diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index 59f39e2f7..acb4fa8ce 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -1,290 +1,293 @@
# Makefile.am - For tests/openpgp
# Copyright (C) 1998, 1999, 2000, 2001, 2003,
# 2010 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see .
# Process this file with automake to create Makefile.in
# Programs required before we can run these tests.
required_pgms = ../../g10/gpg$(EXEEXT) ../../agent/gpg-agent$(EXEEXT) \
../../tools/gpg-connect-agent$(EXEEXT) \
../gpgscm/gpgscm$(EXEEXT)
AM_CPPFLAGS = -I$(top_srcdir)/common
include $(top_srcdir)/am/cmacros.am
AM_CFLAGS =
noinst_PROGRAMS = fake-pinentry
fake_pinentry_SOURCES = fake-pinentry.c
TESTS_ENVIRONMENT = LC_ALL=C \
EXEEXT=$(EXEEXT) \
PATH="../gpgscm:$(PATH)" \
abs_top_srcdir="$(abs_top_srcdir)" \
objdir="$(abs_top_builddir)" \
GPGSCM_PATH="$(abs_top_srcdir)/tests/gpgscm"
XTESTS = \
version.scm \
enarmor.scm \
mds.scm \
decrypt.scm \
decrypt-multifile.scm \
decrypt-dsa.scm \
decrypt-session-key.scm \
decrypt-unwrap-verify.scm \
sigs.scm \
sigs-dsa.scm \
encrypt.scm \
encrypt-multifile.scm \
encrypt-dsa.scm \
compression.scm \
seat.scm \
clearsig.scm \
encryptp.scm \
detach.scm \
detachm.scm \
armsigs.scm \
armencrypt.scm \
armencryptp.scm \
signencrypt.scm \
signencrypt-dsa.scm \
armsignencrypt.scm \
armdetach.scm \
armdetachm.scm \
genkey1024.scm \
conventional.scm \
conventional-mdc.scm \
multisig.scm \
verify.scm \
verify-multifile.scm \
gpgv.scm \
gpgv-forged-keyring.scm \
armor.scm \
import.scm \
import-revocation-certificate.scm \
ecc.scm \
4gb-packet.scm \
tofu.scm \
trust-pgp-1.scm \
trust-pgp-2.scm \
trust-pgp-3.scm \
gpgtar.scm \
use-exact-key.scm \
default-key.scm \
export.scm \
ssh-import.scm \
ssh-export.scm \
quick-key-manipulation.scm \
key-selection.scm \
delete-keys.scm \
gpgconf.scm \
issue2015.scm \
issue2346.scm \
issue2417.scm \
issue2419.scm \
issue2929.scm \
issue2941.scm
# Temporary removed tests:
# trust-pgp-4.scm
# XXX: Currently, one cannot override automake's 'check' target. As a
# workaround, we avoid defining 'TESTS', thus automake will not emit
# the 'check' target. For extra robustness, we merely define a
# dependency on 'xcheck', so this hack should also work even if
# automake would emit the 'check' target, as adding dependencies to
# targets is okay.
check: xcheck
.PHONY: xcheck
xcheck:
$(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm \
$(abs_srcdir)/run-tests.scm $(TESTFLAGS) $(TESTS)
TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
plain-1.asc plain-2.asc plain-3.asc plain-1-pgp.asc \
plain-largeo.asc plain-large.asc \
pubring.pkr.asc secring.skr.asc secdemo.asc pubdemo.asc \
bug537-test.data.asc bug894-test.asc \
bug1223-good.asc bug1223-bogus.asc 4gb-packet.asc \
tofu/conflicting/1C005AF3.gpg \
tofu/conflicting/1C005AF3-secret.gpg \
tofu/conflicting/1C005AF3-1.txt \
tofu/conflicting/1C005AF3-2.txt \
tofu/conflicting/1C005AF3-3.txt \
tofu/conflicting/1C005AF3-4.txt \
tofu/conflicting/1C005AF3-5.txt \
tofu/conflicting/B662E42F.gpg \
tofu/conflicting/B662E42F-secret.gpg \
tofu/conflicting/B662E42F-1.txt \
tofu/conflicting/B662E42F-2.txt \
tofu/conflicting/B662E42F-3.txt \
tofu/conflicting/B662E42F-4.txt \
tofu/conflicting/B662E42F-5.txt \
tofu/conflicting/BE04EB2B.gpg \
tofu/conflicting/BE04EB2B-secret.gpg \
tofu/conflicting/BE04EB2B-1.txt \
tofu/conflicting/BE04EB2B-2.txt \
tofu/conflicting/BE04EB2B-3.txt \
tofu/conflicting/BE04EB2B-4.txt \
tofu/conflicting/BE04EB2B-5.txt \
tofu/cross-sigs/EC38277E-secret.gpg \
tofu/cross-sigs/EC38277E-1.gpg \
tofu/cross-sigs/EC38277E-1.txt \
tofu/cross-sigs/EC38277E-2.gpg \
tofu/cross-sigs/EC38277E-2.txt \
tofu/cross-sigs/EC38277E-3.txt \
tofu/cross-sigs/871C2247-secret.gpg \
tofu/cross-sigs/871C2247-1.gpg \
tofu/cross-sigs/871C2247-1.txt \
tofu/cross-sigs/871C2247-2.gpg \
tofu/cross-sigs/871C2247-2.txt \
tofu/cross-sigs/871C2247-3.gpg \
tofu/cross-sigs/871C2247-3.txt \
tofu/cross-sigs/871C2247-4.gpg \
tofu/cross-sigs/README \
key-selection/0.asc \
key-selection/1.asc \
key-selection/2.asc \
key-selection/3.asc \
key-selection/4.asc \
trust-pgp/scenario1.asc \
trust-pgp/scenario2.asc \
trust-pgp/scenario3.asc \
trust-pgp/scenario4.asc \
trust-pgp/alice.sec.asc \
trust-pgp/bobby.sec.asc \
trust-pgp/carol.sec.asc \
trust-pgp/david.sec.asc \
trust-pgp/frank.sec.asc \
trust-pgp/grace.sec.asc \
trust-pgp/heidi.sec.asc
data_files = data-500 data-9000 data-32000 data-80000 plain-large
priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \
privkeys/7E201E28B6FEB2927B321F443205F4724EBE637E.asc \
privkeys/13FDB8809B17C5547779F9D205C45F47CE0217CE.asc \
privkeys/343D8AF79796EE107D645A2787A9D9252F924E6F.asc \
privkeys/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.asc \
privkeys/0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc \
privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc \
privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc \
privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc \
privkeys/0DD40284FF992CD24DC4AAC367037E066FCEE26A.asc \
privkeys/2BC997C0B8691D41D29A4EC81CCBCF08454E4961.asc \
privkeys/3C9D5ECA70130C2DBB1FC6AC0076BEEEC197716F.asc \
privkeys/449E644892C951A37525654730DD32C202079926.asc \
privkeys/58FFE844087634E62440224908BDE44BEA7EB730.asc \
privkeys/4DF9172D6FF428C97A0E9AA96F03E8BCE3B2F188.asc \
privkeys/9D7CD8F53F2F14C3E2177D1E9D1D11F39513A4A4.asc \
privkeys/6E6B7ED0BD4425018FFC54F3921D5467A3AE00EB.asc \
privkeys/C905D0AB6AE9655C5A35975939997BBF3325D6DD.asc \
privkeys/B2BAA7144303DF19BB6FDE23781DD3FDD97918D4.asc \
privkeys/CF60965BF51F67CF80DECE853E0D2D343468571D.asc \
privkeys/DF00E361D34F80868D06879AC21D7A7D4E4FAD76.asc \
privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc \
privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc \
privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc \
privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc \
privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc \
privkeys/1E28F20E41B54C2D1234D896096495FF57E08D18.asc \
privkeys/EB33B687EB8581AB64D04852A54453E85F3DF62D.asc \
privkeys/C6A6390E9388CDBAD71EAEA698233FE5E04F001E.asc \
- privkeys/D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3.asc
+ privkeys/D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3.asc \
+ privkeys/891067FFFC6D67D37BD4BFC399191C5F3989D1B5.key \
+ privkeys/F27FC04CB01723A4CB6F5399F7B86CCD82C0169C.key
sample_keys = samplekeys/README \
samplekeys/ecc-sample-1-pub.asc \
samplekeys/ecc-sample-2-pub.asc \
samplekeys/ecc-sample-3-pub.asc \
samplekeys/ecc-sample-1-sec.asc \
samplekeys/ecc-sample-2-sec.asc \
samplekeys/ecc-sample-3-sec.asc \
samplekeys/eddsa-sample-1-pub.asc \
samplekeys/eddsa-sample-1-sec.asc \
samplekeys/dda252ebb8ebe1af-1.asc \
samplekeys/dda252ebb8ebe1af-2.asc \
samplekeys/whats-new-in-2.1.asc \
samplekeys/e2e-p256-1-clr.asc \
samplekeys/e2e-p256-1-prt.asc \
samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc \
samplekeys/rsa-rsa-sample-1.asc \
samplekeys/ed25519-cv25519-sample-1.asc \
+ samplekeys/ed25519-cv25519-sample-2.asc \
samplekeys/silent-running.asc \
samplekeys/ssh-dsa.key \
samplekeys/ssh-ecdsa.key \
samplekeys/ssh-ed25519.key \
samplekeys/ssh-rsa.key \
samplekeys/issue2346.gpg \
samplekeys/authenticate-only.pub.asc \
samplekeys/authenticate-only.sec.asc
sample_msgs = samplemsgs/clearsig-1-key-1.asc \
samplemsgs/clearsig-2-keys-1.asc \
samplemsgs/clearsig-2-keys-2.asc \
samplemsgs/enc-1-key-1.asc \
samplemsgs/enc-1-key-2.asc \
samplemsgs/enc-2-keys-1.asc \
samplemsgs/enc-2-keys-2.asc \
samplemsgs/enc-2-keys-hh-1.asc \
samplemsgs/enc-2-keys-hr-1.asc \
samplemsgs/enc-2-keys-rh-1.asc \
samplemsgs/encsig-2-2-keys-3.asc \
samplemsgs/encsig-2-2-keys-4.asc \
samplemsgs/encsig-2-keys-1.asc \
samplemsgs/encsig-2-keys-2.asc \
samplemsgs/encsig-2-keys-3.asc \
samplemsgs/encsig-2-keys-4.asc \
samplemsgs/encz0-1-key-1.asc \
samplemsgs/encz0-1-key-2.asc \
samplemsgs/issue2419.asc \
samplemsgs/revoke-2D727CC768697734.asc \
samplemsgs/sig-1-key-1.asc \
samplemsgs/sig-1-key-2.asc \
samplemsgs/sig-2-keys-1.asc \
samplemsgs/sig-2-keys-2.asc \
samplemsgs/signed-1-key-1.asc \
samplemsgs/signed-1-key-2.asc \
samplemsgs/signed-2-keys-1.asc \
samplemsgs/signed-2-keys-2.asc
EXTRA_DIST = defs.scm trust-pgp/common.scm $(XTESTS) $(TEST_FILES) \
mkdemodirs signdemokey $(priv_keys) $(sample_keys) \
$(sample_msgs) ChangeLog-2011 run-tests.scm trust-pgp-4.scm \
setup.scm shell.scm all-tests.scm signed-messages.scm
CLEANFILES = prepared.stamp x y yy z out err $(data_files) \
plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \
*.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \
pubring.gpg pubring.gpg~ pubring.kbx pubring.kbx~ \
secring.gpg pubring.pkr secring.skr \
gnupg-test.stop random_seed gpg-agent.log tofu.db \
passphrases sshcontrol S.gpg-agent.ssh report.xml
XTESTS += trust-pgp-4.scm
clean-local:
