Skip to content

PKCS #11 3.1/3.2 conformance tests and scripting with XML #879

Description

@frankmorgner

I have implemented a command-line tool for testing and XML scripting interactions with PKCS #11 providers (https://github.com/frankmorgner/pkcs11-test).

In my CI pipeline, I'm testing it by running the PKCS#11 3.1/3.2 conformance tests against SoftHSM:

- run: target/release/pkcs11-test --module ${{ matrix.softhsm }} src/test-cases/pkcs11-v3.1/softhsm-2.6.1/init.xml
- run: target/release/pkcs11-test --module ${{ matrix.softhsm }} src/test-cases/pkcs11-v3.1/softhsm-2.6.1/AUTH-M-1-31.xml src/test-cases/pkcs11-v3.1/softhsm-2.6.1/BL-M-1-31.xml src/test-cases/pkcs11-v3.1/softhsm-2.6.1/CERT-M-1-31.xml src/test-cases/pkcs11-v3.1/softhsm-2.6.1/EXT-M-1-31.xml
- run: cat src/test-cases/pkcs11-v3.2/softhsm-2.6.1/AUTH-M-1-32.xml src/test-cases/pkcs11-v3.2/softhsm-2.6.1/BL-M-1-32.xml src/test-cases/pkcs11-v3.2/softhsm-2.6.1/CERT-M-1-32.xml src/test-cases/pkcs11-v3.2/softhsm-2.6.1/EXT-M-1-32.xml | target/release/pkcs11-test --module ${{ matrix.softhsm }}

The tests currently are very limited and SoftHSM only differs in terms of the static identifiers that the official PKCS #11 profiles are requiring. That's why I'm currently running an adapted version of the tests with dynamic identifiers compatible with SoftHSM.

I think the tool makes running integration tests a little easier (including initialisation) since you don't need compiled code to access PKCS #11 anymore. And in particular, checking the official conformance tests in YOUR CI pipeline may also be interesting for SoftHSM.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Fields

    No fields configured for Feature.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions