123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322 |
- // Copyright 2012 The Go Authors. All rights reserved.
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- package clearsign
- import (
- "bytes"
- "fmt"
- "testing"
- "golang.org/x/crypto/openpgp"
- "golang.org/x/crypto/openpgp/packet"
- )
- func testParse(t *testing.T, input []byte, expected, expectedPlaintext string) {
- b, rest := Decode(input)
- if b == nil {
- t.Fatal("failed to decode clearsign message")
- }
- if !bytes.Equal(rest, []byte("trailing")) {
- t.Errorf("unexpected remaining bytes returned: %s", string(rest))
- }
- if b.ArmoredSignature.Type != "PGP SIGNATURE" {
- t.Errorf("bad armor type, got:%s, want:PGP SIGNATURE", b.ArmoredSignature.Type)
- }
- if !bytes.Equal(b.Bytes, []byte(expected)) {
- t.Errorf("bad body, got:%x want:%x", b.Bytes, expected)
- }
- if !bytes.Equal(b.Plaintext, []byte(expectedPlaintext)) {
- t.Errorf("bad plaintext, got:%x want:%x", b.Plaintext, expectedPlaintext)
- }
- keyring, err := openpgp.ReadArmoredKeyRing(bytes.NewBufferString(signingKey))
- if err != nil {
- t.Errorf("failed to parse public key: %s", err)
- }
- if _, err := openpgp.CheckDetachedSignature(keyring, bytes.NewBuffer(b.Bytes), b.ArmoredSignature.Body); err != nil {
- t.Errorf("failed to check signature: %s", err)
- }
- }
- func TestParse(t *testing.T) {
- testParse(t, clearsignInput, "Hello world\r\nline 2", "Hello world\nline 2\n")
- testParse(t, clearsignInput2, "\r\n\r\n(This message has a couple of blank lines at the start and end.)\r\n\r\n", "\n\n(This message has a couple of blank lines at the start and end.)\n\n\n")
- }
- func TestParseWithNoNewlineAtEnd(t *testing.T) {
- input := clearsignInput
- input = input[:len(input)-len("trailing")-1]
- b, rest := Decode(input)
- if b == nil {
- t.Fatal("failed to decode clearsign message")
- }
- if len(rest) > 0 {
- t.Errorf("unexpected remaining bytes returned: %s", string(rest))
- }
- }
- var signingTests = []struct {
- in, signed, plaintext string
- }{
- {"", "", ""},
- {"a", "a", "a\n"},
- {"a\n", "a", "a\n"},
- {"-a\n", "-a", "-a\n"},
- {"--a\nb", "--a\r\nb", "--a\nb\n"},
- // leading whitespace
- {" a\n", " a", " a\n"},
- {" a\n", " a", " a\n"},
- // trailing whitespace (should be stripped)
- {"a \n", "a", "a\n"},
- {"a ", "a", "a\n"},
- // whitespace-only lines (should be stripped)
- {" \n", "", "\n"},
- {" ", "", "\n"},
- {"a\n \n \nb\n", "a\r\n\r\n\r\nb", "a\n\n\nb\n"},
- }
- func TestSigning(t *testing.T) {
- keyring, err := openpgp.ReadArmoredKeyRing(bytes.NewBufferString(signingKey))
- if err != nil {
- t.Errorf("failed to parse public key: %s", err)
- }
- for i, test := range signingTests {
- var buf bytes.Buffer
- plaintext, err := Encode(&buf, keyring[0].PrivateKey, nil)
- if err != nil {
- t.Errorf("#%d: error from Encode: %s", i, err)
- continue
- }
- if _, err := plaintext.Write([]byte(test.in)); err != nil {
- t.Errorf("#%d: error from Write: %s", i, err)
- continue
- }
- if err := plaintext.Close(); err != nil {
- t.Fatalf("#%d: error from Close: %s", i, err)
- continue
- }
- b, _ := Decode(buf.Bytes())
- if b == nil {
- t.Errorf("#%d: failed to decode clearsign message", i)
- continue
- }
- if !bytes.Equal(b.Bytes, []byte(test.signed)) {
- t.Errorf("#%d: bad result, got:%x, want:%x", i, b.Bytes, test.signed)
- continue
- }
- if !bytes.Equal(b.Plaintext, []byte(test.plaintext)) {
- t.Errorf("#%d: bad result, got:%x, want:%x", i, b.Plaintext, test.plaintext)
- continue
- }
- if _, err := openpgp.CheckDetachedSignature(keyring, bytes.NewBuffer(b.Bytes), b.ArmoredSignature.Body); err != nil {
- t.Errorf("#%d: failed to check signature: %s", i, err)
- }
- }
- }
- // We use this to make test keys, so that they aren't all the same.
- type quickRand byte
- func (qr *quickRand) Read(p []byte) (int, error) {
- for i := range p {
- p[i] = byte(*qr)
- }
- *qr++
- return len(p), nil
- }
- func TestMultiSign(t *testing.T) {
- if testing.Short() {
- t.Skip("skipping long test in -short mode")
- }
- zero := quickRand(0)
- config := packet.Config{Rand: &zero}
- for nKeys := 0; nKeys < 4; nKeys++ {
- nextTest:
- for nExtra := 0; nExtra < 4; nExtra++ {
- var signKeys []*packet.PrivateKey
- var verifyKeys openpgp.EntityList
- desc := fmt.Sprintf("%d keys; %d of which will be used to verify", nKeys+nExtra, nKeys)
- for i := 0; i < nKeys+nExtra; i++ {
- e, err := openpgp.NewEntity("name", "comment", "email", &config)
- if err != nil {
- t.Errorf("cannot create key: %v", err)
- continue nextTest
- }
- if i < nKeys {
- verifyKeys = append(verifyKeys, e)
- }
- signKeys = append(signKeys, e.PrivateKey)
- }
- input := []byte("this is random text\r\n4 17")
- var output bytes.Buffer
- w, err := EncodeMulti(&output, signKeys, nil)
- if err != nil {
- t.Errorf("EncodeMulti (%s) failed: %v", desc, err)
- }
- if _, err := w.Write(input); err != nil {
- t.Errorf("Write(%q) to signer (%s) failed: %v", string(input), desc, err)
- }
- if err := w.Close(); err != nil {
- t.Errorf("Close() of signer (%s) failed: %v", desc, err)
- }
- block, _ := Decode(output.Bytes())
- if string(block.Bytes) != string(input) {
- t.Errorf("Inline data didn't match original; got %q want %q", string(block.Bytes), string(input))
- }
- _, err = openpgp.CheckDetachedSignature(verifyKeys, bytes.NewReader(block.Bytes), block.ArmoredSignature.Body)
- if nKeys == 0 {
- if err == nil {
- t.Errorf("verifying inline (%s) succeeded; want failure", desc)
- }
- } else {
- if err != nil {
- t.Errorf("verifying inline (%s) failed (%v); want success", desc, err)
- }
- }
- }
- }
- }
- const signatureBlock = `
- -----BEGIN PGP SIGNATURE-----
- Version: OpenPrivacy 0.99
- yDgBO22WxBHv7O8X7O/jygAEzol56iUKiXmV+XmpCtmpqQUKiQrFqclFqUDBovzS
- vBSFjNSiVHsuAA==
- =njUN
- -----END PGP SIGNATURE-----
- `
- var invalidInputs = []string{
- `
- -----BEGIN PGP SIGNED MESSAGE-----
- Hash: SHA256
- (This message was truncated.)
- `,
- `
- -----BEGIN PGP SIGNED MESSAGE-----garbage
- Hash: SHA256
- _o/
- ` + signatureBlock,
- `
- garbage-----BEGIN PGP SIGNED MESSAGE-----
- Hash: SHA256
- _o/
- ` + signatureBlock,
- `
- -----BEGIN PGP SIGNED MESSAGE-----
- Hash: SHA` + "\x0b\x0b" + `256
- _o/
- ` + signatureBlock,
- `
- -----BEGIN PGP SIGNED MESSAGE-----
- NotHash: SHA256
- _o/
- ` + signatureBlock,
- }
- func TestParseInvalid(t *testing.T) {
- for i, input := range invalidInputs {
- if b, rest := Decode([]byte(input)); b != nil {
- t.Errorf("#%d: decoded a bad clearsigned message without any error", i)
- } else if string(rest) != input {
- t.Errorf("#%d: did not return all data with a bad message", i)
- }
- }
- }
- var clearsignInput = []byte(`
- ;lasjlkfdsa
- -----BEGIN PGP SIGNED MESSAGE-----
- Hash: SHA1
- Hello world
- line 2
- -----BEGIN PGP SIGNATURE-----
- Version: GnuPG v1.4.10 (GNU/Linux)
- iJwEAQECAAYFAk8kMuEACgkQO9o98PRieSpMsAQAhmY/vwmNpflrPgmfWsYhk5O8
- pjnBUzZwqTDoDeINjZEoPDSpQAHGhjFjgaDx/Gj4fAl0dM4D0wuUEBb6QOrwflog
- 2A2k9kfSOMOtk0IH/H5VuFN1Mie9L/erYXjTQIptv9t9J7NoRBMU0QOOaFU0JaO9
- MyTpno24AjIAGb+mH1U=
- =hIJ6
- -----END PGP SIGNATURE-----
- trailing`)
- var clearsignInput2 = []byte(`
- asdlfkjasdlkfjsadf
- -----BEGIN PGP SIGNED MESSAGE-----
- Hash: SHA256
- (This message has a couple of blank lines at the start and end.)
