[Openvas-commits] r410 - in trunk/openvas-libnasl: . test test/keys

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Fri Oct 5 17:26:37 CEST 2007


Author: bh
Date: 2007-10-05 17:26:37 +0200 (Fri, 05 Oct 2007)
New Revision: 410

Added:
   trunk/openvas-libnasl/test/keys/
   trunk/openvas-libnasl/test/keys/keypair.asc
   trunk/openvas-libnasl/test/keys/ownertrust.txt
   trunk/openvas-libnasl/test/signed.nasl
   trunk/openvas-libnasl/test/signed.nasl.asc
   trunk/openvas-libnasl/test/test_script_signing.sh
Modified:
   trunk/openvas-libnasl/ChangeLog
   trunk/openvas-libnasl/test/Makefile
Log:
Extend the test suite to test signature verification

* test/signed.nasl, test/signed.nasl.asc: New. Signed NASL script
with corresponding signature

* test/test_script_signing.sh: New.  Script that runs some
signature verification tests.  Uses signed.nasl.

* test/Makefile: Add creation of the actual gnupg home directory
and run the signature verification tests

* test/keys/keypair.asc: New.  gnupg keypair for the test suite

* test/keys/ownertrust.txt: New. owner trust database for the test
suite.


Modified: trunk/openvas-libnasl/ChangeLog
===================================================================
--- trunk/openvas-libnasl/ChangeLog	2007-10-05 14:40:35 UTC (rev 409)
+++ trunk/openvas-libnasl/ChangeLog	2007-10-05 15:26:37 UTC (rev 410)
@@ -1,5 +1,23 @@
 2007-10-05  Bernhard Herzog  <bh at intevation.de>
 
+	Extend the test suite to test signature verification
+
+	* test/signed.nasl, test/signed.nasl.asc: New. Signed NASL script
+	with corresponding signature
+
+	* test/test_script_signing.sh: New.  Script that runs some
+	signature verification tests.  Uses signed.nasl.
+
+	* test/Makefile: Add creation of the actual gnupg home directory
+	and run the signature verification tests
+
+	* test/keys/keypair.asc: New.  gnupg keypair for the test suite
+
+	* test/keys/ownertrust.txt: New. owner trust database for the test
+	suite.
+
+2007-10-05  Bernhard Herzog  <bh at intevation.de>
+
 	Implement the GnuPG based detached signatures for nasl scripts.
 
 	* nasl/nasl_signature.c, nasl/nasl_signature.h: New. GPGME base

Modified: trunk/openvas-libnasl/test/Makefile
===================================================================
--- trunk/openvas-libnasl/test/Makefile	2007-10-05 14:40:35 UTC (rev 409)
+++ trunk/openvas-libnasl/test/Makefile	2007-10-05 15:26:37 UTC (rev 410)
@@ -1,9 +1,19 @@
 TEST_SCRIPTS = test_bn.nasl test_md.nasl test_dh.nasl test_blowfish.nasl \
                test_dsa.nasl test_privkey.nasl test_rsa.nasl
 
-check: testsuite
+KEYRING_FILES = gnupg/pubring.gpg gnupg/secring.gpg gnupg/trustdb.gpg
+
+check: testsuite $(KEYRING_FILES)
 	../nasl/openvas-nasl -X testsuite
+	echo
+	./test_script_signing.sh
 
 testsuite: $(TEST_SCRIPTS) testsuiteinit.nasl testsuitesummary.nasl
 	cat testsuiteinit.nasl $(TEST_SCRIPTS) testsuitesummary.nasl > testsuite
 
+
+$(KEYRING_FILES): keys/keypair.asc keys/ownertrust.txt
+	mkdir gnupg
+	chmod 700 gnupg
+	gpg --homedir=gnupg --import keys/keypair.asc
+	gpg --homedir=gnupg --import-ownertrust keys/ownertrust.txt

