From e396ff5c95a8c8566da52d788f8422ad912bb664 Mon Sep 17 00:00:00 2001
From: okir <okir@c6295689-39f2-0310-b995-f0e70906c6a9>
Date: Thu, 15 May 2003 15:30:34 +0000
Subject: [PATCH] - more tests

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1129 c6295689-39f2-0310-b995-f0e70906c6a9
---
 src/tests/regression/README    |  43 ++++++++++++
 src/tests/regression/functions | 115 +++++++++++++++++++++++++++++++--
 src/tests/regression/init0001  |  86 ++----------------------
 src/tests/regression/init0002  |  14 ++++
 src/tests/regression/init0003  |  13 ++++
 src/tests/regression/init0004  |  13 ++++
 src/tests/regression/init0005  |  13 ++++
 src/tests/regression/init0006  |  20 ++++++
 src/tests/regression/init0007  |  18 ++++++
 9 files changed, 250 insertions(+), 85 deletions(-)
 create mode 100755 src/tests/regression/init0002
 create mode 100755 src/tests/regression/init0003
 create mode 100755 src/tests/regression/init0004
 create mode 100755 src/tests/regression/init0005
 create mode 100755 src/tests/regression/init0006
 create mode 100755 src/tests/regression/init0007

diff --git a/src/tests/regression/README b/src/tests/regression/README
index 18bcc277..339c125a 100644
--- a/src/tests/regression/README
+++ b/src/tests/regression/README
@@ -5,3 +5,46 @@ work in progress, hopefully we will add more scripts by and by.
 
 Run the test scripts from this directory. You need to have
 OpenSC fully built in order for them to do anything useful.
+
+All test scripts accept the following set of arguments
+
+ --use-default-transport-keys
+	if your card requires a transport key in pkcs15-init (for
+	instance, the GPK and Cryptoflex do), and the default transport
+	key as determined by OpenSC works fine.  [If it doesn't please
+	get in contact with us!]
+
+ --split-key
+	For CardOS/M4 - when creating or installing a key intended for
+	both signing and decryption, pkcs15-init must install a the same
+	key twice, with different usage labels: one for each usage. This
+	is called a "split key".
+
+ --reader N
+ 	Use the specified reader
+
+
+ *** ATTENTION ***
+
+Some cards require that you present one or several PINs when erasing
+them. That is because these cards to not support a native mechanism
+for erasing the card. In this case, OpenSC will perform a recursive
+removal of files, pretty much like a "rm -rf" in Unix.
+
+As some of these files are PIN protected against deletion, we have
+to present the PIN before being allowed to do so. For this reason,
+the tests may ask you for various PINs.
+
+When asking for the SO PIN, the prompt will always refer to the
+"Security Officer PIN". Any other prompts (Test User PIN, etc)
+refer to the user PIN.
+
+All tests use the same PINs:
+
+	999999		as the SO PIN, if one is used
+	888888		as the SO PUK, if one is used
+	0000		as the user PIN, if one is used
+	111111		as the user PUK, if one is used
+
+Some tests will install more than one user PIN, but they will
+all have the same value.
diff --git a/src/tests/regression/functions b/src/tests/regression/functions
index c5cfbfbb..51ec1af4 100755
--- a/src/tests/regression/functions
+++ b/src/tests/regression/functions
@@ -27,12 +27,20 @@ if [ -z "$__p15init__" ]; then
 	# Eat any arguments given on the command line
 	while [ $# -ne 0 ]; do
 		case $1 in
-		--use-default-transport-key|--split-key)
+		--*)	var=`expr "$1" : '--\(.*\)'|tr - _`
+			eval opt_$var=true;;
+		esac
+
+		case $1 in
+		--use-default-transport-keys|\
+		--split-key|\
+		--no-prompt)
 			p15init="$p15init $1";;
 		--reader)
 			P15_READER=$2
 			shift;;
-		*)	fatal "Unexpected option $1";;
+		*)	echo "Unexpected option $1" >&2
+			exit 1;;
 		esac
 		shift
 	done
@@ -125,7 +133,8 @@ function run_display_output {
 
 function run_check_status {
 
-	echo ":::::: run_check_status $*"
+	echo ":::::: run_check_status $*" >&3
+	cp /dev/null $p15log
 	"$@" || fail "Command failed (status code $?): $*"
 }
 
