summaryrefslogtreecommitdiffstats
path: root/src/tests/ffi-key-prop.cpp
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 03:32:49 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 03:32:49 +0000
commit8053187731ae8e3eb368d8360989cf5fd6eed9f7 (patch)
tree32bada84ff5d7460cdf3934fcbdbe770d6afe4cd /src/tests/ffi-key-prop.cpp
parentInitial commit. (diff)
downloadrnp-8053187731ae8e3eb368d8360989cf5fd6eed9f7.tar.xz
rnp-8053187731ae8e3eb368d8360989cf5fd6eed9f7.zip
Adding upstream version 0.17.0.upstream/0.17.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/tests/ffi-key-prop.cpp')
-rw-r--r--src/tests/ffi-key-prop.cpp1406
1 files changed, 1406 insertions, 0 deletions
diff --git a/src/tests/ffi-key-prop.cpp b/src/tests/ffi-key-prop.cpp
new file mode 100644
index 0000000..95185cf
--- /dev/null
+++ b/src/tests/ffi-key-prop.cpp
@@ -0,0 +1,1406 @@
+/*
+ * Copyright (c) 2021 [Ribose Inc](https://www.ribose.com).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sstream>
+#include <rnp/rnp.h>
+#include "rnp_tests.h"
+#include "support.h"
+#include <librepgp/stream-ctx.h>
+#include "pgp-key.h"
+#include "ffi-priv-types.h"
+
+TEST_F(rnp_tests, test_ffi_key_set_expiry_multiple_uids)
+{
+ rnp_ffi_t ffi = NULL;
+ assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG"));
+ assert_rnp_success(
+ rnp_ffi_set_pass_provider(ffi, ffi_string_password_provider, (void *) "password"));
+
+ /* load key with 3 uids with zero key expiration */
+ assert_true(import_all_keys(ffi, "data/test_key_edge_cases/alice-3-uids.pgp"));
+ rnp_key_handle_t key = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key));
+ size_t count = 0;
+ assert_rnp_success(rnp_key_get_uid_count(key, &count));
+ assert_int_equal(count, 3);
+ uint32_t expiry = 10;
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, 0);
+ bool expired = true;
+ assert_rnp_failure(rnp_key_is_expired(key, NULL));
+ assert_rnp_failure(rnp_key_is_expired(NULL, &expired));
+ rnp_key_handle_t bkey = bogus_key_handle(ffi);
+ assert_non_null(bkey);
+ assert_rnp_failure(rnp_key_is_expired(bkey, &expired));
+ rnp_key_handle_destroy(bkey);
+ assert_rnp_success(rnp_key_is_expired(key, &expired));
+ assert_false(expired);
+ assert_true(check_uid_valid(key, 0, true));
+ assert_true(check_uid_valid(key, 1, true));
+ assert_true(check_uid_valid(key, 2, true));
+ assert_true(check_uid_primary(key, 0, false));
+ assert_true(check_uid_primary(key, 1, false));
+ assert_true(check_uid_primary(key, 2, false));
+ /* set expiration time to minimum value so key is expired now, but uids are still valid */
+ assert_rnp_success(rnp_key_set_expiration(key, 1));
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, 1);
+ assert_rnp_success(rnp_key_is_expired(key, &expired));
+ assert_true(expired);
+ bool valid = true;
+ assert_rnp_success(rnp_key_is_valid(key, &valid));
+ assert_false(valid);
+ assert_true(check_uid_valid(key, 0, true));
+ assert_true(check_uid_valid(key, 1, true));
+ assert_true(check_uid_valid(key, 2, true));
+ /* reload */
+ rnp_key_handle_destroy(key);
+ reload_keyrings(&ffi);
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key));
+ assert_non_null(key);
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, 1);
+ assert_rnp_success(rnp_key_is_expired(key, &expired));
+ assert_true(expired);
+ assert_true(check_uid_valid(key, 0, true));
+ assert_true(check_uid_valid(key, 1, true));
+ assert_true(check_uid_valid(key, 2, true));
+ /* set expiration to maximum value */
+ assert_rnp_success(
+ rnp_ffi_set_pass_provider(ffi, ffi_string_password_provider, (void *) "password"));
+ assert_rnp_success(rnp_key_set_expiration(key, 0xFFFFFFFF));
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, 0xFFFFFFFF);
+ valid = false;
+ assert_rnp_success(rnp_key_is_valid(key, &valid));
+ assert_true(valid);
+ assert_rnp_success(rnp_key_is_expired(key, &expired));
+ assert_false(expired);
+ assert_true(check_uid_valid(key, 0, true));
+ assert_true(check_uid_valid(key, 1, true));
+ assert_true(check_uid_valid(key, 2, true));
+ rnp_key_handle_destroy(key);
+ /* reload and make sure changes are saved */
+ reload_keyrings(&ffi);
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Caesar <caesar@rnp>", &key));
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, 0xFFFFFFFF);
+ assert_true(check_uid_valid(key, 0, true));
+ assert_true(check_uid_valid(key, 1, true));
+ assert_true(check_uid_valid(key, 2, true));
+ rnp_key_handle_destroy(key);
+
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ /* load key with 3 uids, including primary, with key expiration */
+ assert_true(
+ import_all_keys(ffi, "data/test_key_edge_cases/alice-3-uids-primary-expiring.pgp"));
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key));
+ expiry = 0;
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, 674700647);
+ assert_rnp_success(rnp_key_is_expired(key, &expired));
+ assert_false(expired);
+ assert_true(check_uid_valid(key, 0, true));
+ assert_true(check_uid_valid(key, 1, true));
+ assert_true(check_uid_valid(key, 2, true));
+ assert_true(check_uid_primary(key, 0, true));
+ assert_true(check_uid_primary(key, 1, false));
+ assert_true(check_uid_primary(key, 2, false));
+ assert_rnp_success(rnp_key_unlock(key, "password"));
+ assert_rnp_success(rnp_key_set_expiration(key, 0));
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, 0);
+ assert_rnp_success(rnp_key_is_expired(key, &expired));
+ assert_false(expired);
+ valid = false;
+ assert_rnp_success(rnp_key_is_valid(key, &valid));
+ assert_true(valid);
+ assert_true(check_uid_valid(key, 0, true));
+ assert_true(check_uid_valid(key, 1, true));
+ assert_true(check_uid_valid(key, 2, true));
+ rnp_key_handle_destroy(key);
+ /* reload and make sure it is saved */
+ reload_keyrings(&ffi);
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Caesar <caesar@rnp>", &key));
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, 0);
+ assert_true(check_uid_valid(key, 0, true));
+ assert_true(check_uid_valid(key, 1, true));
+ assert_true(check_uid_valid(key, 2, true));
+ assert_true(check_uid_primary(key, 0, true));
+ rnp_key_handle_destroy(key);
+
+ rnp_ffi_destroy(ffi);
+}
+
+TEST_F(rnp_tests, test_ffi_key_primary_uid_conflict)
+{
+ rnp_ffi_t ffi = NULL;
+ assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG"));
+ assert_rnp_success(
+ rnp_ffi_set_pass_provider(ffi, ffi_string_password_provider, (void *) "password"));
+
+ /* load key with 1 uid and two certifications: first marks uid primary, but expires key
+ * second marks uid as non-primary, but has zero key expiration */
+ assert_true(
+ import_all_keys(ffi, "data/test_key_edge_cases/key-primary-uid-conflict-pub.pgp"));
+ rnp_key_handle_t key = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "userid_2_sigs", &key));
+ assert_int_equal(get_key_uids(key), 1);
+ assert_int_equal(get_key_expiry(key), 0);
+ assert_true(check_key_valid(key, true));
+ assert_true(check_uid_valid(key, 0, true));
+ assert_true(check_uid_primary(key, 0, false));
+ rnp_key_handle_destroy(key);
+ rnp_ffi_destroy(ffi);
+}
+
+TEST_F(rnp_tests, test_ffi_key_expired_certification_and_direct_sig)
+{
+ rnp_ffi_t ffi = NULL;
+ assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG"));
+ assert_rnp_success(
+ rnp_ffi_set_pass_provider(ffi, ffi_string_password_provider, (void *) "password"));
+
+ /* load key with 2 uids and direct-key signature:
+ * - direct-key sig has 0 key expiration time but expires in 30 seconds
+ * - first uid is not primary, but key expiration is 60 seconds
+ * - second uid is marked as primary, doesn't expire key, but certification expires in 60
