Changeset 521

Timestamp:

11/28/07 17:37:27

Author:

rachel

Message:

Initial implementation of Validation of Document Signatures.
(Note: Does not yet interoperate with GPG)
Renamed validate_cb to more accurate name of validate_key_cb.
Implemented validate_data_cb to handle validation of documents & signed cleartext.
Added in error-handling when validation fails.
Turned off unwanted debug output.

Files:

• openpgpsdk/trunk/include/openpgpsdk/errors.h (modified) (2 diffs)
• openpgpsdk/trunk/include/openpgpsdk/packet.h (modified) (2 diffs)
• openpgpsdk/trunk/include/openpgpsdk/validate.h (modified) (1 diff)
• openpgpsdk/trunk/src/advanced/adv_armour.c (modified) (2 diffs)
• openpgpsdk/trunk/src/advanced/adv_fingerprint.c (modified) (3 diffs)
• openpgpsdk/trunk/src/advanced/adv_keyring.c (modified) (3 diffs)
• openpgpsdk/trunk/src/advanced/adv_openssl_crypto.c (modified) (4 diffs)
• openpgpsdk/trunk/src/advanced/adv_packet-parse.c (modified) (10 diffs)
• openpgpsdk/trunk/src/advanced/adv_packet-show.c (modified) (2 diffs)
• openpgpsdk/trunk/src/advanced/adv_signature.c (modified) (15 diffs)
• openpgpsdk/trunk/src/advanced/adv_validate.c (modified) (8 diffs)
• openpgpsdk/trunk/tests/Makefile.template (modified) (1 diff)
• openpgpsdk/trunk/tests/test_common.c (modified) (6 diffs)
• openpgpsdk/trunk/tests/test_crypt_mpi.c (modified) (1 diff)
• openpgpsdk/trunk/tests/test_rsa_decrypt.c (modified) (7 diffs)
• openpgpsdk/trunk/tests/test_rsa_encrypt.c (modified) (1 diff)
• openpgpsdk/trunk/tests/test_rsa_signature.c (modified) (8 diffs)
• openpgpsdk/trunk/tests/test_rsa_verify.c (modified) (8 diffs)
• openpgpsdk/trunk/tests/tests.h (modified) (2 diffs)
• openpgpsdk/trunk/tests/tests_gpg.c (modified) (3 diffs)

openpgpsdk/trunk/include/openpgpsdk/errors.h

@@ -40 +40 @@
-    OPS_E_C=0x4000,     /* general creator error */
-
+    /* validation errors */
+    OPS_E_V=0x5000, /* general validation error */
+    OPS_E_V_BAD_SIGNATURE       =OPS_E_V+1,
+    OPS_E_V_UNKNOWN_SIGNER      =OPS_E_V+2,
+
-    /* Algorithm support errors */
-5
+6
-    OPS_E_ALG_UNSUPPORTED_SYMMETRIC_ALG         =OPS_E_ALG+1,
-    OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG        =OPS_E_ALG+2,
@@ -48 +53 @@
-
-    /* Protocol errors */
-6
+7
-    OPS_E_PROTO_BAD_SYMMETRIC_DECRYPT   =OPS_E_PROTO+2,
-    OPS_E_PROTO_UNKNOWN_SS              =OPS_E_PROTO+3,

openpgpsdk/trunk/include/openpgpsdk/packet.h

@@ -560 +560 @@
-    size_t                      v4_hashed_data_start; /* only valid if accumulate is set */
-    size_t                      v4_hashed_data_length;
+    unsigned char* v4_hashed_data;
-    ops_hash_t                  *hash;          /*!< if set, the hash filled in for the data so far */
-    ops_boolean_t               creation_time_set:1;
@@ -801 +802 @@
-    {
-    unsigned                    length;
-
+ // \todo fix hard-coded value?
-    } ops_signed_cleartext_body_t;
-

openpgpsdk/trunk/include/openpgpsdk/validate.h

@@ -25 +25 @@
-        {
-        ATTRIBUTE,
-
+,
-        } last_seen;
-    ops_user_id_t user_id;
-    ops_user_attribute_t user_attribute;
+    unsigned char hash[OPS_MAX_HASH_SIZE];
-    const ops_keyring_t *keyring;
-    validate_reader_arg_t *rarg;
-    ops_validate_result_t *result;
-
+key_
-
+typedef struct
+    {
+    enum
+        {
+        LITERAL_DATA,
+        SIGNED_CLEARTEXT
+        } use;
+    union
+        {
+        ops_literal_data_body_t literal_data_body; 
+        ops_signed_cleartext_body_t signed_cleartext_body; 
+        } data;
+    unsigned char hash[OPS_MAX_HASH_SIZE];
+    const ops_keyring_t *keyring;
+    validate_reader_arg_t *rarg;
+    ops_validate_result_t *result;
+    } validate_data_cb_arg_t;
+
+ops_boolean_t ops_check_signature(const unsigned char *hash,
+                                  unsigned length,
+                                  const ops_signature_t *sig,
+                                  const ops_public_key_t *signer);
-// EOF

