#!/bin/bash
#
# This test checks various aspects of RSA decryption
#
# It will blank the card, create an RSA key and test it
#
# Run this from the regression test directory.

. functions

msg <<EOF
:::
::: Testing on-card signature facilities
:::
::: This test will blank the card, download an RSA key pair
::: and verify it works.
:::
EOF

k=$p15temp/private.pem
m=$p15temp/message
d=$p15temp/digest
s=$p15temp/signed
p=$p15temp/public.pem

msg "Generating key pair off the card"
run_check_status openssl genrsa -out $k -f4 512
run_check_status openssl rsa -in $k -out $p -pubout

p15_init --no-so-pin
p15_set_pin -a 01
p15_store_key $k -a 01

# Set up message file
echo lalla > $m

msg "Signing and verifying using MD5"
run_check_status openssl dgst -md5 -binary -out $d < $m
p15_crypt -s --md5 --pkcs1 -i $d -o $s
run_check_output "Verified OK" \
	openssl dgst -verify $p -md5 -signature $s < $m
success

msg "Signing and verifying using SHA1"
run_check_status openssl dgst -sha1 -binary -out $d < $m
p15_crypt -s --sha-1 --pkcs1 -i $d -o $s
run_check_output "Verified OK" \
	openssl dgst -verify $p -sha1 -signature $s < $m
success

p15_erase --secret @01=0000