security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

All tests work are again working

Browse Source
This commit is contained in:
Werner Koch 2010-10-14 16:34:31 +00:00
parent fd19a84c80
commit 764e88d4df
38 changed files with 508 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
agent/ChangeLog
View File

@ -1,3 +1,8 @@
2010-10-14 Werner Koch <wk@g10code.com>
* command.c (cmd_genkey): Add option --no-protection.
* genkey.c (agent_genkey): Add arg NO_PROTECTION.
2010-10-13 Werner Koch <wk@g10code.com> 2010-10-13 Werner Koch <wk@g10code.com>
* call-pinentry.c (agent_get_passphrase): Support the close_button. * call-pinentry.c (agent_get_passphrase): Support the close_button.

3
agent/agent.h
View File

@ -293,7 +293,8 @@ int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent);
gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
char **r_passphrase); char **r_passphrase);
int agent_genkey (ctrl_t ctrl, const char *cache_nonce, int agent_genkey (ctrl_t ctrl, const char *cache_nonce,
const char *keyparam, size_t keyparmlen, membuf_t *outbuf); const char *keyparam, size_t keyparmlen,
int no_protection, membuf_t *outbuf);
int agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey); int agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey);
/*-- protect.c --*/ /*-- protect.c --*/

9
agent/command.c
View File

@ -806,7 +806,7 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
static const char hlp_genkey[] = static const char hlp_genkey[] =
"GENKEY [<cache_nonce>]\n" "GENKEY [--no-protection] [<cache_nonce>]\n"
"\n" "\n"
"Generate a new key, store the secret part and return the public\n" "Generate a new key, store the secret part and return the public\n"
"part. Here is an example transaction:\n" "part. Here is an example transaction:\n"
@ -824,12 +824,16 @@ cmd_genkey (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
int rc; int rc;
int no_protection;
unsigned char *value; unsigned char *value;
size_t valuelen; size_t valuelen;
membuf_t outbuf; membuf_t outbuf;
char *cache_nonce = NULL; char *cache_nonce = NULL;
char *p; char *p;
no_protection = has_option (line, "--no-protection");
line = skip_options (line);
p = line; p = line;
for (p=line; *p && *p != ' ' && *p != '\t'; p++) for (p=line; *p && *p != ' ' && *p != '\t'; p++)
; ;
@ -844,7 +848,8 @@ cmd_genkey (assuan_context_t ctx, char *line)
init_membuf (&outbuf, 512); init_membuf (&outbuf, 512);
rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, &outbuf); rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, no_protection,
&outbuf);
xfree (value); xfree (value);
if (rc) if (rc)
clear_outbuf (&outbuf); clear_outbuf (&outbuf);

14
agent/genkey.c
View File

@ -352,10 +352,11 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
/* Generate a new keypair according to the parameters given in /* Generate a new keypair according to the parameters given in
KEYPARAM. If CACHE_NONCE is given first try to lookup a passphrase KEYPARAM. If CACHE_NONCE is given first try to lookup a passphrase
using the cache nonce. */ using the cache nonce. If NO_PROTECTION is true the key will not
be protected by a passphrase. */
int int
agent_genkey (ctrl_t ctrl, const char *cache_nonce, agent_genkey (ctrl_t ctrl, const char *cache_nonce,
const char *keyparam, size_t keyparamlen, const char *keyparam, size_t keyparamlen, int no_protection,
membuf_t *outbuf) membuf_t *outbuf)
{ {
gcry_sexp_t s_keyparam, s_key, s_private, s_public; gcry_sexp_t s_keyparam, s_key, s_private, s_public;
@ -372,8 +373,12 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce,
} }
/* Get the passphrase now, cause key generation may take a while. */ /* Get the passphrase now, cause key generation may take a while. */
passphrase = cache_nonce? agent_get_cache (cache_nonce, CACHE_MODE_NONCE):NULL; if (no_protection || !cache_nonce)
if (passphrase) passphrase = NULL;
else
passphrase = agent_get_cache (cache_nonce, CACHE_MODE_NONCE);
if (passphrase || no_protection)
rc = 0; rc = 0;
else else
rc = agent_ask_new_passphrase (ctrl, rc = agent_ask_new_passphrase (ctrl,
@ -425,6 +430,7 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce,
cache_nonce = bin2hex (tmpbuf, 12, NULL); cache_nonce = bin2hex (tmpbuf, 12, NULL);
} }
if (cache_nonce if (cache_nonce
&& !no_protection
&& !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE,
passphrase, 900 /*seconds*/)) passphrase, 900 /*seconds*/))
agent_write_status (ctrl, "CACHE_NONCE", cache_nonce, NULL); agent_write_status (ctrl, "CACHE_NONCE", cache_nonce, NULL);

13
doc/DETAILS
View File

@ -826,6 +826,19 @@ The format of this file is as follows:
entry code. This is a global option. entry code. This is a global option.
%no-ask-passphrase %no-ask-passphrase
Disable the ask-passphrase mode. Disable the ask-passphrase mode.
%no-protection
With GnuPG 2.1 it is not anymore possible to specify a
passphrase for unattended key generation. The passphrase
command is simply ignored and %ask-passpharse is thus
implicitly enabled. Using this option allows to the creation
of keys without any passphrases. This option is mainly
intended for regression tests.
%transient-key
If given the keys are created using a faster and a somewhat
less secure random number generator. This option may be used
for keys which are only used for a short time and do not
require full cryptographic strength. It takes only effect if
used together with the option no-protection.
o The order of the parameters does not matter except for "Key-Type" o The order of the parameters does not matter except for "Key-Type"
which must be the first parameter. The parameters are only for the which must be the first parameter. The parameters are only for the

14
doc/gpg-agent.texi
View File

@ -485,7 +485,7 @@ pinentry to pop up at the @code{tty} or display you started the agent.
@item --enable-ssh-support @item --enable-ssh-support
@opindex enable-ssh-support @opindex enable-ssh-support
Enable emulation of the OpenSSH Agent protocol. Enable the OpenSSH Agent protocol.
In this mode of operation, the agent does not only implement the In this mode of operation, the agent does not only implement the
gpg-agent protocol, but also the agent protocol used by OpenSSH gpg-agent protocol, but also the agent protocol used by OpenSSH
@ -512,10 +512,20 @@ has been started. To switch this display to the current one, the
following command may be used: following command may be used:
@smallexample @smallexample
echo UPDATESTARTUPTTY | gpg-connect-agent gpg-connect-agent updatestartuptty /bye
@end smallexample @end smallexample
Although all GnuPG components try to start the gpg-agent as needed, this
is not possible for the ssh support because ssh does not know about it.
Thus if no GnuPG tool which accesses the agent has been run, there is no
guarantee that ssh is abale to use gpg-agent for authentication. To fix
this you may start gpg-agent if needed using this simple command:
@smallexample
gpg-connect-agent /bye
@end smallexample
Adding the @option{--verbose} shows the progress of starting the agent.
@end table @end table

11
doc/tools.texi
View File

@ -296,6 +296,12 @@ List the global configuration file in a colon separated format. If
Run a syntax check on the global configuration file. If @var{filename} Run a syntax check on the global configuration file. If @var{filename}
is given, check that file instead. is given, check that file instead.
@item --reload [@var{component}]
@opindex reload
Reload all or the given component. This is basically the sam as sending
a SIGHUP to the component. Components which don't support reloading are
ignored.
@end table @end table
@ -1170,6 +1176,11 @@ Try to be as quiet as possible.
@include opt-homedir.texi @include opt-homedir.texi
@item --agent-program @var{file}
@opindex agent-program
Specify the agent program to be started if none is running.
@item -S @item -S
@itemx --raw-socket @var{name} @itemx --raw-socket @var{name}
@opindex S @opindex S

9
g10/ChangeLog
View File

@ -1,3 +1,12 @@
2010-10-14 Werner Koch <wk@g10code.com>
* call-agent.c (agent_genkey): Add arg NO_PROTECTION.
* keygen.c (do_create, gen_elg, gen_dsa, gen_rsa, common_gen): Add
arg KEYGEN_FLAGS.
(read_parameter_file): Add options no-protection and transient-key.
(KEYGEN_FLAG_NO_PROTECTION, KEYGEN_FLAG_TRANSIENT_KEY): New.
(gen_rsa, gen_dsa, gen_elg): Use transient-key.
2010-10-13 Werner Koch <wk@g10code.com> 2010-10-13 Werner Koch <wk@g10code.com>
* call-agent.c (start_agent): Send option agent-awareness. * call-agent.c (start_agent): Send option agent-awareness.

8
g10/call-agent.c
View File

@ -1517,10 +1517,11 @@ inq_genkey_parms (void *opaque, const char *line)
/* Call the agent to generate a new key. KEYPARMS is the usual /* Call the agent to generate a new key. KEYPARMS is the usual
S-expression giving the parameters of the key. gpg-agent passes it S-expression giving the parameters of the key. gpg-agent passes it
gcry_pk_genkey. */ gcry_pk_genkey. If NO_PROTECTION is true the agent is advised not
to protect the generated key. */
gpg_error_t gpg_error_t
agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, agent_genkey (ctrl_t ctrl, char **cache_nonce_addr,
const char *keyparms, gcry_sexp_t *r_pubkey) const char *keyparms, int no_protection, gcry_sexp_t *r_pubkey)
{ {
gpg_error_t err; gpg_error_t err;
struct genkey_parm_s gk_parm; struct genkey_parm_s gk_parm;
@ -1543,7 +1544,8 @@ agent_genkey (ctrl_t ctrl, char **cache_nonce_addr,
gk_parm.ctrl = ctrl; gk_parm.ctrl = ctrl;
gk_parm.ctx = agent_ctx; gk_parm.ctx = agent_ctx;
gk_parm.keyparms = keyparms; gk_parm.keyparms = keyparms;
snprintf (line, sizeof line, "GENKEY%s%s", snprintf (line, sizeof line, "GENKEY%s%s%s",
no_protection? " --no-protection":"",
cache_nonce_addr && *cache_nonce_addr? " ":"", cache_nonce_addr && *cache_nonce_addr? " ":"",
cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:""); cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:"");
err = assuan_transact (agent_ctx, line, err = assuan_transact (agent_ctx, line,

2
g10/call-agent.h
View File

@ -155,7 +155,7 @@ gpg_error_t agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip,
/* Generate a new key. */ /* Generate a new key. */
gpg_error_t agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, gpg_error_t agent_genkey (ctrl_t ctrl, char **cache_nonce_addr,
const char *keyparms, const char *keyparms, int no_protection,
gcry_sexp_t *r_pubkey); gcry_sexp_t *r_pubkey);
/* Create a signature. */ /* Create a signature. */

66
g10/keygen.c
View File

@ -49,6 +49,9 @@
#define DEFAULT_STD_ALGO GCRY_PK_RSA #define DEFAULT_STD_ALGO GCRY_PK_RSA
#define DEFAULT_STD_KEYSIZE 2048 #define DEFAULT_STD_KEYSIZE 2048
#define KEYGEN_FLAG_NO_PROTECTION 1
#define KEYGEN_FLAG_TRANSIENT_KEY 2
#define MAX_PREFS 30 #define MAX_PREFS 30
@ -99,6 +102,7 @@ struct output_control_s {
int lnr; int lnr;
int dryrun; int dryrun;
int ask_passphrase; int ask_passphrase;
unsigned int keygen_flags;
int use_files; int use_files;
struct { struct {
char *fname; char *fname;
@ -1137,14 +1141,15 @@ key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp,
static int static int
common_gen (const char *keyparms, int algo, const char *algoelem, common_gen (const char *keyparms, int algo, const char *algoelem,
kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey, kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey,
char **cache_nonce_addr) int keygen_flags, char **cache_nonce_addr)
{ {
int err; int err;
PACKET *pkt; PACKET *pkt;
PKT_public_key *pk; PKT_public_key *pk;
gcry_sexp_t s_key; gcry_sexp_t s_key;
err = agent_genkey (NULL, cache_nonce_addr, keyparms, &s_key); err = agent_genkey (NULL, cache_nonce_addr, keyparms,
!!(keygen_flags & KEYGEN_FLAG_NO_PROTECTION), &s_key);
if (err) if (err)
{ {
log_error ("agent_genkey failed: %s\n", gpg_strerror (err) ); log_error ("agent_genkey failed: %s\n", gpg_strerror (err) );
@ -1196,7 +1201,8 @@ common_gen (const char *keyparms, int algo, const char *algoelem,
*/ */
static int static int
gen_elg (int algo, unsigned int nbits, KBNODE pub_root, gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
u32 timestamp, u32 expireval, int is_subkey, char **cache_nonce_addr) u32 timestamp, u32 expireval, int is_subkey,
int keygen_flags, char **cache_nonce_addr)
{ {
int err; int err;
char *keyparms; char *keyparms;
@ -1216,18 +1222,23 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
log_info (_("keysize rounded up to %u bits\n"), nbits ); log_info (_("keysize rounded up to %u bits\n"), nbits );
} }
/* Note that we use transient-key only if no-protection has also
been enabled. */
snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits); snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits);
keyparms = xtryasprintf ("(genkey(%s(nbits %zu:%s)))", keyparms = xtryasprintf ("(genkey(%s(nbits %zu:%s)%s))",
algo == GCRY_PK_ELG_E ? "openpgp-elg" : algo == GCRY_PK_ELG_E ? "openpgp-elg" :
algo == GCRY_PK_ELG ? "elg" : "x-oops" , algo == GCRY_PK_ELG ? "elg" : "x-oops" ,
strlen (nbitsstr), nbitsstr); strlen (nbitsstr), nbitsstr,
((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
&& (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
"(transient-key)" : "" );
if (!keyparms) if (!keyparms)
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();
else else
{ {
err = common_gen (keyparms, algo, "pgy", err = common_gen (keyparms, algo, "pgy",
pub_root, timestamp, expireval, is_subkey, pub_root, timestamp, expireval, is_subkey,
cache_nonce_addr); keygen_flags, cache_nonce_addr);
xfree (keyparms); xfree (keyparms);
} }
@ -1240,7 +1251,8 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
*/ */
static gpg_error_t static gpg_error_t
gen_dsa (unsigned int nbits, KBNODE pub_root, gen_dsa (unsigned int nbits, KBNODE pub_root,
u32 timestamp, u32 expireval, int is_subkey, char **cache_nonce_addr) u32 timestamp, u32 expireval, int is_subkey,
int keygen_flags, char **cache_nonce_addr)
{ {
int err; int err;
unsigned int qbits; unsigned int qbits;
@ -1301,16 +1313,19 @@ gen_dsa (unsigned int nbits, KBNODE pub_root,
snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits); snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits);
snprintf (qbitsstr, sizeof qbitsstr, "%u", qbits); snprintf (qbitsstr, sizeof qbitsstr, "%u", qbits);
keyparms = xtryasprintf ("(genkey(dsa(nbits %zu:%s)(qbits %zu:%s)))", keyparms = xtryasprintf ("(genkey(dsa(nbits %zu:%s)(qbits %zu:%s)%s))",
strlen (nbitsstr), nbitsstr, strlen (nbitsstr), nbitsstr,
strlen (qbitsstr), qbitsstr); strlen (qbitsstr), qbitsstr,
((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
&& (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
"(transient-key)" : "" );
if (!keyparms) if (!keyparms)
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();
else else
{ {
err = common_gen (keyparms, PUBKEY_ALGO_DSA, "pqgy", err = common_gen (keyparms, PUBKEY_ALGO_DSA, "pqgy",
pub_root, timestamp, expireval, is_subkey, pub_root, timestamp, expireval, is_subkey,
cache_nonce_addr); keygen_flags, cache_nonce_addr);
xfree (keyparms); xfree (keyparms);
} }
@ -1323,7 +1338,8 @@ gen_dsa (unsigned int nbits, KBNODE pub_root,
*/ */
static int static int
gen_rsa (int algo, unsigned int nbits, KBNODE pub_root, gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
u32 timestamp, u32 expireval, int is_subkey, char **cache_nonce_addr) u32 timestamp, u32 expireval, int is_subkey,
int keygen_flags, char **cache_nonce_addr)
{ {
int err; int err;
char *keyparms; char *keyparms;
@ -1347,15 +1363,18 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
} }
snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits); snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits);
keyparms = xtryasprintf ("(genkey(rsa(nbits %zu:%s)))", keyparms = xtryasprintf ("(genkey(rsa(nbits %zu:%s)%s))",
strlen (nbitsstr), nbitsstr); strlen (nbitsstr), nbitsstr,
((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
&& (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
"(transient-key)" : "" );
if (!keyparms) if (!keyparms)
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();
else else
{ {
err = common_gen (keyparms, algo, "ne", err = common_gen (keyparms, algo, "ne",
pub_root, timestamp, expireval, is_subkey, pub_root, timestamp, expireval, is_subkey,
cache_nonce_addr); keygen_flags, cache_nonce_addr);
xfree (keyparms); xfree (keyparms);
} }
@ -2153,7 +2172,7 @@ do_ask_passphrase (STRING2KEY **ret_s2k, int mode, int *r_canceled)
static int static int
do_create (int algo, unsigned int nbits, KBNODE pub_root, do_create (int algo, unsigned int nbits, KBNODE pub_root,
u32 timestamp, u32 expiredate, int is_subkey, u32 timestamp, u32 expiredate, int is_subkey,
char **cache_nonce_addr) int keygen_flags, char **cache_nonce_addr)
{ {
gpg_error_t err; gpg_error_t err;
@ -2168,13 +2187,13 @@ do_create (int algo, unsigned int nbits, KBNODE pub_root,
if (algo == PUBKEY_ALGO_ELGAMAL_E) if (algo == PUBKEY_ALGO_ELGAMAL_E)
err = gen_elg (algo, nbits, pub_root, timestamp, expiredate, is_subkey, err = gen_elg (algo, nbits, pub_root, timestamp, expiredate, is_subkey,
cache_nonce_addr); keygen_flags, cache_nonce_addr);
else if (algo == PUBKEY_ALGO_DSA) else if (algo == PUBKEY_ALGO_DSA)
err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey, err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey,
cache_nonce_addr); keygen_flags, cache_nonce_addr);
else if (algo == PUBKEY_ALGO_RSA) else if (algo == PUBKEY_ALGO_RSA)
err = gen_rsa (algo, nbits, pub_root, timestamp, expiredate, is_subkey, err = gen_rsa (algo, nbits, pub_root, timestamp, expiredate, is_subkey,
cache_nonce_addr); keygen_flags, cache_nonce_addr);
else else
BUG(); BUG();
@ -2742,6 +2761,10 @@ read_parameter_file( const char *fname )
outctrl.ask_passphrase = 1; outctrl.ask_passphrase = 1;
else if( !ascii_strcasecmp( keyword, "%no-ask-passphrase" ) ) else if( !ascii_strcasecmp( keyword, "%no-ask-passphrase" ) )
outctrl.ask_passphrase = 0; outctrl.ask_passphrase = 0;
else if( !ascii_strcasecmp( keyword, "%no-protection" ) )
outctrl.keygen_flags |= KEYGEN_FLAG_NO_PROTECTION;
else if( !ascii_strcasecmp( keyword, "%transient-key" ) )
outctrl.keygen_flags |= KEYGEN_FLAG_TRANSIENT_KEY;
else if( !ascii_strcasecmp( keyword, "%commit" ) ) { else if( !ascii_strcasecmp( keyword, "%commit" ) ) {
outctrl.lnr = lnr; outctrl.lnr = lnr;
if (proc_parameter_file( para, fname, &outctrl, 0 )) if (proc_parameter_file( para, fname, &outctrl, 0 ))
@ -3242,7 +3265,8 @@ do_generate_keypair (struct para_data_s *para,
get_parameter_uint( para, pKEYLENGTH ), get_parameter_uint( para, pKEYLENGTH ),
pub_root, pub_root,
timestamp, timestamp,
get_parameter_u32( para, pKEYEXPIRE ), 0, &cache_nonce); get_parameter_u32( para, pKEYEXPIRE ), 0,
outctrl->keygen_flags, &cache_nonce);
else else
err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root, err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root,
&timestamp, &timestamp,
@ -3293,7 +3317,7 @@ do_generate_keypair (struct para_data_s *para,
pub_root, pub_root,
timestamp, timestamp,
get_parameter_u32 (para, pSUBKEYEXPIRE), 1, get_parameter_u32 (para, pSUBKEYEXPIRE), 1,
&cache_nonce); outctrl->keygen_flags, &cache_nonce);
/* Get the pointer to the generated public subkey packet. */ /* Get the pointer to the generated public subkey packet. */
if (!err) if (!err)
{ {
@ -3500,7 +3524,7 @@ generate_subkeypair (KBNODE keyblock)
goto leave; goto leave;
} }
err = do_create (algo, nbits, keyblock, cur_time, expire, 1, NULL); err = do_create (algo, nbits, keyblock, cur_time, expire, 1, 0, NULL);
if (err) if (err)
goto leave; goto leave;

