Skip to content

Commit

Permalink
p11-kit generate-keypair: Support EdDSA key generation
Browse files Browse the repository at this point in the history
Also add tests for the p11-kit generate-keypair command using SoftHSM2.

Signed-off-by: Daiki Ueno <[email protected]>
  • Loading branch information
ueno committed Oct 1, 2023
1 parent 7d659c1 commit ae6ca27
Show file tree
Hide file tree
Showing 5 changed files with 95 additions and 1 deletion.
2 changes: 2 additions & 0 deletions p11-kit/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -425,6 +425,7 @@ sh_tests += \
p11-kit/test-objects.sh \
p11-kit/test-lists.sh \
p11-kit/test-server.sh \
p11-kit/test-generate-keypair.sh \
$(NULL)

if WITH_ASN1
Expand Down Expand Up @@ -618,4 +619,5 @@ EXTRA_DIST += \
p11-kit/test-messages.sh \
p11-kit/test-server.sh \
p11-kit/test-export-public.sh \
p11-kit/test-generate-keypair.sh \
$(NULL)
4 changes: 4 additions & 0 deletions p11-kit/fixtures/package-modules/softhsm2.module
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@

module: libsofthsm2.so
managed: yes
enable-in: p11-kit-testable
11 changes: 10 additions & 1 deletion p11-kit/generate-keypair.c
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,8 @@ get_mechanism (const char *type)
m.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
else if (p11_ascii_strcaseeq (type, "ecdsa"))
m.mechanism = CKM_ECDSA_KEY_PAIR_GEN;
else if (p11_ascii_strcaseeq (type, "ed25519"))
else if (p11_ascii_strcaseeq (type, "ed25519") ||
p11_ascii_strcaseeq (type, "ed448"))
m.mechanism = CKM_EC_EDWARDS_KEY_PAIR_GEN;

return m;
Expand All @@ -93,6 +94,8 @@ get_ec_params (const char *curve,
static const uint8_t OID_SECP256R1[] = { 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 };
static const uint8_t OID_SECP384R1[] = { 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22 };
static const uint8_t OID_SECP521R1[] = { 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23 };
static const uint8_t OID_ED25519[] = { 0x06, 0x03, 0x2b, 0x65, 0x70 };
static const uint8_t OID_ED448[] = { 0x06, 0x03, 0x2b, 0x65, 0x71 };

if (p11_ascii_strcaseeq (curve, "secp256r1")) {
*ec_params_len = sizeof (OID_SECP256R1);
Expand All @@ -103,6 +106,12 @@ get_ec_params (const char *curve,
} else if (p11_ascii_strcaseeq (curve, "secp521r1")) {
*ec_params_len = sizeof (OID_SECP521R1);
return OID_SECP521R1;
} else if (p11_ascii_strcaseeq (curve, "ed25519")) {
*ec_params_len = sizeof (OID_ED25519);
return OID_ED25519;
} else if (p11_ascii_strcaseeq (curve, "ed448")) {
*ec_params_len = sizeof (OID_ED448);
return OID_ED448;
}

return NULL;
Expand Down
4 changes: 4 additions & 0 deletions p11-kit/meson.build
Original file line number Diff line number Diff line change
Expand Up @@ -401,6 +401,10 @@ if get_option('test')
test('test-server.sh',
find_program('test-server.sh'),
env: p11_kit_tests_env)

test('test-generate-keypair.sh',
find_program('test-generate-keypair.sh'),
env: p11_kit_tests_env)
endif

if with_asn1 and host_system != 'windows'
Expand Down
75 changes: 75 additions & 0 deletions p11-kit/test-generate-keypair.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
#!/bin/sh

test "${abs_top_builddir+set}" = set || {
echo "set abs_top_builddir" 1>&2
exit 1
}

. "$abs_top_builddir/common/test-init.sh"

setup() {
testdir=$PWD/test-objects-$$
test -d "$testdir" || mkdir "$testdir"
cd "$testdir"
mkdir tokens
cat > softhsm2.conf <<EOF
directories.tokendir = $PWD/tokens/
EOF
export SOFTHSM2_CONF=$PWD/softhsm2.conf

: ${SOFTHSM2_UTIL=softhsm2-util}
if ! "$SOFTHSM2_UTIL" --version >/dev/null; then
skip "softhsm2-util not found"
fi
softhsm2-util --init-token --free --label test-genkey --so-pin 12345 --pin 12345

: ${PKG_CONFIG=pkg-config}
if ! "$PKG_CONFIG" p11-kit-1 --exists; then
skip "pkgconfig(p11-kit-1) not found"
fi

module_path=$("$PKG_CONFIG" p11-kit-1 --variable=p11_module_path)
if ! test -e "$module_path/libsofthsm2.so"; then
skip "unable to resolve libsofthsm2.so"
fi

ln -sf "$module_path"/libsofthsm2.so "$abs_top_builddir"/p11-kit
}

teardown() {
unset SOFTHSM2_CONF
rm -rf "$testdir"
}

test_generate_keypair_rsa() {
if ! "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --label=rsa --type=rsa --bits=2048 "pkcs11:token=test-genkey?pin-value=12345"; then
assert_fail "unable to run: p11-kit generate-keypair"
fi
}

test_generate_keypair_ecdsa() {
for curve in secp256r1 secp384r1 secp521r1; do
if ! "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --label="ecdsa-$curve" --type=ecdsa --curve="$curve" "pkcs11:token=test-genkey?pin-value=12345"; then
assert_fail "unable to run: p11-kit generate-keypair"
fi
done

if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --label="ecdsa-unknown" --type=ecdsa --curve=unknown "pkcs11:token=test-genkey?pin-value=12345"; then
assert_fail "p11-kit generate-keypair succeeded for unknown ecdsa curve"
fi
}

test_generate_keypair_eddsa() {
for curve in ed25519 ed25519; do
if ! "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --label="eddsa-$curve" --type=eddsa --curve="$curve" "pkcs11:token=test-genkey?pin-value=12345"; then
assert_fail "unable to run: p11-kit generate-keypair"
fi
done

if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --label="eddsa-unknown" --type=eddsa --curve=unknown "pkcs11:token=test-genkey?pin-value=12345"; then
assert_fail "p11-kit generate-keypair succeeded for unknown eddsa curve"
fi
}

run test_generate_keypair_rsa test_generate_keypair_ecdsa \
test_generate_keypair_ecdsa

0 comments on commit ae6ca27

Please sign in to comment.