1 ;;; GnuTLS-extra --- Guile bindings for GnuTLS-EXTRA.
2 ;;; Copyright (C) 2007, 2008, 2010, 2011 Free Software Foundation, Inc.
4 ;;; GnuTLS-extra is free software; you can redistribute it and/or modify
5 ;;; it under the terms of the GNU General Public License as published by
6 ;;; the Free Software Foundation; either version 3 of the License, or
7 ;;; (at your option) any later version.
9 ;;; GnuTLS-extra is distributed in the hope that it will be useful,
10 ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
11 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 ;;; GNU General Public License for more details.
14 ;;; You should have received a copy of the GNU General Public License
15 ;;; along with GnuTLS-EXTRA; if not, write to the Free Software
16 ;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
19 ;;; Written by Ludovic Courtès <ludo@chbouib.org>.
23 ;;; Test session establishment using OpenPGP certificate authentication.
32 ;; TLS session settings.
33 (define %protos (list protocol/tls-1.0))
34 (define %certs (list certificate-type/openpgp))
35 (define %ciphers (list cipher/arcfour cipher/aes-128-cbc
37 (define %kx (list kx/dhe-rsa kx/dhe-dss))
38 (define %macs (list mac/sha1 mac/rmd160 mac/md5))
40 ;; Message sent by the client.
42 (cons "hello, world!" (iota 4444)))
44 (define (import-something import-proc file fmt)
45 (let* ((path (search-path %load-path file))
46 (size (stat:size (stat path)))
47 (raw (make-u8vector size)))
48 (uniform-vector-read! raw (open-input-file path))
49 (import-proc raw fmt)))
51 (define (import-key import-proc file)
52 (import-something import-proc file openpgp-certificate-format/base64))
54 (define (import-rsa-params file)
55 (import-something pkcs1-import-rsa-parameters file
56 x509-certificate-format/pem))
58 (define (import-dh-params file)
59 (import-something pkcs3-import-dh-parameters file
60 x509-certificate-format/pem))
64 ;; (set-log-procedure! (lambda (level str)
65 ;; (format #t "[~a|~a] ~a" (getpid) level str)))
69 (let ((socket-pair (socketpair PF_UNIX SOCK_STREAM 0))
70 (pub (import-key import-openpgp-certificate
72 (sec (import-key import-openpgp-private-key
74 (let ((pid (primitive-fork)))
77 (let ((client (make-session connection-end/client))
78 (cred (make-certificate-credentials)))
79 ;; client-side (child process)
80 (set-session-default-priority! client)
81 (set-session-certificate-type-priority! client %certs)
82 (set-session-kx-priority! client %kx)
83 (set-session-protocol-priority! client %protos)
84 (set-session-cipher-priority! client %ciphers)
85 (set-session-mac-priority! client %macs)
87 (set-certificate-credentials-openpgp-keys! cred pub sec)
88 (set-session-credentials! client cred)
89 (set-session-dh-prime-bits! client 1024)
91 (set-session-transport-fd! client (fileno (car socket-pair)))
94 (write %message (session-record-port client))
95 (bye client close-request/rdwr)
99 (let ((server (make-session connection-end/server))
100 (rsa (import-rsa-params "rsa-parameters.pem"))
101 (dh (import-dh-params "dh-parameters.pem")))
103 (set-session-default-priority! server)
104 (set-session-certificate-type-priority! server %certs)
105 (set-session-kx-priority! server %kx)
106 (set-session-protocol-priority! server %protos)
107 (set-session-cipher-priority! server %ciphers)
108 (set-session-mac-priority! server %macs)
109 (set-server-session-certificate-request! server
110 certificate-request/require)
112 (set-session-transport-fd! server (fileno (cdr socket-pair)))
113 (let ((cred (make-certificate-credentials)))
114 (set-certificate-credentials-dh-parameters! cred dh)
115 (set-certificate-credentials-rsa-export-parameters! cred rsa)
116 (set-certificate-credentials-openpgp-keys! cred pub sec)
117 (set-session-credentials! server cred))
118 (set-session-dh-prime-bits! server 1024)
121 (let ((msg (read (session-record-port server)))
122 (auth-type (session-authentication-type server)))
123 (bye server close-request/rdwr)
124 (and (eq? auth-type credentials/certificate)
125 (equal? msg %message)))))))))
127 ;;; arch-tag: 1a973ed5-f45d-45a4-8160-900b6a8c27ff