updated documentation
[gnutls.git] / guile / tests / x509-auth.scm
blob52fd6592cedc01e65477920e73644e9f330e3994
1 ;;; GnuTLS --- Guile bindings for GnuTLS.
2 ;;; Copyright (C) 2007-2012 Free Software Foundation, Inc.
3 ;;;
4 ;;; GnuTLS is free software; you can redistribute it and/or
5 ;;; modify it under the terms of the GNU Lesser General Public
6 ;;; License as published by the Free Software Foundation; either
7 ;;; version 2.1 of the License, or (at your option) any later version.
8 ;;;
9 ;;; GnuTLS is distributed in the hope that it will be useful,
10 ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
11 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12 ;;; Lesser General Public License for more details.
13 ;;;
14 ;;; You should have received a copy of the GNU Lesser General Public
15 ;;; License along with GnuTLS; if not, write to the Free Software
16 ;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
18 ;;; Written by Ludovic Courtès <ludo@chbouib.org>.
21 ;;;
22 ;;; Test session establishment using X.509 certificate authentication.
23 ;;; Based on `openpgp-auth.scm'.
24 ;;;
26 (use-modules (gnutls)
27              (gnutls build tests)
28              (srfi srfi-4))
31 ;; TLS session settings (using the deprecated method).
32 (define %protos  (list protocol/tls-1.0))
33 (define %certs   (list certificate-type/x509))
34 (define %ciphers (list cipher/null cipher/arcfour cipher/aes-128-cbc
35                        cipher/aes-256-cbc))
36 (define %kx      (list kx/rsa kx/rsa-export kx/dhe-dss kx/dhe-dss))
37 (define %macs    (list mac/sha1 mac/rmd160 mac/md5))
39 ;; Message sent by the client.
40 (define %message
41   (cons "hello, world!" (iota 4444)))
43 (define (import-something import-proc file fmt)
44   (let* ((path (search-path %load-path file))
45          (size (stat:size (stat path)))
46          (raw  (make-u8vector size)))
47     (uniform-vector-read! raw (open-input-file path))
48     (import-proc raw fmt)))
50 (define (import-key import-proc file)
51   (import-something import-proc file x509-certificate-format/pem))
53 (define (import-rsa-params file)
54   (import-something pkcs1-import-rsa-parameters file
55                     x509-certificate-format/pem))
57 (define (import-dh-params file)
58   (import-something pkcs3-import-dh-parameters file
59                     x509-certificate-format/pem))
61 ;; Debugging.
62 ;; (set-log-level! 3)
63 ;; (set-log-procedure! (lambda (level str)
64 ;;                       (format #t "[~a|~a] ~a" (getpid) level str)))
66 (run-test
67     (lambda ()
68       (let ((socket-pair (socketpair PF_UNIX SOCK_STREAM 0))
69             (pub         (import-key import-x509-certificate
70                                      "x509-certificate.pem"))
71             (sec         (import-key import-x509-private-key
72                                      "x509-key.pem")))
73         (let ((pid (primitive-fork)))
74           (if (= 0 pid)
76               (let ((client (make-session connection-end/client))
77                     (cred   (make-certificate-credentials)))
78                 ;; client-side (child process)
79                 (set-session-default-priority! client)
80                 (set-session-certificate-type-priority! client %certs)
81                 (set-session-kx-priority! client %kx)
82                 (set-session-protocol-priority! client %protos)
83                 (set-session-cipher-priority! client %ciphers)
84                 (set-session-mac-priority! client %macs)
86                 (set-certificate-credentials-x509-keys! cred (list pub) sec)
87                 (set-session-credentials! client cred)
88                 (set-session-dh-prime-bits! client 1024)
90                 (set-session-transport-fd! client (fileno (car socket-pair)))
92                 (handshake client)
93                 (write %message (session-record-port client))
94                 (bye client close-request/rdwr)
96                 (primitive-exit))
98               (let ((server (make-session connection-end/server))
99                     (rsa    (import-rsa-params "rsa-parameters.pem"))
100                     (dh     (import-dh-params "dh-parameters.pem")))
101                 ;; server-side
102                 (set-session-default-priority! server)
103                 (set-session-certificate-type-priority! server %certs)
104                 (set-session-kx-priority! server %kx)
105                 (set-session-protocol-priority! server %protos)
106                 (set-session-cipher-priority! server %ciphers)
107                 (set-session-mac-priority! server %macs)
108                 (set-server-session-certificate-request! server
109                          certificate-request/require)
111                 (set-session-transport-fd! server (fileno (cdr socket-pair)))
112                 (let ((cred (make-certificate-credentials))
113                       (trust-file (search-path %load-path
114                                                "x509-certificate.pem"))
115                       (trust-fmt  x509-certificate-format/pem))
116                   (set-certificate-credentials-dh-parameters! cred dh)
117                   (set-certificate-credentials-rsa-export-parameters! cred rsa)
118                   (set-certificate-credentials-x509-keys! cred (list pub) sec)
119                   (set-certificate-credentials-x509-trust-file! cred
120                                                                 trust-file
121                                                                 trust-fmt)
122                   (set-session-credentials! server cred))
123                 (set-session-dh-prime-bits! server 1024)
125                 (handshake server)
126                 (let ((msg (read (session-record-port server)))
127                       (auth-type (session-authentication-type server)))
128                   (bye server close-request/rdwr)
129                   (and (eq? auth-type credentials/certificate)
130                        (equal? msg %message)))))))))
132 ;;; arch-tag: 1f88f835-a5c8-4fd6-94b6-5a13571ba03d