+ * seconds */
+ assert_true(import_all_keys(ffi, "data/test_key_edge_cases/key-expired-cert-direct.pgp"));
+ rnp_key_handle_t key = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "primary-uid-expired-cert", &key));
+ assert_null(key);
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "expired-certifications", &key));
+ assert_non_null(key);
+ assert_int_equal(get_key_uids(key), 2);
+ assert_int_equal(get_key_expiry(key), 60);
+ rnp_signature_handle_t sig = NULL;
+ assert_rnp_success(rnp_key_get_signature_at(key, 0, &sig));
+ assert_non_null(sig);
+ assert_int_equal(rnp_signature_is_valid(sig, 0), RNP_ERROR_SIGNATURE_EXPIRED);
+ rnp_signature_handle_destroy(sig);
+ assert_true(check_key_valid(key, false));
+ assert_true(check_uid_valid(key, 0, true));
+ assert_true(check_uid_primary(key, 0, false));
+ assert_true(check_uid_valid(key, 1, false));
+ assert_true(check_uid_primary(key, 1, false));
+ rnp_key_handle_destroy(key);
+ rnp_ffi_destroy(ffi);
+}
+
+TEST_F(rnp_tests, test_ffi_key_25519_tweaked_bits)
+{
+ rnp_ffi_t ffi = NULL;
+ assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG"));
+ /* try public key */
+ assert_true(import_all_keys(ffi, "data/test_key_edge_cases/key-25519-non-tweaked.asc"));
+ rnp_key_handle_t sub = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "950EE0CD34613DBA", &sub));
+ bool tweaked = true;
+ assert_rnp_failure(rnp_key_25519_bits_tweaked(NULL, &tweaked));
+ assert_rnp_failure(rnp_key_25519_bits_tweaked(sub, NULL));
+ assert_rnp_failure(rnp_key_25519_bits_tweaked(sub, &tweaked));
+ assert_rnp_failure(rnp_key_25519_bits_tweak(NULL));
+ assert_rnp_failure(rnp_key_25519_bits_tweak(sub));
+ rnp_key_handle_destroy(sub);
+ /* load secret key */
+ assert_true(
+ import_all_keys(ffi, "data/test_key_edge_cases/key-25519-non-tweaked-sec.asc"));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "950EE0CD34613DBA", &sub));
+ assert_rnp_failure(rnp_key_25519_bits_tweaked(NULL, &tweaked));
+ assert_rnp_failure(rnp_key_25519_bits_tweaked(sub, NULL));
+ assert_rnp_success(rnp_key_25519_bits_tweaked(sub, &tweaked));
+ assert_false(tweaked);
+ /* protect key and try again */
+ assert_rnp_success(rnp_key_protect(sub, "password", NULL, NULL, NULL, 100000));
+ assert_rnp_failure(rnp_key_25519_bits_tweaked(sub, &tweaked));
+ assert_rnp_success(rnp_key_unlock(sub, "password"));
+ tweaked = true;
+ assert_rnp_success(rnp_key_25519_bits_tweaked(sub, &tweaked));
+ assert_false(tweaked);
+ assert_rnp_success(rnp_key_lock(sub));
+ assert_rnp_failure(rnp_key_25519_bits_tweaked(sub, &tweaked));
+ /* now let's tweak it */
+ assert_rnp_failure(rnp_key_25519_bits_tweak(NULL));
+ assert_rnp_failure(rnp_key_25519_bits_tweak(sub));
+ assert_rnp_success(rnp_key_unlock(sub, "password"));
+ assert_rnp_failure(rnp_key_25519_bits_tweak(sub));
+ assert_rnp_success(rnp_key_unprotect(sub, "password"));
+ assert_rnp_success(rnp_key_25519_bits_tweak(sub));
+ assert_rnp_success(rnp_key_25519_bits_tweaked(sub, &tweaked));
+ assert_true(tweaked);
+ /* export unprotected key */
+ rnp_key_handle_t key = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "3176FC1486AA2528", &key));
+ auto clearsecdata = export_key(key, true, true);
+ rnp_key_handle_destroy(key);
+ assert_rnp_success(rnp_key_protect(sub, "password", NULL, NULL, NULL, 100000));
+ rnp_key_handle_destroy(sub);
+ /* make sure it is exported and saved tweaked and protected */
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "3176FC1486AA2528", &key));
+ auto secdata = export_key(key, true, true);
+ rnp_key_handle_destroy(key);
+ reload_keyrings(&ffi);
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "950EE0CD34613DBA", &sub));
+ bool prot = false;
+ assert_rnp_success(rnp_key_is_protected(sub, &prot));
+ assert_true(prot);
+ assert_rnp_success(rnp_key_unlock(sub, "password"));
+ tweaked = false;
+ assert_rnp_success(rnp_key_25519_bits_tweaked(sub, &tweaked));
+ assert_true(tweaked);
+ rnp_key_handle_destroy(sub);
+ rnp_ffi_destroy(ffi);
+ /* import cleartext exported key */
+ assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG"));
+ assert_true(import_all_keys(ffi, clearsecdata.data(), clearsecdata.size()));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "950EE0CD34613DBA", &sub));
+ prot = true;
+ assert_rnp_success(rnp_key_is_protected(sub, &prot));
+ assert_false(prot);
+ tweaked = false;
+ assert_rnp_success(rnp_key_25519_bits_tweaked(sub, &tweaked));
+ assert_true(tweaked);
+ rnp_key_handle_destroy(sub);
+ rnp_ffi_destroy(ffi);
+ /* import exported key */
+ assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG"));
+ assert_true(import_all_keys(ffi, secdata.data(), secdata.size()));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "950EE0CD34613DBA", &sub));
+ prot = false;
+ assert_rnp_success(rnp_key_is_protected(sub, &prot));
+ assert_true(prot);
+ assert_rnp_success(rnp_key_unlock(sub, "password"));
+ tweaked = false;
+ assert_rnp_success(rnp_key_25519_bits_tweaked(sub, &tweaked));
+ assert_true(tweaked);
+ rnp_key_handle_destroy(sub);
+ rnp_ffi_destroy(ffi);
+}
+
+TEST_F(rnp_tests, test_ffi_key_revoke)
+{
+ rnp_ffi_t ffi = NULL;
+
+ assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG"));
+ assert_true(import_pub_keys(ffi, "data/test_key_validity/alice-sub-pub.pgp"));
+ rnp_key_handle_t key_handle = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key_handle));
+ /* check for failure with wrong parameters */
+ assert_rnp_failure(rnp_key_revoke(NULL, 0, "SHA256", "superseded", "test key revocation"));
+ assert_rnp_failure(rnp_key_revoke(key_handle, 0, "SHA256", NULL, NULL));
+ assert_rnp_failure(rnp_key_revoke(key_handle, 0x17, "SHA256", NULL, NULL));
+ assert_rnp_failure(rnp_key_revoke(key_handle, 0, "Wrong hash", NULL, NULL));
+ assert_rnp_failure(rnp_key_revoke(key_handle, 0, "SHA256", "Wrong reason code", NULL));
+ /* attempt to revoke key without the secret */
+ assert_rnp_failure(rnp_key_revoke(key_handle, 0, "SHA256", "retired", "Custom reason"));
+ assert_rnp_success(rnp_key_handle_destroy(key_handle));
+ /* attempt to revoke subkey without the secret */
+ rnp_key_handle_t sub_handle = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "DD23CEB7FEBEFF17", &sub_handle));
+ assert_rnp_failure(rnp_key_revoke(sub_handle, 0, "SHA256", "retired", "Custom reason"));
+ assert_rnp_success(rnp_key_handle_destroy(sub_handle));
+ /* load secret key */
+ assert_true(import_sec_keys(ffi, "data/test_key_validity/alice-sub-sec.pgp"));
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key_handle));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "DD23CEB7FEBEFF17", &sub_handle));
+ /* wrong password - must fail */
+ assert_rnp_success(
+ rnp_ffi_set_pass_provider(ffi, ffi_string_password_provider, (void *) "wrong"));
+ assert_rnp_failure(rnp_key_revoke(key_handle, 0, "SHA256", "superseded", NULL));
+ assert_rnp_failure(rnp_key_revoke(sub_handle, 0, "SHA256", "superseded", NULL));
+ /* unlocked key - must succeed */
+ bool revoked = false;
+ assert_rnp_success(rnp_key_is_revoked(key_handle, &revoked));
+ assert_false(revoked);
+ assert_rnp_success(rnp_key_unlock(key_handle, "password"));
+ assert_rnp_success(rnp_key_revoke(key_handle, 0, "SHA256", NULL, NULL));
+ assert_rnp_success(rnp_key_is_revoked(key_handle, &revoked));
+ assert_true(revoked);
+ /* subkey */
+ assert_rnp_success(rnp_key_is_revoked(sub_handle, &revoked));
+ assert_false(revoked);
+ bool locked = true;
+ assert_rnp_success(rnp_key_is_locked(key_handle, &locked));
+ assert_false(locked);
+ assert_rnp_success(rnp_key_revoke(sub_handle, 0, "SHA256", NULL, "subkey revoked"));
