[bug#57599] openpgp: Add support for ECDSA with NIST curves.

Message ID	20220905160929.21742-1-ludo@gnu.org
State	Accepted
Headers	show Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> Subject: [bug#57599] [PATCH] openpgp: Add support for ECDSA with NIST curves. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: all_but_last@163.com, 57576@debbugs.gnu.org, guix-patches@gnu.org Resent-Date: Mon, 05 Sep 2022 16:10:02 +0000 Resent-Message-ID: <handler.57599.B.166239419312209@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org To: 57599@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>, Zhu Zihao <all_but_last@163.com>, 57576@debbugs.gnu.org From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org> Date: Mon, 5 Sep 2022 18:09:29 +0200 Message-Id: <20220905160929.21742-1-ludo@gnu.org> In-Reply-To: <87r10p3ixi.fsf@gnu.org> References: <87r10p3ixi.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-getmail-retrieved-from-mailbox: Patches
Series	[bug#57599] openpgp: Add support for ECDSA with NIST curves. \| expand [bug#57599] openpgp: Add support for ECDSA with NIST curves.

Context	Check	Description
cbaines/comparison	success	View comparision
cbaines/git-branch	success	View Git branch
cbaines/applying patch	success	View Laminar job
cbaines/issue	success	View issue

diff --git a/Makefile.am b/Makefile.am index a0c4e941c1..71c3bd4a98 100644 --- a/Makefile.am +++ b/Makefile.am @@ -702,6 +702,10 @@ EXTRA_DIST += \ tests/keys/ed25519-2.sec \ tests/keys/ed25519-3.pub \ tests/keys/ed25519-3.sec \ + tests/keys/secp384.pub \ + tests/keys/secp384.sec \ + tests/keys/secp521.pub \ + tests/keys/secp521.sec \ build-aux/config.rpath \ bootstrap \ doc/build.scm \ diff --git a/guix/openpgp.scm b/guix/openpgp.scm index 9de7feb644..b999c30474 100644 --- a/guix/openpgp.scm +++ b/guix/openpgp.scm @@ -1,6 +1,6 @@ ;; -*- mode: scheme; coding: utf-8 -*- ;; Copyright © 2010, 2012 Göran Weinholt <goran@weinholt.se> -;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org> +;; Copyright © 2020, 2022 Ludovic Courtès <ludo@gnu.org> ;; Permission is hereby granted, free of charge, to any person obtaining a ;; copy of this software and associated documentation files (the "Software"), @@ -290,7 +290,7 @@ (define PUBLIC-KEY-RSA-SIGN-ONLY 3) (define PUBLIC-KEY-ELGAMAL-ENCRYPT-ONLY 16) (define PUBLIC-KEY-DSA 17) (define PUBLIC-KEY-ECDH 18) ;RFC-6637 -(define PUBLIC-KEY-ECDSA 19) ;RFC-6639 +(define PUBLIC-KEY-ECDSA 19) ;RFC-6637 (define PUBLIC-KEY-ELGAMAL 20) ;encrypt + sign (legacy) (define PUBLIC-KEY-EDDSA 22) ;"not yet assigned" says GPG @@ -298,6 +298,7 @@ (define (public-key-algorithm id) (cond ((= id PUBLIC-KEY-RSA) 'rsa) ((= id PUBLIC-KEY-DSA) 'dsa) ((= id PUBLIC-KEY-ELGAMAL-ENCRYPT-ONLY) 'elgamal) + ((= id PUBLIC-KEY-ECDSA) 'ecdsa) ((= id PUBLIC-KEY-EDDSA) 'eddsa) (else id))) @@ -564,10 +565,16 @@ (define (check key sig) ;; See "(gcrypt) Cryptographic Functions". (sexp->canonical-sexp (if (eq? key-type 'ecc) - `(data - (flags eddsa) - (hash-algo sha512) - (value ,hash)) + (match (openpgp-signature-public-key-algorithm sig) + ('eddsa + `(data + (flags eddsa) + (hash-algo sha512) + (value ,hash))) + ('ecdsa + `(data + (hash-algo ,(openpgp-signature-hash-algorithm sig)) + (value ,hash)))) `(data (flags ,(match key-type ('rsa 'pkcs1) @@ -615,7 +622,8 @@ (define (get-sig p