9858d05589
* Initial version of pkcs11 testsuite * Refactor test cases to several files, clean up awful and unused stuff * Static mechanism list based on the actual token offer * Get rid of magic numbers * Documentation * License update based on the original project * Verbose readme * Cleanup unused code, long lines and method order * Typo; More verbose errors * Use fallback mechanisms * Refactor object allocation and certificate search * PKCS11SPY mentioned, more TODO * add SHA mechanisms * Do not try to Finalize already finalized cryptoki * Add more flags and mechanisms * Do not list table for no results * Logical order of the tests (regression last) * read ALWAYS_AUTHENTICATE from correct place * ALWAYS_AUTHENTICATE for decryption * Test EC key length signature based on the actual key length * Shorten CKM_ list output, add keygen types detection * Skip decrypting on non-supported mechanisms * Fail hard if the C_Login fails * Reorganize local FLAGS_ constants * Test RSA Digest mechanisms * Correct mechanisms naming, typos * Do not attempt to do signature using empty keys * CKM_ECDSA_SHA1 support * Correct type cast when getting attributes * Report failures from all mechanisms * Standardize return values, eliminate complete fails, documentation interface * Wait for slot event test * Add switch to allow interaction with a card (WaitForSlotEvent) * At least try to verify using C_Verify, if it fails, fall back to openssl * Get rid of function_pointers * Get rid of additional newline * Share always_authenticate() function between the test cases * Refactor Encrypt&decrypt test to functions * Do not overwrite bits if they are not provided by CKA, indentation * Cleanup and Break to more functions Sign&Verify test * CKM_RSA_X_509 sign and verify with openssl padding * More TODO's * Proper abstracted padding with RSA_X_509 mechanism * Add ongoing tasks from different TODO list * Update instructions. Another todo * Variables naming * Increase mechanism list size, use different static buffers for flags and mechanism names * nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens * Get rid of loop initial declarations * Loop initial declaration, typos, strict warnings * Move the p11test to the new folder to avoid problems with dynamically linked opensc.so * Update path in README * Possibility to validate the testsuite agains software tokens * Add possibility to select slot ID on command-line (when there are more cards present) * Clean up readme to reflect current options and TODOs * Do not attempt to use keys without advertised sign&verify bits to avoid false positives * Get and present more object attributes in readonly test; refactor table * New test checking if the set of attributes (usage flags) is reasonable * Test multipart signatures. There is not reasonable mechanism supporting multipart encryption * Use PKCS#11 encryption if possible (with openssl fallback) * Identify few more mechanisms (PSS) in the lest * Resize table to fit new mechanisms * Remove initial loop declaration from multipart test * Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features) * Preparation for machine readable results * Refactor log variables out of the main context, try to export generic data * Do not write to non-existing FD if not logging * Export missing