1#!/bin/sh 2 3. $srcdir/defs.inc || exit 3 4 5suspend_error 6 7# 8# Two simple tests to check that verify fails for bad input data 9# 10info "checking bogus signature 1" 11../tools/mk-tdata --char 0x2d 64 >x 12$GPG --verify x data-500 && error "no error code from verify" 13info "checking bogus signature 2" 14../tools/mk-tdata --char 0xca 64 >x 15$GPG --verify x data-500 && error "no error code from verify" 16 17linefeed 18 19# A variable to collect the test names 20tests="" 21 22# A plain signed message created using 23# echo abc | gpg --homedir . --passphrase-fd 0 -u Alpha -z0 -sa msg 24tests="$tests msg_ols_asc" 25msg_ols_asc='-----BEGIN PGP MESSAGE----- 26 27kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo 28dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0 29aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh 30cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp 31cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk 32IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM 33UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0 34D8luT78c/1x45Q== 35=a29i 36-----END PGP MESSAGE-----' 37 38# A plain signed message created using 39# echo abc | gpg --homedir . --passphrase-fd 0 -u Alpha -sa msg 40tests="$tests msg_cols_asc" 41msg_cols_asc='-----BEGIN PGP MESSAGE----- 42 43owGbwMvMwCSoW1RzPCOz3IRxLSN7EnNucboLT6Cgp0JJRmZeNpBMLFFIzMlRKMpM 44zyjRBQtm5qUrFKTmF+SkKmTmgdQVKyTnl+aVFFUqJBalKhRnJmcrJOalcJVkFqWm 45KOSnKSSlgrSU5OekQMzLL0rJzEsEKk9JTU7NK4EZBtKcBtRRWgAzlwtmbnlmSQbU 46GJjxCmDj9RQUPNVzFZJTi0oSM/NyKhXy8kuAYk6lJSBxLlTF2NziqZCYq8elq+Cb 47n1dSqRBQWZKRn8fVYc/MygAKBljYCDIFiTDMT+9seu836Q+bevyHTJ0dzPNuvCjn 48ZpgrwX38z58rJsfYDhwOSS4SkN/d6vUAAA== 49=s6sY 50-----END PGP MESSAGE-----' 51 52# A PGP 2 style message. 53tests="$tests msg_sl_asc" 54msg_sl_asc='-----BEGIN PGP MESSAGE----- 55 56iD8DBQBEDFJaLXJ8x2hpdzQRAkeCAKCZRBk2Pmx4w9h2LgosS0AppNNaWwCgiI5M 57yzgJpGTZtA/Jbk+/HP9ceOWtAQdiA21zZ0QMUlpJIHRoaW5rIHRoYXQgYWxsIHJp 58Z2h0LXRoaW5raW5nIHBlb3BsZSBpbiB0aGlzIGNvdW50cnkgYXJlIHNpY2sgYW5k 59CnRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBvcmRpbmFyeSBkZWNlbnQgcGVvcGxl 60IGFyZSBmZWQgdXAgaW4gdGhpcwpjb3VudHJ5IHdpdGggYmVpbmcgc2ljayBhbmQg 61dGlyZWQuICBJJ20gY2VydGFpbmx5IG5vdC4gIEJ1dCBJJ20Kc2ljayBhbmQgdGly 62ZWQgb2YgYmVpbmcgdG9sZCB0aGF0IEkgYW0uCi0gTW9udHkgUHl0aG9uCg== 63=0ukK 64-----END PGP MESSAGE-----' 65 66# An OpenPGP message lacking the onepass packet. We used to accept 67# such messages but now consider them invalid. 68tests="$tests bad_ls_asc" 69bad_ls_asc='-----BEGIN PGP MESSAGE----- 70 71rQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9w 72bGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0 73b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRo 74aXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRh 75aW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQg 76dGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IA 77oJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Q== 78=Mpiu 79-----END PGP MESSAGE-----' 80 81 82# A signed message prefixed with an unsigned literal packet. 