1
2
3
4
5 package clearsign
6
7 import (
8 "bytes"
9 "fmt"
10 "io"
11 "testing"
12
13 "golang.org/x/crypto/openpgp"
14 "golang.org/x/crypto/openpgp/packet"
15 )
16
17 func testParse(t *testing.T, input []byte, expected, expectedPlaintext string) {
18 b, rest := Decode(input)
19 if b == nil {
20 t.Fatal("failed to decode clearsign message")
21 }
22 if !bytes.Equal(rest, []byte("trailing")) {
23 t.Errorf("unexpected remaining bytes returned: %s", string(rest))
24 }
25 if b.ArmoredSignature.Type != "PGP SIGNATURE" {
26 t.Errorf("bad armor type, got:%s, want:PGP SIGNATURE", b.ArmoredSignature.Type)
27 }
28 if !bytes.Equal(b.Bytes, []byte(expected)) {
29 t.Errorf("bad body, got:%x want:%x", b.Bytes, expected)
30 }
31
32 if !bytes.Equal(b.Plaintext, []byte(expectedPlaintext)) {
33 t.Errorf("bad plaintext, got:%x want:%x", b.Plaintext, expectedPlaintext)
34 }
35
36 keyring, err := openpgp.ReadArmoredKeyRing(bytes.NewBufferString(signingKey))
37 if err != nil {
38 t.Errorf("failed to parse public key: %s", err)
39 }
40
41 if _, err := openpgp.CheckDetachedSignature(keyring, bytes.NewBuffer(b.Bytes), b.ArmoredSignature.Body); err != nil {
42 t.Errorf("failed to check signature: %s", err)
43 }
44 }
45
46 func TestParse(t *testing.T) {
47 testParse(t, clearsignInput, "Hello world\r\nline 2", "Hello world\nline 2\n")
48 testParse(t, clearsignInput2, "\r\n\r\n(This message has a couple of blank lines at the start and end.)\r\n\r\n", "\n\n(This message has a couple of blank lines at the start and end.)\n\n\n")
49 }
50
51 func TestParseWithNoNewlineAtEnd(t *testing.T) {
52 input := clearsignInput
53 input = input[:len(input)-len("trailing")-1]
54 b, rest := Decode(input)
55 if b == nil {
56 t.Fatal("failed to decode clearsign message")
57 }
58 if len(rest) > 0 {
59 t.Errorf("unexpected remaining bytes returned: %s", string(rest))
60 }
61 }
62
63 var signingTests = []struct {
64 in, signed, plaintext string
65 }{
66 {"", "", ""},
67 {"a", "a", "a\n"},
68 {"a\n", "a", "a\n"},
69 {"-a\n", "-a", "-a\n"},
70 {"--a\nb", "--a\r\nb", "--a\nb\n"},
71
72 {" a\n", " a", " a\n"},
73 {" a\n", " a", " a\n"},
74
75 {"a \n", "a", "a\n"},
76 {"a ", "a", "a\n"},
77
78 {" \n", "", "\n"},
79 {" ", "", "\n"},
80 {"a\n \n \nb\n", "a\r\n\r\n\r\nb", "a\n\n\nb\n"},
81 }
82
83 func TestSigning(t *testing.T) {
84 keyring, err := openpgp.ReadArmoredKeyRing(bytes.NewBufferString(signingKey))
85 if err != nil {
86 t.Errorf("failed to parse public key: %s", err)
87 }
88
89 for i, test := range signingTests {
90 var buf bytes.Buffer
91
92 plaintext, err := Encode(&buf, keyring[0].PrivateKey, nil)
93 if err != nil {
94 t.Errorf("#%d: error from Encode: %s", i, err)
95 continue
96 }
97 if _, err := plaintext.Write([]byte(test.in)); err != nil {
98 t.Errorf("#%d: error from Write: %s", i, err)
99 continue
100 }
101 if err := plaintext.Close(); err != nil {
102 t.Fatalf("#%d: error from Close: %s", i, err)
103 continue
104 }
105
106 b, _ := Decode(buf.Bytes())
107 if b == nil {
108 t.Errorf("#%d: failed to decode clearsign message", i)
109 continue
110 }
111 if !bytes.Equal(b.Bytes, []byte(test.signed)) {
