.github/test-isoapplet.sh - GET DEBUG LOGS FOR FAILING TEST

dengert · Sep 6, 2024 · 14bcbdf · 14bcbdf
1 parent 9045c24
commit 14bcbdf
Showing 1 changed file with 34 additions and 4 deletions.
diff --git a/.github/test-isoapplet.sh b/.github/test-isoapplet.sh
@@ -51,9 +51,15 @@ $VALGRIND pkcs11-tool -L | tee opensc.log
 # report as "token not recognized"
 grep "(token not recognized)" opensc.log
 
+# show openssl version
+openssl version
+
 # Does OpenSC see the uninitialized card with options for InitToken?
 cat >opensc.conf <<EOF
 app default {
+    framework pkcs15 {
+	use_file_caching = no;
+    }
     enable_default_driver = true;
     card_atr 3B:80:80:01:01 {
         pkcs11_enable_InitToken = yes;
@@ -72,7 +78,16 @@ $VALGRIND pkcs15-tool --change-pin --pin 123456 --new-pin 654321
 $VALGRIND pkcs15-tool --unblock-pin --puk 0123456789abcdef --new-pin 123456
 $VALGRIND pkcs15-init --generate-key rsa/2048     --id 1 --key-usage decrypt,sign --auth-id FF --pin 123456
 $VALGRIND pkcs15-init --generate-key rsa/2048     --id 2 --key-usage decrypt      --auth-id FF --pin 123456
-$VALGRIND pkcs15-init --generate-key ec/secp256r1 --id 3 --key-usage sign         --auth-id FF --pin 123456
+
+PKCS11SPY=/usr/local/lib/opensc-pkcs11.so \
+PKCS11SPY_OUTPUT=/tmp/spy-generate-key-logfile \
+OPENSC_DEBUG=9 \
+$VALGRIND pkcs15-init --generate-key ec/secp256r1 --id 3 --key-usage sign         --auth-id FF --pin 123456 \
+--module /usr/local/lib/pkcs11-spy.so
+
+cat < /tmp/spy-generate-key-logfile
+rm    /tmp/spy-generate-key-logfile
+
 $VALGRIND pkcs15-tool -D
 $VALGRIND pkcs11-tool -l -t -p 123456
 
@@ -85,15 +100,30 @@ popd
 # random data to be signed
 dd if=/dev/random of=/tmp/data.bin bs=300 count=1
 # sign & verify using secp256r1 key
+
 $VALGRIND pkcs11-tool -l -p 123456 -s -m ECDSA-SHA1 -d 3 -i /tmp/data.bin -o /tmp/data.sig
 $VALGRIND pkcs11-tool --verify -m ECDSA-SHA1 -d 3 -i /tmp/data.bin --signature-file /tmp/data.sig
 # import, sign & verify using another secp256r1 key
 openssl ecparam -name secp256r1 -genkey -noout -out /tmp/ECprivKey.pem
+cat < /tmp/ECprivKey.pem
 openssl ec -in /tmp/ECprivKey.pem -pubout -out /tmp/ECpubKey.pem
-$VALGRIND pkcs11-tool -l -p 123456 -w /tmp/ECprivKey.pem -y privkey -d 4
-$VALGRIND pkcs11-tool -l -p 123456 -w /tmp/ECpubKey.pem -y pubkey -d 4
+cat < /tmp/ECpubKey.pem
+PKCS11SPY=/usr/local/lib/opensc-pkcs11.so \
+PKCS11SPY_OUTPUT=/tmp/spy-write-privkey-logfile \
+OPENSC_DEBUG=9 $VALGRIND pkcs11-tool -l -p 123456 -w /tmp/ECprivKey.pem -y privkey -d 4 \
+--module /usr/local/lib/pkcs11-spy.so
+cat < /tmp/spy-write-privkey-logfile
+rm    /tmp/spy-write-privkey-logfile
+
+PKCS11SPY=/usr/local/lib/opensc-pkcs11.so \
+PKCS11SPY_OUTPUT=/tmp/spy-write-pubkey-logfile \
+OPENSC_DEBUG=9 $VALGRIND pkcs11-tool -l -p 123456 -w /tmp/ECpubKey.pem -y pubkey -d 4 \
+--module /usr/local/lib/pkcs11-spy.so
+cat < /tmp/spy-write-pubkey-logfile
+rm    /tmp/spy-write-pubkey-logfile
+
 $VALGRIND pkcs11-tool -l -p 123456 -s -m ECDSA-SHA1 -d 4 -i /tmp/data.bin -o /tmp/data.sig
-$VALGRIND pkcs11-tool --verify -m ECDSA-SHA1 -d 4 -i /tmp/data.bin --signature-file /tmp/data.sig
+OPENSC_DEBUG=9 $VALGRIND pkcs11-tool --verify -m ECDSA-SHA1 -d 4 -i /tmp/data.bin --signature-file /tmp/data.sig
 # cleanup
 rm /tmp/ECprivKey.pem /tmp/ECpubKey.pem /tmp/data.bin /tmp/data.sig