Obsolete option --no-sig-create-check.
[gnupg.git] / checks / verify.test
1 #!/bin/sh
2
3 . $srcdir/defs.inc || exit 3
4
5 suspend_error
6
7 #
8 # Two simple tests to check that verify fails for bad input data
9 #
10 info "checking bogus signature 1"
11 ../tools/mk-tdata --char 0x2d 64 >x
12 $GPG --verify x data-500 && error "no error code from verify"
13 info "checking bogus signature 2"
14 ../tools/mk-tdata --char 0xca 64 >x
15 $GPG --verify x data-500 && error "no error code from verify"
16
17 linefeed
18
19 # A variable to collect the test names
20 tests=""
21
22 # A plain signed message created using
23 #  echo abc | gpg --homedir . --passphrase-fd 0 -u Alpha -z0 -sa msg
24 tests="$tests msg_ols_asc"
25 msg_ols_asc='-----BEGIN PGP MESSAGE-----
26
27 kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
28 dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
29 aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
30 cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
31 cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
32 IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
33 UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
34 D8luT78c/1x45Q==
35 =a29i
36 -----END PGP MESSAGE-----'
37
38 # A plain signed message created using
39 #  echo abc | gpg --homedir . --passphrase-fd 0 -u Alpha -sa msg
40 tests="$tests msg_cols_asc"
41 msg_cols_asc='-----BEGIN PGP MESSAGE-----
42
43 owGbwMvMwCSoW1RzPCOz3IRxLSN7EnNucboLT6Cgp0JJRmZeNpBMLFFIzMlRKMpM
44 zyjRBQtm5qUrFKTmF+SkKmTmgdQVKyTnl+aVFFUqJBalKhRnJmcrJOalcJVkFqWm
45 KOSnKSSlgrSU5OekQMzLL0rJzEsEKk9JTU7NK4EZBtKcBtRRWgAzlwtmbnlmSQbU
46 GJjxCmDj9RQUPNVzFZJTi0oSM/NyKhXy8kuAYk6lJSBxLlTF2NziqZCYq8elq+Cb
47 n1dSqRBQWZKRn8fVYc/MygAKBljYCDIFiTDMT+9seu836Q+bevyHTJ0dzPNuvCjn
48 ZpgrwX38z58rJsfYDhwOSS4SkN/d6vUAAA==
49 =s6sY
50 -----END PGP MESSAGE-----'
51
52 # A PGP 2 style message.
53 tests="$tests msg_sl_asc"
54 msg_sl_asc='-----BEGIN PGP MESSAGE-----
55
56 iD8DBQBEDFJaLXJ8x2hpdzQRAkeCAKCZRBk2Pmx4w9h2LgosS0AppNNaWwCgiI5M
57 yzgJpGTZtA/Jbk+/HP9ceOWtAQdiA21zZ0QMUlpJIHRoaW5rIHRoYXQgYWxsIHJp
58 Z2h0LXRoaW5raW5nIHBlb3BsZSBpbiB0aGlzIGNvdW50cnkgYXJlIHNpY2sgYW5k
59 CnRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBvcmRpbmFyeSBkZWNlbnQgcGVvcGxl
60 IGFyZSBmZWQgdXAgaW4gdGhpcwpjb3VudHJ5IHdpdGggYmVpbmcgc2ljayBhbmQg
61 dGlyZWQuICBJJ20gY2VydGFpbmx5IG5vdC4gIEJ1dCBJJ20Kc2ljayBhbmQgdGly
62 ZWQgb2YgYmVpbmcgdG9sZCB0aGF0IEkgYW0uCi0gTW9udHkgUHl0aG9uCg==
63 =0ukK
64 -----END PGP MESSAGE-----'
65
66 # An OpenPGP message lacking the onepass packet.  We used to accept
67 # such messages but now consider them invalid.
68 tests="$tests bad_ls_asc"
69 bad_ls_asc='-----BEGIN PGP MESSAGE-----
70
71 rQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9w
72 bGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0
73 b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRo
74 aXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRh
75 aW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQg
76 dGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IA
77 oJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Q==
78 =Mpiu
79 -----END PGP MESSAGE-----'
80
81
82 # A signed message prefixed with an unsigned literal packet.
