From a455d143851db8755c3939aa728f831279cfb163 Mon Sep 17 00:00:00 2001 From: Nickolay Olshevsky Date: Wed, 27 Dec 2023 16:36:53 +0200 Subject: [PATCH] (WIP) Add tests for setting of designated revoker. --- .../ecc-25519-2subs-sec.asc | 36 +++++ src/tests/ffi-key-sig.cpp | 125 ++++++++++++++++++ 2 files changed, 161 insertions(+) create mode 100644 src/tests/data/test_stream_key_load/ecc-25519-2subs-sec.asc diff --git a/src/tests/data/test_stream_key_load/ecc-25519-2subs-sec.asc b/src/tests/data/test_stream_key_load/ecc-25519-2subs-sec.asc new file mode 100644 index 000000000..ac48ee0cd --- /dev/null +++ b/src/tests/data/test_stream_key_load/ecc-25519-2subs-sec.asc @@ -0,0 +1,36 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- + +xYYEWsN6MBYJKwYBBAHaRw8BAQdAAS+nkv9BdVi0JX7g6d+O201bdKhdowbielOougCpCfj+BwMC +kuClwXrc7H3i9J2+l5bS6+TGJVRP2/yrh9tCcsgmUf0Z1T7uwS7ABadlAPIokvZ3aLmU5ahSJY7S +pK/EV3vEG76FMCxxXOJTDIKfsHoS880JZWNjLTI1NTE5wpQEExYIADwCGwMFCwkIBwIDIgIBBhUK +CQgLAgQWAgMBAh4DAheAFiEEIfxoJ0quO13jmkJ3zHhieJgbBygFAlxVr80ACgkQzHhieJgbByiU +UAD+My3dFRRvnG3rclbocVytirRGsMBxgyxcBjveJmk+wRwBAOYpsfbUuTCgKVT1GtQlJhmcyVr+ +lB2A7F3v8+NEKlsKx8MGBGWKu+MBCADrrci5Yes25POd5AtX2fLQyJFiVfH6fRL9UrgmTGaHa7uZ +hGaUhAjigKi7ZD4XEAVr3a9OvagiLmF/DyhRGtBFkmxtMQi0feqgOW0XY6+mLfghUKDgrvzP0B2y +FhlA4VbtpWhJ8XUNSx5+Fg84H6DR597ELfo5vckQfXMQKR2XsWLV513aFVcnDx4QZVSLfTHmUNN4 +AKyY/MclO+vpWCpOaGvDcrXgxsjzqMuko7BpGd8I9+aAV8VOYruO49Wdv/PEok2+fAzmYwDcq0Uc +o5y4cEKxeKUBvEaVssZMGqWZwMPhy90M8/hMr+oA1IMZImV/MKosVeCAS4dqL4WS2lbNABEBAAH+ +CQMINg2MvEJ8tybFzJappxxEV60vuiRlZ2WoFGJVwNfHEBGAs78iD7ZZThOpetdlVAzLGCnwbog1 +LGwzedB7T4s7oVgrZtVtdTat4Humeok8YljJZ/wpz4dAnTERP1bU0E+uBkiGcxMUjQ/lpbT+0mL6 +Zz/oZSQ+qwlm3WxWmN+K9YfmgO/77t0VrOeVrA9xXyH8/EnxRVAV2JmVHR4GRim3uijIkNSF6aIX +wpsANlvlC7hnPy5znquTUS7kyyXwBE/ajyBRTEASpITVaTgcXYcOWkYMKpg6E9k1umCHAFDi1nEU +I27w3ju1IAmfxkMjkXk0TSlGdXZeWWv7qyN8BDE25qpL1gRjcTgvec/oFkuV6dCXSZ6HlCL8r2mn +I0T8BMR7pc581Alv8mVfkAdxGI3Jtb0Eg85z5BIxcn4UYpqOJQa5pcSr67pMEVQm+SobEogDIUR4 +Wp1CJqoIVaN6gOetx6nJZQZCmPw4Hw/HttakZX4cDKk3pOzYtZOXXYA21+laUoWum2nfX3IC1VKK +Ci7qJVGtusrLLdKopOkBg/xOwrL6zqN4gtkLQs/dYBBX72KhH2121MkoOovdE3kobsgwxvnuMjVr +7vCNxk8H11CnLc+Pz71z5L+nNnuDr6eJkpzsR5OGa/9HUPHWjnBRvw14f4CmOAuhcnmQeXxVtR8O +Vk1imVlcRe5atST4O4Ie3ZEfqDY/mE1fMr0cvv4hcaoX98Oe+krLWkpABrF0sQOKOeqiO95a8nqG +xcS/dGwoK2anfFiueWLgT3waSfgIgBup5KlfoV9/68IQlV8C8WLWq+zlmKJce3rzIaKtyqN/RrVh +eGvWWxQD2a880ZyZ5+rjnu4yEluvEfuLnqC92AR1Z9V5NOCq3wepMUYiyx7+fhpzcoZx/jljPbR3 +QdPZFCkau/J081sPwn4EGBYIACYWIQQh/GgnSq47XeOaQnfMeGJ4mBsHKAUCZYq75AUJA8JnAAIb +DAAKCRDMeGJ4mBsHKOWaAP4n9VVjJVfaP6u93+M6gu6xxxyrHvO/C1COuNM5O/oC7AEAyIC2CZOK +z/oPFb4XXb9K9IFMmW8AsoHJgbKVzE6c9gvHhgRlirwDFgkrBgEEAdpHDwEBB0C8c/Z5jhqLKKja +39fiaENXaS/QSFg/uVi3soP7xwsVPf4JAwg28w+7+7oyKcQgMOnU82KBCb2dX8KrVFbIeruyNepX +ZAcFFr2UBT3Z3FKx7wLP1B4qm3w6Abst3f9Hr8S2pMIETX44WJkaCdb4Zu7oom5IwsA1BBgWCAAm +FiEEIfxoJ0quO13jmkJ3zHhieJgbBygFAmWKvAMFCQPCZwACGwIAgQkQzHhieJgbByh2IAQZFggA +HRYhBG0gfcwKwoHb/ChXhVc0NsIxrmM4BQJlirwDAAoJEFc0NsIxrmM4Sl4BAKZNuM4q2CNR0xtY +OBI3XoYxAMDgcLjKNlXRz/jlHr9NAP4s/CslyoQu9hj2WChlLwEEutYtUWY+stbAUi9pW4yHDsUi +AQCRUSL2WmjCIteNT1jC2oDyD7rqIlLW6kKaSS6xbZo2QwEAjMwIsEU066czOQwkzv/ftFhDKOcx +gMXZMeceVrvq+wM= +=rHQj +-----END PGP PRIVATE KEY BLOCK----- diff --git a/src/tests/ffi-key-sig.cpp b/src/tests/ffi-key-sig.cpp index 3e2ee7864..8c2654d12 100644 --- a/src/tests/ffi-key-sig.cpp +++ b/src/tests/ffi-key-sig.cpp @@ -1624,3 +1624,128 @@ TEST_F(rnp_tests, test_ffi_key_import_invalid_issuer) rnp_ffi_destroy(ffi); } + +TEST_F(rnp_tests, test_ffi_add_revoker_signature) +{ + rnp_ffi_t ffi = NULL; + assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG")); + assert_true(import_all_keys(ffi, "data/test_stream_key_load/ecc-25519-2subs-sec.asc")); + assert_true(import_pub_keys(ffi, "data/test_stream_key_load/ecc-p256-pub.asc")); + assert_true(import_pub_keys(ffi, "data/test_stream_key_load/ecc-p384-pub.asc")); + rnp_key_handle_t key = NULL; + /* Locate key and make sure it doesn't have designated revokers */ + assert_rnp_success(rnp_locate_key(ffi, "userid", "ecc-25519", &key)); + size_t count = 10; + assert_rnp_success(rnp_key_get_revoker_count(key, &count)); + assert_int_equal(count, 0); + /* Add designated revoker */ + rnp_key_handle_t revoker = NULL; + assert_rnp_success(rnp_locate_key(ffi, "userid", "ecc-p256", &revoker)); + rnp_signature_handle_t newsig = NULL; + /* Create signature, including edge cases checks */ + assert_rnp_failure(rnp_key_signature_create(NULL, "direct", &newsig)); + assert_rnp_failure(rnp_key_signature_create(key, NULL, &newsig)); + assert_rnp_failure(rnp_key_signature_create(key, "direct", NULL)); + assert_rnp_failure(rnp_key_signature_create(key, "unknown", &newsig)); + assert_rnp_failure(rnp_key_signature_create(revoker, "direct", &newsig)); + assert_rnp_success(rnp_key_signature_create(key, "direct", &newsig)); + /* Set revoker, including edge cases */ + assert_rnp_failure(rnp_key_signature_set_revoker(NULL, revoker, 0)); + assert_rnp_failure(rnp_key_signature_set_revoker(newsig, NULL, 0)); + assert_rnp_failure(rnp_key_signature_set_revoker(newsig, revoker, 