-rm -rf private-keys-v1.d openpgp-revocs.d tofu.d gpgtar.d
# We need to depend on a couple of programs so that the tests don't
# start before all programs are built.
all-local: $(required_pgms)
diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm
index b864005ba..8e0631e5c 100644
--- a/tests/openpgp/defs.scm
+++ b/tests/openpgp/defs.scm
@@ -1,509 +1,519 @@
;; Common definitions for the OpenPGP test scripts.
;;
;; Copyright (C) 2016, 2017 g10 Code GmbH
;;
;; This file is part of GnuPG.
;;
;; GnuPG is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation; either version 3 of the License, or
;; (at your option) any later version.
;;
;; GnuPG is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU General Public License for more details.
;;
;; You should have received a copy of the GNU General Public License
;; along with this program; if not, see .
;;
;; Constants.
;;
(define usrname1 "one@example.com")
(define usrpass1 "def")
(define usrname2 "two@example.com")
(define usrpass2 "")
(define usrname3 "three@example.com")
(define usrpass3 "")
(define dsa-usrname1 "pgp5")
;; we use the sub key because we do not yet have the logic to derive
;; the first encryption key from a keyblock (I guess) (Well of course
;; we have this by now and the notation below will lookup the primary
;; first and then search for the encryption subkey.)
(define dsa-usrname2 "0xCB879DE9")
(define keys
(package
(define (new fpr grip uids subkeys)
(package))
(define (subkey fpr grip)
(package))
(define alfa (new "A0FF4590BB6122EDEF6E3C542D727CC768697734"
"76F7E2B35832976B50A27A282D9B87E44577EB66"
'("alfa@example.net" "alpha@example.net")
(list
(subkey "3B3FBC948FE59301ED629EFB6AE6D7EE46A871F8"
"A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD"))))
(define one (new "289B0EF1D105E124B6F626020EF77096D74C5F22"
"50B2D4FA4122C212611048BC5FC31BD44393626E"
'("one@example.com")
(list
(subkey "EB467DCA4AD7676A6A62B2ABABAB28A247BE2775"
"7E201E28B6FEB2927B321F443205F4724EBE637E"))))
(define two (new "C1DEBB34EA8B71009EAFA474973D50E1C40FDECF"
"343D8AF79796EE107D645A2787A9D9252F924E6F"
'("two@example.com")
(list
(subkey "CD3D0F5701CBFCACB2A4907305A37887B27907AA"
"8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34"))))))
(define key-file1 "samplekeys/rsa-rsa-sample-1.asc")
(define key-file2 "samplekeys/ed25519-cv25519-sample-1.asc")
(define plain-files '("plain-1" "plain-2" "plain-3" "plain-large"))
(define data-files '("data-500" "data-9000" "data-32000" "data-80000"))
(define exp-files '())
(define all-files (append plain-files data-files))
(let ((verbose (string->number (getenv "verbose"))))
(if (number? verbose)
(*set-verbose!* verbose)))
(define (qualify executable)
(string-append executable (getenv "EXEEXT")))
(define (getenv' key default)
(let ((value (getenv key)))
(if (string=? "" value)
default
value)))
(define (percent-decode s)
(define (decode c)
(if (and (> (length c) 2) (char=? #\% (car c)))
(integer->char (string->number (string #\# #\x (cadr c) (caddr c))))
#f))
(let loop ((i 0) (c (string->list s)) (r (make-string (string-length s))))
(if (null? c)
(substring r 0 i)
(let ((decoded (decode c)))
(string-set! r i (if decoded decoded (car c)))
(loop (+ 1 i) (if decoded (cdddr c) (cdr c)) r)))))
(assert (equal? (percent-decode "") ""))
(assert (equal? (percent-decode "%61") "a"))
(assert (equal? (percent-decode "foob%61r") "foobar"))
(define (percent-encode s)
(define (encode c)
`(#\% ,@(string->list (number->string (char->integer c) 16))))
(let loop ((acc '()) (cs (reverse (string->list s))))
(if (null? cs)
(list->string acc)
(case (car cs)
((#\: #\%)
(loop (append (encode (car cs)) acc) (cdr cs)))
(else
(loop (cons (car cs) acc) (cdr cs)))))))
(assert (equal? (percent-encode "") ""))
(assert (equal? (percent-encode "%61") "%2561"))
(assert (equal? (percent-encode "foob%61r") "foob%2561r"))
(define tools
'((gpgv "GPGV" "g10/gpgv")
(gpg-connect-agent "GPG_CONNECT_AGENT" "tools/gpg-connect-agent")
(gpgconf "GPGCONF" "tools/gpgconf")
(gpg-preset-passphrase "GPG_PRESET_PASSPHRASE"
"agent/gpg-preset-passphrase")
(gpgtar "GPGTAR" "tools/gpgtar")
(gpg-zip "GPGZIP" "tools/gpg-zip")
(pinentry "PINENTRY" "tests/openpgp/fake-pinentry")))
(define bin-prefix (getenv "BIN_PREFIX"))
(define installed? (not (string=? "" bin-prefix)))
(define with-valgrind? (not (string=? (getenv "with_valgrind") "")))
(define (tool-hardcoded which)
(let ((t (assoc which tools)))
(getenv' (cadr t)
(qualify (if installed?
