diff options
| author | Werner Koch <wk@gnupg.org> | 2010-10-14 18:34:31 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2010-10-14 18:34:31 +0200 |
| commit | 764e88d4df29204be6ea2206cf753c56ec0f5b5f (patch) | |
| tree | d38aa151706b32ce1ddbec2e7f012d317618072a | |
| parent | Some tweaks to the agent startup. (diff) | |
| download | gnupg2-764e88d4df29204be6ea2206cf753c56ec0f5b5f.tar.xz gnupg2-764e88d4df29204be6ea2206cf753c56ec0f5b5f.zip | |
All tests work are again working
38 files changed, 508 insertions, 146 deletions
diff --git a/agent/ChangeLog b/agent/ChangeLog index 12a853281..91aab9e6d 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,8 @@ +2010-10-14 Werner Koch <wk@g10code.com> + + * command.c (cmd_genkey): Add option --no-protection. + * genkey.c (agent_genkey): Add arg NO_PROTECTION. + 2010-10-13 Werner Koch <wk@g10code.com> * call-pinentry.c (agent_get_passphrase): Support the close_button. diff --git a/agent/agent.h b/agent/agent.h index 7276e66c3..48511c565 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -293,7 +293,8 @@ int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent); gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, char **r_passphrase); int agent_genkey (ctrl_t ctrl, const char *cache_nonce, - const char *keyparam, size_t keyparmlen, membuf_t *outbuf); + const char *keyparam, size_t keyparmlen, + int no_protection, membuf_t *outbuf); int agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey); /*-- protect.c --*/ diff --git a/agent/command.c b/agent/command.c index 5444e1811..0a56f1218 100644 --- a/agent/command.c +++ b/agent/command.c @@ -806,7 +806,7 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line) static const char hlp_genkey[] = - "GENKEY [<cache_nonce>]\n" + "GENKEY [--no-protection] [<cache_nonce>]\n" "\n" "Generate a new key, store the secret part and return the public\n" "part. Here is an example transaction:\n" @@ -824,12 +824,16 @@ cmd_genkey (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; + int no_protection; unsigned char *value; size_t valuelen; membuf_t outbuf; char *cache_nonce = NULL; char *p; + no_protection = has_option (line, "--no-protection"); + line = skip_options (line); + p = line; for (p=line; *p && *p != ' ' && *p != '\t'; p++) ; @@ -844,7 +848,8 @@ cmd_genkey (assuan_context_t ctx, char *line) init_membuf (&outbuf, 512); - rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, &outbuf); + rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, no_protection, + &outbuf); xfree (value); if (rc) clear_outbuf (&outbuf); diff --git a/agent/genkey.c b/agent/genkey.c index 0a35643e5..7612f99da 100644 --- a/agent/genkey.c +++ b/agent/genkey.c @@ -352,10 +352,11 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, /* Generate a new keypair according to the parameters given in KEYPARAM. If CACHE_NONCE is given first try to lookup a passphrase - using the cache nonce. */ + using the cache nonce. If NO_PROTECTION is true the key will not + be protected by a passphrase. */ int agent_genkey (ctrl_t ctrl, const char *cache_nonce, - const char *keyparam, size_t keyparamlen, + const char *keyparam, size_t keyparamlen, int no_protection, membuf_t *outbuf) { gcry_sexp_t s_keyparam, s_key, s_private, s_public; @@ -372,8 +373,12 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce, } /* Get the passphrase now, cause key generation may take a while. */ - passphrase = cache_nonce? agent_get_cache (cache_nonce, CACHE_MODE_NONCE):NULL; - if (passphrase) + if (no_protection || !cache_nonce) + passphrase = NULL; + else + passphrase = agent_get_cache (cache_nonce, CACHE_MODE_NONCE); + + if (passphrase || no_protection) rc = 0; else rc = agent_ask_new_passphrase (ctrl, @@ -424,7 +429,8 @@ agent_genkey (ctrl_t ctrl, const char *cache_nonce, gcry_create_nonce (tmpbuf, 12); cache_nonce = bin2hex (tmpbuf, 12, NULL); } - if (cache_nonce + if (cache_nonce + && !no_protection && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, passphrase, 900 /*seconds*/)) agent_write_status (ctrl, "CACHE_NONCE", cache_nonce, NULL); diff --git a/doc/DETAILS b/doc/DETAILS index 93dedbea0..dd3e357ec 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -826,6 +826,19 @@ The format of this file is as follows: entry code. This is a global option. %no-ask-passphrase Disable the ask-passphrase mode. + %no-protection + With GnuPG 2.1 it is not anymore possible to specify a + passphrase for unattended key generation. The passphrase + command is simply ignored and %ask-passpharse is thus + implicitly enabled. Using this option allows to the creation + of keys without any passphrases. This option is mainly + intended for regression tests. + %transient-key + If given the keys are created using a faster and a somewhat + less secure random number generator. This option may be used + for keys which are only used for a short time and do not + require full cryptographic strength. It takes only effect if + used together with the option no-protection. o The order of the parameters does not matter except for "Key-Type" which must be the first parameter. The parameters are only for the diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index d504d2a99..02a2c28a9 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -485,7 +485,7 @@ pinentry to pop up at the @code{tty} or display you started the agent. @item --enable-ssh-support @opindex enable-ssh-support -Enable emulation of the OpenSSH Agent protocol. +Enable the OpenSSH Agent protocol. In this mode of operation, the agent does not only implement the gpg-agent protocol, but also the agent protocol used by OpenSSH @@ -512,10 +512,20 @@ has been started. To switch this display to the current one, the following command may be used: @smallexample -echo UPDATESTARTUPTTY | gpg-connect-agent +gpg-connect-agent updatestartuptty /bye @end smallexample +Although all GnuPG components try to start the gpg-agent as needed, this +is not possible for the ssh