[git] GnuPG - branch, master, updated. gnupg-2.1.16-155-gaec89a7

by Neal H. Walfield cvs at cvs.gnupg.org
Mon Dec 19 16:06:19 CET 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  aec89a7297bae30f79a63fdc830530e82bab6170 (commit)
      from  a76fe9e86d7802e67373218bd1759168585e92ab (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit aec89a7297bae30f79a63fdc830530e82bab6170
Author: Neal H. Walfield <neal at g10code.com>
Date:   Mon Dec 19 15:59:56 2016 +0100

    test: Extend TOFU tests to also check the days with signatures.
    
    * tests/openpgp/tofu.scm (GPGTIME): Define the "standard" base time.
    (faketime): New function.
    (days->seconds): Likewise.
    (GPG): Use faketime.
    (check-counts): Also check the number of expected days with signatures
    and encryptions.  Update callers.  Extend tests.
    
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm
index 47c3dd0..20c130a 100755
--- a/tests/openpgp/tofu.scm
+++ b/tests/openpgp/tofu.scm
@@ -20,9 +20,16 @@
 (load (with-path "defs.scm"))
 (setup-environment)
 
+(define GPGTIME 1480943782)
+
+;; Generate a --faked-system-time parameter for a particular offset.
+(define (faketime delta)
+  (string-append "--faked-system-time=" (number->string (+ GPGTIME delta))))
+;; A convenience function for the above.
+(define (days->seconds days) (* days 24 60 60))
+
 ;; Redefine GPG without --always-trust and a fixed time.
-(define GPG `(,(tool 'gpg) --no-permission-warning
-	      --faked-system-time=1480943782))
+(define GPG `(,(tool 'gpg) --no-permission-warning ,(faketime GPGTIME)))
 (define GNUPGHOME (getenv "GNUPGHOME"))
 (if (string=? "" GNUPGHOME)
     (fail "GNUPGHOME not set"))
@@ -168,58 +175,107 @@
 
 (display "Checking TOFU stats...\n")
 
-(define (check-counts keyid expected-sigs expected-encs . args)
+(define (check-counts keyid expected-sigs expected-sig-days
+                      expected-encs expected-enc-days . args)
   (let*
       ((tfs (assoc "tfs"
                    (gpg-with-colons
                     `(--trust-model=tofu --with-tofu-info
                                          , at args --list-keys ,keyid))))
        (sigs (string->number (list-ref tfs 3)))
-       (encs (string->number (list-ref tfs 4))))
+       (sig-days (string->number (list-ref tfs 11)))
+       (encs (string->number (list-ref tfs 4)))
+       (enc-days (string->number (list-ref tfs 12)))
+       )
+    ; (display keyid) (display ": ") (display tfs) (display "\n")
     (unless (= sigs expected-sigs)
             (fail keyid ": # signatures (" sigs ") does not match expected"
                    "# signatures (" expected-sigs ").\n"))
+    (unless (= sig-days expected-sig-days)
+            (fail keyid ": # signature days (" sig-days ")"
+                  "does not match expected"
+                  "# signature days (" expected-sig-days ").\n"))
     (unless (= encs expected-encs)
             (fail keyid ": # encryptions (" encs ") does not match expected"
                    "# encryptions (" expected-encs ").\n"))
+    (unless (= enc-days expected-enc-days)
+            (fail keyid ": # encryption days (" encs ")"
+                  "does not match expected"
+                  "# encryption days (" expected-enc-days ").\n"))
     ))
 
 ;; Carefully remove the TOFU db.
 (catch '() (unlink (string-append GNUPGHOME "/tofu.db")))
 
-(check-counts "1C005AF3" 0 0)
-(check-counts "BE04EB2B" 0 0)
-(check-counts "B662E42F" 0 0)
+(check-counts "1C005AF3" 0 0 0 0)
+(check-counts "BE04EB2B" 0 0 0 0)
+(check-counts "B662E42F" 0 0 0 0)
 
