From ae6ca2797861695a62c42c1418a19b0d68630c1e Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Sun, 1 Oct 2023 09:37:52 +0900 Subject: [PATCH] p11-kit generate-keypair: Support EdDSA key generation Also add tests for the p11-kit generate-keypair command using SoftHSM2. Signed-off-by: Daiki Ueno --- p11-kit/Makefile.am | 2 + .../fixtures/package-modules/softhsm2.module | 4 + p11-kit/generate-keypair.c | 11 ++- p11-kit/meson.build | 4 + p11-kit/test-generate-keypair.sh | 75 +++++++++++++++++++ 5 files changed, 95 insertions(+), 1 deletion(-) create mode 100644 p11-kit/fixtures/package-modules/softhsm2.module create mode 100644 p11-kit/test-generate-keypair.sh diff --git a/p11-kit/Makefile.am b/p11-kit/Makefile.am index 4cdc51b6..b644ce4a 100644 --- a/p11-kit/Makefile.am +++ b/p11-kit/Makefile.am @@ -425,6 +425,7 @@ sh_tests += \ p11-kit/test-objects.sh \ p11-kit/test-lists.sh \ p11-kit/test-server.sh \ + p11-kit/test-generate-keypair.sh \ $(NULL) if WITH_ASN1 @@ -618,4 +619,5 @@ EXTRA_DIST += \ p11-kit/test-messages.sh \ p11-kit/test-server.sh \ p11-kit/test-export-public.sh \ + p11-kit/test-generate-keypair.sh \ $(NULL) diff --git a/p11-kit/fixtures/package-modules/softhsm2.module b/p11-kit/fixtures/package-modules/softhsm2.module new file mode 100644 index 00000000..d64528c8 --- /dev/null +++ b/p11-kit/fixtures/package-modules/softhsm2.module @@ -0,0 +1,4 @@ + +module: libsofthsm2.so +managed: yes +enable-in: p11-kit-testable diff --git a/p11-kit/generate-keypair.c b/p11-kit/generate-keypair.c index 20ead0e6..c463ae3c 100644 --- a/p11-kit/generate-keypair.c +++ b/p11-kit/generate-keypair.c @@ -80,7 +80,8 @@ get_mechanism (const char *type) m.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; else if (p11_ascii_strcaseeq (type, "ecdsa")) m.mechanism = CKM_ECDSA_KEY_PAIR_GEN; - else if (p11_ascii_strcaseeq (type, "ed25519")) + else if (p11_ascii_strcaseeq (type, "ed25519") || + p11_ascii_strcaseeq (type, "ed448")) m.mechanism = CKM_EC_EDWARDS_KEY_PAIR_GEN; return m; @@ -93,6 +94,8 @@ get_ec_params (const char *curve, static const uint8_t OID_SECP256R1[] = { 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 }; static const uint8_t OID_SECP384R1[] = { 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22 }; static const uint8_t OID_SECP521R1[] = { 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23 }; + static const uint8_t OID_ED25519[] = { 0x06, 0x03, 0x2b, 0x65, 0x70 }; + static const uint8_t OID_ED448[] = { 0x06, 0x03, 0x2b, 0x65, 0x71 }; if (p11_ascii_strcaseeq (curve, "secp256r1")) { *ec_params_len = sizeof (OID_SECP256R1); @@ -103,6 +106,12 @@ get_ec_params (const char *curve, } else if (p11_ascii_strcaseeq (curve, "secp521r1")) { *ec_params_len = sizeof (OID_SECP521R1); return OID_SECP521R1; + } else if (p11_ascii_strcaseeq (curve, "ed25519")) { + *ec_params_len = sizeof (OID_ED25519); + return OID_ED25519; + } else if (p11_ascii_strcaseeq (curve, "ed448")) { + *ec_params_len = sizeof (OID_ED448); + return OID_ED448; } return NULL; diff --git a/p11-kit/meson.build b/p11-kit/meson.build index 6bf9bcf3..52d2f148 100644 --- a/p11-kit/meson.build +++ b/p11-kit/meson.build @@ -401,6 +401,10 @@ if get_option('test') test('test-server.sh', find_program('test-server.sh'), env: p11_kit_tests_env) + + test('test-generate-keypair.sh', + find_program('test-generate-keypair.sh'), + env: p11_kit_tests_env) endif if with_asn1 and host_system != 'windows' diff --git a/p11-kit/test-generate-keypair.sh b/p11-kit/test-generate-keypair.sh new file mode 100644 index 00000000..8a27e79d --- /dev/null +++ b/p11-kit/test-generate-keypair.sh @@ -0,0 +1,75 @@ +#!/bin/sh + +test "${abs_top_builddir+set}" = set || { + echo "set abs_top_builddir" 1>&2 + exit 1 +} + +. "$abs_top_builddir/common/test-init.sh" + +setup() { + testdir=$PWD/test-objects-$$ + test -d "$testdir" || mkdir "$testdir" + cd "$testdir" + mkdir tokens + cat > softhsm2.conf </dev/null; then + skip "softhsm2-util not found" + fi + softhsm2-util --init-token --free --label test-genkey --so-pin 12345 --pin 12345 + + : ${PKG_CONFIG=pkg-config} + if ! "$PKG_CONFIG" p11-kit-1 --exists; then + skip "pkgconfig(p11-kit-1) not found" + fi + + module_path=$("$PKG_CONFIG" p11-kit-1 --variable=p11_module_path) + if ! test -e "$module_path/libsofthsm2.so"; then + skip "unable to resolve libsofthsm2.so" + fi + + ln -sf "$module_path"/libsofthsm2.so "$abs_top_builddir"/p11-kit +} + +teardown() { + unset SOFTHSM2_CONF + rm -rf "$testdir" +} + +test_generate_keypair_rsa() { + if ! "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --label=rsa --type=rsa --bits=2048 "pkcs11:token=test-genkey?pin-value=12345"; then + assert_fail "unable to run: p11-kit generate-keypair" + fi +} + +test_generate_keypair_ecdsa() { + for curve in secp256r1 secp384r1 secp521r1; do + if ! "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --label="ecdsa-$curve" --type=ecdsa --curve="$curve" "pkcs11:token=test-genkey?pin-value=12345"; then + assert_fail "unable to run: p11-kit generate-keypair" + fi + done + + if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --label="ecdsa-unknown" --type=ecdsa --curve=unknown "pkcs11:token=test-genkey?pin-value=12345"; then + assert_fail "p11-kit generate-keypair succeeded for unknown ecdsa curve" + fi +} + +test_generate_keypair_eddsa() { + for curve in ed25519 ed25519; do + if ! "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --label="eddsa-$curve" --type=eddsa --curve="$curve" "pkcs11:token=test-genkey?pin-value=12345"; then + assert_fail "unable to run: p11-kit generate-keypair" + fi + done + + if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --label="eddsa-unknown" --type=eddsa --curve=unknown "pkcs11:token=test-genkey?pin-value=12345"; then + assert_fail "p11-kit generate-keypair succeeded for unknown eddsa curve" + fi +} + +run test_generate_keypair_rsa test_generate_keypair_ecdsa \ + test_generate_keypair_ecdsa