-
Notifications
You must be signed in to change notification settings - Fork 87
/
test-generate-keypair.sh
executable file
·92 lines (77 loc) · 2.83 KB
/
test-generate-keypair.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
#!/bin/sh
test "${abs_top_builddir+set}" = set || {
echo "set abs_top_builddir" 1>&2
exit 1
}
. "$abs_top_builddir/common/test-init.sh"
: ${P11_MODULE_PATH="$abs_top_builddir"/.libs}
setup() {
testdir=$PWD/test-objects-$$
test -d "$testdir" || mkdir "$testdir"
cd "$testdir"
mkdir tokens
cat > softhsm2.conf <<EOF
directories.tokendir = $PWD/tokens/
EOF
export SOFTHSM2_CONF=$PWD/softhsm2.conf
: ${SOFTHSM2_UTIL=softhsm2-util}
if ! "$SOFTHSM2_UTIL" --version >/dev/null; then
skip "softhsm2-util not found"
return
fi
softhsm2-util --init-token --free --label test-genkey --so-pin 12345 --pin 12345
: ${PKG_CONFIG=pkg-config}
if ! "$PKG_CONFIG" p11-kit-1 --exists; then
skip "pkgconfig(p11-kit-1) not found"
return
fi
module_path=$("$PKG_CONFIG" p11-kit-1 --variable=p11_module_path)
if ! test -e "$module_path/libsofthsm2.so"; then
skip "unable to resolve libsofthsm2.so"
return
fi
ln -sf "$module_path"/libsofthsm2.so "$P11_MODULE_PATH"
}
teardown() {
unset SOFTHSM2_CONF
rm -rf "$testdir"
}
test_generate_keypair_rsa() {
if ! "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --login --label=rsa --type=rsa --bits=2048 "pkcs11:token=test-genkey?pin-value=12345"; then
assert_fail "unable to run: p11-kit generate-keypair"
fi
}
test_generate_keypair_ecdsa() {
for curve in secp256r1 secp384r1 secp521r1; do
if ! "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --login --label="ecdsa-$curve" --type=ecdsa --curve="$curve" "pkcs11:token=test-genkey?pin-value=12345"; then
assert_fail "unable to run: p11-kit generate-keypair"
fi
done
if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --login --label="ecdsa-unknown" --type=ecdsa --curve=unknown "pkcs11:token=test-genkey?pin-value=12345"; then
assert_fail "p11-kit generate-keypair succeeded for unknown ecdsa curve"
fi
}
test_generate_keypair_eddsa() {
curves=
mech=$("$abs_top_builddir"/p11-kit/p11-kit-testable list-mechanisms "pkcs11:token=test-genkey" | sed -n '/CKM_EDDSA/p')
if test -z "$mech"; then
skip "no support for EdDSA"
return
fi
if expr "$mech" : ".*key-size=256-" > /dev/null; then
curve="$curve ed25519"
fi
if expr "$mech" : ".*key-size=.*-456" > /dev/null; then
curve="$curve ed448"
fi
for curve in $curves; do
if ! "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --login --label="eddsa-$curve" --type=eddsa --curve="$curve" "pkcs11:token=test-genkey?pin-value=12345"; then
assert_fail "unable to run: p11-kit generate-keypair"
fi
done
if "$abs_top_builddir"/p11-kit/p11-kit-testable generate-keypair --login --label="eddsa-unknown" --type=eddsa --curve=unknown "pkcs11:token=test-genkey?pin-value=12345"; then
assert_fail "p11-kit generate-keypair succeeded for unknown eddsa curve"
fi
}
run test_generate_keypair_rsa test_generate_keypair_ecdsa \
test_generate_keypair_ecdsa