This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=040e652e02bd4917b2ed3d593f10afe3c891a265 commit 040e652e02bd4917b2ed3d593f10afe3c891a265 Author: Guillem Jover <[email protected]> AuthorDate: Sun Nov 6 20:06:00 2022 +0100 test: Improve OpenPGP unit tests and check verification and signing --- scripts/Makefile.am | 9 ++- scripts/t/Dpkg_OpenPGP.t | 83 ++++++++++++++++++---------- scripts/t/Dpkg_OpenPGP/data-file | 5 -- scripts/t/Dpkg_OpenPGP/data-file.asc | 8 --- scripts/t/Dpkg_OpenPGP/dpkg-test-pub.asc | 24 ++++++++ scripts/t/Dpkg_OpenPGP/dpkg-test-sec.asc | 28 ++++++++++ scripts/t/Dpkg_OpenPGP/sign-file | 5 ++ scripts/t/Dpkg_OpenPGP/sign-file-inline.asc | 16 ++++++ scripts/t/Dpkg_OpenPGP/sign-file-inline.sig | Bin 0 -> 382 bytes scripts/t/Dpkg_OpenPGP/sign-file.asc | 8 +++ scripts/t/Dpkg_OpenPGP/sign-file.sig | Bin 0 -> 191 bytes 11 files changed, 143 insertions(+), 43 deletions(-) diff --git a/scripts/Makefile.am b/scripts/Makefile.am index 7b4871e58..a6364f677 100644 --- a/scripts/Makefile.am +++ b/scripts/Makefile.am @@ -285,8 +285,13 @@ test_data = \ t/Dpkg_File/append-me \ t/Dpkg_File/dump-partial \ t/Dpkg_File/slurp-me \ - t/Dpkg_OpenPGP/data-file \ - t/Dpkg_OpenPGP/data-file.asc \ + t/Dpkg_OpenPGP/dpkg-test-pub.asc \ + t/Dpkg_OpenPGP/dpkg-test-sec.asc \ + t/Dpkg_OpenPGP/sign-file \ + t/Dpkg_OpenPGP/sign-file-inline.asc \ + t/Dpkg_OpenPGP/sign-file-inline.sig \ + t/Dpkg_OpenPGP/sign-file.asc \ + t/Dpkg_OpenPGP/sign-file.sig \ t/Dpkg_Shlibs/basictags.c \ t/Dpkg_Shlibs/basictags.symbols \ t/Dpkg_Shlibs/ld.so.conf \ diff --git a/scripts/t/Dpkg_OpenPGP.t b/scripts/t/Dpkg_OpenPGP.t index 194669b32..4dea39f6f 100644 --- a/scripts/t/Dpkg_OpenPGP.t +++ b/scripts/t/Dpkg_OpenPGP.t @@ -22,10 +22,11 @@ use Test::Dpkg qw(:paths :needs); use File::Compare; use Dpkg::ErrorHandling; +use Dpkg::OpenPGP::KeyHandle; test_needs_command('gpg'); -plan tests => 10; +plan tests => 17; use_ok('Dpkg::OpenPGP'); use_ok('Dpkg::OpenPGP::ErrorCodes'); @@ -33,37 +34,63 @@ use_ok('Dpkg::OpenPGP::ErrorCodes'); report_options(quiet_warnings => 1); my $datadir = test_get_data_path(); -my $tmpdir = test_get_temp_path(); +my $tempdir = test_get_temp_path(); -my $openpgp = Dpkg::OpenPGP->new(); - -my ($reffile, $binfile, $ascfile); - -$binfile = "$datadir/data-file"; -$reffile = "$datadir/data-file.asc"; +sub test_diff +{ + my ($exp_file, $gen_file, $desc) = @_; -ok($openpgp->armor('ARMORED FILE', $binfile, "$tmpdir/data-file.asc") == OPENPGP_OK(), - 'armoring file not ASCII