Skip to content

Commit

Permalink
test: add venom test-suite
Browse files Browse the repository at this point in the history 
Signed-off-by: Pierre-Henri Symoneaux <[email protected]>
  • Loading branch information
@phsym
phsym committed Nov 18, 2024
1 parent 20f9c76 commit 298e2f6
Show file tree
Hide file tree
Showing 5 changed files with 426 additions and 1 deletion.
5 changes: 4 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,4 +47,7 @@ tmp.CHANGELOG.md
/git-cliff-*

.config/
.cache/
.cache/

# Venom tests output
tests/out
2 changes: 2 additions & 0 deletions tests/cfg/vars.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
cmd_path: ../okms
cfg_path: ../okms.yaml
329 changes: 329 additions & 0 deletions tests/keys.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,329 @@
name: okms-cli keys test suite
description: Test the OKMS keys subcommand
testcases:
- name: Create Keys
steps:
- name: Create an AES 256 key
type: okms-cmd
args: keys new --type oct --size 256 test-aes-1 --usage encrypt,decrypt,wrapKey,unwrapKey
assertions:
- result.code ShouldEqual 0
vars:
aesKeyId:
from: result.systemoutjson.id
- name: Create an RSA 2048 key pair
type: okms-cmd
args: keys new --type rsa --size 2048 test-rsa-1 --usage sign,verify
assertions:
- result.code ShouldEqual 0
vars:
rsaKeyId:
from: result.systemoutjson.id
- name: Create an ECDSA P-256 key pair
type: okms-cmd
args: keys new --type ec --curve P-256 test-ecdsa-1 --usage sign,verify
assertions:
- result.code ShouldEqual 0
vars:
ecKeyId:
from: result.systemoutjson.id
- name: Get the {{ .value.kind }} keys
type: okms-cmd
range:
- keyId: "{{ .Create-Keys.aesKeyId }}"
kind: AES
- keyId: "{{ .Create-Keys.rsaKeyId }}"
kind: RSA
- keyId: "{{ .Create-Keys.ecKeyId }}"
kind: ECDSA
args: keys get {{ .value.keyId }}
assertions:
- result.code ShouldEqual 0
- result.systemoutjson.id ShouldEqual {{ .value.keyId }}
- name: List the keys and check {{ .value.kind }}
type: okms-cmd
range:
- keyId: "{{ .Create-Keys.aesKeyId }}"
kind: AES
- keyId: "{{ .Create-Keys.rsaKeyId }}"
kind: RSA
- keyId: "{{ .Create-Keys.ecKeyId }}"
kind: ECDSA
args: keys ls
assertions:
- result.code ShouldEqual 0
- result.systemoutjson.objects_list ShouldJSONContainWithKey id {{ .value.keyId }}

- name: AES Encryption
steps:
- name: Encrypt data
type: okms-cmd
args: keys encrypt {{ .Create-Keys.aesKeyId }} "Hello World !!!"
assertions:
- result.code ShouldEqual 0
vars:
ciphertext:
from: result.systemoutjson
- name: Decrypt data
type: okms-cmd
args: keys decrypt {{ .Create-Keys.aesKeyId }} {{ .ciphertext }}
format: text
assertions:
- result.code ShouldEqual 0
- result.systemout ShouldEqual "Hello World !!!"

- name: Data Keys
steps:
- name: Generate data key
type: okms-cmd
args: keys datakey new {{ .Create-Keys.aesKeyId }} --name test-dk --size 256
vars:
plainDatakey:
from: result.systemoutjson.plain
cipherDatakey:
from: result.systemoutjson.encrypted
assertions:
- result.code ShouldEqual 0

- name: Decrypt data key
type: okms-cmd
args: keys datakey decrypt {{ .Create-Keys.aesKeyId }} "{{ .cipherDatakey }}"
assertions:
- result.code ShouldEqual 0
- result.systemoutjson ShouldEqual {{ .plainDatakey }}

- name: AEAD streaming encryption
steps:
- name: Create large file
script: mkdir -p ./data && dd if=/dev/urandom of=./data/plain.bin bs=51200 count=10000
- name: Checksum file
script: sha256sum ./data/plain.bin > data/checksum.txt
- name: Encrypt file
type: okms-cmd
args: keys encrypt --dk {{ .Create-Keys.aesKeyId }} @./data/plain.bin data/encrypted.out
assertions:
- result.code ShouldEqual 0
- name: Decrypt file
type: okms-cmd
args: keys decrypt --dk {{ .Create-Keys.aesKeyId }} @data/encrypted.out ./data/plain.bin
assertions:
- result.code ShouldEqual 0
- name: Verify decrypted output
script: sha256sum -c data/checksum.txt
assertions:
- result.code ShouldEqual 0
- name: Cleanup files
script: rm -Rf ./data

