tests: Add another check to gpg/t-verify.

* tests/gpg/t-verify.c (PGM): New.  Use it instead of __FILE__.
(test_sig1_plus_unknown_key): New test signature.
(check_result): Allow checking of several signatures.
(main): Check a signature with a know and an unknown key.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-04-12 15:39:20 +02:00
parent f7700a0169
commit bdf7cd2e28
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -31,31 +31,14 @@
#include <gpgme.h> #include <gpgme.h>
#define PGM "t-verify"
#include "t-support.h" #include "t-support.h"
static const char test_text1[] = "Just GNU it!\n"; static const char test_text1[] = "Just GNU it!\n";
static const char test_text1f[]= "Just GNU it?\n"; static const char test_text1f[]= "Just GNU it?\n";
static const char test_sig1[] = static const char test_sig1[] =
#if 0
"-----BEGIN PGP SIGNATURE-----\n"
"\n"
"iEYEABECAAYFAjoKgjIACgkQLXJ8x2hpdzQMSwCeO/xUrhysZ7zJKPf/FyXA//u1\n"
"ZgIAn0204PBR7yxSdQx6CFxugstNqmRv\n"
"=yku6\n"
"-----END PGP SIGNATURE-----\n"
#elif 0
"-----BEGIN PGP SIGNATURE-----\n"
"Version: GnuPG v1.0.4-2 (GNU/Linux)\n"
"Comment: For info see http://www.gnupg.org\n"
"\n"
"iJcEABECAFcFAjoS8/E1FIAAAAAACAAkZm9vYmFyLjF0aGlzIGlzIGEgbm90YXRp\n"
"b24gZGF0YSB3aXRoIDIgbGluZXMaGmh0dHA6Ly93d3cuZ3Uub3JnL3BvbGljeS8A\n"
"CgkQLXJ8x2hpdzQLyQCbBW/fgU8ZeWSlWPM1F8umHX17bAAAoIfSNDSp5zM85XcG\n"
"iwxMrf+u8v4r\n"
"=88Zo\n"
"-----END PGP SIGNATURE-----\n"
#elif 1
"-----BEGIN PGP SIGNATURE-----\n" "-----BEGIN PGP SIGNATURE-----\n"
"\n" "\n"
"iN0EABECAJ0FAjoS+i9FFIAAAAAAAwA5YmFyw7bDpMO8w58gZGFzIHdhcmVuIFVt\n" "iN0EABECAJ0FAjoS+i9FFIAAAAAAAwA5YmFyw7bDpMO8w58gZGFzIHdhcmVuIFVt\n"
@ -64,9 +47,24 @@ static const char test_sig1[] =
"Oi8vd3d3Lmd1Lm9yZy9wb2xpY3kvAAoJEC1yfMdoaXc0JBIAoIiLlUsvpMDOyGEc\n" "Oi8vd3d3Lmd1Lm9yZy9wb2xpY3kvAAoJEC1yfMdoaXc0JBIAoIiLlUsvpMDOyGEc\n"
"dADGKXF/Hcb+AKCJWPphZCphduxSvrzH0hgzHdeQaA==\n" "dADGKXF/Hcb+AKCJWPphZCphduxSvrzH0hgzHdeQaA==\n"
"=nts1\n" "=nts1\n"
"-----END PGP SIGNATURE-----\n" "-----END PGP SIGNATURE-----\n";
#endif
; /* The same as test_sig1 but with a second signature for which we do
* not have the public key (deleted after signature creation). */
static const char test_sig1_plus_unknown_key[] =
"-----BEGIN PGP SIGNATURE-----\n"
"\n"
"iN0EABECAJ0FAjoS+i9FFIAAAAAAAwA5YmFyw7bDpMO8w58gZGFzIHdhcmVuIFVt\n"
"bGF1dGUgdW5kIGpldHp0IGVpbiBwcm96ZW50JS1aZWljaGVuNRSAAAAAAAgAJGZv\n"
"b2Jhci4xdGhpcyBpcyBhIG5vdGF0aW9uIGRhdGEgd2l0aCAyIGxpbmVzGhpodHRw\n"
"Oi8vd3d3Lmd1Lm9yZy9wb2xpY3kvAAoJEC1yfMdoaXc0JBIAoIiLlUsvpMDOyGEc\n"
"dADGKXF/Hcb+AKCJWPphZCphduxSvrzH0hgzHdeQaIh1BAAWCAAdFiEENuwqcMZC\n"
"brD85btN+RyY8EnUIEwFAlrPR4cACgkQ+RyY8EnUIEyiuAEAm41LJTGUFDzhavRm\n"
"jNwqUZxGGOySduW+u/X1lEfV+MYA/2lJOo75rHtD1EG+tkFVWt4Ukj0rjhR132vZ\n"
"IOtrYAcG\n"
"=yYwZ\n"
