security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

Add ECC import regression tests and fixed a regression.

Browse Source 
The import test imports the keys as needed and because they are
passphrase protected we now need a pinentry script to convey the
passphrase to gpg-agent.
This commit is contained in:
Werner Koch 2011-02-10 20:16:06 +01:00
parent ba23e88faa
commit d290f2914a
15 changed files with 473 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dirmngr/ChangeLog
View File

@ -1,6 +1,6 @@
2011-02-09 Werner Koch <wk@g10code.com> 2011-02-09 Werner Koch <wk@g10code.com>
* ks-engine-kdns.c: New. Based on the former gpgkeys_kdns. * ks-engine-kdns.c: New but only the framework.
* server.c (cmd_keyserver): Add option --help. * server.c (cmd_keyserver): Add option --help.
(dirmngr_status_help): New. (dirmngr_status_help): New.

79
dirmngr/ks-engine-kdns.c Normal file
View File

@ -0,0 +1,79 @@
/* ks-engine-kdns.c - KDNS OpenPGP key access
* Copyright (C) 2011 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include "dirmngr.h"
#include "misc.h"
#include "userids.h"
#include "ks-engine.h"
/* Print a help output for the schemata supported by this module. */
gpg_error_t
ks_kdns_help (ctrl_t ctrl, parsed_uri_t uri)
{
const char const data[] =
"This keyserver engine accepts URLs of the form:\n"
" kdns://[NAMESERVER]/[ROOT][?at=STRING]\n"
"with\n"
" NAMESERVER used for queries (default: system standard)\n"
" ROOT a DNS name appended to the query (default: none)\n"
" STRING a string to replace the '@' (default: \".\")\n"
"If a long answer is expected add the parameter \"usevc=1\".\n"
"Supported methods: fetch\n"
"Example:\n"
"A query for \"hacker@gnupg.org\" with\n"
" kdns://10.0.0.1/example.net?at=_key_&usevc=1\n"
"setup as --auto-key-lookup in gpg does a CERT record query\n"
"with type PGP on the nameserver 10.0.0.1 for\n"
" hacker._key_.gnupg.org.example.net";
gpg_error_t err;
if (!uri)
err = ks_print_help (ctrl, " kdns");
else if (!strcmp (uri->scheme, "kdns"))
err = ks_print_help (ctrl, data);
else
err = 0;
return err;
}
/* Get the key from URI which is expected to specify a kdns scheme.
On success R_FP has an open stream to read the data. */
gpg_error_t
ks_kdns_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp)
{
gpg_error_t err;
(void)ctrl;
*r_fp = NULL;
if (strcmp (uri->scheme, "kdns"))
return gpg_error (GPG_ERR_INV_ARG);
err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
return err;
}

5
g10/ChangeLog
View File

@ -1,3 +1,8 @@
2011-02-10 Werner Koch <wk@g10code.com>
* seskey.c (encode_md_value): Change last fix to avoid a
regression for DSA with SHA-2 hashes.
2011-02-09 Werner Koch <wk@g10code.com> 2011-02-09 Werner Koch <wk@g10code.com>
* keyserver.c: Replace all printf by es_printf. * keyserver.c: Replace all printf by es_printf.

28
g10/seskey.c
View File

@ -297,18 +297,17 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo)
return NULL; return NULL;
} }
/* Check if we're too short. Too long is safe as we'll
automatically left-truncate.
FIXME: Check against FIPS. /* ECDSA 521 is special has it is larger than the largest hash
This checks would require the use of SHA512 with ECDSA 512. I we have (SHA-512). Thus we chnage the size for further
think this is overkill to fail in this case. Therefore, processing to 512. */
relax the check, but only for ECDSA keys. We may need to if (pkalgo == GCRY_PK_ECDSA && qbits > 512)
adjust it later for general case. (Note that the check will qbits = 512;
never pass for ECDSA 521 anyway as the only hash that
intended to match it is SHA 512, but 512 < 521). */ /* Check if we're too short. Too long is safe as we'll
automatically left-truncate. */
mdlen = gcry_md_get_algo_dlen (hash_algo); mdlen = gcry_md_get_algo_dlen (hash_algo);
if (mdlen < ((pkalgo == GCRY_PK_ECDSA && qbits > 521) ? 512: qbits)/8) if (mdlen < qbits/8)
{ {
log_error (_("%s key %s requires a %zu bit or larger hash " log_error (_("%s key %s requires a %zu bit or larger hash "
"(hash is %s\n"), "(hash is %s\n"),
@ -318,13 +317,10 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo)
return NULL; return NULL;
} }
/* By passing MDLEN as length to mpi_scan, we do the truncation /* Note that we do the truncation by passing QBITS/8 as length to
of the hash. mpi_scan. */
Note that in case of ECDSA 521 the hash is always smaller
than the key size. */
if (gcry_mpi_scan (&frame, GCRYMPI_FMT_USG, if (gcry_mpi_scan (&frame, GCRYMPI_FMT_USG,
gcry_md_read (md, hash_algo), mdlen, NULL)) gcry_md_read (md, hash_algo), qbits/8, NULL))
BUG(); BUG();
} }
else else

