-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Pierre-Henri Symoneaux <[email protected]>
- Loading branch information
Showing
5 changed files
with
426 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -47,4 +47,7 @@ tmp.CHANGELOG.md | |
/git-cliff-* | ||
|
||
.config/ | ||
.cache/ | ||
.cache/ | ||
|
||
# Venom tests output | ||
tests/out |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
cmd_path: ../okms | ||
cfg_path: ../okms.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,329 @@ | ||
name: okms-cli keys test suite | ||
description: Test the OKMS keys subcommand | ||
testcases: | ||
- name: Create Keys | ||
steps: | ||
- name: Create an AES 256 key | ||
type: okms-cmd | ||
args: keys new --type oct --size 256 test-aes-1 --usage encrypt,decrypt,wrapKey,unwrapKey | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
vars: | ||
aesKeyId: | ||
from: result.systemoutjson.id | ||
- name: Create an RSA 2048 key pair | ||
type: okms-cmd | ||
args: keys new --type rsa --size 2048 test-rsa-1 --usage sign,verify | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
vars: | ||
rsaKeyId: | ||
from: result.systemoutjson.id | ||
- name: Create an ECDSA P-256 key pair | ||
type: okms-cmd | ||
args: keys new --type ec --curve P-256 test-ecdsa-1 --usage sign,verify | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
vars: | ||
ecKeyId: | ||
from: result.systemoutjson.id | ||
- name: Get the {{ .value.kind }} keys | ||
type: okms-cmd | ||
range: | ||
- keyId: "{{ .Create-Keys.aesKeyId }}" | ||
kind: AES | ||
- keyId: "{{ .Create-Keys.rsaKeyId }}" | ||
kind: RSA | ||
- keyId: "{{ .Create-Keys.ecKeyId }}" | ||
kind: ECDSA | ||
args: keys get {{ .value.keyId }} | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- result.systemoutjson.id ShouldEqual {{ .value.keyId }} | ||
- name: List the keys and check {{ .value.kind }} | ||
type: okms-cmd | ||
range: | ||
- keyId: "{{ .Create-Keys.aesKeyId }}" | ||
kind: AES | ||
- keyId: "{{ .Create-Keys.rsaKeyId }}" | ||
kind: RSA | ||
- keyId: "{{ .Create-Keys.ecKeyId }}" | ||
kind: ECDSA | ||
args: keys ls | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- result.systemoutjson.objects_list ShouldJSONContainWithKey id {{ .value.keyId }} | ||
|
||
- name: AES Encryption | ||
steps: | ||
- name: Encrypt data | ||
type: okms-cmd | ||
args: keys encrypt {{ .Create-Keys.aesKeyId }} "Hello World !!!" | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
vars: | ||
ciphertext: | ||
from: result.systemoutjson | ||
- name: Decrypt data | ||
type: okms-cmd | ||
args: keys decrypt {{ .Create-Keys.aesKeyId }} {{ .ciphertext }} | ||
format: text | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- result.systemout ShouldEqual "Hello World !!!" | ||
|
||
- name: Data Keys | ||
steps: | ||
- name: Generate data key | ||
type: okms-cmd | ||
args: keys datakey new {{ .Create-Keys.aesKeyId }} --name test-dk --size 256 | ||
vars: | ||
plainDatakey: | ||
from: result.systemoutjson.plain | ||
cipherDatakey: | ||
from: result.systemoutjson.encrypted | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
|
||
- name: Decrypt data key | ||
type: okms-cmd | ||
args: keys datakey decrypt {{ .Create-Keys.aesKeyId }} "{{ .cipherDatakey }}" | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- result.systemoutjson ShouldEqual {{ .plainDatakey }} | ||
|
||
- name: AEAD streaming encryption | ||
steps: | ||
- name: Create large file | ||
script: mkdir -p ./data && dd if=/dev/urandom of=./data/plain.bin bs=51200 count=10000 | ||
- name: Checksum file | ||
script: sha256sum ./data/plain.bin > data/checksum.txt | ||
- name: Encrypt file | ||
type: okms-cmd | ||
args: keys encrypt --dk {{ .Create-Keys.aesKeyId }} @./data/plain.bin data/encrypted.out | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- name: Decrypt file | ||
type: okms-cmd | ||
args: keys decrypt --dk {{ .Create-Keys.aesKeyId }} @data/encrypted.out ./data/plain.bin | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- name: Verify decrypted output | ||
script: sha256sum -c data/checksum.txt | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- name: Cleanup files | ||
