lang/python/tests/t-verify.py

   1 #!/usr/bin/env python
   2
   3 # Copyright (C) 2016 g10 Code GmbH
   4 #
   5 # This file is part of GPGME.
   6 #
   7 # GPGME is free software; you can redistribute it and/or modify it
   8 # under the terms of the GNU General Public License as published by
   9 # the Free Software Foundation; either version 2 of the License, or
  10 # (at your option) any later version.
  11 #
  12 # GPGME is distributed in the hope that it will be useful, but WITHOUT
  13 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General
  15 # Public License for more details.
  16 #
  17 # You should have received a copy of the GNU Lesser General Public
  18 # License along with this program; if not, see <http://www.gnu.org/licenses/>.
  19
  20 from __future__ import absolute_import, print_function, unicode_literals
  21 del absolute_import, print_function, unicode_literals
  22
  23 import sys
  24 import os
  25 import gpg
  26 import support
  27 _ = support # to appease pyflakes.
  28
  29 test_text1 = b"Just GNU it!\n"
  30 test_text1f= b"Just GNU it?\n"
  31 test_sig1 = b"""-----BEGIN PGP SIGNATURE-----
  32
  33 iN0EABECAJ0FAjoS+i9FFIAAAAAAAwA5YmFyw7bDpMO8w58gZGFzIHdhcmVuIFVt
  34 bGF1dGUgdW5kIGpldHp0IGVpbiBwcm96ZW50JS1aZWljaGVuNRSAAAAAAAgAJGZv
  35 b2Jhci4xdGhpcyBpcyBhIG5vdGF0aW9uIGRhdGEgd2l0aCAyIGxpbmVzGhpodHRw
  36 Oi8vd3d3Lmd1Lm9yZy9wb2xpY3kvAAoJEC1yfMdoaXc0JBIAoIiLlUsvpMDOyGEc
  37 dADGKXF/Hcb+AKCJWPphZCphduxSvrzH0hgzHdeQaA==
  38 =nts1
  39 -----END PGP SIGNATURE-----
  40 """
  41
  42 test_sig2 = b"""-----BEGIN PGP MESSAGE-----
  43
  44 owGbwMvMwCSoW1RzPCOz3IRxjXQSR0lqcYleSUWJTZOvjVdpcYmCu1+oQmaJIleH
  45 GwuDIBMDGysTSIqBi1MApi+nlGGuwDeHao53HBr+FoVGP3xX+kvuu9fCMJvl6IOf
  46 y1kvP4y+8D5a11ang0udywsA
  47 =Crq6
  48 -----END PGP MESSAGE-----
  49 """
  50
  51 # A message with a prepended but unsigned plaintext packet.
  52 double_plaintext_sig = b"""-----BEGIN PGP MESSAGE-----
  53
  54 rDRiCmZvb2Jhci50eHRF4pxNVGhpcyBpcyBteSBzbmVha3kgcGxhaW50ZXh0IG1l
  55 c3NhZ2UKowGbwMvMwCSoW1RzPCOz3IRxTWISa6JebnG666MFD1wzSzJSixQ81XMV
  56 UlITUxTyixRyKxXKE0uSMxQyEosVikvyCwpSU/S4FNCArq6Ce1F+aXJGvoJvYlGF
  57 erFCTmJxiUJ5flFKMVeHGwuDIBMDGysTyA4GLk4BmO036xgWzMgzt9V85jCtfDFn
  58 UqVooWlGXHwNw/xg/fVzt9VNbtjtJ/fhUqYo0/LyCGEA
  59 =6+AK
  60 -----END PGP MESSAGE-----
  61 """
  62
  63 def check_result(result, summary, validity, fpr, status, notation):
  64     assert len(result.signatures) == 1, "Unexpected number of signatures"
  65     sig = result.signatures[0]
  66     assert sig.summary == summary, \
  67         "Unexpected signature summary: {}, want: {}".format(sig.summary,
  68                                                             summary)
  69     assert sig.fpr == fpr
  70     assert gpg.errors.GPGMEError(sig.status).getcode() == status
  71
  72     if notation:
  73         expected_notations = {
  74             "bar": (b"\xc3\xb6\xc3\xa4\xc3\xbc\xc3\x9f" +
  75                     b" das waren Umlaute und jetzt ein prozent%-Zeichen"
  76                     if sys.version_info[0] < 3 else
  77                     b"\xc3\xb6\xc3\xa4\xc3\xbc\xc3\x9f".decode() +
  78                     " das waren Umlaute und jetzt ein prozent%-Zeichen"),
  79             "foobar.1":  "this is a notation data with 2 lines",
  80             None: "http://www.gu.org/policy/",
  81         }
  82         assert len(sig.notations) == len(expected_notations)
  83
  84         for r in sig.notations:
  85             assert not 'name_len' in dir(r)
  86             assert not 'value_len' in dir(r)
  87             assert r.name in expected_notations
  88             assert r.value == expected_notations[r.name], \
  89                 "Expected {!r}, got {!r}".format(expected_notations[r.name],
  90                                                  r.value)
  91             expected_notations.pop(r.name)
  92
  93         assert len(expected_notations) == 0
  94
  95     assert not sig.wrong_key_usage
  96     assert sig.validity == validity, \
  97         "Unexpected signature validity: {}, want: {}".format(
  98             sig.validity, validity)
  99     assert gpg.errors.GPGMEError(sig.validity_reason).getcode() == gpg.errors.NO_ERROR
 100
 101 c = gpg.Context()
 102 c.set_armor(True)
 103
 104 # Checking a valid message.
