test_description="Check multiple recipients"
. $SHARNESS_TEST_SRCDIR/sharness.sh
-TMPDIR=${TMPDIR:-/tmp}
-
-dd if=/dev/urandom of=$TMPDIR/enc.data bs=300K count=1 2>/dev/null
+dd if=/dev/urandom of=enc.data bs=300K count=1 2>/dev/null
test_expect_success "0: pub generation" "cmkeytool \
- -algo sntrup761-x25519 -ku kem -sub N=0 \
- 5>$TMPDIR/enc.0.pub 9>$TMPDIR/enc.0.prv"
+ -algo sntrup761-x25519 -ku kem -sub N=0 5>enc.0.pub 9>enc.0.prv"
test_expect_success "1: pub generation" "cmkeytool \
- -algo sntrup761-x25519 -ku kem -sub N=1 \
- 5>$TMPDIR/enc.1.pub 9>$TMPDIR/enc.1.prv"
+ -algo sntrup761-x25519 -ku kem -sub N=1 5>enc.1.pub 9>enc.1.prv"
test_expect_success "encrypting" "
- cat $TMPDIR/enc.0.pub $TMPDIR/enc.1.pub |
- cmenctool 4<&0 <$TMPDIR/enc.data >$TMPDIR/enc.enc"
+ cat enc.0.pub enc.1.pub | cmenctool 4<&0 <enc.data >enc.enc"
test_expect_success "0: decrypting" "
- cmenctool -d 8<$TMPDIR/enc.0.prv <$TMPDIR/enc.enc >$TMPDIR/enc.data.got"
-test_expect_success "0: comparing" \
- "test_cmp $TMPDIR/enc.data $TMPDIR/enc.data.got"
+ cmenctool -d 8<enc.0.prv <enc.enc >enc.data.got"
+test_expect_success "0: comparing" "test_cmp enc.data enc.data.got"
test_expect_success "1: decrypting" "
- cmenctool -d 8<$TMPDIR/enc.1.prv <$TMPDIR/enc.enc >$TMPDIR/enc.data.got"
-test_expect_success "1: comparing" \
- "test_cmp $TMPDIR/enc.data $TMPDIR/enc.data.got"
+ cmenctool -d 8<enc.1.prv <enc.enc >enc.data.got"
+test_expect_success "1: comparing" "test_cmp enc.data enc.data.got"
test_done
test_description="Check passphrase encryption"
. $SHARNESS_TEST_SRCDIR/sharness.sh
-TMPDIR=${TMPDIR:-/tmp}
-
-dd if=/dev/urandom of=$TMPDIR/enc.data bs=300K count=1 2>/dev/null
+dd if=/dev/urandom of=enc.data bs=300K count=1 2>/dev/null
export CM_PASSPHRASE=$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | xxd -p)
balloonparams="-balloon-s 123 -balloon-t 2"
-test_expect_success "encrypting" "cmenctool $balloonparams -p \
- <$TMPDIR/enc.data >$TMPDIR/enc.enc"
-test_expect_success "decrypting" "cmenctool -d -p \
- <$TMPDIR/enc.enc >$TMPDIR/enc.data.got"
-test_expect_success "comparing" \
- "test_cmp $TMPDIR/enc.data $TMPDIR/enc.data.got"
+test_expect_success "encrypting" "
+ cmenctool $balloonparams -p <enc.data >enc.enc"
+test_expect_success "decrypting" "
+ cmenctool -d -p <enc.enc >enc.data.got"
+test_expect_success "comparing" "test_cmp enc.data enc.data.got"
test_done
test_description="Check passphrase-encrypted key decryption"
. $SHARNESS_TEST_SRCDIR/sharness.sh
-TMPDIR=${TMPDIR:-/tmp}
-
-cmkeytool -algo sntrup761-x25519 -ku kem -sub A=KEY 5>$TMPDIR/enc.pub 9>$TMPDIR/enc.prv
-dd if=/dev/urandom of=$TMPDIR/enc.data bs=12K count=1 2>/dev/null
+cmkeytool -algo sntrup761-x25519 -ku kem -sub A=KEY 5>enc.pub 9>enc.prv
+dd if=/dev/urandom of=enc.data bs=12K count=1 2>/dev/null
export CM_PASSPHRASE=$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | xxd -p)
