}
func readPasswd(prompt string) (passwd []byte) {
+ if raw := os.Getenv("ENCTOOL_PASSPHRASE"); raw != "" {
+ return []byte(raw)
+ }
tty, err := os.OpenFile("/dev/tty", os.O_RDWR, 0)
if err != nil {
log.Fatal(err)
log.Fatalln("invalid encap len")
}
for _, prv := range prvs {
+ if prv.A != cm.SNTRUP4591761X25519 {
+ continue
+ }
if len(prv.V) != sntrup4591761.PrivateKeySize+32 {
log.Fatalln("invalid private keys len")
}
log.Fatalln("invalid encap len")
}
for _, prv := range prvs {
+ if prv.A != cm.ClassicMcEliece6960119X25519 {
+ continue
+ }
if len(prv.V) != scheme.PrivateKeySize()+32 {
log.Fatalln("invalid private keys len")
}
--- /dev/null
+#!/bin/sh
+
+test_description="Check that basic passphrase encryption functionality works"
+. $SHARNESS_TEST_SRCDIR/sharness.sh
+
+TMPDIR=${TMPDIR:-/tmp}
+
+dd if=/dev/urandom of=$TMPDIR/enc.data bs=300K count=1 2>/dev/null
+export ENCTOOL_PASSPHRASE=$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | xxd -p)
+test_expect_success "encrypting" "enctool -p \
+ <$TMPDIR/enc.data >$TMPDIR/enc.enc"
+test_expect_success "decrypting" "enctool -d -p \
+ <$TMPDIR/enc.enc >$TMPDIR/enc.data.got"
+test_expect_success "comparing" \
+ "test_cmp $TMPDIR/enc.data $TMPDIR/enc.data.got"
+
+test_done
--- /dev/null
+#!/bin/sh
+
+test_description="Check that basic public-key encryption functionality works"
+. $SHARNESS_TEST_SRCDIR/sharness.sh
+
+TMPDIR=${TMPDIR:-/tmp}
+
+dd if=/dev/urandom of=$TMPDIR/enc.data bs=300K count=1 2>/dev/null
+bind=$(uuidgen)
+
+algo=mceliece6960119-x25519
+algo0=$algo
+test_expect_success "$algo: pub generation" "keytool \
+ -algo $algo -ku kem -subj A=$algo \
+ -prv $TMPDIR/enc.$algo.prv -pub $TMPDIR/enc.$algo.pub"
+algo=sntrup4591761-x25519
+algo1=$algo
+test_expect_success "$algo: pub generation" "keytool \
+ -algo $algo -ku kem -subj A=$algo \
+ -prv $TMPDIR/enc.$algo.prv -pub $TMPDIR/enc.$algo.pub"
+
+test_expect_success "encrypting" "enctool -bind $bind \
+ -pub $TMPDIR/enc.$algo0.pub -pub $TMPDIR/enc.$algo1.pub \
+ <$TMPDIR/enc.data >$TMPDIR/enc.enc"
+
+test_expect_success "any: decrypting" "enctool -d \
+ -prv $TMPDIR/enc.$algo0.prv -prv $TMPDIR/enc.$algo1.prv \
+ <$TMPDIR/enc.enc >$TMPDIR/enc.data.got 4>$TMPDIR/bind.got"
+test_expect_success "comparing" \
+ "test_cmp $TMPDIR/enc.data $TMPDIR/enc.data.got"
+echo $bind >$TMPDIR/bind
+test_expect_success "comparing bind" \
+ "test_cmp $TMPDIR/bind $TMPDIR/bind.got"
+
+test_expect_success "$algo0: decrypting" "enctool -d \
+ -prv $TMPDIR/enc.$algo0.prv \