112 t.Errorf("#%d: bad result, got:%x, want:%x", i, b.Bytes, test.signed)
113 continue
114 }
115 if !bytes.Equal(b.Plaintext, []byte(test.plaintext)) {
116 t.Errorf("#%d: bad result, got:%x, want:%x", i, b.Plaintext, test.plaintext)
117 continue
118 }
119
120 if _, err := openpgp.CheckDetachedSignature(keyring, bytes.NewBuffer(b.Bytes), b.ArmoredSignature.Body); err != nil {
121 t.Errorf("#%d: failed to check signature: %s", i, err)
122 }
123 }
124 }
125
126 func TestMultiSign(t *testing.T) {
127 if testing.Short() {
128 t.Skip("skipping long test in -short mode")
129 }
130
131 var config packet.Config
132
133 for nKeys := 0; nKeys < 4; nKeys++ {
134 nextTest:
135 for nExtra := 0; nExtra < 4; nExtra++ {
136 var signKeys []*packet.PrivateKey
137 var verifyKeys openpgp.EntityList
138
139 desc := fmt.Sprintf("%d keys; %d of which will be used to verify", nKeys+nExtra, nKeys)
140 for i := 0; i < nKeys+nExtra; i++ {
141 e, err := openpgp.NewEntity("name", "comment", "email", &config)
142 if err != nil {
143 t.Errorf("cannot create key: %v", err)
144 continue nextTest
145 }
146 if i < nKeys {
147 verifyKeys = append(verifyKeys, e)
148 }
149 signKeys = append(signKeys, e.PrivateKey)
150 }
151
152 input := []byte("this is random text\r\n4 17")
153 var output bytes.Buffer
154 w, err := EncodeMulti(&output, signKeys, nil)
155 if err != nil {
156 t.Errorf("EncodeMulti (%s) failed: %v", desc, err)
157 }
158 if _, err := w.Write(input); err != nil {
159 t.Errorf("Write(%q) to signer (%s) failed: %v", string(input), desc, err)
160 }
161 if err := w.Close(); err != nil {
162 t.Errorf("Close() of signer (%s) failed: %v", desc, err)
163 }
164
165 block, _ := Decode(output.Bytes())
166 if string(block.Bytes) != string(input) {
167 t.Errorf("Inline data didn't match original; got %q want %q", string(block.Bytes), string(input))
168 }
169 _, err = openpgp.CheckDetachedSignature(verifyKeys, bytes.NewReader(block.Bytes), block.ArmoredSignature.Body)
170 if nKeys == 0 {
171 if err == nil {
172 t.Errorf("verifying inline (%s) succeeded; want failure", desc)
173 }
174 } else {
175 if err != nil {
176 t.Errorf("verifying inline (%s) failed (%v); want success", desc, err)
177 }
178 }
179 }
180 }
181 }
182
183 func TestDecodeMissingCRC(t *testing.T) {
184 block, rest := Decode(clearsignInput3)
185 if block == nil {
186 t.Fatal("failed to decode PGP signature missing a CRC")
187 }
188 if len(rest) > 0 {
189 t.Fatalf("Decode should not have any remaining data left: %s", rest)
190 }
191 if _, err := packet.Read(block.ArmoredSignature.Body); err != nil {
192 t.Error(err)
193 }
194 if _, err := packet.Read(block.ArmoredSignature.Body); err != io.EOF {
195 t.Error(err)
196 }
197 }
198
199 const signatureBlock = `
200 -----BEGIN PGP SIGNATURE-----
201 Version: OpenPrivacy 0.99
202
203 yDgBO22WxBHv7O8X7O/jygAEzol56iUKiXmV+XmpCtmpqQUKiQrFqclFqUDBovzS
204 vBSFjNSiVHsuAA==
205 =njUN
206 -----END PGP SIGNATURE-----
207 `
208
209 var invalidInputs = []string{
210 `
211 -----BEGIN PGP SIGNED MESSAGE-----
212 Hash: SHA256
213
214 (This message was truncated.)
