From e2ada91c11c17e1bbd9934c00008e09f4edf5579 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Fri, 17 Jan 2025 16:00:21 +0100 Subject: [PATCH] Add missing tests for Ed448 Signed-off-by: Jakub Jelen --- tests/tbasic | 2 ++ tests/tdemoca | 12 ++++++++++++ tests/ttls | 7 ++++++- tests/ttlsfuzzer | 7 ++++++- 4 files changed, 26 insertions(+), 2 deletions(-) diff --git a/tests/tbasic b/tests/tbasic index 6125a749..9aa2fa34 100755 --- a/tests/tbasic +++ b/tests/tbasic @@ -129,12 +129,14 @@ ossl 'pkey -in $BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripi ossl 'pkey -in $ECBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripin.pem' [[ -n $ECXBASEURIWITHPINVALUE ]] && ossl 'pkey -in $ECXBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ecx.pub.uripin.pem' [[ -n $EDBASEURIWITHPINVALUE ]] && ossl 'pkey -in $EDBASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripin.pem' +[[ -n $ED2BASEURIWITHPINVALUE ]] && ossl 'pkey -in $ED2BASEURIWITHPINVALUE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripin.pem' title PARA "Test fetching public keys with a PIN source in URI" ossl 'pkey -in $BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/rsa.pub.uripinsource.pem' ossl 'pkey -in $ECBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ec.pub.uripinsource.pem' [[ -n $ECXBASEURIWITHPINSOURCE ]] && ossl 'pkey -in $ECXBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ecx.pub.uripinsource.pem' [[ -n $EDBASEURIWITHPINSOURCE ]] && ossl 'pkey -in $EDBASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed.pub.uripinsource.pem' +[[ -n $ED2BASEURIWITHPINSOURCE ]] && ossl 'pkey -in $ED2BASEURIWITHPINSOURCE -pubin -pubout -out ${TMPPDIR}/ed2.pub.uripinsource.pem' title PARA "Test prompting without PIN in config files" output=$(expect -c "spawn -noecho $CHECKER openssl pkey -in \"${PRIURI}\" -text -noout; diff --git a/tests/tdemoca b/tests/tdemoca index cd71a48b..ceb12edb 100755 --- a/tests/tdemoca +++ b/tests/tdemoca @@ -61,6 +61,18 @@ if [[ -n $EDPRIURI ]]; then ca -batch -in ${DEMOCA}/cert-ed.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem' fi +if [[ -n $ED2PRIURI ]]; then + title PARA "Generating a new CSR with existing ED448 key in token" + ossl ' + req -batch -noenc -new -key ${ED2PRIURI} + -subj "/CN=testing-ed2-signing/O=PKCS11 Provider/C=US" + -out ${DEMOCA}/cert-ed2.csr' + + title PARA "Signing the new ED448 key certificate" + ossl ' + ca -batch -in ${DEMOCA}/cert-ed2.csr -keyfile ${PRIURI} -out ${DEMOCA}/cert.pem' +fi + title PARA "Set up OCSP" ossl ' req -batch -noenc -new -subj "/CN=OCSP/O=PKCS11 Provider/C=US" diff --git a/tests/ttls b/tests/ttls index 00c19c5d..805ea00d 100755 --- a/tests/ttls +++ b/tests/ttls @@ -110,10 +110,15 @@ run_tests() { run_test "$ECPRIURI" "$ECCRTURI" if [[ -n "$EDBASEURI" ]]; then - title PARA "Run sanity test with default values (EdDSA)" + title PARA "Run sanity test with default values (Ed25519)" run_test "$EDPRIURI" "$EDCRTURI" fi + if [[ -n "$ED2BASEURI" ]]; then + title PARA "Run sanity test with default values (Ed448)" + run_test "$ED2PRIURI" "$ED2CRTURI" + fi + title PARA "Run test with TLS 1.2" run_test "$PRIURI" "$CRTURI" "" "-tls1_2" diff --git a/tests/ttlsfuzzer b/tests/ttlsfuzzer index 8ea710d3..d2a12fa1 100755 --- a/tests/ttlsfuzzer +++ b/tests/ttlsfuzzer @@ -69,10 +69,15 @@ run_tests() { prepare_test cert.json.ecdsa.in "$ECPEERPRIURI" "$ECPEERCRTURI" if [[ -n "$EDBASEURI" ]]; then - title PARA "Prepare test for EdDSA" + title PARA "Prepare test for Ed25519" prepare_test cert.json.eddsa.in "$EDPRIURI" "$EDCRTURI" fi + if [[ -n "$ED2BASEURI" ]]; then + title PARA "Prepare test for Ed448" + prepare_test cert.json.eddsa.in "$ED2PRIURI" "$ED2CRTURI" + fi + # the missing closing brace echo "]" >> "${TMPFILE}"