Skip to content

Add tests for custom signing functions#462

Merged
bifurcation merged 9 commits intomainfrom
feature/custom-signer-tests
Apr 13, 2026
Merged

Add tests for custom signing functions#462
bifurcation merged 9 commits intomainfrom
feature/custom-signer-tests

Conversation

@bifurcation
Copy link
Copy Markdown
Contributor

@bifurcation bifurcation commented Apr 10, 2026

Summary

Builds on top of #424 to add tests demonstrating the custom signer functionality:

  • OpenSSL Wrapper test: Creates a signing callback that wraps an HPKE-layer private key, demonstrating how an application could integrate any external signing mechanism
  • macOS Keychain test: Uses Security.framework to create a P-256 key and sign with it via SecKeyCreateSignature, showing real-world HSM/secure enclave integration

Test plan

  • OpenSSL wrapper test passes for all cipher suites
  • macOS Keychain test passes (P-256 only, conditional on HAVE_SECURITY_FRAMEWORK)

Notes

This PR depends on #424 being merged first.

🤖 Generated with Claude Code

rcombs and others added 3 commits May 22, 2024 17:04
@rcombs
Support custom signing routines in SignaturePrivateKey
e09c8dd 
This enables support for signing with non-extractable private keys (e.g. TPM-bound).
@bifurcation @claude
Add tests for custom signing functions
58dc8c7 
- Add test wrapping an HPKE-layer private key with SignerFunc
- Add macOS Keychain test using Security.framework (conditional)
- Link Security.framework on macOS for Keychain tests

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@bifurcation @claude
Add throwing serialization for non-exportable keys
22fe161 
- Replace TLS_SERIALIZABLE with custom operators that throw on
  non-exportable keys
- Add exportable() method to check if key can be serialized
- Add tests verifying serialization throws for external signers
- Add tests verifying normal keys serialize/deserialize correctly

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@bifurcation bifurcation mentioned this pull request Apr 10, 2026
Merged
@bifurcation @claude
Add missing #include <functional>
ee170ad 
Required for std::function used by SignerFunc.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@bifurcation bifurcation mentioned this pull request Apr 10, 2026
Closed
5 tasks
bifurcation and others added 5 commits April 10, 2026 14:38
@bifurcation
Merge remote-tracking branch 'origin/main' into feature/custom-signer…
e5dc3cc 
…-tests
@bifurcation @claude
Fix test to use all_supported_cipher_suites
44dd2c6 
After merging main, update test to use the renamed array.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@bifurcation @claude
Fix formatting issues from merge
d537b2d 
Apply clang-format to fix code style after merging main.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@bifurcation @claude
Update CI to use clang-format 19
98d9f5a 
Upgrade from clang-format 16 to 19 to match modern formatting.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@bifurcation
Merge branch 'main' into feature/custom-signer-tests
90f7776
@bifurcation bifurcation merged commit 92aaa41 into main Apr 13, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bifurcation @rcombs