done\n");
 251
 252       done = wait (&status);
 253       if (done < 0)
 254         fail ("wait %s\n", strerror (errno));
 255
 256       if (done != child)
 257         fail ("who's that?! %d\n", done);
 258
 259       if (WIFEXITED (status))
 260         {
 261           if (WEXITSTATUS (status) != 0)
 262             fail ("child exited with status %d\n", WEXITSTATUS (status));
 263         }
 264       else if (WIFSIGNALED (status))
 265         fail ("child stopped by signal %d\n", WTERMSIG (status));
 266       else
 267         fail ("child failed: %d\n", status);
 268     }
 269 }