Add tests for rnp_revocation_signature_create() and related functions.

rnpgp · Jan 5, 2024 · 599bf2c · 599bf2c
1 parent f981fda
commit 599bf2c
Show file tree

Hide file tree

Showing 3 changed files with 122 additions and 1 deletion.
diff --git a/src/tests/ffi-key-sig.cpp b/src/tests/ffi-key-sig.cpp
@@ -1749,4 +1749,69 @@ TEST_F(rnp_tests, test_ffi_add_revoker_signature)
     /* Check v5 key */
 
     rnp_ffi_destroy(ffi);
-}
+}
+
+TEST_F(rnp_tests, test_ffi_create_revocation_signature)
+{
+    rnp_ffi_t ffi = NULL;
+    assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG"));
+    assert_true(import_all_keys(ffi, "data/test_stream_key_load/ecc-25519-2subs-sec.asc"));
+    assert_true(import_pub_keys(ffi, "data/test_stream_key_load/ecc-p256-sec.asc"));
+    rnp_key_handle_t key = NULL;
+    assert_rnp_success(rnp_locate_key(ffi, "userid", "ecc-25519", &key));
+    /* Create self revocation */
+    rnp_signature_handle_t newsig = NULL;
+    assert_rnp_failure(rnp_key_revocation_signature_create(NULL, key, &newsig));
+    assert_rnp_failure(rnp_key_revocation_signature_create(key, key, NULL));
+    assert_rnp_failure(rnp_key_revocation_signature_create(key, NULL, NULL));
+    assert_rnp_success(rnp_key_revocation_signature_create(key, NULL, &newsig));
+    const char *revcode = "compromised";
+    const char *revreason = "custom revocation reason";
+    const char *hash = "SHA512";
+    assert_rnp_failure(rnp_key_signature_set_hash(NULL, hash));
+    assert_rnp_failure(rnp_key_signature_set_hash(newsig, NULL));
+    assert_rnp_failure(rnp_key_signature_set_hash(newsig, "wrong"));
+    assert_rnp_success(rnp_key_signature_set_hash(newsig, hash));
+    assert_rnp_failure(rnp_key_signature_set_revocation_reason(NULL, revcode, revreason));
+    assert_rnp_success(rnp_key_signature_set_revocation_reason(newsig, NULL, NULL));
+    assert_rnp_success(rnp_key_signature_set_revocation_reason(newsig, NULL, "wrong reason"));
+    assert_rnp_failure(rnp_key_signature_set_revocation_reason(newsig, "wrong code", NULL));
+    assert_rnp_success(rnp_key_signature_set_revocation_reason(newsig, revcode, revreason));
+    assert_rnp_failure(rnp_key_signature_sign(newsig));
+    rnp_ffi_set_pass_provider(ffi, ffi_string_password_provider, (void *) "password");
+    assert_rnp_success(rnp_key_signature_sign(newsig));
+    rnp_signature_handle_destroy(newsig);
+    /* Check signature parameters */
+    assert_rnp_success(rnp_key_get_signature_at(key, 0, &newsig));
+    assert_true(check_sig_hash(newsig, hash));
+    assert_true(check_sig_type(newsig, "key revocation"));
+    char *sigcode = NULL;
+    char *sigreason = NULL;
+    /* Some edge cases of the new function */
+    assert_rnp_failure(rnp_signature_get_revocation_reason(NULL, &sigcode, &sigreason));
+    assert_rnp_success(rnp_signature_get_revocation_reason(newsig, &sigcode, NULL));
+    assert_string_equal(sigcode, revcode);
+    rnp_buffer_destroy(sigcode);
+    assert_rnp_success(rnp_signature_get_revocation_reason(newsig, NULL, &sigreason));
+    assert_string_equal(sigreason, revreason);
+    rnp_buffer_destroy(sigreason);
+    assert_true(check_sig_revreason(newsig, revcode, revreason));
+    rnp_signature_handle_destroy(newsig);
+    assert_true(check_key_revoked(key, true));
+    assert_true(check_key_revreason(key, revreason));
+    bool compromised = false;
+    assert_rnp_success(rnp_key_is_compromised(key, &compromised));
+    assert_true(compromised);
+
+    /* Export key and make sure data is saved */
+
+    rnp_key_handle_destroy(key);
+
+    /* Create revocation for other key, using the designated revoker */
+    /* Create self subkey revocation */
+    /* Revoke other key using subkey as revoker with designated revoker  */
+    /* Attempt to revoke primary key using the subkey without designated revoker */
+    /* Attempt to revoke primary key using the subkey with designated revoker */
+
+    rnp_ffi_destroy(ffi);
+}
diff --git a/src/tests/support.cpp b/src/tests/support.cpp
@@ -1159,6 +1159,18 @@ check_key_fp(rnp_key_handle_t key, const std::string &expected)
     return res;
 }
 
