tests: Verify the ECDSA signatures work
This commit is contained in:
Jakub Jelen
Frank Morgner
parent
8c99e5076a
commit
775d120517
|
|
@ -53,14 +53,13 @@ function card_setup() {
|
|||
# Generate 2048b RSA Key pair
|
||||
generate_key "RSA:2048" "02" "RSA2048"
|
||||
# Generate 256b ECC Key pair
|
||||
# generate_key "EC:secp256r1" "03" "ECC_auth"
|
||||
generate_key "EC:secp256r1" "03" "ECC_auth"
|
||||
# Generate 521b ECC Key pair
|
||||
# generate_key "EC:secp521r1" "04" "ECC521"
|
||||
# TODO ECDSA keys tests
|
||||
generate_key "EC:secp521r1" "04" "ECC521"
|
||||
}
|
||||
|
||||
function card_cleanup() {
|
||||
rm .softhsm2.conf
|
||||
rm -rf ".tokens"
|
||||
rm 0{1,2}.pub
|
||||
rm 0{1,2,3,4}.pub
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,9 +12,8 @@ fi
|
|||
card_setup
|
||||
echo "data to sign (max 100 bytes)" > data
|
||||
|
||||
|
||||
echo "======================================================="
|
||||
echo "Test"
|
||||
echo "Test RSA keys"
|
||||
echo "======================================================="
|
||||
for HASH in "" "SHA1" "SHA224" "SHA256" "SHA384" "SHA512"; do
|
||||
for SIGN_KEY in "01" "02"; do
|
||||
|
|
@ -55,7 +54,7 @@ for HASH in "" "SHA1" "SHA224" "SHA256" "SHA384" "SHA512"; do
|
|||
echo "$METHOD: Sign & Verify (KEY $SIGN_KEY)"
|
||||
echo "======================================================="
|
||||
if [[ -z $HASH ]]; then
|
||||
# hashing is done outside of the module. We chouse here SHA256
|
||||
# hashing is done outside of the module. We choose here SHA256
|
||||
openssl dgst -binary -sha256 data > data.hash
|
||||
HASH_ALGORITM="--hash-algorithm=SHA256"
|
||||
VERIFY_DGEST="-sha256"
|
||||
|
|
@ -110,6 +109,37 @@ for HASH in "" "SHA1" "SHA224" "SHA256" "SHA384" "SHA512"; do
|
|||
done
|
||||
done
|
||||
|
||||
echo "======================================================="
|
||||
echo "Test ECDSA keys"
|
||||
echo "======================================================="
|
||||
for SIGN_KEY in "03" "04"; do
|
||||
METHOD="ECDSA"
|
||||
|
||||
echo
|
||||
echo "======================================================="
|
||||
echo "$METHOD: Sign & Verify (KEY $SIGN_KEY)"
|
||||
echo "======================================================="
|
||||
openssl dgst -binary -sha256 data > data.hash
|
||||
$PKCS11_TOOL --id $SIGN_KEY -s -p $PIN -m $METHOD --module $P11LIB \
|
||||
--input-file data.hash --output-file data.sig
|
||||
assert $? "Failed to Sign data"
|
||||
$PKCS11_TOOL --id $SIGN_KEY -s -p $PIN -m $METHOD --module $P11LIB \
|
||||
--input-file data.hash --output-file data.sig.openssl \
|
||||
--signature-format openssl
|
||||
assert $? "Failed to Sign data into OpenSSL format"
|
||||
|
||||
# OpenSSL verification
|
||||
openssl dgst -keyform PEM -verify $SIGN_KEY.pub -sha256 \
|
||||
-signature data.sig.openssl data
|
||||
assert $? "Failed to Verify signature using OpenSSL"
|
||||
|
||||
# pkcs11-tool verification
|
||||
$PKCS11_TOOL --id $SIGN_KEY --verify -m $METHOD --module $P11LIB \
|
||||
--input-file data.hash --signature-file data.sig
|
||||
assert $? "Failed to Verify signature using pkcs11-tool"
|
||||
rm data.sig{,.openssl} data.hash
|
||||
done
|
||||
|
||||
echo "======================================================="
|
||||
echo "Cleanup"
|
||||
echo "======================================================="
|
||||
|
|
|
|||
Loading…
Reference in New Issue