tests: Verify the pkcs11-tool --test works
Note, that it does not work now until #1600 will get resolved. Then, move the test to TESTS in the Makefile.am
This commit is contained in:
parent
fd20ffe608
commit
8c99e5076a
|
@ -109,4 +109,7 @@ src/tests/pintest
|
|||
src/tests/prngtest
|
||||
src/tests/p11test/p11test
|
||||
|
||||
tests/*.log
|
||||
tests/*.trs
|
||||
|
||||
version.m4.ci
|
||||
|
|
|
@ -2,7 +2,12 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
|
|||
|
||||
dist_noinst_SCRIPTS = test-manpage.sh \
|
||||
test-fuzzing.sh \
|
||||
test-pkcs11-tool-test.sh \
|
||||
test-pkcs11-tool-sign-verify.sh
|
||||
|
||||
TESTS = test-manpage.sh \
|
||||
test-pkcs11-tool-sign-verify.sh
|
||||
TESTS = \
|
||||
test-manpage.sh \
|
||||
test-pkcs11-tool-sign-verify.sh \
|
||||
test-pkcs11-tool-test.sh
|
||||
XFAIL_TESTS = \
|
||||
test-pkcs11-tool-test.sh
|
||||
|
|
|
@ -0,0 +1,66 @@
|
|||
#!/bin/bash
|
||||
## from OpenSC/src/tests/p11test/runtest.sh
|
||||
|
||||
SOPIN="12345678"
|
||||
PIN="123456"
|
||||
PKCS11_TOOL="../src/tools/pkcs11-tool"
|
||||
P11LIB="/usr/lib64/pkcs11/libsofthsm2.so"
|
||||
|
||||
ERRORS=0
|
||||
function assert() {
|
||||
if [[ $1 != 0 ]]; then
|
||||
echo "====> ERROR: $2"
|
||||
ERRORS=1
|
||||
fi
|
||||
}
|
||||
|
||||
function generate_key() {
|
||||
TYPE="$1"
|
||||
ID="$2"
|
||||
LABEL="$3"
|
||||
|
||||
# Generate key pair
|
||||
$PKCS11_TOOL --keypairgen --key-type="$TYPE" --login --pin=$PIN \
|
||||
--module="$P11LIB" --label="$LABEL" --id=$ID
|
||||
|
||||
if [[ "$?" -ne "0" ]]; then
|
||||
echo "Couldn't generate $TYPE key pair"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Extract public key from the card
|
||||
$PKCS11_TOOL --read-object --id $ID --type pubkey --output-file $ID.der \
|
||||
--module="$P11LIB"
|
||||
|
||||
# convert it to more digestible PEM format
|
||||
if [[ ${TYPE:0:3} == "RSA" ]]; then
|
||||
openssl rsa -inform DER -outform PEM -in $ID.der -pubin > $ID.pub
|
||||
else
|
||||
openssl ec -inform DER -outform PEM -in $ID.der -pubin > $ID.pub
|
||||
fi
|
||||
rm $ID.der
|
||||
}
|
||||
|
||||
function card_setup() {
|
||||
echo "directories.tokendir = .tokens/" > .softhsm2.conf
|
||||
mkdir ".tokens"
|
||||
export SOFTHSM2_CONF=".softhsm2.conf"
|
||||
# Init token
|
||||
softhsm2-util --init-token --slot 0 --label "SC test" --so-pin="$SOPIN" --pin="$PIN"
|
||||
|
||||
# Generate 1024b RSA Key pair
|
||||
generate_key "RSA:1024" "01" "RSA_auth"
|
||||
# Generate 2048b RSA Key pair
|
||||
generate_key "RSA:2048" "02" "RSA2048"
|
||||
# Generate 256b ECC Key pair
|
||||
# generate_key "EC:secp256r1" "03" "ECC_auth"
|
||||
# Generate 521b ECC Key pair
|
||||
# generate_key "EC:secp521r1" "04" "ECC521"
|
||||
# TODO ECDSA keys tests
|
||||
}
|
||||
|
||||
function card_cleanup() {
|
||||
rm .softhsm2.conf
|
||||
rm -rf ".tokens"
|
||||
rm 0{1,2}.pub
|
||||
}
|
|
@ -1,67 +1,6 @@
|
|||
## from OpenSC/src/tests/p11test/runtest.sh
|
||||
SOPIN="12345678"
|
||||
PIN="123456"
|
||||
PKCS11_TOOL="../src/tools/pkcs11-tool"
|
||||
P11LIB="/usr/lib64/pkcs11/libsofthsm2.so"
|
||||
#!/bin/bash
|
||||
|
||||
ERRORS=0
|
||||
function assert() {
|
||||
if [[ $1 != 0 ]]; then
|
||||
echo "====> ERROR: $2"
|
||||
ERRORS=1
|
||||
fi
|
||||
}
|
||||
