tests: Extend tests with an ultimately trusted key

* tests/gpg/Makefile.am (gpg-sample.stamp, pubring-stamp): Unify usage
of tabs.
(pubring-stamp): Import owner trust values.
* tests/gpg/ownertrust.txt: New.
* tests/gpg/t-decrypt-verify.c, tests/gpg/t-verify.c: Update expected
values for signature summary and validity.
* tests/gpg/t-keylist-secret-sig.c, tests/gpg/t-keylist-sig.c,
tests/gpg/t-keylist.c: Update expected values of owner trust and uid
validity.
--

This change marks the "Alpha Test" test key as ultimately trusted which
makes it possible to check for correct values derived from this, i.e.
key owner trust, user id validity, signature summary and signature
validity.

GnuPG-bug-id: 6342
This commit is contained in:
Ingo Klöcker 2023-02-08 13:46:17 +01:00
parent 844e6cd3b9
commit fcefc78f74
No known key found for this signature in database
GPG Key ID: F5A5D1692277A1E9
7 changed files with 56 additions and 42 deletions

View File

@ -99,15 +99,17 @@ gpg-sample.stamp: $(srcdir)/$(private_keys)
-$(TESTS_ENVIRONMENT) gpgconf --kill all -$(TESTS_ENVIRONMENT) gpgconf --kill all
$(MKDIR_P) ./private-keys-v1.d $(MKDIR_P) ./private-keys-v1.d
for k in $(private_keys); do \ for k in $(private_keys); do \
cp $(srcdir)/$$k private-keys-v1.d/$$k.key; \ cp $(srcdir)/$$k private-keys-v1.d/$$k.key; \
done done
echo x > ./gpg-sample.stamp echo x > ./gpg-sample.stamp
pubring-stamp: $(srcdir)/pubdemo.asc gpg-sample.stamp pubring-stamp: $(srcdir)/pubdemo.asc gpg-sample.stamp
$(TESTS_ENVIRONMENT) $(GPG) --batch --no-permission-warning \ $(TESTS_ENVIRONMENT) $(GPG) --batch --no-permission-warning \
--import $(srcdir)/pubdemo.asc --import $(srcdir)/pubdemo.asc
-$(TESTS_ENVIRONMENT) $(GPG) --batch --no-permission-warning \ -$(TESTS_ENVIRONMENT) $(GPG) --batch --no-permission-warning \
--import $(srcdir)/secdemo.asc --import $(srcdir)/secdemo.asc
-$(TESTS_ENVIRONMENT) $(GPG) --batch --no-permission-warning \
--import-ownertrust $(srcdir)/ownertrust.txt
echo x > ./pubring-stamp echo x > ./pubring-stamp
gpg.conf: $(srcdir)/gpg.conf.in gpg.conf: $(srcdir)/gpg.conf.in

3
tests/gpg/ownertrust.txt Normal file
View File

@ -0,0 +1,3 @@
# List of assigned trustvalues, created Mi 08 Feb 2023 09:52:04 CET
# (Use "gpg --import-ownertrust" to restore them)
A0FF4590BB6122EDEF6E3C542D727CC768697734:6:

