diff --git a/dirmngr/ChangeLog b/dirmngr/ChangeLog index ac71bdd6c..c1ce3bfa6 100644 --- a/dirmngr/ChangeLog +++ b/dirmngr/ChangeLog @@ -1,6 +1,6 @@ 2011-02-09 Werner Koch - * ks-engine-kdns.c: New. Based on the former gpgkeys_kdns. + * ks-engine-kdns.c: New but only the framework. * server.c (cmd_keyserver): Add option --help. (dirmngr_status_help): New. diff --git a/dirmngr/ks-engine-kdns.c b/dirmngr/ks-engine-kdns.c new file mode 100644 index 000000000..748274db1 --- /dev/null +++ b/dirmngr/ks-engine-kdns.c @@ -0,0 +1,79 @@ +/* ks-engine-kdns.c - KDNS OpenPGP key access + * Copyright (C) 2011 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include + +#include +#include +#include +#include + +#include "dirmngr.h" +#include "misc.h" +#include "userids.h" +#include "ks-engine.h" + +/* Print a help output for the schemata supported by this module. */ +gpg_error_t +ks_kdns_help (ctrl_t ctrl, parsed_uri_t uri) +{ + const char const data[] = + "This keyserver engine accepts URLs of the form:\n" + " kdns://[NAMESERVER]/[ROOT][?at=STRING]\n" + "with\n" + " NAMESERVER used for queries (default: system standard)\n" + " ROOT a DNS name appended to the query (default: none)\n" + " STRING a string to replace the '@' (default: \".\")\n" + "If a long answer is expected add the parameter \"usevc=1\".\n" + "Supported methods: fetch\n" + "Example:\n" + "A query for \"hacker@gnupg.org\" with\n" + " kdns://10.0.0.1/example.net?at=_key_&usevc=1\n" + "setup as --auto-key-lookup in gpg does a CERT record query\n" + "with type PGP on the nameserver 10.0.0.1 for\n" + " hacker._key_.gnupg.org.example.net"; + gpg_error_t err; + + if (!uri) + err = ks_print_help (ctrl, " kdns"); + else if (!strcmp (uri->scheme, "kdns")) + err = ks_print_help (ctrl, data); + else + err = 0; + + return err; +} + + +/* Get the key from URI which is expected to specify a kdns scheme. + On success R_FP has an open stream to read the data. */ +gpg_error_t +ks_kdns_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp) +{ + gpg_error_t err; + + (void)ctrl; + *r_fp = NULL; + + if (strcmp (uri->scheme, "kdns")) + return gpg_error (GPG_ERR_INV_ARG); + + err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + return err; +} diff --git a/g10/ChangeLog b/g10/ChangeLog index 351475f7c..0eebbef78 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +2011-02-10 Werner Koch + + * seskey.c (encode_md_value): Change last fix to avoid a + regression for DSA with SHA-2 hashes. + 2011-02-09 Werner Koch * keyserver.c: Replace all printf by es_printf. diff --git a/g10/seskey.c b/g10/seskey.c index f3796f0b0..b210ae063 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -297,18 +297,17 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo) return NULL; } - /* Check if we're too