data into the log file in JSON * Store database in json * Sanity check * Avoid uninitialized structure fields using in state structure * Dump always_authenticate attribute too * Manual selection of slots with possibility to use slots without tokens * Do not free before finalizing * Proper cleanup of message in all cases * Proper allocation and deallocation of messages * Sanitize missing cases (memory leaks) * Suppressions for testing under valgrind * Better handling message_lengt during sign&verify (avoid invalid access) * Suppress another PCSC error * Do not use default PIN. Fail if none specified * Sanitize initialization. Skip incomplete key pairs * Add missing newline in errors * Fix condition for certificate search * Avoid several calls for attributes of zero length * Handle if the private key is not present on the card * Improve memory handling, silent GCC warning of 'unused' variable * Fail early with missing private key, cleanup the messages * Use correct padding for encryption * Cache if the card supports Verify/Encrypt and avoid trying over and over again * Loosen the condition for the Usage flags * OpenSSL 1.1.0 compatibility * Add missing mechanisms * Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms * Add missing PIN argument in runtest.sh * Add OpenSSL < 1.1 comatible bits * Add SHA2 ECDSA mechanisms handling * Use public key from PKCS#11 if the certificate is missing (or compare it with certificate) * Avoid long definitions in OpenSSL compat layer * In older OpenSSL, the header file is ecdsa.h * Add missing config.h to apply compat OpenSSL layer * ASN1_STRING_get0_data() is also new in 1.1.0 * Return back RSA_X_509 mechanism * Drop bogus CKM_* in the definitions * Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h * Update documentation * Use NDEBUG as intended * typos, cleanup * Typos, cleanup, update copyright * Additional check for OpenCryptoki, generate more key types on soft tokens * Prepare for RSA-PSS and RSA-OAEP * Use usage&result flags for the tests, gracefully ignore PSS&OAEP * pkcs11.h: Add missing definitions for PSS * PSS and OAEP tests readonly: Typos, reformat * Working version, memory leak * Tweak message lengths for OAEP and PSS * Skip tests that are not aplicable for tokens * configure.ac: New switch --enable-tests Do not attempt to build tests if cmocka is not available or --enable-tests is provided. It makes also more lightweight release builds out of the box (or with --disable-tests). * travis: Install cmocka if not available * Do not build tests on Windows and make dist pass * Try to install cmocka from apt and from brew * Do not require sudo (cmocka from apt and brew works)
169 lines
6.4 KiB
Makefile
169 lines
6.4 KiB
Makefile
OPENSC_FEATURES = pcsc
|
|
|
|
#Include support for minidriver
|
|
MINIDRIVER_DEF = /DENABLE_MINIDRIVER
|
|
|
|
#Build MSI with the Windows Installer XML (WIX) toolkit, requires WIX >= 3.9
|
|
!IF "$(WIX)" == ""
|
|
# at least WiX 3.11 sets the WIX environment variable to its path
|
|
WIX = C:\Program Files\WiX Toolset v3.10
|
|
!ENDIF
|
|
!IF "$(DEVENVDIR)" == "C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\" || "$(DEVENVDIR)" == "C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\"
|
|
WIXVSVER = VS2010
|
|
!ENDIF
|
|
!IF "$(VISUALSTUDIOVERSION)" == "12.0"
