1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
gnupg/tests/openpgp/quick-key-manipulation.scm

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

231 lines
8.0 KiB
Scheme
Raw Normal View History

#!/usr/bin/env gpgscm
;; Copyright (C) 2016-2017 g10 Code GmbH
;;
;; This file is part of GnuPG.
;;
;; GnuPG is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation; either version 3 of the License, or
;; (at your option) any later version.
;;
;; GnuPG is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU General Public License for more details.
;;
;; You should have received a copy of the GNU General Public License
;; along with this program; if not, see <http://www.gnu.org/licenses/>.
(load (in-srcdir "tests" "openpgp" "defs.scm"))
(load (with-path "time.scm"))
tests: Move environment creation and teardown into each test. * tests/gpgscm/tests.scm (log): New function. * tests/openpgp/run-tests.scm (run-tests-parallel): Do not run the startup and teardown scripts. (run-tests-sequential): Likewise. * tests/openpgp/setup.scm: Move all functions... * tests/openpgp/defs.scm: ... here and make them less verbose. (setup-environment): New function. (setup-legacy-environment): Likewise. (start-agent): Make less verbose, run 'stop-agent' at interpreter exit. (stop-agent): Make less verbose. * tests/openpgp/finish.scm: Drop file. * tests/openpgp/Makefile.am (EXTRA_DIST): Drop removed file. * tests/openpgp/4gb-packet.scm: Use 'setup-environment' or 'setup-legacy-environment' as appropriate. * tests/openpgp/armdetach.scm: Likewise. * tests/openpgp/armdetachm.scm: Likewise. * tests/openpgp/armencrypt.scm: Likewise. * tests/openpgp/armencryptp.scm: Likewise. * tests/openpgp/armor.scm: Likewise. * tests/openpgp/armsignencrypt.scm: Likewise. * tests/openpgp/armsigs.scm: Likewise. * tests/openpgp/clearsig.scm: Likewise. * tests/openpgp/conventional-mdc.scm: Likewise. * tests/openpgp/conventional.scm: Likewise. * tests/openpgp/decrypt-dsa.scm: Likewise. * tests/openpgp/decrypt.scm: Likewise. * tests/openpgp/default-key.scm: Likewise. * tests/openpgp/detach.scm: Likewise. * tests/openpgp/detachm.scm: Likewise. * tests/openpgp/ecc.scm: Likewise. * tests/openpgp/encrypt-dsa.scm: Likewise. * tests/openpgp/encrypt.scm: Likewise. * tests/openpgp/encryptp.scm: Likewise. * tests/openpgp/export.scm: Likewise. * tests/openpgp/finish.scm: Likewise. * tests/openpgp/genkey1024.scm: Likewise. * tests/openpgp/gpgtar.scm: Likewise. * tests/openpgp/gpgv-forged-keyring.scm: Likewise. * tests/openpgp/import.scm: Likewise. * tests/openpgp/issue2015.scm: Likewise. * tests/openpgp/issue2417.scm: Likewise. * tests/openpgp/issue2419.scm: Likewise. * tests/openpgp/key-selection.scm: Likewise. * tests/openpgp/mds.scm: Likewise. * tests/openpgp/multisig.scm: Likewise. * tests/openpgp/quick-key-manipulation.scm: Likewise. * tests/openpgp/seat.scm: Likewise. * tests/openpgp/shell.scm: Likewise. * tests/openpgp/signencrypt-dsa.scm: Likewise. * tests/openpgp/signencrypt.scm: Likewise. * tests/openpgp/sigs-dsa.scm: Likewise. * tests/openpgp/sigs.scm: Likewise. * tests/openpgp/ssh.scm: Likewise. * tests/openpgp/tofu.scm: Likewise. * tests/openpgp/use-exact-key.scm: Likewise. * tests/openpgp/verify.scm: Likewise. * tests/openpgp/version.scm: Likewise. * tests/openpgp/issue2346.scm: Likewise and simplify. -- The previous Bourne Shell-based test suite created the environment before running all tests, and tore it down after executing them. When we created the Scheme-based test suite, we kept this design at first, but introduced a way to run each test in its own environment to prevent tests from interfering with each other. Nevertheless, every test started out with the same environment. Move the creation of the test environment into each test. This gives us finer control over the environment each test is run in. It also makes it possible to run each test by simply executing it using gpgscm without the use of the runner. Furthermore, it has the neat side-effect of speeding up the test suite if run in parallel. Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-07 16:21:21 +01:00
