|
Packit |
8681c6 |
#!/bin/sh
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# COPYRIGHT (c) International Business Machines Corp. 2005-2017
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# This program is provided under the terms of the Common Public License,
|
|
Packit |
8681c6 |
# version 1.0 (CPL-1.0). Any use, reproduction or distribution for this software
|
|
Packit |
8681c6 |
# constitutes recipient's acceptance of CPL-1.0 terms which can be found
|
|
Packit |
8681c6 |
# in the file LICENSE file or at https://opensource.org/licenses/cpl1.0.php
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# login_test.sh
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# Kent Yoder <kyoder@users.sf.net>
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# usage: login_test.sh -slot [n]
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
# By default, slot 0 is used. This script will run through several
|
|
Packit |
8681c6 |
# scenarios WRT login's to the PKCS#11 API. It expects a completely
|
|
Packit |
8681c6 |
# uninitialized token, such as right after installation. It is
|
|
Packit |
8681c6 |
# expected that the token will be reinitialized after running this test.
|
|
Packit |
8681c6 |
#
|
|
Packit |
8681c6 |
set -x
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
DEFAULT_SO_PIN=${P11_SO_PWD:=87654321}
|
|
Packit |
8681c6 |
DEFAULT_USER_PIN=${P11_USER_PWD:=12345678}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
NEW_USER_PIN1=${NEW_P11_USER_PWD:=userPW1}
|
|
Packit |
8681c6 |
NEW_USER_PIN2=${NEW_P11_USER_PWD2:=userPW2}
|
|
Packit |
8681c6 |
NEW_SO_PIN1=${NEW_P11_SO_PWD:=so_PW1}
|
|
Packit |
8681c6 |
NEW_SO_PIN2=${NEW_P11_SO_PWD2:=so_PW2}
|
|
Packit |
8681c6 |
BAD_PIN=bad
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
CKR_PIN_EXPIRED=163
|
|
Packit |
8681c6 |
CKR_PIN_INVALID=161
|
|
Packit |
8681c6 |
CKR_PIN_INCORRECT=160
|
|
Packit |
8681c6 |
CKR_USER_PIN_NOT_INITIALIZED=2
|
|
Packit |
8681c6 |
CKR_OK=0
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
#init the token
|
|
Packit |
8681c6 |
./init_tok $* -pass $DEFAULT_SO_PIN
|
|
Packit |
8681c6 |
if test $? -ne $CKR_OK; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# Try to login as SO with a bad pass
|
|
Packit |
8681c6 |
./login $* -so -pass bad
|
|
Packit |
8681c6 |
if test $? -ne $CKR_PIN_INCORRECT; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# Try to login as USER before init
|
|
Packit |
8681c6 |
./login $* -user -pass $DEFAULT_USER_PIN
|
|
Packit |
8681c6 |
if test $? -ne $CKR_USER_PIN_NOT_INITIALIZED; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# Try a correct SO login, should SUCCEED
|
|
Packit |
8681c6 |
./login $* -so -pass $DEFAULT_SO_PIN
|
|
Packit |
8681c6 |
if test $? -ne $CKR_OK; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# Try to do something after logging in before PIN is set
|
|
Packit |
8681c6 |
./digest_init $* -so -pass $DEFAULT_SO_PIN
|
|
Packit |
8681c6 |
if test $? -ne $CKR_PIN_EXPIRED; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# Try to set pin to the default value
|
|
Packit |
8681c6 |
./set_pin $* -so -old $DEFAULT_SO_PIN -new $DEFAULT_SO_PIN
|
|
Packit |
8681c6 |
if test $? -ne $CKR_PIN_INVALID; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# Do a legitimate pin set for the SO
|
|
Packit |
8681c6 |
./set_pin $* -so -old $DEFAULT_SO_PIN -new $NEW_SO_PIN1
|
|
Packit |
8681c6 |
if test $? -ne $CKR_OK; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# Init the USER PIN
|
|
Packit |
8681c6 |
./init_pin $* -sopass $NEW_SO_PIN1 -userpass $DEFAULT_USER_PIN
|
|
Packit |
8681c6 |
if test $? -ne $CKR_OK; then
|
|
Packit |
8681c6 |
echo "TEST_FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# Try to set pin to the default value
|
|
Packit |
8681c6 |
./set_pin $* -user -old $DEFAULT_USER_PIN -new $DEFAULT_USER_PIN
|
|
Packit |
8681c6 |
if test $? -ne $CKR_PIN_INVALID; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# Do a legitimate pin set for the USER
|
|
Packit |
8681c6 |
./set_pin $* -user -old $DEFAULT_USER_PIN -new $NEW_USER_PIN1
|
|
Packit |
8681c6 |
if test $? -ne $CKR_OK; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# login with the good pins
|
|
Packit |
8681c6 |
./login $* -so -pass $NEW_SO_PIN1
|
|
Packit |
8681c6 |
if test $? -ne $CKR_OK; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
./login $* -user -pass $NEW_USER_PIN1
|
|
Packit |
8681c6 |
if test $? -ne $CKR_OK; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# Try login with bad pins
|
|
Packit |
8681c6 |
./login $* -so -pass $BAD_PIN
|
|
Packit |
8681c6 |
if test $? -ne $CKR_PIN_INCORRECT; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
./login $* -user -pass $BAD_PIN
|
|
Packit |
8681c6 |
if test $? -ne $CKR_PIN_INCORRECT; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# try to change both pins back to defaults (should fail)
|
|
Packit |
8681c6 |
./set_pin $* -so -old $NEW_SO_PIN1 -new $DEFAULT_SO_PIN
|
|
Packit |
8681c6 |
if test $? -ne $CKR_PIN_INVALID; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
./set_pin $* -user -old $NEW_USER_PIN1 -new $DEFAULT_USER_PIN
|
|
Packit |
8681c6 |
if test $? -ne $CKR_PIN_INVALID; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# change both pins legitimately
|
|
Packit |
8681c6 |
./set_pin $* -so -old $NEW_SO_PIN1 -new $NEW_SO_PIN2
|
|
Packit |
8681c6 |
if test $? -ne $CKR_OK; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
./set_pin $* -user -old $NEW_USER_PIN1 -new $NEW_USER_PIN2
|
|
Packit |
8681c6 |
if test $? -ne $CKR_OK; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
# login with new passes
|
|
Packit |
8681c6 |
./login $* -so -pass $NEW_SO_PIN2
|
|
Packit |
8681c6 |
if test $? -ne $CKR_OK; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
./login $* -user -pass $NEW_USER_PIN2
|
|
Packit |
8681c6 |
if test $? -ne $CKR_OK; then
|
|
Packit |
8681c6 |
echo "TEST FAIL"
|
|
Packit |
8681c6 |
exit
|
|
Packit |
8681c6 |
fi
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
echo "TEST SUCCEEDED"
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
echo "Currently the SO Pin is set to \"$NEW_SO_PIN2\""
|
|
Packit |
8681c6 |
echo "Currently the USER Pin is set to \"$NEW_USER_PIN2\""
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
exit 0
|