+ <$TMPDIR/enc.enc >$TMPDIR/enc.data.got"
+test_expect_success "$algo0: comparing" \
+ "test_cmp $TMPDIR/enc.data $TMPDIR/enc.data.got"
+
+test_expect_success "$algo1: decrypting" "enctool -d \
+ -prv $TMPDIR/enc.$algo1.prv \
+ <$TMPDIR/enc.enc >$TMPDIR/enc.data.got"
+test_expect_success "$algo1: comparing" \
+ "test_cmp $TMPDIR/enc.data $TMPDIR/enc.data.got"
+
+export ENCTOOL_PASSPHRASE=$(dd if=/dev/urandom bs=32 count=1 2>/dev/null | xxd -p)
+test_expect_success "encrypting also with passphrase" "enctool \
+ -pub $TMPDIR/enc.$algo0.pub -pub $TMPDIR/enc.$algo1.pub -p \
+ <$TMPDIR/enc.data >$TMPDIR/enc.enc"
+test_expect_success "any: decrypting" "enctool -d \
+ -prv $TMPDIR/enc.$algo0.prv -prv $TMPDIR/enc.$algo1.prv \
+ <$TMPDIR/enc.enc >$TMPDIR/enc.data.got"
+test_expect_success "comparing" \
+ "test_cmp $TMPDIR/enc.data $TMPDIR/enc.data.got"
+test_expect_success "passphrase: decrypting" "enctool -d -p \
+ <$TMPDIR/enc.enc >$TMPDIR/enc.data.got"
+test_expect_success "comparing" \
+ "test_cmp $TMPDIR/enc.data $TMPDIR/enc.data.got"
+
+test_done
#!/bin/sh
-test_description="Check that basic GOST-related functionality works"
+test_description="Check that basic certification functionality works"
. $SHARNESS_TEST_SRCDIR/sharness.sh
TMPDIR=${TMPDIR:-/tmp}
test_expect_success "$caAlgo: CA load generation" "keytool \
-algo $caAlgo \
-ku sig $subj \
- -prv $TMPDIR/ca.prv -pub $TMPDIR/ca.pub"
+ -prv $TMPDIR/ca.$caAlgo.prv -pub $TMPDIR/ca.$caAlgo.pub"
test_expect_success "$caAlgo: CA generation" "keytool \
- -pub $TMPDIR/ca.pub \
- -ca-prv $TMPDIR/ca.prv -ca-pub $TMPDIR/ca.pub"
+ -pub $TMPDIR/ca.$caAlgo.pub \
+ -ca-prv $TMPDIR/ca.$caAlgo.prv -ca-pub $TMPDIR/ca.$caAlgo.pub"
test_expect_success "$caAlgo: CA regeneration" "keytool \
- -pub $TMPDIR/ca.pub \
- -ca-prv $TMPDIR/ca.prv -ca-pub $TMPDIR/ca.pub"
+ -pub $TMPDIR/ca.$caAlgo.pub \
+ -ca-prv $TMPDIR/ca.$caAlgo.prv -ca-pub $TMPDIR/ca.$caAlgo.pub"
test_expect_success "$caAlgo: CA self-signature" "keytool \
- -ca-pub $TMPDIR/ca.pub \
- -pub $TMPDIR/ca.pub \
+ -ca-pub $TMPDIR/ca.$caAlgo.pub \
+ -pub $TMPDIR/ca.$caAlgo.pub \
-verify"
subj="-subj CN=SubCA -subj C=RU"
test_expect_success "$eeAlgo: SubCA load generation" "keytool \
-algo $eeAlgo \
-ku sig $subj \
- -prv $TMPDIR/subca.prv -pub $TMPDIR/subca.pub"
+ -prv $TMPDIR/subca.$eeAlgo.prv -pub $TMPDIR/subca.$eeAlgo.pub"
test_expect_success "$eeAlgo: SubCA generation" "keytool \
- -pub $TMPDIR/subca.pub \
- -ca-pub $TMPDIR/ca.pub -ca-prv $TMPDIR/ca.prv"
