From 8c99e5076a829af618d0cb7ebb2b0b80e51831e1 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Fri, 1 Feb 2019 19:48:34 +0100 Subject: [PATCH] tests: Verify the pkcs11-tool --test works Note, that it does not work now until #1600 will get resolved. Then, move the test to TESTS in the Makefile.am --- .gitignore | 3 ++ tests/Makefile.am | 9 +++- tests/common.sh | 66 +++++++++++++++++++++++++ tests/test-pkcs11-tool-sign-verify.sh | 71 +++------------------------ tests/test-pkcs11-tool-test.sh | 25 ++++++++++ 5 files changed, 109 insertions(+), 65 deletions(-) create mode 100644 tests/common.sh create mode 100755 tests/test-pkcs11-tool-test.sh diff --git a/.gitignore b/.gitignore index d8d2bdf0..551c98d6 100644 --- a/.gitignore +++ b/.gitignore @@ -109,4 +109,7 @@ src/tests/pintest src/tests/prngtest src/tests/p11test/p11test +tests/*.log +tests/*.trs + version.m4.ci diff --git a/tests/Makefile.am b/tests/Makefile.am index 66323e9d..b319986e 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -2,7 +2,12 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in dist_noinst_SCRIPTS = test-manpage.sh \ test-fuzzing.sh \ + test-pkcs11-tool-test.sh \ test-pkcs11-tool-sign-verify.sh -TESTS = test-manpage.sh \ - test-pkcs11-tool-sign-verify.sh +TESTS = \ + test-manpage.sh \ + test-pkcs11-tool-sign-verify.sh \ + test-pkcs11-tool-test.sh +XFAIL_TESTS = \ + test-pkcs11-tool-test.sh diff --git a/tests/common.sh b/tests/common.sh new file mode 100644 index 00000000..e50eeb05 --- /dev/null +++ b/tests/common.sh @@ -0,0 +1,66 @@ +#!/bin/bash +## from OpenSC/src/tests/p11test/runtest.sh + +SOPIN="12345678" +PIN="123456" +PKCS11_TOOL="../src/tools/pkcs11-tool" +P11LIB="/usr/lib64/pkcs11/libsofthsm2.so" + +ERRORS=0 +function assert() { + if [[ $1 != 0 ]]; then + echo "====> ERROR: $2" + ERRORS=1 + fi +} + +function generate_key() { + TYPE="$1" + ID="$2" + LABEL="$3" + + # Generate key pair + $PKCS11_TOOL --keypairgen --key-type="$TYPE" --login --pin=$PIN \ + --module="$P11LIB" --label="$LABEL" --id=$ID + + if [[ "$?" -ne "0" ]]; then + echo "Couldn't generate $TYPE key pair" + return 1 + fi + + # Extract public key from the card + $PKCS11_TOOL --read-object --id $ID --type pubkey --output-file $ID.der \ + --module="$P11LIB" + + # convert it to more digestible PEM format + if [[ ${TYPE:0:3} == "RSA" ]]; then + openssl rsa -inform DER -outform PEM -in $ID.der -pubin > $ID.pub + else + openssl ec -inform DER -outform PEM -in $ID.der -pubin > $ID.pub + fi + rm $ID.der +} + +function card_setup() { + echo "directories.tokendir = .tokens/" > .softhsm2.conf + mkdir ".tokens" + export SOFTHSM2_CONF=".softhsm2.conf" + # Init token + softhsm2-util --init-token --slot 0 --label "SC test" --so-pin="$SOPIN" --pin="$PIN" + + # Generate 1024b RSA Key pair + generate_key "RSA:1024" "01" "RSA_auth" + # Generate 2048b RSA Key pair + generate_key "RSA:2048" "02" "RSA2048" + # Generate 256b ECC Key pair + # generate_key "EC:secp256r1" "03" "ECC_auth" + # Generate 521b ECC Key pair + # generate_key "EC:secp521r1" "04" "ECC521" + # TODO ECDSA keys tests +} + +function card_cleanup() { + rm .softhsm2.conf + rm -rf ".tokens" + rm 0{1,2}.pub +} diff --git a/tests/test-pkcs11-tool-sign-verify.sh b/tests/test-pkcs11-tool-sign-verify.sh index a0b5bc52..e5098fda 100755 --- a/tests/test-pkcs11-tool-sign-verify.sh +++ b/tests/test-pkcs11-tool-sign-verify.sh @@ -1,67 +1,6 @@ -## from OpenSC/src/tests/p11test/runtest.sh -SOPIN="12345678" -PIN="123456" -PKCS11_TOOL="../src/tools/pkcs11-tool" -P11LIB="/usr/lib64/pkcs11/libsofthsm2.so" +#!