[pkg-opensc-commit] [engine-pkcs11] 126/152: tests: added basic test suite

Eric Dorland eric at moszumanska.debian.org
Mon Oct 19 03:11:25 UTC 2015 

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository engine-pkcs11.

commit df141548c1cb20c6c61ec5712281c7154ae3577b
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date:   Tue Sep 15 15:18:37 2015 +0200

    tests: added basic test suite
---
 .gitignore           |   5 +-
 Makefile.am          |   2 +-
 configure.ac         |   1 +
 tests/Makefile.am    |  23 ++++++
 tests/cert.der       | Bin 0 -> 805 bytes
 tests/common.sh      |  94 ++++++++++++++++++++++++
 tests/engines.cnf.in |  16 +++++
 tests/evp-sign.c     | 198 +++++++++++++++++++++++++++++++++++++++++++++++++++
 tests/key.der        | Bin 0 -> 1191 bytes
 tests/softhsm        |  39 ++++++++++
 10 files changed, 376 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 66ae442..8b461eb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,7 +20,10 @@ missing
 mkinstalldirs
 so_locations
 stamp-h*
-
+test-driver
+tests/evp-sign
+*.trs
+*.log
 .deps
 .libs
 .#*#
diff --git a/Makefile.am b/Makefile.am
index 36b372b..a22f0dd 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -15,7 +15,7 @@ MAINTAINERCLEANFILES = \
 	$(srcdir)/packaged
 EXTRA_DIST = .gitignore
 
-SUBDIRS = src
+SUBDIRS = src tests
 
 dist_noinst_SCRIPTS = bootstrap
 dist_doc_DATA = NEWS
diff --git a/configure.ac b/configure.ac
index 5c1efad..1675873 100644
--- a/configure.ac
+++ b/configure.ac
@@ -260,6 +260,7 @@ AC_CONFIG_FILES([
 	Makefile
 	src/Makefile
 	src/versioninfo.rc
+	tests/Makefile
 ])
 AC_OUTPUT
 
