diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2021-03-17 10:16:32 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2021-03-17 10:16:32 +0100 |
| commit | 78911fa6349aedace40ed021f1ab2a263757b300 (patch) | |
| tree | 40e893a9190f1668a0e0899edc926c3e709cdb9b /openpgp/src/cert.rs | |
| parent | 3c9351ade65fa888a13018765ba058363314d677 (diff) | |
openpgp: Add 1pa3pc test vector from dkgpg.
- See #335 and https://savannah.nongnu.org/bugs/index.php?60154
Diffstat (limited to 'openpgp/src/cert.rs')
| -rw-r--r-- | openpgp/src/cert.rs | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/openpgp/src/cert.rs b/openpgp/src/cert.rs index 401957a1..e717f163 100644 --- a/openpgp/src/cert.rs +++ b/openpgp/src/cert.rs @@ -6073,4 +6073,59 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= Ok(()) } + + /// Makes sure that attested key signatures are correctly handled. + #[test] + fn attested_key_signatures_dkgpg() -> Result<()> { + const DUMP: bool = false; + use crate::{ + packet::signature::subpacket::*, + crypto::hash::Digest, + }; + + let test = Cert::from_bytes(crate::tests::key("1pa3pc-dkgpg.pgp"))?; + assert_eq!(test.bad_signatures().count(), 0); + assert_eq!(test.userids().nth(0).unwrap().certifications().count(), + 1); + assert_eq!(test.userids().nth(0).unwrap().bundle().attestations.len(), + 1); + + let attestation = + &test.userids().nth(0).unwrap().bundle().attestations[0]; + + let digest_size = attestation.hash_algo().context()?.digest_size(); + let digests = if let Some(SubpacketValue::Unknown { body, .. }) = + attestation.subpacket(SubpacketTag__AttestedCertifications) + .map(|sp| sp.value()) + { + body.chunks(digest_size).map(|d| d.to_vec()).collect::<Vec<_>>() + } else { + unreachable!("Valid attestation signatures contain one"); + }; + + if DUMP { + for (i, d) in digests.iter().enumerate() { + crate::fmt::hex::Dumper::new(std::io::stderr(), "") + .write(d, format!("expected digest {}", i))?; + } + } + + for (i, certification) in + test.userids().nth(0).unwrap().certifications().enumerate() + { + // Hash the certification. + let mut h = attestation.hash_algo().context()?; + certification.hash_for_confirmation(&mut h); + let digest = h.into_digest()?; + + if DUMP { + crate::fmt::hex::Dumper::new(std::io::stderr(), "") + .write(&digest, format!("computed digest {}", i))?; + } + + assert!(digests.contains(&digest)); + } + + Ok(()) + } } |