[jackhill/guix/guix.git] / tests / openpgp.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (tests-openpgp)
  #:use-module (guix openpgp)
  #:use-module (gcrypt base16)
  #:use-module (gcrypt hash)
  #:use-module (gcrypt pk-crypto)
  #:use-module (ice-9 binary-ports)
  #:use-module (ice-9 match)
  #:use-module (rnrs bytevectors)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-11)
  #:use-module (srfi srfi-64)
  #:use-module (srfi srfi-71))

(define %radix-64-sample
  ;; Example of Radix-64 encoding from Section 6.6 of RFC4880.
  "\
-----BEGIN PGP MESSAGE-----
Version: OpenPrivacy 0.99

yDgBO22WxBHv7O8X7O/jygAEzol56iUKiXmV+XmpCtmpqQUKiQrFqclFqUDBovzS
vBSFjNSiVHsuAA==
=njUN
-----END PGP MESSAGE-----\n")

(define %radix-64-sample/crc-mismatch
  ;; This time with a wrong CRC24 value.
  "\
-----BEGIN PGP MESSAGE-----

yDgBO22WxBHv7O8X7O/jygAEzol56iUKiXmV+XmpCtmpqQUKiQrFqclFqUDBovzS
vBSFjNSiVHsuAA==
=AAAA
-----END PGP MESSAGE-----\n")

(define %binary-sample
  ;; Same message as %radix-64-sample, decoded into bytevector.
  (base16-string->bytevector
  "c838013b6d96c411efecef17ecefe3ca0004ce8979ea250a897995f979a9\
0ad9a9a9050a890ac5a9c945a940c1a2fcd2bc14858cd4a2547b2e00"))

(define %civodul-fingerprint
  "3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5")

(define %civodul-key-id #x090B11993D9AEBB5)       ;civodul.pub

#|
Test keys in ./tests/keys.  They were generated in a container along these lines:
  guix environment -CP --ad-hoc gnupg pinentry coreutils
then, within the container:
  mkdir ~/.gnupg && chmod -R og-rwx ~/.gnupg
  gpg --batch --passphrase '' --quick-gen-key '<example@example.com>' ed25519
  gpg --armor --export example@example.com
  gpg --armor --export-secret-key example@example.com
  # echo pinentry-program ~/.guix-profile/bin/pinentry-curses > ~/.gnupg/gpg-agent.conf
or similar.
|#
(define %rsa-key-id      #xAE25DA2A70DEED59)      ;rsa.pub
(define %dsa-key-id      #x587918047BE8BD2C)      ;dsa.pub
(define %ed25519-key-id  #x771F49CBFAAE072D)      ;ed25519.pub

(define %rsa-key-fingerprint
  (base16-string->bytevector
   (string-downcase "385F86CFC86B665A5C165E6BAE25DA2A70DEED59")))
(define %dsa-key-fingerprint
  (base16-string->bytevector
   (string-downcase "2884A980422330A4F33DD97F587918047BE8BD2C")))
(define %ed25519-key-fingerprint
  (base16-string->bytevector
   (string-downcase "44D31E21AF7138F9B632280A771F49CBFAAE072D")))

\f
;;; The following are detached signatures created commands like:
;;;    echo 'Hello!' | gpg -sba --digest-algo sha512
;;; They are detached (no PACKET-ONE-PASS-SIGNATURE) and uncompressed.

(define %hello-signature/rsa
  ;; Signature of the ASCII string "Hello!\n".
  "\
-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEOF+Gz8hrZlpcFl5rriXaKnDe7VkFAl4SRF0ACgkQriXaKnDe
7VlIyQf/TU5rGUK42/C1ULoWvvm25Mjwh6xxoPPkuBxvos8bE6yKr/vJZePU3aSE
mjbVFcO7DioxHMqLd49j803bUtdllJVU18ex9MkKbKjapkgEGkJsuTTzqyONprgk
7xtZGBWuxkP1M6hJICJkA3Ys+sTdKalux/pzr5OWAe+gxytTF/vr/EyJzdmBxbJv
/fhd1SeVIXSw4c5gf2Wcvcgfy4N5CiLaUb7j4646KBTvDvmUMcDZ+vmKqC/XdQeQ
PrjArGKt40ErVd98fwvNHZnw7VQMx0A3nL3joL5g7/RckDOUb4mqKoqLsLd0wPHP
y32DiDUY9s3sy5OMzX4Y49em8vxvlg==
=ASEm
-----END PGP SIGNATURE-----")