pkalg) (string->canonical-sexp (format #f "(sig-val (dsa (r #~a#) (s #~a#)))" (->hex r) (->hex s))))) - ((= pkalg PUBLIC-KEY-EDDSA) + ((or (= pkalg PUBLIC-KEY-EDDSA) + (= pkalg PUBLIC-KEY-ECDSA)) (print "EdDSA signature") (let ((r (get-mpi/bytevector p)) (s (get-mpi/bytevector p))) @@ -630,7 +638,8 @@ (define (bytevector->hex bv) str))) (string->canonical-sexp - (format #f "(sig-val (eddsa (r #~a#) (s #~a#)))" + (format #f "(sig-val (~a (r #~a#) (s #~a#)))" + (public-key-algorithm pkalg) (bytevector->hex r) (bytevector->hex s))))) (else (list 'unsupported-algorithm @@ -886,6 +895,22 @@ (define curve curve (if (eq? curve 'Curve25519) 'djb-tweak 'eddsa) (->hex q))))) + ((= alg PUBLIC-KEY-ECDSA) + (print "Public ECDSA key") + (let* ((len (get-u8 p)) + (oid (bytevector->uint (get-bytevector-n p len))) + (q (get-mpi p))) + (define curve + ;; RFC 6637, Section 11. + (match oid + (#x2a8648ce3d030107 "NIST P-256") + (#x2b81040022 "NIST P-384") + (#x2b81040023 "NIST P-521"))) + + (string->canonical-sexp + (format #f "(public-key (ecc (curve \"~a\")(q #~a#)))" + curve + (->hex q))))) (else (list 'unsupported-algorithm ;FIXME: throw (public-key-algorithm alg) diff --git a/tests/keys/secp384.pub b/tests/keys/secp384.pub new file mode 100644 index 0000000000..b90cf504e2 --- /dev/null +++ b/tests/keys/secp384.pub @@ -0,0 +1,11 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mG8EYxYF9RMFK4EEACIDAwTHYxcyBiiPz4ZZIkmXnVu0Yv9DHGrnbdCR6U/RT1S4 +wszaHdsSEHlPwmy3WGgTubBDOuJODf5kV/HLL7QEPsOTkIsObK+prEJO3CGpRVim +a7nfVk2AH6D/GMkNacSXdwy0FTxleGFtcGxlQGV4YW1wbGUuY29tPoiwBBMTCQA4 +AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEzLZ9Sx8EBzgp+PzwLydGMf8+ +bFsFAmMWB+sACgkQLydGMf8+bFuD3gF/SMEDQP3Bvu0yb8KxE6j8lhOiKT186wwG +4hBsifRdEF+UHWEa7sx74tyc4R1B01FUAYC/4QqNup4EnPzQfSE3WyVvu+ja+xui +3vppYCpUjkHzkATsLzsN98/nkZ3q3YA8/lo= +=vIaC +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/keys/secp384.sec b/tests/keys/secp384.sec new file mode 100644 index 0000000000..ae296dd9a1 --- /dev/null +++ b/tests/keys/secp384.sec @@ -0,0 +1,12 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- + +lKQEYxYF9RMFK4EEACIDAwTHYxcyBiiPz4ZZIkmXnVu0Yv9DHGrnbdCR6U/RT1S4 +wszaHdsSEHlPwmy3WGgTubBDOuJODf5kV/HLL7QEPsOTkIsObK+prEJO3CGpRVim +a7nfVk2AH6D/GMkNacSXdwwAAYC9iXZ9j+RWFB4rU103SCv6j68rS5Lmc7tHve9l +B5nri/AR+OEJ61q+w6w0XO5GBBUYLrQVPGV4YW1wbGVAZXhhbXBsZS5jb20+iLAE +ExMJADgCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQTMtn1LHwQHOCn4/PAv +J0Yx/z5sWwUCYxYH6wAKCRAvJ0Yx/z5sW4PeAX9IwQNA/cG+7TJvwrETqPyWE6Ip +PXzrDAbiEGyJ9F0QX5QdYRruzHvi3JzhHUHTUVQBgL/hCo26ngSc/NB9ITdbJW+7 +6Nr7G6Le+mlgKlSOQfOQBOwvOw33z+eRnerdgDz+Wg== +=B1Nl +-----END PGP PRIVATE KEY BLOCK----- diff --git a/tests/keys/secp521.pub b/tests/keys/secp521.pub new file mode 100644 index 0000000000..077e8e7df2 --- /dev/null +++ b/tests/keys/secp521.pub @@ -0,0 +1,13 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mJMEYxYamRMFK4EEACMEIwQB4EqA0zTAfhLeVjkNnzvTuSYs+TUlYdDaw9mYA7Gy +AiNvxr2F1hJi88Wxxr3YNGKx9s0yJ2Vl0dHlCLmlQAFc9MMACZKWZN68mqbYfSVf +qJxSG5F8qbF0+dGecwY+TjM4xdaUk4d0vD13/e+r/HLYNgwKrpO2SurNZX/isfkn +rvNSHPi0HTxleGFtcGxlLXNlY3A1MjFAZXhhbXBsZS5jb20+iNoEExMKAD4WIQQ7 +r36YQGm2cfPDEWnoSxOgtOevGwUCYxYamQIbAwUJA8JnAAULCQgHAgYVCgkICwIE +FgIDAQIeAQIXgAAKCRDoSxOgtOevG4GUAgkBN118FBDW896Iv+2U/29Fpfni4V6D +Vp6HTE5qAqmJUtKOOSxmDAmiJ4sinybTP4YCLQT9fmMQqrJSSY0d/hVg4fYCCQGD +Y6iRT8KPyxhlpsVVwdiUjOd4B5JUyJj0qOudY4yveyOl6c1bdxJALMbEHV4JREEE +1+ylYN1KRfpaQh42Zoms9Q== +=Nru3 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/keys/secp521.sec b/tests/keys/secp521.sec new file mode 100644 index 0000000000..663dbeaa3c --- /dev/null +++ b/tests/keys/secp521.sec @@ -0,0 +1,14 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- + +lNoEYxYamRMFK4EEACMEIwQB4EqA0zTAfhLeVjkNnzvTuSYs+TUlYdDaw9mYA7Gy +AiNvxr2F1hJi88Wxxr3YNGKx9s0yJ2Vl0dHlCLmlQAFc9MMACZKWZN68mqbYfSVf +qJxSG5F8qbF0+dGecwY+TjM4xdaUk4d0vD13/e+r/HLYNgwKrpO2SurNZX/isfkn +rvNSHPgAAgkBRPFeWJ3ZROkkbV7/dF8Z4LN6hlrSHWWS2sZmKxZprQy/j48eqWZz +6eY9IvDxfP9ATpfummdgrjexVqA3o3/wr00h/LQdPGV4YW1wbGUtc2VjcDUyMUBl +eGFtcGxlLmNvbT6I0gQTEwoAOAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYh +BDuvfphAabZx88MRaehLE6C0568bBQJjFhroAAoJEOhLE6C0568bQl0CCNYMV2uF +6LA4GF8RchFQee4ZZo8aquEQ7t7a6NDBc1TbVkGLR+TWxkomEytp5EUoEEU2cNtg +TWRvti3aZvTbEMvdAgijAGTSiO3q5kjprGu1C35oc2JWj0q66XzHEJ0aEiTMQNrz +sJReJPQRmMnBTtzjJCmNPws/VYSEs26m36QCqePtwQ== +=/mn1 +-----END PGP PRIVATE KEY BLOCK----- diff --git a/tests/openpgp.scm b/tests/openpgp.scm index 1f20466772..68439f7485 100644 --- a/tests/openpgp.scm +++ b/tests/openpgp.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2020, 2022 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -63,7 +63,7 @@ (define %civodul-key-id #x090B11993D9AEBB5) ;civodul.pub #| Test keys in ./tests/keys. They were generated in a container along these lines: - guix environment -CP --ad-hoc gnupg pinentry coreutils + guix shell -CP-hoc gnupg pinentry coreutils then, within the container: mkdir ~/.gnupg && chmod -R og-rwx ~/.gnupg gpg --batch --passphrase '' --quick-gen-key '<example@example.com>' ed25519 @@ -75,6 +75,8 @@ (define %civodul-key-id #x090B11993D9AEBB5) ;civodul.pub (define %rsa-key-id #xAE25DA2A70DEED59) ;rsa.pub (define %dsa-key-id #x587918047BE8BD2C) ;dsa.pub (define %ed25519-key-id #x771F49CBFAAE072D) ;ed25519.pub +(define %secp384-key-id #x2F274631FF3E6C5B) ;secp384.pub +(define %secp521-key-id #xE84B13A0B4E7AF1B) ;secp521.pub (define %rsa-key-fingerprint (base16-string->bytevector @@ -85,6 +87,12 @@ (define %dsa-key-fingerprint (define %ed25519-key-fingerprint (base16-string->bytevector (string-downcase "44D31E21AF7138F9B632280A771F49CBFAAE072D"))) +(define %secp384-key-fingerprint + (base16-string->bytevector + (string-downcase "CCB67D4B1F04073829F8FCF02F274631FF3E6C5B"))) +(define %secp521-key-fingerprint + (base16-string->bytevector + (string-downcase "3BAF7E984069B671F3C31169E84B13A0B4E7AF1B"))) ;;; The following are detached signatures created commands like: @@ -148,6 +156,28 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1 =AE4G -----END PGP SIGNATURE-----") +(define %hello-signature/secp384/sha384 ;digest-algo: sha384 + "\ +-----BEGIN PGP SIGNATURE----- + +iJUEABMJAB0WIQTMtn1LHwQHOCn4/PAvJ0Yx/z5sWwUCYxYIKAAKCRAvJ0Yx/z5s +WxD2AX0QMeTHLJvJxRKTBP8O9kGMY9Nz0kzRBO0OJG2gYyxu9sZ+NAEQF01jAOXl +ApL2zVkBgLUyyleJtR24LKxK73waLJb51TA29NXJJZ2fiRZ50u/lNfrFR3PYnK7/ +gvSkL3Ldzw== +=+7h3 +-----END PGP SIGNATURE-----") + +(define %hello-signature/secp521/sha512 + "\ +-----BEGIN PGP SIGNATURE----- + +iLcEABMKAB0WIQQ7r36YQGm2cfPDEWnoSxOgtOevGwUCYxYb+wAKCRDoSxOgtOev +G+ByAgdwIBTnCtzo+lFuahhMMScXZZeTH055IOhTsXmptZaE3MaazTsUw3en8C9i +EWiy/GDQKaJEZMP3dwN1+3tNTl/NUAIIiV/BFly9Ha/cYJG+p3LG24JoHVfJx04q +LfSXejfMIvu33h8wjMA2tRQSlqdDylMWKThJgp6GH6svp+Zr4z+Smnw= +=1zW0 +-----END PGP SIGNATURE-----") + (test-begin "openpgp") @@ -193,7 +223,9 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1 `(,%rsa-key-id ,%rsa-key-fingerprint rsa sha256) `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha256) `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha512) - `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha1)) + `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha1) + `(,%secp384-key-id ,%secp384-key-fingerprint ecdsa sha384) + `(,%secp521-key-id ,%secp521-key-fingerprint ecdsa sha512)) (map (lambda (str) (let ((signature (get-openpgp-detached-signature/ascii (open-input-string str)))) @@ -205,7 +237,9 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1 %hello-signature/rsa %hello-signature/ed25519/sha256 %hello-signature/ed25519/sha512 - %hello-signature/ed25519/sha1))) + %hello-signature/ed25519/sha1 + %hello-signature/secp384/sha384 + %hello-signature/secp521/sha512))) (test-equal "verify-openpgp-signature, missing key" `(missing-key ,%rsa-key-fingerprint) @@ -221,7 +255,9 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1 (good-signature ,%dsa-key-id) (good-signature ,%ed25519-key-id) (good-signature ,%ed25519-key-id) - (good-signature ,%ed25519-key-id)) + (good-signature ,%ed25519-key-id) + (good-signature ,%secp384-key-id) + (good-signature ,%secp521-key-id)) (map (lambda (key signature) (let* ((key (search-path %load-path key)) (keyring (get-openpgp-keyring @@ -235,18 +271,24 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1 (list "tests/keys/rsa.pub" "tests/keys/dsa.pub" "tests/keys/ed25519.pub" "tests/keys/ed25519.pub" - "tests/keys/ed25519.pub") + "tests/keys/ed25519.pub" + "tests/keys/secp384.pub" + "tests/keys/secp521.pub") (list %hello-signature/rsa %hello-signature/dsa %hello-signature/ed25519/sha256 %hello-signature/ed25519/sha512 - %hello-signature/ed25519/sha1))) + %hello-signature/ed25519/sha1 + %hello-signature/secp384/sha384 + %hello-signature/secp521/sha512))) (test-equal "verify-openpgp-signature, bad signature" `((bad-signature ,%rsa-key-id) (bad-signature ,%dsa-key-id) (bad-signature ,%ed25519-key-id) (bad-signature ,%ed25519-key-id) - (bad-signature ,%ed25519-key-id)) + (bad-signature ,%ed25519-key-id) + (bad-signature ,%secp384-key-id) + (bad-signature ,%secp521-key-id)) (let ((keyring (fold (lambda (key keyring) (let ((key (search-path %load-path key))) (get-openpgp-keyring @@ -256,7 +298,9 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1 %empty-keyring '("tests/keys/rsa.pub" "tests/keys/dsa.pub" "tests/keys/ed25519.pub" "tests/keys/ed25519.pub" - "tests/keys/ed25519.pub")))) + "tests/keys/ed25519.pub" + "tests/keys/secp384.pub" + "tests/keys/secp521.pub")))) (map (lambda (signature) (let ((signature (string->openpgp-packet signature))) (let-values (((status key) @@ -266,6 +310,8 @@ (define %hello-signature/ed25519/sha1 ;digest-algo: sha1 (list %hello-signature/rsa %hello-signature/dsa %hello-signature/ed25519/sha256 %hello-signature/ed25519/sha512 - %hello-signature/ed25519/sha1)))) + %hello-signature/ed25519/sha1 + %hello-signature/secp384/sha384 + %hello-signature/secp521/sha512)))) (test-end "openpgp")

[bug#57599] openpgp: Add support for ECDSA with NIST curves.

Checks

Commit Message

Comments

Patch