summaryrefslogtreecommitdiffstats
path: root/SoftHSMv2/modules
diff options
context:
space:
mode:
Diffstat (limited to 'SoftHSMv2/modules')
-rw-r--r--SoftHSMv2/modules/CompilerOptions.cmake506
-rw-r--r--SoftHSMv2/modules/FindBotan.cmake46
-rw-r--r--SoftHSMv2/modules/FindCppUnit.cmake33
-rw-r--r--SoftHSMv2/modules/FindSQLite3.cmake37
-rw-r--r--SoftHSMv2/modules/tests/test_botan_aes_gcm.cpp11
-rw-r--r--SoftHSMv2/modules/tests/test_botan_ecc.cpp23
-rw-r--r--SoftHSMv2/modules/tests/test_botan_ed25519.cpp14
-rw-r--r--SoftHSMv2/modules/tests/test_botan_gost.cpp24
-rw-r--r--SoftHSMv2/modules/tests/test_botan_rawpss.cpp11
-rw-r--r--SoftHSMv2/modules/tests/test_botan_rfc5649.cpp19
-rw-r--r--SoftHSMv2/modules/tests/test_openssl_ecc.c13
-rw-r--r--SoftHSMv2/modules/tests/test_openssl_ed25519.c11
-rw-r--r--SoftHSMv2/modules/tests/test_openssl_ed448.c11
-rw-r--r--SoftHSMv2/modules/tests/test_openssl_fips.c5
-rw-r--r--SoftHSMv2/modules/tests/test_openssl_gost.c41
-rw-r--r--SoftHSMv2/modules/tests/test_openssl_rfc3394.c7
-rw-r--r--SoftHSMv2/modules/tests/test_openssl_rfc5649.c6
17 files changed, 818 insertions, 0 deletions
diff --git a/SoftHSMv2/modules/CompilerOptions.cmake b/SoftHSMv2/modules/CompilerOptions.cmake
new file mode 100644
index 0000000..29a0ae5
--- /dev/null
+++ b/SoftHSMv2/modules/CompilerOptions.cmake
@@ -0,0 +1,506 @@
+include(CheckCXXCompilerFlag)
+include(CheckFunctionExists)
+include(CheckIncludeFiles)
+include(CheckLibraryExists)
+include(CheckSymbolExists)
+include(CheckTypeSize)
+
+function(enable_cxx_compiler_flag_if_supported flag)
+ string(FIND "${CMAKE_CXX_FLAGS}" "${flag}" flag_already_set)
+ if(flag_already_set EQUAL -1)
+ check_cxx_compiler_flag("${flag}" flag_supported)
+ if(flag_supported)
+ add_compile_options(${flag})
+ elseif(flag_supported)
+ message(WARNING "unsupported compiler flag: ${flag}")
+ endif(flag_supported)
+ unset(flag_supported CACHE)
+ endif()
+endfunction()
+
+# Configures C++11
+set(CMAKE_CXX_STANDARD 11)
+set(CMAKE_CXX_STANDARD_REQUIRED ON)
+set(HAVE_CXX11 1)
+
+if(ENABLE_PEDANTIC)
+ enable_cxx_compiler_flag_if_supported(-pedantic)
+ set(ENABLE_STRICT ON)
+endif(ENABLE_PEDANTIC)
+
+if(ENABLE_STRICT)
+ set(CMAKE_CXX_EXTENSIONS OFF)
+endif(ENABLE_STRICT)
+
+set(CMAKE_POSITION_INDEPENDENT_CODE ON)
+
+# Compiler Options/Macros
+
+# FIXME: These options need to be set on a per object file basis (*.o). Do not belong here.
+# Are these even required? They just modify the Makefile representation of the target.
+#add_compile_options(-MD)
+#add_compile_options(-MP)
+#add_compile_options(-MF)
+#add_compile_options(-MT)
+
+# FIXME: [Implement AC_HEADER_STDC]:
+# Find a CMake mechanism performs the check as defined in
+# AC_HEADER_STDC:
+# https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/Particular-Headers.html
+#
+# Not sure if this is a legacy check, or it's something that we need to
+# continue to check with modern compiler versions.
