|
Packit |
aea12f |
#!/bin/sh
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Copyright (C) 2017 Red Hat, Inc.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# This file is part of p11-kit.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# p11-kit is free software; you can redistribute it and/or modify it
|
|
Packit |
aea12f |
# under the terms of the GNU General Public License as published by the
|
|
Packit |
aea12f |
# Free Software Foundation; either version 3 of the License, or (at
|
|
Packit |
aea12f |
# your option) any later version.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# p11-kit is distributed in the hope that it will be useful, but
|
|
Packit |
aea12f |
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
aea12f |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
aea12f |
# General Public License for more details.
|
|
Packit |
aea12f |
#
|
|
Packit |
aea12f |
# You should have received a copy of the GNU Lesser General Public License
|
|
Packit |
aea12f |
# along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#set -e
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
srcdir="${srcdir:-.}"
|
|
Packit |
aea12f |
builddir="${builddir:-.}"
|
|
Packit |
aea12f |
CERTTOOL="${CERTTOOL:-../src/certtool${EXEEXT}}"
|
|
Packit Service |
991b93 |
P11TOOL="${P11TOOL:-../src/p11tool${EXEEXT}}"
|
|
Packit |
aea12f |
DIFF="${DIFF:-diff}"
|
|
Packit |
aea12f |
PKGCONFIG="${PKG_CONFIG:-$(which pkg-config)}"
|
|
Packit |
aea12f |
TMP_SOFTHSM_DIR="./softhsm-load.$$.tmp"
|
|
Packit |
aea12f |
P11DIR="p11-kit-conf.$$.tmp"
|
|
Packit |
aea12f |
PIN=1234
|
|
Packit |
aea12f |
PUK=1234
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
for lib in ${libdir} ${libdir}/pkcs11 /usr/lib64/pkcs11/ /usr/lib/pkcs11/ /usr/lib/x86_64-linux-gnu/pkcs11/;do
|
|
Packit |
aea12f |
if test -f "${lib}/p11-kit-trust.so"; then
|
|
Packit |
aea12f |
TRUST_MODULE="${lib}/p11-kit-trust.so"
|
|
Packit |
aea12f |
echo "located ${MODULE}"
|
|
Packit |
aea12f |
break
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
done
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
for lib in ${libdir} ${libdir}/pkcs11 /usr/lib64/pkcs11/ /usr/lib/pkcs11/ /usr/lib/x86_64-linux-gnu/pkcs11/ /usr/lib/softhsm/;do
|
|
Packit |
aea12f |
if test -f "${lib}/libsofthsm2.so"; then
|
|
Packit |
aea12f |
SOFTHSM_MODULE="${lib}/libsofthsm2.so"
|
|
Packit |
aea12f |
echo "located ${MODULE}"
|
|
Packit |
aea12f |
break
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
done
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${PKGCONFIG} --version >/dev/null || exit 77
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
${PKGCONFIG} --atleast-version=0.23.10 p11-kit-1
|
|
Packit |
aea12f |
if test $? != 0;then
|
|
Packit |
aea12f |
echo p11-kit 0.23.10 is required
|
|
Packit |
aea12f |
exit 77
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if ! test -f "${TRUST_MODULE}"; then
|
|
Packit |
aea12f |
echo "p11-kit trust module was not found"
|
|
Packit |
aea12f |
exit 77
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if ! test -f "${SOFTHSM_MODULE}"; then
|
|
Packit |
aea12f |
echo "softhsm module was not found"
|
|
Packit |
aea12f |
exit 77
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Create pkcs11.conf with two modules, a trusted (p11-kit-trust)
|
|
Packit |
aea12f |
# and softhsm (not trusted)
|
|
Packit |
aea12f |
mkdir -p ${P11DIR}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
cat <<_EOF_ >${P11DIR}/p11-kit-trust.module
|
|
Packit |
aea12f |
module: p11-kit-trust.so
|
|
