diff options
author | Ludovic Courtès <ludo@chbouib.org> | 2007-05-30 00:39:23 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@chbouib.org> | 2007-05-30 00:39:23 +0200 |
commit | d374e7df710477ae0212234d688064876cb7d05f (patch) | |
tree | 9130cc704019c6b89da9eb2b5dd7da59d41b8b31 /guile/tests | |
parent | 331a51173f748bca0850a275dd9454486948a9da (diff) | |
download | gnutls-d374e7df710477ae0212234d688064876cb7d05f.tar.gz |
Started Guile integration.
Documentation is still missing. A bit rough on the edges, but `make'
and `make check' do work.
Diffstat (limited to 'guile/tests')
-rw-r--r-- | guile/tests/Makefile.am | 30 | ||||
-rw-r--r-- | guile/tests/anonymous-auth.scm | 102 | ||||
-rw-r--r-- | guile/tests/errors.scm | 46 | ||||
-rw-r--r-- | guile/tests/openpgp-auth.scm | 132 | ||||
-rw-r--r-- | guile/tests/openpgp-keyring.asc | 37 | ||||
-rw-r--r-- | guile/tests/openpgp-keyring.gpg | bin | 0 -> 1503 bytes | |||
-rw-r--r-- | guile/tests/openpgp-keyring.scm | 79 | ||||
-rw-r--r-- | guile/tests/openpgp-keys.scm | 79 | ||||
-rw-r--r-- | guile/tests/openpgp-pub.asc | 24 | ||||
-rw-r--r-- | guile/tests/openpgp-sec.asc | 32 | ||||
-rw-r--r-- | guile/tests/pkcs-import-export.scm | 49 | ||||
-rw-r--r-- | guile/tests/raw-to-c.scm | 16 | ||||
-rw-r--r-- | guile/tests/rsa-parameters.pem | 15 | ||||
-rw-r--r-- | guile/tests/session-record-port.scm | 133 | ||||
-rw-r--r-- | guile/tests/srp-base64.scm | 39 | ||||
-rw-r--r-- | guile/tests/x509-auth.scm | 135 | ||||
-rw-r--r-- | guile/tests/x509-certificate.pem | 33 | ||||
-rw-r--r-- | guile/tests/x509-certificates.scm | 86 | ||||
-rw-r--r-- | guile/tests/x509-key.pem | 15 |
19 files changed, 1082 insertions, 0 deletions
diff --git a/guile/tests/Makefile.am b/guile/tests/Makefile.am new file mode 100644 index 0000000000..b0109217f4 --- /dev/null +++ b/guile/tests/Makefile.am @@ -0,0 +1,30 @@ +# GNUTLS -- Guile bindings for GnuTLS. +# Copyright (C) 2007 Free Software Foundation +# +# GNUTLS is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# GNUTLS is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with GNUTLS; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +TESTS = anonymous-auth.scm session-record-port.scm \ + pkcs-import-export.scm \ + openpgp-keys.scm openpgp-keyring.scm openpgp-auth.scm \ + srp-base64.scm errors.scm \ + x509-certificates.scm x509-auth.scm + +TESTS_ENVIRONMENT = $(top_builddir)/guile/pre-inst-guile -L $(srcdir) + + +EXTRA_DIST = $(TESTS) openpgp-pub.asc openpgp-sec.asc \ + openpgp-keyring.gpg openpgp-keyring.asc \ + rsa-parameters.pem \ + x509-certificate.pem x509-key.pem diff --git a/guile/tests/anonymous-auth.scm b/guile/tests/anonymous-auth.scm new file mode 100644 index 0000000000..eb4375fc3b --- /dev/null +++ b/guile/tests/anonymous-auth.scm @@ -0,0 +1,102 @@ +;;; GNUTLS --- Guile bindings for GnuTLS. +;;; Copyright (C) 2007 Free Software Foundation +;;; +;;; GNUTLS is free software; you can redistribute it and/or +;;; modify it under the terms of the GNU Lesser General Public +;;; License as published by the Free Software Foundation; either +;;; version 2.1 of the License, or (at your option) any later version. +;;; +;;; GNUTLS is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;; Lesser General Public License for more details. +;;; +;;; You should have received a copy of the GNU Lesser General Public +;;; License along with GNUTLS; if not, write to the Free Software +;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +;;; Written by Ludovic Courtès <ludo@chbouib.org>. + + +;;; +;;; Test session establishment using anonymous authentication. Exercise the +;;; record layer low-level API. +;;; + +(use-modules (gnutls) + (srfi srfi-4)) + + +;; TLS session settings. +(define %protos (list protocol/tls-1.0)) +(define %certs '()) +(define %ciphers (list cipher/null cipher/arcfour cipher/aes-128-cbc + cipher/aes-256-cbc)) +(define %kx (list kx/anon-dh)) +(define %macs (list mac/sha1 mac/rmd160 mac/md5)) + +;; Message sent by the client. +(define %message (apply u8vector (iota 256))) + +;; Debugging. +;; (set-log-level! 100) +;; (set-log-procedure! (lambda (level str) +;; (format #t "[~a|~a] ~a" (getpid) level str))) + +(dynamic-wind + (lambda () + #t) + + (lambda () + (let ((socket-pair (socketpair PF_UNIX SOCK_STREAM 0)) + (pid (primitive-fork))) + (if (= 0 pid) + + (let ((client (make-session connection-end/client))) + ;; client-side (child process) + (set-session-default-priority! client) + (set-session-certificate-type-priority! client %certs) + (set-session-kx-priority! client %kx) + (set-session-protocol-priority! client %protos) + (set-session-cipher-priority! client %ciphers) + (set-session-mac-priority! client %macs) + + (set-session-transport-fd! client (fileno (car socket-pair))) + (set-session-credentials! client (make-anonymous-client-credentials)) + (set-session-dh-prime-bits! client 1024) + + (handshake client) + (record-send client %message) + (bye client close-request/rdwr) + + (exit)) + + (let ((server (make-session connection-end/server))) + ;; server-side + (set-session-default-priority! server) + (set-session-certificate-type-priority! server %certs) + (set-session-kx-priority! server %kx) + (set-session-protocol-priority! server %protos) + (set-session-cipher-priority! server %ciphers) + (set-session-mac-priority! server %macs) + + (set-session-transport-fd! server (fileno (cdr socket-pair))) + (let ((cred (make-anonymous-server-credentials)) + (dh-params (make-dh-parameters 1024))) + ;; Note: DH parameter generation can take some time. + (set-anonymous-server-dh-parameters! cred dh-params) + (set-session-credentials! server cred)) + (set-session-dh-prime-bits! server 1024) + + (handshake server) + (let* ((buf (make-u8vector (u8vector-length %message))) + (amount (record-receive! server buf))) + (bye server close-request/rdwr) + (exit (= amount (u8vector-length %message)) + (equal? buf %message))))))) + + (lambda () + ;; failure + (exit 1))) + +;;; arch-tag: 8c98de24-0a53-4290-974e-4b071ad162a0 diff --git a/guile/tests/errors.scm b/guile/tests/errors.scm new file mode 100644 index 0000000000..d739cecb40 --- /dev/null +++ b/guile/tests/errors.scm @@ -0,0 +1,46 @@ +;;; GNUTLS --- Guile bindings for GnuTLS. +;;; Copyright (C) 2007 Free Software Foundation +;;; +;;; GNUTLS is free software; you can redistribute it and/or +;;; modify it under the terms of the GNU Lesser General Public +;;; License as published by the Free Software Foundation; either +;;; version 2.1 of the License, or (at your option) any later version. +;;; +;;; GNUTLS is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;; Lesser General Public License for more details. +;;; +;;; You should have received a copy of the GNU Lesser General Public +;;; License along with GNUTLS; if not, write to the Free Software +;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +;;; Written by Ludovic Courtès <ludo@chbouib.org>. + + +;;; +;;; Test the error/exception mechanism. +;;; + +(use-modules (gnutls)) + +(dynamic-wind + (lambda () + #t) + + (lambda () + (let ((s (make-session connection-end/server))) + (catch 'gnutls-error + (lambda () + (handshake s)) + (lambda (key err function . currently-unused) + (exit (and (eq? key 'gnutls-error) + err + (string? (error->string err)) + (eq? function 'handshake))))))) + + (lambda () + ;; failure + (exit 1))) + +;;; arch-tag: 73ed6229-378d-4a12-a5c6-4c2586c6e3a2 diff --git a/guile/tests/openpgp-auth.scm b/guile/tests/openpgp-auth.scm new file mode 100644 index 0000000000..bdc1d97d43 --- /dev/null +++ b/guile/tests/openpgp-auth.scm @@ -0,0 +1,132 @@ +;;; GNUTLS-EXTRA --- Guile bindings for GnuTLS-EXTRA. +;;; Copyright (C) 2007 Free Software Foundation +;;; +;;; GNUTLS-EXTRA is free software; you can redistribute it and/or modify +;;; it under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 2 of the License, or +;;; (at your option) any later version. +;;; +;;; GNUTLS-EXTRA is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNUTLS-EXTRA; if not, write to the Free Software +;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +;;; USA. + +;;; Written by Ludovic Courtès <ludo@chbouib.org>. + + +;;; +;;; Test session establishment using OpenPGP certificate authentication. +;;; +;;; XXX: `set-certificate-credentials-openpgp-keys!' is broken (i.e., +;;; segfaults) in GnuTLS 1.7.2 and earlier. +;;; + +(use-modules (gnutls) + (gnutls extra) + (srfi srfi-4)) + + +;; TLS session settings. +(define %protos (list protocol/tls-1.0)) +(define %certs (list certificate-type/openpgp)) +(define %ciphers (list cipher/null cipher/arcfour cipher/aes-128-cbc + cipher/aes-256-cbc)) +(define %kx (list kx/rsa kx/rsa-export kx/dhe-dss kx/dhe-dss)) +(define %macs (list mac/sha1 mac/rmd160 mac/md5)) + +;; Message sent by the client. +(define %message + (cons "hello, world!" (iota 4444))) + +(define (import-something import-proc file fmt) + (let* ((path (search-path %load-path file)) + (size (stat:size (stat path))) + (raw (make-u8vector size))) + (uniform-vector-read! raw (open-input-file path)) + (import-proc raw fmt))) + +(define (import-key import-proc file) + (import-something import-proc file openpgp-key-format/base64)) + +(define (import-rsa-params file) + (import-something pkcs1-import-rsa-parameters file + x509-certificate-format/pem)) + +;; Debugging. +;; (set-log-level! 3) +;; (set-log-procedure! (lambda (level str) +;; (format #t "[~a|~a] ~a" (getpid) level str))) + +(dynamic-wind + (lambda () + #t) + + (lambda () + (let ((socket-pair (socketpair PF_UNIX SOCK_STREAM 0)) + (pub (import-key import-openpgp-public-key + "openpgp-pub.asc")) + (sec (import-key import-openpgp-private-key + "openpgp-sec.asc"))) + (let ((pid (primitive-fork))) + (if (= 0 pid) + + (let ((client (make-session connection-end/client)) + (cred (make-certificate-credentials))) + ;; client-side (child process) + (set-session-default-priority! client) + (set-session-certificate-type-priority! client %certs) + (set-session-kx-priority! client %kx) + (set-session-protocol-priority! client %protos) + (set-session-cipher-priority! client %ciphers) + (set-session-mac-priority! client %macs) + + (set-certificate-credentials-openpgp-keys! cred pub sec) + (set-session-credentials! client cred) + (set-session-dh-prime-bits! client 1024) + + (set-session-transport-fd! client (fileno (car socket-pair))) + + (handshake