21
tests/openpgp/ChangeLog
View File

@ -1,3 +1,24 @@
2010-10-14 Werner Koch <wk@g10code.com>
* genkey1024.test: Use the new no-protection option.
* decrypt-dsa.test: Do not specify an extra keyring. The keyring
has been loaded into pubring.gpg.
* sigs-dsa.test: Ditto.
* encrypt-dsa.test: Ditto.
* signencrypt-dsa.test: Ditto.
* decrypt.test: Remove passphrase stuff.
* sigs.test: Ditto.
* privkeys/: New.
* Makefile.am: Move most stuff to ...
* version.test: Prepare data files etc.
* finish.test: New.
* defs.inc: Set all envvars.
(usrname1, usrname2, username3): Use full mail address.
2010-06-07 Werner Koch <wk@g10code.com> 2010-06-07 Werner Koch <wk@g10code.com>
* Makefile.am (TESTS_ENVIRONMENT): New. Start all scripts under * Makefile.am (TESTS_ENVIRONMENT): New. Start all scripts under

89
tests/openpgp/Makefile.am
View File

@ -1,4 +1,6 @@
# Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc. # Makefile.am - For tests/openpgp
# Copyright (C) 1998, 1999, 2000, 2001, 2003,
# 2010 Free Software Foundation, Inc.
# #
# This file is part of GnuPG. # This file is part of GnuPG.
# #
@ -16,15 +18,15 @@
# along with this program; if not, see <http://www.gnu.org/licenses/>. # along with this program; if not, see <http://www.gnu.org/licenses/>.
# Process this file with automake to create Makefile.in # Process this file with automake to create Makefile.in
GPG_IMPORT = ../../g10/gpg2 --homedir $(abs_builddir) \
--quiet --yes --no-permission-warning --import
# Programs required before we can run these tests. # Programs required before we can run these tests.
required_pgms = ../../g10/gpg2 ../../agent/gpg-agent \ required_pgms = ../../g10/gpg2 ../../agent/gpg-agent \
../../tools/gpg-connect-agent ../../tools/gpg-connect-agent ../../tools/mk-tdata
TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C
# Note: version.test needs to be the first test to run and finish.test
# the last one
TESTS = version.test mds.test \ TESTS = version.test mds.test \
decrypt.test decrypt-dsa.test \ decrypt.test decrypt-dsa.test \
sigs.test sigs-dsa.test \ sigs.test sigs-dsa.test \
@ -36,7 +38,7 @@ TESTS = version.test mds.test \
armdetachm.test detachm.test genkey1024.test \ armdetachm.test detachm.test genkey1024.test \
conventional.test conventional-mdc.test \ conventional.test conventional-mdc.test \
multisig.test verify.test armor.test \ multisig.test verify.test armor.test \
import.test import.test finish.test
TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
@ -46,73 +48,34 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
bug537-test.data.asc bug894-test.asc \ bug537-test.data.asc bug894-test.asc \
bug1223-good.asc bug1223-bogus.asc bug1223-good.asc bug1223-bogus.asc
DATA_FILES = data-500 data-9000 data-32000 data-80000 plain-large data_files = data-500 data-9000 data-32000 data-80000 plain-large
priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \
privkeys/7E201E28B6FEB2927B321F443205F4724EBE637E.asc \
privkeys/13FDB8809B17C5547779F9D205C45F47CE0217CE.asc \
privkeys/343D8AF79796EE107D645A2787A9D9252F924E6F.asc \
privkeys/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.asc \
privkeys/0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc \
privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc \
privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc \
privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc
EXTRA_DIST = defs.inc $(TESTS) $(TEST_FILES) \ EXTRA_DIST = defs.inc $(TESTS) $(TEST_FILES) \
mkdemodirs signdemokey mkdemodirs signdemokey $(priv_keys)
CLEANFILES = prepared.stamp x y yy z out err $(DATA_FILES) \ CLEANFILES = prepared.stamp x y yy z out err $(data_files) \
plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \ plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \
*.test.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \ *.test.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \
pubring.gpg secring.gpg pubring.pkr secring.skr pubring.gpg secring.gpg pubring.pkr secring.skr \
gnupg-test.stop
DISTCLEANFILES = pubring.gpg~ random_seed DISTCLEANFILES = pubring.gpg~ random_seed
# We need to depend on a couple of programs so that the tests don't
all-local: prepared.stamp # start before all programs are built.
all-local: $(required_pgms)
distclean-local: distclean-local:
$(srcdir)/mkdemodirs --clean $(srcdir)/mkdemodirs --clean
prepared.stamp: ./pubring.gpg ./secring.gpg ./plain-1 ./plain-2 ./plain-3 \
./pubring.pkr ./secring.skr ./gpg_dearmor $(DATA_FILES)
$(GPG_IMPORT) $(srcdir)/pubdemo.asc
echo timestamp >./prepared.stamp
# We need to depend on a couple of programs so that the tests don't
# start before all programs are built.
./gpg_dearmor: $(required_pgms)
echo '#!/bin/sh' >./gpg_dearmor
echo "../../g10/gpg2 --no-options --no-greeting \
--no-secmem-warning --batch --dearmor" >>./gpg_dearmor
chmod 755 ./gpg_dearmor
./pubring.gpg: $(srcdir)/pubring.asc $(srcdir)/pubdemo.asc ./gpg_dearmor
./gpg_dearmor > ./pubring.gpg < $(srcdir)/pubring.asc
./secring.gpg: $(srcdir)/secring.asc ./gpg_dearmor
./gpg_dearmor > ./secring.gpg < $(srcdir)/secring.asc
./pubring.pkr: $(srcdir)/pubring.pkr.asc ./gpg_dearmor
./gpg_dearmor > ./pubring.pkr < $(srcdir)/pubring.pkr.asc
./secring.skr: $(srcdir)/secring.skr.asc ./gpg_dearmor
./gpg_dearmor > ./secring.skr < $(srcdir)/secring.skr.asc
./plain-1: $(srcdir)/plain-1o.asc ./gpg_dearmor
./gpg_dearmor > ./plain-1 < $(srcdir)/plain-1o.asc
./plain-2: $(srcdir)/plain-2o.asc ./gpg_dearmor
./gpg_dearmor > ./plain-2 < $(srcdir)/plain-2o.asc
./plain-3: $(srcdir)/plain-3o.asc ./gpg_dearmor
./gpg_dearmor > ./plain-3 < $(srcdir)/plain-3o.asc
data-500:
../../tools/mk-tdata 500 >data-500
data-9000:
../../tools/mk-tdata 9000 >data-9000
data-32000:
../../tools/mk-tdata 32000 >data-32000
data-80000:
../../tools/mk-tdata 80000 >data-80000
plain-large:
cat $(srcdir)/../../doc/HACKING \
$(srcdir)/../../doc/DETAILS \
$(srcdir)/../../doc/gpg.texi >plain-large
# To speed up key generation we create a dummy random seed file
random_seed:
../../tools/mk-tdata 600

2
tests/openpgp/decrypt-dsa.test
View File

@ -12,7 +12,7 @@
#info Checking decryption of supplied DSA encrypted file #info Checking decryption of supplied DSA encrypted file
for i in "plain-1" ; do for i in "plain-1" ; do
$GPG $dsa_keyrings -o y --yes $srcdir/$i-pgp.asc $GPG -o y --yes $srcdir/$i-pgp.asc
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done

2
tests/openpgp/decrypt.test
View File

@ -12,7 +12,7 @@
#info Checking decryption of supplied files #info Checking decryption of supplied files
for i in $plain_files ; do for i in $plain_files ; do
echo "$usrpass1" | $GPG --passphrase-fd 0 -o y --yes $srcdir/$i.asc $GPG -o y --yes $srcdir/$i.asc
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done

57
tests/openpgp/defs.inc
View File

@ -12,22 +12,21 @@
#------ constants --------------- #------ constants ---------------
#-------------------------------- #--------------------------------
# Note that usrpass1 is also used in Makefile.am usrname1="one@example.com"
usrname1="one"
usrpass1="def" usrpass1="def"
usrname2="two" usrname2="two@example.com"
usrpass2="" usrpass2=""
usrname3="three" usrname3="three@example.com"
usrpass3="" usrpass3=""
dsa_usrname1="pgp5" dsa_usrname1="pgp5"
# we use the sub key because we do not yet have the logic to # we use the sub key because we do not yet have the logic to to derive
# to derive the first encryption key from a keyblock (I guess) # the first encryption key from a keyblock (I guess) (Well of course
# we have this by now and the notation below will lookup the primary
# first and the search for the encryption subkey.)
dsa_usrname2="0xCB879DE9" dsa_usrname2="0xCB879DE9"
dsa_keyrings="--keyring ./pubring.pkr --secret-keyring ./secring.skr"
plain_files="plain-1 plain-2 plain-3" plain_files="plain-1 plain-2 plain-3"
data_files="data-500 data-9000 data-32000 data-80000" data_files="data-500 data-9000 data-32000 data-80000"
@ -50,6 +49,7 @@ defs_error_seen=no
fatal () { fatal () {
echo "$pgmname: fatal:" $* >&2 echo "$pgmname: fatal:" $* >&2
echo "$pgmname: fatal:" $* >&5 echo "$pgmname: fatal:" $* >&5
echo stop >gnupg-test.stop
exit 1; exit 1;
} }
@ -121,7 +121,7 @@ echo_n () {
#} #}
have_pubkey_algo () { have_pubkey_algo () {
if ../../g10/gpg2 --homedir . --version | grep "Pubkey:.*$1" >/dev/null if $GPG --version | grep "Pubkey:.*$1" >/dev/null
then then
true true
else else
@ -130,7 +130,7 @@ have_pubkey_algo () {
} }
have_cipher_algo () { have_cipher_algo () {
if ../../g10/gpg2 --homedir . --version | grep "Cipher:.*$1" >/dev/null if $GPG --version | grep "Cipher:.*$1" >/dev/null
then then
true true
else else
@ -139,7 +139,7 @@ have_cipher_algo () {
} }
have_hash_algo () { have_hash_algo () {
if ../../g10/gpg2 --homedir . --version | grep "Hash:.*$1" >/dev/null if $GPG --version | grep "Hash:.*$1" >/dev/null
then then
true true
else else
@ -148,11 +148,13 @@ have_hash_algo () {
} }
all_cipher_algos () { all_cipher_algos () {
../../g10/gpg2 --homedir . --with-colons --list-config ciphername | sed 's/^cfg:ciphername://; s/;/ /g' $GPG --with-colons --list-config ciphername \
| sed 's/^cfg:ciphername://; s/;/ /g'
} }
all_hash_algos () { all_hash_algos () {
../../g10/gpg2 --homedir . --with-colons --list-config digestname | sed 's/^cfg:digestname://; s/;/ /g' $GPG --with-colons --list-config digestname \
| sed 's/^cfg:digestname://; s/;/ /g'
} }
set -e set -e
@ -161,6 +163,16 @@ pgmname=`basename $0`
[ -z "$srcdir" ] && fatal "not called from make" [ -z "$srcdir" ] && fatal "not called from make"
#
if [ -f gnupg-test.stop ]; then
if [ $pgmname = "version.test" ]; then
rm gnupg-test.stop
else
# Skip the rest of the tests.
exit 77
fi
fi
# Always work in the current directory. We set GNUPGHOME only if it # Always work in the current directory. We set GNUPGHOME only if it
# has not been set already. Usually it is set through the Makefile's # has not been set already. Usually it is set through the Makefile's
# TESTS_ENVIRONMENT macro. # TESTS_ENVIRONMENT macro.
@ -172,21 +184,32 @@ elif [ "$GNUPGHOME" != `/bin/pwd` ]; then
exit 1 exit 1
fi fi
# We don't use GPG_AGENT_INFO anymore - better reset it.
unset GPG_AGENT_INFO
# (--no-permission-warning makes only sense on the commandline)
GPG="../../g10/gpg2 --no-permission-warning "
# (We may not use a relative name for gpg-agent.)
GPG_AGENT="$(cd ../../agent && /bin/pwd)/gpg-agent"
GPG_CONNECT_AGENT="../../tools/gpg-connect-agent"
GPGCONF="../../tools/gpgconf"
GPG_PRESET_PASSPHRASE="../../agent/gpg-preset-passphrase"
MKTDATA="../../tools/mk-tdata"
# Make sure we have a valid option files even with VPATH builds. # Make sure we have a valid option files even with VPATH builds.
for f in gpg.conf gpg-agent.conf ; do for f in gpg.conf gpg-agent.conf ; do
if [ -f ./$f ]; then if [ -f ./$f ]; then
: :
elif [ -f $srcdir/$f.tmpl ]; then elif [ -f $srcdir/$f.tmpl ]; then
cat $srcdir/$f.tmpl >$f cat $srcdir/$f.tmpl >$f
if [ "$f" = "gpg.conf" ]; then
echo "agent-program $GPG_AGENT" >>gpg.conf
fi
fi fi
done done
# (--no-permission-warning makes only sense on the commandline)
GPG="../../g10/gpg2 --no-permission-warning "
echo "Test: $pgmname" > ${pgmname}.log echo "Test: $pgmname" > ${pgmname}.log
echo "GNUPGHOME=$GNUPGHOME" >> ${pgmname}.log echo "GNUPGHOME=$GNUPGHOME" >> ${pgmname}.log
echo "GPG_AGENT_INFO=$GPG_AGENT_INFO" >> ${pgmname}.log
exec 5>&2 2>>${pgmname}.log exec 5>&2 2>>${pgmname}.log
: :

8
tests/openpgp/encrypt-dsa.test
View File

@ -12,17 +12,17 @@
#info Checking encryption #info Checking encryption
for i in $plain_files $data_files ; do for i in $plain_files $data_files ; do
$GPG $dsa_keyrings --always-trust -e -o x --yes -r "$dsa_usrname2" $i $GPG --always-trust -e -o x --yes -r "$dsa_usrname2" $i
$GPG $dsa_keyrings -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done
for ca in `all_cipher_algos` ; do for ca in `all_cipher_algos` ; do
echo_n "$ca " echo_n "$ca "
for i in $plain_files $data_files ; do for i in $plain_files $data_files ; do
$GPG $dsa_keyrings --always-trust --cipher-algo $ca -e \ $GPG --always-trust --cipher-algo $ca -e \
-o x --yes -r "$dsa_usrname2" $i -o x --yes -r "$dsa_usrname2" $i
$GPG $dsa_keyrings -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done
done done

17
tests/openpgp/finish.test Executable file
View File

@ -0,0 +1,17 @@
#!/bin/sh
# Copyright 2010 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3
if $GPG_AGENT --quiet; then
$GPG_CONNECT_AGENT killagent /bye >/dev/null
fi
exit 0

13
tests/openpgp/genkey1024.test
View File

@ -10,10 +10,7 @@
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3
# FIXME: Skip this test for now $GPG --quiet --batch --gen-key <<EOF
exit 77
$GPG --quiet --batch --debug-quick-random --gen-key <<EOF
Key-Type: DSA Key-Type: DSA
Key-Length: 1024 Key-Length: 1024
Subkey-Type: ELG Subkey-Type: ELG
@ -22,12 +19,13 @@ Name-Real: Harry H.
Name-Comment: test key Name-Comment: test key
Name-Email: hh@@ddorf.de Name-Email: hh@@ddorf.de
Expire-Date: 1 Expire-Date: 1
Passphrase: abc %no-protection
%transient-key
%commit %commit
EOF EOF
if have_pubkey_algo "RSA"; then if have_pubkey_algo "RSA"; then
$GPG --quiet --batch --debug-quick-random --gen-key <<EOF $GPG --quiet --batch --gen-key <<EOF
Key-Type: RSA Key-Type: RSA
Key-Length: 1024 Key-Length: 1024
Key-Usage: sign,encrypt Key-Usage: sign,encrypt
@ -35,7 +33,8 @@ Name-Real: Harry A.
Name-Comment: RSA test key Name-Comment: RSA test key
Name-Email: hh@@ddorf.de Name-Email: hh@@ddorf.de
Expire-Date: 2 Expire-Date: 2
Passphrase: abc %no-protection
%transient-key
%commit %commit
EOF EOF
fi fi

6
tests/openpgp/gpg-agent.conf.tmpl
View File

@ -1,3 +1,7 @@
use-standard-socket use-standard-socket
allow-preset-passphrase
no-grab
log-file socket:///home/wk/b/gnupg/tests/openpgp/S.log
debug 1024
verbose

2
tests/openpgp/mkdemodirs
View File

@ -4,7 +4,7 @@ set -e
# We need to use --no-options so that a gpg.conf from an older version # We need to use --no-options so that a gpg.conf from an older version
# of gpg is not used. # of gpg is not used.
GPG="../g10/gpg2 --no-options --batch --quiet GPG="../../g10/gpg2 --no-options --batch --quiet
--no-secmem-warning --allow-secret-key-import" --no-secmem-warning --allow-secret-key-import"
NAMES='Alpha Bravo Charlie Delta Echo Foxtrot Golf Hotel India NAMES='Alpha Bravo Charlie Delta Echo Foxtrot Golf Hotel India

4
tests/openpgp/multisig.test
View File

@ -132,7 +132,7 @@ cnksIEkgY2FuJ3QgZG8gdGhhdAo=
for i in sig_sl_valid ; do for i in sig_sl_valid ; do
eval "(IFS=; echo \"\$$i\")" | ./gpg_dearmor >x eval "(IFS=; echo \"\$$i\")" | $GPG --dearmor >x
$GPG --verify x 2>/dev/null || error "valid is invalid ($i)" $GPG --verify x 2>/dev/null || error "valid is invalid ($i)"
linefeed linefeed
done done
@ -145,7 +145,7 @@ done
for i in sig_1ls1ls_valid sig_ls_valid \ for i in sig_1ls1ls_valid sig_ls_valid \
sig_1lsls_invalid sig_lsls_invalid \ sig_1lsls_invalid sig_lsls_invalid \
sig_lss_invalid sig_slsl_invalid ; do sig_lss_invalid sig_slsl_invalid ; do
eval "(IFS=; echo \"\$$i\")" | ./gpg_dearmor >x eval "(IFS=; echo \"\$$i\")" | $GPG --dearmor >x
$GPG --verify <x 2>/dev/null && error "invalid is valid ($i)" $GPG --verify <x 2>/dev/null && error "invalid is valid ($i)"
linefeed linefeed
done done

12
tests/openpgp/privkeys/0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc Normal file
View File

@ -0,0 +1,12 @@
-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Use "gpg --dearmor" for unpacking
KDExOnByaXZhdGUta2V5KDM6ZWxnKDE6cDk3OgD/BWuU2w+pPFZltSIytQ3wyNMV
HbFSG5PDdx29GCJU9RP+rWXX4jcKmilUHH9e4CSDmwcHzTNzqlmDrnZgVXd0uhNx
5LuuJ1vmTbewdraFkYJ5OjoB3Eg7LneCII8M/0UpKDE6ZzE6AikoMTp5OTY6Toef
zlcVKiPuobKfXHDhIUQPTfGic2Az47wkMoYHo9j9ZE7AWaliMdPz4jLyLfqqoU9m
H8g+vJhyAc7UnAF2Sk5466FDypdPm5F9PTW3cqqIwJM4WgkSlM8J2hxH4YtlKSgx
OngyOTob6nEVc0W4M+ZyrqMvp26DaKRnuFwcsDLsN11JLykpKQ==
=Ghie
-----END PGP ARMORED FILE-----