 105 text = gpg.Data(test_text1)
 106 sig = gpg.Data(test_sig1)
 107 c.op_verify(sig, text, None)
 108 result = c.op_verify_result()
 109 check_result(result, gpg.constants.sigsum.VALID | gpg.constants.sigsum.GREEN,
 110              gpg.constants.validity.FULL,
 111              "A0FF4590BB6122EDEF6E3C542D727CC768697734",
 112              gpg.errors.NO_ERROR, True)
 113
 114
 115 # Checking a manipulated message.
 116 text = gpg.Data(test_text1f)
 117 sig.seek(0, os.SEEK_SET)
 118 c.op_verify(sig, text, None)
 119 result = c.op_verify_result()
 120 check_result(result, gpg.constants.sigsum.RED, gpg.constants.validity.UNKNOWN,
 121              "2D727CC768697734", gpg.errors.BAD_SIGNATURE, False)
 122
 123 # Checking a normal signature.
 124 text = gpg.Data()
 125 sig = gpg.Data(test_sig2)
 126 c.op_verify(sig, None, text)
 127 result = c.op_verify_result()
 128 check_result(result, gpg.constants.sigsum.VALID | gpg.constants.sigsum.GREEN,
 129              gpg.constants.validity.FULL,
 130              "A0FF4590BB6122EDEF6E3C542D727CC768697734",
 131              gpg.errors.NO_ERROR, False)
 132
 133 # Checking an invalid message.
 134 text = gpg.Data()
 135 sig = gpg.Data(double_plaintext_sig)
 136 try:
 137     c.op_verify(sig, None, text)
 138 except Exception as e:
 139     assert type(e) == gpg.errors.GPGMEError
 140     assert e.getcode() == gpg.errors.BAD_DATA
 141 else:
 142     assert False, "Expected an error but got none."
 143
 144
 145 # Idiomatic interface.
 146 with gpg.Context(armor=True) as c:
 147     # Checking a valid message.
 148     _, result = c.verify(test_text1, test_sig1)
 149     check_result(result, gpg.constants.sigsum.VALID | gpg.constants.sigsum.GREEN,
 150                  gpg.constants.validity.FULL,
 151                  "A0FF4590BB6122EDEF6E3C542D727CC768697734",
 152                  gpg.errors.NO_ERROR, True)
 153
 154     # Checking a manipulated message.
 155     try:
 156         c.verify(test_text1f, test_sig1)
 157     except gpg.errors.BadSignatures as e:
 158         check_result(e.result, gpg.constants.sigsum.RED,
 159                      gpg.constants.validity.UNKNOWN,
 160                      "2D727CC768697734", gpg.errors.BAD_SIGNATURE, False)
 161     else:
 162         assert False, "Expected an error but got none."
 163
 164     # Checking a normal signature.
 165     sig = gpg.Data(test_sig2)
 166     data, result = c.verify(test_sig2)
 167     check_result(result, gpg.constants.sigsum.VALID | gpg.constants.sigsum.GREEN,
 168                  gpg.constants.validity.FULL,
 169                  "A0FF4590BB6122EDEF6E3C542D727CC768697734",
 170                  gpg.errors.NO_ERROR, False)
 171     assert data == test_text1
 172
 173     # Checking an invalid message.
 174     try:
 175         c.verify(double_plaintext_sig)
 176     except gpg.errors.GPGMEError as e:
 177         assert e.getcode() == gpg.errors.BAD_DATA
 178     else:
 179         assert False, "Expected an error but got none."
 180
 181     alpha = c.get_key("A0FF4590BB6122EDEF6E3C542D727CC768697734", False)
 182     bob = c.get_key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", False)
 183
 184     # Checking a valid message.
 185     c.verify(test_text1, test_sig1, verify=[alpha])
 186
 187     try:
 188         c.verify(test_text1, test_sig1, verify=[alpha, bob])
 189     except gpg.errors.MissingSignatures as e:
 190         assert len(e.missing) == 1
 191         assert e.missing[0] == bob
 192     else:
 193         assert False, "Expected an error, got none"