diff --git a/.github/build.sh b/.github/build.sh index b4240981..014c3455 100755 --- a/.github/build.sh +++ b/.github/build.sh @@ -23,6 +23,16 @@ if [ "$RUNNER_OS" == "macOS" ]; then exit $? fi +if [ "$1" == "mingw" -o "$1" == "mingw32" ]; then + if [ "$1" == "mingw" ]; then + HOST=x86_64-w64-mingw32 + elif [ "$1" == "mingw32" ]; then + HOST=i686-w64-mingw32 + fi + unset CC + unset CXX + ./configure --host=$HOST --with-completiondir=/tmp --disable-openssl --disable-readline --disable-zlib --disable-notify --prefix=$PWD/win32/opensc || cat config.log; +fi # normal procedure ./configure --disable-dependency-tracking @@ -36,3 +46,7 @@ if [ "$1" == "dist" ]; then fi sudo make install + +if [ "$1" == "mingw" -o "$1" == "mingw32" ]; then + wine "C:/Program Files (x86)/Inno Setup 5/ISCC.exe" win32/OpenSC.iss +fi diff --git a/.github/setup-java.sh b/.github/setup-java.sh new file mode 100755 index 00000000..02dee857 --- /dev/null +++ b/.github/setup-java.sh @@ -0,0 +1,24 @@ +#!/bin/bash -e + +# Select the right java +sudo update-java-alternatives -s java-1.8.0-openjdk-amd64 +sudo update-alternatives --get-selections | grep ^java +export PATH="/usr/lib/jvm/java-8-openjdk-amd64/bin/:$PATH" +export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/ +env | grep -i openjdk + +# VSmartcard +./.github/setup-vsmartcard.sh + +# Javacard SDKs +git clone https://github.com/martinpaljak/oracle_javacard_sdks.git +export JC_HOME=$PWD/oracle_javacard_sdks/jc222_kit +export JC_CLASSIC_HOME=$PWD/oracle_javacard_sdks/jc305u3_kit + +# jCardSim +git clone https://github.com/arekinath/jcardsim.git +pushd jcardsim +env | grep -i openjdk +export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/ +mvn initialize && mvn clean install +popd diff --git a/.github/setup-linux.sh b/.github/setup-linux.sh index 49e0f20b..a0f2fb10 100755 --- a/.github/setup-linux.sh +++ b/.github/setup-linux.sh @@ -1,17 +1,41 @@ #!/bin/bash -e -DEPS="docbook-xsl libpcsclite-dev xsltproc gengetopt libcmocka-dev help2man pcscd check clang-tidy softhsm2 pcsc-tools libtool make autoconf autoconf-archive automake libssl-dev zlib1g-dev pkg-config libreadline-dev openssl git" -if [ "$1" == "cac" ]; then +DEPS="docbook-xsl libpcsclite-dev xsltproc gengetopt libcmocka-dev help2man pcscd check softhsm2 pcsc-tools libtool make autoconf autoconf-archive automake libssl-dev zlib1g-dev pkg-config libreadline-dev openssl git" + +if [ "$1" == "clang-tidy" ]; then + DEPS="$DEPS clang-tidy" +elif [ "$1" == "cac" ]; then DEPS="$DEPS libglib2.0-dev libnss3-dev gnutls-bin libusb-dev libudev-dev flex libnss3-tools" elif [ "$1" == "oseid" ]; then DEPS="$DEPS socat gawk xxd" -elif [ "$1" == "piv"]; then - DEPS="$DEPS ant cmake" -elif [ "$1" == "mingw" ]; then - DEPS="$DEPS wine binutils-mingw-w64-i686 binutils-mingw-w64-x86-64 gcc-mingw-w64-i686 gcc-mingw-w64-x86-64 mingw-w64" +elif [ "$1" == "piv" -o "$1" == "isoapplet" -o "$1" == "gidsapplet" -o "$1" == "openpgp" ]; then + if [ "$1" == "piv" ]; then + DEPS="$DEPS cmake" + fi + DEPS="$DEPS ant openjdk-8-jdk" +elif [ "$1" == "mingw" -o "$1" == "mingw32" ]; then + sudo dpkg --add-architecture i386 + if [ "$1" == "mingw" ]; then + DEPS="$DEPS wine wine32 binutils-mingw-w64-x86-64 gcc-mingw-w64-x86-64 mingw-w64" + elif [ "$1" == "mingw32" ]; then + DEPS="$DEPS wine wine32 binutils-mingw-w64-i686 gcc-mingw-w64-i686" + fi fi # make sure we do not get prompts export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -y build-essential $DEPS + +if [ "$1" == "mingw" -o "$1" == "mingw32" ]; then + if [ ! -f "$(winepath 'C:/Program Files (x86)/Inno Setup 5/ISCC.exe')" ]; then + /sbin/start-stop-daemon --start --quiet --pidfile /tmp/custom_xvfb_99.pid --make-pidfile --background --exec /usr/bin/Xvfb -- :99 -ac -screen 0 1280x1024x16 + export DISPLAY=:99.0 + [ -d isetup ] || mkdir isetup + pushd isetup + [ -f isetup-5.5.6.exe ] || wget http://files.jrsoftware.org/is/5/isetup-5.5.6.exe + sleep 5 # make sure the X server is ready ? + wine isetup-5.5.6.exe /SILENT /VERYSILENT /SP- /SUPPRESSMSGBOXES /NORESTART + popd + fi +fi diff --git a/.github/setup-vsmartcard.sh b/.github/setup-vsmartcard.sh new file mode 100755 index 00000000..8a05c03b --- /dev/null +++ b/.github/setup-vsmartcard.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +if [ ! -d "vsmartcard" ]; then + git clone https://github.com/frankmorgner/vsmartcard.git +fi +pushd vsmartcard/virtualsmartcard +autoreconf -vis && ./configure && make -j2 && sudo make install +popd diff --git a/.github/test-cac.sh b/.github/test-cac.sh index 770b6167..ee91a728 100755 --- a/.github/test-cac.sh +++ b/.github/test-cac.sh @@ -5,12 +5,7 @@ sudo make install export LD_LIBRARY_PATH=/usr/local/lib # VSmartcard -if [ ! -d "vsmartcard" ]; then - git clone https://github.com/frankmorgner/vsmartcard.git -fi -pushd vsmartcard/virtualsmartcard -autoreconf -vis && ./configure && make -j2 && sudo make install -popd +./.github/setup-vsmartcard.sh # libcacard if [ ! -d "libcacard" ]; then diff --git a/.github/test-gidsapplet.sh b/.github/test-gidsapplet.sh new file mode 100755 index 00000000..7405e729 --- /dev/null +++ b/.github/test-gidsapplet.sh @@ -0,0 +1,36 @@ +#!/bin/bash -e + +# install the opensc +sudo make install +export LD_LIBRARY_PATH=/usr/local/lib + +# setup java stuff +. .github/setup-java.sh + +# GidsApplet +git clone https://github.com/vletoux/GidsApplet.git; +javac -classpath jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar GidsApplet/src/com/mysmartlogon/gidsApplet/*.java; +echo "com.licel.jcardsim.card.applet.0.AID=A000000397425446590201" > gids_jcardsim.cfg; +echo "com.licel.jcardsim.card.applet.0.Class=com.mysmartlogon.gidsApplet.GidsApplet" >> gids_jcardsim.cfg; +echo "com.licel.jcardsim.card.ATR=3B80800101" >> gids_jcardsim.cfg; +echo "com.licel.jcardsim.vsmartcard.host=localhost" >> gids_jcardsim.cfg; +echo "com.licel.jcardsim.vsmartcard.port=35963" >> gids_jcardsim.cfg; + +# log errors from pcscd to console +sudo systemctl stop pcscd.service pcscd.socket +sudo /usr/sbin/pcscd -f & +PCSCD_PID=$! + + +# start the applet and run couple of commands against that +java -noverify -cp GidsApplet/src/:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard gids_jcardsim.cfg >/dev/null & +PID=$!; +sleep 5; +opensc-tool --card-driver default --send-apdu 80b80000190bA0000003974254465902010bA00000039742544659020100; +opensc-tool -n; +gids-tool --initialize --pin 123456 --admin-key 000000000000000000000000000000000000000000000000 --serial 00000000000000000000000000000000; +kill -9 $PID + + +# cleanup +sudo kill -9 $PCSCD_PID diff --git a/.github/test-isoapplet.sh b/.github/test-isoapplet.sh new file mode 100755 index 00000000..93197d26 --- /dev/null +++ b/.github/test-isoapplet.sh @@ -0,0 +1,41 @@ +#!