Armored'); -ok(compare("$tmpdir/data-file.asc", $reffile) == 0, - 'armor binary file into OpenPGP ASCII Armor'); -ok($openpgp->armor('ARMORED FILE', $reffile, "$tmpdir/data-file-rearmor.asc") == OPENPGP_OK(), - 'armoring file ASCII Armored'); -ok(compare("$tmpdir/data-file-rearmor.asc", $reffile) == 0, - 'rearmor binary file into OpenPGP ASCII Armor'); + my $res = compare($exp_file, $gen_file); + if ($res) { + system "diff -u '$exp_file' '$gen_file' >&2"; + } + ok($res == 0, "$desc ($exp_file vs $gen_file)"); +} -$ascfile = "$tmpdir/data-file.asc"; - -ok($openpgp->armor('ARMORED FILE', $binfile, $ascfile) == OPENPGP_OK(), - 'armoring succeeded'); -ok(compare($ascfile, $reffile) == 0, 'armor binary file into OpenPGP ASCII Armor'); - -$reffile = "$datadir/data-file"; -$ascfile = "$datadir/data-file.asc"; -$binfile = "$tmpdir/data-file"; +my $openpgp = Dpkg::OpenPGP->new(); -ok($openpgp->dearmor('ARMORED FILE', $ascfile, $binfile) == OPENPGP_OK(), - 'dearmoring succeeded'); -ok(compare($binfile, $reffile) == 0, 'dearmor OpenPGP ASCII Armor into binary file'); +ok($openpgp->dearmor('PUBLIC KEY BLOCK', "$datadir/dpkg-test-pub.asc", "$tempdir/dpkg-test-pub.pgp") == OPENPGP_OK(), + 'dearmoring OpenPGP ASCII Armored certificate'); +ok($openpgp->armor('PUBLIC KEY BLOCK', "$tempdir/dpkg-test-pub.pgp", "$tempdir/dpkg-test-pub.asc") == OPENPGP_OK(), + 'armoring OpenPGP binary certificate'); +test_diff("$datadir/dpkg-test-pub.asc", "$tempdir/dpkg-test-pub.asc", + 'OpenPGP certificate dearmor/armor round-trip correctly'); + +ok($openpgp->armor('SIGNATURE', "$datadir/sign-file.sig", "$tempdir/sign-file.asc") == OPENPGP_OK(), + 'armoring OpenPGP binary signature succeeded'); +ok(compare("$datadir/sign-file.sig", "$tempdir/sign-file.asc") != 0, + 'armoring OpenPGP ASCII Armor changed the file'); +ok($openpgp->armor('SIGNATURE', "$datadir/sign-file.asc", "$tempdir/sign-file-rearmor.asc") == OPENPGP_OK(), + 'armoring OpenPGP armored signature succeeded'); +test_diff("$datadir/sign-file.asc", "$tempdir/sign-file-rearmor.asc", + 'rearmoring OpenPGP ASCII Armor changed the file'); + +ok($openpgp->dearmor('SIGNATURE', "$tempdir/sign-file.asc", "$tempdir/sign-file.sig") == OPENPGP_OK(), + 'dearmoring OpenPGP armored signature succeeded'); +test_diff("$datadir/sign-file.sig", "$tempdir/sign-file.sig", + 'dearmored OpenPGP ASCII Armor signature matches'); + +my $cert = "$datadir/dpkg-test-pub.asc"; + +ok($openpgp->inline_verify("$datadir/sign-file-inline.asc", undef, $cert) == OPENPGP_OK(), + 