@@ -134,7 +143,8 @@ function run_check_output {
 	msg=$1
 	shift
 
-	echo ":::::: run_check_output \"$1\" $*"
+	echo ":::::: run_check_output \"$1\" $*" >&3
+	cp /dev/null $p15log
 	out=`eval "$@" 2>&1`
 
 	# Make sure output makes it to log file
@@ -145,3 +155,100 @@ function run_check_output {
 	*)	fail "Command failed (expected $msg): $*";;
 	esac
 }
+
+##################################################################
+#
+# Common pkcs15 functions
+#
+##################################################################
+function p15_init {
+
+	msg <<-EOF
+	:::
+	::: Testing pkcs15-init
+	:::
+	::: The PINs used by this test script (if applicable) are
+	:::   Test SO PIN	abcdef
+	:::   Test User PIN	0000
+	:::
+EOF
+
+	msg <<-EOF
+	:::
+	::: The following test will erase your card, if possible,
+	::: and create a new pkcs15 structure on it.
+	:::
+EOF
+
+	if [ -z $opt_no_prompt ] &&
+	  ! yesno "Erase and re-initialize card?"; then
+		msg "Aborting test"
+		exit 0
+	fi
+
+	msg "Initializing card ($*)"
+	run_display_output $p15init -EC \
+			--label "OpenSC Test Card" \
+			--serial DEADBEEF \
+			$* >&3 >&4
+	success
+}
+
+function p15_erase {
+
+	msg "Erasing card ($*)"
+	run_display_output $p15init --erase
+			"$@" >&3 >&4
+	success
+}
+
+function p15_set_pin {
+
+	msg "Setting user PIN ($*)"
+	run_display_output $p15init -P \
+		--label "Test User PIN" \
+		--pin "0000" --puk "111111" \
+		"$@"
+	success
+
+}
+
+function p15_gen_key {
+
+	type=$1
+	shift
+
+	msg "Generating key ($*)"
+	run_display_output $p15init -G $type \
+		--split-key \
+		--pin 0000 \
+		--id 45 \
+		--label "Test User Key" \
+		"$@"
+	success
+}
+
+function p15_store_key {
+
+	keyfile=$1
+	shift
+
+	msg "Storing private key $keyfile ($*)"
+	run_display_output $p15init -S $keyfile \
+		--split-key \
+		--pin 0000 \
+		--id 45 \
+		--label "Test User Key" \
+		"$@"
+	success
+}
+
+function p15_validate {
+
+	msg "Validating card using pkcs11-tool"
+	yes x |
+	run_display_output $p11tool -t --pin 0000 \
+		--slot-label "OpenSC Test Card" $*
+	success
+}
+
diff --git a/src/tests/regression/init0001 b/src/tests/regression/init0001
index 134360ad..08ec456b 100755
--- a/src/tests/regression/init0001
+++ b/src/tests/regression/init0001
@@ -6,85 +6,9 @@
 
 . functions
 
-case $p15init in
-*" --use-default-transport-keys")
-	ask_key_question=false;;
-*)	ask_key_question=true;;
-esac
-
-msg <<EOF
-:::
-::: Testing pkcs15-init
-:::
-::: Warning - this test assumes that the transport keys
-::: guessed by OpenSC (e.g. for the GPK, and the Cryptoflex)
-::: are correct. If OpenSC guesses wrong, you may find the
-::: card locked forever.
-:::
-EOF
-
-msg <<EOF
-:::
-::: The following test will erase your card, if possible,
-::: and create a new pkcs15 structure on it.
-:::
-EOF
-
-if ! yesno "Erase and re-initialize card?"; then
-	msg "Aborting test"
-	exit 0
-fi
-
-run_display_output $p15init -EC --no-so-pin \
-		--label "OpenSC Test Card" \
-		--serial DEADBEEF >&3 >&4
-success
-
-if $ask_key_question; then
-	msg <<-EOF
-	:::
-	::: If the above command asked you for a transport key
-	::: (this should happen e.g. with Gemplus GPK cards and
-	::: Schlumberger Cryptoflex cards), and the default key
-	::: presented to you was correct, I can invoke pkcs15-init
-	::: with the --use-default-transport-key option, which will
-	::: make it use the default key, and skip this question.
-	:::
-EOF
-
-	if yesno "Should I always use the default transport key?"; then
-		p15init="$p15init --use-default-transport-key"
-	fi
-fi
-
-msg <<EOF
-:::
-::: Setting user PIN and PUK
-:::
-EOF
-run_display_output $p15init -Pa 01 \
-	--label "Test User PIN" \
-	--pin "0000" --puk "111111"
-success
-
-msg <<EOF
-:::
-::: Generating key
-:::
-EOF
-run_display_output $p15init -G rsa/1024 -a 01 \
-	--key-usage sign,decrypt \
-	--pin 0000 \
-	--id 45 \
-	--label "Test User Key"
-success
-
-msg <<EOF
-:::
-::: Using pkcs11-tool to validate card
-:::
-EOF
-yes x |
-run_display_output $p11tool --pin 0000 -t --slot-label "OpenSC Test Card"
-success
+p15_init --no-so-pin
+p15_set_pin -a 01
+p15_gen_key rsa/1024 -a 01 --key-usage sign,decrypt
+p15_validate
+p15_erase
 
