summaryrefslogtreecommitdiff
path: root/tests/openpgp-auth.c
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2011-03-16 20:47:20 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2011-03-16 20:49:13 +0100
commit6215a10b58562877a3988d7a1a4acbce74c761fd (patch)
tree01927488014a62b4bf5f52e30b94f2c13197ce8c /tests/openpgp-auth.c
parentf09e64c7c976b60e771f36bc241d72bf2292a62b (diff)
downloadgnutls-6215a10b58562877a3988d7a1a4acbce74c761fd.tar.gz
gnutls_pubkey_t and gnutls_privkey_t can import either an openpgp subkey or a master key.
Diffstat (limited to 'tests/openpgp-auth.c')
-rw-r--r--tests/openpgp-auth.c361
1 files changed, 176 insertions, 185 deletions
diff --git a/tests/openpgp-auth.c b/tests/openpgp-auth.c
index eed99c1641..37c967cf99 100644
--- a/tests/openpgp-auth.c
+++ b/tests/openpgp-auth.c
@@ -43,12 +43,7 @@ static const char message[] = "Hello, brave GNU world!";
/* The OpenPGP key pair for use and the key ID in those keys. */
static const char pub_key_file[] = "../guile/tests/openpgp-pub.asc";
static const char priv_key_file[] = "../guile/tests/openpgp-sec.asc";
-static const char *key_id = NULL
- /* FIXME: The values below don't work as expected. */
- /* "auto" */
- /* "bd572cdcccc07c35" */ ;
-
-static const char rsa_params_file[] = "../guile/tests/rsa-parameters.pem";
+static const char *key_id = NULL;
static void
log_message (int level, const char *message)
@@ -60,205 +55,201 @@ log_message (int level, const char *message)
void
doit ()
{
- int err;
+ int err, i;
int sockets[2];
const char *srcdir;
- char *pub_key_path, *priv_key_path, *rsa_params_path;
+ char *pub_key_path, *priv_key_path;
pid_t child;
gnutls_global_init ();
srcdir = getenv ("srcdir") ? getenv ("srcdir") : ".";
- if (debug)
- {
- gnutls_global_set_log_level (10);
- gnutls_global_set_log_function (log_message);
- }
-
- err = socketpair (PF_UNIX, SOCK_STREAM, 0, sockets);
- if (err != 0)
- fail ("socketpair %s\n", strerror (errno));
-
- pub_key_path = alloca (strlen (srcdir) + strlen (pub_key_file) + 2);
- strcpy (pub_key_path, srcdir);
- strcat (pub_key_path, "/");
- strcat (pub_key_path, pub_key_file);
-
- priv_key_path = alloca (strlen (srcdir) + strlen (priv_key_file) + 2);
- strcpy (priv_key_path, srcdir);
- strcat (priv_key_path, "/");
- strcat (priv_key_path, priv_key_file);
-
- rsa_params_path = alloca (strlen (srcdir) + strlen (rsa_params_file) + 2);
- strcpy (rsa_params_path, srcdir);
- strcat (rsa_params_path, "/");
- strcat (rsa_params_path, rsa_params_file);
-
- child = fork ();
- if (child == -1)
- fail ("fork %s\n", strerror (errno));
-
- if (child == 0)
+ for (i = 0; i < 3; i++)
{
- /* Child process (client). */
- gnutls_session_t session;
- gnutls_certificate_credentials_t cred;
- ssize_t sent;
-
- if (debug)
- printf ("client process %i\n", getpid ());
-
- err = gnutls_init (&session, GNUTLS_CLIENT);
- if (err != 0)
- fail ("client session %d\n", err);
-
- gnutls_priority_set_direct (session, "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+CTYPE-OPENPGP", NULL);
- gnutls_transport_set_ptr (session,
- (gnutls_transport_ptr_t) (intptr_t)
- sockets[0]);
- err = gnutls_certificate_allocate_credentials (&cred);
- if (err != 0)
- fail ("client credentials %d\n", err);
-
- err =
- gnutls_certificate_set_openpgp_key_file2 (cred,
- pub_key_path, priv_key_path,
- key_id,
- GNUTLS_OPENPGP_FMT_BASE64);
- if (err != 0)
- fail ("client openpgp keys %d\n", err);
-
- err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
- if (err != 0)
- fail ("client credential_set %d\n", err);
-
- gnutls_dh_set_prime_bits (session, 1024);
-
- err = gnutls_handshake (session);
- if (err != 0)
- fail ("client handshake %s (%d) \n", gnutls_strerror(err), err);
- else if (debug)
- printf ("client handshake successful\n");
-
- sent = gnutls_record_send (session, message, sizeof (message));
- if (sent != sizeof (message))
- fail ("client sent %li vs. %li\n",
- (long) sent, (long) sizeof (message));
