tests: Add tests to check that OCB is only used for capable keys.

* tests/openpgp/samplekeys/ed25519-cv25519-sample-2.asc: New.
* tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc: Add AEAD
preference.
* tests/openpgp/defs.scm (tr:gpgstatus): New.
(create-legacy-gpghome): Also import .key private keys.
* tests/openpgp/encrypt.scm: Add OCB tests.

tests/openpgp/Makefile.am

@@ -210,7 +210,9 @@ priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \
             privkeys/1E28F20E41B54C2D1234D896096495FF57E08D18.asc \
             privkeys/EB33B687EB8581AB64D04852A54453E85F3DF62D.asc \
 	    privkeys/C6A6390E9388CDBAD71EAEA698233FE5E04F001E.asc \
-	    privkeys/D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3.asc
+	    privkeys/D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3.asc \
+	    privkeys/891067FFFC6D67D37BD4BFC399191C5F3989D1B5.key \
+	    privkeys/F27FC04CB01723A4CB6F5399F7B86CCD82C0169C.key
 
 sample_keys = samplekeys/README \
               samplekeys/ecc-sample-1-pub.asc \
@@ -229,6 +231,7 @@ sample_keys = samplekeys/README \
 	      samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc \
               samplekeys/rsa-rsa-sample-1.asc \
               samplekeys/ed25519-cv25519-sample-1.asc \
+              samplekeys/ed25519-cv25519-sample-2.asc \
 	      samplekeys/silent-running.asc \
 	      samplekeys/ssh-dsa.key \
 	      samplekeys/ssh-ecdsa.key \

tests/openpgp/defs.scm

@@ -210,6 +210,9 @@
 (define (tr:gpg input args)
   (tr:spawn input `(,@GPG --output **out** ,@args **in**)))
 
+(define (tr:gpgstatus input args)
+  (tr:spawn input `(,@GPG --output dummy --status-file **out** ,@args **in**)))
+
 (define (pipe:gpg args)
   (pipe:spawn `(,@GPG --output - ,@args)))
 
@@ -418,6 +421,13 @@
      "EB33B687EB8581AB64D04852A54453E85F3DF62D"
      "C6A6390E9388CDBAD71EAEA698233FE5E04F001E"
      "D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3"))
+  (for-each
+   (lambda (name)
+     (file-copy (in-srcdir "tests" "openpgp" "privkeys"
+                           (string-append name ".key"))
+	        (string-append "private-keys-v1.d/" name ".key")))
+   '("891067FFFC6D67D37BD4BFC399191C5F3989D1B5"
+     "F27FC04CB01723A4CB6F5399F7B86CCD82C0169C"))
 
