Pol Henarejos
33
tests/scripts/attestation.sh
Executable file
33
tests/scripts/attestation.sh
Executable file
@@ -0,0 +1,33 @@
|
||||
#!/bin/bash
|
||||
|
||||
source ./tests/scripts/func.sh
|
||||
|
||||
echo -n " Fetch attestation certificate... "
|
||||
piv read-cert -sf9 -o sf9.pem
|
||||
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
|
||||
|
||||
algs=("RSA1024" "RSA2048" "ECCP256" "ECCP384")
|
||||
slots=("9a" "9c" "9d" "9e" "82" "83" "84" "85" "86" "87" "88" "89" "8a" "8b" "8c" "8d" "8e" "8f" "90" "91" "92" "93" "94" "95")
|
||||
for alg in ${algs[*]}; do
|
||||
for slot in ${slots[*]}; do
|
||||
echo " Test attestation with ${alg} in slot ${slot}"
|
||||
echo -n " Keygen... "
|
||||
gen_and_check $alg $slot && echo -e ".\t${OK}" || exit $?
|
||||
|
||||
echo -n " Fetch attesting certificate... "
|
||||
piv attest -s$slot -o attestation.pem
|
||||
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
|
||||
|
||||
echo -n " OpenSSL verify attestation... "
|
||||
e=$(openssl verify -CAfile sf9.pem attestation.pem 2>&1)
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
grep -q ": OK" <<< $e && echo -e ".\t${OK}" || exit $?
|
||||
|
||||
echo -n " Key deletion... "
|
||||
delete_key $alg $slot && echo -e ".\t${OK}" || exit $?
|
||||
|
||||
done
|
||||
done
|
||||
|
||||
rm -rf cert.pem
|
||||
rm -rf sf9.pem
|
||||
6
tests/scripts/cli-test.sh
Executable file
6
tests/scripts/cli-test.sh
Executable file
@@ -0,0 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
chmod a+x tests/scripts/*.sh
|
||||
|
||||
echo "======== CLI Test suite ========"
|
||||
./tests/scripts/yubico-piv-tool.sh
|
||||
38
tests/scripts/func.sh
Executable file
38
tests/scripts/func.sh
Executable file
@@ -0,0 +1,38 @@
|
||||
#!/bin/bash
|
||||
|
||||
OK="\033[32mok\033[0m"
|
||||
FAIL="\033[31mfail\033[0m"
|
||||
|
||||
READER="u"
|
||||
|
||||
piv() {
|
||||
yubico-piv-tool -r${READER} -a$@
|
||||
}
|
||||
|
||||
gen_and_check() {
|
||||
e=$(piv generate -s$2 -A$1 -opublic.pem 2>&1)
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
grep -q "Successfully generated a new private key" <<< $e && echo -n "." || exit $?
|
||||
e=$(piv status 2>&1)
|
||||
e=${e//$'\t'/}
|
||||
e=${e//$'\n'/}
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
grep -q "Slot $2:Algorithm:$1" <<< $e && echo -n "." || exit $?
|
||||
}
|
||||
delete_key() {
|
||||
piv delete-key -s$2 > /dev/null 2>&1
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
piv delete-cert -s$2 > /dev/null 2>&1
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
e=$(piv status 2>&1)
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
q=$(grep -q "Slot $2: Algorithm: $1" <<< $e)
|
||||
test $? -eq 1 && echo -n "." || exit $?
|
||||
rm -rf public.pem
|
||||
}
|
||||
gen_and_delete() {
|
||||
gen_and_check $1 $2
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
delete_key $1 $2
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
}
|
||||
12
tests/scripts/keygen.sh
Executable file
12
tests/scripts/keygen.sh
Executable file
@@ -0,0 +1,12 @@
|
||||
#!/bin/bash
|
||||
|
||||
source ./tests/scripts/func.sh
|
||||
|
||||
algs=("RSA1024" "RSA2048" "ECCP256" "ECCP384")
|
||||
slots=("9a" "9c" "9d" "9e" "82" "83" "84" "85" "86" "87" "88" "89" "8a" "8b" "8c" "8d" "8e" "8f" "90" "91" "92" "93" "94" "95")
|
||||
for alg in ${algs[*]}; do
|
||||
for slot in ${slots[*]}; do
|
||||
echo -n " Test ${alg} in slot ${slot}... "
|
||||
gen_and_delete ${alg} $slot && echo -e ".\t${OK}" || exit $?
|
||||
done
|
||||
done
|
||||
46
tests/scripts/signatures.sh
Executable file
46
tests/scripts/signatures.sh
Executable file
@@ -0,0 +1,46 @@
|
||||
#!/bin/bash
|
||||
|
||||
source ./tests/scripts/func.sh
|
||||
|
||||
algs=("RSA1024" "RSA2048" "ECCP256" "ECCP384")
|
||||
slots=("9a" "9c" "9d" "9e" "82" "83" "84" "85" "86" "87" "88" "89" "8a" "8b" "8c" "8d" "8e" "8f" "90" "91" "92" "93" "94" "95")
|
||||
for alg in ${algs[*]}; do
|
||||
for slot in ${slots[*]}; do
|
||||
echo " Test signature with ${alg} in slot ${slot}"
|
||||
echo -n " Keygen... "
|
||||
gen_and_check $alg $slot && echo -e ".\t${OK}" || exit $?
