From 81f14afdf66a9817fa724493e171324d0eb8f702 Mon Sep 17 00:00:00 2001 From: "Neal H. Walfield" Date: Tue, 12 Apr 2022 14:28:55 +0200 Subject: Add a test case to check that the key creation time is correct When getting a certificate's creation time, assert that the certificate's creation time (the Primary Key's creation time field) is used, not the active binding signature's creation time. See #2004. (cherry picked from commit ee2f59cc1770f6eb4493a59710e9ef749725da46) --- tests/Makefile.am | 2 + tests/data/keys/different-creation-times.asc | 23 ++++++++++ tests/data/keys/different-creation-times.secret | 54 ++++++++++++++++++++++ tests/rpmsigdig.at | 60 +++++++++++++++++++++++++ 4 files changed, 139 insertions(+) create mode 100644 tests/data/keys/different-creation-times.asc create mode 100644 tests/data/keys/different-creation-times.secret diff --git a/tests/Makefile.am b/tests/Makefile.am index a1e961678..6d758e58a 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -120,6 +120,8 @@ EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.secret EXTRA_DIST += data/keys/CVE-2021-3521-badbind.asc EXTRA_DIST += data/keys/CVE-2021-3521-nosubsig.asc EXTRA_DIST += data/keys/CVE-2021-3521-nosubsig-last.asc +EXTRA_DIST += data/keys/different-creation-times.asc +EXTRA_DIST += data/keys/different-creation-times.secret EXTRA_DIST += data/macros.testfile EXTRA_DIST += data/macros.debug EXTRA_DIST += data/SOURCES/foo.c diff --git a/tests/data/keys/different-creation-times.asc b/tests/data/keys/different-creation-times.asc new file mode 100644 index 000000000..b71ca8dfb --- /dev/null +++ b/tests/data/keys/different-creation-times.asc @@ -0,0 +1,23 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBGJVPmIBDADbcjK3GTdWRlzChFeT0NPjQCrKJrKwNfUWRQjgi5x1nhh+N0aG +XGCZn3yDnR8su3ucOjvk4p7Bc35GSXHBJaTVCTBw8fHE6k+KxHlcnZVjf7oCuuIx +IvWJCPJPondxW1srKGQptZ3JXwKDNuvvcPAcu7HUnStId8HrM2oIAH2Y1ZA/LdEZ +JqdBWOtLAF3th8zu+mTIK+pmzsMc0VjvNxsZb91qmr19hl3Gpa3z2BqQDSlow14D +Tqguzho9Y8VAVBN/A6WEXwWC9Vj/w4X0sZFAKSB7Na7jweASxGVYbbcApuB2WMwS +cinVw+NNpII7mB4+YhCfcwT9aMLNhh6BNr4u29Bv+5kHyQ7OIT/DqUFkyI0XDKXQ +K79f9pIAFP5uSixbOvec7TM7EB+0CRpOLIdIY+mIe8CswlcYTqBXf9Nud4rMsK0x +WpA21ZyIce2ghJd0UkSq7pd8KZF8p2EJ4Iv2zFPd3BGY6u33jxbBbi9CngFYxP9x +FY6Y63KESOSCSPMAEQEAAbQiQWxpY2UgTG92ZWxhY2UgPGFsaWNlQGV4YW1wbGUu +b3JnPokBzgQTAQoAOBYhBC84kW9ed88wezOFlqcrfU9ig3vqBQJiVT7BAhsDBQsJ +CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEKcrfU9ig3vqrvYMAMXLnh99V6PhjXIS +V4J/2aLYV1ECXbOgYVhyYUOlc1bIlV1GsSNr8pGODg1Q4+Nj9N3uawLGNu+FA9yl +3G8k04Ro7GxEWty3Aw/RxBhxXLs+sZbPpQ3KOQYRkFVEYzU3BEsepsu8AW5IfbxO +ozWIJifrKjzi4yzQjh6RD6y+fTCxzIMka2nZ2G1ChQb9tV1aZOoI4Q1NbE6AQdXm +a0RG+iflpKF3hHxxABAHxrg1iq0qcqeKHMjWrIax9rscdKIHmIQcKWT6IwNZBTrU +TGGYYBUoDrDvdWmOlX8GNW9V4pbzh8hsG0VZ2I6GxO3oWh8Swyv20s1RSLL6TfwE +Zwh11+JmkomH4Bj6lKHS/ujBTR8SB6U6bsRdxpbVgltaMRcw8k7psDLB3+vEGjHZ +i+xyTmDmO2F1Hahqt4JkkEdOUwKUrGOKqPhXamxwrLcd2HzVqJ+HHzeiUN7wyDS6 +AfWOO/Uikf26AHEXoaPWBqecM0pPehlX21lJ3ambpMB2T885Sg== +=IEYU +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/data/keys/different-creation-times.secret b/tests/data/keys/different-creation-times.secret new file mode 100644 index 000000000..7150d8b23 --- /dev/null +++ b/tests/data/keys/different-creation-times.secret @@ -0,0 +1,54 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- + +lQVYBGJVPmIBDADbcjK3GTdWRlzChFeT0NPjQCrKJrKwNfUWRQjgi5x1nhh+N0aG +XGCZn3yDnR8su3ucOjvk4p7Bc35GSXHBJaTVCTBw8fHE6k+KxHlcnZVjf7oCuuIx +IvWJCPJPondxW1srKGQptZ3JXwKDNuvvcPAcu7HUnStId8HrM2oIAH2Y1ZA/LdEZ +JqdBWOtLAF3th8zu+mTIK+pmzsMc0VjvNxsZb91qmr19hl3Gpa3z2BqQDSlow14D +Tqguzho9Y8VAVBN/A6WEXwWC9Vj/w4X0sZFAKSB7Na7jweASxGVYbbcApuB2WMwS +cinVw+NNpII7mB4+YhCfcwT9aMLNhh6BNr4u29Bv+5kHyQ7OIT/DqUFkyI0XDKXQ +K79f9pIAFP5uSixbOvec7TM7EB+0CRpOLIdIY+mIe8CswlcYTqBXf9Nud4rMsK0x +WpA21ZyIce2ghJd0UkSq7pd8KZF8p2EJ4Iv2zFPd3BGY6u33jxbBbi9CngFYxP9x +FY6Y63KESOSCSPMAEQEAAQAL/0eNCiUyNx1NzuPrk8SSA+xmWS1VhdC3nyR2OOlC +DC87b6ADtN6NUz/zxP0C543FyY2MXUgJbhsEZclUHB+OfxqpJt7EvIBop6vG2Q1O +Ik3xcPx/482CqQ1X2e4GOqy+zVCamGITIhHtBRw0daQ6LkgoGNkKr/iud4+RUYKv +akRBagl3jmSFemZvsDRht76Bl1vaT68GxqRjyTFlvvosfQ0DsO2X6634eC4Tik7m +CO8sI3LRtJ8eb+7m655VoBST9LbR66cLSFw6VaWMnZjQ4uU5mRsOcX/Vf0wL9avq +zSXBd7gI0dc3PM3xPc7cKXqV8TSHIMhqnSmMz5+mYCP1YgsTjM1N05/P/i0bs+Sr +2avnJibI7I0JYPu/rD8Xp7+0b+1bZawjMAgcw+QsOyCSZVRc8Dyp2HdX3qVv+XX6 +5GTbZWyN/72fwH8va947GuI3G+L4FnNR344ksxycUDrBTNyO1CLVVbWfhWCuU3Dg +wi6wC4Oey48xELHF2DVvJlKnIQYA6XqmF8L9xu3O4WKPfv9rftiwsj/ix0AazohS +E4QmJh0uLGEMbmn7NUSxyUqyiyLrVZ8axEbGFUfky0yg1/CkAyP4cKwDr0T8XAOR +C8GVJA/yRLRnP5BRc7Elba5b3qmwLO10rxOAqRphvUsaR6R8LIQXH7zXc1YoNytH +7LrayNBoOf8wIfsQcKv9QQ5M72a2x9Ki8dfWtdhFZn4EyUzCxYOIdP4+7v1UUryn +YpS5fd4S2qOSs7wE5KSRWdd123AhBgDwnQdwgPxmqvaw6wV6UgoUVNjwlxlHYNde +QLDoJMP18oMQERacZ9UMZwUwWH1JQT+/FZKNInyjlvXhOyDxKsNl9wqAdmHdbe07 +4Hag26iW/jirEpG4Y272tEDjgiZJG+FNej1Gh6YVSKzf77JS72kBykMi2JI4sZpS +FiBbJJfZgwwTH14q4TnPZny52tRvzOt8LTDK0l8KInzAq+AIwUR9LU21/V3MA+Io +aqkf9nUfTLurpVTHgGQnb8MrfjlcJpMGAJr2JcRi1PC4pQxcH2wPiGuhHtTT6ll+ +Ku7FkE6ILdF7e9WprChYB5S4/Cdbd+82mtSYCqI4X03nM1QYt9HPRPqJkTt8SDF+ +hOAowSi42vbywGHAPTIHOpO2rAZOkQRIifzHXzipRYMCPWfU1BDTF7Y95hjaDrEm +b/y0ildgG+s5C8JbiyrWUYiCyR70Srp8jlip8t2cCVDL4XrmYAyxHz+NxCNu4qZV +YCQwTDST7+x3CyU9R/1Yri57RoybsJYyBd+ntBlBbGljZSA8YWxpY2VAZXhhbXBs +ZS5vcmc+iQHOBBMBCgA4FiEELziRb153zzB7M4WWpyt9T2KDe+oFAmJVPmICGwMF +CwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQpyt9T2KDe+qHRwv/e3TbF/M8t4C1 +HzUtbJoQhnIr4Pe5q7neGiD2waoIrgS5abpCulgGJ8oY8ZLn9Xej/yfw6CsR4FYi +pd9tAxK8j9HOCaDyJBSE2uh0zkvyQYdgAqztiTI3sygoA7ODn0fqkZLYGrfwzq4U +woCx1m5WzKNuL6jXPxY5I3ABtdaW/T1epIwu9RO0wtFHZjPKRsSmJgDGX1w87QF3 +v2bfOy+itB5r/na9lSUO0gYgSOB0T1cDGCfhAjtgz4K5lYCculIlqGWfrKu3gxfT +HLym7DBDI0rynTMlY31sK3M/hUd1s64mPS2ZvbaOsxrgA+0H7701CyotMaSuQq2k +35+m3Frl/JSkqykwuJE/TNtHiubSp3MROKl5KJrXeF1n1AP/Yc7g3yIUKHiD662e +JAJplg/R44lzEVtNo0RSeVBFE2g30kbdnvStRerBuCbMqpZ75Tn1FCZKFQxw1D4b +o7c7F4R5fo4uXn5LvpdFjmc4tgAXZ8Kwjgg1FchX52sfhfDa4G6ztCJBbGljZSBM +b3ZlbGFjZSA8YWxpY2VAZXhhbXBsZS5vcmc+iQHOBBMBCgA4FiEELziRb153zzB7 +M4WWpyt9T2KDe+oFAmJVPsECGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ +pyt9T2KDe+qu9gwAxcueH31Xo+GNchJXgn/ZothXUQJds6BhWHJhQ6VzVsiVXUax +I2vykY4ODVDj42P03e5rAsY274UD3KXcbyTThGjsbERa3LcDD9HEGHFcuz6xls+l +Dco5BhGQVURjNTcESx6my7wBbkh9vE6jNYgmJ+sqPOLjLNCOHpEPrL59MLHMgyRr +adnYbUKFBv21XVpk6gjhDU1sToBB1eZrREb6J+WkoXeEfHEAEAfGuDWKrSpyp4oc +yNashrH2uxx0ogeYhBwpZPojA1kFOtRMYZhgFSgOsO91aY6VfwY1b1XilvOHyGwb +RVnYjobE7ehaHxLDK/bSzVFIsvpN/ARnCHXX4maSiYfgGPqUodL+6MFNHxIHpTpu +xF3GltWCW1oxFzDyTumwMsHf68QaMdmL7HJOYOY7YXUdqGq3gmSQR05TApSsY4qo ++FdqbHCstx3YfNWon4cfN6JQ3vDINLoB9Y479SKR/boAcReho9YGp5wzSk96GVfb +WUndqZukwHZPzzlK +=jkD/ +-----END PGP PRIVATE KEY BLOCK----- diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at index d5478080f..741f607e2 100644 --- a/tests/rpmsigdig.at +++ b/tests/rpmsigdig.at @@ -281,6 +281,66 @@ runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig-last.asc ) AT_CLEANUP +# ----------------------------------------- +# Import a key where the binding signature's creation time is +# different from the certificate's creation time. +# +# If the key is identified as