+set(STDC_HEADERS 1)
+
+# acx_strict.m4
+if(ENABLE_STRICT)
+ enable_cxx_compiler_flag_if_supported(-Wall)
+ enable_cxx_compiler_flag_if_supported(-Wextra)
+endif(ENABLE_STRICT)
+
+# acx_64bit.m4
+if(ENABLE_64BIT)
+ if(CMAKE_SIZEOF_VOID_P STREQUAL "8")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -m64")
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m64")
+ else(CMAKE_SIZEOF_VOID_P STREQUAL "8")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -m32")
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m32")
+ endif(CMAKE_SIZEOF_VOID_P STREQUAL "8")
+endif(ENABLE_64BIT)
+
+# Equivalent of acx_visibility.m4
+if(DISABLE_VISIBILITY)
+ message(STATUS "-fvisibility=hidden has been disabled")
+else(DISABLE_VISIBILITY)
+ set(CRYPTOKI_VISIBILITY 1)
+ set(CMAKE_CXX_VISIBILITY_PRESET hidden)
+endif(DISABLE_VISIBILITY)
+
+# acx_non_paged_memory.m4
+if(DISABLE_NON_PAGED_MEMORY)
+ message(STATUS "non-paged-memory disabled")
+else(DISABLE_NON_PAGED_MEMORY)
+ set(SENSITIVE_NON_PAGE 1)
+ check_include_files(sys/mman.h HAVE_SYS_MMAN_H)
+ execute_process(COMMAND bash -c "ulimit -l"
+ OUTPUT_VARIABLE MLOCK_SIZE
+ OUTPUT_STRIP_TRAILING_WHITESPACE
+ )
+ if(NOT "${MLOCK_SIZE}" STREQUAL "unlimited")
+ message(WARNING "\
+ ======================================================================
+ SoftHSM has been configured to store sensitive data in non-page RAM
+ (i.e. memory that is not swapped out to disk). This is the default and
+ most secure configuration. Your system, however, is not configured to
+ support this model in non-privileged accounts (i.e. user accounts).
+
+ You can check the setting on your system by running the following
+ command in a shell:
+
+ ulimit -l
+
+ If this does not return \"unlimited\" and you plan to run SoftHSM from
+ non-privileged accounts then you should edit the configuration file
+ /etc/security/limits.conf (on most systems).
+
+ You will need to add the following lines to this file:
+
+ #<domain> <type> <item> <value>
+ * - memlock unlimited
+
+ Alternatively, you can elect to disable this feature of SoftHSM by
+ re-running cmake with the option \"-DDISABLE_NON_PAGED_MEMORY=ON\".
+ Please be advised that this may seriously degrade the security of
+ SoftHSM.
+ ======================================================================")
+ endif(NOT "${MLOCK_SIZE}" STREQUAL "unlimited")
+endif(DISABLE_NON_PAGED_MEMORY)
+
+# Check if -ldl exists (equivalent of acx_dlopen.m4)
+check_library_exists(dl dlopen "" HAVE_DLOPEN)
+check_function_exists(LoadLibrary HAVE_LOADLIBRARY)
+
+# acx_libtool.m4
+check_include_files(dlfcn.h HAVE_DLFCN_H)
+
+# configure:
+
+# STDC_HEADERS
+check_include_files(sys/types.h HAVE_SYS_TYPES_H)
+check_include_files(sys/stat.h HAVE_SYS_STAT_H)
+check_include_files(stdlib.h HAVE_STDLIB_H)
+check_include_files(stddef.h HAVE_STDDEF_H)
+check_include_files(string.h HAVE_STRING_H)
+check_include_files(strings.h HAVE_STRINGS_H)
+check_include_files(inttypes.h HAVE_INTTYPES_H)
+check_include_files(stdint.h HAVE_STDINT_H)
+check_include_files(unistd.h HAVE_UNISTD_H)
+
+check_include_files(memory.h HAVE_MEMORY_H)
+check_include_files(pthread.h HAVE_PTHREAD_H)
+check_function_exists(getpwuid_r HAVE_GETPWUID_R)
+
+# Find Botan Crypto Backend
+if(WITH_CRYPTO_BACKEND STREQUAL "botan")
+ set(WITH_BOTAN 1)
+
+ include(FindBotan)
+ if(NOT BOTAN_FOUND)
+ message(FATAL_ERROR "Failed to find Botan!")
+ endif()
+
+ set(CRYPTO_INCLUDES ${BOTAN_INCLUDE_DIRS})
+ set(CRYPTO_LIBS ${BOTAN_LIBRARIES})
+ message(STATUS "Botan: Includes: ${CRYPTO_INCLUDES}")
+ message(STATUS "Botan: Libs: ${CRYPTO_LIBS}")
+
+ # CXX11 flag is not added to try_run, so set it locally.
+ CHECK_CXX_COMPILER_FLAG("-std=c++11" COMPILER_SUPPORTS_CXX11)
+ CHECK_CXX_COMPILER_FLAG("-std=c++0x" COMPILER_SUPPORTS_CXX0X)
+ set(TMP_CXX_FLAGS ${CMAKE_CXX_FLAGS})
+ if(COMPILER_SUPPORTS_CXX11)
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
+ elseif(COMPILER_SUPPORTS_CXX0X)
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++0x")
+ endif()
+
+ # acx_botan_ecc.m4
+ if(ENABLE_ECC)
+ set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_ecc.cpp)
+ try_run(RUN_ECC COMPILE_RESULT
+ "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+ LINK_LIBRARIES ${CRYPTO_LIBS}
+ CMAKE_FLAGS
+ "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+ )
+ if(COMPILE_RESULT AND RUN_ECC EQUAL 0)
+ set(WITH_ECC 1)
+ message(STATUS "Botan: Found P-256")
+ else()
+ set(error_msg "Botan: Cannot find P-256! Botan library has no ECC support!")
