From 4459c7859c286ab54fa3a9901c8a17591b04c516 Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Sat, 25 Apr 2020 23:23:51 +0200
Subject: openpgp: Decode the issuer-fingerprint signature subpacket.

* guix/openpgp.scm (SUBPACKET-ISSUER-FINGERPRINT): New variable.
(openpgp-signature-issuer-fingerprint): New procedure.
(key-id-matches-fingerprint?): New procedure.
(get-signature): Look for the 'issuer and 'issuer-fingerprint
subpackets.  Ensure the issuer key ID matches the fingerprint when both
are available.
(parse-subpackets): Handle SUBPACKET-ISSUER-FINGERPRINT.
* tests/openpgp.scm (%rsa-key-fingerprint)
(%dsa-key-fingerprint, %ed25519-key-fingerprint): New variables.
* tests/openpgp.scm ("get-openpgp-detached-signature/ascii"): Check the
result of 'openpgp-signature-issuer-fingerprint'.
---
 tests/openpgp.scm | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

(limited to 'tests')

diff --git a/tests/openpgp.scm b/tests/openpgp.scm
index 8a3c7bbeb7..20d65171fd 100644
--- a/tests/openpgp.scm
+++ b/tests/openpgp.scm
@@ -18,6 +18,7 @@
 
 (define-module (tests-openpgp)
   #:use-module (guix openpgp)
+  #:use-module (gcrypt base16)
   #:use-module (gcrypt hash)
   #:use-module (gcrypt pk-crypto)
   #:use-module (ice-9 binary-ports)
@@ -65,6 +66,16 @@ vBSFjNSiVHsuAA==
 (define %dsa-key-id      #x587918047BE8BD2C)      ;dsa.key
 (define %ed25519-key-id  #x771F49CBFAAE072D)      ;ed25519.key
 
+(define %rsa-key-fingerprint
+  (base16-string->bytevector
+   (string-downcase "385F86CFC86B665A5C165E6BAE25DA2A70DEED59")))
+(define %dsa-key-fingerprint
+  (base16-string->bytevector
+   (string-downcase "2884A980422330A4F33DD97F587918047BE8BD2C")))
+(define %ed25519-key-fingerprint
+  (base16-string->bytevector
+   (string-downcase "44D31E21AF7138F9B632280A771F49CBFAAE072D")))
+
 
 ;;; The following are detached signatures created commands like:
 ;;;    echo 'Hello!' | gpg -sba --digest-algo sha512
@@ -160,15 +171,16 @@ Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
                       "Ludovic Courtès <ludo@gnu.org>"))))))
 
 (test-equal "get-openpgp-detached-signature/ascii"
-  (list `(,%dsa-key-id dsa sha256)
-        `(,%rsa-key-id rsa sha256)
-        `(,%ed25519-key-id eddsa sha256)
-        `(,%ed25519-key-id eddsa sha512)
-        `(,%ed25519-key-id eddsa sha1))
+  (list `(,%dsa-key-id ,%dsa-key-fingerprint dsa sha256)
+        `(,%rsa-key-id ,%rsa-key-fingerprint rsa sha256)
+        `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha256)
+        `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha512)
+        `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha1))
   (map (lambda (str)
          (let ((signature (get-openpgp-detached-signature/ascii
                            (open-input-string str))))
            (list (openpgp-signature-issuer signature)
+                 (openpgp-signature-issuer-fingerprint signature)
                  (openpgp-signature-public-key-algorithm signature)
                  (openpgp-signature-hash-algorithm signature))))
        (list %hello-signature/dsa
-- 
cgit v1.2.3