(define %hello-signature/dsa
  "\
-----BEGIN PGP SIGNATURE-----

iHUEABEIAB0WIQQohKmAQiMwpPM92X9YeRgEe+i9LAUCXhJFpQAKCRBYeRgEe+i9
LDAaAQC0lXPQepvZBANAUtRLMZuOwL9NQPkfhIwUXtLEBBzyFQD/So8DcybXpRBi
JKOiyAQQjMs/GJ6qMEQpRAhyyJRAock=
=iAEc
-----END PGP SIGNATURE-----")


(define %hello-signature/ed25519/sha256           ;digest-algo: sha256
  "\
-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQRE0x4hr3E4+bYyKAp3H0nL+q4HLQUCXqRADAAKCRB3H0nL+q4H
LUImAP9/foaSjPFC/MSr52LNV5ROSL9haea4jPpUP+N6ViFGowEA+AE/xpXPIqsz
R6CdxMevURuqUpqQ7rHeiMmdUepeewU=
=tLXy
-----END PGP SIGNATURE-----")

(define %hello-signature/ed25519/sha512           ;digest-algo: sha512
  "\
-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQRE0x4hr3E4+bYyKAp3H0nL+q4HLQUCXqRAGgAKCRB3H0nL+q4H
LTeKAP0S8LiiosJXOARlYNdhfGw9j26lHrbwJh5CORGlaqqIJAEAoMYcmtNa2b6O
inlEwB/KQM88O9RwA8xH7X5a0rodOw4=
=68r/
-----END PGP SIGNATURE-----")

(define %hello-signature/ed25519/sha1             ;digest-algo: sha1
  "\
-----BEGIN PGP SIGNATURE-----

iHUEABYCAB0WIQRE0x4hr3E4+bYyKAp3H0nL+q4HLQUCXqRALQAKCRB3H0nL+q4H
LdhEAQCfkdYhIVRa43oTNw9EL/TDFGQjXSHNRFVU0ktjkWbkQwEAjIXhvj2sqy79
Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
=AE4G
-----END PGP SIGNATURE-----")

\f
(test-begin "openpgp")

(test-equal "read-radix-64"
  '(#t "PGP MESSAGE")
  (let-values (((data type)
                (call-with-input-string %radix-64-sample read-radix-64)))
    (list (bytevector? data) type)))

(test-equal "read-radix-64, CRC mismatch"
  '(#f "PGP MESSAGE")
  (call-with-values
      (lambda ()
        (call-with-input-string %radix-64-sample/crc-mismatch
          read-radix-64))
    list))

(test-assert "port-ascii-armored?, #t"
  (call-with-input-string %radix-64-sample port-ascii-armored?))

(test-assert "port-ascii-armored?, #f"
  (not (port-ascii-armored? (open-bytevector-input-port %binary-sample))))

(test-assert "get-openpgp-keyring"
  (let* ((key (search-path %load-path "tests/keys/civodul.pub"))
         (keyring (get-openpgp-keyring
                   (open-bytevector-input-port
                    (call-with-input-file key read-radix-64)))))
    (let-values (((primary packets)
                  (lookup-key-by-id keyring %civodul-key-id)))
      (let ((fingerprint (openpgp-public-key-fingerprint primary)))
        (and (= (openpgp-public-key-id primary) %civodul-key-id)
             (not (openpgp-public-key-subkey? primary))
             (string=? (openpgp-format-fingerprint fingerprint)
                       %civodul-fingerprint)
             (string=? (openpgp-user-id-value (find openpgp-user-id? packets))
                       "Ludovic Courtès <ludo@gnu.org>")
             (eq? (lookup-key-by-fingerprint keyring fingerprint)
                  primary))))))

(test-equal "get-openpgp-detached-signature/ascii"
  (list `(,%dsa-key-id ,%dsa-key-fingerprint dsa sha256)
        `(,%rsa-key-id ,%rsa-key-fingerprint rsa sha256)
        `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha256)
        `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha512)
        `(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha1))
  (map (lambda (str)
         (let ((signature (get-openpgp-detached-signature/ascii
                           (open-input-string str))))
           (list (openpgp-signature-issuer-key-id signature)
                 (openpgp-signature-issuer-fingerprint signature)
                 (openpgp-signature-public-key-algorithm signature)
                 (openpgp-signature-hash-algorithm signature))))
       (list %hello-signature/dsa
             %hello-signature/rsa
             %hello-signature/ed25519/sha256
             %hello-signature/ed25519/sha512
             %hello-signature/ed25519/sha1)))

