[git] GnuPG - branch, master, updated. gnupg-2.1.12-22-gb9d1e09
by Justus Winter
cvs at cvs.gnupg.org
Mon May 23 16:13:38 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via b9d1e099c3ec3163c86afe627ecbe028db1facf6 (commit)
via 4994153924e0948a657edddaef54a39a6001beff (commit)
via 41b10c66ec1dd33633386f4fc8013ddeab7737ca (commit)
via a54e89a58576108fcae10ceeb4fc65822aecc170 (commit)
from 5beb6ab4b07d6a25a119d5f272f2df04d130b984 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b9d1e099c3ec3163c86afe627ecbe028db1facf6
Author: Justus Winter <justus at g10code.com>
Date: Tue Apr 19 16:23:42 2016 +0200
tests: Test the pinentry interactions when exporting keys.
* tests/openpgp/export.test: Test pinentry interactions.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/tests/openpgp/export.test b/tests/openpgp/export.test
index 08b8272..e0fe926 100755
--- a/tests/openpgp/export.test
+++ b/tests/openpgp/export.test
@@ -36,12 +36,34 @@ check_armored_private_key()
check_exported_private_key $1
}
+logfile="`pwd`/pinentry.log"
+ppfile="`pwd`/passphrases"
+rm -f -- $logfile $ppfile
+touch $ppfile
+
+prepare_passphrase()
+{
+ echo $* >>$ppfile
+}
+
+prepare_passphrase_confirm()
+{
+ echo "fake-entry being started to CONFIRM the weak phrase" >>$ppfile
+}
+
+assert_passphrases_consumed()
+{
+ if test -s $ppfile; then
+ echo "Expected $ppfile to be empty, but these are enqueued:" >&2
+ cat "$ppfile" >&2
+ exit 1
+ fi
+ rm -f -- $logfile
+}
+
# XXX: Currently, gpg does not allow one to export private keys
-# without a passphrase (issue2070, issue2324), and our fake pinentry
-# only allows us to specify one passphrase. We therefore use the
-# passphrase of our first key to unlock it (the other keys are not
-# protected), and also use the same passphrase for the exported keys.
-export PINENTRY_USER_DATA="$usrpass1"
+# without a passphrase (issue2070, issue2324).
+export PINENTRY_USER_DATA="--logfile=$logfile --passphrasefile=$ppfile"
info "Checking key export."
for KEY in D74C5F22 C40FDECF ECABF51D
@@ -56,13 +78,53 @@ do
check_armored_public_key $KEY.public
rm $KEY.public
+ if [ $KEY = D74C5F22 ]; then
+ # Key D74C5F22 is protected by a passphrase. Prepare this
+ # one. Currently, GnuPG does not ask for an export passphrase
+ # in this case.
+ prepare_passphrase "$usrpass1"
+ else
+ # We use a weak passphrase which we'll have to confirm.
+ prepare_passphrase "export passphrase"
+ prepare_passphrase_confirm
+ prepare_passphrase "export passphrase"
+
+ # Key C40FDECF has a subkey.
+ if [ $KEY = C40FDECF ]; then
+ prepare_passphrase "export passphrase"
+ prepare_passphrase_confirm
+ prepare_passphrase "export passphrase"
+ fi
+ fi
+
$GPG --export-secret-keys $KEY >$KEY.private
check_exported_private_key $KEY.private
rm $KEY.private
+ assert_passphrases_consumed
+
+ if [ $KEY = D74C5F22 ]; then
+ # Key D74C5F22 is protected by a passphrase. Prepare this
+ # one. Currently, GnuPG does not ask for an export passphrase
+ # in this case.
+ prepare_passphrase "$usrpass1"
+ else
+ # We use a stronger passphrase here.
+ prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
+ prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
+
+ # Key C40FDECF has a subkey.
