diff --git a/tests/Makefile.am b/tests/Makefile.am index bfd9dbec..b0aa7d80 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -1,4 +1,4 @@ -EXTRA_DIST = engines.cnf.in rsa-common.sh rsa-no-pubkey.sh ec-common.sh ec-no-pubkey.sh +EXTRA_DIST = engines.cnf.in common.sh AM_CFLAGS = $(OPENSSL_CFLAGS) AM_CPPFLAGS = \ @@ -25,27 +25,28 @@ dist_check_SCRIPTS = \ rsa-testlistkeys.softhsm \ rsa-testlistkeys_ext.softhsm \ rsa-evp-sign.softhsm \ - ec-evp-sign.softhsm \ - ec-testfork.softhsm \ - fork-change-slot.softhsm \ rsa-pss-sign.softhsm \ rsa-oaep.softhsm \ - case-insensitive.softhsm \ rsa-check-privkey.softhsm \ + ec-testfork.softhsm \ + ec-evp-sign.softhsm \ ec-check-privkey.softhsm \ - pkcs11-uri-without-token.softhsm \ - search-all-matching-tokens.softhsm \ ec-cert-store.softhsm \ - ec-copy.softhsm + ec-copy.softhsm \ + fork-change-slot.softhsm \ + case-insensitive.softhsm \ + pkcs11-uri-without-token.softhsm \ + search-all-matching-tokens.softhsm dist_check_DATA = \ - rsa-cert.der rsa-prvkey.der rsa-pubkey.der \ - ec-cert.der ec-prvkey.der ec-pubkey.der + rsa-cert.der rsa-privkey.der rsa-pubkey.der \ + ec-cert.der ec-privkey.der ec-pubkey.der TESTS = $(dist_check_SCRIPTS) TESTS_ENVIRONMENT = \ LC_ALL="C" \ EXEEXT=$(EXEEXT) \ + PKG_CONFIG_PATH="$(PKG_CONFIG_PATH)" \ top_builddir="$(top_builddir)" \ srcdir="$(srcdir)" diff --git a/tests/case-insensitive.softhsm b/tests/case-insensitive.softhsm index 3d85d07e..9f346998 100755 --- a/tests/case-insensitive.softhsm +++ b/tests/case-insensitive.softhsm @@ -1,5 +1,7 @@ -#!/bin/sh +#!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2015 Nikos Mavrogiannopoulos # Copyright (C) 2018 Anderson Toshiyuki Sasaki # @@ -21,42 +23,50 @@ outdir="output.$$" -# Load common test functions -. ${srcdir}/rsa-common.sh +ALL_LOWER_PRIV_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=1234" +ALL_LOWER_PUB_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=public;pin-value=1234" -# Do the common test initialization -common_init +ALL_UPPER_PRIV_KEY="PKCS11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=1234" +ALL_UPER_PUB_KEY="PKCS11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=public;pin-value=1234" -sed -e "s|@MODULE_PATH@|${MODULE}|g" -e "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf" +MIXED_PRIV_KEY="PkCs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=1234" +MIXED_PUB_KEY="pKcS11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=public;pin-value=1234" -export OPENSSL_ENGINES="../src/.libs/" -ALL_LOWER_PRIV_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=private;pin-value=1234" -ALL_LOWER_PUB_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=public;pin-value=1234" +# Load common test functions +. ${srcdir}/common.sh -ALL_UPPER_PRIV_KEY="PKCS11:token=libp11-test;id=%01%02%03%04;object=server-key;type=private;pin-value=1234" -ALL_UPER_PUB_KEY="PKCS11:token=libp11-test;id=%01%02%03%04;object=server-key;type=public;pin-value=1234" +# Do the token initialization +init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" -MIXED_PRIV_KEY="PkCs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=private;pin-value=1234" -MIXED_PUB_KEY="pKcS11:token=libp11-test;id=%01%02%03%04;object=server-key;type=public;pin-value=1234" +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh -./evp-sign default false "${outdir}/engines.cnf" ${ALL_LOWER_PRIV_KEY} ${ALL_LOWER_PUB_KEY} ${MODULE} -if test $? != 0;then +# Run the test +${WRAPPER} ./evp-sign default false "${outdir}/engines.cnf" \ + ${ALL_LOWER_PRIV_KEY} ${ALL_LOWER_PUB_KEY} ${MODULE} +if [[ $? -ne 0 ]]; then echo "All lower case PKCS#11 URI scheme detection failed" - exit 1; + exit 1 fi -./evp-sign default false "${outdir}/engines.cnf" ${ALL_UPPER_PRIV_KEY} ${ALL_UPER_PUB_KEY} ${MODULE} -if test $? != 0;then +./evp-sign default false "${outdir}/engines.cnf" \ + ${ALL_UPPER_PRIV_KEY} ${ALL_UPER_PUB_KEY} ${MODULE} +if [[ $? -ne 0 ]]; then echo "All upper case PKCS#11 URI scheme detection failed" - exit 1; + exit 1 fi -./evp-sign default false "${outdir}/engines.cnf" ${MIXED_PRIV_KEY} ${MIXED_PUB_KEY} ${MODULE} -if test $? != 0;then +./evp-sign default false "${outdir}/engines.cnf" \ + ${MIXED_PRIV_KEY} ${MIXED_PUB_KEY} ${MODULE} +if [[ $? -ne 0 ]]; then echo "Mixed case PKCS#11 URI scheme detection failed" - exit 1; + exit 1 fi +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + rm -rf "$outdir" exit 0 diff --git a/tests/common.sh b/tests/common.sh new file mode 100755 index 00000000..28e74d0c --- /dev/null +++ b/tests/common.sh @@ -0,0 +1,249 @@ +#!/bin/bash + +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka +# Copyright (C) 2013 Nikos Mavrogiannopoulos +# Copyright (C) 2015 Red Hat, Inc. +# +# This is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# Uncomment the following line to enable debugging with Valgrind +# WRAPPER="valgrind -s --track-origins=yes --leak-check=full --show-leak-kinds=all --tool=memcheck --show-reachable=yes --keep-debuginfo=yes" + +echo "Current directory: $(pwd)" +echo "Source directory: ${srcdir}" +echo "Output directory: ${outdir}" + +mkdir -p ${outdir} + +for i in /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib64/pkcs11 \ + /usr/lib64/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib/softhsm /usr/lib; do + if [[ -f "$i/libsofthsm2.so" ]]; then + MODULE="$i/libsofthsm2.so" + break + else + if [[ -f "$i/libsofthsm.so" ]]; then + MODULE="$i/libsofthsm.so" + break + fi + fi +done + +if [[ ! -x /usr/bin/pkcs11-tool && ! -x /usr/local/bin/pkcs11-tool ]]; then + echo "Skipping test: 'pkcs11-tool' not found. Please install the tool to proceed." + exit 77 +fi + +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh + +OPENSSL_VERSION=$(./openssl_version | cut -d ' ' -f 2) + +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + +LIBCRYPTO_VER=$(ldd "${MODULE}" | grep 'libcrypto' | awk '{print $1}') +if [[ "$OPENSSL_VERSION" =~ ^0.* || "$OPENSSL_VERSION" =~ ^1\.0.* ]] \ + && [[ "$LIBCRYPTO_VER" == "libcrypto.so.3" ]]; then + echo -n "Skipping test: Module '${MODULE}' built with '${LIBCRYPTO_VER}'" + echo "is incompatible with OpenSSL version '${OPENSSL_VERSION}'." + exit 77 +fi + +echo "Detected system: ${OSTYPE}" + +if [[ ${OSTYPE} == darwin* ]]; then + SHARED_EXT=.dylib +else + SHARED_EXT=.so +fi + + +sed -e "s|@MODULE_PATH@|${MODULE}|g" -e \ + "s|@ENGINE_PATH@|../src/.libs/pkcs11${SHARED_EXT}|g" \ + <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf" + +# Force the use of the local built engine +export OPENSSL_ENGINES="../src/.libs/" +echo "OPENSSL_ENGINES=${OPENSSL_ENGINES}" + +# Set the used PIN and PUK +PIN=1234 +PUK=1234 + +# Set the default object ID for operations +ID=01020304 + +# Initialize the SoftHSM DB +init_db () { + if [[ -x "/usr/bin/softhsm" ]]; then + export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config" + SOFTHSM_TOOL="/usr/bin/softhsm" + SLOT="--slot 0" + fi + + if [[ -x "/usr/local/bin/softhsm2-util" ]]; then + export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" + SOFTHSM_TOOL="/usr/local/bin/softhsm2-util" + SLOT="--free " + fi + + if [[ -x "/opt/local/bin/softhsm2-util" ]]; then + export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" + SOFTHSM_TOOL="/opt/local/bin/softhsm2-util" + SLOT="--free " + fi + + if [[ -x "/usr/bin/softhsm2-util" ]]; then + export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" + SOFTHSM_TOOL="/usr/bin/softhsm2-util" + SLOT="--free " + fi + + if [[ -z ${SOFTHSM_TOOL} ]]; then + echo "Could not find softhsm(2) tool" + exit 77 + fi + + if [[ -n ${SOFTHSM2_CONF} ]]; then + rm -rf $outdir/softhsm-testpkcs11.db + mkdir -p $outdir/softhsm-testpkcs11.db + echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" + echo "directories.tokendir = $outdir/softhsm-testpkcs11.db" >> \ + ${SOFTHSM2_CONF} + else + rm -rf $outdir/softhsm-testpkcs11.db + echo "0:$outdir/softhsm-testpkcs11.db" > ${SOFTHSM_CONF} + fi + echo "SOFTHSM2_CONF=${SOFTHSM2_CONF}" +} + +# Initialize a token in the first available slot +init_card () { + local token_label="$1" + + echo "***************************************" + echo -n "* Initializing token ${token_label} ... " + ${SOFTHSM_TOOL} --init-token ${SLOT} --label ${token_label} \ + --so-pin ${PUK} --pin ${PIN} >/dev/null + if [[ $? -eq 0 ]]; then + echo ok + else + echo failed + exit 1 + fi +} + +# Delete the token at a given slot +remove_card () { + local token_label="$1" + + echo "* Removing token ${token_label}" + ${SOFTHSM_TOOL} --delete-token --token ${token_label} + if [[ $? -ne 0 ]]; then + exit 1 + fi +} + +# Generate an RSA key pair on the token +generate_rsa_key_pair () { + local obj_label="$1" + local token_label="$2" + + echo "* Generating an RSA key pair on the token ${token_label}" + pkcs11-tool --login --pin ${PIN} --module ${MODULE} --id ${ID} \ + --keypairgen --key-type "rsa:2048" \ + --label ${obj_label} --token-label ${token_label} + if [[ $? -ne 0 ]]; then + exit 1 + fi +} + +# Do the token initialization +init_token () { + local key_type="$1" + local num_devices="$2" + local common_label="$3" + local obj_id="$4" + local obj_label="$5" + local i=0 + + # Remove the first 5 parameters from the list of arguments + shift 5 + + # Initialize SoftHSM DB + init_db + + while [[ $i -lt ${num_devices} ]]; do + # Initialize a new device + init_card "${common_label}-$i" + + # Import objects with different labels + import_objects ${key_type} "${common_label}-$i" ${obj_id} "${obj_label}-$i" "$@" + + # List the objects imported into the token + list_objects "${common_label}-$i" + + i=$(($i + 1)) + done +} + +# Write an object (privkey, pubkey, cert) to the token +import_objects () { + local key_type="$1" + local token_label="$2" + local obj_id="$3" + local obj_label="$4" + + # Remove the first 4 parameters from the list of arguments + shift 4 + + # Import objects with different labels + for param in "$@"; do + if [[ -n "$param" ]]; then + echo -n "* Importing the ${key_type^^} ${param} object id=${obj_id}" + echo -n " into the token ${token_label} ... " + pkcs11-tool --login --pin ${PIN} --module ${MODULE} \ + --token-label "${token_label}"\ + --write-object "${srcdir}/${key_type}-${param}.der" \ + --type ${param} \ + --id ${obj_id} --label "${obj_label}" >/dev/null + if [[ $? -eq 0 ]]; then + echo ok + else + echo failed + exit 1 + fi + else + echo "Skipping empty parameter" + fi + done +} + +# Show objects on the token +list_objects () { + local token_label="$1" + + echo "***************************************" + echo "* Listing objects on the token ${token_label}" + echo "***************************************" + pkcs11-tool --login --pin ${PIN} --module ${MODULE} \ + --token-label "${token_label}" --list-objects + if [[ $? -ne 0 ]]; then + exit 1 + fi + echo "***************************************" +} diff --git a/tests/ec-cert-store.softhsm b/tests/ec-cert-store.softhsm index 340947d6..880c4640 100755 --- a/tests/ec-cert-store.softhsm +++ b/tests/ec-cert-store.softhsm @@ -1,5 +1,7 @@ -#!/bin/sh +#!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2015 Nikos Mavrogiannopoulos # Copyright (C) 2019 Anderson Toshiyuki Sasaki # Copyright (C) 2019 Red Hat, Inc. @@ -21,25 +23,36 @@ outdir="output.$$" +CERTIFICATE_URL="pkcs11:token=libp11-0;object=stored-cert;pin-value=1234" + # Load common test functions -. ${srcdir}/ec-no-pubkey.sh +. ${srcdir}/common.sh + +# Do the token initialization +init_token "ec" "1" "libp11" ${ID} "server-key" "privkey" "" "cert" -sed -e "s|@MODULE_PATH@|${MODULE}|g" -e "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf" +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh -export OPENSSL_ENGINES="../src/.libs/" +${OPENSSL} x509 -in ${srcdir}/ec-cert.der -inform DER -outform PEM \ + -out ${outdir}/ec-cert.pem CERTIFICATE="${outdir}/ec-cert.pem" -CERTIFICATE_URL="pkcs11:token=libp11-test;object=stored-cert;pin-value=1234" -./store-cert ${CERTIFICATE} ${CERTIFICATE_URL} ${MODULE} "${outdir}/engines.cnf" -if test $? != 0;then +# Run the test +${WRAPPER} ./store-cert ${CERTIFICATE} ${CERTIFICATE_URL} ${MODULE} "${outdir}/engines.cnf" +if [[ $? -ne 0 ]]; then echo "The certificate storing couldn't be performed" - exit 1; + exit 1 fi -pkcs11-tool -p 1234 --module ${MODULE} -l -O | grep -q stored-cert -if test $? != 0;then +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + +list_objects | grep -q stored-cert +if [[ $? -ne 0 ]]; then echo "The certificate was not properly stored" - exit 1; + exit 1 fi rm -rf "$outdir" diff --git a/tests/ec-check-privkey.softhsm b/tests/ec-check-privkey.softhsm index e0657b35..3ac535f4 100755 --- a/tests/ec-check-privkey.softhsm +++ b/tests/ec-check-privkey.softhsm @@ -1,5 +1,7 @@ -#!/bin/sh +#!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2015 Nikos Mavrogiannopoulos # Copyright (C) 2019 Anderson Toshiyuki Sasaki # Copyright (C) 2019 Red Hat, Inc. @@ -19,28 +21,41 @@ outdir="output.$$" +PRIVATE_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=1234" +CERTIFICATE_URL="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=cert;pin-value=1234" + # Load common test functions -. ${srcdir}/ec-no-pubkey.sh +. ${srcdir}/common.sh + +# Do the token initialization +init_token "ec" "1" "libp11" ${ID} "server-key" "privkey" "" "cert" -sed -e "s|@MODULE_PATH@|${MODULE}|g" -e "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf" +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh -export OPENSSL_ENGINES="../src/.libs/" -PRIVATE_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=private;pin-value=1234" +${OPENSSL} x509 -in ${srcdir}/ec-cert.der -inform DER -outform PEM \ + -out ${outdir}/ec-cert.pem CERTIFICATE="${outdir}/ec-cert.pem" -CERTIFICATE_URL="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=cert;pin-value=1234" -./check-privkey ${CERTIFICATE} ${PRIVATE_KEY} ${MODULE} "${outdir}/engines.cnf" -if test $? != 0;then +# Run the test +${WRAPPER} ./check-privkey ${CERTIFICATE} ${PRIVATE_KEY} ${MODULE} \ + "${outdir}/engines.cnf" +if [[ $? -ne 0 ]]; then echo "The private key loading couldn't get the public key from the certificate" - exit 1; + exit 1 fi -./check-privkey ${CERTIFICATE_URL} ${PRIVATE_KEY} ${MODULE} "${outdir}/engines.cnf" -if test $? != 0;then +./check-privkey ${CERTIFICATE_URL} ${PRIVATE_KEY} ${MODULE} \ + "${outdir}/engines.cnf" +if [[ $? -ne 0 ]]; then echo "The private key loading couldn't get the public key from the certificate URL" - exit 1; + exit 1 fi +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + rm -rf "$outdir" exit 0 diff --git a/tests/ec-common.sh b/tests/ec-common.sh deleted file mode 100755 index 7f1c3a66..00000000 --- a/tests/ec-common.sh +++ /dev/null @@ -1,126 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2013 Nikos Mavrogiannopoulos -# Copyright (C) 2015 Red Hat, Inc. -# -# This is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 3 of the License, or (at -# your option) any later version. -# -# GnuTLS is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GnuTLS; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -OPENSSL_VERSION=$(./openssl_version | cut -d ' ' -f 2) -case "${OPENSSL_VERSION}" in -0.*) - echo "EC tests skipped with OpenSSL ${OPENSSL_VERSION}" - exit 77 - ;; -*) - ;; -esac - -echo "Current directory: $(pwd)" -echo "Source directory: ${srcdir}" -echo "Output directory: ${outdir}" - -mkdir -p $outdir - -for i in /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib64/pkcs11 /usr/lib64/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib/softhsm /usr/lib; do - if test -f "$i/libsofthsm2.so"; then - MODULE="$i/libsofthsm2.so" - break - else - if test -f "$i/libsofthsm.so";then - MODULE="$i/libsofthsm.so" - break - fi - fi -done - -if (! test -x /usr/bin/pkcs11-tool && ! test -x /usr/local/bin/pkcs11-tool);then - exit 77 -fi - -init_card () { - PIN="$1" - PUK="$2" - - if test -x "/usr/bin/softhsm"; then - export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm" - fi - - if test -x "/usr/local/bin/softhsm2-util"; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/local/bin/softhsm2-util" - fi - - if test -x "/opt/local/bin/softhsm2-util"; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/opt/local/bin/softhsm2-util" - fi - - if test -x "/usr/bin/softhsm2-util"; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm2-util" - fi - - if test -z "${SOFTHSM_TOOL}"; then - echo "Could not find softhsm(2) tool" - exit 77 - fi - - if test -n "${SOFTHSM2_CONF}"; then - rm -rf $outdir/softhsm-testpkcs11.db - mkdir -p $outdir/softhsm-testpkcs11.db - echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" - echo "directories.tokendir = $outdir/softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}" - else - rm -rf $outdir/softhsm-testpkcs11.db - echo "0:$outdir/softhsm-testpkcs11.db" > "${SOFTHSM_CONF}" - fi - - - echo -n "* Initializing smart card... " - ${SOFTHSM_TOOL} --init-token --slot 0 --label "libp11-test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null - if test $? = 0; then - echo ok - else - echo failed - exit 1 - fi -} - -PIN=1234 -PUK=1234 -init_card $PIN $PUK - -# generate key in token -pkcs11-tool -p $PIN --module $MODULE -d 01020304 -a server-key -l -w ${srcdir}/ec-prvkey.der -y privkey >/dev/null -if test $? != 0;then - exit 1; -fi - -# pkcs11-tool currently only supports RSA public keys -pkcs11-tool -p $PIN --module $MODULE -d 01020304 -a server-key -l -w ${srcdir}/ec-pubkey.der -y pubkey >/dev/null -if test $? != 0;then - exit 1; -fi - -pkcs11-tool -p $PIN --module $MODULE -d 01020304 -a server-key -l -w ${srcdir}/ec-cert.der -y cert >/dev/null -if test $? != 0;then - exit 1; -fi - -echo "***************" -echo "Listing objects" -echo "***************" -pkcs11-tool -p $PIN --module $MODULE -l -O diff --git a/tests/ec-copy.softhsm b/tests/ec-copy.softhsm index 17b4cdaa..7c9433f4 100755 --- a/tests/ec-copy.softhsm +++ b/tests/ec-copy.softhsm @@ -1,7 +1,8 @@ -#!/bin/sh +#!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2022 Red Hat, Inc. -# # Authors: Jakub Jelen # # This program is free software: you can redistribute it and/or modify @@ -19,20 +20,28 @@ outdir="output.$$" +PRIVATE_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=1234" + # Load common test functions -. ${srcdir}/ec-no-pubkey.sh +. ${srcdir}/common.sh -sed -e "s|@MODULE_PATH@|${MODULE}|g" -e "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf" +# Do the token initialization +init_token "ec" "1" "libp11" ${ID} "server-key" "privkey" "" "cert" -export OPENSSL_ENGINES="../src/.libs/" -PRIVATE_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=private;pin-value=1234" +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh -./dup-key ${PRIVATE_KEY} ${MODULE} "${outdir}/engines.cnf" -if test $? != 0;then +# Run the test +${WRAPPER} ./dup-key ${PRIVATE_KEY} ${MODULE} "${outdir}/engines.cnf" +if [[ $? -ne 0 ]]; then echo "Could not duplicate private key" - exit 1; + exit 1 fi +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + rm -rf "$outdir" exit 0 diff --git a/tests/ec-evp-sign.softhsm b/tests/ec-evp-sign.softhsm index edecd4a9..360b9064 100755 --- a/tests/ec-evp-sign.softhsm +++ b/tests/ec-evp-sign.softhsm @@ -1,5 +1,7 @@ -#!/bin/sh +#!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2015 Nikos Mavrogiannopoulos # # GnuTLS is free software; you can redistribute it and/or modify it @@ -18,54 +20,65 @@ outdir="output.$$" -# Load common test functions -. ${srcdir}/ec-common.sh +PRIVATE_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=1234" +PUBLIC_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=public;pin-value=1234" -# Do the common test initialization -# common_init +# Load common test functions +. ${srcdir}/common.sh -sed -e "s|@MODULE_PATH@|${MODULE}|g" -e "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf" +# Do the token initialization +init_token "ec" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" -export OPENSSL_ENGINES="../src/.libs/" -PRIVATE_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=private;pin-value=1234" -PUBLIC_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=public;pin-value=1234" +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh -./evp-sign ctrl false "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} -if test $? != 0;then +# Run the test +${WRAPPER} ./evp-sign ctrl false "${outdir}/engines.cnf" \ + ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} +if [[ $? -ne 0 ]]; then echo "Basic PKCS #11 test, using ctrl failed" - exit 1; + exit 1 fi -./evp-sign default false "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} -if test $? != 0;then +./evp-sign default false "${outdir}/engines.cnf" \ + ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} +if [[ $? -ne 0 ]]; then echo "Basic PKCS #11 test, using default failed" - exit 1; + exit 1 fi -./evp-sign ctrl 1234 "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} -if test $? != 0;then +./evp-sign ctrl ${PIN} "${outdir}/engines.cnf" \ + ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} +if [[ $? -ne 0 ]]; then echo "Basic PKCS #11 test without pin-value, using ctrl failed" - exit 1; + exit 1 fi -./evp-sign default 1234 "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} -if test $? != 0;then +./evp-sign default ${PIN} "${outdir}/engines.cnf" \ + ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} +if [[ $? -ne 0 ]]; then echo "Basic PKCS #11 test without pin-value, using default failed" - exit 1; + exit 1 fi -./evp-sign ctrl 1234 "${outdir}/engines.cnf" "label_server-key" "label_server-key" ${MODULE} -if test $? != 0;then +./evp-sign ctrl ${PIN} "${outdir}/engines.cnf" \ + "label_server-key-0" "label_server-key-0" ${MODULE} +if [[ $? -ne 0 ]]; then echo "Basic PKCS #11 test with legacy name #1 failed" - exit 1; + exit 1 fi -./evp-sign default 1234 "${outdir}/engines.cnf" "id_01020304" "id_01020304" ${MODULE} -if test $? != 0;then +./evp-sign default ${PIN} "${outdir}/engines.cnf" \ + "id_01020304" "id_01020304" ${MODULE} +if [[ $? -ne 0 ]]; then echo "Basic PKCS #11 test with legacy name #2 failed" - exit 1; + exit 1 fi +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + rm -rf "$outdir" exit 0 diff --git a/tests/ec-no-cert.sh b/tests/ec-no-cert.sh deleted file mode 100755 index 0a9a3122..00000000 --- a/tests/ec-no-cert.sh +++ /dev/null @@ -1,123 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2013 Nikos Mavrogiannopoulos -# Copyright (C) 2015 Red Hat, Inc. -# -# This is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 3 of the License, or (at -# your option) any later version. -# -# GnuTLS is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GnuTLS; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -OPENSSL_VERSION=$(./openssl_version | cut -d ' ' -f 2) -case "${OPENSSL_VERSION}" in -0.