script: rm -Rf ./data | ||
|
||
- name: Asymmetric RSA signature | ||
steps: | ||
- name: Sign RS256 | ||
type: okms-cmd | ||
args: keys sign --alg RS256 {{ .Create-Keys.rsaKeyId }} "hello world !!!" | ||
vars: | ||
signature: | ||
from: result.systemoutjson | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- name: Verify RS256 | ||
type: okms-cmd | ||
args: keys verify --alg RS256 {{ .Create-Keys.rsaKeyId }} "hello world !!!" {{ .signature }} | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- name: Local verify RS256 | ||
type: okms-cmd | ||
args: keys verify --alg RS256 --local {{ .Create-Keys.rsaKeyId }} "hello world !!!" {{ .signature }} | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- name: Sign PS256 | ||
type: okms-cmd | ||
args: keys sign --alg PS256 {{ .Create-Keys.rsaKeyId }} "hello world !!!" | ||
vars: | ||
signature: | ||
from: result.systemoutjson | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- name: Verify PS256 | ||
type: okms-cmd | ||
args: keys verify --alg PS256 {{ .Create-Keys.rsaKeyId }} "hello world !!!" {{ .signature }} | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- result.systemoutjson ShouldJSONEqual true | ||
- name: Local verify PS256 | ||
type: okms-cmd | ||
args: keys verify --alg PS256 --local {{ .Create-Keys.rsaKeyId }} "hello world !!!" {{ .signature }} | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
# - result.systemoutjson ShouldJSONEqual true | ||
|
||
- name: Verify wrong alg ES256 | ||
type: okms-cmd | ||
args: keys verify --alg ES256 {{ .Create-Keys.rsaKeyId }} "hello world !!!" {{ .signature }} | ||
assertions: | ||
- result.code ShouldEqual 1 | ||
- name: Verify RS256 failure | ||
type: okms-cmd | ||
args: keys verify --alg RS256 {{ .Create-Keys.rsaKeyId }} "hello world !!!" "bad signature" | ||
assertions: | ||
- result.code ShouldEqual 1 | ||
- result.systemoutjson ShouldJSONEqual false | ||
|
||
- name: Asymmetric ECDSA signature | ||
steps: | ||
- name: Sign ES256 | ||
type: okms-cmd | ||
args: keys sign --alg ES256 {{ .Create-Keys.ecKeyId }} "hello world !!!" | ||
vars: | ||
signature: | ||
from: result.systemoutjson | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- name: Verify ES256 | ||
type: okms-cmd | ||
args: keys verify --alg ES256 {{ .Create-Keys.ecKeyId }} "hello world !!!" {{ .signature }} | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- name: Local verify ES256 | ||
type: okms-cmd | ||
args: keys verify --alg ES256 --local {{ .Create-Keys.ecKeyId }} "hello world !!!" {{ .signature }} | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- name: Sign ES256 | ||
type: okms-cmd | ||
args: keys sign --alg ES256 {{ .Create-Keys.ecKeyId }} "hello world !!!" | ||
vars: | ||
signature: | ||
from: result.systemoutjson | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- name: Verify ES256 | ||
type: okms-cmd | ||
args: keys verify --alg ES256 {{ .Create-Keys.ecKeyId }} "hello world !!!" {{ .signature }} | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- result.systemoutjson ShouldJSONEqual true | ||
- name: Local verify ES256 | ||
type: okms-cmd | ||
args: keys verify --alg ES256 --local {{ .Create-Keys.ecKeyId }} "hello world !!!" {{ .signature }} | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
# - result.systemoutjson ShouldJSONEqual true | ||
|
||
- name: Verify wrong alg ES384 | ||
type: okms-cmd | ||
args: keys verify --alg ES384 {{ .Create-Keys.ecKeyId }} "hello world !!!" {{ .signature }} | ||
assertions: | ||
- result.code ShouldEqual 1 | ||
- name: Verify ES256 failure | ||
type: okms-cmd | ||
args: keys verify --alg ES256 {{ .Create-Keys.ecKeyId }} "hello world !!!" "bad signature" | ||
assertions: | ||
- result.code ShouldEqual 1 | ||
- result.systemoutjson ShouldJSONEqual false | ||
|
||
- name: Key export | ||
steps: | ||
- name: Export AES | ||
type: okms-cmd | ||
format: text | ||
args: keys export {{ .Create-Keys.aesKeyId }} | ||
assertions: | ||
- result.code ShouldEqual 1 | ||
- name: Export RSA to PKCS1 | ||
type: okms-cmd | ||
format: text | ||
