diff options
Diffstat (limited to 'tests/openpgp/ecc.test')
| -rwxr-xr-x | tests/openpgp/ecc.test | 253 |
1 files changed, 253 insertions, 0 deletions
diff --git a/tests/openpgp/ecc.test b/tests/openpgp/ecc.test new file mode 100755 index 0000000..58fd251 --- /dev/null +++ b/tests/openpgp/ecc.test @@ -0,0 +1,253 @@ +#!/bin/sh +# Copyright 2011 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +. $srcdir/defs.inc || exit 3 + +keygrips='8E06A180EFFE4C65B812150CAF19BF30C0689A4C + E4403F3FD7A443FAC29FEF288FA0D20AC212851E + 0B7554421FFB14A06CB9F63FB49A85A58E97ABAC + 303ACC892C2D786C8A789677C0BE54DA8538F903 + 9FE5C36985351524B6AFA19FDCBC1A3A750B6F5F + 145A52CC7ED3FD41C5B0A26BE220FEED36AF24DE' +mainkeyids='BAA59D9C + 0F54719F + 45AF2FFE' + + +if have_pubkey_algo "ECDH"; then + : +else + info "No ECC support due to an old Libgcrypt" + exit 77 +fi + + +# +# Setup for ECC testing +# +info "Preparing for ECC test." +for i in $keygrips ; do + rm private-keys-v1.d/$i.key 2>/dev/null || true + $GPG_PRESET_PASSPHRASE --preset -P ecc $i +done + + +# +# Import the sample keys +# +info "Importing ECC public keys." +for k in $mainkeyids ; do + $GPG --delete-key --batch --yes $k 2>/dev/null || true +done +for i in 1 2 3; do + k="ecc-sample-$i-pub.asc" + if $GPG --import $srcdir/samplekeys/$k; then + : + else + error "$k: import failed" + fi +done + + +# +# Check a few sample signature +# +info "Checking ECC signatures." +tests="" + +# The following is an opaque ECDSA signature on a message "This is one +# line\n" (17 byte long) by the primary 256 bit key: +tests="$tests msg_opaque_signed_256" +msg_opaque_signed_256='-----BEGIN PGP MESSAGE----- +Version: GnuPG v2.1.0-ecc (GNU/Linux) + +owGbwMvMwCHMvVT3w66lc+cwrlFK4k5N1k3KT6nUK6ko8Zl8MSEkI7NYAYjy81IV +cjLzUrk64lgYhDkY2FiZQNIMXJwCMO31rxgZ+tW/zesUPxWzdKWrtLGW/LkP5rXL +V/Yvnr/EKjBbQuvZSYa/klsum6XFmTze+maVgclT6Rc6hzqqxNy6o6qdTTmLJuvp +AQA= +=GDv4 +-----END PGP MESSAGE----' + +# The following is an opaque ECDSA signature on a message "This is one +# line\n" (17 byte long) by the primary 384 bit key: +tests="$tests msg_opaque_signed_384" +msg_opaque_signed_384='-----BEGIN PGP MESSAGE----- +Version: PGP Command Line v10.0.0 (Linux) + +qANQR1DIqwE7wsvMwCnM2WDcwR9SOJ/xtFISd25qcXFieqpeSUUJAxCEZGQWKwBR +fl6qQk5mXirXoXJmVgbfYC5xmC5hzsDPjHXqbDLzpXpTBXSZV3L6bAgP3Kq7Ykmo +7Ds1v4UfBS+3CSSon7Pzq79WLjzXXEH54MkjPxnrw+8cfMVnY7Bi18J702Nnsa7a +9lMv/PM0/ao9CZ3KX7Q+Tv1rllTZ5Hj4V1frw431QnHfAA== +=elKT +-----END PGP MESSAGE-----' + +# The following is an opaque ECDSA signature on a message "This is one +# line\n" (17 byte long) by the primary 521 bit key: +tests="$tests msg_opaque_signed_521" +msg_opaque_signed_521='-----BEGIN PGP MESSAGE----- +Version: PGP Command Line v10.0.0 (Linux) + +qANQR1DIwA8BO8LLzMAlnO3Y8tB1vf4/xtNKSdy5qcXFiempeiUVJQxAEJKRWawA +RPl5qQo5mXmpXIdmMLMy+AaLnoLpEubatpeJY2Lystd7Qt32q2UcvRS5kNPWtDB7 +ryufvcrWtFM7Jx8qXKDxZuqr7b9PGv1Ssk+I8TzB2O9dZC+n/jv+PAdbuu7mLe33 +Gf9pLd3weV3Qno6FOqxGa5ZszQx+uer2xH3/El9x/2pVeO4l15ScsL7qWMTmffmG +Ic1RdzgeCfosMF+l/zVRchcLKzenEQA= +=ATtX +-----END PGP MESSAGE-----' + +echo 'This is one line' >z +for msg in $tests; do + info "checking: $msg" + eval "(IFS=; echo \"\$$msg\")" >x + $GPG --verify x || error "verify(1) of $msg failed" + $GPG -o y --yes x || error "verify(2) of $msg failed" + cmp y z || error "$msg: mismatch" +done + + +# +# Import the secret keys so that we now can sign and decrypt. +# +# Note that the PGP generated secret keys are not self-signed, thus we +# need to pass an appropriate option. +# +info "Importing ECC secret keys." +for i in 1 2 3; do + k="ecc-sample-$i-sec.asc" + if [ "$i" -gt "1" ]; then + extraopts="--allow-non-selfsigned-uid" + else + extraopts="" + fi + if PINENTRY_USER_DATA=ecc $GPG $extraopts --import $srcdir/samplekeys/$k; then + : + else + error "$k: import failed" + fi +done + + +# +# Check a few sample encrtpted messages. +# +info "Checking ECC encryption." +tests="" + +# The following block encrypts the text "This is one line\n", 17 bytes, +# with the subkey 4089AB73. +tests="$tests msg_encrypted_256" +msg_encrypted_256='-----BEGIN PGP MESSAGE----- +Version: GnuPG v2.1.0-ecc (GNU/Linux) + +hH4Dd863o0CJq3MSAgMEHdIYZQx+rV1cjy7qitIOEICFFzp4cjsRX4r+rDdMcQUs +h7VZmbP1c9C0s9sgCKwubWfkcYUl2ZOju4gy+s4MYTBb4/j8JjnJ9Bqn6LWutTXJ +zwsdP13VIJLnhiNqISdR3/6xWQ0ICRYzwb95nUZ1c1DSVgFpjPgUvi4pgYbTpcDB +jzILKWBfBDT/jck169XE8vgtbcqVQYZ7lZpaY9CzEbC+4dXZmV1gm5MafpTyFWgH +VnyrZB4gad9Lp9e0RKHHcOOE7s/NeLuu +=odUZ +-----END PGP MESSAGE-----' + +# The following block encrypts the text "This is one line\n", 17 bytes, +# with the subkey 9A201946: +tests="$tests msg_encrypted_384" +msg_encrypted_384='-----BEGIN PGP MESSAGE----- +Version: PGP Command Line v10.0.0 (Linux) + +qANQR1DBngOqi5OPmiAZRhIDAwQqIr/00cJyf+QP+VA4QKVkk77KMHdz9OVaR2XK +0VYu0F/HPm89vL2orfm2hrAZxY9G2R0PG4Wk5Lg04UjKca/O72uWtjdPYulFidmo +uB0QpzXFz22ZZinxeVPLPEr19Pow0EwCc95cg4HAgrD0nV9vRcTJ/+juVfvsJhAO +isMKqrFNMvwnK5A1ECeyVXe7oLZl0lUBRhLr59QTtvf85QJjg/m5kaGy8XCJvLv3 +61pZa6KUmw89PjtPak7ebcjnINL01vwmyeg1PAyW/xjeGGvcO+R4P1b4ewyFnJyR +svzIJcP7d4DqYOw7 +=oiTJ +-----END PGP MESSAGE-----' + +# The following block encrypts the text "This is one line\n", 17 bytes, +# with the subkey A81C4838: +tests="$tests msg_encrypted_521" +msg_encrypted_521='-----BEGIN PGP MESSAGE----- +Version: PGP Command Line v10.0.0 (Linux) + +qANQR1DBwAIDB+qqSKgcSDgSBCMEAKpzTUxB4c56C7g09ekD9I+ttC5ER/xzDmXU +OJmFqU5w3FllhFj4TgGxxdH+8fv4W2Ag0IKoJvIY9V1V7oUCClfqAR01QbN7jGH/ +I9GFFnH19AYEgMKgFmh14ZwN1BS6/VHh+H4apaYqapbx8/09EL+DV9zWLX4GRLXQ +VqCR1N2rXE29MJFzGmDOCueQNkUjcbuenoCSKcNT+6xhO27U9IYVCg4BhRUDGfD6 +dhfRzBLxL+bKR9JVAe46+K8NLjRVu/bd4Iounx4UF5dBk8ERy+/8k9XantDoQgo6 +RPqCad4Dg/QqkpbK3y574ds3VFNJmc4dVpsXm7lGV5w0FBxhVNPoWNhhECMlTroX +Rg== +=5GqW +-----END PGP MESSAGE-----' + +echo 'This is one line' >z +for msg in $tests; do + info "checking: $msg" + eval "(IFS=; echo \"\$$msg\")" >x + PINENTRY_USER_DATA=ecc $GPG -o y --yes x || error "decryption of $msg failed" + cmp y z || error "$msg: mismatch" +done + + +# +# Now check that we can encrypt and decrypt our own messages. +# +# Note that we don't need to provide a passppharse because we already +# preset the passphrase into the gpg-agent. +# +info "Checking ECC encryption and decryption." +for i in $plain_files $data_files ; do + for k in $mainkeyids ; do + info "file: $i key: $k" + $GPG ${opt_always} -e -o x --yes -r $k $i + PINENTRY_USER_DATA=ecc $GPG -o y --yes x + cmp $i y || error "$i,$k: mismatch" + done +done + + +# +# Now check that we can sign and verify our own messages. +# +info "Checking ECC signing and verifiction." +for i in $plain_files $data_files ; do + for k in $mainkeyids ; do + info "file: $i key: $k" + PINENTRY_USER_DATA=ecc $GPG -s -o x --yes -u $k $i + $GPG -o y --yes x || error "verify of $i,$k failed" + cmp $i y || error "$i,$k: mismatch" + done +done + + +# +# Let us also try to import the keys only from a secret keyblock. +# +# Because PGP does not sign the UID, it is not very useful to work +# with this key unless we go into the trouble of adding the +# self-signature. +# +info "Importing ECC secret keys directly." +for i in $keygrips ; do + rm private-keys-v1.d/$i.key 2>/dev/null || true +done +for k in $mainkeyids ; do + $GPG --delete-key --batch --yes $k 2>/dev/null || true +done +for i in 1 2 3; do + k="ecc-sample-$i-sec.asc" + if [ "$i" -gt "1" ]; then + extraopts="--allow-non-selfsigned-uid" + else + extraopts="" + fi + if PINENTRY_USER_DATA=ecc $GPG $extraopts --import $srcdir/samplekeys/$k; then + : + else + error "$k: import failed" + fi +done |