aboutsummaryrefslogtreecommitdiffstats
path: root/SoftHSMv2/m4/acx_crypto_backend.m4
diff options
context:
space:
mode:
Diffstat (limited to 'SoftHSMv2/m4/acx_crypto_backend.m4')
-rw-r--r--SoftHSMv2/m4/acx_crypto_backend.m4168
1 files changed, 168 insertions, 0 deletions
diff --git a/SoftHSMv2/m4/acx_crypto_backend.m4 b/SoftHSMv2/m4/acx_crypto_backend.m4
new file mode 100644
index 0000000..c860c89
--- /dev/null
+++ b/SoftHSMv2/m4/acx_crypto_backend.m4
@@ -0,0 +1,168 @@
+AC_DEFUN([ACX_CRYPTO_BACKEND],[
+
+ # First check if we want to support ECC and GOST
+
+ AC_ARG_ENABLE(ecc,
+ AC_HELP_STRING([--enable-ecc],
+ [Enable support for ECC (default enabled)]
+ ),
+ [enable_ecc="${enableval}"],
+ [enable_ecc="yes"]
+ )
+ AC_MSG_CHECKING(for ECC support)
+ if test "x${enable_ecc}" = "xyes"; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE_UNQUOTED(
+ [WITH_ECC],
+ [],
+ [Compile with ECC support]
+ )
+ else
+ AC_MSG_RESULT(no)
+ fi
+ AM_CONDITIONAL([WITH_ECC], [test "x${enable_ecc}" = "xyes"])
+
+ AC_ARG_ENABLE(gost,
+ AC_HELP_STRING([--enable-gost],
+ [Enable support for GOST (default enabled)]
+ ),
+ [enable_gost="${enableval}"],
+ [enable_gost="yes"]
+ )
+ AC_MSG_CHECKING(for GOST support)
+ if test "x${enable_gost}" = "xyes"; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE_UNQUOTED(
+ [WITH_GOST],
+ [],
+ [Compile with GOST support]
+ )
+ else
+ AC_MSG_RESULT(no)
+ fi
+ AM_CONDITIONAL([WITH_GOST], [test "x${enable_gost}" = "xyes"])
+
+ # Second check for the FIPS 140-2 mode
+
+ AC_ARG_ENABLE(fips,
+ AC_HELP_STRING([--enable-fips],
+ [Enable support for FIPS 140-2 mode (default disabled)]
+ ),
+ [enable_fips="${enableval}"],
+ [enable_fips="no"]
+ )
+ AC_MSG_CHECKING(for FIPS 140-2 mode)
+ if test "x${enable_fips}" = "xyes"; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE_UNQUOTED(
+ [WITH_FIPS],
+ [],
+ [Compile with FIPS 140-2 mode]
+ )
+ else
+ AC_MSG_RESULT(no)
+ fi
+ AM_CONDITIONAL([WITH_GOST], [test "x${enable_fips}" = "xyes"])
+
+ # Then check what crypto library we want to use
+
+ AC_ARG_WITH(crypto-backend,
+ AC_HELP_STRING([--with-crypto-backend],
+ [Select crypto backend (openssl|botan)]
+ ),
+ [crypto_backend="${withval}"],
+ [crypto_backend="openssl"]
+ )
+
+ AC_MSG_CHECKING(for crypto backend)
+
+ if test "x${crypto_backend}" = "xopenssl"; then
+ AC_MSG_RESULT(OpenSSL)
+
+ if test "x${enable_fips}" = "xyes"; then
+ ACX_OPENSSL(1,0,1)
+ else
+ ACX_OPENSSL(1,0,0)
+ fi
+
+ CRYPTO_INCLUDES=$OPENSSL_INCLUDES
+ CRYPTO_LIBS=$OPENSSL_LIBS
+
+ if test "x${enable_ecc}" = "xyes"; then
+ ACX_OPENSSL_ECC
+ fi
+
+ if test "x${enable_gost}" = "xyes"; then
+ if test "x${enable_fips}" = "xyes"; then
+ AC_MSG_ERROR([GOST is not FIPS approved])
+ fi
+ ACX_OPENSSL_GOST
+ fi
+
+ if test "x${enable_fips}" = "xyes"; then
+ ACX_OPENSSL_FIPS
+ else
+ ACX_OPENSSL_EVPAESWRAP
+ fi
+
+ AC_DEFINE_UNQUOTED(
+ [WITH_RAW_PSS],
+ [1],
+ [Compile with raw RSA PKCS PSS]
+ )
+ AC_DEFINE_UNQUOTED(
+ [WITH_AES_GCM],
+ [1],
+ [Compile with AES_GCM]
+ )
+ AC_DEFINE_UNQUOTED(
+ [WITH_OPENSSL],
+ [],
+ [Compile with OpenSSL support]
+ )
+
+ elif test "x${crypto_backend}" = "xbotan"; then
+ AC_MSG_RESULT(Botan)
+
+ ACX_BOTAN(1,10,0)
+
+ CRYPTO_INCLUDES=$BOTAN_INCLUDES
+ CRYPTO_LIBS=$BOTAN_LIBS
+
+ if test "x${enable_ecc}" = "xyes"; then
+ ACX_BOTAN_ECC
+ fi
+
+ if test "x${enable_fips}" = "xyes"; then
+ AC_MSG_ERROR([Botan does not support FIPS 140-2 mode])
+ fi
+
+ if test "x${enable_gost}" = "xyes"; then
+ ACX_BOTAN_GOST
+ fi
+
+ if test "x${BOTAN_VERSION_MAJOR}" = "x1" -a "x${BOTAN_VERSION_MINOR}" = "x10"; then
+ ACX_BOTAN_GNUMP
+ fi
+
+ ACX_BOTAN_RFC5649
+ ACX_BOTAN_RAWPSS
+ ACX_BOTAN_AES_GCM
+
+ AC_DEFINE_UNQUOTED(
+ [WITH_BOTAN],
+ [],
+ [Compile with Botan support]
+ )
+
+ else
+ AC_MSG_RESULT(Unknown)
+ AC_MSG_ERROR([Crypto backend ${crypto_backend} not supported. Use openssl or botan.])
+ fi
+
+ AC_SUBST(CRYPTO_INCLUDES)
+ AC_SUBST(CRYPTO_LIBS)
+ AM_CONDITIONAL([WITH_OPENSSL], [test "x${crypto_backend}" = "xopenssl"])
+ AM_CONDITIONAL([WITH_BOTAN], [test "x${crypto_backend}" = "xbotan"])
+
+])