+ if [ $KEY = C40FDECF ]; then
+ prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
+ prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
+ fi
+ fi
+
$GPG --armor --export-secret-keys $KEY >$KEY.private
check_armored_private_key $KEY.private
rm $KEY.private
+
+ assert_passphrases_consumed
done
progress_end
commit 4994153924e0948a657edddaef54a39a6001beff
Author: Justus Winter <justus at g10code.com>
Date: Tue Apr 19 15:44:23 2016 +0200
tests: Add support for a passphrase queue to fake pinentry.
* tests/openpgp/fake-pinentry.c (get_passphrase): New function.
(main): Add option --passphrasefile and read passphrases from it.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/tests/openpgp/fake-pinentry.c b/tests/openpgp/fake-pinentry.c
index b888cdb..a651726 100644
--- a/tests/openpgp/fake-pinentry.c
+++ b/tests/openpgp/fake-pinentry.c
@@ -44,6 +44,74 @@ reply (const char *fmt, ...)
return result;
}
+
+/* Return the first line from FNAME, removing it from the file. */
+char *
+get_passphrase (const char *fname)
+{
+ char *passphrase = NULL;
+ size_t fname_len;
+ char *fname_new;
+ FILE *source, *sink;
+ char linebuf[80];
+
+ fname_len = strlen (fname);
+ fname_new = malloc (fname_len + 5);
+ if (fname_new == NULL)
+ {
+ perror ("malloc");
+ exit (1);
+ }
+ snprintf (fname_new, fname_len + 5, "%s.new", fname);
+
+ source = fopen (fname, "r");
+ if (! source)
+ {
+ perror (fname);
+ exit (1);
+ }
+
+ sink = fopen (fname_new, "w");
+ if (! sink)
+ {
+ perror (fname_new);
+ exit (1);
+ }
+
+ while (fgets (linebuf, sizeof linebuf, source))
+ {
+ linebuf[sizeof linebuf - 1] = 0;
+ if (passphrase == NULL)
+ {
+ passphrase = strdup (linebuf);
+ if (passphrase == NULL)
+ {
+ perror ("strdup");
+ exit (1);
+ }
+ }
+ else
+ fputs (linebuf, sink);
+ }
+
+ if (ferror (source))
+ {
+ perror (fname);
+ exit (1);
+ }
+
+ if (ferror (sink))
+ {
+ perror (fname_new);
+ exit (1);
+ }
+
+ fclose (source);
+ fclose (sink);
+ rename (fname_new, fname);
+ return passphrase;
+}
+
#define spacep(p) (*(p) == ' ' || *(p) == '\t')
@@ -97,7 +165,8 @@ main (int argc, char **argv)
{
char *args;
char *logfile;
- static char *passphrase;
+ char *passphrasefile;
+ char *passphrase;
/* We get our options via PINENTRY_USER_DATA. */
(void) argc, (void) argv;
@@ -127,7 +196,30 @@ main (int argc, char **argv)
}
}
- passphrase = skip_options (args);
+ passphrasefile = option_value (args, "--passphrasefile");
+ if (passphrasefile)
+ {
+ char *p = passphrasefile, more;
+ while (*p && ! spacep (p))
+ p++;
+ more = !! *p;
+ *p = 0;
+ args = more ? p+1 : p;
+
+ passphrase = get_passphrase (passphrasefile);
+ if (! passphrase)
+ {
+ reply ("# Passphrasefile '%s' is empty. Terminating.\n",
+ passphrasefile);
+ return 1;
+ }
+
+ p = passphrase + strlen (passphrase) - 1;
+ if (*p == '\n')
+ *p = 0;
+ }
+ else
+ passphrase = skip_options (args);
reply ("# fake-pinentry started. Passphrase='%s'.\n", passphrase);
reply ("OK - what's up?\n");
commit 41b10c66ec1dd33633386f4fc8013ddeab7737ca
Author: Justus Winter <justus at g10code.com>
Date: Tue Apr 19 14:21:10 2016 +0200
tests: Add logging to fake pinentry.
* tests/openpgp/fake-pinentry.c (log_stream): New variable.
(reply): New function.
(spacep,skip_options,option_value): Copy from common.
