Add PIV tests.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

tests/docker/jammy/Dockerfile

@@ -22,6 +22,20 @@ RUN apt install -y libccid \
     cmake \
     vsmartcard-vpcd \
     libgcrypt-dev \
+    libssl-dev \
+    check \
+    gengetopt \
     && rm -rf /var/lib/apt/lists/*
 RUN pip3 install pytest pycvc cryptography pyscard
+RUN git clone https://github.com/Yubico/yubico-piv-tool
+WORKDIR /yubico-piv-tool
+RUN git checkout tags/yubico-piv-tool-2.5.1
+ADD tests/docker/jammy/yubico-piv-tool.patch /yubico-piv-tool/yubico-piv-tool.patch
+RUN git apply yubico-piv-tool.patch
+RUN mkdir build
+WORKDIR /yubico-piv-tool/build
+RUN cmake .. -DENABLE_HARDWARE_TESTS=1
+RUN make -j`nproc`
+RUN make install
 WORKDIR /
+RUN ldconfig

tests/docker/jammy/yubico-piv-tool.patch

@@ -0,0 +1,68 @@
+diff --git a/lib/tests/api.c b/lib/tests/api.c
+index fb7c1a8..b569ec3 100644
+--- a/lib/tests/api.c
++++ b/lib/tests/api.c
+@@ -515,7 +515,7 @@ START_TEST(test_pin_policy_always) {
+     unsigned char rand[128] = {0};
+ 
+     size_t sig_len = sizeof(signature);
+-    size_t padlen = 256;
++    size_t padlen = 512;
+     unsigned int enc_len;
+     unsigned int data_len;
+ 
+@@ -1009,8 +1009,8 @@ END_TEST
+ START_TEST(test_pin_cache) {
+   ykpiv_rc res;
+   ykpiv_state *local_state;
+-  unsigned char data[256] = {0};
+-  unsigned char data_in[256] = {0};
++  unsigned char data[512] = {0};
++  unsigned char data_in[512] = {0};
+   int len = sizeof(data);
+   size_t len2 = sizeof(data);
+ 
+@@ -1028,17 +1028,17 @@ START_TEST(test_pin_cache) {
+   ck_assert_int_eq(res, YKPIV_OK);
+ 
+   // Verify decryption does not work without auth
+-  res = ykpiv_decipher_data(g_state, data_in, (size_t)len, data, &len2, YKPIV_ALGO_RSA2048, 0x9a);
++  res = ykpiv_decipher_data(g_state, data_in, (size_t)len, data, &len2, YKPIV_ALGO_RSA4096, 0x9a);
+   ck_assert_int_eq(res, YKPIV_AUTHENTICATION_ERROR);
+ 
+   // Verify decryption does work when authed
+   res = ykpiv_verify_select(g_state, "123456", 6, NULL, true);
+   ck_assert_int_eq(res, YKPIV_OK);
+-  res = ykpiv_decipher_data(g_state, data_in, (size_t)len, data, &len2, YKPIV_ALGO_RSA2048, 0x9a);
++  res = ykpiv_decipher_data(g_state, data_in, (size_t)len, data, &len2, YKPIV_ALGO_RSA4096, 0x9a);
+   ck_assert_int_eq(res, YKPIV_OK);
+ 
+   // Verify PIN policy allows continuing to decrypt without re-verifying
+-  res = ykpiv_decipher_data(g_state, data_in, (size_t)len, data, &len2, YKPIV_ALGO_RSA2048, 0x9a);
++  res = ykpiv_decipher_data(g_state, data_in, (size_t)len, data, &len2, YKPIV_ALGO_RSA4096, 0x9a);
+   ck_assert_int_eq(res, YKPIV_OK);
+ 
+   // Create a new ykpiv state, connect, and close it.
+@@ -1059,7 +1059,7 @@ START_TEST(test_pin_cache) {
+   //
+   // Note that you can verify that this fails by rebuilding with
+   // DISABLE_PIN_CACHE set to 1.
+-  res = ykpiv_decipher_data(g_state, data_in, (size_t)len, data, &len2, YKPIV_ALGO_RSA2048, 0x9a);
++  res = ykpiv_decipher_data(g_state, data_in, (size_t)len, data, &len2, YKPIV_ALGO_RSA4096, 0x9a);
+   ck_assert_int_eq(res, YKPIV_OK);
+ }
+ END_TEST
+diff --git a/tools/confirm.sh b/tools/confirm.sh
+index 81c10ac..4ab15c5 100755
+--- a/tools/confirm.sh
++++ b/tools/confirm.sh
+@@ -20,7 +20,8 @@ echo "WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WA
+ echo "******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******" >&0
+ echo >&0
+ echo -n "Are you SURE you wish to proceed?  If so, type 'CONFIRM': " >&0
+-
++echo "0"
++exit 0
+ read CONFIRM
+ if [[ "x$CONFIRM" != "xCONFIRM" ]]; then
+     echo "1"