+ message(FATAL_ERROR ${error_msg})
+ endif()
+ else(ENABLE_ECC)
+ message(STATUS "Botan: Support for ECC is disabled")
+ endif(ENABLE_ECC)
+
+ # acx_botan_eddsa.m4
+ if(ENABLE_EDDSA)
+ # ED25519
+ set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_ed25519.cpp)
+ try_run(RUN_ED25519 COMPILE_RESULT
+ "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+ LINK_LIBRARIES ${CRYPTO_LIBS}
+ CMAKE_FLAGS
+ "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+ )
+ if(COMPILE_RESULT AND RUN_ED25519 EQUAL 0)
+ set(WITH_EDDSA 1)
+ message(STATUS "Botan: Found ED25519")
+ else()
+ set(error_msg "Botan: Cannot find ED25519! Botan library has no EDDSA support!")
+ message(FATAL_ERROR ${error_msg})
+ endif()
+ else(ENABLE_EDDSA)
+ message(STATUS "Botan: Support for EDDSA is disabled")
+ endif(ENABLE_EDDSA)
+
+ # acx_botan_gost.m4
+ if(ENABLE_GOST)
+ set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_gost.cpp)
+ try_run(RUN_GOST COMPILE_RESULT
+ "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+ LINK_LIBRARIES ${CRYPTO_LIBS}
+ CMAKE_FLAGS
+ "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+ )
+ if(COMPILE_RESULT AND RUN_GOST EQUAL 0)
+ set(WITH_GOST 1)
+ message(STATUS "Botan: Found GOST")
+ else()
+ set(error_msg "Botan: Cannot find GOST! Botan library has no GOST support!")
+ message(FATAL_ERROR ${error_msg})
+ endif()
+ else(ENABLE_GOST)
+ message(STATUS "Botan: Support for GOST is disabled")
+ endif(ENABLE_GOST)
+
+ if(ENABLE_FIPS)
+ message(FATAL_ERROR "Botan does not support FIPS 140-2 mode")
+ endif(ENABLE_FIPS)
+
+ # Compile with AES KEY WRAP
+ set(HAVE_AES_KEY_WRAP 1)
+
+ # acx_botan_rfc5649.m4
+ set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_rfc5649.cpp)
+ try_run(RUN_AES_KEY_WRAP_PAD COMPILE_RESULT
+ "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+ LINK_LIBRARIES ${CRYPTO_LIBS}
+ CMAKE_FLAGS
+ "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+ )
+ if(COMPILE_RESULT AND RUN_AES_KEY_WRAP_PAD EQUAL 0)
+ set(HAVE_AES_KEY_WRAP_PAD 1)
+ message(STATUS "Botan: RFC 5649 is supported")
+ else()
+ message(STATUS "Botan: RFC 5649 is not supported")
+ endif()
+
+ # acx_botan_rawpss.m4
+ set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_rawpss.cpp)
+ try_run(RUN_RAWPSS COMPILE_RESULT
+ "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+ LINK_LIBRARIES ${CRYPTO_LIBS}
+ CMAKE_FLAGS
+ "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+ )
+ if(COMPILE_RESULT AND RUN_RAWPSS EQUAL 0)
+ set(WITH_RAW_PSS 1)
+ message(STATUS "Botan: Found raw PSS")
+ else()
+ message(STATUS "Botan: Cannot find raw PSS support, upgrade to Botan >= v2.3.0")
+ endif()
+
+ # acx_botan_aes_gcm.m4
+ set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_aes_gcm.cpp)
+ try_run(RUN_AESGCM COMPILE_RESULT
+ "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+ LINK_LIBRARIES ${CRYPTO_LIBS}
+ CMAKE_FLAGS
+ "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+ )
+ if(COMPILE_RESULT AND RUN_AESGCM EQUAL 0)
+ set(WITH_AES_GCM 1)
+ message(STATUS "Botan: Found AES GCM")
+ else()
+ message(STATUS "Botan: Cannot find AES GCM support, upgrade to Botan >= v2.0.0")
+ endif()
+
+ # Restore flags
+ set(CMAKE_CXX_FLAGS ${TMP_CXX_FLAGS})
+
+# Find OpenSSL Crypto Backend
+elseif(WITH_CRYPTO_BACKEND STREQUAL "openssl")
+ set(WITH_OPENSSL 1)
+
+ include(FindOpenSSL)
+ if(NOT OPENSSL_FOUND)
+ message(FATAL_ERROR "Failed to find OpenSSL!")
+ endif()
+
+ set(CRYPTO_INCLUDES ${OPENSSL_INCLUDE_DIR})
+ set(CRYPTO_LIBS ${OPENSSL_LIBRARIES})
+ message(STATUS "OpenSSL: Found version ${OPENSSL_VERSION}")
+ message(STATUS "OpenSSL: Includes: ${CRYPTO_INCLUDES}")
+ message(STATUS "OpenSSL: Libs: ${CRYPTO_LIBS}")
+
+ check_include_files(openssl/ssl.h HAVE_OPENSSL_SSL_H)
+ get_filename_component(CRYPTO_LIB_DIR "${OPENSSL_CRYPTO_LIBRARY}" DIRECTORY)
+ check_library_exists(crypto "BN_new" "${CRYPTO_LIB_DIR}" HAVE_LIBCRYPTO)
+
+ # acx_openssl_ecc.m4
+ if(ENABLE_ECC)
+ set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_ecc.c)
+ try_run(RUN_ECC COMPILE_RESULT
+ "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+ LINK_LIBRARIES ${CRYPTO_LIBS}
+ CMAKE_FLAGS
+ "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+ )
+ if(COMPILE_RESULT AND RUN_ECC EQUAL 0)
+ set(WITH_ECC 1)
+ message(STATUS "OpenSSL: Found P-256, P-384, and P-521")
+ else()
+ set(error_msg "OpenSSL: Cannot find P-256, P-384, or P-521! OpenSSL library has no ECC support!")