21
tests/openpgp/ChangeLog
View File

@ -1,3 +1,12 @@
2011-02-10 Werner Koch <wk@g10code.com>
* ecc.test: New.
* pinentry.sh: New.
* defs.inc: Do not create a log when running tests with envvar
verbose > 1. Add pinentry-program to gpg-agent.conf.
* Makefile.am (sample_keys): New.
(EXTRA_DIST): Add them.
2010-10-15 Werner Koch <wk@g10code.com> 2010-10-15 Werner Koch <wk@g10code.com>
* Makefile.am (clean-local): New. * Makefile.am (clean-local): New.
@ -154,7 +163,7 @@
* verify.test: More tests. * verify.test: More tests.
* multisig.test: Better error printing. * multisig.test: Better error printing.
(sig_1ls1ls_valid, sig_ls_valid): Moved to the non-valid group. (sig_1ls1ls_valid, sig_ls_valid): Moved to the non-valid group.
2006-02-14 Werner Koch <wk@gnupg.org> 2006-02-14 Werner Koch <wk@gnupg.org>
* verify.test: New. * verify.test: New.
@ -236,7 +245,7 @@
2002-05-10 Werner Koch <wk@gnupg.org> 2002-05-10 Werner Koch <wk@gnupg.org>
* Makefile.am: Add gpg_dearmor to all targets where it is used. * Makefile.am: Add gpg_dearmor to all targets where it is used.
Noted by Andreas Haumer. Noted by Andreas Haumer.
2002-04-19 Werner Koch <wk@gnupg.org> 2002-04-19 Werner Koch <wk@gnupg.org>
@ -264,7 +273,7 @@
2001-09-28 Werner Koch <wk@gnupg.org> 2001-09-28 Werner Koch <wk@gnupg.org>
* defs.inc: Write a log file for each test. * defs.inc: Write a log file for each test.
* run-gpg, run-gpgm, run-gpg.patterns: Removed. Replaced in all * run-gpg, run-gpgm, run-gpg.patterns: Removed. Replaced in all
tests by a simple macro from defs.inc. tests by a simple macro from defs.inc.
* Makefile.am (CLEANFILES): Remove log files. * Makefile.am (CLEANFILES): Remove log files.
@ -275,7 +284,7 @@
armencryptp.test, armencrypt.test, encryptp.test, seat.test, armencryptp.test, armencrypt.test, encryptp.test, seat.test,
encrypt-dsa.test, encrypt.test: Use --always-trust because the encrypt-dsa.test, encrypt.test: Use --always-trust because the
test are not designed to check the validity. test are not designed to check the validity.
2001-09-06 Werner Koch <wk@gnupg.org> 2001-09-06 Werner Koch <wk@gnupg.org>
* genkey1024.test: Simplified by using a parameter file. * genkey1024.test: Simplified by using a parameter file.
@ -303,7 +312,7 @@
2001-03-20 Werner Koch <wk@gnupg.org> 2001-03-20 Werner Koch <wk@gnupg.org>
* Makefile.am: Import the pubdemo.asc file * Makefile.am: Import the pubdemo.asc file
* sigs.test (hash_algo_list): s/tiger/tiger192/ * sigs.test (hash_algo_list): s/tiger/tiger192/
@ -402,5 +411,3 @@ Mon May 18 15:40:02 1998 Werner Koch (wk@isil.d.shuttle.de)
This file is distributed in the hope that it will be useful, but This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