short. Too long is safe as we'll - automatically left-truncate. - FIXME: Check against FIPS. - This checks would require the use of SHA512 with ECDSA 512. I - think this is overkill to fail in this case. Therefore, - relax the check, but only for ECDSA keys. We may need to - adjust it later for general case. (Note that the check will - never pass for ECDSA 521 anyway as the only hash that - intended to match it is SHA 512, but 512 < 521). */ + /* ECDSA 521 is special has it is larger than the largest hash + we have (SHA-512). Thus we chnage the size for further + processing to 512. */ + if (pkalgo == GCRY_PK_ECDSA && qbits > 512) + qbits = 512; + + /* Check if we're too short. Too long is safe as we'll + automatically left-truncate. */ mdlen = gcry_md_get_algo_dlen (hash_algo); - if (mdlen < ((pkalgo == GCRY_PK_ECDSA && qbits > 521) ? 512: qbits)/8) + if (mdlen < qbits/8) { log_error (_("%s key %s requires a %zu bit or larger hash " "(hash is %s\n"), @@ -318,13 +317,10 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo) return NULL; } - /* By passing MDLEN as length to mpi_scan, we do the truncation - of the hash. - - Note that in case of ECDSA 521 the hash is always smaller - than the key size. */ + /* Note that we do the truncation by passing QBITS/8 as length to + mpi_scan. */ if (gcry_mpi_scan (&frame, GCRYMPI_FMT_USG, - gcry_md_read (md, hash_algo), mdlen, NULL)) + gcry_md_read (md, hash_algo), qbits/8, NULL)) BUG(); } else diff --git a/tests/openpgp/ChangeLog b/tests/openpgp/ChangeLog index d7c444b97..18fbad852 100644 --- a/tests/openpgp/ChangeLog +++ b/tests/openpgp/ChangeLog @@ -1,3 +1,12 @@ +2011-02-10 Werner Koch + + * ecc.test: New. + * pinentry.sh: New. + * defs.inc: Do not create a log when running tests with envvar + verbose > 1. Add pinentry-program to gpg-agent.conf. + * Makefile.am (sample_keys): New. + (EXTRA_DIST): Add them. + 2010-10-15 Werner Koch * Makefile.am (clean-local): New. @@ -154,7 +163,7 @@ * verify.test: More tests. * multisig.test: Better error printing. (sig_1ls1ls_valid, sig_ls_valid): Moved to the non-valid group. - + 2006-02-14 Werner Koch * verify.test: New. @@ -236,7 +245,7 @@ 2002-05-10 Werner Koch * Makefile.am: Add gpg_dearmor to all targets where it is used. - Noted by Andreas Haumer. + Noted by Andreas Haumer. 2002-04-19 Werner Koch @@ -264,7 +273,7 @@ 2001-09-28 Werner Koch - * defs.inc: Write a log file for each test. + * defs.inc: Write a log file for each test. * run-gpg, run-gpgm, run-gpg.patterns: Removed. Replaced in all tests by a simple macro from defs.inc. * Makefile.am (CLEANFILES): Remove log files. @@ -275,7 +284,7 @@ armencryptp.test, armencrypt.test, encryptp.test, seat.test, encrypt-dsa.test, encrypt.test: Use --always-trust because the test are not designed