/bin/bash -e + +# install the opensc +sudo make install +export LD_LIBRARY_PATH=/usr/local/lib + +# setup java stuff +./.github/setup-java.sh + +# The ISO applet +git clone https://github.com/philipWendland/IsoApplet.git; +javac -classpath jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar IsoApplet/src/net/pwendland/javacard/pki/isoapplet/*.java; +echo "com.licel.jcardsim.card.applet.0.AID=F276A288BCFBA69D34F31001" > isoapplet_jcardsim.cfg; +echo "com.licel.jcardsim.card.applet.0.Class=net.pwendland.javacard.pki.isoapplet.IsoApplet" >> isoapplet_jcardsim.cfg; +echo "com.licel.jcardsim.card.ATR=3B80800101" >> isoapplet_jcardsim.cfg; +echo "com.licel.jcardsim.vsmartcard.host=localhost" >> isoapplet_jcardsim.cfg; +echo "com.licel.jcardsim.vsmartcard.port=35963" >> isoapplet_jcardsim.cfg; + +# log errors from pcscd to console +sudo systemctl stop pcscd.service pcscd.socket +sudo /usr/sbin/pcscd -f & +PCSCD_PID=$! + +# start the applet and run couple of commands against that +java -noverify -cp IsoApplet/src/:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard isoapplet_jcardsim.cfg >/dev/null & +PID=$!; +sleep 5; +opensc-tool --card-driver default --send-apdu 80b800001a0cf276a288bcfba69d34f310010cf276a288bcfba69d34f3100100; +opensc-tool -n; +pkcs15-init --create-pkcs15 --so-pin 123456 --so-puk 0123456789abcdef; +pkcs15-tool --change-pin --pin 123456 --new-pin 654321; +pkcs15-tool --unblock-pin --puk 0123456789abcdef --new-pin 123456; +pkcs15-init --generate-key rsa/2048 --id 1 --key-usage decrypt,sign --auth-id FF --pin 123456; +pkcs15-init --generate-key rsa/2048 --id 2 --key-usage decrypt --auth-id FF --pin 123456; +pkcs15-init --generate-key ec/secp256r1 --id 3 --key-usage sign --auth-id FF --pin 123456; +pkcs15-tool -D; +pkcs11-tool -l -t -p 123456; +kill -9 $PID; + +# cleanup +sudo kill -9 $PCSCD_PID diff --git a/.github/test-openpgp.sh b/.github/test-openpgp.sh new file mode 100755 index 00000000..c4fa02ad --- /dev/null +++ b/.github/test-openpgp.sh @@ -0,0 +1,40 @@ +#!/bin/bash -e + +# install the opensc +sudo make install +export LD_LIBRARY_PATH=/usr/local/lib + +# setup java stuff +. .github/setup-java.sh + +# The OpenPGP applet +git clone --recursive https://github.com/Yubico/ykneo-openpgp.git; +cd ykneo-openpgp; +ant -DJAVACARD_HOME=${JC_HOME}; +cd $TRAVIS_BUILD_DIR; +echo "com.licel.jcardsim.card.applet.0.AID=D2760001240102000000000000010000" > openpgp_jcardsim.cfg; +echo "com.licel.jcardsim.card.applet.0.Class=openpgpcard.OpenPGPApplet" >> openpgp_jcardsim.cfg; +echo "com.licel.jcardsim.card.ATR=3B80800101" >> openpgp_jcardsim.cfg; +echo "com.licel.jcardsim.vsmartcard.host=localhost" >> openpgp_jcardsim.cfg; +echo "com.licel.jcardsim.vsmartcard.port=35963" >> openpgp_jcardsim.cfg; + +# log errors from pcscd to console +sudo systemctl stop pcscd.service pcscd.socket +sudo /usr/sbin/pcscd -f & +PCSCD_PID=$! + + +# start the applet and run couple of commands against that +java -noverify -cp ykneo-openpgp/applet/bin:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard openpgp_jcardsim.cfg >/dev/null & +PID=$!; +sleep 5; +opensc-tool --card-driver default --send-apdu 80b800002210D276000124010200000000000001000010D276000124010200000000000001000000; +opensc-tool -n; +openpgp-tool --verify CHV3 --pin 12345678 --gen-key 2; +pkcs15-init --verify --auth-id 3 --pin 12345678 --delete-objects privkey,pubkey --id 2 --generate-key rsa/2048; +pkcs11-tool -l -t -p 123456; +kill -9 $PID + + +# cleanup +sudo kill -9 $PCSCD_PID diff --git a/.github/test-piv.sh b/.github/test-piv.sh new file mode 100755 index 00000000..66d92c5d --- /dev/null +++ b/.github/test-piv.sh @@ -0,0 +1,45 @@ +#!