security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Code Activity
09c6f71351
gnupg/tests/openpgp/tofu.test

249 lines
5.7 KiB
Plaintext
Raw Normal View History

g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
#!/bin/sh
. $srcdir/defs.inc || exit 3
# set -x
tests/openpgp: Fake the system time for the tofu test. The keys in the tofu test are set to expire on 2016-09-17. Fake the system time for this test. This commit includes changes to the old test as well, for those who need to backport it. * tests/openpgp/gpg-agent.conf.tmpl: Drop trailing newlines. * tests/openpgp/tofu.scm: Fake system time. * tests/openpgp/tofu.test: Likewise. GnuPG-bug-id: 2393 Signed-off-by: Justus Winter <justus@g10code.com>
2016-06-23 17:24:23 +02:00
# Redefine GPG with a fixed time.
GPG="$GPG --faked-system-time=1466684990"
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
KEYS="2183839A BC15C85A EE37CF96"
# Make sure $srcdir is set.
if test "x$srcdir" = x
then
echo srcdir environment variable not set!
exit 1
fi
# Make sure $GNUPGHOME is set.
if test "x$GNUPGHOME" = x
then
echo "GNUPGHOME not set."
exit 1
fi
# Import the test keys.
$GPG --import $srcdir/tofu-keys.asc
# Make sure the keys are imported.
for k in $KEYS
do
if ! $GPG --list-keys $k >/dev/null 2>&1
then
echo Missing key $k
exit 1
fi
done
format=auto
debug()
{
echo "$@" >&2
}
debug_exec()
{
debug "Running GNUPGHOME=$GNUPGHOME $@"
${@:+"$@"}
}
# $1 is the keyid of the policy to lookup. Any remaining arguments
# are simply passed to GPG.
#
# This function only supports keys with a single user id.
getpolicy()
{
keyid=$1
if test x$keyid = x
then
echo No keyid supplied!
exit 1
fi
shift
policy=$(debug_exec $GPG --tofu-db-format=$format --trust-model=tofu \
--with-colons $@ --list-keys "$keyid" \
| awk -F: '/^uid:/ { print $18 }')
if test $(echo "$policy" | wc -l) -ne 1
then
echo "Got: $policy" >&2
echo "error"
else
case $policy in
auto|good|unknown|bad|ask) echo $policy ;;
*) echo "error" ;;
esac
fi
}
# $1 is the key id
# $2 is the expected policy
# The rest are additional options to pass to gpg.
checkpolicy()
{
debug
debug "checkpolicy($@)"
keyid=$1
shift
expected_policy=$1
shift
policy=$(getpolicy "$keyid" ${@:+"$@"})
if test "x$policy" != "x$expected_policy"
then
echo "$keyid: Expected policy to be \`$expected_policy', but got \`$policy'."
exit 1
fi
}
# $1 is the keyid of the trust level to lookup. Any remaining
# arguments are simply passed to GPG.
#
# This function only supports keys with a single user id.
gettrust()
{
keyid=$1
if test x$keyid = x
then
echo No keyid supplied!
exit 1
fi
shift
trust=$(debug_exec $GPG --tofu-db-format=$format --trust-model=tofu \
--with-colons $@ --list-keys "$keyid" \
| awk -F: '/^pub:/ { print $2 }')
if test $(echo "$trust" | wc -l) -ne 1
then
echo "error"
else
case $trust in
[oidreqnmfuws-]) echo $trust ;;
*) echo "Bad trust value: $trust" >&2; echo "error" ;;
esac
fi
}
# $1 is the key id
# $2 is the expected trust level
# The rest are additional options to pass to gpg.
checktrust()
{
debug
debug "checktrust($@)"
keyid=$1
shift
expected_trust=$1
shift
trust=$(gettrust "$keyid" ${@:+"$@"})
if test "x$trust" != "x$expected_trust"
then
echo "$keyid: Expected trust to be \`$expected_trust', but got \`$trust'."
exit 1
fi
}
# Set key $1's policy to $2. Any remaining arguments are passed as
# options to gpg.
setpolicy()
{
debug
debug "setpolicy($@)"
keyid=$1
shift
policy=$1
shift
debug_exec $GPG --tofu-db-format=$format \
--trust-model=tofu ${@:+"$@"} --tofu-policy $policy $keyid
}
for format in split flat
do
debug
debug "Testing with db format $format"
# Carefully remove the TOFU db.
test -e $GNUPGHOME/tofu.db && rm $GNUPGHOME/tofu.db
test -e $GNUPGHOME/tofu.d/email && rm -r $GNUPGHOME/tofu.d/email
test -e $GNUPGHOME/tofu.d/key && rm -r $GNUPGHOME/tofu.d/key
# This will fail if the directory is not empty.
test -e $GNUPGHOME/tofu.d && rmdir $GNUPGHOME/tofu.d
# Verify a message. There should be no conflict and the trust policy
# should be set to auto.
debug_exec $GPG --tofu-db-format=$format --trust-model=tofu \
--verify $srcdir/tofu-2183839A-1.txt
checkpolicy 2183839A auto
trust=$(gettrust 2183839A)
debug "default trust = $trust"
if test "x$trust" != xm
then
echo "Wrong default trust. Got: \`$trust', expected \`m'"
exit 1
fi
# Trust should be derived lazily. Thus, if the policy is set to auto
# and we change --tofu-default-policy, then the trust should change as
# well. Try it.
checktrust 2183839A f --tofu-default-policy=good
checktrust 2183839A - --tofu-default-policy=unknown
checktrust 2183839A n --tofu-default-policy=bad
# Change the policy to something other than auto and make sure the
# policy and the trust are correct.
for policy in good unknown bad
do
if test $policy = good
then
expected_trust='f'
elif test $policy = unknown
then
expected_trust='-'
else
expected_trust='n'
fi
debug
debug "Setting TOFU policy to $policy"
setpolicy 2183839A $policy
# Since we have a fixed policy, the trust level shouldn't
# change if we change the default policy.
for default_policy in auto good unknown bad ask
do
checkpolicy 2183839A $policy --tofu-default-policy=$default_policy
checktrust 2183839A $expected_trust \
--tofu-default-policy=$default_policy
done
done
# BC15C85A conflicts with 2183839A. On conflict, this will set
# BC15C85A to ask. If 2183839A is auto (it's not, it's bad), then
# it will be set to ask.
debug_exec $GPG --tofu-db-format=$format --trust-model=tofu \
--verify $srcdir/tofu-BC15C85A-1.txt
checkpolicy BC15C85A ask
checkpolicy 2183839A bad
# EE37CF96 conflicts with 2183839A and BC15C85A. We change
# BC15C85A's policy to auto and leave 2183839A's policy at bad.
# This conflict should cause BC15C85A's policy to be changed to
# ask (since it is auto), but not affect 2183839A's policy.
setpolicy BC15C85A auto
checkpolicy BC15C85A auto
debug_exec $GPG --tofu-db-format=$format --trust-model=tofu \
--verify $srcdir/tofu-EE37CF96-1.txt
checkpolicy BC15C85A ask
checkpolicy 2183839A bad
checkpolicy EE37CF96 ask
done
exit 0
Copy Permalink