From 137c45e8f96a98d6850db84db3d87c4b7bd15f11 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 17 Jul 2017 09:11:59 +0200 Subject: tests: privkey-keygen: added unit test for Ed25519 keys Signed-off-by: Nikos Mavrogiannopoulos --- tests/privkey-keygen.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/tests/privkey-keygen.c b/tests/privkey-keygen.c index ec79463430..885cf58e57 100644 --- a/tests/privkey-keygen.c +++ b/tests/privkey-keygen.c @@ -1,5 +1,6 @@ /* * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. * * Author: David Marín Carreño * @@ -15,9 +16,8 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with GnuTLS; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see */ #ifdef HAVE_CONFIG_H @@ -36,6 +36,10 @@ #define MAX_TRIES 2 +/* This tests the key generation, as well as the sign/verification + * functionality of the supported public key algorithms. + */ + static int sec_param[MAX_TRIES] = #ifdef ENABLE_FIPS140 { GNUTLS_SEC_PARAM_MEDIUM, GNUTLS_SEC_PARAM_HIGH }; @@ -53,12 +57,18 @@ const gnutls_datum_t raw_data = { 11 }; -static void sign_verify_data(gnutls_x509_privkey_t pkey) +static void sign_verify_data(gnutls_pk_algorithm_t algorithm, gnutls_x509_privkey_t pkey) { int ret; gnutls_privkey_t privkey; gnutls_pubkey_t pubkey; gnutls_datum_t signature; + gnutls_digest_algorithm_t digest; + + if (algorithm == GNUTLS_PK_EDDSA_ED25519) + digest = GNUTLS_DIG_SHA512; + else + digest = GNUTLS_DIG_SHA256; /* sign arbitrary data */ assert(gnutls_privkey_init(&privkey) >= 0); @@ -67,7 +77,7 @@ static void sign_verify_data(gnutls_x509_privkey_t pkey) if (ret < 0) fail("gnutls_privkey_import_x509\n"); - ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA256, 0, + ret = gnutls_privkey_sign_data(privkey, digest, 0, &raw_data, &signature); if (ret < 0) fail("gnutls_x509_privkey_sign_data\n"); @@ -79,7 +89,7 @@ static void sign_verify_data(gnutls_x509_privkey_t pkey) if (ret < 0) fail("gnutls_pubkey_import_privkey\n"); - ret = gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm(pubkey, NULL),GNUTLS_DIG_SHA256), + ret = gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm(pubkey, NULL),digest), 0, &raw_data, &signature); if (ret < 0) fail("gnutls_pubkey_verify_data2\n"); @@ -103,7 +113,7 @@ void doit(void) gnutls_global_set_log_level(4711); for (i = 0; i < MAX_TRIES; i++) { - for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_RSA_PSS; + for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_MAX; algorithm++) { if (algorithm == GNUTLS_PK_DH || algorithm == GNUTLS_PK_ECDH_X25519) @@ -152,8 +162,8 @@ void doit(void) fail("gnutls_x509_privkey_generate after cpy (%s): %s (%d)\n", gnutls_pk_algorithm_get_name(algorithm), gnutls_strerror(ret), ret); } - sign_verify_data(pkey); - sign_verify_data(dst); + sign_verify_data(algorithm, pkey); + sign_verify_data(algorithm, dst); gnutls_x509_privkey_deinit(pkey); gnutls_x509_privkey_deinit(dst); -- cgit v1.2.1