diff options
author | Colin Walters <walters@verbum.org> | 2022-07-14 16:48:12 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2022-07-14 17:13:51 -0400 |
commit | e0417957ea1578032da505947ec9cac299015446 (patch) | |
tree | ef4c7083c59b19aa88837305dda1fcd16057f8f1 /rust-bindings | |
parent | 83e6357186be11fb8f2a6b66fab3730c44ee59dd (diff) | |
download | ostree-e0417957ea1578032da505947ec9cac299015446.tar.gz |
rust: Add a test case for ed25519
Specifically, I verified that *before* the previous patch to the
ed25519 C code, the last bit of code would fail with a SIGSEGV when
trying to read the empty signature.
Diffstat (limited to 'rust-bindings')
-rw-r--r-- | rust-bindings/tests/sign/mod.rs | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/rust-bindings/tests/sign/mod.rs b/rust-bindings/tests/sign/mod.rs index 5df49d63..f3c817a3 100644 --- a/rust-bindings/tests/sign/mod.rs +++ b/rust-bindings/tests/sign/mod.rs @@ -1,4 +1,8 @@ +use std::process::Command; + +use ostree::prelude::SignExt; use ostree::prelude::*; +use ostree::Sign; use ostree::{gio, glib}; #[test] @@ -19,3 +23,63 @@ fn sign_api_should_work() { let result = ostree::Sign::by_name("NOPE"); assert!(result.is_err()); } + +fn inner_sign_ed25519<T: SignExt>(signer: T) { + assert_eq!(signer.name().unwrap(), "ed25519"); + + let td = tempfile::tempdir().unwrap(); + let path = td.path(); + + // Horrible bits to reuse libtest shell script code to generate keys + let pwd = std::env::current_dir().unwrap(); + let cmd = format!( + r#". {:?}/tests/libtest.sh +gen_ed25519_keys +echo $ED25519PUBLIC > ed25519.public +echo $ED25519SEED > ed25519.seed +echo $ED25519SECRET > ed25519.secret +"#, + pwd + ); + let s = Command::new("bash") + .env("G_TEST_SRCDIR", pwd) + .current_dir(path) + .args(["-euo", "pipefail"]) + .args(["-c", cmd.as_str()]) + .stdout(std::process::Stdio::null()) + .stderr(std::process::Stdio::null()) + .status() + .unwrap(); + assert!(s.success()); + + let seckey = std::fs::read_to_string(path.join("ed25519.secret")).unwrap(); + let seckey = seckey.to_variant(); + signer.set_sk(&seckey).unwrap(); + let pubkey = std::fs::read_to_string(path.join("ed25519.public")).unwrap(); + let pubkey = pubkey.to_variant(); + signer.add_pk(&pubkey).unwrap(); + + let payload = &glib::Bytes::from_static(b"1234"); + + let signature = signer.data(payload, gio::NONE_CANCELLABLE).unwrap(); + let signatures = [&*signature].to_variant(); + + let msg = signer.data_verify(payload, &signatures).unwrap().unwrap(); + assert!(msg.starts_with("ed25519: Signature verified successfully")); + + assert!(signer + .data_verify(&glib::Bytes::from_static(b""), &signatures) + .is_err()); + + let badsigs = [b"".as_slice()].to_variant(); + + let e = signer.data_verify(payload, &badsigs).err().unwrap(); + assert!(e.to_string().contains("Invalid signature length of 0 bytes")) +} + +#[test] +fn sign_ed25519() { + if let Some(signer) = Sign::by_name("ed25519").ok() { + inner_sign_ed25519(signer) + } +} |