Add PKCS#11 tests

Looks like we *only* accept PIN with ;pin-value= for GnuTLS, and we
*only* accept it with --key-password= for OpenSSL. Must fix...

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/configure.ac b/configure.ac
index 66ae52ac68d066d8efa37a5cce0056d454c64d57..44d9a1df1f30827260a2fee3c8a8105ee3c3936d 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -531,6 +531,13 @@ case "$ssl_library" in
        ;;
 esac
 
+
+test_pkcs11=no
+if test "$pkcs11_support" != ""; then
+   AC_CHECK_PROG(test_pkcs11, softhsm2-util, yes)
+fi
+AM_CONDITIONAL(TEST_PKCS11, [ test "$test_pkcs11" != "yes" ])
+
 # The test is OpenSSL-only for now.
 AM_CONDITIONAL(CHECK_DTLS, [ test "$dtls_lib" = "openssl" ])
 
@@ -1057,7 +1064,8 @@ AC_SUBST(GITVERSIONDEPS)
 
 AC_CONFIG_FILES(Makefile openconnect.pc po/Makefile www/Makefile \
                libopenconnect.map openconnect.8 www/styles/Makefile \
-               www/inc/Makefile www/images/Makefile tests/Makefile)
+               www/inc/Makefile www/images/Makefile tests/Makefile \
+               tests/softhsm2.conf)
 AC_OUTPUT
 
 AC_DEFUN([SUMMARY],

diff --git a/tests/.config/pkcs11/modules/softhsm2.module b/tests/.config/pkcs11/modules/softhsm2.module
new file mode 100644 (file)
index 0000000..2f06e09
--- /dev/null
+++ b/tests/.config/pkcs11/modules/softhsm2.module
@@ -0,0 +1 @@
+module:/usr/lib64/pkcs11/libsofthsm2.so

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 6677af9c2942810ebf1b323d194e4a1f466d828f..c39e900e4ec3c5beea9160472dc6c2467317352f 100644 (file)
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -37,13 +37,22 @@ EXTRA_DIST = certs/ca.pem certs/ca-key.pem certs/user-cert.pem $(USER_KEYS) \
        common.sh configs/test-user-cert.config configs/test-user-pass.config \
        configs/user-cert.prm
 
+dist_check_SCRIPTS =
+
 if HAVE_CWRAP
-dist_check_SCRIPTS = auth-username-pass auth-certificate
+dist_check_SCRIPTS += auth-username-pass auth-certificate auth-pkcs11
+endif
+if TEST_PKCS11
+dist_check_SCRIPTS += auth-pkcs11
+PKCS11_KEYS = object=RSA id=%01
+#PKCS11_KEYS += object=DSA id=%02
+#PKCS11_KEYS += object=EC id=%03
 endif
 
 TESTS_ENVIRONMENT = srcdir="$(srcdir)" \
        top_builddir="$(top_builddir)" \
-       key_list="$(USER_KEYS)"
+       key_list="$(USER_KEYS)" \
+       pkcs11_keys="$(PKCS11_KEYS)"
 
 
 noinst_PROGRAMS = lzstest seqtest
@@ -142,3 +151,30 @@ $(certsdir)/ec-key-pkcs1-aes128.pem: certs/ec-key-pkcs1.pem
 %.pem: %.csr
        $(OPENSSL) x509 -days 3650 -CA $(certsdir)/ca.pem -CAkey $(certsdir)/ca-key.pem \
                -set_serial $(shell date +%s) -req -out $@ -in $<
+
+SHM2_UTIL=HOME=$(srcdir) SOFTHSM2_CONF=softhsm2.conf softhsm2-util
+P11TOOL=HOME=$(srcdir) SOFTHSM2_CONF=softhsm2.conf p11tool
+
+softhsm-setup:
+       $(SHM2_UTIL) --show-slots
+       $(SHM2_UTIL) --init-token --slot 0 --label openconnect-test \
+               --so-pin 12345678 --pin 1234
+       $(P11TOOL) --load-privkey $(certsdir)/user-key-pkcs8.pem \
+                  --label RSA --id 01 --set-pin 1234 --login \
+                  --write "pkcs11:token=openconnect-test;pin-value=1234"
+       $(P11TOOL) --load-certificate $(certsdir)/user-cert.pem --no-mark-private \
+                  --label RSA --id 01 --set-pin 1234 --login \
+                  --write "pkcs11:token=openconnect-test;pin-value=1234"
+       $(P11TOOL) --load-privkey $(certsdir)/dsa-key-pkcs8.pem \
+                  --label DSA --id 02 --set-pin 1234 --login \
+                  --write "pkcs11:token=openconnect-test;pin-value=1234"
+       $(P11TOOL) --load-certificate $(certsdir)/dsa-cert.pem --no-mark-private \
+                  --label DSA --id 02 --set-pin 1234 --login \
+                  --write "pkcs11:token=openconnect-test;pin-value=1234"
+       $(P11TOOL) --load-privkey $(certsdir)/ec-key-pkcs8.pem \
+                  --label EC --id 03 --set-pin 1234 --login \
+                  --write "pkcs11:token=openconnect-test;pin-value=1234"
+       $(P11TOOL) --load-certificate $(certsdir)/ec-cert.pem --no-mark-private \
+                  --label EC --id 03 --set-pin 1234 --login \
+                  --write "pkcs11:token=openconnect-test;pin-value=1234"
+

