mirror of
https://github.com/polhenarejos/pico-hsm.git
synced 2024-09-20 03:10:09 +00:00
Added backup and restore tests (pkcs11 wrap/unwrap).
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
parent
1950b03d35
commit
1bf0d6337b
59
tests/scripts/backup.sh
Executable file
59
tests/scripts/backup.sh
Executable file
@ -0,0 +1,59 @@
|
||||
#!/bin/bash
|
||||
|
||||
source ./tests/scripts/func.sh
|
||||
reset
|
||||
test $? -eq 0 || exit $?
|
||||
|
||||
sc_backup() {
|
||||
for i in $(seq 1 $1); do
|
||||
sc-hsm-tool --create-dkek-share dkek.${i}.pbe --password testpw > /dev/null 2>&1
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
done
|
||||
sc-hsm-tool --initialize --so-pin 3537363231383830 --pin 648219 --dkek-shares $1 > /dev/null 2>&1
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
pkcs11-tool -l --pin 648219 -I > /dev/null 2>&1
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
for i in $(seq 1 $1); do
|
||||
e=$(sc-hsm-tool --pin 648219 --import-dkek-share dkek.${i}.pbe --password testpw 2>&1)
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
grep -q "DKEK share imported" <<< $e && echo -n "." || exit $?
|
||||
grep -q "DKEK shares : $1" <<< $e && echo -n "." || exit $?
|
||||
if [[ $i -lt $1 ]]; then
|
||||
grep -q "DKEK import pending, $(( $1 - $i ))" <<< $e && echo -n "." || exit $?
|
||||
fi
|
||||
done
|
||||
}
|
||||
echo -n " Test single DKEK..."
|
||||
sc_backup 1
|
||||
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
|
||||
|
||||
: '
|
||||
echo -n " Test multiple DKEK..."
|
||||
sc_backup 3
|
||||
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
|
||||
|
||||
rm -rf dkek.*.pbe
|
||||
'
|
||||
|
||||
echo " Test backup and restore"
|
||||
algs=("rsa:1024" "rsa:2048" "ec:secp192r1" "ec:secp256r1" "ec:secp384r1" "ec:secp521r1" "ec:brainpoolP256r1" "ec:brainpoolP384r1" "ec:brainpoolP512r1" "ec:secp192k1" "ec:secp256k1")
|
||||
for alg in ${algs[*]}; do
|
||||
echo -n " Keygen ${alg}..."
|
||||
gen_and_check ${alg}
|
||||
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
|
||||
echo -n " Wrap key..."
|
||||
sc-hsm-tool --wrap-key wrap-key.bin --key-reference 1 --pin 648219 > /dev/null 2>&1
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
e=$(pkcs15-tool -D 2>&1)
|
||||
grep -q "Key ref : 10" <<< $e && exit $? || echo -e ".\t${OK}"
|
||||
echo -n " Unwrap key..."
|
||||
sc-hsm-tool --unwrap-key wrap-key.bin --key-reference 10 --pin 648219 --force > /dev/null 2>&1
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
e=$(pkcs15-tool -D 2>&1)
|
||||
grep -q "Key ref : 10" <<< $e && echo -e ".\t${OK}" || exit $?
|
||||
echo -n " Cleaning..."
|
||||
pkcs11-tool -l --pin 648219 --delete-object --type privkey --id 1 > /dev/null 2>&1
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
pkcs11-tool -l --pin 648219 --delete-object --type privkey --id 1 > /dev/null 2>&1
|
||||
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
|
||||
done
|
@ -48,4 +48,11 @@ echo "==== Test PKCS11-tool ===="
|
||||
test $? -eq 0 || {
|
||||
echo -e "\t${FAIL}"
|
||||
exit 1
|
||||
}
|
||||
}
|
||||
|
||||
echo "==== Test backup and restore ===="
|
||||
./tests/scripts/backup.sh
|
||||
test $? -eq 0 || {
|
||||
echo -e "\t${FAIL}"
|
||||
exit 1
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user