View File

@ -38,7 +38,7 @@
static void static void
check_verify_result (gpgme_verify_result_t result, unsigned int summary, check_verify_result (gpgme_verify_result_t result, unsigned int summary,
const char *fpr, gpgme_error_t status) const char *fpr, gpgme_error_t status, int validity)
{ {
gpgme_signature_t sig; gpgme_signature_t sig;
@ -79,10 +79,11 @@ check_verify_result (gpgme_verify_result_t result, unsigned int summary,
__FILE__, __LINE__); __FILE__, __LINE__);
exit (1); exit (1);
} }
if (sig->validity != GPGME_VALIDITY_UNKNOWN) if (sig->validity != validity)
{ {
fprintf (stderr, "%s:%i: Unexpected validity: %i\n", fprintf (stderr, "%s:%i: Unexpected validity: "
__FILE__, __LINE__, sig->validity); "want=%i have=%i\n",
__FILE__, __LINE__, validity, sig->validity);
exit (1); exit (1);
} }
if (gpgme_err_code (sig->validity_reason) != GPG_ERR_NO_ERROR) if (gpgme_err_code (sig->validity_reason) != GPG_ERR_NO_ERROR)
@ -134,9 +135,9 @@ main (int argc, char *argv[])
} }
print_data (out); print_data (out);
verify_result = gpgme_op_verify_result (ctx); verify_result = gpgme_op_verify_result (ctx);
check_verify_result (verify_result, 0, check_verify_result (verify_result, GPGME_SIGSUM_VALID|GPGME_SIGSUM_GREEN,
"A0FF4590BB6122EDEF6E3C542D727CC768697734", "A0FF4590BB6122EDEF6E3C542D727CC768697734",
GPG_ERR_NO_ERROR); GPG_ERR_NO_ERROR, GPGME_VALIDITY_FULL);
gpgme_data_release (in); gpgme_data_release (in);
gpgme_data_release (out); gpgme_data_release (out);

View File

@ -167,7 +167,7 @@ main (void)
key->chain_id); key->chain_id);
exit (1); exit (1);
} }
if (key->owner_trust != GPGME_VALIDITY_UNKNOWN) if (key->owner_trust != GPGME_VALIDITY_ULTIMATE)
{ {
fprintf (stderr, "Key has unexpected owner trust: %i\n", fprintf (stderr, "Key has unexpected owner trust: %i\n",
key->owner_trust); key->owner_trust);
@ -349,7 +349,7 @@ main (void)
fprintf (stderr, "First user ID unexpectedly invalid\n"); fprintf (stderr, "First user ID unexpectedly invalid\n");
exit (1); exit (1);
} }
if (key->uids && key->uids->validity != GPGME_VALIDITY_UNKNOWN) if (key->uids && key->uids->validity != GPGME_VALIDITY_ULTIMATE)
{ {
fprintf (stderr, "First user ID has unexpectedly validity: %i\n", fprintf (stderr, "First user ID has unexpectedly validity: %i\n",
key->uids->validity); key->uids->validity);
@ -435,7 +435,7 @@ main (void)
exit (1); exit (1);
} }
if (key->uids && key->uids->next if (key->uids && key->uids->next
&& key->uids->next->validity != GPGME_VALIDITY_UNKNOWN) && key->uids->next->validity != GPGME_VALIDITY_ULTIMATE)
{ {
fprintf (stderr, "Second user ID has unexpectedly validity: %i\n", fprintf (stderr, "Second user ID has unexpectedly validity: %i\n",
key->uids->next->validity); key->uids->next->validity);
@ -526,7 +526,7 @@ main (void)
exit (1); exit (1);
} }
if (key->uids && key->uids->next && key->uids->next->next if (key->uids && key->uids->next && key->uids->next->next
&& key->uids->next->next->validity != GPGME_VALIDITY_UNKNOWN) && key->uids->next->next->validity != GPGME_VALIDITY_ULTIMATE)
{ {
fprintf (stderr, "Third user ID has unexpectedly validity: %i\n", fprintf (stderr, "Third user ID has unexpectedly validity: %i\n",
key->uids->next->next->validity); key->uids->next->next->validity);

