always create and use a pin.

removed --split-key, cardOS users have to specify it. three new tests. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1149 c6295689-39f2-0310-b995-f0e70906c6a9
2003-05-17 10:55:23 +00:00 · 2003-05-17 10:55:23 +00:00 · 4bfc94caed
parent 43931de993
commit 4bfc94caed
9 changed files with 127 additions and 11 deletions
--- a/src/tests/regression/functions
+++ b/src/tests/regression/functions
@ -74,9 +74,8 @@ cp /dev/null $p15log

 function atexit {

-	test "$p15temp" && rm -rf $p15temp
-
 	if ! $test_failed; then
+		test "$p15temp" && rm -rf $p15temp
 		msg <<-EOF
 		:::
 		::: ${__green}Test set completed successfully${__black}
@ -184,7 +183,7 @@ function p15_init {
 	::: Testing pkcs15-init
 	:::
 	::: The PINs used by this test script (if applicable) are
-	:::   Test SO PIN	abcdef
+	:::   Test SO PIN	999999
 	:::   Test User PIN	0000
 	:::
 EOF
@ -226,7 +225,6 @@ function p15_gen_key {

 	msg "Generating key ($*)"
 	run_display_output $p15init -G $type \
-		--split-key \
 		--pin 0000 \
 		--id 45 \
 		--label "Test User Key" \
@ -234,6 +232,20 @@ function p15_gen_key {
 	success
 }

+function p15_exp_key {
+
+	keyfile=$1
+	shift
+
+	msg "Generating key ($*)"
+	run_display_output $p15tool \
+		--pin 0000 \
+		--read-public-key 45 \
+		--output $p15temp/$keyfile \
+		"$@"
+	success
+}
+
 function p15_store_key {

 	keyfile=$1
@ -241,7 +253,6 @@ function p15_store_key {

 	msg "Storing private key $keyfile ($*)"
 	run_display_output $p15init -S $keyfile \
-		--split-key \
 		--pin 0000 \
 		--id 45 \
 		--label "Test User Key" \
--- a/src/tests/regression/init0003
+++ b/src/tests/regression/init0003
@ -7,7 +7,8 @@
 . functions

 p15_init --no-so-pin
-p15_gen_key rsa/1024 --key-usage decrypt --insecure
-p15_validate
+p15_set_pin -a 01
+p15_gen_key rsa/1024 --key-usage decrypt -a 01
+p15_validate 
 p15_erase

--- a/src/tests/regression/init0004
+++ b/src/tests/regression/init0004
@ -7,7 +7,8 @@
 . functions

 p15_init --no-so-pin
-p15_gen_key rsa/1024 --insecure --key-usage sign
+p15_set_pin -a 01
+p15_gen_key rsa/1024 -a 01 --key-usage sign
 p15_validate
 p15_erase

--- a/src/tests/regression/init0005
+++ b/src/tests/regression/init0005
@ -7,7 +7,8 @@
 . functions

 p15_init --no-so-pin
-p15_gen_key rsa/512 --insecure --key-usage sign,decrypt
+p15_set_pin -a 01
+p15_gen_key rsa/512 -a 01 --key-usage sign,decrypt
 p15_validate
 p15_erase

--- a/src/tests/regression/init0006
+++ b/src/tests/regression/init0006
@ -9,12 +9,13 @@
 k=$p15temp/private.pem

 p15_init --no-so-pin
+p15_set_pin -a 01

 msg "Generating key with OpenSSL"
 run_check_status openssl genrsa -out $k -f4 1024
 success

-p15_store_key $k --insecure
+p15_store_key $k -a 01
 p15_validate
 p15_erase

--- a/src/tests/regression/init0008
+++ b/src/tests/regression/init0008
@ -7,7 +7,8 @@
 . functions

 p15_init --no-so-pin
-p15_store_key test.p12 --format pkcs12 --passphrase "password" --insecure
+p15_set_pin -a 01
+p15_store_key test.p12 --format pkcs12 --passphrase "password" -a 01
 p15_validate
 p15_erase

--- a/src/tests/regression/init0009
+++ b/src/tests/regression/init0009
@ -0,0 +1,30 @@
+#!/bin/bash
+#
+# Test pkcs15-init
+#
+# Run this from the regression test directory.
+
+. functions
+
+p15_init --no-so-pin
+p15_set_pin -a 01
+p15_gen_key rsa/1024 -a 01 --key-usage decrypt
+p15_exp_key key.pem
+
+msg "Encrypting message (pkcs1 padding)"
+echo lalla > $p15temp/message
+run_check_status openssl rsautl -encrypt \
+	-pubin -inkey $p15temp/key.pem \
+	-in $p15temp/message \
+	-out $p15temp/encrypted
+
+run_check_status $p15crypt --decipher --pkcs1 \
+	--input $p15temp/encrypted \
+	--output $p15temp/decrypted \
+	--pin 0000
+
+cmp $p15temp/message $p15temp/decrypted \
+	|| fail "Decrypted file does not match plain text file"
+success
+
+p15_erase
--- a/src/tests/regression/init0010
+++ b/src/tests/regression/init0010
@ -0,0 +1,35 @@
+#!/bin/bash
+#
+# Test pkcs15-init
+#
+# Run this from the regression test directory.
+
+. functions
+
+p15_init --no-so-pin
+p15_set_pin -a 01
+p15_gen_key rsa/1024 -a 01 --key-usage sign
+p15_exp_key key.pem
+
+echo lalla > $p15temp/message
+
+msg "Digesting the message"
+run_check_status openssl dgst -md5 \
+	-binary -out $p15temp/md5value \
+	$p15temp/message 
+
+msg "Signing message (with key)"
+run_check_status $p15crypt --sign --md5 --pkcs1 \
+	--input $p15temp/md5value \
+	--output $p15temp/signature \
+	--pin 0000
+
+msg "Verifying message (with software)"
+run_check_output "Verified OK" openssl dgst -md5 \
+	-verify $p15temp/key.pem  \
+	-signature $p15temp/signature \
+	$p15temp/message  
+
+success
+
+p15_erase
--- a/src/tests/regression/init0011
+++ b/src/tests/regression/init0011
@ -0,0 +1,35 @@
+#!/bin/bash
+#
+# Test pkcs15-init
+#
+# Run this from the regression test directory.
+
+. functions
+
+p15_init --no-so-pin
+p15_set_pin -a 01
+p15_gen_key rsa/1024 -a 01 --key-usage sign
+p15_exp_key key.pem
+
+echo lalla > $p15temp/message
+
+msg "Digesting the message"
+run_check_status openssl dgst -sha1 \
+	-binary -out $p15temp/sha1value \
+	$p15temp/message 
+
+msg "Signing message (with key)"
+run_check_status $p15crypt --sign --sha-1 --pkcs1 \
+	--input $p15temp/sha1value \
+	--output $p15temp/signature \
+	--pin 0000
+
+msg "Verifying message (with software)"
+run_check_output "Verified OK" openssl dgst -sha1 \
+	-verify $p15temp/key.pem  \
+	-signature $p15temp/signature \
+	$p15temp/message  
+
+success
+
+p15_erase