support because ssh does not know about it. +Thus if no GnuPG tool which accesses the agent has been run, there is no +guarantee that ssh is abale to use gpg-agent for authentication. To fix +this you may start gpg-agent if needed using this simple command: +@smallexample +gpg-connect-agent /bye +@end smallexample + +Adding the @option{--verbose} shows the progress of starting the agent. @end table diff --git a/doc/tools.texi b/doc/tools.texi index efb37e699..ce7d2b3be 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -296,6 +296,12 @@ List the global configuration file in a colon separated format. If Run a syntax check on the global configuration file. If @var{filename} is given, check that file instead. +@item --reload [@var{component}] +@opindex reload +Reload all or the given component. This is basically the sam as sending +a SIGHUP to the component. Components which don't support reloading are +ignored. + @end table @@ -1170,6 +1176,11 @@ Try to be as quiet as possible. @include opt-homedir.texi +@item --agent-program @var{file} +@opindex agent-program +Specify the agent program to be started if none is running. + + @item -S @itemx --raw-socket @var{name} @opindex S diff --git a/g10/ChangeLog b/g10/ChangeLog index 43ba53604..d155ee38c 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,12 @@ +2010-10-14 Werner Koch <wk@g10code.com> + + * call-agent.c (agent_genkey): Add arg NO_PROTECTION. + * keygen.c (do_create, gen_elg, gen_dsa, gen_rsa, common_gen): Add + arg KEYGEN_FLAGS. + (read_parameter_file): Add options no-protection and transient-key. + (KEYGEN_FLAG_NO_PROTECTION, KEYGEN_FLAG_TRANSIENT_KEY): New. + (gen_rsa, gen_dsa, gen_elg): Use transient-key. + 2010-10-13 Werner Koch <wk@g10code.com> * call-agent.c (start_agent): Send option agent-awareness. diff --git a/g10/call-agent.c b/g10/call-agent.c index afbd9d6db..89a6be7ce 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -1517,10 +1517,11 @@ inq_genkey_parms (void *opaque, const char *line) /* Call the agent to generate a new key. KEYPARMS is the usual S-expression giving the parameters of the key. gpg-agent passes it - gcry_pk_genkey. */ + gcry_pk_genkey. If NO_PROTECTION is true the agent is advised not + to protect the generated key. */ gpg_error_t agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, - const char *keyparms, gcry_sexp_t *r_pubkey) + const char *keyparms, int no_protection, gcry_sexp_t *r_pubkey) { gpg_error_t err; struct genkey_parm_s gk_parm; @@ -1543,7 +1544,8 @@ agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, gk_parm.ctrl = ctrl; gk_parm.ctx = agent_ctx; gk_parm.keyparms = keyparms; - snprintf (line, sizeof line, "GENKEY%s%s", + snprintf (line, sizeof line, "GENKEY%s%s%s", + no_protection? " --no-protection":"", cache_nonce_addr && *cache_nonce_addr? " ":"", cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:""); err = assuan_transact (agent_ctx, line, diff --git a/g10/call-agent.h b/g10/call-agent.h index 5496e596e..6cba9c78c 100644 --- a/g10/call-agent.h +++ b/g10/call-agent.h @@ -155,7 +155,7 @@ gpg_error_t agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip, /* Generate a new key. */ gpg_error_t agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, - const char *keyparms, + const char *keyparms, int no_protection, gcry_sexp_t *r_pubkey); /* Create a signature. */ diff --git a/g10/keygen.c b/g10/keygen.c index 16a7f0b8d..03d53ce0b 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -49,6 +49,9 @@ #define DEFAULT_STD_ALGO GCRY_PK_RSA #define DEFAULT_STD_KEYSIZE 2048 +#define KEYGEN_FLAG_NO_PROTECTION 1 +#define KEYGEN_FLAG_TRANSIENT_KEY 2 + #define MAX_PREFS 30 @@ -99,6 +102,7 @@ struct output_control_s { int lnr; int dryrun; int ask_passphrase; + unsigned int keygen_flags; int use_files; struct { char *fname; @@ -1137,14 +1141,15 @@ key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp, static int common_gen (const char *keyparms, int algo, const char *algoelem, kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey, - char **cache_nonce_addr) + int keygen_flags, char **cache_nonce_addr) { int err; PACKET *pkt; PKT_public_key *pk; gcry_sexp_t s_key; - err = agent_genkey (NULL, cache_nonce_addr, keyparms, &s_key); + err = agent_genkey (NULL, cache_nonce_addr, keyparms, + !!(keygen_flags & KEYGEN_FLAG_NO_PROTECTION), &s_key); if (err) { log_error ("agent_genkey failed: %s\n", gpg_strerror (err) ); @@ -1196,7 +1201,8 @@ common_gen (const char *keyparms, int algo, const char *algoelem, */ static int gen_elg (int algo, unsigned int nbits, KBNODE pub_root, - u32 timestamp, u32 expireval, int is_subkey, char **cache_nonce_addr) + u32 timestamp, u32 expireval, int is_subkey, + int keygen_flags, char **cache_nonce_addr) { int err; char *keyparms; @@ -1216,18 +1222,23 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root, log_info (_("keysize rounded up to %u bits\n"), nbits ); } + /* Note that we use transient-key only if no-protection has also + been enabled. */ snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits); - keyparms = xtryasprintf ("(genkey(%s(nbits %zu:%s)))", + keyparms = xtryasprintf ("(genkey(%s(nbits %zu:%s)%s))", algo == GCRY_PK_ELG_E ? "openpgp-elg" : algo == GCRY_PK_ELG ? "elg" : "x-oops" , - strlen (nbitsstr), nbitsstr); + strlen (nbitsstr), nbitsstr, + ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY) + && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))? + "(transient-key)" : "" ); if (!keyparms) err = gpg_error_from_syserror (); else { err = common_gen (keyparms, algo, "pgy", pub_root, timestamp, expireval, is_subkey, - cache_nonce_addr); + keygen_flags, cache_nonce_addr); xfree (keyparms); } @@ -1240,7 +1251,8 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root, */ static gpg_error_t gen_dsa (unsigned int nbits, KBNODE pub_root, - u32 timestamp, u32 expireval, int is_subkey, char **cache_nonce_addr) + u32 timestamp, u32 expireval, int is_subkey, + int keygen_flags, char **cache_nonce_addr) { int err; unsigned int qbits; @@ -1301,16 +1313,19 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits); snprintf (qbitsstr, sizeof qbitsstr, "%u", qbits); - keyparms = xtryasprintf ("(genkey(dsa(nbits %zu:%s)(qbits %zu:%s)))", + keyparms = xtryasprintf ("(genkey(dsa(nbits %zu:%s)(qbits %zu:%s)%s))", strlen (nbitsstr), nbitsstr, - strlen (qbitsstr), qbitsstr); + strlen (qbitsstr), qbitsstr, + ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY) + && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))? + "(transient-key)" : "" ); if (!keyparms) err = gpg_error_from_syserror (); else { err = common_gen (keyparms, PUBKEY_ALGO_DSA, "pqgy", pub_root, timestamp, expireval, is_subkey, - cache_nonce_addr); + keygen_flags, cache_nonce_addr); xfree (keyparms); } @@ -1323,7 +1338,8 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, */ static int gen_rsa (int algo, unsigned int nbits, KBNODE pub_root, - u32 timestamp, u32 expireval, int is_subkey, char **cache_nonce_addr) + u32 timestamp, u32 expireval, int is_subkey, + int keygen_flags, char **cache_nonce_addr) { int err; char *keyparms; @@ -1347,15 +1363,18 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root, } snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits); - keyparms = xtryasprintf ("(genkey(rsa(nbits %zu:%s)))", - strlen (nbitsstr), nbitsstr); + keyparms = xtryasprintf ("(genkey(rsa(nbits %zu:%s)%s))", + strlen (nbitsstr), nbitsstr, + ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY) + && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))? + "(transient-key)" : "" ); if (!keyparms) err = gpg_error_from_syserror (); else { err = common_gen (keyparms, algo, "ne", pub_root, timestamp, expireval, is_subkey, - cache_nonce_addr); + keygen_flags, cache_nonce_addr); xfree (keyparms); } @@ -2153,7 +2172,7 @@ do_ask_passphrase (STRING2KEY **ret_s2k, int mode, int *r_canceled) static int do_create (int algo, unsigned int nbits, KBNODE pub_root, u32 timestamp, u32 expiredate, int is_subkey, - char **cache_nonce_addr) + int keygen_flags, char **cache_nonce_addr) { gpg_error_t err; @@ -2168,13 +2187,13 @@ do_create (int algo, unsigned int nbits, KBNODE pub_root, if (algo == PUBKEY_ALGO_ELGAMAL_E) err = gen_elg (algo, nbits, pub_root, timestamp, expiredate, is_subkey, - cache_nonce_addr); + keygen_flags, cache_nonce_addr); else if (algo == PUBKEY_ALGO_DSA) err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey, - cache_nonce_addr); + keygen_flags, cache_nonce_addr); else if (algo == PUBKEY_ALGO_RSA) err = gen_rsa (algo, nbits, pub_root, timestamp, expiredate, is_subkey, - cache_nonce_addr); + keygen_flags, cache_nonce_addr); else BUG(); @@ -2742,6 +2761,10 @@ read_parameter_file( const char *fname ) outctrl.ask_passphrase = 1; else if( !ascii_strcasecmp( keyword, "%no-ask-passphrase" ) ) outctrl.ask_passphrase = 0; + else if( !ascii_strcasecmp( keyword, "%no-protection" ) ) + outctrl.keygen_flags |= KEYGEN_FLAG_NO_PROTECTION; + else if( !ascii_strcasecmp( keyword, "%transient-key" ) ) + outctrl.keygen_flags |= KEYGEN_FLAG_TRANSIENT_KEY; else if( !ascii_strcasecmp( keyword, "%commit" ) ) { outctrl.lnr = lnr; if (proc_parameter_file( para, fname, &outctrl, 0 )) @@ -3242,7 +3265,8 @@ do_generate_keypair (struct para_data_s *para, get_parameter_uint( para, pKEYLENGTH ), pub_root, timestamp, - get_parameter_u32( para, pKEYEXPIRE ), 0, &cache_nonce); + get_parameter_u32( para, pKEYEXPIRE ), 0, + outctrl->keygen_flags, &cache_nonce); else err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root, ×tamp, @@ -3293,7 +3317,7 @@ do_generate_keypair (struct para_data_s *para, pub_root, timestamp, get_parameter_u32 (para, pSUBKEYEXPIRE), 1, - &cache_nonce); + outctrl->keygen_flags, &cache_nonce); /* Get the pointer to the generated public subkey packet. */ if (!err) { @@ -3500,7 +3524,7 @@ generate_subkeypair (KBNODE keyblock) goto leave; } - err = do_create (algo, nbits, keyblock, cur_time, expire, 1, NULL); + err = do_create (algo, nbits, keyblock, cur_time, expire, 1, 0, NULL); if (err) goto leave; diff --git a/tests/openpgp/ChangeLog b/tests/openpgp/ChangeLog index 69869209a..46da4fe33 100644 --- a/tests/openpgp/ChangeLog +++ b/tests/openpgp/ChangeLog @@ -1,3 +1,24 @@ +2010-10-14 Werner Koch <wk@g10code.com> + + * genkey1024.test: Use the new no-protection option. + + * decrypt-dsa.test: Do not specify an extra keyring. The keyring + has been loaded into pubring.gpg. + * sigs-dsa.test: Ditto. + * encrypt-dsa.test: Ditto. + * signencrypt-dsa.test: Ditto. + + * decrypt.test: Remove passphrase stuff. + * sigs.test: Ditto. + + * privkeys/: New. + + * Makefile.am: Move most stuff to ... + * version.test: Prepare data files etc. + * finish.test: New. + * defs.inc: Set all envvars. + (usrname1, usrname2, username3): Use full mail address. + 2010-06-07 Werner Koch <wk@g10code.com> * Makefile.am (TESTS_ENVIRONMENT): New. Start all scripts under diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index ba1a65529..9ea2237b9 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -1,4 +1,6 @@ -# Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc. +# Makefile.am - For tests/openpgp +# Copyright (C) 1998, 1999, 2000, 2001, 2003, +# 2010 Free Software Foundation, Inc. # # This file is part of GnuPG. # @@ -16,15 +18,15 @@ # along with this program; if not, see <http://www.gnu.org/licenses/>. # Process this file with automake to create Makefile.in -GPG_IMPORT = ../../g10/gpg2 --homedir $(abs_builddir) \ - --quiet --yes --no-permission-warning --import # Programs required before we can run these tests. required_pgms = ../../g10/gpg2 ../../agent/gpg-agent \ - ../../tools/gpg-connect-agent + ../../tools/gpg-connect-agent ../../tools/mk-tdata TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C +# Note: version.test needs to be the first test to run and finish.test +# the last one TESTS = version.test mds.test \ decrypt.test decrypt-dsa.test \ sigs.test sigs-dsa.test \ @@ -36,7 +38,7 @@ TESTS = version.test mds.test \ armdetachm.test detachm.test genkey1024.test \ conventional.test conventional-mdc.test \ multisig.test verify.test armor.test \ - import.test + import.test finish.test TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \ @@ -46,73 +48,34 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \ bug537-test.data.asc bug894-test.asc \ bug1223-good.asc bug1223-bogus.asc -DATA_FILES = data-500 data-9000 data-32000 data-80000 plain-large +data_files = data-500 data-9000 data-32000 data-80000 plain-large + +priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \ + privkeys/7E201E28B6FEB2927B321F443205F4724EBE637E.asc \ + privkeys/13FDB8809B17C5547779F9D205C45F47CE0217CE.asc \ + privkeys/343D8AF79796EE107D645A2787A9D9252F924E6F.asc \ + privkeys/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.asc \ + privkeys/0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc \ + privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc \ + privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc \ + privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc + EXTRA_DIST = defs.inc $(TESTS) $(TEST_FILES) \ - mkdemodirs signdemokey + mkdemodirs signdemokey $(priv_keys) -CLEANFILES = prepared.stamp x y yy z out err $(DATA_FILES) \ +CLEANFILES = prepared.stamp x y yy z out err $(data_files) \ plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \ *.test.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \ - pubring.gpg secring.gpg pubring.pkr secring.skr + pubring.gpg secring.gpg pubring.pkr secring.skr \ + gnupg-test.stop DISTCLEANFILES = pubring.gpg~ random_seed - -all-local: prepared.stamp - -distclean-local: - $(srcdir)/mkdemodirs --clean - -prepared.stamp: ./pubring.gpg ./secring.gpg ./plain-1 ./plain-2 ./plain-3 \ - ./pubring.pkr ./secring.skr ./gpg_dearmor $(DATA_FILES) - $(GPG_IMPORT) $(srcdir)/pubdemo.asc - echo timestamp >./prepared.stamp - # We need to depend on a couple of programs so that the tests don't # start before all programs are built. -./gpg_dearmor: $(required_pgms) - echo '#!/bin/sh' >./gpg_dearmor - echo "../../g10/gpg2 --no-options --no-greeting \ - --no-secmem-warning --batch --dearmor" >>./gpg_dearmor - chmod 755 ./gpg_dearmor - -./pubring.gpg: $(srcdir)/pubring.asc $(srcdir)/pubdemo.asc ./gpg_dearmor - ./gpg_dearmor > ./pubring.gpg < $(srcdir)/pubring.asc - -./secring.gpg: $(srcdir)/secring.asc ./gpg_dearmor - ./gpg_dearmor > ./secring.gpg < $(srcdir)/secring.asc +all-local: $(required_pgms) -./pubring.pkr: $(srcdir)/pubring.pkr.asc ./gpg_dearmor - ./gpg_dearmor > ./pubring.pkr < $(srcdir)/pubring.pkr.asc - -./secring.skr: $(srcdir)/secring.skr.asc ./gpg_dearmor - ./gpg_dearmor > ./secring.skr < $(srcdir)/secring.skr.asc - -./plain-1: $(srcdir)/plain-1o.asc ./gpg_dearmor - ./gpg_dearmor > ./plain-1 < $(srcdir)/plain-1o.asc - -./plain-2: $(srcdir)/plain-2o.asc ./gpg_dearmor - ./gpg_dearmor > ./plain-2 < $(srcdir)/plain-2o.asc - -./plain-3: $(srcdir)/plain-3o.asc ./gpg_dearmor - ./gpg_dearmor > ./plain-3 < $(srcdir)/plain-3o.asc - - -data-500: - ../../tools/mk-tdata 500 >data-500 -data-9000: - ../../tools/mk-tdata 9000 >data-9000 -data-32000: - ../../tools/mk-tdata 32000 >data-32000 -data-80000: - ../../tools/mk-tdata 80000 >data-80000 -plain-large: - cat $(srcdir)/../../doc/HACKING \ - $(srcdir)/../../doc/DETAILS \ - $(srcdir)/../../doc/gpg.texi >plain-large - -# To speed up key generation we create a dummy random seed file -random_seed: - ../../tools/mk-tdata 600 +distclean-local: + $(srcdir)/mkdemodirs --clean diff --git a/tests/openpgp/decrypt-dsa.test b/tests/openpgp/decrypt-dsa.test index 7220f8a22..ba83fea07 100755 --- a/tests/openpgp/decrypt-dsa.test +++ b/tests/openpgp/decrypt-dsa.test @@ -12,7 +12,7 @@ #info Checking decryption of supplied DSA encrypted file for i in "plain-1" ; do - $GPG $dsa_keyrings -o y --yes $srcdir/$i-pgp.asc + $GPG -o y --yes $srcdir/$i-pgp.asc cmp $i y || error "$i: mismatch" done diff --git a/tests/openpgp/decrypt.test b/tests/openpgp/decrypt.test index 7b68b25ec..370dc964b 100755 --- a/tests/openpgp/decrypt.test +++ b/tests/openpgp/decrypt.test @@ -12,7 +12,7 @@ #info Checking decryption of supplied files for i in $plain_files ; do - echo "$usrpass1" | $GPG --passphrase-fd 0 -o y --yes $srcdir/$i.asc + $GPG -o y --yes $srcdir/$i.asc cmp $i y || error "$i: mismatch" done diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc index 1158fb0cd..bc0d76e10 100755 --- a/tests/openpgp/defs.inc +++ b/tests/openpgp/defs.inc @@ -12,22 +12,21 @@ #------ constants --------------- #-------------------------------- -# Note that usrpass1 is also used in Makefile.am -usrname1="one" +usrname1="one@example.com" usrpass1="def" -usrname2="two" +usrname2="two@example.com" usrpass2="" -usrname3="three" +usrname3="three@example.com" usrpass3="" dsa_usrname1="pgp5" -# we use the sub key because we do not yet have the logic to -# to derive the first encryption key from a keyblock (I guess) +# we use the sub key because we do not yet have the logic to to derive +# the first encryption key from a keyblock (I guess) (Well of course +# we have this by now and the notation below will lookup the primary +# first and the search for the encryption subkey.) dsa_usrname2="0xCB879DE9" -dsa_keyrings="--keyring ./pubring.pkr --secret-keyring ./secring.skr" - plain_files="plain-1 plain-2 plain-3" data_files="data-500 data-9000 data-32000 data-80000" @@ -50,6 +49,7 @@ defs_error_seen=no fatal () { echo "$pgmname: fatal:" $* >&2 echo "$pgmname: fatal:" $* >&5 + echo stop >gnupg-test.stop exit 1; } @@ -121,7 +121,7 @@ echo_n () { #} have_pubkey_algo () { - if ../../g10/gpg2 --homedir . --version | grep "Pubkey:.*$1" >/dev/null + if $GPG --version | grep "Pubkey:.*$1" >/dev/null then true else @@ -130,7 +130,7 @@ have_pubkey_algo () { } have_cipher_algo () { - if ../../g10/gpg2 --homedir . --version | grep "Cipher:.*$1" >/dev/null + if $GPG --version | grep "Cipher:.