From 775d1205179677d837ebbacc0d1fc39b4100ac3c Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 6 Mar 2019 10:50:16 +0100
Subject: [PATCH] tests: Verify the ECDSA signatures work

---
 tests/common.sh                       |  7 +++---
 tests/test-pkcs11-tool-sign-verify.sh | 36 ++++++++++++++++++++++++---
 2 files changed, 36 insertions(+), 7 deletions(-)

diff --git a/tests/common.sh b/tests/common.sh
index e50eeb05..3146eb2a 100644
--- a/tests/common.sh
+++ b/tests/common.sh
@@ -53,14 +53,13 @@ function card_setup() {
 	# Generate 2048b RSA Key pair
 	generate_key "RSA:2048" "02" "RSA2048"
 	# Generate 256b ECC Key pair
-	# generate_key "EC:secp256r1" "03" "ECC_auth"
+	generate_key "EC:secp256r1" "03" "ECC_auth"
 	# Generate 521b ECC Key pair
-	# generate_key "EC:secp521r1" "04" "ECC521"
-	# TODO ECDSA keys tests
+	generate_key "EC:secp521r1" "04" "ECC521"
 }
 
 function card_cleanup() {
 	rm .softhsm2.conf
 	rm -rf ".tokens"
-	rm 0{1,2}.pub
+	rm 0{1,2,3,4}.pub
 }
diff --git a/tests/test-pkcs11-tool-sign-verify.sh b/tests/test-pkcs11-tool-sign-verify.sh
index e5098fda..299d2f4a 100755
--- a/tests/test-pkcs11-tool-sign-verify.sh
+++ b/tests/test-pkcs11-tool-sign-verify.sh
@@ -12,9 +12,8 @@ fi
 card_setup
 echo "data to sign (max 100 bytes)" > data
 
-
 echo "======================================================="
-echo "Test"
+echo "Test RSA keys"
 echo "======================================================="
 for HASH in "" "SHA1" "SHA224" "SHA256" "SHA384" "SHA512"; do
     for SIGN_KEY in "01" "02"; do
@@ -55,7 +54,7 @@ for HASH in "" "SHA1" "SHA224" "SHA256" "SHA384" "SHA512"; do
         echo "$METHOD: Sign & Verify (KEY $SIGN_KEY)"
         echo "======================================================="
         if [[ -z $HASH ]]; then
-            # hashing is done outside of the module. We chouse here SHA256
+            # hashing is done outside of the module. We choose here SHA256
             openssl dgst -binary -sha256 data > data.hash
             HASH_ALGORITM="--hash-algorithm=SHA256"
             VERIFY_DGEST="-sha256"
@@ -110,6 +109,37 @@ for HASH in "" "SHA1" "SHA224" "SHA256" "SHA384" "SHA512"; do
     done
 done
 
+echo "======================================================="
+echo "Test ECDSA keys"
+echo "======================================================="
+for SIGN_KEY in "03" "04"; do
+    METHOD="ECDSA"
+
+    echo
+    echo "======================================================="
+    echo "$METHOD: Sign & Verify (KEY $SIGN_KEY)"
+    echo "======================================================="
+    openssl dgst -binary -sha256 data > data.hash
+    $PKCS11_TOOL --id $SIGN_KEY -s -p $PIN -m $METHOD --module $P11LIB \
+        --input-file data.hash --output-file data.sig
+    assert $? "Failed to Sign data"
+    $PKCS11_TOOL --id $SIGN_KEY -s -p $PIN -m $METHOD --module $P11LIB \
+        --input-file data.hash --output-file data.sig.openssl \
+        --signature-format openssl
+    assert $? "Failed to Sign data into OpenSSL format"
+
+    # OpenSSL verification
+    openssl dgst -keyform PEM -verify $SIGN_KEY.pub -sha256 \
+               -signature data.sig.openssl data
+    assert $? "Failed to Verify signature using OpenSSL"
+
+    # pkcs11-tool verification
+    $PKCS11_TOOL --id $SIGN_KEY --verify -m $METHOD --module $P11LIB \
+           --input-file data.hash --signature-file data.sig
+    assert $? "Failed to Verify signature using pkcs11-tool"
+    rm data.sig{,.openssl} data.hash
+done
+
 echo "======================================================="
 echo "Cleanup"
 echo "======================================================="