|
Packit |
a90071 |
#!/bin/sh
|
|
Packit |
a90071 |
|
|
Packit |
a90071 |
# Copyright (C) 2015 Nikos Mavrogiannopoulos
|
|
Packit |
a90071 |
#
|
|
Packit |
a90071 |
# GnuTLS is free software; you can redistribute it and/or modify it
|
|
Packit |
a90071 |
# under the terms of the GNU General Public License as published by the
|
|
Packit |
a90071 |
# Free Software Foundation; either version 3 of the License, or (at
|
|
Packit |
a90071 |
# your option) any later version.
|
|
Packit |
a90071 |
#
|
|
Packit |
a90071 |
# GnuTLS is distributed in the hope that it will be useful, but
|
|
Packit |
a90071 |
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
a90071 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
a90071 |
# General Public License for more details.
|
|
Packit |
a90071 |
#
|
|
Packit |
a90071 |
# You should have received a copy of the GNU General Public License
|
|
Packit |
a90071 |
# along with GnuTLS; if not, write to the Free Software Foundation,
|
|
Packit |
a90071 |
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
Packit |
a90071 |
|
|
Packit |
a90071 |
# This test checks if it is possible to use the keys without specifying the
|
|
Packit |
a90071 |
# token if there is only one initialized token available.
|
|
Packit |
a90071 |
|
|
Packit |
a90071 |
outdir="output.$$"
|
|
Packit |
a90071 |
|
|
Packit |
a90071 |
# Load common test functions
|
|
Packit |
a90071 |
. ${srcdir}/rsa-common.sh
|
|
Packit |
a90071 |
|
|
Packit |
a90071 |
# Do the common test initialization
|
|
Packit |
a90071 |
common_init
|
|
Packit |
a90071 |
|
|
Packit |
a90071 |
sed -e "s|@MODULE_PATH@|${MODULE}|g" -e \
|
|
Packit |
a90071 |
"s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" \
|
|
Packit |
a90071 |
<"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf"
|
|
Packit |
a90071 |
|
|
Packit |
a90071 |
export OPENSSL_ENGINES="../src/.libs/"
|
|
Packit |
a90071 |
export OPENSSL_CONF="${outdir}/engines.cnf"
|
|
Packit |
a90071 |
|
|
Packit |
a90071 |
# These URIs don't contain the token specification
|
|
Packit |
a90071 |
PRIVATE_KEY="pkcs11:object=server-key;type=private;pin-value=1234"
|
|
Packit |
a90071 |
PUBLIC_KEY="pkcs11:object=server-key;type=public;pin-value=1234"
|
|
Packit |
a90071 |
|
|
Packit |
a90071 |
# Create input file
|
|
Packit |
a90071 |
echo "secret" >"${outdir}/in.txt"
|
|
Packit |
a90071 |
|
|
Packit |
a90071 |
# Generate signature without specifying the token in the PKCS#11 URI
|
|
Packit |
a90071 |
openssl pkeyutl -engine pkcs11 -keyform engine -inkey "${PRIVATE_KEY}" \
|
|
Packit |
a90071 |
-sign -out "${outdir}/signature.bin" -in "${outdir}/in.txt"
|
|
Packit |
a90071 |
if test $? != 0;then
|
|
Packit |
a90071 |
echo "Failed to generate signature using PKCS#11 URI ${PRIVATE_KEY}"
|
|
Packit |
a90071 |
exit 1;
|
|
Packit |
a90071 |
fi
|
|
Packit |
a90071 |
|
|
Packit |
a90071 |
# Verify the signature without specifying the token in the PKCS#11 URI
|
|
Packit |
a90071 |
openssl pkeyutl -engine pkcs11 -keyform engine -pubin -inkey "${PUBLIC_KEY}" \
|
|
Packit |
a90071 |
-verify -sigfile "${outdir}/signature.bin" -in "${outdir}/in.txt"
|
|
Packit |
a90071 |
if test $? != 0;then
|
|
Packit |
a90071 |
echo "Failed to verify signature using PKCS#11 URI ${PUBLIC_KEY}"
|
|
Packit |
a90071 |
exit 1;
|
|
Packit |
a90071 |
fi
|
|
Packit |
a90071 |
|
|
Packit |
a90071 |
rm -rf "$outdir"
|
|
Packit |
a90071 |
|
|
Packit |
a90071 |
exit 0
|