dearsky/pico-openpgp
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 15 Wiki Activity

Add PIV tests.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2024-03-28 01:20:48 +01:00
parent a9797ae1ba
commit e0daea80af
12 changed files with 303 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
tests/docker/jammy/yubico-piv-tool.patch Normal file
View File

@@ -0,0 +1,68 @@
diff --git a/lib/tests/api.c b/lib/tests/api.c
index fb7c1a8..b569ec3 100644
--- a/lib/tests/api.c
+++ b/lib/tests/api.c
@@ -515,7 +515,7 @@ START_TEST(test_pin_policy_always) {
unsigned char rand[128] = {0};
size_t sig_len = sizeof(signature);
- size_t padlen = 256;
+ size_t padlen = 512;
unsigned int enc_len;
unsigned int data_len;
@@ -1009,8 +1009,8 @@ END_TEST
START_TEST(test_pin_cache) {
ykpiv_rc res;
ykpiv_state *local_state;
- unsigned char data[256] = {0};
- unsigned char data_in[256] = {0};
+ unsigned char data[512] = {0};
+ unsigned char data_in[512] = {0};
int len = sizeof(data);
size_t len2 = sizeof(data);
@@ -1028,17 +1028,17 @@ START_TEST(test_pin_cache) {
ck_assert_int_eq(res, YKPIV_OK);
// Verify decryption does not work without auth
- res = ykpiv_decipher_data(g_state, data_in, (size_t)len, data, &len2, YKPIV_ALGO_RSA2048, 0x9a);
+ res = ykpiv_decipher_data(g_state, data_in, (size_t)len, data, &len2, YKPIV_ALGO_RSA4096, 0x9a);
ck_assert_int_eq(res, YKPIV_AUTHENTICATION_ERROR);
// Verify decryption does work when authed
res = ykpiv_verify_select(g_state, "123456", 6, NULL, true);
ck_assert_int_eq(res, YKPIV_OK);
- res = ykpiv_decipher_data(g_state, data_in, (size_t)len, data, &len2, YKPIV_ALGO_RSA2048, 0x9a);
+ res = ykpiv_decipher_data(g_state, data_in, (size_t)len, data, &len2, YKPIV_ALGO_RSA4096, 0x9a);
ck_assert_int_eq(res, YKPIV_OK);
// Verify PIN policy allows continuing to decrypt without re-verifying
- res = ykpiv_decipher_data(g_state, data_in, (size_t)len, data, &len2, YKPIV_ALGO_RSA2048, 0x9a);
+ res = ykpiv_decipher_data(g_state, data_in, (size_t)len, data, &len2, YKPIV_ALGO_RSA4096, 0x9a);
ck_assert_int_eq(res, YKPIV_OK);
// Create a new ykpiv state, connect, and close it.
@@ -1059,7 +1059,7 @@ START_TEST(test_pin_cache) {
//
// Note that you can verify that this fails by rebuilding with
// DISABLE_PIN_CACHE set to 1.
- res = ykpiv_decipher_data(g_state, data_in, (size_t)len, data, &len2, YKPIV_ALGO_RSA2048, 0x9a);
+ res = ykpiv_decipher_data(g_state, data_in, (size_t)len, data, &len2, YKPIV_ALGO_RSA4096, 0x9a);
ck_assert_int_eq(res, YKPIV_OK);
}
END_TEST
diff --git a/tools/confirm.sh b/tools/confirm.sh
index 81c10ac..4ab15c5 100755
--- a/tools/confirm.sh
+++ b/tools/confirm.sh
@@ -20,7 +20,8 @@ echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WA
echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
echo >&0
echo -n "Are you SURE you wish to proceed? If so, type 'CONFIRM': " >&0
-
+echo "0"
+exit 0
read CONFIRM
if [[ "x$CONFIRM" != "xCONFIRM" ]]; then
echo "1"