gpg-pubkey-62837bea-62553ec1, then the +# implementation is using the binding signature's creation time +# instead of the key's creation time. +AT_SETUP([rpmkeys --import different-creation-times]) +AT_KEYWORDS([rpmkeys import]) +RPMDB_INIT +AT_CHECK([ +runroot rpmkeys --import /data/keys/different-creation-times.asc +runroot rpm -qi gpg-pubkey-62837bea-62553e62|grep -v Date|grep -v Version: +runroot rpm -q --provides gpg-pubkey +], +[0], +[[Name : gpg-pubkey +Version : 62837bea +Release : 62553e62 +Architecture: (none) +Group : Public Keys +Size : 0 +License : pubkey +Signature : (none) +Source RPM : (none) +Build Host : localhost +Packager : Alice Lovelace +Summary : Alice Lovelace public key +Description : +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBGJVPmIBDADbcjK3GTdWRlzChFeT0NPjQCrKJrKwNfUWRQjgi5x1nhh+N0aG +XGCZn3yDnR8su3ucOjvk4p7Bc35GSXHBJaTVCTBw8fHE6k+KxHlcnZVjf7oCuuIx +IvWJCPJPondxW1srKGQptZ3JXwKDNuvvcPAcu7HUnStId8HrM2oIAH2Y1ZA/LdEZ +JqdBWOtLAF3th8zu+mTIK+pmzsMc0VjvNxsZb91qmr19hl3Gpa3z2BqQDSlow14D +Tqguzho9Y8VAVBN/A6WEXwWC9Vj/w4X0sZFAKSB7Na7jweASxGVYbbcApuB2WMwS +cinVw+NNpII7mB4+YhCfcwT9aMLNhh6BNr4u29Bv+5kHyQ7OIT/DqUFkyI0XDKXQ +K79f9pIAFP5uSixbOvec7TM7EB+0CRpOLIdIY+mIe8CswlcYTqBXf9Nud4rMsK0x +WpA21ZyIce2ghJd0UkSq7pd8KZF8p2EJ4Iv2zFPd3BGY6u33jxbBbi9CngFYxP9x +FY6Y63KESOSCSPMAEQEAAbQiQWxpY2UgTG92ZWxhY2UgPGFsaWNlQGV4YW1wbGUu +b3JnPokBzgQTAQoAOBYhBC84kW9ed88wezOFlqcrfU9ig3vqBQJiVT7BAhsDBQsJ +CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEKcrfU9ig3vqrvYMAMXLnh99V6PhjXIS +V4J/2aLYV1ECXbOgYVhyYUOlc1bIlV1GsSNr8pGODg1Q4+Nj9N3uawLGNu+FA9yl +3G8k04Ro7GxEWty3Aw/RxBhxXLs+sZbPpQ3KOQYRkFVEYzU3BEsepsu8AW5IfbxO +ozWIJifrKjzi4yzQjh6RD6y+fTCxzIMka2nZ2G1ChQb9tV1aZOoI4Q1NbE6AQdXm +a0RG+iflpKF3hHxxABAHxrg1iq0qcqeKHMjWrIax9rscdKIHmIQcKWT6IwNZBTrU +TGGYYBUoDrDvdWmOlX8GNW9V4pbzh8hsG0VZ2I6GxO3oWh8Swyv20s1RSLL6TfwE +Zwh11+JmkomH4Bj6lKHS/ujBTR8SB6U6bsRdxpbVgltaMRcw8k7psDLB3+vEGjHZ +i+xyTmDmO2F1Hahqt4JkkEdOUwKUrGOKqPhXamxwrLcd2HzVqJ+HHzeiUN7wyDS6 +AfWOO/Uikf26AHEXoaPWBqecM0pPehlX21lJ3ambpMB2T885Sg== +=IEYU +-----END PGP PUBLIC KEY BLOCK----- + +gpg(Alice Lovelace ) = 4:a72b7d4f62837bea-62553e62 +gpg(62837bea) = 4:a72b7d4f62837bea-62553e62 +gpg(a72b7d4f62837bea) = 4:a72b7d4f62837bea-62553e62 +]], +[]) +AT_CLEANUP + # ------------------------------ # Test pre-built package verification AT_SETUP([rpmkeys -K 1]) -- cgit v1.2.1