openpgpsdk/trunk/src/advanced/adv_armour.c

@@ -15 +15 @@
-
-#include <openpgpsdk/final.h>
+
+static int debug=0;
-
-#define CRC24_INIT 0xb704ceL
@@ -813 +815 @@
-    unsigned n;
-
+    if (debug)
+        {
+        unsigned int i=0;
+        fprintf(stderr,"dash_escaped_writer writing %d:\n", length);
+        for (i=0; i<length; i++)
+            {
+            fprintf(stderr,"0x%02x ", src[i]);
+            if (!((i+1) % 16))
+                fprintf(stderr,"\n");
+            else if (!((i+1) % 8))
+                fprintf(stderr,"  ");
+            }
+        fprintf(stderr,"\n");
+        }
+
-    // XXX: make this efficient
-    for(n=0 ; n < length ; ++n)

openpgpsdk/trunk/src/advanced/adv_fingerprint.c

@@ -18 +18 @@
-
-#include <openpgpsdk/final.h>
+
+static int debug=0;
-
-/**
@@ -64 +66 @@
-        ops_build_public_key(mem,key,ops_false);
-
+    if (debug)
+        { fprintf(stderr,"--- creating key fingerprint\n"); }
+
-        ops_hash_sha1(&sha1);
-        sha1.init(&sha1);
@@ -73 +78 @@
-        sha1.add(&sha1,ops_memory_get_data(mem),l);
-        sha1.finish(&sha1,fp->fingerprint);
+
+    if (debug)
+        { fprintf(stderr,"--- finished creating key fingerprint\n"); }
-
-        fp->length=20;

openpgpsdk/trunk/src/advanced/adv_keyring.c

@@ -8 +8 @@
-#include <openpgpsdk/validate.h>
-#include "keyring_local.h"
+#include "parse_local.h"
+
-#include <stdlib.h>
-#include <string.h>
@@ -185 +187 @@
-        return OPS_KEEP_MEMORY;
-
+ case OPS_PARSER_PACKET_END:
+     // nothing to do
+     break;
+
-    default:
-        fprintf(stderr,"Unexpected tag %d (0x%x)\n",content_->tag,
@@ -209 +215 @@
-    ops_key_data_reader_set(pinfo,key);
-    ops_parse_cb_set(pinfo,decrypt_cb,&arg);
+    pinfo->rinfo.accumulate=ops_true;
-
-    ops_parse(pinfo);

openpgpsdk/trunk/src/advanced/adv_openssl_crypto.c

@@ -15 +15 @@
-#include <openpgpsdk/final.h>
-
+static int debug=0;
+
-static void md5_init(ops_hash_t *hash)
-    {
@@ -45 +47 @@
-static void sha1_init(ops_hash_t *hash)
-    {
+    if (debug)
+        {
+        fprintf(stderr,"***\n***\nsha1_init\n***\n");
+        }
-    assert(!hash->data);
-    hash->data=malloc(sizeof(SHA_CTX));
@@ -53 +59 @@
-                     unsigned length)
-    {
+    if (debug)
+        {
+        unsigned int i=0;
+        fprintf(stderr,"adding %d to hash:\n ", length);
+        for (i=0; i<length; i++)
+            {
+            fprintf(stderr,"0x%02x ", data[i]);
+            if (!((i+1) % 16))
+                fprintf(stderr,"\n");
+            else if (!((i+1) % 8))
+                fprintf(stderr,"  ");
+            }
+        fprintf(stderr,"\n");
+        }
-    SHA1_Update(hash->data,data,length);
-    }
@@ -59 +79 @@
-    {
-    SHA1_Final(out,hash->data);
+    if (debug)
+        {
+        unsigned i=0;
+        fprintf(stderr,"***\n***\nsha1_finish\n***\n");
+        for (i=0; i<20; i++)
+            fprintf(stderr,"0x%02x ",out[i]);
+        fprintf(stderr,"\n");
+        }
-    free(hash->data);
-    hash->data=NULL;

openpgpsdk/trunk/src/advanced/adv_packet-parse.c

@@ -27 +27 @@
-
-#include <openpgpsdk/final.h>
+
+static int debug=0;
-
-typedef struct
@@ -1341 +1343 @@
-            return 0;
-        CBP(pinfo,OPS_PTAG_RAW_SS,&content);
-       
+    
-        }
-
@@ -1631 +1633 @@
- * \see RFC2440bis-12 5.2.3
- */
-
-
+
-    {
-    unsigned char c[1];
-    ops_parser_content_t content;
-
+
+
-    memset(&C.signature,'\0',sizeof C.signature);
+
+    /* We need to hash the packet data from version through the hashed subpacket data */
+
+    C.signature.v4_hashed_data_start=pinfo->rinfo.alength-1;
+
+    /* Set version,type,algorithms */
+
-    C.signature.version=OPS_V4;
-    C.signature.v4_hashed_data_start=v4_hashed_data_start;
-
-    if(!limited_read(c,1,region,pinfo))
@@ -1660 +1668 @@
-    if(!parse_signature_subpackets(&C.signature,region,pinfo))
-        return 0;
+
-    C.signature.v4_hashed_data_length=pinfo->rinfo.alength
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-    if(!parse_signature_subpackets(&C.signature,region,pinfo))
@@ -1739 +1764 @@
-    unsigned char c[1];
-    ops_parser_content_t content;
-    size_t v4_hashed_data_start;
-
-    assert(region->length_read == 0);  /* We should not have read anything so far */
@@ -1745 +1769 @@
-    memset(&content,'\0',sizeof content);
-
-    v4_hashed_data_start=pinfo->rinfo.alength;
-    if(!limited_read(c,1,region,pinfo))
-        return 0;
@@ -1752 +1775 @@
-        return parse_v3_signature(region,pinfo);
-    else if(c[0] == 4)
-,v4_hashed_data_start
+
-
-    OPS_ERROR_1(&pinfo->errors,OPS_E_PROTO_BAD_SIGNATURE_VRSN,
@@ -2236 +2259 @@
-                                ops_parse_info_t *pinfo)
-    {
-    int debug=0;
-    unsigned char c[1];
-    ops_parser_content_t content;
@@ -2397 +2419 @@
-                             ops_parse_cb_info_t *cbinfo)
-    {
-    int debug=0;
-
-    /*
@@ -3125 +3146 @@
-    pinfo->rinfo.pinfo=pinfo;
-
+    // should copy accumulate flags from other reader? RW
+    pinfo->rinfo.accumulate=rinfo->accumulate;
+    
-    ops_reader_set(pinfo,reader,destroyer,arg);
-    }