|
|
WIXVSVER = VS2013
|
|
!ENDIF
|
|
!IF "$(VISUALSTUDIOVERSION)" == "14.0"
|
|
WIXVSVER = VS2015
|
|
!ENDIF
|
|
WIX_INCL_DIR = "/I$(WIX)\SDK\$(WIXVSVER)\inc"
|
|
WIX_LIBS = "$(WIX)\SDK\$(WIXVSVER)\lib\$(PLATFORM)\dutil.lib" "$(WIX)\SDK\$(WIXVSVER)\lib\$(PLATFORM)\wcautil.lib"
|
|
|
|
# We do not build tests on windows
|
|
#TESTS_DEF = /DENABLE_TESTS
|
|
|
|
#Include support for Secure Messaging
|
|
SM_DEF = /DENABLE_SM
|
|
|
|
#Build with debugging support
|
|
#DEBUG_DEF = /DDEBUG
|
|
|
|
# If you want support for OpenSSL (needed for pkcs15-init tool, software hashing in PKCS#11 library and verification):
|
|
# - download and build OpenSSL
|
|
# - uncomment the line starting with OPENSSL_DEF
|
|
# - set the OPENSSL_INCL_DIR below to your openssl include directory, preceded by "/I"
|
|
# - set the OPENSSL_LIB below to your openssl lib file
|
|
#OPENSSL_DEF= /DENABLE_OPENSSL
|
|
!IF "$(OPENSSL_DEF)" == "/DENABLE_OPENSSL"
|
|
!IF "$(PLATFORM)" == "x86"
|
|
OPENSSL_DIR = C:\OpenSSL-Win32
|
|
!ELSE
|
|
OPENSSL_DIR = C:\OpenSSL-Win64
|
|
!ENDIF
|
|
OPENSSL_INCL_DIR = /I$(OPENSSL_DIR)\include
|
|
|
|
#define OPENSSL_STATIC if you have visual studio compatible with OpenSSL's static binaries
|
|
OPENSSL_STATIC_DIR = static
|
|
|
|
!IF "$(DEBUG_DEF)" == "/DDEBUG"
|
|
!IF "$(PLATFORM)" == "x86"
|
|
# OpenSSL 1.0.2
|
|
OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libeay32MTd.lib user32.lib advapi32.lib crypt32.lib ws2_32.lib
|
|
# OpenSSL 1.1.0
|
|
#OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libcrypto32MTd.lib user32.lib advapi32.lib crypt32.lib ws2_32.lib
|
|
!ELSE
|
|
# OpenSSL 1.0.2
|
|
OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libeay32MTd.lib user32.lib advapi32.lib crypt32.lib ws2_32.lib
|
|
# OpenSSL 1.1.0
|
|
#OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libcrypto64MTd.lib user32.lib advapi32.lib crypt32.lib ws2_32.lib
|
|
!ENDIF
|
|
!ELSE
|
|
!IF "$(PLATFORM)" == "x86"
|
|
# OpenSSL 1.0.2
|
|
OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libeay32MT.lib user32.lib advapi32.lib crypt32.lib ws2_32.lib
|
|
# OpenSSL 1.1.0
|
|
#OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libcrypto32MT.lib user32.lib advapi32.lib crypt32.lib ws2_32.lib
|
|
!ELSE
|
|
# OpenSSL 1.0.2
|
|
OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libeay32MT.lib user32.lib advapi32.lib crypt32.lib ws2_32.lib
|
|
# OpenSSL 1.1.0
|
|
#OPENSSL_LIB = $(OPENSSL_DIR)\lib\VC\$(OPENSSL_STATIC_DIR)\libcrypto64MT.lib user32.lib advapi32.lib crypt32.lib ws2_32.lib
|
|
!ENDIF
|
|
!ENDIF
|
|
|
|
PROGRAMS_OPENSSL = cryptoflex-tool.exe pkcs15-init.exe netkey-tool.exe piv-tool.exe \
|
|
westcos-tool.exe sc-hsm-tool.exe dnie-tool.exe gids-tool.exe npa-tool.exe
|
|
OPENSC_FEATURES = $(OPENSC_FEATURES) openssl
|
|
CANDLEFLAGS = -dOpenSSL="$(OPENSSL_DIR)" $(CANDLEFLAGS)
|
|
!ENDIF
|
|
|
|
|
|
# If you want support for zlib (Used for PIV, infocamere and actalis):
|
|
# - Download zlib-dll and
|
|
# - uncomment the line starting with ZLIB_DEF
|
|
# - set the ZLIB_INCL_DIR below to the zlib include lib proceeded by "/I"
|
|
# - set the ZLIB_LIB below to your zlib lib file
|
|
#ZLIB_DEF = /DENABLE_ZLIB
|
|
!IF "$(ZLIBSTATIC_DEF)" == "/DENABLE_ZLIB_STATIC"
|
|
ZLIB_DEF = /DENABLE_ZLIB
|
|
!IF "$(ZLIB_INCL_DIR)" == ""
|
|
ZLIB_INCL_DIR = /IC:\zlib