(test-equal "verify-openpgp-signature, missing key"
  `(missing-key ,%rsa-key-fingerprint)
  (let* ((keyring   (get-openpgp-keyring (%make-void-port "r")))
         (signature (string->openpgp-packet %hello-signature/rsa)))
    (let-values (((status key)
                  (verify-openpgp-signature signature keyring
                                            (open-input-string "Hello!\n"))))
      (list status key))))

(test-equal "verify-openpgp-signature, good signatures"
  `((good-signature ,%rsa-key-id)
    (good-signature ,%dsa-key-id)
    (good-signature ,%ed25519-key-id)
    (good-signature ,%ed25519-key-id)
    (good-signature ,%ed25519-key-id))
  (map (lambda (key signature)
         (let* ((key       (search-path %load-path key))
                (keyring   (get-openpgp-keyring
                            (open-bytevector-input-port
                             (call-with-input-file key read-radix-64))))
                (signature (string->openpgp-packet signature)))
           (let-values (((status key)
                         (verify-openpgp-signature signature keyring
                                                   (open-input-string "Hello!\n"))))
             (list status (openpgp-public-key-id key)))))
       (list "tests/keys/rsa.pub" "tests/keys/dsa.pub"
             "tests/keys/ed25519.pub"
             "tests/keys/ed25519.pub"
             "tests/keys/ed25519.pub")
       (list %hello-signature/rsa %hello-signature/dsa
             %hello-signature/ed25519/sha256
             %hello-signature/ed25519/sha512
             %hello-signature/ed25519/sha1)))

(test-equal "verify-openpgp-signature, bad signature"
  `((bad-signature ,%rsa-key-id)
    (bad-signature ,%dsa-key-id)
    (bad-signature ,%ed25519-key-id)
    (bad-signature ,%ed25519-key-id)
    (bad-signature ,%ed25519-key-id))
  (let ((keyring (fold (lambda (key keyring)
                         (let ((key (search-path %load-path key)))
                           (get-openpgp-keyring
                            (open-bytevector-input-port
                             (call-with-input-file key read-radix-64))
                            keyring)))
                       %empty-keyring
                       '("tests/keys/rsa.pub" "tests/keys/dsa.pub"
                         "tests/keys/ed25519.pub" "tests/keys/ed25519.pub"
                         "tests/keys/ed25519.pub"))))
    (map (lambda (signature)
           (let ((signature (string->openpgp-packet signature)))
             (let-values (((status key)
                           (verify-openpgp-signature signature keyring
                                                     (open-input-string "What?!"))))
               (list status (openpgp-public-key-id key)))))
         (list %hello-signature/rsa %hello-signature/dsa
               %hello-signature/ed25519/sha256
               %hello-signature/ed25519/sha512
               %hello-signature/ed25519/sha1))))

