key-add-userid.cpp

/*

 * Copyright (c) 2017-2019 [Ribose Inc](https://www.ribose.com).

 * All rights reserved.

 * Redistribution and use in source and binary forms, with or without modification,

 * are permitted provided that the following conditions are met:

 * 1.  Redistributions of source code must retain the above copyright notice,

 *     this list of conditions and the following disclaimer.

 * 2.  Redistributions in binary form must reproduce the above copyright notice,

 *     this list of conditions and the following disclaimer in the documentation

 *     and/or other materials provided with the distribution.

 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND

 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE

 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF

 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

*/

#include "../librekey/key_store_pgp.h"

#include "pgp-key.h"

#include "rnp_tests.h"

#include "support.h"

/* This test loads a pgp keyring and adds a few userids to the key.

*/

TEST_F(rnp_tests, test_key_add_userid)

    pgp_key_t *        key = NULL;

    pgp_source_t       src = {};

    pgp_dest_t         dst = {};

    const uint32_t     base_expiry = 1234567890;

    static const char *keyids[] = {"7bc6709b15c23a4a", // primary

                                   "1ed63ee56fadc34d",

                                   "1d7e8a5393c997a8",

                                   "8a05b89fad5aded1",

                                   "2fcadf05ffa501bb", // primary

                                   "54505a936a4a970e",

                                   "326ef111425d14a5"};

    rnp_key_store_t *ks = new rnp_key_store_t(global_ctx);

    assert_rnp_success(init_file_src(&src, "data/keyrings/1/secring.gpg"));

    assert_rnp_success(rnp_key_store_pgp_read_from_src(ks, &src));

    src_close(&src);

    // locate our key

    assert_non_null(key = rnp_tests_get_key_by_id(ks, keyids[0]));

    assert_non_null(key);

    // unlock the key

    pgp_password_provider_t pprov(string_copy_password_callback, (void *) "password");

    assert_true(key->unlock(pprov));

    // save the counts for a few items

    unsigned uidc = key->uid_count();

    unsigned subsigc = key->sig_count();

    // add first, non-primary userid

    rnp_selfsig_cert_info_t selfsig0;

    selfsig0.userid = "added0";

    selfsig0.key_flags = 0x2;

    selfsig0.key_expiration = base_expiry;

    selfsig0.primary = false;

    auto curtime = global_ctx.time();

    global_ctx.set_time(curtime > SHA1_KEY_FROM ? SHA1_KEY_FROM - 100 : 0);

    key->add_uid_cert(selfsig0, PGP_HASH_SHA1, global_ctx);

    // attempt to add sha1-signed uid and make sure it succeeds now and fails after the cutoff

    // date in 2024

    assert_int_equal(base_expiry, key->expiration());

    assert_int_equal(0x2, key->flags());

    assert_true(key->get_uid(uidc).valid);

    // delete new uid and add one in the future

    key->del_uid(uidc);

    global_ctx.set_time(SHA1_KEY_FROM + 2);

    key->add_uid_cert(selfsig0, PGP_HASH_SHA1, global_ctx);

    assert_int_equal(0, key->expiration());

    assert_int_equal(0x3, key->flags());

    assert_false(key->get_uid(uidc).valid);

    global_ctx.set_time(0);

    key->del_uid(uidc);

    assert_int_equal(uidc, key->uid_count());

    assert_int_equal(subsigc, key->sig_count());

    key->add_uid_cert(selfsig0, PGP_HASH_SHA256, global_ctx);

    // make sure this userid has not been marked as primary

    assert_false(key->has_primary_uid());

    // make sure key expiration and flags are set

    assert_int_equal(base_expiry, key->expiration());

    assert_int_equal(0x2, key->flags());

    assert_true(key->get_uid(uidc).valid);

    // add a primary userid

    rnp_selfsig_cert_info_t selfsig1;

    selfsig1.userid = "added1";

    selfsig1.key_flags = 0xAB;

    selfsig1.key_expiration = base_expiry + 1;

    selfsig1.primary = 1;

    key->add_uid_cert(selfsig1, PGP_HASH_SHA256, global_ctx);

    // make sure this userid has been marked as primary

    assert_int_equal(key->uid_count() - 1, key->get_primary_uid());

    // make sure key expiration and flags are set

    assert_int_equal(base_expiry + 1, key->expiration());

    assert_int_equal(0xAB, key->flags());

    assert_true(key->get_uid(uidc + 1).valid);

    // try to add the same userid (should fail)

    rnp_selfsig_cert_info_t dup_selfsig;

    dup_selfsig.userid = "added1";

    assert_throw(key->add_uid_cert(dup_selfsig, PGP_HASH_SHA256, global_ctx));

    // try to add another primary userid (should fail)

    rnp_selfsig_cert_info_t selfsig2;

    selfsig2.userid = "added2";

    selfsig2.primary = 1;

    assert_throw(key->add_uid_cert(selfsig2, PGP_HASH_SHA256, global_ctx));

    selfsig2.userid = "added2";

    selfsig2.key_flags = 0xCD;

    selfsig2.primary = 0;