balloonparams="-balloon-s 123 -balloon-t 2"
-test_expect_success "key encrypting" "cmenctool -p -embed $balloonparams \
- <$TMPDIR/enc.prv >$TMPDIR/enc.prv.enc"
-test_expect_success "data encrypting" "cmenctool 4<$TMPDIR/enc.pub \
- <$TMPDIR/enc.data >$TMPDIR/enc.enc"
-test_expect_success "decrypting" "cmenctool -d 8<$TMPDIR/enc.prv.enc \
- <$TMPDIR/enc.enc >$TMPDIR/enc.data.got"
-test_expect_success "comparing" \
- "test_cmp $TMPDIR/enc.data $TMPDIR/enc.data.got"
+test_expect_success "key encrypting" "
+ cmenctool -p -embed $balloonparams <enc.prv >enc.prv.enc"
+test_expect_success "data encrypting" "
+ cmenctool 4<enc.pub <enc.data >enc.enc"
+test_expect_success "decrypting" "
+ cmenctool -d 8<enc.prv.enc <enc.enc >enc.data.got"
+test_expect_success "comparing" "test_cmp enc.data enc.data.got"
test_done
test_description="Check public-key encryption"
. $SHARNESS_TEST_SRCDIR/sharness.sh
-TMPDIR=${TMPDIR:-/tmp}
-
-dd if=/dev/urandom of=$TMPDIR/enc.data bs=300K count=1 2>/dev/null
+dd if=/dev/urandom of=enc.data bs=300K count=1 2>/dev/null
balloonparams="-balloon-s 123 -balloon-t 2"
algo=mceliece6960119-x25519
algo0=$algo
-test_expect_success "$algo: pub generation" "cmkeytool \
- -algo $algo -ku kem -sub A=$algo \
- 5>$TMPDIR/enc.$algo.pub 9>$TMPDIR/enc.$algo.prv"
+test_expect_success "$algo: pub generation" "
+ cmkeytool -algo $algo -ku kem -sub A=$algo 5>enc.$algo.pub 9>enc.$algo.prv"
algo=sntrup761-x25519
algo1=$algo
-test_expect_success "$algo: pub generation" "cmkeytool \
- -algo $algo -ku kem -sub A=$algo \
- 5>$TMPDIR/enc.$algo.pub 9>$TMPDIR/enc.$algo.prv"
+test_expect_success "$algo: pub generation" "
+ cmkeytool -algo $algo -ku kem -sub A=$algo 5>enc.$algo.pub 9>enc.$algo.prv"
test_expect_success "encrypting" "
- cat $TMPDIR/enc.$algo0.pub $TMPDIR/enc.$algo1.pub |
- cmenctool 4<&0 <$TMPDIR/enc.data >$TMPDIR/enc.enc"
+ cat enc.$algo0.pub enc.$algo1.pub |
+ cmenctool 4<&0 <enc.data >enc.enc"
test_expect_success "any: decrypting" "
- cat $TMPDIR/enc.$algo0.prv $TMPDIR/enc.$algo1.prv |
- cmenctool -d 8<&0 <$TMPDIR/enc.enc >$TMPDIR/enc.data.got"
-test_expect_success "comparing" \
- "test_cmp $TMPDIR/enc.data $TMPDIR/enc.data.got"
+ cat enc.$algo0.prv enc.$algo1.prv |
+ cmenctool -d 8<&0 <enc.enc >enc.data.got"
+test_expect_success "comparing" "test_cmp enc.data enc.data.got"
-test_expect_success "$algo0: decrypting" "cmenctool -d \
- 8<$TMPDIR/enc.$algo0.prv <$TMPDIR/enc.enc >$TMPDIR/enc.data.got"
-test_expect_success "$algo0: comparing" \
- "test_cmp $TMPDIR/enc.data $TMPDIR/enc.data.got"
+test_expect_success "$algo0: decrypting" "
+ cmenctool -d 8<enc.$algo0.prv <enc.enc >enc.data.got"
+test_expect_success "$algo0: comparing" "test_cmp enc.data enc.data.got"
-test_expect_success "$algo1: decrypting" "cmenctool -d \
- 8<$TMPDIR/enc.$algo1.prv <$TMPDIR/enc.enc >$TMPDIR/enc.data.got"
-test_expect_success "$algo1: comparing" \
- "test_cmp $TMPDIR/enc.data $TMPDIR/enc.data.got"
+test_expect_success "$algo1: decrypting" "
+ cmenctool -d 8<enc.$algo1.prv <enc.enc >enc.data.got"
+test_expect_success "$algo1: comparing" "test_cmp enc.data enc.data.got"
export CM_PASSPHRASE=$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | xxd -p)
test_expect_success "encrypting also with passphrase" "
- cat $TMPDIR/enc.$algo0.pub $TMPDIR/enc.$algo1.pub |
- cmenctool $balloonparams -p 4<&0 <$TMPDIR/enc.data >$TMPDIR/enc.enc"
+ cat enc.$algo0.pub enc.$algo1.pub |
+ cmenctool $balloonparams -p 4<&0 <enc.data >enc.enc"
test_expect_success "any: decrypting" "
- cat $TMPDIR/enc.$algo0.prv $TMPDIR/enc.$algo1.prv |
- cmenctool -d 8<&0 <$TMPDIR/enc.enc >$TMPDIR/enc.data.got"
-test_expect_success "comparing" \
- "test_cmp $TMPDIR/enc.data $TMPDIR/enc.data.got"
-test_expect_success "passphrase: decrypting" "cmenctool -d -p \
- <$TMPDIR/enc.enc >$TMPDIR/enc.data.got"
-test_expect_success "comparing" \
- "test_cmp $TMPDIR/enc.data $TMPDIR/enc.data.got"
+ cat enc.$algo0.prv enc.$algo1.prv |
+ cmenctool -d 8<&0 <enc.enc >enc.data.got"
+test_expect_success "comparing" "test_cmp enc.data enc.data.got"
+test_expect_success "passphrase: decrypting" "
+ cmenctool -d -p <enc.enc >enc.data.got"
+test_expect_success "comparing" "test_cmp enc.data enc.data.got"
test_done
test_description="Check certification"
. $SHARNESS_TEST_SRCDIR/sharness.sh
-TMPDIR=${TMPDIR:-/tmp}
-
echo "gost3410-512C gost3410-256A
ed25519-blake2b ed25519-blake2b
slh-dsa-shake-256s slh-dsa-shake-256s" | while read caAlgo eeAlgo ; do
sub="-sub CN=CA -sub C=RU"
test_expect_success "$caAlgo: CA load generation" "cmkeytool \
-algo $caAlgo -ku sig $sub \
- 5>$TMPDIR/ca.$caAlgo.pub 9>$TMPDIR/ca.$caAlgo.prv"
+ 5>ca.$caAlgo.pub 9>ca.$caAlgo.prv"
test_expect_success "$caAlgo: CA generation" "cmkeytool \
- 4<$TMPDIR/ca.$caAlgo.pub \
- 8<$TMPDIR/ca.$caAlgo.prv \
- <$TMPDIR/ca.$caAlgo.pub \
- 5>$TMPDIR/ca.$caAlgo.pub.certified"
-mv $TMPDIR/ca.$caAlgo.pub.certified $TMPDIR/ca.$caAlgo.pub
+ 4<ca.$caAlgo.pub \
+ 8<ca.$caAlgo.prv \
+ <ca.$caAlgo.pub \
+ 5>ca.$caAlgo.pub.certified"
+mv ca.$caAlgo.pub.certified ca.$caAlgo.pub
test_expect_success "$caAlgo: CA regeneration" "cmkeytool \
- 4<$TMPDIR/ca.$caAlgo.pub \
- 8<$TMPDIR/ca.$caAlgo.prv \
- <$TMPDIR/ca.$caAlgo.pub \
- 5>$TMPDIR/ca.$caAlgo.pub.certified"
-mv $TMPDIR/ca.$caAlgo.pub.certified $TMPDIR/ca.$caAlgo.pub
-test_expect_success "$caAlgo: CA self-signature" "cmkeytool -verify \
- 4<$TMPDIR/ca.$caAlgo.pub <$TMPDIR/ca.$caAlgo.pub"
+ 4<ca.$caAlgo.pub \
+ 8<ca.$caAlgo.prv \
+ <ca.$caAlgo.pub \
+ 5>ca.$caAlgo.pub.certified"
+mv ca.$caAlgo.pub.certified ca.$caAlgo.pub
+test_expect_success "$caAlgo: CA self-signature" "
+ cmkeytool -verify 4<ca.$caAlgo.pub <ca.$caAlgo.pub"
sub="-sub CN=SubCA -sub C=RU"
test_expect_success "$eeAlgo: SubCA load generation" "cmkeytool \
