p11test: Reformat the script and allow running against softhsm ed25519 keys (with few tweaks)

The Ed25519 implementation in SoftHSM is now broken /non-interoperable. After fixing that,
the interoperability tests should work with this script:

 * SoftHSMv2#528: Avoid creating duplicate mechanisms
 * SoftHSMv2#522: Fix advertised min and max mechanism sizes according to final PKCS#11 3.0 specification
 * SoftHSMv2#526: Adjust EDDSA code to return valid EC_PARAMS according to the final PKCS #11 3.0 specification

src/tests/p11test/runtest.sh

@@ -29,6 +29,7 @@ function generate_cert() {
 	TYPE="$1"
 	ID="$2"
 	LABEL="$3"
+	CERT="$4" # whether to generate certificate too
 
 	# Generate key pair
 	$PKCS11_TOOL --keypairgen --key-type="$TYPE" --login --pin=$PIN \
@@ -39,6 +40,9 @@ function generate_cert() {
 		return 1
 	fi
 
+	# We can not do this with EdDSA keys as they are not supported in certtool
+	# We can not do this with curve25519 keys as they do not need to support signatures at all
+	if [[ "$CERT" -ne 0 ]]; then
 		# check type value for the PKCS#11 URI (RHEL7 is using old "object-type")
 		TYPE_KEY="type"
 		p11tool --list-all --provider="$P11LIB" --login | grep "object-type" && \
@@ -57,12 +61,14 @@ function generate_cert() {
 			--label="$LABEL" --module="$P11LIB"
 
 		rm "$TYPE.cert" "$TYPE.cert.der"
+	fi
 
 	p11tool --login --provider="$P11LIB" --list-all
 }
 
 function card_setup() {
 	ECC_KEYS=1
+	EDDSA=1
 	case $1 in
 		"softhsm")
 			P11LIB="/usr/lib64/pkcs11/libsofthsm2.so"
@@ -75,6 +81,7 @@ function card_setup() {
 		"opencryptoki")
 			# Supports only RSA mechanisms
 			ECC_KEYS=0
+			EDDSA=0
 			P11LIB="/usr/lib64/pkcs11/libopencryptoki.so"
 			SO_PIN=87654321
 			SLOT_ID=3 # swtok slot
@@ -110,14 +117,21 @@ function card_setup() {
 
 	if [[ $GENERATE_KEYS -eq 1 ]]; then
 		# Generate 1024b RSA Key pair
-			generate_cert "RSA:1024" "01" "RSA_auth"
+		generate_cert "RSA:1024" "01" "RSA_auth" 1
 		# Generate 2048b RSA Key pair
-			generate_cert "RSA:2048" "02" "RSA2048"
+		generate_cert "RSA:2048" "02" "RSA2048" 1
 		if [[ $ECC_KEYS -eq 1 ]]; then
 			# Generate 256b ECC Key pair
-				generate_cert "EC:secp256r1" "03" "ECC_auth"
+			generate_cert "EC:secp256r1" "03" "ECC_auth" 1
 			# Generate 521b ECC Key pair
-				generate_cert "EC:secp521r1" "04" "ECC521"
+			generate_cert "EC:secp521r1" "04" "ECC521" 1
+		fi
+		if [[ $EDDSA -eq 1 ]]; then
+			# Generate Ed25519
+			generate_cert "EC:edwards25519" "05" "EDDSA" 0
+			# Generate curve25519
+			#generate_cert "EC:curve25519" "06" "Curve25519" 0
+			# not supported by softhsm either
 		fi
 	fi
 }
@@ -132,11 +146,10 @@ function card_cleanup() {
 }
 
 card_setup "$@"
-
 make p11test || exit
-if [[ "$PKCS11SPY" -ne "" ]]; then
+if [[ "$PKCS11SPY" != "" ]]; then
 	export PKCS11SPY="$P11LIB"
-	$VALGRIND ./p11test -m /usr/lib64/pkcs11/pkcs11-spy.so -p $PIN
+	$VALGRIND ./p11test -m ../../pkcs11/.libs/pkcs11-spy.so -p $PIN &> /tmp/spy.log
 else
 	#bash
 	$VALGRIND ./p11test -m "$P11LIB" -o test.json -p $PIN