83# (fols = faked-literal-data, one-pass, literal-data, signature) 84# This should throw an error because running gpg to extract the 85# signed data will return both literal data packets 86tests="$tests bad_fols_asc" 87bad_fols_asc='-----BEGIN PGP MESSAGE----- 88 89rF1iDG1zZy51bnNpZ25lZEQMY0x0aW1lc2hhcmluZywgbjoKCUFuIGFjY2VzcyBt 90ZXRob2Qgd2hlcmVieSBvbmUgY29tcHV0ZXIgYWJ1c2VzIG1hbnkgcGVvcGxlLgqQ 91DQMAAhEtcnzHaGl3NAGtAQdiA21zZ0QMUlpJIHRoaW5rIHRoYXQgYWxsIHJpZ2h0 92LXRoaW5raW5nIHBlb3BsZSBpbiB0aGlzIGNvdW50cnkgYXJlIHNpY2sgYW5kCnRp 93cmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBvcmRpbmFyeSBkZWNlbnQgcGVvcGxlIGFy 94ZSBmZWQgdXAgaW4gdGhpcwpjb3VudHJ5IHdpdGggYmVpbmcgc2ljayBhbmQgdGly 95ZWQuICBJJ20gY2VydGFpbmx5IG5vdC4gIEJ1dCBJJ20Kc2ljayBhbmQgdGlyZWQg 96b2YgYmVpbmcgdG9sZCB0aGF0IEkgYW0uCi0gTW9udHkgUHl0aG9uCog/AwUARAxS 97Wi1yfMdoaXc0EQJHggCgmUQZNj5seMPYdi4KLEtAKaTTWlsAoIiOTMs4CaRk2bQP 98yW5Pvxz/XHjl 99=UNM4 100-----END PGP MESSAGE-----' 101 102# A signed message suffixed with an unsigned literal packet. 103# (fols = faked-literal-data, one-pass, literal-data, signature) 104# This should throw an error because running gpg to extract the 105# signed data will return both literal data packets 106tests="$tests bad_olsf_asc" 107bad_olsf_asc='-----BEGIN PGP MESSAGE----- 108 109kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo 110dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0 111aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh 112cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp 113cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk 114IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM 115UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0 116D8luT78c/1x45axdYgxtc2cudW5zaWduZWREDGNMdGltZXNoYXJpbmcsIG46CglB 117biBhY2Nlc3MgbWV0aG9kIHdoZXJlYnkgb25lIGNvbXB1dGVyIGFidXNlcyBtYW55 118IHBlb3BsZS4K 119=3gnG 120-----END PGP MESSAGE-----' 121 122 123# Two standard signed messages in a row 124tests="$tests msg_olsols_asc_multiple" 125msg_olsols_asc_multiple='-----BEGIN PGP MESSAGE----- 126 127kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo 128dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0 129aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh 130cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp 131cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk 132IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM 133UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0 134D8luT78c/1x45ZANAwACES1yfMdoaXc0Aa0BB2IDbXNnRAxSWkkgdGhpbmsgdGhh 135dCBhbGwgcmlnaHQtdGhpbmtpbmcgcGVvcGxlIGluIHRoaXMgY291bnRyeSBhcmUg 136c2ljayBhbmQKdGlyZWQgb2YgYmVpbmcgdG9sZCB0aGF0IG9yZGluYXJ5IGRlY2Vu 137dCBwZW9wbGUgYXJlIGZlZCB1cCBpbiB0aGlzCmNvdW50cnkgd2l0aCBiZWluZyBz 138aWNrIGFuZCB0aXJlZC4gIEknbSBjZXJ0YWlubHkgbm90LiAgQnV0IEknbQpzaWNr 139IGFuZCB0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgSSBhbS4KLSBNb250eSBQeXRo 140b24KiD8DBQBEDFJaLXJ8x2hpdzQRAkeCAKCZRBk2Pmx4w9h2LgosS0AppNNaWwCg 141iI5MyzgJpGTZtA/Jbk+/HP9ceOU= 142=8nLN 143-----END PGP MESSAGE-----' 144 145# A standard message with two signatures (actually the same signature 146# duplicated). 