(test-end "openpgp")
Commit	Line	Data
43408e30 LC	1	;;; GNU Guix --- Functional package management for GNU
	2	;;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org>
	3	;;;
	4	;;; This file is part of GNU Guix.
	5	;;;
	6	;;; GNU Guix is free software; you can redistribute it and/or modify it
	7	;;; under the terms of the GNU General Public License as published by
	8	;;; the Free Software Foundation; either version 3 of the License, or (at
	9	;;; your option) any later version.
	10	;;;
	11	;;; GNU Guix is distributed in the hope that it will be useful, but
	12	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	13	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	;;; GNU General Public License for more details.
	15	;;;
	16	;;; You should have received a copy of the GNU General Public License
	17	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	18
	19	(define-module (tests-openpgp)
	20	#:use-module (guix openpgp)
4459c785	21	#:use-module (gcrypt base16)
43408e30 LC	22	#:use-module (gcrypt hash)
	23	#:use-module (gcrypt pk-crypto)
	24	#:use-module (ice-9 binary-ports)
	25	#:use-module (ice-9 match)
	26	#:use-module (rnrs bytevectors)
	27	#:use-module (srfi srfi-1)
	28	#:use-module (srfi srfi-11)
	29	#:use-module (srfi srfi-64)
	30	#:use-module (srfi srfi-71))
	31
	32	(define %radix-64-sample
	33	;; Example of Radix-64 encoding from Section 6.6 of RFC4880.
	34	"\
	35	-----BEGIN PGP MESSAGE-----
	36	Version: OpenPrivacy 0.99
	37
	38	yDgBO22WxBHv7O8X7O/jygAEzol56iUKiXmV+XmpCtmpqQUKiQrFqclFqUDBovzS
	39	vBSFjNSiVHsuAA==
	40	=njUN
	41	-----END PGP MESSAGE-----\n")
	42
	43	(define %radix-64-sample/crc-mismatch
	44	;; This time with a wrong CRC24 value.
	45	"\
	46	-----BEGIN PGP MESSAGE-----
	47
	48	yDgBO22WxBHv7O8X7O/jygAEzol56iUKiXmV+XmpCtmpqQUKiQrFqclFqUDBovzS
	49	vBSFjNSiVHsuAA==
	50	=AAAA
	51	-----END PGP MESSAGE-----\n")
	52
680b80e3 LDB	53	(define %binary-sample
	54	;; Same message as %radix-64-sample, decoded into bytevector.
	55	(base16-string->bytevector
	56	"c838013b6d96c411efecef17ecefe3ca0004ce8979ea250a897995f979a9\
	57	0ad9a9a9050a890ac5a9c945a940c1a2fcd2bc14858cd4a2547b2e00"))
	58
43408e30 LC	59	(define %civodul-fingerprint
	60	"3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5")
	61
9ebc9ca0 AL	62	(define %civodul-key-id #x090B11993D9AEBB5) ;civodul.pub
	63
	64	#\|
	65	Test keys in ./tests/keys. They were generated in a container along these lines:
	66	guix environment -CP --ad-hoc gnupg pinentry coreutils
	67	then, within the container:
	68	mkdir ~/.gnupg && chmod -R og-rwx ~/.gnupg
	69	gpg --batch --passphrase '' --quick-gen-key '<example@example.com>' ed25519
	70	gpg --armor --export example@example.com
	71	gpg --armor --export-secret-key example@example.com
	72	# echo pinentry-program ~/.guix-profile/bin/pinentry-curses > ~/.gnupg/gpg-agent.conf
	73	or similar.
	74	\|#
	75	(define %rsa-key-id #xAE25DA2A70DEED59) ;rsa.pub
	76	(define %dsa-key-id #x587918047BE8BD2C) ;dsa.pub
	77	(define %ed25519-key-id #x771F49CBFAAE072D) ;ed25519.pub
43408e30	78
4459c785 LC	79	(define %rsa-key-fingerprint
	80	(base16-string->bytevector
	81	(string-downcase "385F86CFC86B665A5C165E6BAE25DA2A70DEED59")))
	82	(define %dsa-key-fingerprint
	83	(base16-string->bytevector
	84	(string-downcase "2884A980422330A4F33DD97F587918047BE8BD2C")))
	85	(define %ed25519-key-fingerprint
	86	(base16-string->bytevector
	87	(string-downcase "44D31E21AF7138F9B632280A771F49CBFAAE072D")))
	88
43408e30 LC	89	\f
	90	;;; The following are detached signatures created commands like:
