diff --git a/Robot-Framework/test-suites/optee/pkcs11-tool.robot b/Robot-Framework/test-suites/optee/pkcs11-tool.robot index dbcd261..5344ddd 100644 --- a/Robot-Framework/test-suites/optee/pkcs11-tool.robot +++ b/Robot-Framework/test-suites/optee/pkcs11-tool.robot @@ -18,7 +18,10 @@ Basic pkcs11-tool-optee test ${tool}= Set Variable "pkcs11-tool-optee" List all key slots ${tool} Initialize slot ${tool} - List all key slots ${tool} + Test Public Key usage ${tool} keyid=1 keylabel=rsakey0 mechanism=SHA256-RSA-PKCS-PSS + Test Public Key usage ${tool} keyid=2 keylabel=eckey0 mechanism=ECDSA-SHA256 + List key slots ${tool} + List objects ${tool} Check caml-crush service is running [Documentation] Checks if the systemd service for caml-crush is running @@ -35,11 +38,14 @@ Basic pkcs11-tool-caml-crush test ${tool}= Set Variable "pkcs11-tool-caml-crush-optee" List all key slots ${tool} Initialize slot ${tool} - List all key slots ${tool} + Test Public Key usage ${tool} keyid=1 keylabel=rsakey0 mechanism=SHA256-RSA-PKCS-PSS + Test Public Key usage ${tool} keyid=2 keylabel=eckey0 mechanism=ECDSA-SHA256 + List key slots ${tool} + List objects ${tool} *** Keywords *** -List all key slots +List key slots [Documentation] List all key slots [Arguments] ${tool} @@ -47,6 +53,14 @@ List all key slots ${stdout} ${stderr} ${rc}= Execute Command ${cmd} sudo=True sudo_password=${PASSWORD} return_stdout=True return_stderr=True return_rc=True Should Be Equal As Integers ${rc} 0 +List objects + [Documentation] List all key slots + [Arguments] ${tool} + + ${cmd}= Set Variable ${tool} --list-objects + ${stdout} ${stderr} ${rc}= Execute Command ${cmd} sudo=True sudo_password=${PASSWORD} return_stdout=True return_stderr=True return_rc=True + Should Be Equal As Integers ${rc} 0 + Initialize slot [Documentation] Initialize Key Slot [Arguments] ${tool} @@ -62,3 +76,32 @@ Initialize slot ${cmd}= Set Variable ${tool} --token-label mytoken --pin 0000 --keygen --key-type AES:16 --id 0 --label mykey0 ${stdout} ${stderr} ${rc}= Execute Command ${cmd} sudo=True sudo_password=${PASSWORD} return_stdout=True return_stderr=True return_rc=True Should Be Equal As Integers ${rc} 0 + + ${cmd}= Set Variable ${tool} --token-label mytoken --pin 0000 --keypairgen --key-type RSA:2048 --id 1 --label rsakey0 + ${stdout} ${stderr} ${rc}= Execute Command ${cmd} sudo=True sudo_password=${PASSWORD} return_stdout=True return_stderr=True return_rc=True + Should Be Equal As Integers ${rc} 0 + + ${cmd}= Set Variable ${tool} --token-label mytoken --pin 0000 --keypairgen --key-type EC:secp256r1 --id 2 --label eckey0 + ${stdout} ${stderr} ${rc}= Execute Command ${cmd} sudo=True sudo_password=${PASSWORD} return_stdout=True return_stderr=True return_rc=True + Should Be Equal As Integers ${rc} 0 + +Test Public Key usage + [Documentation] Test Public Key usage + [Arguments] ${tool} ${keyid} ${keylabel} ${mechanism} + + ${content_file}= Set Variable /tmp/pkcs11test_content + ${signature_file}= Set Variable /tmp/pkcs11test_signature + + ${cmd}= Set Variable dd if=/dev/random of=${content_file} count=1 bs=32 + ${stdout} ${stderr} ${rc}= Execute Command ${cmd} sudo=True sudo_password=${PASSWORD} return_stdout=True return_stderr=True return_rc=True + Should Be Equal As Integers ${rc} 0 + + ${cmd}= Set Variable ${tool} --token-label mytoken --pin 0000 --id ${keyid} --label ${keylabel} --sign -m ${mechanism} --input-file ${content_file} --output-file ${signature_file} + ${stdout} ${stderr} ${rc}= Execute Command ${cmd} sudo=True sudo_password=${PASSWORD} return_stdout=True return_stderr=True return_rc=True + Should Be Equal As Integers ${rc} 0 + + ${cmd}= Set Variable ${tool} --token-label mytoken --pin 0000 --id ${keyid} --label ${keylabel} --verify -m ${mechanism} --signature-file ${signature_file} --input-file ${content_file} + ${stdout} ${stderr} ${rc}= Execute Command ${cmd} sudo=True sudo_password=${PASSWORD} return_stdout=True return_stderr=True return_rc=True + Should Be Equal As Integers ${rc} 0 + Should Contain ${stdout} Signature is valid + Should Not Contain ${stdout} Invalid signature