Update SoftHSM v2.0 to the latest version

Change-Id: Ib3ec2c297f897c82776a66fe2ad55b18984c0337 Issue-ID: AAF-687 Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
author: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com> 2019-01-02 09:59:48 -0800
committer: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com> 2019-03-29 09:59:04 -0700
commit: 7626b75b3c71173ba62c2f92d22bab8f4291e44a (patch)
tree: 7308a2628a014fef0f245ef4f00408cf92d15e60 /SoftHSMv2/modules
parent: f2ff7a136a152b36b3aa4d0d574796e6edbef24a (diff)
17 files changed, 818 insertions, 0 deletions
diff --git a/SoftHSMv2/modules/CompilerOptions.cmake b/SoftHSMv2/modules/CompilerOptions.cmake
new file mode 100644
index 0000000..29a0ae5
--- /dev/null
+++ b/SoftHSMv2/modules/CompilerOptions.cmake
@@ -0,0 +1,506 @@
+include(CheckCXXCompilerFlag)
+include(CheckFunctionExists)
+include(CheckIncludeFiles)
+include(CheckLibraryExists)
+include(CheckSymbolExists)
+include(CheckTypeSize)
+
+function(enable_cxx_compiler_flag_if_supported flag)
+    string(FIND "${CMAKE_CXX_FLAGS}" "${flag}" flag_already_set)
+    if(flag_already_set EQUAL -1)
+        check_cxx_compiler_flag("${flag}" flag_supported)
+        if(flag_supported)
+            add_compile_options(${flag})
+        elseif(flag_supported)
+            message(WARNING "unsupported compiler flag: ${flag}")
+        endif(flag_supported)
+        unset(flag_supported CACHE)
+    endif()
+endfunction()
+
+# Configures C++11
+set(CMAKE_CXX_STANDARD 11)
+set(CMAKE_CXX_STANDARD_REQUIRED ON)
+set(HAVE_CXX11 1)
+
+if(ENABLE_PEDANTIC)
+    enable_cxx_compiler_flag_if_supported(-pedantic)
+    set(ENABLE_STRICT ON)
+endif(ENABLE_PEDANTIC)
+
+if(ENABLE_STRICT)
+    set(CMAKE_CXX_EXTENSIONS OFF)
+endif(ENABLE_STRICT)
+
+set(CMAKE_POSITION_INDEPENDENT_CODE ON)
+
+# Compiler Options/Macros
+
+# FIXME: These options need to be set on a per object file basis (*.o). Do not belong here.
+#        Are these even required? They just modify the Makefile representation of the target.
+#add_compile_options(-MD)
+#add_compile_options(-MP)
+#add_compile_options(-MF)
+#add_compile_options(-MT)
+
+# FIXME: [Implement AC_HEADER_STDC]:
+# Find a CMake mechanism performs the check as defined in
+# AC_HEADER_STDC:
+# https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/Particular-Headers.html
+#
+# Not sure if this is a legacy check, or it's something that we need to
+# continue to check with modern compiler versions.
+set(STDC_HEADERS 1)
+
+# acx_strict.m4
+if(ENABLE_STRICT)
+    enable_cxx_compiler_flag_if_supported(-Wall)
+    enable_cxx_compiler_flag_if_supported(-Wextra)
+endif(ENABLE_STRICT)
+
+# acx_64bit.m4
+if(ENABLE_64BIT)
+    if(CMAKE_SIZEOF_VOID_P STREQUAL "8")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -m64")
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m64")
+    else(CMAKE_SIZEOF_VOID_P STREQUAL "8")
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -m32")
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m32")
+    endif(CMAKE_SIZEOF_VOID_P STREQUAL "8")
+endif(ENABLE_64BIT)
+
+# Equivalent of acx_visibility.m4
+if(DISABLE_VISIBILITY)
+    message(STATUS "-fvisibility=hidden has been disabled")
+else(DISABLE_VISIBILITY)
+    set(CRYPTOKI_VISIBILITY 1)
+    set(CMAKE_CXX_VISIBILITY_PRESET hidden)
+endif(DISABLE_VISIBILITY)
+
+# acx_non_paged_memory.m4
+if(DISABLE_NON_PAGED_MEMORY)
+    message(STATUS "non-paged-memory disabled")
+else(DISABLE_NON_PAGED_MEMORY)
+    set(SENSITIVE_NON_PAGE 1)
+    check_include_files(sys/mman.h HAVE_SYS_MMAN_H)
+    execute_process(COMMAND bash -c "ulimit -l"
+                    OUTPUT_VARIABLE MLOCK_SIZE
+                    OUTPUT_STRIP_TRAILING_WHITESPACE
+                    )
+    if(NOT "${MLOCK_SIZE}" STREQUAL "unlimited")
+        message(WARNING "\
+    ======================================================================
+    SoftHSM has been configured to store sensitive data in non-page RAM
+    (i.e. memory that is not swapped out to disk). This is the default and
+    most secure configuration. Your system, however, is not configured to
+    support this model in non-privileged accounts (i.e. user accounts).