/bin/bash -ERRORS=0 -function assert() { - if [[ $1 != 0 ]]; then - echo "====> ERROR: $2" - ERRORS=1 - fi -} - -function generate_key() { - TYPE="$1" - ID="$2" - LABEL="$3" - - # Generate key pair - $PKCS11_TOOL --keypairgen --key-type="$TYPE" --login --pin=$PIN \ - --module="$P11LIB" --label="$LABEL" --id=$ID - - if [[ "$?" -ne "0" ]]; then - echo "Couldn't generate $TYPE key pair" - return 1 - fi - - # Extract public key from the card - $PKCS11_TOOL --read-object --id $ID --type pubkey --output-file $ID.der \ - --module="$P11LIB" - - # convert it to more digestible PEM format - if [[ ${TYPE:0:3} == "RSA" ]]; then - openssl rsa -inform DER -outform PEM -in $ID.der -pubin > $ID.pub - else - openssl ec -inform DER -outform PEM -in $ID.der -pubin > $ID.pub - fi - rm $ID.der -} - -function card_setup() { - echo "directories.tokendir = .tokens/" > .softhsm2.conf - mkdir ".tokens" - export SOFTHSM2_CONF=".softhsm2.conf" - # Init token - softhsm2-util --init-token --slot 0 --label "SC test" --so-pin="$SOPIN" --pin="$PIN" - - # Generate 1024b RSA Key pair - generate_key "RSA:1024" "01" "RSA_auth" - # Generate 2048b RSA Key pair - generate_key "RSA:2048" "02" "RSA2048" - # Generate 256b ECC Key pair - # generate_key "EC:secp256r1" "03" "ECC_auth" - # Generate 521b ECC Key pair - # generate_key "EC:secp521r1" "04" "ECC521" - # TODO ECDSA keys tests -} - -function card_cleanup() { - rm .softhsm2.conf - rm -rf ".tokens" - rm 0{1,2}.pub -} +source common.sh echo "=======================================================" echo "Setup SoftHSM" @@ -73,6 +12,10 @@ fi card_setup echo "data to sign (max 100 bytes)" > data + +echo "=======================================================" +echo "Test" +echo "=======================================================" for HASH in "" "SHA1" "SHA224" "SHA256" "SHA384" "SHA512"; do for SIGN_KEY in "01" "02"; do METHOD="RSA-PKCS" @@ -172,4 +115,6 @@ echo "Cleanup" echo "=======================================================" card_cleanup +rm data + exit $ERRORS diff --git a/tests/test-pkcs11-tool-test.sh b/tests/test-pkcs11-tool-test.sh new file mode 100755 index 00000000..512fdb00 --- /dev/null +++ b/tests/test-pkcs11-tool-test.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +source common.sh + +echo "=======================================================" +echo "Setup SoftHSM" +echo "=======================================================" +if [[ ! -f $P11LIB ]]; then + echo "WARNINIG: The SoftHSM is not installed. Can not run this test" + exit 77; +fi +card_setup + +echo "=======================================================" +echo "Test" +echo "=======================================================" +$PKCS11_TOOL --test -p $PIN --module $P11LIB +assert $? "Failed running tests" + +echo "=======================================================" +echo "Cleanup" +echo "=======================================================" +card_cleanup + +exit $ERRORS