1
2
3
4
5 package packet
6
7 import (
8 "bytes"
9 "crypto"
10 "encoding/hex"
11 "strings"
12 "testing"
13
14 "github.com/ProtonMail/go-crypto/openpgp/armor"
15 )
16
17 func TestSignatureReadAndReserialize(t *testing.T) {
18 packet, err := Read(readerFromHex(signatureDataHex))
19 if err != nil {
20 t.Error(err)
21 return
22 }
23 sig, ok := packet.(*Signature)
24 if !ok || sig.SigType != SigTypeBinary || sig.PubKeyAlgo != PubKeyAlgoRSA || sig.Hash != crypto.SHA1 {
25 t.Errorf("failed to parse, got: %#v", packet)
26 }
27
28 serializedSig := new(bytes.Buffer)
29 err = sig.Serialize(serializedSig)
30 if err != nil {
31 t.Fatalf("Unable to reserialize signature, got %s", err)
32 }
33
34 hexSig := hex.EncodeToString(serializedSig.Bytes())
35 if hexSig != signatureDataHex {
36 t.Fatalf("Wrong signature serialized: expected %s, got %s", signatureDataHex, hexSig)
37 }
38 }
39
40 func TestOnePassSignatureReadAndReserialize(t *testing.T) {
41 packet, err := Read(readerFromHex(onePassSignatureDataHex))
42 if err != nil {
43 t.Error(err)
44 return
45 }
46 sig, ok := packet.(*OnePassSignature)
47 if !ok || sig.SigType != SigTypeBinary || sig.PubKeyAlgo != PubKeyAlgoRSA || sig.Hash != crypto.SHA1 {
48 t.Errorf("failed to parse, got: %#v", packet)
49 }
50
51 serializedSig := new(bytes.Buffer)
52 err = sig.Serialize(serializedSig)
53 if err != nil {
54 t.Fatalf("Unable to reserialize one-pass signature, got %s", err)
55 }
56
57 hexSig := hex.EncodeToString(serializedSig.Bytes())
58 if hexSig != onePassSignatureDataHex {
59 t.Fatalf("Wrong one-pass signature serialized: expected %s, got %s", onePassSignatureDataHex, hexSig)
60 }
61 }
62
63 func TestSignatureEmptyFingerprint(t *testing.T) {
64 armoredSig := `-----BEGIN PGP SIGNATURE-----
65
66 wpQEEAEIAAgFAohuCQABIQAATHUEAIiL44Hde8vbjvtHwx71Pr+gdxP1WoCifxaD
67 JKBccKkn82LY1qkfj50BvG0znrloMeQpfLZX1ybHiJwXG0P+cTQJ8m4GkwxlhBkT
68 BhLGOpf6bhM+HhXONIyoG9qp2ZVpgdOoC3zrsUuHvWKelBT8a3t6mCaTDmpvEMf1
69 ltm2aQaG
70 =ZWr8
71 -----END PGP SIGNATURE-----
72 `
73 unarmored, err := armor.Decode(strings.NewReader(armoredSig))
74 if err != nil {
75 t.Error(err)
76 return
77 }
78 _, err = Read(unarmored.Body)
79 if err == nil {
80 t.Errorf("Expected a parsing error")
81 return
82 }
83 }
84
85 func TestSignatureReserialize(t *testing.T) {
86 packet, _ := Read(readerFromHex(signatureDataHex))
87 sig := packet.(*Signature)
88 out := new(bytes.Buffer)
89 err := sig.Serialize(out)
90 if err != nil {
91 t.Errorf("error reserializing: %s", err)
92 return
93 }
94
95 expected, _ := hex.DecodeString(signatureDataHex)
96 if !bytes.Equal(expected, out.Bytes()) {
97 t.Errorf("output doesn't match input (got vs expected):\n%s\n%s", hex.Dump(out.Bytes()), hex.Dump(expected))
98 }
99 }
100
101 func TestPositiveCertSignatureRead(t *testing.T) {
102 packet, err := Read(readerFromHex(positiveCertSignatureDataHex))
103 if err != nil {
104 t.Error(err)
105 return
106 }
107 sig, ok := packet.(*Signature)
108 if !ok || sig.SigType != SigTypePositiveCert || sig.PubKeyAlgo != PubKeyAlgoRSA || sig.Hash != crypto.SHA256 {