+ message(FATAL_ERROR ${error_msg})
+ endif()
+ else(ENABLE_ECC)
+ message(STATUS "OpenSSL: Support for ECC is disabled")
+ endif(ENABLE_ECC)
+
+ # acx_openssl_eddsa.m4
+ if(ENABLE_EDDSA)
+ # ED25519
+ set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_ed25519.c)
+ try_run(RUN_ED25519 COMPILE_RESULT
+ "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+ LINK_LIBRARIES ${CRYPTO_LIBS}
+ CMAKE_FLAGS
+ "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+ )
+ if(COMPILE_RESULT AND RUN_ED25519 EQUAL 0)
+ set(WITH_EDDSA 1)
+ message(STATUS "OpenSSL: Found ED25519")
+ else()
+ set(error_msg "OpenSSL: Cannot find ED25519! OpenSSL library has no EDDSA support!")
+ message(FATAL_ERROR ${error_msg})
+ endif()
+ # ED448
+ set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_ed448.c)
+ try_run(RUN_ED448 COMPILE_RESULT
+ "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+ LINK_LIBRARIES ${CRYPTO_LIBS}
+ CMAKE_FLAGS
+ "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+ )
+ if(COMPILE_RESULT AND RUN_ED448 EQUAL 0)
+ message(STATUS "OpenSSL: Found ED448")
+ else()
+ # Not used in SoftHSM
+ message(STATUS "OpenSSL: Cannot find ED448!")
+ endif()
+ else(ENABLE_EDDSA)
+ message(STATUS "OpenSSL: Support for EDDSA is disabled")
+ endif(ENABLE_EDDSA)
+
+ # acx_openssl_gost.m4
+ if(ENABLE_GOST)
+ set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_gost.c)
+ try_run(RUN_GOST COMPILE_RESULT
+ "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+ LINK_LIBRARIES ${CRYPTO_LIBS}
+ CMAKE_FLAGS
+ "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+ )
+ if(COMPILE_RESULT AND RUN_GOST EQUAL 0)
+ set(WITH_GOST 1)
+ message(STATUS "OpenSSL: Found GOST engine")
+ else()
+ set(error_msg "OpenSSL: Cannot find GOST engine! OpenSSL library has no GOST support!")
+ message(FATAL_ERROR ${error_msg})
+ endif()
+ else(ENABLE_GOST)
+ message(STATUS "OpenSSL: Support for GOST is disabled")
+ endif(ENABLE_GOST)
+
+ # acx_openssl_fips.m4
+ if(ENABLE_FIPS)
+ set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_fips.c)
+ try_run(RUN_FIPS COMPILE_RESULT
+ "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+ LINK_LIBRARIES ${CRYPTO_LIBS}
+ CMAKE_FLAGS
+ "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+ )
+ if(COMPILE_RESULT AND RUN_FIPS EQUAL 0)
+ set(WITH_FIPS 1)
+ message(STATUS "OpenSSL: Found working FIPS_mode_set()")
+ else()
+ set(error_msg "OpenSSL: FIPS_mode_set(1) failed. OpenSSL library is not FIPS capable!")
+ message(FATAL_ERROR ${error_msg})
+ endif()
+ else(ENABLE_FIPS)
+ message(STATUS "OpenSSL: Support for FIPS 140-2 mode is disabled")
+ endif(ENABLE_FIPS)
+
+ # acx_openssl_rfc3349
+ set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_rfc3394.c)
+ try_run(RUN_AES_KEY_WRAP COMPILE_RESULT
+ "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+ LINK_LIBRARIES ${CRYPTO_LIBS}
+ CMAKE_FLAGS
+ "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+ )
+ if(COMPILE_RESULT AND RUN_AES_KEY_WRAP EQUAL 0)
+ set(HAVE_AES_KEY_WRAP 1)
+ message(STATUS "OpenSSL: RFC 3394 is supported")
+ else()
+ message(STATUS "OpenSSL: RFC 3394 is not supported")
+ endif()
+
+ # acx_openssl_rfc5649
+ set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_rfc5649.c)
+ try_run(RUN_AES_KEY_WRAP_PAD COMPILE_RESULT
+ "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile}
+ LINK_LIBRARIES ${CRYPTO_LIBS}
+ CMAKE_FLAGS
+ "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}"
+ )
+ if(COMPILE_RESULT AND RUN_AES_KEY_WRAP_PAD EQUAL 0)
+ set(HAVE_AES_KEY_WRAP_PAD 1)
+ message(STATUS "OpenSSL: RFC 5649 is supported")
+ else()
+ message(STATUS "OpenSSL: RFC 5649 is not supported")
+ endif()
+
+ # Compile with RAW PKCS PSS
+ set(WITH_RAW_PSS 1)
+ # Compile with AES_GCM
+ set(WITH_AES_GCM 1)
+
+else()
+ message(FATAL_ERROR "Crypto backend '${WITH_CRYPTO_BACKEND}' not supported. Use openssl or botan.")