Added: trunk/openvas-libnasl/test/keys/keypair.asc
===================================================================
--- trunk/openvas-libnasl/test/keys/keypair.asc	2007-10-05 14:40:35 UTC (rev 409)
+++ trunk/openvas-libnasl/test/keys/keypair.asc	2007-10-05 15:26:37 UTC (rev 410)
@@ -0,0 +1,33 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+lQHhBEcFO9cRBACPIgbBeqNDWq6IUBeI8CyXis4ydnUFW5I+0JLeDHukM+sLAF1w
+GXjXPUU/b7ZkyRvUv9app0VfL9dSUMwPyudcsD6hUEUTajAmeYwbiYBi5k2xVY+C
+DGtYGDRfXKLRNFBgMgqMxVXWRbz+pJroG3vk/sKDSFk5HHoLc8ZgL3h9BwCgslbE
+BnQv2EBfa6NoaRvhJZNTRAcD/1o9iu6Z/xv/F80icnsQgXR1lPVtQzJwOIh0btyE
+9QevEN4TPELPPd5sS7wcSYZpa7RQwaV0NCqHIoBV9jy24RWvvCEvKgu+eg8+b0QM
+wso6pEtXh0waUS3rhY+SX/kcYK9aE6+b+ltLAGrnhkUQQ6jRG7GKQxBVUqw5WkkJ
+YVQ3A/94DJwbDdv61Ts9rhMBF3+dWsGQLz5VWQYu5oOw94iSel3SwJYwXzSGZoPI
+ffxE6j+G1fc/Lq7FN+En8ViYmlkSuFX9aGFiH3A9U6dhhWE8DrGlSYahVyjzsT3c
+1A1RLJ4fs7B6obvE58LRUxYBr362gzB7OC/ZKVMmQGcleBTBGv4DAwIYrvnLfZNA
+MWB2//91iYp3yh44qG3bBCutrx9xd8lqByR2TheyNvdhaq0N/Wk77fxL59zIXHZb
+V5fAqrQrT3BlblZBUyBUZXN0c3VpdGUgS2V5IChvbmx5IHVzZWQgZm9yIHRlc3Rz
+KYhgBBMRAgAgBQJHBTvXAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQ90OJ
+v9I6KBjeUwCfRgD/gVrqNZK+D7u9JiWsECRxHJ0An27xwYnB6G/V9giBz02Ya5ZE
+nZrNnQJjBEcFO94QCADEFz9e/FRWefijqSFymr6oNQqh3dx0mndLE5UoyAiSGwvs
+KnQJ0T6JK6bvNUUgmaNjhwMdTI5gGa2T0pXFqo5rOPuXohtOFgxk1mqOCTD88c2r
+fN22qtja3r+uWeiWbSzZzdcS0lcL51XlCx5qm3VnNdgGLmtSxnzZzGXyyTFc6ea3
+Vn99GZ+KQ1rgPGBn6h4YmBE8HX8j4P+5wAoORDEO3Dqdo9z2EGgDxZAMP0Kx4pqN
+Tjqjn3Qu2i4GrPxqg7db2xb4J0BtXQdfwF0dAj+VJpI9QyieTQk7i5fdEuOkpxoh
+HXEwzOtYU1qaWqs4GiOFPaZjdnNcjOy1S5MZr5jXAAMFB/9RNqcS6fH2rlUUH9ww
+icefRNUziFJdsdLWFja1sTyYpoCC0TTDkDaw/kmQA6069AP1BAxy4FdSUDNjDRTv
+0Ep+cPKvQcLa0DynCenvjMCDzIm0BVkYvDhfc+gAlbQoo36aqW+2HaSizBzT5mQw
+MuM42bZZDabiTeIwodfcjVe7yMTETJG/KPoOLVsU4ejC5MAjTMheNy5/wbn3kkud
+mCpAkfZcl6uTE+61/GZWdYvyc/HMIH0M+MCCzQaoHr7wYe/xSz0O0de2CWpSaskf
+CpGDbAU5eIiJjMMw2Iswf9Tj7LwoQQ8E0dcgq6gRwzeEV9rd9994YGaY/rewxo7m
+z+2X/gMDAhiu+ct9k0AxYNpMbcMZrB+EYDu8P3pLmeg5ZMsqOTvUupXvEGpqCAGz
+zVLkhTKEaBna13aMbuGtQ0ADrUx4+78NrglsUsCl5GYwMmniyc6HqoKISQQYEQIA
+CQUCRwU73gIbDAAKCRD3Q4m/0jooGD0EAKCpJTQNpvKFxbjGxHNMlH1Obzv4ywCg
+iF3j0Xz9y4y3a81G+l4mv3MsGiA=
+=QOE+
+-----END PGP PRIVATE KEY BLOCK-----