0x33)); + assert_rnp_success(rnp_key_signature_set_revoker(newsig, revoker, 0)); + assert_rnp_success(rnp_key_signature_set_revoker(newsig, revoker, RNP_REVOKER_SENSITIVE)); + /* Populate signature */ + assert_rnp_failure(rnp_key_signature_sign(NULL)); + assert_int_equal(rnp_key_signature_sign(newsig), RNP_ERROR_BAD_PASSWORD); + rnp_ffi_set_pass_provider(ffi, ffi_string_password_provider, (void *) "wrong1"); + assert_int_equal(rnp_key_signature_sign(newsig), RNP_ERROR_BAD_PASSWORD); + rnp_ffi_set_pass_provider(ffi, ffi_string_password_provider, (void *) "password"); + assert_rnp_success(rnp_key_signature_sign(newsig)); + /* Check signature and key properties */ + char *revfp = NULL; + assert_rnp_success(rnp_signature_get_revoker(newsig, &revfp)); + assert_string_equal(revfp, "B54FDEBBB673423A5D0AA54423674F21B2441527"); + rnp_buffer_destroy(revfp); + assert_rnp_success(rnp_key_get_revoker_count(key, &count)); + assert_int_equal(count, 1); + assert_rnp_success(rnp_key_get_revoker_at(key, 0, &revfp)); + assert_string_equal(revfp, "B54FDEBBB673423A5D0AA54423674F21B2441527"); + rnp_buffer_destroy(revfp); + assert_rnp_success(rnp_signature_is_valid(newsig, 0)); + /* Attempt to sign already populated signature */ + assert_rnp_failure(rnp_key_signature_sign(newsig)); + rnp_signature_handle_destroy(newsig); + /* Make sure that newly added signature is first of the key's signatures */ + assert_rnp_success(rnp_key_get_signature_at(key, 0, &newsig)); + char *type = NULL; + assert_rnp_success(rnp_signature_get_type(newsig, &type)); + assert_string_equal(type, "direct"); + rnp_buffer_destroy(type); + assert_rnp_success(rnp_signature_get_revoker(newsig, &revfp)); + assert_string_equal(revfp, "B54FDEBBB673423A5D0AA54423674F21B2441527"); + rnp_buffer_destroy(revfp); + /* Export key and make sure signature is exported */ + auto keydata = export_key(key, true); + rnp_key_handle_destroy(key); + rnp_key_handle_destroy(revoker); + rnp_ffi_t newffi = NULL; + assert_rnp_success(rnp_ffi_create(&newffi, "GPG", "GPG")); + assert_true(import_all_keys(newffi, keydata.data(), keydata.size())); + assert_rnp_success(rnp_locate_key(newffi, "userid", "ecc-25519", &key)); + assert_rnp_success(rnp_key_get_revoker_count(key, &count)); + assert_int_equal(count, 1); + assert_rnp_success(rnp_key_get_revoker_at(key, 0, &revfp)); + assert_string_equal(revfp, "B54FDEBBB673423A5D0AA54423674F21B2441527"); + rnp_buffer_destroy(revfp); + assert_rnp_success(rnp_key_get_signature_at(key, 