Commit Graph

71 Commits

Author SHA1 Message Date
Raul Metsma 578128e464 Fix build on travis and with CryptoTokenKit enabled 2021-03-16 11:49:02 +01:00
Frank Morgner 1325d5c333 travis: use newer version of xcode for pushed binaries 2021-03-16 11:49:02 +01:00
Frank Morgner 8e614bfe6e Nightly: unencrypt only if encrypted key is in available 2021-03-15 14:16:12 +01:00
Peter Popovec 6049cb926c ECDSA-SHA1: Apply SHA1 to input data before PSO compute signature.
CKM_ECDSA and CKM_ECDSA_SHA1 cannot be registered in the same way.
We need to use sc_pkcs11_register_sign_and_hash_mechanism ()
for CKM_ECDSA_SHA1.

This fix  also enables more ECDSA-SHAxxx mechanisms in framework-pkcs15.c

Tested: MyEID 4.0.1 (secp256r1 with SHA1, SHA224, SHA256, SHA384, SHA512)

CI tests (Travis + OsEID) for ECDSA-SHAxxx mechanisms are also enabled.
2021-01-24 23:48:00 +01:00
Jakub Jelen 23eb606d86 Print testsuite logs on error 2021-01-06 14:15:06 +01:00
Jakub Jelen c7c689c74d .travis.yml: Install clang-tidy to run some static code analysis early 2021-01-06 14:15:06 +01:00
Peter Popovec a089353e1f MyEID: enable more PKCS11 mechanisms
This patch enables using of: SHA224-RSA-PKCS, SHA256-RSA-PKCS,
SHA384-RSA-PKCS, SHA512-RSA-PKCS and PSS variants of these mechanism for
MyEID users. (This patch is related to issue #2173.)

CI tests for these mechanisms are also enabled (using OsEID emulation).
2020-12-09 04:29:46 +01:00
Frank Morgner e13294b085 speedup macOS build
brew update is just dead slow on older travis images
2020-11-23 22:18:38 +01:00
Frank Morgner 4554d69119 code signing is not available in pull requests
(since this is untrusted code)
2020-11-18 13:22:10 +01:00
Frank Morgner 4d6ed77a4a Prepare macOS binaries for Notarization
- update code signing credentials, thanks to Tim Wilbrink
- split up large files into 50 MB chunks for Nightly to avoid Github's file size limit
- codesign tools/libs with hardened runtime and entitlements
- avoid relocation of app bundles on installation
- sign installer for distribution
2020-11-10 23:23:11 +01:00
Peter Marschall 16c889cf7d spelling fixes
Fix various spelling errors, mostly in comments but also in texts displayed.

Errors found & interactively fixed using 'codespell', with additional manual
checks after the fixes.
2020-08-30 10:35:14 +02:00
Jakub Jelen c3b9152a99 .travis-ci: Explicitly require new build dependency for yubico-piv-tool 2020-06-09 13:02:27 +02:00
Jakub Jelen 57c895165f .travis-ci: yubico-piv-tool build system was changed to cmake 2020-06-09 13:02:27 +02:00
Luka Logar fc296b5488 IsoApplet: Add some more Travis tests 2020-06-08 14:18:23 +02:00
Jakub Jelen 741091b3c6 travis-ci: Add clang linux target 2020-05-26 10:03:23 +02:00
Jakub Jelen 8175df0e47 Make sure pcscd is started when using emulation
Running from systemd has --auto-exit, which does not guaranee us that
the process is running when we start emulators
2020-05-18 16:28:59 +02:00
Jakub Jelen e1830ea6d2 Install OpenJDK 8 to build jcardsim (it does not work with Java 11) 2020-05-18 16:28:59 +02:00
Jakub Jelen 47a36efa7c travis: Update to something with sensible openssl version to make yubico-piv-tool build 2020-05-18 16:28:59 +02:00
Jakub Jelen 66bcce8a8d travis-ci: Use newer JavaCard SDK to unbreak PivApplet build to enable ECDSA support 2020-05-18 16:28:59 +02:00
Jakub Jelen 687f52233e travis-ci: Fail if any applet or tool needed for tests fails to build
(in our case, it was yubico-piv-tool and PivApplet for some time)
2020-05-18 16:28:59 +02:00
Jakub Jelen 3b3aecbf8c travis: Kill particular pid instead of killall to avoid killing unrelated processes 2020-05-18 16:28:59 +02:00
Frank Morgner e864aa6d76 macOS: cover minor versions of xcode
uses subshell for getting xcode version
2020-05-11 18:41:16 +02:00
Frank Morgner b08d33ceb6 Travis: seperate installer packages not needed anymore 2020-05-11 18:41:16 +02:00
Frank Morgner e71b85867f macOS: added basic installer signing 2020-05-11 18:41:16 +02:00
Jakub Jelen f301ec98b6 travis-ci: There is no files option in cache
The error was