+ assert_rnp_success(rnp_key_is_revoked(sub_handle, &revoked));
+ assert_true(revoked);
+ assert_rnp_success(rnp_key_lock(key_handle));
+ assert_rnp_success(rnp_key_handle_destroy(key_handle));
+ assert_rnp_success(rnp_key_handle_destroy(sub_handle));
+ /* correct password provider - must succeed */
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_SECRET | RNP_KEY_UNLOAD_PUBLIC));
+ assert_true(import_sec_keys(ffi, "data/test_key_validity/alice-sub-sec.pgp"));
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key_handle));
+ assert_rnp_success(
+ rnp_ffi_set_pass_provider(ffi, ffi_string_password_provider, (void *) "password"));
+ assert_rnp_success(rnp_key_is_revoked(key_handle, &revoked));
+ assert_false(revoked);
+ assert_rnp_success(
+ rnp_key_revoke(key_handle, 0, "SHA256", "superseded", "test key revocation"));
+ assert_rnp_success(rnp_key_is_revoked(key_handle, &revoked));
+ assert_true(revoked);
+ /* make sure FFI locks key back */
+ assert_rnp_success(rnp_key_is_locked(key_handle, &locked));
+ assert_true(locked);
+ assert_rnp_success(rnp_key_handle_destroy(key_handle));
+ /* repeat for subkey */
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "DD23CEB7FEBEFF17", &sub_handle));
+ assert_rnp_success(rnp_key_is_revoked(sub_handle, &revoked));
+ assert_false(revoked);
+ assert_rnp_success(rnp_key_revoke(sub_handle, 0, "SHA256", "no", "test sub revocation"));
+ assert_rnp_success(rnp_key_is_revoked(sub_handle, &revoked));
+ assert_true(revoked);
+ assert_rnp_success(rnp_key_handle_destroy(sub_handle));
+ assert_rnp_success(rnp_ffi_destroy(ffi));
+}
+
+TEST_F(rnp_tests, test_ffi_key_set_expiry)
+{
+ rnp_ffi_t ffi = NULL;
+ rnp_input_t input = NULL;
+
+ assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG"));
+ assert_true(import_pub_keys(ffi, "data/test_key_validity/alice-sub-pub.pgp"));
+
+ /* check edge cases */
+ assert_rnp_failure(rnp_key_set_expiration(NULL, 0));
+ rnp_key_handle_t key = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key));
+ /* cannot set key expiration with public key only */
+ assert_rnp_failure(rnp_key_set_expiration(key, 1000));
+ rnp_key_handle_t sub = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "DD23CEB7FEBEFF17", &sub));
+ assert_rnp_failure(rnp_key_set_expiration(sub, 1000));
+ assert_rnp_success(rnp_key_handle_destroy(key));
+ assert_rnp_success(rnp_key_handle_destroy(sub));
+
+ /* load secret key */
+ assert_true(import_sec_keys(ffi, "data/test_key_validity/alice-sub-sec.pgp"));
+ uint32_t expiry = 0;
+ const uint32_t new_expiry = 10 * 365 * 24 * 60 * 60;
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key));
+ expiry = 255;
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, 0);
+ assert_rnp_success(rnp_key_set_expiration(key, 0));
+ /* will fail on locked key */
+ assert_rnp_failure(rnp_key_set_expiration(key, new_expiry));
+ assert_rnp_success(rnp_key_unlock(key, "password"));
+ assert_rnp_success(rnp_key_set_expiration(key, new_expiry));
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, new_expiry);
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "DD23CEB7FEBEFF17", &sub));
+ /* will succeed on locked subkey since it is not signing one */
+ assert_rnp_success(rnp_key_set_expiration(sub, 0));
+ assert_rnp_success(rnp_key_set_expiration(sub, new_expiry * 2));
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, new_expiry * 2);
+ /* make sure new expiration times are properly saved */
+ rnp_output_t keymem = NULL;
+ rnp_output_t seckeymem = NULL;
+ assert_rnp_success(rnp_output_to_memory(&keymem, 0));
+ assert_rnp_success(
+ rnp_key_export(key, keymem, RNP_KEY_EXPORT_PUBLIC | RNP_KEY_EXPORT_SUBKEYS));
+ assert_rnp_success(rnp_output_to_memory(&seckeymem, 0));
+ assert_rnp_success(
+ rnp_key_export(key, seckeymem, RNP_KEY_EXPORT_SECRET | RNP_KEY_EXPORT_SUBKEYS));
+ assert_rnp_success(rnp_key_handle_destroy(key));
+ assert_rnp_success(rnp_key_handle_destroy(sub));
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ uint8_t *keybuf = NULL;
+ size_t keylen = 0;
+ assert_rnp_success(rnp_output_memory_get_buf(keymem, &keybuf, &keylen, false));
+ /* load public key */
+ assert_true(import_pub_keys(ffi, keybuf, keylen));
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key));
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, new_expiry);
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "DD23CEB7FEBEFF17", &sub));
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, new_expiry * 2);
+ assert_rnp_success(rnp_key_handle_destroy(key));
+ assert_rnp_success(rnp_key_handle_destroy(sub));
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ /* now load exported secret key */
+ assert_rnp_success(rnp_output_memory_get_buf(seckeymem, &keybuf, &keylen, false));
+ assert_true(import_sec_keys(ffi, keybuf, keylen));
+ assert_rnp_success(rnp_output_destroy(seckeymem));
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key));
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, new_expiry);
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "DD23CEB7FEBEFF17", &sub));
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, new_expiry * 2);
+ assert_rnp_success(rnp_key_handle_destroy(key));
+ assert_rnp_success(rnp_key_handle_destroy(sub));
+ /* now unset expiration time back, first loading the public key back */
+ assert_rnp_success(rnp_output_memory_get_buf(keymem, &keybuf, &keylen, false));
+ assert_true(import_pub_keys(ffi, keybuf, keylen));
+ assert_rnp_success(rnp_output_destroy(keymem));
+ /* set primary key expiration */
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key));
+ assert_rnp_success(rnp_key_unlock(key, "password"));
+ assert_rnp_success(rnp_key_set_expiration(key, 0));
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, 0);
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "DD23CEB7FEBEFF17", &sub));
+ assert_rnp_success(rnp_key_set_expiration(sub, 0));
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, 0);
+ /* let's export them and reload */
+ assert_rnp_success(rnp_output_to_memory(&keymem, 0));
+ assert_rnp_success(
+ rnp_key_export(key, keymem, RNP_KEY_EXPORT_PUBLIC | RNP_KEY_EXPORT_SUBKEYS));
+ assert_rnp_success(rnp_key_handle_destroy(key));
+ assert_rnp_success(rnp_key_handle_destroy(sub));
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ assert_rnp_success(rnp_output_memory_get_buf(keymem, &keybuf, &keylen, false));
+ assert_true(import_pub_keys(ffi, keybuf, keylen));
+ assert_rnp_success(rnp_output_destroy(keymem));
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key));
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, 0);
+ bool expired = true;
+ assert_rnp_success(rnp_key_is_expired(key, &expired));
+ assert_false(expired);
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "DD23CEB7FEBEFF17", &sub));
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, 0);
+ assert_rnp_success(rnp_key_handle_destroy(key));
+ assert_rnp_success(rnp_key_handle_destroy(sub));
+
+ /* now try the sign-able subkey */
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ assert_true(import_pub_keys(ffi, "data/test_key_validity/alice-sign-sub-pub.pgp"));
+ assert_true(import_sec_keys(ffi, "data/test_key_validity/alice-sign-sub-sec.pgp"));
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "22F3A217C0E439CB", &sub));
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, 0);
+ assert_rnp_failure(rnp_key_set_expiration(sub, new_expiry));
+ /* now unlock only primary key - should fail */
+ assert_rnp_success(rnp_key_unlock(key, "password"));
