1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-06 12:33:23 +01:00
gnupg/tests/openpgp/ecc.test

254 lines
7.4 KiB
Plaintext
Raw Normal View History

#!/bin/sh
# Copyright 2011 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3
keygrips='8E06A180EFFE4C65B812150CAF19BF30C0689A4C
E4403F3FD7A443FAC29FEF288FA0D20AC212851E
0B7554421FFB14A06CB9F63FB49A85A58E97ABAC
303ACC892C2D786C8A789677C0BE54DA8538F903
9FE5C36985351524B6AFA19FDCBC1A3A750B6F5F
145A52CC7ED3FD41C5B0A26BE220FEED36AF24DE'
mainkeyids='BAA59D9C
0F54719F
45AF2FFE'
2014-08-18 12:55:54 +02:00
if have_pubkey_algo "ECDH"; then
:
else
info "No ECC support due to an old Libgcrypt"
exit 77
fi
#
# Setup for ECC testing
#
info "Preparing for ECC test."
for i in $keygrips ; do
rm private-keys-v1.d/$i.key 2>/dev/null || true
$GPG_PRESET_PASSPHRASE --preset -P ecc $i
done
#
# Import the sample keys
#
info "Importing ECC public keys."
for k in $mainkeyids ; do
$GPG --delete-key --batch --yes $k 2>/dev/null || true
done
for i in 1 2 3; do
k="ecc-sample-$i-pub.asc"
if $GPG --import $srcdir/samplekeys/$k; then
:
else
error "$k: import failed"
fi
done
#
# Check a few sample signature
#
info "Checking ECC signatures."
tests=""
# The following is an opaque ECDSA signature on a message "This is one
# line\n" (17 byte long) by the primary 256 bit key:
tests="$tests msg_opaque_signed_256"
msg_opaque_signed_256='-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.1.0-ecc (GNU/Linux)
owGbwMvMwCHMvVT3w66lc+cwrlFK4k5N1k3KT6nUK6ko8Zl8MSEkI7NYAYjy81IV
cjLzUrk64lgYhDkY2FiZQNIMXJwCMO31rxgZ+tW/zesUPxWzdKWrtLGW/LkP5rXL
V/Yvnr/EKjBbQuvZSYa/klsum6XFmTze+maVgclT6Rc6hzqqxNy6o6qdTTmLJuvp
AQA=
=GDv4
-----END PGP MESSAGE----'
# The following is an opaque ECDSA signature on a message "This is one
# line\n" (17 byte long) by the primary 384 bit key:
tests="$tests msg_opaque_signed_384"
msg_opaque_signed_384='-----BEGIN PGP MESSAGE-----
Version: PGP Command Line v10.0.0 (Linux)
qANQR1DIqwE7wsvMwCnM2WDcwR9SOJ/xtFISd25qcXFieqpeSUUJAxCEZGQWKwBR
fl6qQk5mXirXoXJmVgbfYC5xmC5hzsDPjHXqbDLzpXpTBXSZV3L6bAgP3Kq7Ykmo
7Ds1v4UfBS+3CSSon7Pzq79WLjzXXEH54MkjPxnrw+8cfMVnY7Bi18J702Nnsa7a
9lMv/PM0/ao9CZ3KX7Q+Tv1rllTZ5Hj4V1frw431QnHfAA==
=elKT
-----END PGP MESSAGE-----'
# The following is an opaque ECDSA signature on a message "This is one
# line\n" (17 byte long) by the primary 521 bit key:
tests="$tests msg_opaque_signed_521"
msg_opaque_signed_521='-----BEGIN PGP MESSAGE-----
Version: PGP Command Line v10.0.0 (Linux)
qANQR1DIwA8BO8LLzMAlnO3Y8tB1vf4/xtNKSdy5qcXFiempeiUVJQxAEJKRWawA
RPl5qQo5mXmpXIdmMLMy+AaLnoLpEubatpeJY2Lystd7Qt32q2UcvRS5kNPWtDB7
ryufvcrWtFM7Jx8qXKDxZuqr7b9PGv1Ssk+I8TzB2O9dZC+n/jv+PAdbuu7mLe33
Gf9pLd3weV3Qno6FOqxGa5ZszQx+uer2xH3/El9x/2pVeO4l15ScsL7qWMTmffmG
Ic1RdzgeCfosMF+l/zVRchcLKzenEQA=
=ATtX
-----END PGP MESSAGE-----'
echo 'This is one line' >z
for msg in $tests; do
info "checking: $msg"
eval "(IFS=; echo \"\$$msg\")" >x
$GPG --verify x || error "verify(1) of $msg failed"
$GPG -o y --yes x || error "verify(2) of $msg failed"
cmp y z || error "$msg: mismatch"
done
#
# Import the secret keys so that we now can sign and decrypt.
#
# Note that the PGP generated secret keys are not self-signed, thus we
# need to pass an appropriate option.
#
info "Importing ECC secret keys."
