shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-09 09:54:25 +09:00
Code Issues Packages Projects Releases Wiki Activity

tests: Remove p11-kit remoting from pkcs11 tests

Browse Source 
The p11-kit remoting was initially introduced because softhsm
was crashing during cleanup with OpenSSL 3.0. This was resolved
since then and this code introduces a lot of complexity and
possible bugs, such as when using the mechanisms from PKCS#11 3.0
that are unknown to the p11-kit remoting tool. It decides to remove
them from the list as demonstrated here:

https://github.com/p11-glue/p11-kit/issues/668

This resulted in pkcs11-provider not registering EDDSA siganture
methods to the OpenSSL and failing when asked to provide a singature
by the Ed25519 key from the PKCS#11 token.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
This commit is contained in:
Jakub Jelen
2025-01-22 17:45:43 +01:00
parent 8922e43578
commit 99fcd56135
5 changed files with 23 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
tests/pkcs11/setup-softhsm-tokens.sh
View File

@@ -8,7 +8,6 @@ OBJNAME=$3
TOKENLABEL=$3 # yeah. The same as object label
LOADPUBLIC=$4
LIBSOFTHSM_PATH=$5
P11_KIT_CLIENT=$6
shift 5
PUBKEY="$PRIVKEY.pub"
@@ -86,55 +85,6 @@ if [ $ret -ne 0 ]; then
fi
echo "$out"
# Skip the p11-kit if not needed
if [ -z "$P11_KIT_CLIENT" ]; then
exit 0
fi
# when creating more keys, we need to restart the p11-kit
# so it can pick up the new keys
if [ -h "$TESTDIR/p11-kit-server.socket" ]; then
kill -9 "$(cat "$TESTDIR/p11-kit-server.pid")"
rm "$TESTDIR/p11-kit-server.socket"
fi
# p11-kit complains if there is no runtime directory
if [ -z "$XDG_RUNTIME_DIR" ]; then
export XDG_RUNTIME_DIR=$PWD
fi
# Start the p11-kit server
cmd="p11-kit server --provider $LIBSOFTHSM_PATH pkcs11:"
echo "$cmd"
out=$(eval "$cmd")
ret=$?
if [ $ret -ne 0 ]; then
echo "Starting p11-kit server failed"
echo "$out"
exit 1
fi
eval "$out"
# Symlink the p11-kit-server socket to "known place"
P11_KIT_SERVER_ADDRESS_PATH=${P11_KIT_SERVER_ADDRESS:10}
cmd="ln -s $P11_KIT_SERVER_ADDRESS_PATH $TESTDIR/p11-kit-server.socket"
echo "$cmd"
out=$(eval "$cmd")
# Save the PID for the C code to clean up
cmd="echo $P11_KIT_SERVER_PID > $TESTDIR/p11-kit-server.pid"
echo "$cmd"
out=$(eval "$cmd")
cmd="pkcs11-tool -O --login --pin=1234 --module=$P11_KIT_CLIENT --token-label=$TOKENLABEL"
echo "$cmd"
out=$(eval "$cmd")
ret=$?
echo "$out"
if [ $ret -ne 0 ]; then
echo "Failed to list keys through p11-kit remoting"
echo "$out"
exit 1
fi
pkcs11-tool -M --login --pin=1234 --module="$LIBSOFTHSM_PATH" --token-label="$TOKENLABEL"
exit 0