2 files changed, 60 insertions, 0 deletions

diff --git a/src/tests/Makefile b/src/tests/Makefile
new file mode 100644
index 0000000..6170730
--- /dev/null
+++ b/src/tests/Makefile
@@ -0,0 +1,47 @@
+TEXT = "A foo is a bar"
+SOFTHSM = /usr/bin/softhsm2-util
+
+direct-softhsm: testsig.hsm.pem
+	( \
+	OPENSSL_CONF=./openssl.cnf; \
+	tokenurl=$$(p11tool --login --provider=/usr/lib/softhsm/libsofthsm2.so --list-token-urls); \
+	echo $(TEXT) | openssl dgst -sha256 -engine pkcs11 -keyform ENGINE -prverify $$tokenurl -signature $< | egrep "^Verified OK$$"; \
+	)
+
+softhsm-token-setup: softhsm-token-setup.stamp
+softhsm-token-setup.stamp: softhsm/tokens testkey.pkcs8
+	test -x $(SOFTHSM)
+	( \
+	BASEDIR=$$(pwd); \
+	export SOFTHSM2_CONF=$$BASEDIR/softhsm/softhsm2.conf; \
+	echo "directories.tokendir = $$BASEDIR/softhsm/tokens/" > $$SOFTHSM2_CONF; \
+	${SOFTHSM} --init-token --free --label mytoken --so-pin ffffff --pin ffff; \
+	${SOFTHSM} --import testkey.pkcs8 --token mytoken --label mykey --id 00 --pin ffff; \
+	)
+	touch $@
+
+softhsm/tokens:
+	mkdir -p $@
+
+testkey.pkcs8: testkey.pem
+	openssl pkey -in $< -outform pem -out $@
+
+testkey.pem:
+	openssl genrsa -out $@ 2048
+
+testsig.local.pem: testkey.pem
+	echo $(TEXT) | openssl dgst -sha256 -sign testkey.pem -out $@
+
+testsig.hsm.pem: softhsm-token-setup testkey.pem openssl.cnf
+	( \
+	OPENSSL_CONF=./openssl.cnf; \
+	tokenurl=$$(p11tool --login --provider=/usr/lib/softhsm/libsofthsm2.so --list-token-urls); \
+	echo $(TEXT) | openssl dgst -sha256 -engine pkcs11 -keyform ENGINE -sign $$tokenurl -out $@; \
+	)
+
+clean:
+	[ -d softhsm ] && rm -r softhsm
+	-rm testkey.pem testkey.pkcs8
+	-rm testsig.*.pem
+
+.PHONY: clean
diff --git a/src/tests/openssl.cnf b/src/tests/openssl.cnf
new file mode 100644
index 0000000..9daa0a4
--- /dev/null
+++ b/src/tests/openssl.cnf
@@ -0,0 +1,13 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+engines=engine_section
+
+[engine_section]
+pkcs11 = pkcs11_section
+
+[pkcs11_section]
+engine_id = pkcs11
+dynamic_path = /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so
+MODULE_PATH = /usr/lib/softhsm/libsofthsm2.so
+init = 0