This series of patches adds support for signing with pkcs11 URIs so that
pkcs11-enabled devices can also be used for file signing.
Extend the existing sign_verify.test with tests for the new pkcs11 URI support.
Use SoftHSM, when available, as a pkcs11 device for testing.
Stefan
v4:
- Addressed Mimi's comments on v3
v3:
- Used commit messages Mimi suggested
- 7/9: Split off imported script into own patch
- 8/9: Added missing EVMCTL_ENGINE variable that allowed to enable Debian
and Ubuntu testing in 9/9; improvements on setup and teardown
functions
- 9/9: Installation of required packages on Debian and Ubuntu
Stefan Berger (9):
evmctl: Implement support for EVMCTL_KEY_PASSWORD environment variable
evmctl: Handle failure to initialize the openssl engine
evmctl: Implement function for setting up an OpenSSL engine
evmctl: Define and use an ENGINE field in libimaevm_params
evmctl: use the pkcs11 engine for pkcs11: prefixed URIs
libimaevm: Add support for pkcs11 private keys for signing a v2 hash
tests: Import softhsm_setup script to enable pkcs11 test case
tests: Extend sign_verify test with pkcs11-specific test
tests: Get the packages for pkcs11 testing on the CI/CD system
README | 5 +
ci/alt.sh | 3 +
ci/debian.sh | 3 +-
ci/fedora.sh | 8 ++
ci/tumbleweed.sh | 3 +
src/evmctl.c | 54 +++++---
src/imaevm.h | 2 +
src/libimaevm.c | 47 +++++--
tests/functions.sh | 45 ++++++-
tests/ima_hash.test | 2 +-
tests/sign_verify.test | 52 ++++++--
tests/softhsm_setup | 293 +++++++++++++++++++++++++++++++++++++++++
12 files changed, 473 insertions(+), 44 deletions(-)
create mode 100755 tests/softhsm_setup
--
2.31.1
