tests,tools: Reimplement 'mk-tdata' in Scheme.
[gnupg.git] / tests / openpgp / verify.scm
1 #!/usr/bin/env gpgscm
2
3 ;; Copyright (C) 2016 g10 Code GmbH
4 ;;
5 ;; This file is part of GnuPG.
6 ;;
7 ;; GnuPG is free software; you can redistribute it and/or modify
8 ;; it under the terms of the GNU General Public License as published by
9 ;; the Free Software Foundation; either version 3 of the License, or
10 ;; (at your option) any later version.
11 ;;
12 ;; GnuPG is distributed in the hope that it will be useful,
13 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
14 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 ;; GNU General Public License for more details.
16 ;;
17 ;; You should have received a copy of the GNU General Public License
18 ;; along with this program; if not, see <http://www.gnu.org/licenses/>.
19
20 (load (with-path "defs.scm"))
21
22 ;;
23 ;; Two simple tests to check that verify fails for bad input data
24 ;;
25 (for-each-p
26  "Checking bogus signature"
27  (lambda (char)
28    (lettmp (x)
29      (call-with-binary-output-file
30       x
31       (lambda (port)
32         (display (make-string 64 (integer->char (string->number char)))
33                  port)))
34      (if (= 0 (call `(,@GPG --verify ,x data-500)))
35          (error "no error code from verify"))))
36  '("#x2d" "#xca"))
37
38 ;; A plain signed message created using
39 ;;  echo abc | gpg --homedir . --passphrase-fd 0 -u Alpha -z0 -sa msg
40 (define msg_ols_asc "
41 -----BEGIN PGP MESSAGE-----
42
43 kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
44 dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
45 aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
46 cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
47 cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
48 IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
49 UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
50 D8luT78c/1x45Q==
51 =a29i
52 -----END PGP MESSAGE-----
53 ")
54
55 ;; A plain signed message created using
56 ;;  echo abc | gpg --homedir . --passphrase-fd 0 -u Alpha -sa msg
57 (define msg_cols_asc "
58 -----BEGIN PGP MESSAGE-----
59
60 owGbwMvMwCSoW1RzPCOz3IRxLSN7EnNucboLT6Cgp0JJRmZeNpBMLFFIzMlRKMpM
61 zyjRBQtm5qUrFKTmF+SkKmTmgdQVKyTnl+aVFFUqJBalKhRnJmcrJOalcJVkFqWm
62 KOSnKSSlgrSU5OekQMzLL0rJzEsEKk9JTU7NK4EZBtKcBtRRWgAzlwtmbnlmSQbU
63 GJjxCmDj9RQUPNVzFZJTi0oSM/NyKhXy8kuAYk6lJSBxLlTF2NziqZCYq8elq+Cb
64 n1dSqRBQWZKRn8fVYc/MygAKBljYCDIFiTDMT+9seu836Q+bevyHTJ0dzPNuvCjn
65 ZpgrwX38z58rJsfYDhwOSS4SkN/d6vUAAA==
66 =s6sY
67 -----END PGP MESSAGE-----
68 ")
69
70 ;; A PGP 2 style message.
71 (define msg_sl_asc "
72 -----BEGIN PGP MESSAGE-----
73
74 iD8DBQBEDFJaLXJ8x2hpdzQRAkeCAKCZRBk2Pmx4w9h2LgosS0AppNNaWwCgiI5M
75 yzgJpGTZtA/Jbk+/HP9ceOWtAQdiA21zZ0QMUlpJIHRoaW5rIHRoYXQgYWxsIHJp
76 Z2h0LXRoaW5raW5nIHBlb3BsZSBpbiB0aGlzIGNvdW50cnkgYXJlIHNpY2sgYW5k
77 CnRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBvcmRpbmFyeSBkZWNlbnQgcGVvcGxl
78 IGFyZSBmZWQgdXAgaW4gdGhpcwpjb3VudHJ5IHdpdGggYmVpbmcgc2ljayBhbmQg
79 dGlyZWQuICBJJ20gY2VydGFpbmx5IG5vdC4gIEJ1dCBJJ20Kc2ljayBhbmQgdGly
80 ZWQgb2YgYmVpbmcgdG9sZCB0aGF0IEkgYW0uCi0gTW9udHkgUHl0aG9uCg==
81 =0ukK
82 -----END PGP MESSAGE-----
83 ")
84
85 ;; An OpenPGP message lacking the onepass packet.  We used to accept
86 ;; such messages but now consider them invalid.
