tests: Generate Ed448 keys if supported

Signed-off-by: Jakub Jelen <[email protected]>
latchset · Jan 13, 2025 · cff7ce7 · cff7ce7
1 parent a68e1bd
commit cff7ce7
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 29 deletions.
diff --git a/tests/setup.sh b/tests/setup.sh
@@ -232,34 +232,38 @@ if [ "${TOKENTYPE}" != "softokn" ]; then
     echo "${EDPUBURI}"
     echo "${EDPRIURI}"
     echo "${EDCRTURI}"
-fi
 
-# FIXME The pkcs11-tool before OpenSC 0.26 does not support Ed448 so they can
-# not be generated here
-#
-# generate ED448
-#KEYID='0009'
-#URIKEYID="%00%09"
-#ED2CRTN="ed2Cert"
-#
-# pkcs11-tool "${P11DEFARGS[@]}" --keypairgen --key-type="EC:edwards448" \
-# 	--label="${ED2CRTN}" --id="$KEYID"
-# ca_sign $ED2CRTN "My ED448 Cert" $KEYID
-#
-# ED2BASEURIWITHPINVALUE="pkcs11:id=${URIKEYID};pin-value=${PINVALUE}"
-# ED2BASEURIWITHPINSOURCE="pkcs11:id=${URIKEYID};pin-source=file:${PINFILE}"
-# ED2BASEURI="pkcs11:id=${URIKEYID}"
-# ED2PUBURI="pkcs11:type=public;id=${URIKEYID}"
-# ED2PRIURI="pkcs11:type=private;id=${URIKEYID}"
-# ED2CRTURI="pkcs11:type=cert;object=${ED2CRTN}"
-#
-# title LINE "ED448 PKCS11 URIS"
-# echo "${EDBASEURIWITHPINVALUE}"
-# echo "${EDBASEURIWITHPINSOURCE}"
-# echo "${EDBASEURI}"
-# echo "${EDPUBURI}"
-# echo "${EDPRIURI}"
-# echo "${EDCRTURI}"
+    # this requires OpenSC 0.26.0, which is not available in Ubuntu and CentOS 9
+    if [[ -f /etc/debian_version ]] && grep Ubuntu /etc/lsb-release; then
+        echo "Ed448 not supported in Ubuntu's OpenSC version"
+    elif [[ -f /etc/redhat-release ]] && grep "release 9" /etc/redhat-release; then
+        echo "Ed448 not supported in EL9's OpenSC version"
+    else
+        # generate ED448
+        KEYID='0009'
+        URIKEYID="%00%09"
+        ED2CRTN="ed2Cert"
+
+        pkcs11-tool "${P11DEFARGS[@]}" --keypairgen --key-type="EC:Ed448" \
+            --label="${ED2CRTN}" --id="$KEYID"
+        ca_sign $ED2CRTN "My ED448 Cert" $KEYID
+
+        ED2BASEURIWITHPINVALUE="pkcs11:id=${URIKEYID};pin-value=${PINVALUE}"
+        ED2BASEURIWITHPINSOURCE="pkcs11:id=${URIKEYID};pin-source=file:${PINFILE}"
+        ED2BASEURI="pkcs11:id=${URIKEYID}"
+        ED2PUBURI="pkcs11:type=public;id=${URIKEYID}"
+        ED2PRIURI="pkcs11:type=private;id=${URIKEYID}"
+        ED2CRTURI="pkcs11:type=cert;object=${ED2CRTN}"
+
+        title LINE "ED448 PKCS11 URIS"
+        echo "${ED2BASEURIWITHPINVALUE}"
+        echo "${ED2BASEURIWITHPINSOURCE}"
+        echo "${ED2BASEURI}"
+        echo "${ED2PUBURI}"
+        echo "${ED2PRIURI}"
+        echo "${ED2CRTURI}"
+    fi
+fi
 
 title PARA "generate RSA key pair, self-signed certificate, remove public key"
 KEYID='0005'
@@ -454,6 +458,18 @@ export EDCRTURI="${EDCRTURI}"
 DBGSCRIPT
 fi
 
+if [ -n "${ED2BASEURI}" ]; then
+    cat >> "${TMPPDIR}/testvars" <<DBGSCRIPT
+
+export ED2BASEURIWITHPINVALUE="${ED2BASEURIWITHPINVALUE}"
+export ED2BASEURIWITHPINSOURCE="${ED2BASEURIWITHPINSOURCE}"
+export ED2BASEURI="${ED2BASEURI}"
+export ED2PUBURI="${ED2PUBURI}"
+export ED2PRIURI="${ED2PRIURI}"
+export ED2CRTURI="${ED2CRTURI}"
+DBGSCRIPT
+fi
+
 if [ -n "${ECXBASEURI}" ]; then
     cat >> "${TMPPDIR}/testvars" <<DBGSCRIPT
 

diff --git a/tests/tedwards b/tests/tedwards
@@ -103,9 +103,9 @@ if [[ -n $ED2BASEURI ]]; then
 
     title PARA "Test EVP_PKEY_eq on public ED448 key via import"
     $CHECKER "${TESTBLDDIR}/tcmpkeys" "$ED2PUBURI" "${TMPPDIR}"/ed2out.pub
-    title PARA "Match private ED key against public key"
+    title PARA "Match private ED448 key against public key"
     $CHECKER "${TESTBLDDIR}/tcmpkeys" "$ED2PRIURI" "${TMPPDIR}"/ed2out.pub
-    title PARA "Match private ED key against public key (commutativity)"
+    title PARA "Match private ED448 key against public key (commutativity)"
     $CHECKER "${TESTBLDDIR}/tcmpkeys" "${TMPPDIR}"/ed2out.pub "$ED2PRIURI"
 fi