openpgpsdk/trunk/src/advanced/adv_packet-show.c

@@ -41 +41 @@
-    { OPS_PTAG_CT_SE_IP_DATA,           "Sym. Encrypted and Integrity Protected Data" },
-    { OPS_PTAG_CT_MDC,                  "Modification Detection Code" },
+    { OPS_PARSER_PTAG,                  "OPS_PARSER_PTAG" },
+    { OPS_PTAG_RAW_SS,                  "OPS_PTAG_RAW_SS" },
+    { OPS_PTAG_SS_ALL,                  "OPS_PTAG_SS_ALL" },
+    { OPS_PARSER_PACKET_END,            "OPS_PARSER_PACKET_END" },
+    { OPS_PTAG_SIGNATURE_SUBPACKET_BASE, "OPS_PTAG_SIGNATURE_SUBPACKET_BASE" },
+    /*
+    { OPS_PTAG_SS_CREATION_TIME,        "SS: Signature Creation Time" },
+    { OPS_PTAG_SS_EXPIRATION_TIME,      "SS: Signature Expiration Time" },
+    { OPS_PTAG_SS_TRUST,                "SS: Trust" },
+    { OPS_PTAG_SS_REGEXP,               "SS: Regexp" },
+    { OPS_PTAG_SS_REVOCABLE,            "SS: Revocable" },
+    { OPS_PTAG_SS_KEY_EXPIRATION_TIME,  "SS: Key Expiration Time" },
+    { OPS_PTAG_SS_RESERVED,             "SS: Reserved" },
+    { OPS_PTAG_SS_PREFERRED_SKA,        "SS: Preferred SKA" },
+    { OPS_PTAG_SS_REVOCATION_KEY,       "SS: Revocation Key" },
+    { OPS_PTAG_SS_ISSUER_KEY_ID,        "SS: Issuer Key Id" },
+    { OPS_PTAG_SS_NOTATION_DATA,        "SS: Notation Data" },
+    { OPS_PTAG_SS_PREFERRED_HASH,       "SS: Preferred Hash" },
+    { OPS_PTAG_SS_PREFERRED_COMPRESSION,"SS: Preferred Compression" },
+    { OPS_PTAG_SS_KEY_SERVER_PREFS,     "SS: Preferred Key Server" },
+    { OPS_PTAG_SS_PRIMARY_USER_ID,      "SS: Primary User ID" },
+    { OPS_PTAG_SS_POLICY_URL,           "SS: Policy URL" },
+    { OPS_PTAG_SS_KEY_FLAGS,            "SS: Key Flags" },
+    { OPS_PTAG_SS_SIGNERS_USER_ID,      "SS: Signers User ID" },
+    { OPS_PTAG_SS_REVOCATION_REASON,    "SS: Revocation Reason" },
+    { OPS_PTAG_SS_FEATURES,             "SS: Features" },
+*/
+    { OPS_PTAG_CT_LITERAL_DATA_HEADER,  "CT: Literal Data Header" },
+    { OPS_PTAG_CT_LITERAL_DATA_BODY,    "CT: Literal Data Body" },
+    { OPS_PTAG_CT_SIGNATURE_HEADER,     "CT: Signature Header" },
+    { OPS_PTAG_CT_SIGNATURE_FOOTER,     "CT: Signature Footer" },
+    { OPS_PTAG_CT_ARMOUR_HEADER,        "CT: Armour Header" },
+    { OPS_PTAG_CT_ARMOUR_TRAILER,       "CT: Armour Trailer" },
+    { OPS_PTAG_CT_SIGNED_CLEARTEXT_HEADER, "CT: Signed Cleartext Header" },
+    { OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY, "CT: Signed Cleartext Body" },
+    { OPS_PTAG_CT_SIGNED_CLEARTEXT_TRAILER, "CT: Signed Cleartext Trailer" },
+    { OPS_PTAG_CT_UNARMOURED_TEXT,      "CT: Unarmoured Text" },
+    { OPS_PTAG_CT_ENCRYPTED_SECRET_KEY, "CT: Encrypted Secret Key" },
+    { OPS_PTAG_CT_SE_DATA_HEADER,       "CT: Sym Encrypted Data Header" },
+    { OPS_PTAG_CT_SE_DATA_BODY,         "CT: Sym Encrypted Data Body" },
+    { OPS_PTAG_CT_SE_IP_DATA_HEADER,    "CT: Sym Encrypted IP Data Header" },
+    { OPS_PTAG_CT_SE_IP_DATA_BODY,      "CT: Sym Encrypted IP Data Body" },
+    { OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY, "CT: Encrypted PK Session Key" },
+    { OPS_PARSER_CMD_GET_SK_PASSPHRASE, "CMD: Get Secret Key Passphrase" },
+    { OPS_PARSER_CMD_GET_SECRET_KEY,    "CMD: Get Secret Key" },
+    { OPS_PARSER_ERROR,                 "OPS_PARSER_ERROR" },
+    { OPS_PARSER_ERRCODE,               "OPS_PARSER_ERRCODE" },
+
-    { (int) NULL,               (char *)NULL }, /* this is the end-of-array marker */
-    };
@@ -460 +508 @@
-const char *ops_show_packet_tag(ops_packet_tag_t packet_tag)
-    {
-
+
+
+
+
+
+
+
-    }
-