(main): Parse arguments, add --logfile option, write logfile.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/tests/openpgp/fake-pinentry.c b/tests/openpgp/fake-pinentry.c
index b8aa848..b888cdb 100644
--- a/tests/openpgp/fake-pinentry.c
+++ b/tests/openpgp/fake-pinentry.c
@@ -21,30 +21,116 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#include <stdarg.h>
+
+FILE *log_stream;
+
+int
+reply (const char *fmt, ...)
+{
+ int result;
+ va_list ap;
+
+ if (log_stream)
+ {
+ fprintf (log_stream, "> ");
+ va_start (ap, fmt);
+ vfprintf (log_stream, fmt, ap);
+ va_end (ap);
+ }
+ va_start (ap, fmt);
+ result = vprintf (fmt, ap);
+ va_end (ap);
+
+ return result;
+}
+
+#define spacep(p) (*(p) == ' ' || *(p) == '\t')
+
+/* Skip over options in LINE.
+
+ Blanks after the options are also removed. Options are indicated
+ by two leading dashes followed by a string consisting of non-space
+ characters. The special option "--" indicates an explicit end of
+ options; all what follows will not be considered an option. The
+ first no-option string also indicates the end of option parsing. */
+char *
+skip_options (const char *line)
+{
+ while (spacep (line))
+ line++;
+ while (*line == '-' && line[1] == '-')
+ {
+ while (*line && !spacep (line))
+ line++;
+ while (spacep (line))
+ line++;
+ }
+ return (char*) line;
+}
+
+
+/* Return a pointer to the argument of the option with NAME. If such
+ an option is not given, NULL is returned. */
+char *
+option_value (const char *line, const char *name)
+{
+ char *s;
+ int n = strlen (name);
+
+ s = strstr (line, name);
+ if (s && s >= skip_options (line))
+ return NULL;
+ if (s && (s == line || spacep (s-1))
+ && s[n] && (spacep (s+n) || s[n] == '='))
+ {
+ s += n + 1;
+ s += strspn (s, " ");
+ if (*s && !spacep(s))
+ return s;
+ }
+ return NULL;
+}
int
main (int argc, char **argv)
{
+ char *args;
+ char *logfile;
static char *passphrase;
- char *p;
+ /* We get our options via PINENTRY_USER_DATA. */
(void) argc, (void) argv;
setvbuf (stdin, NULL, _IOLBF, BUFSIZ);
setvbuf (stdout, NULL, _IOLBF, BUFSIZ);
- if (!passphrase)
+ args = getenv ("PINENTRY_USER_DATA");
+ if (! args)
+ args = "";
+
+ logfile = option_value (args, "--logfile");
+ if (logfile)
{
- passphrase = getenv ("PINENTRY_USER_DATA");
- if (!passphrase)
- passphrase = "";
- for (p=passphrase; *p; p++)
- if (*p == '\r' || *p == '\n')
- *p = '.';
- printf ("# Passphrase='%s'\n", passphrase);
+ char *p = logfile, more;
+ while (*p && ! spacep (p))
+ p++;
+ more = !! *p;
+ *p = 0;
+ args = more ? p+1 : p;
+
+ log_stream = fopen (logfile, "a");
+ if (! log_stream)
+ {
+ perror (logfile);
+ return 1;
+ }
}
- printf ("OK - what's up?\n");
+ passphrase = skip_options (args);
+
+ reply ("# fake-pinentry started. Passphrase='%s'.\n", passphrase);
+ reply ("OK - what's up?\n");
while (! feof (stdin))
{
@@ -53,15 +139,23 @@ main (int argc, char **argv)
if (fgets (buffer, sizeof buffer, stdin) == NULL)
break;
+ if (log_stream)
+ fprintf (log_stream, "< %s", buffer);
+
if (strncmp (buffer, "GETPIN", 6) == 0)
- printf ("D %s\nOK\n", passphrase);
+ reply ("D %s\n", passphrase);
else if (strncmp (buffer, "BYE", 3) == 0)
{
- printf ("OK\n");
+ reply ("OK\n");
break;
}
- else
- printf ("OK\n");
+
+ reply ("OK\n");
}
+
+ reply ("# Connection terminated.\n");
+ if (log_stream)
+ fclose (log_stream);
+
return 0;
}
commit a54e89a58576108fcae10ceeb4fc65822aecc170
Author: Justus Winter <justus at g10code.com>
Date: Tue Apr 19 13:40:46 2016 +0200
tests: Add export test.