+ assert_rnp_failure(rnp_key_set_expiration(sub, new_expiry));
+ /* unlock subkey */
+ assert_rnp_success(rnp_key_unlock(sub, "password"));
+ assert_rnp_success(rnp_key_set_expiration(sub, new_expiry));
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, new_expiry);
+ assert_rnp_success(rnp_output_to_memory(&keymem, 0));
+ assert_rnp_success(
+ rnp_key_export(key, keymem, RNP_KEY_EXPORT_PUBLIC | RNP_KEY_EXPORT_SUBKEYS));
+ assert_rnp_success(rnp_key_handle_destroy(key));
+ assert_rnp_success(rnp_key_handle_destroy(sub));
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ assert_rnp_success(rnp_output_memory_get_buf(keymem, &keybuf, &keylen, false));
+ assert_true(import_pub_keys(ffi, keybuf, keylen));
+ assert_rnp_success(rnp_output_destroy(keymem));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "22F3A217C0E439CB", &sub));
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, new_expiry);
+ assert_rnp_success(rnp_key_handle_destroy(sub));
+
+ /* check whether we can change expiration for already expired key */
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ assert_true(import_pub_keys(ffi, "data/test_key_validity/alice-sign-sub-pub.pgp"));
+ assert_true(import_sec_keys(ffi, "data/test_key_validity/alice-sign-sub-sec.pgp"));
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "22F3A217C0E439CB", &sub));
+ assert_rnp_success(rnp_key_unlock(key, "password"));
+ assert_rnp_success(rnp_key_unlock(sub, "password"));
+ assert_rnp_success(rnp_key_set_expiration(key, 1));
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, 1);
+ assert_rnp_success(rnp_key_is_expired(key, &expired));
+ assert_true(expired);
+
+ /* key is invalid since it is expired */
+ assert_false(key->pub->valid());
+ bool valid = true;
+ assert_rnp_success(rnp_key_is_valid(key, &valid));
+ assert_false(valid);
+ uint32_t till = 0;
+ assert_rnp_success(rnp_key_valid_till(key, &till));
+ assert_int_equal(till, 1577369391 + 1);
+ uint64_t till64 = 0;
+ assert_rnp_success(rnp_key_valid_till64(key, &till64));
+ assert_int_equal(till64, 1577369391 + 1);
+ assert_rnp_success(rnp_key_set_expiration(sub, 1));
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, 1);
+ assert_false(sub->pub->valid());
+ valid = true;
+ assert_rnp_success(rnp_key_is_valid(sub, &valid));
+ assert_false(valid);
+ till = 1;
+ assert_rnp_success(rnp_key_valid_till(sub, &till));
+ assert_int_equal(till, 1577369391 + 1);
+ assert_rnp_success(rnp_key_valid_till64(sub, &till64));
+ assert_int_equal(till64, 1577369391 + 1);
+ assert_rnp_success(rnp_key_set_expiration(key, 0));
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, 0);
+ assert_true(key->pub->valid());
+ assert_rnp_success(rnp_key_is_valid(key, &valid));
+ assert_true(valid);
+ assert_rnp_success(rnp_key_valid_till(key, &till));
+ assert_int_equal(till, 0xffffffff);
+ assert_rnp_success(rnp_key_valid_till64(key, &till64));
+ assert_int_equal(till64, UINT64_MAX);
+ assert_rnp_success(rnp_key_set_expiration(sub, 0));
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, 0);
+ assert_true(sub->pub->valid());
+ valid = false;
+ assert_rnp_success(rnp_key_is_valid(sub, &valid));
+ assert_true(valid);
+ till = 0;
+ assert_rnp_success(rnp_key_valid_till(sub, &till));
+ assert_int_equal(till, 0xffffffff);
+ till64 = 0;
+ assert_rnp_success(rnp_key_valid_till64(sub, &till64));
+ assert_int_equal(till64, UINT64_MAX);
+ assert_rnp_success(rnp_key_handle_destroy(key));
+ assert_rnp_success(rnp_key_handle_destroy(sub));
+
+ /* check whether we can change expiration with password provider/locked key */
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ assert_true(import_pub_keys(ffi, "data/test_key_validity/alice-sign-sub-pub.pgp"));
+ assert_true(import_sec_keys(ffi, "data/test_key_validity/alice-sign-sub-sec.pgp"));
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "22F3A217C0E439CB", &sub));
+
+ assert_rnp_success(
+ rnp_ffi_set_pass_provider(ffi, ffi_string_password_provider, (void *) "wrong"));
+ assert_rnp_failure(rnp_key_set_expiration(key, 1));
+ expiry = 255;
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, 0);
+ assert_rnp_failure(rnp_key_set_expiration(sub, 1));
+ expiry = 255;
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, 0);
+
+ bool locked = true;
+ assert_rnp_success(rnp_key_is_locked(key, &locked));
+ assert_true(locked);
+ locked = false;
+ assert_rnp_success(rnp_key_is_locked(sub, &locked));
+ assert_true(locked);
+ assert_rnp_success(
+ rnp_ffi_set_pass_provider(ffi, ffi_string_password_provider, (void *) "password"));
+ uint32_t creation = 0;
+ assert_rnp_success(rnp_key_get_creation(key, &creation));
+ creation = time(NULL) - creation;
+ assert_rnp_success(rnp_key_set_expiration(key, creation + 8));
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, creation + 8);
+ locked = false;
+ assert_rnp_success(rnp_key_is_locked(key, &locked));
+ assert_true(locked);
+ assert_rnp_success(rnp_key_get_creation(sub, &creation));
+ creation = time(NULL) - creation;
+ assert_rnp_success(rnp_key_set_expiration(sub, creation + 3));
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, creation + 3);
+ locked = false;
+ assert_rnp_success(rnp_key_is_locked(sub, &locked));
+ assert_true(locked);
+ locked = false;
+ assert_rnp_success(rnp_key_is_locked(key, &locked));
+ assert_true(locked);
+
+ /* now change just subkey's expiration - should also work */
+ valid = false;
+ assert_rnp_success(rnp_key_is_valid(key, &valid));
+ assert_true(valid);
+ assert_rnp_success(rnp_key_set_expiration(sub, 4));
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, 4);
+ assert_rnp_success(rnp_key_is_expired(sub, &expired));
+ assert_true(expired);
+ locked = false;
+ assert_rnp_success(rnp_key_is_locked(sub, &locked));
+ assert_true(locked);
+ locked = false;
+ assert_rnp_success(rnp_key_is_locked(key, &locked));
+ assert_true(locked);
+
+ assert_rnp_success(rnp_key_handle_destroy(key));
+ assert_rnp_success(rnp_key_handle_destroy(sub));
+
+ /* now try to update already expired key and subkey */
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ assert_true(import_pub_keys(ffi, "data/test_key_validity/alice-sign-sub-exp-pub.asc"));
+ assert_true(import_sec_keys(ffi, "data/test_key_validity/alice-sign-sub-exp-sec.asc"));
+ /* Alice key is searchable by userid since self-sig is not expired, and it just marks key
+ * as expired */
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key));
+ assert_non_null(key);
+ assert_rnp_success(rnp_key_handle_destroy(key));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "0451409669FFDE3C", &key));
+ assert_non_null(key);
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "22F3A217C0E439CB", &sub));
+ assert_rnp_success(rnp_key_is_valid(key, &valid));
+ /* key is not valid since expired */
+ assert_false(valid);
+ assert_rnp_success(rnp_key_valid_till(key, &till));
+ assert_int_equal(till, 1577369391 + 16324055);
+ assert_rnp_success(rnp_key_valid_till64(key, &till64));
+ assert_int_equal(till64, 1577369391 + 16324055);
+ assert_false(key->pub->valid());
+ /* secret key part is also not valid till new sig is added */
+ assert_false(key->sec->valid());
+ assert_rnp_success(rnp_key_is_valid(sub, &valid));
+ assert_false(valid);
+ assert_rnp_success(rnp_key_valid_till(sub, &till));
+ /* subkey valid no longer then the primary key */
+ assert_int_equal(till, 1577369391 + 16324055);
+ assert_rnp_success(rnp_key_valid_till64(sub, &till64));
+ assert_int_equal(till64, 1577369391 + 16324055);
+ assert_false(sub->pub->valid());
+ assert_false(sub->sec->valid());
+ creation = 0;
