From 7af07c596166bf93b79a9d0816b1950dde360fb9 Mon Sep 17 00:00:00 2001
From: jwijenbergh <jeroenwijenbergh@protonmail.com>
Date: Fri, 17 Jun 2022 14:00:40 +0200
Subject: Server: Implement function for checking renewal button visibility

---
 internal/verify/test_data/generate_forged.py | 41 ++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 internal/verify/test_data/generate_forged.py

(limited to 'internal/verify/test_data/generate_forged.py')

diff --git a/internal/verify/test_data/generate_forged.py b/internal/verify/test_data/generate_forged.py
new file mode 100644
index 0000000..9d42adc
--- /dev/null
+++ b/internal/verify/test_data/generate_forged.py
@@ -0,0 +1,41 @@
+#!/usr/bin/env python3
+
+import hashlib
+import base64
+
+# Hash server_list.json
+
+with open("server_list.json", "rb") as f:
+    b = f.read()
+
+with open("server_list.json.blake2b", "wb") as f:
+    f.write(hashlib.blake2b(b).digest())
+
+# Forge pure signature on hash, see https://github.com/jedisct1/minisign/issues/104
+
+with open("server_list.json.minisig", "rb") as f:
+    siglines = f.readlines()
+
+siglines[0] = b"untrusted comment: this signature has ED changed to Ed\n"
+sig = base64.b64decode(siglines[1])
+siglines[1] = base64.b64encode(b"Ed" + sig[2:]) + b"\n"
+
+with open("server_list.json.forged_pure.minisig", "wb") as f:
+    f.writelines(siglines)
+    # Should now work: minisign -Vm server_list.json.blake2b -x server_list.json.forged_pure.minisig -p public-key
+
+# Try to forge key ID
+
+with open("server_list.json.wrong_key.minisig", "rb") as f:
+    siglines = f.readlines()
+
+siglines[
+    0
+] = b"untrusted comment: this signature was created with wrong_secret.key but has key ID changed to that of public.key\n"
+sig_wrong = base64.b64decode(siglines[1])
+siglines[1] = (
+    base64.b64encode(sig_wrong[:2] + sig[2 : 2 + 8] + sig_wrong[2 + 8 :]) + b"\n"
+)
+
+with open("server_list.json.forged_keyid.minisig", "wb") as f:
+    f.writelines(siglines)
-- 
cgit v1.2.3