From e0417957ea1578032da505947ec9cac299015446 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Thu, 14 Jul 2022 16:48:12 -0400
Subject: rust: Add a test case for ed25519

Specifically, I verified that *before* the previous patch to the
ed25519 C code, the last bit of code would fail with a SIGSEGV when
trying to read the empty signature.
---
 rust-bindings/tests/sign/mod.rs | 64 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)

(limited to 'rust-bindings')

diff --git a/rust-bindings/tests/sign/mod.rs b/rust-bindings/tests/sign/mod.rs
index 5df49d63..f3c817a3 100644
--- a/rust-bindings/tests/sign/mod.rs
+++ b/rust-bindings/tests/sign/mod.rs
@@ -1,4 +1,8 @@
+use std::process::Command;
+
+use ostree::prelude::SignExt;
 use ostree::prelude::*;
+use ostree::Sign;
 use ostree::{gio, glib};
 
 #[test]
@@ -19,3 +23,63 @@ fn sign_api_should_work() {
     let result = ostree::Sign::by_name("NOPE");
     assert!(result.is_err());
 }
+
+fn inner_sign_ed25519<T: SignExt>(signer: T) {
+    assert_eq!(signer.name().unwrap(), "ed25519");
+
+    let td = tempfile::tempdir().unwrap();
+    let path = td.path();
+
+    // Horrible bits to reuse libtest shell script code to generate keys
+    let pwd = std::env::current_dir().unwrap();
+    let cmd = format!(
+        r#". {:?}/tests/libtest.sh
+gen_ed25519_keys
+echo $ED25519PUBLIC > ed25519.public
+echo $ED25519SEED > ed25519.seed
+echo $ED25519SECRET > ed25519.secret
+"#,
+        pwd
+    );
+    let s = Command::new("bash")
+        .env("G_TEST_SRCDIR", pwd)
+        .current_dir(path)
+        .args(["-euo", "pipefail"])
+        .args(["-c", cmd.as_str()])
+        .stdout(std::process::Stdio::null())
+        .stderr(std::process::Stdio::null())
+        .status()
+        .unwrap();
+    assert!(s.success());
+
+    let seckey = std::fs::read_to_string(path.join("ed25519.secret")).unwrap();
+    let seckey = seckey.to_variant();
+    signer.set_sk(&seckey).unwrap();
+    let pubkey = std::fs::read_to_string(path.join("ed25519.public")).unwrap();
+    let pubkey = pubkey.to_variant();
+    signer.add_pk(&pubkey).unwrap();
+
+    let payload = &glib::Bytes::from_static(b"1234");
+
+    let signature = signer.data(payload, gio::NONE_CANCELLABLE).unwrap();
+    let signatures = [&*signature].to_variant();
+
+    let msg = signer.data_verify(payload, &signatures).unwrap().unwrap();
+    assert!(msg.starts_with("ed25519: Signature verified successfully"));
+
+    assert!(signer
+        .data_verify(&glib::Bytes::from_static(b""), &signatures)
+        .is_err());
+
+    let badsigs = [b"".as_slice()].to_variant();
+
+    let e = signer.data_verify(payload, &badsigs).err().unwrap();
+    assert!(e.to_string().contains("Invalid signature length of 0 bytes"))
+}
+
+#[test]
+fn sign_ed25519() {
+    if let Some(signer) = Sign::by_name("ed25519").ok() {
+        inner_sign_ed25519(signer)
+    }
+}
-- 
cgit v1.2.1