From 1be272d04e767c467d4ad79ca3a1cb96ee9ce4e1 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 4 Nov 2022 11:11:53 +0100 Subject: [PATCH] tests: Add tests to check that OCB is only used for capable keys. * tests/openpgp/samplekeys/ed25519-cv25519-sample-2.asc: New. * tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc: Add AEAD preference. * tests/openpgp/defs.scm (tr:gpgstatus): New. (create-legacy-gpghome): Also import .key private keys. * tests/openpgp/encrypt.scm: Add OCB tests. --- tests/openpgp/Makefile.am | 5 +- tests/openpgp/defs.scm | 10 +++ tests/openpgp/encrypt.scm | 65 +++++++++++++++++++ ...1067FFFC6D67D37BD4BFC399191C5F3989D1B5.key | 5 ++ ...7FC04CB01723A4CB6F5399F7B86CCD82C0169C.key | 5 ++ tests/openpgp/samplekeys/README | 1 + .../samplekeys/ed25519-cv25519-sample-1.asc | 20 +++--- .../samplekeys/ed25519-cv25519-sample-2.asc | 21 ++++++ 8 files changed, 121 insertions(+), 11 deletions(-) create mode 100644 tests/openpgp/privkeys/891067FFFC6D67D37BD4BFC399191C5F3989D1B5.key create mode 100644 tests/openpgp/privkeys/F27FC04CB01723A4CB6F5399F7B86CCD82C0169C.key create mode 100644 tests/openpgp/samplekeys/ed25519-cv25519-sample-2.asc diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index c1e158eeb..32b75d427 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -210,7 +210,9 @@ priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \ privkeys/1E28F20E41B54C2D1234D896096495FF57E08D18.asc \ privkeys/EB33B687EB8581AB64D04852A54453E85F3DF62D.asc \ privkeys/C6A6390E9388CDBAD71EAEA698233FE5E04F001E.asc \ - privkeys/D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3.asc + privkeys/D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3.asc \ + privkeys/891067FFFC6D67D37BD4BFC399191C5F3989D1B5.key \ + privkeys/F27FC04CB01723A4CB6F5399F7B86CCD82C0169C.key sample_keys = samplekeys/README \ samplekeys/ecc-sample-1-pub.asc \ @@ -229,6 +231,7 @@ sample_keys = samplekeys/README \ samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc \ samplekeys/rsa-rsa-sample-1.asc \ samplekeys/ed25519-cv25519-sample-1.asc \ + samplekeys/ed25519-cv25519-sample-2.asc \ samplekeys/silent-running.asc \ samplekeys/ssh-dsa.key \ samplekeys/ssh-ecdsa.key \ diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm index 6795512b7..5122a8e30 100644 --- a/tests/openpgp/defs.scm +++ b/tests/openpgp/defs.scm @@ -210,6 +210,9 @@ (define (tr:gpg input args) (tr:spawn input `(,@GPG --output **out** ,@args **in**))) +(define (tr:gpgstatus input args) + (tr:spawn input `(,@GPG --output dummy --status-file **out** ,@args **in**))) + (define (pipe:gpg args) (pipe:spawn `(,@GPG --output - ,@args))) @@ -418,6 +421,13 @@ "EB33B687EB8581AB64D04852A54453E85F3DF62D" "C6A6390E9388CDBAD71EAEA698233FE5E04F001E" "D69102E0F5AC6B6DB8E4D16DA8E18CF46D88CAE3")) + (for-each + (lambda (name) + (file-copy (in-srcdir "tests" "openpgp" "privkeys" + (string-append name ".key")) + (string-append "private-keys-v1.d/" name ".key"))) + '("891067FFFC6D67D37BD4BFC399191C5F3989D1B5" + "F27FC04CB01723A4CB6F5399F7B86CCD82C0169C")) (log "Importing public demo and test keys") (for-each diff --git a/tests/openpgp/encrypt.scm b/tests/openpgp/encrypt.scm index f59a1f0c1..ef2f7b0bc 100755 --- a/tests/openpgp/encrypt.scm +++ b/tests/openpgp/encrypt.scm @@ -59,3 +59,68 @@ (tr:gpg "" '(--yes --decrypt)) (tr:assert-identity source))) plain-files) + + +(info "Importing additional sample keys for OCB tests") +(for-each + (lambda (name) + (call `(,@GPG --yes --import ,(in-srcdir "tests" "openpgp" "samplekeys" + (string-append name ".asc"))))) + '("ed25519-cv25519-sample-1" + "ed25519-cv25519-sample-2" + "rsa-rsa-sample-1")) + +(for-each-p + "Checking OCB mode" + (lambda (source) + (tr:do + (tr:open source) + (tr:gpg "" `(--yes -er ,"patrice.lumumba")) + (tr:gpg "" '(--yes -d)) + (tr:assert-identity source))) + all-files) + +;; For reference: +;; BEGIN_ENCRYPTION [] + +(for-each-p + "Checking two OCB capable keys" + (lambda (source) + (tr:do + (tr:open source) + (tr:gpgstatus "" `(--yes -e + -r ,"patrice.lumumba" + -r ,"mahsa.amini")) + (tr:call-with-content + (lambda (c) + (unless (string-contains? c "[GNUPG:] BEGIN_ENCRYPTION 0 9 2") + (fail (string-append "Unexpected status: " c))))))) + '("plain-1")) + +(for-each-p + "Checking two OCB capable keys plus one not capable" + (lambda (source) + (tr:do + (tr:open source) + (tr:gpgstatus "" `(--yes -o out -e + -r ,"patrice.lumumba" + -r ,"mahsa.amini" + -r ,"steve.biko")) + (tr:call-with-content + (lambda (c) + (unless (string-contains? c "[GNUPG:] BEGIN_ENCRYPTION 2 9") + (fail (string-append "Unexpected status: " c))))))) + '("plain-1")) + +(for-each-p + "Checking non OCB capable key with --force-ocb" + (lambda (source) + (tr:do + (tr:open source) + (tr:gpgstatus "" `(--yes -e --force-ocb + -r ,"steve.biko")) + (tr:call-with-content + (lambda (c) + (unless (string-contains? c "[GNUPG:] BEGIN_ENCRYPTION 0 9 2") + (fail (string-append "Unexpected status: " c))))))) + '("plain-1")) diff --git a/tests/openpgp/privkeys/891067FFFC6D67D37BD4BFC399191C5F3989D1B5.key b/tests/openpgp/privkeys/891067FFFC6D67D37BD4BFC399191C5F3989D1B5.key new file mode 100644 index 000000000..3e805d49f --- /dev/null +++ b/tests/openpgp/privkeys/891067FFFC6D67D37BD4BFC399191C5F3989D1B5.key @@ -0,0 +1,5 @@ +Created: 20220916T120000 +Key: (private-key (ecc (curve Curve25519)(flags djb-tweak)(q + #409651F6DD19C8F562792274BCE044F8916609FBDA25EE3DFA21207DCE8CBA0C63#) + (d #778955D781825551C8B8025DF6A9D7A00613331DE35711F56C65676A98E565F8#) + )) diff --git a/tests/openpgp/privkeys/F27FC04CB01723A4CB6F5399F7B86CCD82C0169C.key b/tests/openpgp/privkeys/F27FC04CB01723A4CB6F5399F7B86CCD82C0169C.key new file mode 100644 index 000000000..544643807 --- /dev/null +++ b/tests/openpgp/privkeys/F27FC04CB01723A4CB6F5399F7B86CCD82C0169C.key @@ -0,0 +1,5 @@ +Created: 20220916T120000 +Key: (private-key (ecc (curve Ed25519)(flags eddsa)(q + #403905D615CA9A98D674F1CC7AA8B5E9F948D7D2FB2E7536ED6027B014B1F948E6#) + (d #F1E5A1387736A9BD0976AA1FA1D217C3A75EC636605EA8EEAF3C84A9C13E01B4#) + )) diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README index 74635c702..682dfc06e 100644 --- a/tests/openpgp/samplekeys/README +++ b/tests/openpgp/samplekeys/README @@ -17,6 +17,7 @@ E657FB607BB4F21C90BB6651BC067AF28BC90111.asc Key with subkeys (no protection) pgp-desktop-skr.asc Secret key with subkeys w/o signatures rsa-rsa-sample-1.asc RSA+RSA sample key (no passphrase) ed25519-cv25519-sample-1.asc Ed25519+CV25519 