args: keys export {{ .Create-Keys.rsaKeyId }} --format pkcs1 | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- result.systemout ShouldStartWith "-----BEGIN RSA PUBLIC KEY-----" | ||
- result.systemout ShouldEndWith "-----END RSA PUBLIC KEY-----" | ||
- name: Export RSA to SPKI/PKIX | ||
type: okms-cmd | ||
format: text | ||
args: keys export {{ .Create-Keys.rsaKeyId }} --format pkix | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- result.systemout ShouldStartWith "-----BEGIN PUBLIC KEY-----" | ||
- result.systemout ShouldEndWith "-----END PUBLIC KEY-----" | ||
- name: Export RSA to OpenSSH | ||
type: okms-cmd | ||
format: text | ||
args: keys export {{ .Create-Keys.rsaKeyId }} --format openssh | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- result.systemout ShouldStartWith "ssh-rsa " | ||
- name: Export ECDSA to PKCS1 | ||
type: okms-cmd | ||
format: text | ||
args: keys export {{ .Create-Keys.ecKeyId }} --format pkcs1 | ||
assertions: | ||
- result.code ShouldEqual 1 | ||
- name: Export ECDSA to SPKI/PKIX | ||
type: okms-cmd | ||
format: text | ||
args: keys export {{ .Create-Keys.ecKeyId }} --format pkix | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- result.systemout ShouldStartWith "-----BEGIN PUBLIC KEY-----" | ||
- result.systemout ShouldEndWith "-----END PUBLIC KEY-----" | ||
- name: Export ECDSA to OpenSSH | ||
type: okms-cmd | ||
format: text | ||
args: keys export {{ .Create-Keys.ecKeyId }} --format openssh | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- result.systemout ShouldStartWith "ecdsa-sha2-nistp256 " | ||
|
||
- name: Key import | ||
steps: | ||
- name: Import AES key | ||
type: okms-cmd | ||
args: keys import --usage encrypt,decrypt --symmetric test-import-aes YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE= | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- name: Import RSA PKCS1 key | ||
type: okms-cmd | ||
args: keys import --usage sign,verify test-import-rsa-pkcs1 @testdata/rsa_pkcs1.priv.pem | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- name: Import RSA PKCS8 key | ||
type: okms-cmd | ||
args: keys import --usage sign,verify test-import-rsa-pkcs8 @testdata/rsa_pkcs8.priv.pem | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- name: Import RSA openssh key | ||
type: okms-cmd | ||
args: keys import --usage sign,verify test-import-rsa-ssh @testdata/rsa_ssh.priv.pem | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
|
||
- name: Import ECDSA SEC1 key | ||
type: okms-cmd | ||
args: keys import --usage sign,verify test-import-ecdsa-sec1 @testdata/ecdsa_sec1.priv.pem | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- name: Import ECDSA PKCS8 key | ||
type: okms-cmd | ||
args: keys import --usage sign,verify test-import-ecdsa-pkcs8 @testdata/ecdsa_pkcs8.priv.pem | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
- name: Import ECDSA openssh key | ||
type: okms-cmd | ||
args: keys import --usage sign,verify test-import-ecdsa-ssh @testdata/ecdsa_ssh.priv.pem | ||
assertions: | ||
- result.code ShouldEqual 0 | ||
|
||
- name: Delete the keys | ||
steps: | ||
- name: Force delete the {{ .value.kind }} key | ||
type: okms-cmd | ||
range: | ||
- keyId: "{{ .Create-Keys.aesKeyId }}" | ||
kind: AES | ||
- keyId: "{{ .Create-Keys.rsaKeyId }}" | ||
kind: RSA | ||
- keyId: "{{ .Create-Keys.ecKeyId }}" | ||
kind: ECDSA | ||
args: keys delete {{ .value.keyId }} --force | ||
assertions: | ||
- result.code ShouldEqual 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
executor: okms-cmd | ||
input: | ||
args: {} | ||
format: json | ||
steps: | ||
- script: mkdir -p ./out/coverage && GOCOVERDIR=./out/coverage {{ .cmd_path }} -c {{ .cfg_path }} --output {{ .input.format }} {{ .input.args }} | ||
# info: "{{ .cmd_path }} -c {{ .cfg_path }} --output {{ .input.format }} {{ .input.args }}" | ||
vars: | ||
code: | ||
from: result.code | ||
systemout: | ||
from: result.systemout | ||
assertions: | ||
# Needed to overwrite default assertion which checks that code is equal to 0 | ||
- result.code ShouldNotBeNil | ||
output: | ||
code: "{{.code}}" | ||
systemout: "{{.systemout}}" |
Oops, something went wrong.