-
Notifications
You must be signed in to change notification settings - Fork 96
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
p11-kit generate-keypair: Support EdDSA key generation
This adds support for generating EdDSA keys with the p11-kit generate-keypair command. Aside from that tests are added using SoftHSM to exercise all the supported algorithms. Signed-off-by: Daiki Ueno <[email protected]>
- Loading branch information
Showing
6 changed files
with
113 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
|
||
module: libsofthsm2.so | ||
managed: yes | ||
enable-in: p11-kit-testable |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
#!/bin/sh | ||
|
||
test "${abs_top_builddir+set}" = set || { | ||
echo "set abs_top_builddir" 1>&2 | ||
exit 1 | ||
} | ||
|
||
. "$abs_top_builddir/common/test-init.sh" | ||
|
||
: ${P11_MODULE_PATH="$abs_top_builddir"/.libs} | ||
|
||
setup() { | ||
testdir=$PWD/test-objects-$$ | ||
test -d "$testdir" || mkdir "$testdir" | ||
cd "$testdir" | ||
mkdir tokens | ||
cat > softhsm2.conf <<EOF | ||
directories.tokendir = $PWD/tokens/ | ||
EOF | ||
export SOFTHSM2_CONF=$PWD/softhsm2.conf | ||
|
||
: ${SOFTHSM2_UTIL=softhsm2-util} | ||
if ! "$SOFTHSM2_UTIL" --version >/dev/null; then | ||
skip "softhsm2-util not found" | ||
return | ||
fi | ||
softhsm2-util --init-token --free --label test-genkey --so-pin 12345 --pin 12345 | ||
|
||
: ${PKG_CONFIG=pkg-config} | ||
if ! "$PKG_CONFIG" p11-kit-1 --exists; then | ||
skip "pkgconfig(p11-kit-1) not found" | ||
return | ||
fi | ||
|
||
module_path=$("$PKG_CONFIG" p11-kit-1 --variable=p11_module_path) | ||
if ! test -e "$module_path/libsofthsm2.so"; then | ||
skip "unable to resolve libsofthsm2.so" | ||
return | ||
fi | ||
|
||
ln -sf "$module_path"/libsofthsm2.so "$P11_MODULE_PATH" | ||
} | ||
|
||
teardown() { | ||
unset SOFTHSM2_CONF | ||
rm -rf "$testdir" | ||
} | ||
|
||
test_generate_keypair_rsa() { | ||
if ! "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --label=rsa --type=rsa --bits=2048 "pkcs11:token=test-genkey?pin-value=12345"; then | ||
assert_fail "unable to run: p11-kit generate-keypair" | ||
fi | ||
} | ||
|
||
test_generate_keypair_ecdsa() { | ||
for curve in secp256r1 secp384r1 secp521r1; do | ||
if ! "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --label="ecdsa-$curve" --type=ecdsa --curve="$curve" "pkcs11:token=test-genkey?pin-value=12345"; then | ||
assert_fail "unable to run: p11-kit generate-keypair" | ||
fi | ||
done | ||
|
||
if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --label="ecdsa-unknown" --type=ecdsa --curve=unknown "pkcs11:token=test-genkey?pin-value=12345"; then | ||
assert_fail "p11-kit generate-keypair succeeded for unknown ecdsa curve" | ||
fi | ||
} | ||
|
||
test_generate_keypair_eddsa() { | ||
curves= | ||
mech=$("$abs_top_builddir"/p11-kit/p11-kit-testable list-mechanisms "pkcs11:token=test-genkey" | sed -n '/CKM_EDDSA/p') | ||
if test -z "$mech"; then | ||
skip "no support for EdDSA" | ||
return | ||
fi | ||
if expr "$mech" : ".*key-size=256-" > /dev/null; then | ||
curve="$curve ed25519" | ||
fi | ||
if expr "$mech" : ".*key-size=.*-456" > /dev/null; then | ||
curve="$curve ed448" | ||
fi | ||
for curve in $curves; do | ||
if ! "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --label="eddsa-$curve" --type=eddsa --curve="$curve" "pkcs11:token=test-genkey?pin-value=12345"; then | ||
assert_fail "unable to run: p11-kit generate-keypair" | ||
fi | ||
done | ||
|
||
if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --label="eddsa-unknown" --type=eddsa --curve=unknown "pkcs11:token=test-genkey?pin-value=12345"; then | ||
assert_fail "p11-kit generate-keypair succeeded for unknown eddsa curve" | ||
fi | ||
} | ||
|
||
run test_generate_keypair_rsa test_generate_keypair_ecdsa \ | ||
test_generate_keypair_ecdsa |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters