File: pkcs11-uri-without-token.softhsm

package info (click to toggle)
libp11 0.4.18-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 2,956 kB
  • sloc: ansic: 13,801; sh: 6,449; makefile: 229
file content (75 lines) | stat: -rwxr-xr-x 2,429 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
#!/bin/bash

# Copyright © 2024 Mobi - Com Polska Sp. z o.o.
# Author: Małgorzata Olszówka <Malgorzata.Olszowka@stunnel.org>
# Copyright (C) 2015 Nikos Mavrogiannopoulos
#
# GnuTLS is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# GnuTLS is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

# This test checks if it is possible to use the keys without specifying the
# token if there is only one initialized token available.

outdir="output.$$"

# These URIs don't contain the token specification
PRIVATE_KEY="pkcs11:object=server-key-0;type=private;pin-value=1234"
PUBLIC_KEY="pkcs11:object=server-key-0;type=public;pin-value=1234"

# Load common test functions
. ${srcdir}/common.sh

export OPENSSL_CONF="${outdir}/engines.cnf"
echo "OPENSSL_CONF=${OPENSSL_CONF}"

# Do the token initialization
init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert"

# Create input file
echo "secret" >"${outdir}/in.txt"

# Load openssl settings
. ${srcdir}/openssl-settings.sh

if ! "${OPENSSL}" engine >/dev/null 2>&1; then
	echo "Skipping engine tests: ENGINE support not available"
	rm -rf "$outdir"
	exit 77
fi

# Restore openssl settings
trap cleanup EXIT

# Run the test
# Generate signature without specifying the token in the PKCS#11 URI
${WRAPPER} ${OPENSSL} pkeyutl -engine pkcs11 -keyform engine \
	-inkey ${PRIVATE_KEY} -sign -out "${outdir}/signature.bin" \
	-in "${outdir}/in.txt"
if [[ $? -ne 0 ]]; then
	echo "Failed to generate signature using PKCS#11 URI ${PRIVATE_KEY}"
	exit 1
fi

# Verify the signature without specifying the token in the PKCS#11 URI
${OPENSSL} pkeyutl -engine pkcs11 -keyform engine -pubin \
	-inkey ${PUBLIC_KEY} -verify -sigfile "${outdir}/signature.bin" \
	-in "${outdir}/in.txt"
if [[ $? -ne 0 ]]; then
	echo "Failed to verify signature using PKCS#11 URI ${PUBLIC_KEY}"
	exit 1
fi

rm -rf "$outdir"

exit 0