From 10ed7e56f159dba8980644494532898c9063438d Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Micha=C5=82=20Trojnara?= <Michal.Trojnara@stunnel.org>

Date: Thu, 23 Aug 2018 22:19:04 +0200

Subject: [PATCH 03/23] ec-evp-sign test

---

 tests/Makefile.am         |  1 +

 tests/ec-common.sh        | 18 +++++-----

 tests/ec-evp-sign.softhsm | 71 +++++++++++++++++++++++++++++++++++++++

 tests/ec-testfork.softhsm |  2 +-

 4 files changed, 82 insertions(+), 10 deletions(-)

 create mode 100755 tests/ec-evp-sign.softhsm

diff --git a/tests/Makefile.am b/tests/Makefile.am

index 8864709..cd17051 100644

--- a/tests/Makefile.am

+++ b/tests/Makefile.am

@@ -21,6 +21,7 @@ dist_check_SCRIPTS = \

 	rsa-testfork.softhsm \

 	rsa-testlistkeys.softhsm \

 	rsa-evp-sign.softhsm \

+	ec-evp-sign.softhsm \

 	ec-testfork.softhsm \

 	fork-change-slot.softhsm \

 	rsa-pss-sign.softhsm \

diff --git a/tests/ec-common.sh b/tests/ec-common.sh

index a709c0d..a53a4ee 100755

--- a/tests/ec-common.sh

+++ b/tests/ec-common.sh

@@ -35,11 +35,11 @@ mkdir -p $outdir

 for i in /usr/lib64/pkcs11 /usr/lib64/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib/softhsm /usr/lib ;do

 	if test -f "$i/libsofthsm2.so"; then

-		ADDITIONAL_PARAM="$i/libsofthsm2.so"

+		MODULE="$i/libsofthsm2.so"

 		break

 	else

 		if test -f "$i/libsofthsm.so";then

-			ADDITIONAL_PARAM="$i/libsofthsm.so"

+			MODULE="$i/libsofthsm.so"

 			break

 		fi

 	fi

@@ -104,18 +104,18 @@ PUK=1234

 init_card $PIN $PUK

 # generate key in token

-pkcs11-tool -p $PIN --module $ADDITIONAL_PARAM -d 01020304 -a server-key -l -w ${srcdir}/ec-prvkey.der -y privkey >/dev/null

+pkcs11-tool -p $PIN --module $MODULE -d 01020304 -a server-key -l -w ${srcdir}/ec-prvkey.der -y privkey >/dev/null

 if test $? != 0;then

 	exit 1;

 fi

 # pkcs11-tool currently only supports RSA public keys

-#pkcs11-tool -p $PIN --module $ADDITIONAL_PARAM -d 01020304 -a server-key -l -w ${srcdir}/ec-pubkey.der -y pubkey >/dev/null

-#if test $? != 0;then

-#	exit 1;

-#fi

+pkcs11-tool -p $PIN --module $MODULE -d 01020304 -a server-key -l -w ${srcdir}/ec-pubkey.der -y pubkey >/dev/null

+if test $? != 0;then

+	exit 1;

+fi

-pkcs11-tool -p $PIN --module $ADDITIONAL_PARAM -d 01020304 -a server-key -l -w ${srcdir}/ec-cert.der -y cert >/dev/null

+pkcs11-tool -p $PIN --module $MODULE -d 01020304 -a server-key -l -w ${srcdir}/ec-cert.der -y cert >/dev/null

 if test $? != 0;then

 	exit 1;

 fi

@@ -123,4 +123,4 @@ fi

 echo "***************"

 echo "Listing objects"

 echo "***************"

-pkcs11-tool -p $PIN --module $ADDITIONAL_PARAM -l -O

+pkcs11-tool -p $PIN --module $MODULE -l -O

diff --git a/tests/ec-evp-sign.softhsm b/tests/ec-evp-sign.softhsm

new file mode 100755

index 0000000..edecd4a

--- /dev/null

+++ b/tests/ec-evp-sign.softhsm

@@ -0,0 +1,71 @@

+#!/bin/sh

+

+# Copyright (C) 2015 Nikos Mavrogiannopoulos

+#

+# GnuTLS is free software; you can redistribute it and/or modify it

+# under the terms of the GNU General Public License as published by the

+# Free Software Foundation; either version 3 of the License, or (at

+# your option) any later version.

+#

+# GnuTLS is distributed in the hope that it will be useful, but

+# WITHOUT ANY WARRANTY; without even the implied warranty of

+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

+# General Public License for more details.

+#

+# You should have received a copy of the GNU General Public License

+# along with GnuTLS; if not, write to the Free Software Foundation,

+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

+

+outdir="output.$$"

+

+# Load common test functions

+. ${srcdir}/ec-common.sh

+

+# Do the common test initialization

+# common_init

+

+sed -e "s|@MODULE_PATH@|${MODULE}|g" -e "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf"

+

+export OPENSSL_ENGINES="../src/.libs/"

+PRIVATE_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=private;pin-value=1234"

+PUBLIC_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=public;pin-value=1234"

+

+./evp-sign ctrl false "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE}

+if test $? != 0;then

+	echo "Basic PKCS #11 test, using ctrl failed"

+	exit 1;

+fi

+

+./evp-sign default false "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE}

+if test $? != 0;then

+	echo "Basic PKCS #11 test, using default failed"

+	exit 1;

+fi

+

+./evp-sign ctrl 1234 "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE}

+if test $? != 0;then

+	echo "Basic PKCS #11 test without pin-value, using ctrl failed"

+	exit 1;

+fi

+

+./evp-sign default 1234 "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE}

+if test $? != 0;then

+	echo "Basic PKCS #11 test without pin-value, using default failed"

+	exit 1;

+fi

+

+./evp-sign ctrl 1234 "${outdir}/engines.cnf" "label_server-key" "label_server-key" ${MODULE}

+if test $? != 0;then

+	echo "Basic PKCS #11 test with legacy name #1 failed"

+	exit 1;

+fi

+

+./evp-sign default 1234 "${outdir}/engines.cnf" "id_01020304" "id_01020304" ${MODULE}

+if test $? != 0;then

+	echo "Basic PKCS #11 test with legacy name #2 failed"

+	exit 1;

+fi

+

+rm -rf "$outdir"

+

+exit 0

diff --git a/tests/ec-testfork.softhsm b/tests/ec-testfork.softhsm

index 961424a..55b6516 100755

--- a/tests/ec-testfork.softhsm

+++ b/tests/ec-testfork.softhsm

@@ -21,7 +21,7 @@ outdir="output.$$"

 . ${srcdir}/ec-common.sh

-./fork-test $ADDITIONAL_PARAM $PIN

+./fork-test $MODULE $PIN

 if test $? != 0;then

 	exit 1;

 fi

-- 

2.17.1