Skip to content

Commit 0339e3e

Browse files
author
z4yx
committed
test algorithm extension
1 parent 9e724be commit 0339e3e

File tree

1 file changed

+24
-21
lines changed

1 file changed

+24
-21
lines changed

test-real/test-piv.sh

Lines changed: 24 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ PIVGenKeyCert() {
1515
algo="$3"
1616
YPT -a generate -A $algo -s $key >$TEST_TMP_DIR/pubkey-$key.pem # generate key at $key
1717
assertEquals 'yubico-piv-tool generate' 0 $?
18+
if [[ $algo == "X25519" ]]; then return; fi
1819
YPT -P 654321 -a verify-pin -a selfsign-certificate -s $key -S "$subject" < $TEST_TMP_DIR/pubkey-$key.pem >$TEST_TMP_DIR/cert-$key.pem
1920
assertEquals 'yubico-piv-tool selfsign-certificate' 0 $?
2021
YPT -a import-certificate -s $key < $TEST_TMP_DIR/cert-$key.pem
@@ -36,13 +37,15 @@ PIVSignDec() {
3637
key=$1
3738
pinArgs=
3839
op=$3
40+
inp_file=$TEST_TMP_DIR/cert-$key.pem
41+
if [[ $key == X25519 ]]; then inp_file=$TEST_TMP_DIR/pubkey-$key.pem; fi
3942
if [[ -n "$2" ]]; then pinArgs="-P 654321 -a verify-pin"; fi
4043
if [[ -z "$op" || s = "$op" ]]; then
41-
YPT $pinArgs -a test-signature -s $key < $TEST_TMP_DIR/cert-$key.pem;
44+
YPT $pinArgs -a test-signature -s $key < $inp_file;
4245
assertEquals 'yubico-piv-tool test-signature' 0 $?
4346
fi
4447
if [[ -z "$op" || d = "$op" ]]; then
45-
YPT $pinArgs -a test-decipher -s $key < $TEST_TMP_DIR/cert-$key.pem;
48+
YPT $pinArgs -a test-decipher -s $key < $inp_file;
4649
assertEquals 'yubico-piv-tool test-decipher' 0 $?
4750
fi
4851
}
@@ -113,32 +116,32 @@ test_RSA4096() {
113116
rsa_tests RSA4096
114117
}
115118

116-
test_ECC256() {
117-
for s in 9a 9c 9d 9e; do PIVGenKeyCert $s "/CN=CertAtSlot$s/" ECCP256; done
119+
ec_tests() {
120+
for s in 9a 9c 9d 9e; do PIVGenKeyCert $s "/CN=CertAtSlot$s/" $1; done
118121
YPT -a status
119-
for s in 9a 9c 9e; do PIVSignDec $s 1 s; done # 9a/9c/9e only do the ECDSA
120-
PIVSignDec 9d 1 d # 9d only do the ECDH
121-
out=$(pkcs15-tool --reader "$RDID" --read-certificate 01 | openssl x509 -text)
122-
assertContains 'CERT' "$out" 'CN = CertAtSlot9a'
122+
for s in 9a 9c 9d 9e; do
123+
if [[ $1 != "X25519" ]]; then PIVSignDec $s 1 s; fi
124+
if [[ $1 != "ED25519" ]]; then PIVSignDec $s 1 d; fi
125+
done
126+
if [[ $1 != *25519 ]]; then
127+
out=$(pkcs15-tool --reader "$RDID" --read-certificate 01 | openssl x509 -text)
128+
assertContains 'CERT' "$out" 'CN = CertAtSlot9a'
129+
out=$(pkcs15-tool --reader "$RDID" --read-certificate 02 | openssl x509 -text)
130+
assertContains 'CERT' "$out" 'CN = CertAtSlot9c'
131+
fi
132+
}
133+
134+
test_ECC256() {
135+
ec_tests ECCP256
123136
}
124137

125138
test_ECC384() {
126-
for s in 9a 9c 9d 9e; do PIVGenKeyCert $s "/CN=CertAtSlot$s/" ECCP384; done
127-
YPT -a status
128-
for s in 9a 9c 9e; do PIVSignDec $s 1 s; done # 9a/9c/9e only do the ECDSA
129-
PIVSignDec 9d 1 d # 9d only do the ECDH
130-
out=$(pkcs15-tool --reader "$RDID" --read-certificate 02 | openssl x509 -text)
131-
assertContains 'CERT' "$out" 'CN = CertAtSlot9c'
139+
ec_tests ECCP384
132140
}
133141

134142
test_25519() {
135-
for s in 9a 9c 9e; do PIVGenKeyCert $s "/CN=CertAtSlot$s/" ED25519; done
136-
for s in 9d; do PIVGenKeyCert $s "/CN=CertAtSlot$s/" X25519; done
137-
YPT -a status
138-
for s in 9a 9c 9e; do PIVSignDec $s 1 s; done # 9a/9c/9e only do the EDDSA
139-
# PIVSignDec 9d 1 d # 9d only do the EDDH
140-
# out=$(pkcs15-tool --reader "$RDID" --read-certificate 01 | openssl x509 -text)
141-
# assertContains 'CERT' "$out" 'CN = CertAtSlot9a'
143+
ec_tests ED25519
144+
ec_tests X25519
142145
}
143146

144147
test_PinBlock() {

0 commit comments

Comments
 (0)