147tests="$tests msg_oolss_asc" 148msg_oolss_asc='-----BEGIN PGP MESSAGE----- 149 150kA0DAAIRLXJ8x2hpdzQBkA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGlu 151ayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5 152IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkg 153ZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJl 154aW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdt 155CnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5 156IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk 15701pbAKCIjkzLOAmkZNm0D8luT78c/1x45Yg/AwUARAxSWi1yfMdoaXc0EQJHggCg 158mUQZNj5seMPYdi4KLEtAKaTTWlsAoIiOTMs4CaRk2bQPyW5Pvxz/XHjl 159=KVw5 160-----END PGP MESSAGE-----' 161 162# A standard message with two one-pass packet but only one signature 163# packet 164tests="$tests bad_ools_asc" 165bad_ools_asc='-----BEGIN PGP MESSAGE----- 166 167kA0DAAIRLXJ8x2hpdzQBkA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGlu 168ayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5 169IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkg 170ZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJl 171aW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdt 172CnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5 173IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk 17401pbAKCIjkzLOAmkZNm0D8luT78c/1x45Q== 175=1/ix 176-----END PGP MESSAGE-----' 177 178# Standard cleartext signature 179tests="$tests msg_cls_asc" 180msg_cls_asc=`cat <<EOF 181-----BEGIN PGP SIGNED MESSAGE----- 182Hash: SHA1 183 184I think that all right-thinking people in this country are sick and 185tired of being told that ordinary decent people are fed up in this 186country with being sick and tired. I'm certainly not. But I'm 187sick and tired of being told that I am. 188- - Monty Python 189-----BEGIN PGP SIGNATURE----- 190 191iD8DBQFEDVp1LXJ8x2hpdzQRAplUAKCMfpG3GPw/TLN52tosgXP5lNECkwCfQhAa 192emmev7IuQjWYrGF9Lxj+zj8= 193=qJsY 194-----END PGP SIGNATURE----- 195EOF 196` 197 198# Cleartext signature with two signatures 199tests="$tests msg_clss_asc" 200msg_clss_asc=`cat <<EOF 201-----BEGIN PGP SIGNED MESSAGE----- 202Hash: SHA1 203 204What is the difference between a Turing machine and the modern computer? 205It's the same as that between Hillary's ascent of Everest and the 206establishment of a Hilton on its peak. 207-----BEGIN PGP SIGNATURE----- 208 209iD8DBQFEDVz6LXJ8x2hpdzQRAtkGAKCeMhNbHnh339fpjNj9owsYcC4zBwCfYO5l 2102u+KEfXX0FKyk8SMzLjZ536IPwMFAUQNXPr+GAsdqeOwshEC2QYAoPOWAiQm0EF/ 211FWIAQUplk7JWbyRKAJ92ZJyJpWfzb0yc1s7MY65r2qEHrg== 212=1Xvv 213-----END PGP SIGNATURE----- 214EOF 215` 216 217# Two clear text signatures in a row 218tests="$tests msg_clsclss_asc_multiple" 219msg_clsclss_asc_multiple="${msg_cls_asc} 220${msg_clss_asc}" 221 222 223# Fixme: We need more tests with manipulated cleartext signatures. 224 225 226# 227# Now run the tests. 228# 229# Note that we need to use set +x/-x for the base case check 230# to work around a bug in OpenBSD's sh 231# 232for i in $tests ; do 233 info "checking: $i" 234 eval "(IFS=; echo \"\$$i\")" >x 235 case "$i" in 236 msg_*_asc) 237 $GPG --verify x || error "verify of $i failed" 238 ;; 239 msg_*_asc_multiple) 240 $GPG --verify --allow-multiple-messages x \ 241 || error "verify of $i failed" 242 set +x 243 $GPG --verify x && error "verify of $i succeeded but should not" 244 set -x 245 ;; 246 bad_*_asc) 247 set +x 248 $GPG --verify x && error "verify of $i succeeded but should not" 249 set -x 250 ;; 251 *) 252 error "No handler for test case $i" 253 ;; 254 esac 255 linefeed 256done 257 258 259resume_error 260