(string-append bin-prefix "/" (basename (caddr t)))
(string-append (getenv "objdir") "/" (caddr t)))))))
;; You can splice VALGRIND into your argument vector to run programs
;; under valgrind. For example, to run valgrind on gpg, you may want
;; to redefine gpg:
;;
;; (set! gpg `(,@valgrind ,@gpg))
;;
(define valgrind
'("/usr/bin/valgrind" -q --leak-check=no --track-origins=yes
--error-exitcode=154 --exit-on-first-error=yes))
(unless installed?
(setenv "GNUPG_BUILDDIR" (getenv "objdir") #t))
(define (gpg-conf . args)
(gpg-conf' "" args))
(define (gpg-conf' input args)
(let ((s (call-popen `(,(tool-hardcoded 'gpgconf)
,@(if installed? '()
(list '--build-prefix (getenv "objdir")))
,@args) input)))
(map (lambda (line) (map percent-decode (string-split line #\:)))
(string-split-newlines s))))
(define :gc:c:name car)
(define :gc:c:description cadr)
(define :gc:c:pgmname caddr)
(define (:gc:o:name x) (list-ref x 0))
(define (:gc:o:flags x) (string->number (list-ref x 1)))
(define (:gc:o:level x) (string->number (list-ref x 2)))
(define (:gc:o:description x) (list-ref x 3))
(define (:gc:o:type x) (string->number (list-ref x 4)))
(define (:gc:o:alternate-type x) (string->number (list-ref x 5)))
(define (:gc:o:argument-name x) (list-ref x 6))
(define (:gc:o:default-value x) (list-ref x 7))
(define (:gc:o:default-argument x) (list-ref x 8))
(define (:gc:o:value x) (if (< (length x) 10) "" (list-ref x 9)))
(define (gpg-config component key)
(package
(define (value)
(let* ((conf (assoc key (gpg-conf '--list-options component)))
(type (:gc:o:type conf))
(value (:gc:o:value conf)))
(case type
((0 2 3) (string->number value))
((1 32) (substring value 1 (string-length value))))))
(define (update value)
(let ((value' (cond
((string? value) (string-append "\"" value))
((number? value) (number->string value))
(else (throw "Unsupported value" value)))))
(gpg-conf' (string-append key ":0:" (percent-encode value'))
`(--change-options ,component))))
(define (clear)
(gpg-conf' (string-append key ":16:")
`(--change-options ,component)))))
(define gpg-components (apply gpg-conf '(--list-components)))
(define (tool which)
(case which
((gpg gpg-agent scdaemon gpgsm dirmngr)
(:gc:c:pgmname (assoc (symbol->string which) gpg-components)))
(else
(tool-hardcoded which))))
(define (gpg-has-option? option)
(string-contains? (call-popen `(,(tool 'gpg) --dump-options) "")
option))
(define have-opt-always-trust
(catch #f
(with-ephemeral-home-directory (lambda ()) (lambda ())
(call-check `(,(tool 'gpg) --gpgconf-test --always-trust)))
#t))
(define GPG `(,(tool 'gpg) --no-permission-warning
,@(if have-opt-always-trust '(--always-trust) '())))
(define GPGV `(,(tool 'gpgv)))
(define PINENTRY (tool 'pinentry))
(define (tr:gpg input args)
(tr:spawn input `(,@GPG --output **out** ,@args **in**)))
+(define (tr:gpgstatus input args)
+ (tr:spawn input `(,@GPG --output dummy --status-file **out** ,@args **in**)))
+
(define (pipe:gpg args)
(pipe:spawn `(,@GPG --output - ,@args -)))
(define (gpg-with-colons args)
(let ((s (call-popen `(,@GPG --with-colons ,@args) "")))
(map (lambda (line) (string-split line #\:))
(string-split-newlines s))))
;; Convenient accessors for the colon output.
(define (:type x) (string->symbol (list-ref x 0)))
(define (:length x) (string->number (list-ref x 2)))
(define (:alg x) (string->number (list-ref x 3)))
(define (:expire x) (list-ref x 6))
(define (:fpr x) (list-ref x 9))
(define (:cap x) (list-ref x 11))
(define (have-public-key? key)
(catch #f
(pair? (filter (lambda (l) (and (equal? 'fpr (:type l))
(equal? key::fpr (:fpr l))))
(gpg-with-colons `(--list-keys ,key::fpr))))))
(define (have-secret-key? key)
(catch #f
(pair? (filter (lambda (l) (and (equal? 'fpr (:type l))
(equal? key::fpr (:fpr l))))
(gpg-with-colons `(--list-secret-keys ,key::fpr))))))
(define (have-secret-key-file? key)
(file-exists? (path-join (getenv "GNUPGHOME") "private-keys-v1.d"
(string-append key::grip ".key"))))
(define (get-config what)
(string-split (caddar (gpg-with-colons `(--list-config ,what))) #\;))
(define all-pubkey-algos (delay (get-config "pubkeyname")))
(define all-hash-algos (delay (get-config "digestname")))
(define all-cipher-algos (delay (get-config "ciphername")))
(define all-compression-algos (delay (get-config "compressname")))
(define (have-pubkey-algo? x)
(not (not (member x (force all-pubkey-algos)))))
(define (have-hash-algo? x)
(not (not (member x (force all-hash-algos)))))
(define (have-cipher-algo? x)
(not (not (member x (force all-cipher-algos)))))
(define (have-compression-algo? x)
(not (not (member x (force all-compression-algos)))))
(define (gpg-pipe args0 args1 errfd)
(lambda (source sink)
(let* ((p (pipe))
(task0 (spawn-process-fd `(,@GPG ,@args0)
source (:write-end p) errfd))
(_ (close (:write-end p)))
(task1 (spawn-process-fd `(,@GPG ,@args1)
(:read-end p) sink errfd)))
(close (:read-end p))
(wait-processes (list GPG GPG) (list task0 task1) #t))))
(setenv "GPG_AGENT_INFO" "" #t)
(setenv "GNUPGHOME" (getcwd) #t)
(define GNUPGHOME (getcwd))
;;
;; GnuPG helper.