client) + (write %message (session-record-port client)) + (bye client close-request/rdwr) + + (exit)) + + (let ((server (make-session connection-end/server)) + (rsa (import-rsa-params "rsa-parameters.pem")) + (dh (make-dh-parameters 1024))) + ;; server-side + (set-session-default-priority! server) + (set-session-certificate-type-priority! server %certs) + (set-session-kx-priority! server %kx) + (set-session-protocol-priority! server %protos) + (set-session-cipher-priority! server %ciphers) + (set-session-mac-priority! server %macs) + (set-server-session-certificate-request! server + certificate-request/require) + + (set-session-transport-fd! server (fileno (cdr socket-pair))) + (let ((cred (make-certificate-credentials))) + (set-certificate-credentials-dh-parameters! cred dh) + (set-certificate-credentials-rsa-export-parameters! cred rsa) + (set-certificate-credentials-openpgp-keys! cred pub sec) + (set-session-credentials! server cred)) + (set-session-dh-prime-bits! server 1024) + + (handshake server) + (let ((msg (read (session-record-port server))) + (auth-type (session-authentication-type server))) + (bye server close-request/rdwr) + (exit (and (eq? auth-type credentials/certificate) + (equal? msg %message))))))))) + + (lambda () + ;; failure + (exit 1))) + +;;; arch-tag: 1a973ed5-f45d-45a4-8160-900b6a8c27ff diff --git a/guile/tests/openpgp-keyring.asc b/guile/tests/openpgp-keyring.asc new file mode 100644 index 0000000000..4495a5a8e3 --- /dev/null +++ b/guile/tests/openpgp-keyring.asc @@ -0,0 +1,37 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.6 (GNU/Linux) + +mQGiBDxnlY0RBACAsWUhi/goBvpvTBgL8fFPwBAuD04VYFEtC7+4pBp6kFsHjUR7 +TTUkBsOk2PvMHrDdv0+C4x2CH8YGP1e+O0f2yLWk8Uu+kkF12yiqbbvDEiCdeJT6 +c3vIstY8vJ9Jso5g/LB8Xggq88R7jXFS3hH+WC5v/6P6SARfzXl457cVewCgvxSf +Gsm9mFospJ0B3RGyg5MB0d8D/RQQryJCGdR2nLe4VfctPL2QBD/1XhtubqEbetaV +PxssqrJdA+eplBRT7UHokSBahM8gmSmNuSrLDujPfEtaMg6YIkB+Kq0VeJLE0cXT +ZIH29KJlI/qk1xG4K7D6B0cKaHC/L4BIoKcQLJzfTIPw3frS4jVeNaQZNHSVqZ8/ +VmOMA/9rkNtccQ4RVd9WTFoHKvT4vfiISEOIzKGmcBY9Hymq7MCci3mNe4CDImkv +ZgnjDlJAM91CX1ODthPLBqvyhnMhhxDnaDl4Nh42uPMSr9JEW2IwoIbFne10ihGT +O4lBS1C28UfSGEMm/8JBMtxAjbYy3BYzUtCMA+bGBG6Voe5i5LQlRHIuIFdobyAo +Tm8gY29tbWVudHMpIDx3aG9Ad2hvaXMub3JnPohdBBMRAgAdBQI8Z5WNBQkDwmcA +BQsHCgMEAxUDAgMWAgECF4AACgkQNRRc6qfZPD+WWACfeJnLyfbpTDB7mDh3aATb ++0PXz28AoKRdApBVM6Bty+vWyXH6HfF6ZTj+mQGiBDxKxWwRBADnLna2Lu+po71Z +QJMpJBgFDALXAp1sogZu/DTIYDhifGQ+saZSp68dN89G/FBaweDGmbN4lbS8s+U1 +Qf/aR2bWFowriq/WqyJGbQbRgDTV2saY5pk7pbNQ/4IuHNhwKnURTotzprCcs7k8 +5E27UWybtflbtmYYhgKgoURyNsBljwCgj1teeNhfeSzCBy+UdGRXJvtNk3MD/jV4 +1onWYG6RGOn5pwQrljzyPz2PE3eic8Dwl02/RLPKvL4U3WRBJVWGPjmpxidmLXes +NmYq5El5LDJi0/EumDKnVlMJ1nugrk3yX17aCTcFatW+ifQGnr1+x2zkMkQd9dUv +/9BtOeX2HjaUe2mKd8tiq4HkpBIr+QUGcdmUbIZeBADQYUN6lk3eMYgYwrJN4Ajm +AJa2DbimhLhag40Rn8kwMRiJrVejuSf0SPhOslPGI+2nO0L/eLzmOmpTHXWmTOhU +BROAjp9bEM4HXTQXuAEWSRixMdNUTIdlqOy5lx9hoJ/HPVCYBhBrWXfSEcsOHQTQ +7Za86Juuj3PYALBSE5y/jbRJT3BlbkNESyB0ZXN0IGtleSAoT25seSBpbnRlbmRl +ZCBmb3IgdGVzdCBwdXJwb3NlcyEpIDxvcGVuY2RrQGZvby1iYXIub3JnPohiBBMR +AgAaBQI8SsVsBQsHCgMEAxUDAgMWAgECHgECF4AAEgkQvVcs3MzAfDUHZUdQRwAB +AYHBAJwOEo2O1ER8bcvOYVDZzYbiDYRZpQCfZoFmLIDGqs8dLSvCBPCC/oDT26S5 +AQ0EPErFbxAEAOIBVlJgadBn0k9NcebThljgi+O/JGwa3OCNtpzY1FnB7TNXOEEH +mHVa/befF5fPAi5wx5YPEspoltJ8/SShHNMW3eH7zB6mFcXDH+xlbkZweMh1/FCb +HsuZyLVsLYdcUOIBi1sPo3hgbrZCWiUzgw9V/SHWSQFWFdSaHQnpUQ9fAAMFBADQ +va3kBDJ1hnXIfQcww2CYFGe64b62zBBaPB82a/2+oS43hFZRMji4rUFOUqKpZh0d +8dtrtfM/aQYWYQdVbIEyJDMLMJMtt8jMgiVnLXriSvJGl1DlObZh6mR10uA82NOD +jcSorEr9ITU2/j6W7J0K6mUWS1duAbN6jcqJ8rJX0IhOBBgRAgAGBQI8SsVvABIJ +EL1XLNzMwHw1B2VHUEcAAQF1ZgCfYB4fmeCwfHfmfz7soeGflGPTc2cAn2rGnrQR +mm/79Enn0VTYLgXUCGHb +=7B/E +-----END PGP PUBLIC KEY BLOCK----- diff --git a/guile/tests/openpgp-keyring.gpg b/guile/tests/openpgp-keyring.gpg Binary files differnew file mode 100644 index 0000000000..f78440407b --- /dev/null +++ b/guile/tests/openpgp-keyring.gpg diff --git a/guile/tests/openpgp-keyring.scm b/guile/tests/openpgp-keyring.scm new file mode 100644 index 0000000000..6a25f866da --- /dev/null +++ b/guile/tests/openpgp-keyring.scm @@ -0,0 +1,79 @@ +;;; GNUTLS-EXTRA --- Guile bindings for GnuTLS-EXTRA. +;;; Copyright (C) 2007 Free Software Foundation +;;; +;;; GNUTLS-EXTRA is free software; you can redistribute it and/or modify +;;; it under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 2 of the License, or +;;; (at your option) any later version. +;;; +;;; GNUTLS-EXTRA is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNUTLS-EXTRA; if not, write to the Free Software +;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +;;; USA. + +;;; Written by Ludovic Courtès <ludo@chbouib.org>. + + +;;; +;;; Exercise the OpenPGP keyring API part of GnuTLS-extra. +;;; +;;; XXX: Keyring import is broken in GnuTLS versions up to and including 1.7.8. +;;; + +(use-modules (gnutls extra) (gnutls) + (srfi srfi-1) + (srfi srfi-4)) + +(define %raw-keyring-file + (search-path %load-path "openpgp-keyring.gpg")) + +(define %ascii-keyring-file + (search-path %load-path "openpgp-keyring.asc")) + +(define %ids-in-keyring + ;; The IDs of keys that are in the keyring. + ;; Change me if you change the keyring