[git] GPGME - branch, master, updated. gpgme-1.8.0-52-g43160a3
by Andre Heinecke
cvs at cvs.gnupg.org
Thu Feb 2 17:17:22 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".
The branch, master has been updated
via 43160a39f27f6c3507447620666c85af00b3499c (commit)
via 195c73589232160f45d00f4901c9bb2b0162f0e5 (commit)
from 15050ce5fce4ed815503db7c029abb38d08970d6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 43160a39f27f6c3507447620666c85af00b3499c
Author: Andre Heinecke <aheinecke at intevation.de>
Date: Thu Feb 2 17:16:27 2017 +0100
qt: Add test for tofu conflict
* lang/qt/tests/t-tofuinfo.cpp (TofuInfoTest::testTofuConflict): New.
diff --git a/lang/qt/tests/t-tofuinfo.cpp b/lang/qt/tests/t-tofuinfo.cpp
index d88861c..e16b1fd 100644
--- a/lang/qt/tests/t-tofuinfo.cpp
+++ b/lang/qt/tests/t-tofuinfo.cpp
@@ -35,12 +35,16 @@
#include <QDebug>
#include <QTest>
#include <QTemporaryDir>
+#include <QSignalSpy>
+
#include "protocol.h"
#include "tofuinfo.h"
#include "tofupolicyjob.h"
#include "verifyopaquejob.h"
#include "verificationresult.h"
#include "signingresult.h"
+#include "importjob.h"
+#include "importresult.h"
#include "keylistjob.h"
#include "keylistresult.h"
#include "qgpgmesignjob.h"
@@ -61,10 +65,57 @@ static const char testMsg1[] =
"=Crq6\n"
"-----END PGP MESSAGE-----\n";
+static const char conflictKey1[] = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
+"\n"
+"mDMEWG+w/hYJKwYBBAHaRw8BAQdAiq1oStvDYg8ZfFs5DgisYJo8dJxD+C/AA21O\n"
+"K/aif0O0GXRvZnVfY29uZmxpY3RAZXhhbXBsZS5jb22IlgQTFggAPhYhBHoJBLaV\n"
+"DamYAgoa1L5BwMOl/x88BQJYb7D+AhsDBQkDwmcABQsJCAcCBhUICQoLAgQWAgMB\n"
+"Ah4BAheAAAoJEL5BwMOl/x88GvwA/0SxkbLyAcshGm2PRrPsFQsSVAfwaSYFVmS2\n"
+"cMVIw1PfAQDclRH1Z4MpufK07ju4qI33o4s0UFpVRBuSxt7A4P2ZD7g4BFhvsP4S\n"
+"CisGAQQBl1UBBQEBB0AmVrgaDNJ7K2BSalsRo2EkRJjHGqnp5bBB0tapnF81CQMB\n"
+"CAeIeAQYFggAIBYhBHoJBLaVDamYAgoa1L5BwMOl/x88BQJYb7D+AhsMAAoJEL5B\n"
+"wMOl/x88OR0BAMq4/vmJUORRTmzjHcv/DDrQB030DSq666rlckGIKTShAPoDXM9N\n"
+"0gZK+YzvrinSKZXHmn0aSwmC1/hyPybJPEljBw==\n"
+"=p2Oj\n"
+"-----END PGP PUBLIC KEY BLOCK-----\n";
+
+static const char conflictKey2[] = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
+"\n"
+"mDMEWG+xShYJKwYBBAHaRw8BAQdA567gPEPJRpqKnZjlFJMRNUqruRviYMyygfF6\n"
+"6Ok+ygu0GXRvZnVfY29uZmxpY3RAZXhhbXBsZS5jb22IlgQTFggAPhYhBJ5kRh7E\n"
+"I98w8kgUcmkAfYFvqqHsBQJYb7FKAhsDBQkDwmcABQsJCAcCBhUICQoLAgQWAgMB\n"
+"Ah4BAheAAAoJEGkAfYFvqqHsYR0BAOz8JjYB4VvGkt6noLS3F5TLfsedGwQkBCw5\n"
+"znw/vGZsAQD9DSX+ekwdrN56mNO8ISt5uVS7B1ZQtouNBF+nzcwbDbg4BFhvsUoS\n"
+"CisGAQQBl1UBBQEBB0BFupW8+Xc1ikab8TJqANjQhvFVh6uLsgcK4g9lZgbGXAMB\n"
+"CAeIeAQYFggAIBYhBJ5kRh7EI98w8kgUcmkAfYFvqqHsBQJYb7FKAhsMAAoJEGkA\n"
+"fYFvqqHs15ABALdN3uiV/07cJ3RkNb3WPcijGsto+lECDS11dKEwTMFeAQDx+V36\n"
+"ocbYC/xEuwi3w45oNqGieazzcD/GBbt8OBk3BA==\n"
+"=45IR\n"
+"-----END PGP PUBLIC KEY BLOCK-----\n";
+
+static const char conflictMsg1[] = "-----BEGIN PGP MESSAGE-----\n"
+"\n"
+"owGbwMvMwCG2z/HA4aX/5W0YT3MlMUTkb2xPSizi6ihlYRDjYJAVU2Sp4mTZNpV3\n"
+"5QwmLqkrMLWsTCCFDFycAjCR1vcMf4U0Qrs6qzqfHJ9puGOFduLN2nVmhsumxjBE\n"
+"mdw4lr1ehIWR4QdLuNBpe86PGx1PtNXfVAzm/hu+vfjCp5BVNjPTM9L0eAA=\n"
+"=MfBD\n"
+"-----END PGP MESSAGE-----\n";
+
+static const char conflictMsg2[] = "-----BEGIN PGP MESSAGE-----\n"
+"\n"
