2008-04-07 21:28:37 +00:00
|
|
|
OPENSC_FEATURES = pcsc
|
|
|
|
|
2011-04-12 07:40:12 +00:00
|
|
|
#Include support for minidriver
|
|
|
|
MINIDRIVER_DEF = /DENABLE_MINIDRIVER
|
2010-12-06 15:47:03 +00:00
|
|
|
|
2015-09-11 08:55:34 +00:00
|
|
|
#Build MSI with the Windows Installer XML (WIX) toolkit, requires WIX >= 3.9
|
2017-05-31 14:31:43 +00:00
|
|
|
!IF "$(WIX)" == ""
|
|
|
|
# at least WiX 3.11 sets the WIX environment variable to its path
|
2017-05-31 14:43:15 +00:00
|
|
|
WIX = C:\Program Files\WiX Toolset v3.10
|
2017-05-31 14:31:43 +00:00
|
|
|
!ENDIF
|
2017-05-31 14:43:15 +00:00
|
|
|
!IF "$(DEVENVDIR)" == "C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\" || "$(DEVENVDIR)" == "C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\"
|
2017-05-31 14:31:43 +00:00
|
|
|
WIXVSVER = VS2010
|
|
|
|
!ENDIF
|
|
|
|
!IF "$(VISUALSTUDIOVERSION)" == "12.0"
|
|
|
|
WIXVSVER = VS2013
|
|
|
|
!ENDIF
|
|
|
|
!IF "$(VISUALSTUDIOVERSION)" == "14.0"
|
|
|
|
WIXVSVER = VS2015
|
|
|
|
!ENDIF
|
|
|
|
WIX_INCL_DIR = "/I$(WIX)\SDK\$(WIXVSVER)\inc"
|
2017-05-31 14:43:15 +00:00
|
|
|
WIX_LIBS = "$(WIX)\SDK\$(WIXVSVER)\lib\$(PLATFORM)\dutil.lib" "$(WIX)\SDK\$(WIXVSVER)\lib\$(PLATFORM)\wcautil.lib"
|
2015-04-24 13:58:54 +00:00
|
|
|
|
PKCS#11 testsuite (#1224)
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
2018-05-18 10:31:55 +00:00
|
|
|
# We do not build tests on windows
|
|
|
|
#TESTS_DEF = /DENABLE_TESTS
|
|
|
|
|
2012-06-07 20:22:58 +00:00
|
|
|
#Include support for Secure Messaging
|
|
|
|
SM_DEF = /DENABLE_SM
|
|
|
|
|
|
|
|
#Build with debugging support
|
|
|
|
#DEBUG_DEF = /DDEBUG
|
|
|
|
|
2011-02-16 19:02:11 +00:00
|
|
|
# If you want support for OpenSSL (needed for pkcs15-init tool, software hashing in PKCS#11 library and verification):
|
2005-01-16 21:12:38 +00:00
|
|
|
# - download and build OpenSSL
|
|
|
|
# - uncomment the line starting with OPENSSL_DEF
|
|
|
|
# - set the OPENSSL_INCL_DIR below to your openssl include directory, preceded by "/I"
|
|
|
|
# - set the OPENSSL_LIB below to your openssl lib file
|
2015-09-23 06:21:57 +00:00
|
|
|
#OPENSSL_DEF= /DENABLE_OPENSSL
|
2008-04-07 19:42:43 +00:00
|
|
|
!IF "$(OPENSSL_DEF)" == "/DENABLE_OPENSSL"
|
2017-05-31 14:43:15 +00:00
|
|
|
!IF "$(PLATFORM)" == "x86"
|
2011-04-01 08:06:25 +00:00
|
|
|
OPENSSL_DIR = C:\OpenSSL-Win32
|
2017-05-31 14:43:15 +00:00
|
|
|
!ELSE
|
|
|
|
OPENSSL_DIR = C:\OpenSSL-Win64
|
2011-04-01 08:06:25 +00:00
|
|
|
!ENDIF
|
|
|
|
OPENSSL_INCL_DIR = /I$(OPENSSL_DIR)\include
|
2012-06-07 20:22:58 +00:00
|
|
|
|
2015-09-11 08:55:34 +00:00
|
|
|
#define OPENSSL_STATIC if you have visual studio compatible with OpenSSL's static binaries
|
|
|
|
OPENSSL_STATIC_DIR = static
|
|
|
|
|
2012-06-07 20:22:58 +00:00
|
|
|
!IF "$(DEBUG_DEF)" == "/DDEBUG"
|
2017-07-21 12:05:47 +00:00
|
|
|
!IF "$(PLATFORM)" == "x86"
|
2017-08-02 16:14:25 +00:00
|
|
|
# OpenSSL 1.0.2
|
|
|
|
OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libeay32MTd.lib user32.lib advapi32.lib crypt32.lib ws2_32.lib
|
|
|
|
# OpenSSL 1.1.0
|
|
|
|
#OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libcrypto32MTd.lib user32.lib advapi32.lib crypt32.lib ws2_32.lib
|
2017-07-21 12:05:47 +00:00
|
|
|
!ELSE
|
2017-08-02 16:14:25 +00:00
|
|
|
# OpenSSL 1.0.2
|
|
|
|
OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libeay32MTd.lib user32.lib advapi32.lib crypt32.lib ws2_32.lib
|
|
|
|
# OpenSSL 1.1.0
|
|
|
|
#OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libcrypto64MTd.lib user32.lib advapi32.lib crypt32.lib ws2_32.lib
|
2017-07-21 12:05:47 +00:00
|
|
|
!ENDIF
|
2012-06-07 20:22:58 +00:00
|
|
|
!ELSE
|
2017-07-21 12:05:47 +00:00
|
|
|
!IF "$(PLATFORM)" == "x86"
|
2017-08-02 16:14:25 +00:00
|
|
|
# OpenSSL 1.0.2
|
|
|
|
OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libeay32MT.lib user32.lib advapi32.lib crypt32.lib ws2_32.lib
|
|
|
|
# OpenSSL 1.1.0
|
|
|
|
#OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libcrypto32MT.lib user32.lib advapi32.lib crypt32.lib ws2_32.lib
|
2017-07-21 12:05:47 +00:00
|
|
|
!ELSE
|
2017-08-02 16:14:25 +00:00
|
|
|
# OpenSSL 1.0.2
|
|
|
|
OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libeay32MT.lib user32.lib advapi32.lib crypt32.lib ws2_32.lib
|
|
|
|
# OpenSSL 1.1.0
|
|
|
|
#OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libcrypto64MT.lib user32.lib advapi32.lib crypt32.lib ws2_32.lib
|
2017-07-21 12:05:47 +00:00
|
|
|
!ENDIF
|
2012-06-07 20:22:58 +00:00
|
|
|
!ENDIF
|
2010-12-09 09:16:03 +00:00
|
|
|
|
2015-09-23 06:23:28 +00:00
|
|
|
PROGRAMS_OPENSSL = cryptoflex-tool.exe pkcs15-init.exe netkey-tool.exe piv-tool.exe \
|
2015-11-06 07:24:16 +00:00
|
|
|
westcos-tool.exe sc-hsm-tool.exe dnie-tool.exe gids-tool.exe npa-tool.exe
|
2008-04-07 21:28:37 +00:00
|
|
|
OPENSC_FEATURES = $(OPENSC_FEATURES) openssl
|
2015-09-30 05:13:59 +00:00
|
|
|
CANDLEFLAGS = -dOpenSSL="$(OPENSSL_DIR)" $(CANDLEFLAGS)
|
2005-01-16 21:12:38 +00:00
|
|
|
!ENDIF
|
|
|
|
|
2010-12-09 09:16:03 +00:00
|
|
|
|
2009-01-29 11:47:45 +00:00
|
|
|
# If you want support for zlib (Used for PIV, infocamere and actalis):
|
2015-09-11 08:55:34 +00:00
|
|
|
# - Download zlib-dll and
|
2007-03-10 10:46:32 +00:00
|
|
|
# - uncomment the line starting with ZLIB_DEF
|
|
|
|
# - set the ZLIB_INCL_DIR below to the zlib include lib proceeded by "/I"
|
|
|
|
# - set the ZLIB_LIB below to your zlib lib file
|
2015-09-23 06:21:57 +00:00
|
|
|
#ZLIB_DEF = /DENABLE_ZLIB
|
2015-12-26 17:44:57 +00:00
|
|
|
!IF "$(ZLIBSTATIC_DEF)" == "/DENABLE_ZLIB_STATIC"
|
|
|
|
ZLIB_DEF = /DENABLE_ZLIB
|
2017-06-01 08:01:42 +00:00
|
|
|
!IF "$(ZLIB_INCL_DIR)" == ""
|
2015-12-26 17:44:57 +00:00
|
|
|
ZLIB_INCL_DIR = /IC:\zlib
|
2017-06-01 08:01:42 +00:00
|
|
|
!ENDIF
|
|
|
|
!IF "$(ZLIB_LIB)" == ""
|
2015-12-26 17:44:57 +00:00
|
|
|
ZLIB_LIB = C:\zlib\zlib.lib
|
2017-06-01 08:01:42 +00:00
|
|
|
!ENDIF
|
2015-12-26 17:44:57 +00:00
|
|
|
OPENSC_FEATURES = $(OPENSC_FEATURES) zlib
|
2017-06-01 08:01:42 +00:00
|
|
|
!ELSEIF "$(ZLIB_DEF)" == "/DENABLE_ZLIB"
|
|
|
|
!IF "$(ZLIB_INCL_DIR)" == ""
|
2015-09-11 08:55:34 +00:00
|
|
|
ZLIB_INCL_DIR = /IC:\zlib-dll\include
|
2017-06-01 08:01:42 +00:00
|
|
|
!ENDIF
|
|
|
|
!IF "$(ZLIB_LIB)" == ""
|
2015-09-11 08:55:34 +00:00
|
|
|
ZLIB_LIB = C:\zlib-dll\lib\zdll.lib
|
2017-06-01 08:01:42 +00:00
|
|
|
!ENDIF
|
2008-04-07 21:28:37 +00:00
|
|
|
OPENSC_FEATURES = $(OPENSC_FEATURES) zlib
|
2015-09-30 05:13:59 +00:00
|
|
|
CANDLEFLAGS = -dzlib="C:\zlib-dll" $(CANDLEFLAGS)
|
2007-03-10 10:46:32 +00:00
|
|
|
!ENDIF
|
|
|
|
|
2015-12-26 17:44:57 +00:00
|
|
|
|
2015-11-06 07:24:16 +00:00
|
|
|
# If you want support for EAC:
|
|
|
|
# - Download OpenPACE and
|
|
|
|
# - uncomment the line starting with OPENPACE_DEF
|
2018-04-14 17:38:34 +00:00
|
|
|
# - set the OPENPACE_INCL_DIR below to the OpenPACE include directory preceded by "/I"
|
2015-11-06 07:24:16 +00:00
|
|
|
# - set the OPENPACE_LIB below to your OpenPACE lib file
|
|
|
|
#OPENPACE_DEF= /DENABLE_OPENPACE
|
|
|
|
!IF "$(OPENPACE_DEF)" == "/DENABLE_OPENPACE"
|
2017-06-01 08:10:56 +00:00
|
|
|
!IF "$(OPENPACE_DIR)" == ""
|
2017-03-23 15:45:31 +00:00
|
|
|
OPENPACE_DIR = C:\openpace
|
2017-06-01 08:10:56 +00:00
|
|
|
!ENDIF
|
2017-03-23 15:45:31 +00:00
|
|
|
OPENPACE_INCL_DIR = /I$(OPENPACE_DIR)\src
|
|
|
|
OPENPACE_LIB = $(OPENPACE_DIR)\src\libeac.lib
|
|
|
|
CANDLEFLAGS = -dOpenPACE="$(OPENPACE_DIR)" $(CANDLEFLAGS)
|
2015-11-06 07:24:16 +00:00
|
|
|
!ENDIF
|
|
|
|
|
|
|
|
|
2011-02-16 19:02:11 +00:00
|
|
|
# Used for MiniDriver
|
2017-05-31 14:43:15 +00:00
|
|
|
CNGSDK_INCL_DIR = "/IC:\Program Files (x86)\Microsoft CNG Development Kit\Include"
|
|
|
|
!IF "$(PROCESSOR_ARCHITECTURE)" == "x86" && "$(PROCESSOR_ARCHITEW6432)" == ""
|
|
|
|
CNGSDK_INCL_DIR = "/IC:\Program Files\Microsoft CNG Development Kit\Include"
|
|
|
|
!ENDIF
|
2010-05-01 12:15:36 +00:00
|
|
|
# Mandatory path to 'ISO C9x compliant stdint.h and inttypes.h for Microsoft Visual Studio'
|
|
|
|
# http://msinttypes.googlecode.com/files/msinttypes-r26.zip
|
2011-02-16 19:02:11 +00:00
|
|
|
# INTTYPES_INCL_DIR = /IC:\opensc\dependencies\msys\local
|
