[git] GnuPG - branch, master, updated. gnupg-2.1.14-51-g7dcad0d

by NIIBE Yutaka cvs at cvs.gnupg.org
Mon Aug 8 06:45:22 CEST 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  7dcad0d3503ac0d75e09efb16246dd78518986fc (commit)
      from  40d16029ed8b334c371fa7f24ac762d47302826e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7dcad0d3503ac0d75e09efb16246dd78518986fc
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Mon Aug 8 13:24:02 2016 +0900

    tests: Add openpgp/gpgv-forged-keyring.scm.
    
    * tests/openpgp/gpgv-forged-keyring.scm: New.
    * tests/openpgp/forged-keyring.gpg: New.
    * tests/openpgp/Makefile.am (TESTS): Add gpgv-forged-keyring.scm.
    * tests/openpgp/defs.scm (tools): Add GPGV.
    (GPGV): New.
    
    --
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index 7983d6f..564439a 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -72,6 +72,7 @@ TESTS = setup.scm \
 	conventional-mdc.scm \
 	multisig.scm \
 	verify.scm \
+	gpgv-forged-keyring.scm \
 	armor.scm \
 	import.scm \
 	ecc.scm \
diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm
index 2cbad46..4a968da 100644
--- a/tests/openpgp/defs.scm
+++ b/tests/openpgp/defs.scm
@@ -53,6 +53,7 @@
 
 (define tools
   '((gpg "GPG" "g10/gpg")
+    (gpgv "GPGV" "g10/gpgv")
     (gpg-agent "GPG_AGENT" "agent/gpg-agent")
     (gpg-connect-agent "GPG_CONNECT_AGENT" "tools/gpg-connect-agent")
     (gpgconf "GPGCONF" "tools/gpgconf")
@@ -78,6 +79,7 @@
 
 (define GPG `(,(tool 'gpg) --no-permission-warning
 	      ,@(if have-opt-always-trust '(--always-trust) '())))
+(define GPGV `(,(tool 'gpgv)))
 (define PINENTRY (tool 'pinentry))
 
 (define (tr:gpg input args)
diff --git a/tests/openpgp/forged-keyring.gpg b/tests/openpgp/forged-keyring.gpg
new file mode 100644
index 0000000..8fe733a
Binary files /dev/null and b/tests/openpgp/forged-keyring.gpg differ
diff --git a/tests/openpgp/gpgv-forged-keyring.scm b/tests/openpgp/gpgv-forged-keyring.scm
new file mode 100755
index 0000000..7094c96
--- /dev/null
+++ b/tests/openpgp/gpgv-forged-keyring.scm
@@ -0,0 +1,67 @@
+#!/usr/bin/env gpgscm
+
+;; Copyright (C) 2016 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+(load (with-path "defs.scm"))
+
+(define msg_signed_asc "
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This is an example text file to demonstrate a problem.
+
+Using forged-keyring.gpg with signature cache, it looks like it is
+signed by the following key:
+
+    Echo Test (demo key) <echo at example.net>
+
+But actually not.
+
+It is signed by a key (steve.biko at example.net) distributed as:
+
+    gnupg/tests/openpgp/samplekeys/rsa-rsa-sample-1.asc
+
+in GnuPG.
+
+The forged-keyring.gpg file is created by a key in
+
+    gnupg/tests/openpgp/pubdemo.asc
+
+Replacing the raw key material packet by one of rsa-rsa-sample-1.asc.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQEcBAEBCAAGBQJXp+5MAAoJEKpD8dzH/tG3bGMH/1idFLJAaMxkrq+JguvAboiN
+tAA44IdAgJvAxtR5w5fgfed7PfsH70+tj54/ZTObt7rZDIlj/YBQ7XeCwd7/O5vx
+W0QtjjAxMuAPH80rVv4JIoflxV/deD8YaV9EhPE+6W5G0Z8SYL9B2RzdBVMwJY9+
+OZGJeKnUZ92Zg9jFr+H5gQNSeYdDHVDWYxr/xJUf0jYsZvAIBfB1mcSK1niiiVBv
+GAcUC/I8g18a7pCS9Qf9iZflqxX4AXfocAGQqQAiG4744OCNhVa5q6TScqhaGUah
+N1Glbw1OJfP1q+QFPMPKoCsTYmZpuugq2b5gV/eH0Abvk2pG4Fo/YTDPHhec7Jk=
+=NnY/
+-----END PGP SIGNATURE-----
+")
+
+(for-each-p
+ "Checking that a signature by bad key should not be verified"
+ (lambda (armored-file)
+   (catch '()
+	  (pipe:do
+	   (pipe:echo (eval armored-file (current-environment)))
+	   (pipe:spawn `(, at GPGV --keyring ,(in-srcdir "forged-keyring.gpg"))))
+	  (error "verification succeded but should not")))
+ '(msg_signed_asc))

-----------------------------------------------------------------------

Summary of changes:
 tests/openpgp/Makefile.am             |   1 +
 tests/openpgp/defs.scm                |   2 +
 tests/openpgp/forged-keyring.gpg      | Bin 0 -> 970 bytes
 tests/openpgp/gpgv-forged-keyring.scm |  67 ++++++++++++++++++++++++++++++++++
 4 files changed, 70 insertions(+)
 create mode 100644 tests/openpgp/forged-keyring.gpg
 create mode 100755 tests/openpgp/gpgv-forged-keyring.scm


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list