From: Nikos Mavrogiannopoulos Date: Sat, 5 Apr 2014 08:04:29 +0000 (+0200) Subject: Converted the PKCS #11 test suite to use softhsm X-Git-Tag: gnutls_3_3_0~40 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=060fb3630f471fca41ab0d31e5e14fe2ca548f15;p=thirdparty%2Fgnutls.git Converted the PKCS #11 test suite to use softhsm That allows us running it in the normal test suite. --- diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am index fd199531ae..c989e8e4fe 100644 --- a/tests/suite/Makefile.am +++ b/tests/suite/Makefile.am @@ -83,9 +83,11 @@ nodist_libecore_la_SOURCES = ecore/src/lib/ecore_anim.c \ -nodist_check_SCRIPTS = eagain testsrn testcompat chain invalid-cert testrandom +nodist_check_SCRIPTS = eagain testsrn testcompat chain invalid-cert testrandom \ + testpkcs11 -TESTS = ciphersuite/test-ciphersuites.sh eagain testsrn testcompat chain invalid-cert +TESTS = ciphersuite/test-ciphersuites.sh eagain testsrn testcompat chain invalid-cert \ + testpkcs11 if ENABLE_PKCS11 check_PROGRAMS += pkcs11-chainverify diff --git a/tests/suite/pkcs11-chainverify.c b/tests/suite/pkcs11-chainverify.c index 845cfefc56..d990315f08 100644 --- a/tests/suite/pkcs11-chainverify.c +++ b/tests/suite/pkcs11-chainverify.c @@ -36,6 +36,7 @@ #include "../test-chains.h" #define URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test" +#define CONFIG "softhsm.config" /* GnuTLS internally calls time() to find out the current time when verifying certificates. To avoid a time bomb, we hard code the @@ -113,7 +114,7 @@ void doit(void) gnutls_global_set_log_level(4711); /* write softhsm.config */ - fp = fopen("softhsm.config", "w"); + fp = fopen(CONFIG, "w"); if (fp == NULL) { fprintf(stderr, "error writing softhsm.config\n"); exit(1); @@ -121,7 +122,7 @@ void doit(void) fputs("0:./softhsm.db\n", fp); fclose(fp); - setenv("SOFTHSM_CONF", "softhsm.config", 0); + setenv("SOFTHSM_CONF", CONFIG, 0); system("softhsm --init-token --slot 0 --label test --so-pin 1234 --pin 1234"); @@ -292,6 +293,7 @@ void doit(void) if (debug) printf("Exit status...%d\n", exit_val); + remove(CONFIG); exit(exit_val); } diff --git a/tests/suite/testpkcs11 b/tests/suite/testpkcs11 old mode 100644 new mode 100755 index af7e862a6f..6f3ffd23d7 --- a/tests/suite/testpkcs11 +++ b/tests/suite/testpkcs11 @@ -36,26 +36,45 @@ fi echo "Testing PKCS11 support" # erase SC -echo -n "* Erasing smart card... " -pkcs15-init -E >/dev/null 2>&1 -if test $? = 0;then - echo ok -else - echo failed - exit 1 -fi -echo -n "* Initializing smart card... " -pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin 1234 --pin 1234 --puk 111111 --label "GnuTLS-Test" >/dev/null 2>&1 -if test $? = 0;then - echo ok +if test "$1" = "pkcs15";then + echo -n "* Erasing smart card... " + pkcs15-init -E >/dev/null 2>&1 + if test $? = 0;then + echo ok + else + echo failed + exit 1 + fi + + echo -n "* Initializing smart card... " + pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin 1234 --pin 1234 --puk 111111 --label "GnuTLS-Test" >/dev/null 2>&1 + if test $? = 0;then + echo ok + else + echo failed + exit 1 + fi else - echo failed - exit 1 + export SOFTHSM_CONF="softhsm.config" + if test -f /usr/lib/softhsm/libsofthsm.so;then + ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so" + else + ADDITIONAL_PARAM="--provider /usr/lib/softhsm/libsofthsm.so" + fi + + echo -n "* Initializing smart card... " + softhsm --init-token --slot 0 --label "GnuTLS-Test" --so-pin 1234 --pin 1234 >/dev/null 2>&1 + if test $? = 0;then + echo ok + else + echo failed + exit 1 + fi fi # find token name -TOKEN=`$P11TOOL --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` +TOKEN=`$P11TOOL $ADDITIONAL_PARAM --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` echo "* Token: $TOKEN" if test x"$TOKEN" = x;then @@ -66,7 +85,7 @@ fi export