/bin/bash -e + +# install the opensc +sudo make install +export LD_LIBRARY_PATH=/usr/local/lib + +# setup java stuff +. .github/setup-java.sh + +# The PIV Applet +git clone --recursive https://github.com/arekinath/PivApplet.git +pushd PivApplet +JC_HOME=${JC_CLASSIC_HOME} ant dist +popd + +# yubico-piv-tool is needed for PIV Applet management +git clone https://github.com/Yubico/yubico-piv-tool.git +pushd yubico-piv-tool +mkdir build +pushd build +cmake .. && make && sudo make install +popd +popd + + +# log errors from pcscd to console +sudo systemctl stop pcscd.service pcscd.socket +sudo /usr/sbin/pcscd -f & +PCSCD_PID=$! + + +# start the applet and run couple of commands against that +java -noverify -cp PivApplet/bin/:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard PivApplet/test/jcardsim.cfg >/dev/null & +PID=$! +sleep 5 +opensc-tool --card-driver default --send-apdu 80b80000120ba000000308000010000100050000020F0F7f +opensc-tool -n +yubico-piv-tool -v 9999 -r 'Virtual PCD 00 00' -P 123456 -s 9e -a generate -A RSA2048 +yubico-piv-tool -v 9999 -r 'Virtual PCD 00 00' -P 123456 -s 9a -a generate -A ECCP256 +pkcs11-tool -l -t -p 123456 +kill -9 $PID + + +# cleanup +sudo kill -9 $PCSCD_PID diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 69dbff0a..e13ac3a5 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -26,19 +26,100 @@ jobs: - uses: actions/checkout@v2 - run: .github/setup-linux.sh - run: .github/build.sh + - uses: actions/cache@v2 + id: cache-build + with: + path: ./* + key: ${{ runner.os }}-18-${{ github.sha }} -# test-piv: -# runs-on: ubuntu-latest -# needs: [build] -# steps: -# - uses: actions/checkout@v2 -# - uses: actions/cache@v2 -# id: cache-build -# with: -# path: ./* -# key: ${{ runner.os }}-${{ github.sha }} -# - run: .github/setup-linux.sh piv -# - run: .github/test-piv.sh + build-mingw: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - run: .github/setup-linux.sh mingw + - run: .github/build.sh mingw + - uses: actions/cache@v2 + id: cache-build + with: + path: ./* + key: ${{ runner.os }}-${{ github.sha }} + + build-mingw32: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - run: .github/setup-linux.sh mingw32 + - run: .github/build.sh mingw32 + - uses: actions/cache@v2 + id: cache-build + with: + path: ./* + key: ${{ runner.os }}-${{ github.sha }} + + test-piv: + runs-on: ubuntu-18.04 + needs: [build-ubuntu-18] + steps: + - uses: actions/checkout@v2 + - uses: actions/cache@v2 + id: cache-build + with: + path: ./* + key: ${{ runner.os }}-18-${{ github.sha }} + - run: .github/setup-linux.sh piv + - run: .github/test-piv.sh + + test-isoapplet: + runs-on: ubuntu-18.04 + needs: [build-ubuntu-18] + steps: + - uses: actions/checkout@v2 + - uses: actions/cache@v2 + id: cache-build + with: + path: ./* + key: ${{ runner.os }}-18-${{ github.sha }} + - run: .github/setup-linux.sh isoapplet + - run: .github/test-isoapplet.sh + + test-gidsapplet: + runs-on: ubuntu-18.04 + needs: [build-ubuntu-18] + steps: + - uses: actions/checkout@v2 + - uses: actions/cache@v2 + id: cache-build + with: + path: ./* + key: ${{ runner.os }}-18-${{ github.sha }} + - run: .github/setup-linux.sh gidsapplet + - run: .github/test-gidsapplet.sh + + test-openpgp: + runs-on: ubuntu-18.04 + needs: [build-ubuntu-18] + steps: + - uses: actions/checkout@v2 + - uses: actions/cache@v2 + id: cache-build + with: + path: ./* + key: ${{ runner.os }}-18-${{ github.sha }} + - run: .github/setup-linux.sh openpgp + - run: .github/test-openpgp.sh + + build-clang-tidy: + runs-on: ubuntu-latest + needs: [build] + steps: + - uses: actions/checkout@v2 + - uses: actions/cache@v2 + id: cache-build + with: + path: ./* + key: ${{ runner.os }}-${{ github.sha }} + - run: .github/setup-linux.sh clang-tidy + - run: .github/build.sh test-cac: runs-on: ubuntu-latest @@ -68,7 +149,7 @@ jobs: push-artifacts: runs-on: ubuntu-latest - needs: [test-cac, test-oseid] + needs: [build, build-mingw, build-mingw32] steps: - uses: actions/checkout@v2 - uses: actions/cache@v2