security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-11 22:01:08 +02:00
Code Activity

tests: Check the signature count in the TOFU TFS record.

Browse Source 
* tests/openpgp/tofu.scm: Check the signature count in the TOFU TFS
record.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
This commit is contained in:
Neal H. Walfield 2016-12-06 12:05:45 +01:00
parent d5b18d6c55
commit 17c717d7c9
1 changed files with 56 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
tests/openpgp/tofu.scm
View File

@ -164,6 +164,62 @@
(checkpolicy "1C005AF3" "bad") (checkpolicy "1C005AF3" "bad")
(checkpolicy "B662E42F" "ask") (checkpolicy "B662E42F" "ask")
;; Check that the stats are emitted correctly.
(display "Checking TOFU stats...\n")
(define (check-counts keyid expected-sigs expected-encs . args)
(let*
((tfs (assoc "tfs"
(gpg-with-colons
`(--trust-model=tofu --with-tofu-info
,@args --list-keys ,keyid))))
(sigs (string->number (list-ref tfs 3)))
(encs (string->number (list-ref tfs 4))))
(display tfs)
(unless (= sigs expected-sigs)
(error keyid ": # signatures (" sigs ") does not match expected"
"# signatures (" expected-sigs ").\n"))
(unless (= encs expected-encs)
(error keyid ": # encryptions (" encs ") does not match expected"
"# encryptions (" expected-encs ").\n"))
))
;; Carefully remove the TOFU db.
(catch '() (unlink (string-append GNUPGHOME "/tofu.db")))
(check-counts "1C005AF3" 0 0)
(check-counts "BE04EB2B" 0 0)
(check-counts "B662E42F" 0 0)
;; Verify a message. The signature count should increase by 1.
(call-check `(,@GPG --trust-model=tofu
--verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
(check-counts "1C005AF3" 1 0)
;; Verify the same message. The signature count should remain the
;; same.
(call-check `(,@GPG --trust-model=tofu
--verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
(check-counts "1C005AF3" 1 0)
;; Verify another message.
(call-check `(,@GPG --trust-model=tofu
--verify ,(in-srcdir "tofu/conflicting/1C005AF3-2.txt")))
(check-counts "1C005AF3" 2 0)
;; Verify another message.
(call-check `(,@GPG --trust-model=tofu
--verify ,(in-srcdir "tofu/conflicting/1C005AF3-3.txt")))
(check-counts "1C005AF3" 3 0)
;; Verify a message from a different sender. The signature count
;; should increase by 1 for that key.
(call-check `(,@GPG --trust-model=tofu
--verify ,(in-srcdir "tofu/conflicting/BE04EB2B-1.txt")))
(check-counts "1C005AF3" 3 0)
(check-counts "BE04EB2B" 1 0)
(check-counts "B662E42F" 0 0)
;; Check that we detect the following attack: ;; Check that we detect the following attack: