From 7dcad0d3503ac0d75e09efb16246dd78518986fc Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Mon, 8 Aug 2016 13:24:02 +0900
Subject: [PATCH] tests: Add openpgp/gpgv-forged-keyring.scm.

* tests/openpgp/gpgv-forged-keyring.scm: New.
* tests/openpgp/forged-keyring.gpg: New.
* tests/openpgp/Makefile.am (TESTS): Add gpgv-forged-keyring.scm.
* tests/openpgp/defs.scm (tools): Add GPGV.
(GPGV): New.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 tests/openpgp/Makefile.am             |   1 +
 tests/openpgp/defs.scm                |   2 +
 tests/openpgp/forged-keyring.gpg      | Bin 0 -> 970 bytes
 tests/openpgp/gpgv-forged-keyring.scm |  67 ++++++++++++++++++++++++++
 4 files changed, 70 insertions(+)
 create mode 100644 tests/openpgp/forged-keyring.gpg
 create mode 100755 tests/openpgp/gpgv-forged-keyring.scm

diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index 7983d6f8b..564439a72 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -72,6 +72,7 @@ TESTS = setup.scm \
 	conventional-mdc.scm \
 	multisig.scm \
 	verify.scm \
+	gpgv-forged-keyring.scm \
 	armor.scm \
 	import.scm \
 	ecc.scm \
diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm
index 2cbad46c5..4a968da93 100644
--- a/tests/openpgp/defs.scm
+++ b/tests/openpgp/defs.scm
@@ -53,6 +53,7 @@
 
 (define tools
   '((gpg "GPG" "g10/gpg")
+    (gpgv "GPGV" "g10/gpgv")
     (gpg-agent "GPG_AGENT" "agent/gpg-agent")
     (gpg-connect-agent "GPG_CONNECT_AGENT" "tools/gpg-connect-agent")
     (gpgconf "GPGCONF" "tools/gpgconf")
@@ -78,6 +79,7 @@
 
 (define GPG `(,(tool 'gpg) --no-permission-warning
 	      ,@(if have-opt-always-trust '(--always-trust) '())))
+(define GPGV `(,(tool 'gpgv)))
 (define PINENTRY (tool 'pinentry))
 
 (define (tr:gpg input args)
diff --git a/tests/openpgp/forged-keyring.gpg b/tests/openpgp/forged-keyring.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..8fe733a3c7a21db08128ab6ce091cf63069958db
GIT binary patch
literal 970
zcmbQq$jcI*W&eVagJFgA*__ggwW)Ke{0>)7eR=rUx$;Aca<6XN;MaO{`l`-f!h5zH
zF8aGvA#2s5PZM^E)*hd#63}Mi%FFudkxBV4^Eo1GKh$$>^jUgFOStm3MUY~`QUN>b
z=L^aYd=lQxz;-i@weY~ww%uXzC;lA}+Nm_@Y6$CvIZq;W9{;X4m7MU_i|_4i`-Wfj
zK^IQ0_Bh9~<>Sq#%a^X-FyZw?_qOCEm7B5(zy9xEAsQbTl~&|-#!|j9;ZyFiu;5GK
zn;$J*GxO@~m3}u{Z$EE2ILCKG^yI6vYh^vuW+yei?)voQ%I&7i8zIWClo-P=H}|@~
zz8=W=GWYVHvS~Z7$6gY@{>Ac>{H+IV8;&vvGBPl3QFl$w$X5tSEiO^eNJ-7jSIADS
z)KsuZ1&TVPRwU*Y<fQ85rIy%rgt7<=GBJp<GMPPIQqRoI#mp?q%)~6l#K<Jxz`(^R
zVAvzS?$`TV>2zj>1)DRXl$i4VI%>{PR9|Gg^^BGjI}gJw<^xl%+1uTA*uCb)N{ce%
zJIk*aiEm(HVBW&#T9%4rJF-<f81Pu7aF=18#qlrAHP3U;bFitrR`{wAY@c~Ii($dM
zd9G7#PTupc)n?;^33n>RC**dzfvpk(dN(yEKM$96@_4L^TgEWYYAV~attpW~;Q`y`
zNzQqdYroBNE5rQ4XFRE&8RjkJQd4|#>$2j0hWAXeAnSGlQ=8f2iT?#y7`7~ZtJW*{
zUoENoUiNHH6CaIq+4uXGewwZNAUlS6#VRw~2e0P}+?Gj*ej<HM>96OD4we60JKP_?
z`hGrSnY)&YL*0qzOLzEww)q{&w(ayum07El<r+KM=P>XWyS(bDyJ9<SU(KYMzMfVO
z1g1FLchPhDCbHT=lJBA^Q^ej4s~)_+&cMvd!Z5w$oz&e)T+f8!`UG!Yj$9(UZqllD
zE4$}&P4wPQ&FBtZ+c?c|(f$wb&mKFosrt$HyADU@zO--4*V^aA71bgAbY^zUv+b;R
zXQ&@j-8(<$%2fWIm)Do?+!Xx!gH~PLC;i)BHtpwn=knTa0neqdUp&kPY+k;f`e$B#
z*0Ch7zUOuNp(h<~EE2#(#0E-46aOQpn*Iq4a|QohOW*oW@$g)|)U7pZEN_-Q{@}x~
cpx;kG(|M<7^`RT<*Vauf6*;swSQ8Ys0F~^mKL7v#

literal 0
HcmV?d00001

diff --git a/tests/openpgp/gpgv-forged-keyring.scm b/tests/openpgp/gpgv-forged-keyring.scm
new file mode 100755
index 000000000..7094c96bb
--- /dev/null
+++ b/tests/openpgp/gpgv-forged-keyring.scm
@@ -0,0 +1,67 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2016 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (with-path "defs.scm"))
+
+(define msg_signed_asc "
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This is an example text file to demonstrate a problem.
+
+Using forged-keyring.gpg with signature cache, it looks like it is
+signed by the following key:
+
+    Echo Test (demo key) <echo@example.net>
+
+But actually not.
+
+It is signed by a key (steve.biko@example.net) distributed as:
+
+    gnupg/tests/openpgp/samplekeys/rsa-rsa-sample-1.asc
+
+in GnuPG.
+
+The forged-keyring.gpg file is created by a key in
+
+    gnupg/tests/openpgp/pubdemo.asc
+
+Replacing the raw key material packet by one of rsa-rsa-sample-1.asc.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQEcBAEBCAAGBQJXp+5MAAoJEKpD8dzH/tG3bGMH/1idFLJAaMxkrq+JguvAboiN
+tAA44IdAgJvAxtR5w5fgfed7PfsH70+tj54/ZTObt7rZDIlj/YBQ7XeCwd7/O5vx
+W0QtjjAxMuAPH80rVv4JIoflxV/deD8YaV9EhPE+6W5G0Z8SYL9B2RzdBVMwJY9+
+OZGJeKnUZ92Zg9jFr+H5gQNSeYdDHVDWYxr/xJUf0jYsZvAIBfB1mcSK1niiiVBv
+GAcUC/I8g18a7pCS9Qf9iZflqxX4AXfocAGQqQAiG4744OCNhVa5q6TScqhaGUah
+N1Glbw1OJfP1q+QFPMPKoCsTYmZpuugq2b5gV/eH0Abvk2pG4Fo/YTDPHhec7Jk=
+=NnY/
+-----END PGP SIGNATURE-----
+")
+
+(for-each-p
+ "Checking that a signature by bad key should not be verified"
+ (lambda (armored-file)
+   (catch '()
+	  (pipe:do
+	   (pipe:echo (eval armored-file (current-environment)))
+	   (pipe:spawn `(,@GPGV --keyring ,(in-srcdir "forged-keyring.gpg"))))
+	  (error "verification succeded but should not")))
+ '(msg_signed_asc))