2 * Copyright (C) 2010 Free Software Foundation
3 * Author: Ludovic Courtès
5 * This file is part of GNUTLS.
7 * GNUTLS is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GNUTLS is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with GNUTLS; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
26 #include <gnutls/gnutls.h>
27 #include <gnutls/openpgp.h>
30 #include <read-file.h>
34 #include <sys/types.h>
35 #include <sys/socket.h>
41 /* This is the same test as openpgp-auth but tests
42 * openpgp under the latest TLS protocol (TLSv1.2). In
43 * addition it tests DSS signatures under that.
46 static const char message
[] = "Hello, brave GNU world!";
48 /* The OpenPGP key pair for use and the key ID in those keys. */
49 static const char pub_key_file
[] = "../guile/tests/openpgp-pub.asc";
50 static const char priv_key_file
[] = "../guile/tests/openpgp-sec.asc";
51 static const char *key_id
= NULL
52 /* FIXME: The values below don't work as expected. */
54 /* "bd572cdcccc07c35" */ ;
56 static const char rsa_params_file
[] = "../guile/tests/rsa-parameters.pem";
59 log_message (int level
, const char *message
)
61 fprintf (stderr
, "[%5d|%2d] %s", getpid (), level
, message
);
71 char *pub_key_path
, *priv_key_path
, *rsa_params_path
;
74 gnutls_global_init ();
76 srcdir
= getenv ("srcdir") ? getenv ("srcdir") : ".";
80 gnutls_global_set_log_level (10);
81 gnutls_global_set_log_function (log_message
);
84 err
= socketpair (PF_UNIX
, SOCK_STREAM
, 0, sockets
);
86 fail ("socketpair %s\n", strerror (errno
));
88 pub_key_path
= alloca (strlen (srcdir
) + strlen (pub_key_file
) + 2);
89 strcpy (pub_key_path
, srcdir
);
90 strcat (pub_key_path
, "/");
91 strcat (pub_key_path
, pub_key_file
);
93 priv_key_path
= alloca (strlen (srcdir
) + strlen (priv_key_file
) + 2);
94 strcpy (priv_key_path
, srcdir
);
95 strcat (priv_key_path
, "/");
96 strcat (priv_key_path
, priv_key_file
);
98 rsa_params_path
= alloca (strlen (srcdir
) + strlen (rsa_params_file
) + 2);
99 strcpy (rsa_params_path
, srcdir
);
100 strcat (rsa_params_path
, "/");
101 strcat (rsa_params_path
, rsa_params_file
);
105 fail ("fork %s\n", strerror (errno
));
109 /* Child process (client). */
110 gnutls_session_t session
;
111 gnutls_certificate_credentials_t cred
;
115 printf ("client process %i\n", getpid ());
117 err
= gnutls_init (&session
, GNUTLS_CLIENT
);
119 fail ("client session %d\n", err
);
121 gnutls_priority_set_direct (session
, "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+CTYPE-OPENPGP", NULL
);
122 gnutls_transport_set_ptr (session
,
123 (gnutls_transport_ptr_t
) (intptr_t)
126 err
= gnutls_certificate_allocate_credentials (&cred
);
128 fail ("client credentials %d\n", err
);
131 gnutls_certificate_set_openpgp_key_file2 (cred
,
132 pub_key_path
, priv_key_path
,
134 GNUTLS_OPENPGP_FMT_BASE64
);
136 fail ("client openpgp keys %d\n", err
);
138 err
= gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, cred
);
140 fail ("client credential_set %d\n", err
);
142 gnutls_dh_set_prime_bits (session
, 1024);
144 err
= gnutls_handshake (session
);
146 fail ("client handshake %s (%d) \n", gnutls_strerror(err
), err
);
148 printf ("client handshake successful\n");
150 sent
= gnutls_record_send (session
, message
, sizeof (message
));
151 if (sent
!= sizeof (message
))
152 fail ("client sent %li vs. %li\n",
153 (long) sent
, (long) sizeof (message
));
155 err
= gnutls_bye (session
, GNUTLS_SHUT_RDWR
);
157 fail ("client bye %d\n", err
);
160 printf ("client done\n");
164 /* Parent process (server). */
165 gnutls_session_t session
;
166 gnutls_dh_params_t dh_params
;
167 gnutls_rsa_params_t rsa_params
;
168 gnutls_certificate_credentials_t cred
;
169 char greetings
[sizeof (message
) * 2];
174 gnutls_datum_t rsa_data
;
175 const gnutls_datum_t p3
= { (char *) pkcs3
, strlen (pkcs3
) };
178 printf ("server process %i (child %i)\n", getpid (), child
);
180 err
= gnutls_init (&session
, GNUTLS_SERVER
);
182 fail ("server session %d\n", err
);
184 gnutls_priority_set_direct (session
, "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+CTYPE-OPENPGP", NULL
);
185 gnutls_transport_set_ptr (session
,
186 (gnutls_transport_ptr_t
) (intptr_t)
189 err
= gnutls_certificate_allocate_credentials (&cred
);
191 fail ("server credentials %d\n", err
);
194 gnutls_certificate_set_openpgp_key_file2 (cred
,
195 pub_key_path
, priv_key_path
,
197 GNUTLS_OPENPGP_FMT_BASE64
);
199 fail ("server openpgp keys %d\n", err
);
201 err
= gnutls_dh_params_init (&dh_params
);
203 fail ("server DH params init %d\n", err
);
206 gnutls_dh_params_import_pkcs3 (dh_params
, &p3
, GNUTLS_X509_FMT_PEM
);
208 fail ("server DH params generate %d\n", err
);
210 gnutls_certificate_set_dh_params (cred
, dh_params
);
213 (unsigned char *) read_binary_file (rsa_params_path
, &rsa_size
);
214 if (rsa_data
.data
== NULL
)
215 fail ("server rsa params error\n");
216 rsa_data
.size
= rsa_size
;
218 err
= gnutls_rsa_params_init (&rsa_params
);
220 fail ("server RSA params init %d\n", err
);
222 err
= gnutls_rsa_params_import_pkcs1 (rsa_params
, &rsa_data
,
223 GNUTLS_X509_FMT_PEM
);
225 fail ("server RSA params import %d\n", err
);
227 gnutls_certificate_set_rsa_export_params (cred
, rsa_params
);
229 err
= gnutls_credentials_set (session
, GNUTLS_CRD_CERTIFICATE
, cred
);
231 fail ("server credential_set %d\n", err
);
233 gnutls_certificate_server_set_request (session
, GNUTLS_CERT_REQUIRE
);
235 err
= gnutls_handshake (session
);
237 fail ("server handshake %s (%d) \n", gnutls_strerror(err
), err
);
239 received
= gnutls_record_recv (session
, greetings
, sizeof (greetings
));
240 if (received
!= sizeof (message
)
241 || memcmp (greetings
, message
, sizeof (message
)))
242 fail ("server received %li vs. %li\n",
243 (long) received
, (long) sizeof (message
));
245 err
= gnutls_bye (session
, GNUTLS_SHUT_RDWR
);
247 fail ("server bye %s (%d) \n", gnutls_strerror(err
), err
);
250 printf ("server done\n");
252 done
= wait (&status
);
254 fail ("wait %s\n", strerror (errno
));
257 fail ("who's that?! %d\n", done
);
259 if (WIFEXITED (status
))
261 if (WEXITSTATUS (status
) != 0)
262 fail ("child exited with status %d\n", WEXITSTATUS (status
));
264 else if (WIFSIGNALED (status
))
265 fail ("child stopped by signal %d\n", WTERMSIG (status
));
267 fail ("child failed: %d\n", status
);