87 (define bad_ls_asc "
88 -----BEGIN PGP MESSAGE-----
89
90 rQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9w
91 bGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0
92 b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRo
93 aXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRh
94 aW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQg
95 dGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IA
96 oJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Q==
97 =Mpiu
98 -----END PGP MESSAGE-----
99 ")
100
101
102 ;; A signed message prefixed with an unsigned literal packet.
103 ;; (fols = faked-literal-data, one-pass, literal-data, signature)
104 ;; This should throw an error because running gpg to extract the
105 ;; signed data will return both literal data packets
106 (define bad_fols_asc "
107 -----BEGIN PGP MESSAGE-----
108
109 rF1iDG1zZy51bnNpZ25lZEQMY0x0aW1lc2hhcmluZywgbjoKCUFuIGFjY2VzcyBt
110 ZXRob2Qgd2hlcmVieSBvbmUgY29tcHV0ZXIgYWJ1c2VzIG1hbnkgcGVvcGxlLgqQ
111 DQMAAhEtcnzHaGl3NAGtAQdiA21zZ0QMUlpJIHRoaW5rIHRoYXQgYWxsIHJpZ2h0
112 LXRoaW5raW5nIHBlb3BsZSBpbiB0aGlzIGNvdW50cnkgYXJlIHNpY2sgYW5kCnRp
113 cmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBvcmRpbmFyeSBkZWNlbnQgcGVvcGxlIGFy
114 ZSBmZWQgdXAgaW4gdGhpcwpjb3VudHJ5IHdpdGggYmVpbmcgc2ljayBhbmQgdGly
115 ZWQuICBJJ20gY2VydGFpbmx5IG5vdC4gIEJ1dCBJJ20Kc2ljayBhbmQgdGlyZWQg
116 b2YgYmVpbmcgdG9sZCB0aGF0IEkgYW0uCi0gTW9udHkgUHl0aG9uCog/AwUARAxS
117 Wi1yfMdoaXc0EQJHggCgmUQZNj5seMPYdi4KLEtAKaTTWlsAoIiOTMs4CaRk2bQP
118 yW5Pvxz/XHjl
119 =UNM4
120 -----END PGP MESSAGE-----
121 ")
122
123 ;; A signed message suffixed with an unsigned literal packet.
124 ;; (fols = faked-literal-data, one-pass, literal-data, signature)
125 ;; This should throw an error because running gpg to extract the
126 ;; signed data will return both literal data packets
127 (define bad_olsf_asc "
128 -----BEGIN PGP MESSAGE-----
129
130 kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
131 dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
132 aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
133 cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
134 cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
135 IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
136 UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
137 D8luT78c/1x45axdYgxtc2cudW5zaWduZWREDGNMdGltZXNoYXJpbmcsIG46CglB
138 biBhY2Nlc3MgbWV0aG9kIHdoZXJlYnkgb25lIGNvbXB1dGVyIGFidXNlcyBtYW55
139 IHBlb3BsZS4K
140 =3gnG
141 -----END PGP MESSAGE-----
142 ")
143
144
145 ;; Two standard signed messages in a row
146 (define msg_olsols_asc_multiple "
147 -----BEGIN PGP MESSAGE-----
148
149 kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
150 dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
151 aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
152 cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
153 cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
154 IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
155 UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
156 D8luT78c/1x45ZANAwACES1yfMdoaXc0Aa0BB2IDbXNnRAxSWkkgdGhpbmsgdGhh
157 dCBhbGwgcmlnaHQtdGhpbmtpbmcgcGVvcGxlIGluIHRoaXMgY291bnRyeSBhcmUg
158 c2ljayBhbmQKdGlyZWQgb2YgYmVpbmcgdG9sZCB0aGF0IG9yZGluYXJ5IGRlY2Vu
159 dCBwZW9wbGUgYXJlIGZlZCB1cCBpbiB0aGlzCmNvdW50cnkgd2l0aCBiZWluZyBz
160 aWNrIGFuZCB0aXJlZC4gIEknbSBjZXJ0YWlubHkgbm90LiAgQnV0IEknbQpzaWNr
161 IGFuZCB0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgSSBhbS4KLSBNb250eSBQeXRo
162 b24KiD8DBQBEDFJaLXJ8x2hpdzQRAkeCAKCZRBk2Pmx4w9h2LgosS0AppNNaWwCg
163 iI5MyzgJpGTZtA/Jbk+/HP9ceOU=
164 =8nLN
165 -----END PGP MESSAGE-----
166 ")
167
168 ;; A standard message with two signatures (actually the same signature
169 ;; duplicated).
170 (define msg_oolss_asc "
171 -----BEGIN PGP MESSAGE-----
172
173 kA0DAAIRLXJ8x2hpdzQBkA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGlu
174 ayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5
175 IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkg
176 ZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJl
177 aW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdt
178 CnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5
179 IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk
180 01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Yg/AwUARAxSWi1yfMdoaXc0EQJHggCg
181 mUQZNj5seMPYdi4KLEtAKaTTWlsAoIiOTMs4CaRk2bQPyW5Pvxz/XHjl
182 =KVw5
183 -----END PGP MESSAGE-----
184 ")
185
186 ;; A standard message with two one-pass packet but only one signature
187 ;; packet
188 (define bad_ools_asc "
189 -----BEGIN PGP MESSAGE-----
190
191 kA0DAAIRLXJ8x2hpdzQBkA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGlu
192 ayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5
193 IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkg
194 ZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJl
195 aW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdt
196 CnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5
197 IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk
198 01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Q==
199 =1/ix
200 -----END PGP MESSAGE-----
201 ")
202
203 ;; Standard cleartext signature
204 (define msg_cls_asc "
205 -----BEGIN PGP SIGNED MESSAGE-----
206 Hash: SHA1
207
208 I think that all right-thinking people in this country are sick and
209 tired of being told that ordinary decent people are fed up in this
210 country with being sick and tired.  I'm certainly not.  But I'm
211 sick and tired of being told that I am.
212 - - Monty Python
213 -----BEGIN PGP SIGNATURE-----
214
215 iD8DBQFEDVp1LXJ8x2hpdzQRAplUAKCMfpG3GPw/TLN52tosgXP5lNECkwCfQhAa
216 emmev7IuQjWYrGF9Lxj+zj8=
217 =qJsY
218 -----END PGP SIGNATURE-----
219 ")
220
221 ;; Cleartext signature with two signatures
222 (define msg_clss_asc "
223 -----BEGIN PGP SIGNED MESSAGE-----
224 Hash: SHA1
225
226 What is the difference between a Turing machine and the modern computer?
227 It's the same as that between Hillary's ascent of Everest and the
228 establishment of a Hilton on its peak.
229 -----BEGIN PGP SIGNATURE-----
230
231 iD8DBQFEDVz6LXJ8x2hpdzQRAtkGAKCeMhNbHnh339fpjNj9owsYcC4zBwCfYO5l
232 2u+KEfXX0FKyk8SMzLjZ536IPwMFAUQNXPr+GAsdqeOwshEC2QYAoPOWAiQm0EF/
233 FWIAQUplk7JWbyRKAJ92ZJyJpWfzb0yc1s7MY65r2qEHrg==
234 =1Xvv
235 -----END PGP SIGNATURE-----
236 ")
237
238 ;; Two clear text signatures in a row
239 (define msg_clsclss_asc_multiple (string-append msg_cls_asc msg_clss_asc))
240
241
242 ;; An Ed25519 cleartext message with an R parameter of only 247 bits
243 ;; so that the code to re-insert the stripped zero byte kicks in.  The
244 ;; S parameter has 253 bits but that does not strip a full byte.
245 (define msg_ed25519_rshort "
246 -----BEGIN PGP SIGNED MESSAGE-----
247 Hash: SHA256
248
249 Dear Emily:
250         I'm still confused as to what groups articles should be posted
251 to.  How about an example?
252                 -- Still Confused
253
254 Dear Still:
255         Ok.  Let's say you want to report that Gretzky has been traded from
256 the Oilers to the Kings.  Now right away you might think rec.sport.hockey
257 would be enough.  WRONG.  Many more people might be interested.  This is a
258 big trade!  Since it's a NEWS article, it belongs in the news.* hierarchy
259 as well.  If you are a news admin, or there is one on your machine, try
260 news.admin.  If not, use news.misc.