|
||||
|
||||
echo -n " Test request certificate... "
|
||||
e=$(piv verify -arequest -P123456 -s$slot -S'/CN=bar/OU=test/O=example.com/' -ipublic.pem -ocert.pem 2>&1)
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
grep -q "Successfully verified PIN" <<< $e && echo -n "." || exit $?
|
||||
grep -q "Successfully generated a certificate request" <<< $e && echo -e ".\t${OK}" || exit $?
|
||||
|
||||
echo -n " OpenSSL verify request... "
|
||||
e=$(openssl req -verify -in cert.pem 2>&1)
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
grep -q " OK" <<< $e && echo -e ".\t${OK}" || exit $?
|
||||
|
||||
echo -n " Test self-signed certificate... "
|
||||
e=$(piv verify -aselfsign -P123456 -s$slot -S'/CN=bar/OU=test/O=example.com/' -ipublic.pem -ocert.pem 2>&1)
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
grep -q "Successfully verified PIN" <<< $e && echo -n "." || exit $?
|
||||
grep -q "Successfully generated a new self signed certificate" <<< $e && echo -e ".\t${OK}" || exit $?
|
||||
|
||||
echo -n " Test signature... "
|
||||
e=$(piv verify-pin -atest-signature -s$slot -P123456 -icert.pem 2>&1)
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
grep -q "Successful" <<< $e && echo -e ".\t${OK}" || exit $?
|
||||
|
||||
echo -n " OpenSSL verify cert... "
|
||||
e=$(openssl verify -CAfile cert.pem cert.pem 2>&1)
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
grep -q ": OK" <<< $e && echo -e ".\t${OK}" || exit $?
|
||||
|
||||
echo -n " Key deletion... "
|
||||
delete_key $alg $slot && echo -e ".\t${OK}" || exit $?
|
||||
|
||||
done
|
||||
done
|
||||
|
||||
rm -rf cert.pem
|
||||
10
tests/scripts/version.sh
Executable file
10
tests/scripts/version.sh
Executable file
@@ -0,0 +1,10 @@
|
||||
#!/bin/bash
|
||||
|
||||
source ./tests/scripts/func.sh
|
||||
|
||||
# Get version
|
||||
echo -n " Test version... "
|
||||
e=$(piv version 2>&1)
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
grep -q "Application version" <<< $e && echo -n "." || exit $?
|
||||
grep -q " found" <<< $e && echo -e ".\t${OK}" || exit $?
|
||||
17
tests/scripts/yubico-piv-test.sh
Executable file
17
tests/scripts/yubico-piv-test.sh
Executable file
@@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
|
||||
source ./tests/scripts/func.sh
|
||||
reset
|
||||
test $? -eq 0 || exit $?
|
||||
|
||||
echo -n " Test PKCS11 tool..."
|
||||
gen_and_check rsa:2048
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
e=$(pkcs11-tool --test -l --pin 648219 2>&1)
|
||||
test $? -eq 0 && echo -n "." || exit $?
|
||||
grep -q "No errors" <<< $e && echo -n "." || exit $?
|
||||
pkcs11-tool -l --pin 648219 --delete-object --type privkey --id 1 > /dev/null 2>&1
|
||||
test $? -eq 0 && echo -e ".\t${OK}" || exit $?
|
||||
#e=$(pkcs11-tool --test-ec -l --pin 648219 --id 1 --key-type ec:secp256r1 2>&1)
|
||||
#test $? -eq 0 && echo -n "." || exit $?
|
||||
#grep -q "==> OK" <<< $e && echo -e ".\t${OK}" || exit $?
|
||||
30
tests/scripts/yubico-piv-tool.sh
Executable file
30
tests/scripts/yubico-piv-tool.sh
Executable file
@@ -0,0 +1,30 @@
|
||||
#!/bin/bash
|
||||
|
||||
source ./tests/scripts/func.sh
|
||||
echo "==== Test version ===="
|
||||
./tests/scripts/version.sh
|
||||
test $? -eq 0 || {
|
||||
echo -e "\t${FAIL}"
|
||||
exit 1
|
||||
}
|
||||
|
||||
echo "==== Test asymmetric keygen ===="
|
||||
./tests/scripts/keygen.sh
|
||||
test $? -eq 0 || {
|
||||
echo -e "\t${FAIL}"
|
||||
exit 1
|
||||
}
|
||||
|
||||
echo "==== Test self-signed certificates ===="
|
||||
./tests/scripts/signatures.sh
|
||||
test $? -eq 0 || {
|
||||
echo -e "\t${FAIL}"
|
||||
exit 1
|
||||
}
|
||||
|
||||
echo "==== Test attestation ===="
|
||||
./tests/scripts/attestation.sh
|
||||
test $? -eq 0 || {
|
||||
echo -e "\t${FAIL}"
|
||||
exit 1
|
||||
}
|
||||
Reference in New Issue
Block a user