109 t.Errorf("failed to parse, got: %#v", packet)
110 }
111 }
112
113 func TestPositiveCertSignatureReserialize(t *testing.T) {
114 packet, _ := Read(readerFromHex(positiveCertSignatureDataHex))
115 sig := packet.(*Signature)
116 out := new(bytes.Buffer)
117 err := sig.Serialize(out)
118 if err != nil {
119 t.Errorf("error reserializing: %s", err)
120 return
121 }
122
123 expected, _ := hex.DecodeString(positiveCertSignatureDataHex)
124 if !bytes.Equal(expected, out.Bytes()) {
125 t.Errorf("output doesn't match input (got vs expected):\n%s\n%s", hex.Dump(out.Bytes()), hex.Dump(expected))
126 }
127 }
128
129 func TestSignUserId(t *testing.T) {
130 sig := &Signature{
131 Version: 4,
132 SigType: SigTypeGenericCert,
133 PubKeyAlgo: PubKeyAlgoRSA,
134 Hash: 0,
135 }
136
137 packet, err := Read(readerFromHex(rsaPkDataHex))
138 if err != nil {
139 t.Fatalf("failed to deserialize public key: %v", err)
140 }
141 pubKey := packet.(*PublicKey)
142
143 packet, err = Read(readerFromHex(privKeyRSAHex))
144 if err != nil {
145 t.Fatalf("failed to deserialize private key: %v", err)
146 }
147 privKey := packet.(*PrivateKey)
148
149 err = sig.SignUserId("", pubKey, privKey, nil)
150 if err == nil {
151 t.Errorf("did not receive an error when expected")
152 }
153
154 sig.Hash = crypto.SHA256
155 err = privKey.Decrypt([]byte("testing"))
156 if err != nil {
157 t.Fatalf("failed to decrypt private key: %v", err)
158 }
159
160 err = sig.SignUserId("", pubKey, privKey, nil)
161 if err != nil {
162 t.Errorf("failed to sign user id: %v", err)
163 }
164 }
165
166 func TestSignatureWithLifetime(t *testing.T) {
167 lifeTime := uint32(3600 * 24 * 30)
168 sig := &Signature{
169 SigType: SigTypeGenericCert,
170 PubKeyAlgo: PubKeyAlgoRSA,
171 Hash: crypto.SHA256,
172 SigLifetimeSecs: &lifeTime,
173 }
174
175 packet, err := Read(readerFromHex(rsaPkDataHex))
176 if err != nil {
177 t.Fatalf("failed to deserialize public key: %v", err)
178 }
179 pubKey := packet.(*PublicKey)
180
181 packet, err = Read(readerFromHex(privKeyRSAHex))
182 if err != nil {
183 t.Fatalf("failed to deserialize private key: %v", err)
184 }
185 privKey := packet.(*PrivateKey)
186
187 err = privKey.Decrypt([]byte("testing"))
188 if err != nil {
189 t.Fatalf("failed to decrypt private key: %v", err)
190 }
191
192 err = sig.SignUserId("", pubKey, privKey, nil)
193 if err != nil {
194 t.Errorf("failed to sign user id: %v", err)
195 }
196
197 buf := bytes.NewBuffer([]byte{})
198 err = sig.Serialize(buf)
199 if err != nil {
200 t.Errorf("failed to serialize signature: %v", err)
201 }
202
203 packet, _ = Read(bytes.NewReader(buf.Bytes()))
204 sig = packet.(*Signature)
205 if sig.SigLifetimeSecs == nil || *sig.SigLifetimeSecs != lifeTime {
206 t.Errorf("signature lifetime is wrong: %d instead of %d", *sig.SigLifetimeSecs, lifeTime)
207 }
208
209 for _, subPacket := range sig.rawSubpackets {
210 if subPacket.subpacketType == signatureExpirationSubpacket {
211 if !subPacket.isCritical {
212 t.Errorf("signature expiration subpacket is not marked as critical")
213 }
214 }
215 }
216 }
217
218 func TestSignatureWithPolicyURI(t *testing.T) {
