#!/bin/bash
#
# This test checks various aspects of RSA decryption
#
# It needs a card with a private key+certificate pair at ID 45
#
# Run this from the regression test directory.

. functions

msg <<EOF
:::
::: Testing on-card decryption facilities (1024 bit)
:::
EOF

o=$p15temp/plaintext
e=$p15temp/encrypted
d=$p15temp/decrypted
p=$p15temp/key.pem

p15_init --no-so-pin
p15_set_pin -a 01

suppress_error_msg="Key length/algorithm not supported by card"
if p15_gen_key rsa/1024 --id 45 --key-usage decrypt -a 01; then
	msg "Extracting public key"
	run_check_status $p15tool --read-public-key 45 -o $p

	msg "Encrypting message (128 byte)"
	dd if=bintest of=$o bs=128 count=1
	run_check_status openssl rsautl -pubin -inkey $p -encrypt -raw -in $o -out $e
	p15_crypt -c -i $e -o $d
	cmp $o $d || fail "Decrypted file does not match plain text file"
	success
else
	msg ""
	msg "The card doesn't seem to support 1024 bit RSA key generation."
	msg "Skipping test !"
	msg ""
fi

p15_erase --secret @01=0000

msg <<EOF
:::
::: Store a 1024 bit RSA on the card and test it.
:::
EOF

k=$p15temp/private.pem
p=$p15temp/public.pem

msg "Generating key pair off the card"
run_check_status openssl genrsa -out $k -f4 1024
run_check_status openssl rsa -in $k -out $p -pubout

p15_init --no-so-pin
p15_set_pin -a 01

suppress_error_msg="Key length/algorithm not supported by card"
if p15_store_key $k -a 01 -u decrypt; then
	msg "Extracting public key"
	run_check_status $p15tool --read-public-key 45 -o $p

	msg "Encrypting message (128 bytes)"
	dd if=bintest of=$o bs=128 count=1
	run_check_status openssl rsautl -pubin -inkey $p -encrypt -raw -in $o -out $e
	p15_crypt -c -i $e -o $d
	cmp $o $d || fail "Decrypted file does not match plain text file"
	success
else
	msg ""
	msg "The card doesn't seem to support 1024 bit RSA keys."
	msg "Skipping test !"
	msg ""
fi

p15_erase --secret @01=0000