	91	;;; echo 'Hello!' \| gpg -sba --digest-algo sha512
	92	;;; They are detached (no PACKET-ONE-PASS-SIGNATURE) and uncompressed.
	93
	94	(define %hello-signature/rsa
	95	;; Signature of the ASCII string "Hello!\n".
	96	"\
	97	-----BEGIN PGP SIGNATURE-----
	98
	99	iQEzBAABCAAdFiEEOF+Gz8hrZlpcFl5rriXaKnDe7VkFAl4SRF0ACgkQriXaKnDe
	100	7VlIyQf/TU5rGUK42/C1ULoWvvm25Mjwh6xxoPPkuBxvos8bE6yKr/vJZePU3aSE
	101	mjbVFcO7DioxHMqLd49j803bUtdllJVU18ex9MkKbKjapkgEGkJsuTTzqyONprgk
	102	7xtZGBWuxkP1M6hJICJkA3Ys+sTdKalux/pzr5OWAe+gxytTF/vr/EyJzdmBxbJv
	103	/fhd1SeVIXSw4c5gf2Wcvcgfy4N5CiLaUb7j4646KBTvDvmUMcDZ+vmKqC/XdQeQ
	104	PrjArGKt40ErVd98fwvNHZnw7VQMx0A3nL3joL5g7/RckDOUb4mqKoqLsLd0wPHP
	105	y32DiDUY9s3sy5OMzX4Y49em8vxvlg==
	106	=ASEm
	107	-----END PGP SIGNATURE-----")
	108
	109
	110	(define %hello-signature/dsa
	111	"\
	112	-----BEGIN PGP SIGNATURE-----
	113
	114	iHUEABEIAB0WIQQohKmAQiMwpPM92X9YeRgEe+i9LAUCXhJFpQAKCRBYeRgEe+i9
	115	LDAaAQC0lXPQepvZBANAUtRLMZuOwL9NQPkfhIwUXtLEBBzyFQD/So8DcybXpRBi
	116	JKOiyAQQjMs/GJ6qMEQpRAhyyJRAock=
	117	=iAEc
	118	-----END PGP SIGNATURE-----")
	119
	120
	121	(define %hello-signature/ed25519/sha256 ;digest-algo: sha256
	122	"\
	123	-----BEGIN PGP SIGNATURE-----
	124
	125	iHUEABYIAB0WIQRE0x4hr3E4+bYyKAp3H0nL+q4HLQUCXqRADAAKCRB3H0nL+q4H
	126	LUImAP9/foaSjPFC/MSr52LNV5ROSL9haea4jPpUP+N6ViFGowEA+AE/xpXPIqsz
	127	R6CdxMevURuqUpqQ7rHeiMmdUepeewU=
	128	=tLXy
	129	-----END PGP SIGNATURE-----")
	130
	131	(define %hello-signature/ed25519/sha512 ;digest-algo: sha512
	132	"\
	133	-----BEGIN PGP SIGNATURE-----
	134
	135	iHUEABYKAB0WIQRE0x4hr3E4+bYyKAp3H0nL+q4HLQUCXqRAGgAKCRB3H0nL+q4H
	136	LTeKAP0S8LiiosJXOARlYNdhfGw9j26lHrbwJh5CORGlaqqIJAEAoMYcmtNa2b6O
	137	inlEwB/KQM88O9RwA8xH7X5a0rodOw4=
	138	=68r/
	139	-----END PGP SIGNATURE-----")
	140
	141	(define %hello-signature/ed25519/sha1 ;digest-algo: sha1
	142	"\
	143	-----BEGIN PGP SIGNATURE-----
	144
	145	iHUEABYCAB0WIQRE0x4hr3E4+bYyKAp3H0nL+q4HLQUCXqRALQAKCRB3H0nL+q4H
	146	LdhEAQCfkdYhIVRa43oTNw9EL/TDFGQjXSHNRFVU0ktjkWbkQwEAjIXhvj2sqy79
	147	Pz7oopeN72xgggYUNT37ezqN3MeCqw0=
	148	=AE4G
	149	-----END PGP SIGNATURE-----")
	150
	151	\f
	152	(test-begin "openpgp")
153
154	(test-equal "read-radix-64"
155	'(#t "PGP MESSAGE")
156	(let-values (((data type)
157	(call-with-input-string %radix-64-sample read-radix-64)))
158	(list (bytevector? data) type)))
159
160	(test-equal "read-radix-64, CRC mismatch"
161	'(#f "PGP MESSAGE")
162	(call-with-values
163	(lambda ()
164	(call-with-input-string %radix-64-sample/crc-mismatch
165	read-radix-64))
166	list))
167
680b80e3 LDB	168	(test-assert "port-ascii-armored?, #t"
	169	(call-with-input-string %radix-64-sample port-ascii-armored?))
	170
	171	(test-assert "port-ascii-armored?, #f"
	172	(not (port-ascii-armored? (open-bytevector-input-port %binary-sample))))
	173
43408e30	174	(test-assert "get-openpgp-keyring"
9ebc9ca0	175	(let* ((key (search-path %load-path "tests/keys/civodul.pub"))
43408e30 LC	176	(keyring (get-openpgp-keyring
	177	(open-bytevector-input-port
	178	(call-with-input-file key read-radix-64)))))
bd812655 LC	179	(let-values (((primary packets)
	180	(lookup-key-by-id keyring %civodul-key-id)))
	181	(let ((fingerprint (openpgp-public-key-fingerprint primary)))
	182	(and (= (openpgp-public-key-id primary) %civodul-key-id)
	183	(not (openpgp-public-key-subkey? primary))
	184	(string=? (openpgp-format-fingerprint fingerprint)
	185	%civodul-fingerprint)
	186	(string=? (openpgp-user-id-value (find openpgp-user-id? packets))
	187	"Ludovic Courtès <ludo@gnu.org>")
	188	(eq? (lookup-key-by-fingerprint keyring fingerprint)