+ uint32_t validity = 2 * 30 * 24 * 60 * 60; // 2 monthes
+ assert_rnp_success(rnp_key_get_creation(key, &creation));
+ uint32_t keytill = creation + validity;
+ creation = time(NULL) - creation;
+ keytill += creation;
+ assert_rnp_success(rnp_key_set_expiration(key, creation + validity));
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, creation + validity);
+ assert_rnp_success(rnp_key_get_creation(sub, &creation));
+ /* use smaller validity for the subkey */
+ validity = validity / 2;
+ uint32_t subtill = creation + validity;
+ creation = time(NULL) - creation;
+ subtill += creation;
+ assert_rnp_success(rnp_key_set_expiration(sub, creation + validity));
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, creation + validity);
+ assert_rnp_success(rnp_key_is_valid(key, &valid));
+ assert_true(valid);
+ assert_rnp_success(rnp_key_valid_till(key, &till));
+ assert_int_equal(till, keytill);
+ assert_rnp_success(rnp_key_valid_till64(key, &till64));
+ assert_int_equal(till64, keytill);
+ assert_true(key->pub->valid());
+ assert_true(key->sec->valid());
+ assert_rnp_success(rnp_key_is_valid(sub, &valid));
+ assert_true(valid);
+ assert_rnp_success(rnp_key_valid_till(sub, &till));
+ assert_int_equal(till, subtill);
+ assert_rnp_success(rnp_key_valid_till64(sub, &till64));
+ assert_int_equal(till64, subtill);
+ assert_true(sub->pub->valid());
+ assert_true(sub->sec->valid());
+ assert_rnp_success(rnp_key_handle_destroy(key));
+ assert_rnp_success(rnp_key_handle_destroy(sub));
+
+ /* update expiration time when only secret key is available */
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC));
+ assert_rnp_success(rnp_locate_key(ffi, "userid", "Alice <alice@rnp>", &key));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "22F3A217C0E439CB", &sub));
+ validity = 30 * 24 * 60 * 60; // 1 month
+ assert_rnp_success(rnp_key_get_creation(key, &creation));
+ creation = time(NULL) - creation;
+ assert_rnp_success(rnp_key_set_expiration(key, creation + validity));
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, creation + validity);
+ assert_rnp_success(rnp_key_get_creation(sub, &creation));
+ creation = time(NULL) - creation;
+ assert_rnp_success(rnp_key_set_expiration(sub, creation + validity));
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, creation + validity);
+ /* public key is not available - bad parameters */
+ assert_int_equal(rnp_key_is_valid(key, &valid), RNP_ERROR_BAD_PARAMETERS);
+ assert_int_equal(rnp_key_valid_till(key, &till), RNP_ERROR_BAD_PARAMETERS);
+ assert_int_equal(rnp_key_valid_till64(key, &till64), RNP_ERROR_BAD_PARAMETERS);
+ assert_null(key->pub);
+ assert_true(key->sec->valid());
+ assert_int_equal(rnp_key_is_valid(sub, &valid), RNP_ERROR_BAD_PARAMETERS);
+ assert_int_equal(rnp_key_valid_till(sub, &till), RNP_ERROR_BAD_PARAMETERS);
+ assert_int_equal(rnp_key_valid_till64(sub, &till64), RNP_ERROR_BAD_PARAMETERS);
+ assert_null(sub->pub);
+ assert_true(sub->sec->valid());
+ assert_rnp_success(rnp_key_handle_destroy(key));
+ assert_rnp_success(rnp_key_handle_destroy(sub));
+ assert_rnp_success(rnp_ffi_destroy(ffi));
+
+ /* check whether things work for G10 keyring */
+ assert_rnp_success(rnp_ffi_create(&ffi, "KBX", "G10"));
+ assert_rnp_success(
+ rnp_ffi_set_pass_provider(ffi, ffi_string_password_provider, (void *) "password"));
+ assert_true(load_keys_kbx_g10(
+ ffi, "data/keyrings/3/pubring.kbx", "data/keyrings/3/private-keys-v1.d"));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "4BE147BB22DF1E60", &key));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "A49BAE05C16E8BC8", &sub));
+ assert_rnp_success(rnp_key_get_creation(key, &creation));
+ keytill = creation + validity;
+ creation = time(NULL) - creation;
+ keytill += creation;
+ assert_rnp_success(rnp_key_set_expiration(key, creation + validity));
+ expiry = 255;
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, creation + validity);
+ size_t key_expiry = expiry;
+ assert_rnp_success(rnp_key_get_creation(sub, &creation));
+ creation = time(NULL) - creation;
+ assert_rnp_success(rnp_key_set_expiration(sub, creation + validity));
+ expiry = 255;
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, creation + validity);
+ size_t sub_expiry = expiry;
+ assert_rnp_success(rnp_key_is_valid(key, &valid));
+ assert_true(valid);
+ assert_rnp_success(rnp_key_valid_till(key, &till));
+ assert_int_equal(till, keytill);
+ assert_rnp_success(rnp_key_valid_till64(key, &till64));
+ assert_int_equal(till64, keytill);
+ assert_true(key->pub->valid());
+ assert_true(key->sec->valid());
+ assert_rnp_success(rnp_key_is_valid(sub, &valid));
+ assert_true(valid);
+ assert_rnp_success(rnp_key_valid_till(sub, &till));
+ assert_int_equal(till, keytill);
+ assert_rnp_success(rnp_key_valid_till64(sub, &till64));
+ assert_int_equal(till64, keytill);
+ assert_true(sub->pub->valid());
+ assert_true(sub->sec->valid());
+ assert_rnp_success(rnp_key_handle_destroy(key));
+ assert_rnp_success(rnp_key_handle_destroy(sub));
+
+ /* save keyring to KBX and reload it: fails now */
+ rnp_output_t output = NULL;
+ assert_rnp_success(rnp_output_to_path(&output, "pubring.kbx"));
+ assert_rnp_success(rnp_save_keys(ffi, "KBX", output, RNP_LOAD_SAVE_PUBLIC_KEYS));
+ assert_rnp_success(rnp_output_destroy(output));
+ assert_rnp_success(rnp_ffi_destroy(ffi));
+ assert_rnp_success(rnp_ffi_create(&ffi, "KBX", "G10"));
+ assert_rnp_success(rnp_input_from_path(&input, "pubring.kbx"));
+ /* Saving to KBX doesn't work well, or was broken at some point. */
+ assert_rnp_failure(rnp_import_keys(ffi, input, RNP_LOAD_SAVE_PUBLIC_KEYS, NULL));
+ assert_rnp_success(rnp_input_destroy(input));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "4BE147BB22DF1E60", &key));
+ assert_null(key);
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "A49BAE05C16E8BC8", &sub));
+ assert_null(sub);
+ expiry = 255;
+ assert_rnp_failure(rnp_key_get_expiration(key, &expiry));
+ assert_int_not_equal(expiry, key_expiry);
+ expiry = 255;
+ assert_rnp_failure(rnp_key_get_expiration(sub, &expiry));
+ assert_int_not_equal(expiry, sub_expiry);
+ assert_rnp_success(rnp_key_handle_destroy(key));
+ assert_rnp_success(rnp_key_handle_destroy(sub));
+ assert_int_equal(rnp_unlink("pubring.kbx"), 0);
+ assert_rnp_success(rnp_ffi_destroy(ffi));
+
+ /* load G10/KBX and unload public keys - must succeed */
+ assert_rnp_success(rnp_ffi_create(&ffi, "KBX", "G10"));
+ assert_rnp_success(
+ rnp_ffi_set_pass_provider(ffi, ffi_string_password_provider, (void *) "password"));
+ assert_true(load_keys_kbx_g10(
+ ffi, "data/keyrings/3/pubring.kbx", "data/keyrings/3/private-keys-v1.d"));
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "4BE147BB22DF1E60", &key));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "A49BAE05C16E8BC8", &sub));
+ assert_rnp_success(rnp_key_get_creation(key, &creation));
+ creation = time(NULL) - creation;
+ assert_rnp_success(rnp_key_set_expiration(key, creation + validity));
+ assert_rnp_success(rnp_key_get_expiration(key, &expiry));
+ assert_int_equal(expiry, creation + validity);
+ key_expiry = expiry;
+ assert_rnp_success(rnp_key_get_creation(sub, &creation));
+ creation = time(NULL) - creation;
+ assert_rnp_success(rnp_key_set_expiration(sub, creation + validity));
+ assert_rnp_success(rnp_key_get_expiration(sub, &expiry));
+ assert_int_equal(expiry, creation + validity);
+ sub_expiry = expiry;
+ assert_rnp_success(rnp_key_handle_destroy(key));
+ assert_rnp_success(rnp_key_handle_destroy(sub));
+
+ // TODO: check expiration date in direct-key signature, check without
+ // self-signature/binding signature.