+"owGbwMvMwCGWyVDbmL9q4RvG01xJDBH5GyvS8vO5OkpZGMQ4GGTFFFnmpbjJHVG+\n"
+"b/DJQ6QIppaVCaSQgYtTACaySZHhr/SOPrdFJ89KrcwKY5i1XnflXYf2PK76SafK\n"
+"tkxXuXzvJAvDX4kCybuqFk3HXCexz2+IrnZ+5X5EqOnuo3ens2cte+uzlhMA\n"
+"=BIAi\n"
+"-----END PGP MESSAGE-----\n";
+
class TofuInfoTest: public QGpgMETest
{
Q_OBJECT
+Q_SIGNALS:
+ void asyncDone();
+private:
bool testSupported()
{
return !(GpgME::engineInfo(GpgME::GpgEngine).engineVersion() < "2.1.16");
@@ -349,6 +400,88 @@ private Q_SLOTS:
delete job;
}
+ void testTofuConflict()
+ {
+ if (GpgME::engineInfo(GpgME::GpgEngine).engineVersion() < "2.1.19") {
+ return;
+ }
+
+ // Import key 1
+ auto importjob = openpgp()->importJob();
+ connect(importjob, &ImportJob::result, this,
+ [this](ImportResult result, QString, Error)
+ {
+ QVERIFY(!result.error());
+ QVERIFY(!result.imports().empty());
+ QVERIFY(result.numImported());
+ Q_EMIT asyncDone();
+ });
+ importjob->start(QByteArray(conflictKey1));
+ QSignalSpy spy (this, SIGNAL(asyncDone()));
+ QVERIFY(spy.wait());
+
+ // Verify Message 1
+ const QByteArray signedData(conflictMsg1);
+ auto verifyJob = openpgp()->verifyOpaqueJob(true);
+ QByteArray verified;
+ auto result = verifyJob->exec(signedData, verified);
+ delete verifyJob;
+
+ QVERIFY(!result.isNull());
+ QVERIFY(!result.error());
+
+ QVERIFY(result.numSignatures() == 1);
+ auto sig = result.signatures()[0];
+ QVERIFY(sig.validity() == Signature::Marginal);
+
+ auto stats = sig.key().userID(0).tofuInfo();
+ QVERIFY(!stats.isNull());
+ QVERIFY(!strcmp(sig.key().primaryFingerprint(), sig.fingerprint()));
+ QVERIFY(stats.signFirst() == stats.signLast());
+ QVERIFY(stats.signCount() == 1);
+ QVERIFY(stats.policy() == TofuInfo::PolicyAuto);
+ QVERIFY(stats.validity() == TofuInfo::LittleHistory);
+
+ // Import key 2
+ importjob = openpgp()->importJob();
+ connect(importjob, &ImportJob::result, this,
+ [this](ImportResult result, QString, Error)
+ {
+ QVERIFY(!result.error());
+ QVERIFY(!result.imports().empty());
+ QVERIFY(result.numImported());
+ Q_EMIT asyncDone();
+ });
+ importjob->start(QByteArray(conflictKey2));
+ QSignalSpy spy2 (this, SIGNAL(asyncDone()));
+ QVERIFY(spy2.wait());
+
+ // Verify Message 2
+ const QByteArray signedData2(conflictMsg2);
+ QByteArray verified2;
+ verifyJob = openpgp()->verifyOpaqueJob(true);
+ result = verifyJob->exec(signedData2, verified2);
+ delete verifyJob;
+
+ QVERIFY(!result.isNull());
+ QVERIFY(!result.error());
+
+ QVERIFY(result.numSignatures() == 1);
+ sig = result.signatures()[0];
+ QVERIFY(sig.validity() == Signature::Unknown);
+ // TODO activate when implemented
+ // QVERIFY(sig.summary() == Signature::TofuConflict);
+
+ stats = sig.key().userID(0).tofuInfo();
+ QVERIFY(!stats.isNull());
+ QVERIFY(!strcmp(sig.key().primaryFingerprint(), sig.fingerprint()));
+ QVERIFY(stats.signFirst() == stats.signLast());
+ QVERIFY(stats.signCount() == 1);
+ QVERIFY(stats.policy() == TofuInfo::PolicyAsk);
+ QVERIFY(stats.validity() == TofuInfo::Conflict);
+ }
+
+
void initTestCase()
{
QGpgMETest::initTestCase();
commit 195c73589232160f45d00f4901c9bb2b0162f0e5
Author: Andre Heinecke <aheinecke at intevation.de>
Date: Thu Feb 2 14:02:31 2017 +0100
core: Handle multiple TOFU_USER lines in verify
* src/verify.c (op_data_t): Add conflict_user_seen.