(setup-environment)
(define (exact id)
(string-append "=" id))
(define (count-uids-of-secret-key id)
(length (filter (lambda (x) (and (string=? "uid" (car x))
(not (string=? "r" (cadr x)))))
(gpg-with-colons
`(--with-fingerprint
--list-secret-keys ,(exact id))))))
(define alpha "Alpha <alpha@invalid.example.net>")
(define bravo "Bravo <bravo@invalid.example.net>")
(define bravohash "F75B1420CC5881F4005333379355CFF5873094DE")
(define charlie "Charlie <charlie@invalid.example.net>")
(define delta "Delta <delta@invalid.example.net>")
(define deltahash "359DC5EFF98B14A58AAA615C638E8BD0CEDA537B")
(define (key-data key)
(filter (lambda (x) (or (string=? (car x) "pub")
(string=? (car x) "sub")))
(gpg-with-colons `(-k ,key))))
(setenv "PINENTRY_USER_DATA" "test" #t)
(info "Checking quick key generation...")
(call-check `(,@GPG --quick-generate-key ,alpha))
(define keyinfo (gpg-with-colons `(-k ,(exact alpha))))
(define fpr (:fpr (assoc "fpr" keyinfo)))
(assert (= 1 (count-uids-of-secret-key alpha)))
(assert (not (equal? "" (:expire (assoc "pub" keyinfo)))))
(info "Checking that we can add a user ID...")
;; Make sure the key capabilities don't change when we add a user id.
;; (See bug #2697.)
(let ((pre (key-data (exact alpha)))
(result (call-check `(,@GPG --quick-add-uid ,(exact alpha) ,bravo)))
(post (key-data (exact alpha))))
(if (not (equal? pre post))
(begin
(display "Key capabilities changed when adding a user id:")
(newline)
(display " Pre: ")
(display pre)
(newline)
(display " Post: ")
(display post)
(newline)
(exit 1))))
(assert (= 2 (count-uids-of-secret-key alpha)))
(assert (= 2 (count-uids-of-secret-key bravo)))
(info "Checking that we can mark an user ID as primary.")
(call-check `(,@gpg --quick-set-primary-uid ,(exact alpha) ,alpha))
(info "Checking that we can mark a user ID as primary by its hash...")
(call-check `(,@gpg --quick-set-primary-uid ,(exact alpha) ,bravohash))
;; XXX I don't know how to verify this. The keylisting does not seem
;; to indicate the primary UID.
(info "Checking that we get an error making non-existent user ID the primary one.")
(catch '()
(call-check `(,@GPG --quick-set-primary-uid ,(exact alpha) ,charlie))
(error "Expected an error, but get none."))
(info "Checking that we can revoke a user ID...")
(call-check `(,@GPG --quick-revoke-uid ,(exact bravo) ,alpha))
(info "Checking that we can revoke a user ID by its hash...")
(call-check `(,@GPG --quick-add-uid ,(exact bravo) ,delta))
(call-check `(,@GPG --quick-revoke-uid ,(exact bravo) ,deltahash))
(info "Checking that we get an error revoking a non-existent user ID.")
(catch '()
(call-check `(,@GPG --quick-revoke-uid ,(exact bravo) ,charlie))
(error "Expected an error, but get none."))
(info "Checking that we get an error revoking the last valid user ID.")
(catch '()
(call-check `(,@GPG --quick-revoke-uid ,(exact bravo) ,bravo))
(error "Expected an error, but get none."))
(assert (= 1 (count-uids-of-secret-key bravo)))
(info "Checking that we can change the expiration time.")
(define (expiration-time id)
(:expire (assoc "pub" (gpg-with-colons `(-k ,id)))))
;; Remove the expiration date.
