OpenSC
diff --git a/‎tests/Makefile.am‎
Lines changed: 5 additions & 1 deletion b/‎tests/Makefile.am‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎tests/common.sh‎
Lines changed: 9 additions & 4 deletions b/‎tests/common.sh‎
Lines changed: 9 additions & 4 deletions
diff --git a/‎tests/ed25519-cert.der‎
316 Bytes b/‎tests/ed25519-cert.der‎
316 Bytes
diff --git a/‎tests/ed25519-privkey.der‎
48 Bytes b/‎tests/ed25519-privkey.der‎
48 Bytes
diff --git a/‎tests/ed25519-pubkey.der‎
44 Bytes b/‎tests/ed25519-pubkey.der‎
44 Bytes
diff --git a/‎tests/ed448-cert.der‎
388 Bytes b/‎tests/ed448-cert.der‎
388 Bytes
diff --git a/‎tests/ed448-privkey.der‎
73 Bytes b/‎tests/ed448-privkey.der‎
73 Bytes
diff --git a/‎tests/ed448-pubkey.der‎
69 Bytes b/‎tests/ed448-pubkey.der‎
69 Bytes
diff --git a/‎tests/provider-ed25519-check-privkey.softhsm‎
Lines changed: 81 additions & 0 deletions b/‎tests/provider-ed25519-check-privkey.softhsm‎
Lines changed: 81 additions & 0 deletions
diff --git a/‎tests/provider-ed448-check-privkey.softhsm‎
Lines changed: 81 additions & 0 deletions b/‎tests/provider-ed448-check-privkey.softhsm‎
Lines changed: 81 additions & 0 deletions
@@ -65,6 +65,8 @@ dist_check_SCRIPTS = \
 	provider-ec-check-privkey.softhsm \
 	provider-ec-check-all.softhsm \
 	provider-ec-copy.softhsm \
+	provider-ed25519-check-privkey.softhsm \
+	provider-ed448-check-privkey.softhsm \
 	provider-ed25519-keygen.softhsm \
 	provider-ed448-keygen.softhsm \
 	provider-fork-change-slot.softhsm \
@@ -73,7 +75,9 @@ dist_check_SCRIPTS = \
 	provider-search-all-matching-tokens.softhsm
 dist_check_DATA = \
 	rsa-cert.der rsa-privkey.der rsa-pubkey.der \
-	ec-cert.der ec-privkey.der ec-pubkey.der
+	ec-cert.der ec-privkey.der ec-pubkey.der \
+	ed25519-cert.der ed25519-privkey.der ed25519-pubkey.der \
+	ed448-cert.der ed448-privkey.der ed448-pubkey.der
 
 ed25519_keygen_SOURCES = ed25519-keygen.c eddsa_common.c
 ed448_keygen_SOURCES = ed448-keygen.c eddsa_common.c
 
@@ -244,10 +244,15 @@ init_token () {
 		import_objects ${key_type} "${common_label}-$i" ${obj_id} "${obj_label}-$i" "$@"
 
 		# List the objects imported into the token
-		list_objects "${common_label}-$i"
+		if [[ $? -eq 0 ]]; then
+			list_objects "${common_label}-$i"
+		else
+			return 77
+		fi
 
 		i=$(($i + 1))
 	done
+	return 0
 }
 
 # Write an object (privkey, pubkey, cert) to the token
@@ -272,10 +277,10 @@ import_objects () {
 				--id ${obj_id} --label "${obj_label}" >/dev/null
 			if [[ $? -eq 0 ]]; then
 				echo ok
-			else
-				echo failed
-				exit 1
+				continue
 			fi
+			echo "pkcs11-tool cannot import ${key_type} ${param}"
+			return 77
 		else
 			echo "Skipping empty parameter"
 		fi
 
