diff mbox series

[v4,ima-evm-utils,6/7] tests: Add pkcs11 test using provider

Message ID 20240228161408.284098-7-stefanb@linux.ibm.com (mailing list archive)
State New, archived
Headers show
Series Implement imaevm_signhash and add provider support | expand

Commit Message

Stefan Berger Feb. 28, 2024, 4:14 p.m. UTC
Adjust the existing pkcs11 engine test cases to pass --engine pkcs11 via
an option (OPTS) to evmctl rather than using a global variable. Then
duplicate the pkcs11 engine tests and pass --provider pkcs11 to run the
same tests using OpenSSL provider. Also check whether evmctl was compiled
with provider support and if the pkcs11 provider is installed.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 tests/functions.sh     |  1 -
 tests/sign_verify.test | 20 +++++++++++++++++---
 2 files changed, 17 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/tests/functions.sh b/tests/functions.sh
index c39b894..962a436 100755
--- a/tests/functions.sh
+++ b/tests/functions.sh
@@ -373,7 +373,6 @@  _softhsm_setup() {
     PKCS11_KEYURI=$(echo "$msg" | sed -n 's|^keyuri: \(.*\)|\1|p')
     export PKCS11_KEYURI
 
-    export EVMCTL_ENGINE="--engine pkcs11"
     export OPENSSL_ENGINE="-engine pkcs11"
     export OPENSSL_KEYFORM="-keyform engine"
   else
diff --git a/tests/sign_verify.test b/tests/sign_verify.test
index 16c7ada..f9522e0 100755
--- a/tests/sign_verify.test
+++ b/tests/sign_verify.test
@@ -447,10 +447,24 @@  if [ -n "${PKCS11_KEYURI}" ]; then
     expect_pass __skip
     expect_pass __skip
   fi
+
+  # provider may not be supported or pkcs11 provider not installed
+  if evmctl --help 2>/dev/null | grep -q provider && \
+     openssl list -providers -provider pkcs11 2>/dev/null; then
+    PKCS11_PRIVKEYURI=${PKCS11_KEYURI//type=public/type=private}
+
+    expect_pass check_sign FILE=pkcs11test TYPE=ima KEY="${PKCS11_PRIVKEYURI}" ALG=sha256 PREFIX=0x030204aabbccdd0100 OPTS="--keyid=aabbccdd --provider pkcs11"
+    expect_pass check_sign FILE=pkcs11test TYPE=ima KEY="${PKCS11_PRIVKEYURI}" ALG=sha1   PREFIX=0x030202aabbccdd0100 OPTS="--keyid=aabbccdd --provider pkcs11"
+  else
+    __skip() { echo "pkcs11 test with provider is skipped since no provider support or pkcs11 not installed"; return "$SKIP"; }
+    expect_pass __skip
+    expect_pass __skip
+  fi
 else
   # to have a constant number of tests, skip these two tests
-  __skip() { echo "pkcs11 test is skipped: could not setup softhsm"; return $SKIP; }
-  expect_pass __skip
-  expect_pass __skip
+  __skip() { echo "pkcs11 test is skipped: could not setup softhsm"; return "$SKIP"; }
+  for i in $(seq 0 3); do
+    expect_pass __skip
+  done
 fi
 _softhsm_teardown "${WORKDIR}"