2002-06-14 12:52:56 +00:00
|
|
|
|
2011-06-14 09:34:25 +00:00
|
|
|
# Code optimisation
|
|
|
|
# O1 - minimal code size
|
|
|
|
CODE_OPTIMIZATION = /O1
|
|
|
|
|
2015-11-06 07:24:16 +00:00
|
|
|
ALL_INCLUDES = /I$(TOPDIR)\win32 /I$(TOPDIR)\src $(OPENPACE_INCL_DIR) $(OPENSSL_INCL_DIR) $(OPENSSL_EXTRA_CFLAGS) $(ZLIB_INCL_DIR) $(LIBLTDL_INCL) $(INTTYPES_INCL_DIR) $(CNGSDK_INCL_DIR) $(WIX_INCL_DIR)
|
2012-06-07 20:22:58 +00:00
|
|
|
|
|
|
|
!IF "$(DEBUG_DEF)" == "/DDEBUG"
|
|
|
|
LINKDEBUGFLAGS = /NODEFAULTLIB:LIBCMT /DEBUG
|
|
|
|
CODE_OPTIMIZATION =
|
PKCS#11 testsuite (#1224)
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
2018-05-18 10:31:55 +00:00
|
|
|
COPTS = /GS /W3 /WX /D_CRT_SECURE_NO_DEPRECATE /D_CRT_NONSTDC_NO_WARNINGS /MTd /nologo /DHAVE_CONFIG_H $(ALL_INCLUDES) /DWINVER=0x0601 /D_WIN32_WINNT=0x0601 /DWIN32_LEAN_AND_MEAN $(OPENPACE_DEF) $(OPENSSL_DEF) $(ZLIB_DEF) $(MINIDRIVER_DEF) $(SM_DEF) $(TESTS_DEF) /DOPENSC_FEATURES="\"$(OPENSC_FEATURES)\"" /DDEBUG /Zi /Od
|
2012-06-07 20:22:58 +00:00
|
|
|
!ELSE
|
2017-11-15 07:25:07 +00:00
|
|
|
LINKDEBUGFLAGS = /NODEFAULTLIB:LIBCMTD /DEBUG /OPT:REF /OPT:ICF
|
PKCS#11 testsuite (#1224)
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
2018-05-18 10:31:55 +00:00
|
|
|
COPTS = /GS /W3 /WX /D_CRT_SECURE_NO_DEPRECATE /D_CRT_NONSTDC_NO_WARNINGS /MT /nologo /DHAVE_CONFIG_H $(ALL_INCLUDES) /DWINVER=0x0601 /D_WIN32_WINNT=0x0601 /DWIN32_LEAN_AND_MEAN $(OPENPACE_DEF) $(OPENSSL_DEF) $(ZLIB_DEF) $(MINIDRIVER_DEF) $(SM_DEF) $(TESTS_DEF) /DOPENSC_FEATURES="\"$(OPENSC_FEATURES)\"" /Zi
|
2012-06-07 20:22:58 +00:00
|
|
|
!ENDIF
|
|
|
|
|
|
|
|
|
2017-02-09 12:44:07 +00:00
|
|
|
LINKFLAGS = /NOLOGO /INCREMENTAL:NO /MACHINE:$(PLATFORM) /NODEFAULTLIB:MSVCRTD /NODEFAULTLIB:MSVCRT /NXCOMPAT /DYNAMICBASE $(LINKDEBUGFLAGS)
|
2017-05-31 14:43:15 +00:00
|
|
|
LIBFLAGS = /nologo /machine:$(PLATFORM)
|
|
|
|
!IF "$(PLATFORM)" == "x86"
|
2015-09-30 05:13:59 +00:00
|
|
|
CANDLEFLAGS = -dPlatform=x86 $(CANDLEFLAGS)
|
2017-05-31 14:43:15 +00:00
|
|
|
!ELSE
|
|
|
|
CANDLEFLAGS = -dPlatform=x64 $(CANDLEFLAGS)
|
2011-04-01 08:06:25 +00:00
|
|
|
!ENDIF
|
2016-06-22 14:35:17 +00:00
|
|
|
|
2002-06-14 12:52:56 +00:00
|
|
|
.c.obj::
|
2011-06-14 09:34:25 +00:00
|
|
|
cl $(CODE_OPTIMIZATION) $(COPTS) /c $<
|
2005-09-21 10:10:15 +00:00
|
|
|
|
2015-04-25 15:04:17 +00:00
|
|
|
.cpp.obj::
|
|
|
|
cl $(CODE_OPTIMIZATION) $(COPTS) /c $<
|
|
|
|
|
2008-04-08 18:36:42 +00:00
|
|
|
.rc.res::
|
2011-03-31 11:28:29 +00:00
|
|
|
rc /l 0x0409 $<
|
2008-04-08 18:36:42 +00:00
|
|
|
|
2005-09-21 10:10:15 +00:00
|
|
|
clean::
|
2017-02-09 12:44:07 +00:00
|
|
|
del /Q *.obj *.dll *.exe *.pdb *.lib *.def *.res
|