diff --git a/tests/Makefile.am b/tests/Makefile.am
new file mode 100644
index 0000000..88114f8
--- /dev/null
+++ b/tests/Makefile.am
@@ -0,0 +1,23 @@
+EXTRA_DIST = cert.der key.der common.sh engines.cnf.in
+
+AM_CFLAGS = $(OPENSSL_CFLAGS)
+AM_CPPFLAGS = \
+	-I$(top_srcdir)/ \
+	-I$(top_builddir)/
+
+AM_LDFLAGS = -no-install
+LDADD = $(OPENSSL_LIBS)
+
+evp_sign_SOURCES = evp-sign.c
+
+check_PROGRAMS = evp-sign
+dist_check_SCRIPTS = softhsm
+
+TESTS = $(dist_check_SCRIPTS)
+
+TESTS_ENVIRONMENT =						\
+	LC_ALL="C"						\
+	EXEEXT=$(EXEEXT)					\
+	top_builddir="$(top_builddir)"				\
+	srcdir="$(srcdir)"
+
diff --git a/tests/cert.der b/tests/cert.der
new file mode 100644
index 0000000..dee34e1
Binary files /dev/null and b/tests/cert.der differ
diff --git a/tests/common.sh b/tests/common.sh
new file mode 100644
index 0000000..8fb8a14
--- /dev/null
+++ b/tests/common.sh
@@ -0,0 +1,94 @@
+#!/bin/sh
+
+# Copyright (C) 2013 Nikos Mavrogiannopoulos
+# Copyright (C) 2015 Red Hat, Inc.
+#
+# This is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+mkdir -p $outdir
+
+if test -f /usr/lib64/pkcs11/libsofthsm2.so; then
+	ADDITIONAL_PARAM="/usr/lib64/pkcs11/libsofthsm2.so"
+else
+	if test -f /usr/lib/softhsm/libsofthsm.so; then
+		ADDITIONAL_PARAM="/usr/lib/softhsm/libsofthsm.so"
+	else
+		ADDITIONAL_PARAM="/usr/lib64/softhsm/libsofthsm.so"
+	fi
+fi
+
+if ! test -x /usr/bin/pkcs11-tool;then
+	exit 77
+fi
+
+init_card () {
+	PIN="$1"
+	PUK="$2"
+
+	if test -x "/usr/bin/softhsm2-util"; then
+		export SOFTHSM2_CONF="$outdir/softhsm-testpkcs11.config"
+		SOFTHSM_TOOL="/usr/bin/softhsm2-util"
+	fi
+
+	if test -x "/usr/bin/softhsm"; then
+		export SOFTHSM_CONF="$outdir/softhsm-testpkcs11.config"
+		SOFTHSM_TOOL="/usr/bin/softhsm"
+	fi
+
+	if test -z "${SOFTHSM_TOOL}"; then
+		echo "Could not find softhsm(2) tool"
+		exit 77
+	fi
+
+	if test -z "${SOFTHSM_CONF}"; then
+		rm -rf $outdir/softhsm-testpkcs11.db
+		mkdir -p $outdir/softhsm-testpkcs11.db
+		echo "objectstore.backend = file" > "${SOFTHSM2_CONF}"
+		echo "directories.tokendir = $outdir/softhsm-testpkcs11.db" >> "${SOFTHSM2_CONF}"
+	else
+		rm -rf $outdir/softhsm-testpkcs11.db
+		echo "0:$outdir/softhsm-testpkcs11.db" > "${SOFTHSM_CONF}"
+	fi
+
+
+	echo -n "* Initializing smart card... "
+	${SOFTHSM_TOOL} --init-token --slot 0 --label "libp11-test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null
+	if test $? = 0; then
+		echo ok
+	else
+		echo failed
+		exit 1
+	fi
+}
+
+PIN=1234
+PUK=1234
+init_card $PIN $PUK
+
+# generate key in token
+pkcs11-tool -p $PIN --module $ADDITIONAL_PARAM -d 00010203 -a server-key -l -w ${file_dir}/key.der -y privkey >/dev/null
+if test $? != 0;then
+	exit 1;
+fi
+
+pkcs11-tool -p $PIN --module $ADDITIONAL_PARAM -d 00010203 -a server-key -l -w ${file_dir}/cert.der -y cert >/dev/null
+if test $? != 0;then
+	exit 1;
+fi
+
+echo "***************"
+echo "Listing objects"
+echo "***************"
+pkcs11-tool -p $PIN --module $ADDITIONAL_PARAM -l -O
diff --git a/tests/engines.cnf.in b/tests/engines.cnf.in
new file mode 100644
index 0000000..cc43f68
--- /dev/null
+++ b/tests/engines.cnf.in
@@ -0,0 +1,16 @@
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+openssl_conf = openssl_def
+
+[openssl_def]
+engines = engine_section
+
+[engine_section]
+pkcs11 = pkcs11_section
+
+[pkcs11_section]
+engine_id = pkcs11
+dynamic_path = @ENGINE_PATH@
+MODULE_PATH = @MODULE_PATH@
+init = 0
diff --git a/tests/evp-sign.c b/tests/evp-sign.c
new file mode 100755
index 0000000..f371fdb
--- /dev/null
+++ b/tests/evp-sign.c
@@ -0,0 +1,198 @@
+/*
+ * Copyright (c) 2015 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <string.h>
+#include <getopt.h>
+#include <err.h>
+#include <arpa/inet.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include <openssl/conf.h>
+
+static void display_openssl_errors(int l)
+{
+	const char *file;
+	char buf[120];
+	int e, line;
+
+	if (ERR_peek_error() == 0)
+		return;
+	fprintf(stderr, "At main.c:%d:\n", l);
+
+	while ((e = ERR_get_error_line(&file, &line))) {
+		ERR_error_string(e, buf);
+		fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
+	}
+}
+
+int main(int argc, char **argv)
+{
+	char *hash_algo = NULL;