   (log "Importing public demo and test keys")
   (for-each

tests/openpgp/encrypt.scm

@@ -59,3 +59,68 @@
     (tr:gpg "" '(--yes --decrypt))
     (tr:assert-identity source)))
  plain-files)
+
+
+(info "Importing additional sample keys for OCB tests")
+(for-each
+  (lambda (name)
+    (call `(,@GPG --yes --import ,(in-srcdir "tests" "openpgp" "samplekeys"
+                                             (string-append  name ".asc")))))
+  '("ed25519-cv25519-sample-1"
+    "ed25519-cv25519-sample-2"
+    "rsa-rsa-sample-1"))
+
+(for-each-p
+ "Checking OCB mode"
+ (lambda (source)
+   (tr:do
+    (tr:open source)
+    (tr:gpg "" `(--yes -er ,"patrice.lumumba"))
+    (tr:gpg "" '(--yes -d))
+    (tr:assert-identity source)))
+ all-files)
+
+;; For reference:
+;;   BEGIN_ENCRYPTION  <mdc_method> <sym_algo> [<aead_algo>]
+
+(for-each-p
+ "Checking two OCB capable keys"
+ (lambda (source)
+   (tr:do
+    (tr:open source)
+    (tr:gpgstatus "" `(--yes -e
+                       -r ,"patrice.lumumba"
+                       -r ,"mahsa.amini"))
+    (tr:call-with-content
+     (lambda (c)
+       (unless (string-contains? c "[GNUPG:] BEGIN_ENCRYPTION 0 9 2")
+	  (fail (string-append "Unexpected status: " c)))))))
+ '("plain-1"))
+
+(for-each-p
+ "Checking two OCB capable keys plus one not capable"
+ (lambda (source)
+   (tr:do
+    (tr:open source)
+    (tr:gpgstatus "" `(--yes -o out -e
+                             -r ,"patrice.lumumba"
+                             -r ,"mahsa.amini"
+                             -r ,"steve.biko"))
+    (tr:call-with-content
+     (lambda (c)
+       (unless (string-contains? c "[GNUPG:] BEGIN_ENCRYPTION 2 9")
+          (fail (string-append "Unexpected status: " c)))))))
+ '("plain-1"))
+
+(for-each-p
+ "Checking non OCB capable key with --force-ocb"
+ (lambda (source)
+   (tr:do
+    (tr:open source)
+    (tr:gpgstatus "" `(--yes -e --force-ocb
+                       -r ,"steve.biko"))
+    (tr:call-with-content
+     (lambda (c)
+       (unless (string-contains? c "[GNUPG:] BEGIN_ENCRYPTION 0 9 2")
+	  (fail (string-append "Unexpected status: " c)))))))
+ '("plain-1"))

tests/openpgp/privkeys/891067FFFC6D67D37BD4BFC399191C5F3989D1B5.key

@@ -0,0 +1,5 @@
+Created: 20220916T120000
+Key: (private-key (ecc (curve Curve25519)(flags djb-tweak)(q
+  #409651F6DD19C8F562792274BCE044F8916609FBDA25EE3DFA21207DCE8CBA0C63#)
+ (d #778955D781825551C8B8025DF6A9D7A00613331DE35711F56C65676A98E565F8#)
+ ))

tests/openpgp/privkeys/F27FC04CB01723A4CB6F5399F7B86CCD82C0169C.key

@@ -0,0 +1,5 @@
+Created: 20220916T120000
+Key: (private-key (ecc (curve Ed25519)(flags eddsa)(q
+  #403905D615CA9A98D674F1CC7AA8B5E9F948D7D2FB2E7536ED6027B014B1F948E6#)
+ (d #F1E5A1387736A9BD0976AA1FA1D217C3A75EC636605EA8EEAF3C84A9C13E01B4#)
+ ))

tests/openpgp/samplekeys/README

@@ -17,6 +17,7 @@ E657FB607BB4F21C90BB6651BC067AF28BC90111.asc Key with subkeys (no protection)
 pgp-desktop-skr.asc    Secret key with subkeys w/o signatures
 rsa-rsa-sample-1.asc   RSA+RSA sample key (no passphrase)
 ed25519-cv25519-sample-1.asc  Ed25519+CV25519 sample key (no passphrase)
+ed25519-cv25519-sample-2.asc  Ed25519+CV25519 sample key (no passphrase)
 silent-running.asc     Collection of sample secret keys (no passphrases)
 rsa-primary-auth-only.pub.asc  rsa2408 primary only, usage: cert,auth
 rsa-primary-auth-only.sec.asc  Ditto but the secret keyblock.

tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc

@@ -1,21 +1,21 @@
 pub   ed25519 2016-06-22 [SC]
       B21DEAB4F875FB3DA42F1D1D139563682A020D0A
       Keygrip = 1E28F20E41B54C2D1234D896096495FF57E08D18
-uid           [ unknown] patrice.lumumba@example.net
+uid                      patrice.lumumba@example.net
 sub   cv25519 2016-06-22 [E]
       8D0221D9B2877A741D69AC4E9185878E4FCD74C0
       Keygrip = EB33B687EB8581AB64D04852A54453E85F3DF62D
 