(parse_tofu_user): Return ERR_DUP_VALUE for mutltiple TOFU_USERS.
(_gpgme_verify_status_handler): Handle ERR_DUP_VALUE from
parse_tofu_user to ignore the next TOFU_STATS.
--
This fixes TOFU Conflict verification with GnuPG-2.1.17 and 2.1.18
GnuPG-Bug-Id: 2914
diff --git a/src/verify.c b/src/verify.c
index faa8deb..398cec5 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -46,6 +46,7 @@ typedef struct
int did_prepare_new_sig;
int only_newsig_seen;
int plaintext_seen;
+ int conflict_user_seen;
} *op_data_t;
@@ -680,6 +681,14 @@ parse_tofu_user (gpgme_signature_t sig, char *args, gpgme_protocol_t protocol)
goto leave;
}
+ if (sig->key && sig->key->fpr && strcmp (sig->key->fpr, fpr))
+ {
+ /* GnuPG since 2.1.17 emits multiple TOFU_USER lines with
+ different fingerprints in case of conflicts for a signature. */
+ err = GPG_ERR_DUP_VALUE;
+ goto leave;
+ }
+
args = tail;
tail = strchr (args, ' ');
if (tail == args)
@@ -708,12 +717,6 @@ parse_tofu_user (gpgme_signature_t sig, char *args, gpgme_protocol_t protocol)
err = trace_gpg_error (GPG_ERR_INTERNAL);
goto leave;
}
- else if (strcmp (sig->key->fpr, fpr))
- {
- /* The engine did not emit NEWSIG before a new key. */
- err = trace_gpg_error (GPG_ERR_INV_ENGINE);
- goto leave;
- }
err = _gpgme_key_append_name (sig->key, address, 0);
if (err)
@@ -930,6 +933,7 @@ _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args)
calc_sig_summary (sig);
err = prepare_new_sig (opd);
opd->only_newsig_seen = 1;
+ opd->conflict_user_seen = 0;
return err;
case GPGME_STATUS_GOODSIG:
@@ -995,16 +999,35 @@ _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args)
case GPGME_STATUS_TOFU_USER:
opd->only_newsig_seen = 0;
- return sig ? parse_tofu_user (sig, args, ctx->protocol)
- /* */ : trace_gpg_error (GPG_ERR_INV_ENGINE);
+ if (!sig)
+ return trace_gpg_error (GPG_ERR_INV_ENGINE);
+ err = parse_tofu_user (sig, args, ctx->protocol);
+ /* gpg emits TOFU User lines for each conflicting key.
+ GPGME does not expose this to have a clean API and
+ a GPGME user can do a keylisting with the address
+ normalisation.
+ So when a duplicated TOFU_USER line is encountered
+ we ignore the conflicting tofu stats emited afterwards.
+ */
+ if (err == GPG_ERR_DUP_VALUE)
+ {
+ opd->conflict_user_seen = 1;
+ break;
+ }
+ opd->conflict_user_seen = 0;
+ return trace_gpg_error (err);
case GPGME_STATUS_TOFU_STATS:
opd->only_newsig_seen = 0;
+ if (opd->conflict_user_seen)
+ break;
return sig ? parse_tofu_stats (sig, args)
/* */ : trace_gpg_error (GPG_ERR_INV_ENGINE);
case GPGME_STATUS_TOFU_STATS_LONG:
opd->only_newsig_seen = 0;
+ if (opd->conflict_user_seen)
+ break;
return sig ? parse_tofu_stats_long (sig, args, ctx->raw_description)
/* */ : trace_gpg_error (GPG_ERR_INV_ENGINE);
-----------------------------------------------------------------------
Summary of changes:
lang/qt/tests/t-tofuinfo.cpp | 133 +++++++++++++++++++++++++++++++++++++++++++
src/verify.c | 39 ++++++++++---
2 files changed, 164 insertions(+), 8 deletions(-)
hooks/post-receive
--
GnuPG Made Easy
http://git.gnupg.org
More information about the Gnupg-commits
mailing list