From 4a2644e549161c4b2ff979209b5b483a38204909 Mon Sep 17 00:00:00 2001
From: z4yx <z4yx@users.noreply.github.com>
Date: Sun, 7 Jul 2024 12:19:19 +0800
Subject: [PATCH] test PIV extensions

---
 .github/workflows/tests.yml | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 1b415bf6..5401b9ee 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -442,11 +442,25 @@ jobs:
           key=$1
           pinArgs=
           op=$3
+          algoArgs=
+          inp_file=$TEST_TMP_DIR/cert-$key.pem
           if [[ -n "$2" ]]; then pinArgs="-P 654321 -a verify-pin"; fi
+          if [[ -n "$4" ]]; then algoArgs="-A $4"; fi
+          if [[ $4 == X25519 ]]; then inp_file= /tmp/pubkey-$key.pem; fi
           if [[ -z "$op" || s = "$op" ]]; then yubico-piv-tool -r "$RDID" $pinArgs -a test-signature -s $key < /tmp/cert-$key.pem; fi
-          if [[ -z "$op" || d = "$op" ]]; then yubico-piv-tool -r "$RDID" $pinArgs -a test-decipher -s $key < /tmp/cert-$key.pem; fi
+          if [[ -z "$op" || d = "$op" ]]; then yubico-piv-tool -r "$RDID" $pinArgs -a test-decipher -s $key $algoArgs < $inp_file; fi
         }
-        ## RSA2048 tests
+        ## ED25519 tests
+        for s in 9a 9c 9d 9e; do PIVGenKeyCert $s "/CN=CertAtSlot$s/" ED25519; done
+        yubico-piv-tool -r "$RDID" -a status
+        for s in 9a 9c 9d 9e 82 83; do PIVSignDec $s 1 s; done
+        ## X25519 tests
+        for s in 9a 9c 9d 9e; do PIVGenKeyCert $s "/CN=CertAtSlot$s/" X25519; done
+        yubico-piv-tool -r "$RDID" -a status
+        for s in 9a 9c 9d 9e 82 83; do PIVSignDec $s 1 d X25519; done
+        ## RSA tests
+        for s in 9a 9c 9d 9e 82 83; do PIVGenKeyCert $s "/CN=CertAtSlot$s/" RSA3072; done
+        for s in 9a 9c 9d 9e 82 83; do PIVGenKeyCert $s "/CN=CertAtSlot$s/" RSA4096; done
         for s in 9a 9c 9d 9e 82 83; do PIVGenKeyCert $s "/CN=CertAtSlot$s/" RSA2048; done
         yubico-piv-tool -r "$RDID" -a status
         PIVSignDec 9e # PIN not required for key 9e
@@ -501,7 +515,7 @@ jobs:
         ## Test long data object
         yubico-piv-tool -r "$RDID" -a set-ccc -a set-chuid -a status
         for s in 9a 9c 9d 9e 82 83; do
-          PIVGenKeyCert $s "/CN=CertAtSlot$s/" RSA2048
+          PIVGenKeyCert $s "/CN=CertAtSlot$s/" RSA4096
           yubico-piv-tool -r "$RDID" -a import-certificate -s $s -i test-via-pcsc/long-cert.pem
         done