launchpad-reviewers team mailing list archive

[Colin Watson <mp+429660@xxxxxxxxxxxxxxxxxx>]

Colin Watson has proposed merging ~cjwatson/launchpad:gpg-ecdsa into launchpad:master.

Commit message:
Support GPG ECDSA/ECDH keys

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)
Related bugs:
  Bug #1827369 in Launchpad itself: "Launchpad cannot handle ECC or Ed25519 OpenPGP keys"
  https://bugs.launchpad.net/launchpad/+bug/1827369

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/429660

Only some choices of elliptic curve will in fact work at the moment, due to limitations in the versions of GnuPG and GPGME on production; I've tested that at least `nistp256` works.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad:gpg-ecdsa into launchpad:master.

diff --git a/lib/lp/registry/templates/person-editpgpkeys.pt b/lib/lp/registry/templates/person-editpgpkeys.pt
index 169c5f0..f6dd57b 100644
--- a/lib/lp/registry/templates/person-editpgpkeys.pt
+++ b/lib/lp/registry/templates/person-editpgpkeys.pt
@@ -163,6 +163,12 @@
         fingerprint</a>)
       </p>
 
+      <p>
+        At present, only RSA, DSA, and some ECC keys are supported; see
+        <a href="https://bugs.launchpad.net/launchpad/+bug/1827369";>bug
+        1827369</a> for details on the state of support for other key types.
+      </p>
+
           <table class="form" id="launchpad-form-widgets">
             <tbody>
               <tr>
diff --git a/lib/lp/services/gpg/interfaces.py b/lib/lp/services/gpg/interfaces.py
index 39ec411..48bae87 100644
--- a/lib/lp/services/gpg/interfaces.py
+++ b/lib/lp/services/gpg/interfaces.py
@@ -77,10 +77,14 @@ class GPGKeyAlgorithm(DBEnumeratedType):
     """
     GPG Compliant Key Algorithms Types:
 
-    1 : "R", # RSA
-    16: "g", # ElGamal
-    17: "D", # DSA
-    20: "G", # ElGamal, compromised
+    1  : "R", # RSA
+    16 : "g", # ElGamal
+    17 : "D", # DSA
+    20 : "G", # ElGamal, compromised
+    301: "E", # ECDSA
+    302: "e", # ECDH
+
+    See `pubkey_letter` in GnuPG for the single-letter codes used here.
 
     FIXME
     Rewrite it according to the experimental API returning also a name
@@ -120,6 +124,22 @@ class GPGKeyAlgorithm(DBEnumeratedType):
         ElGamal, compromised""",
     )
 
+    ECDSA = DBItem(
+        301,
+        """
+        E
+
+        ECDSA""",
+    )
+
+    ECDH = DBItem(
+        302,
+        """
+        e
+
+        ECDH""",
+    )
+
 
 class MoreThanOneGPGKeyFound(Exception):
     """More than one GPG key was found.
diff --git a/lib/lp/services/gpg/tests/test_gpghandler.py b/lib/lp/services/gpg/tests/test_gpghandler.py
index 32cbaf5..653740d 100644
--- a/lib/lp/services/gpg/tests/test_gpghandler.py
+++ b/lib/lp/services/gpg/tests/test_gpghandler.py
@@ -117,12 +117,12 @@ class TestGPGHandler(TestCase):
         fingerprints = {
             key.fingerprint for key in self.gpg_handler.localKeys()
         }
-        self.assertTrue(
-            "340CA3BB270E2716C9EE0B768E7EB7086C64A8C5" in fingerprints
-        )
-        self.assertTrue(
-            "A419AE861E88BC9E04B9C26FBA2B9389DFD20543" in fingerprints
-        )
+        # foo.bar@xxxxxxxxxxxxx
+        self.assertIn("340CA3BB270E2716C9EE0B768E7EB7086C64A8C5", fingerprints)
+        # test@xxxxxxxxxxxxx
+        self.assertIn("A419AE861E88BC9E04B9C26FBA2B9389DFD20543", fingerprints)
+        # foo.bar@xxxxxxxxxxxxx-nistp256
+        self.assertIn("7DF8FEA9E998922E7CCB3EC9BF5D16BC1C0A8AE4", fingerprints)
 