- -----BEGIN PGP SIGNATURE-----
- Version: GnuPG v1.4.11 (GNU/Linux)
- iJwEAQEIAAYFAlPpSREACgkQO9o98PRieSpZTAP+M8QUoCt/7Rf3YbXPcdzIL32v
- pt1I+cMNeopzfLy0u4ioEFi8s5VkwpL1AFmirvgViCwlf82inoRxzZRiW05JQ5LI
- ESEzeCoy2LIdRCQ2hcrG8pIUPzUO4TqO5D/dMbdHwNH4h5nNmGJUAEG6FpURlPm+
- qZg6BaTvOxepqOxnhVU=
- =e+C6
- -----END PGP SIGNATURE-----
- trailing`)
- var signingKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
- Version: GnuPG v1.4.10 (GNU/Linux)
- lQHYBE2rFNoBBADFwqWQIW/DSqcB4yCQqnAFTJ27qS5AnB46ccAdw3u4Greeu3Bp
- idpoHdjULy7zSKlwR1EA873dO/k/e11Ml3dlAFUinWeejWaK2ugFP6JjiieSsrKn
- vWNicdCS4HTWn0X4sjl0ZiAygw6GNhqEQ3cpLeL0g8E9hnYzJKQ0LWJa0QARAQAB
- AAP/TB81EIo2VYNmTq0pK1ZXwUpxCrvAAIG3hwKjEzHcbQznsjNvPUihZ+NZQ6+X
- 0HCfPAdPkGDCLCb6NavcSW+iNnLTrdDnSI6+3BbIONqWWdRDYJhqZCkqmG6zqSfL
- IdkJgCw94taUg5BWP/AAeQrhzjChvpMQTVKQL5mnuZbUCeMCAN5qrYMP2S9iKdnk
- VANIFj7656ARKt/nf4CBzxcpHTyB8+d2CtPDKCmlJP6vL8t58Jmih+kHJMvC0dzn
- gr5f5+sCAOOe5gt9e0am7AvQWhdbHVfJU0TQJx+m2OiCJAqGTB1nvtBLHdJnfdC9
- TnXXQ6ZXibqLyBies/xeY2sCKL5qtTMCAKnX9+9d/5yQxRyrQUHt1NYhaXZnJbHx
- q4ytu0eWz+5i68IYUSK69jJ1NWPM0T6SkqpB3KCAIv68VFm9PxqG1KmhSrQIVGVz
- dCBLZXmIuAQTAQIAIgUCTasU2gIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA
- CgkQO9o98PRieSoLhgQAkLEZex02Qt7vGhZzMwuN0R22w3VwyYyjBx+fM3JFETy1
- ut4xcLJoJfIaF5ZS38UplgakHG0FQ+b49i8dMij0aZmDqGxrew1m4kBfjXw9B/v+
- eIqpODryb6cOSwyQFH0lQkXC040pjq9YqDsO5w0WYNXYKDnzRV0p4H1pweo2VDid
- AdgETasU2gEEAN46UPeWRqKHvA99arOxee38fBt2CI08iiWyI8T3J6ivtFGixSqV
- bRcPxYO/qLpVe5l84Nb3X71GfVXlc9hyv7CD6tcowL59hg1E/DC5ydI8K8iEpUmK
- /UnHdIY5h8/kqgGxkY/T/hgp5fRQgW1ZoZxLajVlMRZ8W4tFtT0DeA+JABEBAAEA
- A/0bE1jaaZKj6ndqcw86jd+QtD1SF+Cf21CWRNeLKnUds4FRRvclzTyUMuWPkUeX
- TaNNsUOFqBsf6QQ2oHUBBK4VCHffHCW4ZEX2cd6umz7mpHW6XzN4DECEzOVksXtc
- lUC1j4UB91DC/RNQqwX1IV2QLSwssVotPMPqhOi0ZLNY7wIA3n7DWKInxYZZ4K+6
- rQ+POsz6brEoRHwr8x6XlHenq1Oki855pSa1yXIARoTrSJkBtn5oI+f8AzrnN0BN
- oyeQAwIA/7E++3HDi5aweWrViiul9cd3rcsS0dEnksPhvS0ozCJiHsq/6GFmy7J8
- QSHZPteedBnZyNp5jR+H7cIfVN3KgwH/Skq4PsuPhDq5TKK6i8Pc1WW8MA6DXTdU
- nLkX7RGmMwjC0DBf7KWAlPjFaONAX3a8ndnz//fy1q7u2l9AZwrj1qa1iJ8EGAEC
- AAkFAk2rFNoCGwwACgkQO9o98PRieSo2/QP/WTzr4ioINVsvN1akKuekmEMI3LAp
- BfHwatufxxP1U+3Si/6YIk7kuPB9Hs+pRqCXzbvPRrI8NHZBmc8qIGthishdCYad
- AHcVnXjtxrULkQFGbGvhKURLvS9WnzD/m1K2zzwxzkPTzT9/Yf06O6Mal5AdugPL
- VrM0m72/jnpKo04=
- =zNCn
- -----END PGP PRIVATE KEY BLOCK-----
- `
|