for i in 1 2 3; do
k="ecc-sample-$i-sec.asc"
if [ "$i" -gt "1" ]; then
extraopts="--allow-non-selfsigned-uid"
else
extraopts=""
fi
if PINENTRY_USER_DATA=ecc $GPG $extraopts --import $srcdir/samplekeys/$k; then
:
else
error "$k: import failed"
fi
done
#
# Check a few sample encrtpted messages.
#
info "Checking ECC encryption."
tests=""
# The following block encrypts the text "This is one line\n", 17 bytes,
# with the subkey 4089AB73.
tests="$tests msg_encrypted_256"
msg_encrypted_256='-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.1.0-ecc (GNU/Linux)
hH4Dd863o0CJq3MSAgMEHdIYZQx+rV1cjy7qitIOEICFFzp4cjsRX4r+rDdMcQUs
h7VZmbP1c9C0s9sgCKwubWfkcYUl2ZOju4gy+s4MYTBb4/j8JjnJ9Bqn6LWutTXJ
zwsdP13VIJLnhiNqISdR3/6xWQ0ICRYzwb95nUZ1c1DSVgFpjPgUvi4pgYbTpcDB
jzILKWBfBDT/jck169XE8vgtbcqVQYZ7lZpaY9CzEbC+4dXZmV1gm5MafpTyFWgH
VnyrZB4gad9Lp9e0RKHHcOOE7s/NeLuu
=odUZ
-----END PGP MESSAGE-----'
# The following block encrypts the text "This is one line\n", 17 bytes,
# with the subkey 9A201946:
tests="$tests msg_encrypted_384"
msg_encrypted_384='-----BEGIN PGP MESSAGE-----
Version: PGP Command Line v10.0.0 (Linux)
qANQR1DBngOqi5OPmiAZRhIDAwQqIr/00cJyf+QP+VA4QKVkk77KMHdz9OVaR2XK
0VYu0F/HPm89vL2orfm2hrAZxY9G2R0PG4Wk5Lg04UjKca/O72uWtjdPYulFidmo
uB0QpzXFz22ZZinxeVPLPEr19Pow0EwCc95cg4HAgrD0nV9vRcTJ/+juVfvsJhAO
isMKqrFNMvwnK5A1ECeyVXe7oLZl0lUBRhLr59QTtvf85QJjg/m5kaGy8XCJvLv3
61pZa6KUmw89PjtPak7ebcjnINL01vwmyeg1PAyW/xjeGGvcO+R4P1b4ewyFnJyR
svzIJcP7d4DqYOw7
=oiTJ
-----END PGP MESSAGE-----'
# The following block encrypts the text "This is one line\n", 17 bytes,
# with the subkey A81C4838:
tests="$tests msg_encrypted_521"
msg_encrypted_521='-----BEGIN PGP MESSAGE-----
Version: PGP Command Line v10.0.0 (Linux)
qANQR1DBwAIDB+qqSKgcSDgSBCMEAKpzTUxB4c56C7g09ekD9I+ttC5ER/xzDmXU
OJmFqU5w3FllhFj4TgGxxdH+8fv4W2Ag0IKoJvIY9V1V7oUCClfqAR01QbN7jGH/
I9GFFnH19AYEgMKgFmh14ZwN1BS6/VHh+H4apaYqapbx8/09EL+DV9zWLX4GRLXQ
VqCR1N2rXE29MJFzGmDOCueQNkUjcbuenoCSKcNT+6xhO27U9IYVCg4BhRUDGfD6
dhfRzBLxL+bKR9JVAe46+K8NLjRVu/bd4Iounx4UF5dBk8ERy+/8k9XantDoQgo6
RPqCad4Dg/QqkpbK3y574ds3VFNJmc4dVpsXm7lGV5w0FBxhVNPoWNhhECMlTroX
Rg==
=5GqW
-----END PGP MESSAGE-----'
echo 'This is one line' >z
for msg in $tests; do
info "checking: $msg"
eval "(IFS=; echo \"\$$msg\")" >x
PINENTRY_USER_DATA=ecc $GPG -o y --yes x || error "decryption of $msg failed"
cmp y z || error "$msg: mismatch"