openpgpsdk/trunk/src/advanced/adv_signature.c

@@ -9 +9 @@
-
-#include <openpgpsdk/final.h>
+
+static int debug=0;
-
-/** \ingroup Create
@@ -41 +43 @@
-                                     0x03,0x02,0x1A,0x05,0x00,0x04,0x14 };
-
+ops_boolean_t encode_hash_buf(const unsigned char *M, size_t mLen,
+                           const ops_hash_algorithm_t hash_alg,
+                           unsigned char* EM
+)
+    {
+    // implementation of EMSA-PKCS1-v1_5, as defined in OpenPGP RFC
+
+    unsigned i;
+
+    int n=0;
+    ops_hash_t hash;
+    //    unsigned char hashout[OPS_MAX_HASH_SIZE];
+    int hash_sz=0;
+    int encoded_hash_sz=0;
+    int prefix_sz=0;
+    unsigned padding_sz=0;
+    unsigned encoded_msg_sz=0;
+    unsigned char* prefix=NULL;
+
+    assert(hash_alg == OPS_HASH_SHA1);
+
+    // 1. Apply hash function to M
+
+    ops_hash_any(&hash,hash_alg);
+    hash.init(&hash);
+    hash.add(&hash,M,mLen);
+
+    // \todo combine with rsa_sign
+
+    // 2. Get hash prefix
+
+    switch(hash_alg)
+        {
+    case OPS_HASH_SHA1:
+        prefix=prefix_sha1; 
+        prefix_sz=sizeof prefix_sha1;
+        hash_sz=OPS_SHA1_HASH_SIZE;
+        encoded_hash_sz=hash_sz+prefix_sz;
+        // \todo why is Ben using a PS size of 90 in rsa_sign?
+        // (keysize-hashsize-1-2)
+        padding_sz=90;
+        break;
+
+    default:
+        assert(0);
+        }
+
+    // \todo 3. Test for len being too short
+
+    // 4 and 5. Generate PS and EM
+
+    EM[0]=0x00;
+    EM[1]=0x01;
+
+    for (i=0; i<padding_sz; i++)
+        EM[2+i]=0xFF;
+
+    i+=2;
+
+    EM[i++]=0x00;
+
+    memcpy(&EM[i],prefix,prefix_sz);
+    i+=prefix_sz;
+
+    // finally, write out hashed result
+    
+    n=hash.finish(&hash,&EM[i]);
+
+    encoded_msg_sz=i+hash_sz-1;
+
+    // \todo test n for OK response?
+
+    if (debug)
+        {
+        fprintf(stderr,"Encoded Message: \n");
+        for (i=0; i<encoded_msg_sz; i++)
+            fprintf(stderr,"%2x ", EM[i]);
+        fprintf(stderr,"\n");
+        }
+
+    return ops_true;
+    }
+
-// XXX: both this and verify would be clearer if the signature were
-// treated as an MPI.
@@ -55 +140 @@
-    BIGNUM *bn;
-
+
-    // XXX: we assume hash is sha-1 for now
-    hashsize=20+sizeof prefix_sha1;
@@ -64 +150 @@
-    hashbuf[0]=0;
-    hashbuf[1]=1;
+    if (debug)
+        { printf("rsa_sign: PS is %d\n", keysize-hashsize-1-2); }
-    for(n=2 ; n < keysize-hashsize-1 ; ++n)
-        hashbuf[n]=0xff;
@@ -135 +223 @@
-        return ops_false;
-
+    if (debug)
+        {
+        int zz;
+
+        printf("\n");
+        printf("hashbuf\n");
+        for (zz=0; zz<plen; zz++)
+            { printf("%02x ", hashbuf[n+zz]); }
+        printf("\n");
+        printf("prefix\n");
+        for (zz=0; zz<plen; zz++)
+            { printf("%02x ", prefix[zz]); }
+        printf("\n");
+
+        printf("\n");
+        printf("hashbuf2\n");
+        unsigned uu;
+        for (uu=0; uu<hash_length; uu++)
+            { printf("%02x ", hashbuf[n+plen+uu]); }
+        printf("\n");
+        printf("hash\n");
+        for (uu=0; uu<hash_length; uu++)
+            { printf("%02x ", hash[uu]); }
+        printf("\n");
+        }
-    if(memcmp(&hashbuf[n],prefix,plen)
-       || memcmp(&hashbuf[n+plen],hash,hash_length))
@@ -163 +276 @@
-    }
-
-
+key_
-                           const ops_public_key_t *key)
-    {
@@ -189 +302 @@
-    }
-
-static ops_boolean_t 
+ops_boolean_t ops_
-                                     const ops_signature_t *sig,
-                                     const ops_public_key_t *signer)
@@ -228 +341 @@
-    n=hash->finish(hash,hashout);
-
-
+ops_
-    }
-
@@ -261 +374 @@
-    size_t user_id_len=strlen((char *)id->user_id);
-
-
+key_
-
-    if(sig->version == OPS_V4)
@@ -293 +406 @@
-    ops_hash_t hash;
-
-
+key_
-
-    if(sig->version == OPS_V4)
@@ -325 +438 @@
-    ops_hash_t hash;
-
-
+key_
-    hash_add_key(&hash,subkey);
-
@@ -349 +462 @@
-    ops_hash_t hash;
-
-
+key_
-    return finalise_signature(&hash,sig,signer,raw_packet);
-    }
@@ -422 +535 @@
-    sig->hashed_data_length=-1;
-
-
+key_
-
-    ops_hash_add_int(&sig->hash,0xb4,1);
@@ -474 +587 @@
-                            size_t length)
-    {
+    if (debug)
+        { fprintf(stderr,"ops_signature_add_data adds to hash\n"); }
-    sig->hash.add(&sig->hash,buf,length);
-    }
@@ -520 +635 @@
-
-    // add the packet from version number to end of hashed subpackets
+
+    if (debug)
+        { fprintf(stderr, "--- Adding packet to hash from version number to hashed subpkts\n"); }
+
-    sig->hash.add(&sig->hash,ops_memory_get_data(sig->mem),
-                  sig->unhashed_count_offset);
+    /* what is this??? should delete? RW
-    ops_hash_add_int(&sig->hash,sig->sig.version,1);
-    ops_hash_add_int(&sig->hash,0xff,1);
-    // +6 for version, type, pk alg, hash alg, hashed subpacket length
-    ops_hash_add_int(&sig->hash,sig->hashed_data_length+6,4);
+    */
+
+    if (debug)
+        { fprintf(stderr, "--- Finished adding packet to hash from version number to hashed subpkts\n"); }
-
-    // XXX: technically, we could figure out how big the signature is

openpgpsdk/trunk/src/advanced/adv_validate.c

@@ -1 +1 @@
-#include <openpgpsdk/packet-parse.h>
+#include <openpgpsdk/packet-show.h>
-#include <openpgpsdk/keyring.h>
-#include "keyring_local.h"
-#include <openpgpsdk/util.h>
-#include <openpgpsdk/signature.h>
+#include <openpgpsdk/memory.h>
-#include <openpgpsdk/validate.h>
-#include <assert.h>
@@ -9 +11 @@
-
-#include <openpgpsdk/final.h>
+
+static int debug=0;
+
+static ops_boolean_t check_binary_signature(const unsigned len,
+                                            const unsigned char *data,
+                                            const ops_signature_t *sig, 
+                                            const ops_public_key_t *signer __attribute__((unused)))
+    {
+    // Does the signed hash match the given hash?
+
+    int n=0;
+    ops_hash_t hash;
+    unsigned char hashout[OPS_MAX_HASH_SIZE];
+
+    //common_init_signature(&hash,sig);
+    ops_hash_any(&hash,sig->hash_algorithm);
+    hash.init(&hash);
+    hash.add(&hash,data,len);
+    hash.add(&hash,sig->v4_hashed_data,sig->v4_hashed_data_length);
+    n=hash.finish(&hash,hashout);
+
+    //    return ops_false;
+    return ops_check_signature(hashout,n,sig,signer);
+    }
-
-static int key_data_reader(void *dest,size_t length,ops_error_t **errors,
@@ -41 +67 @@
-
-ops_parse_cb_return_t
-
+key_
-    {
-    const ops_parser_content_union_t *content=&content_->content;
-
+key_
-    ops_error_t **errors=ops_parse_cb_get_errors(cbinfo);
-    const ops_key_data_t *signer;
-    ops_boolean_t valid=ops_false;
+
+    if (debug)
+        printf("%s\n",ops_show_packet_tag(content_->tag));
-
-    switch(content_->tag)
@@ -129 +158 @@
-            break;
-
-
+
-    case OPS_SIG_TEXT:
+#endif
-    case OPS_SIG_STANDALONE:
-    case OPS_SIG_PRIMARY:
@@ -142 +172 @@
-
-        default:
-
-
-
+
+
-            }
-
@@ -173 +202 @@
-    }
-
+ops_parse_cb_return_t
+validate_data_cb(const ops_parser_content_t *content_,ops_parse_cb_info_t *cbinfo)
+    {
+    const ops_parser_content_union_t *content=&content_->content;
+    validate_data_cb_arg_t *arg=ops_parse_cb_get_arg(cbinfo);
+    ops_error_t **errors=ops_parse_cb_get_errors(cbinfo);
+    const ops_key_data_t *signer;
+    ops_boolean_t valid=ops_false;
+    //    unsigned len=0;
+    //    unsigned char *data=NULL;
+    ops_memory_t* mem=NULL;
+
+    if (debug)
+        printf("%s\n",ops_show_packet_tag(content_->tag));
+
+    switch(content_->tag)
+        {
+    case OPS_PTAG_CT_SIGNED_CLEARTEXT_HEADER:
+        // ignore - this gives us the "Armor Header" line "Hash: SHA1" or similar
+        break;
+
+    case OPS_PTAG_CT_LITERAL_DATA_HEADER:
+        // ignore
+        break;
+
+    case OPS_PTAG_CT_LITERAL_DATA_BODY:
+        arg->data.literal_data_body=content->literal_data_body;
+        arg->use=LITERAL_DATA;
+        return OPS_KEEP_MEMORY;
+        break;
+
+    case OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY:
+        arg->data.signed_cleartext_body=content->signed_cleartext_body;
+        arg->use=SIGNED_CLEARTEXT;
+        return OPS_KEEP_MEMORY;
+        break;
+
+    case OPS_PTAG_CT_SIGNED_CLEARTEXT_TRAILER:
+        // this gives us an ops_hash_t struct
+        break;
+
+    case OPS_PTAG_CT_SIGNATURE: // V3 sigs
+        // this gives us a signature struct with all info about hash alg, etc from the packet
+        break;
+
+    case OPS_PTAG_CT_SIGNATURE_FOOTER: // V4 sigs
+        
+        if (debug)
+            {
+            printf("\n*** hashed data:\n");
+            unsigned int zzz=0;
+            for (zzz=0; zzz<content->signature.v4_hashed_data_length; zzz++)
+                printf("0x%02x ", content->signature.v4_hashed_data[zzz]);
+            printf("\n");
+            printf("  type=%02x signer_id=",content->signature.type);
+            hexdump(content->signature.signer_id,
+                    sizeof content->signature.signer_id);
+            }
+
+        signer=ops_keyring_find_key_by_id(arg->keyring,
+                                          content->signature.signer_id);
+        if(!signer)