+
+    You can check the setting on your system by running the following
+    command in a shell:
+
+            ulimit -l
+
+    If this does not return \"unlimited\" and you plan to run SoftHSM from
+    non-privileged accounts then you should edit the configuration file
+    /etc/security/limits.conf (on most systems).
+
+    You will need to add the following lines to this file:
+
+    #<domain>       <type>          <item>          <value>
+    *               -               memlock         unlimited
+
+    Alternatively, you can elect to disable this feature of SoftHSM by
+    re-running cmake with the option \"-DDISABLE_NON_PAGED_MEMORY=ON\".
+    Please be advised that this may seriously degrade the security of
+    SoftHSM.
+    ======================================================================")
+    endif(NOT "${MLOCK_SIZE}" STREQUAL "unlimited")
+endif(DISABLE_NON_PAGED_MEMORY)
+
+# Check if -ldl exists (equivalent of acx_dlopen.m4)
+check_library_exists(dl dlopen "" HAVE_DLOPEN)
+check_function_exists(LoadLibrary HAVE_LOADLIBRARY)
+
+# acx_libtool.m4
+check_include_files(dlfcn.h HAVE_DLFCN_H)
+
+# configure:
+
+# STDC_HEADERS
+check_include_files(sys/types.h HAVE_SYS_TYPES_H)
+check_include_files(sys/stat.h HAVE_SYS_STAT_H)
+check_include_files(stdlib.h HAVE_STDLIB_H)
+check_include_files(stddef.h HAVE_STDDEF_H)
+check_include_files(string.h HAVE_STRING_H)
+check_include_files(strings.h HAVE_STRINGS_H)
+check_include_files(inttypes.h HAVE_INTTYPES_H)
+check_include_files(stdint.h HAVE_STDINT_H)
+check_include_files(unistd.h HAVE_UNISTD_H)
+
+check_include_files(memory.h HAVE_MEMORY_H)
+check_include_files(pthread.h HAVE_PTHREAD_H)
+check_function_exists(getpwuid_r HAVE_GETPWUID_R)
+
+# Find Botan Crypto Backend
+if(WITH_CRYPTO_BACKEND STREQUAL "botan")
+    set(WITH_BOTAN 1)
+
+    include(FindBotan)
+    if(NOT BOTAN_FOUND)
+        message(FATAL_ERROR "Failed to find Botan!")
+    endif()
+
+    set(CRYPTO_INCLUDES ${BOTAN_INCLUDE_DIRS})
+    set(CRYPTO_LIBS ${BOTAN_LIBRARIES})
+    message(STATUS "Botan: Includes: ${CRYPTO_INCLUDES}")
+    message(STATUS "Botan: Libs: ${CRYPTO_LIBS}")
+
+    # CXX11 flag is not added to try_run, so set it locally.
+    CHECK_CXX_COMPILER_FLAG("-std=c++11" COMPILER_SUPPORTS_CXX11)
+    CHECK_CXX_COMPILER_FLAG("-std=c++0x" COMPILER_SUPPORTS_CXX0X)
+    set(TMP_CXX_FLAGS ${CMAKE_CXX_FLAGS})
+    if(COMPILER_SUPPORTS_CXX11)
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
+    elseif(COMPILER_SUPPORTS_CXX0X)
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++0x")
+    endif()
+
+    # acx_botan_ecc.m4
+    if(ENABLE_ECC)
+        set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_ecc.cpp)
+        try_run(RUN_ECC COMPILE_RESULT
+                "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+                LINK_LIBRARIES ${CRYPTO_LIBS}
+                CMAKE_FLAGS
+                    "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+                )
+        if(COMPILE_RESULT AND RUN_ECC EQUAL 0)
+            set(WITH_ECC 1)
+            message(STATUS "Botan: Found P-256")
+        else()
+            set(error_msg "Botan: Cannot find P-256! Botan library has no ECC support!")
+            message(FATAL_ERROR ${error_msg})
+        endif()
+    else(ENABLE_ECC)
+        message(STATUS "Botan: Support for ECC is disabled")
+    endif(ENABLE_ECC)
+
+    # acx_botan_eddsa.m4
+    if(ENABLE_EDDSA)
+        # ED25519
+        set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_ed25519.cpp)
+        try_run(RUN_ED25519 COMPILE_RESULT
+                "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+                LINK_LIBRARIES ${CRYPTO_LIBS}
+                CMAKE_FLAGS
+                    "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+                )
+        if(COMPILE_RESULT AND RUN_ED25519 EQUAL 0)
+            set(WITH_EDDSA 1)
+            message(STATUS "Botan: Found ED25519")
+        else()
+            set(error_msg "Botan: Cannot find ED25519! Botan library has no EDDSA support!")