20
tests/openpgp/Makefile.am
View File

@ -8,12 +8,12 @@
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or # the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version. # (at your option) any later version.
# #
# GnuPG is distributed in the hope that it will be useful, # GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of # but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details. # GNU General Public License for more details.
# #
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>. # along with this program; if not, see <http://www.gnu.org/licenses/>.
# Process this file with automake to create Makefile.in # Process this file with automake to create Makefile.in
@ -38,7 +38,7 @@ TESTS = version.test mds.test \
armdetachm.test detachm.test genkey1024.test \ armdetachm.test detachm.test genkey1024.test \
conventional.test conventional-mdc.test \ conventional.test conventional-mdc.test \
multisig.test verify.test armor.test \ multisig.test verify.test armor.test \
import.test finish.test import.test ecc.test finish.test
TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
@ -60,15 +60,21 @@ priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \
privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc \ privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc \
privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc
sample_keys = samplekeys/ecc-sample-1-pub.asc \
samplekeys/ecc-sample-2-pub.asc \
samplekeys/ecc-sample-3-pub.asc \
samplekeys/ecc-sample-1-sec.asc \
samplekeys/ecc-sample-2-sec.asc \
samplekeys/ecc-sample-3-sec.asc
EXTRA_DIST = defs.inc $(TESTS) $(TEST_FILES) \ EXTRA_DIST = defs.inc pinentry.sh $(TESTS) $(TEST_FILES) \
mkdemodirs signdemokey $(priv_keys) mkdemodirs signdemokey $(priv_keys) $(sample_keys)
CLEANFILES = prepared.stamp x y yy z out err $(data_files) \ CLEANFILES = prepared.stamp x y yy z out err $(data_files) \
plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \ plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \
*.test.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \ *.test.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \
pubring.gpg secring.gpg pubring.pkr secring.skr \ pubring.gpg secring.gpg pubring.pkr secring.skr \
gnupg-test.stop pubring.gpg~ random_seed gnupg-test.stop pubring.gpg~ random_seed gpg-agent.log
clean-local: clean-local:
-rm -rf private-keys-v1.d -rm -rf private-keys-v1.d
@ -77,5 +83,3 @@ clean-local:
# We need to depend on a couple of programs so that the tests don't # We need to depend on a couple of programs so that the tests don't
# start before all programs are built. # start before all programs are built.
all-local: $(required_pgms) all-local: $(required_pgms)

33
tests/openpgp/defs.inc
View File

@ -58,7 +58,7 @@ error () {
defs_error_seen=yes defs_error_seen=yes
echo "$pgmname:" $* >&5 echo "$pgmname:" $* >&5
if [ x$defs_stop_on_error != xyes ]; then if [ x$defs_stop_on_error != xyes ]; then
exit 1 exit 1
fi fi
} }
@ -163,12 +163,12 @@ pgmname=`basename $0`
[ -z "$srcdir" ] && fatal "not called from make" [ -z "$srcdir" ] && fatal "not called from make"
# #
if [ -f gnupg-test.stop ]; then if [ -f gnupg-test.stop ]; then
if [ $pgmname = "version.test" ]; then if [ $pgmname = "version.test" ]; then
rm gnupg-test.stop rm gnupg-test.stop
else else
# Skip the rest of the tests. # Skip the rest of the tests.
exit 77 exit 77
fi fi
fi fi
@ -195,22 +195,33 @@ GPG_CONNECT_AGENT="../../tools/gpg-connect-agent"
GPGCONF="../../tools/gpgconf" GPGCONF="../../tools/gpgconf"
GPG_PRESET_PASSPHRASE="../../agent/gpg-preset-passphrase" GPG_PRESET_PASSPHRASE="../../agent/gpg-preset-passphrase"
MKTDATA="../../tools/mk-tdata" MKTDATA="../../tools/mk-tdata"
PINENTRY="$(cd $srcdir && /bin/pwd)/pinentry.sh"
# Default to empty passphrase for pinentry.sh
PINENTRY_USER_DATA=
# Make sure we have a valid option files even with VPATH builds. # Make sure we have a valid option files even with VPATH builds.
for f in gpg.conf gpg-agent.conf ; do for f in gpg.conf gpg-agent.conf ; do
if [ -f ./$f ]; then if [ -f ./$f ]; then
: :
elif [ -f $srcdir/$f.tmpl ]; then elif [ -f $srcdir/$f.tmpl ]; then
cat $srcdir/$f.tmpl >$f cat $srcdir/$f.tmpl >$f
if [ "$f" = "gpg.conf" ]; then case "$f" in
echo "agent-program $GPG_AGENT" >>gpg.conf gpg.conf)
fi echo "agent-program $GPG_AGENT" >>"$f"
;;
gpg-agent.conf)
echo "pinentry-program $PINENTRY" >>"$f"
;;
esac
fi fi
done done
echo "Test: $pgmname" > ${pgmname}.log if [ "${verbose:-0}" -gt "1" ]; then
echo "GNUPGHOME=$GNUPGHOME" >> ${pgmname}.log exec 5>/dev/null
exec 5>&2 2>>${pgmname}.log else
echo "Test: $pgmname" > ${pgmname}.log
echo "GNUPGHOME=$GNUPGHOME" >> ${pgmname}.log
exec 5>&2 2>>${pgmname}.log
fi
: :
# end # end