;;
;; Call GPG to obtain the hash sums. Either specify an input file in
;; ARGS, or an string in INPUT. Returns a list of (
;; "") lists.
(define (gpg-hash-string args input)
(map
(lambda (line)
(let ((p (string-split line #\:)))
(list (string->number (cadr p)) (caddr p))))
(string-split-newlines
(call-popen `(,@GPG --with-colons ,@args) input))))
;; Dearmor a file.
(define (dearmor source-name sink-name)
(pipe:do
(pipe:open source-name (logior O_RDONLY O_BINARY))
(pipe:spawn `(,@GPG --dearmor))
(pipe:write-to sink-name (logior O_WRONLY O_CREAT O_BINARY) #o600)))
(define (gpg-dump-packets source-name sink-name)
(pipe:do
(pipe:open source-name (logior O_RDONLY O_BINARY))
(pipe:spawn `(,@GPG --list-packets))
(pipe:write-to sink-name (logior O_WRONLY O_CREAT O_BINARY) #o600)))
;;
;; Support for test environment creation and teardown.
;;
(define (make-test-data filename size)
(call-with-binary-output-file
filename
(lambda (port)
(display (make-random-string size) port))))
(define (create-file name . lines)
(catch #f (unlink name))
(letfd ((fd (open name (logior O_WRONLY O_CREAT O_BINARY) #o600)))
(let ((port (fdopen fd "wb")))
(for-each (lambda (line) (display line port) (newline port))
lines))))
(define (create-gpghome)
(log "Creating test environment...")
(srandom (getpid))
(make-test-data "random_seed" 600)
(log "Creating configuration files")
(if (flag "--use-keyring" *args*)
(create-file "pubring.gpg"))
(create-file "gpg.conf"
"no-greeting"
"no-secmem-warning"
"no-permission-warning"
"batch"
"no-auto-key-retrieve"
"no-auto-key-locate"
"allow-weak-digest-algos"
"allow-weak-key-signatures"
"ignore-mdc-error"
(if have-opt-always-trust
"no-auto-check-trustdb" "#no-auto-check-trustdb")
(string-append "agent-program "
(tool 'gpg-agent)
"|--debug-quick-random\n")
)
(create-file "gpg-agent.conf"
"allow-preset-passphrase"
"no-grab"
"enable-ssh-support"
(if (flag "--extended-key-format" *args*)
"enable-extended-key-format" "#enable-extended-key-format")
(string-append "pinentry-program " (tool 'pinentry))
"disable-scdaemon"))
;; Initialize the test environment, install appropriate configuration
;; and start the agent, without any keys.
(define (setup-environment)
(create-gpghome)
(start-agent))
(define (setup-environment-no-atexit)
(create-gpghome)
(start-agent #t))
(define (create-sample-files)
(log "Creating sample data files")
(for-each
(lambda (size)
(make-test-data (string-append "data-" (number->string size))
size))
'(500 9000 32000 80000))
(log "Unpacking samples")
(for-each
(lambda (name)
(dearmor (in-srcdir "tests" "openpgp" (string-append name "o.asc")) name))
plain-files))
(define (create-legacy-gpghome)
(create-sample-files)
(log "Storing private keys")
(for-each
(lambda (name)
(dearmor (in-srcdir "tests" "openpgp" "privkeys" (string-append name ".asc"))
(string-append "private-keys-v1.d/" name ".key")))
'("50B2D4FA4122C212611048BC5FC31BD44393626E"
"7E201E28B6FEB2927B321F443205F4724EBE637E"
"13FDB8809B17C5547779F9D205C45F47CE0217CE"
"343D8AF79796EE107D645A2787A9D9252F924E6F"
"8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34"
"0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255"
"FD692BD59D6640A84C8422573D469F84F3B98E53"
"76F7E2B35832976B50A27A282D9B87E44577EB66"
"A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD"
"00FE67F28A52A8AA08FFAED20AF832DA916D1985"
"1DF48228FEFF3EC2481B106E0ACA8C465C662CC5"
"A2832820DC9F40751BDCD375BB0945BA33EC6B4C"
"ADE710D74409777B7729A7653373D820F67892E0"
"CEFC51AF91F68A2904FBFF62C4F075A4785B803F"
"1E28F20E41B54C2D1234D896096495FF57E08D18"
"EB33B687EB8581AB64D04852A54453E85F3DF62D"
"C6A6390E9388CDBAD71EAEA698233FE5E04F001E"
"D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3"))
+ (for-each
+ (lambda (name)
+ (file-copy (in-srcdir "tests" "openpgp" "privkeys"
+ (string-append name ".key"))
+ (string-append "private-keys-v1.d/" name ".key")))
+ '("891067FFFC6D67D37BD4BFC399191C5F3989D1B5"
+ "F27FC04CB01723A4CB6F5399F7B86CCD82C0169C"))
(log "Importing public demo and test keys")
(for-each
(lambda (file)
(call-check `(,@GPG --yes --import ,(in-srcdir "tests" "openpgp" file))))
(list "pubdemo.asc" "pubring.asc" key-file1))
(pipe:do
(pipe:open (in-srcdir "tests" "openpgp" "pubring.pkr.asc") (logior O_RDONLY O_BINARY))
(pipe:spawn `(,@GPG --dearmor))
(pipe:spawn `(,@GPG --yes --import))))
(define (preset-passphrases)
(log "Presetting passphrases")
;; one@example.com
(call-check `(,(tool 'gpg-preset-passphrase)
--preset --passphrase def
"50B2D4FA4122C212611048BC5FC31BD44393626E"))
(call-check `(,(tool 'gpg-preset-passphrase)
--preset --passphrase def
"7E201E28B6FEB2927B321F443205F4724EBE637E"))
;; alpha@example.net
(call-check `(,(tool 'gpg-preset-passphrase)
--preset --passphrase abc
"76F7E2B35832976B50A27A282D9B87E44577EB66"))
(call-check `(,(tool 'gpg-preset-passphrase)
--preset --passphrase abc
"A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD")))
;; Initialize the test environment, install appropriate configuration
;; and start the agent, with the keys from the legacy test suite.
