Commit Graph

11 Commits

Author SHA1 Message Date
Lars-Dominik Braun
680b80e374
openpgp: Fix argument order of 'fxbit-set?'.
* guix/openpgp.scm (fxbit-set?): Change to swap arguments compared to
'bit-set?'.
* tests/openpgp.scm (%binary-sample): New test vector.
("port-ascii-armored?, #t"): Add test.
("port-ascii-armored?, #f"): Add another test.

Co-authored-by: Ludovic Courtès <ludo@gnu.org>
2020-09-29 22:53:36 +02:00
Ludovic Courtès
6f233040d3
openpgp: Use Libgcrypt's crc24 implementation.
This gives an 18% speedup on the wall-clock time of:

  guile -c '(use-modules (git) (guix git-authenticate)) (load-keyring-from-reference (repository-open ".") "keyring")'

* guix/openpgp.scm (crc24): Rewrite by calling out to 'bytevector-hash'.
2020-06-23 23:39:42 +02:00
Ludovic Courtès
06735a57a9
openpgp: Add missing type predicate for '&openpgp-invalid-signature-error'.
Reported by brendyyn on #guix.  The mistake led to a macro expansion
error on Guile 2.2 but not on 3.0.2.

* guix/openpgp.scm (&openpgp-invalid-signature-error): Add missing type
predicate.
2020-05-04 10:51:39 +02:00
Ludovic Courtès
05d973eef2
openpgp: Raise error conditions instead of calling 'error'.
* guix/openpgp.scm (&openpgp-error, &openpgp-unrecognized-packet-error)
(&openpgp-invalid-signature-error): New error conditions.
(openpgp-hash-algorithm): Add 'signature-port' parameter.  Raise an
error condition instead of calling 'error'.
(parse-subpackets): Likewise.
(get-data): Raise instead of calling 'error'.
(get-openpgp-detached-signature/ascii): Likewise.
(get-signature): Likewise.
2020-05-04 09:56:13 +02:00
Ludovic Courtès
b835e158d5
openpgp: Add 'string->openpgp-packet'.
* guix/openpgp.scm (string->openpgp-packet): New procedure.
* tests/openpgp.scm ("verify-openpgp-signature, missing key")
("verify-openpgp-signature, good signatures")
("verify-openpgp-signature, bad signature"): Use it.
2020-05-04 09:56:13 +02:00
Ludovic Courtès
bd8126558d
openpgp: 'lookup-key-by-{id,fingerprint}' return the key first.
Previously, 'lookup-key-by-{id,fingerprint}' would always return the
list of packets where the primary key is first.  Thus, the caller would
need to use 'find' to actually find the requested key.

* guix/openpgp.scm (keyring-insert): Always add KEY to PACKETS.
(lookup-key-by-id, lookup-key-by-fingerprint): Change to return the key
as the first value.
(verify-openpgp-signature): Remove now unneeded call to 'find'.
* tests/openpgp.scm ("get-openpgp-keyring"): Adjust accordingly.
2020-05-04 09:56:13 +02:00
Ludovic Courtès
b45fa0a123
openpgp: 'verify-openpgp-signature' looks up by fingerprint when possible.
* guix/openpgp.scm (verify-openpgp-signature): Use
'lookup-key-by-fingerprint' when SIG contains a fingerprint.
Honor FINGERPRINT in the 'find' predicate.  Upon missing-key, return
FINGERPRINT if available.
* tests/openpgp.scm ("verify-openpgp-signature, missing key"): Adjust
expected value accordingly.
2020-05-04 09:56:12 +02:00
Ludovic Courtès
efe1f0122c
openpgp: Add 'lookup-key-by-fingerprint'.
* guix/openpgp.scm (<openpgp-keyring>)[table]: Rename to...
[ids]: ... this.
[fingerprints]: New field.
(keyring-insert, lookup-key-by-fingerprint): New procedures.
(%empty-keyring): Adjust.
(get-openpgp-keyring): Manipulate KEYRING instead of its vhash, use
'keyring-insert'.
* tests/openpgp.scm ("get-openpgp-keyring"): Test
'lookup-key-by-fingerprint'.
2020-05-04 09:56:12 +02:00
Ludovic Courtès
7b2b3a13cc
openpgp: Store the issuer key id and fingerprint in <openpgp-signature>.
* guix/openpgp.scm (<openpgp-signature>)[issuer, issuer-fingerprint]:
New fields.
(openpgp-signature-issuer, openpgp-signature-issuer-fingerprint): Remove.
(verify-openpgp-signature): Use 'openpgp-signature-issuer-key-id'.
(get-signature): Initialize 'issuer' and 'issuer-fingerprint'.
* tests/openpgp.scm ("get-openpgp-detached-signature/ascii"): Adjust
accordingly.
2020-05-04 09:56:12 +02:00
Ludovic Courtès
4459c7859c
openpgp: Decode the issuer-fingerprint signature subpacket.
* guix/openpgp.scm (SUBPACKET-ISSUER-FINGERPRINT): New variable.
(openpgp-signature-issuer-fingerprint): New procedure.
(key-id-matches-fingerprint?): New procedure.
(get-signature): Look for the 'issuer and 'issuer-fingerprint
subpackets.  Ensure the issuer key ID matches the fingerprint when both
are available.
(parse-subpackets): Handle SUBPACKET-ISSUER-FINGERPRINT.
* tests/openpgp.scm (%rsa-key-fingerprint)
(%dsa-key-fingerprint, %ed25519-key-fingerprint): New variables.
* tests/openpgp.scm ("get-openpgp-detached-signature/ascii"): Check the
result of 'openpgp-signature-issuer-fingerprint'.
2020-05-04 09:56:12 +02:00
Ludovic Courtès
43408e304f
Add (guix openpgp).
* guix/openpgp.scm, tests/openpgp.scm, tests/civodul.key,
tests/dsa.key, tests/ed25519.key, tests/rsa.key,
tests/ed25519.sec: New files.
* Makefile.am (MODULES): Add guix/openpgp.scm.
(SCM_TESTS): Add tests/openpgp.scm.
(EXTRA_DIST): Add tests/*.key and tests/ed25519.sec.
2020-05-04 09:56:12 +02:00