From c4ce1528f1954e4afdca98c50056a1fafd11b3dc Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Tue, 22 Oct 2019 16:11:11 +0200 Subject: sign and verify once per found token If more than one token is found, all of them should have the same key. This is a somewhat lame way of verifying they all work. Lame because the resulting signature will be made from the last key only. Also pass PIN in URI. --- tests/do-sign.sh | 7 +++++-- tests/do-verify.sh | 9 ++++++--- 2 files changed, 11 insertions(+), 5 deletions(-) (limited to 'tests') diff --git a/tests/do-sign.sh b/tests/do-sign.sh index 9552a5a..512687d 100755 --- a/tests/do-sign.sh +++ b/tests/do-sign.sh @@ -13,9 +13,12 @@ if [ -n "$SERVER_PROVIDER" ]; then eval "$P11_KIT_ENV" fi -openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \ - -sign "$(p11tool --login --provider=$P11_PROVIDER --list-token-urls)" \ +token_urls="$(p11tool --batch --login --provider=$P11_PROVIDER --list-token-urls)" +for url in $token_urls; do + openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \ + -sign "${url};pin-value=ffff" \ -out $SIGFILE +done if [ -n "$SERVER_PROVIDER" ]; then p11-kit server --kill > /dev/null diff --git a/tests/do-verify.sh b/tests/do-verify.sh index a18a762..fded962 100755 --- a/tests/do-verify.sh +++ b/tests/do-verify.sh @@ -14,9 +14,12 @@ if [ -n "$SERVER_PROVIDER" ]; then eval "$P11_KIT_ENV" fi -openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \ - -prverify "$(p11tool --login --provider=$P11_PROVIDER --list-token-urls)" \ - -signature $SIGFILE | egrep "^Verified OK$" +token_urls="$(p11tool --batch --login --provider=$P11_PROVIDER --list-token-urls)" +for url in $token_urls; do + openssl dgst -sha256 -engine pkcs11 -keyform ENGINE \ + -prverify "${url};pin-value=ffff" \ + -signature $SIGFILE | egrep "^Verified OK$" +done if [ -n "$SERVER_PROVIDER" ]; then p11-kit server --kill > /dev/null -- cgit v1.1