219 testPolicy := "This is a test policy"
220 sig := &Signature{
221 SigType: SigTypeGenericCert,
222 PubKeyAlgo: PubKeyAlgoRSA,
223 Hash: crypto.SHA256,
224 PolicyURI: testPolicy,
225 }
226
227 packet, err := Read(readerFromHex(rsaPkDataHex))
228 if err != nil {
229 t.Fatalf("failed to deserialize public key: %v", err)
230 }
231 pubKey := packet.(*PublicKey)
232
233 packet, err = Read(readerFromHex(privKeyRSAHex))
234 if err != nil {
235 t.Fatalf("failed to deserialize private key: %v", err)
236 }
237 privKey := packet.(*PrivateKey)
238
239 err = privKey.Decrypt([]byte("testing"))
240 if err != nil {
241 t.Fatalf("failed to decrypt private key: %v", err)
242 }
243
244 err = sig.SignUserId("", pubKey, privKey, nil)
245 if err != nil {
246 t.Errorf("failed to sign user id: %v", err)
247 }
248
249 buf := bytes.NewBuffer([]byte{})
250 err = sig.Serialize(buf)
251 if err != nil {
252 t.Errorf("failed to serialize signature: %v", err)
253 }
254
255 packet, _ = Read(bytes.NewReader(buf.Bytes()))
256 sig = packet.(*Signature)
257 if sig.PolicyURI != testPolicy {
258 t.Errorf("signature policy is wrong: %s instead of %s", sig.PolicyURI, testPolicy)
259 }
260
261 for _, subPacket := range sig.rawSubpackets {
262 if subPacket.subpacketType == policyUriSubpacket {
263 if subPacket.isCritical {
264 t.Errorf("policy URI subpacket is marked as critical")
265 }
266 }
267 }
268 }
269
270 func TestSignatureWithTrust(t *testing.T) {
271 packet, err := Read(readerFromHex(signatureWithTrustDataHex))
272 if err != nil {
273 t.Error(err)
274 return
275 }
276 sig, ok := packet.(*Signature)
277 if !ok || sig.SigType != SigTypeGenericCert || sig.PubKeyAlgo != PubKeyAlgoRSA || sig.Hash != crypto.SHA256 || sig.TrustLevel != 0x01 || sig.TrustAmount != 0x03C {
278 t.Errorf("failed to parse, got: %#v", packet)
279 }
280
281 out := new(bytes.Buffer)
282 err = sig.Serialize(out)
283 if err != nil {
284 t.Errorf("error reserializing: %s", err)
285 return
286 }
287
288 expected, _ := hex.DecodeString(signatureWithTrustDataHex)
289 if !bytes.Equal(expected, out.Bytes()) {
290 t.Errorf("output doesn't match input (got vs expected):\n%s\n%s", hex.Dump(out.Bytes()), hex.Dump(expected))
291 }
292 }
293
294 func TestSignatureWithTrustAndRegex(t *testing.T) {
295 packet, err := Read(readerFromHex(signatureWithTrustRegexHex))
296 if err != nil {
297 t.Error(err)
298 return
299 }
300 sig, ok := packet.(*Signature)
301 if !ok || sig.SigType != SigTypeGenericCert || sig.PubKeyAlgo != PubKeyAlgoRSA || sig.Hash != crypto.SHA256 || sig.TrustLevel != 0x01 || sig.TrustAmount != 0x3C || *sig.TrustRegularExpression != "*.example.com" {
302 t.Errorf("failed to parse, got: %#v", packet)
303 }
304
305 out := new(bytes.Buffer)
306 err = sig.Serialize(out)
307 if err != nil {
308 t.Errorf("error reserializing: %s", err)
309 return
310 }
311
312 expected, _ := hex.DecodeString(signatureWithTrustRegexHex)
313 if !bytes.Equal(expected, out.Bytes()) {
314 t.Errorf("output doesn't match input (got vs expected):\n%s\n%s", hex.Dump(out.Bytes()), hex.Dump(expected))
