2 * Copyright (C) 2010-2012 Free Software Foundation, Inc.
3 * Author: Ludovic Courtès
5 * This file is part of GNUTLS.
7 * GNUTLS is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GNUTLS is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with GNUTLS; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
28 #include <gnutls/gnutls.h>
29 #include <gnutls/openpgp.h>
32 #include <read-file.h>
36 #include <sys/types.h>
37 #include <sys/socket.h>
44 /* This is the same test as openpgp-auth but tests
45 * openpgp under the latest TLS protocol (TLSv1.2). In
46 * addition it tests DSS signatures under that.
49 static const char message[] = "Hello, brave GNU world!";
51 /* The OpenPGP key pair for use and the key ID in those keys. */
52 static const char pub_key_file[] = "../guile/tests/openpgp-pub.asc";
53 static const char priv_key_file[] = "../guile/tests/openpgp-sec.asc";
54 static const char *key_id = NULL
55 /* FIXME: The values below don't work as expected. */
57 /* "bd572cdcccc07c35" */ ;
59 static void log_message(int level, const char *message)
61 fprintf(stderr, "[%5d|%2d] %s", getpid(), level, message);
70 char pub_key_path[512], priv_key_path[512];
75 srcdir = getenv("srcdir") ? getenv("srcdir") : ".";
78 gnutls_global_set_log_level(10);
79 gnutls_global_set_log_function(log_message);
82 err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
84 fail("socketpair %s\n", strerror(errno));
86 if (sizeof(pub_key_path) <
87 strlen(srcdir) + strlen(pub_key_file) + 2)
90 strcpy(pub_key_path, srcdir);
91 strcat(pub_key_path, "/");
92 strcat(pub_key_path, pub_key_file);
94 if (sizeof(priv_key_path) <
95 strlen(srcdir) + strlen(priv_key_file) + 2)
98 strcpy(priv_key_path, srcdir);
99 strcat(priv_key_path, "/");
100 strcat(priv_key_path, priv_key_file);
104 fail("fork %s\n", strerror(errno));
107 /* Child process (client). */
108 gnutls_session_t session;
109 gnutls_certificate_credentials_t cred;
113 printf("client process %i\n", getpid());
115 err = gnutls_init(&session, GNUTLS_CLIENT);
117 fail("client session %d\n", err);
119 gnutls_priority_set_direct(session,
120 "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
122 gnutls_transport_set_int(session, sockets[0]);
124 err = gnutls_certificate_allocate_credentials(&cred);
126 fail("client credentials %d\n", err);
129 gnutls_certificate_set_openpgp_key_file2(cred,
133 GNUTLS_OPENPGP_FMT_BASE64);
135 fail("client openpgp keys %d\n", err);
138 gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
141 fail("client credential_set %d\n", err);
143 gnutls_dh_set_prime_bits(session, 1024);
145 err = gnutls_handshake(session);
147 fail("client handshake %s (%d) \n",
148 gnutls_strerror(err), err);
150 printf("client handshake successful\n");
153 gnutls_record_send(session, message, sizeof(message));
154 if (sent != sizeof(message))
155 fail("client sent %li vs. %li\n",
156 (long) sent, (long) sizeof(message));
158 err = gnutls_bye(session, GNUTLS_SHUT_RDWR);
160 fail("client bye %d\n", err);
163 printf("client done\n");
165 gnutls_deinit(session);
166 gnutls_certificate_free_credentials(cred);
168 /* Parent process (server). */
169 gnutls_session_t session;
170 gnutls_dh_params_t dh_params;
171 gnutls_certificate_credentials_t cred;
172 char greetings[sizeof(message) * 2];
176 const gnutls_datum_t p3 =
177 { (void *) pkcs3, strlen(pkcs3) };
180 printf("server process %i (child %i)\n", getpid(),
183 err = gnutls_init(&session, GNUTLS_SERVER);
185 fail("server session %d\n", err);
187 gnutls_priority_set_direct(session,
188 "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
190 gnutls_transport_set_int(session, sockets[1]);
192 err = gnutls_certificate_allocate_credentials(&cred);
194 fail("server credentials %d\n", err);
197 gnutls_certificate_set_openpgp_key_file2(cred,
201 GNUTLS_OPENPGP_FMT_BASE64);
203 fail("server openpgp keys %d\n", err);
205 err = gnutls_dh_params_init(&dh_params);
207 fail("server DH params init %d\n", err);
210 gnutls_dh_params_import_pkcs3(dh_params, &p3,
211 GNUTLS_X509_FMT_PEM);
213 fail("server DH params generate %d\n", err);
215 gnutls_certificate_set_dh_params(cred, dh_params);
218 gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
221 fail("server credential_set %d\n", err);
223 gnutls_certificate_server_set_request(session,
224 GNUTLS_CERT_REQUIRE);
226 err = gnutls_handshake(session);
228 fail("server handshake %s (%d) \n",
229 gnutls_strerror(err), err);
232 gnutls_record_recv(session, greetings,
234 if (received != sizeof(message)
235 || memcmp(greetings, message, sizeof(message)))
236 fail("server received %li vs. %li\n",
237 (long) received, (long) sizeof(message));
239 err = gnutls_bye(session, GNUTLS_SHUT_RDWR);
241 fail("server bye %s (%d) \n", gnutls_strerror(err),
245 printf("server done\n");
247 gnutls_deinit(session);
248 gnutls_certificate_free_credentials(cred);
249 gnutls_dh_params_deinit(dh_params);
251 done = wait(&status);
253 fail("wait %s\n", strerror(errno));
256 fail("who's that?! %d\n", done);
258 if (WIFEXITED(status)) {
259 if (WEXITSTATUS(status) != 0)
260 fail("child exited with status %d\n",
261 WEXITSTATUS(status));
262 } else if (WIFSIGNALED(status))
263 fail("child stopped by signal %d\n",
266 fail("child failed: %d\n", status);
269 gnutls_global_deinit();