+bool
+check_key_revreason(rnp_key_handle_t key, const char *reason)
+{
+    char *rstr = NULL;
+    if (rnp_key_get_revocation_reason(key, &rstr)) {
+        return false;
+    }
+    bool res = !strcmp(rstr, reason);
+    rnp_buffer_destroy(rstr);
+    return res;
+}
+
 bool
 check_has_key(rnp_ffi_t ffi, const std::string &id, bool secret, bool valid)
 {
@@ -1196,6 +1208,44 @@ check_has_key(rnp_ffi_t ffi, const std::string &id, bool secret, bool valid)
     return res;
 }
 
+bool
+check_sig_hash(rnp_signature_handle_t sig, const char *hash)
+{
+    char *sighash = NULL;
+    if (rnp_signature_get_hash_alg(sig, &sighash)) {
+        return false;
+    }
+    bool res = !strcmp(sighash, hash);
+    rnp_buffer_destroy(sighash);
+    return res;
+}
+
+bool
+check_sig_type(rnp_signature_handle_t sig, const char *type)
+{
+    char *sigtype = NULL;
+    if (rnp_signature_get_type(sig, &sigtype)) {
+        return false;
+    }
+    bool res = !strcmp(sigtype, type);
+    rnp_buffer_destroy(sigtype);
+    return res;
+}
+
+bool
+check_sig_revreason(rnp_signature_handle_t sig, const char *revcode, const char *revreason)
+{
+    char *sigcode = NULL;
+    char *sigreason = NULL;
+    if (rnp_signature_get_revocation_reason(sig, &sigcode, &sigreason)) {
+        return false;
+    }
+    bool res = !strcmp(sigcode, revcode) && !strcmp(sigreason, revreason);
+    rnp_buffer_destroy(sigcode);
+    rnp_buffer_destroy(sigreason);
+    return res;
+}
+
 rnp_key_handle_t
 bogus_key_handle(rnp_ffi_t ffi)
 {

diff --git a/src/tests/support.h b/src/tests/support.h
@@ -265,10 +265,16 @@ void     check_loaded_keys(const char *                    format,
                            bool                            secret);
 bool     check_key_grip(rnp_key_handle_t key, const std::string &expected);
 bool     check_key_fp(rnp_key_handle_t key, const std::string &expected);
+bool     check_key_revreason(rnp_key_handle_t key, const char *reason);
 bool     check_has_key(rnp_ffi_t          ffi,
                        const std::string &id,
                        bool               secret = false,
                        bool               valid = true);
+bool     check_sig_hash(rnp_signature_handle_t sig, const char *hash);
+bool     check_sig_type(rnp_signature_handle_t sig, const char *type);
+bool     check_sig_revreason(rnp_signature_handle_t sig,
+                             const char *           revcode,
+                             const char *           revreason);
 
 /* create bogus key handle with NULL pub/sec keys */
 rnp_key_handle_t bogus_key_handle(rnp_ffi_t ffi);