+            message(FATAL_ERROR ${error_msg})
+        endif()
+    else(ENABLE_EDDSA)
+        message(STATUS "Botan: Support for EDDSA is disabled")
+    endif(ENABLE_EDDSA)
+
+    # acx_botan_gost.m4
+    if(ENABLE_GOST)
+        set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_gost.cpp)
+        try_run(RUN_GOST COMPILE_RESULT
+                "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+                LINK_LIBRARIES ${CRYPTO_LIBS}
+                CMAKE_FLAGS
+                    "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+                )
+        if(COMPILE_RESULT AND RUN_GOST EQUAL 0)
+            set(WITH_GOST 1)
+            message(STATUS "Botan: Found GOST")
+        else()
+            set(error_msg "Botan: Cannot find GOST! Botan library has no GOST support!")
+            message(FATAL_ERROR ${error_msg})
+        endif()
+    else(ENABLE_GOST)
+        message(STATUS "Botan: Support for GOST is disabled")
+    endif(ENABLE_GOST)
+
+    if(ENABLE_FIPS)
+        message(FATAL_ERROR "Botan does not support FIPS 140-2 mode")
+    endif(ENABLE_FIPS)
+
+    # Compile with AES KEY WRAP
+    set(HAVE_AES_KEY_WRAP 1)
+
+    # acx_botan_rfc5649.m4
+    set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_rfc5649.cpp)
+    try_run(RUN_AES_KEY_WRAP_PAD COMPILE_RESULT
+            "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+            LINK_LIBRARIES ${CRYPTO_LIBS}
+            CMAKE_FLAGS
+                "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+            )
+    if(COMPILE_RESULT AND RUN_AES_KEY_WRAP_PAD EQUAL 0)
+        set(HAVE_AES_KEY_WRAP_PAD 1)
+        message(STATUS "Botan: RFC 5649 is supported")
+    else()
+        message(STATUS "Botan: RFC 5649 is not supported")
+    endif()
+
+    # acx_botan_rawpss.m4
+    set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_rawpss.cpp)
+    try_run(RUN_RAWPSS COMPILE_RESULT
+            "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+            LINK_LIBRARIES ${CRYPTO_LIBS}
+            CMAKE_FLAGS
+                "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+            )
+    if(COMPILE_RESULT AND RUN_RAWPSS EQUAL 0)
+        set(WITH_RAW_PSS 1)
+        message(STATUS "Botan: Found raw PSS")
+    else()
+        message(STATUS "Botan: Cannot find raw PSS support, upgrade to Botan >= v2.3.0")
+    endif()
+
+    # acx_botan_aes_gcm.m4
+    set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_aes_gcm.cpp)
+    try_run(RUN_AESGCM COMPILE_RESULT
+            "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+            LINK_LIBRARIES ${CRYPTO_LIBS}
+            CMAKE_FLAGS
+                "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+            )
+    if(COMPILE_RESULT AND RUN_AESGCM EQUAL 0)
+        set(WITH_AES_GCM 1)
+        message(STATUS "Botan: Found AES GCM")
+    else()
+        message(STATUS "Botan: Cannot find AES GCM support, upgrade to Botan >= v2.0.0")
+    endif()
+
+    # Restore flags
+    set(CMAKE_CXX_FLAGS ${TMP_CXX_FLAGS})
+
+# Find OpenSSL Crypto Backend
+elseif(WITH_CRYPTO_BACKEND STREQUAL "openssl")
+    set(WITH_OPENSSL 1)
+
+    include(FindOpenSSL)
+    if(NOT OPENSSL_FOUND)
+        message(FATAL_ERROR "Failed to find OpenSSL!")
+    endif()
+
+    set(CRYPTO_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CRYPTO_LIBS ${OPENSSL_LIBRARIES})
+    message(STATUS "OpenSSL: Found version ${OPENSSL_VERSION}")
+    message(STATUS "OpenSSL: Includes: ${CRYPTO_INCLUDES}")
+    message(STATUS "OpenSSL: Libs: ${CRYPTO_LIBS}")
+
+    check_include_files(openssl/ssl.h HAVE_OPENSSL_SSL_H)
+    get_filename_component(CRYPTO_LIB_DIR "${OPENSSL_CRYPTO_LIBRARY}" DIRECTORY)
+    check_library_exists(crypto "BN_new" "${CRYPTO_LIB_DIR}" HAVE_LIBCRYPTO)
+
+    # acx_openssl_ecc.m4
+    if(ENABLE_ECC)
+        set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_ecc.c)
+        try_run(RUN_ECC COMPILE_RESULT
+                "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+                LINK_LIBRARIES ${CRYPTO_LIBS}
+                CMAKE_FLAGS
+                    "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+                )
+        if(COMPILE_RESULT AND RUN_ECC EQUAL 0)
+            set(WITH_ECC 1)
+            message(STATUS "OpenSSL: Found P-256, P-384, and P-521")
+        else()
+            set(error_msg "OpenSSL: Cannot find P-256, P-384, or P-521! OpenSSL library has no ECC support!")
