[git] GnuPG - branch, master, updated. gnupg-2.1.18-77-g90d383f
by Justus Winter
cvs at cvs.gnupg.org
Wed Feb 15 15:56:23 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 90d383f1eb07fc823518dea10eb15ca390f5cf8e (commit)
via 127e1e532da4083ccd3c307555b6177fab16f408 (commit)
from e2792813a55e091c51be7b1b089a71beb6466f1d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 90d383f1eb07fc823518dea10eb15ca390f5cf8e
Author: Justus Winter <justus at g10code.com>
Date: Wed Feb 15 15:51:09 2017 +0100
tests: Test and document other ways to create keys.
* doc/gpg.texi: Clarify usage and expiration arguments for key
generation.
* tests/openpgp/quick-key-manipulation.scm: Test all variants.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/doc/gpg.texi b/doc/gpg.texi
index b79b783..16c9674 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -644,10 +644,13 @@ For a description of these optional arguments see the command
the default is to a create certification and signing key.
The @code{expire} argument can be used to specify an expiration date
-for the key. Several formats are supported; commonly the ISO
-YYYY-MM-DD format is used. The values ``never'', ``none'' can be used
-for no expiration date. Not specifying a value, or using ``-''
-results in a key expiring in a reasonable default interval.
+for the key. Several formats are supported; commonly the ISO formats
+``YYYY-MM-DD'' or ``YYYYMMDDThhmmss'' are used. To make the key
+expire in N seconds, N days, N weeks, N months, or N years use
+``seconds=N'', ``Nd'', ``Nw'', ``Nm'', or ``Ny'' respectively. Not
+specifying a value, or using ``-'' results in a key expiring in a
+reasonable default interval. The values ``never'', ``none'' can be
+used for no expiration date.
If this command is used with @option{--batch},
@option{--pinentry-mode} has been set to @code{loopback}, and one of
@@ -684,15 +687,20 @@ Depending on the given @code{algo} the subkey may either be an
encryption subkey or a signing subkey. If an algorithm is capable of
signing and encryption and such a subkey is desired, a @code{usage}
string must be given. This string is either ``default'' or ``-'' to
-keep the default or a comma delimited list of keywords: ``sign'' for a
-signing subkey, ``auth'' for an authentication subkey, and ``encr''
-for an encryption subkey (``encrypt'' can be used as alias for
-``encr''). The valid combinations depend on the algorithm.
+keep the default or a comma delimited list (or space delimited list)
+of keywords: ``sign'' for a signing subkey, ``auth'' for an
+authentication subkey, and ``encr'' for an encryption subkey
+(``encrypt'' can be used as alias for ``encr''). The valid
+combinations depend on the algorithm.
The @code{expire} argument can be used to specify an expiration date
-for the subkey. Several formats are supported; commonly the ISO
-YYYY-MM-DD format is used. The values ``never'', ``none'', or ``-''
-can be used for no expiration date.
+for the key. Several formats are supported; commonly the ISO formats
+``YYYY-MM-DD'' or ``YYYYMMDDThhmmss'' are used. To make the key
+expire in N seconds, N days, N weeks, N months, or N years use
+``seconds=N'', ``Nd'', ``Nw'', ``Nm'', or ``Ny'' respectively. Not
+specifying a value, or using ``-'' results in a key expiring in a
+reasonable default interval. The values ``never'', ``none'' can be
+used for no expiration date.
@item --generate-key
@opindex generate-key
diff --git a/tests/openpgp/quick-key-manipulation.scm b/tests/openpgp/quick-key-manipulation.scm
index c0007d4..7ede5e9 100755
--- a/tests/openpgp/quick-key-manipulation.scm
+++ b/tests/openpgp/quick-key-manipulation.scm
@@ -121,6 +121,10 @@
'(()
(- - -)
(default default never)
+ (rsa "sign auth encr" "seconds=600") ;; GPGME uses this
+ (rsa "auth,encr" "2") ;; "without a letter, days is assumed"
+ (rsa "sign" "2105-01-01") ;; "last year GnuPG can represent is 2105"
+ (rsa "sign" "21050101T115500") ;; "last year GnuPG can represent is 2105"
(rsa sign "2d")
(rsa1024 sign "2w")
(rsa2048 encr "2m")
@@ -136,6 +140,35 @@
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (string-contains? (:cap subkey) "s"))
+ (assert (string-contains? (:cap subkey) "a"))
+ (assert (string-contains? (:cap subkey) "e"))
+ (assert (time-matches? (+ (get-time) 600)
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
+ (lambda (subkey)
+ (assert (= 1 (:alg subkey)))
+ (assert (string-contains? (:cap subkey) "a"))
+ (assert (string-contains? (:cap subkey) "e"))
+ (assert (time-matches? (+ (get-time) (days->seconds 2))
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
+ (lambda (subkey)
+ (assert (= 1 (:alg subkey)))
+ (assert (string-contains? (:cap subkey) "s"))
+ (assert (time-matches? 4260207600 ;; 2105-01-01
+ (string->number (:expire subkey))
+ ;; This is off by 12h, but I guess it just
+ ;; choses the middle of the day.
