Cryptoki etas integration

[oeweda]

Key Changes:

• Integrated the cryptoki module natively into the score_crypto.

• Moved the cryptoki provider to score/crypto/daemon/provider/pkcs11/cryptoki.

• Updated all Bazel build configurations, Cargo dependencies, and lockfiles to correctly map to the new path.

• Verified that the daemon, integration tests, and multi-provider demos build and pass successfully with the new provider location.

• Use a single source for openssl (ETAS provided version) found under third_party/openssl

• Integrate SCORE Logger into Cryptoki code

• closes Integrate PKCS11 (Cryptoki) to SCORE #29 (children tasks PKCS11 (Cryptoki) Integration with SCORE #31 and Integration of PKCS11 (Cryptoki) With ETAS Architecture #32)

• closes Have only one version of OpenSSL on target #30 (child task Selecting One OpenSSL Version for the Security Code #33)

Your Reviews will be appreciated @ChansAlive @PandaeDo @masc2023 @schreibwsag @OliverHeilwagen

[github-actions]

License Check Results

🚀 The license check job ran with the Bazel command:

bazel run --lockfile_mode=error //:license-check

Status: ⚠️ Needs Review

Click to expand output

[License Check Output]
Extracting Bazel installation...
Starting local Bazel server (8.3.0) and connecting to it...
INFO: Invocation ID: 0898c513-944c-4aee-9724-9a88a40722dd
Computing main repo mapping: 
Computing main repo mapping: 
Computing main repo mapping: 
DEBUG: Rule 'abseil-cpp+' indicated that a canonical reproducible form can be obtained by modifying arguments integrity = "sha256-m3oGQwXp/ZTRJP+mzDWFkutCtdpYj7TgfQklSqQAhts="
DEBUG: Repository abseil-cpp+ instantiated at:
  <builtin>: in <toplevel>
Repository rule http_archive defined at:
  /home/runner/.bazel/external/bazel_tools/tools/build_defs/repo/http.bzl:394:31: in <toplevel>
Computing main repo mapping: 
DEBUG: Rule 'protobuf+' indicated that a canonical reproducible form can be obtained by modifying arguments integrity = "sha256-w6Cp7OiTLjHDtzbi2xixxC5wcM2biBOIsm0BqnHiTKI="
DEBUG: Repository protobuf+ instantiated at:
  <builtin>: in <toplevel>
Repository rule http_archive defined at:
  /home/runner/.bazel/external/bazel_tools/tools/build_defs/repo/http.bzl:394:31: in <toplevel>
DEBUG: Rule 'grpc+' indicated that a canonical reproducible form can be obtained by modifying arguments integrity = "sha256-CvN7gAlTEwtHwHW1ZoPuYL3D7aPDf8YAQZP1tWl1ggQ="
DEBUG: Repository grpc+ instantiated at:
  <builtin>: in <toplevel>
Repository rule http_archive defined at:
  /home/runner/.bazel/external/bazel_tools/tools/build_defs/repo/http.bzl:394:31: in <toplevel>
Computing main repo mapping: 
WARNING: For repository 'score_bazel_platforms', the root module requires module version score_bazel_platforms@0.1.1, but got score_bazel_platforms@0.1.2 in the resolved dependency graph. Please update the version in your MODULE.bazel or set --check_direct_dependencies=off
WARNING: For repository 'rules_cc', the root module requires module version rules_cc@0.2.16, but got rules_cc@0.2.17 in the resolved dependency graph. Please update the version in your MODULE.bazel or set --check_direct_dependencies=off
WARNING: For repository 'flatbuffers', the root module requires module version flatbuffers@25.2.10, but got flatbuffers@25.12.19 in the resolved dependency graph. Please update the version in your MODULE.bazel or set --check_direct_dependencies=off
WARNING: For repository 'score_rust_policies', the root module requires module version score_rust_policies@0.0.4, but got score_rust_policies@0.0.5 in the resolved dependency graph. Please update the version in your MODULE.bazel or set --check_direct_dependencies=off
WARNING: For repository 'score_crates', the root module requires module version score_crates@0.0.7, but got score_crates@0.0.9 in the resolved dependency graph. Please update the version in your MODULE.bazel or set --check_direct_dependencies=off
WARNING: For repository 'score_tooling', the root module requires module version score_tooling@1.1.2, but got score_tooling@1.2.0 in the resolved dependency graph. Please update the version in your MODULE.bazel or set --check_direct_dependencies=off
WARNING: For repository 'aspect_rules_lint', the root module requires module version aspect_rules_lint@1.5.3, but got aspect_rules_lint@2.0.0 in the resolved dependency graph. Please update the version in your MODULE.bazel or set --check_direct_dependencies=off
Computing main repo mapping: 
Loading: 
Loading: 1 packages loaded
Loading: 1 packages loaded
    currently loading: 
Loading: 1 packages loaded
    currently loading: 
WARNING: Target pattern parsing failed.
ERROR: Skipping '//:license-check': no such target '//:license-check': target 'license-check' not declared in package '' defined by /home/runner/work/inc_security_crypto/inc_security_crypto/BUILD
ERROR: no such target '//:license-check': target 'license-check' not declared in package '' defined by /home/runner/work/inc_security_crypto/inc_security_crypto/BUILD
INFO: Elapsed time: 11.395s
INFO: 0 processes.
ERROR: Build did NOT complete successfully
ERROR: Build failed. Not running target