- name: Asymmetric RSA signature
steps:
- name: Sign RS256
type: okms-cmd
args: keys sign --alg RS256 {{ .Create-Keys.rsaKeyId }} "hello world !!!"
vars:
signature:
from: result.systemoutjson
assertions:
- result.code ShouldEqual 0
- name: Verify RS256
type: okms-cmd
args: keys verify --alg RS256 {{ .Create-Keys.rsaKeyId }} "hello world !!!" {{ .signature }}
assertions:
- result.code ShouldEqual 0
- name: Local verify RS256
type: okms-cmd
args: keys verify --alg RS256 --local {{ .Create-Keys.rsaKeyId }} "hello world !!!" {{ .signature }}
assertions:
- result.code ShouldEqual 0
- name: Sign PS256
type: okms-cmd
args: keys sign --alg PS256 {{ .Create-Keys.rsaKeyId }} "hello world !!!"
vars:
signature:
from: result.systemoutjson
assertions:
- result.code ShouldEqual 0
- name: Verify PS256
type: okms-cmd
args: keys verify --alg PS256 {{ .Create-Keys.rsaKeyId }} "hello world !!!" {{ .signature }}
assertions:
- result.code ShouldEqual 0
- result.systemoutjson ShouldJSONEqual true
- name: Local verify PS256
type: okms-cmd
args: keys verify --alg PS256 --local {{ .Create-Keys.rsaKeyId }} "hello world !!!" {{ .signature }}
assertions:
- result.code ShouldEqual 0
# - result.systemoutjson ShouldJSONEqual true

- name: Verify wrong alg ES256
type: okms-cmd
args: keys verify --alg ES256 {{ .Create-Keys.rsaKeyId }} "hello world !!!" {{ .signature }}
assertions:
- result.code ShouldEqual 1
- name: Verify RS256 failure
type: okms-cmd
args: keys verify --alg RS256 {{ .Create-Keys.rsaKeyId }} "hello world !!!" "bad signature"
assertions:
- result.code ShouldEqual 1
- result.systemoutjson ShouldJSONEqual false

- name: Asymmetric ECDSA signature
steps:
- name: Sign ES256
type: okms-cmd
args: keys sign --alg ES256 {{ .Create-Keys.ecKeyId }} "hello world !!!"
vars:
signature:
from: result.systemoutjson
assertions:
- result.code ShouldEqual 0
- name: Verify ES256
type: okms-cmd
args: keys verify --alg ES256 {{ .Create-Keys.ecKeyId }} "hello world !!!" {{ .signature }}
assertions:
- result.code ShouldEqual 0
- name: Local verify ES256
type: okms-cmd
args: keys verify --alg ES256 --local {{ .Create-Keys.ecKeyId }} "hello world !!!" {{ .signature }}
assertions:
- result.code ShouldEqual 0
- name: Sign ES256
type: okms-cmd
args: keys sign --alg ES256 {{ .Create-Keys.ecKeyId }} "hello world !!!"
vars:
signature:
from: result.systemoutjson
assertions:
- result.code ShouldEqual 0
- name: Verify ES256
type: okms-cmd
args: keys verify --alg ES256 {{ .Create-Keys.ecKeyId }} "hello world !!!" {{ .signature }}
assertions:
- result.code ShouldEqual 0
- result.systemoutjson ShouldJSONEqual true
- name: Local verify ES256
type: okms-cmd
args: keys verify --alg ES256 --local {{ .Create-Keys.ecKeyId }} "hello world !!!" {{ .signature }}
assertions:
- result.code ShouldEqual 0
# - result.systemoutjson ShouldJSONEqual true

- name: Verify wrong alg ES384
type: okms-cmd
args: keys verify --alg ES384 {{ .Create-Keys.ecKeyId }} "hello world !!!" {{ .signature }}
assertions:
- result.code ShouldEqual 1
- name: Verify ES256 failure
type: okms-cmd
args: keys verify --alg ES256 {{ .Create-Keys.ecKeyId }} "hello world !!!" "bad signature"
assertions:
- result.code ShouldEqual 1
- result.systemoutjson ShouldJSONEqual false