+            message(FATAL_ERROR ${error_msg})
+        endif()
+    else(ENABLE_ECC)
+        message(STATUS "OpenSSL: Support for ECC is disabled")
+    endif(ENABLE_ECC)
+
+    # acx_openssl_eddsa.m4
+    if(ENABLE_EDDSA)
+        # ED25519
+        set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_ed25519.c)
+        try_run(RUN_ED25519 COMPILE_RESULT
+                "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+                LINK_LIBRARIES ${CRYPTO_LIBS}
+                CMAKE_FLAGS
+                    "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+                )
+        if(COMPILE_RESULT AND RUN_ED25519 EQUAL 0)
+            set(WITH_EDDSA 1)
+            message(STATUS "OpenSSL: Found ED25519")
+        else()
+            set(error_msg "OpenSSL: Cannot find ED25519! OpenSSL library has no EDDSA support!")
+            message(FATAL_ERROR ${error_msg})
+        endif()
+        # ED448
+        set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_ed448.c)
+        try_run(RUN_ED448 COMPILE_RESULT
+                "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+                LINK_LIBRARIES ${CRYPTO_LIBS}
+                CMAKE_FLAGS
+                    "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+                )
+        if(COMPILE_RESULT AND RUN_ED448 EQUAL 0)
+            message(STATUS "OpenSSL: Found ED448")
+        else()
+            # Not used in SoftHSM
+            message(STATUS "OpenSSL: Cannot find ED448!")
+        endif()
+    else(ENABLE_EDDSA)
+        message(STATUS "OpenSSL: Support for EDDSA is disabled")
+    endif(ENABLE_EDDSA)
+
+    # acx_openssl_gost.m4
+    if(ENABLE_GOST)
+        set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_gost.c)
+        try_run(RUN_GOST COMPILE_RESULT
+                "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+                LINK_LIBRARIES ${CRYPTO_LIBS}
+                CMAKE_FLAGS
+                    "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+                )
+        if(COMPILE_RESULT AND RUN_GOST EQUAL 0)
+            set(WITH_GOST 1)
+            message(STATUS "OpenSSL: Found GOST engine")
+        else()
+            set(error_msg "OpenSSL: Cannot find GOST engine! OpenSSL library has no GOST support!")
+            message(FATAL_ERROR ${error_msg})
+        endif()
+    else(ENABLE_GOST)
+        message(STATUS "OpenSSL: Support for GOST is disabled")
+    endif(ENABLE_GOST)
+
+    # acx_openssl_fips.m4
+    if(ENABLE_FIPS)
+        set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_fips.c)
+        try_run(RUN_FIPS COMPILE_RESULT
+                "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+                LINK_LIBRARIES ${CRYPTO_LIBS}
+                CMAKE_FLAGS
+                    "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+                )
+        if(COMPILE_RESULT AND RUN_FIPS EQUAL 0)
+            set(WITH_FIPS 1)
+            message(STATUS "OpenSSL: Found working FIPS_mode_set()")
+        else()
+            set(error_msg "OpenSSL: FIPS_mode_set(1) failed. OpenSSL library is not FIPS capable!")
+            message(FATAL_ERROR ${error_msg})
+        endif()
+    else(ENABLE_FIPS)
+        message(STATUS "OpenSSL: Support for FIPS 140-2 mode is disabled")
+    endif(ENABLE_FIPS)
+
+    # acx_openssl_rfc3349
+    set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_rfc3394.c)
+    try_run(RUN_AES_KEY_WRAP COMPILE_RESULT
+            "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+            LINK_LIBRARIES ${CRYPTO_LIBS}
+            CMAKE_FLAGS
+                "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+            )
+    if(COMPILE_RESULT AND RUN_AES_KEY_WRAP EQUAL 0)
+        set(HAVE_AES_KEY_WRAP 1)
+        message(STATUS "OpenSSL: RFC 3394 is supported")
+    else()
+        message(STATUS "OpenSSL: RFC 3394 is not supported")
+    endif()
+
+    # acx_openssl_rfc5649
+    set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_rfc5649.c)
+    try_run(RUN_AES_KEY_WRAP_PAD COMPILE_RESULT
+            "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+            LINK_LIBRARIES ${CRYPTO_LIBS}
+            CMAKE_FLAGS
+                "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+            )
+    if(COMPILE_RESULT AND RUN_AES_KEY_WRAP_PAD EQUAL 0)
+        set(HAVE_AES_KEY_WRAP_PAD 1)
+        message(STATUS "OpenSSL: RFC 5649 is supported")
+    else()
+        message(STATUS "OpenSSL: RFC 5649 is not supported")
+    endif()
+
+    # Compile with RAW PKCS PSS
+    set(WITH_RAW_PSS 1)
+    # Compile with AES_GCM
+    set(WITH_AES_GCM 1)
+
+else()
+    message(FATAL_ERROR "Crypto backend '${WITH_CRYPTO_BACKEND}' not supported. Use openssl or botan.")
+endif()
+
+# Find SQLite3
+if(WITH_SQLITE3)
+    include(FindSQLite3)
+    if(NOT SQLITE3_FOUND)
+        message(FATAL_ERROR "Failed to find SQLite3!")