(define (setup-legacy-environment)
(create-gpghome)
(if (member "--unpack-tarball" *args*)
(begin
(call-check `(,(tool 'gpgtar) --extract --directory=. ,(cadr *args*)))
(start-agent))
(begin
(start-agent)
(create-legacy-gpghome)))
(preset-passphrases))
;; Create the socket dir and start the agent.
(define (start-agent . args)
(log "Starting gpg-agent...")
(let ((gnupghome (getenv "GNUPGHOME")))
(if (null? args)
(atexit (lambda ()
(with-home-directory gnupghome (stop-agent))))))
(catch (log "Warning: Creating socket directory failed:" (car *error*))
(gpg-conf '--create-socketdir))
(call-check `(,(tool 'gpg-connect-agent) --verbose
,(string-append "--agent-program=" (tool 'gpg-agent)
"|--debug-quick-random")
/bye)))
;; Stop the agent and other daemons and remove the socket dir.
(define (stop-agent)
(log "Stopping gpg-agent...")
(gpg-conf '--kill 'all)
(catch (log "Warning: Removing socket directory failed.")
(gpg-conf '--remove-socketdir)))
;; Get the trust level for KEYID. Any remaining arguments are simply
;; passed to GPG.
;;
;; This function only supports keys with a single user id.
(define (gettrust keyid . args)
(let ((trust
(list-ref (assoc "pub" (gpg-with-colons
`(,@args
--list-keys ,keyid))) 1)))
(unless (and (= 1 (string-length trust))
(member (string-ref trust 0) (string->list "oidreqnmfuws-")))
(fail "Bad trust value:" trust))
trust))
;; Check that KEYID's trust level matches EXPECTED-TRUST. Any
;; remaining arguments are simply passed to GPG.
;;
;; This function only supports keys with a single user id.
(define (checktrust keyid expected-trust . args)
(let ((trust (apply gettrust `(,keyid ,@args))))
(unless (string=? trust expected-trust)
(fail keyid ": Expected trust to be" expected-trust
"but got" trust))))
;;
;; Enable checking with valgrind if the envvar "with_valgrind" is set
;;
(when with-valgrind?
(set! gpg `(,@valgrind ,@gpg)))
;; end
diff --git a/tests/openpgp/encrypt.scm b/tests/openpgp/encrypt.scm
index f59a1f0c1..ef2f7b0bc 100755
--- a/tests/openpgp/encrypt.scm
+++ b/tests/openpgp/encrypt.scm
@@ -1,61 +1,126 @@
#!/usr/bin/env gpgscm
;; Copyright (C) 2016 g10 Code GmbH
;;
;; This file is part of GnuPG.
;;
;; GnuPG is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation; either version 3 of the License, or
;; (at your option) any later version.
;;
;; GnuPG is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU General Public License for more details.
;;
;; You should have received a copy of the GNU General Public License
;; along with this program; if not, see .
(load (in-srcdir "tests" "openpgp" "defs.scm"))
(setup-legacy-environment)
(for-each-p
"Checking encryption"
(lambda (source)
(tr:do
(tr:open source)
(tr:gpg "" `(--yes --encrypt --recipient ,usrname2))
(tr:gpg "" '(--yes --decrypt))
(tr:assert-identity source)))
(append plain-files data-files))
(for-each-p
"Checking encryption using a specific cipher algorithm"
(lambda (cipher)
(for-each-p
""
(lambda (source)
(tr:do
(tr:open source)
(tr:gpg "" `(--yes --encrypt --recipient ,usrname2
--cipher-algo ,cipher))
(tr:gpg "" '(--yes --decrypt))
(tr:assert-identity source)))
(append plain-files data-files)))
(force all-cipher-algos))
;; We encrypt to two keys and we have also put the first key into our
;; pubring, so that decryption will work.