215 `,
216 `
217 -----BEGIN PGP SIGNED MESSAGE-----garbage
218 Hash: SHA256
219
220 _o/
221 ` + signatureBlock,
222 `
223 garbage-----BEGIN PGP SIGNED MESSAGE-----
224 Hash: SHA256
225
226 _o/
227 ` + signatureBlock,
228 `
229 -----BEGIN PGP SIGNED MESSAGE-----
230 Hash: SHA` + "\x0b\x0b" + `256
231
232 _o/
233 ` + signatureBlock,
234 `
235 -----BEGIN PGP SIGNED MESSAGE-----
236 NotHash: SHA256
237
238 _o/
239 ` + signatureBlock,
240 }
241
242 func TestParseInvalid(t *testing.T) {
243 for i, input := range invalidInputs {
244 if b, rest := Decode([]byte(input)); b != nil {
245 t.Errorf("#%d: decoded a bad clearsigned message without any error", i)
246 } else if string(rest) != input {
247 t.Errorf("#%d: did not return all data with a bad message", i)
248 }
249 }
250 }
251
252 var clearsignInput = []byte(`
253 ;lasjlkfdsa
254
255 -----BEGIN PGP SIGNED MESSAGE-----
256 Hash: SHA1
257
258 Hello world
259 line 2
260 -----BEGIN PGP SIGNATURE-----
261 Version: GnuPG v1.4.10 (GNU/Linux)
262
263 iJwEAQECAAYFAk8kMuEACgkQO9o98PRieSpMsAQAhmY/vwmNpflrPgmfWsYhk5O8
264 pjnBUzZwqTDoDeINjZEoPDSpQAHGhjFjgaDx/Gj4fAl0dM4D0wuUEBb6QOrwflog
265 2A2k9kfSOMOtk0IH/H5VuFN1Mie9L/erYXjTQIptv9t9J7NoRBMU0QOOaFU0JaO9
266 MyTpno24AjIAGb+mH1U=
267 =hIJ6
268 -----END PGP SIGNATURE-----
269 trailing`)
270
271 var clearsignInput2 = []byte(`
272 asdlfkjasdlkfjsadf
273
274 -----BEGIN PGP SIGNED MESSAGE-----
275 Hash: SHA256
276
277
278
279 (This message has a couple of blank lines at the start and end.)
280
281
282 -----BEGIN PGP SIGNATURE-----
283 Version: GnuPG v1.4.11 (GNU/Linux)
284
285 iJwEAQEIAAYFAlPpSREACgkQO9o98PRieSpZTAP+M8QUoCt/7Rf3YbXPcdzIL32v
286 pt1I+cMNeopzfLy0u4ioEFi8s5VkwpL1AFmirvgViCwlf82inoRxzZRiW05JQ5LI
287 ESEzeCoy2LIdRCQ2hcrG8pIUPzUO4TqO5D/dMbdHwNH4h5nNmGJUAEG6FpURlPm+
288 qZg6BaTvOxepqOxnhVU=
289 =e+C6
290 -----END PGP SIGNATURE-----
291
292 trailing`)
293
294 var clearsignInput3 = []byte(`-----BEGIN PGP SIGNED MESSAGE-----
295 Hash: SHA256
296
297 Origin: vscode stable
298 Label: vscode stable
299 Suite: stable
300 Codename: stable
301 Date: Mon, 13 Jan 2020 08:41:45 UTC
302 Architectures: amd64
303 Components: main
304 Description: Generated by aptly
305 MD5Sum:
306 66437152b3082616d8053e52c4bafafb 5821166 Contents-amd64
307 8024662ed51109946a517754bbafdd33 286298 Contents-amd64.gz
308 66437152b3082616d8053e52c4bafafb 5821166 main/Contents-amd64
309 8024662ed51109946a517754bbafdd33 286298 main/Contents-amd64.gz
310 3062a08b3eca94a65d6d17ba1dafcf3e 1088265 main/binary-amd64/Packages
311 b8ee22200fba8fa3be56c1ff946cdd24 159344 main/binary-amd64/Packages.bz2
312 f89c47c81ebd25caf287c8e6dda16c1a 169456 main/binary-amd64/Packages.gz
313 4c9ca25b556f111a5536c78df885ad82 95 main/binary-amd64/Release
