/**
* gnutls_certificate_set_openpgp_key_file - Used to set OpenPGP keys
* @res: the destination context to save the data.
* @certfile: the file that contains the public key.
* @keyfile: the file that contains the secret key.
* @format: the format of the keys
*
* This funtion is used to load OpenPGP keys into the GnuTLS
* credentials structure. The files should only contain one key which
* is not encrypted.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
int
gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t res,
const char *certfile,
const char *keyfile,
gnutls_openpgp_crt_fmt_t format)
{
return gnutls_certificate_set_openpgp_key_file2 (res, certfile,
keyfile, NULL, format);
}
void
doit ()
{
int err;
int sockets[2];
const char *srcdir;
char *pub_key_path, *priv_key_path;
pid_t child;
gnutls_global_init ();
srcdir = getenv ("srcdir") ? getenv ("srcdir") : ".";
if (debug)
{
gnutls_global_set_log_level (10);
gnutls_global_set_log_function (log_message);
}
err = socketpair (PF_UNIX, SOCK_STREAM, 0, sockets);
if (err != 0)
fail ("socketpair %s\n", strerror (errno));
pub_key_path = alloca (strlen (srcdir) + strlen (pub_key_file) + 2);
strcpy (pub_key_path, srcdir);
strcat (pub_key_path, "/");
strcat (pub_key_path, pub_key_file);
priv_key_path = alloca (strlen (srcdir) + strlen (priv_key_file) + 2);
strcpy (priv_key_path, srcdir);
strcat (priv_key_path, "/");
strcat (priv_key_path, priv_key_file);
child = fork ();
if (child == -1)
fail ("fork %s\n", strerror (errno));
if (child == 0)
{
/* Child process (client). */
gnutls_session_t session;
gnutls_certificate_credentials_t cred;
ssize_t sent;
if (debug)
printf ("client process %i\n", getpid ());
err = gnutls_init (&session, GNUTLS_CLIENT);
if (err != 0)
fail ("client session %d\n", err);
gnutls_priority_set_direct (session, "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP", NULL);
gnutls_transport_set_ptr (session,
(gnutls_transport_ptr_t) (intptr_t)
sockets[0]);
err = gnutls_certificate_allocate_credentials (&cred);
if (err != 0)
fail ("client credentials %d\n", err);
err =
gnutls_certificate_set_openpgp_key_file2 (cred,
pub_key_path, priv_key_path,
key_id,
GNUTLS_OPENPGP_FMT_BASE64);
if (err != 0)
fail ("client openpgp keys %d\n", err);
err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
if (err != 0)
fail ("client credential_set %d\n", err);
gnutls_dh_set_prime_bits (session, 1024);
err = gnutls_handshake (session);
if (err != 0)
fail ("client handshake %s (%d) \n", gnutls_strerror(err), err);
else if (debug)
printf ("client handshake successful\n");
sent = gnutls_record_send (session, message, sizeof (message));
if (sent != sizeof (message))
fail ("client sent %li vs. %li\n",
(long) sent, (long) sizeof (message));
err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
if (err != 0)
fail ("client bye %d\n", err);
if (debug)
printf ("client done\n");
gnutls_deinit(session);
gnutls_certificate_free_credentials (cred);
}
else
{
/* Parent process (server). */
gnutls_session_t session;
gnutls_dh_params_t dh_params;
gnutls_certificate_credentials_t cred;
char greetings[sizeof (message) * 2];
ssize_t received;
pid_t done;
int status;
const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) };
if (debug)
printf ("server process %i (child %i)\n", getpid (), child);
err = gnutls_init (&session, GNUTLS_SERVER);
if (err != 0)
fail ("server session %d\n", err);
gnutls_priority_set_direct (session, "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP", NULL);
gnutls_transport_set_ptr (session,
