[FAB-1648] Vendor PKCS11 bindings

Bring in PKCS11 Golang bindings.
Test the vendored files by loading softhsm if can be found

Softhsm is being installed by
https://gerrit.hyperledger.org/r/#/c/4359/

Change-Id: I848c66b778e131ff91819b11f8b53e03934374a1
Signed-off-by: Volodymyr Paprotski <[email protected]>

Author: Volodymyr Paprotski

bccsp/pkcs11/impl_test.go

@@ -17,29 +17,24 @@ package pkcs11
 
 import (
 	"bytes"
-	"os"
-	"testing"
-
 	"crypto"
-	"crypto/rsa"
-
+	"crypto/ecdsa"
+	"crypto/elliptic"
 	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/sha512"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/asn1"
+	"fmt"
+	"hash"
 	"math/big"
 	"net"
+	"os"
+	"testing"
 	"time"
 
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/sha256"
-
-	"fmt"
-
-	"crypto/sha512"
-	"hash"
-
 	"github.com/hyperledger/fabric/bccsp"
 	"github.com/hyperledger/fabric/bccsp/signer"
 	"github.com/hyperledger/fabric/bccsp/utils"
@@ -65,6 +60,17 @@ func TestMain(m *testing.M) {
 	}
 	currentKS = ks
 
+	lib, pin, label := findPKCS11Lib()
+	if enablePKCS11tests {
+		err := initPKCS11(lib, pin, label)
+		if err != nil {
+			fmt.Printf("Failed initializing PKCS11 library [%s]", err)
+			os.Exit(-1)
+		}
+	} else {
+		fmt.Printf("No PKCS11 library found, skipping PKCS11 tests")
+	}
+
 	tests := []testConfig{
 		{256, "SHA2"},
 		{256, "SHA3"},
@@ -1896,3 +1902,35 @@ func getCryptoHashIndex(t *testing.T) crypto.Hash {
 
 	return crypto.SHA3_256
 }
+
+var enablePKCS11tests = false
+
+func findPKCS11Lib() (lib, pin, label string) {
+	//FIXME: Till we workout the configuration piece, look for the libraries in the familiar places
+	lib = os.Getenv("PKCS11_LIB")
+	if lib == "" {
+		pin = "98765432"
+		label = "ForFabric"
+		possibilities := []string{
+			"/usr/lib/softhsm/libsofthsm2.so",                            //Debian
+			"/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so",           //Ubuntu
+			"/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so",            //Ubuntu
+			"/usr/local/Cellar/softhsm/2.1.0/lib/softhsm/libsofthsm2.so", //MacOS
+		}
+		for _, path := range possibilities {
+			if _, err := os.Stat(path); !os.IsNotExist(err) {
+				lib = path
+				enablePKCS11tests = true
+				break
+			}
+		}
+		if lib == "" {
+			enablePKCS11tests = false
+		}
+	} else {
+		enablePKCS11tests = true
+		pin = os.Getenv("PKCS11_PIN")
+		label = os.Getenv("PKCS11_LABEL")
+	}
+	return lib, pin, label
+}

bccsp/pkcs11/pkcs11.go

@@ -0,0 +1,106 @@
+/*
+Copyright IBM Corp. 2017 All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+		 http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package pkcs11
+
+import (
+	"fmt"
+	"github.com/miekg/pkcs11"
+)
+
+var (
+	ctx      *pkcs11.Ctx
+	sessions = make(chan pkcs11.SessionHandle, 2000)
+	slot     uint
+)
+
+func initPKCS11(lib, pin, label string) error {
+	return loadLib(lib, pin, label)
+}
+
+func loadLib(lib, pin, label string) error {
+	logger.Debugf("Loading pkcs11 library [%s]\n", lib)
+	if lib == "" {
+		return fmt.Errorf("No PKCS11 library default")
+	}
+
+	ctx = pkcs11.New(lib)
+	if ctx == nil {
+		return fmt.Errorf("Instantiate failed [%s]", lib)
+	}
+
+	ctx.Initialize()
+	slots, err := ctx.GetSlotList(true)
+	if err != nil {
+		return err
+	}
+	found := false
+	for _, s := range slots {
+		info, err := ctx.GetTokenInfo(s)
+		if err != nil {
+			continue
+		}
+		if label == info.Label {
+			found = true
+			slot = s
+			break
+		}
+	}
+	if !found {
+		return fmt.Errorf("Could not find token with label %s", label)
+	}
+	session := getSession()
+	defer returnSession(session)
+
+	if pin == "" {
+		return fmt.Errorf("No PIN set\n")
+	}
+	err = ctx.Login(session, pkcs11.CKU_USER, pin)
+	if err != nil {
+		return fmt.Errorf("Login failed [%s]\n", err)
+	}
+
+	return nil
+}
+
+func getSession() (session pkcs11.SessionHandle) {
+	select {
+	case session = <-sessions:
+		logger.Debugf("Reusing existing pkcs11 session %x on slot %d\n", session, slot)
+
+	default:
+		// create one
+		var s pkcs11.SessionHandle
+		var err error = nil
+		for i := 0; i < 10; i++ {
+			s, err = ctx.OpenSession(slot, pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
+			if err != nil {
+				logger.Warningf("OpenSession failed, retrying [%s]\n", err)
+			} else {
+				break
+			}
+		}
+		if err != nil {
+			logger.Fatalf("OpenSession [%s]\n", err)
+		}
+		logger.Debugf("Created new pkcs11 session %x on slot %d\n", session, slot)
+		session = s
+	}
+	return session
+}
+
+func returnSession(session pkcs11.SessionHandle) {
+	sessions <- session
+}

bccsp/pkcs11/pkcs11_test.go

@@ -0,0 +1,29 @@
+/*
+Copyright IBM Corp. 2017 All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+		 http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package pkcs11
+
+import (
+	"testing"
+)
+
+func TestPKCS11GetSession(t *testing.T) {
+	if !enablePKCS11tests {
+		t.SkipNow()
+	}
+
+	session := getSession()
+	defer returnSession(session)
+}