*$1" >/dev/null then true else @@ -139,7 +139,7 @@ have_cipher_algo () { } have_hash_algo () { - if ../../g10/gpg2 --homedir . --version | grep "Hash:.*$1" >/dev/null + if $GPG --version | grep "Hash:.*$1" >/dev/null then true else @@ -148,11 +148,13 @@ have_hash_algo () { } all_cipher_algos () { - ../../g10/gpg2 --homedir . --with-colons --list-config ciphername | sed 's/^cfg:ciphername://; s/;/ /g' + $GPG --with-colons --list-config ciphername \ + | sed 's/^cfg:ciphername://; s/;/ /g' } all_hash_algos () { - ../../g10/gpg2 --homedir . --with-colons --list-config digestname | sed 's/^cfg:digestname://; s/;/ /g' + $GPG --with-colons --list-config digestname \ + | sed 's/^cfg:digestname://; s/;/ /g' } set -e @@ -161,6 +163,16 @@ pgmname=`basename $0` [ -z "$srcdir" ] && fatal "not called from make" +# +if [ -f gnupg-test.stop ]; then + if [ $pgmname = "version.test" ]; then + rm gnupg-test.stop + else + # Skip the rest of the tests. + exit 77 + fi +fi + # Always work in the current directory. We set GNUPGHOME only if it # has not been set already. Usually it is set through the Makefile's # TESTS_ENVIRONMENT macro. @@ -172,21 +184,32 @@ elif [ "$GNUPGHOME" != `/bin/pwd` ]; then exit 1 fi +# We don't use GPG_AGENT_INFO anymore - better reset it. +unset GPG_AGENT_INFO + +# (--no-permission-warning makes only sense on the commandline) +GPG="../../g10/gpg2 --no-permission-warning " +# (We may not use a relative name for gpg-agent.) +GPG_AGENT="$(cd ../../agent && /bin/pwd)/gpg-agent" +GPG_CONNECT_AGENT="../../tools/gpg-connect-agent" +GPGCONF="../../tools/gpgconf" +GPG_PRESET_PASSPHRASE="../../agent/gpg-preset-passphrase" +MKTDATA="../../tools/mk-tdata" + # Make sure we have a valid option files even with VPATH builds. for f in gpg.conf gpg-agent.conf ; do if [ -f ./$f ]; then : elif [ -f $srcdir/$f.tmpl ]; then cat $srcdir/$f.tmpl >$f + if [ "$f" = "gpg.conf" ]; then + echo "agent-program $GPG_AGENT" >>gpg.conf + fi fi done -# (--no-permission-warning makes only sense on the commandline) -GPG="../../g10/gpg2 --no-permission-warning " - echo "Test: $pgmname" > ${pgmname}.log echo "GNUPGHOME=$GNUPGHOME" >> ${pgmname}.log -echo "GPG_AGENT_INFO=$GPG_AGENT_INFO" >> ${pgmname}.log exec 5>&2 2>>${pgmname}.log : diff --git a/tests/openpgp/encrypt-dsa.test b/tests/openpgp/encrypt-dsa.test index 01fe33aa8..ed474d0ed 100755 --- a/tests/openpgp/encrypt-dsa.test +++ b/tests/openpgp/encrypt-dsa.test @@ -12,17 +12,17 @@ #info Checking encryption for i in $plain_files $data_files ; do - $GPG $dsa_keyrings --always-trust -e -o x --yes -r "$dsa_usrname2" $i - $GPG $dsa_keyrings -o y --yes x + $GPG --always-trust -e -o x --yes -r "$dsa_usrname2" $i + $GPG -o y --yes x cmp $i y || error "$i: mismatch" done for ca in `all_cipher_algos` ; do echo_n "$ca " for i in $plain_files $data_files ; do - $GPG $dsa_keyrings --always-trust --cipher-algo $ca -e \ + $GPG --always-trust --cipher-algo $ca -e \ -o x --yes -r "$dsa_usrname2" $i - $GPG $dsa_keyrings -o y --yes x + $GPG -o y --yes x cmp $i y || error "$i: mismatch" done done diff --git a/tests/openpgp/finish.test b/tests/openpgp/finish.test new file mode 100755 index 000000000..fced57036 --- /dev/null +++ b/tests/openpgp/finish.test @@ -0,0 +1,17 @@ +#!/bin/sh +# Copyright 2010 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +. $srcdir/defs.inc || exit 3 + +if $GPG_AGENT --quiet; then + $GPG_CONNECT_AGENT killagent /bye >/dev/null +fi + +exit 0 + diff --git a/tests/openpgp/genkey1024.test b/tests/openpgp/genkey1024.test index 1d716d86d..99a0d5d72 100755 --- a/tests/openpgp/genkey1024.test +++ b/tests/openpgp/genkey1024.test @@ -10,10 +10,7 @@ . $srcdir/defs.inc || exit 3 -# FIXME: Skip this test for now -exit 77 - -$GPG --quiet --batch --debug-quick-random --gen-key <<EOF +$GPG --quiet --batch --gen-key <<EOF Key-Type: DSA Key-Length: 1024 Subkey-Type: ELG @@ -22,12 +19,13 @@ Name-Real: Harry H. Name-Comment: test key Name-Email: hh@@ddorf.de Expire-Date: 1 -Passphrase: abc +%no-protection +%transient-key %commit EOF if have_pubkey_algo "RSA"; then -$GPG --quiet --batch --debug-quick-random --gen-key <<EOF +$GPG --quiet --batch --gen-key <<EOF Key-Type: RSA Key-Length: 1024 Key-Usage: sign,encrypt @@ -35,7 +33,8 @@ Name-Real: Harry A. Name-Comment: RSA test key Name-Email: hh@@ddorf.de Expire-Date: 2 -Passphrase: abc +%no-protection +%transient-key %commit EOF fi diff --git a/tests/openpgp/gpg-agent.conf.tmpl b/tests/openpgp/gpg-agent.conf.tmpl index 3833e0a8f..3de8fd151 100644 --- a/tests/openpgp/gpg-agent.conf.tmpl +++ b/tests/openpgp/gpg-agent.conf.tmpl @@ -1,3 +1,7 @@ use-standard-socket - +allow-preset-passphrase +no-grab +log-file socket:///home/wk/b/gnupg/tests/openpgp/S.log +debug 1024 +verbose diff --git a/tests/openpgp/mkdemodirs b/tests/openpgp/mkdemodirs index 7e6ec2c10..a381681b0 100755 --- a/tests/openpgp/mkdemodirs +++ b/tests/openpgp/mkdemodirs @@ -4,7 +4,7 @@ set -e # We need to use --no-options so that a gpg.conf from an older version # of gpg is not used. -GPG="../g10/gpg2 --no-options --batch --quiet +GPG="../../g10/gpg2 --no-options --batch --quiet --no-secmem-warning --allow-secret-key-import" NAMES='Alpha Bravo Charlie Delta Echo Foxtrot Golf Hotel India diff --git a/tests/openpgp/multisig.test b/tests/openpgp/multisig.test index 908b57842..9ad8676fd 100755 --- a/tests/openpgp/multisig.test +++ b/tests/openpgp/multisig.test @@ -132,7 +132,7 @@ cnksIEkgY2FuJ3QgZG8gdGhhdAo= for i in sig_sl_valid ; do - eval "(IFS=; echo \"\$$i\")" | ./gpg_dearmor >x + eval "(IFS=; echo \"\$$i\")" | $GPG --dearmor >x $GPG --verify x 2>/dev/null || error "valid is invalid ($i)" linefeed done @@ -145,7 +145,7 @@ done for i in sig_1ls1ls_valid sig_ls_valid \ sig_1lsls_invalid sig_lsls_invalid \ sig_lss_invalid sig_slsl_invalid ; do - eval "(IFS=; echo \"\$$i\")" | ./gpg_dearmor >x + eval "(IFS=; echo \"\$$i\")" | $GPG --dearmor >x $GPG --verify <x 2>/dev/null && error "invalid is valid ($i)" linefeed done diff --git a/tests/openpgp/privkeys/0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc b/tests/openpgp/privkeys/0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc new file mode 100644 index 000000000..ddf0fb975 --- /dev/null +++ b/tests/openpgp/privkeys/0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255.asc @@ -0,0 +1,12 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v1.4.8 (GNU/Linux) +Comment: Use "gpg --dearmor" for unpacking + +KDExOnByaXZhdGUta2V5KDM6ZWxnKDE6cDk3OgD/BWuU2w+pPFZltSIytQ3wyNMV +HbFSG5PDdx29GCJU9RP+rWXX4jcKmilUHH9e4CSDmwcHzTNzqlmDrnZgVXd0uhNx +5LuuJ1vmTbewdraFkYJ5OjoB3Eg7LneCII8M/0UpKDE6ZzE6AikoMTp5OTY6Toef +zlcVKiPuobKfXHDhIUQPTfGic2Az47wkMoYHo9j9ZE7AWaliMdPz4jLyLfqqoU9m +H8g+vJhyAc7UnAF2Sk5466FDypdPm5F9PTW3cqqIwJM4WgkSlM8J2hxH4YtlKSgx +OngyOTob6nEVc0W4M+ZyrqMvp26DaKRnuFwcsDLsN11JLykpKQ== +=Ghie +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/13FDB8809B17C5547779F9D205C45F47CE0217CE.asc b/tests/openpgp/privkeys/13FDB8809B17C5547779F9D205C45F47CE0217CE.asc new file mode 100644 index 000000000..0c15f8cce --- /dev/null +++ b/tests/openpgp/privkeys/13FDB8809B17C5547779F9D205C45F47CE0217CE.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v1.4.8 (GNU/Linux) +Comment: Use "gpg --dearmor" for unpacking + +KDExOnByaXZhdGUta2V5KDM6cnNhKDE6bjEyOToAqFJWduzk11/m0Ac/K/mab0kz +zr3UUor1bkxh4vcxJHOTZF3a9Y6t1WUpwlOXeCNkY98tRYUg6A40wFgkKz/4jdOa +iDtHW2bOqrvJmJ/wH/5zdmDpthu53JEgXUKP/+j2dfrvYTZYxy2m11DA68QK9iPS +BmksglFMQE2IJatwEAEpKDE6ZTI6AQEpKDE6ZDEyODoAvKABRIX7dtUOm2y6VyGs +ESE5D4YI1AhL0EWodt84EPEUvC1o61UuYbAe28JIHwjIKDLgDiedZ6hTBV3K5cI1 +aFHL421hDE0qtD+mVZhcRGnR2RHhr9gX6qX+4P8mV0w1nhdShwUhlFO1GuwQ2/dW +KwYdXGbDW7P58LIiudGWuSkoMTpwNjU6AMM8WAY5lr1ZdSqr39rNqntLZqoXVO4N +ibd5Tw3o/3JMVJ/xEqMykrude87nlPCAJMPlX9gjP1B57UmRxN8mGNkpKDE6cTY1 +OgDctZRfAPGvQ4vUwxG4uso9nbCtFlGYZTQgMPHfMFflUyxH9Y0zA8ujyKKYFPYX +t7Pe6Y+qqu6BG0mPqvIXe3dpKSgxOnU2NDop+y32myNaSakGsQ732PgarqitgefN +3h9Kec4kS/j85t1esYEbC9XlFluVcIUDaQHdKFpijCl6eC2oFXOkPRwJKSkp +=nyLM +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/343D8AF79796EE107D645A2787A9D9252F924E6F.asc b/tests/openpgp/privkeys/343D8AF79796EE107D645A2787A9D9252F924E6F.asc new file mode 100644 index 000000000..c674b653e --- /dev/null +++ b/tests/openpgp/privkeys/343D8AF79796EE107D645A2787A9D9252F924E6F.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v1.4.8 (GNU/Linux) +Comment: Use "gpg --dearmor" for unpacking + +KDExOnByaXZhdGUta2V5KDM6ZHNhKDE6cDEyOToArHGqWD0rP0Nn/c3nYELTD4m1 +gqR7f2+l1ZUMdHcweYwn/fVjaJKmbR+9GzeHWP398FWYs5mCU1DIfrZLF0nJnAJ6 +WRnN9TL+oub1BqqLvCmDSngRuZZ2gUX8DVmD8xTsPnDnG74QDUnvtnpDIAs32sg5 +dnusstrriXD8xXgt0g8pKDE6cTIxOgC449htJbbp5rkJHvBDs4YxEIkk5ykoMTpn +MTI4Ol+ITxpSMOT5R67Bu4XWoYU7nVeYURpb6LJ8LK2CV7ygECwFdRFdukiGFB+a +TP8nF6xtuXalaBuerkKp4QXVKqOIkp7MWN2TAOOg9eERHPT//whryf49meNYMPLv +KAe60udHY76Glm+Zso+24WnEwXX2od1PHVV3CItWRb7YmhgGKSgxOnkxMjg6AgXt +40h2lpiIHTjbu6fiCBzbr5j2eQX3cNoydkRphJ66bqD+DsPW/Ag0WBCQxgRaLgMr +db64fQT+fyjbTBLbC8ytt5hpCbm/q5x3TTXDAUNjoB3CnA/tQItBy7qqq/A0d3FZ +grr6AixK58uZ4wauy8LRZCph67UZ8akcgwJkmVkpKDE6eDIwOn/Y1rjZASGMK9IG +b1y/ZDKT0zkTKSkp +=muRa +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc b/tests/openpgp/privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc new file mode 100644 index 000000000..6233524f0 --- /dev/null +++ b/tests/openpgp/privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc @@ -0,0 +1,21 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v1.4.8 (GNU/Linux) +Comment: Use "gpg --dearmor" for unpacking + +KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOmRzYSgxOnAxMjk6AL8pJ97q5V8O +ADcGsak0uFXFP/K3BcykEjykR1OJjSNaditv9i7zC0J5n0YC7H9kD+1537ul2Jsd +d9fk/MN+BRNnCsglrns5SlbAjzvwDNnE2ydW/Ug/q58bIRIowTg9RA7mF4qHABvS +BDAXACtLe/ih5isSWOEnv2Sm3fX0kQATKSgxOnEyMToA+hTknylYwYGT/PEVQ4Jl +LPoWmqUpKDE6ZzEyOToAmfUdfU53m3Kgrg4QAzkb7AfPdIGPgUyidk1azUi3Tcko +egzm6VDYWARaYFUg9MpIOb+NBc9gCnPkOnGmgZhtMJoSjrN8TfYATOhcOYYBkT3R +eGr/BwQ34lwekfK0AD+f6FhpHexh6BDnaZYxH691330o7RXSMtFxySAEDtnaOUUp +KDE6eTEyODp8cyy2nYt0QI5Tf+t/d4WBeib2yNWVtZH/j7XpDqHLZDgVAYkazCA6 +ZF7BvLddBEqVAh1X5tqua4AXX9L4SGYb7B0LRV72alhYiWWHez126KjVgwRTUxtE +J4EnHmYJRReLlXosPIRhXSz7HFAqalPXJ0DvC9kzTQnnjPOylyMPTSkoOTpwcm90 +ZWN0ZWQyNTpvcGVucGdwLXMyazMtc2hhMS1hZXMtY2JjKCg0OnNoYTE4OnBnEA/u +YyreNzo0OTMzNjMyKTE2OtXuvrOxsl1/bOm+6zBEQZ0pODA6XEPa+d4D7F2jof/+ +sJvtf22PzAgN/qZ93eIKlJaHxQFQeOyLrghCAUyZLIBzR8dlNBG+uWhg7DBJMVnR +MhH24nqzdivp+SxlMO0XdnkmkBspKDEyOnByb3RlY3RlZC1hdDE1OjIwMTAxMDE0 +VDEyMDgxMSkpKQ== +=ZfqD +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc b/tests/openpgp/privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc new file mode 100644 index 000000000..79699a208 --- /dev/null +++ b/tests/openpgp/privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc @@ -0,0 +1,21 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v1.4.8 (GNU/Linux) +Comment: Use "gpg --dearmor" for unpacking + +KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOmRzYSgxOnAxMjk6ALZlsUNfTCYk +jzIsNhB0iJl4C4cuZ/IeypdosZQxm1aIC+f+E2ly3BqGbMqbmheKcdS9SQs5DSzy +s6W7XmeHDhrNzfStM/UuwiSfnM5E2cV2BgLpErKE56Kb/rf7/Ia12dObj2VV9oKr +CwSYEISRdp5YMar6J7Vvz0nz1Pqf8mq7KSgxOnEyMToAoQkjVeVGG+B/SzJ6+yif +dHWQVkcpKDE6ZzEyODoVw8i11+Plhxj9mnredV5SqI1hsLGZnPSzz2IcFP0XFDu3 +HtUEG9FxZVFRQYWNCUKTP7cv5DYvmhlhc4oG0PhwFmZFLwPPlSAFZ3jfqfkh4RiM +i01yqQGE6uOgML5ZWeQqb39Ngqf/ltWlcgNKpwVjMniMV5kfRzoupccZ+XI2oyko +MTp5MTI4OlVm585daoJeQG/Pg7LdDkVuNBDT/63LysOfw5NqI+LjUXJScSLos76r +IFLT0WOdmP74+RxFxdb31I3GYQlFjsy40e3nAi8QfaM0Q4n2WzPNkUENu7CyNccr +fn6U9sYTLr3EI/bqIRp/KwoptFcmETUL62TxKcr4abrayK+Yr/lqKSg5OnByb3Rl +Y3RlZDI1Om9wZW5wZ3AtczJrMy1zaGExLWFlcy1jYmMoKDQ6c2hhMTg6ndF2xFqT +19k3OjUyNDI4ODApMTY6QB3EeZz7Zs2uIRmjRj/ocyk4MDoN3zs2+IgNNxe0pZQ9 +XzwAAgAA0MhK4ypYOdDc2fvfvCsjrhQyUW5ZQVVxFmf7hgY6YZzAlldXF9bD9DMC +JtcJmap6Xk5D7VClxR97yHK+ASkoMTI6cHJvdGVjdGVkLWF0MTU6MjAxMDEwMTRU +MTU0MzUyKSkp +=8r3/ +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/7E201E28B6FEB2927B321F443205F4724EBE637E.asc b/tests/openpgp/privkeys/7E201E28B6FEB2927B321F443205F4724EBE637E.asc new file mode 100644 index 000000000..7ec044856 --- /dev/null +++ b/tests/openpgp/privkeys/7E201E28B6FEB2927B321F443205F4724EBE637E.