+    endif(NOT SQLITE3_FOUND)
+
+    set(SQLITE3_INCLUDES ${SQLITE3_INCLUDE_DIRS})
+    set(SQLITE3_LIBS ${SQLITE3_LIBRARIES})
+    message(STATUS "SQLite3: Includes: ${SQLITE3_INCLUDES}")
+    message(STATUS "SQLite3: Libs: ${SQLITE3_LIBS}")
+
+    check_include_files(sqlite3.h HAVE_SQLITE3_H)
+    check_library_exists(sqlite3 sqlite3_prepare_v2 "" HAVE_LIBSQLITE3)
+    find_program(SQLITE3_COMMAND NAMES sqlite3)
+    if(SQLITE3_COMMAND MATCHES "-NOTFOUND")
+        message(FATAL_ERROR "SQLite3: Command was not found")
+    endif(SQLITE3_COMMAND MATCHES "-NOTFOUND")
+else(WITH_SQLITE3)
+    message(STATUS "Not including SQLite3 in build")
+endif(WITH_SQLITE3)
+
+# acx_p11kit.m4
+if(ENABLE_P11_KIT)
+    if("${WITH_P11_KIT}" STREQUAL "")
+        find_package(PkgConfig)
+        if(PKG_CONFIG_FOUND)
+            function(pkg_check_variable _pkg _name)
+                string(TOUPPER ${_pkg} _pkg_upper)
+                string(TOUPPER ${_name} _name_upper)
+                string(REPLACE "-" "_" _pkg_upper ${_pkg_upper})
+                string(REPLACE "-" "_" _name_upper ${_name_upper})
+                set(_output_name "${_pkg_upper}_${_name_upper}")
+
+                execute_process(COMMAND ${PKG_CONFIG_EXECUTABLE} --variable=${_name} ${_pkg} OUTPUT_VARIABLE _pkg_result OUTPUT_STRIP_TRAILING_WHITESPACE)
+                set("${_output_name}" "${_pkg_result}" CACHE STRING "pkg-config variable ${_name} of ${_pkg}")
+            endfunction()
+            pkg_check_modules(PC_p11kit QUIET p11-kit-1)
+            pkg_check_variable(p11-kit-1 p11_module_configs)
+            set(P11KIT_PATH ${P11_KIT_1_P11_MODULE_CONFIGS})
+        endif(PKG_CONFIG_FOUND)
+    else()
+        set(P11KIT_PATH ${WITH_P11_KIT})
+    endif()
+    message(STATUS "P11-kit: Install path: ${P11KIT_PATH}")
+    if("${P11KIT_PATH}" STREQUAL "")
+        message(WARNING "P11-kit: Missing install path for the p11-kit module, skipping module")
+        SET(ENABLE_P11_KIT OFF)
+    endif()
+else(ENABLE_P11_KIT)
+    message(STATUS "P11-kit: No integration")
+endif(ENABLE_P11_KIT)
+
+if(BUILD_TESTS)
+    # Find CppUnit (equivalent of acx_cppunit.m4)
+    set(CppUnit_FIND_QUIETLY ON)
+    include(FindCppUnit)
+    if(NOT CPPUNIT_FOUND)
+        message(FATAL_ERROR "Failed to find CppUnit!")
+    endif(NOT CPPUNIT_FOUND)
+
+    set(CPPUNIT_INCLUDES ${CPPUNIT_INCLUDE_DIR})
+    set(CPPUNIT_LIBS ${CPPUNIT_LIBRARY})
+    message(STATUS "CppUnit: Includes: ${CPPUNIT_INCLUDES}")
+    message(STATUS "CppUnit: Libs: ${CPPUNIT_LIBS}")
+else(BUILD_TESTS)
+    message(STATUS "Not building tests")
+endif(BUILD_TESTS)
+
+configure_file(config.h.in.cmake ${CMAKE_BINARY_DIR}/config.h)
diff --git a/SoftHSMv2/modules/FindBotan.cmake b/SoftHSMv2/modules/FindBotan.cmake
new file mode 100644
index 0000000..6cb85a6
--- /dev/null
+++ b/SoftHSMv2/modules/FindBotan.cmake
@@ -0,0 +1,46 @@
+# - Try to find the Botan library
+#
+# Once done this will define
+#
+#  BOTAN_FOUND - System has Botan
+#  BOTAN_INCLUDE_DIR - The Botan include directory
+#  BOTAN_LIBRARIES - The libraries needed to use Botan
+#  BOTAN_DEFINITIONS - Compiler switches required for using Botan
+
+IF (BOTAN_INCLUDE_DIR AND BOTAN_LIBRARY)
+   # in cache already
+   SET(Botan_FIND_QUIETLY TRUE)
+ENDIF (BOTAN_INCLUDE_DIR AND BOTAN_LIBRARY)
+
+IF (NOT WIN32)
+   # try using pkg-config to get the directories and then use these values
