From: Jonathan McDowell Date: Fri, 15 Sep 2023 10:09:58 +0000 (+0530) Subject: Add a test for signature verification X-Git-Tag: onak-0.6.3~10 X-Git-Url: http://the.earth.li/gitweb/?p=onak.git;a=commitdiff_plain;h=8519141e5ee46dcac44221de39c76d0def5a0088 Add a test for signature verification Test signature verification by adding my new ECC key with verification enabled, which will strip all signatures, then adding my old RSA key, then readding my ECC key. This should result in the ECC key having a signature from my old RSA key. --- diff --git a/keys/README b/keys/README index 2244d3e..8df4a8e 100644 --- a/keys/README +++ b/keys/README @@ -15,7 +15,9 @@ blackcat.key autodns.key A v4 DSA/Elg key. noodles.key - My v4 DSA/Elg key. + My v4 RSA key. +noodles-ecc.key + My v4 ECC ED25519 key. putro.key A v4 key with a non revocation signature on the public key. huggie-rev.key diff --git a/keys/noodles-ecc.key b/keys/noodles-ecc.key new file mode 100644 index 0000000..1adafd6 Binary files /dev/null and b/keys/noodles-ecc.key differ diff --git a/t/all-037-check-sigs.t b/t/all-037-check-sigs.t new file mode 100755 index 0000000..ed02c23 --- /dev/null +++ b/t/all-037-check-sigs.t @@ -0,0 +1,31 @@ +#!/bin/sh +# Check that signatures are only added when they can be verified + +set -e + +cd ${WORKDIR} +cp $1 check-sigs.ini + +trap cleanup exit +cleanup () { + rm check-sigs.ini +} +echo verify_signatures=true >> check-sigs.ini + +${BUILDDIR}/onak -b -c check-sigs.ini add < ${TESTSDIR}/../keys/noodles-ecc.key || true +if ${BUILDDIR}/onak -c $1 vindex 0x9026108FB942BEA4 2>&1 | \ + grep -q '0x94FA372B2DA8B985'; then + echo "* Did not correctly strip unknown signatures" + exit 1 +fi + +${BUILDDIR}/onak -b -c check-sigs.ini add < ${TESTSDIR}/../keys/noodles.key || true + +${BUILDDIR}/onak -b -c check-sigs.ini add < ${TESTSDIR}/../keys/noodles-ecc.key || true +if ! ${BUILDDIR}/onak -c $1 vindex 0x9026108FB942BEA4 2>&1 | \ + grep -q '0x94FA372B2DA8B985'; then + echo "* Did not correctly verify new signature" + exit 1 +fi + +exit 0