    // actually add another userid

    key->add_uid_cert(selfsig2, PGP_HASH_SHA256, global_ctx);

    // confirm that the counts have increased as expected

    assert_int_equal(key->uid_count(), uidc + 3);

    assert_int_equal(key->sig_count(), subsigc + 3);

    assert_true(key->get_uid(uidc + 2).valid);

    // make sure key expiration and flags are not updated as they are picked from the primary

    assert_int_equal(base_expiry + 1, key->expiration());

    assert_int_equal(0xAB, key->flags());

    // check the userids array

    // added0

    assert_string_equal(key->get_uid(uidc).str.c_str(), "added0");

    assert_int_equal(uidc, key->get_sig(subsigc).uid);

    assert_int_equal(0x2, key->get_sig(subsigc).key_flags);

    // added1

    assert_string_equal(key->get_uid(uidc + 1).str.c_str(), "added1");

    assert_int_equal(uidc + 1, key->get_sig(subsigc + 1).uid);

    assert_int_equal(0xAB, key->get_sig(subsigc + 1).key_flags);

    // added2

    assert_string_equal(key->get_uid(uidc + 2).str.c_str(), "added2");

    assert_int_equal(uidc + 2, key->get_sig(subsigc + 2).uid);

    assert_int_equal(0xCD, key->get_sig(subsigc + 2).key_flags);

    // save the raw packets for the key (to reload later)

    assert_rnp_success(init_mem_dest(&dst, NULL, 0));

    key->write(dst);

    // cleanup

    delete ks;

    key = NULL;

    // start over

    ks = new rnp_key_store_t(global_ctx);

    assert_non_null(ks);

    // read from the saved packets

    assert_rnp_success(init_mem_src(&src, mem_dest_get_memory(&dst), dst.writeb, false));

    assert_rnp_success(rnp_key_store_pgp_read_from_src(ks, &src));

    src_close(&src);

    dst_close(&dst, true);

    assert_non_null(key = rnp_tests_get_key_by_id(ks, keyids[0]));

    // confirm that the counts have increased as expected

    assert_int_equal(key->uid_count(), uidc + 3);

    assert_int_equal(key->sig_count(), subsigc + 3);

    // make sure correct key expiration and flags are set

    assert_int_equal(base_expiry + 1, key->expiration());

    assert_int_equal(0xAB, key->flags());

    // check the userids array

    // added0

    assert_string_equal(key->get_uid(uidc).str.c_str(), "added0");

    assert_int_equal(uidc, key->get_sig(subsigc).uid);

    assert_int_equal(0x2, key->get_sig(subsigc).key_flags);

    assert_true(key->get_uid(uidc).valid);

    // added1

    assert_string_equal(key->get_uid(uidc + 1).str.c_str(), "added1");

    assert_int_equal(uidc + 1, key->get_sig(subsigc + 1).uid);

    assert_int_equal(0xAB, key->get_sig(subsigc + 1).key_flags);

    assert_true(key->get_uid(uidc + 1).valid);

    // added2

    assert_string_equal(key->get_uid(uidc + 2).str.c_str(), "added2");

    assert_int_equal(uidc + 2, key->get_sig(subsigc + 2).uid);

    assert_int_equal(0xCD, key->get_sig(subsigc + 2).key_flags);

    assert_true(key->get_uid(uidc + 2).valid);

    // delete primary userid and see how flags/expiration changes

    key->del_uid(uidc + 1);

    key->revalidate(*ks);

    assert_string_equal(key->get_uid(uidc + 1).str.c_str(), "added2");

    assert_int_equal(uidc + 1, key->get_sig(subsigc + 1).uid);

    assert_int_equal(0xCD, key->get_sig(subsigc + 1).key_flags);

    assert_int_equal(key->expiration(), 0);

    assert_int_equal(key->flags(), 0xCD);

    // delete first uid

    key->del_uid(0);

    key->revalidate(*ks);

    assert_string_equal(key->get_uid(uidc).str.c_str(), "added2");

    assert_int_equal(uidc, key->get_sig(subsigc).uid);

    assert_int_equal(0xCD, key->get_sig(subsigc).key_flags);

    assert_int_equal(key->expiration(), 0);

    assert_int_equal(key->flags(), 0xCD);

    // delete last uid, leaving added0 only

    key->del_uid(uidc);

    key->revalidate(*ks);

    assert_string_equal(key->get_uid(uidc - 1).str.c_str(), "added0");

    assert_int_equal(uidc - 1, key->get_sig(subsigc - 1).uid);

    assert_int_equal(0x2, key->get_sig(subsigc - 1).key_flags);

    assert_int_equal(key->expiration(), base_expiry);

    assert_int_equal(key->flags(), 0x2);

    // delete added0

    key->del_uid(0);

    key->revalidate(*ks);

    // cleanup

    delete ks;

Revision control

Copy as Markdown

Other Tools