+ -pub $TMPDIR/subca.$eeAlgo.pub \
+ -ca-pub $TMPDIR/ca.$caAlgo.pub -ca-prv $TMPDIR/ca.$caAlgo.prv"
test_expect_success "$eeAlgo: SubCA signature" "keytool \
- -ca-pub $TMPDIR/ca.pub \
- -pub $TMPDIR/subca.pub \
+ -ca-pub $TMPDIR/ca.$caAlgo.pub \
+ -pub $TMPDIR/subca.$eeAlgo.pub \
-verify"
subj="-subj CN=EE -subj C=RU"
test_expect_success "$eeAlgo: EE load generation" "keytool \
-algo $eeAlgo $subj \
- -prv $TMPDIR/ee.prv -pub $TMPDIR/ee.pub"
+ -prv $TMPDIR/ee.$eeAlgo.prv -pub $TMPDIR/ee.$eeAlgo.pub"
test_expect_success "$eeAlgo: EE generation" "keytool \
- -ca-prv $TMPDIR/subca.prv -ca-pub $TMPDIR/subca.pub \
- -pub $TMPDIR/ee.pub"
+ -ca-prv $TMPDIR/subca.$eeAlgo.prv -ca-pub $TMPDIR/subca.$eeAlgo.pub \
+ -pub $TMPDIR/ee.$eeAlgo.pub"
test_expect_success "$eeAlgo: EE chain" "keytool \
- -ca-pub $TMPDIR/ca.pub \
- -ca-pub $TMPDIR/subca.pub \
- -pub $TMPDIR/ee.pub \
+ -ca-pub $TMPDIR/ca.$caAlgo.pub \
+ -ca-pub $TMPDIR/subca.$eeAlgo.pub \
+ -pub $TMPDIR/ee.$eeAlgo.pub \
-verify"
done
--- /dev/null
+#!/bin/sh
+
+test_description="Check that KEM certificates generation works"
+. $SHARNESS_TEST_SRCDIR/sharness.sh
+
+TMPDIR=${TMPDIR:-/tmp}
+
+echo "mceliece6960119-x25519
+sntrup4591761-x25519" | while read algo ; do
+
+test_expect_success "$algo: generation" "keytool \
+ -algo $algo \
+ -ku kem -subj CN=DH \
+ -prv $TMPDIR/kem.$algo.prv -pub $TMPDIR/kem.$algo.pub"
+
+done
+
+test_done
#!/bin/sh
-test_description="TODO"
+test_description="Check that basic signing functionality works"
. $SHARNESS_TEST_SRCDIR/sharness.sh
TMPDIR=${TMPDIR:-/tmp}
echo "gost3410-512C
gost3410-256A
-ed25519-blake2b" | while read algo ; do
+ed25519-blake2b" | while read keyalgo ; do
subj="-subj what=ever"
typ="some-different-type"
-test_expect_success "$algo: pub generation" "keytool \
- -algo $algo -ku sig $subj \
- -prv $TMPDIR/sign.prv -pub $TMPDIR/sign.pub"
-dd if=/dev/urandom of=$TMPDIR/sign.data bs=300K count=1 2>/dev/null
+test_expect_success "$keyalgo: pub generation" "keytool \
+ -algo $keyalgo -ku sig $subj \
+ -prv $TMPDIR/sign.$keyalgo.prv -pub $TMPDIR/sign.$keyalgo.pub"
+dd if=/dev/urandom of=$TMPDIR/sign.$keyalgo.data bs=300K count=1 2>/dev/null
bind="-encrypted-binding $(uuidgen)"
badBind="-encrypted-binding $(uuidgen)"
-test_expect_success "$algo: signing" "sigtool \
- -prv $TMPDIR/sign.prv -pub $TMPDIR/sign.pub -type $typ \
- $bind <$TMPDIR/sign.data >$TMPDIR/sign.sig"
+for merkle in "" "-merkle" ; do
+
+algo=${keyalgo}${merkle}
+test_expect_success "$algo: signing" "sigtool $merkle \