83 # (fols = faked-literal-data, one-pass, literal-data, signature)
84 # This should throw an error because running gpg to extract the
85 # signed data will return both literal data packets
86 tests="$tests bad_fols_asc"
87 bad_fols_asc='-----BEGIN PGP MESSAGE-----
88
89 rF1iDG1zZy51bnNpZ25lZEQMY0x0aW1lc2hhcmluZywgbjoKCUFuIGFjY2VzcyBt
90 ZXRob2Qgd2hlcmVieSBvbmUgY29tcHV0ZXIgYWJ1c2VzIG1hbnkgcGVvcGxlLgqQ
91 DQMAAhEtcnzHaGl3NAGtAQdiA21zZ0QMUlpJIHRoaW5rIHRoYXQgYWxsIHJpZ2h0
92 LXRoaW5raW5nIHBlb3BsZSBpbiB0aGlzIGNvdW50cnkgYXJlIHNpY2sgYW5kCnRp
93 cmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBvcmRpbmFyeSBkZWNlbnQgcGVvcGxlIGFy
94 ZSBmZWQgdXAgaW4gdGhpcwpjb3VudHJ5IHdpdGggYmVpbmcgc2ljayBhbmQgdGly
95 ZWQuICBJJ20gY2VydGFpbmx5IG5vdC4gIEJ1dCBJJ20Kc2ljayBhbmQgdGlyZWQg
96 b2YgYmVpbmcgdG9sZCB0aGF0IEkgYW0uCi0gTW9udHkgUHl0aG9uCog/AwUARAxS
97 Wi1yfMdoaXc0EQJHggCgmUQZNj5seMPYdi4KLEtAKaTTWlsAoIiOTMs4CaRk2bQP
98 yW5Pvxz/XHjl
99 =UNM4
100 -----END PGP MESSAGE-----'
101
102 # A signed message suffixed with an unsigned literal packet.
103 # (fols = faked-literal-data, one-pass, literal-data, signature)
104 # This should throw an error because running gpg to extract the
105 # signed data will return both literal data packets
106 tests="$tests bad_olsf_asc"
107 bad_olsf_asc='-----BEGIN PGP MESSAGE-----
108
109 kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
110 dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
111 aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
112 cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
113 cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
114 IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
115 UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
116 D8luT78c/1x45axdYgxtc2cudW5zaWduZWREDGNMdGltZXNoYXJpbmcsIG46CglB
117 biBhY2Nlc3MgbWV0aG9kIHdoZXJlYnkgb25lIGNvbXB1dGVyIGFidXNlcyBtYW55
118 IHBlb3BsZS4K
119 =3gnG
120 -----END PGP MESSAGE-----'
121
122
123 # Two standard signed messages in a row
124 tests="$tests msg_olsols_asc_multiple"
125 msg_olsols_asc_multiple='-----BEGIN PGP MESSAGE-----
126
127 kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
128 dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
129 aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
130 cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
131 cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
132 IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
133 UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
134 D8luT78c/1x45ZANAwACES1yfMdoaXc0Aa0BB2IDbXNnRAxSWkkgdGhpbmsgdGhh
135 dCBhbGwgcmlnaHQtdGhpbmtpbmcgcGVvcGxlIGluIHRoaXMgY291bnRyeSBhcmUg
136 c2ljayBhbmQKdGlyZWQgb2YgYmVpbmcgdG9sZCB0aGF0IG9yZGluYXJ5IGRlY2Vu
137 dCBwZW9wbGUgYXJlIGZlZCB1cCBpbiB0aGlzCmNvdW50cnkgd2l0aCBiZWluZyBz
138 aWNrIGFuZCB0aXJlZC4gIEknbSBjZXJ0YWlubHkgbm90LiAgQnV0IEknbQpzaWNr
139 IGFuZCB0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgSSBhbS4KLSBNb250eSBQeXRo
140 b24KiD8DBQBEDFJaLXJ8x2hpdzQRAkeCAKCZRBk2Pmx4w9h2LgosS0AppNNaWwCg
141 iI5MyzgJpGTZtA/Jbk+/HP9ceOU=
142 =8nLN
143 -----END PGP MESSAGE-----'
144
145 # A standard message with two signatures (actually the same signature
146 # duplicated).