'verify OpenPGP ASCII Armor inline signature'); +ok($openpgp->inline_verify("$datadir/sign-file-inline.sig", undef, $cert) == OPENPGP_OK(), + 'verify OpenPGP binary inline signature'); + +ok($openpgp->verify("$datadir/sign-file", "$datadir/sign-file.asc", $cert) == OPENPGP_OK(), + 'verify OpenPGP ASCII Armor detached signature'); +ok($openpgp->verify("$datadir/sign-file", "$datadir/sign-file.sig", $cert) == OPENPGP_OK(), + 'verify OpenPGP binary detached signature'); + +my $key = Dpkg::OpenPGP::KeyHandle->new( + type => 'keyfile', + handle => "$datadir/dpkg-test-sec.asc", +); + +ok($openpgp->inline_sign("$datadir/sign-file", "$tempdir/sign-file-inline.asc", $key) == OPENPGP_OK(), + 'inline OpenPGP sign'); +ok($openpgp->inline_verify("$tempdir/sign-file-inline.asc", undef, $cert) == OPENPGP_OK(), + 'verify generated inline OpenPGP signature'); # TODO: Add actual test cases. diff --git a/scripts/t/Dpkg_OpenPGP/data-file b/scripts/t/Dpkg_OpenPGP/data-file deleted file mode 100644 index 65e7b36ef..000000000 --- a/scripts/t/Dpkg_OpenPGP/data-file +++ /dev/null @@ -1,5 +0,0 @@ -This is a data file that will be armored -as part of the dpkg OpenPGP test suite. - -It contains «UTF-8» characters so that -we can check → non-ASCII Armor ☺. diff --git a/scripts/t/Dpkg_OpenPGP/data-file.asc b/scripts/t/Dpkg_OpenPGP/data-file.asc deleted file mode 100644 index 614bc2b27..000000000 --- a/scripts/t/Dpkg_OpenPGP/data-file.asc +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN PGP ARMORED FILE----- - -VGhpcyBpcyBhIGRhdGEgZmlsZSB0aGF0IHdpbGwgYmUgYXJtb3JlZAphcyBwYXJ0 -IG9mIHRoZSBkcGtnIE9wZW5QR1AgdGVzdCBzdWl0ZS4KCkl0IGNvbnRhaW5zIMKr -VVRGLTjCuyBjaGFyYWN0ZXJzIHNvIHRoYXQKd2UgY2FuIGNoZWNrIOKGkiBub24t -QVNDSUkgQXJtb3Ig4pi6Lgo= -=NrdA ------END PGP ARMORED FILE----- diff --git a/scripts/t/Dpkg_OpenPGP/dpkg-test-pub.asc b/scripts/t/Dpkg_OpenPGP/dpkg-test-pub.asc new file mode 100644 index 000000000..f9b9f2b65 --- /dev/null +++ b/scripts/t/Dpkg_OpenPGP/dpkg-test-pub.asc @@ -0,0 +1,24 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xjMEYtiJpRYJKwYBBAHaRw8BAQdAPc9bt2qxxLSlbrcdtR70gPFeqCusNUh/LjQV +9es9JPbCwAsEHxYKAH0FgmLYiaUDCwkHCRDQUbmhp4t5cEcUAAAAAAAeACBzYWx0 +QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmfarUJqlr3ies5QhbUfk4/CGJ8yjA5A +xU2FniSvr1MEWAMVCggCmwECHgEWIQQ0iPyXWWjO+6ezdVTQUbmhp4t5cAAAeKwB +ALhQhFu11tuBqJkeqbsB+zDw3TqINXDdOnZsz4zQTP8cAQCXB24twCDSwgL5ApXD +LDKxacm+yTJG1xAr5fey/WM6Dc0lRHBrZyBUZXN0IEtleSA8ZHBrZy10ZXN0QGV4 +YW1wbGUub3JnPsLADgQTFgoAgAWCYtiJpQMLCQcJENBRuaGni3lwRxQAAAAAAB4A +IHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZ5lEbcjt2RQSjys6N6+y4VDN +OVw0W5VOTjJKEWDQHZDmAxUKCAKZAQKbAQIeARYhBDSI/JdZaM77p7N1VNBRuaGn +i3lwAAA/3wD6A46mcuHcy26BOyz8co2cl53+tQeZ1F2qhg2kcofLA3UBAL7BWWPc +Zojs6SbiB8Dc7BrYkJ4jk13jYpYXwa7CnEwPzjMEYtiJpRYJKwYBBAHaRw8BAQdA +EC8I7eVdWPckXSEJdxYtGSUTOfSUFtP31dZZSiHawivCwL8EGBYKATEFgmLYiaUJ +ENBRuaGni3lwRxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9y +Z3wtg1MDVcKCPrpDO5sjWVCjoFjYX3/+1+KopBiO8UPtApsCvqAEGRYKAG8FgmLY +iaUJEF8IeVKOdEodRxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdw +Lm9yZ5tsuhbNSkLk/OacoV9yfg+ediDvQ51kf9N6Ue1y0k+nFiEEld5RAbTaqSHO +dkqUXwh5Uo50Sh0AAGMlAP4jFUATpYnAjF8rnh/3Oh7ZNXzRXmju8voJnkPh9C+P +GAD/aGKxGy1wpAQT+qJnNMIXIVq//E6Nw+Bg+iC9+Sy+KwoWIQQ0iPyXWWjO+6ez +dVTQUbmhp4t5cAAAyQwA/RFPJCO1yGV0ifxxfruj9qxr9ND3zo1YbIDJUdJS+QyX +AQC/SgSs3xBCVcXjIq2ot1YUhSaZ9VdonekgYr5VdmDMBw== +=dG1m +-----END PGP PUBLIC KEY BLOCK----- diff --git a/scripts/t/Dpkg_OpenPGP/dpkg-test-sec.asc b/scripts/t/Dpkg_OpenPGP/dpkg-test-sec.asc new file mode 100644 index 000000000..75fc7b36e --- /dev/null +++ b/scripts/t/Dpkg_OpenPGP/dpkg-test-sec.asc @@ -0,0 +1,28 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Comment: 3488 FC97 5968 CEFB A7B3 7554 D051 B9A1 A78B 7970 +Comment: Dpkg Test Key <[email protected]> + +xVgEYtiJpRYJKwYBBAHaRw8BAQdAPc9bt2qxxLSlbrcdtR70gPFeqCusNUh/LjQV +9es9JPYAAQCuHs3w2a7cIhaFk82fIsXfpIGMJUHh2tJj/6TzUTIYehIhwsALBB8W +CgB9BYJi2ImlAwsJBwkQ0FG5oaeLeXBHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMu +c2VxdW9pYS1wZ3Aub3Jn2q1Capa94nrOUIW1H5OPwhifMowOQMVNhZ4kr69TBFgD +FQoIApsBAh4BFiEENIj8l1lozvuns3VU0FG5oaeLeXAAAHisAQC4UIRbtdbbgaiZ +Hqm7Afsw8N06iDVw3Tp2bM+M0Ez/HAEAlwduLcAg0sIC+QKVwywysWnJvskyRtcQ +K+X3sv1jOg3NJURwa2cgVGVzdCBLZXkgPGRwa2ctdGVzdEBleGFtcGxlLm9yZz7C +wA4EExYKAIAFgmLYiaUDCwkHCRDQUbmhp4t5cEcUAAAAAAAeACBzYWx0QG5vdGF0 +aW9ucy5zZXF1b2lhLXBncC5vcmeZRG3I7dkUEo8rOjevsuFQzTlcNFuVTk4yShFg +0B2Q5gMVCggCmQECmwECHgEWIQQ0iPyXWWjO+6ezdVTQUbmhp4t5cAAAP98A+gOO +pnLh3MtugTss/HKNnJed/rUHmdRdqoYNpHKHywN1AQC+wVlj3GaI7Okm4gfA3Owa +2JCeI5Nd42KWF8GuwpxMD8dYBGLYiaUWCSsGAQQB2kcPAQEHQBAvCO3lXVj3JF0h +CXcWLRklEzn0lBbT99XWWUoh2sIrAAD+KhjwmbT+2rv06tPgJnBEP4x7CEMJdTlk +t7Z/M0dlVhQQXMLAvwQYFgoBMQWCYtiJpQkQ0FG5oaeLeXBHFAAAAAAAHgAgc2Fs +dEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnfC2DUwNVwoI+ukM7myNZUKOgWNhf +f/7X4qikGI7xQ+0CmwK+oAQZFgoAbwWCYtiJpQkQXwh5Uo50Sh1HFAAAAAAAHgAg +c2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnm2y6Fs1KQuT85pyhX3J+D552 +IO9DnWR/03pR7XLST6cWIQSV3lEBtNqpIc52SpRfCHlSjnRKHQAAYyUA/iMVQBOl +icCMXyueH/c6Htk1fNFeaO7y+gmeQ+H0L48YAP9oYrEbLXCkBBP6omc0whchWr/8 +To3D4GD6IL35LL4rChYhBDSI/JdZaM77p7N1VNBRuaGni3lwAADJDAD9EU8kI7XI +ZXSJ/HF+u6P2rGv00PfOjVhsgMlR0lL5DJcBAL9KBKzfEEJVxeMirai3VhSFJpn1 +V2id6SBivlV2YMwH +=D6tH +-----END PGP PRIVATE KEY BLOCK----- diff --git a/scripts/t/Dpkg_OpenPGP/sign-file b/scripts/t/Dpkg_OpenPGP/sign-file new file mode 100644 index 000000000..7fb0a1c99 --- /dev/null +++ b/scripts/t/Dpkg_OpenPGP/sign-file @@ -0,0 +1,5 @@ +This is a data file that will be signed +as part of the dpkg OpenPGP test suite. + +It contains «UTF-8» characters so that +we can check binary and ASCII signatures ☺. diff --git a/scripts/t/Dpkg_OpenPGP/sign-file-inline.asc b/scripts/t/Dpkg_OpenPGP/sign-file-inline.asc new file mode 100644 index 000000000..38059f8c7 --- /dev/null +++ b/scripts/t/Dpkg_OpenPGP/sign-file-inline.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +This is a data file that will be signed +as part of the dpkg OpenPGP test suite. + +It contains «UTF-8» characters so that +we can check binary and ASCII signatures ☺. +-----BEGIN PGP SIGNATURE----- + +wr0EARYKAG8FgmNn/JoJEF8IeVKOdEodRxQAAAAAAB4AIHNhbHRAbm90YXRpb25z +LnNlcXVvaWEtcGdwLm9yZ6ner4BBATzhFswk2JmdwxDwRwEY7Ez64dxHFNuT0rIn +FiEEld5RAbTaqSHOdkqUXwh5Uo50Sh0AAH26AQCojIenPOWX7+GUk+lKeo+7hnpx +nozY9z/+4Pe1KamB4AEAsL9fpRgmecLcVhHBteK8t8/laLkzdY4nji+1BmeRrgQ= +=4UM2 +-----END PGP SIGNATURE----- diff --git a/scripts/t/Dpkg_OpenPGP/sign-file-inline.sig b/scripts/t/Dpkg_OpenPGP/sign-file-inline.sig new file mode 100644 index 000000000..cb07a8e02 Binary files /dev/null and b/scripts/t/Dpkg_OpenPGP/sign-file-inline.sig differ diff --git a/scripts/t/Dpkg_OpenPGP/sign-file.asc b/scripts/t/Dpkg_OpenPGP/sign-file.asc new file mode 100644 index 000000000..5b96d6f8b --- /dev/null +++ b/scripts/t/Dpkg_OpenPGP/sign-file.asc @@ -0,0 +1,8 @@ +-----BEGIN PGP SIGNATURE----- + +wr0EABYKAG8FgmNn+7oJEF8IeVKOdEodRxQAAAAAAB4AIHNhbHRAbm90YXRpb25z +LnNlcXVvaWEtcGdwLm9yZ6I+NlLnxa3+q9VIr0tkR75ehn2pOJ0a5T7TbEKamHeH +FiEEld5RAbTaqSHOdkqUXwh5Uo50Sh0AADADAP0edQHN/mcxubIU8Z8RTbdBe0uu +AyzTI/4rIjImBPRoxgEAoWB+JczVmgeVRdkm8BW77PqFailPUf0mnokZZszz+Qc= +=qfwq +-----END PGP SIGNATURE----- diff --git a/scripts/t/Dpkg_OpenPGP/sign-file.sig b/scripts/t/Dpkg_OpenPGP/sign-file.sig new file mode 100644 index 000000000..125424c4c Binary files /dev/null and b/scripts/t/Dpkg_OpenPGP/sign-file.sig differ -- Dpkg.Org's dpkg