(call-check `(,@gpg --quick-set-expire ,fpr "0"))
(assert (equal? "" (expiration-time fpr)))
;; Make the key expire in one year.
(call-check `(,@gpg --quick-set-expire ,fpr "1y"))
(assert (time-matches? (+ (get-time) (years->seconds 1))
(string->number (expiration-time fpr))
(minutes->seconds 5)))
;;
;; Check --quick-addkey
;;
;; Get the subkeys.
(define (get-subkeys)
(filter (lambda (x) (equal? "sub" (car x)))
(gpg-with-colons `(-k ,fpr))))
;; This keeps track of the number of subkeys.
(define count (length (get-subkeys)))
(for-each-p
"Checking that we can add subkeys..."
(lambda (args check)
(set! count (+ 1 count))
(call-check `(,@gpg --quick-add-key ,fpr ,@args))
(let ((subkeys (get-subkeys)))
(assert (= count (length subkeys)))
(if check (check (last subkeys)))))
;; A bunch of arguments...
'(()
(- - -)
(default default never)
(rsa "sign auth encr" "seconds=600") ;; GPGME uses this
(rsa "auth,encr" "2") ;; "without a letter, days is assumed"
;; Sadly, the timestamp is truncated by the use of time_t on
;; systems where time_t is a signed 32 bit value.
(rsa "sign" "2038-01-01") ;; unix millennium
(rsa "sign" "20380101T115500") ;; unix millennium
;; Once fixed, we can use later timestamps:
;; (rsa "sign" "2105-01-01") ;; "last year GnuPG can represent is 2105"
;; (rsa "sign" "21050101T115500") ;; "last year GnuPG can represent is 2105"
(rsa sign "2d")
(rsa1024 sign "2w")
(rsa2048 encr "2m")
(rsa4096 sign,auth "2y")
(future-default))
;; ... with functions to check that the created key matches the
;; expectations (or #f for no tests).
(list
#f
#f
(lambda (subkey)
(assert (equal? "" (:expire subkey))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (string-contains? (:cap subkey) "s"))
(assert (string-contains? (:cap subkey) "a"))
(assert (string-contains? (:cap subkey) "e"))
(assert (time-matches? (+ (get-time) 600)
(string->number (:expire subkey))
(minutes->seconds 5))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (string-contains? (:cap subkey) "a"))
(assert (string-contains? (:cap subkey) "e"))
(assert (time-matches? (+ (get-time) (days->seconds 2))
(string->number (:expire subkey))
(minutes->seconds 5))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (string-contains? (:cap subkey) "s"))
(assert (time-matches? 2145960000 ;; UTC 2038-01-01 12:00:00
;; 4260254400 ;; UTC 2105-01-01 12:00:00
(string->number (:expire subkey))
;; GnuPG choses the middle of the day (local time)
;; when no hh:mm:ss is specified
(days->seconds 1))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (string-contains? (:cap subkey) "s"))
(assert (time-matches? 2145959700 ;; UTC 2038-01-01 11:55:00
;; 4260254100 ;; UTC 2105-01-01 11:55:00
(string->number (:expire subkey))
(minutes->seconds 5))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (string-contains? (:cap subkey) "s"))
(assert (time-matches? (+ (get-time) (days->seconds 2))
(string->number (:expire subkey))
(minutes->seconds 5))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (= 1024 (:length subkey)))
(assert (string-contains? (:cap subkey) "s"))
(assert (time-matches? (+ (get-time) (weeks->seconds 2))
(string->number (:expire subkey))
(minutes->seconds 5))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (= 2048 (:length subkey)))
(assert (string-contains? (:cap subkey) "e"))
(assert (time-matches? (+ (get-time) (months->seconds 2))
(string->number (:expire subkey))
(minutes->seconds 5))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (= 4096 (:length subkey)))
(assert (string-contains? (:cap subkey) "s"))
(assert (string-contains? (:cap subkey) "a"))
(assert (time-matches? (+ (get-time) (years->seconds 2))
(string->number (:expire subkey))
(minutes->seconds 5))))
#f))