89
tests/openpgp/ecc.test Executable file
View File

@ -0,0 +1,89 @@
#!/bin/sh
# Copyright 2011 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3
keygrips='8E06A180EFFE4C65B812150CAF19BF30C0689A4C
E4403F3FD7A443FAC29FEF288FA0D20AC212851E
0B7554421FFB14A06CB9F63FB49A85A58E97ABAC
303ACC892C2D786C8A789677C0BE54DA8538F903
9FE5C36985351524B6AFA19FDCBC1A3A750B6F5F
145A52CC7ED3FD41C5B0A26BE220FEED36AF24DE'
mainkeyids='BAA59D9C
0F54719F
45AF2FFE'
if have_pubkey_algo "ECDH"; then
:
else
info "No ECC support due to an old Libgcrypt"
exit 77
fi
info "Preparing for ECC test."
for i in $keygrips ; do
rm private-keys-v1.d/$i.key 2>/dev/null || true
$GPG_PRESET_PASSPHRASE --preset -P ecc $i
done
info "Importing ECC public keys."
for k in $mainkeyids ; do
$GPG --delete-key --batch --yes $k 2>/dev/null || true
done
for i in 1 2 3; do
k="ecc-sample-$i-pub.asc"
if $GPG --import $srcdir/samplekeys/$k; then
:
else
error "$k: import failed"
fi
done
info "Importing ECC secret keys."
# Note that the PGP generated secret keys are not self-signed, thus we
# need to pass an appropriate option.
for i in 1 2 3; do
k="ecc-sample-$i-sec.asc"
if [ "$i" -gt "1" ]; then
extraopts="--allow-non-selfsigned-uid"
else
extraopts=""
fi
if PINENTRY_USER_DATA=ecc $GPG $extraopts --import $srcdir/samplekeys/$k; then
:
else
error "$k: import failed"
fi
done
info "Importing ECC secret keys directly."
for i in $keygrips ; do
rm private-keys-v1.d/$i.key 2>/dev/null || true
done
for k in $mainkeyids ; do
$GPG --delete-key --batch --yes $k 2>/dev/null || true
done
for i in 1 2 3; do
k="ecc-sample-$i-sec.asc"
if [ "$i" -gt "1" ]; then
extraopts="--allow-non-selfsigned-uid"
else
extraopts=""
fi
if PINENTRY_USER_DATA=ecc $GPG $extraopts --import $srcdir/samplekeys/$k; then
:
else
error "$k: import failed"
fi
done

30
tests/openpgp/pinentry.sh Executable file
View File

@ -0,0 +1,30 @@
#!/bin/sh
# Copyright 2011 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
exec 2>>/tmp/pinentry.err
echo "OK - what's up?"
while read cmd rest; do
echo "cmd=$cmd rest=$rest" >&2
case "$cmd" in
\#*)
;;
GETPIN)
echo "D ${PINENTRY_USER_DATA}"
echo "OK"
;;
BYE)
echo "OK"
exit 0
;;
*)
echo "OK"
;;
esac
done