(gnutls_transport_ptr_t) (intptr_t)
sockets[1]);
err = gnutls_certificate_allocate_credentials (&cred);
if (err != 0)
fail ("server credentials %d\n", err);
err =
gnutls_certificate_set_openpgp_key_file2 (cred,
pub_key_path, priv_key_path,
key_id,
GNUTLS_OPENPGP_FMT_BASE64);
if (err != 0)
fail ("server openpgp keys %d\n", err);
err = gnutls_dh_params_init (&dh_params);
if (err)
fail ("server DH params init %d\n", err);
err =
gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
if (err)
fail ("server DH params generate %d\n", err);
gnutls_certificate_set_dh_params (cred, dh_params);
err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
if (err != 0)
fail ("server credential_set %d\n", err);
gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
err = gnutls_handshake (session);
if (err != 0)
fail ("server handshake %s (%d) \n", gnutls_strerror(err), err);
received = gnutls_record_recv (session, greetings, sizeof (greetings));
if (received != sizeof (message)
|| memcmp (greetings, message, sizeof (message)))
fail ("server received %li vs. %li\n",
(long) received, (long) sizeof (message));
err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
if (err != 0)
fail ("server bye %s (%d) \n", gnutls_strerror(err), err);
if (debug)
printf ("server done\n");
gnutls_deinit(session);
gnutls_certificate_free_credentials (cred);
gnutls_dh_params_deinit (dh_params);
done = wait (&status);
if (done < 0)
fail ("wait %s\n", strerror (errno));
if (done != child)
fail ("who's that?! %d\n", done);
if (WIFEXITED (status))
{
if (WEXITSTATUS (status) != 0)
fail ("child exited with status %d\n", WEXITSTATUS (status));
}
else if (WIFSIGNALED (status))
fail ("child stopped by signal %d\n", WTERMSIG (status));
else
fail ("child failed: %d\n", status);
}
}
void doit(void)
{
int err, i;
int sockets[2];
const char *srcdir;
pid_t child;
char pub_key_path[512], priv_key_path[512];
global_init();
srcdir = getenv("srcdir") ? getenv("srcdir") : ".";
for (i = 0; i < 5; i++) {
if (i <= 1)
key_id = NULL; /* try using the master key */
else if (i == 2)
key_id = "auto"; /* test auto */
else if (i >= 3)
key_id = "f30fd423c143e7ba";
if (debug) {
gnutls_global_set_log_level(5);
gnutls_global_set_log_function(log_message);
}
err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets);
if (err != 0)
fail("socketpair %s\n", strerror(errno));
if (sizeof(pub_key_path) <
strlen(srcdir) + strlen(pub_key_file) + 2)
abort();
strcpy(pub_key_path, srcdir);
strcat(pub_key_path, "/");
strcat(pub_key_path, pub_key_file);
if (sizeof(priv_key_path) <
strlen(srcdir) + strlen(priv_key_file) + 2)
abort();
strcpy(priv_key_path, srcdir);
strcat(priv_key_path, "/");
strcat(priv_key_path, priv_key_file);
child = fork();
if (child == -1)
fail("fork %s\n", strerror(errno));
if (child == 0) {
/* Child process (client). */
gnutls_session_t session;
gnutls_certificate_credentials_t cred;
ssize_t sent;
if (debug)
printf("client process %i\n", getpid());
err = gnutls_init(&session, GNUTLS_CLIENT);
if (err != 0)
fail("client session %d\n", err);
if (i == 0) /* we use the primary key which is RSA. Test the RSA ciphersuite */
gnutls_priority_set_direct(session,
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+RSA:+CTYPE-OPENPGP",
NULL);
else
gnutls_priority_set_direct(session,
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
NULL);
gnutls_transport_set_int(session, sockets[0]);
err =
gnutls_certificate_allocate_credentials(&cred);
if (err != 0)
fail("client credentials %d\n", err);
err =
gnutls_certificate_set_openpgp_key_file2(cred,
pub_key_path,