-algo $eeAlgo -ku sig $sub \
- 5>$TMPDIR/subca.$eeAlgo.pub 9>$TMPDIR/subca.$eeAlgo.prv"
+ 5>subca.$eeAlgo.pub 9>subca.$eeAlgo.prv"
test_expect_success "$eeAlgo: SubCA generation" "cmkeytool \
- 4<$TMPDIR/ca.$caAlgo.pub \
- 8<$TMPDIR/ca.$caAlgo.prv \
- <$TMPDIR/subca.$eeAlgo.pub \
- 5>$TMPDIR/subca.$eeAlgo.pub.certified"
-mv $TMPDIR/subca.$eeAlgo.pub.certified $TMPDIR/subca.$eeAlgo.pub
-test_expect_success "$eeAlgo: SubCA signature" "cmkeytool -verify \
- 4<$TMPDIR/ca.$caAlgo.pub <$TMPDIR/subca.$eeAlgo.pub"
+ 4<ca.$caAlgo.pub \
+ 8<ca.$caAlgo.prv \
+ <subca.$eeAlgo.pub \
+ 5>subca.$eeAlgo.pub.certified"
+mv subca.$eeAlgo.pub.certified subca.$eeAlgo.pub
+test_expect_success "$eeAlgo: SubCA signature" "
+ cmkeytool -verify 4<ca.$caAlgo.pub <subca.$eeAlgo.pub"
sub="-sub CN=EE -sub C=RU"
test_expect_success "$eeAlgo: EE load generation" "cmkeytool \
-algo $eeAlgo $sub \
- 5>$TMPDIR/ee.$eeAlgo.pub 9>$TMPDIR/ee.$eeAlgo.prv"
+ 5>ee.$eeAlgo.pub 9>ee.$eeAlgo.prv"
test_expect_success "$eeAlgo: EE generation" "cmkeytool \
- 4<$TMPDIR/subca.$eeAlgo.pub \
- 8<$TMPDIR/subca.$eeAlgo.prv \
- <$TMPDIR/ee.$eeAlgo.pub \
- 5>$TMPDIR/ee.$eeAlgo.pub.certified"
-mv $TMPDIR/ee.$eeAlgo.pub.certified $TMPDIR/ee.$eeAlgo.pub
+ 4<subca.$eeAlgo.pub \
+ 8<subca.$eeAlgo.prv \
+ <ee.$eeAlgo.pub \
+ 5>ee.$eeAlgo.pub.certified"
+mv ee.$eeAlgo.pub.certified ee.$eeAlgo.pub
test_expect_success "$eeAlgo: EE chain" "
- cat $TMPDIR/ca.$caAlgo.pub $TMPDIR/subca.$eeAlgo.pub |
- cmkeytool -verify 4<&0 <$TMPDIR/ee.$eeAlgo.pub"
+ cat ca.$caAlgo.pub subca.$eeAlgo.pub |
+ cmkeytool -verify 4<&0 <ee.$eeAlgo.pub"
done
test_description="Check KEM certificates generation"
. $SHARNESS_TEST_SRCDIR/sharness.sh
-TMPDIR=${TMPDIR:-/tmp}
-
echo "mceliece6960119-x25519
sntrup761-x25519" | while read algo ; do
-test_expect_success "$algo: generation" "cmkeytool \
- -algo $algo \
- -ku kem -sub CN=DH 5>$TMPDIR/kem.$algo.pub 9>$TMPDIR/kem.$algo.prv"
+test_expect_success "$algo: generation" "
+ cmkeytool -algo $algo -ku kem -sub CN=DH 5>kem.$algo.pub 9>kem.$algo.prv"
done
test_description="Check signing"
. $SHARNESS_TEST_SRCDIR/sharness.sh
-TMPDIR=${TMPDIR:-/tmp}
-
echo "gost3410-512C
gost3410-256A
ed25519-blake2b
typ="some-different-type"
test_expect_success "$keyalgo: pub generation" "cmkeytool \
-algo $keyalgo -ku sig $sub \
- 5>$TMPDIR/sign.$keyalgo.pub 9>$TMPDIR/sign.$keyalgo.prv"
-dd if=/dev/urandom of=$TMPDIR/sign.$keyalgo.data bs=300K count=1 2>/dev/null
+ 5>sign.$keyalgo.pub 9>sign.$keyalgo.prv"
+dd if=/dev/urandom of=sign.$keyalgo.data bs=300K count=1 2>/dev/null
encTo=$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | xxd -c 0 -p)
badEncTo=$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | xxd -c 0 -p)
encTo="-encrypted-to $encTo"
for merkle in "" "-merkle" ; do
algo=${keyalgo}${merkle}
-test_expect_success "$algo: signing" "cmsigtool $merkle \
- -t $typ $encTo \
