1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
#!/usr/bin/env gpgscm
;; Copyright (C) 2016 g10 Code GmbH
;;
;; This file is part of GnuPG.
;;
;; GnuPG is free software; you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation; either version 3 of the License, or
;; (at your option) any later version.
;;
;; GnuPG is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU General Public License for more details.
;;
;; You should have received a copy of the GNU General Public License
;; along with this program; if not, see <http://www.gnu.org/licenses/>.
(load (with-path "defs.scm"))
(setup-environment)
;; XXX because of --always-trust, the trustdb is not created.
;; Therefore, we redefine GPG without --always-trust.
(define GPG `(,(tool 'gpg) --no-permission-warning))
(define (exact id)
(string-append "=" id))
(define (count-uids-of-secret-key id)
(length (filter (lambda (x) (and (string=? "uid" (car x))
(not (string=? "r" (cadr x)))))
(gpg-with-colons
`(--with-fingerprint
--list-secret-keys ,(exact id))))))
(define alpha "Alpha <alpha@invalid.example.net>")
(define bravo "Bravo <bravo@invalid.example.net>")
(define (key-data key)
(filter (lambda (x) (or (string=? (car x) "pub")
(string=? (car x) "sub")))
(gpg-with-colons `(-k ,key))))
(setenv "PINENTRY_USER_DATA" "test" #t)
(info "Checking quick key generation...")
(call-check `(,@GPG --quick-generate-key ,alpha))
(define keyinfo (gpg-with-colons `(-k ,(exact alpha))))
(define fpr (:fpr (assoc "fpr" keyinfo)))
(assert (= 1 (count-uids-of-secret-key alpha)))
(assert (not (equal? "" (:expire (assoc "pub" keyinfo)))))
(info "Checking that we can add a user ID...")
;; Make sure the key capabilities don't change when we add a user id.
;; (See bug #2697.)
(let ((pre (key-data (exact alpha)))
(result (call-check `(,@GPG --quick-add-uid ,(exact alpha) ,bravo)))
(post (key-data (exact alpha))))
(if (not (equal? pre post))
(begin
(display "Key capabilities changed when adding a user id:")
(newline)
(display " Pre: ")
(display pre)
(newline)
(display " Post: ")
(display post)
(newline)
(exit 1))))
(assert (= 2 (count-uids-of-secret-key alpha)))
(assert (= 2 (count-uids-of-secret-key bravo)))
(info "Checking that we can revoke a user ID...")
(call-check `(,@GPG --quick-revoke-uid ,(exact bravo) ,alpha))
(assert (= 1 (count-uids-of-secret-key bravo)))
(info "Checking that we can change the expiration time.")
(define (expiration-time id)
(:expire (assoc "pub" (gpg-with-colons `(-k ,id)))))
;; Remove the expiration date.
(call-check `(,@gpg --quick-set-expire ,fpr "0"))
(assert (equal? "" (expiration-time fpr)))
;; Make the key expire in one year.
(call-check `(,@gpg --quick-set-expire ,fpr "1y"))
;; XXX It'd be nice to check that the value is right.
(assert (not (equal? "" (expiration-time fpr))))
;;
;; Check --quick-addkey
;;
;; Get the subkeys.
(define (get-subkeys)
(filter (lambda (x) (equal? "sub" (car x)))
(gpg-with-colons `(-k ,fpr))))
;; This keeps track of the number of subkeys.
(define count (length (get-subkeys)))
(for-each-p
"Checking that we can add subkeys..."
(lambda (args check)
(set! count (+ 1 count))
(call-check `(,@gpg --quick-add-key ,fpr ,@args))
(let ((subkeys (get-subkeys)))
(assert (= count (length subkeys)))
(if check (check (last subkeys)))))
;; A bunch of arguments...
'(()
(- - -)
(default default never)
(rsa sign "2d")
(rsa1024 sign "2w")
(rsa2048 encr "2m")
(rsa4096 sign,auth "2y")
(future-default))
;; ... with functions to check that the created key matches the
;; expectations (or #f for no tests).
(list
#f
#f
(lambda (subkey)
(assert (equal? "" (:expire subkey))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (string-contains? (:cap subkey) "s"))
(assert (not (equal? "" (:expire subkey)))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (= 1024 (:length subkey)))
(assert (string-contains? (:cap subkey) "s"))
(assert (not (equal? "" (:expire subkey)))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (= 2048 (:length subkey)))
(assert (string-contains? (:cap subkey) "e"))
(assert (not (equal? "" (:expire subkey)))))
(lambda (subkey)
(assert (= 1 (:alg subkey)))
(assert (= 4096 (:length subkey)))
(assert (string-contains? (:cap subkey) "s"))
(assert (string-contains? (:cap subkey) "a"))
(assert (not (equal? "" (:expire subkey)))))
#f))
|