+            {
+            OPS_ERROR(errors,OPS_E_V_UNKNOWN_SIGNER,"Unknown Signer");
+            printf(" UNKNOWN SIGNER\n");
+            ++arg->result->unknown_signer_count;
+            break;
+            }
+        
+        mem=ops_memory_new();
+        ops_memory_init(mem,128);
+        
+        switch(content->signature.type)
+            {
+        case OPS_SIG_BINARY:
+            switch(arg->use)
+                {
+            case LITERAL_DATA:
+                ops_memory_add(mem,
+                               arg->data.literal_data_body.data,
+                               arg->data.literal_data_body.length);
+                break;
+
+            case SIGNED_CLEARTEXT:
+                ops_memory_add(mem,
+                               arg->data.signed_cleartext_body.data,
+                               arg->data.signed_cleartext_body.length);
+                break;
+
+            default:
+                assert (0);
+                }
+
+            valid=check_binary_signature(ops_memory_get_length(mem), 
+                                         ops_memory_get_data(mem),
+                                         &content->signature,
+                                         ops_get_public_key_from_data(signer));
+            break;
+
+        OPS_ERROR_1(errors, OPS_E_UNIMPLEMENTED,
+                    "Verification of signature type 0x%02x not yet implemented\n", content->signature.type);
+                    break;
+
+        default:
+            OPS_ERROR_1(errors, OPS_E_UNIMPLEMENTED,
+                    "Unexpected signature type 0x%02x\n", content->signature.type);
+            exit(1);
+            }
+    ops_memory_free(mem);
+
+        if(valid)
+            {
+            ++arg->result->valid_count;
+            }
+        else
+            {
+        OPS_ERROR(errors,OPS_E_V_BAD_SIGNATURE,"Bad Signature");
+            printf(" BAD SIGNATURE\n");
+            ++arg->result->invalid_count;
+            }
+        break;
+
+        // ignore these
+    case OPS_PARSER_PTAG:
+    case OPS_PTAG_CT_SIGNATURE_HEADER:
+        //    case OPS_PTAG_CT_SIGNATURE:
+        break;
+
+    default:
+        fprintf(stderr,"unexpected tag=0x%x\n",content_->tag);
+        assert(0);
+        break;
+        }
+    return OPS_RELEASE_MEMORY;
+    }
+
-static void key_data_destroyer(ops_reader_info_t *rinfo)
-    { free(ops_reader_get_arg(rinfo)); }
@@ -189 +354 @@
-    }
-
+/* 
+ * Validate all signatures on a single key against the given keyring
+ */
-static void validate_key_signatures(ops_validate_result_t *result,const ops_key_data_t *key,
-                                    const ops_keyring_t *keyring)
-    {
-    ops_parse_info_t *pinfo;
-
+key_
-
-    memset(&carg,'\0',sizeof carg);
@@ -203 +371 @@
-    carg.keyring=keyring;
-
-
+key_
-    ops_key_data_reader_set(pinfo,key);
-

openpgpsdk/trunk/tests/Makefile.template

@@ -42 +42 @@
-
-.depend: *.[ch] ../include/openpgpsdk/*.h $(CUNIT_INC)
-
-        $(CC) $(CFLAGS) -E -M *.c > .depend
-

openpgpsdk/trunk/tests/test_common.c

@@ -72 +72 @@
-    close(fd);
-
-
+quiet --no-tty --
-    system(cmd);
-
@@ -94 +94 @@
-    close(fd);
-
-
+quiet --no-tty --
-    system(cmd);
-    
@@ -184 +184 @@
-char* create_testtext(const char *text)
-    {
-00
+
-    unsigned int i=0;
-
@@ -261 +261 @@
-        break;
-        
+    case OPS_PARSER_PACKET_END:
+        // nothing to do
+        break;
+
-    case OPS_PARSER_ERROR:
-        printf("parse error: %s\n",content->error.error);
@@ -386 +390 @@
-// move definition to better location
-ops_parse_cb_return_t
-
-
-
-
+
+
+
+
+
+
-    {
-    //    ops_parser_content_union_t* content=(ops_parser_content_union_t *)&content_->content;
@@ -399 +405 @@
-    switch(content_->tag)
-        {
+    case OPS_PTAG_CT_SIGNED_CLEARTEXT_HEADER:
+    case OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY:
+    case OPS_PTAG_CT_SIGNED_CLEARTEXT_TRAILER:
+
-    case OPS_PTAG_CT_ONE_PASS_SIGNATURE:
-    case OPS_PTAG_CT_SIGNATURE_HEADER:
-    case OPS_PTAG_CT_SIGNATURE_FOOTER:
-
+
+
+
+
+
+
-        break;
-