111
tests/openpgp/samplekeys/README
View File

@ -1,5 +1,112 @@
no-creation-time.gpg A key with a zero creation time. no-creation-time.gpg A key with a zero creation time.
ecc-sample-1-pub.asc The first ECC sample key. ecc-sample-1-pub.asc A NIST P-256 ECC sample key.
ecc-sample-1-sec.asc The first ECC sample key (secret). ecc-sample-1-sec.asc Ditto, but the secret keyblock.
ecc-sample-2-pub.asc A NIST P-384 ECC sample key.
ecc-sample-2-sec.asc Ditto, but the secret keyblock.
ecc-sample-3-pub.asc A NIST P-521 ECC sample key.
ecc-sample-3-sec.asc Ditto, but the secret keyblock.
Signed message
The following is an opaque ECDSA signature on a message "This is one
line\n" (17 byte long) by the master key:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.1.0-ecc (GNU/Linux)
owGbwMvMwCHMvVT3w66lc+cwrlFK4k5N1k3KT6nUK6ko8Zl8MSEkI7NYAYjy81IV
cjLzUrk64lgYhDkY2FiZQNIMXJwCMO31rxgZ+tW/zesUPxWzdKWrtLGW/LkP5rXL
V/Yvnr/EKjBbQuvZSYa/klsum6XFmTze+maVgclT6Rc6hzqqxNy6o6qdTTmLJuvp
AQA=
=GDv4
-----END PGP MESSAGE----
Encrypted message
The following block encrypts the text "This is one line\n", 17 bytes,
with the subkey 0x4089AB73.
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.1.0-ecc (GNU/Linux)
hH4Dd863o0CJq3MSAgMEHdIYZQx+rV1cjy7qitIOEICFFzp4cjsRX4r+rDdMcQUs
h7VZmbP1c9C0s9sgCKwubWfkcYUl2ZOju4gy+s4MYTBb4/j8JjnJ9Bqn6LWutTXJ
zwsdP13VIJLnhiNqISdR3/6xWQ0ICRYzwb95nUZ1c1DSVgFpjPgUvi4pgYbTpcDB
jzILKWBfBDT/jck169XE8vgtbcqVQYZ7lZpaY9CzEbC+4dXZmV1gm5MafpTyFWgH
VnyrZB4gad9Lp9e0RKHHcOOE7s/NeLuu
=odUZ
-----END PGP MESSAGE-----
Signed message
The following is an opaque ECDSA signature on a message "This is one
line\n" (17 byte long) by the master key:
-----BEGIN PGP MESSAGE-----
Version: PGP Command Line v10.0.0 (Linux)
qANQR1DIqwE7wsvMwCnM2WDcwR9SOJ/xtFISd25qcXFieqpeSUUJAxCEZGQWKwBR
fl6qQk5mXirXoXJmVgbfYC5xmC5hzsDPjHXqbDLzpXpTBXSZV3L6bAgP3Kq7Ykmo
7Ds1v4UfBS+3CSSon7Pzq79WLjzXXEH54MkjPxnrw+8cfMVnY7Bi18J702Nnsa7a
9lMv/PM0/ao9CZ3KX7Q+Tv1rllTZ5Hj4V1frw431QnHfAA==
=elKT
-----END PGP MESSAGE-----
Encrypted message
The following block encrypts the text "This is one line\n", 17 bytes,
with the subkey:
-----BEGIN PGP MESSAGE-----
Version: PGP Command Line v10.0.0 (Linux)
qANQR1DBngOqi5OPmiAZRhIDAwQqIr/00cJyf+QP+VA4QKVkk77KMHdz9OVaR2XK
0VYu0F/HPm89vL2orfm2hrAZxY9G2R0PG4Wk5Lg04UjKca/O72uWtjdPYulFidmo
uB0QpzXFz22ZZinxeVPLPEr19Pow0EwCc95cg4HAgrD0nV9vRcTJ/+juVfvsJhAO
isMKqrFNMvwnK5A1ECeyVXe7oLZl0lUBRhLr59QTtvf85QJjg/m5kaGy8XCJvLv3
61pZa6KUmw89PjtPak7ebcjnINL01vwmyeg1PAyW/xjeGGvcO+R4P1b4ewyFnJyR
svzIJcP7d4DqYOw7
=oiTJ
-----END PGP MESSAGE-----
Signed message
The following is an opaque ECDSA signature on a message "This is one
line\n" (17 byte long) by the master key:
-----BEGIN PGP MESSAGE-----
Version: PGP Command Line v10.0.0 (Linux)
qANQR1DIwA8BO8LLzMAlnO3Y8tB1vf4/xtNKSdy5qcXFiempeiUVJQxAEJKRWawA
RPl5qQo5mXmpXIdmMLMy+AaLnoLpEubatpeJY2Lystd7Qt32q2UcvRS5kNPWtDB7
ryufvcrWtFM7Jx8qXKDxZuqr7b9PGv1Ssk+I8TzB2O9dZC+n/jv+PAdbuu7mLe33
Gf9pLd3weV3Qno6FOqxGa5ZszQx+uer2xH3/El9x/2pVeO4l15ScsL7qWMTmffmG
Ic1RdzgeCfosMF+l/zVRchcLKzenEQA=
=ATtX
-----END PGP MESSAGE-----
Encrypted message
The following block encrypts the text "This is one line\n", 17 bytes,
with the subkey:
-----BEGIN PGP MESSAGE-----
Version: PGP Command Line v10.0.0 (Linux)
qANQR1DBwAIDB+qqSKgcSDgSBCMEAKpzTUxB4c56C7g09ekD9I+ttC5ER/xzDmXU
OJmFqU5w3FllhFj4TgGxxdH+8fv4W2Ag0IKoJvIY9V1V7oUCClfqAR01QbN7jGH/
I9GFFnH19AYEgMKgFmh14ZwN1BS6/VHh+H4apaYqapbx8/09EL+DV9zWLX4GRLXQ
VqCR1N2rXE29MJFzGmDOCueQNkUjcbuenoCSKcNT+6xhO27U9IYVCg4BhRUDGfD6
dhfRzBLxL+bKR9JVAe46+K8NLjRVu/bd4Iounx4UF5dBk8ERy+/8k9XantDoQgo6
RPqCad4Dg/QqkpbK3y574ds3VFNJmc4dVpsXm7lGV5w0FBxhVNPoWNhhECMlTroX
Rg==
=5GqW
-----END PGP MESSAGE-----