*) - echo "EC tests skipped with OpenSSL ${OPENSSL_VERSION}" - exit 77 - ;; -*) - ;; -esac - -echo "Current directory: $(pwd)" -echo "Source directory: ${srcdir}" -echo "Output directory: ${outdir}" - -mkdir -p $outdir - -for i in /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib64/pkcs11 /usr/lib64/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib/softhsm /usr/lib; do - if test -f "$i/libsofthsm2.so"; then - MODULE="$i/libsofthsm2.so" - break - else - if test -f "$i/libsofthsm.so";then - MODULE="$i/libsofthsm.so" - break - fi - fi -done - -if (! test -x /usr/bin/pkcs11-tool && ! test -x /usr/local/bin/pkcs11-tool);then - exit 77 -fi - -init_card () { - PIN="$1" - PUK="$2" - - if test -x "/usr/bin/softhsm"; then - export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm" - fi - - if test -x "/usr/local/bin/softhsm2-util"; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/local/bin/softhsm2-util" - fi - - if test -x "/opt/local/bin/softhsm2-util"; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/opt/local/bin/softhsm2-util" - fi - - if test -x "/usr/bin/softhsm2-util"; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm2-util" - fi - - if test -z "${SOFTHSM_TOOL}"; then - echo "Could not find softhsm(2) tool" - exit 77 - fi - - if test -n "${SOFTHSM2_CONF}"; then - rm -rf $outdir/softhsm-testpkcs11.db - mkdir -p $outdir/softhsm-testpkcs11.db - echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" - echo "directories.tokendir = $outdir/softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}" - else - rm -rf $outdir/softhsm-testpkcs11.db - echo "0:$outdir/softhsm-testpkcs11.db" > "${SOFTHSM_CONF}" - fi - - - echo -n "* Initializing smart card... " - ${SOFTHSM_TOOL} --init-token --slot 0 --label "libp11-test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null - if test $? = 0; then - echo ok - else - echo failed - exit 1 - fi -} - -PIN=1234 -PUK=1234 -init_card $PIN $PUK - -# generate key in token -pkcs11-tool -p $PIN --module $MODULE -d 01020304 -a server-key -l -w ${srcdir}/ec-prvkey.der -y privkey >/dev/null -if test $? != 0;then - exit 1; -fi - -# pkcs11-tool currently only supports RSA public keys -pkcs11-tool -p $PIN --module $MODULE -d 01020304 -a server-key -l -w ${srcdir}/ec-pubkey.der -y pubkey >/dev/null -if test $? != 0;then - exit 1; -fi - -openssl x509 -in ${srcdir}/ec-cert.der -inform DER -out ${outdir}/ec-cert.pem -outform PEM - -echo "***************" -echo "Listing objects" -echo "***************" -pkcs11-tool -p $PIN --module $MODULE -l -O diff --git a/tests/ec-no-pubkey.sh b/tests/ec-no-pubkey.sh deleted file mode 100644 index 0838e1e2..00000000 --- a/tests/ec-no-pubkey.sh +++ /dev/null @@ -1,122 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2013 Nikos Mavrogiannopoulos -# Copyright (C) 2019 Anderson Toshiyuki Sasaki -# Copyright (C) 2019 Red Hat, Inc. -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -OPENSSL_VERSION=$(./openssl_version | cut -d ' ' -f 2) -case "${OPENSSL_VERSION}" in -0.*) - echo "EC tests skipped with OpenSSL ${OPENSSL_VERSION}" - exit 77 - ;; -*) - ;; -esac - -echo "Current directory: $(pwd)" -echo "Source directory: ${srcdir}" -echo "Output directory: ${outdir}" - -mkdir -p $outdir - -for i in /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib64/pkcs11 /usr/lib64/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib/softhsm /usr/lib; do - if test -f "$i/libsofthsm2.so"; then - MODULE="$i/libsofthsm2.so" - break - else - if test -f "$i/libsofthsm.so";then - MODULE="$i/libsofthsm.so" - break - fi - fi -done - -if (! test -x /usr/bin/pkcs11-tool && ! test -x /usr/local/bin/pkcs11-tool);then - exit 77 -fi - -init_card () { - PIN="$1" - PUK="$2" - - if test -x "/usr/bin/softhsm"; then - export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm" - fi - - if test -x "/usr/local/bin/softhsm2-util"; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/local/bin/softhsm2-util" - fi - - if test -x "/opt/local/bin/softhsm2-util"; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/opt/local/bin/softhsm2-util" - fi - - if test -x "/usr/bin/softhsm2-util"; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm2-util" - fi - - if test -z "${SOFTHSM_TOOL}"; then - echo "Could not find softhsm(2) tool" - exit 77 - fi - - if test -n "${SOFTHSM2_CONF}"; then - rm -rf $outdir/softhsm-testpkcs11.db - mkdir -p $outdir/softhsm-testpkcs11.db - echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" - echo "directories.tokendir = $outdir/softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}" - else - rm -rf $outdir/softhsm-testpkcs11.db - echo "0:$outdir/softhsm-testpkcs11.db" > "${SOFTHSM_CONF}" - fi - - - echo -n "* Initializing smart card... " - ${SOFTHSM_TOOL} --init-token --slot 0 --label "libp11-test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null - if test $? = 0; then - echo ok - else - echo failed - exit 1 - fi -} - -PIN=1234 -PUK=1234 -init_card $PIN $PUK - -# generate key in token -pkcs11-tool -p $PIN --module $MODULE -d 01020304 -a server-key -l -w ${srcdir}/ec-prvkey.der -y privkey >/dev/null -if test $? != 0;then - exit 1; -fi - -pkcs11-tool -p $PIN --module $MODULE -d 01020304 -a server-key -l -w ${srcdir}/ec-cert.der -y cert >/dev/null -if test $? != 0;then - exit 1; -fi - -openssl x509 -in ${srcdir}/ec-cert.der -inform DER -out ${outdir}/ec-cert.pem -outform PEM - -echo "***************" -echo "Listing objects" -echo "***************" -pkcs11-tool -p $PIN --module $MODULE -l -O diff --git a/tests/ec-prvkey.der b/tests/ec-privkey.der similarity index 100% rename from tests/ec-prvkey.der rename to tests/ec-privkey.der diff --git a/tests/ec-testfork.softhsm b/tests/ec-testfork.softhsm index 55b6516b..94101fac 100755 --- a/tests/ec-testfork.softhsm +++ b/tests/ec-testfork.softhsm @@ -1,5 +1,7 @@ -#!/bin/sh +#!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2013 Nikos Mavrogiannopoulos # Copyright (C) 2015 Red Hat, Inc. # @@ -19,13 +21,25 @@ outdir="output.$$" -. ${srcdir}/ec-common.sh +# Load common test functions +. ${srcdir}/common.sh -./fork-test $MODULE $PIN -if test $? != 0;then - exit 1; +# Do the token initialization +init_token "ec" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" + +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh + +# Run the test +${WRAPPER} ./fork-test ${MODULE} ${PIN} +if [[ $? -ne 0 ]]; then + exit 1 fi +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + rm -rf "$outdir" exit 0 diff --git a/tests/fork-change-slot.softhsm b/tests/fork-change-slot.softhsm index 32abf848..8de1e064 100755 --- a/tests/fork-change-slot.softhsm +++ b/tests/fork-change-slot.softhsm @@ -1,5 +1,7 @@ -#!/bin/sh +#!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2013 Nikos Mavrogiannopoulos # Copyright (C) 2015 Red Hat, Inc. # @@ -20,52 +22,44 @@ outdir="output.$$" # Load common test functions -. ${srcdir}/rsa-common.sh - -sed -e "s|@MODULE_PATH@|${MODULE}|g" -e \ - "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" \ - <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf" - -# Set the used PIN and PUK -PIN=1234 -PUK=1234 +. ${srcdir}/common.sh # Initialize SoftHSM DB init_db # Create 2 different tokens -init_card $PIN $PUK "token1" -init_card $PIN $PUK "token2" +init_card "token1" +init_card "token2" -# Force the use of the local built engine -export OPENSSL_ENGINES="../src/.libs/" +# Generate an RSA key pair on the second token +generate_rsa_key_pair "pkey" "token2" -# Generate a key pair in the second token -pkcs11-tool --module ${MODULE} -l --pin $PIN --keypairgen --key-type \ - rsa:2048 --id 01020304 --label pkey --token-label token2 -if test $? != 0;then - exit 1; -fi +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh # Run the test program which will stop and wait for a signal (SIGUSR1) -./fork-change-slot \ - "pkcs11:token=token2;object=pkey;type=private;pin-value=$PIN" \ +# Valgrind cannot be used because the test program waits indefinitely at the sigwait call +./fork-change-slot "pkcs11:token=token2;object=pkey;type=private;pin-value=$PIN" \ "${outdir}/engines.cnf" ${MODULE} & pid=$! +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + # Wait the test program to reach the sigwait sleep 3 # Remove the first token to change the slotID associated with token2 -${SOFTHSM_TOOL} --delete-token --token token1 +remove_card "token1" # Send the signal to the waiting process kill -USR1 `pgrep -P $pid` # Test the result wait $pid -if test $? != 0;then - exit 1; +if [[ $? -ne 0 ]]; then + exit 1 fi # Cleanup diff --git a/tests/fork-test.c b/tests/fork-test.c index 1ef98402..aef311e7 100644 --- a/tests/fork-test.c +++ b/tests/fork-test.c @@ -32,7 +32,7 @@ /* libp11 example code: auth.c * - * This examply simply connects to your smart card + * This examply simply connects to your smart card / SoftHSM token * and does a public key authentication. */ diff --git a/tests/openssl-settings.sh b/tests/openssl-settings.sh new file mode 100644 index 00000000..a393c945 --- /dev/null +++ b/tests/openssl-settings.