Fix a bug where eddsa mechanism isnt recognized in generate-keypair

Signed-off-by: Zoltan Fridrich <[email protected]>
p11-glue · Jan 11, 2024 · 90bc380 · 90bc380
1 parent 2db1b48
commit 90bc380
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 8 deletions.
diff --git a/doc/manual/p11-kit.xml b/doc/manual/p11-kit.xml
@@ -293,7 +293,7 @@ $ p11-kit generate-keypair --type=algorithm &lcub;--bits=n|--curve=name&rcub; &l
 		<varlistentry>
 			<term><option>--type=&lt;algorithm&gt;</option></term>
 			<listitem><para>Specify the type of keys to generate.
-			Supported values are rsa, ecdsa and ed25519.</para></listitem>
+			Supported values are rsa, ecdsa and eddsa.</para></listitem>
 		</varlistentry>
 		<varlistentry>
 			<term><option>--bits=&lt;n&gt;</option></term>

diff --git a/p11-kit/generate-keypair.c b/p11-kit/generate-keypair.c
@@ -83,8 +83,7 @@ get_mechanism (const char *type)
 		m.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
 	else if (p11_ascii_strcaseeq (type, "ecdsa"))
 		m.mechanism = CKM_ECDSA_KEY_PAIR_GEN;
-	else if (p11_ascii_strcaseeq (type, "ed25519") ||
-		 p11_ascii_strcaseeq (type, "ed448"))
+	else if (p11_ascii_strcaseeq (type, "eddsa"))
 		m.mechanism = CKM_EC_EDWARDS_KEY_PAIR_GEN;
 
 	return m;

diff --git a/p11-kit/test-generate-keypair.sh b/p11-kit/test-generate-keypair.sh
@@ -42,8 +42,8 @@ test_generate_keypair_ecdsa() {
 		if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --login --label="ecdsa-$curve" --type=ecdsa --curve="$curve" "pkcs11:token=PUBKEY%20LABEL?pin-value=booo" 2> err.out; then
 			assert_fail "expected to fail: p11-kit generate-keypair"
 		fi
+		assert_contains err.out "key-pair generation failed: The crypto mechanism is invalid or unrecognized"
 	done
-	assert_contains err.out "key-pair generation failed: The crypto mechanism is invalid or unrecognized"
 
 	if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --login --label="ecdsa-unknown" --type=ecdsa --curve=unknown "pkcs11:token=PUBKEY%20LABEL?pin-value=booo" 2> err.out; then
 		assert_fail "p11-kit generate-keypair succeeded for unknown ecdsa curve"
@@ -54,16 +54,16 @@ test_generate_keypair_ecdsa() {
 test_generate_keypair_eddsa() {
 	for curve in ed25519 ed448; do
 		if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --login --label="eddsa-$curve" --type=eddsa --curve="$curve" "pkcs11:token=PUBKEY%20LABEL?pin-value=booo" 2> err.out; then
-			assert_fail "unable to run: p11-kit generate-keypair"
+			assert_fail "expected to fail: p11-kit generate-keypair"
 		fi
+		assert_contains err.out "key-pair generation failed: The crypto mechanism is invalid or unrecognized"
 	done
-	assert_contains err.out "key-pair generation failed: The crypto mechanism is invalid or unrecognized"
 
-	if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --login --label="eddsa-unknown" --type=eddsa --curve=unknown "pkcs11:token=PUBKEY%20LABEL?pin-value=booo"; then
+	if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --login --label="eddsa-unknown" --type=eddsa --curve=unknown "pkcs11:token=PUBKEY%20LABEL?pin-value=booo" 2> err.out; then
 		assert_fail "p11-kit generate-keypair succeeded for unknown eddsa curve"
 	fi
 	assert_contains err.out "unknown curve name: unknown"
 }
 
 run test_generate_keypair_mock test_generate_keypair_rsa \
-    test_generate_keypair_ecdsa test_generate_keypair_ecdsa
+    test_generate_keypair_ecdsa test_generate_keypair_eddsa