rpm-software-management · pmatilai · Apr 16, 2024 · Apr 12, 2024 · Apr 15, 2024
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
@@ -156,6 +156,7 @@ static rpmtd makeSigTag(Header sigh, int ishdr, uint8_t *pkt, size_t pktlen)
     pubkey_algo = pgpDigParamsAlgo(sigp, PGPVAL_PUBKEYALGO);
     switch (pubkey_algo) {
     case PGPPUBKEYALGO_DSA:
+    case PGPPUBKEYALGO_ECDSA:
     case PGPPUBKEYALGO_EDDSA:
 	sigtag = ishdr ? RPMSIGTAG_DSA : RPMSIGTAG_GPG;
 	break;

diff --git a/tests/data/keys/rpm.org-ed25519-test.pub b/tests/data/keys/rpm.org-ed25519-test.pub
@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZh0iqBYJKwYBBAHaRw8BAQdAykdH/PFqlgMlJjKORrUVBCEtMj6dPAHev1Qr
+DwxCr5u0KXJwbS5vcmcgZWQyNTUxOSB0ZXN0a2V5IDxlZDI1NTE5QHJwbS5vcmc+
+iJAEExYIADgWIQQVK7Mv2cqYJ5foNc+wZFrsdXv2ngUCZh0iqAIbAwULCQgHAgYV
+CgkICwIEFgIDAQIeAQIXgAAKCRCwZFrsdXv2nkd7AP42YzwyWeKd/775qIJ1qPai
+dy/F5VaN3Y5W5rw0KwvPLgD9F3Pna3krtD/9MtkfsI9pitS8g598YlknklAHPi5p
+FwY=
+=sZKd
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/data/keys/rpm.org-ed25519-test.secret b/tests/data/keys/rpm.org-ed25519-test.secret
@@ -0,0 +1,10 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lFgEZh0iqBYJKwYBBAHaRw8BAQdAykdH/PFqlgMlJjKORrUVBCEtMj6dPAHev1Qr
+DwxCr5sAAP4jj/cicS8y5YIaYw7RiNCm9lGl1CiDL55zA0iF4qsvmxAutClycG0u
+b3JnIGVkMjU1MTkgdGVzdGtleSA8ZWQyNTUxOUBycG0ub3JnPoiQBBMWCAA4FiEE
+FSuzL9nKmCeX6DXPsGRa7HV79p4FAmYdIqgCGwMFCwkIBwIGFQoJCAsCBBYCAwEC
+HgECF4AACgkQsGRa7HV79p5HewD+NmM8Mlninf+++aiCdaj2oncvxeVWjd2OVua8
+NCsLzy4A/Rdz52t5K7Q//TLZH7CPaYrUvIOffGJZJ5JQBz4uaRcG
+=DS6v
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/data/keys/rpm.org-nistp256-test.pub b/tests/data/keys/rpm.org-nistp256-test.pub
@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEZh0lBxMIKoZIzj0DAQcCAwRoMRDudHrKu5qCI3RSnreERpaCa4uAY+M4Ku1z
+vj1KRggx11nwqVgHHXy0y2sAWKgEcULTQOPECdTS2ktuZhRktC1ycG0ub3JnIE5J
+U1QgUC0yNTYgdGVzdGtleSA8bmlzdHAyNTZAcnBtLm9yZz6IkAQTEwgAOBYhBOim
+LAUSsGtdIYO6IH8cIflfZbvoBQJmHSUHAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B
+AheAAAoJEH8cIflfZbvoaX4BAJ57L2ng1LLiXjIl404ZxI8Y83nz5rp/h1YZIQxJ
+MyzqAP9wwoYycCHEGooNpzyZRO8Vs23LuHh15Lw29T+IE8iIMg==
+=VgGq
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/data/keys/rpm.org-nistp256-test.secret b/tests/data/keys/rpm.org-nistp256-test.secret
@@ -0,0 +1,11 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lHcEZh0lBxMIKoZIzj0DAQcCAwRoMRDudHrKu5qCI3RSnreERpaCa4uAY+M4Ku1z
+vj1KRggx11nwqVgHHXy0y2sAWKgEcULTQOPECdTS2ktuZhRkAAD/ft80tLdTnXwy
+N1dnYmKzpONcvkOn83QsIdquKh/jM+oRFbQtcnBtLm9yZyBOSVNUIFAtMjU2IHRl
+c3RrZXkgPG5pc3RwMjU2QHJwbS5vcmc+iJAEExMIADgWIQTopiwFErBrXSGDuiB/
+HCH5X2W76AUCZh0lBwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRB/HCH5
+X2W76Gl+AQCeey9p4NSy4l4yJeNOGcSPGPN58+a6f4dWGSEMSTMs6gD/cMKGMnAh
+xBqKDac8mUTvFbNty7h4deS8NvU/iBPIiDI=
+=oPT5
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
@@ -1099,3 +1099,70 @@ runroot rpm -qp /data/RPMS/hello-2.0-1.x86_64-signed.rpm
 error: /data/RPMS/hello-2.0-1.x86_64-signed.rpm: not an rpm package (or package manifest)
 ])
 RPMTEST_CLEANUP
+
+
+# ------------------------------
+# Test ed25519 signature creation and verification
+AT_SETUP([Ed25519 signatures])
+AT_KEYWORDS([rpmsign signature])
+AT_SKIP_IF([test x$PGP = xdummy])
+RPMDB_INIT
+gpg2 --import ${RPMTEST}/data/keys/*.secret
+# Our keys have no passphrases to be asked, silence GPG_TTY warning
+export GPG_TTY=""
+RPMTEST_CHECK([
+RPMDB_INIT
+
+cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/
+run rpmsign --key-id 757BF69E --digest-algo sha512 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
+echo PRE-IMPORT
+runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
+echo POST-IMPORT
+runroot rpmkeys --import /data/keys/rpm.org-ed25519-test.pub
+runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
+],
+[0],
+[PRE-IMPORT
+/tmp/hello-2.0-1.x86_64.rpm:
+    Header V4 EdDSA/SHA512 Signature, key ID 757bf69e: NOKEY
+POST-IMPORT
+/tmp/hello-2.0-1.x86_64.rpm:
+    Header V4 EdDSA/SHA512 Signature, key ID 757bf69e: OK
+],
+[])
+gpgconf --kill gpg-agent
+RPMTEST_CLEANUP
+
+
+# ------------------------------
+# Test NIST p-256 signature creation and verification
+AT_SETUP([NIST P-256 signatures])
+AT_KEYWORDS([rpmsign signature])
+AT_SKIP_IF([test x$PGP = xdummy])
+RPMDB_INIT
+gpg2 --import ${RPMTEST}/data/keys/*.secret
+# Our keys have no passphrases to be asked, silence GPG_TTY warning
+export GPG_TTY=""
+RPMTEST_CHECK([
+RPMDB_INIT
+
+cp "${RPMTEST}"/data/RPMS/hello-2.0-1.x86_64.rpm "${RPMTEST}"/tmp/
+run rpmsign --key-id 5F65BBE8 --digest-algo sha256 --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
+echo PRE-IMPORT
+runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
+echo POST-IMPORT
+runroot rpmkeys --import /data/keys/rpm.org-nistp256-test.pub
+runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm|grep -v digest
+],
+[0],
+[PRE-IMPORT
+/tmp/hello-2.0-1.x86_64.rpm:
+    Header V4 ECDSA/SHA256 Signature, key ID 5f65bbe8: NOKEY
+POST-IMPORT
+/tmp/hello-2.0-1.x86_64.rpm:
+    Header V4 ECDSA/SHA256 Signature, key ID 5f65bbe8: OK
+],
+[])
+gpgconf --kill gpg-agent
+RPMTEST_CLEANUP
+