cache: unknown key files (isetup-5.5.6.exe)
2020-03-04 21:27:56 +01:00
Jakub Jelen b8d9b840ee travis-ci: Remove deprecated sudo option
The warning was

jobs.include: deprecated key sudo (The key `sudo` has no effect anymore.)
2020-03-04 21:27:56 +01:00
Frank Morgner 40b3aeb626 travis: output results of unittests on errors 2020-02-04 13:56:53 +01:00
Jakub Jelen c8e40a19db If make check does not pass, do not continue with other tests and dump logs 2020-01-08 12:57:35 +01:00
Frank Morgner 6f40e9c553 Unbreak Travis build 2019-08-30 23:15:53 +02:00
Frank Morgner b5b0991ec0 Travis: test openpgp key generation 2019-08-28 11:06:55 +02:00
Jakub Jelen 14dec11ebd travis-ci: Try to run the tests with more recent distros
The javacard simulation unfortunately does not work with anything newer
2019-08-28 11:01:50 +02:00
Pierre-Louis Palant b0241eefa1 Integrated virt_CACard in CI jobs (#1757)
Was: "Implement OpenSC CI without HW cards" (https://github.com/OpenSC/OpenSC/pull/1757)
2019-08-20 15:17:14 +02:00
Peter Popovec 8a20b980b9 travis.yml - install socat and ant packages.
Fixes #1745
2019-07-24 01:22:43 +02:00
Jakub Jelen 1c0d26d0f0 .travis.yml Include the MyEID emulation using OsEID simulator in separate target
This also avoids running the make check in the simulation runs, which generates
a lot of output (from clang-tidy)
2019-06-17 12:49:11 +02:00
Frank Morgner 65a86b8331 travis: fixed PATH on macOS 2019-05-21 19:36:17 +02:00
Frank Morgner 1423c6bb90 CI: integrate clang-tidy (disabled)
files that have warnings are currently excluded
2019-05-21 19:34:46 +02:00
Frank Morgner abc6cfbe68 Added more CI card testing 2019-04-18 02:03:28 +02:00
Frank Morgner 9092782f94 CI: only push artifacts on OpenSC/OpenSC 2019-04-08 11:16:13 +02:00
Frank Morgner 3dd0638623 initialize package suffix with branch and PR 2019-01-31 16:01:14 +01:00
Frank Morgner d9e253bd1b reduce the number of builds
a single build of clang and gcc each is enough
2019-01-15 00:10:55 +01:00
Frank Morgner f453c412b6 Simulate and test Open Source Java Card Applets
Compiles jCardSim, IsoApplet, GidsApplet, ykneo-openpgp, PivApplet as described [here](https://github.com/OpenSC/OpenSC/wiki/Smart-Card-Simulation).  Thanks to https://github.com/arekinath/jcardsim/ this is now also possible on Linux in combination with https://github.com/frankmorgner/vsmartcard.

Travis-CI now also runs some basic personalization and PKCS#11-tests.

This commit also adds caching of apt, brew and maven packages as well as the OpenSSL/OpenPACE build on macOS
2019-01-15 00:10:55 +01:00
Frank Morgner d4e6c0c0dd travis: fixed installation of completion templates 2018-11-14 12:57:22 +01:00
Frank Morgner 0ddfd2d521 deploy only when on master 2018-08-30 22:06:21 +02:00
Frank Morgner 5b428e4323 upload CI build artifacts to OpenSC/Nightly
builds are uploaded as seperate branches to
https://github.com/OpenSC/Nightly If the repository gets too big,
branches can easily be removed. The repository is written via Travis CI
and AppVeyor with a secure token from user https://github.com/OpenSC-CI
2018-08-24 09:23:58 +02:00
Peter Marschall 76725d5f80 .travis.yml: partially revert commit cb3113a 2018-06-06 22:43:46 +02:00
Peter Marschall a27ade7789 .travis.yml: remove references to help2man
Now that we have proper DocBook sources for all man pages formerly
generated using help2man, it is not needed anymore.
2018-06-06 22:43:46 +02:00
Jakub Jelen 9858d05589 PKCS#11 testsuite (#1224)
* Initial version of pkcs11 testsuite

* Refactor test cases to several files, clean up awful and unused stuff

* Static mechanism list based on the actual token offer

* Get rid of magic numbers

* Documentation

* License update based on the original project

* Verbose readme

* Cleanup unused code, long lines and method order

* Typo; More verbose errors

* Use fallback mechanisms

* Refactor object allocation and certificate search

* PKCS11SPY mentioned, more TODO

* add SHA mechanisms

* Do not try to Finalize already finalized cryptoki

* Add more flags and mechanisms

* Do not list table for no results

* Logical order of the tests (regression last)

