ENGINE-485: Finally, the nightmare that is NetPGP sign-only (detached sigs) is over. (Or is it?) sync
authorKrista Bennett <krista@pep-project.org>
Mon, 10 Dec 2018 18:08:41 +0100
branchsync
changeset 317637b3ba0bcfe2
parent 3175 2623aab09791
child 3177 990b7d72351c
child 3180 f7ce02c58571
ENGINE-485: Finally, the nightmare that is NetPGP sign-only (detached sigs) is over. (Or is it?)
src/pgp_netpgp.c
test/signature.asc
test/src/engine_tests/SignOnlyTests.cc
     1.1 --- a/src/pgp_netpgp.c	Wed Dec 05 15:10:39 2018 +0100
     1.2 +++ b/src/pgp_netpgp.c	Mon Dec 10 18:08:41 2018 +0100
     1.3 @@ -774,9 +774,15 @@
     1.4      pgp_key_t *signer = NULL;
     1.5      pgp_seckey_t *seckey = NULL;
     1.6      pgp_memory_t *signedmem = NULL;
     1.7 +    pgp_memory_t *text = NULL;
     1.8 +	pgp_output_t *output;
     1.9 +    
    1.10      const char *hashalg;
    1.11      pgp_keyring_t *snrs;
    1.12  
    1.13 +	pgp_create_sig_t	*sig;
    1.14 +	uint8_t	keyid[PGP_KEY_ID_SIZE];
    1.15 +
    1.16      PEP_STATUS result;
    1.17  
    1.18      assert(session);
    1.19 @@ -808,14 +814,14 @@
    1.20      unsigned from = 0;
    1.21  
    1.22      if (str_to_fpr(fpr, uint_fpr, &fprlen)) {
    1.23 -        if ((signer = (pgp_key_t *)pgp_getkeybyfpr(netpgp.io, netpgp.pubring,
    1.24 +        if ((signer = (pgp_key_t *)pgp_getkeybyfpr(netpgp.io, netpgp.secring,
    1.25                                                  uint_fpr, fprlen, &from, NULL,
    1.26                                                  /* reject revoked and expired */
    1.27                                                  1,1)) == NULL) {
    1.28              result = PEP_KEY_NOT_FOUND;
    1.29              goto free_snrs;
    1.30          }
    1.31 -    }else{
    1.32 +    } else{
    1.33          result = PEP_ILLEGAL_VALUE;
    1.34          goto free_snrs;
    1.35      }
    1.36 @@ -842,25 +848,41 @@
    1.37      }
    1.38  
    1.39      hashalg = netpgp_getvar(&netpgp, "hash");
    1.40 -
    1.41 +    
    1.42      const char *_stext;
    1.43      size_t _ssize;
    1.44 +
    1.45 +	text = pgp_memory_new();
    1.46 +    pgp_memory_add(text, (const uint8_t*)ptext, psize);
    1.47 +
    1.48 +    pgp_setup_memory_write(&output, &signedmem, psize);
    1.49 +	pgp_writer_push_armor_msg(output);
    1.50 +
    1.51 +    pgp_hash_alg_t hash_alg = pgp_str_to_hash_alg(hashalg);
    1.52 +    
    1.53 +	sig = pgp_create_sig_new();
    1.54 +	pgp_start_sig(sig, seckey, hash_alg, PGP_SIG_BINARY);
    1.55 +
    1.56 +	pgp_sig_add_data(sig, pgp_mem_data(text), pgp_mem_len(text));
    1.57 +	pgp_memory_free(text);
    1.58 +
    1.59 +	pgp_add_creation_time(sig, time(NULL));
    1.60 +	pgp_add_sig_expiration_time(sig, 0);
    1.61 +	pgp_keyid(keyid, sizeof(keyid), &seckey->pubkey, hash_alg);
    1.62 +	pgp_add_issuer_keyid(sig, keyid);
    1.63 +	pgp_end_hashed_subpkts(sig);
    1.64 +
    1.65 +    pgp_write_sig(output, sig, &seckey->pubkey, seckey);
    1.66 +	pgp_writer_close(output);
    1.67 +	pgp_create_sig_delete(sig);
    1.68     
    1.69 -    // Sign data
    1.70 -    signedmem = pgp_sign_buf(netpgp.io, ptext, psize, seckey,
    1.71 -                time(NULL), /* birthtime */
    1.72 -                0 /* duration */,
    1.73 -                hashalg,
    1.74 -                1 /* armored */,
    1.75 -                0 /* cleartext */);
    1.76 -
    1.77      if (!signedmem) {
    1.78          result = PEP_UNENCRYPTED;
    1.79          goto free_snrs;
    1.80      }
    1.81      _stext = (char*) pgp_mem_data(signedmem);
    1.82      _ssize = pgp_mem_len(signedmem);
    1.83 -    
    1.84 +        