priv_key_path,
key_id,
GNUTLS_OPENPGP_FMT_BASE64);
if (err != 0)
fail("client openpgp keys %s\n",
gnutls_strerror(err));
check_loaded_key(cred);
err =
gnutls_credentials_set(session,
GNUTLS_CRD_CERTIFICATE,
cred);
if (err != 0)
fail("client credential_set %d\n", err);
gnutls_dh_set_prime_bits(session, 1024);
if (i == 4)
gnutls_openpgp_send_cert(session,
GNUTLS_OPENPGP_CERT_FINGERPRINT);
err = gnutls_handshake(session);
if (err != 0)
fail("client handshake %s (%d) \n",
gnutls_strerror(err), err);
else if (debug)
printf("client handshake successful\n");
sent =
gnutls_record_send(session, message,
sizeof(message));
if (sent != sizeof(message))
fail("client sent %li vs. %li\n",
(long) sent, (long) sizeof(message));
err = gnutls_bye(session, GNUTLS_SHUT_RDWR);
if (err != 0)
fail("client bye %d\n", err);
if (debug)
printf("client done\n");
gnutls_deinit(session);
gnutls_certificate_free_credentials(cred);
gnutls_free(stored_cli_cert.data);
gnutls_global_deinit();
return;
} else {
/* Parent process (server). */
gnutls_session_t session;
gnutls_dh_params_t dh_params;
gnutls_certificate_credentials_t cred;
char greetings[sizeof(message) * 2];
ssize_t received;
pid_t done;
int status;
const gnutls_datum_t p3 =
{ (void *) pkcs3, strlen(pkcs3) };
if (debug)
printf("server process %i (child %i)\n",
getpid(), child);
err = gnutls_init(&session, GNUTLS_SERVER);
if (err != 0)
fail("server session %d\n", err);
gnutls_priority_set_direct(session,
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+RSA:+CTYPE-OPENPGP",
NULL);
gnutls_transport_set_int(session, sockets[1]);
err =
gnutls_certificate_allocate_credentials(&cred);
if (err != 0)
fail("server credentials %d\n", err);
err =
gnutls_certificate_set_openpgp_key_file2(cred,
pub_key_path,
priv_key_path,
key_id,
GNUTLS_OPENPGP_FMT_BASE64);
if (err != 0)
fail("server openpgp keys %s\n",
gnutls_strerror(err));
check_loaded_key(cred);
err = gnutls_dh_params_init(&dh_params);
if (err)
fail("server DH params init %d\n", err);
err =
gnutls_dh_params_import_pkcs3(dh_params, &p3,
GNUTLS_X509_FMT_PEM);
if (err)
fail("server DH params generate %d\n",
err);
gnutls_certificate_set_dh_params(cred, dh_params);
err =
gnutls_credentials_set(session,
GNUTLS_CRD_CERTIFICATE,
cred);
if (err != 0)
fail("server credential_set %d\n", err);
gnutls_certificate_server_set_request(session,
GNUTLS_CERT_REQUIRE);
if (i == 4)
gnutls_openpgp_set_recv_key_function
(session, key_recv_func);
err = gnutls_handshake(session);
if (err != 0)
fail("server handshake %s (%d) \n",
gnutls_strerror(err), err);
if (stored_cli_cert.data == NULL) {
const gnutls_datum_t *d;
unsigned int d_size;
d = gnutls_certificate_get_peers(session,
&d_size);
if (d != NULL) {
stored_cli_cert.data =
gnutls_malloc(d[0].size);
memcpy(stored_cli_cert.data,
d[0].data, d[0].size);
stored_cli_cert.size = d[0].size;
}
}
received =
gnutls_record_recv(session, greetings,
sizeof(greetings));
if (received != sizeof(message)
|| memcmp(greetings, message, sizeof(message)))
fail("server received %li vs. %li\n",
(long) received,
(long) sizeof(message));
err = gnutls_bye(session, GNUTLS_SHUT_RDWR);
if (err != 0)
fail("server bye %s (%d) \n",
gnutls_strerror(err), err);
if (debug)
printf("server done\n");
gnutls_deinit(session);
gnutls_certificate_free_credentials(cred);
gnutls_dh_params_deinit(dh_params);
done = wait(&status);
if (done < 0)
fail("wait %s\n", strerror(errno));
if (done != child)
fail("who's that?! %d\n", done);
check_wait_status(status);
}
}
gnutls_free(stored_cli_cert.data);
gnutls_global_deinit();
}