file. + (list '#u8(#x35 #x14 #x5c #xea + #xa7 #xd9 #x3c #x3f) + '#u8(#xbd #x57 #x2c #xdc + #xcc #xc0 #x7c #x35))) + +(define (file-size file) + (stat:size (stat file))) + +(define (valid-keyring? file format) + ;; Return true if FILE contains a valid keyring encoded in FORMAT. + (let ((raw-keyring (make-u8vector (file-size file)))) + + (uniform-vector-read! raw-keyring (open-input-file file)) + + (let ((keyring (import-openpgp-keyring raw-keyring format)) + (null-id (make-u8vector 8 0))) + + (and (openpgp-keyring? keyring) + (not (openpgp-keyring-contains-key-id? keyring null-id)) + (every (lambda (id) + (openpgp-keyring-contains-key-id? keyring id)) + %ids-in-keyring))))) + +(dynamic-wind + + (lambda () + #t) + + (lambda () + (exit + (every valid-keyring? + (list %raw-keyring-file %ascii-keyring-file) + (list openpgp-key-format/raw openpgp-key-format/base64)))) + + (lambda () + ;; failure + (exit 1))) + +;;; arch-tag: 516bf608-5c8b-4787-abe9-5f7b6e6d660b diff --git a/guile/tests/openpgp-keys.scm b/guile/tests/openpgp-keys.scm new file mode 100644 index 0000000000..29cbe821ef --- /dev/null +++ b/guile/tests/openpgp-keys.scm @@ -0,0 +1,79 @@ +;;; GNUTLS-EXTRA --- Guile bindings for GnuTLS-EXTRA. +;;; Copyright (C) 2007 Free Software Foundation +;;; +;;; GNUTLS-EXTRA is free software; you can redistribute it and/or modify +;;; it under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 2 of the License, or +;;; (at your option) any later version. +;;; +;;; GNUTLS-EXTRA is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNUTLS-EXTRA; if not, write to the Free Software +;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +;;; USA. + +;;; Written by Ludovic Courtès <ludo@chbouib.org>. + + +;;; +;;; Exercise the OpenPGP key API part of GnuTLS-extra. +;;; + +(use-modules (gnutls) + (gnutls extra) + (srfi srfi-1) + (srfi srfi-4) + (srfi srfi-11)) + +(define %public-key-file + (search-path %load-path "openpgp-pub.asc")) + +(define %private-key-file + (search-path %load-path "openpgp-sec.asc")) + +(define %key-id + ;; Change me if you change the key files. + '#u8(#xbd #x57 #x2c #xdc #xcc #xc0 #x7c #x35)) + +(define (file-size file) + (stat:size (stat file))) + + +(dynamic-wind + + (lambda () + #t) + + (lambda () + (let ((raw-pubkey (make-u8vector (file-size %public-key-file))) + (raw-privkey (make-u8vector (file-size %private-key-file)))) + + (uniform-vector-read! raw-pubkey (open-input-file %public-key-file)) + (uniform-vector-read! raw-privkey (open-input-file %private-key-file)) + + (let ((pub (import-openpgp-public-key raw-pubkey + openpgp-key-format/base64)) + (sec (import-openpgp-private-key raw-privkey + openpgp-key-format/base64))) + + (exit (and (openpgp-public-key? pub) + (openpgp-private-key? sec) + (equal? (openpgp-public-key-id pub) %key-id) + (u8vector? (openpgp-public-key-fingerprint pub)) + (every string? (openpgp-public-key-names pub)) + (member (openpgp-public-key-version pub) '(3 4)) + (list? (openpgp-public-key-usage pub)) + (let-values (((pk bits) + (openpgp-public-key-algorithm pub))) + (and (string? (pk-algorithm->string pk)) + (number? bits)))))))) + + (lambda () + ;; failure + (exit 1))) + +;;; arch-tag: 2ee2a377-7f4d-4031-92a8-275090e4f83d diff --git a/guile/tests/openpgp-pub.asc b/guile/tests/openpgp-pub.asc new file mode 100644 index 0000000000..6bdfabf9d2 --- /dev/null +++ b/guile/tests/openpgp-pub.asc @@ -0,0 +1,24 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGiBDxKxWwRBADnLna2Lu+po71ZQJMpJBgFDALXAp1sogZu/DTIYDhifGQ+saZS +p68dN89G/FBaweDGmbN4lbS8s+U1Qf/aR2bWFowriq/WqyJGbQbRgDTV2saY5pk7 +pbNQ/4IuHNhwKnURTotzprCcs7k85E27UWybtflbtmYYhgKgoURyNsBljwCgj1te +eNhfeSzCBy+UdGRXJvtNk3MD/jV41onWYG6RGOn5pwQrljzyPz2PE3eic8Dwl02/ +RLPKvL4U3WRBJVWGPjmpxidmLXesNmYq5El5LDJi0/EumDKnVlMJ1nugrk3yX17a +CTcFatW+ifQGnr1+x2zkMkQd9dUv/9BtOeX2HjaUe2mKd8tiq4HkpBIr+QUGcdmU +bIZeBADQYUN6lk3eMYgYwrJN4AjmAJa2DbimhLhag40Rn8kwMRiJrVejuSf0SPhO +slPGI+2nO0L/eLzmOmpTHXWmTOhUBROAjp9bEM4HXTQXuAEWSRixMdNUTIdlqOy5 +lx9hoJ/HPVCYBhBrWXfSEcsOHQTQ7Za86Juuj3PYALBSE5y/jbRJT3BlbkNESyB0 +ZXN0IGtleSAoT25seSBpbnRlbmRlZCBmb3IgdGVzdCBwdXJwb3NlcyEpIDxvcGVu +Y2RrQGZvby1iYXIub3JnPohaBBMRAgAaBQI8SsVsBQsHCgMEAxUDAgMWAgECHgEC +F4AACgkQvVcs3MzAfDWBwQCcDhKNjtREfG3LzmFQ2c2G4g2EWaUAn2aBZiyAxqrP +HS0rwgTwgv6A09ukuQENBDxKxW8QBADiAVZSYGnQZ9JPTXHm04ZY4IvjvyRsGtzg +jbac2NRZwe0zVzhBB5h1Wv23nxeXzwIucMeWDxLKaJbSfP0koRzTFt3h+8wephXF +wx/sZW5GcHjIdfxQmx7Lmci1bC2HXFDiAYtbD6N4YG62QlolM4MPVf0h1kkBVhXU +mh0J6VEPXwADBQQA0L2t5AQydYZ1yH0HMMNgmBRnuuG+tswQWjwfNmv9vqEuN4RW +UTI4uK1BTlKiqWYdHfHba7XzP2kGFmEHVWyBMiQzCzCTLbfIzIIlZy164kryRpdQ +5Tm2YepkddLgPNjTg43EqKxK/SE1Nv4+luydCuplFktXbgGzeo3KifKyV9CIRgQY +EQIABgUCPErFbwAKCRC9VyzczMB8NXVmAJ9gHh+Z4LB8d+Z/Puyh4Z+UY9NzZwCf +asaetBGab/v0SefRVNguBdQIYds= +=GwWK +-----END PGP PUBLIC KEY BLOCK----- diff --git a/guile/tests/openpgp-sec.asc b/guile/tests/openpgp-sec.asc new file mode 100644 index 0000000000..58bafeea47 --- /dev/null +++ b/guile/tests/openpgp-sec.asc @@ -0,0 +1,32 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- + +lQG7BDxKxWwRBADnLna2Lu+po71ZQJMpJBgFDALXAp1sogZu/DTIYDhifGQ+saZS +p68dN89G/FBaweDGmbN4lbS8s+U1Qf/aR2bWFowriq/WqyJGbQbRgDTV2saY5pk7 +pbNQ/4IuHNhwKnURTotzprCcs7k85E27UWybtflbtmYYhgKgoURyNsBljwCgj1te +eNhfeSzCBy+UdGRXJvtNk3MD/jV41onWYG6RGOn5pwQrljzyPz2PE3eic8Dwl02/ +RLPKvL4U3WRBJVWGPjmpxidmLXesNmYq5El5LDJi0/EumDKnVlMJ1nugrk3yX17a +CTcFatW+ifQGnr1+x2zkMkQd9dUv/9BtOeX2HjaUe2mKd8tiq4HkpBIr+QUGcdmU +bIZeBADQYUN6lk3eMYgYwrJN4AjmAJa2DbimhLhag40Rn8kwMRiJrVejuSf0SPhO +slPGI+2nO0L/eLzmOmpTHXWmTOhUBROAjp9bEM4HXTQXuAEWSRixMdNUTIdlqOy5 +lx9hoJ/HPVCYBhBrWXfSEcsOHQTQ7Za86Juuj3PYALBSE5y/jQAAn2P+O9oRyd/b +1jXd4F2H8SSzMMu3DM/9JiM6RFNBX2ZhY3RvcjoAAK9+8VCrUSp2tkcQT5PxLJzr +ENoOP4NB/SYjOkRTQV9mYWN0b3I6AACvTy8J9Y0wrRLLV4I96AjHaNfLwQp9E/0m +IzpEU0FfZmFjdG9yOgAAr2T4CrVVKLaOwyIga909v8jvsToXmxu0SU9wZW5DREsg +dGVzdCBrZXkgKE9ubHkgaW50ZW5kZWQgZm9yIHRlc3QgcHVycG9zZXMhKSA8b3Bl +bmNka0Bmb28tYmFyLm9yZz6IWgQTEQIAGgUCPErFbAULBwoDBAMVAwIDFgIBAh4B +AheAAAoJEL1XLNzMwHw1gcEAmQGbWA2HMKJfa1qvFUwrpVK9zdHtAJ9HHAujC4X+ +0AnRZNUKFdC94Ct+r50BMgQ8SsVvEAQA4gFWUmBp0GfST01x5tOGWOCL478kbBrc +4I22nNjUWcHtM1c4QQeYdVr9t58Xl88CLnDHlg8SymiW0nz9JKEc0xbd4fvMHqYV +xcMf7GVuRnB4yHX8UJsey5nItWwth1xQ4gGLWw+jeGButkJaJTODD1X9IdZJAVYV +1JodCelRD18AAwUEANC9reQEMnWGdch9BzDDYJgUZ7rhvrbMEFo8HzZr/b6hLjeE +VlEyOLitQU5SoqlmHR3x22u18z9pBhZhB1VsgTIkMwswky23yMyCJWcteuJK8kaX +UOU5tmHqZHXS4DzY04ONxKisSv0hNTb+PpbsnQrqZRZLV24Bs3qNyonyslfQAAD6 +AqTLHwdVk3VLPMjSKNONdwwYPDTowJ5cHw5Uc2vRRG0OJf0mIzpFTEdfZmFjdG9y +OgAAqwRFtBcGdsy2AtBSxX4HPMvtBiODIhf9JiM6RUxHX2ZhY3RvcjoAAKsFn0GK +Y7/TzpNP3IdTXmkQfUXC+YpP/SYjOkVMR19mYWN0b3I6AACrBV0wh13upAu9+4N1 +rXOuK6EkJ4T1//0mIzpFTEdfZmFjdG9yOgAAqwbJVCRiM/nb341fujR8AELlrBOb +Lqv9JiM6RUxHX2ZhY3RvcjoAAKsGhKSsyEs0Yrs4YvI0CBiIZn1b2G9LiEYEGBEC +AAYFAjxKxW8ACgkQvVcs3MzAfDV1ZgCeLovqxqOYaIfjREbT8e9+2jy1D20An268 +JJzFTBkCFFN0YlBK57y6qjf0 +=0tJj +-----END PGP PRIVATE KEY BLOCK----- diff --git a/guile/tests/pkcs-import-export.scm b/guile/tests/pkcs-import-export.scm new file mode 100644 index 0000000000..d202668c81 --- /dev/null +++ b/guile/tests/pkcs-import-export.scm @@ -0,0 +1,49 @@ +;;; GNUTLS --- Guile bindings for GnuTLS. +;;; Copyright (C) 2007 Free Software Foundation +;;; +;;; GNUTLS is free software; you can redistribute it and/or +;;; modify it under the terms of the GNU Lesser General Public +;;; License as published by the Free Software Foundation; either +;;; version 2.1 of the License, or (at your option) any later version. +;;; +;;; GNUTLS is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;; Lesser General Public License for more details. +;;; +;;; You should have received a copy of the GNU Lesser General Public +;;; License along with GNUTLS; if not, write to the Free Software +;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +;;; Written by Ludovic Courtès <ludo@chbouib.org>. + + +;;; +;;; Exercise the DH/RSA PKCS3/PKCS1 export/import functions. +;;; + +(use-modules (gnutls) + (srfi srfi-4)) + +(dynamic-wind + + (lambda () + #t) + + (lambda () + (exit + (let* ((dh-params (make-dh-parameters 1024)) + (export + (pkcs3-export-dh-parameters dh-params + x509-certificate-format/pem))) + (and (u8vector? export) + (let ((import + (pkcs3-import-dh-parameters export + x509-certificate-format/pem))) + (dh-parameters? import)))))) + + (lambda () + ;; failure + (exit 1))) + +;;; arch-tag: adff0f07-479e-421e-b47f-8956e06b9902 diff --git a/guile/tests/raw-to-c.scm b/guile/tests/raw-to-c.scm new file mode 100644 index 0000000000..8f506e7f7c --- /dev/null +++ b/guile/tests/raw-to-c.scm @@ -0,0 +1,16 @@ +(use-modules (r6rs i/o ports) + (ice-9 format)) + +(define line-len 12) + +(let ((input (open-input-file "openpgp-keyring.gpg"))) + (let loop ((byte (get-u8 input)) + (total 0)) + (if (eof-object? byte) + #t + (begin + (format #t "0x~:@(~2,'0x, " byte) + (if (>= (+ 1 total) line-len) (newline)) + (loop (get-u8 input) + (modulo (+ total 1) line-len)))))) +(newline)
\ No newline at end of file diff --git a/guile/tests/rsa-parameters.pem b/guile/tests/rsa-parameters.pem new file mode 100644 index 0000000000..b1cd7db3f5 --- /dev/null +++ b/guile/tests/rsa-parameters.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQDMOUZ0VEyX41ZLmZ7O0FPDaUYoJRFSoQF82TVt7zTcyLGTIoER +QRpqpzA6DUyHZyX4bEodiCc4ks0efZYv7sjfz9pH1nEQiNe30ScFml79Yz8TmGtC +aSiDEigZOq8F0NAzBgN9pfS5sxZw5yMK69m9DOUU/uQRJPM0nIaa6IHQ9QIDAQAB +AoGAChNITcxr4/FwDDZFvrPJ8iHTN39OqbouQdvQdj4/KCZRlm31GqYQ2NKrPy3x +SNvWpHkpNehF8RVS/85X1sEL0WJQ4h9/krWYsmO6h8ve/kMT6A2K2vVkv+Li/QBi +6RyjP+FUcN5INe2cmRx7U04HaBoLyXg0wSOfRxpIez6nobkCQQDafbFQhGxqf0cS +sMMu1jOX2HGGWwoPXWk8CANVmZWAZz3B507hc0di4ITgwTpw/JRr0RxzkEZQChLy +RQDbW/5NAkEA70iPmsCVD7mSf8yo4h52YClmHhsHGkHD+kealg1Nq5LmnKoNftfa +Ftg3wG8X7d86DU1pq1tJbRiUmxtgcGgBSQJABXNrUAnttn50ZHf6dpmrcddZhbOR +va5j6LZ+ds09GJX6yXKe2isJFeNqDT1k2trCTSpLXmq0Bl0p+ddU3SQfZQJAXIXl +KUSAHtV1pT8AqnZ29VXsq4Vt6KQ3YEZhqtW4C7jAvSEwGLTkGmM+o4URbqQbMVuW +mXCx4qJXi+Y5Ex3UKQJAcuKAICXkM0Zi2aKE5Rv64w30VRbT2dNFGw2hWoHcQU9X +S6Bf9LJmL8rJ8GOqwjEO8TbnAn+yNevd9zuFsGbw9A== +-----END RSA PRIVATE KEY----- diff --git a/guile/tests/session-record-port.scm b/guile/tests/session-record-port.scm new file mode 100644 index 0000000000..e0b313c9de --- /dev/null +++ b/guile/tests/session-record-port.scm @@ -0,0 +1,133 @@ +;;; GNUTLS --- Guile bindings for GnuTLS. +;;; Copyright (C) 2007 Free Software Foundation +;;; +;;; GNUTLS is free software; you can