Packit |
aea12f |
trust-policy: yes
|
|
Packit |
aea12f |
_EOF_
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
cat <<_EOF_ >${P11DIR}/softhsm.module
|
|
Packit |
aea12f |
module: libsofthsm2.so
|
|
Packit |
aea12f |
_EOF_
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Setup softhsm
|
|
Packit |
aea12f |
rm -rf ${TMP_SOFTHSM_DIR}
|
|
Packit |
aea12f |
mkdir -p ${TMP_SOFTHSM_DIR}
|
|
Packit |
aea12f |
SOFTHSM2_CONF=${TMP_SOFTHSM_DIR}/conf
|
|
Packit |
aea12f |
export SOFTHSM2_CONF
|
|
Packit |
aea12f |
echo "objectstore.backend = file" > "${SOFTHSM2_CONF}"
|
|
Packit |
aea12f |
echo "directories.tokendir = ${TMP_SOFTHSM_DIR}" >> "${SOFTHSM2_CONF}"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
softhsm2-util --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1
|
|
Packit |
aea12f |
if test $? != 0; then
|
|
Packit |
aea12f |
echo "failed to initialize softhsm"
|
|
Packit |
aea12f |
exit 1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
GNUTLS_PIN="${PIN}" ${P11TOOL} --login --label GnuTLS-Test-RSA --generate-privkey rsa --provider "${SOFTHSM_MODULE}" pkcs11: --outfile /dev/null
|
|
Packit Service |
991b93 |
if test $? != 0; then
|
|
Packit Service |
991b93 |
echo "failed to generate privkey"
|
|
Packit Service |
991b93 |
exit 1
|
|
Packit Service |
991b93 |
fi
|
|
Packit Service |
991b93 |
|
|
Packit |
aea12f |
FILTERTOKEN="sed s/token=.*//g"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Check whether both are listed
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -a|${FILTERTOKEN}|sort -u|wc -l)
|
|
Packit |
aea12f |
#nr=$(${P11TOOL} --list-tokens|grep 'Module:'|sort -u|wc -l)
|
|
Packit |
aea12f |
if test "$nr" != 2;then
|
|
Packit |
aea12f |
echo "Error: did not find 2 modules ($nr)"
|
|
Packit |
aea12f |
${builddir}/pkcs11/list-tokens -o ${P11DIR}
|
|
Packit |
aea12f |
exit 1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Check whether whether list-tokens will list the trust module
|
|
Packit |
aea12f |
# if we only load softhsm. It shouldn't as we only load the
|
|
Packit |
aea12f |
# trust module when needed (e.g., verification).
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -m -s "${SOFTHSM_MODULE}"|${FILTERTOKEN}|sort -u|wc -l)
|
|
Packit |
aea12f |
if test "$nr" != 1;then
|
|
Packit |
aea12f |
echo "Error: did not find softhsm module"
|
|
Packit |
aea12f |
${builddir}/pkcs11/list-tokens -o ${P11DIR} -m -s "${SOFTHSM_MODULE}"
|
|
Packit |
aea12f |
exit 1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Check whether both modules are found when gnutls_pkcs11_init
|
|
Packit |
aea12f |
# is not called but a pkcs11 operation is called.
|
|
Packit |
aea12f |
nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -d|${FILTERTOKEN}|sort -u|wc -l)
|
|
Packit |
aea12f |
if test "$nr" != 2;then
|
|
Packit |
aea12f |
echo "Error in test 1: did not find 2 modules"
|
|
Packit |
aea12f |
${builddir}/pkcs11/list-tokens -o ${P11DIR} -d
|
|
Packit |
aea12f |
exit 1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Check whether both modules are found when gnutls_pkcs11_init
|
|
Packit |
aea12f |
# is called with the auto flag
|
|
Packit |
aea12f |
nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -a|${FILTERTOKEN}|sort -u|wc -l)
|
|
Packit |
aea12f |
if test "$nr" != 2;then
|
|
Packit |
aea12f |
echo "Error in test 2: did not find 2 modules"
|
|
Packit |
aea12f |
${builddir}/pkcs11/list-tokens -o ${P11DIR} -a
|
|
Packit |
aea12f |
exit 1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Check whether only trusted modules are listed when the
