File: timported

package info (click to toggle)
pkcs11-provider 1.2.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 2,084 kB
  • sloc: ansic: 30,447; sh: 3,354; python: 104; makefile: 58
file content (66 lines) | stat: -rwxr-xr-x 2,482 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
#!/bin/bash -e
# Copyright (C) 2024 Simo Sorce <simo@redhat.com>
# SPDX-License-Identifier: Apache-2.0

source "${TESTSSRCDIR}/helpers.sh"


title PARA "Test imported key in token session"

title LINE "Generate EC keypair in files"
# older versions of openssl don't support -outpubkey ...
#ossl 'genpkey -algorithm EC -out ${TMPPDIR}/file.ec.key.pem
#              -pkeyopt ec_paramgen_curve:P-256
#              -pkeyopt ec_param_enc:named_curve
#              -outpubkey ${TMPPDIR}/file.ec.pub.key.pem'
# .. so we'll use two steps
ossl 'genpkey -algorithm EC -out ${TMPPDIR}/file.ec.key.pem
              -pkeyopt ec_paramgen_curve:P-256'
ossl 'pkey -in ${TMPPDIR}/file.ec.key.pem
           -pubout -out ${TMPPDIR}/file.ec.pub.key.pem'

title LINE "Generate RSA keypair in files"
# older versions of openssl don't support -outpubkey ...
# .. so we'll use two steps
export OPTS=""
if [[ "${SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT}" = "1" ]]; then
    export OPTS="-pkeyopt rsa_keygen_pubexp:3"
fi
ossl 'genpkey -algorithm RSA -out ${TMPPDIR}/file.rsa.key.pem
              -pkeyopt rsa_keygen_bits:2048 ${OPTS}'
ossl 'pkey -in ${TMPPDIR}/file.rsa.key.pem
           -pubout -out ${TMPPDIR}/file.rsa.pub.key.pem'

#After key generation force all operations to happen on the token
ORIG_OPENSSL_CONF=${OPENSSL_CONF}
sed -e "s/#MORECONF/alg_section = algorithm_sec\n\n[algorithm_sec]\ndefault_properties = ?provider=pkcs11/" \
    "${OPENSSL_CONF}" > "${OPENSSL_CONF}.forcetoken"
OPENSSL_CONF=${OPENSSL_CONF}.forcetoken

title LINE "Test Signing with private EC key imported from file"
ossl 'pkeyutl -sign
              -inkey ${TMPPDIR}/file.ec.key.pem
              -in ${TMPPDIR}/sha256.bin
              -out ${TMPPDIR}/file.ec.sig.bin'

title LINE "Test Verifying with public EC key imported from file"
ossl 'pkeyutl -verify -pubin
              -inkey ${TMPPDIR}/file.ec.pub.key.pem
              -sigfile ${TMPPDIR}/file.ec.sig.bin
              -in ${TMPPDIR}/sha256.bin'

title LINE "Test Signing with private RSA key imported from file"
ossl 'pkeyutl -sign
              -inkey ${TMPPDIR}/file.rsa.key.pem
              -in ${TMPPDIR}/sha256.bin
              -out ${TMPPDIR}/file.rsa.sig.bin'

title LINE "Test Verifying with public RSA key imported from file"
ossl 'pkeyutl -verify -pubin
              -inkey ${TMPPDIR}/file.rsa.pub.key.pem
              -sigfile ${TMPPDIR}/file.rsa.sig.bin
              -in ${TMPPDIR}/sha256.bin'

OPENSSL_CONF=${ORIG_OPENSSL_CONF}

exit 0