314 SHA1:
315 2b62d0e322746b7d094878278f49993ca4314bf7 5821166 Contents-amd64
316 aafe35cce12e03d8b1939e403ddf5c0958c6e9bd 286298 Contents-amd64.gz
317 2b62d0e322746b7d094878278f49993ca4314bf7 5821166 main/Contents-amd64
318 aafe35cce12e03d8b1939e403ddf5c0958c6e9bd 286298 main/Contents-amd64.gz
319 30316ac5d4ce3b472a96a797eeb0a2a82d43ed3e 1088265 main/binary-amd64/Packages
320 6507e0b4da8194fd1048fcbb74c6e7433edaf3d6 159344 main/binary-amd64/Packages.bz2
321 ec9d39c39567c74001221e4900fb5d11ec11b833 169456 main/binary-amd64/Packages.gz
322 58bf20987a91d35936f18efce75ea233d43dbf8b 95 main/binary-amd64/Release
323 SHA256:
324 deff9ebfc44bf482e10a6ea10f608c6bb0fdc8373bf86b88cad9d99879ae3c39 5821166 Contents-amd64
325 f163bc65c7666ef58e0be3336e8c846ae2b7b388fbb2d7db0bcdc3fd1abae462 286298 Contents-amd64.gz
326 deff9ebfc44bf482e10a6ea10f608c6bb0fdc8373bf86b88cad9d99879ae3c39 5821166 main/Contents-amd64
327 f163bc65c7666ef58e0be3336e8c846ae2b7b388fbb2d7db0bcdc3fd1abae462 286298 main/Contents-amd64.gz
328 0fba50799ef72d0c2b354d0bcbbc8c623f6dae5a7fd7c218a54ea44dd8a49d5e 1088265 main/binary-amd64/Packages
329 69382470a88b67acde80fe45ab223016adebc445713ff0aa3272902581d21f13 159344 main/binary-amd64/Packages.bz2
330 1724b8ace5bd8882943e9463d8525006f33ca704480da0186fd47937451dc216 169456 main/binary-amd64/Packages.gz
331 0f509a0cb07e0ab433176fa47a21dccccc6b519f25f640cc58561104c11de6c2 95 main/binary-amd64/Release
332 SHA512:
333 f69f09c6180ceb6625a84b5f7123ad27972983146979dcfd9c38b2990459b52b4975716f85374511486bb5ad5852ebb1ef8265176df7134fc15b17ada3ba596c 5821166 Contents-amd64
334 46031bf89166188989368957d20cdcaac6eec72bab3f9839c9704bb08cbee3174ca6da11e290b0eab0e6b5754c1e7feb06d18ec9c5a0c955029cef53235e0a3a 286298 Contents-amd64.gz
335 f69f09c6180ceb6625a84b5f7123ad27972983146979dcfd9c38b2990459b52b4975716f85374511486bb5ad5852ebb1ef8265176df7134fc15b17ada3ba596c 5821166 main/Contents-amd64
336 46031bf89166188989368957d20cdcaac6eec72bab3f9839c9704bb08cbee3174ca6da11e290b0eab0e6b5754c1e7feb06d18ec9c5a0c955029cef53235e0a3a 286298 main/Contents-amd64.gz
337 3f78baf5adbaf0100996555b154807c794622fd0b5879b568ae0b6560e988fbfabed8d97db5a703d1a58514b9690fc6b60f9ad2eeece473d86ab257becd0ae41 1088265 main/binary-amd64/Packages
338 18f26df90beff29192662ca40525367c3c04f4581d59d2e9ab1cd0700a145b6a292a1609ca33ebe1c211f13718a8eee751f41fd8189cf93d52aa3e0851542dfc 159344 main/binary-amd64/Packages.bz2
339 6a6d917229e0cf06c493e174a87d76e815717676f2c70bcbd3bc689a80bd3c5489ea97db83b8f74cba8e70f374f9d9974f22b1ed2687a4ba1dacd22fdef7e14d 169456 main/binary-amd64/Packages.gz
340 e1a4378ad266c13c2edf8a0e590fa4d11973ab99ce79f15af005cb838f1600f66f3dc6da8976fa8b474da9073c118039c27623ab3360c6df115071497fe4f50c 95 main/binary-amd64/Release