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka +# +# This is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# OpenSSL settings +if test -n ${PKG_CONFIG_PATH}; then + OPENSSL_PATH="${PKG_CONFIG_PATH}/../.." + if command -v "${OPENSSL_PATH}/bin/openssl" &> /dev/null; then + OPENSSL="${OPENSSL_PATH}/bin/openssl" + export LD_LIBRARY_PATH="${OPENSSL_PATH}/lib64:${OPENSSL_PATH}/lib" + else + OPENSSL=openssl + fi +else + OPENSSL=openssl +fi +echo "Compiled with: `${OPENSSL} version`" diff --git a/tests/pkcs11-uri-without-token.softhsm b/tests/pkcs11-uri-without-token.softhsm index da95ebfe..c29966fa 100755 --- a/tests/pkcs11-uri-without-token.softhsm +++ b/tests/pkcs11-uri-without-token.softhsm @@ -1,5 +1,7 @@ -#!/bin/sh +#!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2015 Nikos Mavrogiannopoulos # # GnuTLS is free software; you can redistribute it and/or modify it @@ -21,53 +23,48 @@ outdir="output.$$" -# Load common test functions -. ${srcdir}/rsa-common.sh - -# Do the common test initialization -common_init - -echo "Detected system: ${OSTYPE}" - -case "${OSTYPE}" in - darwin* ) - SHARED_EXT=.dylib - ;; - *) - SHARED_EXT=.so - ;; -esac +# These URIs don't contain the token specification +PRIVATE_KEY="pkcs11:object=server-key-0;type=private;pin-value=1234" +PUBLIC_KEY="pkcs11:object=server-key-0;type=public;pin-value=1234" -sed -e "s|@MODULE_PATH@|${MODULE}|g" -e \ - "s|@ENGINE_PATH@|../src/.libs/pkcs11${SHARED_EXT}|g" \ - <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf" +# Load common test functions +. ${srcdir}/common.sh -export OPENSSL_ENGINES="../src/.libs/" export OPENSSL_CONF="${outdir}/engines.cnf" +echo "OPENSSL_CONF=${OPENSSL_CONF}" -# These URIs don't contain the token specification -PRIVATE_KEY="pkcs11:object=server-key;type=private;pin-value=1234" -PUBLIC_KEY="pkcs11:object=server-key;type=public;pin-value=1234" +# Do the token initialization +init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" # Create input file echo "secret" >"${outdir}/in.txt" +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh + +# Run the test # Generate signature without specifying the token in the PKCS#11 URI -openssl pkeyutl -engine pkcs11 -keyform engine -inkey "${PRIVATE_KEY}" \ - -sign -out "${outdir}/signature.bin" -in "${outdir}/in.txt" -if test $? != 0;then +${WRAPPER} ${OPENSSL} pkeyutl -engine pkcs11 -keyform engine \ + -inkey ${PRIVATE_KEY} -sign -out "${outdir}/signature.bin" \ + -in "${outdir}/in.txt" +if [[ $? -ne 0 ]]; then echo "Failed to generate signature using PKCS#11 URI ${PRIVATE_KEY}" - exit 1; + exit 1 fi # Verify the signature without specifying the token in the PKCS#11 URI -openssl pkeyutl -engine pkcs11 -keyform engine -pubin -inkey "${PUBLIC_KEY}" \ - -verify -sigfile "${outdir}/signature.bin" -in "${outdir}/in.txt" -if test $? != 0;then +${OPENSSL} pkeyutl -engine pkcs11 -keyform engine -pubin \ + -inkey ${PUBLIC_KEY} -verify -sigfile "${outdir}/signature.bin" \ + -in "${outdir}/in.txt" +if [[ $? -ne 0 ]]; then echo "Failed to verify signature using PKCS#11 URI ${PUBLIC_KEY}" - exit 1; + exit 1 fi +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + rm -rf "$outdir" exit 0 diff --git a/tests/rsa-check-privkey.softhsm b/tests/rsa-check-privkey.softhsm index 8ca19325..90c8ed49 100755 --- a/tests/rsa-check-privkey.softhsm +++ b/tests/rsa-check-privkey.softhsm @@ -1,5 +1,7 @@ #!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2015 Nikos Mavrogiannopoulos # Copyright (C) 2019 Anderson Toshiyuki Sasaki # Copyright (C) 2019 Red Hat, Inc. @@ -20,28 +22,41 @@ outdir="output.$$" +PRIVATE_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=1234" +CERTIFICATE_URL="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=cert;pin-value=1234" + # Load common test functions -. ${srcdir}/rsa-no-pubkey.sh +. ${srcdir}/common.sh + +# Do the token initialization +init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "" "cert" -sed -e "s|@MODULE_PATH@|${MODULE}|g" -e "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf" +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh -export OPENSSL_ENGINES="../src/.libs/" -PRIVATE_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=private;pin-value=1234" +${OPENSSL} x509 -in ${srcdir}/rsa-cert.der -inform DER -outform PEM \ + -out ${outdir}/rsa-cert.pem CERTIFICATE="${outdir}/rsa-cert.pem" -CERTIFICATE_URL="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=cert;pin-value=1234" -./check-privkey ${CERTIFICATE} ${PRIVATE_KEY} ${MODULE} "${outdir}/engines.cnf" -if test $? != 0;then +# Run the test +${WRAPPER} ./check-privkey ${CERTIFICATE} ${PRIVATE_KEY} ${MODULE} \ + "${outdir}/engines.cnf" +if [[ $? -ne 0 ]]; then echo "The private key loading couldn't get the public key from the certificate" - exit 1; + exit 1 fi -./check-privkey ${CERTIFICATE_URL} ${PRIVATE_KEY} ${MODULE} "${outdir}/engines.cnf" -if test $? != 0;then +./check-privkey ${CERTIFICATE_URL} ${PRIVATE_KEY} ${MODULE} \ + "${outdir}/engines.cnf" +if [[ $? -ne 0 ]]; then echo "The private key loading couldn't get the public key from the certificate URL" - exit 1; + exit 1 fi +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + rm -rf "$outdir" exit 0 diff --git a/tests/rsa-common.sh b/tests/rsa-common.sh deleted file mode 100755 index 42477ee6..00000000 --- a/tests/rsa-common.sh +++ /dev/null @@ -1,184 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2013 Nikos Mavrogiannopoulos -# Copyright (C) 2015 Red Hat, Inc. -# -# This is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation; either version 3 of the License, or (at -# your option) any later version. -# -# GnuTLS is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with GnuTLS; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -echo "Current directory: $(pwd)" -echo "Source directory: ${srcdir}" -echo "Output directory: ${outdir}" - -mkdir -p $outdir - -# Set the module to be used -for i in /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib64/pkcs11 /usr/lib64/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib/softhsm /usr/lib; do - if test -f "$i/libsofthsm2.so"; then - MODULE="$i/libsofthsm2.so" - break - else - if test -f "$i/libsofthsm.so";then - MODULE="$i/libsofthsm.so" - break - fi - fi -done - -if (! test -x /usr/bin/pkcs11-tool && ! test -x /usr/local/bin/pkcs11-tool);then - exit 77 -fi - -# Initialize the SoftHSM DB -init_db () { - if test -x "/usr/bin/softhsm"; then - export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm" - SLOT="--slot 0" - fi - - if test -x "/usr/local/bin/softhsm2-util"; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/local/bin/softhsm2-util" - SLOT="--free " - fi - - if test -x "/opt/local/bin/softhsm2-util"; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/opt/local/bin/softhsm2-util" - SLOT="--free " - fi - - if test -x "/usr/bin/softhsm2-util"; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm2-util" - SLOT="--free " - fi - - if test -z "${SOFTHSM_TOOL}"; then - echo "Could not find softhsm(2) tool" - exit 77 - fi - - if test -n "${SOFTHSM2_CONF}"; then - rm -rf $outdir/softhsm-testpkcs11.db - mkdir -p $outdir/softhsm-testpkcs11.db - echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" - echo "directories.tokendir = $outdir/softhsm-testpkcs11.db" >> \ - "${SOFTHSM2_CONF}" - else - rm -rf $outdir/softhsm-testpkcs11.db - echo "0:$outdir/softhsm-testpkcs11.db" > "${SOFTHSM_CONF}" - fi -} - -# Create a new device -init_card () { - pin="$1" - puk="$2" - dev_label="$3" - - echo -n "* Initializing smart card ${dev_label}..." - ${SOFTHSM_TOOL} --init-token ${SLOT} --label "${dev_label}" \ - --so-pin "${puk}" --pin "${pin}" >/dev/null - if test $? = 0; then - echo ok - else - echo failed - exit 1 - fi -} - -# Import objects to the token -import_objects () { - id=$1 - obj_label=$2 - token_label=$3 - - pkcs11-tool -p ${PIN} --module ${MODULE} -d ${id} \ - --token-label ${token_label} -a ${obj_label} -l -w \ - ${srcdir}/rsa-prvkey.der -y privkey >/dev/null - if test $? != 0;then - exit 1; - fi - - pkcs11-tool -p ${PIN} --module ${MODULE} -d ${id} \ - --token-label ${token_label} -a ${obj_label} -l -w \ - ${srcdir}/rsa-pubkey.der -y pubkey >/dev/null - if test $? != 0;then - exit 1; - fi - - pkcs11-tool -p ${PIN} --module ${MODULE} -d ${id} \ - --token-label ${token_label} -a ${obj_label} -l -w \ - ${srcdir}/rsa-cert.der -y cert >/dev/null - if test $? != 0;then - exit 1; - fi - - echo Finished -} - -# List the objects contained in the token -list_objects () { - echo "***************" - echo "Listing objects" - echo "***************" - pkcs11-tool -p ${PIN} --module ${MODULE} -l -O -} - -common_init () { - # Set the used PIN and PUK - PIN=1234 - PUK=1234 - - # Initialize the SoftHSM DB - init_db - - # Initialize a new device - init_card $PIN $PUK "libp11-test" - - echo Importing - # Import the used objects (private key, public key, and certificate) - import_objects 01020304 "server-key" "libp11-test" - - # List the imported objects - list_objects -} - -create_devices () { - num_devices=$1 - pin="$2" - puk="$3" - common_label="$4" - object_label="$5" - - i=0 - while [ $i -le ${num_devices} ]; do - init_card ${pin} ${puk} "${common_label}-$i" - - echo "Importing objects to token ${common_label}-$i" - # Import objects with different labels - import_objects 01020304 "${object_label}-$i" "${common_label}-$i" - - pkcs11-tool -p ${pin} --module ${MODULE} -l -O --token-label \ - "${common_label}-$i" - if test $? != 0;then - echo Failed! - exit 1; - fi - - i=$(($i + 1)) - done -} diff --git a/tests/rsa-evp-sign.softhsm b/tests/rsa-evp-sign.softhsm index 3100fc7b..64dcbd22 100755 --- a/tests/rsa-evp-sign.softhsm +++ b/tests/rsa-evp-sign.softhsm @@ -1,5 +1,7 @@ -#!/bin/sh +#!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2015 Nikos Mavrogiannopoulos # # GnuTLS is free software; you can redistribute it and/or modify it @@ -18,22 +20,23 @@ outdir="output.$$" -# Load common test functions -. ${srcdir}/rsa-common.sh - -# Do the common test initialization -common_init +KEY_ID="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0" -sed -e "s|@MODULE_PATH@|${MODULE}|g" -e "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf" +# Load common test functions +. ${srcdir}/common.sh -printf "$PIN" > $outdir/pin.txt +printf ${PIN} > $outdir/pin.txt -export OPENSSL_ENGINES="../src/.libs/" +# Do the token initialization +init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" -KEY_ID="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key" +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh +# Run the test for PIN_ATTR in \ - "pin-value=1234" \ + "pin-value=${PIN}" \ "pin-source=$outdir/pin.txt" \ "pin-source=file:$outdir/pin.txt" do @@ -43,44 +46,53 @@ do echo $PRIVATE_KEY - ./evp-sign ctrl false "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} - if test $? != 0;then + ${WRAPPER} ./evp-sign ctrl false "${outdir}/engines.cnf" \ + ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} + if [[ $? -ne 0 ]]; then echo "Basic PKCS #11 test, using ctrl failed" - exit 1; + exit 1 fi - ./evp-sign default false "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} - if test $? != 0;then + ./evp-sign default false "${outdir}/engines.cnf" \ + ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} + if [[ $? -ne 0 ]]; then echo "Basic PKCS #11 test, using default failed" - exit 1; + exit 1 fi - ./evp-sign ctrl 1234 "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} - if test $? != 0;then + ./evp-sign ctrl ${PIN} "${outdir}/engines.cnf" \ + ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} + if [[ $? -ne 0 ]]; then echo "Basic PKCS #11 test without pin-value, using ctrl failed" - exit 1; + exit 1 fi - ./evp-sign default 1234 "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} - if test $? != 0;then + ./evp-sign default ${PIN} "${outdir}/engines.cnf" \ + ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} + if [[ $? -ne 0 ]]; then echo "Basic PKCS #11 test without pin-value, using default failed" - exit 1; + exit 1 fi done -./evp-sign ctrl 1234 "${outdir}/engines.cnf" "label_server-key" "label_server-key" ${MODULE} -if test $? != 0;then +./evp-sign ctrl ${PIN} "${outdir}/engines.cnf" \ + "label_server-key-0" "label_server-key-0" ${MODULE} +if [[ $? -ne 0 ]]; then echo "Basic PKCS #11 test with legacy name #1 failed" - exit 1; + exit 1 fi -./evp-sign default 1234 "${outdir}/engines.cnf" "id_01020304" "id_01020304" ${MODULE} -if test $? != 0;then +./evp-sign default ${PIN} "${outdir}/engines.cnf" \ + "id_01020304" "id_01020304" ${MODULE} +if [[ $? -ne 0 ]]; then echo "Basic PKCS #11 test with legacy name #2 failed" - exit 1; + exit 1 fi +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + rm -rf "$outdir" exit 0 diff --git a/tests/rsa-no-pubkey.sh b/tests/rsa-no-pubkey.sh deleted file mode 100644 index 8e16084f..00000000 --- a/tests/rsa-no-pubkey.sh +++ /dev/null @@ -1,123 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2013 Nikos Mavrogiannopoulos -# Copyright (C) 2019 Anderson Toshiyuki Sasaki -# Copyright (C) 2019 Red Hat, Inc. -# Copyright (C) 2021 Uri Blumenthal, MIT -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -OPENSSL_VERSION=$(./openssl_version | cut -d ' ' -f 2) -case "${OPENSSL_VERSION}" in -0.*) - echo "EC tests skipped with OpenSSL ${OPENSSL_VERSION}" - exit 77 - ;; -*) - ;; -esac - -echo "Current directory: $(pwd)" -echo "Source directory: ${srcdir}" -echo "Output directory: ${outdir}" - -mkdir -p $outdir - -for i in /usr/local/lib/softhsm /opt/local/lib/softhsm /usr/lib64/pkcs11 /usr/lib64/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib/softhsm /usr/lib; do - if test -f "$i/libsofthsm2.so"; then - MODULE="$i/libsofthsm2.so" - break - else - if test -f "$i/libsofthsm.so";then - MODULE="$i/libsofthsm.so" - break - fi - fi -done - -if (! test -x /usr/bin/pkcs11-tool && ! test -x /usr/local/bin/pkcs11-tool);then - exit 77 -fi - -init_card () { - PIN="$1" - PUK="$2" - - if test -x "/usr/bin/softhsm"; then - export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm" - fi - - if test -x "/usr/local/bin/softhsm2-util"; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/local/bin/softhsm2-util" - fi - - if test -x "/opt/local/bin/softhsm2-util"; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/opt/local/bin/softhsm2-util" - fi - - if test -x "/usr/bin/softhsm2-util"; then - export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config" - SOFTHSM_TOOL="/usr/bin/softhsm2-util" - fi - - if test -z "${SOFTHSM_TOOL}"; then - echo "Could not find softhsm(2) tool" - exit 77 - fi - - if test -n "${SOFTHSM2_CONF}"; then - rm -rf $outdir/softhsm-testpkcs11.db - mkdir -p $outdir/softhsm-testpkcs11.db - echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" - echo "directories.tokendir = $outdir/softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}" - else - rm -rf $outdir/softhsm-testpkcs11.db - echo "0:$outdir/softhsm-testpkcs11.db" > "${SOFTHSM_CONF}" - fi - - - echo -n "* Initializing smart card... " - ${SOFTHSM_TOOL} --init-token --slot 0 --label "libp11-test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null - if test $? = 0; then - echo ok - else - echo failed - exit 1 - fi -} - -PIN=1234 -PUK=1234 -init_card $PIN $PUK - -# generate key in token -pkcs11-tool -p $PIN --module $MODULE -d 01020304 -a server-key -l -w ${srcdir}/rsa-prvkey.der -y privkey >/dev/null -if test $? != 0;then - exit 1; -fi - -pkcs11-tool -p $PIN --module $MODULE -d 01020304 -a server-key -l -w ${srcdir}/rsa-cert.der -y cert >/dev/null -if test $? != 0;then - exit 1; -fi - -openssl x509 -in ${srcdir}/rsa-cert.der -inform DER -out ${outdir}/rsa-cert.pem -outform PEM - -echo "***************" -echo "Listing objects" -echo "***************" -pkcs11-tool -p $PIN --module $MODULE -l -O diff --git a/tests/rsa-oaep.softhsm b/tests/rsa-oaep.softhsm index 25b1f9b0..e5ff310b 100755 --- a/tests/rsa-oaep.softhsm +++ b/tests/rsa-oaep.softhsm @@ -1,5 +1,7 @@ -#!/bin/sh +#!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2015 Nikos Mavrogiannopoulos # Copyright (C) 2018 Anderson Toshiyuki Sasaki # @@ -18,24 +20,30 @@ outdir="output.$$" -# Load common test functions -. ${srcdir}/rsa-common.sh +PRIVATE_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=1234" +PUBLIC_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=public;pin-value=1234" -# Do the common test initialization -common_init +# Load common test functions +. ${srcdir}/common.sh -sed -e "s|@MODULE_PATH@|${MODULE}|g" -e "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf" +# Do the token initialization +init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" -export OPENSSL_ENGINES="../src/.libs/" -PRIVATE_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=private;pin-value=1234" -PUBLIC_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=public;pin-value=1234" +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh -./rsa-oaep 1234 "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} -if test $? != 0;then +# Run the test +${WRAPPER} ./rsa-oaep ${PIN} "${outdir}/engines.cnf" \ + ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} +if [[ $? -ne 0 ]]; then echo "RSA-OAEP encryption/decryption test failed." - exit 1; + exit 1 fi +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + rm -rf "$outdir" exit 0 diff --git a/tests/rsa-prvkey.der b/tests/rsa-privkey.der similarity index 100% rename from tests/rsa-prvkey.der rename to tests/rsa-privkey.der diff --git a/tests/rsa-pss-sign.softhsm b/tests/rsa-pss-sign.softhsm index d14c8fa8..2cf95fb2 100755 --- a/tests/rsa-pss-sign.softhsm +++ b/tests/rsa-pss-sign.softhsm @@ -1,5 +1,7 @@ -#!/bin/sh +#!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2015 Nikos Mavrogiannopoulos # Copyright (C) 2018 Anderson Toshiyuki Sasaki # @@ -18,24 +20,30 @@ outdir="output.$$" -# Load common test functions -. ${srcdir}/rsa-common.sh +PRIVATE_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=private;pin-value=1234" +PUBLIC_KEY="pkcs11:token=libp11-0;id=%01%02%03%04;object=server-key-0;type=public;pin-value=1234" -# Do the common test initialization -common_init +# Load common test functions +. ${srcdir}/common.sh -sed -e "s|@MODULE_PATH@|${MODULE}|g" -e "s|@ENGINE_PATH@|../src/.libs/pkcs11.so|g" <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf" +# Do the token initialization +init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" -export OPENSSL_ENGINES="../src/.libs/" -PRIVATE_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=private;pin-value=1234" -PUBLIC_KEY="pkcs11:token=libp11-test;id=%01%02%03%04;object=server-key;type=public;pin-value=1234" +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh -./rsa-pss-sign 1234 "${outdir}/engines.cnf" ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} -if test $? != 0;then +# Run the test +${WRAPPER} ./rsa-pss-sign ${PIN} "${outdir}/engines.cnf" \ + ${PRIVATE_KEY} ${PUBLIC_KEY} ${MODULE} +if [[ $? -ne 0 ]]; then echo "RSA-PSS signature/verification test failed." - exit 1; + exit 1 fi +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + rm -rf "$outdir" exit 0 diff --git a/tests/rsa-testfork.softhsm b/tests/rsa-testfork.softhsm index ba5d8515..967ac9a5 100755 --- a/tests/rsa-testfork.softhsm +++ b/tests/rsa-testfork.softhsm @@ -1,5 +1,7 @@ -#!/bin/sh +#!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2013 Nikos Mavrogiannopoulos # Copyright (C) 2015 Red Hat, Inc. # @@ -20,17 +22,24 @@ outdir="output.$$" # Load common test functions -. ${srcdir}/rsa-common.sh +. ${srcdir}/common.sh -# Do the common test initialization -common_init +# Do the token initialization +init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" + +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh # Run the test -./fork-test ${MODULE} ${PIN} -if test $? != 0;then - exit 1; +${WRAPPER} ./fork-test ${MODULE} ${PIN} +if [[ $? -ne 0 ]]; then + exit 1 fi +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + # Cleanup rm -rf "$outdir" diff --git a/tests/rsa-testlistkeys.softhsm b/tests/rsa-testlistkeys.softhsm index b3696f59..7fe9d444 100755 --- a/tests/rsa-testlistkeys.softhsm +++ b/tests/rsa-testlistkeys.softhsm @@ -1,5 +1,7 @@ -#!/bin/sh +#!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2013 Nikos Mavrogiannopoulos # Copyright (C) 2015 Red Hat, Inc. # @@ -20,17 +22,24 @@ outdir="output.$$" # Load common test functions -. ${srcdir}/rsa-common.sh +. ${srcdir}/common.sh -# Do the common test initialization -common_init +# Do the token initialization +init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" + +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh # Run the test -../examples/listkeys ${MODULE} ${PIN} -if test $? != 0;then - exit 1; +${WRAPPER} ../examples/listkeys ${MODULE} ${PIN} +if [[ $? -ne 0 ]]; then + exit 1 fi +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + rm -rf "$outdir" exit 0 diff --git a/tests/rsa-testlistkeys_ext.softhsm b/tests/rsa-testlistkeys_ext.softhsm index dfacc0ec..c0d88425 100755 --- a/tests/rsa-testlistkeys_ext.softhsm +++ b/tests/rsa-testlistkeys_ext.softhsm @@ -1,5 +1,7 @@ -#!/bin/sh +#!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2023 Koninklijke Philips N.V. # # This is free software; you can redistribute it and/or modify it @@ -19,54 +21,63 @@ outdir="output.$$" # Load common test functions -. ${srcdir}/rsa-common.sh +. ${srcdir}/common.sh -# Do the common test initialization -common_init +# Do the token initialization +init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" -import_objects 01020314 "server-key1" "libp11-test" -import_objects 01020324 "server-key2" "libp11-test" -import_objects 01020334 "server-key3" "libp11-test" -import_objects 01020344 "server-key4" "libp11-test" +# Write more objects with different labels to the token +import_objects "rsa" "libp11-0" "01020314" "server-key-1" "privkey" "pubkey" "cert" +import_objects "rsa" "libp11-0" "01020324" "server-key-2" "privkey" "pubkey" "cert" +import_objects "rsa" "libp11-0" "01020334" "server-key-3" "privkey" "pubkey" "cert" +import_objects "rsa" "libp11-0" "01020344" "server-key-4" "privkey" "pubkey" "cert" +list_objects "libp11-0" + +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh # Run the test -../examples/listkeys_ext -m "${MODULE}" -p "${PIN}" | grep -q 'nkeys:5' -if test $? != 0;then +${WRAPPER} ../examples/listkeys_ext -m ${MODULE} -p ${PIN} | grep -q 'nkeys:5' +if [[ $? -ne 0 ]]; then echo "Failed when no search parameters were given. 