libp11 PKCS#11 provider tests

Author: olszomal

.gitignore

@@ -74,8 +74,17 @@ tests/rsa-pss-sign
 tests/check-privkey
 tests/dup-key
 tests/store-cert
+tests/check-privkey-prov
+tests/dup-key-prov
+tests/evp-sign-prov
+tests/fork-change-slot-prov
+tests/rsa-oaep-prov
+tests/rsa-pss-sign-prov
+tests/store-cert-prov
+
 tests/*.log
 tests/*.trs
+tests/*.a
 tests/output.*
 
 doc/doxygen.conf

tests/Makefile.am

@@ -11,14 +11,22 @@ LDADD = ../src/libp11.la $(OPENSSL_LIBS)
 
 check_PROGRAMS = \
 	openssl_version \
-	fork-test evp-sign \
+	evp-sign \
+	evp-sign-prov \
+	fork-test \
 	fork-change-slot \
+	fork-change-slot-prov \
 	list-tokens \
 	rsa-pss-sign \
+	rsa-pss-sign-prov \
 	rsa-oaep \
+	rsa-oaep-prov \
 	check-privkey \
+	check-privkey-prov \
 	store-cert \
-	dup-key
+	store-cert-prov \
+	dup-key \
+	dup-key-prov
 dist_check_SCRIPTS = \
 	rsa-testpkcs11.softhsm \
 	rsa-testfork.softhsm \
@@ -36,11 +44,31 @@ dist_check_SCRIPTS = \
 	fork-change-slot.softhsm \
 	case-insensitive.softhsm \
 	pkcs11-uri-without-token.softhsm \
-	search-all-matching-tokens.softhsm
+	search-all-matching-tokens.softhsm \
+	provider-rsa-evp-sign.softhsm \
+	provider-rsa-pss-sign.softhsm \
+	provider-rsa-oaep.softhsm \
+	provider-rsa-check-privkey.softhsm \
+	provider-ec-evp-sign.softhsm \
+	provider-ec-check-privkey.softhsm \
+	provider-ec-cert-store.softhsm \
+	provider-ec-copy.softhsm \
+	provider-fork-change-slot.softhsm \
+	provider-case-insensitive.softhsm \
+	provider-pkcs11-uri-without-token.softhsm \
+	provider-search-all-matching-tokens.softhsm
 dist_check_DATA = \
 	rsa-cert.der rsa-privkey.der rsa-pubkey.der \
 	ec-cert.der ec-privkey.der ec-pubkey.der
 
+evp_sign_prov_SOURCES = evp-sign-prov.c helpers_prov.c
+fork_change_slot_prov_SOURCES = fork-change-slot-prov.c helpers_prov.c
+dup_key_prov_SOURCES = dup-key-prov.c helpers_prov.c
+check_privkey_prov_SOURCES = check-privkey-prov.c helpers_prov.c
+rsa_pss_sign_prov_SOURCES = rsa-pss-sign-prov.c helpers_prov.c
+rsa_oaep_prov_SOURCES = rsa-oaep-prov.c helpers_prov.c
+store_cert_prov_SOURCES = store-cert-prov.c helpers_prov.c
+
 TESTS = $(dist_check_SCRIPTS)
 
 TESTS_ENVIRONMENT =	\

tests/check-privkey-prov.c

@@ -0,0 +1,95 @@
+/*
+ * Copyright © 2025 Mobi - Com Polska Sp. z o.o.
+ * Author: Małgorzata Olszówka <Malgorzata.Olszowka@stunnel.org>
+ * All rights reserved.
+ *
+ * PKCS#11 provider test
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "helpers_prov.h"
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+
+int main(int argc, char *argv[])
+{
+	EVP_PKEY *private_key = NULL;
+	X509 *cert = NULL;
+	int ret = EXIT_FAILURE;
+
+	if (argc < 2) {
+		fprintf(stderr, "usage: %s [certificate (PEM or URL)] [private key URL]n", argv[0]);
+		return ret;
+	}
+
+	/* Load pkcs11prov and default providers */
+        if (!providers_load()) {
+		display_openssl_errors();
+		return ret;
+        }
+
+	/* Load certificate */
+	cert = load_cert(argv[1]);
+	if (!cert) {
+		fprintf(stderr, "Cannot load certificate: %s\n", argv[1]);
+		display_openssl_errors();
+		goto cleanup;
+	}
+	printf("Certificate found: %s\n", argv[1]);
+
+	/* Load private key */
+	private_key = load_pkey(argv[2], NULL);
+	if (!private_key) {
+		fprintf(stderr, "Cannot load private key: %s\n", argv[1]);
+		display_openssl_errors();
+		goto cleanup;
+	}
+	printf("Private key found.\n");
+
+	ret = X509_check_private_key(cert, private_key);
+	if (!ret) {
+		printf("Could not check private key.\n");
+		display_openssl_errors();
+		goto cleanup;
+	}
+
+	printf("Key and certificate matched.\n");
+	ret = EXIT_SUCCESS;
+
+cleanup:
+	X509_free(cert);
+	EVP_PKEY_free(private_key);
+	providers_cleanup();
+	printf("\n");
+	return ret;
+}
+
+#else
+
+int main() {
+	return 0;
+}
+
+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+
+/* vim: set noexpandtab: */

tests/dup-key-prov.c

@@ -0,0 +1,96 @@
+/*
+ * Copyright © 2025 Mobi - Com Polska Sp. z o.o.
+ * Author: Małgorzata Olszówka <Malgorzata.Olszowka@stunnel.org>
+ * All rights reserved.
+ *
+ * PKCS#11 provider test
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "helpers_prov.h"
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+
+int main(int argc, char *argv[])
+{
+	EVP_PKEY *private_key = NULL;
+	EVP_PKEY *private_key_dup = NULL;
+	int ret = EXIT_FAILURE;
+
+	if (argc < 1) {
+		fprintf(stderr, "Usage: %s [private key URL]\n", argv[0]);
+		return ret;
+	}
+
+	/* Load pkcs11prov and default providers */
+        if (!providers_load()) {
+		display_openssl_errors();
+		return ret;
+        }
+
+	/* Load private key */
+	private_key = load_pkey(argv[1], NULL);
+	if (!private_key) {
+		fprintf(stderr, "Cannot load private key: %s\n", argv[1]);
+		display_openssl_errors();
+		goto cleanup;
+	}
+	printf("Private key found.\n");
+
+	private_key_dup = EVP_PKEY_dup(private_key);
+	if (!private_key_dup) {
+		fprintf(stderr, "Cannot duplicate private key\n");
+		display_openssl_errors();
+		goto cleanup;
+	}	
+	printf("Duplicate private key created.\n");
+
+	EVP_PKEY_free(private_key_dup);
+	EVP_PKEY_free(private_key);
+
+	/* Do it one more time */
+	private_key = load_pkey(argv[1], NULL);
+	if (!private_key) {
+		fprintf(stderr, "Cannot load private key: %s\n", argv[1]);
+		display_openssl_errors();
+		goto cleanup;
+	}
+	printf("Private key found.\n");
+	ret = EXIT_SUCCESS;
+
+cleanup:
+	EVP_PKEY_free(private_key);
+	providers_cleanup();
+	printf("\n");
+	return ret;
+}
+
+#else
+
+int main() {
+	return 0;
+}
+
+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+
+/* vim: set noexpandtab: */