diff --git a/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/0d427336-1da0-a4d1-e24f-bbb5d9e81a73.lock b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/0d427336-1da0-a4d1-e24f-bbb5d9e81a73.lock
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/0d427336-1da0-a4d1-e24f-bbb5d9e81a73.object b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/0d427336-1da0-a4d1-e24f-bbb5d9e81a73.object
new file mode 100644 (file)
index 0000000..f2674cc
Binary files /dev/null and b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/0d427336-1da0-a4d1-e24f-bbb5d9e81a73.object differ

diff --git a/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/2e3492cb-4040-68b3-2380-7da8f5624d2b.lock b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/2e3492cb-4040-68b3-2380-7da8f5624d2b.lock
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/2e3492cb-4040-68b3-2380-7da8f5624d2b.object b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/2e3492cb-4040-68b3-2380-7da8f5624d2b.object
new file mode 100644 (file)
index 0000000..ebf56d0
Binary files /dev/null and b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/2e3492cb-4040-68b3-2380-7da8f5624d2b.object differ

diff --git a/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/38ae199d-9924-2298-61ce-adc666caa9fb.lock b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/38ae199d-9924-2298-61ce-adc666caa9fb.lock
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/38ae199d-9924-2298-61ce-adc666caa9fb.object b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/38ae199d-9924-2298-61ce-adc666caa9fb.object
new file mode 100644 (file)
index 0000000..1e8730e
Binary files /dev/null and b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/38ae199d-9924-2298-61ce-adc666caa9fb.object differ

diff --git a/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/ce128197-400d-5cd6-eba0-84e965d9df04.lock b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/ce128197-400d-5cd6-eba0-84e965d9df04.lock
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/ce128197-400d-5cd6-eba0-84e965d9df04.object b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/ce128197-400d-5cd6-eba0-84e965d9df04.object
new file mode 100644 (file)
index 0000000..8146314
Binary files /dev/null and b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/ce128197-400d-5cd6-eba0-84e965d9df04.object differ

diff --git a/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/db3f63d5-bdd4-879a-da53-1367c4039081.lock b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/db3f63d5-bdd4-879a-da53-1367c4039081.lock
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/db3f63d5-bdd4-879a-da53-1367c4039081.object b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/db3f63d5-bdd4-879a-da53-1367c4039081.object
new file mode 100644 (file)
index 0000000..8ea3121
Binary files /dev/null and b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/db3f63d5-bdd4-879a-da53-1367c4039081.object differ

diff --git a/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/e78dff6e-ad72-c5b7-4604-42d43179e324.lock b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/e78dff6e-ad72-c5b7-4604-42d43179e324.lock
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/e78dff6e-ad72-c5b7-4604-42d43179e324.object b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/e78dff6e-ad72-c5b7-4604-42d43179e324.object
new file mode 100644 (file)
index 0000000..710fe74
Binary files /dev/null and b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/e78dff6e-ad72-c5b7-4604-42d43179e324.object differ

diff --git a/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/generation b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/generation
new file mode 100644 (file)
index 0000000..379d85c
Binary files /dev/null and b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/generation differ

diff --git a/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/token.lock b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/token.lock
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/token.object b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/token.object
new file mode 100644 (file)
index 0000000..ab3be93
Binary files /dev/null and b/tests/softhsm/47db3ffc-cacd-71d6-d4c4-174ce337f765/token.object differ