+   # in the FIND_PATH() and FIND_LIBRARY() calls
+   # also fills in BOTAN_DEFINITIONS, although that isn't normally useful
+   FIND_PACKAGE(PkgConfig)
+   PKG_SEARCH_MODULE(PC_BOTAN botan-2 botan-1.11 botan-1.10)
+   SET(BOTAN_DEFINITIONS ${PC_BOTAN_CFLAGS})
+ENDIF (NOT WIN32)
+
+FIND_PATH(BOTAN_INCLUDE_DIR botan/botan.h
+   HINTS
+   ${PC_BOTAN_INCLUDEDIR}
+   ${PC_BOTAN_INCLUDE_DIRS}
+   )
+
+FIND_LIBRARY(BOTAN_LIBRARY NAMES ${PC_BOTAN_LIBRARIES}
+   HINTS
+   ${PC_BOTAN_LIBDIR}
+   ${PC_BOTAN_LIBRARY_DIRS}
+   )
+
+MARK_AS_ADVANCED(BOTAN_INCLUDE_DIR BOTAN_LIBRARY)
+
+# handle the QUIETLY and REQUIRED arguments and set BOTAN_FOUND to TRUE if 
+# all listed variables are TRUE
+INCLUDE(FindPackageHandleStandardArgs)
+FIND_PACKAGE_HANDLE_STANDARD_ARGS(Botan DEFAULT_MSG BOTAN_LIBRARY BOTAN_INCLUDE_DIR)
+
+IF(BOTAN_FOUND)
+    SET(BOTAN_LIBRARIES    ${BOTAN_LIBRARY})
+    SET(BOTAN_INCLUDE_DIRS ${BOTAN_INCLUDE_DIR})
+ENDIF(BOTAN_FOUND)
diff --git a/SoftHSMv2/modules/FindCppUnit.cmake b/SoftHSMv2/modules/FindCppUnit.cmake
new file mode 100644
index 0000000..0980d1d
--- /dev/null
+++ b/SoftHSMv2/modules/FindCppUnit.cmake
@@ -0,0 +1,33 @@
+#
+# http://root.cern.ch/viewvc/trunk/cint/reflex/cmake/modules/FindCppUnit.cmake
+#
+# - Find CppUnit
+# This module finds an installed CppUnit package.
+#
+# It sets the following variables:
+#  CPPUNIT_FOUND       - Set to false, or undefined, if CppUnit isn't found.
+#  CPPUNIT_INCLUDE_DIR - The CppUnit include directory.
+#  CPPUNIT_LIBRARY     - The CppUnit library to link against.
+
+FIND_PATH(CPPUNIT_INCLUDE_DIR cppunit/Test.h)
+FIND_LIBRARY(CPPUNIT_LIBRARY NAMES cppunit)
+
+IF (CPPUNIT_INCLUDE_DIR AND CPPUNIT_LIBRARY)
+	SET(CPPUNIT_FOUND TRUE)
+ENDIF (CPPUNIT_INCLUDE_DIR AND CPPUNIT_LIBRARY)
+
+IF (CPPUNIT_FOUND)
+
+	# show which CppUnit was found only if not quiet
+	IF (NOT CppUnit_FIND_QUIETLY)
+		MESSAGE(STATUS "Found CppUnit: ${CPPUNIT_LIBRARY}")
+	ENDIF (NOT CppUnit_FIND_QUIETLY)
+
+ELSE (CPPUNIT_FOUND)
+
+	# fatal error if CppUnit is required but not found
+	IF (CppUnit_FIND_REQUIRED)
+		MESSAGE(FATAL_ERROR "Could not find CppUnit")
+	ENDIF (CppUnit_FIND_REQUIRED)
+
+ENDIF (CPPUNIT_FOUND)
diff --git a/SoftHSMv2/modules/FindSQLite3.cmake b/SoftHSMv2/modules/FindSQLite3.cmake
new file mode 100644
index 0000000..dc7a3b3
--- /dev/null
+++ b/SoftHSMv2/modules/FindSQLite3.cmake
@@ -0,0 +1,37 @@
+# Copyright (C) 2007-2009 LuaDist.
+# Created by Peter Kapec <kapecp@gmail.com>
+# Redistribution and use of this file is allowed according to the terms of the MIT license.
+# For details see the COPYRIGHT file distributed with LuaDist.
+#	Note:
+#		Searching headers and libraries is very simple and is NOT as powerful as scripts
+#		distributed with CMake, because LuaDist defines directories to search for.
+#		Everyone is encouraged to contact the author with improvements. Maybe this file
+#		becomes part of CMake distribution sometimes.
+
+# - Find sqlite3
+# Find the native SQLITE3 headers and libraries.
+#
+# SQLITE3_INCLUDE_DIRS	- where to find sqlite3.h, etc.
+# SQLITE3_LIBRARIES	- List of libraries when using sqlite.
+# SQLITE3_FOUND	- True if sqlite found.
+
+# Look for the header file.
+FIND_PATH(SQLITE3_INCLUDE_DIR NAMES sqlite3.h)
+
+# Look for the library.
+FIND_LIBRARY(SQLITE3_LIBRARY NAMES sqlite sqlite3)
+
+# Handle the QUIETLY and REQUIRED arguments and set SQLITE3_FOUND to TRUE if all listed variables are TRUE.