147 tests="$tests msg_oolss_asc"
148 msg_oolss_asc='-----BEGIN PGP MESSAGE-----
149
150 kA0DAAIRLXJ8x2hpdzQBkA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGlu
151 ayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5
152 IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkg
153 ZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJl
154 aW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdt
155 CnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5
156 IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk
157 01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Yg/AwUARAxSWi1yfMdoaXc0EQJHggCg
158 mUQZNj5seMPYdi4KLEtAKaTTWlsAoIiOTMs4CaRk2bQPyW5Pvxz/XHjl
159 =KVw5
160 -----END PGP MESSAGE-----'
161
162 # A standard message with two one-pass packet but only one signature
163 # packet
164 tests="$tests bad_ools_asc"
165 bad_ools_asc='-----BEGIN PGP MESSAGE-----
166
167 kA0DAAIRLXJ8x2hpdzQBkA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGlu
168 ayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5
169 IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkg
170 ZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJl
171 aW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdt
172 CnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5
173 IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk
174 01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Q==
175 =1/ix
176 -----END PGP MESSAGE-----'
177
178 # Standard cleartext signature
179 tests="$tests msg_cls_asc"
180 msg_cls_asc=`cat <<EOF
181 -----BEGIN PGP SIGNED MESSAGE-----
182 Hash: SHA1
183
184 I think that all right-thinking people in this country are sick and
185 tired of being told that ordinary decent people are fed up in this
186 country with being sick and tired.  I'm certainly not.  But I'm
187 sick and tired of being told that I am.
188 - - Monty Python
189 -----BEGIN PGP SIGNATURE-----
190
191 iD8DBQFEDVp1LXJ8x2hpdzQRAplUAKCMfpG3GPw/TLN52tosgXP5lNECkwCfQhAa
192 emmev7IuQjWYrGF9Lxj+zj8=
193 =qJsY
194 -----END PGP SIGNATURE-----
195 EOF
196 `
197
198 # Cleartext signature with two signatures
199 tests="$tests msg_clss_asc"
200 msg_clss_asc=`cat <<EOF
201 -----BEGIN PGP SIGNED MESSAGE-----
202 Hash: SHA1
203
204 What is the difference between a Turing machine and the modern computer?
205 It's the same as that between Hillary's ascent of Everest and the
206 establishment of a Hilton on its peak.
207 -----BEGIN PGP SIGNATURE-----
208
209 iD8DBQFEDVz6LXJ8x2hpdzQRAtkGAKCeMhNbHnh339fpjNj9owsYcC4zBwCfYO5l
210 2u+KEfXX0FKyk8SMzLjZ536IPwMFAUQNXPr+GAsdqeOwshEC2QYAoPOWAiQm0EF/
211 FWIAQUplk7JWbyRKAJ92ZJyJpWfzb0yc1s7MY65r2qEHrg==
212 =1Xvv
213 -----END PGP SIGNATURE-----
214 EOF
215 `
216
217 # Two clear text signatures in a row
218 tests="$tests msg_clsclss_asc_multiple"
219 msg_clsclss_asc_multiple="${msg_cls_asc}
220 ${msg_clss_asc}"
221
222
223 # Fixme:  We need more tests with manipulated cleartext signatures.
224
225
226 #
227 # Now run the tests.
228 #
229 # Note that we need to use set +x/-x for the base case check 
230 # to work around a bug in OpenBSD's sh
231 #
232 for i in $tests ; do
233    info "checking: $i"
234    eval "(IFS=; echo \"\$$i\")" >x
235    case "$i" in
236     msg_*_asc)
237        $GPG --verify x || error "verify of $i failed"
238        ;;
239     msg_*_asc_multiple)
240        $GPG --verify --allow-multiple-messages x \
241            || error "verify of $i failed"
242        set +x
243        $GPG --verify x && error "verify of $i succeeded but should not"
244        set -x
245        ;;
246     bad_*_asc)
247        set +x
248        $GPG --verify x && error "verify of $i succeeded but should not"
249        set -x
250        ;;
251     *)
252        error "No handler for test case $i"
253        ;;
254    esac
255    linefeed
256 done
257
258
259 resume_error