|
||||
function generate_key() {
|
||||
TYPE="$1"
|
||||
ID="$2"
|
||||
LABEL="$3"
|
||||
|
||||
# Generate key pair
|
||||
$PKCS11_TOOL --keypairgen --key-type="$TYPE" --login --pin=$PIN \
|
||||
--module="$P11LIB" --label="$LABEL" --id=$ID
|
||||
|
||||
if [[ "$?" -ne "0" ]]; then
|
||||
echo "Couldn't generate $TYPE key pair"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Extract public key from the card
|
||||
$PKCS11_TOOL --read-object --id $ID --type pubkey --output-file $ID.der \
|
||||
--module="$P11LIB"
|
||||
|
||||
# convert it to more digestible PEM format
|
||||
if [[ ${TYPE:0:3} == "RSA" ]]; then
|
||||
openssl rsa -inform DER -outform PEM -in $ID.der -pubin > $ID.pub
|
||||
else
|
||||
openssl ec -inform DER -outform PEM -in $ID.der -pubin > $ID.pub
|
||||
fi
|
||||
rm $ID.der
|
||||
}
|
||||
|
||||
function card_setup() {
|
||||
echo "directories.tokendir = .tokens/" > .softhsm2.conf
|
||||
mkdir ".tokens"
|
||||
export SOFTHSM2_CONF=".softhsm2.conf"
|
||||
# Init token
|
||||
softhsm2-util --init-token --slot 0 --label "SC test" --so-pin="$SOPIN" --pin="$PIN"
|
||||
|
||||
# Generate 1024b RSA Key pair
|
||||
generate_key "RSA:1024" "01" "RSA_auth"
|
||||
# Generate 2048b RSA Key pair
|
||||
generate_key "RSA:2048" "02" "RSA2048"
|
||||
# Generate 256b ECC Key pair
|
||||
# generate_key "EC:secp256r1" "03" "ECC_auth"
|
||||
# Generate 521b ECC Key pair
|
||||
# generate_key "EC:secp521r1" "04" "ECC521"
|
||||
# TODO ECDSA keys tests
|
||||
}
|
||||
|
||||
function card_cleanup() {
|
||||
rm .softhsm2.conf
|
||||
rm -rf ".tokens"
|
||||
rm 0{1,2}.pub
|
||||
}
|
||||
source common.sh
|
||||
|
||||
echo "======================================================="
|
||||
echo "Setup SoftHSM"
|
||||
|
@ -73,6 +12,10 @@ fi
|
|||
card_setup
|
||||
echo "data to sign (max 100 bytes)" > data
|
||||
|
||||
|
||||
echo "======================================================="
|
||||
echo "Test"
|
||||
echo "======================================================="
|
||||
for HASH in "" "SHA1" "SHA224" "SHA256" "SHA384" "SHA512"; do
|
||||
for SIGN_KEY in "01" "02"; do
|
||||
METHOD="RSA-PKCS"
|
||||
|
@ -172,4 +115,6 @@ echo "Cleanup"
|
|||
echo "======================================================="
|
||||
card_cleanup
|
||||
|
||||
rm data
|
||||
|
||||
exit $ERRORS
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
#!/bin/bash
|
||||
|
||||
source common.sh
|
||||
|
||||
echo "======================================================="
|
||||
echo "Setup SoftHSM"
|
||||
echo "======================================================="
|
||||
if [[ ! -f $P11LIB ]]; then
|
||||
echo "WARNINIG: The SoftHSM is not installed. Can not run this test"
|
||||
exit 77;
|
||||
fi
|
||||
card_setup
|
||||
|
||||
echo "======================================================="
|
||||
echo "Test"
|
||||
echo "======================================================="
|
||||
$PKCS11_TOOL --test -p $PIN --module $P11LIB
|
||||
assert $? "Failed running tests"
|
||||
|
||||
echo "======================================================="
|
||||
echo "Cleanup"
|
||||
echo "======================================================="
|
||||
card_cleanup
|
||||
|
||||
exit $ERRORS
|
Loading…
Reference in New Issue