|
|
!ENDIF
|
|
!IF "$(ZLIB_LIB)" == ""
|
|
ZLIB_LIB = C:\zlib\zlib.lib
|
|
!ENDIF
|
|
OPENSC_FEATURES = $(OPENSC_FEATURES) zlib
|
|
!ELSEIF "$(ZLIB_DEF)" == "/DENABLE_ZLIB"
|
|
!IF "$(ZLIB_INCL_DIR)" == ""
|
|
ZLIB_INCL_DIR = /IC:\zlib-dll\include
|
|
!ENDIF
|
|
!IF "$(ZLIB_LIB)" == ""
|
|
ZLIB_LIB = C:\zlib-dll\lib\zdll.lib
|
|
!ENDIF
|
|
OPENSC_FEATURES = $(OPENSC_FEATURES) zlib
|
|
CANDLEFLAGS = -dzlib="C:\zlib-dll" $(CANDLEFLAGS)
|
|
!ENDIF
|
|
|
|
|
|
# If you want support for EAC:
|
|
# - Download OpenPACE and
|
|
# - uncomment the line starting with OPENPACE_DEF
|
|
# - set the OPENPACE_INCL_DIR below to the OpenPACE include directory preceded by "/I"
|
|
# - set the OPENPACE_LIB below to your OpenPACE lib file
|
|
#OPENPACE_DEF= /DENABLE_OPENPACE
|
|
!IF "$(OPENPACE_DEF)" == "/DENABLE_OPENPACE"
|
|
!IF "$(OPENPACE_DIR)" == ""
|
|
OPENPACE_DIR = C:\openpace
|
|
!ENDIF
|
|
OPENPACE_INCL_DIR = /I$(OPENPACE_DIR)\src
|
|
OPENPACE_LIB = $(OPENPACE_DIR)\src\libeac.lib
|
|
CANDLEFLAGS = -dOpenPACE="$(OPENPACE_DIR)" $(CANDLEFLAGS)
|
|
!ENDIF
|
|
|
|
|
|
# Used for MiniDriver
|
|
CNGSDK_INCL_DIR = "/IC:\Program Files (x86)\Microsoft CNG Development Kit\Include"
|
|
!IF "$(PROCESSOR_ARCHITECTURE)" == "x86" && "$(PROCESSOR_ARCHITEW6432)" == ""
|
|
CNGSDK_INCL_DIR = "/IC:\Program Files\Microsoft CNG Development Kit\Include"
|
|
!ENDIF
|
|
# Mandatory path to 'ISO C9x compliant stdint.h and inttypes.h for Microsoft Visual Studio'
|
|
# http://msinttypes.googlecode.com/files/msinttypes-r26.zip
|
|
# INTTYPES_INCL_DIR = /IC:\opensc\dependencies\msys\local
|
|
|
|
# Code optimisation
|
|
# O1 - minimal code size
|
|
CODE_OPTIMIZATION = /O1
|
|
|
|
ALL_INCLUDES = /I$(TOPDIR)\win32 /I$(TOPDIR)\src $(OPENPACE_INCL_DIR) $(OPENSSL_INCL_DIR) $(OPENSSL_EXTRA_CFLAGS) $(ZLIB_INCL_DIR) $(LIBLTDL_INCL) $(INTTYPES_INCL_DIR) $(CNGSDK_INCL_DIR) $(WIX_INCL_DIR)
|
|
|
|
!IF "$(DEBUG_DEF)" == "/DDEBUG"
|
|
LINKDEBUGFLAGS = /NODEFAULTLIB:LIBCMT /DEBUG
|
|
CODE_OPTIMIZATION =
|
|
COPTS = /GS /W3 /WX /D_CRT_SECURE_NO_DEPRECATE /D_CRT_NONSTDC_NO_WARNINGS /MTd /nologo /DHAVE_CONFIG_H $(ALL_INCLUDES) /DWINVER=0x0601 /D_WIN32_WINNT=0x0601 /DWIN32_LEAN_AND_MEAN $(OPENPACE_DEF) $(OPENSSL_DEF) $(ZLIB_DEF) $(MINIDRIVER_DEF) $(SM_DEF) $(TESTS_DEF) /DOPENSC_FEATURES="\"$(OPENSC_FEATURES)\"" /DDEBUG /Zi /Od
|
|
!ELSE
|
|
LINKDEBUGFLAGS = /NODEFAULTLIB:LIBCMTD /DEBUG /OPT:REF /OPT:ICF
|
|
COPTS = /GS /W3 /WX /D_CRT_SECURE_NO_DEPRECATE /D_CRT_NONSTDC_NO_WARNINGS /MT /nologo /DHAVE_CONFIG_H $(ALL_INCLUDES) /DWINVER=0x0601 /D_WIN32_WINNT=0x0601 /DWIN32_LEAN_AND_MEAN $(OPENPACE_DEF) $(OPENSSL_DEF) $(ZLIB_DEF) $(MINIDRIVER_DEF) $(SM_DEF) $(TESTS_DEF) /DOPENSC_FEATURES="\"$(OPENSC_FEATURES)\"" /Zi
|
|
!ENDIF
|
|
|
|
|
|
LINKFLAGS = /NOLOGO /INCREMENTAL:NO /MACHINE:$(PLATFORM) /NODEFAULTLIB:MSVCRTD /NODEFAULTLIB:MSVCRT /NXCOMPAT /DYNAMICBASE $(LINKDEBUGFLAGS)
|
|
LIBFLAGS = /nologo /machine:$(PLATFORM)
|
|
!IF "$(PLATFORM)" == "x86"
|
|
CANDLEFLAGS = -dPlatform=x86 $(CANDLEFLAGS)
|
|
!ELSE
|
|
CANDLEFLAGS = -dPlatform=x64 $(CANDLEFLAGS)
|
|
!ENDIF
|
|
|
|
.c.obj::
|
|
cl $(CODE_OPTIMIZATION) $(COPTS) /c $<
|
|
|
|
.cpp.obj::
|
|
cl $(CODE_OPTIMIZATION) $(COPTS) /c $<
|
|
|
|
.rc.res::
|
|
rc /l 0x0409 $<
|
|
|
|
clean::
|
|
del /Q *.obj *.dll *.exe *.pdb *.lib *.def *.res
|