-
- err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
- if (err != 0)
- fail ("client bye %d\n", err);
+ if (i == 0)
+ key_id = NULL; /* try using the master key */
+ else if (i == 1)
+ key_id = "auto"; /* test auto */
+ else if (i == 2)
+ key_id = "f30fd423c143e7ba";
if (debug)
- printf ("client done\n");
- }
- else
- {
- /* Parent process (server). */
- gnutls_session_t session;
- gnutls_dh_params_t dh_params;
- gnutls_rsa_params_t rsa_params;
- gnutls_certificate_credentials_t cred;
- char greetings[sizeof (message) * 2];
- ssize_t received;
- pid_t done;
- int status;
- size_t rsa_size;
- gnutls_datum_t rsa_data;
- const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) };
-
- if (debug)
- printf ("server process %i (child %i)\n", getpid (), child);
-
- err = gnutls_init (&session, GNUTLS_SERVER);
- if (err != 0)
- fail ("server session %d\n", err);
-
- gnutls_priority_set_direct (session, "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+CTYPE-OPENPGP", NULL);
- gnutls_transport_set_ptr (session,
- (gnutls_transport_ptr_t) (intptr_t)
- sockets[1]);
-
- err = gnutls_certificate_allocate_credentials (&cred);
- if (err != 0)
- fail ("server credentials %d\n", err);
-
- err =
- gnutls_certificate_set_openpgp_key_file2 (cred,
- pub_key_path, priv_key_path,
- key_id,
- GNUTLS_OPENPGP_FMT_BASE64);
- if (err != 0)
- fail ("server openpgp keys %d\n", err);
-
- err = gnutls_dh_params_init (&dh_params);
- if (err)
- fail ("server DH params init %d\n", err);
-
- err =
- gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
- if (err)
- fail ("server DH params generate %d\n", err);
-
- gnutls_certificate_set_dh_params (cred, dh_params);
-
- rsa_data.data =
- (unsigned char *) read_binary_file (rsa_params_path, &rsa_size);
- if (rsa_data.data == NULL)
- fail ("server rsa params error\n");
- rsa_data.size = rsa_size;
-
- err = gnutls_rsa_params_init (&rsa_params);
- if (err)
- fail ("server RSA params init %d\n", err);
-
- err = gnutls_rsa_params_import_pkcs1 (rsa_params, &rsa_data,
- GNUTLS_X509_FMT_PEM);
- if (err)
- fail ("server RSA params import %d\n", err);
-
- gnutls_certificate_set_rsa_export_params (cred, rsa_params);
-
- err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
- if (err != 0)
- fail ("server credential_set %d\n", err);
-
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
-
- err = gnutls_handshake (session);
- if (err != 0)
- fail ("server handshake %s (%d) \n", gnutls_strerror(err), err);
-
- received = gnutls_record_recv (session, greetings, sizeof (greetings));
- if (received != sizeof (message)
- || memcmp (greetings, message, sizeof (message)))
- fail ("server received %li vs. %li\n",
- (long) received, (long) sizeof (message));
+ {
+ gnutls_global_set_log_level (10);
+ gnutls_global_set_log_function (log_message);
+ }
- err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ err = socketpair (PF_UNIX, SOCK_STREAM, 0, sockets);
if (err != 0)
- fail ("server bye %s (%d) \n", gnutls_strerror(err), err);
+ fail ("socketpair %s\n", strerror (errno));
- if (debug)
- printf ("server done\n");
+ pub_key_path = alloca (strlen (srcdir) + strlen (pub_key_file) + 2);
+ strcpy (pub_key_path, srcdir);
+ strcat (pub_key_path, "/");
+ strcat (pub_key_path, pub_key_file);
- done = wait (&status);
- if (done < 0)
- fail ("wait %s\n", strerror (errno));
+ priv_key_path = alloca (strlen (srcdir) + strlen (priv_key_file) + 2);
+ strcpy (priv_key_path, srcdir);
+ strcat (priv_key_path, "/");
+ strcat (priv_key_path, priv_key_file);
- if (done != child)
- fail ("who's that?! %d\n", done);
+ child = fork ();
+ if (child == -1)
+ fail ("fork %s\n", strerror (errno));
- if (WIFEXITED (status))
+ if (child == 0)
{
- if (WEXITSTATUS (status) != 0)
- fail ("child exited with status %d\n", WEXITSTATUS (status));
+ /* Child process (client). */
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t cred;
+ ssize_t sent;
+
+ if (debug)