Added: trunk/openvas-libnasl/test/keys/ownertrust.txt
===================================================================
--- trunk/openvas-libnasl/test/keys/ownertrust.txt	2007-10-05 14:40:35 UTC (rev 409)
+++ trunk/openvas-libnasl/test/keys/ownertrust.txt	2007-10-05 15:26:37 UTC (rev 410)
@@ -0,0 +1,3 @@
+# List of assigned trustvalues, created Fri 05 Oct 2007 04:49:01 PM CEST
+# (Use "gpg --import-ownertrust" to restore them)
+5436538525E21E795C10385CF74389BFD23A2818:6:


Property changes on: trunk/openvas-libnasl/test/keys/ownertrust.txt
___________________________________________________________________
Name: svn:keywords
   + Author Date Id Revision
Name: svn:eol-style
   + native

Added: trunk/openvas-libnasl/test/signed.nasl
===================================================================
--- trunk/openvas-libnasl/test/signed.nasl	2007-10-05 14:40:35 UTC (rev 409)
+++ trunk/openvas-libnasl/test/signed.nasl	2007-10-05 15:26:37 UTC (rev 410)
@@ -0,0 +1,29 @@
+# test script with a valid signature.  If this file is modified the
+# corresponding signature file has to be updated too.
+
+# Determines whether the script being executed is authenticated.
+function display_authentication_status()
+{
+  local_var s;
+
+  # There doesn't seem to be a built-in way to check the authentication
+  # status directly, so we do this by trying to call a function that can
+  # only be called when the script is authenticated.  We use file_stat
+  # because it meets a number of requirements:
+  #  1. Only returns NULL when the script is not authenticated
+  #  2. Does not rely on certain files or commands being present on the system
+  #  3. Doesn't have side effects.
+
+  s = file_stat("/");
+
+  if (s != NULL)
+    {
+      display("YES\n");
+    }
+  else
+    {
+      display("NO\n");
+    }
+}
+
+display_authentication_status();

Added: trunk/openvas-libnasl/test/signed.nasl.asc
===================================================================
--- trunk/openvas-libnasl/test/signed.nasl.asc	2007-10-05 14:40:35 UTC (rev 409)
+++ trunk/openvas-libnasl/test/signed.nasl.asc	2007-10-05 15:26:37 UTC (rev 410)
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+iD8DBQBHBlLF90OJv9I6KBgRArE/AJ99GkuYpq9iq4+vqrvWhqYdC0qOgwCgphYk
+uAVrrlrU+ximQhTrs7gucsg=
+=y9Tj
+-----END PGP SIGNATURE-----

Added: trunk/openvas-libnasl/test/test_script_signing.sh
===================================================================
--- trunk/openvas-libnasl/test/test_script_signing.sh	2007-10-05 14:40:35 UTC (rev 409)
+++ trunk/openvas-libnasl/test/test_script_signing.sh	2007-10-05 15:26:37 UTC (rev 410)
@@ -0,0 +1,54 @@
+#! /bin/sh
+
+# Run the signature verification tests and print a summary of the tests.
+
+export OPENVAS_GPGHOME=gnupg
+NASL=../nasl/openvas-nasl
+
+signed_file=signed.nasl
+signed_file_sig=signed.nasl.asc
+
+numok=0
+numfailed=0
+
+# USAGE: check_script SCRIPTNAME EXPECTED-RESULT
+#
+# Runs SCRIPTNAME and compares its stdout with EXPECTED-RESULT.  If
+# they're equal, the test has passed. otherwise the test failed.
+check_script() {
+    echo -n "$1 "
+    result=$($NASL $1 2> $1.err.log)
+    if [ "x$result" == "x$2" ]; then
+	numok=$((numok + 1))
+	echo OK
+    else
+	numfailed=$((numfailed + 1))
+	echo FAILED
+    fi
+}
+
+# a signed script
+check_script $signed_file YES
+
+# an unsigned script
+unsigned=temp-unsigned.nasl
+cp $signed_file $unsigned
+check_script $unsigned NO
+
+# an invalid signature. No output is generated because the nasl
+# interpreter will not even attempt to execute the file
+badsig=temp-badsig.nasl
+cp $signed_file $badsig
+cp $signed_file_sig $badsig.asc
+echo "# modified" >> temp-badsig.nasl
+check_script $badsig ""
+
+
+# print summary
+echo "-------------------------------"
+echo "$((numok + numfailed)) tests, $numok ok, $numfailed failed"
+
+# exit with non-zero status if any test has failed
+if [ $numfailed -gt 0 ]; then
+    exit 1
+fi


Property changes on: trunk/openvas-libnasl/test/test_script_signing.sh
___________________________________________________________________
Name: svn:executable
   + *



More information about the Openvas-commits mailing list