diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2019-12-13 13:03:12 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2019-12-13 13:32:53 +0100 |
commit | 9cb6caf33bd4176401de824a74c05a38d3eef2b5 (patch) | |
tree | 0c447537dbca712ac0c60ddcc64a32580e1f89ba | |
parent | 4c4c7074c4cbb5e729871bdbe10f0ca1e66cf4c8 (diff) |
sqv: Fix test cases.
- Backdate key creation time.
- Remove superfluous features subpacket from signatures.
- Check for "revoked" in stderr.
- Fix the code that created the artifacts, use common prefix for
filenames.
-rw-r--r-- | sqv/tests/data/rev-unrev-t1-t2.sig | bin | 122 -> 0 bytes | |||
-rw-r--r-- | sqv/tests/data/rev-unrev-t2-t3.sig | bin | 122 -> 0 bytes | |||
-rw-r--r-- | sqv/tests/data/rev-unrev-t3-now.sig | bin | 122 -> 0 bytes | |||
-rw-r--r-- | sqv/tests/data/revoked-key-keyring.pgp | bin | 0 -> 440 bytes | |||
-rw-r--r-- | sqv/tests/data/revoked-key-sig-t1-t2.pgp | bin | 0 -> 119 bytes | |||
-rw-r--r-- | sqv/tests/data/revoked-key-sig-t2-t3.pgp | bin | 0 -> 119 bytes | |||
-rw-r--r-- | sqv/tests/data/revoked-key-sig-t3-now.pgp | bin | 0 -> 119 bytes | |||
-rw-r--r-- | sqv/tests/data/revoked-unrevoked.key | bin | 440 -> 0 bytes | |||
-rw-r--r-- | sqv/tests/revoked-key.rs | 263 |
9 files changed, 122 insertions, 141 deletions
diff --git a/sqv/tests/data/rev-unrev-t1-t2.sig b/sqv/tests/data/rev-unrev-t1-t2.sig Binary files differdeleted file mode 100644 index b63ee3c7..00000000 --- a/sqv/tests/data/rev-unrev-t1-t2.sig +++ /dev/null diff --git a/sqv/tests/data/rev-unrev-t2-t3.sig b/sqv/tests/data/rev-unrev-t2-t3.sig Binary files differdeleted file mode 100644 index 13a866fc..00000000 --- a/sqv/tests/data/rev-unrev-t2-t3.sig +++ /dev/null diff --git a/sqv/tests/data/rev-unrev-t3-now.sig b/sqv/tests/data/rev-unrev-t3-now.sig Binary files differdeleted file mode 100644 index 29850942..00000000 --- a/sqv/tests/data/rev-unrev-t3-now.sig +++ /dev/null diff --git a/sqv/tests/data/revoked-key-keyring.pgp b/sqv/tests/data/revoked-key-keyring.pgp Binary files differnew file mode 100644 index 00000000..6c49e422 --- /dev/null +++ b/sqv/tests/data/revoked-key-keyring.pgp diff --git a/sqv/tests/data/revoked-key-sig-t1-t2.pgp b/sqv/tests/data/revoked-key-sig-t1-t2.pgp Binary files differnew file mode 100644 index 00000000..4e9135bb --- /dev/null +++ b/sqv/tests/data/revoked-key-sig-t1-t2.pgp diff --git a/sqv/tests/data/revoked-key-sig-t2-t3.pgp b/sqv/tests/data/revoked-key-sig-t2-t3.pgp Binary files differnew file mode 100644 index 00000000..e1476136 --- /dev/null +++ b/sqv/tests/data/revoked-key-sig-t2-t3.pgp diff --git a/sqv/tests/data/revoked-key-sig-t3-now.pgp b/sqv/tests/data/revoked-key-sig-t3-now.pgp Binary files differnew file mode 100644 index 00000000..9946a51e --- /dev/null +++ b/sqv/tests/data/revoked-key-sig-t3-now.pgp diff --git a/sqv/tests/data/revoked-unrevoked.key b/sqv/tests/data/revoked-unrevoked.key Binary files differdeleted file mode 100644 index 320fa119..00000000 --- a/sqv/tests/data/revoked-unrevoked.key +++ /dev/null diff --git a/sqv/tests/revoked-key.rs b/sqv/tests/revoked-key.rs index fc34bcd0..bc1748cf 100644 --- a/sqv/tests/revoked-key.rs +++ b/sqv/tests/revoked-key.rs @@ -12,10 +12,11 @@ mod integration { .current_dir(path::Path::new("tests").join("data")) .with_args( &["--keyring", - &"revoked-unrevoked.key", - &"rev-unrev-t1-t2.sig", + &"revoked-key-keyring.pgp", + &"revoked-key-sig-t1-t2.pgp", &"msg.txt"]) .fails() + .and().stderr().contains("revoked") .unwrap(); } @@ -25,10 +26,11 @@ mod integration { .current_dir(path::Path::new("tests").join("data")) .with_args( &["--keyring", - &"revoked-unrevoked.key", - &"rev-unrev-t2-t3.sig", + &"revoked-key-keyring.pgp", + &"revoked-key-sig-t2-t3.pgp", &"msg.txt"]) .fails() + .and().stderr().contains("revoked") .unwrap(); } @@ -39,147 +41,126 @@ mod integration { .current_dir(path::Path::new("tests").join("data")) .with_args( &["--keyring", - &"revoked-unrevoked.key", - &"rev-unrev-t3-now.sig", + &"revoked-key-keyring.pgp", + &"revoked-key-sig-t3-now.pgp", &"msg.txt"]) .fails() + .and().stderr().contains("revoked") .unwrap(); } } // Code to create the data for the test cases above -// extern crate sequoia_openpgp; -// extern crate rand; -// -// #[test] -// fn create_key() { -// use std::fs::File; -// use sequoia_openpgp::{ -// Cert, -// PacketPile, -// packet::{ -// signature, -// key::SecretKey, -// Features, -// KeyFlags, -// Key, -// Tag, -// }, -// crypto::KeyPair, -// serialize::Serialize, -// types::{ -// SignatureType, -// HashAlgorithm, -// PublicKeyAlgorithm, -// } -// }; -// use rand::{thread_rng, Rng, distributions::Open01}; -// -// let msg = b"Hello, World"; -// let t1 = time::strptime("2000-1-1", "%F").unwrap(); -// let t2 = time::strptime("2001-1-1", "%F").unwrap(); -// let t3 = time::strptime("2002-1-1", "%F").unwrap(); -// let f1: f32 = thread_rng().sample(Open01); -// let f2: f32 = thread_rng().sample(Open01); -// let t12 = t1 + time::Duration::days((300.0 * f1) as i64); -// let t23 = t2 + time::Duration::days((300.0 * f2) as i64); -// let key = Key::new(PublicKeyAlgorithm::EdDSA).unwrap(); -// let (bind1, rev, bind2, sig1, sig2, sig3) = { -// let mpis = match key.secret() { -// Some(SecretKey::Unencrypted{ ref mpis }) => mpis, -// _ => unreachable!(), -// }; -// // 1st binding sig valid from t1 on -// let mut b = signature::Builder::new(SignatureType::DirectKey); -// b.set_features(&Features::sequoia()).unwrap(); -// b.set_key_flags(&KeyFlags::default().set_signing(true)).unwrap(); -// b.set_signature_creation_time(t1).unwrap(); -// b.set_key_expiration_time(Some(time::Duration::weeks(10 * 52))).unwrap(); -// b.set_issuer_fingerprint(key.fingerprint()).unwrap(); -// b.set_issuer(key.fingerprint().into()).unwrap(); -// b.set_preferred_hash_algorithms(vec![HashAlgorithm::SHA512]).unwrap(); -// let bind1 = b.sign_primary_key_binding( -// &mut KeyPair::new(key.clone(), mpis.clone()).unwrap(), -// HashAlgorithm::SHA512).unwrap(); -// -// // Revocation sig valid from t2 on -// b = signature::Builder::new(SignatureType::KeyRevocation); -// b.set_signature_creation_time(t2).unwrap(); -// b.set_issuer_fingerprint(key.fingerprint()).unwrap(); -// b.set_issuer(key.fingerprint().into()).unwrap(); -// let rev = b.sign_primary_key_binding( -// &mut KeyPair::new(key.clone(), mpis.clone()).unwrap(), -// HashAlgorithm::SHA512).unwrap(); -// -// // 2nd binding sig valid from t3 on -// b = signature::Builder::new(SignatureType::DirectKey); -// b.set_features(&Features::sequoia()).unwrap(); -// b.set_key_flags(&KeyFlags::default().set_signing(true)).unwrap(); -// b.set_signature_creation_time(t3).unwrap(); -// b.set_key_expiration_time(Some(time::Duration::weeks(10 * 52))).unwrap(); -// b.set_issuer_fingerprint(key.fingerprint()).unwrap(); -// b.set_issuer(key.fingerprint().into()).unwrap(); -// b.set_preferred_hash_algorithms(vec![HashAlgorithm::SHA512]).unwrap(); -// let bind2 = b.sign_primary_key_binding( -// &mut KeyPair::new(key.clone(), mpis.clone()).unwrap(), -// HashAlgorithm::SHA512).unwrap(); -// -// // 1st message sig between t1 and t2 -// b = signature::Builder::new(SignatureType::Binary); -// b.set_features(&Features::sequoia()).unwrap(); -// b.set_signature_creation_time(t12).unwrap(); -// b.set_issuer_fingerprint(key.fingerprint()).unwrap(); -// b.set_issuer(key.fingerprint().into()).unwrap(); -// let sig1 = b.sign_message( -// &mut KeyPair::new(key.clone(), mpis.clone()).unwrap(), -// HashAlgorithm::SHA512, msg).unwrap(); -// -// // 2nd message sig between t2 and t3 -// b = signature::Builder::new(SignatureType::Binary); -// b.set_features(&Features::sequoia()).unwrap(); -// b.set_signature_creation_time(t23).unwrap(); -// b.set_issuer_fingerprint(key.fingerprint()).unwrap(); -// b.set_issuer(key.fingerprint().into()).unwrap(); -// let sig2 = b.sign_message( -// &mut KeyPair::new(key.clone(), mpis.clone()).unwrap(), -// HashAlgorithm::SHA512, msg).unwrap(); -// -// // 3rd message sig between t3 and now -// b = signature::Builder::new(SignatureType::Binary); -// b.set_features(&Features::sequoia()).unwrap(); -// b.set_signature_creation_time(time::now()).unwrap(); -// b.set_issuer_fingerprint(key.fingerprint()).unwrap(); -// b.set_issuer(key.fingerprint().into()).unwrap(); -// let sig3 = b.sign_message( -// &mut KeyPair::new(key.clone(), mpis.clone()).unwrap(), -// HashAlgorithm::SHA512, msg).unwrap(); -// -// (bind1, rev, bind2, sig1, sig2, sig3) -// }; -// let cert = Cert::from_packet_pile(PacketPile::from(vec![ -// key.into_packet(Tag::PublicKey).unwrap(), -// bind1.into(), -// bind2.into(), -// rev.into() -// ])).unwrap(); -// -// { -// let mut fd = File::create("key").unwrap(); -// cert.serialize(&mut fd).unwrap(); -// } -// -// { -// let mut fd = File::create("sig1").unwrap(); -// sig1.serialize(&mut fd).unwrap(); -// } -// -// { -// let mut fd = File::create("sig2").unwrap(); -// sig2.serialize(&mut fd).unwrap(); -// } -// -// { -// let mut fd = File::create("sig3").unwrap(); -// sig3.serialize(&mut fd).unwrap(); -// } -// } +//#[test] +#[allow(dead_code)] +fn create_key() { + use std::fs::File; + use sequoia_openpgp::{ + Cert, + Packet, + PacketPile, + packet::{ + signature, + Key, + key::{ + Key4, + PrimaryRole, + }, + }, + serialize::Serialize, + types::{ + Curve, + Features, + KeyFlags, + SignatureType, + HashAlgorithm, + } + }; + use chrono::offset::TimeZone; + + let msg = b"Hello, World"; + let t1 = chrono::offset::Utc.timestamp(946681200, 0); // 2000-01-01 + let t2 = chrono::offset::Utc.timestamp(978303600, 0); // 2001-01-01 + let t3 = chrono::offset::Utc.timestamp(1009839600, 0); // 2002-01-01 + let f1: f32 = 0.4; // Chosen by fair dice roll. + let f2: f32 = 0.7; // Likewise. + let t12 = t1 + chrono::Duration::days((300.0 * f1) as i64); + let t23 = t2 + chrono::Duration::days((300.0 * f2) as i64); + let mut key: Key<_, PrimaryRole> = + Key4::generate_ecc(true, Curve::Ed25519).unwrap().into(); + key.set_creation_time(t1).unwrap(); + let mut signer = key.clone().into_keypair().unwrap(); + + // 1st binding sig valid from t1 on + let mut b = signature::Builder::new(SignatureType::DirectKey) + .set_features(&Features::sequoia()).unwrap() + .set_key_flags(&KeyFlags::default().set_signing(true)).unwrap() + .set_signature_creation_time(t1).unwrap() + .set_key_expiration_time(Some(std::time::Duration::new( + 20 * 52 * 7 * 24 * 60 * 60, 0))).unwrap() + .set_issuer_fingerprint(key.fingerprint()).unwrap() + .set_issuer(key.fingerprint().into()).unwrap() + .set_preferred_hash_algorithms(vec![HashAlgorithm::SHA512]) + .unwrap(); + let bind1 = b.sign_primary_key_binding(&mut signer).unwrap(); + + // Revocation sig valid from t2 on + b = signature::Builder::new(SignatureType::KeyRevocation) + .set_signature_creation_time(t2).unwrap() + .set_issuer_fingerprint(key.fingerprint()).unwrap() + .set_issuer(key.fingerprint().into()).unwrap(); + let rev = b.sign_primary_key_binding(&mut signer).unwrap(); + + // 2nd binding sig valid from t3 on + b = signature::Builder::new(SignatureType::DirectKey) + .set_features(&Features::sequoia()).unwrap() + .set_key_flags(&KeyFlags::default().set_signing(true)).unwrap() + .set_signature_creation_time(t3).unwrap() + .set_key_expiration_time(Some(std::time::Duration::new( + 20 * 52 * 7 * 24 * 60 * 60, 0))).unwrap() + .set_issuer_fingerprint(key.fingerprint()).unwrap() + .set_issuer(key.fingerprint().into()).unwrap() + .set_preferred_hash_algorithms(vec![HashAlgorithm::SHA512]) + .unwrap(); + let bind2 = b.sign_primary_key_binding(&mut signer).unwrap(); + + // 1st message sig between t1 and t2 + b = signature::Builder::new(SignatureType::Binary) + .set_signature_creation_time(t12).unwrap() + .set_issuer_fingerprint(key.fingerprint()).unwrap() + .set_issuer(key.fingerprint().into()).unwrap(); + let sig1 = b.sign_message(&mut signer, msg).unwrap(); + + // 2nd message sig between t2 and t3 + b = signature::Builder::new(SignatureType::Binary) + .set_signature_creation_time(t23).unwrap() + .set_issuer_fingerprint(key.fingerprint()).unwrap() + .set_issuer(key.fingerprint().into()).unwrap(); + let sig2 = b.sign_message(&mut signer, msg).unwrap(); + + // 3rd message sig between t3 and now + b = signature::Builder::new(SignatureType::Binary) + .set_signature_creation_time(std::time::SystemTime::now()).unwrap() + .set_issuer_fingerprint(key.fingerprint()).unwrap() + .set_issuer(key.fingerprint().into()).unwrap(); + let sig3 = b.sign_message(&mut signer, msg).unwrap(); + + let cert = Cert::from_packet_pile(PacketPile::from(vec![ + key.into(), + bind1.into(), + bind2.into(), + rev.into() + ])).unwrap(); + + let mut fd = File::create("revoked-key-keyring.pgp").unwrap(); + cert.serialize(&mut fd).unwrap(); + + let mut fd = File::create("revoked-key-sig-t1-t2.pgp").unwrap(); + Packet::from(sig1).serialize(&mut fd).unwrap(); + + let mut fd = File::create("revoked-key-sig-t2-t3.pgp").unwrap(); + Packet::from(sig2).serialize(&mut fd).unwrap(); + + let mut fd = File::create("revoked-key-sig-t3-now.pgp").unwrap(); + Packet::from(sig3).serialize(&mut fd).unwrap(); +} |