- 4<$TMPDIR/sign.$keyalgo.pub 8<$TMPDIR/sign.$keyalgo.prv \
- <$TMPDIR/sign.$keyalgo.data >$TMPDIR/sign.$algo.sig"
-test_expect_success "$algo: verifying" "cmsigtool \
- -v -t $typ 4<$TMPDIR/sign.$keyalgo.pub \
- <$TMPDIR/sign.$algo.sig >$TMPDIR/sign.data.got"
+test_expect_success "$algo: signing" "
+ cmsigtool $merkle -t $typ $encTo \
+ 4<sign.$keyalgo.pub 8<sign.$keyalgo.prv \
+ <sign.$keyalgo.data >sign.$algo.sig"
+test_expect_success "$algo: verifying" "
+ cmsigtool -v -t $typ 4<sign.$keyalgo.pub \
+ <sign.$algo.sig >sign.data.got"
test_expect_success "$algo: comparing" \
- "test_cmp $TMPDIR/sign.$keyalgo.data $TMPDIR/sign.data.got"
-test_expect_success "$algo: differing type" "! cmsigtool \
- -v 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.sig >/dev/null"
-test_expect_success "$algo: good encTo" "! cmsigtool \
- -v $encTo 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.sig >/dev/null"
-test_expect_success "$algo: bad encTo" "! cmsigtool \
- -v $badEncTo 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.sig >/dev/null"
-
-test_expect_success "$algo: detached signing" "cmsigtool -d $merkle \
- -t $typ 4<$TMPDIR/sign.$keyalgo.pub 8<$TMPDIR/sign.$keyalgo.prv \
- <$TMPDIR/sign.$keyalgo.data >$TMPDIR/sign.$algo.detached.sig"
-test_expect_success "$algo: detached verifying" \
- "cat $TMPDIR/sign.$algo.detached.sig $TMPDIR/sign.$keyalgo.data |
- cmsigtool -d -v -t $typ 4<$TMPDIR/sign.$keyalgo.pub"
-test_expect_success "$algo: differing type" "! cmsigtool -d \
- -v 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.detached.sig >/dev/null"
+ "test_cmp sign.$keyalgo.data sign.data.got"
+test_expect_success "$algo: differing type" "
+ ! cmsigtool -v 4<sign.$keyalgo.pub <sign.$algo.sig >/dev/null"
+test_expect_success "$algo: good encTo" "
+ ! cmsigtool -v $encTo 4<sign.$keyalgo.pub <sign.$algo.sig >/dev/null"
+test_expect_success "$algo: bad encTo" "
+ ! cmsigtool -v $badEncTo 4<sign.$keyalgo.pub <sign.$algo.sig >/dev/null"
+
+test_expect_success "$algo: detached signing" "
+ cmsigtool -d $merkle -t $typ \
+ 4<sign.$keyalgo.pub 8<sign.$keyalgo.prv \
+ <sign.$keyalgo.data >sign.$algo.detached.sig"
+test_expect_success "$algo: detached verifying" "
+ cat sign.$algo.detached.sig sign.$keyalgo.data |
+ cmsigtool -d -v -t $typ 4<sign.$keyalgo.pub"
+test_expect_success "$algo: differing type" "
+ ! cmsigtool -d -v 4<sign.$keyalgo.pub <sign.$algo.detached.sig >/dev/null"
test_expect_success "$algo: good encTo" "! cmsigtool -d \
- -v $encTo 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.detached.sig >/dev/null"
+ -v $encTo 4<sign.$keyalgo.pub <sign.$algo.detached.sig >/dev/null"
test_expect_success "$algo: bad encTo" "! cmsigtool -d \
- -v $badEncTo 4<$TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.detached.sig >/dev/null"
+ -v $badEncTo 4<sign.$keyalgo.pub <sign.$algo.detached.sig >/dev/null"
done