diff --git a/tests/scripts/asym_cipher.sh b/tests/scripts/asym_cipher.sh new file mode 100755 index 0000000..35fef76 --- /dev/null +++ b/tests/scripts/asym_cipher.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +source ./tests/scripts/func.sh +reset +test $? -eq 0 || exit $? + +rsa_encrypt_decrypt() { + openssl pkeyutl -encrypt -pubin -inkey 1.pub $2 -in $1 -out data.crypt + test $? -eq 0 && echo -n "." || exit $? + e=$(pkcs11-tool --id 1 --pin 648219 --decrypt $3 -i data.crypt 2>/dev/null) + test $? -eq 0 && echo -n "." || exit $? + grep -q "${TEST_STRING}" <<< $e || exit $? +} + +TEST_STRING="This is a test string. Be safe, be secure." + +echo ${TEST_STRING} > data + +echo -n " Keygen RSA 2048..." +keygen_and_export rsa:2048 +test $? -eq 0 && echo -e ".\t${OK}" || exit $? + +echo -n " Test RSA-PKCS ciphering..." +rsa_encrypt_decrypt data "-pkeyopt rsa_padding_mode:pkcs1" "--mechanism RSA-PKCS" +test $? -eq 0 && echo -e ".\t${OK}" || exit $? + +echo -n " Test RSA-X-509 ciphering..." +cp data data_pad +tlen=${#TEST_STRING} +dd if=/dev/zero bs=1 count=$((256-$tlen-1)) >> data_pad 2> /dev/null +test $? -eq 0 && echo -n "." || exit $? +rsa_encrypt_decrypt data_pad "-pkeyopt rsa_padding_mode:none" "--mechanism RSA-X-509" +test $? -eq 0 && echo -e ".\t${OK}" || exit $? + +echo -n " Test RSA-PKCS-OAEP ciphering..." +rsa_encrypt_decrypt data "-pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256" "--mechanism RSA-PKCS-OAEP" +openssl pkeyutl -encrypt -pubin -inkey 1.pub -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 -in data -out data.crypt +test $? -eq 0 && echo -e ".\t${OK}" || exit $? + diff --git a/tests/scripts/pkcs11.sh b/tests/scripts/pkcs11.sh index 3e15984..c2292b8 100755 --- a/tests/scripts/pkcs11.sh +++ b/tests/scripts/pkcs11.sh @@ -21,3 +21,10 @@ test $? -eq 0 || { echo -e "\t${FAIL}" exit 1 } + +echo "==== Test asymmetric ciphering ====" +./tests/scripts/asym_cipher.sh +test $? -eq 0 || { + echo -e "\t${FAIL}" + exit 1 +}