mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-01-17 09:28:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
pico-hsm/tests/scripts/sign_and_verify.sh
Pol Henarejos c44d7db4e1
Refactor tests 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-10-09 00:34:50 +02:00

125 lines
4.6 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
source ./tests/scripts/func.sh
reset
test $? -eq 0 || exit $?
TEST_DATA="This is a test string. Be safe, be secure."
echo ${TEST_DATA} > data
create_dgst() {
openssl dgst -$1 -binary -out data.$1 data > /dev/null 2>&1
test $? -eq 0 && echo -n "." || exit $?
}
dgsts=("sha1" "sha224" "sha256" "sha384" "sha512")
for dgst in ${dgsts[*]}; do
echo -n " Create digest ${dgst}..."
create_dgst ${dgst}
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
done
# $1 sign mechanism
# $2 sign input file
# $3 sign parameters
# $4 vrfy input file
# $5 vrfy parameters
sign_and_verify() {
pkcs11-tool --id 1 --sign --pin 648219 --mechanism $1 -i $2 -o data.sig $3 > /dev/null 2>&1
test $? -eq 0 && echo -n "." || exit $?
e=$(openssl pkeyutl -verify -pubin -inkey 1.pub -in $4 -sigfile data.sig $5 2>&1)
test $? -eq 0 && echo -n "." || exit $?
grep -q "Signature Verified Successfully" <<< $e && echo -n "." || exit $?
}
sign_and_verify_rsa_pkcs() {
dgstl=$(awk '{print tolower($0)}' <<<$1)
dgstu=$(awk '{print toupper($0)}' <<<$1)
sign_and_verify "${dgstu}-RSA-PKCS" data "" data.${dgstl} "-pkeyopt digest:${dgstl}"
test $? -eq 0 && echo -n "." || exit $?
}
sign_and_verify_rsa_pss() {
dgstl=$(awk '{print tolower($0)}' <<<$1)
dgstu=$(awk '{print toupper($0)}' <<<$1)
sign_and_verify "RSA-PKCS-PSS" data.${dgstl} "--mgf MGF1-${dgstu} --hash-algorithm ${dgstu}" data.${dgstl} "-pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1 -pkeyopt digest:${dgstl}"
test $? -eq 0 && echo -n "." || exit $?
}
sign_and_verify_rsa_pss_dgst() {
dgstl=$(awk '{print tolower($0)}' <<<$1)
dgstu=$(awk '{print toupper($0)}' <<<$1)
sign_and_verify "${dgstu}-RSA-PKCS-PSS" data "" data.${dgstl} "-pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1 -pkeyopt digest:${dgstl}"
test $? -eq 0 && echo -n "." || exit $?
}
keygen_sign_and_verify_ec() {
echo " Test ECDSA with $1"
echo -n " Keygen $1..."
keygen_and_export $1
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
for dgst in ${dgsts[*]}; do
dgstu=$(awk '{print toupper($0)}' <<<${dgst})
echo -n " Test ECDSA with ${dgst} and $1..."
sign_and_verify ECDSA "data.${dgst}" "--signature-format openssl" data.${dgst}
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
echo -n " Test ECDSA-${dgstu} with $1..."
sign_and_verify "ECDSA-${dgstu}" data "--signature-format openssl" data.${dgst}
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
done
echo -n " Delete $1..."
pkcs11-tool -l --pin 648219 --delete-object --type privkey --id 1 > /dev/null 2>&1
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
}
algs=("ec:secp192r1" "ec:secp256r1" "ec:secp384r1" "ec:secp521r1" "ec:brainpoolP256r1" "ec:brainpoolP384r1" "ec:brainpoolP512r1" "ec:secp192k1" "ec:secp256k1")
for alg in ${algs[*]}; do
keygen_sign_and_verify_ec ${alg} || exit $?
done
echo " Test RSA PKCS"
echo -n " Keygen rsa:2048..."
keygen_and_export "rsa:2048"
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
echo -n " Test RSA-PKCS..."
pkcs11-tool --id 1 --sign --pin 648219 --mechanism RSA-PKCS -i data -o data.sig > /dev/null 2>&1
test $? -eq 0 && echo -n "." || exit $?
e=$(openssl pkeyutl -verify -pubin -inkey 1.pub -in data -sigfile data.sig 2>&1)
test $? -eq 0 && echo -n "." || exit $?
grep -q "Signature Verified Successfully" <<< $e && echo -e ".\t${OK}" || exit $?
for dgst in ${dgsts[*]}; do
dgstu=$(awk '{print toupper($0)}' <<<${dgst})
echo -n " Test RSA-PKCS-${dgstu}..."
sign_and_verify_rsa_pkcs ${dgst}
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
done
echo -n " Test RSA-X-509..."
cp data data_pad
test $? -eq 0 && echo -n "." || exit $?
dd if=/dev/zero bs=1 count=227 >> data_pad > /dev/null 2>&1
test $? -eq 0 && echo -n "." || exit $?
pkcs11-tool --id 1 --sign --pin 648219 --mechanism RSA-X-509 -i data_pad -o data.sig > /dev/null 2>&1
test $? -eq 0 && echo -n "." || exit $?
TDATA=$(tr -d '\0' < <(openssl rsautl -verify -inkey 1.pub -in data.sig -pubin -raw))
if [[ ${TEST_DATA} != "$TDATA" ]]; then
exit 1
fi
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
for dgst in ${dgsts[*]}; do
dgstu=$(awk '{print toupper($0)}' <<<${dgst})
if [[ "${dgst}" != "sha1" ]]; then
echo -n " Test RSA-PKCS-PSS with ${dgst}..."
sign_and_verify_rsa_pss ${dgst}
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
fi
echo -n " Test ${dgstu}-RSA-PKCS-PSS..."
sign_and_verify_rsa_pss_dgst ${dgst}
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
done
rm -rf data* 1.*
pkcs11-tool -l --pin 648219 --delete-object --type privkey --id 1 > /dev/null 2>&1
Reference in a new issue View git blame Copy permalink