- name: Key export
steps:
- name: Export AES
type: okms-cmd
format: text
args: keys export {{ .Create-Keys.aesKeyId }}
assertions:
- result.code ShouldEqual 1
- name: Export RSA to PKCS1
type: okms-cmd
format: text
args: keys export {{ .Create-Keys.rsaKeyId }} --format pkcs1
assertions:
- result.code ShouldEqual 0
- result.systemout ShouldStartWith "-----BEGIN RSA PUBLIC KEY-----"
- result.systemout ShouldEndWith "-----END RSA PUBLIC KEY-----"
- name: Export RSA to SPKI/PKIX
type: okms-cmd
format: text
args: keys export {{ .Create-Keys.rsaKeyId }} --format pkix
assertions:
- result.code ShouldEqual 0
- result.systemout ShouldStartWith "-----BEGIN PUBLIC KEY-----"
- result.systemout ShouldEndWith "-----END PUBLIC KEY-----"
- name: Export RSA to OpenSSH
type: okms-cmd
format: text
args: keys export {{ .Create-Keys.rsaKeyId }} --format openssh
assertions:
- result.code ShouldEqual 0
- result.systemout ShouldStartWith "ssh-rsa "
- name: Export ECDSA to PKCS1
type: okms-cmd
format: text
args: keys export {{ .Create-Keys.ecKeyId }} --format pkcs1
assertions:
- result.code ShouldEqual 1
- name: Export ECDSA to SPKI/PKIX
type: okms-cmd
format: text
args: keys export {{ .Create-Keys.ecKeyId }} --format pkix
assertions:
- result.code ShouldEqual 0
- result.systemout ShouldStartWith "-----BEGIN PUBLIC KEY-----"
- result.systemout ShouldEndWith "-----END PUBLIC KEY-----"
- name: Export ECDSA to OpenSSH
type: okms-cmd
format: text
args: keys export {{ .Create-Keys.ecKeyId }} --format openssh
assertions:
- result.code ShouldEqual 0
- result.systemout ShouldStartWith "ecdsa-sha2-nistp256 "

- name: Key import
steps:
- name: Import AES key
type: okms-cmd
args: keys import --usage encrypt,decrypt --symmetric test-import-aes YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE=
assertions:
- result.code ShouldEqual 0
- name: Import RSA PKCS1 key
type: okms-cmd
args: keys import --usage sign,verify test-import-rsa-pkcs1 @testdata/rsa_pkcs1.priv.pem
assertions:
- result.code ShouldEqual 0
- name: Import RSA PKCS8 key
type: okms-cmd
args: keys import --usage sign,verify test-import-rsa-pkcs8 @testdata/rsa_pkcs8.priv.pem
assertions:
- result.code ShouldEqual 0
- name: Import RSA openssh key
type: okms-cmd
args: keys import --usage sign,verify test-import-rsa-ssh @testdata/rsa_ssh.priv.pem
assertions:
- result.code ShouldEqual 0

- name: Import ECDSA SEC1 key
type: okms-cmd
args: keys import --usage sign,verify test-import-ecdsa-sec1 @testdata/ecdsa_sec1.priv.pem
assertions:
- result.code ShouldEqual 0
- name: Import ECDSA PKCS8 key
type: okms-cmd
args: keys import --usage sign,verify test-import-ecdsa-pkcs8 @testdata/ecdsa_pkcs8.priv.pem
assertions:
- result.code ShouldEqual 0
- name: Import ECDSA openssh key
type: okms-cmd
args: keys import --usage sign,verify test-import-ecdsa-ssh @testdata/ecdsa_ssh.priv.pem
assertions:
- result.code ShouldEqual 0

- name: Delete the keys
steps:
- name: Force delete the {{ .value.kind }} key
type: okms-cmd
range:
- keyId: "{{ .Create-Keys.aesKeyId }}"
kind: AES
- keyId: "{{ .Create-Keys.rsaKeyId }}"
kind: RSA
- keyId: "{{ .Create-Keys.ecKeyId }}"
kind: ECDSA
args: keys delete {{ .value.keyId }} --force
assertions:
- result.code ShouldEqual 0
18 changes: 18 additions & 0 deletions tests/lib/okms-cmd.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
executor: okms-cmd
input:
args: {}
format: json
steps:
- script: mkdir -p ./out/coverage && GOCOVERDIR=./out/coverage {{ .cmd_path }} -c {{ .cfg_path }} --output {{ .input.format }} {{ .input.args }}
# info: "{{ .cmd_path }} -c {{ .cfg_path }} --output {{ .input.format }} {{ .input.args }}"
vars:
code:
from: result.code
systemout:
from: result.systemout
assertions:
# Needed to overwrite default assertion which checks that code is equal to 0
- result.code ShouldNotBeNil
output:
code: "{{.code}}"
systemout: "{{.systemout}}"
Loading

0 comments on commit 298e2f6

Please sign in to comment.