17
tests/openpgp/privkeys/13FDB8809B17C5547779F9D205C45F47CE0217CE.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Use "gpg --dearmor" for unpacking
KDExOnByaXZhdGUta2V5KDM6cnNhKDE6bjEyOToAqFJWduzk11/m0Ac/K/mab0kz
zr3UUor1bkxh4vcxJHOTZF3a9Y6t1WUpwlOXeCNkY98tRYUg6A40wFgkKz/4jdOa
iDtHW2bOqrvJmJ/wH/5zdmDpthu53JEgXUKP/+j2dfrvYTZYxy2m11DA68QK9iPS
BmksglFMQE2IJatwEAEpKDE6ZTI6AQEpKDE6ZDEyODoAvKABRIX7dtUOm2y6VyGs
ESE5D4YI1AhL0EWodt84EPEUvC1o61UuYbAe28JIHwjIKDLgDiedZ6hTBV3K5cI1
aFHL421hDE0qtD+mVZhcRGnR2RHhr9gX6qX+4P8mV0w1nhdShwUhlFO1GuwQ2/dW
KwYdXGbDW7P58LIiudGWuSkoMTpwNjU6AMM8WAY5lr1ZdSqr39rNqntLZqoXVO4N
ibd5Tw3o/3JMVJ/xEqMykrude87nlPCAJMPlX9gjP1B57UmRxN8mGNkpKDE6cTY1
OgDctZRfAPGvQ4vUwxG4uso9nbCtFlGYZTQgMPHfMFflUyxH9Y0zA8ujyKKYFPYX
t7Pe6Y+qqu6BG0mPqvIXe3dpKSgxOnU2NDop+y32myNaSakGsQ732PgarqitgefN
3h9Kec4kS/j85t1esYEbC9XlFluVcIUDaQHdKFpijCl6eC2oFXOkPRwJKSkp
=nyLM
-----END PGP ARMORED FILE-----

17
tests/openpgp/privkeys/343D8AF79796EE107D645A2787A9D9252F924E6F.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Use "gpg --dearmor" for unpacking
KDExOnByaXZhdGUta2V5KDM6ZHNhKDE6cDEyOToArHGqWD0rP0Nn/c3nYELTD4m1
gqR7f2+l1ZUMdHcweYwn/fVjaJKmbR+9GzeHWP398FWYs5mCU1DIfrZLF0nJnAJ6
WRnN9TL+oub1BqqLvCmDSngRuZZ2gUX8DVmD8xTsPnDnG74QDUnvtnpDIAs32sg5
dnusstrriXD8xXgt0g8pKDE6cTIxOgC449htJbbp5rkJHvBDs4YxEIkk5ykoMTpn
MTI4Ol+ITxpSMOT5R67Bu4XWoYU7nVeYURpb6LJ8LK2CV7ygECwFdRFdukiGFB+a
TP8nF6xtuXalaBuerkKp4QXVKqOIkp7MWN2TAOOg9eERHPT//whryf49meNYMPLv
KAe60udHY76Glm+Zso+24WnEwXX2od1PHVV3CItWRb7YmhgGKSgxOnkxMjg6AgXt
40h2lpiIHTjbu6fiCBzbr5j2eQX3cNoydkRphJ66bqD+DsPW/Ag0WBCQxgRaLgMr
db64fQT+fyjbTBLbC8ytt5hpCbm/q5x3TTXDAUNjoB3CnA/tQItBy7qqq/A0d3FZ
grr6AixK58uZ4wauy8LRZCph67UZ8akcgwJkmVkpKDE6eDIwOn/Y1rjZASGMK9IG
b1y/ZDKT0zkTKSkp
=muRa
-----END PGP ARMORED FILE-----

21
tests/openpgp/privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Use "gpg --dearmor" for unpacking
KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOmRzYSgxOnAxMjk6AL8pJ97q5V8O
ADcGsak0uFXFP/K3BcykEjykR1OJjSNaditv9i7zC0J5n0YC7H9kD+1537ul2Jsd
d9fk/MN+BRNnCsglrns5SlbAjzvwDNnE2ydW/Ug/q58bIRIowTg9RA7mF4qHABvS
BDAXACtLe/ih5isSWOEnv2Sm3fX0kQATKSgxOnEyMToA+hTknylYwYGT/PEVQ4Jl
LPoWmqUpKDE6ZzEyOToAmfUdfU53m3Kgrg4QAzkb7AfPdIGPgUyidk1azUi3Tcko
egzm6VDYWARaYFUg9MpIOb+NBc9gCnPkOnGmgZhtMJoSjrN8TfYATOhcOYYBkT3R
eGr/BwQ34lwekfK0AD+f6FhpHexh6BDnaZYxH691330o7RXSMtFxySAEDtnaOUUp
KDE6eTEyODp8cyy2nYt0QI5Tf+t/d4WBeib2yNWVtZH/j7XpDqHLZDgVAYkazCA6
ZF7BvLddBEqVAh1X5tqua4AXX9L4SGYb7B0LRV72alhYiWWHez126KjVgwRTUxtE
J4EnHmYJRReLlXosPIRhXSz7HFAqalPXJ0DvC9kzTQnnjPOylyMPTSkoOTpwcm90
ZWN0ZWQyNTpvcGVucGdwLXMyazMtc2hhMS1hZXMtY2JjKCg0OnNoYTE4OnBnEA/u
YyreNzo0OTMzNjMyKTE2OtXuvrOxsl1/bOm+6zBEQZ0pODA6XEPa+d4D7F2jof/+
sJvtf22PzAgN/qZ93eIKlJaHxQFQeOyLrghCAUyZLIBzR8dlNBG+uWhg7DBJMVnR
MhH24nqzdivp+SxlMO0XdnkmkBspKDEyOnByb3RlY3RlZC1hdDE1OjIwMTAxMDE0
VDEyMDgxMSkpKQ==
=ZfqD
-----END PGP ARMORED FILE-----

21
tests/openpgp/privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Use "gpg --dearmor" for unpacking
KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOmRzYSgxOnAxMjk6ALZlsUNfTCYk
jzIsNhB0iJl4C4cuZ/IeypdosZQxm1aIC+f+E2ly3BqGbMqbmheKcdS9SQs5DSzy
s6W7XmeHDhrNzfStM/UuwiSfnM5E2cV2BgLpErKE56Kb/rf7/Ia12dObj2VV9oKr
CwSYEISRdp5YMar6J7Vvz0nz1Pqf8mq7KSgxOnEyMToAoQkjVeVGG+B/SzJ6+yif
dHWQVkcpKDE6ZzEyODoVw8i11+Plhxj9mnredV5SqI1hsLGZnPSzz2IcFP0XFDu3
HtUEG9FxZVFRQYWNCUKTP7cv5DYvmhlhc4oG0PhwFmZFLwPPlSAFZ3jfqfkh4RiM
i01yqQGE6uOgML5ZWeQqb39Ngqf/ltWlcgNKpwVjMniMV5kfRzoupccZ+XI2oyko
MTp5MTI4OlVm585daoJeQG/Pg7LdDkVuNBDT/63LysOfw5NqI+LjUXJScSLos76r
IFLT0WOdmP74+RxFxdb31I3GYQlFjsy40e3nAi8QfaM0Q4n2WzPNkUENu7CyNccr
fn6U9sYTLr3EI/bqIRp/KwoptFcmETUL62TxKcr4abrayK+Yr/lqKSg5OnByb3Rl
Y3RlZDI1Om9wZW5wZ3AtczJrMy1zaGExLWFlcy1jYmMoKDQ6c2hhMTg6ndF2xFqT
19k3OjUyNDI4ODApMTY6QB3EeZz7Zs2uIRmjRj/ocyk4MDoN3zs2+IgNNxe0pZQ9
XzwAAgAA0MhK4ypYOdDc2fvfvCsjrhQyUW5ZQVVxFmf7hgY6YZzAlldXF9bD9DMC
JtcJmap6Xk5D7VClxR97yHK+ASkoMTI6cHJvdGVjdGVkLWF0MTU6MjAxMDEwMTRU
MTU0MzUyKSkp
=8r3/
-----END PGP ARMORED FILE-----

18
tests/openpgp/privkeys/7E201E28B6FEB2927B321F443205F4724EBE637E.asc Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Use "gpg --dearmor" for unpacking
KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOmVsZygxOnAxMjk6AOgCS1p47zcd
ec0UvVC0phewalHUU6f7mulWr0j0ZY1RU0IOP18HAeT7INcwPcUaUvC9KYenXmYb
vO1i7sNNUCOsKUamwg+oSNMcbM3AwNwxlggTyJS1N6WzIX7MjRLUlUqtbLRhPDGl
Cltt6yeAjS0pZT646TANaBDiRIgk94ADKSgxOmcxOgUpKDE6eTEyODpGh2X1Sy+4
Ip/RtMJDPZOY+Y6sWUN7OiM2BkdUmCLOmaOVfgrsEevKdSBBj0oVWN81U02i7jQz
hhAI3tZMFJmP/hlF7AlS5HSaLj2+t1nHAKKy70QhskINR41CCv9sHAc5gN1WrY5N
DpeI12GmqsWMPQVPUHsTTe0QsT6XbHzvCykoOTpwcm90ZWN0ZWQyNTpvcGVucGdw
LXMyazMtc2hhMS1hZXMtY2JjKCg0OnNoYTE4Or78V63MKf6HNzo0OTMzNjMyKTE2
OkxDOAnTGrRgVCyb5u0UbCYpOTY6tghO175Vpfia/wJGrOUT0hgS3Es/EaEHv+bn
jYBeErvROJrKtUboxoGox/Qa2xxpFFhFWtR3IX6rjmqS1a5RhwEmYxFb/IzVESuZ
Kf00wS+lmJuR14ACnuAOfVF6OQP5KSgxMjpwcm90ZWN0ZWQtYXQxNToyMDEwMTAx
NFQxMjA4MTIpKSk=
=a0Os
-----END PGP ARMORED FILE-----

14
tests/openpgp/privkeys/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.asc Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Use "gpg --dearmor" for unpacking
KDExOnByaXZhdGUta2V5KDM6ZWxnKDE6cDEyOToAzNix+drHTYCMxS8NiUZNpVTG
nWfzMjxCqVyZYt9CEm7A4JcfSbgRUppqKunwreuDmmNGFc1W+lT1oLfvJaDi/oQ/
oubgIcq0EZ5gOUydaj961PV3ltNmaaUSZsJ6jRxaa0FB1cgx6EVB88gR6JB4mAM4
KV+Ct/f9QzPv2TMS8qspKDE6ZzE6BikoMTp5MTI4OjdzptnsiJ124yTW5ewhvUVp
mDGuT9CuA3ggW65bjOhfravX5rfHMCXLPXMNXFgpA012vghVwun/ekkj7/rxapZm
lE28YpSDj8Pwn/lkqNAjy466My+wUeoCgg7mEg/75is2ogKzx1L52nay7BGmfS41
5m7BBjWHsiUA6KRtFXt1KSgxOngzMTppFcbO0lgUP4k3sTNfSIfwBCt8YwBTmPk5
a7hTI4y2KSkp
=miH9
-----END PGP ARMORED FILE-----

20
tests/openpgp/privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Use "gpg --dearmor" for unpacking
KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOmVsZygxOnAxMjk6AJyN1x9X9Lsj
fX2Z8O9s7BzMO9OoOxFtvZw+FA0BuDs0WVYkq1GuZ9/XiO0K30zvtZnlb7NMvBfz
7xbLeYx+vKzy5xkq18+LE5dU+HKKdRQZKrrwgCsDy8tJRO447QsiLTksCDqPMaE3
2OCRBF5nKrG5vih7/cmEhf2CuAn+2yM3KSgxOmcxOgcpKDE6eTEyODoZ5eYysaLn
AwPeqQ9vNvUyrCxUEmrvl4svG7zkkg3ZcgAbDpDQUmnijt3gEBCoAzO3c41TU5wJ
aUNBEPGPWfKcTlmBEGJWjK50QQuA2diGncxIS5SDs+QVaf434a6/KFVQcCmV7K8/
T2S8/nuGJ/rIlFL5XovW6A/S9mYEjh2pDykoOTpwcm90ZWN0ZWQyNTpvcGVucGdw
LXMyazMtc2hhMS1hZXMtY2JjKCg0OnNoYTE4OkuRjUFO6YIJNzo0NjYwMjI0KTE2
Or7L9Ekww4C0lZz3g61PzJEpMTkyOk7ezAcv7simMXQw+afvqUlhdoyVM4QQuhj8
KzqjNP3IC2fSHoFECWxGfC1fNcuqzRnzs98TqAy5BDnNXSW+e+CpenWtLpID/dvb
azkeATfhMf/2KMd2Mahi6rnQ6IBnxhq1d5jLhYg00Ba1HbojEYOkCPKQlFV01bQw
mUsyQ7sMr42JvdFTI4lDmQlHfqoexpFpLCDv4eUKjvG/K7xs0uLiF4vyMLVH5H/k
6EF9HEP9sUF+aTDJXrrfHOUG1LR6/CkoMTI6cHJvdGVjdGVkLWF0MTU6MjAxMDEw
MTRUMTUzNTM4KSkp
=soiR
-----END PGP ARMORED FILE-----

15
tests/openpgp/privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Use "gpg --dearmor" for unpacking
KDExOnByaXZhdGUta2V5KDM6ZHNhKDE6cDk3OgDbbxWAbWsheUJprK6VryMTpwDi
YwMfL+92nrHqSfPqlpMWgDTia8qnpRSXbyEmSppp/6/Ygp+N3n32Kznq7PjHXiuW
LlZGvZMtzmvaMA17y0GY6oLBxS7rhASXIKa9hEUpKDE6cTIxOgD/igRZcqjTHbCv
I/mTtAPK5yJhqykoMTpnOTc6ALV10OZ7mJkWRMRYeGu1T3uwS7YYORJAHwd1fwKh
Fys7P8HZaWIXqp8EqFxk8VUEiEo3ONN9jtIRgBmTbNywKbx6WfBItoYTPEoU0UGo
oM1c/5rfmylyqwdIbMNXDhW4oykoMTp5OTc6AJNnAP6skpHlhVAmecLZT9eRzVoO
q1ivUIntK2Mh47qsL74q6BBwz2sviPU2Y3pDlbb6Ed0qJAXvdCT24hlfoGoXzkoD
InkPJTJeL0gCnwmQPjvXFFd71Cvg5LaL4lIQLSkoMTp4MjA6cZuCxaj7sT+FZqTO
y2lNfMjaQMgpKSk=
=s5nv
-----END PGP ARMORED FILE-----

2
tests/openpgp/seat.test
View File

@ -12,7 +12,7 @@
for i in $plain_files ; do for i in $plain_files ; do
echo "$usrpass1" | $GPG --passphrase-fd 0 --always-trust -seat \ echo "$usrpass1" | $GPG --passphrase-fd 0 --always-trust -seat \
-r two -o x --yes $i -r two@example.com -o x --yes $i
$GPG -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done

8
tests/openpgp/signencrypt-dsa.test
View File

@ -12,17 +12,17 @@
#info Checking signing and encryption for DSA #info Checking signing and encryption for DSA
for i in $plain_files $data_files ; do for i in $plain_files $data_files ; do
$GPG $dsa_keyrings --always-trust -se -o x --yes \ $GPG --always-trust -se -o x --yes \
-u "$dsa_usrname1" -r "$dsa_usrname2" $i -u "$dsa_usrname1" -r "$dsa_usrname2" $i
$GPG $dsa_keyrings -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done
for da in ripemd160 sha1; do for da in ripemd160 sha1; do
for i in $plain_files; do for i in $plain_files; do
$GPG $dsa_keyrings --always-trust -se -o x --yes --digest-algo $da \ $GPG --always-trust -se -o x --yes --digest-algo $da \
-u "$dsa_usrname1" -r "$dsa_usrname2" $i -u "$dsa_usrname1" -r "$dsa_usrname2" $i
$GPG $dsa_keyrings -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
# process only the first one # process only the first one
break break

9
tests/openpgp/sigs-dsa.test
View File

@ -12,16 +12,15 @@
#info Checking DSA signatures (default digest algo) #info Checking DSA signatures (default digest algo)
for i in $plain_files $data_files; do for i in $plain_files $data_files; do
$GPG $dsa_keyrings -s -o x --yes -u $dsa_usrname1 $i $GPG -s -o x --yes -u $dsa_usrname1 $i
$GPG $dsa_keyrings -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done
for da in ripemd160 sha1; do for da in ripemd160 sha1; do
for i in $plain_files; do for i in $plain_files; do
$GPG $dsa_keyrings --digest-algo $da \ $GPG --digest-algo $da -s -o x --yes -u $dsa_usrname1 $i
-s -o x --yes -u $dsa_usrname1 $i $GPG -o y --yes x
$GPG $dsa_keyrings -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
# process only the first one # process only the first one
break break

2
tests/openpgp/sigs.test
View File

@ -11,7 +11,7 @@
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3
for i in $plain_files $data_files; do for i in $plain_files $data_files; do
echo "$usrpass1" | $GPG --passphrase-fd 0 -s -o x --yes $i $GPG -s -o x --yes $i
$GPG -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done

93
tests/openpgp/version.test
View File

@ -10,8 +10,97 @@
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3
# print the GPG version # This is the first test run by "make check". First kill a possible
# gpg-agent process from a previous test run.
if $GPG_AGENT --quiet; then
echo "$pgmname: killing leftover gpg-agent process" >&2
$GPG_CONNECT_AGENT killagent /bye >/dev/null
sleep 2
fi
info "Deleting old files"
if [ -f Makefile -a -f $srcdir/decrypt-dsa.test ]; then
:
else
fatal "not running in the test directory"
exit 1
fi
if [ -d private-keys-v1.d ]; then
rm private-keys-v1.d/* 2>/dev/null || true
rmdir private-keys-v1.d
fi
for i in pubring.gpg pubring.gpg~ trustdb.gpg trustdb.gpg~ ; do
[ -d "$i" ] && rm "$i"
done
# Now start the agent right away, so that there is only one place
# where starting the agent may fail. To speed up key generation we
# create a faked random seed file. Note that we need to set the
# agent-program so that gpg-connect-agent is able to start the agent
# we are currently testing and not an already installed one.
info "Starting the agent"
$MKTDATA 600 >random_seed
if $GPG_CONNECT_AGENT -v --agent-program="$GPG_AGENT" /bye; then
:
else
error "starting the gpg-agent failed"
exit 1
fi
info "Creating sample data files"
for i in 500 9000 32000 80000; do
$MKTDATA $i >data-$i
done
cat $srcdir/../../doc/HACKING \
$srcdir/../../doc/DETAILS \
$srcdir/../../doc/gpg.texi >plain-large
info "Unpacking samples"
$GPG --dearmor < $srcdir/plain-1o.asc > ./plain-1
$GPG --dearmor < $srcdir/plain-2o.asc > ./plain-2
$GPG --dearmor < $srcdir/plain-3o.asc > ./plain-3
info "Storing private keys"
for i in 50B2D4FA4122C212611048BC5FC31BD44393626E \
7E201E28B6FEB2927B321F443205F4724EBE637E \
13FDB8809B17C5547779F9D205C45F47CE0217CE \
343D8AF79796EE107D645A2787A9D9252F924E6F \
8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34 \
0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255 \
FD692BD59D6640A84C8422573D469F84F3B98E53 \
76F7E2B35832976B50A27A282D9B87E44577EB66 \
A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD ; do
$GPG --dearmor < $srcdir/privkeys/$i.asc > private-keys-v1.d/$i.key
done
info "Importing public demo and test keys"
$GPG --yes --import $srcdir/pubdemo.asc $srcdir/pubring.asc
$GPG --dearmor < $srcdir/pubring.pkr.asc | $GPG --yes --import
info "Preset passphrases"
# one@example.com
$GPG_PRESET_PASSPHRASE --preset -P def 50B2D4FA4122C212611048BC5FC31BD44393626E
$GPG_PRESET_PASSPHRASE --preset -P def 7E201E28B6FEB2927B321F443205F4724EBE637E
# alpha@example.net
$GPG_PRESET_PASSPHRASE --preset -P abc 76F7E2B35832976B50A27A282D9B87E44577EB66
$GPG_PRESET_PASSPHRASE --preset -P abc A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD
# Note: secring.asc and secring.skr.asc are the original secrings for
# our test files. We don't support this as storage format anymore but
# keep the files here for reference. The actual keys have been
# extracted and put in gpg-agent's format unter privkeys/. Because
# the current gpg's import feature does not support storing of
# unprotected keys in the new gpg-agent format, we had to resort to
# some trickery to convert them.
info "Printing the GPG version"
$GPG --version $GPG --version
#fixme: check that the output is correct #fixme: check that the output is as expected

2
tools/ChangeLog
View File

@ -1,5 +1,7 @@
2010-10-14 Werner Koch <wk@g10code.com> 2010-10-14 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c: Add option --agent-program.
* gpg-connect-agent.c (start_agent): Rewrite using the * gpg-connect-agent.c (start_agent): Rewrite using the
start_new_gpg_agent function. start_new_gpg_agent function.

6
tools/gpg-connect-agent.c
View File

@ -56,6 +56,7 @@ enum cmd_and_opt_values
oNoVerbose = 500, oNoVerbose = 500,
oHomedir, oHomedir,
oAgentProgram,
oHex, oHex,
oDecode, oDecode,
oNoExtConnect oNoExtConnect
@ -85,6 +86,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"), ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
ARGPARSE_s_s (oHomedir, "homedir", "@" ), ARGPARSE_s_s (oHomedir, "homedir", "@" ),
ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
ARGPARSE_end () ARGPARSE_end ()
}; };
@ -96,6 +98,7 @@ struct
int verbose; /* Verbosity level. */ int verbose; /* Verbosity level. */
int quiet; /* Be extra quiet. */ int quiet; /* Be extra quiet. */
const char *homedir; /* Configuration directory name */ const char *homedir; /* Configuration directory name */
const char *agent_program; /* Value of --agent-program. */
int hex; /* Print data lines in hex format. */ int hex; /* Print data lines in hex format. */
int decode; /* Decode received data lines. */ int decode; /* Decode received data lines. */
const char *raw_socket; /* Name of socket to connect in raw mode. */ const char *raw_socket; /* Name of socket to connect in raw mode. */
@ -1186,6 +1189,7 @@ main (int argc, char **argv)
case oVerbose: opt.verbose++; break; case oVerbose: opt.verbose++; break;
case oNoVerbose: opt.verbose = 0; break; case oNoVerbose: opt.verbose = 0; break;
case oHomedir: opt.homedir = pargs.r.ret_str; break; case oHomedir: opt.homedir = pargs.r.ret_str; break;
case oAgentProgram: opt.agent_program = pargs.r.ret_str; break;
case oHex: opt.hex = 1; break; case oHex: opt.hex = 1; break;
case oDecode: opt.decode = 1; break; case oDecode: opt.decode = 1; break;
case oRawSocket: opt.raw_socket = pargs.r.ret_str; break; case oRawSocket: opt.raw_socket = pargs.r.ret_str; break;
@ -2168,7 +2172,7 @@ start_agent (void)
err = start_new_gpg_agent (&ctx, err = start_new_gpg_agent (&ctx,
GPG_ERR_SOURCE_DEFAULT, GPG_ERR_SOURCE_DEFAULT,
opt.homedir, opt.homedir,
NULL, opt.agent_program,
NULL, NULL, NULL, NULL,
session_env, session_env,
!opt.quiet, 0, !opt.quiet, 0,