From efb26654970bcbc279f81250e7a0f7b708a6d070 Mon Sep 17 00:00:00 2001 From: TLINDEN Date: Thu, 27 Feb 2014 19:53:25 +0100 Subject: [PATCH] fixed invalid tests --- VERSION | 2 +- libpcp/key.c | 2 +- man/pcp1.pod | 21 ++++++++- tests/invalidkeys.c | 103 +++++++++++++++++++++++--------------------- tests/invalidkeys.h | 4 +- tests/unittests.cfg | 37 +++++----------- 6 files changed, 89 insertions(+), 80 deletions(-) diff --git a/VERSION b/VERSION index ee1372d..f477849 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.2.2 +0.2.2 \ No newline at end of file diff --git a/libpcp/key.c b/libpcp/key.c index c00bfa3..1b67581 100644 --- a/libpcp/key.c +++ b/libpcp/key.c @@ -408,7 +408,7 @@ int pcp_sanitycheck_key(pcp_key_t *key) { struct tm *c; time_t t = (time_t)key->ctime; c = localtime(&t); - if(c->tm_year <= 0 || c->tm_year > 1100) { + if(c->tm_year <= 70 || c->tm_year > 1100) { /* well, I'm perhaps overacting here :) */ fatal("Secretkey sanity check: invalid creation timestamp (got year %04d)!\n", c->tm_year + 1900); return 1; diff --git a/man/pcp1.pod b/man/pcp1.pod index 3e7e4f4..30e68c2 100644 --- a/man/pcp1.pod +++ b/man/pcp1.pod @@ -130,6 +130,7 @@ Pretty Curved Privacy - File encryption using eliptic curve cryptography. If none of -i or -r has been given, encrypt the message symetrically. This is the same as -m (self-encryption mode). + Add -z to ascii armor the output using Z85. -m --encrypt-me Sym-Encrypt a message. Specify -I and/or -O for input/output file. You will be asked for a passphrase. No key material will @@ -167,10 +168,10 @@ Pretty Curved Privacy - File encryption using eliptic curve cryptography. If used with encryption or singing operation encode its output. Otherwise encode a plain file. Use -I and -O respectively, otherwise it - stdin/stdout. + uses stdin/stdout. -Z --z85-decode Decode (dearmor) something from Z85 encoding. Use -I and -O respectively, otherwise it - stdin/stdout + uses stdin/stdout @@ -695,6 +696,9 @@ secret key, R is the recipient list, L is the number of recipients, T is the filetype header, I is a block of input with a size of 32k, N is a nonce (new per block) and S the symmetric key. +The encrypted output maybe Z85 encoded. In this case the Z85 +encoding will be done blockwise with blocks of 16k bytes. The +decoded content inside will be as described above. =head2 SIGNATURE FORMAT @@ -799,6 +803,19 @@ secret signing key and S the symmetric key. =head2 Z85 ENCODING B uses Z85 to encode exported keys and armored signatures. +Comments in encoded files are surrounded by the tilde character. +We're using the tilde because it's not part of the Z85 base +charset. Sample: + + ~~~ Header ~~~ + ~ Version: 1 ~ + 246ge]+yn={}]Xi3*N3Xx34Y^0rz:r.5j + v#6Sh/m3XKwy?VlA+h8ks]9:kVj{D[fd7]NA]T-(ne+xo!W5X5-gIUWqM + ~~~ Footer ~~~ + +Multiple tildes can be used as long as their number is uneven. + +This is a proprietary PCP extension. =head3 Z85 BACKGROUND diff --git a/tests/invalidkeys.c b/tests/invalidkeys.c index 120de01..8b90fe7 100644 --- a/tests/invalidkeys.c +++ b/tests/invalidkeys.c @@ -20,12 +20,11 @@ int main() { pcp_key_t *key = pcpkey_encrypt(k, pw); int i; - for(i=0; i<5; i++) - mkinv(key, i); + for(i=0; i<3; i++) + mkinvalid_secret(key, i); - pcp_pubkey_t *pub = pcpkey_pub_from_secret(key); for(i=0; i<4; i++) - mkinvp(pub, i); + mkinvalid_public(key, i); mkinvv("testvault-invalidheader", 0); mkinvv("testvault-invalidversion", 1); @@ -103,64 +102,72 @@ void mkinvv(const char *name, int type) { fclose(v->fd); } -void mkinvp(pcp_pubkey_t *k, int type) { - pcp_pubkey_t *key = ucmalloc(sizeof(pcp_pubkey_t)); - memcpy(key, k, sizeof(pcp_pubkey_t)); - - switch(type) { - case 0: - key->type = 0; - pcppubkey_print(key, F("testpubkey-wrong-type")); - break; - case 1: - key->version = 0; - pcppubkey_print(key, F("testpubkey-wrong-version")); - break; - case 2: - key->serial = 0; - pcppubkey_print(key, F("testpubkey-wrong-serial")); - break; - case 3: - key->id[16] = 0x3e; - pcppubkey_print(key, F("testpubkey-invalid-id")); - break; - case 4: - key->ctime = 0; - pcppubkey_print(key, F("testpubkey-invalid-ctime")); - break; - } -} - -void mkinv(pcp_key_t *k, int type) { +void mkinvalid_public(pcp_key_t *k, int type) { pcp_key_t *key = ucmalloc(sizeof(pcp_key_t)); memcpy(key, k, sizeof(pcp_key_t)); + FILE *fd = NULL; switch(type) { case 0: - key->encrypted[0] = 0; - pcpkey_print(key, F("testkey-not-encrypted")); + key->type = 0; + fd = F("testpubkey-wrong-type"); break; case 1: - key->type = 0; - pcpkey_print(key, F("testkey-wrong-type")); + key->version = 0; + fd = F("testpubkey-wrong-version"); break; case 2: - key->version = 0; - pcpkey_print(key, F("testkey-wrong-version")); + key->serial = 0; + fd = F("testpubkey-wrong-serial"); break; case 3: - key->serial = 0; - pcpkey_print(key, F("testkey-wrong-serial")); - break; - case 4: - key->id[16] = 0x1; - pcpkey_print(key, F("testkey-invalid-id")); - break; - case 5: key->ctime = 0; - pcpkey_print(key, F("testkey-invalid-ctime")); + fd = F("testpubkey-invalid-ctime"); break; } + + if(fd != NULL) { + Buffer *b = pcp_export_rfc_pub(key); + fwrite(buffer_get(b), 1, buffer_size(b), fd); + fclose(fd); + } + + free(key); +} + +void mkinvalid_secret(pcp_key_t *k, int type) { + pcp_key_t *key = ucmalloc(sizeof(pcp_key_t)); + memcpy(key, k, sizeof(pcp_key_t)); + FILE *fd = NULL; + + fprintf(stderr, "fd test %d\n", type); + + switch(type) { + case 0: + key->version = 0; + fd = F("testkey-wrong-version"); + break; + case 1: + key->serial = 0; + fd = F("testkey-wrong-serial"); + break; + case 2: + key->ctime = 0; + fd = F("testkey-invalid-ctime"); + break; + } + + if(fd != NULL) { + pcp_dumpkey(key); + Buffer *b = pcp_export_secret(key, "xxx"); + fwrite(buffer_get(b), 1, buffer_size(b), fd); + fclose(fd); + } + else { + fprintf(stderr, "fd not opened for test %d\n", type); + } + + free(key); } FILE *F(char *filename) { diff --git a/tests/invalidkeys.h b/tests/invalidkeys.h index 694f2d0..674eaf2 100644 --- a/tests/invalidkeys.h +++ b/tests/invalidkeys.h @@ -10,8 +10,8 @@ #include "key.h" #include "vault.h" -void mkinv(pcp_key_t *k, int type); -void mkinvp(pcp_pubkey_t *k, int type); +void mkinvalid_secret(pcp_key_t *k, int type); +void mkinvalid_public(pcp_key_t *k, int type); void mkinvv(const char *name, int type); FILE *F(char *filename); diff --git a/tests/unittests.cfg b/tests/unittests.cfg index 880ad91..da63cbf 100644 --- a/tests/unittests.cfg +++ b/tests/unittests.cfg @@ -441,38 +441,23 @@ temporarily disabled expect = /contain any keys so far/ -/* -disabled, need to re-design invalidkeys.c in order to catch up with new format - - + prepare = ./invalidkeys - cmd = $pcp -V $vault -S -I testkey-invalid-id - expect /(invalid key id|could not decode input)/ - - - - cmd = $pcp -V $vault -S -I testkey-not-encrypted - expect = /secret key contained in key seems to be empty/ - - - - cmd = $pcp -V $vault -S -I testkey-wrong-type - expect = /key type is not SECRET/ - - cmd = $pcp -V $vault -S -I testkey-wrong-version + cmd = $pcp -V $vault -S -I testkey-wrong-version -x xxx expect = /unknown key version/ - - - - prepare = ./invalidkeys - cmd = $pcp -V $vault -P -I testpubkey-invalid-id - expect = /(invalid key id|could not decode input)/ + + cmd = $pcp -V $vault -S -I testkey-wrong-serial -x xxx + expect = /invalid serial number/ - + + cmd = $pcp -V $vault -S -I testkey-invalid-ctime -x xxx + expect = /invalid creation timestamp/ + +/* cmd = $pcp -V $vault -P -I testpubkey-wrong-type expect = /key type is not PUBLIC/ @@ -482,8 +467,8 @@ disabled, need to re-design invalidkeys.c in order to catch up with new format cmd = $pcp -V $vault -P -I testpubkey-wrong-version expect = /unknown key version/ - */ + prepare = ./invalidkeys