View File

@ -167,7 +167,7 @@ main (void)
key->chain_id); key->chain_id);
exit (1); exit (1);
} }
if (key->owner_trust != GPGME_VALIDITY_UNKNOWN) if (key->owner_trust != GPGME_VALIDITY_ULTIMATE)
{ {
fprintf (stderr, "Key has unexpected owner trust: %i\n", fprintf (stderr, "Key has unexpected owner trust: %i\n",
key->owner_trust); key->owner_trust);
@ -349,7 +349,7 @@ main (void)
fprintf (stderr, "First user ID unexpectedly invalid\n"); fprintf (stderr, "First user ID unexpectedly invalid\n");
exit (1); exit (1);
} }
if (key->uids && key->uids->validity != GPGME_VALIDITY_UNKNOWN) if (key->uids && key->uids->validity != GPGME_VALIDITY_ULTIMATE)
{ {
fprintf (stderr, "First user ID has unexpectedly validity: %i\n", fprintf (stderr, "First user ID has unexpectedly validity: %i\n",
key->uids->validity); key->uids->validity);
@ -435,7 +435,7 @@ main (void)
exit (1); exit (1);
} }
if (key->uids && key->uids->next if (key->uids && key->uids->next
&& key->uids->next->validity != GPGME_VALIDITY_UNKNOWN) && key->uids->next->validity != GPGME_VALIDITY_ULTIMATE)
{ {
fprintf (stderr, "Second user ID has unexpectedly validity: %i\n", fprintf (stderr, "Second user ID has unexpectedly validity: %i\n",
key->uids->next->validity); key->uids->next->validity);
@ -526,7 +526,7 @@ main (void)
exit (1); exit (1);
} }
if (key->uids && key->uids->next && key->uids->next->next if (key->uids && key->uids->next && key->uids->next->next
&& key->uids->next->next->validity != GPGME_VALIDITY_UNKNOWN) && key->uids->next->next->validity != GPGME_VALIDITY_ULTIMATE)
{ {
fprintf (stderr, "Third user ID has unexpectedly validity: %i\n", fprintf (stderr, "Third user ID has unexpectedly validity: %i\n",
key->uids->next->next->validity); key->uids->next->next->validity);

