From 96573d79e159a9a5748e2c525618700c44d9787c Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 6 Jun 2017 09:42:22 +0200
Subject: tests: pkcs7: added ed25519 basic signing and verification checks

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 tests/Makefile.am                         |   1 +
 tests/cert-tests/Makefile.am              |   4 +-
 tests/cert-tests/data/pkcs7-eddsa-sig.p7s | Bin 0 -> 776 bytes
 tests/cert-tests/pkcs7                    |   6 +-
 tests/cert-tests/pkcs7-eddsa              | 124 ++++++++++++++++++++++++++++++
 tests/certs/cert-ed25519.pem              |  12 +++
 tests/certs/ed25519.pem                   |  25 ++++++
 7 files changed, 169 insertions(+), 3 deletions(-)
 create mode 100644 tests/cert-tests/data/pkcs7-eddsa-sig.p7s
 create mode 100755 tests/cert-tests/pkcs7-eddsa
 create mode 100644 tests/certs/cert-ed25519.pem
 create mode 100644 tests/certs/ed25519.pem

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 4d1553f672..46fa9a553f 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -30,6 +30,7 @@ EXTRA_DIST = suppressions.valgrind eagain-common.h cert-common.h test-chains.h \
 	certs/cert-rsa-2432.pem certs/ecc384.pem certs/ecc.pem hex.h \
 	certs/ca-ecc.pem certs/cert-ecc384.pem certs/cert-ecc.pem certs/ecc256.pem \
 	certs/ecc521.pem certs/rsa-2432.pem x509cert-dir/ca.pem psk.passwd \
+	certs/ed25519.pem certs/cert-ed25519.pem \
 	system.prio pkcs11/softhsm.h pkcs11/pkcs11-pubkey-import.c gnutls-asan.supp \
 	rsa-md5-collision/README safe-renegotiation/README starttls-smtp.txt starttls-ftp.txt \
 	starttls-lmtp.txt starttls-pop3.txt starttls-nntp.txt starttls-sieve.txt \
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 8c1b508827..7b630f48f5 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -74,7 +74,7 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem
 	data/mem-leak.p12 data/alt-chain-new-ca.pem data/alt-chain-old-ca.pem \
 	data/alt-chain.pem data/pkcs7-chain.pem data/pkcs7-chain-root.pem \
 	data/pkcs7-chain-endcert-key.pem data/cert-rsa-pss.pem data/openssl-invalid-time-format.pem \
-	data/cert-eddsa.pem data/pubkey-eddsa.pem
+	data/cert-eddsa.pem data/pubkey-eddsa.pem data/pkcs7-eddsa-sig.p7s
 
 dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \
 	pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \
@@ -82,7 +82,7 @@ dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \
 	provable-privkey-rsa2048 provable-privkey-gen-default pkcs7-constraints \
 	pkcs7-constraints2 certtool-long-oids pkcs7-cat cert-sanity cert-critical \
 	pkcs12 certtool-crl-decoding pkcs12-encode pkcs12-corner-cases inhibit-anypolicy \
-	smime cert-time alt-chain pkcs7-list-sign
+	smime cert-time alt-chain pkcs7-list-sign pkcs7-eddsa
 
 if WANT_TEST_SUITE
 dist_check_SCRIPTS += provable-dh-default
diff --git a/tests/cert-tests/data/pkcs7-eddsa-sig.p7s b/tests/cert-tests/data/pkcs7-eddsa-sig.p7s
new file mode 100644
index 0000000000..911b8c17ea
Binary files /dev/null and b/tests/cert-tests/data/pkcs7-eddsa-sig.p7s differ
diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7
index f32dc46766..77726d7829 100755
--- a/tests/cert-tests/pkcs7
+++ b/tests/cert-tests/pkcs7
@@ -142,7 +142,11 @@ fi
 # Test cert combination
 
 FILE="p7-combined"
-cat "${srcdir}/../certs"/cert*.pem >"${OUTFILE2}"
+
+rm -f "${OUTFILE2}"
+for i in cert-ecc256.pem cert-ecc521.pem cert-ecc384.pem cert-ecc.pem cert-rsa-2432.pem;do
+	cat "${srcdir}/../certs"/$i >>"${OUTFILE2}"
+done
 ${VALGRIND} "${CERTTOOL}" --p7-generate --load-certificate "${OUTFILE2}" >"${OUTFILE}"
 rc=$?
 