+
+ assert_rnp_success(rnp_ffi_destroy(ffi));
+}
+
+TEST_F(rnp_tests, test_ffi_key_get_protection_info)
+{
+ rnp_ffi_t ffi = NULL;
+ assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG"));
+
+ /* Edge cases - public key, NULL parameters, etc. */
+ assert_true(import_pub_keys(ffi, "data/test_key_validity/alice-sub-pub.pgp"));
+ rnp_key_handle_t key = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "0451409669FFDE3C", &key));
+ char *type = NULL;
+ assert_rnp_failure(rnp_key_get_protection_type(key, NULL));
+ assert_rnp_failure(rnp_key_get_protection_type(NULL, &type));
+ assert_rnp_failure(rnp_key_get_protection_type(key, &type));
+ char *mode = NULL;
+ assert_rnp_failure(rnp_key_get_protection_mode(key, NULL));
+ assert_rnp_failure(rnp_key_get_protection_mode(NULL, &mode));
+ assert_rnp_failure(rnp_key_get_protection_mode(key, &mode));
+ char *cipher = NULL;
+ assert_rnp_failure(rnp_key_get_protection_cipher(key, NULL));
+ assert_rnp_failure(rnp_key_get_protection_cipher(NULL, &cipher));
+ assert_rnp_failure(rnp_key_get_protection_cipher(key, &cipher));
+ char *hash = NULL;
+ assert_rnp_failure(rnp_key_get_protection_hash(key, NULL));
+ assert_rnp_failure(rnp_key_get_protection_hash(NULL, &hash));
+ assert_rnp_failure(rnp_key_get_protection_hash(key, &hash));
+ size_t iterations = 0;
+ assert_rnp_failure(rnp_key_get_protection_iterations(key, NULL));
+ assert_rnp_failure(rnp_key_get_protection_iterations(NULL, &iterations));
+ assert_rnp_failure(rnp_key_get_protection_iterations(key, &iterations));
+ rnp_key_handle_destroy(key);
+
+ /* Encrypted secret key with subkeys */
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC));
+ assert_true(import_all_keys(ffi, "data/test_key_validity/alice-sub-sec.pgp"));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "0451409669FFDE3C", &key));
+ assert_rnp_success(rnp_key_get_protection_type(key, &type));
+ assert_string_equal(type, "Encrypted-Hashed");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(key, &mode));
+ assert_string_equal(mode, "CFB");
+ rnp_buffer_destroy(mode);
+ assert_rnp_success(rnp_key_get_protection_cipher(key, &cipher));
+ assert_string_equal(cipher, "AES128");
+ rnp_buffer_destroy(cipher);
+ assert_rnp_success(rnp_key_get_protection_hash(key, &hash));
+ assert_string_equal(hash, "SHA1");
+ rnp_buffer_destroy(hash);
+ assert_rnp_success(rnp_key_get_protection_iterations(key, &iterations));
+ assert_int_equal(iterations, 22020096);
+ assert_rnp_success(rnp_key_unprotect(key, "password"));
+ assert_rnp_success(rnp_key_get_protection_type(key, &type));
+ assert_string_equal(type, "None");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(key, &mode));
+ assert_string_equal(mode, "None");
+ rnp_buffer_destroy(mode);
+ assert_rnp_failure(rnp_key_get_protection_cipher(key, &cipher));
+ assert_rnp_failure(rnp_key_get_protection_hash(key, &hash));
+ assert_rnp_failure(rnp_key_get_protection_iterations(key, &iterations));
+ rnp_key_handle_destroy(key);
+
+ rnp_key_handle_t sub = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "DD23CEB7FEBEFF17", &sub));
+ assert_rnp_success(rnp_key_get_protection_type(sub, &type));
+ assert_string_equal(type, "Encrypted-Hashed");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(sub, &mode));
+ assert_string_equal(mode, "CFB");
+ rnp_buffer_destroy(mode);
+ assert_rnp_success(rnp_key_get_protection_cipher(sub, &cipher));
+ assert_string_equal(cipher, "AES128");
+ rnp_buffer_destroy(cipher);
+ assert_rnp_success(rnp_key_get_protection_hash(sub, &hash));
+ assert_string_equal(hash, "SHA1");
+ rnp_buffer_destroy(hash);
+ assert_rnp_success(rnp_key_get_protection_iterations(sub, &iterations));
+ assert_int_equal(iterations, 22020096);
+ assert_rnp_success(rnp_key_unprotect(sub, "password"));
+ assert_rnp_success(rnp_key_get_protection_type(sub, &type));
+ assert_string_equal(type, "None");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(sub, &mode));
+ assert_string_equal(mode, "None");
+ rnp_buffer_destroy(mode);
+ assert_rnp_failure(rnp_key_get_protection_cipher(sub, &cipher));
+ assert_rnp_failure(rnp_key_get_protection_hash(sub, &hash));
+ assert_rnp_failure(rnp_key_get_protection_iterations(sub, &iterations));
+ rnp_key_handle_destroy(sub);
+
+ /* v3 secret key */
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ assert_true(import_pub_keys(ffi, "data/keyrings/4/pubring.pgp"));
+ assert_true(import_sec_keys(ffi, "data/keyrings/4/secring.pgp"));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "7D0BC10E933404C9", &key));
+ assert_rnp_success(rnp_key_get_protection_type(key, &type));
+ assert_string_equal(type, "Encrypted");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(key, &mode));
+ assert_string_equal(mode, "CFB");
+ rnp_buffer_destroy(mode);
+ assert_rnp_success(rnp_key_get_protection_cipher(key, &cipher));
+ assert_string_equal(cipher, "IDEA");
+ rnp_buffer_destroy(cipher);
+ assert_rnp_success(rnp_key_get_protection_hash(key, &hash));
+ assert_string_equal(hash, "MD5");
+ rnp_buffer_destroy(hash);
+ assert_rnp_success(rnp_key_get_protection_iterations(key, &iterations));
+ assert_int_equal(iterations, 1);
+ if (idea_enabled()) {
+ assert_rnp_success(rnp_key_unprotect(key, "password"));
+ assert_rnp_success(rnp_key_get_protection_type(key, &type));
+ assert_string_equal(type, "None");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(key, &mode));
+ assert_string_equal(mode, "None");
+ rnp_buffer_destroy(mode);
+ assert_rnp_failure(rnp_key_get_protection_cipher(key, &cipher));
+ assert_rnp_failure(rnp_key_get_protection_hash(key, &hash));
+ assert_rnp_failure(rnp_key_get_protection_iterations(key, &iterations));
+ } else {
+ assert_rnp_failure(rnp_key_unprotect(key, "password"));
+ assert_rnp_success(rnp_key_get_protection_type(key, &type));
+ assert_string_equal(type, "Encrypted");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(key, &mode));
+ assert_string_equal(mode, "CFB");
+ rnp_buffer_destroy(mode);
+ }
+ rnp_key_handle_destroy(key);
+
+ /* G10 keys */
+ rnp_ffi_destroy(ffi);
+ assert_rnp_success(rnp_ffi_create(&ffi, "KBX", "G10"));
+
+ assert_true(load_keys_kbx_g10(
+ ffi, "data/keyrings/3/pubring.kbx", "data/keyrings/3/private-keys-v1.d"));
+
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "4BE147BB22DF1E60", &key));
+ assert_rnp_success(rnp_key_get_protection_type(key, &type));
+ assert_string_equal(type, "Encrypted-Hashed");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(key, &mode));
+ assert_string_equal(mode, "CBC");
+ rnp_buffer_destroy(mode);
+ assert_rnp_success(rnp_key_get_protection_cipher(key, &cipher));
+ assert_string_equal(cipher, "AES128");
+ rnp_buffer_destroy(cipher);
+ assert_rnp_success(rnp_key_get_protection_hash(key, &hash));
+ assert_string_equal(hash, "SHA1");
+ rnp_buffer_destroy(hash);
+ assert_rnp_success(rnp_key_get_protection_iterations(key, &iterations));
+ assert_int_equal(iterations, 1024);
+ assert_rnp_success(rnp_key_unprotect(key, "password"));
+ assert_rnp_success(rnp_key_get_protection_type(key, &type));
+ assert_string_equal(type, "None");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(key, &mode));
+ assert_string_equal(mode, "None");
+ rnp_buffer_destroy(mode);
+ assert_rnp_failure(rnp_key_get_protection_cipher(key, &cipher));
+ assert_rnp_failure(rnp_key_get_protection_hash(key, &hash));
+ assert_rnp_failure(rnp_key_get_protection_iterations(key, &iterations));
+ rnp_key_handle_destroy(key);
+
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "A49BAE05C16E8BC8", &sub));
+ assert_rnp_success(rnp_key_get_protection_type(sub, &type));
+ assert_string_equal(type, "Encrypted-Hashed");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(sub, &mode));