+endif()
+
+# Find SQLite3
+if(WITH_SQLITE3)
+ include(FindSQLite3)
+ if(NOT SQLITE3_FOUND)
+ message(FATAL_ERROR "Failed to find SQLite3!")
+ endif(NOT SQLITE3_FOUND)
+
+ set(SQLITE3_INCLUDES ${SQLITE3_INCLUDE_DIRS})
+ set(SQLITE3_LIBS ${SQLITE3_LIBRARIES})
+ message(STATUS "SQLite3: Includes: ${SQLITE3_INCLUDES}")
+ message(STATUS "SQLite3: Libs: ${SQLITE3_LIBS}")
+
+ check_include_files(sqlite3.h HAVE_SQLITE3_H)
+ check_library_exists(sqlite3 sqlite3_prepare_v2 "" HAVE_LIBSQLITE3)
+ find_program(SQLITE3_COMMAND NAMES sqlite3)
+ if(SQLITE3_COMMAND MATCHES "-NOTFOUND")
+ message(FATAL_ERROR "SQLite3: Command was not found")
+ endif(SQLITE3_COMMAND MATCHES "-NOTFOUND")
+else(WITH_SQLITE3)
+ message(STATUS "Not including SQLite3 in build")
+endif(WITH_SQLITE3)
+
+# acx_p11kit.m4
+if(ENABLE_P11_KIT)
+ if("${WITH_P11_KIT}" STREQUAL "")
+ find_package(PkgConfig)
+ if(PKG_CONFIG_FOUND)
+ function(pkg_check_variable _pkg _name)
+ string(TOUPPER ${_pkg} _pkg_upper)
+ string(TOUPPER ${_name} _name_upper)
+ string(REPLACE "-" "_" _pkg_upper ${_pkg_upper})
+ string(REPLACE "-" "_" _name_upper ${_name_upper})
+ set(_output_name "${_pkg_upper}_${_name_upper}")
+
+ execute_process(COMMAND ${PKG_CONFIG_EXECUTABLE} --variable=${_name} ${_pkg} OUTPUT_VARIABLE _pkg_result OUTPUT_STRIP_TRAILING_WHITESPACE)
+ set("${_output_name}" "${_pkg_result}" CACHE STRING "pkg-config variable ${_name} of ${_pkg}")
+ endfunction()
+ pkg_check_modules(PC_p11kit QUIET p11-kit-1)
+ pkg_check_variable(p11-kit-1 p11_module_configs)
+ set(P11KIT_PATH ${P11_KIT_1_P11_MODULE_CONFIGS})
+ endif(PKG_CONFIG_FOUND)
+ else()
+ set(P11KIT_PATH ${WITH_P11_KIT})
+ endif()
+ message(STATUS "P11-kit: Install path: ${P11KIT_PATH}")
+ if("${P11KIT_PATH}" STREQUAL "")
+ message(WARNING "P11-kit: Missing install path for the p11-kit module, skipping module")
+ SET(ENABLE_P11_KIT OFF)
+ endif()
+else(ENABLE_P11_KIT)
+ message(STATUS "P11-kit: No integration")
+endif(ENABLE_P11_KIT)
+
+if(BUILD_TESTS)
+ # Find CppUnit (equivalent of acx_cppunit.m4)
+ set(CppUnit_FIND_QUIETLY ON)
+ include(FindCppUnit)
+ if(NOT CPPUNIT_FOUND)
+ message(FATAL_ERROR "Failed to find CppUnit!")
