1 ;;; GnuTLS-extra --- Guile bindings for GnuTLS-EXTRA.
2 ;;; Copyright (C) 2007, 2008, 2010, 2011 Free Software Foundation, Inc.
4 ;;; GnuTLS-extra is free software; you can redistribute it and/or modify
5 ;;; it under the terms of the GNU General Public License as published by
6 ;;; the Free Software Foundation; either version 3 of the License, or
7 ;;; (at your option) any later version.
9 ;;; GnuTLS-extra is distributed in the hope that it will be useful,
10 ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
11 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 ;;; GNU General Public License for more details.
14 ;;; You should have received a copy of the GNU General Public License
15 ;;; along with GnuTLS-EXTRA; if not, write to the Free Software
16 ;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
19 ;;; Written by Ludovic Courtès <ludo@chbouib.org>.
23 ;;; Test session establishment using OpenPGP certificate authentication.
32 ;; TLS session settings.
34 "NONE:+VERS-TLS-ALL:+CTYPE-OPENPGP:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+DHE-RSA:+DHE-DSS:+COMP-ALL")
36 ;; Message sent by the client.
38 (cons "hello, world!" (iota 4444)))
40 (define (import-something import-proc file fmt)
41 (let* ((path (search-path %load-path file))
42 (size (stat:size (stat path)))
43 (raw (make-u8vector size)))
44 (uniform-vector-read! raw (open-input-file path))
45 (import-proc raw fmt)))
47 (define (import-key import-proc file)
48 (import-something import-proc file openpgp-certificate-format/base64))
50 (define (import-rsa-params file)
51 (import-something pkcs1-import-rsa-parameters file
52 x509-certificate-format/pem))
54 (define (import-dh-params file)
55 (import-something pkcs3-import-dh-parameters file
56 x509-certificate-format/pem))
60 ;; (set-log-procedure! (lambda (level str)
61 ;; (format #t "[~a|~a] ~a" (getpid) level str)))
65 (let ((socket-pair (socketpair PF_UNIX SOCK_STREAM 0))
66 (pub (import-key import-openpgp-certificate
68 (sec (import-key import-openpgp-private-key
70 (let ((pid (primitive-fork)))
73 (let ((client (make-session connection-end/client))
74 (cred (make-certificate-credentials)))
75 ;; client-side (child process)
76 (set-session-priorities! client priorities)
78 (set-certificate-credentials-openpgp-keys! cred pub sec)
79 (set-session-credentials! client cred)
80 (set-session-dh-prime-bits! client 1024)
82 (set-session-transport-fd! client (fileno (car socket-pair)))
85 (write %message (session-record-port client))
86 (bye client close-request/rdwr)
90 (let ((server (make-session connection-end/server))
91 (rsa (import-rsa-params "rsa-parameters.pem"))
92 (dh (import-dh-params "dh-parameters.pem")))
94 (set-session-priorities! server priorities)
95 (set-server-session-certificate-request! server
96 certificate-request/require)
98 (set-session-transport-fd! server (fileno (cdr socket-pair)))
99 (let ((cred (make-certificate-credentials)))
100 (set-certificate-credentials-dh-parameters! cred dh)
101 (set-certificate-credentials-rsa-export-parameters! cred rsa)
102 (set-certificate-credentials-openpgp-keys! cred pub sec)
103 (set-session-credentials! server cred))
104 (set-session-dh-prime-bits! server 1024)
107 (let ((msg (read (session-record-port server)))
108 (auth-type (session-authentication-type server)))
109 (bye server close-request/rdwr)
110 (and (eq? auth-type credentials/certificate)
111 (equal? msg %message)))))))))
113 ;;; arch-tag: 1a973ed5-f45d-45a4-8160-900b6a8c27ff