Add test cases that test the signing and signature verification with the
elliptic curves prime192v1 and prime256v1, also known as NIST P192 and
P256. These curves will soon be supported by Linux. If OpenSSL cannot
generate prime192v1 keys, as is the case on Fedora, where this curve is
not supported, the respective tests will be skipped automatically.
The r and s integer components of the signature can have varying size.
Therefore we do the size checks for the entire signature with a regular
expression that accounts for the varying size. The most typical cases
are supported following hours of running the tests with varying keys.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Older distros, such as Ubuntu Xenial or Centos 7, fail to calculate the
keyid properly in the bash script. Adding 'tail -n1' into the pipe fixes
the issue since we otherwise have two numbers in 'id' due to two
'BIT STRING's.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
cmp is not by default installed on some containers
(unlike other tools e.g. cut, tr from coreutils or grep).
Also cmp implementation from busybox doesn't support -b, thus detect it.
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Bruno Meneguele <bmeneg@redhat.com>(Fedora,CentOS 8(RHEL actually))
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