(for-each-p
"Checking encryption using a key from file"
(lambda (source)
(tr:do
(tr:open source)
(tr:gpg "" `(--yes -v --no-keyring --encrypt
--recipient-file ,(in-srcdir "tests" "openpgp" key-file1)
--hidden-recipient-file ,(in-srcdir "tests" "openpgp" key-file2)))
(tr:gpg "" '(--yes --decrypt))
(tr:assert-identity source)))
plain-files)
+
+
+(info "Importing additional sample keys for OCB tests")
+(for-each
+ (lambda (name)
+ (call `(,@GPG --yes --import ,(in-srcdir "tests" "openpgp" "samplekeys"
+ (string-append name ".asc")))))
+ '("ed25519-cv25519-sample-1"
+ "ed25519-cv25519-sample-2"
+ "rsa-rsa-sample-1"))
+
+(for-each-p
+ "Checking OCB mode"
+ (lambda (source)
+ (tr:do
+ (tr:open source)
+ (tr:gpg "" `(--yes -er ,"patrice.lumumba"))
+ (tr:gpg "" '(--yes -d))
+ (tr:assert-identity source)))
+ all-files)
+
+;; For reference:
+;; BEGIN_ENCRYPTION []
+
+(for-each-p
+ "Checking two OCB capable keys"
+ (lambda (source)
+ (tr:do
+ (tr:open source)
+ (tr:gpgstatus "" `(--yes -e
+ -r ,"patrice.lumumba"
+ -r ,"mahsa.amini"))
+ (tr:call-with-content
+ (lambda (c)
+ (unless (string-contains? c "[GNUPG:] BEGIN_ENCRYPTION 0 9 2")
+ (fail (string-append "Unexpected status: " c)))))))
+ '("plain-1"))
+
+(for-each-p
+ "Checking two OCB capable keys plus one not capable"
+ (lambda (source)
+ (tr:do
+ (tr:open source)
+ (tr:gpgstatus "" `(--yes -o out -e
+ -r ,"patrice.lumumba"
+ -r ,"mahsa.amini"
+ -r ,"steve.biko"))
+ (tr:call-with-content
+ (lambda (c)
+ (unless (string-contains? c "[GNUPG:] BEGIN_ENCRYPTION 2 9")
+ (fail (string-append "Unexpected status: " c)))))))
+ '("plain-1"))
+
+(for-each-p
+ "Checking non OCB capable key with --force-ocb"
+ (lambda (source)
+ (tr:do
+ (tr:open source)
+ (tr:gpgstatus "" `(--yes -e --force-ocb
+ -r ,"steve.biko"))
+ (tr:call-with-content
+ (lambda (c)
+ (unless (string-contains? c "[GNUPG:] BEGIN_ENCRYPTION 0 9 2")
+ (fail (string-append "Unexpected status: " c)))))))
+ '("plain-1"))
diff --git a/tests/openpgp/privkeys/891067FFFC6D67D37BD4BFC399191C5F3989D1B5.key b/tests/openpgp/privkeys/891067FFFC6D67D37BD4BFC399191C5F3989D1B5.key
new file mode 100644
index 000000000..3e805d49f
--- /dev/null
+++ b/tests/openpgp/privkeys/891067FFFC6D67D37BD4BFC399191C5F3989D1B5.key
@@ -0,0 +1,5 @@
+Created: 20220916T120000
+Key: (private-key (ecc (curve Curve25519)(flags djb-tweak)(q
+ #409651F6DD19C8F562792274BCE044F8916609FBDA25EE3DFA21207DCE8CBA0C63#)
+ (d #778955D781825551C8B8025DF6A9D7A00613331DE35711F56C65676A98E565F8#)
+ ))
diff --git a/tests/openpgp/privkeys/F27FC04CB01723A4CB6F5399F7B86CCD82C0169C.key b/tests/openpgp/privkeys/F27FC04CB01723A4CB6F5399F7B86CCD82C0169C.key
new file mode 100644
index 000000000..544643807
--- /dev/null
+++ b/tests/openpgp/privkeys/F27FC04CB01723A4CB6F5399F7B86CCD82C0169C.key
@@ -0,0 +1,5 @@
+Created: 20220916T120000
+Key: (private-key (ecc (curve Ed25519)(flags eddsa)(q
+ #403905D615CA9A98D674F1CC7AA8B5E9F948D7D2FB2E7536ED6027B014B1F948E6#)
+ (d #F1E5A1387736A9BD0976AA1FA1D217C3A75EC636605EA8EEAF3C84A9C13E01B4#)
+ ))
diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README
index f8a7e9ed7..f850ccf08 100644
--- a/tests/openpgp/samplekeys/README
+++ b/tests/openpgp/samplekeys/README
@@ -1,33 +1,34 @@
no-creation-time.gpg A key with a zero creation time.
ecc-sample-1-pub.asc A NIST P-256 ECC sample key.
ecc-sample-1-sec.asc Ditto, but the secret keyblock.
ecc-sample-2-pub.asc A NIST P-384 ECC sample key.
ecc-sample-2-sec.asc Ditto, but the secret keyblock.
ecc-sample-3-pub.asc A NIST P-521 ECC sample key.
ecc-sample-3-sec.asc Ditto, but the secret keyblock.
eddsa-sample-1-pub.asc An Ed25519 sample key.
eddsa-sample-1-sec.asc Ditto, but as protected secret keyblock.
dda252ebb8ebe1af-1.asc rsa4096 key 1
dda252ebb8ebe1af-2.asc rsa4096 key 2 with a long keyid collision.
whats-new-in-2.1.asc Collection of sample keys.
e2e-p256-1-clr.asc Google End-end-End test key (no protection)
e2e-p256-1-prt.asc Ditto, but protected with passphrase "a".
E657FB607BB4F21C90BB6651BC067AF28BC90111.asc Key with subkeys (no protection)
pgp-desktop-skr.asc Secret key with subkeys w/o signatures
rsa-rsa-sample-1.asc RSA+RSA sample key (no passphrase)
ed25519-cv25519-sample-1.asc Ed25519+CV25519 sample key (no passphrase)
+ed25519-cv25519-sample-2.asc Ed25519+CV25519 sample key (no passphrase)
silent-running.asc Collection of sample secret keys (no passphrases)
rsa-primary-auth-only.pub.asc rsa2408 primary only, usage: cert,auth
rsa-primary-auth-only.sec.asc Ditto but the secret keyblock.
