From 18f3cf3e0783b1b5780b8ffa62de97240f895fba Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Fri, 20 Jul 2018 15:36:13 +0200 Subject: tests: remove old PKCS#11 tests After backporting testpkcs11.sh from master branch is unnecessary to keep the old test files. Signed-off-by: Anderson Toshiyuki Sasaki --- tests/suite/testpkcs11 | 479 ----------------------------------------- tests/suite/testpkcs11.pkcs15 | 46 ---- tests/suite/testpkcs11.sc-hsm | 51 ----- tests/suite/testpkcs11.softhsm | 76 ------- 4 files changed, 652 deletions(-) delete mode 100755 tests/suite/testpkcs11 delete mode 100644 tests/suite/testpkcs11.pkcs15 delete mode 100644 tests/suite/testpkcs11.sc-hsm delete mode 100755 tests/suite/testpkcs11.softhsm (limited to 'tests') diff --git a/tests/suite/testpkcs11 b/tests/suite/testpkcs11 deleted file mode 100755 index 71a58c358b..0000000000 --- a/tests/suite/testpkcs11 +++ /dev/null @@ -1,479 +0,0 @@ -#!/bin/bash - -# Copyright (C) 2013 Nikos Mavrogiannopoulos -# -# This file is part of GnuTLS. -# -# GnuTLS is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 3 of the License, or (at -# your option) any later version. -# -# GnuTLS is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GnuTLS; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -srcdir="${srcdir:-.}" -P11TOOL="${P11TOOL:-../../src/p11tool$EXEEXT}" -CERTTOOL="${CERTTOOL:-../../src/certtool$EXEEXT}" -DIFF="${DIFF:-diff -b -B}" -SERV="${SERV:-../../src/gnutls-serv$EXEEXT} -q" -CLI="${CLI:-../../src/gnutls-cli$EXEEXT}" -RETCODE=0 - -if ! test -z "${VALGRIND}";then -VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --leak-check=no" -fi - -TMPFILE=$srcdir/testpkcs11.debug -CERTTOOL_PARAM="--stdout-info" - -if test "${WINDIR}" != "";then - exit 77 -fi - -P11TOOL="$VALGRIND $P11TOOL --batch" - -. $srcdir/../scripts/common.sh - -eval "${GETPORT}" - -rm -f $TMPFILE - -exit_error () { - echo "Check $TMPFILE for additional debugging information" - echo "" - echo "" - tail $TMPFILE - exit 1 -} - -# $1: token -# $2: PIN -# $3: filename -# $srcdir/pkcs11-certs/client.key -write_privkey () { - export GNUTLS_PIN=$2 - - filename=$3 - token=$1 - echo -n "* Writing a client private key... " - $P11TOOL $ADDITIONAL_PARAM --login --write --label gnutls-client2 --load-privkey "$filename" "$token" >>$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi -} - -# $1: token -# $2: PIN -# $3: filename -write_serv_privkey () { - export GNUTLS_PIN=$2 - - filename=$3 - token=$1 - echo -n "* Writing the server private key... " - $P11TOOL $ADDITIONAL_PARAM --login --write --label serv-key --load-privkey "$filename" "$token" >>$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi - -} - -# $1: token -# $2: PIN -# $3: filename -write_serv_cert () { - export GNUTLS_PIN=$2 - - filename=$3 - token=$1 - echo -n "* Writing the server certificate... " - $P11TOOL $ADDITIONAL_PARAM --login --write --no-mark-private --label serv-cert --load-certificate "$filename" "$token" >>$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi - -} - -# $1: token -# $2: PIN -# $3: bits -generate_rsa_privkey () { - export GNUTLS_PIN=$2 - token=$1 - bits=$3 - - echo -n "* Generating RSA private key ($bits)... " - $P11TOOL $ADDITIONAL_PARAM --login --id 000102030405 --label gnutls-client --generate-rsa --bits $bits "$token" --outfile tmp-client.pub >>$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit 1 - fi -} - -generate_dsa_privkey () { - export GNUTLS_PIN=$2 - token=$1 - bits=$3 - - echo -n "* Generating DSA private key ($bits)... " - $P11TOOL $ADDITIONAL_PARAM --login --id 000102030405 --label gnutls-client-dsa --generate-dsa --bits $bits "$token" >>$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit 1 - fi -} - -# $1: token -# $2: PIN -# $3: bits -generate_temp_rsa_privkey () { - export GNUTLS_PIN=$2 - token=$1 - bits=$3 - - echo -n "* Generating RSA private key ($bits)... " - $P11TOOL $ADDITIONAL_PARAM --login --label gnutls-client --generate-rsa --bits $bits "$token" --outfile tmp-client.pub >>$TMPFILE 2>&1 - if test $? = 0;then - RETCODE=0 - echo ok - else - echo failed - RETCODE=1 - fi -} - -# $1: token -# $2: PIN -delete_temp_privkey () { - export GNUTLS_PIN=$2 - token=$1 - - test "$RETCODE" = "0" || return - - echo -n "* Deleting private key... " - $P11TOOL $ADDITIONAL_PARAM --login --delete "$token;object=gnutls-client;object-type=private" >>$TMPFILE 2>&1 - - if test $? != 0;then - echo failed - RETCODE=1 - return - fi - - RETCODE=0 - echo ok -} - -# $1: token -# $2: PIN -# $3: bits -export_pubkey_of_privkey () { - export GNUTLS_PIN=$2 - token=$1 - bits=$3 - - echo -n "* Exporting public key of generated private key... " - $P11TOOL $ADDITIONAL_PARAM --login --export-pubkey "$token;object=gnutls-client;object-type=private" --outfile tmp-client-2.pub >>$TMPFILE 2>&1 - if test $? != 0;then - echo failed - exit 1 - fi - - $DIFF tmp-client.pub tmp-client-2.pub - if test $? != 0;then - echo keys differ - exit 1 - fi - - echo ok -} - -# $1: token -# $2: PIN -change_id_of_privkey () { - export GNUTLS_PIN="$2" - token="$1" - - echo -n "* Change the CKA_ID of generated private key... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-id "01a1b103" "${token};object=gnutls-client;id=%00%01%02%03%04%05;object-type=private" >>"${TMPFILE}" 2>&1 - if test $? != 0; then - echo failed - exit_error - fi - - ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${TMPFILE}" 2>&1 - if test $? != 0; then - echo "ID didn't change" - exit_error - fi - - echo ok -} - -# $1: token -# $2: PIN -change_label_of_privkey () { - export GNUTLS_PIN="$2" - token="$1" - - echo -n "* Change the CKA_LABEL of generated private key... " - ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "new-label" "${token};object=gnutls-client;object-type=private" >>"${TMPFILE}" 2>&1 - if test $? != 0; then - echo failed - exit_error - fi - - ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=new-label;object-type=private" 2>&1 |grep 'Label: new-label' >>"${TMPFILE}" 2>&1 - if test $? != 0; then - echo "label didn't change" - exit_error - fi - - ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "gnutls-client" "${token};object=new-label;object-type=private" >>"${TMPFILE}" 2>&1 - if test $? != 0; then - echo failed - exit_error - fi - - echo ok -} - -# $1: token -# $2: PIN -# $3: bits -generate_temp_ecc_privkey () { - export GNUTLS_PIN=$2 - token=$1 - bits=$3 - - echo -n "* Generating ECC private key ($bits)... " - $P11TOOL $ADDITIONAL_PARAM --login --label gnutls-client --generate-ecc --bits $bits "$token" --outfile tmp-client.pub >>$TMPFILE 2>&1 - if test $? = 0;then - RETCODE=0 - echo ok - else - echo failed - RETCODE=1 - fi -} - -# $1: token -# $2: PIN -# $3: cakey: $srcdir/pkcs11-certs/ca.key -# $4: cacert: $srcdir/pkcs11-certs/ca.crt -# -# Tests writing a certificate which corresponds to the given key, -# as well as the CA certificate, and tries to export them. -write_certificate_test () { - export GNUTLS_PIN=$2 - token=$1 - cakey=$3 - cacert=$4 - pubkey=$5 - - echo -n "* Generating client certificate... " - $CERTTOOL $CERTTOOL_PARAM $ADDITIONAL_PARAM --generate-certificate --load-ca-privkey "$cakey" --load-ca-certificate "$cacert" \ - --template $srcdir/pkcs11-certs/client-tmpl --load-privkey "$token;object=gnutls-client;object-type=private" \ - --load-pubkey "$pubkey" --outfile tmp-client.crt >>$TMPFILE 2>&1 - - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Writing client certificate... " - $P11TOOL $ADDITIONAL_PARAM --login --write --id "01a1b103" --label gnutls-client --load-certificate tmp-client.crt "$token" >>$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Checking whether ID was correctly set... " - $P11TOOL $ADDITIONAL_PARAM --login --list-certs "$token;object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>$TMPFILE 2>&1 - if test $? != 0;then - echo "ID was not set on copy" - exit_error - fi - echo ok - - echo -n "* Writing certificate of client's CA... " - $P11TOOL $ADDITIONAL_PARAM --login --ca --write --trusted --label gnutls-ca --load-certificate "$cacert" "$token" >>$TMPFILE 2>&1 - ret=$? - if test $ret != 0;then - $P11TOOL $ADDITIONAL_PARAM --so-login --ca --write --trusted --label gnutls-ca --load-certificate "$cacert" "$token" >>$TMPFILE 2>&1 - ret=$? - fi - - if test $ret = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Trying to obtain back the cert... " - $P11TOOL $ADDITIONAL_PARAM --export "$token;object=gnutls-ca;object-type=cert" --outfile crt1.tmp >>$TMPFILE 2>&1 - $DIFF crt1.tmp $srcdir/pkcs11-certs/ca.crt - if test $? != 0;then - echo "failed. Exported certificate differs (crt1.tmp)!" - exit_error - fi - rm -f crt1.tmp - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Trying to obtain the full chain... " - $P11TOOL $ADDITIONAL_PARAM --login --export-chain "$token;object=gnutls-client;object-type=cert"|$CERTTOOL $CERTTOOL_PARAM -i --outfile crt1.tmp >>$TMPFILE 2>&1 - - cat tmp-client.crt $srcdir/pkcs11-certs/ca.crt|$CERTTOOL $CERTTOOL_PARAM -i >crt2.tmp - $DIFF crt1.tmp crt2.tmp - if test $? != 0;then - echo "failed. Exported certificate chain differs!" - exit_error - fi - rm -f crt1.tmp crt2.tmp - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi -} - - -# $1: token -# $2: PIN -# $3: certfile -# $4: keyfile -# $5: cafile -# -# Tests using a certificate and key pair using gnutls-serv and gnutls-cli. -use_certificate_test () { - export GNUTLS_PIN=$2 - token=$1 - certfile=$3 - keyfile=$4 - cafile=$5 - - echo -n "* Using PKCS #11 with gnutls-cli... " - # start server - launch_pkcs11_server $$ "$ADDITIONAL_PARAM" --echo --priority NORMAL --x509certfile="$certfile" \ - --x509keyfile="$keyfile" --x509cafile="$cafile" \ - --require-client-cert >>$TMPFILE 2>&1 - PID=$! - wait_server $PID - - # connect to server using SC - $VALGRIND $CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509cafile="$cafile" >$TMPFILE 2>&1 && \ - fail $PID "Connection should have failed!" - - $VALGRIND $CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509certfile="$certfile" \ - --x509keyfile="$keyfile" --x509cafile="$cafile" >$TMPFILE 2>&1 || \ - fail $PID "Connection (with files) should have succeeded!" - - $VALGRIND $CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509certfile="$token;object=gnutls-client;object-type=cert" \ - --x509keyfile="$token;object=gnutls-client;object-type=private" \ - --x509cafile="$cafile" >$TMPFILE 2>&1 || \ - fail $PID "Connection (with SC) should have succeeded!" - - kill $PID - wait - - echo ok -} - - - -echo "Testing PKCS11 support" - -# erase SC - -type=$1 - -if test -z "$type";then - echo "usage: $0: [pkcs15|softhsm|sc-hsm]" - if test -x "/usr/bin/softhsm" || test -x "/usr/bin/softhsm2-util";then - echo "assuming 'softhsm'" - echo "" - type=softhsm - else - exit 1 - fi - -fi - -. $srcdir/testpkcs11.$type - -export GNUTLS_PIN=12345678 -export GNUTLS_SO_PIN=00000000 - -init_card $GNUTLS_PIN $GNUTLS_SO_PIN - -# find token name -TOKEN=`$P11TOOL $ADDITIONAL_PARAM --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` - -echo "* Token: $TOKEN" -if test x"$TOKEN" = x;then - echo "Could not find generated token" - exit_error -fi - -#write a given privkey -write_privkey $TOKEN $GNUTLS_PIN "$srcdir/pkcs11-certs/client.key" - -generate_temp_ecc_privkey $TOKEN $GNUTLS_PIN 256 -delete_temp_privkey $TOKEN $GNUTLS_PIN - -generate_temp_ecc_privkey $TOKEN $GNUTLS_PIN 384 -delete_temp_privkey $TOKEN $GNUTLS_PIN - -generate_temp_rsa_privkey $TOKEN $GNUTLS_PIN 2048 -delete_temp_privkey $TOKEN $GNUTLS_PIN - -#export_pubkey_of_privkey $TOKEN $GNUTLS_PIN - -generate_dsa_privkey $TOKEN $GNUTLS_PIN 1024 -generate_rsa_privkey $TOKEN $GNUTLS_PIN 1024 -change_id_of_privkey $TOKEN $GNUTLS_PIN -change_label_of_privkey $TOKEN $GNUTLS_PIN - -write_certificate_test $TOKEN $GNUTLS_PIN "$srcdir/pkcs11-certs/ca.key" "$srcdir/pkcs11-certs/ca.crt" tmp-client.pub - -write_serv_privkey $TOKEN $GNUTLS_PIN "$srcdir/pkcs11-certs/server.key" -write_serv_cert $TOKEN $GNUTLS_PIN "$srcdir/pkcs11-certs/server.crt" - -use_certificate_test $TOKEN $GNUTLS_PIN "$TOKEN;object=serv-cert;object-type=cert" "$TOKEN;object=serv-key;object-type=private" "$srcdir/pkcs11-certs/ca.crt" - -if test $RETCODE = 0;then - echo "* All smart cards tests succeeded" -fi -rm -f tmp-client.crt tmp-client.pub tmp-client-2.pub $TMPFILE - -exit 0 diff --git a/tests/suite/testpkcs11.pkcs15 