* tests/openpgp/Makefile.am (TESTS): Add new file.
* tests/openpgp/export.test: New file.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index bab0b7d..6dc4d5b 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -57,6 +57,7 @@ TESTS = version.test mds.test \
import.test ecc.test 4gb-packet.test \
$(sqlite3_dependent_tests) \
gpgtar.test use-exact-key.test default-key.test \
+ export.test \
finish.test
diff --git a/tests/openpgp/export.test b/tests/openpgp/export.test
new file mode 100755
index 0000000..08b8272
--- /dev/null
+++ b/tests/openpgp/export.test
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+. $srcdir/defs.inc || exit 3
+
+check_exported_public_key()
+{
+ $GPG --list-packets $1 >$1.packets
+ grep '^:public key packet:' $1.packets >/dev/null
+ grep "^ keyid: .*$KEY$" $1.packets >/dev/null
+ grep '^:user ID packet:' $1.packets >/dev/null
+ grep "^:signature packet:.*keyid.*$KEY" $1.packets >/dev/null
+ rm $1.packets
+}
+
+check_armored_public_key()
+{
+ grep '^-----BEGIN PGP PUBLIC KEY BLOCK-----$' $1 >/dev/null
+ grep '^-----END PGP PUBLIC KEY BLOCK-----$' $1 >/dev/null
+ check_exported_public_key $1
+}
+
+check_exported_private_key()
+{
+ $GPG --list-packets $1 >$1.packets
+ grep '^:secret key packet:' $1.packets >/dev/null
+ grep "^ keyid: .*$KEY$" $1.packets >/dev/null
+ grep '^:user ID packet:' $1.packets >/dev/null
+ grep "^:signature packet:.*keyid.*$KEY" $1.packets >/dev/null
+ rm $1.packets
+}
+
+check_armored_private_key()
+{
+ grep '^-----BEGIN PGP PRIVATE KEY BLOCK-----$' $1 >/dev/null
+ grep '^-----END PGP PRIVATE KEY BLOCK-----$' $1 >/dev/null
+ check_exported_private_key $1
+}
+
+# XXX: Currently, gpg does not allow one to export private keys
+# without a passphrase (issue2070, issue2324), and our fake pinentry
+# only allows us to specify one passphrase. We therefore use the
+# passphrase of our first key to unlock it (the other keys are not
+# protected), and also use the same passphrase for the exported keys.
+export PINENTRY_USER_DATA="$usrpass1"
+
+info "Checking key export."
+for KEY in D74C5F22 C40FDECF ECABF51D
+do
+ progress $KEY
+
+ $GPG --export $KEY >$KEY.public
+ check_exported_public_key $KEY.public
+ rm $KEY.public
+
+ $GPG --armor --export $KEY >$KEY.public
+ check_armored_public_key $KEY.public
+ rm $KEY.public
+
+ $GPG --export-secret-keys $KEY >$KEY.private
+ check_exported_private_key $KEY.private
+ rm $KEY.private
+
+ $GPG --armor --export-secret-keys $KEY >$KEY.private
+ check_armored_private_key $KEY.private
+ rm $KEY.private
+done
+
+progress_end
-----------------------------------------------------------------------
Summary of changes:
tests/openpgp/Makefile.am | 1 +
tests/openpgp/export.test | 130 +++++++++++++++++++++++++
tests/openpgp/fake-pinentry.c | 216 +++++++++++++++++++++++++++++++++++++++---
3 files changed, 332 insertions(+), 15 deletions(-)
create mode 100755 tests/openpgp/export.test
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list