+ endif(NOT CPPUNIT_FOUND)
+
+ set(CPPUNIT_INCLUDES ${CPPUNIT_INCLUDE_DIR})
+ set(CPPUNIT_LIBS ${CPPUNIT_LIBRARY})
+ message(STATUS "CppUnit: Includes: ${CPPUNIT_INCLUDES}")
+ message(STATUS "CppUnit: Libs: ${CPPUNIT_LIBS}")
+else(BUILD_TESTS)
+ message(STATUS "Not building tests")
+endif(BUILD_TESTS)
+
+configure_file(config.h.in.cmake ${CMAKE_BINARY_DIR}/config.h)
diff --git a/SoftHSMv2/modules/FindBotan.cmake b/SoftHSMv2/modules/FindBotan.cmake
new file mode 100644
index 0000000..6cb85a6
--- /dev/null
+++ b/SoftHSMv2/modules/FindBotan.cmake
@@ -0,0 +1,46 @@
+# - Try to find the Botan library
+#
+# Once done this will define
+#
+# BOTAN_FOUND - System has Botan
+# BOTAN_INCLUDE_DIR - The Botan include directory
+# BOTAN_LIBRARIES - The libraries needed to use Botan
+# BOTAN_DEFINITIONS - Compiler switches required for using Botan
+
+IF (BOTAN_INCLUDE_DIR AND BOTAN_LIBRARY)
+ # in cache already
+ SET(Botan_FIND_QUIETLY TRUE)
+ENDIF (BOTAN_INCLUDE_DIR AND BOTAN_LIBRARY)
+
+IF (NOT WIN32)
+ # try using pkg-config to get the directories and then use these values
+ # in the FIND_PATH() and FIND_LIBRARY() calls
+ # also fills in BOTAN_DEFINITIONS, although that isn't normally useful
+ FIND_PACKAGE(PkgConfig)
+ PKG_SEARCH_MODULE(PC_BOTAN botan-2 botan-1.11 botan-1.10)
+ SET(BOTAN_DEFINITIONS ${PC_BOTAN_CFLAGS})
+ENDIF (NOT WIN32)
+
+FIND_PATH(BOTAN_INCLUDE_DIR botan/botan.h
+ HINTS
+ ${PC_BOTAN_INCLUDEDIR}
+ ${PC_BOTAN_INCLUDE_DIRS}
+ )
+
+FIND_LIBRARY(BOTAN_LIBRARY NAMES ${PC_BOTAN_LIBRARIES}
+ HINTS
+ ${PC_BOTAN_LIBDIR}
+ ${PC_BOTAN_LIBRARY_DIRS}
+ )
+
+MARK_AS_ADVANCED(BOTAN_INCLUDE_DIR BOTAN_LIBRARY)
+
+# handle the QUIETLY and REQUIRED arguments and set BOTAN_FOUND to TRUE if
+# all listed variables are TRUE
+INCLUDE(FindPackageHandleStandardArgs)
+FIND_PACKAGE_HANDLE_STANDARD_ARGS(Botan DEFAULT_MSG BOTAN_LIBRARY BOTAN_INCLUDE_DIR)
+
+IF(BOTAN_FOUND)
+ SET(BOTAN_LIBRARIES ${BOTAN_LIBRARY})
+ SET(BOTAN_INCLUDE_DIRS ${BOTAN_INCLUDE_DIR})
+ENDIF(BOTAN_FOUND)
diff --git a/SoftHSMv2/modules/FindCppUnit.cmake b/SoftHSMv2/modules/FindCppUnit.cmake
new file mode 100644
index 0000000..0980d1d
--- /dev/null
+++ b/SoftHSMv2/modules/FindCppUnit.cmake
@@ -0,0 +1,33 @@
+#
+# http://root.cern.ch/viewvc/trunk/cint/reflex/cmake/modules/FindCppUnit.cmake
+#
+# - Find CppUnit
+# This module finds an installed CppUnit package.
+#
+# It sets the following variables:
+# CPPUNIT_FOUND - Set to false, or undefined, if CppUnit isn't found.
+# CPPUNIT_INCLUDE_DIR - The CppUnit include directory.
+# CPPUNIT_LIBRARY - The CppUnit library to link against.
+
+FIND_PATH(CPPUNIT_INCLUDE_DIR cppunit/Test.h)
+FIND_LIBRARY(CPPUNIT_LIBRARY NAMES cppunit)
+
+IF (CPPUNIT_INCLUDE_DIR AND CPPUNIT_LIBRARY)
+ SET(CPPUNIT_FOUND TRUE)
+ENDIF (CPPUNIT_INCLUDE_DIR AND CPPUNIT_LIBRARY)
+
+IF (CPPUNIT_FOUND)
+
+ # show which CppUnit was found only if not quiet
+ IF (NOT CppUnit_FIND_QUIETLY)
+ MESSAGE(STATUS "Found CppUnit: ${CPPUNIT_LIBRARY}")
+ ENDIF (NOT CppUnit_FIND_QUIETLY)
+
+ELSE (CPPUNIT_FOUND)
+
+ # fatal error if CppUnit is required but not found
+ IF (CppUnit_FIND_REQUIRED)
+ MESSAGE(FATAL_ERROR "Could not find CppUnit")
+ ENDIF (CppUnit_FIND_REQUIRED)
+
+ENDIF (CPPUNIT_FOUND)
diff --git a/SoftHSMv2/modules/FindSQLite3.cmake b/SoftHSMv2/modules/FindSQLite3.cmake
new file mode 100644
index 0000000..dc7a3b3
--- /dev/null
+++ b/SoftHSMv2/modules/FindSQLite3.cmake
@@ -0,0 +1,37 @@
+# Copyright (C) 2007-2009 LuaDist.
+# Created by Peter Kapec <kapecp@gmail.com>
+# Redistribution and use of this file is allowed according to the terms of the MIT license.
+# For details see the COPYRIGHT file distributed with LuaDist.
+# Note:
+# Searching headers and libraries is very simple and is NOT as powerful as scripts
+# distributed with CMake, because LuaDist defines directories to search for.
+# Everyone is encouraged to contact the author with improvements. Maybe this file
+# becomes part of CMake distribution sometimes.
+
+# - Find sqlite3
+# Find the native SQLITE3 headers and libraries.