b/tests/suite/testpkcs11.pkcs15 deleted file mode 100644 index d72163b16a..0000000000 --- a/tests/suite/testpkcs11.pkcs15 +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2013 Nikos Mavrogiannopoulos -# -# This file is part of GnuTLS. -# -# GnuTLS is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 3 of the License, or (at -# your option) any later version. -# -# GnuTLS is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GnuTLS; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - - -init_card () { - PIN=$1 - PUK=$2 - - echo -n "* Erasing smart card... " - pkcs15-init -E >$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - cat $TMPFILE - exit_error - fi - - echo -n "* Initializing smart card... " - pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin $PIN --pin $PIN --puk $PUK --label "GnuTLS-Test" >$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - cat $TMPFILE - exit_error - fi -} - diff --git a/tests/suite/testpkcs11.sc-hsm b/tests/suite/testpkcs11.sc-hsm deleted file mode 100644 index 03b86a408f..0000000000 --- a/tests/suite/testpkcs11.sc-hsm +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2013 Nikos Mavrogiannopoulos -# -# This file is part of GnuTLS. -# -# GnuTLS is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 3 of the License, or (at -# your option) any later version. -# -# GnuTLS is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GnuTLS; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - - -init_card () { - PIN=$1 - PUK=3537363231383830 - export GNUTLS_SO_PIN=$PUK - - echo -n "* Erasing smart card... " - sc-hsm-tool --initialize --so-pin $PUK --pin $PIN --label=GnuTLS-Test >>$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi - - echo -n "* Initializing smart card... " - TOKEN=`$P11TOOL $ADDITIONAL_PARAM --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` - if test -z "$TOKEN";then - echo "Could not find initialized card" - exit_error - fi - - $P11TOOL $ADDITIONAL_PARAM --initialize "$TOKEN" --set-so-pin $PUK --set-pin $PIN --label "GnuTLS-Test" >>$TMPFILE 2>&1 - if test $? = 0;then - echo ok - else - echo failed - exit_error - fi -} - diff --git a/tests/suite/testpkcs11.softhsm b/tests/suite/testpkcs11.softhsm deleted file mode 100755 index 3ec5076318..0000000000 --- a/tests/suite/testpkcs11.softhsm +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2013 Nikos Mavrogiannopoulos -# -# This file is part of GnuTLS. -# -# GnuTLS is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 3 of the License, or (at -# your option) any later version. -# -# GnuTLS is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GnuTLS; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -for i in /usr/lib64/pkcs11 /usr/lib/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib /usr/lib64/softhsm;do - if test -f "$i/libsofthsm2.so"; then - ADDITIONAL_PARAM="--provider $i/libsofthsm2.so" - break - else - if test -f "$i/libsofthsm.so";then - ADDITIONAL_PARAM="--provider $i/libsofthsm.so" - break - fi - fi -done - -init_card () { - PIN="$1" - PUK="$2" - - if test -x "/usr/bin/softhsm2-util"; then - export SOFTHSM2_CONF="softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm2-util" - ${SOFTHSM_TOOL} --version|grep "2.0.0" >/dev/null 2>&1 - if test $? = 0; then - echo "softhsm2-util 2.0.0 is broken" - export BROKEN_SOFTHSM2=1 - fi - fi - - if test -x "/usr/bin/softhsm"; then - export SOFTHSM_CONF="softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm" - fi - - if test -z "${SOFTHSM_TOOL}"; then - echo "Could not find softhsm(2) tool" - exit 77 - fi - - if test -z "${SOFTHSM_CONF}"; then - rm -rf ./softhsm-testpkcs11.db - mkdir -p ./softhsm-testpkcs11.db - echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" - echo "directories.tokendir = ./softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}" - else - rm -rf ./softhsm-testpkcs11.db - echo "0:./softhsm-testpkcs11.db" > "${SOFTHSM_CONF}" - fi - - - echo -n "* Initializing smart card... " - ${SOFTHSM_TOOL} --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1 - if test $? = 0; then - echo ok - else - echo failed - exit_error - fi -} -- cgit v1.2.1