[masc2023]

This document containt a directive workproduct, please remove, does not exits, is only used in process description,

[masc2023]

why invalid and not draft?

[masc2023]

why invalid?

[masc2023]

not correct, fulfils should link to requirements somewhere. e.g. compare https://eclipse-score.github.io/process_description/main/general_concepts/score_traceability_concept.html

[PandaeDo]

80k lines. Sorry, but I'm not able to review that. Is it possible to create smaller, readable PR's?

[ChansAlive]

Kindly check the PR again and resolve the merge conflicts.
It may then reflect the actual changes that is being brought in.
It currently shows the source code that is already present in the main as incoming changes.
Thanks

[schreibwsag]

test_pkcs11_provider fails when compiled with USE_RUST_PKCS11 ("C_InitToken failed: 160").
test_pkcs11_provider tries to initialize the token which is apparently necessary for the SoftHSM2
case, but not for libcryptoki. Proposal: to get test_pkcs11_provider running, do the initialization
parts only if USE_RUST_PKCS11 is not defined. Then test_pkcs11_provider will run:

./bazel-bin/tests/provider_test/test_pkcs11_provider
[==========] Running 4 tests from 1 test suite.
[----------] Global test environment set-up.
[----------] 4 tests from Pkcs11ProviderHashTest
[ RUN ] Pkcs11ProviderHashTest.SHA256SingleShotHash
mw::log initialization error: Error No logging configuration files could be found. occurred with context information: Failed to load configuration files. Fallback to console logging.
mw::log initialization error: Error No logging configuration files could be found. occurred with context information: Failed to load configuration files. Fallback to console logging.
2026/06/18 05:17:33.9853564 2801418324 000 ECU1 NONE DFLT log warn verbose 4 [PKCS#11] Warning: token label autodetect failed for ' SoftHSM '. Falling back to first present slot id= 0
[ OK ] Pkcs11ProviderHashTest.SHA256SingleShotHash (126 ms)
[ RUN ] Pkcs11ProviderHashTest.SHA256StreamingHash
2026/06/18 05:17:33.9853692 2801419597 000 ECU1 NONE DFLT log warn verbose 4 [PKCS#11] Warning: token label autodetect failed for ' SoftHSM '. Falling back to first present slot id= 0
[ OK ] Pkcs11ProviderHashTest.SHA256StreamingHash (122 ms)
[ RUN ] Pkcs11ProviderHashTest.StreamStateViolation
2026/06/18 05:17:33.9853802 2801420698 000 ECU1 NONE DFLT log warn verbose 4 [PKCS#11] Warning: token label autodetect failed for ' SoftHSM '. Falling back to first present slot id= 0
[ OK ] Pkcs11ProviderHashTest.StreamStateViolation (110 ms)
[ RUN ] Pkcs11ProviderHashTest.TrueConcurrentStreamingOnSeparateSessions
2026/06/18 05:17:33.9853925 2801421927 000 ECU1 NONE DFLT log warn verbose 4 [PKCS#11] Warning: token label autodetect failed for ' SoftHSM '. Falling back to first present slot id= 0
[ OK ] Pkcs11ProviderHashTest.TrueConcurrentStreamingOnSeparateSessions (123 ms)
[----------] 4 tests from Pkcs11ProviderHashTest (482 ms total)

[----------] Global test environment tear-down
[==========] 4 tests from 1 test suite ran. (482 ms total)
[ PASSED ] 4 tests.