+INCLUDE(FindPackageHandleStandardArgs)
+FIND_PACKAGE_HANDLE_STANDARD_ARGS(SQLITE3 DEFAULT_MSG SQLITE3_LIBRARY SQLITE3_INCLUDE_DIR)
+
+# Copy the results to the output variables.
+IF(SQLITE3_FOUND)
+	SET(SQLITE3_LIBRARIES ${SQLITE3_LIBRARY})
+	SET(SQLITE3_INCLUDE_DIRS ${SQLITE3_INCLUDE_DIR})
+ELSE(SQLITE3_FOUND)
+	SET(SQLITE3_LIBRARIES)
+	SET(SQLITE3_INCLUDE_DIRS)
+ENDIF(SQLITE3_FOUND)
+
+MARK_AS_ADVANCED(SQLITE3_INCLUDE_DIRS SQLITE3_LIBRARIES)
diff --git a/SoftHSMv2/modules/tests/test_botan_aes_gcm.cpp b/SoftHSMv2/modules/tests/test_botan_aes_gcm.cpp
new file mode 100644
index 0000000..3769342
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_botan_aes_gcm.cpp
@@ -0,0 +1,11 @@
+#include <botan/botan.h>
+#include <botan/version.h>
+int main()
+{
+        using namespace Botan;
+
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0)
+        return 0;
+#endif
+        return 1;
+}
diff --git a/SoftHSMv2/modules/tests/test_botan_ecc.cpp b/SoftHSMv2/modules/tests/test_botan_ecc.cpp
new file mode 100644
index 0000000..cb1be21
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_botan_ecc.cpp
@@ -0,0 +1,23 @@
+#include <botan/init.h>
+#include <botan/ec_group.h>
+#include <botan/oids.h>
+#include <botan/version.h>
+int main()
+{
+        Botan::LibraryInitializer::initialize();
+        const std::string name("secp256r1");
+        const Botan::OID oid(Botan::OIDS::lookup(name));
+        const Botan::EC_Group ecg(oid);
+        try {
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0)
+                const std::vector<Botan::byte> der =
+                    ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
+#else
+                const Botan::SecureVector<Botan::byte> der =
+                    ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
+#endif
+        } catch(...) {
+                return 1;
+        }
+        return 0;
+}
diff --git a/SoftHSMv2/modules/tests/test_botan_ed25519.cpp b/SoftHSMv2/modules/tests/test_botan_ed25519.cpp
new file mode 100644
index 0000000..8ac4bac
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_botan_ed25519.cpp
@@ -0,0 +1,14 @@
+#include <botan/init.h>
+#include <botan/ed25519.h>
+#include <botan/version.h>
+int main()
+{
+        Botan::secure_vector<uint8_t> k(32);
+        try {
+                Botan::Ed25519_PrivateKey* key =
+                    new Botan::Ed25519_PrivateKey(k);
+        } catch(...) {
+                return 1;
+        }
+        return 0;
+}
diff --git a/SoftHSMv2/modules/tests/test_botan_gost.cpp b/SoftHSMv2/modules/tests/test_botan_gost.cpp
new file mode 100644
index 0000000..a141e4b
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_botan_gost.cpp
@@ -0,0 +1,24 @@
+#include <botan/init.h>
+#include <botan/gost_3410.h>
+#include <botan/oids.h>
+#include <botan/version.h>
+int main()
+{
+        Botan::LibraryInitializer::initialize();
+        const std::string name("gost_256A");
+        const Botan::OID oid(Botan::OIDS::lookup(name));
+        const Botan::EC_Group ecg(oid);
+        try {
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0)
+                const std::vector<Botan::byte> der =
+                    ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
+#else
+                const Botan::SecureVector<Botan::byte> der =
+                    ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
+#endif
+        } catch(...) {
+                return 1;
+        }
+
+        return 0;
+}
diff --git a/SoftHSMv2/modules/tests/test_botan_rawpss.cpp b/SoftHSMv2/modules/tests/test_botan_rawpss.cpp
new file mode 100644
index 0000000..ba7ad01
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_botan_rawpss.cpp
@@ -0,0 +1,11 @@
+#include <botan/botan.h>
+#include <botan/version.h>
+int main()
+{
+        using namespace Botan;
+
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,3,0)
+        return 0;
+#endif
+        return 1;
+}
diff --git a/SoftHSMv2/modules/tests/test_botan_rfc5649.cpp b/SoftHSMv2/modules/tests/test_botan_rfc5649.cpp
new file mode 100644
index 0000000..7f1fae4
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_botan_rfc5649.cpp
@@ -0,0 +1,19 @@
+#include <botan/botan.h>
+#include <botan/rfc3394.h>
+#include <botan/version.h>
+int main()
+{
+        using namespace Botan;
+
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0)
+        secure_vector<byte> key(10);
+        SymmetricKey kek("AABB");
+        secure_vector<byte> x = rfc5649_keywrap(key, kek);
+#else