+ assert_string_equal(mode, "CBC");
+ rnp_buffer_destroy(mode);
+ assert_rnp_success(rnp_key_get_protection_cipher(sub, &cipher));
+ assert_string_equal(cipher, "AES128");
+ rnp_buffer_destroy(cipher);
+ assert_rnp_success(rnp_key_get_protection_hash(sub, &hash));
+ assert_string_equal(hash, "SHA1");
+ rnp_buffer_destroy(hash);
+ assert_rnp_success(rnp_key_get_protection_iterations(sub, &iterations));
+ assert_int_equal(iterations, 1024);
+ assert_rnp_success(rnp_key_unprotect(sub, "password"));
+ assert_rnp_success(rnp_key_get_protection_type(sub, &type));
+ assert_string_equal(type, "None");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(sub, &mode));
+ assert_string_equal(mode, "None");
+ rnp_buffer_destroy(mode);
+ assert_rnp_failure(rnp_key_get_protection_cipher(sub, &cipher));
+ assert_rnp_failure(rnp_key_get_protection_hash(sub, &hash));
+ assert_rnp_failure(rnp_key_get_protection_iterations(sub, &iterations));
+ rnp_key_handle_destroy(sub);
+
+ /* Secret subkeys, exported via gpg --export-secret-subkeys (no primary secret key data) */
+ rnp_ffi_destroy(ffi);
+ assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG"));
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ assert_true(import_all_keys(ffi, "data/test_key_edge_cases/alice-s2k-101-1-subs.pgp"));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "0451409669FFDE3C", &key));
+ assert_rnp_success(rnp_key_get_protection_type(key, &type));
+ assert_string_equal(type, "GPG-None");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(key, &mode));
+ assert_string_equal(mode, "Unknown");
+ rnp_buffer_destroy(mode);
+ assert_rnp_failure(rnp_key_get_protection_cipher(key, &cipher));
+ assert_rnp_failure(rnp_key_get_protection_hash(key, &hash));
+ assert_rnp_failure(rnp_key_get_protection_iterations(key, &iterations));
+ rnp_key_handle_destroy(key);
+
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "DD23CEB7FEBEFF17", &sub));
+ assert_rnp_success(rnp_key_get_protection_type(sub, &type));
+ assert_string_equal(type, "Encrypted-Hashed");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(sub, &mode));
+ assert_string_equal(mode, "CFB");
+ rnp_buffer_destroy(mode);
+ assert_rnp_success(rnp_key_get_protection_cipher(sub, &cipher));
+ assert_string_equal(cipher, "AES128");
+ rnp_buffer_destroy(cipher);
+ assert_rnp_success(rnp_key_get_protection_hash(sub, &hash));
+ assert_string_equal(hash, "SHA1");
+ rnp_buffer_destroy(hash);
+ assert_rnp_success(rnp_key_get_protection_iterations(sub, &iterations));
+ assert_int_equal(iterations, 30408704);
+ assert_rnp_success(rnp_key_unprotect(sub, "password"));
+ assert_rnp_success(rnp_key_get_protection_type(sub, &type));
+ assert_string_equal(type, "None");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(sub, &mode));
+ assert_string_equal(mode, "None");
+ rnp_buffer_destroy(mode);
+ assert_rnp_failure(rnp_key_get_protection_cipher(sub, &cipher));
+ assert_rnp_failure(rnp_key_get_protection_hash(sub, &hash));
+ assert_rnp_failure(rnp_key_get_protection_iterations(sub, &iterations));
+ rnp_key_handle_destroy(sub);
+
+ /* secret subkey is available, but primary key is stored on the smartcard by gpg */
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ assert_true(import_all_keys(ffi, "data/test_key_edge_cases/alice-s2k-101-2-card.pgp"));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "0451409669FFDE3C", &key));
+ assert_rnp_success(rnp_key_get_protection_type(key, &type));
+ assert_string_equal(type, "GPG-Smartcard");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(key, &mode));
+ assert_string_equal(mode, "Unknown");
+ rnp_buffer_destroy(mode);
+ assert_rnp_failure(rnp_key_get_protection_cipher(key, &cipher));
+ assert_rnp_failure(rnp_key_get_protection_hash(key, &hash));
+ assert_rnp_failure(rnp_key_get_protection_iterations(key, &iterations));
+ rnp_key_handle_destroy(key);
+
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "DD23CEB7FEBEFF17", &sub));
+ assert_rnp_success(rnp_key_get_protection_type(sub, &type));
+ assert_string_equal(type, "Encrypted-Hashed");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(sub, &mode));
+ assert_string_equal(mode, "CFB");
+ rnp_buffer_destroy(mode);
+ assert_rnp_success(rnp_key_get_protection_cipher(sub, &cipher));
+ assert_string_equal(cipher, "AES128");
+ rnp_buffer_destroy(cipher);
+ assert_rnp_success(rnp_key_get_protection_hash(sub, &hash));
+ assert_string_equal(hash, "SHA1");
+ rnp_buffer_destroy(hash);
+ assert_rnp_success(rnp_key_get_protection_iterations(sub, &iterations));
+ assert_int_equal(iterations, 30408704);
+ assert_rnp_success(rnp_key_unprotect(sub, "password"));
+ assert_rnp_success(rnp_key_get_protection_type(sub, &type));
+ assert_string_equal(type, "None");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(sub, &mode));
+ assert_string_equal(mode, "None");
+ rnp_buffer_destroy(mode);
+ assert_rnp_failure(rnp_key_get_protection_cipher(sub, &cipher));
+ assert_rnp_failure(rnp_key_get_protection_hash(sub, &hash));
+ assert_rnp_failure(rnp_key_get_protection_iterations(sub, &iterations));
+ rnp_key_handle_destroy(sub);
+
+ /* primary key is stored with unknown gpg s2k */
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ assert_true(import_all_keys(ffi, "data/test_key_edge_cases/alice-s2k-101-3.pgp"));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "0451409669FFDE3C", &key));
+ assert_rnp_success(rnp_key_get_protection_type(key, &type));
+ assert_string_equal(type, "Unknown");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(key, &mode));
+ assert_string_equal(mode, "Unknown");
+ rnp_buffer_destroy(mode);
+ assert_rnp_failure(rnp_key_get_protection_cipher(key, &cipher));
+ assert_rnp_failure(rnp_key_get_protection_hash(key, &hash));
+ assert_rnp_failure(rnp_key_get_protection_iterations(key, &iterations));
+ rnp_key_handle_destroy(key);
+
+ /* primary key is stored with unknown s2k */
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ assert_true(import_all_keys(ffi, "data/test_key_edge_cases/alice-s2k-101-unknown.pgp"));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "0451409669FFDE3C", &key));
+ assert_rnp_success(rnp_key_get_protection_type(key, &type));
+ assert_string_equal(type, "Unknown");
+ rnp_buffer_destroy(type);
+ assert_rnp_success(rnp_key_get_protection_mode(key, &mode));
+ assert_string_equal(mode, "Unknown");
+ rnp_buffer_destroy(mode);
+ assert_rnp_failure(rnp_key_get_protection_cipher(key, &cipher));
+ assert_rnp_failure(rnp_key_get_protection_hash(key, &hash));
+ assert_rnp_failure(rnp_key_get_protection_iterations(key, &iterations));
+ rnp_key_handle_destroy(key);
+
+ rnp_ffi_destroy(ffi);
+}
+
+TEST_F(rnp_tests, test_ffi_key_default_subkey)
+{
+ rnp_ffi_t ffi = NULL;
+ rnp_key_handle_t primary = NULL;
+ rnp_key_handle_t def_key = NULL;
+ char * keyid = NULL;
+
+ test_ffi_init(&ffi);
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "7bc6709b15c23a4a", &primary));
+
+ /* bad parameters */
+ assert_rnp_failure(rnp_key_get_default_key(NULL, NULL, 0, NULL));
+ assert_rnp_failure(rnp_key_get_default_key(primary, NULL, 0, NULL));
+ assert_rnp_failure(rnp_key_get_default_key(primary, "nonexistentusage", 0, &def_key));
+ assert_rnp_failure(rnp_key_get_default_key(primary, "sign", UINT32_MAX, &def_key));
+ assert_rnp_failure(rnp_key_get_default_key(primary, "sign", 0, NULL));
+
+ assert_rnp_success(
+ rnp_key_get_default_key(primary, "encrypt", RNP_KEY_SUBKEYS_ONLY, &def_key));
+ assert_rnp_success(rnp_key_get_keyid(def_key, &keyid));
+ assert_string_equal(keyid, "8A05B89FAD5ADED1");
+ rnp_buffer_destroy(keyid);
+ rnp_key_handle_destroy(def_key);
+
+ /* no signing subkey */
+ assert_int_equal(RNP_ERROR_NO_SUITABLE_KEY,