+ (days->seconds 1))))
+ (lambda (subkey)
+ (assert (= 1 (:alg subkey)))
+ (assert (string-contains? (:cap subkey) "s"))
+ (assert (time-matches? 4260254100 ;; UTC 2105-01-01 11:55:00
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
+ (lambda (subkey)
+ (assert (= 1 (:alg subkey)))
+ (assert (string-contains? (:cap subkey) "s"))
(assert (time-matches? (+ (get-time) (days->seconds 2))
(string->number (:expire subkey))
(minutes->seconds 5))))
commit 127e1e532da4083ccd3c307555b6177fab16f408
Author: Justus Winter <justus at g10code.com>
Date: Wed Feb 15 14:50:44 2017 +0100
tests: Check expiration times of created keys.
* tests/gpgscm/ffi.c (do_get_time): New function.
(ffi_init): Expose new function.
* tests/gpgscm/ffi.scm (get-time): Document new function.
* tests/gpgscm/time.scm: New file.
* tests/openpgp/quick-key-manipulation.scm: Use the new facilities to
check the expiration times of created keys.
* tests/openpgp/tofu.scm: Use the new module.
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/tests/gpgscm/ffi.c b/tests/gpgscm/ffi.c
index c91d4aa..42facee 100644
--- a/tests/gpgscm/ffi.c
+++ b/tests/gpgscm/ffi.c
@@ -502,6 +502,14 @@ do_get_isotime (scheme *sc, pointer args)
}
static pointer
+do_get_time (scheme *sc, pointer args)
+{
+ FFI_PROLOG ();
+ FFI_ARGS_DONE_OR_RETURN (sc, args);
+ FFI_RETURN_INT (sc, gnupg_get_time ());
+}
+
+static pointer
do_getpid (scheme *sc, pointer args)
{
FFI_PROLOG ();
@@ -1347,6 +1355,7 @@ ffi_init (scheme *sc, const char *argv0, const char *scriptname,
ffi_define_function (sc, mkdir);
ffi_define_function (sc, rmdir);
ffi_define_function (sc, get_isotime);
+ ffi_define_function (sc, get_time);
ffi_define_function (sc, getpid);
/* Random numbers. */
diff --git a/tests/gpgscm/ffi.scm b/tests/gpgscm/ffi.scm
index b62fd1f..3f2e553 100644
--- a/tests/gpgscm/ffi.scm
+++ b/tests/gpgscm/ffi.scm
@@ -47,3 +47,6 @@
;; Low-level mechanism to terminate the process.
(ffi-define (_exit status))
+
+;; Get the current time in seconds since the epoch.
+(ffi-define (get-time))
diff --git a/tests/gpgscm/time.scm b/tests/gpgscm/time.scm
new file mode 100644
index 0000000..a9b06d0
--- /dev/null
+++ b/tests/gpgscm/time.scm
@@ -0,0 +1,42 @@
+;; Simple time manipulation library.
+;;
+;; Copyright (C) 2017 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+;; This library mimics what GnuPG thinks about expiration times.
+;; Granularity is one second. Its focus is not on correctness.
+
+;; Conversion functions.
