mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-17 09:28:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Added backup and restore tests (pkcs11 wrap/unwrap).

Browse source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2023-10-11 21:12:06 +02:00
parent 1950b03d35
commit 1bf0d6337b
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
2 changed files with 67 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
tests/scripts/backup.sh Executable file
View file

@ -0,0 +1,59 @@
#!/bin/bash
source ./tests/scripts/func.sh
reset
test $? -eq 0 || exit $?
sc_backup() {
for i in $(seq 1 $1); do
sc-hsm-tool --create-dkek-share dkek.${i}.pbe --password testpw > /dev/null 2>&1
test $? -eq 0 && echo -n "." || exit $?
done
sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 648219 --dkek-shares $1 > /dev/null 2>&1
test $? -eq 0 && echo -n "." || exit $?
pkcs11-tool -l --pin 648219 -I > /dev/null 2>&1
test $? -eq 0 && echo -n "." || exit $?
for i in $(seq 1 $1); do
e=$(sc-hsm-tool --pin 648219 --import-dkek-share dkek.${i}.pbe --password testpw 2>&1)
test $? -eq 0 && echo -n "." || exit $?
grep -q "DKEK share imported" <<< $e && echo -n "." || exit $?
grep -q "DKEK shares : $1" <<< $e && echo -n "." || exit $?
if [[ $i -lt $1 ]]; then
grep -q "DKEK import pending, $(( $1 - $i ))" <<< $e && echo -n "." || exit $?
fi
done
}
echo -n " Test single DKEK..."
sc_backup 1
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
: '
echo -n " Test multiple DKEK..."
sc_backup 3
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
rm -rf dkek.*.pbe
'
echo " Test backup and restore"
algs=("rsa:1024" "rsa:2048" "ec:secp192r1" "ec:secp256r1" "ec:secp384r1" "ec:secp521r1" "ec:brainpoolP256r1" "ec:brainpoolP384r1" "ec:brainpoolP512r1" "ec:secp192k1" "ec:secp256k1")
for alg in ${algs[*]}; do
echo -n " Keygen ${alg}..."
gen_and_check ${alg}
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
echo -n " Wrap key..."
sc-hsm-tool --wrap-key wrap-key.bin --key-reference 1 --pin 648219 > /dev/null 2>&1
test $? -eq 0 && echo -n "." || exit $?
e=$(pkcs15-tool -D 2>&1)
grep -q "Key ref : 10" <<< $e && exit $? || echo -e ".\t${OK}"
echo -n " Unwrap key..."
sc-hsm-tool --unwrap-key wrap-key.bin --key-reference 10 --pin 648219 --force > /dev/null 2>&1
test $? -eq 0 && echo -n "." || exit $?
e=$(pkcs15-tool -D 2>&1)
grep -q "Key ref : 10" <<< $e && echo -e ".\t${OK}" || exit $?
echo -n " Cleaning..."
pkcs11-tool -l --pin 648219 --delete-object --type privkey --id 1 > /dev/null 2>&1
test $? -eq 0 && echo -n "." || exit $?
pkcs11-tool -l --pin 648219 --delete-object --type privkey --id 1 > /dev/null 2>&1
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
done

7
tests/scripts/pkcs11.sh
View file

@ -49,3 +49,10 @@ test $? -eq 0 || {
echo -e "\t${FAIL}" echo -e "\t${FAIL}"
exit 1 exit 1
} }
echo "==== Test backup and restore ===="
./tests/scripts/backup.sh
test $? -eq 0 || {
echo -e "\t${FAIL}"
exit 1
}