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2
 
 mDMEV2o9XRYJKwYBBAHaRw8BAQdAZ8zkuQDL9x7rcvvoo6s3iEF1j88Dknd9nZhL
-nTEoBRm0G3BhdHJpY2UubHVtdW1iYUBleGFtcGxlLm5ldIh5BBMWCAAhBQJXaj1d
-AhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEBOVY2gqAg0KmQ0BAMUNzAlT
-OzG7tolSI92lhePi5VqutdqTEQTyYYWi1aEsAP0YfiuosNggTc0oRTSz46S3i0Qj
-AlpXwfU00888yIreDbg4BFdqPY0SCisGAQQBl1UBBQEBB0AWeeZlz31O4qTmIKr3
-CZhlRUXZFxc3YKyoCXyIZBBRawMBCAeIYQQYFggACQUCV2o9jQIbDAAKCRATlWNo
-KgINCsuFAP9BplWl813pi779V8OMsRGs/ynyihnOESft/H8qlM8PDQEAqIUPpIty
-OX/OBFy2RIlIi7J1bTp9RzcbzQ/4Fk4hWQQ=
-=qRfF
+nTEoBRm0G3BhdHJpY2UubHVtdW1iYUBleGFtcGxlLm5ldIiTBBMWCAA7AhsDAheA
+FiEEsh3qtPh1+z2kLx0dE5VjaCoCDQoFAmNkyZ0FCwkIBwICIgIGFQgJCgsCBBYC
+AwECHgcACgkQE5VjaCoCDQoKxwEAyVSPe4kwcvjlL9iZYftqwmCQpL6Sd7smgBdb
+naqvAEMA/RrGBjSTGzTvFMVlIcT0Jr1uPVHig7twPnpzbL1uWUwLuDgEV2o9jRIK
+KwYBBAGXVQEFAQEHQBZ55mXPfU7ipOYgqvcJmGVFRdkXFzdgrKgJfIhkEFFrAwEI
+B4hhBBgWCAAJBQJXaj2NAhsMAAoJEBOVY2gqAg0Ky4UA/0GmVaXzXemLvv1Xw4yx
+Eaz/KfKKGc4RJ+38fyqUzw8NAQCohQ+ki3I5f84EXLZEiUiLsnVtOn1HNxvND/gW
+TiFZBA==
+=u4Iu
 -----END PGP PUBLIC KEY BLOCK-----

tests/openpgp/samplekeys/ed25519-cv25519-sample-2.asc

@@ -0,0 +1,21 @@
+pub   ed25519 2022-09-16 [SC]
+      5F1438D784C8C68400645518AE08687BF38AFFF3
+      Keygrip = F27FC04CB01723A4CB6F5399F7B86CCD82C0169C
+uid                      mahsa.amini@example.net
+sub   cv25519 2022-09-16 [E]
+      FFE7440568492D986F3B88BD9E64CB003A8D6449
+      Keygrip = 891067FFFC6D67D37BD4BFC399191C5F3989D1B5
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYyRlQBYJKwYBBAHaRw8BAQdAOQXWFcqamNZ08cx6qLXp+UjX0vsudTbtYCew
+FLH5SOa0F21haHNhLmFtaW5pQGV4YW1wbGUubmV0iJMEExYKADsWIQRfFDjXhMjG
+hABkVRiuCGh784r/8wUCYyRlQAIbAwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIX
+gAAKCRCuCGh784r/8wYzAQDTikkZd/G/o1DtfGq/k0R9ctcZCD9vHKH3PNj2atfX
+cwEAt5zFYyEe2OPzJ5HYffOPhcyK2kPsvkerLfdXy/K8QAe4OARjJGVAEgorBgEE
+AZdVAQUBAQdAllH23RnI9WJ5InS84ET4kWYJ+9ol7j36ISB9zoy6DGMDAQgHiHgE
+GBYKACAWIQRfFDjXhMjGhABkVRiuCGh784r/8wUCYyRlQAIbDAAKCRCuCGh784r/
+89lTAQDpupXGKLSlga2qHgtaud47oU5edY48MZ7CBnFByi5IAQEA2nJpUsVuaQl2
+XSURaPTUi0C98ny61kwGcVtOcTFpPgY=
+=r11D
+-----END PGP PUBLIC KEY BLOCK-----