Skip to content

Commit

Permalink
Add basic Ed448 tests
Browse files Browse the repository at this point in the history
The pkcs11-tool does not support generating these keys so we just test
the internal key generation and processing with tgenkey.

Signed-off-by: Jakub Jelen <[email protected]>
  • Loading branch information
Jakuje authored and simo5 committed Aug 22, 2024
1 parent fdaaf14 commit 7e1584e
Show file tree
Hide file tree
Showing 3 changed files with 96 additions and 4 deletions.
29 changes: 29 additions & 0 deletions tests/setup-kryoptic.sh
Original file line number Diff line number Diff line change
Expand Up @@ -269,6 +269,35 @@ echo "${EDPUBURI}"
echo "${EDPRIURI}"
echo "${EDCRTURI}"

# FIXME The pkcs11-tool before OpenSC 0.26 does not support Ed448 so they can
# not be generated here
#
# generate ED448
#KEYID='0009'
#URIKEYID="%00%09"
#ED2CRT="${TMPPDIR}/ed2cert"
#ED2CRTN="ed2Cert"
#
# shellcheck disable=SC2086
# pkcs11-tool ${P11DEFARGS} --keypairgen --key-type="EC:edwards448" \
# --label="${ED2CRTN}" --id="$KEYID"
# ca_sign "$EDCRT" $ED2CRTN "My ED448 Cert" $KEYID
#
# ED2BASEURIWITHPINVALUE="pkcs11:id=${URIKEYID};pin-value=${PINVALUE}"
# ED2BASEURIWITHPINSOURCE="pkcs11:id=${URIKEYID};pin-source=file:${PINFILE}"
# ED2BASEURI="pkcs11:id=${URIKEYID}"
# ED2PUBURI="pkcs11:type=public;id=${URIKEYID}"
# ED2PRIURI="pkcs11:type=private;id=${URIKEYID}"
# ED2CRTURI="pkcs11:type=cert;object=${ED2CRTN}"
#
# title LINE "ED448 PKCS11 URIS"
# echo "${EDBASEURIWITHPINVALUE}"
# echo "${EDBASEURIWITHPINSOURCE}"
# echo "${EDBASEURI}"
# echo "${EDPUBURI}"
# echo "${EDPRIURI}"
# echo "${EDCRTURI}"


title PARA "generate RSA key pair, self-signed certificate, remove public key"
KEYID='0005'
Expand Down
60 changes: 60 additions & 0 deletions tests/tedwards
Original file line number Diff line number Diff line change
Expand Up @@ -61,4 +61,64 @@ if [ $FAIL -ne 0 ]; then
exit 1
fi

# Test Ed448 too if supported
if [[ -n $ED2BASEURI ]]; then
title PARA "Export ED448 Public key to a file"
ossl 'pkey -in $ED2PUBURI -pubin -pubout -out ${TMPPDIR}/ed2out.pub'

title LINE "Print ED448 Public key from private"
ossl 'pkey -in $ED2PRIURI -pubout -text' $helper_emit
output="$helper_output"
FAIL=0
echo "$output" | grep "ED448 Public Key" > /dev/null 2>&1 || FAIL=1
if [ $FAIL -eq 1 ]; then
echo "Could not extract public key from private"
echo
echo "Original command output:"
echo "$output"
echo
exit 1
fi

title PARA "DigestSign and DigestVerify with ED448"
ossl '
pkeyutl -sign -inkey "${ED2BASEURI}"
-in ${RAND64FILE}
-rawin
-out ${TMPPDIR}/sha256-eddgstsig.bin'
ossl '
pkeyutl -verify -inkey "${ED2BASEURI}" -pubin
-in ${RAND64FILE}
-rawin
-sigfile ${TMPPDIR}/sha256-eddgstsig.bin'

title PARA "Test CSR generation from private ED448 keys"
ossl '
req -new -batch -key "${ED2PRIURI}" -out ${TMPPDIR}/ed448_csr.pem'
ossl '
req -in ${TMPPDIR}/ed448_csr.pem -verify -noout'

title PARA "Test EVP_PKEY_eq on public Edwards key both on token"
$CHECKER "${TESTBLDDIR}/tcmpkeys" "$ED2PUBURI" "$ED2PUBURI"

title PARA "Test EVP_PKEY_eq on public ED448 key via import"
$CHECKER "${TESTBLDDIR}/tcmpkeys" "$ED2PUBURI" "${TMPPDIR}"/ed2out.pub
title PARA "Match private ED key against public key"
$CHECKER "${TESTBLDDIR}/tcmpkeys" "$ED2PRIURI" "${TMPPDIR}"/ed2out.pub
title PARA "Match private ED key against public key (commutativity)"
$CHECKER "${TESTBLDDIR}/tcmpkeys" "${TMPPDIR}"/ed2out.pub "$ED2PRIURI"
fi

title PARA "Test Ed448 Key generation"
output=$("${TESTBLDDIR}"/tgenkey "ED448" 2>&1 || true)
FAIL=0
echo "$output" | grep "Performed tests: 1" || FAIL=1
if [ $FAIL -ne 0 ]; then
echo
echo "Original command output:"
echo "$output"
echo
exit 1
fi

exit 0
11 changes: 7 additions & 4 deletions tests/tgenkey.c
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,8 @@ static void check_keys(OSSL_STORE_CTX *store, const char *key_type)
check_rsa_key(pubkey);
} else if (strcmp(key_type, "EC") == 0) {
check_ec_key(pubkey);
} else if (strcmp(key_type, "ED25519") == 0) {
} else if (strcmp(key_type, "ED25519") == 0
|| strcmp(key_type, "ED448") == 0) {
check_eddsa_key(pubkey);
}

Expand Down Expand Up @@ -211,7 +212,8 @@ static void gen_keys(const char *key_type, const char *label, const char *idhex,
check_rsa_key(key);
} else if (strcmp(key_type, "EC") == 0) {
check_ec_key(key);
} else if (strcmp(key_type, "ED25519") == 0) {
} else if (strcmp(key_type, "ED25519") == 0
|| strcmp(key_type, "ED448") == 0) {
check_eddsa_key(key);
}

Expand Down Expand Up @@ -527,7 +529,8 @@ int main(int argc, char *argv[])

free(label);
free(uri);
} else if (strcmp(tests[num], "ED25519") == 0) {
} else if (strcmp(tests[num], "ED25519") == 0
|| strcmp(tests[num], "ED448") == 0) {
ret = RAND_bytes(id, 16);
if (ret != 1) {
fprintf(stderr, "Failed to generate key id\n");
Expand All @@ -548,7 +551,7 @@ int main(int argc, char *argv[])
params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
params[1] = OSSL_PARAM_construct_end();

gen_keys("ED25519", label, idhex, params, false);
gen_keys(tests[num], label, idhex, params, false);
free(label);
free(uri);
} else {
Expand Down

0 comments on commit 7e1584e

Please sign in to comment.