done
#
# Now check that we can encrypt and decrypt our own messages.
#
# Note that we don't need to provide a passppharse because we already
# preset the passphrase into the gpg-agent.
#
info "Checking ECC encryption and decryption."
for i in $plain_files $data_files ; do
for k in $mainkeyids ; do
info "file: $i key: $k"
gpg: Allow building without any trust model support. * configure.ac: Add option --disable-trust-models (NO_TRUST_MODELS): New ac_define and am_conditional. * g10/Makefile.am (trust_source): New. (gpg2_SOURCES): Factor some files out to above. Add trust.c. * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust, --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb, --list-trustdb, --trustdb-name, --auto-check-trustdb, --no-auto-check-trustdb, and --force-ownertrust. (parse_trust_model) [NO_TRUST_MODELS]: Do not build. (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all trustdb related option code. * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust", "enable", and "disable". * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print "tru" record. * g10/trust.c: New. * g10/trustdb.c (struct key_item): Move to trustdb.h. (register_trusted_keyid): Rename to tdb_register_trusted_keyid. (register_trusted_key): Rename to tdb_register_trusted_key. (trust_letter, uid_trust_string_fixed, trust_value_to_string) (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info) (get_ownertrust_string, get_validity_info, get_validity_string) (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c. (mark_usable_uid_certs): Move to trust.c and make global. (is_in_klist): Move as inline to trustdb.h. (trustdb_check_or_update): Rename to tdb_check_or_update (revalidation_mark): Rename to tdb_revalidation_mark. (get_ownertrust): Rename to tdb_get_ownertrust. (get_min_ownertrust): Rename to tdb_get_min_ownertrust. (update_ownertrust): Rename to tdb_update_ownertrust. (clear_ownertrusts): Rename to tdb_clear_ownertrusts. (cache_disabled_value): Rename to tdb_cache_disabled_value. (check_trustdb_stale): Rename to tdb_check_trustdb_stale. (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and factor some code out to ... * trust.c (get_validity): ...new. (check_or_update_trustdb): New wrapper. (revalidation_mark): New wrapper. (get_ownertrust): New wrapper. (get_ownertrust_with_min): New wrapper. (update_ownertrust): New wrapper. (clear_ownertrusts): New wrapper. (cache_disabled_value): New wrapper. (check_trustdb_stale): New wrapper. * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead of --always-trust.
2014-02-10 17:05:54 +01:00
$GPG ${opt_always} -e -o x --yes -r $k $i
PINENTRY_USER_DATA=ecc $GPG -o y --yes x
cmp $i y || error "$i,$k: mismatch"
done
done
#
# Now check that we can sign and verify our own messages.
#
info "Checking ECC signing and verifiction."
for i in $plain_files $data_files ; do
for k in $mainkeyids ; do
info "file: $i key: $k"
PINENTRY_USER_DATA=ecc $GPG -s -o x --yes -u $k $i
$GPG -o y --yes x || error "verify of $i,$k failed"
cmp $i y || error "$i,$k: mismatch"
done
done
#
# Let us also try to import the keys only from a secret keyblock.
#
# Because PGP does not sign the UID, it is not very useful to work
# with this key unless we go into the trouble of adding the
# self-signature.
#
info "Importing ECC secret keys directly."
for i in $keygrips ; do
rm private-keys-v1.d/$i.key 2>/dev/null || true
done
for k in $mainkeyids ; do
$GPG --delete-key --batch --yes $k 2>/dev/null || true
done
for i in 1 2 3; do
k="ecc-sample-$i-sec.asc"
if [ "$i" -gt "1" ]; then
extraopts="--allow-non-selfsigned-uid"
else
extraopts=""
fi
if PINENTRY_USER_DATA=ecc $GPG $extraopts --import $srcdir/samplekeys/$k; then
:
else
error "$k: import failed"
fi
done