to check the validity. - + 2001-09-06 Werner Koch * genkey1024.test: Simplified by using a parameter file. @@ -303,7 +312,7 @@ 2001-03-20 Werner Koch - * Makefile.am: Import the pubdemo.asc file + * Makefile.am: Import the pubdemo.asc file * sigs.test (hash_algo_list): s/tiger/tiger192/ @@ -402,5 +411,3 @@ Mon May 18 15:40:02 1998 Werner Koch (wk@isil.d.shuttle.de) This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index 54132a944..8d6e5906b 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -8,12 +8,12 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see . # Process this file with automake to create Makefile.in @@ -38,7 +38,7 @@ TESTS = version.test mds.test \ armdetachm.test detachm.test genkey1024.test \ conventional.test conventional-mdc.test \ multisig.test verify.test armor.test \ - import.test finish.test + import.test ecc.test finish.test TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \ @@ -60,15 +60,21 @@ priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \ privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc \ privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc +sample_keys = samplekeys/ecc-sample-1-pub.asc \ + samplekeys/ecc-sample-2-pub.asc \ + samplekeys/ecc-sample-3-pub.asc \ + samplekeys/ecc-sample-1-sec.asc \ + samplekeys/ecc-sample-2-sec.asc \ + samplekeys/ecc-sample-3-sec.asc -EXTRA_DIST = defs.inc $(TESTS) $(TEST_FILES) \ - mkdemodirs signdemokey $(priv_keys) +EXTRA_DIST = defs.inc pinentry.sh $(TESTS) $(TEST_FILES) \ + mkdemodirs signdemokey $(priv_keys) $(sample_keys) CLEANFILES = prepared.stamp x y yy z out err $(data_files) \ plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \ *.test.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \ pubring.gpg secring.gpg pubring.pkr secring.skr \ - gnupg-test.stop pubring.gpg~ random_seed + gnupg-test.stop pubring.gpg~ random_seed gpg-agent.log clean-local: -rm -rf private-keys-v1.d @@ -77,5 +83,3 @@ clean-local: # We need to depend on a couple of programs so that the tests don't # start before all programs are built. all-local: $(required_pgms) - - diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc index bc0d76e10..b9af8fef8 100755 --- a/tests/openpgp/defs.inc +++ b/tests/openpgp/defs.inc @@ -58,7 +58,7 @@ error () { defs_error_seen=yes echo "$pgmname:" $* >&5 if [ x$defs_stop_on_error != xyes ]; then - exit 1 + exit 1 fi } @@ -163,12 +163,12 @@ pgmname=`basename $0` [ -z "$srcdir" ] && fatal "not called from make" -# +# if [ -f gnupg-test.stop ]; then if [ $pgmname = "version.test" ]; then rm gnupg-test.stop else - # Skip the rest of the tests. + # Skip the rest of the tests. exit 77 fi fi @@ -195,22 +195,33 @@ GPG_CONNECT_AGENT="../../tools/gpg-connect-agent" GPGCONF="../../tools/gpgconf" GPG_PRESET_PASSPHRASE="../../agent/gpg-preset-passphrase" MKTDATA="../../tools/mk-tdata" +PINENTRY="$(cd $srcdir && /bin/pwd)/pinentry.sh" +# Default to empty passphrase for pinentry.sh +PINENTRY_USER_DATA= # Make sure we have a valid option files even with VPATH builds. -for f in gpg.conf gpg-agent.conf ; do +for f in gpg.conf gpg-agent.conf ; do if [ -f ./$f ]; then : elif [ -f $srcdir/$f.tmpl ]; then cat $srcdir/$f.tmpl >$f - if [ "$f" = "gpg.conf" ]; then - echo "agent-program $GPG_AGENT" >>gpg.conf - fi + case "$f" in + gpg.conf) + echo "agent-program $GPG_AGENT" >>"$f" + ;; + gpg-agent.conf) + echo "pinentry-program $PINENTRY" >>"$f" + ;; + esac fi done -echo "Test: $pgmname" > ${pgmname}.log -echo "GNUPGHOME=$GNUPGHOME" >> ${pgmname}.log -exec 5>&2 2>>${pgmname}.log - +if [ "${verbose:-0}" -gt "1" ]; then + exec 5>/dev/null +else + echo "Test: $pgmname" > ${pgmname}.log + echo "GNUPGHOME=$GNUPGHOME" >> ${pgmname}.log + exec 5>&2 2>>${pgmname}.log +fi : # end diff --git a/tests/openpgp/ecc.test b/tests/openpgp/ecc.test new file mode 100755 index 000000000..ce493086a --- /dev/null +++ b/tests/openpgp/ecc.test @@ -0,0 +1,89 @@ +#!/bin/sh +# Copyright 2011 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +. $srcdir/defs.inc || exit 3 + +keygrips='8E06A180EFFE4C65B812150CAF19BF30C0689A4C + E4403F3FD7A443FAC29FEF288FA0D20AC212851E + 0B7554421FFB14A06CB9F63FB49A85A58E97ABAC + 303ACC892C2D786C8A789677C0BE54DA8538F903 + 9FE5C36985351524B6AFA19FDCBC1A3A750B6F5F + 145A52CC7ED3FD41C5B0A26BE220FEED36AF24DE' +mainkeyids='BAA59D9C + 0F54719F + 45AF2FFE' + + +if have_pubkey_algo "ECDH"; then + : +else + info "No ECC support due to an old Libgcrypt" + exit 77 +fi + + +info "Preparing for ECC test." +for i in $keygrips ; do + rm private-keys-v1.d/$i.key 2>/dev/null || true + $GPG_PRESET_PASSPHRASE --preset -P ecc $i +done + + +info "Importing ECC public keys." +for k in $mainkeyids ; do + $GPG --delete-key --batch --yes $k 2>/dev/null || true +done +for i in 1 2 3; do + k="ecc-sample-$i-pub.asc" + if $GPG --import $srcdir/samplekeys/$k; then + : + else + error "$k: import failed" + fi +done + + +info "Importing ECC secret keys." +# Note that the PGP generated secret keys are not self-signed, thus we +# need to pass an appropriate option. +for i in 1 2 3; do + k="ecc-sample-$i-sec.asc" + if [ "$i" -gt "1" ]; then + extraopts="--allow-non-selfsigned-uid" + else + extraopts="" + fi + if PINENTRY_USER_DATA=ecc $GPG $extraopts --import $srcdir/samplekeys/$k; then + : + else + error "$k: import failed" + fi +done + + +info "Importing ECC secret keys directly." +for i in $keygrips ; do + rm private-keys-v1.d/$i.key 2>/dev/null || true +done +for k in $mainkeyids ; do + $GPG --delete-key --batch --yes $k 2>/dev/null || true +done +for i in 1 2 3; do + k="ecc-sample-$i-sec.asc" + if [ "$i" -gt "1" ]; then + extraopts="--allow-non-selfsigned-uid" + else + extraopts="" + fi + if PINENTRY_USER_DATA=ecc $GPG $extraopts --import $srcdir/samplekeys/$k; then + : + else + error "$k: import failed" + fi +done diff --git a/tests/openpgp/pinentry.sh b/tests/openpgp/pinentry.sh new file mode 100755 index 000000000..c8d05520a --- /dev/null +++ b/tests/openpgp/pinentry.