+(define (minutes->seconds minutes)
+ (* minutes 60))
+(define (hours->seconds hours)
+ (* hours 60 60))
+(define (days->seconds days)
+ (* days 24 60 60))
+(define (weeks->seconds weeks)
+ (days->seconds (* weeks 7)))
+(define (months->seconds months)
+ (days->seconds (* months 30)))
+(define (years->seconds years)
+ (days->seconds (* years 365)))
+
+(define (time-matches? a b slack)
+ (< (abs (- a b)) slack))
+(assert (time-matches? (hours->seconds 1) (hours->seconds 2) (hours->seconds 2)))
+(assert (time-matches? (hours->seconds 2) (hours->seconds 1) (hours->seconds 2)))
+(assert (not (time-matches? (hours->seconds 4) (hours->seconds 1) (hours->seconds 2))))
+(assert (not (time-matches? (hours->seconds 1) (hours->seconds 4) (hours->seconds 2))))
diff --git a/tests/openpgp/quick-key-manipulation.scm b/tests/openpgp/quick-key-manipulation.scm
index d43f7b5..c0007d4 100755
--- a/tests/openpgp/quick-key-manipulation.scm
+++ b/tests/openpgp/quick-key-manipulation.scm
@@ -1,6 +1,6 @@
#!/usr/bin/env gpgscm
-;; Copyright (C) 2016 g10 Code GmbH
+;; Copyright (C) 2016-2017 g10 Code GmbH
;;
;; This file is part of GnuPG.
;;
@@ -18,6 +18,7 @@
;; along with this program; if not, see <http://www.gnu.org/licenses/>.
(load (with-path "defs.scm"))
+(load (with-path "time.scm"))
(setup-environment)
;; XXX because of --always-trust, the trustdb is not created.
@@ -91,8 +92,9 @@
;; Make the key expire in one year.
(call-check `(, at gpg --quick-set-expire ,fpr "1y"))
-;; XXX It'd be nice to check that the value is right.
-(assert (not (equal? "" (expiration-time fpr))))
+(assert (time-matches? (+ (get-time) (years->seconds 1))
+ (string->number (expiration-time fpr))
+ (minutes->seconds 5)))
;;
@@ -134,21 +136,29 @@
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (string-contains? (:cap subkey) "s"))
- (assert (not (equal? "" (:expire subkey)))))
+ (assert (time-matches? (+ (get-time) (days->seconds 2))
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (= 1024 (:length subkey)))
(assert (string-contains? (:cap subkey) "s"))
- (assert (not (equal? "" (:expire subkey)))))
+ (assert (time-matches? (+ (get-time) (weeks->seconds 2))
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (= 2048 (:length subkey)))
(assert (string-contains? (:cap subkey) "e"))
- (assert (not (equal? "" (:expire subkey)))))
+ (assert (time-matches? (+ (get-time) (months->seconds 2))
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (= 4096 (:length subkey)))
(assert (string-contains? (:cap subkey) "s"))
(assert (string-contains? (:cap subkey) "a"))
- (assert (not (equal? "" (:expire subkey)))))
+ (assert (time-matches? (+ (get-time) (years->seconds 2))
+ (string->number (:expire subkey))
+ (minutes->seconds 5))))
#f))
diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm
index ca5786b..2e32765 100755
--- a/tests/openpgp/tofu.scm
+++ b/tests/openpgp/tofu.scm
@@ -18,6 +18,7 @@
;; along with this program; if not, see <http://www.gnu.org/licenses/>.
(load (with-path "defs.scm"))
+(load (with-path "time.scm"))
(setup-environment)
(define GPGTIME 1480943782)
@@ -25,8 +26,6 @@
;; Generate a --faked-system-time parameter for a particular offset.
(define (faketime delta)
(string-append "--faked-system-time=" (number->string (+ GPGTIME delta))))
-;; A convenience function for the above.
-(define (days->seconds days) (* days 24 60 60))
;; Redefine GPG without --always-trust and a fixed time.
(define GPG `(,(tool 'gpg) --no-permission-warning ,(faketime 0)))
-----------------------------------------------------------------------
Summary of changes:
doc/gpg.texi | 30 +++++++++++------
tests/gpgscm/ffi.c | 9 +++++
tests/gpgscm/ffi.scm | 3 ++
tests/gpgscm/time.scm | 42 +++++++++++++++++++++++
tests/openpgp/quick-key-manipulation.scm | 57 ++++++++++++++++++++++++++++----
tests/openpgp/tofu.scm | 3 +-
6 files changed, 124 insertions(+), 20 deletions(-)
create mode 100644 tests/gpgscm/time.scm
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list