+ printf ("client process %i\n", getpid ());
+
+ err = gnutls_init (&session, GNUTLS_CLIENT);
+ if (err != 0)
+ fail ("client session %d\n", err);
+
+ gnutls_priority_set_direct (session,
+ "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
+ NULL);
+ gnutls_transport_set_ptr (session,
+ (gnutls_transport_ptr_t) (intptr_t)
+ sockets[0]);
+
+ err = gnutls_certificate_allocate_credentials (&cred);
+ if (err != 0)
+ fail ("client credentials %d\n", err);
+
+ err =
+ gnutls_certificate_set_openpgp_key_file2 (cred,
+ pub_key_path,
+ priv_key_path, key_id,
+ GNUTLS_OPENPGP_FMT_BASE64);
+ if (err != 0)
+ fail ("client openpgp keys %s\n", gnutls_strerror (err));
+
+ err =
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
+ if (err != 0)
+ fail ("client credential_set %d\n", err);
+
+ gnutls_dh_set_prime_bits (session, 1024);
+
+ err = gnutls_handshake (session);
+ if (err != 0)
+ fail ("client handshake %s (%d) \n", gnutls_strerror (err), err);
+ else if (debug)
+ printf ("client handshake successful\n");
+
+ sent = gnutls_record_send (session, message, sizeof (message));
+ if (sent != sizeof (message))
+ fail ("client sent %li vs. %li\n",
+ (long) sent, (long) sizeof (message));
+
+ err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ if (err != 0)
+ fail ("client bye %d\n", err);
+
+ if (debug)
+ printf ("client done\n");
}
- else if (WIFSIGNALED (status))
- fail ("child stopped by signal %d\n", WTERMSIG (status));
else
- fail ("child failed: %d\n", status);
+ {
+ /* Parent process (server). */
+ gnutls_session_t session;
+ gnutls_dh_params_t dh_params;
+ gnutls_certificate_credentials_t cred;
+ char greetings[sizeof (message) * 2];
+ ssize_t received;
+ pid_t done;
+ int status;
+ const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) };
+
+ if (debug)
+ printf ("server process %i (child %i)\n", getpid (), child);
+
+ err = gnutls_init (&session, GNUTLS_SERVER);
+ if (err != 0)
+ fail ("server session %d\n", err);
+
+ gnutls_priority_set_direct (session,
+ "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
+ NULL);
+ gnutls_transport_set_ptr (session,
+ (gnutls_transport_ptr_t) (intptr_t)
+ sockets[1]);
+
+ err = gnutls_certificate_allocate_credentials (&cred);
+ if (err != 0)
+ fail ("server credentials %d\n", err);
+
+ err =
+ gnutls_certificate_set_openpgp_key_file2 (cred,
+ pub_key_path,
+ priv_key_path, key_id,
+ GNUTLS_OPENPGP_FMT_BASE64);
+ if (err != 0)
+ fail ("server openpgp keys %s\n", gnutls_strerror (err));
+
+ err = gnutls_dh_params_init (&dh_params);
+ if (err)
+ fail ("server DH params init %d\n", err);
+
+ err =
+ gnutls_dh_params_import_pkcs3 (dh_params, &p3,
+ GNUTLS_X509_FMT_PEM);
+ if (err)
+ fail ("server DH params generate %d\n", err);
+
+ gnutls_certificate_set_dh_params (cred, dh_params);
+
+ err =
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
+ if (err != 0)
+ fail ("server credential_set %d\n", err);
+
+ gnutls_certificate_server_set_request (session,
+ GNUTLS_CERT_REQUIRE);
+
+ err = gnutls_handshake (session);
+ if (err != 0)
+ fail ("server handshake %s (%d) \n", gnutls_strerror (err), err);
+
+ received =
+ gnutls_record_recv (session, greetings, sizeof (greetings));
+ if (received != sizeof (message)
+ || memcmp (greetings, message, sizeof (message)))
+ fail ("server received %li vs. %li\n", (long) received,
+ (long) sizeof (message));
+
+ err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ if (err != 0)
+ fail ("server bye %s (%d) \n", gnutls_strerror (err), err);
+
+ if (debug)
+ printf ("server done\n");
+
+ done = wait (&status);
+ if (done < 0)
+ fail ("wait %s\n", strerror (errno));
+
+ if (done != child)
+ fail ("who's that?! %d\n", done);
+
+ if (WIFEXITED (status))
+ {
+ if (WEXITSTATUS (status) != 0)
+ fail ("child exited with status %d\n", WEXITSTATUS (status));
+ }
+ else if (WIFSIGNALED (status))
+ fail ("child stopped by signal %d\n", WTERMSIG (status));
+ else
+ fail ("child failed: %d\n", status);
+ }
+
}
}