"-----END PGP SIGNATURE-----\n";
static const char test_sig2[] = static const char test_sig2[] =
"-----BEGIN PGP MESSAGE-----\n" "-----BEGIN PGP MESSAGE-----\n"
"\n" "\n"
@ -91,37 +89,51 @@ static const char double_plaintext_sig[] =
/* NO_OF_SIGS is the expected number of signatures. SKIP_SKIPS is
* which of these signatures to check (0 based). */
static void static void
check_result (gpgme_verify_result_t result, unsigned int summary, check_result (gpgme_verify_result_t result, int no_of_sigs, int skip_sigs,
const char *fpr, unsigned int summary, const char *fpr,
gpgme_error_t status, int notation) gpgme_error_t status, int notation)
{ {
gpgme_signature_t sig; gpgme_signature_t sig;
int n;
sig = result->signatures; sig = result->signatures;
if (!sig || sig->next) for (n=0; sig; sig = sig->next)
n++;
if (n != no_of_sigs)
{ {
fprintf (stderr, "%s:%i: Unexpected number of signatures\n", fprintf (stderr, "%s:%i: Unexpected number of signatures"
__FILE__, __LINE__); " (got %d expected %d)\n", PGM, __LINE__, n, no_of_sigs);
exit (1); exit (1);
} }
if (skip_sigs >= n)
{
fprintf (stderr, "%s:%i: oops SKIPP_SIGS to high\n", PGM, __LINE__);
exit (1);
}
for (n=0, sig = result->signatures; n < skip_sigs; sig = sig->next, n++)
;
if (sig->summary != summary) if (sig->summary != summary)
{ {
fprintf (stderr, "%s:%i: Unexpected signature summary: " fprintf (stderr, "%s:%i:sig-%d: Unexpected signature summary: "
"want=0x%x have=0x%x\n", "want=0x%x have=0x%x\n",
__FILE__, __LINE__, summary, sig->summary); PGM, __LINE__, skip_sigs, summary, sig->summary);
exit (1); exit (1);
} }
if (strcmp (sig->fpr, fpr)) if (strcmp (sig->fpr, fpr))
{ {
fprintf (stderr, "%s:%i: Unexpected fingerprint: %s\n", fprintf (stderr, "%s:%i:sig-%d: Unexpected fingerprint: %s\n",
__FILE__, __LINE__, sig->fpr); PGM, __LINE__, skip_sigs, sig->fpr);
exit (1); exit (1);
} }
if (gpgme_err_code (sig->status) != status) if (gpgme_err_code (sig->status) != status)
{ {
fprintf (stderr, "%s:%i: Unexpected signature status: %s\n", fprintf (stderr, "%s:%i:sig-%d: Unexpected signature status: %s\n",
__FILE__, __LINE__, gpgme_strerror (sig->status)); PGM, __LINE__, skip_sigs, gpgme_strerror (sig->status));
exit (1); exit (1);
} }
if (notation) if (notation)
@ -166,8 +178,8 @@ check_result (gpgme_verify_result_t result, unsigned int summary,
} }
if (!any) if (!any)
{ {
fprintf (stderr, "%s:%i: Unexpected notation data\n", fprintf (stderr, "%s:%i:sig-%d: Unexpected notation data\n",
__FILE__, __LINE__); PGM, __LINE__, skip_sigs);
exit (1); exit (1);
} }
} }
@ -175,28 +187,30 @@ check_result (gpgme_verify_result_t result, unsigned int summary,
{ {
if (expected_notations[i].seen != 1) if (expected_notations[i].seen != 1)
{ {