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# Copyright 2011 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +exec 2>>/tmp/pinentry.err + +echo "OK - what's up?" +while read cmd rest; do + echo "cmd=$cmd rest=$rest" >&2 + case "$cmd" in + \#*) + ;; + GETPIN) + echo "D ${PINENTRY_USER_DATA}" + echo "OK" + ;; + BYE) + echo "OK" + exit 0 + ;; + *) + echo "OK" + ;; + esac +done diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README index fd05aa3a4..4bfd61f4e 100644 --- a/tests/openpgp/samplekeys/README +++ b/tests/openpgp/samplekeys/README @@ -1,5 +1,112 @@ no-creation-time.gpg A key with a zero creation time. -ecc-sample-1-pub.asc The first ECC sample key. -ecc-sample-1-sec.asc The first ECC sample key (secret). +ecc-sample-1-pub.asc A NIST P-256 ECC sample key. +ecc-sample-1-sec.asc Ditto, but the secret keyblock. +ecc-sample-2-pub.asc A NIST P-384 ECC sample key. +ecc-sample-2-sec.asc Ditto, but the secret keyblock. +ecc-sample-3-pub.asc A NIST P-521 ECC sample key. +ecc-sample-3-sec.asc Ditto, but the secret keyblock. + + +Signed message + +The following is an opaque ECDSA signature on a message "This is one +line\n" (17 byte long) by the master key: + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2.1.0-ecc (GNU/Linux) + +owGbwMvMwCHMvVT3w66lc+cwrlFK4k5N1k3KT6nUK6ko8Zl8MSEkI7NYAYjy81IV +cjLzUrk64lgYhDkY2FiZQNIMXJwCMO31rxgZ+tW/zesUPxWzdKWrtLGW/LkP5rXL +V/Yvnr/EKjBbQuvZSYa/klsum6XFmTze+maVgclT6Rc6hzqqxNy6o6qdTTmLJuvp +AQA= +=GDv4 +-----END PGP MESSAGE---- + +Encrypted message + +The following block encrypts the text "This is one line\n", 17 bytes, +with the subkey 0x4089AB73. + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2.1.0-ecc (GNU/Linux) + +hH4Dd863o0CJq3MSAgMEHdIYZQx+rV1cjy7qitIOEICFFzp4cjsRX4r+rDdMcQUs +h7VZmbP1c9C0s9sgCKwubWfkcYUl2ZOju4gy+s4MYTBb4/j8JjnJ9Bqn6LWutTXJ +zwsdP13VIJLnhiNqISdR3/6xWQ0ICRYzwb95nUZ1c1DSVgFpjPgUvi4pgYbTpcDB +jzILKWBfBDT/jck169XE8vgtbcqVQYZ7lZpaY9CzEbC+4dXZmV1gm5MafpTyFWgH +VnyrZB4gad9Lp9e0RKHHcOOE7s/NeLuu +=odUZ +-----END PGP MESSAGE----- + + + + +Signed message + +The following is an opaque ECDSA signature on a message "This is one +line\n" (17 byte long) by the master key: + +-----BEGIN PGP MESSAGE----- +Version: PGP Command Line v10.0.0 (Linux) + +qANQR1DIqwE7wsvMwCnM2WDcwR9SOJ/xtFISd25qcXFieqpeSUUJAxCEZGQWKwBR +fl6qQk5mXirXoXJmVgbfYC5xmC5hzsDPjHXqbDLzpXpTBXSZV3L6bAgP3Kq7Ykmo +7Ds1v4UfBS+3CSSon7Pzq79WLjzXXEH54MkjPxnrw+8cfMVnY7Bi18J702Nnsa7a +9lMv/PM0/ao9CZ3KX7Q+Tv1rllTZ5Hj4V1frw431QnHfAA== +=elKT +-----END PGP MESSAGE----- + +Encrypted message + +The following block encrypts the text "This is one line\n", 17 bytes, +with the subkey: + +-----BEGIN PGP MESSAGE----- +Version: PGP Command Line v10.0.0 (Linux) + +qANQR1DBngOqi5OPmiAZRhIDAwQqIr/00cJyf+QP+VA4QKVkk77KMHdz9OVaR2XK +0VYu0F/HPm89vL2orfm2hrAZxY9G2R0PG4Wk5Lg04UjKca/O72uWtjdPYulFidmo +uB0QpzXFz22ZZinxeVPLPEr19Pow0EwCc95cg4HAgrD0nV9vRcTJ/+juVfvsJhAO +isMKqrFNMvwnK5A1ECeyVXe7oLZl0lUBRhLr59QTtvf85QJjg/m5kaGy8XCJvLv3 +61pZa6KUmw89PjtPak7ebcjnINL01vwmyeg1PAyW/xjeGGvcO+R4P1b4ewyFnJyR +svzIJcP7d4DqYOw7 +=oiTJ +-----END PGP MESSAGE----- + + + +Signed message + +The following is an opaque ECDSA signature on a message "This is one +line\n" (17 byte long) by the master key: + +-----BEGIN PGP MESSAGE----- +Version: PGP Command Line v10.0.0 (Linux) + +qANQR1DIwA8BO8LLzMAlnO3Y8tB1vf4/xtNKSdy5qcXFiempeiUVJQxAEJKRWawA +RPl5qQo5mXmpXIdmMLMy+AaLnoLpEubatpeJY2Lystd7Qt32q2UcvRS5kNPWtDB7 +ryufvcrWtFM7Jx8qXKDxZuqr7b9PGv1Ssk+I8TzB2O9dZC+n/jv+PAdbuu7mLe33 +Gf9pLd3weV3Qno6FOqxGa5ZszQx+uer2xH3/El9x/2pVeO4l15ScsL7qWMTmffmG +Ic1RdzgeCfosMF+l/zVRchcLKzenEQA= +=ATtX +-----END PGP MESSAGE----- + +Encrypted message + +The following block encrypts the text "This is one line\n", 17 bytes, +with the subkey: + +-----BEGIN PGP MESSAGE----- +Version: PGP Command Line v10.0.0 (Linux) + +qANQR1DBwAIDB+qqSKgcSDgSBCMEAKpzTUxB4c56C7g09ekD9I+ttC5ER/xzDmXU +OJmFqU5w3FllhFj4TgGxxdH+8fv4W2Ag0IKoJvIY9V1V7oUCClfqAR01QbN7jGH/ +I9GFFnH19AYEgMKgFmh14ZwN1BS6/VHh+H4apaYqapbx8/09EL+DV9zWLX4GRLXQ +VqCR1N2rXE29MJFzGmDOCueQNkUjcbuenoCSKcNT+6xhO27U9IYVCg4BhRUDGfD6 +dhfRzBLxL+bKR9JVAe46+K8NLjRVu/bd4Iounx4UF5dBk8ERy+/8k9XantDoQgo6 +RPqCad4Dg/QqkpbK3y574ds3VFNJmc4dVpsXm7lGV5w0FBxhVNPoWNhhECMlTroX +Rg== +=5GqW +-----END PGP MESSAGE----- diff --git a/tests/openpgp/samplekeys/ecc-sample-2-pub.asc b/tests/openpgp/samplekeys/ecc-sample-2-pub.asc new file mode 100644 index 000000000..f89801257 --- /dev/null +++ b/tests/openpgp/samplekeys/ecc-sample-2-pub.asc @@ -0,0 +1,25 @@ +ECC NIST P-384 key taken from +https://sites.google.com/site/brainhub/pgpecckeys + +The sample key has ECDSA top key 0x098033880F54719F and a single ECDH +encryption subkey 0xAA8B938F9A201946. ECDH subkey uses SHA-384 and +AES-256 with KDF. + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: PGP Command Line v10.0.0 (Linux) + +mQBvBE1TBZITBSuBBAAiAwME9rjFrO1bhO+fSiCdsuSp37cNKMuMEOzVdnSp+lpn +OJlCti1eUTZ99Me/0/jlAP7s8H7SZaYhqOu75T6UfseMZ366FDvRUzwrNQ4cKfgj +E+HhEI66Bjvh5ksQ5pUOeZwttCRlY19kc2FfZGhfMzg0IDxvcGVucGdwQGJyYWlu +aHViLm9yZz6JAMsEEBMJAFMFAk1TBZIwFIAAAAAAIAAHcHJlZmVycmVkLWVtYWls +LWVuY29kaW5nQHBncC5jb21wZ3BtaW1lBAsJCAcCGQEFGwMAAAACFgIFHgEAAAAE +FQkKCAAKCRAJgDOID1Rxn8orAYCqNzUJaL1fEVr9jOe8exA4IhUtv/BtCvzag1Mp +UQkFuYy0abogj6q4fHQSt5nntjMBf1g2TqSA6KGj8lOgxfIsRG6L6an85iEBNu4w +gRq71JE53ii1vfjcNtBq50hXnp/1A7kAcwRNUwWSEgUrgQQAIgMDBC+qhAJKILZz +XEiX76W/tBv4W37v6rXKDLn/yOoEpGrLJVNKV3aU+eJTQKSrUiOp3R7aUwyKouZx +jbENfmclWMdzb+CTaepXOaKjVUvxbUH6pQVi8RxtObvV3/trmp7JGAMBCQmJAIQE +GBMJAAwFAk1TBZIFGwwAAAAACgkQCYAziA9UcZ+AlwGA7uem2PzuQe5PkonfF/m8 ++dlV3KJcWDuUM286Ky1Jhtxc9Be40tyG90Gp4abSNsDjAX0cdldUWKDPuTroorJ0 +/MZc7s16ke7INla6EyGZafBpRbSMVr0EFSw6BVPF8vS9Emc= +=I76R +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/openpgp/samplekeys/ecc-sample-2-sec.asc b/tests/openpgp/samplekeys/ecc-sample-2-sec.asc new file mode 100644 index 000000000..b163f6315 --- /dev/null +++ b/tests/openpgp/samplekeys/ecc-sample-2-sec.asc @@ -0,0 +1,22 @@ +ECC NIST P-384 key taken from +https://sites.google.com/site/brainhub/pgpecckeys + +The sample key has ECDSA top key 0x098033880F54719F and a single ECDH +encryption subkey 0xAA8B938F9A201946. ECDH subkey uses SHA-384 and +AES-256 with KDF. The password for the key is "ecc". + +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: PGP Command Line v10.0.0 (Linux) + +lQDSBE1TBZITBSuBBAAiAwME9rjFrO1bhO+fSiCdsuSp37cNKMuMEOzVdnSp+lpn +OJlCti1eUTZ99Me/0/jlAP7s8H7SZaYhqOu75T6UfseMZ366FDvRUzwrNQ4cKfgj +E+HhEI66Bjvh5ksQ5pUOeZwt/gcDAkrFTsfF6LKsqD/tW6Eot2DDE8znJjnQQ/Nr +H98XT1WQ9V0ED8l9DDIIj7z80ED3NR8XMSI8Ew/A/0w6NDPL978BX0MGvpaeBaWV +tEuH1EPAxiA+hFALwftY+a8s1zLktCRlY19kc2FfZGhfMzg0IDxvcGVucGdwQGJy +YWluaHViLm9yZz6dANYETVMFkhIFK4EEACIDAwQvqoQCSiC2c1xIl++lv7Qb+Ft+ +7+q1ygy5/8jqBKRqyyVTSld2lPniU0Ckq1Ijqd0e2lMMiqLmcY2xDX5nJVjHc2/g +k2nqVzmio1VL8W1B+qUFYvEcbTm71d/7a5qeyRgDAQkJ/gkDAqqmkngPLoJGqI4O +rHyyU3wrrPzDDDURkseoUEZlDZINjyto26A8N825mqLqeFytJuuABYH1UnLs4d2x +ZJZIYjEoFMPcFPuUtx+IZnECa1Vcyq2aRFCixVO0G/xrSFar +=a4k3 +-----END PGP PRIVATE KEY BLOCK----- diff --git a/tests/openpgp/samplekeys/ecc-sample-3-pub.asc b/tests/openpgp/samplekeys/ecc-sample-3-pub.asc new file mode 100644 index 000000000..14b49d352 --- /dev/null +++ b/tests/openpgp/samplekeys/ecc-sample-3-pub.asc @@ -0,0 +1,28 @@ +ECC NIST P-521 key taken from +https://sites.google.com/site/brainhub/pgpecckeys + +The sample key has ECDSA top key 0x6B4184E145AF2FFE and a single ECDH +encryption subkey 0x07EAAA48A81C4838. ECDH subkey uses SHA-512 and +AES-256 with KDF. + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: PGP Command Line v10.0.0 (Linux) + +mQCTBE1TFQITBSuBBAAjBCMEAWuwULfE2XoQmJhSQZ8rT5Ecr/kooudn4043gXHy +NZEdTeFfY2G7kwEaxj8TXfd1U1b4PkEoqhzKxhz/MHK/lwi2ARzW1XQiJ1/kFPsv +IUnQI1CUS099WKKQhD8JMPPyje1dKfjFjm2gzyF3TOMX1Cyy8wFyF0MiHVgB3ezb +w7C6jY+3tCRlY19kc2FfZGhfNTIxIDxvcGVucGdwQGJyYWluaHViLm9yZz6JAO0E +EBMKAFMFAk1TFQIwFIAAAAAAIAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5nQHBn +cC5jb21wZ3BtaW1lBAsJCAcCGQEFGwMAAAACFgIFHgEAAAAEFQoJCAAKCRBrQYTh +Ra8v/sm3Agjl0YO73iEpu1z1wGtlUnACi21ti2PJNGlyi84yvDQED0+mxhhTRQYz +3ESaS1s/+4psP4aH0jeVQhce15a9RqfX+AIHam7i8K/tiKFweEjpyMCB594zLzY6 +lWbUf1/1a+tNv3B6yuIwFB1LY1B4HNrze5DUnngEOkmQf2esw/4nQGB87Rm5AJcE +TVMVAhIFK4EEACMEIwQBsRFES0RLIOcCyO18cq2GaphSGXqZtyvtHQt7PKmVNrSw +UuxNClntOe8/DLdq5mYDwNsbT8vi08PyQgiNsdJkcIgAlAayAGB556GKHEmP1JC7 +lCUxRi/2ecJS0bf6iTTqTqZWEFhYs2aXESwFFt3V4mga/OyTGXOpnauHZ22pVLCz +6kADAQoJiQCoBBgTCgAMBQJNUxUCBRsMAAAAAAoJEGtBhOFFry/++p0CCQFJgUCn +kiTKCNfP8Q/MO2BCp1QyESk53GJlCgIBAoa7U6X2fQxe2+OU+PNCjicJmZiSrV6x +6nYfGJ5Jx753sqJWtwIJAc9ZxCQhj4V52FmbPYexZPPneIdeCDjtowD6KUZxiS0K +eD8EzdmeJQWBQsnPtJC/JJL4zz6JyYMXf4jIb5JyGNQC +=5yaB +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/openpgp/samplekeys/ecc-sample-3-sec.asc b/tests/openpgp/samplekeys/ecc-sample-3-sec.asc new file mode 100644 index 000000000..6552e7aad --- /dev/null +++ b/tests/openpgp/samplekeys/ecc-sample-3-sec.asc @@ -0,0 +1,24 @@ +ECC NIST P-521 key taken from +https://sites.google.com/site/brainhub/pgpecckeys + +The sample key has ECDSA top key 0x6B4184E145AF2FFE and a single ECDH +encryption subkey 0x07EAAA48A81C4838. ECDH subkey uses SHA-512 and +AES-256 with KDF. The password for the key is "ecc". + +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: PGP Command Line v10.0.0 (Linux) + +lQEIBE1TFQITBSuBBAAjBCMEAWuwULfE2XoQmJhSQZ8rT5Ecr/kooudn4043gXHy +NZEdTeFfY2G7kwEaxj8TXfd1U1b4PkEoqhzKxhz/MHK/lwi2ARzW1XQiJ1/kFPsv +IUnQI1CUS099WKKQhD8JMPPyje1dKfjFjm2gzyF3TOMX1Cyy8wFyF0MiHVgB3ezb +w7C6jY+3/gcDAv+CotECRPpSqGkqKrz+xAhAqswHXzFIBprFF0XiDooWktZSTAUR +JVB2U6m28wC4rE3RkqFeR1B+kg4nxEAJ9k6BI8oDE0iyOY5aklF2TxPpTs/BA+N2 +O4hnXb1l5qXfuyd3bSwDeyfq3CdFe4TeKp7vtCRlY19kc2FfZGhfNTIxIDxvcGVu +cGdwQGJyYWluaHViLm9yZz6dAQwETVMVAhIFK4EEACMEIwQBsRFES0RLIOcCyO18 +cq2GaphSGXqZtyvtHQt7PKmVNrSwUuxNClntOe8/DLdq5mYDwNsbT8vi08PyQgiN +sdJkcIgAlAayAGB556GKHEmP1JC7lCUxRi/2ecJS0bf6iTTqTqZWEFhYs2aXESwF +Ft3V4mga/OyTGXOpnauHZ22pVLCz6kADAQoJ/gkDAki71k/zBW2qqGyScDNNuWaA +9A5aWhpNNyRrFembt7f/W+b591G3twdNmdCIh29VoOmQw3fO8wwgsPTUxQFgd8J3 +ncft0zciEcDZi/ztLZA3+rIIP2myZLIs9xLG+k+gf3nXpeED4uYqQX3GL+32PKwg +=Qnd8 +-----END PGP PRIVATE KEY BLOCK----- diff --git a/tests/openpgp/version.test b/tests/openpgp/version.test index ed0f6c449..cae8b6840 100755 --- a/tests/openpgp/version.test +++ b/tests/openpgp/version.test @@ -28,7 +28,7 @@ else fi if [ -d private-keys-v1.d ]; then rm private-keys-v1.d/* 2>/dev/null || true - rmdir private-keys-v1.d + rmdir private-keys-v1.d fi for i in pubring.gpg pubring.gpg~ trustdb.gpg trustdb.gpg~ ; do [ -d "$i" ] && rm "$i" @@ -102,5 +102,3 @@ info "Printing the GPG version" $GPG --version #fixme: check that the output is as expected - -