25
tests/openpgp/samplekeys/ecc-sample-2-pub.asc Normal file
View File

@ -0,0 +1,25 @@
ECC NIST P-384 key taken from
https://sites.google.com/site/brainhub/pgpecckeys
The sample key has ECDSA top key 0x098033880F54719F and a single ECDH
encryption subkey 0xAA8B938F9A201946. ECDH subkey uses SHA-384 and
AES-256 with KDF.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Command Line v10.0.0 (Linux)
mQBvBE1TBZITBSuBBAAiAwME9rjFrO1bhO+fSiCdsuSp37cNKMuMEOzVdnSp+lpn
OJlCti1eUTZ99Me/0/jlAP7s8H7SZaYhqOu75T6UfseMZ366FDvRUzwrNQ4cKfgj
E+HhEI66Bjvh5ksQ5pUOeZwttCRlY19kc2FfZGhfMzg0IDxvcGVucGdwQGJyYWlu
aHViLm9yZz6JAMsEEBMJAFMFAk1TBZIwFIAAAAAAIAAHcHJlZmVycmVkLWVtYWls
LWVuY29kaW5nQHBncC5jb21wZ3BtaW1lBAsJCAcCGQEFGwMAAAACFgIFHgEAAAAE
FQkKCAAKCRAJgDOID1Rxn8orAYCqNzUJaL1fEVr9jOe8exA4IhUtv/BtCvzag1Mp
UQkFuYy0abogj6q4fHQSt5nntjMBf1g2TqSA6KGj8lOgxfIsRG6L6an85iEBNu4w
gRq71JE53ii1vfjcNtBq50hXnp/1A7kAcwRNUwWSEgUrgQQAIgMDBC+qhAJKILZz
XEiX76W/tBv4W37v6rXKDLn/yOoEpGrLJVNKV3aU+eJTQKSrUiOp3R7aUwyKouZx
jbENfmclWMdzb+CTaepXOaKjVUvxbUH6pQVi8RxtObvV3/trmp7JGAMBCQmJAIQE
GBMJAAwFAk1TBZIFGwwAAAAACgkQCYAziA9UcZ+AlwGA7uem2PzuQe5PkonfF/m8
+dlV3KJcWDuUM286Ky1Jhtxc9Be40tyG90Gp4abSNsDjAX0cdldUWKDPuTroorJ0
/MZc7s16ke7INla6EyGZafBpRbSMVr0EFSw6BVPF8vS9Emc=
=I76R
-----END PGP PUBLIC KEY BLOCK-----