fprintf (stderr, "%s:%i: Missing or duplicate notation data\n", fprintf (stderr, "%s:%i:sig-%d: "
__FILE__, __LINE__); "Missing or duplicate notation data\n",
PGM, __LINE__, skip_sigs);
exit (1); exit (1);
} }
} }
} }
if (sig->wrong_key_usage) if (sig->wrong_key_usage)
{ {
fprintf (stderr, "%s:%i: Unexpectedly wrong key usage\n", fprintf (stderr, "%s:%i:sig-%d: Unexpectedly wrong key usage\n",
__FILE__, __LINE__); PGM, __LINE__, skip_sigs);
exit (1); exit (1);
} }
if (sig->validity != GPGME_VALIDITY_UNKNOWN) if (sig->validity != GPGME_VALIDITY_UNKNOWN)
{ {
fprintf (stderr, "%s:%i: Unexpected validity: %i\n", fprintf (stderr, "%s:%i:sig-%d: Unexpected validity: %i\n",
__FILE__, __LINE__, sig->validity); PGM, __LINE__, skip_sigs, sig->validity);
exit (1); exit (1);
} }
if (gpgme_err_code (sig->validity_reason) != GPG_ERR_NO_ERROR) if (gpgme_err_code (sig->validity_reason) != GPG_ERR_NO_ERROR)
{ {
fprintf (stderr, "%s:%i: Unexpected validity reason: %s\n", fprintf (stderr, "%s:%i:sig-%d: Unexpected validity reason: %s\n",
__FILE__, __LINE__, gpgme_strerror (sig->validity_reason)); PGM, __LINE__, skip_sigs,
gpgme_strerror (sig->validity_reason));
exit (1); exit (1);
} }
} }
@ -227,7 +241,7 @@ main (int argc, char *argv[])
err = gpgme_op_verify (ctx, sig, text, NULL); err = gpgme_op_verify (ctx, sig, text, NULL);
fail_if_err (err); fail_if_err (err);
result = gpgme_op_verify_result (ctx); result = gpgme_op_verify_result (ctx);
check_result (result, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734", check_result (result, 1, 0, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734",
GPG_ERR_NO_ERROR, 1); GPG_ERR_NO_ERROR, 1);
/* Checking a manipulated message. */ /* Checking a manipulated message. */
@ -238,9 +252,27 @@ main (int argc, char *argv[])
err = gpgme_op_verify (ctx, sig, text, NULL); err = gpgme_op_verify (ctx, sig, text, NULL);
fail_if_err (err); fail_if_err (err);
result = gpgme_op_verify_result (ctx); result = gpgme_op_verify_result (ctx);
check_result (result, GPGME_SIGSUM_RED, "2D727CC768697734", check_result (result, 1, 0, GPGME_SIGSUM_RED, "2D727CC768697734",
GPG_ERR_BAD_SIGNATURE, 0); GPG_ERR_BAD_SIGNATURE, 0);
/* Checking a valid message. Bu that one has a second signature
* made by an unknown key. */
gpgme_data_release (text);
gpgme_data_release (sig);
err = gpgme_data_new_from_mem (&text, test_text1, strlen (test_text1), 0);
fail_if_err (err);
err = gpgme_data_new_from_mem (&sig, test_sig1_plus_unknown_key,
strlen (test_sig1_plus_unknown_key), 0);
fail_if_err (err);
err = gpgme_op_verify (ctx, sig, text, NULL);
fail_if_err (err);
result = gpgme_op_verify_result (ctx);
check_result (result, 2, 0, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734",
GPG_ERR_NO_ERROR, 1);
check_result (result, 2, 1, 0, "36EC2A70C6426EB0FCE5BB4DF91C98F049D4204C",
