guile/tests/openpgp-auth.scm

   1 ;;; GnuTLS-extra --- Guile bindings for GnuTLS-EXTRA.
   2 ;;; Copyright (C) 2007, 2008, 2010, 2011 Free Software Foundation, Inc.
   3 ;;;
   4 ;;; GnuTLS-extra is free software; you can redistribute it and/or modify
   5 ;;; it under the terms of the GNU General Public License as published by
   6 ;;; the Free Software Foundation; either version 3 of the License, or
   7 ;;; (at your option) any later version.
   8 ;;;
   9 ;;; GnuTLS-extra is distributed in the hope that it will be useful,
  10 ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 ;;; GNU General Public License for more details.
  13 ;;;
  14 ;;; You should have received a copy of the GNU General Public License
  15 ;;; along with GnuTLS-EXTRA; if not, write to the Free Software
  16 ;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  17 ;;; USA.
  18
  19 ;;; Written by Ludovic Courtès <ludo@chbouib.org>.
  20
  21
  22 ;;;
  23 ;;; Test session establishment using OpenPGP certificate authentication.
  24 ;;;
  25
  26 (use-modules (gnutls)
  27              (gnutls extra)
  28              (gnutls build tests)
  29              (srfi srfi-4))
  30
  31
  32 ;; TLS session settings.
  33 (define %protos  (list protocol/tls-1.0))
  34 (define %certs   (list certificate-type/openpgp))
  35 (define %ciphers (list cipher/arcfour cipher/aes-128-cbc
  36                        cipher/aes-256-cbc))
  37 (define %kx      (list kx/dhe-rsa kx/dhe-dss))
  38 (define %macs    (list mac/sha1 mac/rmd160 mac/md5))
  39
  40 ;; Message sent by the client.
  41 (define %message
  42   (cons "hello, world!" (iota 4444)))
  43
  44 (define (import-something import-proc file fmt)
  45   (let* ((path (search-path %load-path file))
  46          (size (stat:size (stat path)))
  47          (raw  (make-u8vector size)))
  48     (uniform-vector-read! raw (open-input-file path))
  49     (import-proc raw fmt)))
  50
  51 (define (import-key import-proc file)
  52   (import-something import-proc file openpgp-certificate-format/base64))
  53
  54 (define (import-rsa-params file)
  55   (import-something pkcs1-import-rsa-parameters file
  56                     x509-certificate-format/pem))
  57
  58 (define (import-dh-params file)
  59   (import-something pkcs3-import-dh-parameters file
  60                     x509-certificate-format/pem))
  61
  62 ;; Debugging.
  63 ;; (set-log-level! 3)
  64 ;; (set-log-procedure! (lambda (level str)
  65 ;;                       (format #t "[~a|~a] ~a" (getpid) level str)))
  66
  67 (run-test
  68     (lambda ()
  69       (let ((socket-pair (socketpair PF_UNIX SOCK_STREAM 0))
  70             (pub         (import-key import-openpgp-certificate
  71                                      "openpgp-pub.asc"))
  72             (sec         (import-key import-openpgp-private-key
  73                                      "openpgp-sec.asc")))
  74         (let ((pid (primitive-fork)))
  75           (if (= 0 pid)
  76
  77               (let ((client (make-session connection-end/client))
  78                     (cred   (make-certificate-credentials)))
  79                 ;; client-side (child process)
  80                 (set-session-default-priority! client)
  81                 (set-session-certificate-type-priority! client %certs)
  82                 (set-session-kx-priority! client %kx)
  83                 (set-session-protocol-priority! client %protos)
  84                 (set-session-cipher-priority! client %ciphers)
  85                 (set-session-mac-priority! client %macs)
  86
  87                 (set-certificate-credentials-openpgp-keys! cred pub sec)
  88                 (set-session-credentials! client cred)
  89                 (set-session-dh-prime-bits! client 1024)
  90
  91                 (set-session-transport-fd! client (fileno (car socket-pair)))
  92
  93                 (handshake client)
  94                 (write %message (session-record-port client))
  95                 (bye client close-request/rdwr)
  96
  97                 (primitive-exit))
  98
  99               (let ((server (make-session connection-end/server))
 100                     (rsa    (import-rsa-params "rsa-parameters.pem"))
 101                     (dh     (import-dh-params "dh-parameters.pem")))
 102                 ;; server-side
 103                 (set-session-default-priority! server)
 104                 (set-session-certificate-type-priority! server %certs)
 105                 (set-session-kx-priority! server %kx)
 106                 (set-session-protocol-priority! server %protos)
 107                 (set-session-cipher-priority! server %ciphers)
 108                 (set-session-mac-priority! server %macs)
 109                 (set-server-session-certificate-request! server
 110                          certificate-request/require)
 111
 112                 (set-session-transport-fd! server (fileno (cdr socket-pair)))
 113                 (let ((cred (make-certificate-credentials)))
 114                   (set-certificate-credentials-dh-parameters! cred dh)
 115                   (set-certificate-credentials-rsa-export-parameters! cred rsa)
 116                   (set-certificate-credentials-openpgp-keys! cred pub sec)
 117                   (set-session-credentials! server cred))
 118                 (set-session-dh-prime-bits! server 1024)
 119
 120                 (handshake server)
 121                 (let ((msg (read (session-record-port server)))
 122                       (auth-type (session-authentication-type server)))
 123                   (bye server close-request/rdwr)
 124                   (and (eq? auth-type credentials/certificate)
 125                        (equal? msg %message)))))))))
 126
 127 ;;; arch-tag: 1a973ed5-f45d-45a4-8160-900b6a8c27ff