+ rnp_key_get_default_key(primary, "sign", RNP_KEY_SUBKEYS_ONLY, &def_key));
+ assert_null(def_key);
+
+ /* primary key returned as a default one */
+ assert_rnp_success(rnp_key_get_default_key(primary, "sign", 0, &def_key));
+ assert_rnp_success(rnp_key_get_keyid(def_key, &keyid));
+ assert_string_equal(keyid, "7BC6709B15C23A4A");
+ rnp_buffer_destroy(keyid);
+ rnp_key_handle_destroy(def_key);
+
+ assert_rnp_success(rnp_key_get_default_key(primary, "certify", 0, &def_key));
+ assert_rnp_success(rnp_key_get_keyid(def_key, &keyid));
+ assert_string_equal(keyid, "7BC6709B15C23A4A");
+ rnp_buffer_destroy(keyid);
+ rnp_key_handle_destroy(def_key);
+
+ rnp_key_handle_destroy(primary);
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+
+ /* primary key with encrypting capability */
+ assert_true(import_pub_keys(ffi, "data/test_key_validity/encrypting-primary.pgp"));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "92091b7b76c50017", &primary));
+
+ assert_rnp_success(rnp_key_get_default_key(primary, "encrypt", 0, &def_key));
+ assert_rnp_success(rnp_key_get_keyid(def_key, &keyid));
+ assert_string_equal(keyid, "92091B7B76C50017");
+ rnp_buffer_destroy(keyid);
+ rnp_key_handle_destroy(def_key);
+
+ assert_rnp_success(
+ rnp_key_get_default_key(primary, "encrypt", RNP_KEY_SUBKEYS_ONLY, &def_key));
+ assert_rnp_success(rnp_key_get_keyid(def_key, &keyid));
+ assert_string_equal(keyid, "C2E243E872C1FE50");
+ rnp_buffer_destroy(keyid);
+ rnp_key_handle_destroy(def_key);
+ rnp_key_handle_destroy(primary);
+
+ /* offline primary key - must select a subkey */
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ assert_true(import_all_keys(ffi, "data/test_key_edge_cases/alice-s2k-101-1-subs.pgp"));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "0451409669FFDE3C", &primary));
+ def_key = NULL;
+ assert_rnp_success(rnp_key_get_default_key(primary, "sign", 0, &def_key));
+ assert_rnp_success(rnp_key_get_keyid(def_key, &keyid));
+ assert_string_equal(keyid, "22F3A217C0E439CB");
+ rnp_buffer_destroy(keyid);
+ rnp_key_handle_destroy(def_key);
+ rnp_key_handle_destroy(primary);
+ /* offline primary key, stored on card - must select a subkey */
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ assert_true(import_all_keys(ffi, "data/test_key_edge_cases/alice-s2k-101-2-card.pgp"));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "0451409669FFDE3C", &primary));
+ def_key = NULL;
+ assert_rnp_success(rnp_key_get_default_key(primary, "sign", 0, &def_key));
+ assert_rnp_success(rnp_key_get_keyid(def_key, &keyid));
+ assert_string_equal(keyid, "22F3A217C0E439CB");
+ rnp_buffer_destroy(keyid);
+ rnp_key_handle_destroy(def_key);
+ rnp_key_handle_destroy(primary);
+ /* offline primary key without the signing subkey - fail */
+ assert_rnp_success(rnp_unload_keys(ffi, RNP_KEY_UNLOAD_PUBLIC | RNP_KEY_UNLOAD_SECRET));
+ assert_true(
+ import_all_keys(ffi, "data/test_key_edge_cases/alice-s2k-101-no-sign-sub.pgp"));
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "0451409669FFDE3C", &primary));
+ def_key = NULL;
+ assert_int_equal(rnp_key_get_default_key(primary, "sign", 0, &def_key),
+ RNP_ERROR_NO_SUITABLE_KEY);
+ rnp_key_handle_destroy(primary);
+
+ rnp_ffi_destroy(ffi);
+}
+
+TEST_F(rnp_tests, test_ffi_rnp_key_get_primary_grip)
+{
+ rnp_ffi_t ffi = NULL;
+ rnp_key_handle_t key = NULL;
+ char * grip = NULL;
+
+ // setup FFI
+ assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG"));
+
+ // load our keyrings
+ assert_true(load_keys_gpg(ffi, "data/keyrings/1/pubring.gpg"));
+
+ // locate primary key
+ key = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "7BC6709B15C23A4A", &key));
+ assert_non_null(key);
+
+ // some edge cases
+ assert_rnp_failure(rnp_key_get_primary_grip(NULL, NULL));
+ assert_rnp_failure(rnp_key_get_primary_grip(NULL, &grip));
+ assert_rnp_failure(rnp_key_get_primary_grip(key, NULL));
+ assert_rnp_failure(rnp_key_get_primary_grip(key, &grip));
+ assert_null(grip);
+ rnp_key_handle_destroy(key);
+
+ // locate subkey 1
+ key = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "1ED63EE56FADC34D", &key));
+ assert_non_null(key);
+ assert_rnp_success(rnp_key_get_primary_grip(key, &grip));
+ assert_non_null(grip);
+ assert_string_equal(grip, "66D6A0800A3FACDE0C0EB60B16B3669ED380FDFA");
+ rnp_buffer_destroy(grip);
+ grip = NULL;
+ rnp_key_handle_destroy(key);
+
+ // locate subkey 2
+ key = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "1D7E8A5393C997A8", &key));
+ assert_non_null(key);
+ assert_rnp_success(rnp_key_get_primary_grip(key, &grip));
+ assert_non_null(grip);
+ assert_string_equal(grip, "66D6A0800A3FACDE0C0EB60B16B3669ED380FDFA");
+ rnp_buffer_destroy(grip);
+ grip = NULL;
+ rnp_key_handle_destroy(key);
+
+ // locate subkey 3
+ key = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "8A05B89FAD5ADED1", &key));
+ assert_non_null(key);
+ assert_rnp_success(rnp_key_get_primary_grip(key, &grip));
+ assert_non_null(grip);
+ assert_string_equal(grip, "66D6A0800A3FACDE0C0EB60B16B3669ED380FDFA");
+ rnp_buffer_destroy(grip);
+ grip = NULL;
+ rnp_key_handle_destroy(key);
+
+ // cleanup
+ rnp_ffi_destroy(ffi);
+}
+
+TEST_F(rnp_tests, test_ffi_rnp_key_get_primary_fprint)
+{
+ rnp_ffi_t ffi = NULL;
+
+ // setup FFI
+ assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG"));
+
+ // load our keyrings
+ assert_true(load_keys_gpg(ffi, "data/keyrings/1/pubring.gpg"));
+
+ // locate primary key
+ rnp_key_handle_t key = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "7BC6709B15C23A4A", &key));
+ assert_non_null(key);
+
+ // some edge cases
+ char *fp = NULL;
+ assert_rnp_failure(rnp_key_get_primary_fprint(NULL, NULL));
+ assert_rnp_failure(rnp_key_get_primary_fprint(NULL, &fp));
+ assert_rnp_failure(rnp_key_get_primary_fprint(key, NULL));
+ assert_rnp_failure(rnp_key_get_primary_fprint(key, &fp));
+ assert_null(fp);
+ rnp_key_handle_destroy(key);
+
+ // locate subkey 1
+ key = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "1ED63EE56FADC34D", &key));
+ assert_non_null(key);
+ assert_rnp_success(rnp_key_get_primary_fprint(key, &fp));
+ assert_non_null(fp);
+ assert_string_equal(fp, "E95A3CBF583AA80A2CCC53AA7BC6709B15C23A4A");
+ rnp_buffer_destroy(fp);
+ fp = NULL;
+ rnp_key_handle_destroy(key);
+
+ // locate subkey 2
+ key = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "1D7E8A5393C997A8", &key));
+ assert_non_null(key);
+ assert_rnp_success(rnp_key_get_primary_fprint(key, &fp));
+ assert_non_null(fp);
+ assert_string_equal(fp, "E95A3CBF583AA80A2CCC53AA7BC6709B15C23A4A");
+ rnp_buffer_destroy(fp);
+ fp = NULL;
+ rnp_key_handle_destroy(key);
+
+ // locate subkey 3
+ key = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "8A05B89FAD5ADED1", &key));
+ assert_non_null(key);
+ assert_rnp_success(rnp_key_get_primary_fprint(key, &fp));
+ assert_non_null(fp);
+ assert_string_equal(fp, "E95A3CBF583AA80A2CCC53AA7BC6709B15C23A4A");
+ rnp_buffer_destroy(fp);
+ fp = NULL;
+ rnp_key_handle_destroy(key);
+
+ // locate key 1 - subkey 0
+ key = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "54505A936A4A970E", &key));
+ assert_non_null(key);
+ assert_rnp_success(rnp_key_get_primary_fprint(key, &fp));
+ assert_non_null(fp);
+ assert_string_equal(fp, "BE1C4AB951F4C2F6B604C7F82FCADF05FFA501BB");
+ rnp_buffer_destroy(fp);
+ fp = NULL;
+ rnp_key_handle_destroy(key);
+
+ // locate key 2 - subkey 1
+ key = NULL;
+ assert_rnp_success(rnp_locate_key(ffi, "keyid", "326EF111425D14A5", &key));
+ assert_non_null(key);
+ assert_rnp_success(rnp_key_get_primary_fprint(key, &fp));
+ assert_non_null(fp);
+ assert_string_equal(fp, "BE1C4AB951F4C2F6B604C7F82FCADF05FFA501BB");
+ rnp_buffer_destroy(fp);
+ fp = NULL;
+ rnp_key_handle_destroy(key);
+
+ // cleanup
+ rnp_ffi_destroy(ffi);
+}