aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2014-03-19 21:40:10 +0100
committerLudovic Courtès <ludo@gnu.org>2014-03-19 21:40:10 +0100
commit32a1eb802519179eab8ff687e73f26edab28922f (patch)
tree53ea24d789fffa2a4968a96dcf0313713834b33a /tests
parent0f4139e97eaaf590c81f71fb42dff3d47ce60de3 (diff)
downloadpatches-32a1eb802519179eab8ff687e73f26edab28922f.tar
patches-32a1eb802519179eab8ff687e73f26edab28922f.tar.gz
pk-crypto: Use RFC6979 when signing with an ECC or DSA key.
* guix/pk-crypto.scm (bytevector->hash-data): Add #:key-type parameter. Use the 'pkcs1' flag when KEY-TYPE is 'rsa', and 'rfc6979' when KEY-TYPE is 'ecc' or 'dsa'. (key-type): New procedure. * guix/scripts/authenticate.scm (read-hash-data): Add 'key-type' parameter. Pass it to 'bytevector->hash-data'. Adjust caller accordingly. * tests/pk-crypto.scm (%ecc-key-pair): New variable. ("key-type"): New test. ("sign + verify"): Pass #:key-type to 'bytevector->hash-data'. ("sign + verify, Ed25519"): New test.
Diffstat (limited to 'tests')
-rw-r--r--tests/pk-crypto.scm40
1 files changed, 38 insertions, 2 deletions
diff --git a/tests/pk-crypto.scm b/tests/pk-crypto.scm
index 6774dd4157..4d498020f5 100644
--- a/tests/pk-crypto.scm
+++ b/tests/pk-crypto.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -31,7 +31,7 @@
;; Test the (guix pk-crypto) module.
(define %key-pair
- ;; Key pair that was generated with:
+ ;; RSA key pair that was generated with:
;; (generate-key (string->canonical-sexp "(genkey (rsa (nbits 4:1024)))"))
;; which takes a bit of time.
"(key-data
@@ -48,6 +48,20 @@
(q #00E9AD22F158060BC9AE3601DA623AFC60FFF3058795802CA92371C00097335CF9A23D7782DE353C9DBA93D7BB99E6A24A411107605E722481C5C191F80D7EB77F#)
(u #59B45B95AE01A7A7370FAFDB08FE73A4793CE37F228961B09B1B1E7DDAD9F8D3E28F5C5E8B4B067E6B8E0BBF3F690B42991A79E46108DDCDA2514323A66964DE#))))")
+(define %ecc-key-pair
+ ;; Ed25519 key pair generated with:
+ ;; (generate-key (string->canonical-sexp "(genkey (ecdsa (curve Ed25519) (flags rfc6979 transient)))"))
+ "(key-data
+ (public-key
+ (ecc
+ (curve Ed25519)
+ (q #94869C1B9E69DB8DD910B7F7F4D6E56A63A964A59AE8F90F6703ACDDF6F50C81#)))
+ (private-key
+ (ecc
+ (curve Ed25519)
+ (q #94869C1B9E69DB8DD910B7F7F4D6E56A63A964A59AE8F90F6703ACDDF6F50C81#)
+ (d #6EFB32D0B4EC6B3237B523539F1979379B82726AAA605EB2FBA6775B2B777B78#))))")
+
(test-begin "pk-crypto")
(let ((sexps '("(foo bar)"
@@ -148,11 +162,33 @@
(and (string=? algo "sha256")
(bytevector=? value bv))))))
+(test-equal "key-type"
+ '(rsa ecc)
+ (map (compose key-type
+ (cut find-sexp-token <> 'public-key)
+ string->canonical-sexp)
+ (list %key-pair %ecc-key-pair)))
+
(test-assert "sign + verify"
(let* ((pair (string->canonical-sexp %key-pair))
(secret (find-sexp-token pair 'private-key))
(public (find-sexp-token pair 'public-key))
(data (bytevector->hash-data
+ (sha256 (string->utf8 "Hello, world."))
+ #:key-type (key-type public)))
+ (sig (sign data secret)))
+ (and (verify sig data public)
+ (not (verify sig
+ (bytevector->hash-data
+ (sha256 (string->utf8 "Hi!"))
+ #:key-type (key-type public))
+ public)))))
+
+(test-assert "sign + verify, Ed25519"
+ (let* ((pair (string->canonical-sexp %ecc-key-pair))
+ (secret (find-sexp-token pair 'private-key))
+ (public (find-sexp-token pair 'public-key))
+ (data (bytevector->hash-data
(sha256 (string->utf8 "Hello, world."))))
(sig (sign data secret)))
(and (verify sig data public)