315 }
316
317
318 packet, err = Read(readerFromHex(signatureWithBadTrustRegexHex))
319 if err == nil {
320 t.Errorf("did not receive an error when expected")
321 }
322 if err.Error() != "openpgp: invalid data: expected regular expression to be null-terminated" {
323 t.Errorf("unexpected error while parsing: %v", err)
324 }
325 }
326
327 const onePassSignatureDataHex = `c40d03000201ab105c91af38fb1501`
328
329 const signatureDataHex = "c2c05c04000102000605024cb45112000a0910ab105c91af38fb158f8d07ff5596ea368c5efe015bed6e78348c0f033c931d5f2ce5db54ce7f2a7e4b4ad64db758d65a7a71773edeab7ba2a9e0908e6a94a1175edd86c1d843279f045b021a6971a72702fcbd650efc393c5474d5b59a15f96d2eaad4c4c426797e0dcca2803ef41c6ff234d403eec38f31d610c344c06f2401c262f0993b2e66cad8a81ebc4322c723e0d4ba09fe917e8777658307ad8329adacba821420741009dfe87f007759f0982275d028a392c6ed983a0d846f890b36148c7358bdb8a516007fac760261ecd06076813831a36d0459075d1befa245ae7f7fb103d92ca759e9498fe60ef8078a39a3beda510deea251ea9f0a7f0df6ef42060f20780360686f3e400e"
330
331 const signatureWithTrustDataHex = "c2ad0410010800210502886e09001621040f0bfb42b3b08bece556fffcc181c053de849bf20385013c000035d803ff405c3c10211d680d3f5192e44d5acf7a25068a9938b5e5b1337735658ef8916e6878735ddfe15679c4868fcf46f02890104a5fb7caffa8e628a202deeda8376d58e586d60c1759e667fa49d87c7564c83b88f59db2631dc7e68535fd4a13b6096f91b05f7bb9989ddb36fc7e6e35dcc2f493468320cbe66e27895744eab2ae4b"
332
333 const signatureWithTrustRegexHex = "c2bd0410010800310502886e09001621040f0bfb42b3b08bece556fffcc181c053de849bf20385013c0f862a2e6578616d706c652e636f6d000000620603ff7e405020cdbf82ac30f6ad11f82690d3c2fa2107130f80a66fc48a4b6cc426b90585670d8cb8e258f9c1fa35c62381074fd9b740aaebd96a3265c96d145620d7c24265c8e258a2f9a2229e4edb8076e27d5e229cf676135dde4dad54271e061adea05302e81ff412c55742b15c8b20fe3bee4c6b96cd9dfff44da9cc5df328ab"
334
335 const signatureWithBadTrustRegexHex = "c2bc0410010800300502886e09001621040f0bfb42b3b08bece556fffcc181c053de849bf20385013c0e862a2e6578616d706c652e636f6d00007e7103fe3fa66963f7a91ceb297286f57bab38446ba591215a9d6589ab6ec0d930438a4d79f80a52440e017dc6dd03f7425ccc1e059edda2b32f4975501eacc5676f216e56c568b75442c3efc750425f0d5276c7611ef838ce3f015f4de0969b4710aac8a76fcf2d48dd0749e937099b55ab77d93132e9777ba3b8cf89f908c2dbfff838"
336
337 const positiveCertSignatureDataHex = "c2c0b304130108005d050b0908070206150a09080b020416020301021e010217802418686b70733a2f2f686b70732e706f6f6c2e736b732d6b6579736572766572732e6e65741621045ef9b8a44d89b32f94f3e9333679666422d0f62605025b2cc122021b2f000a09103679666422d0f62668e1080098b71f59ce893769ccb603344290e89df8f12d6ea906cc1c2b166c61a02679070744565f8280712b4e6bdfd482b758ef935655f1674c8f3633ab173d27cbe31e46368a8255134ecc5249ad66324cc4f6a79f160459b326711cfdc35032aac0903657a934f80f79768786ddd6554aa8d385c03adbee17c4e3e2831752d4910077da3b1f5562d267a57540a1c2b0dd2d96ed055c06098599b2390d61cfa37c6d19d9d63749fb3c3cfe0036fd959ba616eb23486216563fed8fdd19f96f5da9943db1698705fb688c1354c379ef01de307c4a0ac016e6385324cb0a7b49cfeee8961a289c8fa4c81d0e24e00969039db223a9835e8b86a8d85df645175f8aa0f8f2"
338
View as plain text