* read ALWAYS_AUTHENTICATE from correct place

* ALWAYS_AUTHENTICATE for decryption

* Test EC key length signature based on the actual key length

* Shorten CKM_ list output, add keygen types detection

* Skip decrypting on non-supported mechanisms

* Fail hard if the C_Login fails

* Reorganize local FLAGS_ constants

* Test RSA Digest mechanisms

* Correct mechanisms naming, typos

* Do not attempt to do signature using empty keys

* CKM_ECDSA_SHA1 support

* Correct type cast when getting attributes

* Report failures from all mechanisms

* Standardize return values, eliminate complete fails, documentation interface

* Wait for slot event test

* Add switch to allow interaction with a card (WaitForSlotEvent)

* At least try to verify using C_Verify, if it fails, fall back to openssl

* Get rid of function_pointers

* Get rid of additional newline

* Share always_authenticate() function between the test cases

* Refactor Encrypt&decrypt test to functions

* Do not overwrite bits if they are not provided by CKA, indentation

* Cleanup and Break to more functions Sign&Verify test

* CKM_RSA_X_509 sign and verify with openssl padding

* More TODO's

* Proper abstracted padding with RSA_X_509 mechanism

* Add ongoing tasks from different TODO list

* Update instructions. Another todo

* Variables naming

* Increase mechanism list size, use different static buffers for flags and mechanism names

* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens

* Get rid of loop initial declarations

* Loop initial declaration, typos, strict warnings

* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so

* Update path in README

* Possibility to validate the testsuite agains software tokens

* Add possibility to select slot ID on command-line (when there are more cards present)

* Clean up readme to reflect current options and TODOs

* Do not attempt to use keys without advertised sign&verify bits to avoid false positives

* Get and present more object attributes in readonly test; refactor table

* New test checking if the set of attributes (usage flags) is reasonable

* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption

* Use PKCS#11 encryption if possible (with openssl fallback)

* Identify few more mechanisms (PSS) in the lest

* Resize table to fit new mechanisms

* Remove initial loop declaration from multipart test

* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)

* Preparation for machine readable results

* Refactor log variables out of the main context, try to export generic data

* Do not write to non-existing FD if not logging

* Export missing data into the log file in JSON

* Store database in json

* Sanity check

* Avoid uninitialized structure fields using in state structure

* Dump always_authenticate attribute too

* Manual selection of slots with possibility to use slots without tokens

* Do not free before finalizing

* Proper cleanup of message in all cases

* Proper allocation and deallocation of messages

* Sanitize missing cases (memory leaks)

* Suppressions for testing under valgrind

* Better handling message_lengt during sign&verify (avoid invalid access)

* Suppress another PCSC error

* Do not use default PIN. Fail if none specified

* Sanitize initialization. Skip incomplete key pairs

* Add missing newline in errors

* Fix condition for certificate search

* Avoid several calls for attributes of zero length

* Handle if the private key is not present on the card

* Improve memory handling, silent GCC warning of 'unused' variable

* Fail early with missing private key, cleanup the messages

* Use correct padding for encryption

* Cache if the card supports Verify/Encrypt and avoid trying over and over again

* Loosen the condition for the Usage flags

* OpenSSL 1.1.0 compatibility

* Add missing mechanisms

* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms

* Add missing PIN argument in runtest.sh

* Add OpenSSL < 1.1 comatible bits

* Add SHA2 ECDSA mechanisms handling

* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)

* Avoid long definitions in OpenSSL compat layer

* In older OpenSSL, the header file is ecdsa.h

* Add missing config.h to apply compat OpenSSL layer

* ASN1_STRING_get0_data() is also new in 1.1.0

* Return back RSA_X_509 mechanism

* Drop bogus CKM_* in the definitions

* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h

* Update documentation

* Use NDEBUG as intended

* typos, cleanup

* Typos, cleanup, update copyright

* Additional check for OpenCryptoki, generate more key types on soft tokens

* Prepare for RSA-PSS and RSA-OAEP

* Use usage&result flags for the tests, gracefully ignore PSS&OAEP

* pkcs11.h: Add missing definitions for PSS

* PSS and OAEP tests

readonly: Typos, reformat

* Working version, memory leak

* Tweak message lengths for OAEP and PSS

* Skip tests that are not aplicable for tokens

* configure.ac: New switch --enable-tests

Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).

* travis: Install cmocka if not available

* Do not build tests on Windows and make dist pass

* Try to install cmocka from apt and from brew

* Do not require sudo (cmocka from apt and brew works)
2018-05-18 12:31:55 +02:00
Frank Morgner 54097c0fc0 fixed .travis.yml 2018-04-07 14:32:53 +02:00
Frank Morgner 647b623357 (hopefully) fixed .travis.yml 2018-04-07 13:04:27 +02:00
Frank Morgner e1bc515363 optionally try covertiy_scan with every build on master
idea from https://github.com/umlaeute/Gem/blob/master/.travis.yml
2018-04-07 12:08:08 +02:00