redistribute it and/or +;;; modify it under the terms of the GNU Lesser General Public +;;; License as published by the Free Software Foundation; either +;;; version 2.1 of the License, or (at your option) any later version. +;;; +;;; GNUTLS is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;; Lesser General Public License for more details. +;;; +;;; You should have received a copy of the GNU Lesser General Public +;;; License along with GNUTLS; if not, write to the Free Software +;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +;;; Written by Ludovic Courtès <ludo@chbouib.org>. + + +;;; +;;; Test session establishment using anonymous authentication. Exercise the +;;; `session-record-port' API. +;;; + +(use-modules (gnutls) + (srfi srfi-4)) + + +;; TLS session settings. +(define %protos (list protocol/tls-1.0)) +(define %certs '()) +(define %ciphers (list cipher/null cipher/arcfour cipher/aes-128-cbc + cipher/aes-256-cbc)) +(define %kx (list kx/anon-dh)) +(define %macs (list mac/sha1 mac/rmd160 mac/md5)) + +;; Message sent by the client. +(define %message (apply u8vector (iota 256))) + +;; Debugging. +;; (set-log-level! 100) +;; (set-log-procedure! (lambda (level str) +;; (format #t "[~a|~a] ~a" (getpid) level str))) + +(dynamic-wind + (lambda () + #t) + + (lambda () + ;; Stress the GC. In 0.0, this triggered an abort due to + ;; "scm_unprotect_object called during GC". + (let ((sessions (map (lambda (i) + (make-session connection-end/server)) + (iota 123)))) + (for-each session-record-port sessions) + (gc)(gc)(gc)) + + ;; Stress the GC. The session associated to each port in PORTS should + ;; remain reachable. + (let ((ports (map session-record-port + (map (lambda (i) + (make-session connection-end/server)) + (iota 123))))) + (gc)(gc)(gc) + (for-each (lambda (p) + (catch 'gnutls-error + (lambda () + (read p)) + (lambda (key . args) + #t))) + ports)) + + ;; Try using the record port for I/O. + (let ((socket-pair (socketpair PF_UNIX SOCK_STREAM 0)) + (pid (primitive-fork))) + (if (= 0 pid) + + (let ((client (make-session connection-end/client))) + ;; client-side (child process) + (set-session-default-priority! client) + (set-session-certificate-type-priority! client %certs) + (set-session-kx-priority! client %kx) + (set-session-protocol-priority! client %protos) + (set-session-cipher-priority! client %ciphers) + (set-session-mac-priority! client %macs) + + (set-session-transport-port! client (car socket-pair)) + (set-session-credentials! client (make-anonymous-client-credentials)) + (set-session-dh-prime-bits! client 1024) + + (handshake client) + (uniform-vector-write %message (session-record-port client)) + (bye client close-request/rdwr) + + (exit)) + + (let ((server (make-session connection-end/server))) + ;; server-side + (set-session-default-priority! server) + (set-session-certificate-type-priority! server %certs) + (set-session-kx-priority! server %kx) + (set-session-protocol-priority! server %protos) + (set-session-cipher-priority! server %ciphers) + (set-session-mac-priority! server %macs) + + (set-session-transport-port! server (cdr socket-pair)) + (let ((cred (make-anonymous-server-credentials)) + (dh-params (make-dh-parameters 1024))) + ;; Note: DH parameter generation can take some time. + (set-anonymous-server-dh-parameters! cred dh-params) + (set-session-credentials! server cred)) + (set-session-dh-prime-bits! server 1024) + + (handshake server) + (let* ((buf (make-u8vector (u8vector-length %message))) + (amount + (uniform-vector-read! buf (session-record-port server)))) + (bye server close-request/rdwr) + + ;; Make sure we got everything right. + (exit (eq? (session-record-port server) + (session-record-port server)) + (= amount (u8vector-length %message)) + (equal? buf %message) + (eof-object? + (read-char (session-record-port server))))))))) + + (lambda () + ;; failure + (exit 1))) + +;;; arch-tag: e873226a-d0b6-4a93-87ec-a1b5ad2ae8a2 diff --git a/guile/tests/srp-base64.scm b/guile/tests/srp-base64.scm new file mode 100644 index 0000000000..bb994a508d --- /dev/null +++ b/guile/tests/srp-base64.scm @@ -0,0 +1,39 @@ +;;; GNUTLS --- Guile bindings for GnuTLS. +;;; Copyright (C) 2007 Free Software Foundation +;;; +;;; GNUTLS is free software; you can redistribute it and/or +;;; modify it under the terms of the GNU Lesser General Public +;;; License as published by the Free Software Foundation; either +;;; version 2.1 of the License, or (at your option) any later version. +;;; +;;; GNUTLS is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;; Lesser General Public License for more details. +;;; +;;; You should have received a copy of the GNU Lesser General Public +;;; License along with GNUTLS; if not, write to the Free Software +;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +;;; Written by Ludovic Courtès <ludo@chbouib.org>. + + +;;; +;;; Test SRP base64 encoding and decoding. +;;; + +(use-modules (gnutls)) + +(define %message + "GNUTLS is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2.1 of the License, or (at your option) any later version.") + +(exit (let ((encoded (srp-base64-encode %message))) + (and (string? encoded) + (string=? (srp-base64-decode