Add missing tests for Ed448

Signed-off-by: Jakub Jelen <[email protected]>
latchset · Jan 20, 2025 · 2526edc · 2526edc
1 parent c96624c
commit 2526edc
Show file tree

Hide file tree

Showing 7 changed files with 54 additions and 4 deletions.
diff --git a/.reuse/dep5 b/.reuse/dep5
@@ -31,7 +31,8 @@ Files: .github/*
        tests/cert.json.in
        tests/cert.json.rsa.in
        tests/cert.json.ecdsa.in
-       tests/cert.json.eddsa.in
+       tests/cert.json.ed25519.in
+       tests/cert.json.ed448.in
        scripts/clean-dist.sh
 Copyright: (C) 2022 - 2024 Simo Sorce <[email protected]>
 License: Apache-2.0

diff --git a/tests/cert.json.eddsa.in → tests/cert.json.ed25519.in b/tests/cert.json.eddsa.in → tests/cert.json.ed25519.in
diff --git a/tests/cert.json.ed448.in b/tests/cert.json.ed448.in
@@ -0,0 +1,25 @@
+,
+    {"server_command": [@CHECKER@"openssl", "s_server", @PROPQ@"-www", "-port", "@PORT@", "-key", "@PRIURI@", "-cert", "@CRTURI@"],
+     "comment": "Run test with @PRIURI@ without certificate verify",
+     "environment": {"PYTHONPATH" : "."},
+     "server_hostname": "localhost",
+     "server_port": @PORT@,
+     "common_arguments": ["-p", "@PORT@"],
+     "tests" : [
+       {"name" : "test-tls13-conversation.py"},
+       {"name" : "test-conversation.py",
+        "arguments" : ["-d"]},
+       {"name" : "test-signature-algorithms.py",
+        "arguments" : [
+          "--ecdsa", "-x", "implicit SHA-1 check",
+          "-X", "handshake_failure", "sanity", "implicit SHA-1 check"
+        ],
+        "comment": "SHA-1 is disabled by crypto policies."
+       },
+       {"name" : "test-tls13-eddsa.py",
+        "arguments" : ["-x", "ed25519 only", "-X", "handshake_failure"],
+        "comment": "We have only ed448 key."
+       }
+     ]
+    }
+
diff --git a/tests/tbasic b/tests/tbasic
@@ -129,12 +129,14 @@ ossl 'pkey -in $BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripi
 ossl 'pkey -in $ECBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripin.pem'
 [[ -n $ECXBASEURIWITHPINVALUE ]] && ossl 'pkey -in $ECXBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ecx.pub.uripin.pem'
 [[ -n $EDBASEURIWITHPINVALUE ]] && ossl 'pkey -in $EDBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripin.pem'
+[[ -n $ED2BASEURIWITHPINVALUE ]] && ossl 'pkey -in $ED2BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripin.pem'
 
 title PARA "Test fetching public keys with a PIN source in URI"
 ossl 'pkey -in $BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripinsource.pem'
 ossl 'pkey -in $ECBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripinsource.pem'
 [[ -n $ECXBASEURIWITHPINSOURCE ]] && ossl 'pkey -in $ECXBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ecx.pub.uripinsource.pem'
 [[ -n $EDBASEURIWITHPINSOURCE ]] && ossl 'pkey -in $EDBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripinsource.pem'
+[[ -n $ED2BASEURIWITHPINSOURCE ]] && ossl 'pkey -in $ED2BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripinsource.pem'
 
 title PARA "Test prompting without PIN in config files"
 output=$(expect -c "spawn -noecho $CHECKER openssl pkey -in \"${PRIURI}\" -text -noout;

diff --git a/tests/tdemoca b/tests/tdemoca
@@ -61,6 +61,18 @@ if [[ -n $EDPRIURI ]]; then
     ca -batch -in ${DEMOCA}/cert-ed.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem'
 fi
 
+if [[ -n $ED2PRIURI ]]; then
+    title PARA "Generating a new CSR with existing ED448 key in token"
+    ossl '
+    req -batch -noenc -new -key ${ED2PRIURI}
+        -subj "/CN=testing-ed2-signing/O=PKCS11 Provider/C=US"
+        -out ${DEMOCA}/cert-ed2.csr'
+
+    title PARA "Signing the new ED448 key certificate"
+    ossl '
+    ca -batch -in ${DEMOCA}/cert-ed2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem'
+fi
+
 title PARA "Set up OCSP"
 ossl '
 req -batch -noenc -new -subj "/CN=OCSP/O=PKCS11 Provider/C=US"

diff --git a/tests/ttls b/tests/ttls
@@ -110,10 +110,15 @@ run_tests() {
     run_test "$ECPRIURI" "$ECCRTURI"
 
     if [[ -n "$EDBASEURI" ]]; then
-        title PARA "Run sanity test with default values (EdDSA)"
+        title PARA "Run sanity test with default values (Ed25519)"
         run_test "$EDPRIURI" "$EDCRTURI"
     fi
 
+    if [[ -n "$ED2BASEURI" ]]; then
+        title PARA "Run sanity test with default values (Ed448)"
+        run_test "$ED2PRIURI" "$ED2CRTURI"
+    fi
+
     title PARA "Run test with TLS 1.2"
     run_test "$PRIURI" "$CRTURI" "" "-tls1_2"
 

diff --git a/tests/ttlsfuzzer b/tests/ttlsfuzzer
@@ -69,8 +69,13 @@ run_tests() {
     prepare_test cert.json.ecdsa.in "$ECPEERPRIURI" "$ECPEERCRTURI"
 
     if [[ -n "$EDBASEURI" ]]; then
-        title PARA "Prepare test for EdDSA"
-        prepare_test cert.json.eddsa.in "$EDPRIURI" "$EDCRTURI"
+        title PARA "Prepare test for Ed25519"
+        prepare_test cert.json.ed25519.in "$EDPRIURI" "$EDCRTURI"
+    fi
+
+    if [[ -n "$ED2BASEURI" ]]; then
+        title PARA "Prepare test for Ed448"
+        prepare_test cert.json.ed448.in "$ED2PRIURI" "$ED2CRTURI"
     fi
 
     # the missing closing brace