     def testFilteredGetKeys(self):
         """Check the filtered key lookup mechanism.
diff --git a/lib/lp/testing/gpgkeys/data/foo.bar@xxxxxxxxxxxxxxxxxxxxxxxxxx b/lib/lp/testing/gpgkeys/data/foo.bar@xxxxxxxxxxxxxxxxxxxxxxxxxx
new file mode 100644
index 0000000..56ec19c
--- /dev/null
+++ b/lib/lp/testing/gpgkeys/data/foo.bar@xxxxxxxxxxxxxxxxxxxxxxxxxx
@@ -0,0 +1,14 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mFIEYxox9BMIKoZIzj0DAQcCAwTbLMABKGPLD4yX+osrnVWQ9ngSiGBv5muILqO0
+iNYo7kg3rCbp33oBQjJKlEFV0HrlJQTze14c5d2Z1EQnGhHstB9Gb28gQmFyIDxm
+b28uYmFyQGNhbm9uaWNhbC5jb20+iJAEExMIADgWIQR9+P6p6ZiSLnzLPsm/XRa8
+HAqK5AUCYxox9AIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRC/XRa8HAqK
+5CQQAQDLbv63nO+pL+2y1weL4SaGCGny7juMkCQa2V0wU7y74AD/UJVN85Bpw4VD
+XEHW8zhXiEj3Yj9M17viG7tbcZS9mCi4VgRjGjH0EggqhkjOPQMBBwIDBHPuDddS
+Sn1O5XXIDw+k33dccqRz4Z+WSO4k4N+OrSoSAqwe97Wc0YdgDQwW0Tp1gtVQD0mh
+zARX1hepE6vRfTkDAQgHiHgEGBMIACAWIQR9+P6p6ZiSLnzLPsm/XRa8HAqK5AUC
+Yxox9AIbDAAKCRC/XRa8HAqK5D8WAQDkguaZBxo41fbas0FJOFiCDdv5SI5a5Aaa
+nRf2hENLNAEAsEXYzFcKTmx7xkAmynsfN7T80ub5mjkkr27lBYCQfw0=
+=bA48
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/lib/lp/testing/gpgkeys/data/foo.bar@xxxxxxxxxxxxxxxxxxxxxxxxxx b/lib/lp/testing/gpgkeys/data/foo.bar@xxxxxxxxxxxxxxxxxxxxxxxxxx
new file mode 100644
index 0000000..f0d99a8
--- /dev/null
+++ b/lib/lp/testing/gpgkeys/data/foo.bar@xxxxxxxxxxxxxxxxxxxxxxxxxx
@@ -0,0 +1,18 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lKUEYxox9BMIKoZIzj0DAQcCAwTbLMABKGPLD4yX+osrnVWQ9ngSiGBv5muILqO0
+iNYo7kg3rCbp33oBQjJKlEFV0HrlJQTze14c5d2Z1EQnGhHs/gcDAttSqfrTn5HX
+/8N6mjpGbfiaAA/VXUR6+r52IUMn5/9rx7THcjKnSyRtkC+f5w4/Fh/Asm8tpocM
+XMqJPC+oBiF2bMvM+q+4OZj8bUTQR6K0H0ZvbyBCYXIgPGZvby5iYXJAY2Fub25p
+Y2FsLmNvbT6IkAQTEwgAOBYhBH34/qnpmJIufMs+yb9dFrwcCorkBQJjGjH0AhsD
+BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEL9dFrwcCorkJBABAMtu/rec76kv
+7bLXB4vhJoYIafLuO4yQJBrZXTBTvLvgAP9QlU3zkGnDhUNcQdbzOFeISPdiP0zX
+u+Ibu1txlL2YKJypBGMaMfQSCCqGSM49AwEHAgMEc+4N11JKfU7ldcgPD6Tfd1xy
+pHPhn5ZI7iTg346tKhICrB73tZzRh2ANDBbROnWC1VAPSaHMBFfWF6kTq9F9OQMB
+CAf+BwMCIIWZ4OnQZvb/hEJ/s7Kl7PuAEK4eCVw0dkBpIXCR8FQdl8k/Bb5BEO+t
+O9A28j8teXzTRP2sBVHz9rTw+YPOAJYGSIXSXB8i+H+Tt4wgJIh4BBgTCAAgFiEE
+ffj+qemYki58yz7Jv10WvBwKiuQFAmMaMfQCGwwACgkQv10WvBwKiuQ/FgEA5ILm
+mQcaONX22rNBSThYgg3b+UiOWuQGmp0X9oRDSzQBALBF2MxXCk5se8ZAJsp7Hze0
+/NLm+Zo5JK9u5QWAkH8N
+=i86g
+-----END PGP PRIVATE KEY BLOCK-----