GPG_ERR_NO_ERROR, 0);
/* Checking a normal signature. */ /* Checking a normal signature. */
gpgme_data_release (sig); gpgme_data_release (sig);
gpgme_data_release (text); gpgme_data_release (text);
@ -251,7 +283,7 @@ main (int argc, char *argv[])
err = gpgme_op_verify (ctx, sig, NULL, text); err = gpgme_op_verify (ctx, sig, NULL, text);
fail_if_err (err); fail_if_err (err);
result = gpgme_op_verify_result (ctx); result = gpgme_op_verify_result (ctx);
check_result (result, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734", check_result (result, 1, 0, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734",
GPG_ERR_NO_ERROR, 0); GPG_ERR_NO_ERROR, 0);
@ -267,7 +299,7 @@ main (int argc, char *argv[])
if (gpgme_err_code (err) != GPG_ERR_BAD_DATA) if (gpgme_err_code (err) != GPG_ERR_BAD_DATA)
{ {
fprintf (stderr, "%s:%i: Double plaintext message not detected\n", fprintf (stderr, "%s:%i: Double plaintext message not detected\n",
__FILE__, __LINE__); PGM, __LINE__);
exit (1); exit (1);
} }
@ -278,7 +310,7 @@ main (int argc, char *argv[])
if (!s || strcmp (s, "foo@example.org")) if (!s || strcmp (s, "foo@example.org"))
{ {
fprintf (stderr, "%s:%i: gpgme_{set,get}_sender mismatch\n", fprintf (stderr, "%s:%i: gpgme_{set,get}_sender mismatch\n",
__FILE__, __LINE__); PGM, __LINE__);
exit (1); exit (1);
} }
@ -288,7 +320,7 @@ main (int argc, char *argv[])
if (!s || strcmp (s, "bar@example.org")) if (!s || strcmp (s, "bar@example.org"))
{ {
fprintf (stderr, "%s:%i: gpgme_{set,get}_sender mismatch\n", fprintf (stderr, "%s:%i: gpgme_{set,get}_sender mismatch\n",
__FILE__, __LINE__); PGM, __LINE__);
exit (1); exit (1);
} }
@ -298,7 +330,7 @@ main (int argc, char *argv[])
if (!s || strcmp (s, "foo@example.org")) if (!s || strcmp (s, "foo@example.org"))
{ {
fprintf (stderr, "%s:%i: gpgme_{set,get}_sender mismatch\n", fprintf (stderr, "%s:%i: gpgme_{set,get}_sender mismatch\n",
__FILE__, __LINE__); PGM, __LINE__);
exit (1); exit (1);
} }
@ -306,7 +338,7 @@ main (int argc, char *argv[])
if (gpgme_err_code (err) != GPG_ERR_INV_VALUE) if (gpgme_err_code (err) != GPG_ERR_INV_VALUE)
{ {
fprintf (stderr, "%s:%i: gpgme_set_sender didn't detect bogus address\n", fprintf (stderr, "%s:%i: gpgme_set_sender didn't detect bogus address\n",
__FILE__, __LINE__); PGM, __LINE__);
exit (1); exit (1);
} }
/* (the former address should still be there.) */ /* (the former address should still be there.) */
@ -314,7 +346,7 @@ main (int argc, char *argv[])
if (!s || strcmp (s, "foo@example.org")) if (!s || strcmp (s, "foo@example.org"))
{ {
fprintf (stderr, "%s:%i: gpgme_{set,get}_sender mismatch\n", fprintf (stderr, "%s:%i: gpgme_{set,get}_sender mismatch\n",
__FILE__, __LINE__); PGM, __LINE__);
exit (1); exit (1);
} }