encoded) + %message)))) + + +;;; arch-tag: ea1534a5-d513-4208-9a75-54bd4710f915 diff --git a/guile/tests/x509-auth.scm b/guile/tests/x509-auth.scm new file mode 100644 index 0000000000..5c82aaebf5 --- /dev/null +++ b/guile/tests/x509-auth.scm @@ -0,0 +1,135 @@ +;;; GNUTLS --- Guile bindings for GnuTLS. +;;; Copyright (C) 2007 Free Software Foundation +;;; +;;; GNUTLS is free software; you can redistribute it and/or +;;; modify it under the terms of the GNU Lesser General Public +;;; License as published by the Free Software Foundation; either +;;; version 2.1 of the License, or (at your option) any later version. +;;; +;;; GNUTLS is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;; Lesser General Public License for more details. +;;; +;;; You should have received a copy of the GNU Lesser General Public +;;; License along with GNUTLS; if not, write to the Free Software +;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +;;; Written by Ludovic Courtès <ludo@chbouib.org>. + + +;;; +;;; Test session establishment using X.509 certificate authentication. +;;; Based on `openpgp-auth.scm'. +;;; + +(use-modules (gnutls) + (srfi srfi-4)) + + +;; TLS session settings. +(define %protos (list protocol/tls-1.0)) +(define %certs (list certificate-type/x509)) +(define %ciphers (list cipher/null cipher/arcfour cipher/aes-128-cbc + cipher/aes-256-cbc)) +(define %kx (list kx/rsa kx/rsa-export kx/dhe-dss kx/dhe-dss)) +(define %macs (list mac/sha1 mac/rmd160 mac/md5)) + +;; Message sent by the client. +(define %message + (cons "hello, world!" (iota 4444))) + +(define (import-something import-proc file fmt) + (let* ((path (search-path %load-path file)) + (size (stat:size (stat path))) + (raw (make-u8vector size))) + (uniform-vector-read! raw (open-input-file path)) + (import-proc raw fmt))) + +(define (import-key import-proc file) + (import-something import-proc file x509-certificate-format/pem)) + +(define (import-rsa-params file) + (import-something pkcs1-import-rsa-parameters file + x509-certificate-format/pem)) + +;; Debugging. +;; (set-log-level! 3) +;; (set-log-procedure! (lambda (level str) +;; (format #t "[~a|~a] ~a" (getpid) level str))) + +(dynamic-wind + (lambda () + #t) + + (lambda () + (let ((socket-pair (socketpair PF_UNIX SOCK_STREAM 0)) + (pub (import-key import-x509-certificate + "x509-certificate.pem")) + (sec (import-key import-x509-private-key + "x509-key.pem"))) + (let ((pid (primitive-fork))) + (if (= 0 pid) + + (let ((client (make-session connection-end/client)) + (cred (make-certificate-credentials))) + ;; client-side (child process) + (set-session-default-priority! client) + (set-session-certificate-type-priority! client %certs) + (set-session-kx-priority! client %kx) + (set-session-protocol-priority! client %protos) + (set-session-cipher-priority! client %ciphers) + (set-session-mac-priority! client %macs) + + (set-certificate-credentials-x509-keys! cred (list pub) sec) + (set-session-credentials! client cred) + (set-session-dh-prime-bits! client 1024) + + (set-session-transport-fd! client (fileno (car socket-pair))) + + (handshake client) + (write %message (session-record-port client)) + (bye client close-request/rdwr) + + (exit)) + + (let ((server (make-session connection-end/server)) + (rsa (import-rsa-params "rsa-parameters.pem")) + (dh (make-dh-parameters 1024))) + ;; server-side + (set-session-default-priority! server) + (set-session-certificate-type-priority! server %certs) + (set-session-kx-priority! server %kx) + (set-session-protocol-priority! server %protos) + (set-session-cipher-priority! server %ciphers) + (set-session-mac-priority! server %macs) + (set-server-session-certificate-request! server + certificate-request/require) + + (set-session-transport-fd! server (fileno (cdr socket-pair))) + (let ((cred (make-certificate-credentials)) + (trust-file (search-path %load-path + "x509-certificate.pem")) + (trust-fmt x509-certificate-format/pem)) + (set-certificate-credentials-dh-parameters! cred dh) + (set-certificate-credentials-rsa-export-parameters! cred rsa) + (set-certificate-credentials-x509-keys! cred (list pub) sec) + (set-certificate-credentials-x509-trust-file! cred + trust-file + trust-fmt) + (set-session-credentials! server cred)) + (set-session-dh-prime-bits! server 1024) + + (handshake server) + (let ((msg (read (session-record-port server))) + (auth-type (session-authentication-type server))) + (bye server close-request/rdwr) + (exit (and (eq? auth-type credentials/certificate) + (equal? msg %message))))))))) + + (lambda () + ;; failure + (exit 1))) + +;;; arch-tag: 1f88f835-a5c8-4fd6-94b6-5a13571ba03d + diff --git a/guile/tests/x509-certificate.pem b/guile/tests/x509-certificate.pem new file mode 100644 index 0000000000..8891072581 --- /dev/null +++ b/guile/tests/x509-certificate.