diff --git a/tests/cert-tests/pkcs7-eddsa b/tests/cert-tests/pkcs7-eddsa
new file mode 100755
index 0000000000..ea61227399
--- /dev/null
+++ b/tests/cert-tests/pkcs7-eddsa
@@ -0,0 +1,124 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>
+
+#set -e
+
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
+DIFF="${DIFF:-diff -b -B}"
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+OUTFILE=out-pkcs7.$$.tmp
+OUTFILE2=out2-pkcs7.$$.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+check_for_datefudge
+
+KEY="${srcdir}/../certs/ed25519.pem"
+CERT="${srcdir}/../certs/cert-ed25519.pem"
+
+# Test verification of saved file
+FILE="${srcdir}/data/pkcs7-eddsa-sig.p7s"
+${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-certificate "${CERT}" --infile "${FILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct verification failed"
+	exit ${rc}
+fi
+
+# Test signing
+FILE="signing"
+${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey  "${KEY}" --load-certificate "${CERT}" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed"
+	exit ${rc}
+fi
+
+FILE="signing-verify"
+${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${CERT}" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification"
+	exit ${rc}
+fi
+
+#check extraction of embedded data in signature
+FILE="signing-verify-data"
+${VALGRIND} "${CERTTOOL}" --p7-verify --p7-show-data --load-certificate "${CERT}" --outfile "${OUTFILE2}" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification with data"
+	exit ${rc}
+fi
+
+cmp "${OUTFILE2}" "${srcdir}/data/pkcs7-detached.txt"
+rc=$?
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 data detaching failed"
+	exit ${rc}
+fi
+
+FILE="signing-time"
+${VALGRIND} "${CERTTOOL}" --p7-detached-sign --p7-time --load-privkey  "${KEY}" --load-certificate "${CERT}" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing with time failed"
+	exit ${rc}
+fi
+
+${VALGRIND} "${CERTTOOL}" --p7-info --infile "${OUTFILE}" >"${OUTFILE2}"
+grep '1.2.840.113549.1.9.3: 06092a864886f70d010701' ${OUTFILE2} >/dev/null 2>&1
+if test $? != 0;then
+	echo "Content-Type was not set in attributes"
+	exit 1
+fi
+
+${VALGRIND} "${CERTTOOL}" --p7-info <"${OUTFILE}"|grep "Signing time:" "${OUTFILE}" >/dev/null 2>&1
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing with time failed. No time was found."
+	exit ${rc}
+fi
+
+FILE="signing-time-verify"
+${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${CERT}" --load-data "${srcdir}/data/pkcs7-detached.txt" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing with time failed verification"
+	exit ${rc}
+fi
+
+rm -f "${OUTFILE}"
+rm -f "${OUTFILE2}"
+
+exit 0
diff --git a/tests/certs/cert-ed25519.pem b/tests/certs/cert-ed25519.pem
new file mode 100644
index 0000000000..8d6283df15
--- /dev/null
+++ b/tests/certs/cert-ed25519.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBwTCCAWagAwIBAgIIWTZasQWGNVEwCgYIKoZIzj0EAwIwfTELMAkGA1UEBhMC
+QkUxDzANBgNVBAoTBkdudVRMUzElMCMGA1UECxMcR251VExTIGNlcnRpZmljYXRl
+IGF1dGhvcml0eTEPMA0GA1UECBMGTGV1dmVuMSUwIwYDVQQDExxHbnVUTFMgY2Vy
+dGlmaWNhdGUgYXV0aG9yaXR5MCAXDTE3MDYwNjA3MzMwNVoYDzk5OTkxMjMxMjM1
+OTU5WjAZMRcwFQYDVQQDEw5FZDI1NTE5IHNpZ25lcjAqMAUGAytlcAMhAPMF++lz
+LIzfyCX0v0B7LIabZWZ/dePW9HexIbW3tYmHo2EwXzAMBgNVHRMBAf8EAjAAMA8G
+A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFONSSnOdGLzpv3xNcci8ZiKKqzyqMB8G
+A1UdIwQYMBaAFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqGSM49BAMCA0kAMEYC
+IQDHGfSgM44DVZfrP5CF8LSNlFN55ti3Z69YJ0SK8Fy9eQIhAN2UKeX3l8A9Ckcm
+7barRoh+qx7ZVYpe+5w3JYuxy16w
+-----END CERTIFICATE-----
diff --git a/tests/certs/ed25519.pem b/tests/certs/ed25519.pem
new file mode 100644
index 0000000000..7fedbd79bd
--- /dev/null
+++ b/tests/certs/ed25519.pem
@@ -0,0 +1,25 @@
+Public Key Info:
+	Public Key Algorithm: EdDSA (Ed25519)
+	Key Security Level: High (256 bits)
+
+curve:	Ed25519
+private key:
+	e5:c3:25:73:94:e8:9e:97:75:7c:78:59:f7:32:3c:82
+	cf:60:90:c7:e5:b4:5f:9b:d7:a6:f8:36:0c:92:59:70
+	
+
+x:
+	f3:05:fb:e9:73:2c:8c:df:c8:25:f4:bf:40:7b:2c:86
+	9b:65:66:7f:75:e3:d6:f4:77:b1:21:b5:b7:b5:89:87
+	
+
+
+Public Key PIN:
+	pin-sha256:7DW50qkZrEKqSrB29HkLvRoiuQAtHaaLAZKLE9s/VZ4=
+Public Key ID:
+	sha256:ec35b9d2a919ac42aa4ab076f4790bbd1a22b9002d1da68b01928b13db3f559e
+	sha1:e3524a739d18bce9bf7c4d71c8bc66228aab3caa
+
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIOXDJXOU6J6XdXx4WfcyPILPYJDH5bRfm9em+DYMkllw
+-----END PRIVATE KEY-----
-- 
cgit v1.2.1