Browse Source

ENGINE-485: Finally, the nightmare that is NetPGP sign-only (detached sigs) is over. (Or is it?)

generate_api
Krista Bennett 4 years ago
parent
commit
06a6c0fbe0
3 changed files with 61 additions and 25 deletions
  1. +34
    -12
      src/pgp_netpgp.c
  2. +12
    -11
      test/signature.asc
  3. +15
    -2
      test/src/engine_tests/SignOnlyTests.cc

+ 34
- 12
src/pgp_netpgp.c View File

@ -774,9 +774,15 @@ PEP_STATUS pgp_sign_only(
pgp_key_t *signer = NULL;
pgp_seckey_t *seckey = NULL;
pgp_memory_t *signedmem = NULL;
pgp_memory_t *text = NULL;
pgp_output_t *output;
const char *hashalg;
pgp_keyring_t *snrs;
pgp_create_sig_t *sig;
uint8_t keyid[PGP_KEY_ID_SIZE];
PEP_STATUS result;
assert(session);
@ -808,14 +814,14 @@ PEP_STATUS pgp_sign_only(
unsigned from = 0;
if (str_to_fpr(fpr, uint_fpr, &fprlen)) {
if ((signer = (pgp_key_t *)pgp_getkeybyfpr(netpgp.io, netpgp.pubring,
if ((signer = (pgp_key_t *)pgp_getkeybyfpr(netpgp.io, netpgp.secring,
uint_fpr, fprlen, &from, NULL,
/* reject revoked and expired */
1,1)) == NULL) {
result = PEP_KEY_NOT_FOUND;
goto free_snrs;
}
}else{
} else{
result = PEP_ILLEGAL_VALUE;
goto free_snrs;
}
@ -842,25 +848,41 @@ PEP_STATUS pgp_sign_only(
}
hashalg = netpgp_getvar(&netpgp, "hash");
const char *_stext;
size_t _ssize;
// Sign data
signedmem = pgp_sign_buf(netpgp.io, ptext, psize, seckey,
time(NULL), /* birthtime */
0 /* duration */,
hashalg,
1 /* armored */,
0 /* cleartext */);
text = pgp_memory_new();
pgp_memory_add(text, (const uint8_t*)ptext, psize);
pgp_setup_memory_write(&output, &signedmem, psize);
pgp_writer_push_armor_msg(output);
pgp_hash_alg_t hash_alg = pgp_str_to_hash_alg(hashalg);
sig = pgp_create_sig_new();
pgp_start_sig(sig, seckey, hash_alg, PGP_SIG_BINARY);
pgp_sig_add_data(sig, pgp_mem_data(text), pgp_mem_len(text));
pgp_memory_free(text);
pgp_add_creation_time(sig, time(NULL));
pgp_add_sig_expiration_time(sig, 0);
pgp_keyid(keyid, sizeof(keyid), &seckey->pubkey, hash_alg);
pgp_add_issuer_keyid(sig, keyid);
pgp_end_hashed_subpkts(sig);
pgp_write_sig(output, sig, &seckey->pubkey, seckey);
pgp_writer_close(output);
pgp_create_sig_delete(sig);
if (!signedmem) {
result = PEP_UNENCRYPTED;
goto free_snrs;
}
_stext = (char*) pgp_mem_data(signedmem);
_ssize = pgp_mem_len(signedmem);
// Allocate transferable buffer
char *_buffer = malloc(_ssize + 1);


+ 12
- 11
test/signature.asc View File

@ -1,11 +1,12 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJVeFSyAAoJEFm/9IjJwu45iQ8IAKRtGx+AcQZV7ZwGIIGRRRFS
Ac6D50AKrbORg4vaAen8qa3ULU74rJvsMmMNSCSReLlYv31qgTkk5LEXDNvKPwG4
sGhjGxQCQogn0iocLgyUb6QMLQGwcmnT3lvyC9iUB+nr5GyKWwKfaxgvTIZquPNB
31ymL1Z8rP8X4rVJK3cJzgAPUOQ52yMIJ2UQqQ3F6PccgejNq0kS8Q4B5kO5UIcC
9tUVW8PHEgS8ldT9edIYxvNgJnmimqhb+znlXJoSv2WsniuNVMUJlKOgbeTQ1ej4
Oy1tHog4b9ZvOtyGytuyerCKbSaDJCi2SizGI9gYFu7HqbVWAkehgfnxE51MiNk=
=9xNW
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
xA0DAAgBqUEdF2/wDpcBy25iAAAAAABHcnJycnJycnJycnJycnJycnJycnJycnJycnJycnJycnJy
cnJycnJycnJycnJycnJycnJycnJycnJycnJyISBJIG1lYW4sIHlvLiBHcmVldGluZ3MgdG8gTWVl
c3RpLgogLSBBbGljZcLAYgQAAQgAFgUCXA5z3wUDAAAAAAkQqUEdF2/wDpcAACPWCADKn9DvovER
KCQ2I7p0QnYYdxLB0C7rCOyLg16ut84R+C0iXAAC2/eTq75SAac9TF22eI5PJr8G3PRAaM0Cg4IQ
a9TvH08LjlhkOWz4wLRrcV2hfDC9W63EcWsYbq+p/SLKG8kI53vb7PV0zQqZot1ZSNwcgK0gpp2X
0BNbP3M/fcOtUGWCa8nMymx17eLuR3qdWpB7mkWniMwUPaUCTVmkOuAdfJxpo+2jUwSStNlvx5xi
oBOTJcrcN3RhUAUNvQ7DlxVqLB+3VC2gHUmkfUhtybrQ79s+qRa/KN6rYiw8YGLoP6nyKsFHHtzk
ir51+MOi8C2jApkQNkoa82bnYJE4
=4cwe
-----END PGP SIGNATURE-----

+ 15
- 2
test/src/engine_tests/SignOnlyTests.cc View File

@ -5,6 +5,7 @@
#include <string>
#include <cstring>
#include <cpptest.h>
#include <fstream>
#include "pEpEngine.h"
@ -25,18 +26,30 @@ void SignOnlyTests::check_sign_only() {
slurp_and_import_key(session, "test_keys/priv/pep-test-alice-0x6FF00E97_priv.asc");
const char* alice_fpr = "4ABE3AAF59AC32CFE4F86500A9411D176FF00E97";
string msg_text = "Grrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr! I mean, yo. Greetings to Meesti.\n - Alice";
ofstream test_file;
test_file.open("signed_text.txt");
test_file << msg_text;
test_file.close();
char* signed_text = NULL;
size_t signed_text_size = 0;
stringlist_t* keylist = NULL;
PEP_STATUS status = sign_only(session, msg_text.c_str(), msg_text.size(), alice_fpr, &signed_text, &signed_text_size);
TEST_ASSERT(status == PEP_STATUS_OK);
TEST_ASSERT_MSG(status == PEP_STATUS_OK, tl_status_string(status));
cout << signed_text << endl;
test_file.open("signature.txt");
test_file << signed_text;
test_file.close();
status = verify_text(session, msg_text.c_str(), msg_text.size(),
signed_text, signed_text_size, &keylist);
TEST_ASSERT(status == PEP_VERIFIED);
#ifndef USE_NETPGP
TEST_ASSERT_MSG(status == PEP_VERIFIED, tl_status_string(status));
#else
TEST_ASSERT_MSG(status == PEP_VERIFIED_AND_TRUSTED, tl_status_string(status));
#endif
TEST_ASSERT(keylist);
TEST_ASSERT(keylist->value);
TEST_ASSERT(strcmp(keylist->value, alice_fpr) == 0);


Loading…
Cancel
Save