GNUTLS_PIN=1234 echo -n "* Writing a client private key... " -$P11TOOL --login --write --label gnutls-client2 --load-privkey $srcdir/pkcs11-certs/client.key "$TOKEN" >/dev/null 2>&1 +$P11TOOL $ADDITIONAL_PARAM --login --write --label gnutls-client2 --load-privkey $srcdir/pkcs11-certs/client.key "$TOKEN" >/dev/null 2>&1 if test $? = 0;then echo ok else @@ -75,7 +94,7 @@ else fi echo -n "* Generating client private key... " -$P11TOOL --login --label gnutls-client --generate-rsa --bits 1024 "$TOKEN" >tmp-client.pub 2>&1 +$P11TOOL $ADDITIONAL_PARAM --login --label gnutls-client --generate-rsa --bits 1024 "$TOKEN" >tmp-client.pub 2>&1 if test $? = 0;then echo ok else @@ -84,7 +103,7 @@ else fi echo -n "* Generating client certificate... " -$CERTTOOL --generate-certificate --load-ca-privkey $srcdir/pkcs11-certs/ca.key --load-ca-certificate $srcdir/pkcs11-certs/ca.crt \ +$CERTTOOL $ADDITIONAL_PARAM --generate-certificate --load-ca-privkey $srcdir/pkcs11-certs/ca.key --load-ca-certificate $srcdir/pkcs11-certs/ca.crt \ --template $srcdir/pkcs11-certs/client-tmpl --load-privkey "$TOKEN;object=gnutls-client;object-type=private" \ --load-pubkey tmp-client.pub > tmp-client.crt 2>/dev/null if test $? = 0;then @@ -95,7 +114,7 @@ else fi echo -n "* Writing client certificate... " -$P11TOOL --login --write --label gnutls-client --load-certificate tmp-client.crt "$TOKEN" >/dev/null 2>&1 +$P11TOOL $ADDITIONAL_PARAM --login --write --label gnutls-client --load-certificate tmp-client.crt "$TOKEN" >/dev/null 2>&1 if test $? = 0;then echo ok else @@ -104,7 +123,7 @@ else fi echo -n "* Writing certificate of client's CA... " -$P11TOOL --login --write --label gnutls-ca --load-certificate $srcdir/pkcs11-certs/ca.crt "$TOKEN" >/dev/null 2>&1 +$P11TOOL $ADDITIONAL_PARAM --so-login --write --trusted --label gnutls-ca --load-certificate $srcdir/pkcs11-certs/ca.crt "$TOKEN" >/dev/null 2>&1 if test $? = 0;then echo ok else @@ -113,7 +132,7 @@ else fi echo -n "* Trying to obtain back the cert... " -$P11TOOL --export "$TOKEN;object=gnutls-ca;object-type=cert" >crt1.tmp 2>/dev/null +$P11TOOL $ADDITIONAL_PARAM --export "$TOKEN;object=gnutls-ca;object-type=cert" >crt1.tmp 2>/dev/null $DIFF crt1.tmp $srcdir/pkcs11-certs/ca.crt if test $? != 0;then echo "failed. Exported certificate differs!" @@ -128,7 +147,7 @@ else fi echo -n "* Trying to obtain the full chain... " -$P11TOOL --export-chain "$TOKEN;object=gnutls-client;object-type=cert"|$CERTTOOL -i >crt1.tmp 2>/dev/null +$P11TOOL $ADDITIONAL_PARAM --login --export-chain "$TOKEN;object=gnutls-client;object-type=cert"|$CERTTOOL -i >crt1.tmp 2>/dev/null cat tmp-client.crt $srcdir/pkcs11-certs/ca.crt|$CERTTOOL -i >crt2.tmp $DIFF crt1.tmp crt2.tmp @@ -153,14 +172,14 @@ PID=$! wait_server $PID # connect to server using SC -$CLI -p $PORT localhost --priority NORMAL --x509cafile=$srcdir/pkcs11-certs/ca.crt /dev/null 2>&1 && \ +$CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509cafile=$srcdir/pkcs11-certs/ca.crt /dev/null 2>&1 && \ fail $PID "Connection should have failed!" -$CLI -p $PORT localhost --priority NORMAL --x509certfile=$srcdir/pkcs11-certs/client.crt \ +$CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509certfile=$srcdir/pkcs11-certs/client.crt \ --x509keyfile=$srcdir/pkcs11-certs/client.key --x509cafile=$srcdir/pkcs11-certs/ca.crt /dev/null 2>&1 || \ fail $PID "Connection (with files) should have succeeded!" -$CLI -p $PORT localhost --priority NORMAL --x509certfile="$TOKEN;object=gnutls-client;object-type=cert" \ +$CLI $ADDITIONAL_PARAM -p $PORT localhost --priority NORMAL --x509certfile="$TOKEN;object=gnutls-client;object-type=cert" \ --x509keyfile="$TOKEN;object=gnutls-client;object-type=private" \ --x509cafile=$srcdir/pkcs11-certs/ca.crt /dev/null 2>&1 || \ fail $PID "Connection (with SC) should have succeeded!"