	189	primary))))))
43408e30 LC	190
43408e30 LC	191	(test-equal "get-openpgp-detached-signature/ascii"
4459c785 LC	192	(list `(,%dsa-key-id ,%dsa-key-fingerprint dsa sha256)
	193	`(,%rsa-key-id ,%rsa-key-fingerprint rsa sha256)
	194	`(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha256)
	195	`(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha512)
	196	`(,%ed25519-key-id ,%ed25519-key-fingerprint eddsa sha1))
43408e30 LC	197	(map (lambda (str)
	198	(let ((signature (get-openpgp-detached-signature/ascii
	199	(open-input-string str))))
7b2b3a13	200	(list (openpgp-signature-issuer-key-id signature)
4459c785	201	(openpgp-signature-issuer-fingerprint signature)
43408e30 LC	202	(openpgp-signature-public-key-algorithm signature)
	203	(openpgp-signature-hash-algorithm signature))))
	204	(list %hello-signature/dsa
	205	%hello-signature/rsa
	206	%hello-signature/ed25519/sha256
	207	%hello-signature/ed25519/sha512
	208	%hello-signature/ed25519/sha1)))
	209
	210	(test-equal "verify-openpgp-signature, missing key"
b45fa0a1	211	`(missing-key ,%rsa-key-fingerprint)
43408e30	212	(let* ((keyring (get-openpgp-keyring (%make-void-port "r")))
b835e158	213	(signature (string->openpgp-packet %hello-signature/rsa)))
43408e30 LC	214	(let-values (((status key)
	215	(verify-openpgp-signature signature keyring
	216	(open-input-string "Hello!\n"))))
	217	(list status key))))
	218
	219	(test-equal "verify-openpgp-signature, good signatures"
	220	`((good-signature ,%rsa-key-id)
	221	(good-signature ,%dsa-key-id)
	222	(good-signature ,%ed25519-key-id)
	223	(good-signature ,%ed25519-key-id)
	224	(good-signature ,%ed25519-key-id))
	225	(map (lambda (key signature)
	226	(let* ((key (search-path %load-path key))
	227	(keyring (get-openpgp-keyring
	228	(open-bytevector-input-port
	229	(call-with-input-file key read-radix-64))))
b835e158	230	(signature (string->openpgp-packet signature)))
43408e30 LC	231	(let-values (((status key)
	232	(verify-openpgp-signature signature keyring
	233	(open-input-string "Hello!\n"))))
	234	(list status (openpgp-public-key-id key)))))
9ebc9ca0 AL	235	(list "tests/keys/rsa.pub" "tests/keys/dsa.pub"
	236	"tests/keys/ed25519.pub"
	237	"tests/keys/ed25519.pub"
	238	"tests/keys/ed25519.pub")
43408e30 LC	239	(list %hello-signature/rsa %hello-signature/dsa
	240	%hello-signature/ed25519/sha256
	241	%hello-signature/ed25519/sha512
	242	%hello-signature/ed25519/sha1)))
	243
	244	(test-equal "verify-openpgp-signature, bad signature"
	245	`((bad-signature ,%rsa-key-id)
	246	(bad-signature ,%dsa-key-id)
	247	(bad-signature ,%ed25519-key-id)
	248	(bad-signature ,%ed25519-key-id)
	249	(bad-signature ,%ed25519-key-id))
	250	(let ((keyring (fold (lambda (key keyring)
	251	(let ((key (search-path %load-path key)))
	252	(get-openpgp-keyring
	253	(open-bytevector-input-port
	254	(call-with-input-file key read-radix-64))
	255	keyring)))
	256	%empty-keyring
9ebc9ca0 AL	257	'("tests/keys/rsa.pub" "tests/keys/dsa.pub"
	258	"tests/keys/ed25519.pub" "tests/keys/ed25519.pub"
	259	"tests/keys/ed25519.pub"))))
43408e30	260	(map (lambda (signature)
b835e158	261	(let ((signature (string->openpgp-packet signature)))
43408e30 LC	262	(let-values (((status key)
	263	(verify-openpgp-signature signature keyring
	264	(open-input-string "What?!"))))
	265	(list status (openpgp-public-key-id key)))))
	266	(list %hello-signature/rsa %hello-signature/dsa
	267	%hello-signature/ed25519/sha256
	268	%hello-signature/ed25519/sha512
	269	%hello-signature/ed25519/sha1))))
	270
	271	(test-end "openpgp")