Notes:
- pgp-desktop-skr.asc is a secret keyblock without the uid and subkey
binding signatures. When exporting a secret key from PGP desktop
such a file is created which is then directly followed by a separate
armored public key block. To create such a sample concatenate
pgp-desktop-skr.asc and E657FB607BB4F21C90BB6651BC067AF28BC90111.asc
- ecc-sample-2-sec.asc and ecc-sample-3-sec.asc do not have and
binding signatures either. ecc-sample-1-sec.asc has them, though.
diff --git a/tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc b/tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc
index 54d204427..53e2440ba 100644
--- a/tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc
+++ b/tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc
@@ -1,21 +1,21 @@
pub ed25519 2016-06-22 [SC]
B21DEAB4F875FB3DA42F1D1D139563682A020D0A
Keygrip = 1E28F20E41B54C2D1234D896096495FF57E08D18
-uid [ unknown] patrice.lumumba@example.net
+uid patrice.lumumba@example.net
sub cv25519 2016-06-22 [E]
8D0221D9B2877A741D69AC4E9185878E4FCD74C0
Keygrip = EB33B687EB8581AB64D04852A54453E85F3DF62D
-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2
mDMEV2o9XRYJKwYBBAHaRw8BAQdAZ8zkuQDL9x7rcvvoo6s3iEF1j88Dknd9nZhL
-nTEoBRm0G3BhdHJpY2UubHVtdW1iYUBleGFtcGxlLm5ldIh5BBMWCAAhBQJXaj1d
-AhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEBOVY2gqAg0KmQ0BAMUNzAlT
-OzG7tolSI92lhePi5VqutdqTEQTyYYWi1aEsAP0YfiuosNggTc0oRTSz46S3i0Qj
-AlpXwfU00888yIreDbg4BFdqPY0SCisGAQQBl1UBBQEBB0AWeeZlz31O4qTmIKr3
-CZhlRUXZFxc3YKyoCXyIZBBRawMBCAeIYQQYFggACQUCV2o9jQIbDAAKCRATlWNo
-KgINCsuFAP9BplWl813pi779V8OMsRGs/ynyihnOESft/H8qlM8PDQEAqIUPpIty
-OX/OBFy2RIlIi7J1bTp9RzcbzQ/4Fk4hWQQ=
-=qRfF
+nTEoBRm0G3BhdHJpY2UubHVtdW1iYUBleGFtcGxlLm5ldIiTBBMWCAA7AhsDAheA
+FiEEsh3qtPh1+z2kLx0dE5VjaCoCDQoFAmNkyZ0FCwkIBwICIgIGFQgJCgsCBBYC
+AwECHgcACgkQE5VjaCoCDQoKxwEAyVSPe4kwcvjlL9iZYftqwmCQpL6Sd7smgBdb
+naqvAEMA/RrGBjSTGzTvFMVlIcT0Jr1uPVHig7twPnpzbL1uWUwLuDgEV2o9jRIK
+KwYBBAGXVQEFAQEHQBZ55mXPfU7ipOYgqvcJmGVFRdkXFzdgrKgJfIhkEFFrAwEI
+B4hhBBgWCAAJBQJXaj2NAhsMAAoJEBOVY2gqAg0Ky4UA/0GmVaXzXemLvv1Xw4yx
+Eaz/KfKKGc4RJ+38fyqUzw8NAQCohQ+ki3I5f84EXLZEiUiLsnVtOn1HNxvND/gW
+TiFZBA==
+=u4Iu
-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/samplekeys/ed25519-cv25519-sample-2.asc b/tests/openpgp/samplekeys/ed25519-cv25519-sample-2.asc
new file mode 100644
index 000000000..2e7285195
--- /dev/null
+++ b/tests/openpgp/samplekeys/ed25519-cv25519-sample-2.asc
@@ -0,0 +1,21 @@
+pub ed25519 2022-09-16 [SC]
+ 5F1438D784C8C68400645518AE08687BF38AFFF3
+ Keygrip = F27FC04CB01723A4CB6F5399F7B86CCD82C0169C
+uid mahsa.amini@example.net
+sub cv25519 2022-09-16 [E]
+ FFE7440568492D986F3B88BD9E64CB003A8D6449
+ Keygrip = 891067FFFC6D67D37BD4BFC399191C5F3989D1B5
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYyRlQBYJKwYBBAHaRw8BAQdAOQXWFcqamNZ08cx6qLXp+UjX0vsudTbtYCew
+FLH5SOa0F21haHNhLmFtaW5pQGV4YW1wbGUubmV0iJMEExYKADsWIQRfFDjXhMjG
+hABkVRiuCGh784r/8wUCYyRlQAIbAwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIX
+gAAKCRCuCGh784r/8wYzAQDTikkZd/G/o1DtfGq/k0R9ctcZCD9vHKH3PNj2atfX
+cwEAt5zFYyEe2OPzJ5HYffOPhcyK2kPsvkerLfdXy/K8QAe4OARjJGVAEgorBgEE
+AZdVAQUBAQdAllH23RnI9WJ5InS84ET4kWYJ+9ol7j36ISB9zoy6DGMDAQgHiHgE
+GBYKACAWIQRfFDjXhMjGhABkVRiuCGh784r/8wUCYyRlQAIbDAAKCRCuCGh784r/
+89lTAQDpupXGKLSlga2qHgtaud47oU5edY48MZ7CBnFByi5IAQEA2nJpUsVuaQl2
+XSURaPTUi0C98ny61kwGcVtOcTFpPgY=
+=r11D
+-----END PGP PUBLIC KEY BLOCK-----