From 37421d9aadca79a8530bd3b2819b4e78acb0f717 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 26 Sep 2023 20:09:43 +0200 Subject: [PATCH] Added pkcs11 keygen test script. Signed-off-by: Pol Henarejos --- tests/scripts/initialize.sh | 46 ++++++++++++++++++------------------- tests/scripts/keygen.sh | 23 +++++++++++++++++++ tests/scripts/pkcs11.sh | 9 ++++++++ tests/scripts/reset.sh | 4 ++++ tests/start-up-and-test.sh | 5 ++-- 5 files changed, 61 insertions(+), 26 deletions(-) create mode 100644 tests/scripts/keygen.sh create mode 100644 tests/scripts/pkcs11.sh create mode 100644 tests/scripts/reset.sh diff --git a/tests/scripts/initialize.sh b/tests/scripts/initialize.sh index 8fceb2a..9db8bae 100755 --- a/tests/scripts/initialize.sh +++ b/tests/scripts/initialize.sh @@ -1,44 +1,44 @@ #!/bin/bash -python3 tools/pico-hsm-tool.py --pin 648219 initialize --so-pin 57621880 --silent +./tests/scripts/reset.sh > /dev/null 2>&1 test $? -eq 0 || exit $? # Change SO-PIN -pkcs11-tool --login --login-type so --so-pin 3537363231383830 --change-pin --new-pin 0123456789012345 -test $? -eq 0 || exit $? +pkcs11-tool --login --login-type so --so-pin 3537363231383830 --change-pin --new-pin 0123456789012345 > /dev/null 2>&1 +test $? -eq 0 && echo -n "." || exit $? -pkcs11-tool --login --login-type so --so-pin 0123456789012345 --change-pin --new-pin 3537363231383830 -test $? -eq 0 || exit $? +pkcs11-tool --login --login-type so --so-pin 0123456789012345 --change-pin --new-pin 3537363231383830 > /dev/null 2>&1 +test $? -eq 0 && echo -n "." || exit $? # Change PIN -pkcs11-tool --login --pin 648219 --change-pin --new-pin 123456 -test $? -eq 0 || exit $? +pkcs11-tool --login --pin 648219 --change-pin --new-pin 123456 > /dev/null 2>&1 +test $? -eq 0 && echo -n "." || exit $? # Reset PIN -pkcs11-tool --login --login-type so --so-pin 3537363231383830 --init-pin --new-pin 648219 -test $? -eq 0 || exit $? +pkcs11-tool --login --login-type so --so-pin 3537363231383830 --init-pin --new-pin 648219 > /dev/null 2>&1 +test $? -eq 0 && echo -n "." || exit $? # Change PIN -pkcs11-tool --login --pin 648219 --change-pin --new-pin 123456 -test $? -eq 0 || exit $? +pkcs11-tool --login --pin 648219 --change-pin --new-pin 123456 > /dev/null 2>&1 +test $? -eq 0 && echo -n "." || exit $? -pkcs11-tool --login --pin 123456 --change-pin --new-pin 648219 -test $? -eq 0 || exit $? +pkcs11-tool --login --pin 123456 --change-pin --new-pin 648219 > /dev/null 2>&1 +test $? -eq 0 && echo -n "." || exit $? # Wrong PIN (1st and 2nd PIN_INCORRECT, 3rd PIN_LOCKED) e=$(pkcs11-tool --login --pin 123456 -I 2>&1) -test $? -eq 1 || exit $? -grep -q CKR_PIN_INCORRECT <<< $e || exit $? +test $? -eq 1 && echo -n "." || exit $? +grep -q CKR_PIN_INCORRECT <<< $e && echo -n "." || exit $? e=$(pkcs11-tool --login --pin 123456 -I 2>&1) -test $? -eq 1 || exit $? -grep -q CKR_PIN_INCORRECT <<< $e || exit $? +test $? -eq 1 && echo -n "." || exit $? +grep -q CKR_PIN_INCORRECT <<< $e && echo -n "." || exit $? e=$(pkcs11-tool --login --pin 123456 -I 2>&1) -test $? -eq 1 || exit $? -grep -q CKR_PIN_LOCKED <<< $e || exit $? +test $? -eq 1 && echo -n "." || exit $? +grep -q CKR_PIN_LOCKED <<< $e && echo -n "." || exit $? # Reset PIN -pkcs11-tool --login --login-type so --so-pin 3537363231383830 --init-pin --new-pin 648219 -test $? -eq 0 || exit $? +pkcs11-tool --login --login-type so --so-pin 3537363231383830 --init-pin --new-pin 648219 > /dev/null 2>&1 +test $? -eq 0 && echo -n "." || exit $? -pkcs11-tool --login --pin 648219 -I -test $? -eq 0 || exit $? +pkcs11-tool --login --pin 648219 -I > /dev/null 2>&1 +test $? -eq 0 && echo -n "." || exit $? diff --git a/tests/scripts/keygen.sh b/tests/scripts/keygen.sh new file mode 100644 index 0000000..2352f87 --- /dev/null +++ b/tests/scripts/keygen.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +./tests/scripts/reset.sh > /dev/null 2>&1 +test $? -eq 0 || exit $? + +gen_and_check() { + e=$(pkcs11-tool -l --pin 648219 --keypairgen --key-type $1 --id 1 --label "TestLabel" 2>&1) + test $? -eq 0 || exit $? + grep -q "$2" <<< $e || exit $? + pkcs11-tool -l --pin 648219 --delete-object --type privkey --id 1 > /dev/null 2>&1 +} + +gen_and_check "rsa:1024" "RSA 1024 bits" && echo -n "." || exit $? +gen_and_check "rsa:2048" "RSA 2048 bits" && echo -n "." || exit $? +gen_and_check "ec:secp192r1" "EC_POINT 192 bits" && echo -n "." || exit $? +gen_and_check "ec:secp256r1" "EC_POINT 256 bits" && echo -n "." || exit $? +gen_and_check "ec:secp384r1" "EC_POINT 384 bits" && echo -n "." || exit $? +gen_and_check "ec:secp521r1" "EC_POINT 528 bits" && echo -n "." || exit $? +gen_and_check "ec:brainpoolP256r1" "EC_POINT 256 bits" && echo -n "." || exit $? +gen_and_check "ec:brainpoolP384r1" "EC_POINT 384 bits" && echo -n "." || exit $? +gen_and_check "ec:brainpoolP512r1" "EC_POINT 512 bits" && echo -n "." || exit $? +gen_and_check "ec:secp192k1" "EC_POINT 192 bits" && echo -n "." || exit $? +gen_and_check "ec:secp256k1" "EC_POINT 256 bits" && echo -n "." || exit $? diff --git a/tests/scripts/pkcs11.sh b/tests/scripts/pkcs11.sh new file mode 100644 index 0000000..f14c4f0 --- /dev/null +++ b/tests/scripts/pkcs11.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +echo -n "Test initialization..." +#./tests/scripts/initialize.sh +test $? -eq 0 && echo -e '\tok' || (echo -e '\tfail' && exit 1) + +echo -n "Test keygen..." +./tests/scripts/keygen.sh +test $? -eq 0 && echo -e '\tok' || (echo -e '\tfail' && exit 1) diff --git a/tests/scripts/reset.sh b/tests/scripts/reset.sh new file mode 100644 index 0000000..f0f87e5 --- /dev/null +++ b/tests/scripts/reset.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +python3 tools/pico-hsm-tool.py --pin 648219 initialize --so-pin 57621880 --silent +test $? -eq 0 || exit $? diff --git a/tests/start-up-and-test.sh b/tests/start-up-and-test.sh index 93b9875..f10091a 100755 --- a/tests/start-up-and-test.sh +++ b/tests/start-up-and-test.sh @@ -12,6 +12,5 @@ pytest tests -W ignore::DeprecationWarning chmod a+x tests/scripts/*.sh -echo -n "Test initialization... " -./tests/scripts/initialize.sh > /dev/null 2>&1 -test $? -eq 0 && echo -e '\tok' || (echo -e '\tfail' && exit 1) +echo "======== PKCS11 Test suite ========" +./tests/scripts/pkcs11.sh