+#
+# SQLITE3_INCLUDE_DIRS - where to find sqlite3.h, etc.
+# SQLITE3_LIBRARIES - List of libraries when using sqlite.
+# SQLITE3_FOUND - True if sqlite found.
+
+# Look for the header file.
+FIND_PATH(SQLITE3_INCLUDE_DIR NAMES sqlite3.h)
+
+# Look for the library.
+FIND_LIBRARY(SQLITE3_LIBRARY NAMES sqlite sqlite3)
+
+# Handle the QUIETLY and REQUIRED arguments and set SQLITE3_FOUND to TRUE if all listed variables are TRUE.
+INCLUDE(FindPackageHandleStandardArgs)
+FIND_PACKAGE_HANDLE_STANDARD_ARGS(SQLITE3 DEFAULT_MSG SQLITE3_LIBRARY SQLITE3_INCLUDE_DIR)
+
+# Copy the results to the output variables.
+IF(SQLITE3_FOUND)
+ SET(SQLITE3_LIBRARIES ${SQLITE3_LIBRARY})
+ SET(SQLITE3_INCLUDE_DIRS ${SQLITE3_INCLUDE_DIR})
+ELSE(SQLITE3_FOUND)
+ SET(SQLITE3_LIBRARIES)
+ SET(SQLITE3_INCLUDE_DIRS)
+ENDIF(SQLITE3_FOUND)
+
+MARK_AS_ADVANCED(SQLITE3_INCLUDE_DIRS SQLITE3_LIBRARIES)
diff --git a/SoftHSMv2/modules/tests/test_botan_aes_gcm.cpp b/SoftHSMv2/modules/tests/test_botan_aes_gcm.cpp
new file mode 100644
index 0000000..3769342
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_botan_aes_gcm.cpp
@@ -0,0 +1,11 @@
+#include <botan/botan.h>
+#include <botan/version.h>
+int main()
+{
+ using namespace Botan;
+
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0)
+ return 0;
+#endif
+ return 1;
+}
diff --git a/SoftHSMv2/modules/tests/test_botan_ecc.cpp b/SoftHSMv2/modules/tests/test_botan_ecc.cpp
new file mode 100644
index 0000000..cb1be21
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_botan_ecc.cpp
@@ -0,0 +1,23 @@
+#include <botan/init.h>
+#include <botan/ec_group.h>
+#include <botan/oids.h>
+#include <botan/version.h>
+int main()
+{
+ Botan::LibraryInitializer::initialize();
+ const std::string name("secp256r1");
+ const Botan::OID oid(Botan::OIDS::lookup(name));
+ const Botan::EC_Group ecg(oid);
+ try {
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0)
+ const std::vector<Botan::byte> der =
+ ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
+#else
+ const Botan::SecureVector<Botan::byte> der =
+ ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
+#endif
+ } catch(...) {
+ return 1;
+ }
+ return 0;
+}
diff --git a/SoftHSMv2/modules/tests/test_botan_ed25519.cpp b/SoftHSMv2/modules/tests/test_botan_ed25519.cpp
new file mode 100644
index 0000000..8ac4bac
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_botan_ed25519.cpp
@@ -0,0 +1,14 @@
+#include <botan/init.h>
+#include <botan/ed25519.h>
+#include <botan/version.h>
+int main()
+{
+ Botan::secure_vector<uint8_t> k(32);
+ try {
+ Botan::Ed25519_PrivateKey* key =
+ new Botan::Ed25519_PrivateKey(k);
+ } catch(...) {
+ return 1;
+ }
+ return 0;
+}
diff --git a/SoftHSMv2/modules/tests/test_botan_gost.cpp b/SoftHSMv2/modules/tests/test_botan_gost.cpp
new file mode 100644
index 0000000..a141e4b
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_botan_gost.cpp
@@ -0,0 +1,24 @@
+#include <botan/init.h>
+#include <botan/gost_3410.h>
+#include <botan/oids.h>
+#include <botan/version.h>
+int main()
+{
+ Botan::LibraryInitializer::initialize();
+ const std::string name("gost_256A");
+ const Botan::OID oid(Botan::OIDS::lookup(name));
+ const Botan::EC_Group ecg(oid);
+ try {
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0)
+ const std::vector<Botan::byte> der =
+ ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
+#else
+ const Botan::SecureVector<Botan::byte> der =
+ ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
+#endif
+ } catch(...) {
+ return 1;
+ }
+
+ return 0;
+}
diff --git a/SoftHSMv2/modules/tests/test_botan_rawpss.cpp b/SoftHSMv2/modules/tests/test_botan_rawpss.cpp
new file mode 100644
index 0000000..ba7ad01
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_botan_rawpss.cpp
@@ -0,0 +1,11 @@
+#include <botan/botan.h>
+#include <botan/version.h>
+int main()
+{
+ using namespace Botan;
+
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,3,0)
+ return 0;
+#endif
+ return 1;
+}
diff --git a/SoftHSMv2/modules/tests/test_botan_rfc5649.cpp b/SoftHSMv2/modules/tests/test_botan_rfc5649.cpp
new file mode 100644
index 0000000..7f1fae4
