test PIV extensions

canokeys · Jul 7, 2024 · 4a2644e · 4a2644e
1 parent b4cf840
commit 4a2644e
Showing 1 changed file with 17 additions and 3 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -442,11 +442,25 @@ jobs:
           key=$1
           pinArgs=
           op=$3
+          algoArgs=
+          inp_file=$TEST_TMP_DIR/cert-$key.pem
           if [[ -n "$2" ]]; then pinArgs="-P 654321 -a verify-pin"; fi
+          if [[ -n "$4" ]]; then algoArgs="-A $4"; fi
+          if [[ $4 == X25519 ]]; then inp_file= /tmp/pubkey-$key.pem; fi
           if [[ -z "$op" || s = "$op" ]]; then yubico-piv-tool -r "$RDID" $pinArgs -a test-signature -s $key < /tmp/cert-$key.pem; fi
-          if [[ -z "$op" || d = "$op" ]]; then yubico-piv-tool -r "$RDID" $pinArgs -a test-decipher -s $key < /tmp/cert-$key.pem; fi
+          if [[ -z "$op" || d = "$op" ]]; then yubico-piv-tool -r "$RDID" $pinArgs -a test-decipher -s $key $algoArgs < $inp_file; fi
         }
-        ## RSA2048 tests
+        ## ED25519 tests
+        for s in 9a 9c 9d 9e; do PIVGenKeyCert $s "/CN=CertAtSlot$s/" ED25519; done
+        yubico-piv-tool -r "$RDID" -a status
+        for s in 9a 9c 9d 9e 82 83; do PIVSignDec $s 1 s; done
+        ## X25519 tests
+        for s in 9a 9c 9d 9e; do PIVGenKeyCert $s "/CN=CertAtSlot$s/" X25519; done
+        yubico-piv-tool -r "$RDID" -a status
+        for s in 9a 9c 9d 9e 82 83; do PIVSignDec $s 1 d X25519; done
+        ## RSA tests
+        for s in 9a 9c 9d 9e 82 83; do PIVGenKeyCert $s "/CN=CertAtSlot$s/" RSA3072; done
+        for s in 9a 9c 9d 9e 82 83; do PIVGenKeyCert $s "/CN=CertAtSlot$s/" RSA4096; done
         for s in 9a 9c 9d 9e 82 83; do PIVGenKeyCert $s "/CN=CertAtSlot$s/" RSA2048; done
         yubico-piv-tool -r "$RDID" -a status
         PIVSignDec 9e # PIN not required for key 9e
@@ -501,7 +515,7 @@ jobs:
         ## Test long data object
         yubico-piv-tool -r "$RDID" -a set-ccc -a set-chuid -a status
         for s in 9a 9c 9d 9e 82 83; do
-          PIVGenKeyCert $s "/CN=CertAtSlot$s/" RSA2048
+          PIVGenKeyCert $s "/CN=CertAtSlot$s/" RSA4096
           yubico-piv-tool -r "$RDID" -a import-certificate -s $s -i test-via-pcsc/long-cert.pem
         done