341
342 -----BEGIN PGP SIGNATURE-----
343 Version: BSN Pgp v1.0.0.0
344
345 iQEcBAEBCAAGBQJeHC1bAAoJEOs+lK2+EinPAg8H/1rrhcgfm1HYL+Vmr9Ns6ton
346 LWQ8r13ADN66UTRa3XsO9V+q1fYowTqpXq6EZt2Gmlby/cpDf7mFPM5IteOXWLl7
347 QcWxPKHcdPIUi+h5F7BkFW65imP9GyX+V5Pxx5X544op7hYKaI0gAQ1oYtWDb3HE
348 4D27fju6icbj8w6E8TePcrDn82UvWAcaI5WSLboyhXCt2DxS3PNGFlyaP58zKJ8F
349 9cbBzksuMgMaTPAAMrU0zrFGfGeQz0Yo6nV/gRGiQaL9pSeIJWSKLNCMG/nIGmv2
350 xHVNFqTEetREY6UcQmuhwOn4HezyigH6XCBVp/Uez1izXiNdwBOet34SSvnkuJ4=
351 -----END PGP SIGNATURE-----`)
352
353 var signingKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
354 Version: GnuPG v1.4.10 (GNU/Linux)
355
356 lQHYBE2rFNoBBADFwqWQIW/DSqcB4yCQqnAFTJ27qS5AnB46ccAdw3u4Greeu3Bp
357 idpoHdjULy7zSKlwR1EA873dO/k/e11Ml3dlAFUinWeejWaK2ugFP6JjiieSsrKn
358 vWNicdCS4HTWn0X4sjl0ZiAygw6GNhqEQ3cpLeL0g8E9hnYzJKQ0LWJa0QARAQAB
359 AAP/TB81EIo2VYNmTq0pK1ZXwUpxCrvAAIG3hwKjEzHcbQznsjNvPUihZ+NZQ6+X
360 0HCfPAdPkGDCLCb6NavcSW+iNnLTrdDnSI6+3BbIONqWWdRDYJhqZCkqmG6zqSfL
361 IdkJgCw94taUg5BWP/AAeQrhzjChvpMQTVKQL5mnuZbUCeMCAN5qrYMP2S9iKdnk
362 VANIFj7656ARKt/nf4CBzxcpHTyB8+d2CtPDKCmlJP6vL8t58Jmih+kHJMvC0dzn
363 gr5f5+sCAOOe5gt9e0am7AvQWhdbHVfJU0TQJx+m2OiCJAqGTB1nvtBLHdJnfdC9
364 TnXXQ6ZXibqLyBies/xeY2sCKL5qtTMCAKnX9+9d/5yQxRyrQUHt1NYhaXZnJbHx
365 q4ytu0eWz+5i68IYUSK69jJ1NWPM0T6SkqpB3KCAIv68VFm9PxqG1KmhSrQIVGVz
366 dCBLZXmIuAQTAQIAIgUCTasU2gIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA
367 CgkQO9o98PRieSoLhgQAkLEZex02Qt7vGhZzMwuN0R22w3VwyYyjBx+fM3JFETy1
368 ut4xcLJoJfIaF5ZS38UplgakHG0FQ+b49i8dMij0aZmDqGxrew1m4kBfjXw9B/v+
369 eIqpODryb6cOSwyQFH0lQkXC040pjq9YqDsO5w0WYNXYKDnzRV0p4H1pweo2VDid
370 AdgETasU2gEEAN46UPeWRqKHvA99arOxee38fBt2CI08iiWyI8T3J6ivtFGixSqV
371 bRcPxYO/qLpVe5l84Nb3X71GfVXlc9hyv7CD6tcowL59hg1E/DC5ydI8K8iEpUmK
372 /UnHdIY5h8/kqgGxkY/T/hgp5fRQgW1ZoZxLajVlMRZ8W4tFtT0DeA+JABEBAAEA
373 A/0bE1jaaZKj6ndqcw86jd+QtD1SF+Cf21CWRNeLKnUds4FRRvclzTyUMuWPkUeX
374 TaNNsUOFqBsf6QQ2oHUBBK4VCHffHCW4ZEX2cd6umz7mpHW6XzN4DECEzOVksXtc
375 lUC1j4UB91DC/RNQqwX1IV2QLSwssVotPMPqhOi0ZLNY7wIA3n7DWKInxYZZ4K+6
376 rQ+POsz6brEoRHwr8x6XlHenq1Oki855pSa1yXIARoTrSJkBtn5oI+f8AzrnN0BN
377 oyeQAwIA/7E++3HDi5aweWrViiul9cd3rcsS0dEnksPhvS0ozCJiHsq/6GFmy7J8
378 QSHZPteedBnZyNp5jR+H7cIfVN3KgwH/Skq4PsuPhDq5TKK6i8Pc1WW8MA6DXTdU
379 nLkX7RGmMwjC0DBf7KWAlPjFaONAX3a8ndnz//fy1q7u2l9AZwrj1qa1iJ8EGAEC
380 AAkFAk2rFNoCGwwACgkQO9o98PRieSo2/QP/WTzr4ioINVsvN1akKuekmEMI3LAp
381 BfHwatufxxP1U+3Si/6YIk7kuPB9Hs+pRqCXzbvPRrI8NHZBmc8qIGthishdCYad
382 AHcVnXjtxrULkQFGbGvhKURLvS9WnzD/m1K2zzwxzkPTzT9/Yf06O6Mal5AdugPL
383 VrM0m72/jnpKo04=
384 =zNCn
385 -----END PGP PRIVATE KEY BLOCK-----
386 `
387
View as plain text