tests: Add tests to check that OCB is only used for capable keys.

* tests/openpgp/samplekeys/ed25519-cv25519-sample-2.asc: New. * tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc: Add AEAD preference. * tests/openpgp/defs.scm (tr:gpgstatus): New. (create-legacy-gpghome): Also import .key private keys. * tests/openpgp/encrypt.scm: Add OCB tests.
2025-07-02 22:46:30 +02:00 · 2022-11-04 11:11:53 +01:00 · 2022-11-04 11:11:53 +01:00 · 1be272d04e
commit 1be272d04e
parent 82c4f26b67
8 changed files with 121 additions and 11 deletions
--- a/tests/openpgp/encrypt.scm
+++ b/tests/openpgp/encrypt.scm
@ -59,3 +59,68 @@
    (tr:gpg "" '(--yes --decrypt))
    (tr:assert-identity source)))
 plain-files)
+
+
+(info "Importing additional sample keys for OCB tests")
+(for-each
+  (lambda (name)
+    (call `(,@GPG --yes --import ,(in-srcdir "tests" "openpgp" "samplekeys"
+                                             (string-append  name ".asc")))))
+  '("ed25519-cv25519-sample-1"
+    "ed25519-cv25519-sample-2"
+    "rsa-rsa-sample-1"))
+
+(for-each-p
+ "Checking OCB mode"
+ (lambda (source)
+   (tr:do
+    (tr:open source)
+    (tr:gpg "" `(--yes -er ,"patrice.lumumba"))
+    (tr:gpg "" '(--yes -d))
+    (tr:assert-identity source)))
+ all-files)
+
+;; For reference:
+;;   BEGIN_ENCRYPTION  <mdc_method> <sym_algo> [<aead_algo>]
+
+(for-each-p
+ "Checking two OCB capable keys"
+ (lambda (source)
+   (tr:do
+    (tr:open source)
+    (tr:gpgstatus "" `(--yes -e
+                       -r ,"patrice.lumumba"
+                       -r ,"mahsa.amini"))
+    (tr:call-with-content
+     (lambda (c)
+       (unless (string-contains? c "[GNUPG:] BEGIN_ENCRYPTION 0 9 2")
+	  (fail (string-append "Unexpected status: " c)))))))
+ '("plain-1"))
+
+(for-each-p
+ "Checking two OCB capable keys plus one not capable"
+ (lambda (source)
+   (tr:do
+    (tr:open source)
+    (tr:gpgstatus "" `(--yes -o out -e
+                             -r ,"patrice.lumumba"
+                             -r ,"mahsa.amini"
+                             -r ,"steve.biko"))
+    (tr:call-with-content
+     (lambda (c)
+       (unless (string-contains? c "[GNUPG:] BEGIN_ENCRYPTION 2 9")
+          (fail (string-append "Unexpected status: " c)))))))
+ '("plain-1"))
+
+(for-each-p
+ "Checking non OCB capable key with --force-ocb"
+ (lambda (source)
+   (tr:do
+    (tr:open source)
+    (tr:gpgstatus "" `(--yes -e --force-ocb
+                       -r ,"steve.biko"))
+    (tr:call-with-content
+     (lambda (c)
+       (unless (string-contains? c "[GNUPG:] BEGIN_ENCRYPTION 0 9 2")
+	  (fail (string-append "Unexpected status: " c)))))))
+ '("plain-1"))