From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id eE0sMS4gFmMYMQAAbAwnHQ (envelope-from ) for ; Mon, 05 Sep 2022 18:13:34 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id aJkEMS4gFmO0RgAAauVa8A (envelope-from ) for ; Mon, 05 Sep 2022 18:13:34 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 3FC7C3F1B9 for ; Mon, 5 Sep 2022 18:13:34 +0200 (CEST) Received: from localhost ([::1]:50918 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oVEj7-0000uY-CQ for larch@yhetil.org; Mon, 05 Sep 2022 12:13:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59454) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oVEfj-0003hN-CT for guix-patches@gnu.org; Mon, 05 Sep 2022 12:10:05 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:60000) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oVEfj-00078w-2m for guix-patches@gnu.org; Mon, 05 Sep 2022 12:10:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oVEfi-0003BK-B9; Mon, 05 Sep 2022 12:10:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#57599] [PATCH] openpgp: Add support for ECDSA with NIST curves. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: all_but_last@163.com, 57576@debbugs.gnu.org, guix-patches@gnu.org Resent-Date: Mon, 05 Sep 2022 16:10:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 57599 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 57599@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= , Zhu Zihao , 57576@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Zhu Zihao , 57576@debbugs.gnu.org Received: via spool by submit@debbugs.gnu.org id=B.166239419312209 (code B ref -1); Mon, 05 Sep 2022 16:10:02 +0000 Received: (at submit) by debbugs.gnu.org; 5 Sep 2022 16:09:53 +0000 Received: from localhost ([127.0.0.1]:48697 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oVEfY-0003Aq-8O for submit@debbugs.gnu.org; Mon, 05 Sep 2022 12:09:53 -0400 Received: from lists.gnu.org ([209.51.188.17]:57842) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oVEfV-0003Ai-6u for submit@debbugs.gnu.org; Mon, 05 Sep 2022 12:09:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34958) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oVEfU-0003LT-0P for guix-patches@gnu.org; Mon, 05 Sep 2022 12:09:49 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:37970) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oVEfS-00074N-Vq; Mon, 05 Sep 2022 12:09:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=/L/TgxwUNsBm4XRYBu8XamtMTV9hRGH1Yi5e/Hu79Pg=; b=D6KvrKh7aM2KuHLDjUiW YoByEpScjW8vIrmZrMAZ7R8fO/F/PH7MDhzyNzlkrNE/i/dAMIZqXQ4BCY8sIK0cBgvEe3NY1TJyQ 5BuyGELyKyyttvEeZhz/oBf4DNNXpIKBCqRCLOYYDN01ocje6Ylba+wjOFRwLI9TCYWH4HB8tF3s0 +BHEkDJjwcvbEgurbs78vxR4UlYrp+0Gv4nUourzLKsEyjPCtQBWWEnRGieoa4WXmtoFDufRInfu+ ysX/GW9cNH0nyt7nd3vHP75s0+8FMI4Mh8+pTDFCjT3Xx+vSKQiQNcc8kRzahNBUYdlPS7EoCXveb /lvx3YvB6cd3BA==; Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=57364 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oVEfR-00039A-UC; Mon, 05 Sep 2022 12:09:46 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Mon, 5 Sep 2022 18:09:29 +0200 Message-Id: <20220905160929.21742-1-ludo@gnu.org> X-Mailer: git-send-email 2.37.2 In-Reply-To: <87r10p3ixi.fsf@gnu.org> References: <87r10p3ixi.