diff --git a/src/tests/regression/init0002 b/src/tests/regression/init0002
new file mode 100755
index 00000000..d0bef03a
--- /dev/null
+++ b/src/tests/regression/init0002
@@ -0,0 +1,14 @@
+#!/bin/bash
+#
+# Test pkcs15-init
+#
+# Run this from the regression test directory.
+
+. functions
+
+p15_init --so-pin 999999 --so-puk 88888888
+p15_set_pin -a 27 --so-pin 999999 
+p15_gen_key rsa/1024 -a 27 --so-pin 999999  --key-usage sign,decrypt
+p15_validate
+p15_erase
+
diff --git a/src/tests/regression/init0003 b/src/tests/regression/init0003
new file mode 100755
index 00000000..87ab4329
--- /dev/null
+++ b/src/tests/regression/init0003
@@ -0,0 +1,13 @@
+#!/bin/bash
+#
+# Test pkcs15-init
+#
+# Run this from the regression test directory.
+
+. functions
+
+p15_init --no-so-pin
+p15_gen_key rsa/1024 --key-usage decrypt --insecure
+p15_validate
+p15_erase
+
diff --git a/src/tests/regression/init0004 b/src/tests/regression/init0004
new file mode 100755
index 00000000..8d82d463
--- /dev/null
+++ b/src/tests/regression/init0004
@@ -0,0 +1,13 @@
+#!/bin/bash
+#
+# Test pkcs15-init
+#
+# Run this from the regression test directory.
+
+. functions
+
+p15_init --no-so-pin
+p15_gen_key rsa/1024 --insecure --key-usage sign
+p15_validate
+#p15_erase
+
diff --git a/src/tests/regression/init0005 b/src/tests/regression/init0005
new file mode 100755
index 00000000..8a400d37
--- /dev/null
+++ b/src/tests/regression/init0005
@@ -0,0 +1,13 @@
+#!/bin/bash
+#
+# Test pkcs15-init
+#
+# Run this from the regression test directory.
+
+. functions
+
+p15_init --no-so-pin
+p15_gen_key rsa/512 --insecure --key-usage sign,decrypt
+p15_validate
+p15_erase
+
diff --git a/src/tests/regression/init0006 b/src/tests/regression/init0006
new file mode 100755
index 00000000..b9e4e0a8
--- /dev/null
+++ b/src/tests/regression/init0006
@@ -0,0 +1,20 @@
+#!/bin/bash
+#
+# Test pkcs15-init
+#
+# Run this from the regression test directory.
+
+. functions
+
+k=$p15temp/private.pem
+
+p15_init --no-so-pin
+
+msg "Generating key with OpenSSL"
+run_check_status openssl genrsa -out $k -f4 1024
+success
+
+p15_store_key $k --insecure
+p15_validate
+p15_erase
+
diff --git a/src/tests/regression/init0007 b/src/tests/regression/init0007
new file mode 100755
index 00000000..b8123c6f
--- /dev/null
+++ b/src/tests/regression/init0007
@@ -0,0 +1,18 @@
+#!/bin/bash
+#
+# Test pkcs15-init
+#
+# Run this from the regression test directory.
+
+. functions
+
+p15_init --no-so-pin
+p15_set_pin -a 01
+p15_set_pin -a 02 --label "User Signature PIN"
+p15_gen_key rsa/512 -a 01 --key-usage sign,decrypt
+p15_gen_key rsa/512 -a 02 --key-usage nonRepudiation \
+		--id feeb \
+		--label "Non-Repudiation Key"
+p15_validate
+p15_erase
+