[Pkg-gnupg-commit] [gnupg2] 55/180: tests: Check the signature count in the TOFU TFS record.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Dec 24 22:29:07 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 17c717d7c92d9a52101fea7e396fc133322a8786
Author: Neal H. Walfield <neal at g10code.com>
Date: Tue Dec 6 12:05:45 2016 +0100
tests: Check the signature count in the TOFU TFS record.
* tests/openpgp/tofu.scm: Check the signature count in the TOFU TFS
record.
Signed-off-by: Neal H. Walfield <neal at g10code.com>
---
tests/openpgp/tofu.scm | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 56 insertions(+)
diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm
index c433085..bc45d99 100755
--- a/tests/openpgp/tofu.scm
+++ b/tests/openpgp/tofu.scm
@@ -164,6 +164,62 @@
(checkpolicy "1C005AF3" "bad")
(checkpolicy "B662E42F" "ask")
+;; Check that the stats are emitted correctly.
+
+(display "Checking TOFU stats...\n")
+
+(define (check-counts keyid expected-sigs expected-encs . args)
+ (let*
+ ((tfs (assoc "tfs"
+ (gpg-with-colons
+ `(--trust-model=tofu --with-tofu-info
+ , at args --list-keys ,keyid))))
+ (sigs (string->number (list-ref tfs 3)))
+ (encs (string->number (list-ref tfs 4))))
+ (display tfs)
+ (unless (= sigs expected-sigs)
+ (error keyid ": # signatures (" sigs ") does not match expected"
+ "# signatures (" expected-sigs ").\n"))
+ (unless (= encs expected-encs)
+ (error keyid ": # encryptions (" encs ") does not match expected"
+ "# encryptions (" expected-encs ").\n"))
+ ))
+
+;; Carefully remove the TOFU db.
+(catch '() (unlink (string-append GNUPGHOME "/tofu.db")))
+
+(check-counts "1C005AF3" 0 0)
+(check-counts "BE04EB2B" 0 0)
+(check-counts "B662E42F" 0 0)
+
+;; Verify a message. The signature count should increase by 1.
+(call-check `(, at GPG --trust-model=tofu
+ --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
+(check-counts "1C005AF3" 1 0)
+
+;; Verify the same message. The signature count should remain the
+;; same.
+(call-check `(, at GPG --trust-model=tofu
+ --verify ,(in-srcdir "tofu/conflicting/1C005AF3-1.txt")))
+(check-counts "1C005AF3" 1 0)
+
+;; Verify another message.
+(call-check `(, at GPG --trust-model=tofu
+ --verify ,(in-srcdir "tofu/conflicting/1C005AF3-2.txt")))
+(check-counts "1C005AF3" 2 0)
+
+;; Verify another message.
+(call-check `(, at GPG --trust-model=tofu
+ --verify ,(in-srcdir "tofu/conflicting/1C005AF3-3.txt")))
+(check-counts "1C005AF3" 3 0)
+
+;; Verify a message from a different sender. The signature count
+;; should increase by 1 for that key.
+(call-check `(, at GPG --trust-model=tofu
+ --verify ,(in-srcdir "tofu/conflicting/BE04EB2B-1.txt")))
+(check-counts "1C005AF3" 3 0)
+(check-counts "BE04EB2B" 1 0)
+(check-counts "B662E42F" 0 0)
;; Check that we detect the following attack:
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list