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1662394414; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=LxsTPyMmwUln6hRnIouNVT9miMyPVJCbd2qkgy6SXUU=; b=Du7AuOUecvyzDrAAPQ53brZJcMIrmxqWnd2sdDDoXia1Jwun6EaFa1tSLxq/mZKN+jqt2z 2PdhZfncqeT5/atiWUDwRl3V5fGde/cj/VdqNclcuxB392tJQPfdhaX6Kso6GiE4DoshLP jAhgEKRbbiuOLKkjNBBRjTCCkIMxG6ISRv/OJnDWsmR2gyXLGWJiEM8friWIGrfBgZeO5Q oSs54KqHPr8llA3lFU1kRZPzBdnCHW2Na96R6xR7OuVQSIOtjWkfGI3YYRdfqRMP8yfN+k QysW+gEwNgTK22Eax7QfkR3WphnrULominhB3puG7OOHaJeh4B8IoKJjfv1/nA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1662394414; a=rsa-sha256; cv=none; b=rv3+qwOuZAc4cRFNU5lyLoKal4QuLvQY30T87evsq1+EFEtQA+RQdTJeF/2+jLyVn+2G19 EW3jDyN1fRmxxcmcy4yiIgXBlQO8UxjtjCZsiBD7R3p/wlmP0O2yMLsw2no4fnewMUrZeX A98apFdGhLTF9ha6s52bB24v+/Q2beGa1JXfElnAJiJo0VKVBb5htuWa0mzEoLcJ50T34B JR+5gmJcBsxZJ68r5Z+Saa36rDUJdUvAGgPzAqhai0MrFZJmry6CdYpeyEWRo6WxRC1Eps AxFyM+6T7mJioUNksJKOgEQMonPEAS+ccFfNmWI5rOsKMVFcng4t4QJ/m0bs5w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=gnu.org header.s=fencepost-gnu-org header.b=D6KvrKh7; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -1.77 Authentication-Results: aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=gnu.org header.s=fencepost-gnu-org header.b=D6KvrKh7; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 3FC7C3F1B9 X-Spam-Score: -1.77 X-Migadu-Scanner: scn0.migadu.com X-TUID: kPP0pMOh1I+R Fixes . Reported by Zhu Zihao . * guix/openpgp.scm (verify-openpgp-signature): Add case for ecdsa. (get-signature): Likewise for PUBLIC-KEY-ECDSA. (get-public-key): Likewise. * tests/keys/secp384.pub, tests/keys/secp384.sec, tests/keys/secp521.pub, tests/keys/secp521.sec: New files. * Makefile.am (EXTRA_DIST): Add them. * tests/openpgp.scm (%secp384-key-id, %secp384-key-fingerprint) (%hello-signature/secp384/sha384) (%secp521-key-id, %secp521-key-fingerprint) (%hello-signature/secp521/sha521): New variables. * tests/openpgp.scm ("get-openpgp-detached-signature/ascii") ("verify-openpgp-signature, good signatures") ("verify-openpgp-signature, bad signature"): Check with the secp384 and secp521 curves. --- Makefile.am | 4 +++ guix/openpgp.scm | 41 +++++++++++++++++++++----- tests/keys/secp384.pub | 11 +++++++ tests/keys/secp384.sec | 12 ++++++++ tests/keys/secp521.pub | 13 +++++++++ tests/keys/secp521.sec | 14 +++++++++ tests/openpgp.scm | 66 +++++++++++++++++++++++++++++++++++------- 7 files changed, 143 insertions(+), 18 deletions(-) create mode 100644 tests/keys/secp384.pub create mode 100644 tests/keys/secp384.sec create mode 100644 tests/keys/secp521.pub create mode 100644 tests/keys/secp521.sec diff --git a/Makefile.am b/Makefile.am index a0c4e941c1..71c3bd4a98 100644 --- a/Makefile.am +++ b/Makefile.am @@ -702,6 +702,10 @@ EXTRA_DIST += \ tests/keys/ed25519-2.sec \ tests/keys/ed25519-3.pub \ tests/keys/ed25519-3.sec \ + tests/keys/secp384.pub \ + tests/keys/secp384.sec \ + tests/keys/secp521.pub \ + tests/keys/secp521.sec \ build-aux/config.rpath \ bootstrap \ doc/build.scm \ diff --git a/guix/openpgp.scm b/guix/openpgp.scm index 9de7feb644..b999c30474 100644 --- a/guix/openpgp.scm +++ b/guix/openpgp.scm @@ -1,6 +1,6 @@ ;; -*- mode: scheme; coding: utf-8 -*- ;; Copyright © 2010, 2012 Göran Weinholt -;; Copyright © 2020 Ludovic Courtès +;; Copyright © 2020, 2022 Ludovic Courtès ;; Permission is hereby granted, free of charge, to any person obtaining a ;; copy of this software and associated documentation files (the "Software"), @@ -290,7 +290,7 @@ (define PUBLIC-KEY-RSA-SIGN-ONLY 3) (define PUBLIC-KEY-ELGAMAL-ENCRYPT-ONLY 16) (define PUBLIC-KEY-DSA 17) (define PUBLIC-KEY-ECDH 18) ;RFC-6637 -(define PUBLIC-KEY-ECDSA 19) ;RFC-6639 +(define PUBLIC-KEY-ECDSA 19) ;RFC-6637 (define PUBLIC-KEY-ELGAMAL 20) ;encrypt + sign (legacy) (define PUBLIC-KEY-EDDSA 22) ;"not yet assigned" says GPG @@ -298,6 +298,7 @@ (define (public-key-algorithm id) (cond ((= id PUBLIC-KEY-RSA) 'rsa) ((= id PUBLIC-KEY-DSA) 'dsa) ((= id PUBLIC-KEY-ELGAMAL-ENCRYPT-ONLY) 'elgamal) + ((= id PUBLIC-KEY-ECDSA) 'ecdsa) ((= id PUBLIC-KEY-EDDSA) 'eddsa) (else id))) @@ -564,10 +565,16 @@ (define (check key sig) ;; See "(gcrypt) Cryptographic Functions". (sexp->canonical-sexp (if (eq? key-type 'ecc) - `(data - (flags eddsa) - (hash-algo sha512) - (value ,hash)) + (match (openpgp-signature-public-key-algorithm sig) + ('eddsa + `(data + (flags eddsa) + (hash-algo sha512) + (value ,hash))) + ('ecdsa + `(data + (hash-algo ,(openpgp-signature-hash-algorithm sig)) + (value ,hash)))) `(data (flags ,(match key-type ('rsa 'pkcs1) @@ -615,7 +622,8 @@ (define (get-sig p pkalg) (string->canonical-sexp (format #f "(sig-val (dsa (r #~a#) (s #~a#)))" (->hex r) (->hex s))))) - ((= pkalg PUBLIC-KEY-EDDSA) + ((or (= pkalg PUBLIC-KEY-EDDSA) + (= pkalg PUBLIC-KEY-ECDSA)) (print "EdDSA signature") (let ((r (get-mpi/bytevector p)) (s (get-mpi/bytevector p))) @@ -630,7 +638,8 @@ (define (bytevector->hex bv) str))) (string->canonical-sexp - (format #f "(sig-val (eddsa (r #~a#) (s #~a#)))" + (format #f "(sig-val (~a (r #~a#) (s #~a#)))" + (public-key-algorithm pkalg) (bytevector->hex r) (bytevector->hex s))))) (else (list 'unsupported-algorithm @@ -886,6 +895,22 @@ (define curve curve (if (eq? curve 'Curve25519) 'djb-tweak 'eddsa) (->hex q))))) + ((= alg PUBLIC-KEY-ECDSA) + (print "Public ECDSA key") + (let* ((len (get-u8 p)) + (oid (bytevector->uint (get-bytevector-n p len))) + (q (get-mpi p))) + (define curve + ;; RFC 6637, Section 11. + (match oid + (#x2a8648ce3d030107 "NIST P-256") + (#x2b81040022 "NIST P-384") + (#x2b81040023 "NIST P-521"))) + + (string->canonical-sexp + (format #f "(public-key (ecc (curve \"~a\")(q #~a#)))" + curve + (->hex q))))) (else (list 'unsupported-algorithm ;FIXME: throw (public-key-algorithm alg) diff --git a/tests/keys/secp384.pub b/tests/keys/secp384.pub new file mode 100644 index 0000000000..b90cf504e2 --- /dev/null +++ b/tests/keys/secp384.pub @@ -0,0 +1,11 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mG8EYxYF9RMFK4EEACIDAwTHYxcyBiiPz4ZZIkmXnVu0Yv9DHGrnbdCR6U/RT1S4 +wszaHdsSEHlPwmy3WGgTubBDOuJODf5kV/HLL7QEPsOTkIsObK+prEJO3CGpRVim +a7nfVk2AH6D/GMkNacSXdwy0FTxleGFtcGxlQGV4YW1wbGUuY29tPoiwBBMTCQA4 +AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEzLZ9Sx8EBzgp+PzwLydGMf8+ +bFsFAmMWB+sACgkQLydGMf8+bFuD3gF/SMEDQP3Bvu0yb8KxE6j8lhOiKT186wwG +4hBsifRdEF+UHWEa7sx74tyc4R1B01FUAYC/4QqNup4EnPzQfSE3WyVvu+ja+xui +3vppYCpUjkHzkATsLzsN98/nkZ3q3YA8/lo= +=vIaC +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/keys/secp384.sec b/tests/keys/secp384.sec new file mode 100644 index 0000000000..ae296dd9a1 --- /dev/null +++ b/tests/keys/secp384.sec @@ -0,0 +1,12 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- + +lKQEYxYF9RMFK4EEACIDAwTHYxcyBiiPz4ZZIkmXnVu0Yv9DHGrnbdCR6U/RT1S4 +wszaHdsSEHlPwmy3WGgTubBDOuJODf5kV/HLL7QEPsOTkIsObK+prEJO3CGpRVim +a7nfVk2AH6D/GMkNacSXdwwAAYC9iXZ9j+RWFB4rU103SCv6j68rS5Lmc7tHve9l +B5nri/AR+OEJ61q+w6w0XO5GBBUYLrQVPGV4YW1wbGVAZXhhbXBsZS5jb20+iLAE +ExMJADgCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQTMtn1LHwQHOCn4/PAv +J0Yx/z5sWwUCYxYH6wAKCRAvJ0Yx/z5sW4PeAX9IwQNA/cG+7TJvwrETqPyWE6Ip +PXzrDAbiEGyJ9F0QX5QdYRruzHvi3JzhHUHTUVQBgL/hCo26ngSc/NB9ITdbJW+7 +6Nr7G6Le+mlgKlSOQfOQBOwvOw33z+eRnerdgDz+Wg== +=B1Nl +-----END PGP PRIVATE KEY BLOCK----- diff --git a/tests/keys/secp521.pub b/tests/keys/secp521.pub new file mode 100644 index 0000000000..077e8e7df2 --- /dev/null +++ b/tests/keys/secp521.pub @@ -0,0 +1,13 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mJMEYxYamRMFK4EEACMEIwQB4EqA0zTAfhLeVjkNnzvTuSYs+TUlYdDaw9mYA7Gy +AiNvxr2F1hJi88Wxxr3YNGKx9s0yJ2Vl0dHlCLmlQAFc9MMACZKWZN68mqbYfSVf +qJxSG5F8qbF0+dGecwY+TjM4xdaUk4d0vD13/e+r/HLYNgwKrpO2SurNZX/isfkn +rvNSHPi0HTxleGFtcGxlLXNlY3A1MjFAZXhhbXBsZS5jb20+iNoEExMKAD4WIQQ7 +r36YQGm2cfPDEWnoSxOgtOevGwUCYxYamQIbAwUJA8JnAAULCQgHAgYVCgkICwIE +FgIDAQIeAQIXgAAKCRDoSxOgtOevG4GUAgkBN118FBDW896Iv+2U/29Fpfni4V6D +Vp6HTE5qAqmJUtKOOSxmDAmiJ4sinybTP4YCLQT9fmMQqrJSSY0d/hVg4fYCCQGD +Y6iRT8KPyxhlpsVVwdiUjOd4B5JUyJj0qOudY4yveyOl6c1bdxJALMbEHV4JREEE +1+ylYN1KRfpaQh42Zoms9Q== +=Nru3 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/keys/secp521.sec b/tests/keys/secp521.sec new file mode 100644 index 0000000000..663dbeaa3c --- /dev/null +++ b/tests/keys/secp521.sec @@ -0,0 +1,14 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- + +lNoEYxYamRMFK4EEACMEIwQB4EqA0zTAfhLeVjkNnzvTuSYs+TUlYdDaw9mYA7Gy +AiNvxr2F1hJi88Wxxr3YNGKx9s0yJ2Vl0dHlCLmlQAFc9MMACZKWZN68mqbYfSVf +qJxSG5F8qbF0+dGecwY+TjM4xdaUk4d0vD13/e+r/HLYNgwKrpO2SurNZX/isfkn +rvNSHPgAAgkBRPFeWJ3ZROkkbV7/dF8Z4LN6hlrSHWWS2sZmKxZprQy/j48eqWZz +6eY9IvDxfP9ATpfummdgrjexVqA3o3/wr00h/LQdPGV4YW1wbGUtc2VjcDUyMUBl +eGFtcGxlLmNvbT6I0gQTEwoAOAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYh +BDuvfphAabZx88MRaehLE6C0568bBQJjFhroAAoJEOhLE6C0568bQl0CCNYMV2uF +6LA4GF8RchFQee4ZZo8aquEQ7t7a6NDBc1TbVkGLR+TWxkomEytp5EUoEEU2cNtg +TWRvti3aZvTbEMvdAgijAGTSiO3q5kjprGu1C35oc2JWj0q66XzHEJ0aEiTMQNrz +sJReJPQRmMnBTtzjJCmNPws/VYSEs26m36QCqePtwQ== +=/mn1 +-----END PGP PRIVATE KEY BLOCK----- diff --git a/tests/openpgp.scm b/tests/openpgp.scm index 1f20466772..68439f7485 100644 --- a/tests/openpgp.scm +++ b/tests/openpgp.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2020 Ludovic Courtès +;;; Copyright © 2020, 2022 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -63,7 +63,7 @@ (define %civodul-key-id #x090B11993D9AEBB5) ;civodul.pub #| Test keys in ./tests/keys. They were generated in a container along these lines: - guix environment -CP --ad-hoc gnupg pinentry coreutils + guix shell -CP-hoc gnupg pinentry coreutils then, within the container: mkdir ~/.gnupg && chmod -R og-rwx ~/.gnupg gpg --batch --passphrase '' --quick-gen-key '' ed25519 @@ -75,6 +75,8 @@ (define %civodul-key-id #x090B11993D9AEBB5) ;civodul.pub (define %rsa-key-id #xAE25DA2A70DEED59) ;rsa.pub (define %dsa-key-id #x587918047BE8BD2C) ;dsa.pub (define %ed25519-key-id #x771F49CBFAAE072D) ;ed25519.pub +(define %secp384-key-id #x2F274631FF3E6C5B) ;secp384.pub +(define %secp521-key-id #xE84B13A0B4E7AF1B) ;secp521.pub (define %rsa-key-fingerprint (base16-string->bytevector @@ -85,6 +87,12 @@ (define %dsa-key-fingerprint (define %ed25519-key-fingerprint (base16-string->bytevector (string-downcase "44D31E21AF7138F9B632280A771F49CBFAAE072D"))) +(define %secp384-key-fingerprint + (base16-string->bytevector + (string-downcase "CCB67D4B1F04073829F8FCF02F274631FF3E6C5B"))) +(define %secp521-key-fingerprint + (base16-string->bytevector + (string-downcase "3BAF7E984069B671F3C31169E84B13A0B4E7AF1B"))) ;;; The following are detached signatures created commands like: @@ -148,6 +156,28 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1 =AE4G -----END PGP SIGNATURE-----") +(define %hello-signature/secp384/sha384 ;digest-algo: sha384 + "\ +-----BEGIN PGP SIGNATURE----- + +iJUEABMJAB0WIQTMtn1LHwQHOCn4/PAvJ0Yx/z5sWwUCYxYIKAAKCRAvJ0Yx/z5s +WxD2AX0QMeTHLJvJxRKTBP8O9kGMY9Nz0kzRBO0OJG2gYyxu9sZ+NAEQF01jAOXl +ApL2zVkBgLUyyleJtR24LKxK73waLJb51TA29NXJJZ2fiRZ50u/lNfrFR3PYnK7/ +gvSkL3Ldzw== +=+7h3 +-----END PGP SIGNATURE-----") + +(define %hello-signature/secp521/sha512 + "\ +-----BEGIN PGP SIGNATURE----- + +iLcEABMKAB0WIQQ7r36YQGm2cfPDEWnoSxOgtOevGwUCYxYb+wAKCRDoSxOgtOev +G+ByAgdwIBTnCtzo+lFuahhMMScXZZeTH055IOhTsXmptZaE3MaazTsUw3en8C9i +EWiy/GDQKaJEZMP3dwN1+3tNTl/NUAIIiV/BFly9Ha/cYJG+p3LG24JoHVfJx04q +LfSXejfMIvu33h8wjMA2tRQSlqdDylMWKThJgp6GH6svp+Zr4z+Smnw= +=1zW0 +-----END PGP SIGNATURE-----") + (test-begin "openpgp") @@ -193,7 +223,9 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1 `(,%rsa-key-id ,%rsa-key-fingerprint rsa