@@ -0,0 +1,81 @@
+#!/bin/bash
+
+# Copyright © 2026 Mobi - Com Polska Sp. z o.o.
+# Author: Małgorzata Olszówka <Malgorzata.Olszowka@stunnel.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>
+#
+# EdDSA public key resolution tests
+#
+# The provider resolves the public key for a private key as follows:
+#   1. CKO_PUBLIC_KEY (CKA_EC_POINT)
+#   2. CKO_CERTIFICATE (CKA_VALUE + X.509 parsing)
+#
+# Ed25519:
+# Import privkey + cert only (no pubkey) to exercise the CKO_CERTIFICATE fallback path.
+
+outdir="output.$$"
+
+# Load common test functions
+. ${srcdir}/common.sh
+
+PRIVATE_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=${PIN}"
+CERTIFICATE_URL="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=cert"
+
+# Do the token initialization
+init_token "ed25519" "1" "libp11" ${ID} "server-key" "privkey" "" "cert"
+if [[ $? -eq 77 ]]; then
+	echo "Ed448 key test skipped."
+	rm -rf "$outdir"
+	exit 77
+fi
+
+# Ensure the use of the locally built provider; applies after running 'pkcs11-tool'
+unset OPENSSL_ENGINES
+export OPENSSL_MODULES="../src/.libs/"
+export PKCS11_MODULE_PATH=${MODULE}
+echo "OPENSSL_MODULES=${OPENSSL_MODULES}"
+echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}"
+
+# Load openssl settings
+. ${srcdir}/openssl-settings.sh
+
+# Restore openssl settings
+trap cleanup EXIT
+
+${OPENSSL} x509 -in ${srcdir}/ed25519-cert.der -inform DER -outform PEM \
+	-out ${outdir}/ed25519-cert.pem
+CERTIFICATE="${outdir}/ed25519-cert.pem"
+
+# Run the test
+${WRAPPER} ./check-privkey-prov ${CERTIFICATE} ${PRIVATE_KEY}
+rc=$?
+if [[ $rc -eq 77 ]]; then
+	echo "Ed25519 key test skipped."
+	rm -rf "$outdir"
+	exit 77
+elif [[ $rc -ne 0 ]]; then
+	echo "The private key loading couldn't get the public key from the certificate."
+	exit 1
+fi
+
+./check-privkey-prov ${CERTIFICATE_URL} ${PRIVATE_KEY}
+if [[ $? -ne 0 ]]; then
+	echo "The private key loading couldn't get the public key from the certificate URL."
+	exit 1
+fi
+
+rm -rf "$outdir"
+
+exit 0
@@ -0,0 +1,81 @@
+#!/bin/bash
+
+# Copyright © 2026 Mobi - Com Polska Sp. z o.o.
+# Author: Małgorzata Olszówka <Malgorzata.Olszowka@stunnel.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>
+#
+# EdDSA public key resolution tests
+#
+# The provider resolves the public key for a private key as follows:
+#   1. CKO_PUBLIC_KEY (CKA_EC_POINT)
+#   2. CKO_CERTIFICATE (CKA_VALUE + X.509 parsing)
+#
+# Ed448:
+# Import privkey + pubkey + cert to exercise the direct CKO_PUBLIC_KEY lookup path.
+
+outdir="output.$$"
+
+# Load common test functions
+. ${srcdir}/common.sh
+
+PRIVATE_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=${PIN}"
+CERTIFICATE_URL="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=cert"
+
+# Do the token initialization
+init_token "ed448" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert"
+if [[ $? -eq 77 ]]; then
+	echo "Ed448 key test skipped."
+	rm -rf "$outdir"
+	exit 77
+fi
+
+# Ensure the use of the locally built provider; applies after running 'pkcs11-tool'
+unset OPENSSL_ENGINES
+export OPENSSL_MODULES="../src/.libs/"
+export PKCS11_MODULE_PATH=${MODULE}
+echo "OPENSSL_MODULES=${OPENSSL_MODULES}"
+echo "PKCS11_MODULE_PATH=${PKCS11_MODULE_PATH}"
+
+# Load openssl settings
+. ${srcdir}/openssl-settings.sh
+
+# Restore openssl settings
+trap cleanup EXIT
+
+${OPENSSL} x509 -in ${srcdir}/ed448-cert.der -inform DER -outform PEM \
+	-out ${outdir}/ed448-cert.pem
+CERTIFICATE="${outdir}/ed448-cert.pem"
+
+# Run the test
+${WRAPPER} ./check-privkey-prov ${CERTIFICATE} ${PRIVATE_KEY}
+rc=$?
+if [[ $rc -eq 77 ]]; then
+	echo "Ed448 key test skipped."
+	rm -rf "$outdir"
+	exit 77
+elif [[ $rc -ne 0 ]]; then
+	echo "The private key loading couldn't get the public key from the certificate."
+	exit 1
+fi
+
+./check-privkey-prov ${CERTIFICATE_URL} ${PRIVATE_KEY}
+if [[ $? -ne 0 ]]; then
+	echo "The private key loading couldn't get the public key from the certificate URL."
+	exit 1
+fi
+
+rm -rf "$outdir"
+
+exit 0