sample key (no passphrase) +ed25519-cv25519-sample-2.asc Ed25519+CV25519 sample key (no passphrase) silent-running.asc Collection of sample secret keys (no passphrases) rsa-primary-auth-only.pub.asc rsa2408 primary only, usage: cert,auth rsa-primary-auth-only.sec.asc Ditto but the secret keyblock. diff --git a/tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc b/tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc index 54d204427..53e2440ba 100644 --- a/tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc +++ b/tests/openpgp/samplekeys/ed25519-cv25519-sample-1.asc @@ -1,21 +1,21 @@ pub ed25519 2016-06-22 [SC] B21DEAB4F875FB3DA42F1D1D139563682A020D0A Keygrip = 1E28F20E41B54C2D1234D896096495FF57E08D18 -uid [ unknown] patrice.lumumba@example.net +uid patrice.lumumba@example.net sub cv25519 2016-06-22 [E] 8D0221D9B2877A741D69AC4E9185878E4FCD74C0 Keygrip = EB33B687EB8581AB64D04852A54453E85F3DF62D -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2 mDMEV2o9XRYJKwYBBAHaRw8BAQdAZ8zkuQDL9x7rcvvoo6s3iEF1j88Dknd9nZhL -nTEoBRm0G3BhdHJpY2UubHVtdW1iYUBleGFtcGxlLm5ldIh5BBMWCAAhBQJXaj1d -AhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEBOVY2gqAg0KmQ0BAMUNzAlT -OzG7tolSI92lhePi5VqutdqTEQTyYYWi1aEsAP0YfiuosNggTc0oRTSz46S3i0Qj -AlpXwfU00888yIreDbg4BFdqPY0SCisGAQQBl1UBBQEBB0AWeeZlz31O4qTmIKr3 -CZhlRUXZFxc3YKyoCXyIZBBRawMBCAeIYQQYFggACQUCV2o9jQIbDAAKCRATlWNo -KgINCsuFAP9BplWl813pi779V8OMsRGs/ynyihnOESft/H8qlM8PDQEAqIUPpIty -OX/OBFy2RIlIi7J1bTp9RzcbzQ/4Fk4hWQQ= -=qRfF +nTEoBRm0G3BhdHJpY2UubHVtdW1iYUBleGFtcGxlLm5ldIiTBBMWCAA7AhsDAheA +FiEEsh3qtPh1+z2kLx0dE5VjaCoCDQoFAmNkyZ0FCwkIBwICIgIGFQgJCgsCBBYC +AwECHgcACgkQE5VjaCoCDQoKxwEAyVSPe4kwcvjlL9iZYftqwmCQpL6Sd7smgBdb +naqvAEMA/RrGBjSTGzTvFMVlIcT0Jr1uPVHig7twPnpzbL1uWUwLuDgEV2o9jRIK +KwYBBAGXVQEFAQEHQBZ55mXPfU7ipOYgqvcJmGVFRdkXFzdgrKgJfIhkEFFrAwEI +B4hhBBgWCAAJBQJXaj2NAhsMAAoJEBOVY2gqAg0Ky4UA/0GmVaXzXemLvv1Xw4yx +Eaz/KfKKGc4RJ+38fyqUzw8NAQCohQ+ki3I5f84EXLZEiUiLsnVtOn1HNxvND/gW +TiFZBA== +=u4Iu -----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/openpgp/samplekeys/ed25519-cv25519-sample-2.asc b/tests/openpgp/samplekeys/ed25519-cv25519-sample-2.asc new file mode 100644 index 000000000..2e7285195 --- /dev/null +++ b/tests/openpgp/samplekeys/ed25519-cv25519-sample-2.asc @@ -0,0 +1,21 @@ +pub ed25519 2022-09-16 [SC] + 5F1438D784C8C68400645518AE08687BF38AFFF3 + Keygrip = F27FC04CB01723A4CB6F5399F7B86CCD82C0169C +uid mahsa.amini@example.net +sub cv25519 2022-09-16 [E] + FFE7440568492D986F3B88BD9E64CB003A8D6449 + Keygrip = 891067FFFC6D67D37BD4BFC399191C5F3989D1B5 + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEYyRlQBYJKwYBBAHaRw8BAQdAOQXWFcqamNZ08cx6qLXp+UjX0vsudTbtYCew +FLH5SOa0F21haHNhLmFtaW5pQGV4YW1wbGUubmV0iJMEExYKADsWIQRfFDjXhMjG +hABkVRiuCGh784r/8wUCYyRlQAIbAwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIX +gAAKCRCuCGh784r/8wYzAQDTikkZd/G/o1DtfGq/k0R9ctcZCD9vHKH3PNj2atfX +cwEAt5zFYyEe2OPzJ5HYffOPhcyK2kPsvkerLfdXy/K8QAe4OARjJGVAEgorBgEE +AZdVAQUBAQdAllH23RnI9WJ5InS84ET4kWYJ+9ol7j36ISB9zoy6DGMDAQgHiHgE +GBYKACAWIQRfFDjXhMjGhABkVRiuCGh784r/8wUCYyRlQAIbDAAKCRCuCGh784r/ +89lTAQDpupXGKLSlga2qHgtaud47oU5edY48MZ7CBnFByi5IAQEA2nJpUsVuaQl2 +XSURaPTUi0C98ny61kwGcVtOcTFpPgY= +=r11D +-----END PGP PUBLIC KEY BLOCK-----