sha256) `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha256) `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha512) - `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha1)) + `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha1) + `(,%secp384-key-id ,%secp384-key-fingerprint ecdsa sha384) + `(,%secp521-key-id ,%secp521-key-fingerprint ecdsa sha512)) (map (lambda (str) (let ((signature (get-openpgp-detached-signature/ascii (open-input-string str)))) @@ -205,7 +237,9 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1 %hello-signature/rsa %hello-signature/ed25519/sha256 %hello-signature/ed25519/sha512 - %hello-signature/ed25519/sha1))) + %hello-signature/ed25519/sha1 + %hello-signature/secp384/sha384 + %hello-signature/secp521/sha512))) (test-equal "verify-openpgp-signature, missing key" `(missing-key ,%rsa-key-fingerprint) @@ -221,7 +255,9 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1 (good-signature ,%dsa-key-id) (good-signature ,%ed25519-key-id) (good-signature ,%ed25519-key-id) - (good-signature ,%ed25519-key-id)) + (good-signature ,%ed25519-key-id) + (good-signature ,%secp384-key-id) + (good-signature ,%secp521-key-id)) (map (lambda (key signature) (let* ((key (search-path %load-path key)) (keyring (get-openpgp-keyring @@ -235,18 +271,24 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1 (list "tests/keys/rsa.pub" "tests/keys/dsa.pub" "tests/keys/ed25519.pub" "tests/keys/ed25519.pub" - "tests/keys/ed25519.pub") + "tests/keys/ed25519.pub" + "tests/keys/secp384.pub" + "tests/keys/secp521.pub") (list %hello-signature/rsa %hello-signature/dsa %hello-signature/ed25519/sha256 %hello-signature/ed25519/sha512 - %hello-signature/ed25519/sha1))) + %hello-signature/ed25519/sha1 + %hello-signature/secp384/sha384 + %hello-signature/secp521/sha512))) (test-equal "verify-openpgp-signature, bad signature" `((bad-signature ,%rsa-key-id) (bad-signature ,%dsa-key-id) (bad-signature ,%ed25519-key-id) (bad-signature ,%ed25519-key-id) - (bad-signature ,%ed25519-key-id)) + (bad-signature ,%ed25519-key-id) + (bad-signature ,%secp384-key-id) + (bad-signature ,%secp521-key-id)) (let ((keyring (fold (lambda (key keyring) (let ((key (search-path %load-path key))) (get-openpgp-keyring @@ -256,7 +298,9 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1 %empty-keyring '("tests/keys/rsa.pub" "tests/keys/dsa.pub" "tests/keys/ed25519.pub" "tests/keys/ed25519.pub" - "tests/keys/ed25519.pub")))) + "tests/keys/ed25519.pub" + "tests/keys/secp384.pub" + "tests/keys/secp521.pub")))) (map (lambda (signature) (let ((signature (string->openpgp-packet signature))) (let-values (((status key) @@ -266,6 +310,8 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1 (list %hello-signature/rsa %hello-signature/dsa %hello-signature/ed25519/sha256 %hello-signature/ed25519/sha512 - %hello-signature/ed25519/sha1)))) + %hello-signature/ed25519/sha1 + %hello-signature/secp384/sha384 + %hello-signature/secp521/sha512)))) (test-end "openpgp") base-commit: aae98c297214f87eb45302863adb021078c41a6f -- 2.37.2