tests: Verify the pkcs11-tool --test works

Note, that it does not work now until OpenSC#1600 will get resolved. Then, move the test to TESTS in the Makefile.am
Jakuje · Mar 8, 2019 · 78aea02 · 78aea02
1 parent 0703708
commit 78aea02
Show file tree

Hide file tree

Showing 5 changed files with 109 additions and 65 deletions.
diff --git a/.gitignore b/.gitignore
@@ -109,4 +109,7 @@ src/tests/pintest
 src/tests/prngtest
 src/tests/p11test/p11test
 
+tests/*.log
+tests/*.trs
+
 version.m4.ci
diff --git a/tests/Makefile.am b/tests/Makefile.am
@@ -2,7 +2,12 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
 
 dist_noinst_SCRIPTS = test-manpage.sh \
                       test-fuzzing.sh \
+                      test-pkcs11-tool-test.sh \
                       test-pkcs11-tool-sign-verify.sh
 
-TESTS = test-manpage.sh \
-        test-pkcs11-tool-sign-verify.sh
+TESTS = \
+	test-manpage.sh \
+        test-pkcs11-tool-sign-verify.sh \
+        test-pkcs11-tool-test.sh
+XFAIL_TESTS = \
+        test-pkcs11-tool-test.sh
diff --git a/tests/common.sh b/tests/common.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+## from OpenSC/src/tests/p11test/runtest.sh
+
+SOPIN="12345678"
+PIN="123456"
+PKCS11_TOOL="../src/tools/pkcs11-tool"
+P11LIB="/usr/lib64/pkcs11/libsofthsm2.so"
+
+ERRORS=0
+function assert() {
+	if [[ $1 != 0 ]]; then
+		echo "====> ERROR: $2"
+		ERRORS=1
+	fi
+}
+
+function generate_key() {
+	TYPE="$1"
+	ID="$2"
+	LABEL="$3"
+
+	# Generate key pair
+	$PKCS11_TOOL --keypairgen --key-type="$TYPE" --login --pin=$PIN \
+		--module="$P11LIB" --label="$LABEL" --id=$ID
+
+	if [[ "$?" -ne "0" ]]; then
+		echo "Couldn't generate $TYPE key pair"
+		return 1
+	fi
+
+	# Extract public key from the card
+	$PKCS11_TOOL --read-object --id $ID --type pubkey --output-file $ID.der \
+		--module="$P11LIB"
+
+	# convert it to more digestible PEM format
+	if [[ ${TYPE:0:3} == "RSA" ]]; then
+		openssl rsa -inform DER -outform PEM -in $ID.der -pubin > $ID.pub
+	else
+		openssl ec -inform DER -outform PEM -in $ID.der -pubin > $ID.pub
+	fi
+	rm $ID.der
+}
+
+function card_setup() {
+	echo "directories.tokendir = .tokens/" > .softhsm2.conf
+	mkdir ".tokens"
+	export SOFTHSM2_CONF=".softhsm2.conf"
+	# Init token
+	softhsm2-util --init-token --slot 0 --label "SC test" --so-pin="$SOPIN" --pin="$PIN"
+
+	# Generate 1024b RSA Key pair
+	generate_key "RSA:1024" "01" "RSA_auth"
+	# Generate 2048b RSA Key pair
+	generate_key "RSA:2048" "02" "RSA2048"
+	# Generate 256b ECC Key pair
+	# generate_key "EC:secp256r1" "03" "ECC_auth"
+	# Generate 521b ECC Key pair
+	# generate_key "EC:secp521r1" "04" "ECC521"
+	# TODO ECDSA keys tests
+}
+
+function card_cleanup() {
+	rm .softhsm2.conf
+	rm -rf ".tokens"
+	rm 0{1,2}.pub
+}
diff --git a/tests/test-pkcs11-tool-sign-verify.sh b/tests/test-pkcs11-tool-sign-verify.sh
@@ -1,67 +1,6 @@
-## from OpenSC/src/tests/p11test/runtest.sh
-SOPIN="12345678"
-PIN="123456"
-PKCS11_TOOL="../src/tools/pkcs11-tool"
-P11LIB="/usr/lib64/pkcs11/libsofthsm2.so"
+#!/bin/bash
 
-ERRORS=0
-function assert() {
-	if [[ $1 != 0 ]]; then
-		echo "====> ERROR: $2"
-		ERRORS=1
-	fi
-}
-
-function generate_key() {
-	TYPE="$1"
-	ID="$2"
-	LABEL="$3"
-
-	# Generate key pair
-	$PKCS11_TOOL --keypairgen --key-type="$TYPE" --login --pin=$PIN \
-		--module="$P11LIB" --label="$LABEL" --id=$ID
-
-	if [[ "$?" -ne "0" ]]; then
-		echo "Couldn't generate $TYPE key pair"
-		return 1
-	fi
-
-	# Extract public key from the card
-	$PKCS11_TOOL --read-object --id $ID --type pubkey --output-file $ID.der \
-		--module="$P11LIB"
-
-	# convert it to more digestible PEM format
-	if [[ ${TYPE:0:3} == "RSA" ]]; then
-		openssl rsa -inform DER -outform PEM -in $ID.der -pubin > $ID.pub
-	else
-		openssl ec -inform DER -outform PEM -in $ID.der -pubin > $ID.pub
-	fi
-	rm $ID.der
-}
-
-function card_setup() {
-	echo "directories.tokendir = .tokens/" > .softhsm2.conf
-	mkdir ".tokens"
-	export SOFTHSM2_CONF=".softhsm2.conf"
-	# Init token
-	softhsm2-util --init-token --slot 0 --label "SC test" --so-pin="$SOPIN" --pin="$PIN"
-
-	# Generate 1024b RSA Key pair
-	generate_key "RSA:1024" "01" "RSA_auth"
-	# Generate 2048b RSA Key pair
-	generate_key "RSA:2048" "02" "RSA2048"
-	# Generate 256b ECC Key pair
-	# generate_key "EC:secp256r1" "03" "ECC_auth"
-	# Generate 521b ECC Key pair
-	# generate_key "EC:secp521r1" "04" "ECC521"
-	# TODO ECDSA keys tests
-}
-
-function card_cleanup() {
-	rm .softhsm2.conf
-	rm -rf ".tokens"
-	rm 0{1,2}.pub
-}
+source common.sh
 
 echo "======================================================="
 echo "Setup SoftHSM"
@@ -73,6 +12,10 @@ fi
 card_setup
 echo "data to sign (max 100 bytes)" > data
 
+
+echo "======================================================="
+echo "Test"
+echo "======================================================="
 for HASH in "" "SHA1" "SHA224" "SHA256" "SHA384" "SHA512"; do
     for SIGN_KEY in "01" "02"; do
         METHOD="RSA-PKCS"
@@ -172,4 +115,6 @@ echo "Cleanup"
 echo "======================================================="
 card_cleanup
 
+rm data
+
 exit $ERRORS
diff --git a/tests/test-pkcs11-tool-test.sh b/tests/test-pkcs11-tool-test.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+source common.sh
+
+echo "======================================================="
+echo "Setup SoftHSM"
+echo "======================================================="
+if [[ ! -f $P11LIB ]]; then
+    echo "WARNINIG: The SoftHSM is not installed. Can not run this test"
+    exit 77;
+fi
+card_setup
+
+echo "======================================================="
+echo "Test"
+echo "======================================================="
+$PKCS11_TOOL --test -p $PIN --module $P11LIB
+assert $? "Failed running tests"
+
+echo "======================================================="
+echo "Cleanup"
+echo "======================================================="
+card_cleanup
+
+exit $ERRORS