openpgpsdk/trunk/tests/test_crypt_mpi.c

@@ -42 +42 @@
-    close(fd);
-
-gen-key --expert --homedir=%s
+no-tty --homedir=%s --gen-key --expert
-    system(cmd);
-

openpgpsdk/trunk/tests/test_rsa_decrypt.c

@@ -121 +121 @@
-
-    // default symmetric algorithm
-
+quiet --no-tty --
-    if (system(cmd))
-        {
@@ -131 +131 @@
-    /*
-    // IDEA
-
+quiet --no-tty --
-    if (system(cmd))
-        {
@@ -140 +140 @@
-
-    // TripleDES 
-homedir=%s --cipher-algo \"3DES\" --output=%s/3DES_%s.gpg  --force-mdc --compress-level 0 --quiet
+quiet --no-tty --homedir=%s --cipher-algo \"3DES\" --output=%s/3DES_%s.gpg  --force-mdc --compress-level 0
-    if (system(cmd))
-        {
@@ -147 +147 @@
-
-    // Cast5
-homedir=%s --cipher-algo \"CAST5\" --output=%s/CAST5_%s.gpg  --force-mdc --compress-level 0 --quiet
+quiet --no-tty --homedir=%s --cipher-algo \"CAST5\" --output=%s/CAST5_%s.gpg  --force-mdc --compress-level 0
-    if (system(cmd))
-        {
@@ -154 +154 @@
-
-    // AES128
-homedir=%s --cipher-algo \"AES\" --output=%s/AES128_%s.gpg  --force-mdc --compress-level 0 --quiet
+quiet --no-tty --homedir=%s --cipher-algo \"AES\" --output=%s/AES128_%s.gpg  --force-mdc --compress-level 0
-    if (system(cmd))
-        {
@@ -161 +161 @@
-
-    // AES256
-homedir=%s --cipher-algo \"AES256\" --output=%s/AES256_%s.gpg  --force-mdc --compress-level 0 --quiet
+quiet --no-tty --homedir=%s --cipher-algo \"AES256\" --output=%s/AES256_%s.gpg  --force-mdc --compress-level 0
-    if (system(cmd))
-        {
@@ -169 +169 @@
-
-#ifdef TODO
-openpgp --quiet
-
-
-
-
-
-openpgp --quiet
-
-
-
-
-
-openpgp --quiet
+quiet --no-tty --openpgp
+
+
+
+
+
+quiet --no-tty --openpgp
+
+
+
+
+
+quiet --no-tty --openpgp
-    if (system(cmd))
-        {

openpgpsdk/trunk/tests/test_rsa_encrypt.c

@@ -267 +267 @@
-            snprintf(pp,MAXBUF," --passphrase %s ", bravo_passphrase);
-        snprintf(decrypted_file,MAXBUF,"%s/decrypted_%s",dir,filename);
-decrypt --output=%s --quiet
+quiet --no-tty --decrypt --output=%s
-        //    printf("cmd: %s\n", cmd);
-        rtn=system(cmd);

openpgpsdk/trunk/tests/test_rsa_signature.c

@@ -12 +12 @@
-#include "openpgpsdk/validate.h"
-
+// \todo change this once we know it works
+#include "../src/advanced/parse_local.h"
+
-#include "tests.h"
-
+static int debug=0;
-static int do_gpgtest=0;
-
@@ -147 +151 @@
-        int fd=0;
-        ops_parse_info_t *pinfo=NULL;
-
+data_
-        ops_validate_result_t result;
-        int rtn=0;
+
+        if (debug)
+            {
+            fprintf(stderr,"\n***\n*** Starting to parse for validation\n***\n");
+            }
-
-    // open signed file
@@ -166 +175 @@
-        
-        pinfo=ops_parse_info_new();
-
-
-
+
-        memset(&validate_arg,'\0',sizeof validate_arg);
-        validate_arg.result=&result;
@@ -174 +181 @@
-        validate_arg.rarg=ops_reader_get_arg_from_pinfo(pinfo);
-        
+        ops_parse_options(pinfo,OPS_PTAG_SS_ALL,OPS_PARSE_PARSED);
+        ops_parse_cb_set(pinfo,callback_verify,&validate_arg);
+        ops_reader_set_fd(pinfo,fd);
+        pinfo->rinfo.accumulate=ops_true;
+        
-        // Set up armour/passphrase options
-        
@@ -190 +202 @@
-            ops_reader_pop_dearmour(pinfo);
-        
-        ops_public_key_free(&validate_arg.pkey);
-        if (validate_arg.subkey.version)
-            ops_public_key_free(&validate_arg.subkey);
-        ops_user_id_free(&validate_arg.user_id);
-        ops_user_attribute_free(&validate_arg.user_attribute);
-        ops_parse_info_delete(pinfo);
-        
@@ -203 +210 @@
-        // Check signature with GPG
-
-
+quiet --no-tty --
-        rtn=system(cmd);
-        CU_ASSERT(rtn==0);
@@ -265 +272 @@
-            return NULL;
-    
+#ifdef TBD
-    if (NULL == CU_add_test(suite, "Armoured, passphrase", test_rsa_signature_armour_passphrase))
-            return NULL;
-
+#endif
-    
-    return suite;
@@ -304 +312 @@
-callback_verify(const ops_parser_content_t *content_,ops_parse_cb_info_t *cbinfo)
-    {
-
-
-
+
+
+
+
-
-    switch(content_->tag)
-
-
+
+
+
+
+
+
+
+
+
+
-        break;
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
-    case OPS_PTAG_CT_SIGNATURE_HEADER:
-    case OPS_PTAG_CT_SIGNATURE_FOOTER:
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-    case OPS_PTAG_CT_LITERAL_DATA_BODY:
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-
-    default:

