Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable Ed25519 tests (and other forgotten ones) for kryoptic #431

Merged
merged 2 commits into from
Aug 21, 2024
Merged

Enable Ed25519 tests (and other forgotten ones) for kryoptic #431

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
25e9de6
tests: Enable EdDSA tests with kryoptic
Jakuje Aug 20, 2024
f824452
tests: Print openssl output on error
Jakuje Aug 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions tests/meson.build
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,13 +125,13 @@ tests = {
'pubkey': {'suites': ['softokn', 'softhsm', 'kryoptic']},
'certs': {'suites': ['softokn', 'softhsm', 'kryoptic']},
'ecc': {'suites': ['softokn', 'softhsm', 'kryoptic']},
'edwards': {'suites': ['softhsm']},
'edwards': {'suites': ['softhsm', 'kryoptic']},
'ecdh': {'suites': ['softokn', 'kryoptic']},
'democa': {'suites': ['softokn', 'softhsm', 'kryoptic'], 'is_parallel': false},
'digest': {'suites': ['softokn', 'softhsm', 'kryoptic']},
'fork': {'suites': ['softokn', 'softhsm', 'kryoptic']},
'oaepsha2': {'suites': ['softokn', 'kryoptic']},
'hkdf': {'suites': ['softokn']},
'hkdf': {'suites': ['softokn', 'kryoptic']},
'rsapss': {'suites': ['softokn', 'softhsm', 'kryoptic']},
'rsapssam': {'suites': ['softhsm']},
'genkey': {'suites': ['softokn', 'softhsm', 'kryoptic']},
Expand All @@ -141,7 +141,7 @@ tests = {
'tls': {'suites': ['softokn', 'softhsm', 'kryoptic'], 'is_parallel': false},
'uri': {'suites': ['softokn', 'softhsm', 'kryoptic']},
'ecxc': {'suites': ['softhsm', 'kryoptic']},
'cms': {'suites': ['softokn']},
'cms': {'suites': ['softokn', 'kryoptic']},
}

test_wrapper = find_program('test-wrapper')
Expand Down
118 changes: 65 additions & 53 deletions tests/setup-kryoptic.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -243,32 +243,31 @@ echo "${ECPEERPRIURI}"
echo "${ECPEERCRTURI}"
echo ""

# TODO: not supported yet by Kryoptic
## generate ED25519
#KEYID='0004'
#URIKEYID="%00%04"
#EDCRT="${TMPPDIR}/edcert"
#EDCRTN="edCert"
#
## shellcheck disable=SC2086
#pkcs11-tool ${P11DEFARGS} --keypairgen --key-type="EC:edwards25519" \
# --label="${EDCRTN}" --id="$KEYID"
#ca_sign "$EDCRT" $EDCRTN "My ED25519 Cert" $KEYID
#
#EDBASEURIWITHPINVALUE="pkcs11:id=${URIKEYID};pin-value=${PINVALUE}"
#EDBASEURIWITHPINSOURCE="pkcs11:id=${URIKEYID};pin-source=file:${PINFILE}"
#EDBASEURI="pkcs11:id=${URIKEYID}"
#EDPUBURI="pkcs11:type=public;id=${URIKEYID}"
#EDPRIURI="pkcs11:type=private;id=${URIKEYID}"
#EDCRTURI="pkcs11:type=cert;object=${EDCRTN}"
#
#title LINE "ED25519 PKCS11 URIS"
#echo "${EDBASEURIWITHPINVALUE}"
#echo "${EDBASEURIWITHPINSOURCE}"
#echo "${EDBASEURI}"
#echo "${EDPUBURI}"
#echo "${EDPRIURI}"
#echo "${EDCRTURI}"
# generate ED25519
KEYID='0004'
URIKEYID="%00%04"
EDCRT="${TMPPDIR}/edcert"
EDCRTN="edCert"

# shellcheck disable=SC2086
pkcs11-tool ${P11DEFARGS} --keypairgen --key-type="EC:edwards25519" \
--label="${EDCRTN}" --id="$KEYID"
ca_sign "$EDCRT" $EDCRTN "My ED25519 Cert" $KEYID

EDBASEURIWITHPINVALUE="pkcs11:id=${URIKEYID};pin-value=${PINVALUE}"
EDBASEURIWITHPINSOURCE="pkcs11:id=${URIKEYID};pin-source=file:${PINFILE}"
EDBASEURI="pkcs11:id=${URIKEYID}"
EDPUBURI="pkcs11:type=public;id=${URIKEYID}"
EDPRIURI="pkcs11:type=private;id=${URIKEYID}"
EDCRTURI="pkcs11:type=cert;object=${EDCRTN}"

title LINE "ED25519 PKCS11 URIS"
echo "${EDBASEURIWITHPINVALUE}"
echo "${EDBASEURIWITHPINSOURCE}"
echo "${EDBASEURI}"
echo "${EDPUBURI}"
echo "${EDPRIURI}"
echo "${EDCRTURI}"


title PARA "generate RSA key pair, self-signed certificate, remove public key"
Expand Down Expand Up @@ -353,33 +352,32 @@ else
echo ""
fi

# TODO: ALWAYS_AUTHENTICATE behavior not supported yet
#title PARA "generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate"
#KEYID='0008'
#URIKEYID="%00%08"
#TSTCRT="${TMPPDIR}/eccert3"
#TSTCRTN="ecCert3"
#
## shellcheck disable=SC2086
#pkcs11-tool ${P11DEFARGS} --keypairgen --key-type="EC:secp521r1" \
# --label="${TSTCRTN}" --id="$KEYID" --always-auth
#ca_sign "$TSTCRT" $TSTCRTN "My EC Cert 3" $KEYID
#
#ECBASE3URIWITHPINVALUE="pkcs11:id=${URIKEYID}?pin-value=${PINVALUE}"
#ECBASE3URIWITHPINSOURCE="pkcs11:id=${URIKEYID}?pin-source=file:${PINFILE}"
#ECBASE3URI="pkcs11:id=${URIKEYID}"
#ECPUB3URI="pkcs11:type=public;id=${URIKEYID}"
#ECPRI3URI="pkcs11:type=private;id=${URIKEYID}"
#ECCRT3URI="pkcs11:type=cert;object=${TSTCRTN}"
#
#title LINE "EC3 PKCS11 URIS"
#echo "${ECBASE3URIWITHPINVALUE}"
#echo "${ECBASE3URIWITHPINSOURCE}"
#echo "${ECBASE3URI}"
#echo "${ECPUB3URI}"
#echo "${ECPRI3URI}"
#echo "${ECCRT3URI}"
#echo ""
title PARA "generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate"
KEYID='0008'
URIKEYID="%00%08"
TSTCRT="${TMPPDIR}/eccert3"
TSTCRTN="ecCert3"

# shellcheck disable=SC2086
pkcs11-tool ${P11DEFARGS} --keypairgen --key-type="EC:secp521r1" \
--label="${TSTCRTN}" --id="$KEYID" --always-auth
ca_sign "$TSTCRT" $TSTCRTN "My EC Cert 3" $KEYID

ECBASE3URIWITHPINVALUE="pkcs11:id=${URIKEYID}?pin-value=${PINVALUE}"
ECBASE3URIWITHPINSOURCE="pkcs11:id=${URIKEYID}?pin-source=file:${PINFILE}"
ECBASE3URI="pkcs11:id=${URIKEYID}"
ECPUB3URI="pkcs11:type=public;id=${URIKEYID}"
ECPRI3URI="pkcs11:type=private;id=${URIKEYID}"
ECCRT3URI="pkcs11:type=cert;object=${TSTCRTN}"

title LINE "EC3 PKCS11 URIS"
echo "${ECBASE3URIWITHPINVALUE}"
echo "${ECBASE3URIWITHPINSOURCE}"
echo "${ECBASE3URI}"
echo "${ECPUB3URI}"
echo "${ECPRI3URI}"
echo "${ECCRT3URI}"
echo ""

title PARA "Show contents of kryoptic token"
echo " ----------------------------------------------------------------------------------------------------"
Expand Down Expand Up @@ -439,6 +437,13 @@ export ECPEERPUBURI="${ECPEERPUBURI}"
export ECPEERPRIURI="${ECPEERPRIURI}"
export ECPEERCRTURI="${ECPEERCRTURI}"

export EDBASEURIWITHPINVALUE="${EDBASEURIWITHPINVALUE}"
export EDBASEURIWITHPINSOURCE="${EDBASEURIWITHPINSOURCE}"
export EDBASEURI="${EDBASEURI}"
export EDPUBURI="${EDPUBURI}"
export EDPRIURI="${EDPRIURI}"
export EDCRTURI="${EDCRTURI}"

export BASE2URIWITHPINVALUE="${BASEURIWITHPINVALUE}"
export BASE2URIWITHPINSOURCE="${BASEURIWITHPINSOURCE}"
export BASE2URI="${BASE2URI}"
Expand All @@ -450,6 +455,13 @@ export ECBASE2URIWITHPINSOURCE="${ECBASE2URIWITHPINSOURCE}"
export ECBASE2URI="${ECBASE2URI}"
export ECPRI2URI="${ECPRI2URI}"
export ECCRT2URI="${ECCRT2URI}"

export ECBASE3URIWITHPINVALUE="${ECBASE3URIWITHPINVALUE}"
export ECBASE3URIWITHPINSOURCE="${ECBASE3URIWITHPINSOURCE}"
export ECBASE3URI="${ECBASE3URI}"
export ECPUB3URI="${ECPUB3URI}"
export ECPRI3URI="${ECPRI3URI}"
export ECCRT3URI="${ECCRT3URI}"
DBGSCRIPT

if [ -n "${ECXBASEURI}" ]; then
Expand Down
2 changes: 2 additions & 0 deletions tests/trsapssam
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ FAIL=0
echo "$output" | grep "mechanism not allowed with this key" > /dev/null 2>&1 || FAIL=1
if [ $FAIL -ne 0 ]; then
echo "Signature seem to have failed for unrelated reasons"
echo "$output";
exit 1
fi

Expand Down Expand Up @@ -82,5 +83,6 @@ FAIL=0
echo "$output" | grep "An invalid mechanism was specified to the cryptographic operation" > /dev/null 2>&1 || FAIL=1
if [ $FAIL -ne 0 ]; then
echo "Signature seem to have failed for unrelated reasons"
echo "$output";
exit 1
fi
Loading