5 Keys should have been found." - exit 1; + exit 1 fi -../examples/listkeys_ext -m "${MODULE}" -p "${PIN}" -i 01020314 | grep -q 'nkeys:1' -if test $? != 0;then +../examples/listkeys_ext -m ${MODULE} -p ${PIN} -i "01020314" | grep -q 'nkeys:1' +if [[ $? -ne 0 ]]; then echo "Failed when searching with id. Only 1 key should have been found." - exit 1; + exit 1 fi -../examples/listkeys_ext -m "${MODULE}" -p "${PIN}" -i 1020314 | grep -q 'nkeys:1' -if test $? != 0;then +../examples/listkeys_ext -m ${MODULE} -p ${PIN} -i "1020314" | grep -q 'nkeys:1' +if [[ $? -ne 0 ]]; then echo "Failed when searching with id. Only 1 key should have been found." - exit 1; + exit 1 fi -../examples/listkeys_ext -m "${MODULE}" -p "${PIN}" -l server-key3 | grep -q 'nkeys:1' -if test $? != 0;then +../examples/listkeys_ext -m ${MODULE} -p ${PIN} -l server-key-3 | grep -q 'nkeys:1' +if [[ $? -ne 0 ]]; then echo "Failed when searching with label. Only 1 key should have been found." - exit 1; + exit 1 fi -../examples/listkeys_ext -m "${MODULE}" -p "${PIN}" -i 01020334 -l server-key3 | grep -q 'nkeys:1' -if test $? != 0;then +../examples/listkeys_ext -m ${MODULE} -p ${PIN} -i "01020334" -l server-key-3 | grep -q 'nkeys:1' +if [[ $? -ne 0 ]]; then echo "Failed when searching with id and label. Only 1 key should have been found." - exit 1; + exit 1 fi -../examples/listkeys_ext -m "${MODULE}" -p "${PIN}" -i 01020334 -l server-key1 -if test $? = 0;then +../examples/listkeys_ext -m ${MODULE} -p ${PIN} -i "01020334" -l server-key-1 +if [[ $? -eq 0 ]]; then echo "Did not fail when no keys should have been found." - exit 1; + exit 1 fi +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + rm -rf "$outdir" exit 0 diff --git a/tests/rsa-testpkcs11.softhsm b/tests/rsa-testpkcs11.softhsm index f76a8d3e..2b90e3e9 100755 --- a/tests/rsa-testpkcs11.softhsm +++ b/tests/rsa-testpkcs11.softhsm @@ -1,5 +1,7 @@ -#!/bin/sh +#!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2013 Nikos Mavrogiannopoulos # # This file is part of GnuTLS. @@ -21,17 +23,25 @@ outdir="output.$$" # Load common test functions -. ${srcdir}/rsa-common.sh +. ${srcdir}/common.sh -# Do the common test initialization -common_init +# Do the token initialization +init_token "rsa" "1" "libp11" ${ID} "server-key" "privkey" "pubkey" "cert" -../examples/auth ${MODULE} ${PIN} -if test $? != 0;then +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh + +# Run the test +${WRAPPER} ../examples/auth ${MODULE} ${PIN} +if [[ $? -ne 0 ]]; then echo "Basic PKCS #11 test test failed" - exit 1; + exit 1 fi +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + # Cleanup rm -rf "$outdir" diff --git a/tests/search-all-matching-tokens.softhsm b/tests/search-all-matching-tokens.softhsm index 3cd26a66..44f90b88 100755 --- a/tests/search-all-matching-tokens.softhsm +++ b/tests/search-all-matching-tokens.softhsm @@ -1,5 +1,7 @@ -#!/bin/sh +#!/bin/bash +# Copyright © 2024 Mobi - Com Polska Sp. z o.o. +# Author: Małgorzata Olszówka # Copyright (C) 2015 Nikos Mavrogiannopoulos # # GnuTLS is free software; you can redistribute it and/or modify it @@ -29,93 +31,82 @@ outdir="output.$$" -# Load common test functions -. ${srcdir}/rsa-common.sh - -PIN=1234 -PUK=1234 - +PRIVATE_KEY="pkcs11:token=libp11-3;object=label-3;type=private;pin-value=1234" +PRIVATE_KEY_WITHOUT_TOKEN="pkcs11:object=label-3;type=private;pin-value=1234" +PUBLIC_KEY_ANY="pkcs11:type=public" +CERTIFICATE="pkcs11:object=label-3;type=cert;pin-value=1234" NUM_DEVICES=5 -# Initialize the SoftHSM DB -init_db - -# Create some devices -create_devices $NUM_DEVICES $PIN $PUK "libp11-test" "label" - -echo "Detected system: ${OSTYPE}" - - -case "${OSTYPE}" in - darwin* ) - SHARED_EXT=.dylib - ;; - *) - SHARED_EXT=.so - ;; -esac - -sed -e "s|@MODULE_PATH@|${MODULE}|g" -e \ - "s|@ENGINE_PATH@|../src/.libs/pkcs11${SHARED_EXT}|g" \ - <"${srcdir}/engines.cnf.in" >"${outdir}/engines.cnf" +# Load common test functions +. ${srcdir}/common.sh -export OPENSSL_ENGINES="../src/.libs/" export OPENSSL_CONF="${outdir}/engines.cnf" +echo "OPENSSL_CONF=${OPENSSL_CONF}" -PRIVATE_KEY="pkcs11:token=libp11-test-3;object=label-3;type=private;pin-value=1234" -PRIVATE_KEY_WITHOUT_TOKEN="pkcs11:object=label-3;type=private;pin-value=1234" -PUBLIC_KEY_ANY="pkcs11:type=public" -CERTIFICATE="pkcs11:object=label-3;type=cert;pin-value=1234" +# Do the token initialization, create some devices +init_token "rsa" ${NUM_DEVICES} "libp11" ${ID} "label" "privkey" "pubkey" "cert" -# Create input file +# Create the input file echo "secret" > "${outdir}/in.txt" +# Load openssl settings +TEMP_LD_LIBRARY_PATH=${LD_LIBRARY_PATH} +. ${srcdir}/openssl-settings.sh + +# Run the test # Verify that it doesn't try to login if more than one token matched the search -openssl pkeyutl -engine pkcs11 -keyform engine \ - -inkey "${PRIVATE_KEY_WITHOUT_TOKEN}" \ - -sign -out "${outdir}/signature.bin" -in "${outdir}/in.txt" -if test $? = 0;then +${WRAPPER} ${OPENSSL} pkeyutl -engine pkcs11 -keyform engine \ + -inkey ${PRIVATE_KEY_WITHOUT_TOKEN} -sign \ + -out "${outdir}/signature.bin" -in "${outdir}/in.txt" +if [[ $? -eq 0 ]]; then echo "Did not fail when the PKCS#11 URI matched multiple tokens" - exit 1; + exit 1 fi # Generate signature specifying the token in the PKCS#11 URI -openssl pkeyutl -engine pkcs11 -keyform engine -inkey "${PRIVATE_KEY}" \ - -sign -out "${outdir}/signature.bin" -in "${outdir}/in.txt" -if test $? != 0;then +${OPENSSL} pkeyutl -engine pkcs11 -keyform engine \ + -inkey ${PRIVATE_KEY} -sign -out "${outdir}/signature.bin" \ + -in "${outdir}/in.txt" +if [[ $? -ne 0 ]]; then echo "Failed to sign file using PKCS#11 URI ${PRIVATE_KEY}" - exit 1; + exit 1 fi # Verify the signature using the public key from each token i=0 -while [ $i -le ${NUM_DEVICES} ]; do +while [[ $i -lt ${NUM_DEVICES} ]]; do pubkey="pkcs11:object=label-$i;type=public;pin-value=1234" - openssl pkeyutl -engine pkcs11 -keyform engine -pubin -inkey "${pubkey}" \ - -verify -sigfile "${outdir}/signature.bin" -in "${outdir}/in.txt" - if test $? != 0;then + ${OPENSSL} pkeyutl -engine pkcs11 -keyform engine -pubin \ + -inkey ${pubkey} -verify -sigfile "${outdir}/signature.bin" \ + -in "${outdir}/in.txt" + if [[ $? -ne 0 ]]; then echo "Failed to verify the signature using the PKCS#11 URI ${pubkey}" - exit 1; + exit 1 fi i=$(($i + 1)) done # Verify the signature using a certificate without specifying the token -openssl pkeyutl -engine pkcs11 -keyform engine -pubin -inkey "${CERTIFICATE}" \ - -verify -sigfile "${outdir}/signature.bin" -in "${outdir}/in.txt" -if test $? != 0;then +${OPENSSL} pkeyutl -engine pkcs11 -keyform engine -pubin \ + -inkey ${CERTIFICATE} -verify -sigfile "${outdir}/signature.bin" \ + -in "${outdir}/in.txt" +if [[ $? -ne 0 ]]; then echo "Failed to verify the signature using the PKCS#11 URI ${CERTIFICATE}" - exit 1; + exit 1 fi # Verify the signature using the first public key found -openssl pkeyutl -engine pkcs11 -keyform engine -pubin -inkey "${PUBLIC_KEY_ANY}" \ - -verify -sigfile "${outdir}/signature.bin" -in "${outdir}/in.txt" -if test $? != 0;then +${OPENSSL} pkeyutl -engine pkcs11 -keyform engine -pubin \ + -inkey ${PUBLIC_KEY_ANY} -verify -sigfile "${outdir}/signature.bin" \ + -in "${outdir}/in.txt" +if [[ $? -ne 0 ]]; then echo "Failed to verify the signature using the PKCS#11 URI ${PUBLIC_KEY_ANY}." - exit 1; + exit 1 fi +# Restore settings +export LD_LIBRARY_PATH=${TEMP_LD_LIBRARY_PATH} + rm -rf "$outdir" exit 0