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIICmDCCAgOgAwIBAgIBAjALBgkqhkiG9w0BAQUwUjELMAkGA1UEBhMCR1IxDDAK +BgNVBAoTA0ZTRjEPMA0GA1UECxMGR05VVExTMSQwIgYDVQQDExtHTlVUTFMgSU5U +RVJNRURJQVRFIFRFU1QgQ0EwHhcNMDQwNjI4MjI0NzAwWhcNMDcwMzIyMjI0NzAw +WjBJMQswCQYDVQQGEwJHUjEMMAoGA1UEChMDRlNGMQ8wDQYDVQQLEwZHTlVUTFMx +GzAZBgNVBAMTEkdOVVRMUyBURVNUIFNFUlZFUjCBnDALBgkqhkiG9w0BAQEDgYwA +MIGIAoGA1chUqA9ib8S5GKd29B9d1rwgUncFhJPu0+RK8kOyOsV3qBdtdWeBSiGW +So1RHkcmV9BlbUtmuHioAUkZPSo8gtoEy3JpSemW221BsjwITjGeZxZsb+4C/U2X +HUIlO+jqBK5VYbpNXkP/2ofMkWWAZyKnI+PMIfFvv/cASsI0k48CAwEAAaOBjTCB +ijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDATBgNVHSUEDDAK +BggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBTIZD/hlqUB89OE +AwonwqGflkHtijAfBgNVHSMEGDAWgBQ2tS+xHdrw3r4o20MwGkLdzh5UlDALBgkq +hkiG9w0BAQUDgYEAWPpWlUlvzDZRbpneYw8d6Q8On/ZPmSYBCm38vTKPEoNA6lW1 +WIc3Vbw5zOeSfDLifIWV2W/MqyjDo9MeWvSKpcUfRfibpXBgbA4RAGW0j2K1JQmE +gP3k1vMicYzn5EglhZjoa9I+36a90vJraqzHQ7DrKtW0FDfW2GREzSh9RV8= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIICajCCAdWgAwIBAgIBATALBgkqhkiG9w0BAQUwRTELMAkGA1UEBhMCR1IxDDAK +BgNVBAoTA0ZTRjEPMA0GA1UECxMGR05VVExTMRcwFQYDVQQDEw5HTlVUTFMgVEVT +VCBDQTAeFw0wNDA2MjgyMjQ2MDBaFw0wNzAzMjMyMjQ2MDBaMFIxCzAJBgNVBAYT +AkdSMQwwCgYDVQQKEwNGU0YxDzANBgNVBAsTBkdOVVRMUzEkMCIGA1UEAxMbR05V +VExTIElOVEVSTUVESUFURSBURVNUIENBMIGcMAsGCSqGSIb3DQEBAQOBjAAwgYgC +gYC0JKSLzHuiWK66XYOJk6AxDBo94hdCFnfIor7xnZkqTgiUQZhk9HDVmmz1+tLd +yJk6r9PK+WMDDBkSOvT+SmQNd9mL2JzI+bJWwoB77aJ7vUI3/9+ugtffiapnX6wx +vLyAxeJRyN0Q3oBHc6N2dJo9z1NHoFe8xipXXHOdxU1DAwIDAQABo2QwYjAPBgNV +HRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYEFDa1L7Ed2vDe +vijbQzAaQt3OHlSUMB8GA1UdIwQYMBaAFHnrG2+jZuZ54dHitdvaJwZFKQpIMAsG +CSqGSIb3DQEBBQOBgQCi/SI37DrGCeZhtGhU2AyZFaqskRoFt4zAb9UYaGZaYEh5 +0VUZsA/Ol8jiiQTtiCokZswhSsn+2McZmcspKigsY2aEBrry+TGFWMnYu5j5kcwP +1nVuHxLRwLt2rIsjgkeSNdHr8XHKi9/Roz/Gj86OnBAHwPt8WHfHK+63cMX1WA== +-----END CERTIFICATE----- + diff --git a/guile/tests/x509-certificates.scm b/guile/tests/x509-certificates.scm new file mode 100644 index 0000000000..3b5629c3a3 --- /dev/null +++ b/guile/tests/x509-certificates.scm @@ -0,0 +1,86 @@ +;;; GNUTLS --- Guile bindings for GnuTLS. +;;; Copyright (C) 2007 Free Software Foundation +;;; +;;; GNUTLS is free software; you can redistribute it and/or +;;; modify it under the terms of the GNU Lesser General Public +;;; License as published by the Free Software Foundation; either +;;; version 2.1 of the License, or (at your option) any later version. +;;; +;;; GNUTLS is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;; Lesser General Public License for more details. +;;; +;;; You should have received a copy of the GNU Lesser General Public +;;; License along with GNUTLS; if not, write to the Free Software +;;; Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +;;; Written by Ludovic Courtès <ludo@chbouib.org>. + + +;;; +;;; Exercise the X.509 certificate API. +;;; + +(use-modules (gnutls) + (srfi srfi-4) + (srfi srfi-11)) + +(define %certificate-file + (search-path %load-path "x509-certificate.pem")) + +(define %private-key-file + (search-path %load-path "x509-key.pem")) + +(define %first-oid + ;; The certificate's first OID. + "2.5.4.6") + +(define %signature-algorithm + ;; The certificate's signature algorithm. + sign-algorithm/rsa-sha1) + + +(define (file-size file) + (stat:size (stat file))) + + +(dynamic-wind + + (lambda () + #t) + + (lambda () + (let ((raw-certificate (make-u8vector (file-size %certificate-file))) + (raw-privkey (make-u8vector (file-size %private-key-file)))) + + (uniform-vector-read! raw-certificate + (open-input-file %certificate-file)) + (uniform-vector-read! raw-privkey + (open-input-file %private-key-file)) + + (let ((cert (import-x509-certificate raw-certificate + x509-certificate-format/pem)) + (sec (import-x509-private-key raw-privkey + x509-certificate-format/pem))) + + (exit (and (x509-certificate? cert) + (x509-private-key? sec) + (string? (x509-certificate-dn cert)) + (string? (x509-certificate-issuer-dn cert)) + (string=? (x509-certificate-dn-oid cert 0) %first-oid) + (eq? (x509-certificate-signature-algorithm cert) + %signature-algorithm) + (x509-certificate-matches-hostname? cert "localhost") + (let-values (((type name) + (x509-certificate-subject-alternative-name + cert 0))) + (and (string? name) + (string? + (x509-subject-alternative-name->string type))))))))) + + (lambda () + ;; failure + (exit 1))) + +;;; arch-tag: eef09b52-30e8-472a-8b93-cb636434f6eb diff --git a/guile/tests/x509-key.pem b/guile/tests/x509-key.pem new file mode 100644 index 0000000000..1e80b2e55e --- /dev/null +++ b/guile/tests/x509-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQDVyFSoD2JvxLkYp3b0H13WvCBSdwWEk+7T5EryQ7I6xXeoF211 +Z4FKIZZKjVEeRyZX0GVtS2a4eKgBSRk9KjyC2gTLcmlJ6ZbbbUGyPAhOMZ5nFmxv +7gL9TZcdQiU76OoErlVhuk1eQ//ah8yRZYBnIqcj48wh8W+/9wBKwjSTjwIDAQAB +AoGAAn2Ueua++1Vb4K0mxh5NbhCAAeXwEwTULfTFaMAgJe4iADvRoyIDEBWHFjRC +QyuKB1DetaDAwBprvqQW3q8MyGYD7P9h85Wfu/hpIYKTw9hNeph420aE8WXw2ygl +TkJz3bzkMrXe/WjdhS1kTt8avCNQR/p0jM/UHvNze4oLc1ECQQDfammiczQFtj+F +uf3CNcYwp5XNumF+pubdGb+UHUiHyCuVQxvm+LXgq8wXV/uXFLrp7FQFLCDQf0ji +KDB2YQvRAkEA9PY/2AaGsU7j8ePwQbxCkwuj3hY6O6aNLIGxKxwZrzbob26c+tQk +/++e0IXusIscBvcRV1Kg8Ff6fnw7/AdhXwJAG8qVbOuRmGk0BkwuFmPoeW3vNQgR +X96O7po0qPBqVdRAU2rvzYtkCFxYqq0ilI0ekZtAfKxbeykaQaRkkKPaoQJAcifP +yWJ/tu8z4DM7Ka+pFqTMwIllM1U3vFtv3LXezDE7AGDCyHKdB7MXcPXqj6nmCLMi +swwiLLahAOBnUqk6xwJAJQ4pGcFFlCiIiVsq0wYSYmZUcRpSIInEQ0f8/xN6J22Z +siP5vnJM3F7R6ciYTt2gzNci/W9cdZI2HxskkO5lbQ== +-----END RSA PRIVATE KEY----- |