2 * Copyright (C) 2010-2012 Free Software Foundation, Inc.
3 * Author: Ludovic Courtès
5 * This file is part of GNUTLS.
7 * GNUTLS is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GNUTLS is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with GNUTLS; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
26 #include <gnutls/gnutls.h>
27 #include <gnutls/openpgp.h>
30 #include <read-file.h>
34 #include <sys/types.h>
35 #include <sys/socket.h>
43 static const char message[] = "Hello, brave GNU world!";
45 /* The OpenPGP key pair for use and the key ID in those keys. */
46 static const char pub_key_file[] = "../guile/tests/openpgp-pub.asc";
47 static const char priv_key_file[] = "../guile/tests/openpgp-sec.asc";
48 static const char *key_id = NULL;
49 static gnutls_datum_t stored_cli_cert = { NULL, 0 };
51 static void log_message(int level, const char *message)
53 fprintf(stderr, "[%5d|%2d] %s", getpid(), level, message);
57 int key_recv_func(gnutls_session_t session, const unsigned char *keyfpr,
58 unsigned int keyfpr_length, gnutls_datum_t * key)
60 key->data = gnutls_malloc(stored_cli_cert.size);
61 memcpy(key->data, stored_cli_cert.data, stored_cli_cert.size);
62 key->size = stored_cli_cert.size;
73 char pub_key_path[512], priv_key_path[512];
77 srcdir = getenv("srcdir") ? getenv("srcdir") : ".";
79 for (i = 0; i < 5; i++) {
81 key_id = NULL; /* try using the master key */
83 key_id = "auto"; /* test auto */
85 key_id = "f30fd423c143e7ba";
88 gnutls_global_set_log_level(5);
89 gnutls_global_set_log_function(log_message);
92 err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
94 fail("socketpair %s\n", strerror(errno));
96 if (sizeof(pub_key_path) <
97 strlen(srcdir) + strlen(pub_key_file) + 2)
100 strcpy(pub_key_path, srcdir);
101 strcat(pub_key_path, "/");
102 strcat(pub_key_path, pub_key_file);
104 if (sizeof(priv_key_path) <
105 strlen(srcdir) + strlen(priv_key_file) + 2)
108 strcpy(priv_key_path, srcdir);
109 strcat(priv_key_path, "/");
110 strcat(priv_key_path, priv_key_file);
114 fail("fork %s\n", strerror(errno));
117 /* Child process (client). */
118 gnutls_session_t session;
119 gnutls_certificate_credentials_t cred;
123 printf("client process %i\n", getpid());
125 err = gnutls_init(&session, GNUTLS_CLIENT);
127 fail("client session %d\n", err);
129 if (i == 0) /* we use the primary key which is RSA. Test the RSA ciphersuite */
130 gnutls_priority_set_direct(session,
131 "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+RSA:+CTYPE-OPENPGP",
134 gnutls_priority_set_direct(session,
135 "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
137 gnutls_transport_set_int(session, sockets[0]);
140 gnutls_certificate_allocate_credentials(&cred);
142 fail("client credentials %d\n", err);
145 gnutls_certificate_set_openpgp_key_file2(cred,
149 GNUTLS_OPENPGP_FMT_BASE64);
151 fail("client openpgp keys %s\n",
152 gnutls_strerror(err));
155 gnutls_credentials_set(session,
156 GNUTLS_CRD_CERTIFICATE,
159 fail("client credential_set %d\n", err);
161 gnutls_dh_set_prime_bits(session, 1024);
164 gnutls_openpgp_send_cert(session,
165 GNUTLS_OPENPGP_CERT_FINGERPRINT);
167 err = gnutls_handshake(session);
169 fail("client handshake %s (%d) \n",
170 gnutls_strerror(err), err);
172 printf("client handshake successful\n");
175 gnutls_record_send(session, message,
177 if (sent != sizeof(message))
178 fail("client sent %li vs. %li\n",
179 (long) sent, (long) sizeof(message));
181 err = gnutls_bye(session, GNUTLS_SHUT_RDWR);
183 fail("client bye %d\n", err);
186 printf("client done\n");
188 gnutls_deinit(session);
189 gnutls_certificate_free_credentials(cred);
190 gnutls_free(stored_cli_cert.data);
191 gnutls_global_deinit();
194 /* Parent process (server). */
195 gnutls_session_t session;
196 gnutls_dh_params_t dh_params;
197 gnutls_certificate_credentials_t cred;
198 char greetings[sizeof(message) * 2];
202 const gnutls_datum_t p3 =
203 { (void *) pkcs3, strlen(pkcs3) };
206 printf("server process %i (child %i)\n",
209 err = gnutls_init(&session, GNUTLS_SERVER);
211 fail("server session %d\n", err);
213 gnutls_priority_set_direct(session,
214 "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+RSA:+CTYPE-OPENPGP",
216 gnutls_transport_set_int(session, sockets[1]);
219 gnutls_certificate_allocate_credentials(&cred);
221 fail("server credentials %d\n", err);
224 gnutls_certificate_set_openpgp_key_file2(cred,
228 GNUTLS_OPENPGP_FMT_BASE64);
230 fail("server openpgp keys %s\n",
231 gnutls_strerror(err));
233 err = gnutls_dh_params_init(&dh_params);
235 fail("server DH params init %d\n", err);
238 gnutls_dh_params_import_pkcs3(dh_params, &p3,
239 GNUTLS_X509_FMT_PEM);
241 fail("server DH params generate %d\n",
244 gnutls_certificate_set_dh_params(cred, dh_params);
247 gnutls_credentials_set(session,
248 GNUTLS_CRD_CERTIFICATE,
251 fail("server credential_set %d\n", err);
253 gnutls_certificate_server_set_request(session,
254 GNUTLS_CERT_REQUIRE);
257 gnutls_openpgp_set_recv_key_function
258 (session, key_recv_func);
260 err = gnutls_handshake(session);
262 fail("server handshake %s (%d) \n",
263 gnutls_strerror(err), err);
265 if (stored_cli_cert.data == NULL) {
266 const gnutls_datum_t *d;
268 d = gnutls_certificate_get_peers(session,
271 stored_cli_cert.data =
272 gnutls_malloc(d[0].size);
273 memcpy(stored_cli_cert.data,
274 d[0].data, d[0].size);
275 stored_cli_cert.size = d[0].size;
280 gnutls_record_recv(session, greetings,
282 if (received != sizeof(message)
283 || memcmp(greetings, message, sizeof(message)))
284 fail("server received %li vs. %li\n",
286 (long) sizeof(message));
288 err = gnutls_bye(session, GNUTLS_SHUT_RDWR);
290 fail("server bye %s (%d) \n",
291 gnutls_strerror(err), err);
294 printf("server done\n");
296 gnutls_deinit(session);
297 gnutls_certificate_free_credentials(cred);
298 gnutls_dh_params_deinit(dh_params);
300 done = wait(&status);
302 fail("wait %s\n", strerror(errno));
305 fail("who's that?! %d\n", done);
307 if (WIFEXITED(status)) {
308 if (WEXITSTATUS(status) != 0)
309 fail("child exited with status %d\n", WEXITSTATUS(status));
310 } else if (WIFSIGNALED(status))
311 fail("child stopped by signal %d\n",
314 fail("child failed: %d\n", status);
318 gnutls_free(stored_cli_cert.data);
319 gnutls_global_deinit();