+        SecureVector<byte> key(10);
+        SymmetricKey kek("AABB");
+        Algorithm_Factory& af = global_state().algorithm_factory();
+        SecureVector<byte> x = rfc5649_keywrap(key, kek, af);
+#endif
+        return 0;
+}
diff --git a/SoftHSMv2/modules/tests/test_openssl_ecc.c b/SoftHSMv2/modules/tests/test_openssl_ecc.c
new file mode 100644
index 0000000..d1eb22b
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_openssl_ecc.c
@@ -0,0 +1,13 @@
+#include <openssl/ecdsa.h>
+#include <openssl/objects.h>
+int main()
+{
+        EC_KEY *ec256, *ec384, *ec521;
+
+        ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+        ec384 = EC_KEY_new_by_curve_name(NID_secp384r1);
+        ec521 = EC_KEY_new_by_curve_name(NID_secp521r1);
+        if (ec256 == NULL || ec384 == NULL || ec521 == NULL)
+                return 1;
+        return 0;
+}
diff --git a/SoftHSMv2/modules/tests/test_openssl_ed25519.c b/SoftHSMv2/modules/tests/test_openssl_ed25519.c
new file mode 100644
index 0000000..70dd92f
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_openssl_ed25519.c
@@ -0,0 +1,11 @@
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+int main()
+{
+	EVP_PKEY_CTX *ctx;
+
+	ctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
+	if (ctx == NULL)
+		return 1;
+	return 0;
+}
diff --git a/SoftHSMv2/modules/tests/test_openssl_ed448.c b/SoftHSMv2/modules/tests/test_openssl_ed448.c
new file mode 100644
index 0000000..c97b094
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_openssl_ed448.c
@@ -0,0 +1,11 @@
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+int main()
+{
+	EVP_PKEY_CTX *ctx;
+
+	ctx = EVP_PKEY_CTX_new_id(NID_ED448, NULL);
+	if (ctx == NULL)
+		return 1;
+	return 0;
+}
diff --git a/SoftHSMv2/modules/tests/test_openssl_fips.c b/SoftHSMv2/modules/tests/test_openssl_fips.c
new file mode 100644
index 0000000..51e75cd
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_openssl_fips.c
@@ -0,0 +1,5 @@
+#include <openssl/crypto.h>
+int main()
+{
+        return !FIPS_mode_set(1);
+}
diff --git a/SoftHSMv2/modules/tests/test_openssl_gost.c b/SoftHSMv2/modules/tests/test_openssl_gost.c
new file mode 100644
index 0000000..33487e1
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_openssl_gost.c
@@ -0,0 +1,41 @@
+#include <openssl/engine.h>
+#include <openssl/crypto.h>
+#include <openssl/opensslv.h>
+int main()
+{
+        ENGINE* eg;
+        const EVP_MD* EVP_GOST_34_11;
+
+        /* Initialise OpenSSL */
+        OpenSSL_add_all_algorithms();
+
+        /* Load engines */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+        ENGINE_load_builtin_engines();
+#else
+        OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN | OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+
+        /* Initialise the GOST engine */
+        eg = ENGINE_by_id("gost");
+        if (eg == NULL)
+                return 1;
+        if (ENGINE_init(eg) <= 0)
+                return 1;
+
+        /* better than digest_gost */
+        EVP_GOST_34_11 = ENGINE_get_digest(eg, NID_id_GostR3411_94);
+        if (EVP_GOST_34_11 == NULL)
+                return 1;
+
+        /* from the openssl.cnf */
+        if (ENGINE_register_pkey_asn1_meths(eg) <= 0)
+                return 1;
+        if (ENGINE_ctrl_cmd_string(eg,
+            "CRYPT_PARAMS",
+            "id-Gost28147-89-CryptoPro-A-ParamSet",
+            0) <= 0)
+                return 1;
+
+        return 0;
+}
diff --git a/SoftHSMv2/modules/tests/test_openssl_rfc3394.c b/SoftHSMv2/modules/tests/test_openssl_rfc3394.c
new file mode 100644
index 0000000..97343ee
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_openssl_rfc3394.c
@@ -0,0 +1,7 @@
+#include <openssl/evp.h>
+int main()
+{
+        EVP_aes_128_wrap();
+        return 0;
+}
+
diff --git a/SoftHSMv2/modules/tests/test_openssl_rfc5649.c b/SoftHSMv2/modules/tests/test_openssl_rfc5649.c
new file mode 100644
index 0000000..17d63ba
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_openssl_rfc5649.c
@@ -0,0 +1,6 @@
+#include <openssl/evp.h>
+int main()
+{
+        EVP_aes_128_wrap_pad();
+        return 0;
+}
author	Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>	2019-01-02 09:59:48 -0800
committer	Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>	2019-03-29 09:59:04 -0700
commit	7626b75b3c71173ba62c2f92d22bab8f4291e44a (patch)
tree	7308a2628a014fef0f245ef4f00408cf92d15e60 /SoftHSMv2/modules
parent	f2ff7a136a152b36b3aa4d0d574796e6edbef24a (diff)