+	char *private_key_name, *x509_name, *module_name, *dest_name;
+	unsigned char buf[4096];
+	const EVP_MD *digest_algo;
+	EVP_PKEY *private_key, *pubkey;
+	char *key_pass;
+	X509 *x509;
+	unsigned n;
+	int ret;
+	long errline;
+	ENGINE *e;
+	CONF *conf;
+	EVP_MD_CTX ctx;
+	const char *module_path;
+	BIO *in, *b;
+
+	if (argc < 4) {
+		fprintf(stderr, "usage: %s [CONF] [private key URL] [module]\n", argv[0]);
+		exit(1);
+	}
+
+	private_key_name = argv[2];
+	module_path = argv[3];
+
+	ret = CONF_modules_load_file(argv[1], "engines", 0);
+	if (ret <= 0) {
+		fprintf(stderr, "cannot load %s\n", argv[1]);
+		display_openssl_errors(__LINE__);
+		exit(1);
+	}
+
+	ENGINE_add_conf_module();
+	OpenSSL_add_all_algorithms();
+	ERR_load_crypto_strings();
+	ERR_clear_error();
+
+	ENGINE_load_builtin_engines();
+	e = ENGINE_by_id("pkcs11");
+	if (!e) {
+		display_openssl_errors(__LINE__);
+		exit(1);
+	}
+
+	if (!ENGINE_ctrl_cmd_string(e, "MODULE_PATH", module_path, 0)) {
+		display_openssl_errors(__LINE__);
+		exit(1);
+	}
+
+	if (!ENGINE_init(e)) {
+		display_openssl_errors(__LINE__);
+		exit(1);
+	}
+
+#if 0
+	if (!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0)) {
+		display_openssl_errors(__LINE__);
+		exit(1);
+	}
+#endif
+
+	private_key = ENGINE_load_private_key(e, private_key_name, NULL, NULL);
+	if (!private_key) {
+		fprintf(stderr, "cannot load: %s\n", private_key_name);
+		display_openssl_errors(__LINE__);
+		exit(1);
+	}
+
+	x509_name = "cert.der";
+
+	b = BIO_new_file(x509_name, "rb");
+	if (!b) {
+		fprintf(stderr, "error loading %s\n", x509_name);
+		exit(1);
+	}
+
+	x509 = d2i_X509_bio(b, NULL);	/* Binary encoded X.509 */
+	if (!x509) {
+		BIO_reset(b);
+		x509 = PEM_read_bio_X509(b, NULL, NULL, NULL);	/* PEM encoded X.509 */
+	}
+	BIO_free(b);
+
+	if (!x509) {
+		fprintf(stderr, "error loading cert %s\n", x509_name);
+		exit(1);
+	}
+	pubkey = X509_get_pubkey(x509);
+
+	/* Digest the module data. */
+	OpenSSL_add_all_digests();
+	display_openssl_errors(__LINE__);
+
+	digest_algo = EVP_get_digestbyname("sha1");
+
+	EVP_MD_CTX_init(&ctx);
+	if (EVP_DigestInit(&ctx, digest_algo) <= 0) {
+		display_openssl_errors(__LINE__);
+		exit(1);
+	}
+
+	EVP_SignInit(&ctx, digest_algo);
+
+#define TEST_DATA "test data"
+	if (EVP_SignUpdate(&ctx, TEST_DATA, sizeof(TEST_DATA)) <= 0) {
+		display_openssl_errors(__LINE__);
+		exit(1);
+	}
+
+	n = sizeof(buf);
+	if (EVP_SignFinal(&ctx, buf, &n, private_key) <= 0) {
+		display_openssl_errors(__LINE__);
+		exit(1);
+	}
+
+	EVP_MD_CTX_init(&ctx);
+	if (EVP_DigestInit(&ctx, digest_algo) <= 0) {
+		display_openssl_errors(__LINE__);
+		exit(1);
+	}
+
+	if (EVP_DigestVerifyInit(&ctx, NULL, digest_algo, NULL, pubkey) <= 0) {
+		display_openssl_errors(__LINE__);
+		exit(1);
+	}
+
+	if (EVP_DigestVerifyUpdate(&ctx, TEST_DATA, sizeof(TEST_DATA)) <= 0) {
+		display_openssl_errors(__LINE__);
+		exit(1);
+	}
+
+	if (EVP_DigestVerifyFinal(&ctx, buf, n) <= 0) {
+		display_openssl_errors(__LINE__);
+		exit(1);
+	}
+
+	CONF_modules_unload(1);
+	return 0;
+}
diff --git a/tests/key.der b/tests/key.der
new file mode 100644
index 0000000..b96d3f8
Binary files /dev/null and b/tests/key.der differ
diff --git a/tests/softhsm b/tests/softhsm
new file mode 100755
index 0000000..97ae308
--- /dev/null
+++ b/tests/softhsm
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# Copyright (C) 2015 Nikos Mavrogiannopoulos
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+outdir="${srcdir}/output.$$"
+file_dir="${srcdir:-./}"
+
+. ${srcdir}/common.sh
+
+# This uses the engine for basic sign-verify operation.
+
+sed -e "s|@MODULE_PATH@|${ADDITIONAL_PARAM}|g" -e "s|@ENGINE_PATH@|../src/.libs/engine_pkcs11.so|g" <"${srcdir}/engines.cnf.in" >engines.cnf
+
+export OPENSSL_ENGINES="../src/.libs/"
+
+./evp-sign engines.cnf "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=libp11-test;id=%00%01%02%03;object=server-key;type=private;pin-value=1234" ${ADDITIONAL_PARAM}
+if test $? != 0;then
+	echo "Basic PKCS #11 test test failed"
+	exit 1;
+fi
+
+rm -rf "$outdir"
+rm -f engines.cnf
+
+exit 0

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/engine-pkcs11.git

More information about the pkg-opensc-commit mailing list