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v1.4.8 (GNU/Linux) +Comment: Use "gpg --dearmor" for unpacking + +KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOmVsZygxOnAxMjk6AOgCS1p47zcd +ec0UvVC0phewalHUU6f7mulWr0j0ZY1RU0IOP18HAeT7INcwPcUaUvC9KYenXmYb +vO1i7sNNUCOsKUamwg+oSNMcbM3AwNwxlggTyJS1N6WzIX7MjRLUlUqtbLRhPDGl +Cltt6yeAjS0pZT646TANaBDiRIgk94ADKSgxOmcxOgUpKDE6eTEyODpGh2X1Sy+4 +Ip/RtMJDPZOY+Y6sWUN7OiM2BkdUmCLOmaOVfgrsEevKdSBBj0oVWN81U02i7jQz +hhAI3tZMFJmP/hlF7AlS5HSaLj2+t1nHAKKy70QhskINR41CCv9sHAc5gN1WrY5N +DpeI12GmqsWMPQVPUHsTTe0QsT6XbHzvCykoOTpwcm90ZWN0ZWQyNTpvcGVucGdw +LXMyazMtc2hhMS1hZXMtY2JjKCg0OnNoYTE4Or78V63MKf6HNzo0OTMzNjMyKTE2 +OkxDOAnTGrRgVCyb5u0UbCYpOTY6tghO175Vpfia/wJGrOUT0hgS3Es/EaEHv+bn +jYBeErvROJrKtUboxoGox/Qa2xxpFFhFWtR3IX6rjmqS1a5RhwEmYxFb/IzVESuZ +Kf00wS+lmJuR14ACnuAOfVF6OQP5KSgxMjpwcm90ZWN0ZWQtYXQxNToyMDEwMTAx +NFQxMjA4MTIpKSk= +=a0Os +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.asc b/tests/openpgp/privkeys/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.asc new file mode 100644 index 000000000..370e8624e --- /dev/null +++ b/tests/openpgp/privkeys/8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34.asc @@ -0,0 +1,14 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v1.4.8 (GNU/Linux) +Comment: Use "gpg --dearmor" for unpacking + +KDExOnByaXZhdGUta2V5KDM6ZWxnKDE6cDEyOToAzNix+drHTYCMxS8NiUZNpVTG +nWfzMjxCqVyZYt9CEm7A4JcfSbgRUppqKunwreuDmmNGFc1W+lT1oLfvJaDi/oQ/ +oubgIcq0EZ5gOUydaj961PV3ltNmaaUSZsJ6jRxaa0FB1cgx6EVB88gR6JB4mAM4 +KV+Ct/f9QzPv2TMS8qspKDE6ZzE6BikoMTp5MTI4OjdzptnsiJ124yTW5ewhvUVp +mDGuT9CuA3ggW65bjOhfravX5rfHMCXLPXMNXFgpA012vghVwun/ekkj7/rxapZm +lE28YpSDj8Pwn/lkqNAjy466My+wUeoCgg7mEg/75is2ogKzx1L52nay7BGmfS41 +5m7BBjWHsiUA6KRtFXt1KSgxOngzMTppFcbO0lgUP4k3sTNfSIfwBCt8YwBTmPk5 +a7hTI4y2KSkp +=miH9 +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc b/tests/openpgp/privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc new file mode 100644 index 000000000..616c69768 --- /dev/null +++ b/tests/openpgp/privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc @@ -0,0 +1,20 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v1.4.8 (GNU/Linux) +Comment: Use "gpg --dearmor" for unpacking + +KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOmVsZygxOnAxMjk6AJyN1x9X9Lsj +fX2Z8O9s7BzMO9OoOxFtvZw+FA0BuDs0WVYkq1GuZ9/XiO0K30zvtZnlb7NMvBfz +7xbLeYx+vKzy5xkq18+LE5dU+HKKdRQZKrrwgCsDy8tJRO447QsiLTksCDqPMaE3 +2OCRBF5nKrG5vih7/cmEhf2CuAn+2yM3KSgxOmcxOgcpKDE6eTEyODoZ5eYysaLn +AwPeqQ9vNvUyrCxUEmrvl4svG7zkkg3ZcgAbDpDQUmnijt3gEBCoAzO3c41TU5wJ +aUNBEPGPWfKcTlmBEGJWjK50QQuA2diGncxIS5SDs+QVaf434a6/KFVQcCmV7K8/ +T2S8/nuGJ/rIlFL5XovW6A/S9mYEjh2pDykoOTpwcm90ZWN0ZWQyNTpvcGVucGdw +LXMyazMtc2hhMS1hZXMtY2JjKCg0OnNoYTE4OkuRjUFO6YIJNzo0NjYwMjI0KTE2 +Or7L9Ekww4C0lZz3g61PzJEpMTkyOk7ezAcv7simMXQw+afvqUlhdoyVM4QQuhj8 +KzqjNP3IC2fSHoFECWxGfC1fNcuqzRnzs98TqAy5BDnNXSW+e+CpenWtLpID/dvb +azkeATfhMf/2KMd2Mahi6rnQ6IBnxhq1d5jLhYg00Ba1HbojEYOkCPKQlFV01bQw +mUsyQ7sMr42JvdFTI4lDmQlHfqoexpFpLCDv4eUKjvG/K7xs0uLiF4vyMLVH5H/k +6EF9HEP9sUF+aTDJXrrfHOUG1LR6/CkoMTI6cHJvdGVjdGVkLWF0MTU6MjAxMDEw +MTRUMTUzNTM4KSkp +=soiR +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc b/tests/openpgp/privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc new file mode 100644 index 000000000..7b25b7a2b --- /dev/null +++ b/tests/openpgp/privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc @@ -0,0 +1,15 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v1.4.8 (GNU/Linux) +Comment: Use "gpg --dearmor" for unpacking + +KDExOnByaXZhdGUta2V5KDM6ZHNhKDE6cDk3OgDbbxWAbWsheUJprK6VryMTpwDi +YwMfL+92nrHqSfPqlpMWgDTia8qnpRSXbyEmSppp/6/Ygp+N3n32Kznq7PjHXiuW +LlZGvZMtzmvaMA17y0GY6oLBxS7rhASXIKa9hEUpKDE6cTIxOgD/igRZcqjTHbCv +I/mTtAPK5yJhqykoMTpnOTc6ALV10OZ7mJkWRMRYeGu1T3uwS7YYORJAHwd1fwKh +Fys7P8HZaWIXqp8EqFxk8VUEiEo3ONN9jtIRgBmTbNywKbx6WfBItoYTPEoU0UGo +oM1c/5rfmylyqwdIbMNXDhW4oykoMTp5OTc6AJNnAP6skpHlhVAmecLZT9eRzVoO +q1ivUIntK2Mh47qsL74q6BBwz2sviPU2Y3pDlbb6Ed0qJAXvdCT24hlfoGoXzkoD +InkPJTJeL0gCnwmQPjvXFFd71Cvg5LaL4lIQLSkoMTp4MjA6cZuCxaj7sT+FZqTO +y2lNfMjaQMgpKSk= +=s5nv +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/seat.test b/tests/openpgp/seat.test index 28e69256c..8a5f39904 100755 --- a/tests/openpgp/seat.test +++ b/tests/openpgp/seat.test @@ -12,7 +12,7 @@ for i in $plain_files ; do echo "$usrpass1" | $GPG --passphrase-fd 0 --always-trust -seat \ - -r two -o x --yes $i + -r two@example.com -o x --yes $i $GPG -o y --yes x cmp $i y || error "$i: mismatch" done diff --git a/tests/openpgp/signencrypt-dsa.test b/tests/openpgp/signencrypt-dsa.test index 77ded1213..94730998a 100755 --- a/tests/openpgp/signencrypt-dsa.test +++ b/tests/openpgp/signencrypt-dsa.test @@ -12,17 +12,17 @@ #info Checking signing and encryption for DSA for i in $plain_files $data_files ; do - $GPG $dsa_keyrings --always-trust -se -o x --yes \ + $GPG --always-trust -se -o x --yes \ -u "$dsa_usrname1" -r "$dsa_usrname2" $i - $GPG $dsa_keyrings -o y --yes x + $GPG -o y --yes x cmp $i y || error "$i: mismatch" done for da in ripemd160 sha1; do for i in $plain_files; do - $GPG $dsa_keyrings --always-trust -se -o x --yes --digest-algo $da \ + $GPG --always-trust -se -o x --yes --digest-algo $da \ -u "$dsa_usrname1" -r "$dsa_usrname2" $i - $GPG $dsa_keyrings -o y --yes x + $GPG -o y --yes x cmp $i y || error "$i: mismatch" # process only the first one break diff --git a/tests/openpgp/sigs-dsa.test b/tests/openpgp/sigs-dsa.test index 8b3b14f14..e4f812a2d 100755 --- a/tests/openpgp/sigs-dsa.test +++ b/tests/openpgp/sigs-dsa.test @@ -12,16 +12,15 @@ #info Checking DSA signatures (default digest algo) for i in $plain_files $data_files; do - $GPG $dsa_keyrings -s -o x --yes -u $dsa_usrname1 $i - $GPG $dsa_keyrings -o y --yes x + $GPG -s -o x --yes -u $dsa_usrname1 $i + $GPG -o y --yes x cmp $i y || error "$i: mismatch" done for da in ripemd160 sha1; do for i in $plain_files; do - $GPG $dsa_keyrings --digest-algo $da \ - -s -o x --yes -u $dsa_usrname1 $i - $GPG $dsa_keyrings -o y --yes x + $GPG --digest-algo $da -s -o x --yes -u $dsa_usrname1 $i + $GPG -o y --yes x cmp $i y || error "$i: mismatch" # process only the first one break diff --git a/tests/openpgp/sigs.test b/tests/openpgp/sigs.test index 86b0cdc7b..28ce9f1b1 100755 --- a/tests/openpgp/sigs.test +++ b/tests/openpgp/sigs.test @@ -11,7 +11,7 @@ . $srcdir/defs.inc || exit 3 for i in $plain_files $data_files; do - echo "$usrpass1" | $GPG --passphrase-fd 0 -s -o x --yes $i + $GPG -s -o x --yes $i $GPG -o y --yes x cmp $i y || error "$i: mismatch" done diff --git a/tests/openpgp/version.test b/tests/openpgp/version.test index 34733e27d..ed0f6c449 100755 --- a/tests/openpgp/version.test +++ b/tests/openpgp/version.test @@ -10,8 +10,97 @@ . $srcdir/defs.inc || exit 3 -# print the GPG version +# This is the first test run by "make check". First kill a possible +# gpg-agent process from a previous test run. +if $GPG_AGENT --quiet; then + echo "$pgmname: killing leftover gpg-agent process" >&2 + $GPG_CONNECT_AGENT killagent /bye >/dev/null + sleep 2 +fi + + +info "Deleting old files" +if [ -f Makefile -a -f $srcdir/decrypt-dsa.test ]; then + : +else + fatal "not running in the test directory" + exit 1 +fi +if [ -d private-keys-v1.d ]; then + rm private-keys-v1.d/* 2>/dev/null || true + rmdir private-keys-v1.d +fi +for i in pubring.gpg pubring.gpg~ trustdb.gpg trustdb.gpg~ ; do + [ -d "$i" ] && rm "$i" +done + +# Now start the agent right away, so that there is only one place +# where starting the agent may fail. To speed up key generation we +# create a faked random seed file. Note that we need to set the +# agent-program so that gpg-connect-agent is able to start the agent +# we are currently testing and not an already installed one. +info "Starting the agent" +$MKTDATA 600 >random_seed +if $GPG_CONNECT_AGENT -v --agent-program="$GPG_AGENT" /bye; then + : +else + error "starting the gpg-agent failed" + exit 1 +fi + + +info "Creating sample data files" +for i in 500 9000 32000 80000; do + $MKTDATA $i >data-$i +done +cat $srcdir/../../doc/HACKING \ + $srcdir/../../doc/DETAILS \ + $srcdir/../../doc/gpg.texi >plain-large + +info "Unpacking samples" +$GPG --dearmor < $srcdir/plain-1o.asc > ./plain-1 +$GPG --dearmor < $srcdir/plain-2o.asc > ./plain-2 +$GPG --dearmor < $srcdir/plain-3o.asc > ./plain-3 + +info "Storing private keys" +for i in 50B2D4FA4122C212611048BC5FC31BD44393626E \ + 7E201E28B6FEB2927B321F443205F4724EBE637E \ + 13FDB8809B17C5547779F9D205C45F47CE0217CE \ + 343D8AF79796EE107D645A2787A9D9252F924E6F \ + 8B5ABF3EF9EB8D96B91A0B8C2C4401C91C834C34 \ + 0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255 \ + FD692BD59D6640A84C8422573D469F84F3B98E53 \ + 76F7E2B35832976B50A27A282D9B87E44577EB66 \ + A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD ; do + $GPG --dearmor < $srcdir/privkeys/$i.asc > private-keys-v1.d/$i.key +done + +info "Importing public demo and test keys" +$GPG --yes --import $srcdir/pubdemo.asc $srcdir/pubring.asc +$GPG --dearmor < $srcdir/pubring.pkr.asc | $GPG --yes --import + + +info "Preset passphrases" +# one@example.com +$GPG_PRESET_PASSPHRASE --preset -P def 50B2D4FA4122C212611048BC5FC31BD44393626E +$GPG_PRESET_PASSPHRASE --preset -P def 7E201E28B6FEB2927B321F443205F4724EBE637E +# alpha@example.net +$GPG_PRESET_PASSPHRASE --preset -P abc 76F7E2B35832976B50A27A282D9B87E44577EB66 +$GPG_PRESET_PASSPHRASE --preset -P abc A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD + + +# Note: secring.asc and secring.skr.asc are the original secrings for +# our test files. We don't support this as storage format anymore but +# keep the files here for reference. The actual keys have been +# extracted and put in gpg-agent's format unter privkeys/. Because +# the current gpg's import feature does not support storing of +# unprotected keys in the new gpg-agent format, we had to resort to +# some trickery to convert them. + + +info "Printing the GPG version" $GPG --version -#fixme: check that the output is correct +#fixme: check that the output is as expected + diff --git a/tools/ChangeLog b/tools/ChangeLog index de148ba56..84fbe4098 100644 --- a/tools/ChangeLog +++ b/tools/ChangeLog @@ -1,5 +1,7 @@ 2010-10-14 Werner Koch <wk@g10code.com> + * gpg-connect-agent.c: Add option --agent-program. + * gpg-connect-agent.c (start_agent): Rewrite using the start_new_gpg_agent function. diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c index 652f288c5..8de67bbf0 100644 --- a/tools/gpg-connect-agent.c +++ b/tools/gpg-connect-agent.c @@ -56,6 +56,7 @@ enum cmd_and_opt_values oNoVerbose = 500, oHomedir, + oAgentProgram, oHex, oDecode, oNoExtConnect @@ -85,6 +86,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"), ARGPARSE_s_s (oHomedir, "homedir", "@" ), + ARGPARSE_s_s (oAgentProgram, "agent-program", "@"), ARGPARSE_end () }; @@ -96,6 +98,7 @@ struct int verbose; /* Verbosity level. */ int quiet; /* Be extra quiet. */ const char *homedir; /* Configuration directory name */ + const char *agent_program; /* Value of --agent-program. */ int hex; /* Print data lines in hex format. */ int decode; /* Decode received data lines. */ const char *raw_socket; /* Name of socket to connect in raw mode. */ @@ -1186,6 +1189,7 @@ main (int argc, char **argv) case oVerbose: opt.verbose++; break; case oNoVerbose: opt.verbose = 0; break; case oHomedir: opt.homedir = pargs.r.ret_str; break; + case oAgentProgram: opt.agent_program = pargs.r.ret_str; break; case oHex: opt.hex = 1; break; case oDecode: opt.decode = 1; break; case oRawSocket: opt.raw_socket = pargs.r.ret_str; break; @@ -2168,7 +2172,7 @@ start_agent (void) err = start_new_gpg_agent (&ctx, GPG_ERR_SOURCE_DEFAULT, opt.homedir, - NULL, + opt.agent_program, NULL, NULL, session_env, !opt.quiet, 0, |