 ;; Verify a message.  The signature count should increase by 1.
 (call-check `(, at GPG --trust-model=tofu
 		    --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
-(check-counts "1C005AF3" 1 0)
+
+(check-counts "1C005AF3" 1 1 0 0)
 
 ;; Verify the same message.  The signature count should remain the
 ;; same.
 (call-check `(, at GPG --trust-model=tofu
 		    --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
-(check-counts "1C005AF3" 1 0)
+(check-counts "1C005AF3" 1 1 0 0)
 
 ;; Verify another message.
 (call-check `(, at GPG --trust-model=tofu
 		    --verify ,(in-srcdir "tofu/conflicting/1C005AF3-2.txt")))
-(check-counts "1C005AF3" 2 0)
+(check-counts "1C005AF3" 2 1 0 0)
 
 ;; Verify another message.
 (call-check `(, at GPG --trust-model=tofu
 		    --verify ,(in-srcdir "tofu/conflicting/1C005AF3-3.txt")))
-(check-counts "1C005AF3" 3 0)
+(check-counts "1C005AF3" 3 1 0 0)
 
 ;; Verify a message from a different sender.  The signature count
 ;; should increase by 1 for that key.
 (call-check `(, at GPG --trust-model=tofu
 		    --verify ,(in-srcdir "tofu/conflicting/BE04EB2B-1.txt")))
-(check-counts "1C005AF3" 3 0)
-(check-counts "BE04EB2B" 1 0)
-(check-counts "B662E42F" 0 0)
-
+(check-counts "1C005AF3" 3 1 0 0)
+(check-counts "BE04EB2B" 1 1 0 0)
+(check-counts "B662E42F" 0 0 0 0)
+
+;; Verify another message on a new day.  (Recall: we are interested in
+;; when the message was first verified, not when the signer claimed
+;; that it was signed.)
+(call-check `(, at GPG --trust-model=tofu ,(faketime (days->seconds 2))
+		    --verify ,(in-srcdir "tofu/conflicting/1C005AF3-4.txt")))
+(check-counts "1C005AF3" 4 2 0 0)
+(check-counts "BE04EB2B" 1 1 0 0)
+(check-counts "B662E42F" 0 0 0 0)
+
+;; And another.
+(call-check `(, at GPG --trust-model=tofu ,(faketime (days->seconds 2))
+		    --verify ,(in-srcdir "tofu/conflicting/1C005AF3-5.txt")))
+(check-counts "1C005AF3" 5 2 0 0)
+(check-counts "BE04EB2B" 1 1 0 0)
+(check-counts "B662E42F" 0 0 0 0)
+
+;; Another, but for a different key.
+(call-check `(, at GPG --trust-model=tofu ,(faketime (days->seconds 2))
+		    --verify ,(in-srcdir "tofu/conflicting/BE04EB2B-2.txt")))
+(check-counts "1C005AF3" 5 2 0 0)
+(check-counts "BE04EB2B" 2 2 0 0)
+(check-counts "B662E42F" 0 0 0 0)
+
+;; And add a third day.
+(call-check `(, at GPG --trust-model=tofu ,(faketime (days->seconds 4))
+		    --verify ,(in-srcdir "tofu/conflicting/BE04EB2B-3.txt")))
+(check-counts "1C005AF3" 5 2 0 0)
+(check-counts "BE04EB2B" 3 3 0 0)
+(check-counts "B662E42F" 0 0 0 0)
+
+(call-check `(, at GPG --trust-model=tofu ,(faketime (days->seconds 4))
+		    --verify ,(in-srcdir "tofu/conflicting/BE04EB2B-4.txt")))
+(check-counts "1C005AF3" 5 2 0 0)
+(check-counts "BE04EB2B" 4 3 0 0)
+(check-counts "B662E42F" 0 0 0 0)
 
 ;; Check that we detect the following attack:
 ;;

-----------------------------------------------------------------------

Summary of changes:
 tests/openpgp/tofu.scm | 86 +++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 71 insertions(+), 15 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list