+ -prv $TMPDIR/sign.$keyalgo.prv -pub $TMPDIR/sign.$keyalgo.pub -type $typ \
+ $bind <$TMPDIR/sign.$keyalgo.data >$TMPDIR/sign.$algo.sig"
test_expect_success "$algo: verifying" "sigtool \
- -verify -pub $TMPDIR/sign.pub -type $typ \
- <$TMPDIR/sign.sig >$TMPDIR/sign.data.got"
+ -verify -pub $TMPDIR/sign.$keyalgo.pub -type $typ \
+ <$TMPDIR/sign.$algo.sig >$TMPDIR/sign.data.got"
test_expect_success "$algo: comparing" \
- "test_cmp $TMPDIR/sign.data $TMPDIR/sign.data.got"
+ "test_cmp $TMPDIR/sign.$keyalgo.data $TMPDIR/sign.data.got"
test_expect_success "$algo: differing type" "! sigtool \
- -verify -pub $TMPDIR/sign.pub <$TMPDIR/sign.sig >/dev/null"
+ -verify -pub $TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.sig >/dev/null"
test_expect_success "$algo: good bind" "! sigtool \
- -verify -pub $TMPDIR/sign.pub $bind <$TMPDIR/sign.sig >/dev/null"
+ -verify -pub $TMPDIR/sign.$keyalgo.pub $bind <$TMPDIR/sign.$algo.sig >/dev/null"
test_expect_success "$algo: bad bind" "! sigtool \
- -verify -pub $TMPDIR/sign.pub $badBind <$TMPDIR/sign.sig >/dev/null"
+ -verify -pub $TMPDIR/sign.$keyalgo.pub $badBind <$TMPDIR/sign.$algo.sig >/dev/null"
-test_expect_success "$algo: detached signing" "sigtool -detached \
- -prv $TMPDIR/sign.prv -pub $TMPDIR/sign.pub -type $typ \
- <$TMPDIR/sign.data >$TMPDIR/sign.sig"
+test_expect_success "$algo: detached signing" "sigtool -detached $merkle \
+ -prv $TMPDIR/sign.$keyalgo.prv -pub $TMPDIR/sign.$keyalgo.pub -type $typ \
+ <$TMPDIR/sign.$keyalgo.data >$TMPDIR/sign.$algo.detached.sig"
test_expect_success "$algo: detached verifying" \
- "cat $TMPDIR/sign.sig $TMPDIR/sign.data |
- sigtool -detached -verify -pub $TMPDIR/sign.pub -type $typ"
+ "cat $TMPDIR/sign.$algo.detached.sig $TMPDIR/sign.$keyalgo.data |
+ sigtool -detached -verify -pub $TMPDIR/sign.$keyalgo.pub -type $typ"
test_expect_success "$algo: differing type" "! sigtool -detached \
- -verify -pub $TMPDIR/sign.pub <$TMPDIR/sign.sig >/dev/null"
+ -verify -pub $TMPDIR/sign.$keyalgo.pub <$TMPDIR/sign.$algo.detached.sig >/dev/null"
test_expect_success "$algo: good bind" "! sigtool -detached \
- -verify -pub $TMPDIR/sign.pub $bind <$TMPDIR/sign.sig >/dev/null"
+ -verify -pub $TMPDIR/sign.$keyalgo.pub $bind <$TMPDIR/sign.$algo.detached.sig >/dev/null"
test_expect_success "$algo: bad bind" "! sigtool -detached \
- -verify -pub $TMPDIR/sign.pub $badBind <$TMPDIR/sign.sig >/dev/null"
+ -verify -pub $TMPDIR/sign.$keyalgo.pub $badBind <$TMPDIR/sign.$algo.detached.sig >/dev/null"
+
+done
done