|
|
Packit |
aea12f |
# trusted flag is given to gnutls_pkcs11_init().
|
|
Packit |
aea12f |
nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -t|${FILTERTOKEN}|sort -u|wc -l)
|
|
Packit |
aea12f |
if test "$nr" != 1;then
|
|
Packit |
aea12f |
echo "Error in test 3: did not find the trusted module"
|
|
Packit |
aea12f |
${builddir}/pkcs11/list-tokens -o ${P11DIR} -t
|
|
Packit |
aea12f |
exit 1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Check whether only trusted is listed after certificate verification
|
|
Packit |
aea12f |
# is performed.
|
|
Packit |
aea12f |
nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -v|${FILTERTOKEN}|sort -u|wc -l)
|
|
Packit |
aea12f |
if test "$nr" != 1;then
|
|
Packit |
aea12f |
echo "Error in test 4: did not find 1 module"
|
|
Packit |
aea12f |
${builddir}/pkcs11/list-tokens -o ${P11DIR} -v
|
|
Packit |
aea12f |
exit 1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Check whether only trusted is listed when gnutls_pkcs11_init
|
|
Packit |
aea12f |
# is called with manual flag and a certificate verification is performed.
|
|
Packit |
aea12f |
nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -m -v|${FILTERTOKEN}|sort -u|wc -l)
|
|
Packit |
aea12f |
if test "$nr" != 1;then
|
|
Packit |
aea12f |
echo "Error in test 5: did not find 1 module"
|
|
Packit |
aea12f |
${builddir}/pkcs11/list-tokens -o ${P11DIR} -m -v
|
|
Packit |
aea12f |
exit 1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Check whether all modules are listed after certificate verification
|
|
Packit |
aea12f |
# is performed then a PKCS#11 function is called.
|
|
Packit |
aea12f |
nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -v -d|${FILTERTOKEN}|sort -u|wc -l)
|
|
Packit |
aea12f |
if test "$nr" != 2;then
|
|
Packit |
aea12f |
echo "Error in test 6: did not find all modules"
|
|
Packit |
aea12f |
${builddir}/pkcs11/list-tokens -o ${P11DIR} -v -d
|
|
Packit |
aea12f |
exit 1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
# Check whether all modules are listed after a private key operation.
|
|
Packit |
aea12f |
nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -p|${FILTERTOKEN}|sort -u|wc -l)
|
|
Packit |
aea12f |
if test "$nr" != 2;then
|
|
Packit |
aea12f |
echo "Error in test 7: did not find all modules"
|
|
Packit |
aea12f |
${builddir}/pkcs11/list-tokens -o ${P11DIR} -p
|
|
Packit |
aea12f |
exit 1
|
|
Packit |
aea12f |
fi
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
# Check whether public key and privkey are listed.
|
|
Packit Service |
991b93 |
nr=$(GNUTLS_PIN="${PIN}" ${builddir}/pkcs11/list-objects -o ${P11DIR} -t all pkcs11:token=GnuTLS-Test|sort -u|wc -l)
|
|
Packit Service |
991b93 |
if test "$nr" != 2;then
|
|
Packit Service |
991b93 |
echo "Error in test 8: did not find all objects"
|
|
Packit Service |
991b93 |
${builddir}/pkcs11/list-objects -o ${P11DIR} -t all pkcs11:token=GnuTLS-Test
|
|
Packit Service |
991b93 |
exit 1
|
|
Packit Service |
991b93 |
fi
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
# Check whether all privkeys are listed even if trust module is registered.
|
|
Packit Service |
991b93 |
nr=$(GNUTLS_PIN="${PIN}" ${builddir}/pkcs11/list-objects -o ${P11DIR} -t privkey pkcs11:|sort -u|wc -l)
|
|
Packit Service |
991b93 |
if test "$nr" != 1;then
|
|
Packit Service |
991b93 |
echo "Error in test 9: did not find privkey objects"
|
|
Packit Service |
991b93 |
${builddir}/pkcs11/list-objects -o ${P11DIR} -t privkey pkcs11:
|
|
Packit Service |
991b93 |
exit 1
|
|
Packit Service |
991b93 |
fi
|
|
Packit Service |
991b93 |
|
|
Packit |
aea12f |
rm -f ${P11DIR}/*
|
|
Packit |
aea12f |
rm -rf ${TMP_SOFTHSM_DIR}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
exit 0
|