View File

@ -43,8 +43,10 @@ struct key_info_s
const char *name; const char *name;
const char *comment; const char *comment;
const char *email; const char *email;
gpgme_validity_t validity;
} uid[3]; } uid[3];
int n_subkeys; int n_subkeys;
gpgme_validity_t owner_trust;
void (*misc_check)(struct key_info_s *keyinfo, gpgme_key_t key); void (*misc_check)(struct key_info_s *keyinfo, gpgme_key_t key);
}; };
@ -56,9 +58,12 @@ static void check_whisky (struct key_info_s *keyinfo, gpgme_key_t key);
struct key_info_s keys[] = struct key_info_s keys[] =
{ {
{ "A0FF4590BB6122EDEF6E3C542D727CC768697734", "6AE6D7EE46A871F8", { "A0FF4590BB6122EDEF6E3C542D727CC768697734", "6AE6D7EE46A871F8",
{ { "Alfa Test", "demo key", "alfa@example.net" }, { { "Alfa Test", "demo key", "alfa@example.net",
{ "Alpha Test", "demo key", "alpha@example.net" }, GPGME_VALIDITY_ULTIMATE },
{ "Alice", "demo key", NULL } }, 1 }, { "Alpha Test", "demo key", "alpha@example.net",
GPGME_VALIDITY_ULTIMATE },
{ "Alice", "demo key", NULL, GPGME_VALIDITY_ULTIMATE } }, 1,
GPGME_VALIDITY_ULTIMATE },
{ "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", "5381EA4EE29BA37F", { "D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", "5381EA4EE29BA37F",
{ { "Bob", "demo key", NULL }, { { "Bob", "demo key", NULL },
{ "Bravo Test", "demo key", "bravo@example.net" } }, 1 }, { "Bravo Test", "demo key", "bravo@example.net" } }, 1 },
@ -107,7 +112,7 @@ struct key_info_s keys[] =
{ { "Victor Test", "demo key", "victor@example.org" } }, 1 }, { { "Victor Test", "demo key", "victor@example.org" } }, 1 },
{ "E8D6C90B683B0982BD557A99DEF0F7B8EC67DBDE", "D7FBB421FD6E27F6", { "E8D6C90B683B0982BD557A99DEF0F7B8EC67DBDE", "D7FBB421FD6E27F6",
{ { "Whisky Test", "demo key", "whisky@example.net" } }, 3, { { "Whisky Test", "demo key", "whisky@example.net" } }, 3,
check_whisky }, GPGME_VALIDITY_UNKNOWN, check_whisky },
{ "04C1DF62EFA0EBB00519B06A8979A6C5567FB34A", "5CC6F87F41E408BE", { "04C1DF62EFA0EBB00519B06A8979A6C5567FB34A", "5CC6F87F41E408BE",
{ { "XRay Test", "demo key", "xray@example.net" } }, 1 }, { { "XRay Test", "demo key", "xray@example.net" } }, 1 },
{ "ED9B316F78644A58D042655A9EEF34CD4B11B25F", "5ADFD255F7B080AD", { "ED9B316F78644A58D042655A9EEF34CD4B11B25F", "5ADFD255F7B080AD",
@ -219,10 +224,10 @@ main (int argc, char **argv)
key->chain_id); key->chain_id);
exit (1); exit (1);
} }
if (key->owner_trust != GPGME_VALIDITY_UNKNOWN) if (key->owner_trust != keys[i].owner_trust)
{ {
fprintf (stderr, "Key has unexpected owner trust: %i\n", fprintf (stderr, "Key `%s' has unexpected owner trust: %i\n",
key->owner_trust); keys[i].uid[0].name, key->owner_trust);
exit (1); exit (1);
} }
@ -426,10 +431,10 @@ main (int argc, char **argv)
fprintf (stderr, "First user ID unexpectedly invalid\n"); fprintf (stderr, "First user ID unexpectedly invalid\n");
exit (1); exit (1);
} }
if (key->uids && key->uids->validity != GPGME_VALIDITY_UNKNOWN) if (key->uids && key->uids->validity != keys[i].uid[0].validity)
{ {
fprintf (stderr, "First user ID has unexpectedly validity: %i\n", fprintf (stderr, "First user ID `%s' has unexpectedly validity: %i\n",
key->uids->validity); key->uids->name, key->uids->validity);
exit (1); exit (1);
} }
if (key->uids && key->uids->signatures) if (key->uids && key->uids->signatures)
@ -469,7 +474,7 @@ main (int argc, char **argv)
exit (1); exit (1);
} }
if (key->uids && key->uids->next if (key->uids && key->uids->next
&& key->uids->next->validity != GPGME_VALIDITY_UNKNOWN) && key->uids->next->validity != keys[i].uid[1].validity)
{ {
fprintf (stderr, "Second user ID has unexpectedly validity: %i\n", fprintf (stderr, "Second user ID has unexpectedly validity: %i\n",
key->uids->next->validity); key->uids->next->validity);
@ -514,7 +519,7 @@ main (int argc, char **argv)
exit (1); exit (1);
} }
if (key->uids && key->uids->next && key->uids->next->next if (key->uids && key->uids->next && key->uids->next->next
&& key->uids->next->next->validity != GPGME_VALIDITY_UNKNOWN) && key->uids->next->next->validity != keys[i].uid[2].validity)
{ {
fprintf (stderr, "Third user ID has unexpectedly validity: %i\n", fprintf (stderr, "Third user ID has unexpectedly validity: %i\n",
key->uids->next->next->validity); key->uids->next->next->validity);