    1.85      // Allocate transferable buffer
    1.86      char *_buffer = malloc(_ssize + 1);
    1.87  
     2.1 --- a/test/signature.asc	Wed Dec 05 15:10:39 2018 +0100
     2.2 +++ b/test/signature.asc	Mon Dec 10 18:08:41 2018 +0100
     2.3 @@ -1,11 +1,12 @@
     2.4 ------BEGIN PGP SIGNATURE-----
     2.5 -Version: GnuPG v1
     2.6 -
     2.7 -iQEcBAABAgAGBQJVeFSyAAoJEFm/9IjJwu45iQ8IAKRtGx+AcQZV7ZwGIIGRRRFS
     2.8 -Ac6D50AKrbORg4vaAen8qa3ULU74rJvsMmMNSCSReLlYv31qgTkk5LEXDNvKPwG4
     2.9 -sGhjGxQCQogn0iocLgyUb6QMLQGwcmnT3lvyC9iUB+nr5GyKWwKfaxgvTIZquPNB
    2.10 -31ymL1Z8rP8X4rVJK3cJzgAPUOQ52yMIJ2UQqQ3F6PccgejNq0kS8Q4B5kO5UIcC
    2.11 -9tUVW8PHEgS8ldT9edIYxvNgJnmimqhb+znlXJoSv2WsniuNVMUJlKOgbeTQ1ej4
    2.12 -Oy1tHog4b9ZvOtyGytuyerCKbSaDJCi2SizGI9gYFu7HqbVWAkehgfnxE51MiNk=
    2.13 -=9xNW
    2.14 ------END PGP SIGNATURE-----
    2.15 +-----BEGIN PGP SIGNATURE-----
    2.16 +
    2.17 +xA0DAAgBqUEdF2/wDpcBy25iAAAAAABHcnJycnJycnJycnJycnJycnJycnJycnJycnJycnJycnJy
    2.18 +cnJycnJycnJycnJycnJycnJycnJycnJycnJyISBJIG1lYW4sIHlvLiBHcmVldGluZ3MgdG8gTWVl
    2.19 +c3RpLgogLSBBbGljZcLAYgQAAQgAFgUCXA5z3wUDAAAAAAkQqUEdF2/wDpcAACPWCADKn9DvovER
    2.20 +KCQ2I7p0QnYYdxLB0C7rCOyLg16ut84R+C0iXAAC2/eTq75SAac9TF22eI5PJr8G3PRAaM0Cg4IQ
    2.21 +a9TvH08LjlhkOWz4wLRrcV2hfDC9W63EcWsYbq+p/SLKG8kI53vb7PV0zQqZot1ZSNwcgK0gpp2X
    2.22 +0BNbP3M/fcOtUGWCa8nMymx17eLuR3qdWpB7mkWniMwUPaUCTVmkOuAdfJxpo+2jUwSStNlvx5xi
    2.23 +oBOTJcrcN3RhUAUNvQ7DlxVqLB+3VC2gHUmkfUhtybrQ79s+qRa/KN6rYiw8YGLoP6nyKsFHHtzk
    2.24 +ir51+MOi8C2jApkQNkoa82bnYJE4
    2.25 +=4cwe
    2.26 +-----END PGP SIGNATURE-----
     3.1 --- a/test/src/engine_tests/SignOnlyTests.cc	Wed Dec 05 15:10:39 2018 +0100
     3.2 +++ b/test/src/engine_tests/SignOnlyTests.cc	Mon Dec 10 18:08:41 2018 +0100
     3.3 @@ -5,6 +5,7 @@
     3.4  #include <string>
     3.5  #include <cstring>
     3.6  #include <cpptest.h>
     3.7 +#include <fstream>
     3.8  
     3.9  #include "pEpEngine.h"
    3.10  
    3.11 @@ -25,18 +26,30 @@
    3.12      slurp_and_import_key(session, "test_keys/priv/pep-test-alice-0x6FF00E97_priv.asc");    
    3.13      const char* alice_fpr = "4ABE3AAF59AC32CFE4F86500A9411D176FF00E97";
    3.14      string msg_text = "Grrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr! I mean, yo. Greetings to Meesti.\n - Alice";
    3.15 +    ofstream test_file;
    3.16 +    test_file.open("signed_text.txt");
    3.17 +    test_file << msg_text;
    3.18 +    test_file.close();
    3.19      char* signed_text = NULL;
    3.20      size_t signed_text_size = 0;
    3.21  
    3.22      stringlist_t* keylist = NULL;
    3.23      
    3.24      PEP_STATUS status = sign_only(session, msg_text.c_str(), msg_text.size(), alice_fpr, &signed_text, &signed_text_size);
    3.25 -    TEST_ASSERT(status == PEP_STATUS_OK);
    3.26 +    TEST_ASSERT_MSG(status == PEP_STATUS_OK, tl_status_string(status));
    3.27      cout << signed_text << endl;
    3.28 +    test_file.open("signature.txt");
    3.29 +    test_file << signed_text;
    3.30 +    test_file.close();
    3.31          
    3.32      status = verify_text(session, msg_text.c_str(), msg_text.size(),
    3.33                           signed_text, signed_text_size, &keylist);
    3.34 -    TEST_ASSERT(status == PEP_VERIFIED);
    3.35 +
    3.36 +#ifndef USE_NETPGP                         
    3.37 +    TEST_ASSERT_MSG(status == PEP_VERIFIED, tl_status_string(status));
    3.38 +#else    
    3.39 +    TEST_ASSERT_MSG(status == PEP_VERIFIED_AND_TRUSTED, tl_status_string(status));
    3.40 +#endif
    3.41      TEST_ASSERT(keylist);
    3.42      TEST_ASSERT(keylist->value);
    3.43      TEST_ASSERT(strcmp(keylist->value, alice_fpr) == 0);