openpgpsdk/trunk/tests/test_rsa_verify.c

@@ -11 +11 @@
-#include "openpgpsdk/validate.h"
-
+// \todo change this once we know it works
+#include "../src/advanced/parse_local.h"
+
-#include "tests.h"
-
@@ -37 +40 @@
-    switch(content_->tag)
-        {
+        /*
-    case OPS_PTAG_CT_LITERAL_DATA_HEADER:
-        break;
@@ -43 +47 @@
-        return callback_literal_data(content_,cbinfo);
-        break;
+        */
-
-    case OPS_PTAG_CT_ONE_PASS_SIGNATURE:
+        break;
+
-    case OPS_PTAG_CT_SIGNATURE:
-        break;
-
-    case OPS_PTAG_CT_SIGNATURE_HEADER:
-    case OPS_PTAG_CT_SIGNATURE_FOOTER:
-
+
+
+
-
-        /*
@@ -116 +123 @@
-    // Now sign the test files with GPG
-
-homedir=%s --quiet
+quiet --no-tty --homedir=%s
-             dir, alpha_name, dir, filename_rsa_noarmour_nopassphrase);
-    if (system(cmd))
-        { return 1; }
-
-homedir=%s --quiet
+quiet --no-tty --homedir=%s
-             dir, alpha_name, dir, filename_rsa_armour_nopassphrase);
-    if (system(cmd))
-        { return 1; }
-
-homedir=%s --quiet
+quiet --no-tty --homedir=%s
-             dir, bravo_name, bravo_passphrase, dir, filename_rsa_noarmour_passphrase);
-    if (system(cmd))
-        { return 1; }
-
-homedir=%s --quiet
+quiet --no-tty  --homedir=%s
-             dir, bravo_name, bravo_passphrase, dir, filename_rsa_armour_passphrase);
-    if (system(cmd))
@@ -156 +163 @@
-    int fd=0;
-    ops_parse_info_t *pinfo=NULL;
-
+data_
-    ops_validate_result_t result;
-    int rtn=0;
@@ -179 +186 @@
-
-    pinfo=ops_parse_info_new();
-    ops_parse_cb_set(pinfo,callback,&validate_arg);
-    ops_reader_set_fd(pinfo,fd);
-
-    memset(&validate_arg,'\0',sizeof validate_arg);
@@ -187 +192 @@
-    validate_arg.rarg=ops_reader_get_arg_from_pinfo(pinfo);
-
+    ops_parse_cb_set(pinfo,callback,&validate_arg);
+    ops_reader_set_fd(pinfo,fd);
+    pinfo->rinfo.accumulate=ops_true;
+
-    // Set up armour/passphrase options
-
@@ -203 +212 @@
-        ops_reader_pop_dearmour(pinfo);
-
-    ops_public_key_free(&validate_arg.pkey);
-    if (validate_arg.subkey.version)
-        ops_public_key_free(&validate_arg.subkey);
-    ops_user_id_free(&validate_arg.user_id);
-    ops_user_attribute_free(&validate_arg.user_attribute);
-    ops_parse_info_delete(pinfo);
-

openpgpsdk/trunk/tests/tests.h

@@ -28 +28 @@
-extern CU_pSuite suite_rsa_decrypt();
-extern CU_pSuite suite_rsa_encrypt();
-extern CU_pSuite suite_rsa_encrypt_GPGtest();
-extern CU_pSuite suite_rsa_signature();
-extern CU_pSuite suite_rsa_verify();
+
+extern CU_pSuite suite_rsa_decrypt_GPGtest();
+extern CU_pSuite suite_rsa_encrypt_GPGtest();
+extern CU_pSuite suite_rsa_signature_GPGtest();
+extern CU_pSuite suite_rsa_verify_GPGtest();
-
-// utility functions
@@ -55 +59 @@
-callback_pk_session_key(const ops_parser_content_t *content_,ops_parse_cb_info_t *cbinfo);
-ops_parse_cb_return_t
-
+data_
-
-void reset_vars();

openpgpsdk/trunk/tests/tests_gpg.c

@@ -30 +30 @@
-        }
-
-
-
+
-        {
-        CU_cleanup_registry();
@@ -37 +36 @@
-        }
-
-
+
+
+
-        {
-        CU_cleanup_registry();
@@ -66 +67 @@
-        return CU_get_error();
-        }
-
+ 
-
-    // Run tests