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_botan_rfc5649.cpp
@@ -0,0 +1,19 @@
+#include <botan/botan.h>
+#include <botan/rfc3394.h>
+#include <botan/version.h>
+int main()
+{
+ using namespace Botan;
+
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0)
+ secure_vector<byte> key(10);
+ SymmetricKey kek("AABB");
+ secure_vector<byte> x = rfc5649_keywrap(key, kek);
+#else
+ SecureVector<byte> key(10);
+ SymmetricKey kek("AABB");
+ Algorithm_Factory& af = global_state().algorithm_factory();
+ SecureVector<byte> x = rfc5649_keywrap(key, kek, af);
+#endif
+ return 0;
+}
diff --git a/SoftHSMv2/modules/tests/test_openssl_ecc.c b/SoftHSMv2/modules/tests/test_openssl_ecc.c
new file mode 100644
index 0000000..d1eb22b
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_openssl_ecc.c
@@ -0,0 +1,13 @@
+#include <openssl/ecdsa.h>
+#include <openssl/objects.h>
+int main()
+{
+ EC_KEY *ec256, *ec384, *ec521;
+
+ ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ ec384 = EC_KEY_new_by_curve_name(NID_secp384r1);
+ ec521 = EC_KEY_new_by_curve_name(NID_secp521r1);
+ if (ec256 == NULL || ec384 == NULL || ec521 == NULL)
+ return 1;
+ return 0;
+}
diff --git a/SoftHSMv2/modules/tests/test_openssl_ed25519.c b/SoftHSMv2/modules/tests/test_openssl_ed25519.c
new file mode 100644
index 0000000..70dd92f
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_openssl_ed25519.c
@@ -0,0 +1,11 @@
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+int main()
+{
+ EVP_PKEY_CTX *ctx;
+
+ ctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
+ if (ctx == NULL)
+ return 1;
+ return 0;
+}
diff --git a/SoftHSMv2/modules/tests/test_openssl_ed448.c b/SoftHSMv2/modules/tests/test_openssl_ed448.c
new file mode 100644
index 0000000..c97b094
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_openssl_ed448.c
@@ -0,0 +1,11 @@
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+int main()
+{
+ EVP_PKEY_CTX *ctx;
+
+ ctx = EVP_PKEY_CTX_new_id(NID_ED448, NULL);
+ if (ctx == NULL)
+ return 1;
+ return 0;
+}
diff --git a/SoftHSMv2/modules/tests/test_openssl_fips.c b/SoftHSMv2/modules/tests/test_openssl_fips.c
new file mode 100644
index 0000000..51e75cd
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_openssl_fips.c
@@ -0,0 +1,5 @@
+#include <openssl/crypto.h>
+int main()
+{
+ return !FIPS_mode_set(1);
+}
diff --git a/SoftHSMv2/modules/tests/test_openssl_gost.c b/SoftHSMv2/modules/tests/test_openssl_gost.c
new file mode 100644
index 0000000..33487e1
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_openssl_gost.c
@@ -0,0 +1,41 @@
+#include <openssl/engine.h>
+#include <openssl/crypto.h>
+#include <openssl/opensslv.h>
+int main()
+{
+ ENGINE* eg;
+ const EVP_MD* EVP_GOST_34_11;
+
+ /* Initialise OpenSSL */
+ OpenSSL_add_all_algorithms();
+
+ /* Load engines */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ ENGINE_load_builtin_engines();
+#else
+ OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN | OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+
+ /* Initialise the GOST engine */
+ eg = ENGINE_by_id("gost");
+ if (eg == NULL)
+ return 1;
+ if (ENGINE_init(eg) <= 0)
+ return 1;
+
+ /* better than digest_gost */
+ EVP_GOST_34_11 = ENGINE_get_digest(eg, NID_id_GostR3411_94);
+ if (EVP_GOST_34_11 == NULL)
+ return 1;
+
+ /* from the openssl.cnf */
+ if (ENGINE_register_pkey_asn1_meths(eg) <= 0)
+ return 1;
+ if (ENGINE_ctrl_cmd_string(eg,
+ "CRYPT_PARAMS",
+ "id-Gost28147-89-CryptoPro-A-ParamSet",
+ 0) <= 0)
+ return 1;
+
+ return 0;
+}
diff --git a/SoftHSMv2/modules/tests/test_openssl_rfc3394.c b/SoftHSMv2/modules/tests/test_openssl_rfc3394.c
new file mode 100644
index 0000000..97343ee
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_openssl_rfc3394.c
@@ -0,0 +1,7 @@
+#include <openssl/evp.h>
+int main()
+{
+ EVP_aes_128_wrap();
+ return 0;
+}
+
diff --git a/SoftHSMv2/modules/tests/test_openssl_rfc5649.c b/SoftHSMv2/modules/tests/test_openssl_rfc5649.c
new file mode 100644
index 0000000..17d63ba
--- /dev/null
+++ b/SoftHSMv2/modules/tests/test_openssl_rfc5649.c
@@ -0,0 +1,6 @@
+#include <openssl/evp.h>
+int main()
+{
+ EVP_aes_128_wrap_pad();
+ return 0;
+}