22
tests/openpgp/samplekeys/ecc-sample-2-sec.asc Normal file
View File

@ -0,0 +1,22 @@
ECC NIST P-384 key taken from
https://sites.google.com/site/brainhub/pgpecckeys
The sample key has ECDSA top key 0x098033880F54719F and a single ECDH
encryption subkey 0xAA8B938F9A201946. ECDH subkey uses SHA-384 and
AES-256 with KDF. The password for the key is "ecc".
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: PGP Command Line v10.0.0 (Linux)
lQDSBE1TBZITBSuBBAAiAwME9rjFrO1bhO+fSiCdsuSp37cNKMuMEOzVdnSp+lpn
OJlCti1eUTZ99Me/0/jlAP7s8H7SZaYhqOu75T6UfseMZ366FDvRUzwrNQ4cKfgj
E+HhEI66Bjvh5ksQ5pUOeZwt/gcDAkrFTsfF6LKsqD/tW6Eot2DDE8znJjnQQ/Nr
H98XT1WQ9V0ED8l9DDIIj7z80ED3NR8XMSI8Ew/A/0w6NDPL978BX0MGvpaeBaWV
tEuH1EPAxiA+hFALwftY+a8s1zLktCRlY19kc2FfZGhfMzg0IDxvcGVucGdwQGJy
YWluaHViLm9yZz6dANYETVMFkhIFK4EEACIDAwQvqoQCSiC2c1xIl++lv7Qb+Ft+
7+q1ygy5/8jqBKRqyyVTSld2lPniU0Ckq1Ijqd0e2lMMiqLmcY2xDX5nJVjHc2/g
k2nqVzmio1VL8W1B+qUFYvEcbTm71d/7a5qeyRgDAQkJ/gkDAqqmkngPLoJGqI4O
rHyyU3wrrPzDDDURkseoUEZlDZINjyto26A8N825mqLqeFytJuuABYH1UnLs4d2x
ZJZIYjEoFMPcFPuUtx+IZnECa1Vcyq2aRFCixVO0G/xrSFar
=a4k3
-----END PGP PRIVATE KEY BLOCK-----

28
tests/openpgp/samplekeys/ecc-sample-3-pub.asc Normal file
View File

@ -0,0 +1,28 @@
ECC NIST P-521 key taken from
https://sites.google.com/site/brainhub/pgpecckeys
The sample key has ECDSA top key 0x6B4184E145AF2FFE and a single ECDH
encryption subkey 0x07EAAA48A81C4838. ECDH subkey uses SHA-512 and
AES-256 with KDF.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Command Line v10.0.0 (Linux)
mQCTBE1TFQITBSuBBAAjBCMEAWuwULfE2XoQmJhSQZ8rT5Ecr/kooudn4043gXHy
NZEdTeFfY2G7kwEaxj8TXfd1U1b4PkEoqhzKxhz/MHK/lwi2ARzW1XQiJ1/kFPsv
IUnQI1CUS099WKKQhD8JMPPyje1dKfjFjm2gzyF3TOMX1Cyy8wFyF0MiHVgB3ezb
w7C6jY+3tCRlY19kc2FfZGhfNTIxIDxvcGVucGdwQGJyYWluaHViLm9yZz6JAO0E
EBMKAFMFAk1TFQIwFIAAAAAAIAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5nQHBn
cC5jb21wZ3BtaW1lBAsJCAcCGQEFGwMAAAACFgIFHgEAAAAEFQoJCAAKCRBrQYTh
Ra8v/sm3Agjl0YO73iEpu1z1wGtlUnACi21ti2PJNGlyi84yvDQED0+mxhhTRQYz
3ESaS1s/+4psP4aH0jeVQhce15a9RqfX+AIHam7i8K/tiKFweEjpyMCB594zLzY6
lWbUf1/1a+tNv3B6yuIwFB1LY1B4HNrze5DUnngEOkmQf2esw/4nQGB87Rm5AJcE
TVMVAhIFK4EEACMEIwQBsRFES0RLIOcCyO18cq2GaphSGXqZtyvtHQt7PKmVNrSw
UuxNClntOe8/DLdq5mYDwNsbT8vi08PyQgiNsdJkcIgAlAayAGB556GKHEmP1JC7
lCUxRi/2ecJS0bf6iTTqTqZWEFhYs2aXESwFFt3V4mga/OyTGXOpnauHZ22pVLCz
6kADAQoJiQCoBBgTCgAMBQJNUxUCBRsMAAAAAAoJEGtBhOFFry/++p0CCQFJgUCn
kiTKCNfP8Q/MO2BCp1QyESk53GJlCgIBAoa7U6X2fQxe2+OU+PNCjicJmZiSrV6x
6nYfGJ5Jx753sqJWtwIJAc9ZxCQhj4V52FmbPYexZPPneIdeCDjtowD6KUZxiS0K
eD8EzdmeJQWBQsnPtJC/JJL4zz6JyYMXf4jIb5JyGNQC
=5yaB
-----END PGP PUBLIC KEY BLOCK-----