261         The Oilers are probably interested in geology, so try sci.physics.
262 He is a big star, so post to sci.astro, and sci.space because they are also
263 interested in stars.  Next, his name is Polish sounding.  So post to
264 soc.culture.polish.  But that group doesn't exist, so cross-post to
265 news.groups suggesting it should be created.  With this many groups of
266 interest, your article will be quite bizarre, so post to talk.bizarre as
267 well.  (And post to comp.std.mumps, since they hardly get any articles
268 there, and a \"comp\" group will propagate your article further.)
269         You may also find it is more fun to post the article once in each
270 group.  If you list all the newsgroups in the same article, some newsreaders
271 will only show the the article to the reader once!  Don't tolerate this.
272                 -- Emily Postnews Answers Your Questions on Netiquette
273 -----BEGIN PGP SIGNATURE-----
274
275 iJEEARYIADoWIQSyHeq0+HX7PaQvHR0TlWNoKgINCgUCV772DhwccGF0cmljZS5s
276 dW11bWJhQGV4YW1wbGUubmV0AAoJEBOVY2gqAg0KMAIA90EtUwAja0iJGpO91wyz
277 GLh9pS5v495V0r94yU6uUyUA/RT/StyPWe1wbnEZuacZnLbUV6Yy/aTXCVAlxf0r
278 TusO
279 =vQ3f
280 -----END PGP SIGNATURE-----
281 ")
282
283 ;; An Ed25519 cleartext message with an S parameter of only 248 bits
284 ;; so that the code to re-insert the stripped zero byte kicks in.
285 (define msg_ed25519_sshort "
286 -----BEGIN PGP SIGNED MESSAGE-----
287 Hash: SHA256
288
289 All articles that coruscate with resplendence are not truly auriferous.
290 -----BEGIN PGP SIGNATURE-----
291
292 iJEEARYIADoWIQSyHeq0+HX7PaQvHR0TlWNoKgINCgUCV771QhwccGF0cmljZS5s
293 dW11bWJhQGV4YW1wbGUubmV0AAoJEBOVY2gqAg0KHVEBAI66OPDYXKWO3r6SaFT+
294 uxmh8x4ZerW41vMA9gkJ4AEKAPjoe/Z7fDqo1lCptIFutFAGbfNxcm/53prfx2fT
295 GisM
296 =L7sk
297 -----END PGP SIGNATURE-----
298 ")
299
300
301
302 ;; Fixme:  We need more tests with manipulated cleartext signatures.
303
304 ;;
305 ;; Now run the tests.
306 ;;
307 (for-each-p
308  "Checking that a valid signature is verified as such"
309  (lambda (armored-file)
310    (pipe:do
311     (pipe:echo (eval armored-file (current-environment)))
312     (pipe:spawn `(,@GPG --verify))))
313  '(msg_ols_asc msg_cols_asc msg_sl_asc msg_oolss_asc msg_cls_asc msg_clss_asc))
314
315 (for-each-p
316  "Checking that a valid signature over multiple messages is verified as such"
317  (lambda (armored-file)
318    (pipe:do
319     (pipe:echo (eval armored-file (current-environment)))
320     (pipe:spawn `(,@GPG --verify --allow-multiple-messages)))
321    (catch '()
322           (pipe:do
323            (pipe:defer (lambda (sink)
324                          (display armored-file (fdopen sink "w"))))
325            (pipe:spawn `(,@GPG --verify)))
326           (error "verification succeeded but should not")))
327  '(msg_olsols_asc_multiple msg_clsclss_asc_multiple))
328
329 (for-each-p
330  "Checking that an invalid signature is verified as such"
331  (lambda (armored-file)
332    (catch '()
333           (pipe:do
334            (pipe:echo (eval armored-file (current-environment)))
335            (pipe:spawn `(,@GPG --verify)))
336           (error "verification succeeded but should not")))
337  '(bad_ls_asc bad_fols_asc bad_olsf_asc bad_ools_asc))
338
339
340 ;;; Need to import the ed25519 sample key used for
341 ;;; the next two tests.
342 (call-check `(,@GPG --quiet --yes --import ,(in-srcdir key-file2)))
343 (for-each-p
344  "Checking that a valid Ed25519 signature is verified as such"
345  (lambda (armored-file)
346    (pipe:do
347     (pipe:echo (eval armored-file (current-environment)))
348     (pipe:spawn `(,@GPG --verify))))
349  '(msg_ed25519_rshort msg_ed25519_sshort))