-
Notifications
You must be signed in to change notification settings - Fork 758
/
Copy pathcommon.sh
115 lines (100 loc) · 2.79 KB
/
common.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#!/bin/bash
## from OpenSC/src/tests/p11test/runtest.sh
BUILD_PATH=${BUILD_PATH:-..}
# run valgrind with all the switches we are interested in
if [ -n "$VALGRIND" -a -n "$LOG_COMPILER" ]; then
VALGRIND="$LOG_COMPILER"
fi
SOPIN="12345678"
PIN="123456"
PKCS11_TOOL="$VALGRIND $BUILD_PATH/src/tools/pkcs11-tool"
softhsm_paths="/usr/local/lib/softhsm/libsofthsm2.so \
/usr/lib/softhsm/libsofthsm2.so
/usr/lib64/pkcs11/libsofthsm2.so \
/usr/lib/i386-linux-gnu/softhsm/libsofthsm2.so \
/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so"
for LIB in $softhsm_paths; do
echo "Testing $LIB"
if [[ -f $LIB ]]; then
P11LIB=$LIB
echo "Setting P11LIB=$LIB"
break
fi
done
if [[ -z "$P11LIB" ]]; then
echo "Warning: Could not find the softhsm pkcs11 module"
fi
ERRORS=0
function assert() {
if [[ $1 != 0 ]]; then
echo "====> ERROR: $2"
ERRORS=1
fi
}
function generate_key() {
TYPE="$1"
ID="$2"
LABEL="$3"
echo "Generate $TYPE key (ID=$ID)"
# Generate key pair
$PKCS11_TOOL --keypairgen --key-type="$TYPE" --login --pin=$PIN \
--module="$P11LIB" --label="$LABEL" --id=$ID
if [[ "$?" -ne "0" ]]; then
echo "Couldn't generate $TYPE key pair"
return 1
fi
# Extract public key from the card
$PKCS11_TOOL --read-object --id $ID --type pubkey --output-file $ID.der \
--module="$P11LIB"
if [[ "$?" -ne "0" ]]; then
echo "Couldn't read generated $TYPE public key"
return 1
fi
# convert it to more digestible PEM format
if [[ ${TYPE:0:3} == "RSA" ]]; then
openssl rsa -inform DER -outform PEM -in $ID.der -pubin > $ID.pub
elif [[ $TYPE == "EC:edwards25519" ]]; then
openssl pkey -inform DER -outform PEM -in $ID.der -pubin > $ID.pub
else
openssl ec -inform DER -outform PEM -in $ID.der -pubin > $ID.pub
fi
rm $ID.der
}
function softhsm_initialize() {
echo "directories.tokendir = $(realpath .tokens)" > .softhsm2.conf
if [ -d ".tokens" ]; then
rm -rf ".tokens"
fi
mkdir ".tokens"
export SOFTHSM2_CONF=$(realpath ".softhsm2.conf")
# Init token
softhsm2-util --init-token --slot 0 --label "SC test" --so-pin="$SOPIN" --pin="$PIN"
}
function card_setup() {
softhsm_initialize
# Generate 1024b RSA Key pair
generate_key "RSA:1024" "01" "RSA_auth" || return 1
# Generate 2048b RSA Key pair
generate_key "RSA:2048" "02" "RSA2048" || return 1
# Generate 256b ECC Key pair
generate_key "EC:secp256r1" "03" "ECC_auth" || return 1
# Generate 521b ECC Key pair
generate_key "EC:secp521r1" "04" "ECC521" || return 1
# Generate an HMAC:SHA256 key
$PKCS11_TOOL --keygen --key-type="GENERIC:64" --login --pin=$PIN \
--module="$P11LIB" --label="HMAC-SHA256" --id="05"
if [[ "$?" -ne "0" ]]; then
echo "Couldn't generate GENERIC key"
return 1
fi
}
function softhsm_cleanup() {
rm .softhsm2.conf
rm -rf ".tokens"
sleep 1
}
function card_cleanup() {
softhsm_cleanup
rm 0{1,2,3,4}.pub
sleep 1
}