View File

@ -94,7 +94,7 @@ static const char double_plaintext_sig[] =
static void static void
check_result (gpgme_verify_result_t result, int no_of_sigs, int skip_sigs, check_result (gpgme_verify_result_t result, int no_of_sigs, int skip_sigs,
unsigned int summary, const char *fpr, unsigned int summary, const char *fpr,
gpgme_error_t status, int notation) gpgme_error_t status, int notation, int validity)
{ {
gpgme_signature_t sig; gpgme_signature_t sig;
int n; int n;
@ -206,10 +206,11 @@ check_result (gpgme_verify_result_t result, int no_of_sigs, int skip_sigs,
PGM, __LINE__, skip_sigs); PGM, __LINE__, skip_sigs);
exit (1); exit (1);
} }
if (sig->validity != GPGME_VALIDITY_UNKNOWN) if (sig->validity != validity)
{ {
fprintf (stderr, "%s:%i:sig-%d: Unexpected validity: %i\n", fprintf (stderr, "%s:%i:sig-%d: Unexpected validity: "
PGM, __LINE__, skip_sigs, sig->validity); "want=%i have=%i\n",
PGM, __LINE__, skip_sigs, validity, sig->validity);
exit (1); exit (1);
} }
if (gpgme_err_code (sig->validity_reason) != GPG_ERR_NO_ERROR) if (gpgme_err_code (sig->validity_reason) != GPG_ERR_NO_ERROR)
@ -247,8 +248,9 @@ main (int argc, char *argv[])
err = gpgme_op_verify (ctx, sig, text, NULL); err = gpgme_op_verify (ctx, sig, text, NULL);
fail_if_err (err); fail_if_err (err);
result = gpgme_op_verify_result (ctx); result = gpgme_op_verify_result (ctx);
check_result (result, 1, 0, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734", check_result (result, 1, 0, GPGME_SIGSUM_VALID|GPGME_SIGSUM_GREEN,
GPG_ERR_NO_ERROR, 1); "A0FF4590BB6122EDEF6E3C542D727CC768697734",
GPG_ERR_NO_ERROR, 1, GPGME_VALIDITY_FULL);
/* Checking a manipulated message. */ /* Checking a manipulated message. */
gpgme_data_release (text); gpgme_data_release (text);
@ -259,9 +261,9 @@ main (int argc, char *argv[])
fail_if_err (err); fail_if_err (err);
result = gpgme_op_verify_result (ctx); result = gpgme_op_verify_result (ctx);
check_result (result, 1, 0, GPGME_SIGSUM_RED, "2D727CC768697734", check_result (result, 1, 0, GPGME_SIGSUM_RED, "2D727CC768697734",
GPG_ERR_BAD_SIGNATURE, 0); GPG_ERR_BAD_SIGNATURE, 0, GPGME_VALIDITY_UNKNOWN);
/* Checking a valid message. Bu that one has a second signature /* Checking a valid message. But that one has a second signature
* made by an unknown key. */ * made by an unknown key. */
gpgme_data_release (text); gpgme_data_release (text);
gpgme_data_release (sig); gpgme_data_release (sig);
@ -273,12 +275,12 @@ main (int argc, char *argv[])
err = gpgme_op_verify (ctx, sig, text, NULL); err = gpgme_op_verify (ctx, sig, text, NULL);
fail_if_err (err); fail_if_err (err);
result = gpgme_op_verify_result (ctx); result = gpgme_op_verify_result (ctx);
check_result (result, 2, 0, 0, check_result (result, 2, 0, GPGME_SIGSUM_VALID|GPGME_SIGSUM_GREEN,
"A0FF4590BB6122EDEF6E3C542D727CC768697734", "A0FF4590BB6122EDEF6E3C542D727CC768697734",
GPG_ERR_NO_ERROR, 1); GPG_ERR_NO_ERROR, 1, GPGME_VALIDITY_FULL);
check_result (result, 2, 1, GPGME_SIGSUM_KEY_MISSING, check_result (result, 2, 1, GPGME_SIGSUM_KEY_MISSING,
"36EC2A70C6426EB0FCE5BB4DF91C98F049D4204C", "36EC2A70C6426EB0FCE5BB4DF91C98F049D4204C",
GPG_ERR_NO_PUBKEY, 0); GPG_ERR_NO_PUBKEY, 0, GPGME_VALIDITY_UNKNOWN);
/* Checking a normal signature. */ /* Checking a normal signature. */
@ -291,8 +293,9 @@ main (int argc, char *argv[])
err = gpgme_op_verify (ctx, sig, NULL, text); err = gpgme_op_verify (ctx, sig, NULL, text);
fail_if_err (err); fail_if_err (err);
result = gpgme_op_verify_result (ctx); result = gpgme_op_verify_result (ctx);
check_result (result, 1, 0, 0, "A0FF4590BB6122EDEF6E3C542D727CC768697734", check_result (result, 1, 0, GPGME_SIGSUM_VALID|GPGME_SIGSUM_GREEN,
GPG_ERR_NO_ERROR, 0); "A0FF4590BB6122EDEF6E3C542D727CC768697734",
GPG_ERR_NO_ERROR, 0, GPGME_VALIDITY_FULL);
/* Checking an invalid message. */ /* Checking an invalid message. */