24
tests/openpgp/samplekeys/ecc-sample-3-sec.asc Normal file
View File

@ -0,0 +1,24 @@
ECC NIST P-521 key taken from
https://sites.google.com/site/brainhub/pgpecckeys
The sample key has ECDSA top key 0x6B4184E145AF2FFE and a single ECDH
encryption subkey 0x07EAAA48A81C4838. ECDH subkey uses SHA-512 and
AES-256 with KDF. The password for the key is "ecc".
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: PGP Command Line v10.0.0 (Linux)
lQEIBE1TFQITBSuBBAAjBCMEAWuwULfE2XoQmJhSQZ8rT5Ecr/kooudn4043gXHy
NZEdTeFfY2G7kwEaxj8TXfd1U1b4PkEoqhzKxhz/MHK/lwi2ARzW1XQiJ1/kFPsv
IUnQI1CUS099WKKQhD8JMPPyje1dKfjFjm2gzyF3TOMX1Cyy8wFyF0MiHVgB3ezb
w7C6jY+3/gcDAv+CotECRPpSqGkqKrz+xAhAqswHXzFIBprFF0XiDooWktZSTAUR
JVB2U6m28wC4rE3RkqFeR1B+kg4nxEAJ9k6BI8oDE0iyOY5aklF2TxPpTs/BA+N2
O4hnXb1l5qXfuyd3bSwDeyfq3CdFe4TeKp7vtCRlY19kc2FfZGhfNTIxIDxvcGVu
cGdwQGJyYWluaHViLm9yZz6dAQwETVMVAhIFK4EEACMEIwQBsRFES0RLIOcCyO18
cq2GaphSGXqZtyvtHQt7PKmVNrSwUuxNClntOe8/DLdq5mYDwNsbT8vi08PyQgiN
sdJkcIgAlAayAGB556GKHEmP1JC7lCUxRi/2ecJS0bf6iTTqTqZWEFhYs2aXESwF
Ft3V4mga/OyTGXOpnauHZ22pVLCz6kADAQoJ/gkDAki71k/zBW2qqGyScDNNuWaA
9A5aWhpNNyRrFembt7f/W+b591G3twdNmdCIh29VoOmQw3fO8wwgsPTUxQFgd8J3
ncft0zciEcDZi/ztLZA3+rIIP2myZLIs9xLG+k+gf3nXpeED4uYqQX3GL+32PKwg
=Qnd8
-----END PGP PRIVATE KEY BLOCK-----

4
tests/openpgp/version.test
View File

@ -28,7 +28,7 @@ else
fi fi
if [ -d private-keys-v1.d ]; then if [ -d private-keys-v1.d ]; then
rm private-keys-v1.d/* 2>/dev/null || true rm private-keys-v1.d/* 2>/dev/null || true
rmdir private-keys-v1.d rmdir private-keys-v1.d
fi fi
for i in pubring.gpg pubring.gpg~ trustdb.gpg trustdb.gpg~ ; do for i in pubring.gpg pubring.gpg~ trustdb.gpg trustdb.gpg~ ; do
[ -d "$i" ] && rm "$i" [ -d "$i" ] && rm "$i"
@ -102,5 +102,3 @@ info "Printing the GPG version"
$GPG --version $GPG --version
#fixme: check that the output is as expected #fixme: check that the output is as expected