0, &newsig)); + assert_rnp_success(rnp_signature_get_type(newsig, &type)); + assert_string_equal(type, "direct"); + rnp_buffer_destroy(type); + assert_rnp_success(rnp_signature_get_revoker(newsig, &revfp)); + assert_string_equal(revfp, "B54FDEBBB673423A5D0AA54423674F21B2441527"); + rnp_buffer_destroy(revfp); + rnp_signature_handle_destroy(newsig); + rnp_key_handle_destroy(key); + /* Reload keyrings and make sure data is saved */ + assert_rnp_success(rnp_unload_keys(newffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET)); + rnp_ffi_destroy(newffi); + /* Add second designated revoker and make sure it works */ + assert_rnp_success(rnp_locate_key(ffi, "userid", "ecc-25519", &key)); + assert_rnp_success(rnp_locate_key(ffi, "userid", "ecc-p384", &revoker)); + assert_rnp_success(rnp_key_signature_create(key, "direct", &newsig)); + assert_rnp_success(rnp_key_signature_set_revoker(newsig, revoker, 0)); + assert_rnp_success(rnp_key_signature_sign(newsig)); + assert_rnp_success(rnp_signature_get_revoker(newsig, &revfp)); + assert_string_equal(revfp, "AB25CBA042DD924C3ACC3ED3242A3AA5EA85F44A"); + rnp_buffer_destroy(revfp); + assert_rnp_success(rnp_key_get_revoker_count(key, &count)); + assert_int_equal(count, 2); + assert_rnp_success(rnp_key_get_revoker_at(key, 0, &revfp)); + assert_string_equal(revfp, "AB25CBA042DD924C3ACC3ED3242A3AA5EA85F44A"); + rnp_buffer_destroy(revfp); + assert_rnp_success(rnp_signature_is_valid(newsig, 0)); + rnp_signature_handle_destroy(newsig); + rnp_key_handle_destroy(key); + rnp_key_handle_destroy(revoker); + /* Attempt to add designatured revoker to subkey */ + rnp_key_handle_t subkey = NULL; + assert_rnp_success(rnp_locate_key(ffi, "fingerprint", "6D207DCC0AC281DBFC285785573436C231AE6338", &subkey)); + assert_rnp_success(rnp_locate_key(ffi, "userid", "ecc-p384", &revoker)); + assert_rnp_success(rnp_key_signature_create(subkey, "direct", &newsig)); + assert_rnp_success(rnp_key_signature_set_revoker(newsig, revoker, 0)); + assert_rnp_failure(rnp_key_signature_sign(newsig)); + rnp_signature_handle_destroy(newsig); + rnp_key_handle_destroy(revoker); + /* Attempt to add designated revoker using the subkey */ + assert_rnp_success(rnp_locate_key(ffi, "userid", "ecc-25519", &key)); + assert_rnp_success(rnp_key_signature_create(key, "direct", &newsig)); + assert_rnp_success(rnp_key_signature_set_revoker(newsig, subkey, 0)); + assert_rnp_failure(rnp_key_signature_sign(newsig)); + rnp_signature_handle_destroy(newsig); + rnp_key_handle_destroy(key); + rnp_key_handle_destroy(subkey); + /* Check v5 key */ + + rnp_ffi_destroy(ffi); +} \ No newline at end of file