ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Enable keyfromlabel and enginepkcs11 systemtests with pkcs11-provider

Browse Source 
- Simplify configuration management by deducing SoftHSM module path
  from openssl config

- Determine the engine flag (-E) value from openssl config

- Drop unused/unneeded environment variables

- Run pkcs11-provider tests on Debian "sid" ossl3 flavor
This commit is contained in:
Timo Teräs
2023-08-05 15:22:38 +03:00
parent 628dd278d3
commit 7fbcf38a3f
13 changed files with 80 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bin/tests/system/enginepkcs11/setup.sh
View File

@@ -16,12 +16,14 @@
set -e
softhsm2-util --init-token --free --pin 1234 --so-pin 1234 --label "softhsm2-enginepkcs11" | awk '/^The token has been initialized and is reassigned to slot/ { print $NF }'
OPENSSL_CONF= softhsm2-util --init-token --free --pin 1234 --so-pin 1234 --label "softhsm2-enginepkcs11" | awk '/^The token has been initialized and is reassigned to slot/ { print $NF }'
printf '%s' "${HSMPIN:-1234}" > pin
parse_openssl_config
PWD=$(pwd)
copy_setports ns1/named.conf.in ns1/named.conf
sed -e "s/@ENGINE_ARGS@/${ENGINE_ARG}/g" < ns1/named.args.in > ns1/named.args
keygen() {
type="$1"
@@ -31,7 +33,7 @@ keygen() {
label="${id}-${zone}"
p11id=$(echo "${label}" | openssl sha1 -r | awk '{print $1}')
pkcs11-tool --module $SOFTHSM2_MODULE --token-label "softhsm2-enginepkcs11" -l -k --key-type $type:$bits --label "${label}" --id "${p11id}" --pin $(cat $PWD/pin) > pkcs11-tool.out.$zone.$id 2> pkcs11-tool.err.$zone.$id || return 1
OPENSSL_CONF= pkcs11-tool --module $SOFTHSM2_MODULE --token-label "softhsm2-enginepkcs11" -l -k --key-type $type:$bits --label "${label}" --id "${p11id}" --pin $(cat $PWD/pin) > pkcs11-tool.out.$zone.$id 2> pkcs11-tool.err.$zone.$id || return 1
}
keyfromlabel() {
@@ -41,7 +43,7 @@ keyfromlabel() {
dir="$4"
shift 4
$KEYFRLAB -K $dir -E pkcs11 -a $alg -l "token=softhsm2-enginepkcs11;object=${id}-${zone};pin-source=$PWD/pin" "$@" $zone >> keyfromlabel.out.$zone.$id 2> keyfromlabel.err.$zone.$id || return 1
$KEYFRLAB $ENGINE_ARG -K $dir -a $alg -l "pkcs11:token=softhsm2-enginepkcs11;object=${id}-${zone};pin-source=$PWD/pin" "$@" $zone >> keyfromlabel.out.$zone.$id 2> keyfromlabel.err.$zone.$id || return 1
cat keyfromlabel.out.$zone.$id
}
@@ -86,7 +88,7 @@ do
echo_i "Sign zone with $ksk1 $zsk1"
cat "$infile" "${dir}/${ksk1}.key" "${dir}/${zsk1}.key" > "${dir}/${zonefile}"
$SIGNER -K $dir -E pkcs11 -S -a -g -O full -o "$zone" "${dir}/${zonefile}" > signer.out.$zone || ret=1
$SIGNER $ENGINE_ARG -K $dir -S -a -g -O full -o "$zone" "${dir}/${zonefile}" > signer.out.$zone || ret=1
test "$ret" -eq 0 || exit 1
echo_i "Generate successor keys $alg $type:$bits for zone $zone"