diff options
Diffstat (limited to 'SoftHSMv2/modules')
-rw-r--r-- | SoftHSMv2/modules/CompilerOptions.cmake | 506 | ||||
-rw-r--r-- | SoftHSMv2/modules/FindBotan.cmake | 46 | ||||
-rw-r--r-- | SoftHSMv2/modules/FindCppUnit.cmake | 33 | ||||
-rw-r--r-- | SoftHSMv2/modules/FindSQLite3.cmake | 37 | ||||
-rw-r--r-- | SoftHSMv2/modules/tests/test_botan_aes_gcm.cpp | 11 | ||||
-rw-r--r-- | SoftHSMv2/modules/tests/test_botan_ecc.cpp | 23 | ||||
-rw-r--r-- | SoftHSMv2/modules/tests/test_botan_ed25519.cpp | 14 | ||||
-rw-r--r-- | SoftHSMv2/modules/tests/test_botan_gost.cpp | 24 | ||||
-rw-r--r-- | SoftHSMv2/modules/tests/test_botan_rawpss.cpp | 11 | ||||
-rw-r--r-- | SoftHSMv2/modules/tests/test_botan_rfc5649.cpp | 19 | ||||
-rw-r--r-- | SoftHSMv2/modules/tests/test_openssl_ecc.c | 13 | ||||
-rw-r--r-- | SoftHSMv2/modules/tests/test_openssl_ed25519.c | 11 | ||||
-rw-r--r-- | SoftHSMv2/modules/tests/test_openssl_ed448.c | 11 | ||||
-rw-r--r-- | SoftHSMv2/modules/tests/test_openssl_fips.c | 5 | ||||
-rw-r--r-- | SoftHSMv2/modules/tests/test_openssl_gost.c | 41 | ||||
-rw-r--r-- | SoftHSMv2/modules/tests/test_openssl_rfc3394.c | 7 | ||||
-rw-r--r-- | SoftHSMv2/modules/tests/test_openssl_rfc5649.c | 6 |
17 files changed, 818 insertions, 0 deletions
diff --git a/SoftHSMv2/modules/CompilerOptions.cmake b/SoftHSMv2/modules/CompilerOptions.cmake new file mode 100644 index 0000000..29a0ae5 --- /dev/null +++ b/SoftHSMv2/modules/CompilerOptions.cmake @@ -0,0 +1,506 @@ +include(CheckCXXCompilerFlag) +include(CheckFunctionExists) +include(CheckIncludeFiles) +include(CheckLibraryExists) +include(CheckSymbolExists) +include(CheckTypeSize) + +function(enable_cxx_compiler_flag_if_supported flag) + string(FIND "${CMAKE_CXX_FLAGS}" "${flag}" flag_already_set) + if(flag_already_set EQUAL -1) + check_cxx_compiler_flag("${flag}" flag_supported) + if(flag_supported) + add_compile_options(${flag}) + elseif(flag_supported) + message(WARNING "unsupported compiler flag: ${flag}") + endif(flag_supported) + unset(flag_supported CACHE) + endif() +endfunction() + +# Configures C++11 +set(CMAKE_CXX_STANDARD 11) +set(CMAKE_CXX_STANDARD_REQUIRED ON) +set(HAVE_CXX11 1) + +if(ENABLE_PEDANTIC) + enable_cxx_compiler_flag_if_supported(-pedantic) + set(ENABLE_STRICT ON) +endif(ENABLE_PEDANTIC) + +if(ENABLE_STRICT) + set(CMAKE_CXX_EXTENSIONS OFF) +endif(ENABLE_STRICT) + +set(CMAKE_POSITION_INDEPENDENT_CODE ON) + +# Compiler Options/Macros + +# FIXME: These options need to be set on a per object file basis (*.o). Do not belong here. +# Are these even required? They just modify the Makefile representation of the target. +#add_compile_options(-MD) +#add_compile_options(-MP) +#add_compile_options(-MF) +#add_compile_options(-MT) + +# FIXME: [Implement AC_HEADER_STDC]: +# Find a CMake mechanism performs the check as defined in +# AC_HEADER_STDC: +# https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/Particular-Headers.html +# +# Not sure if this is a legacy check, or it's something that we need to +# continue to check with modern compiler versions. +set(STDC_HEADERS 1) + +# acx_strict.m4 +if(ENABLE_STRICT) + enable_cxx_compiler_flag_if_supported(-Wall) + enable_cxx_compiler_flag_if_supported(-Wextra) +endif(ENABLE_STRICT) + +# acx_64bit.m4 +if(ENABLE_64BIT) + if(CMAKE_SIZEOF_VOID_P STREQUAL "8") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -m64") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m64") + else(CMAKE_SIZEOF_VOID_P STREQUAL "8") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -m32") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m32") + endif(CMAKE_SIZEOF_VOID_P STREQUAL "8") +endif(ENABLE_64BIT) + +# Equivalent of acx_visibility.m4 +if(DISABLE_VISIBILITY) + message(STATUS "-fvisibility=hidden has been disabled") +else(DISABLE_VISIBILITY) + set(CRYPTOKI_VISIBILITY 1) + set(CMAKE_CXX_VISIBILITY_PRESET hidden) +endif(DISABLE_VISIBILITY) + +# acx_non_paged_memory.m4 +if(DISABLE_NON_PAGED_MEMORY) + message(STATUS "non-paged-memory disabled") +else(DISABLE_NON_PAGED_MEMORY) + set(SENSITIVE_NON_PAGE 1) + check_include_files(sys/mman.h HAVE_SYS_MMAN_H) + execute_process(COMMAND bash -c "ulimit -l" + OUTPUT_VARIABLE MLOCK_SIZE + OUTPUT_STRIP_TRAILING_WHITESPACE + ) + if(NOT "${MLOCK_SIZE}" STREQUAL "unlimited") + message(WARNING "\ + ====================================================================== + SoftHSM has been configured to store sensitive data in non-page RAM + (i.e. memory that is not swapped out to disk). This is the default and + most secure configuration. Your system, however, is not configured to + support this model in non-privileged accounts (i.e. user accounts). + + You can check the setting on your system by running the following + command in a shell: + + ulimit -l + + If this does not return \"unlimited\" and you plan to run SoftHSM from + non-privileged accounts then you should edit the configuration file + /etc/security/limits.conf (on most systems). + + You will need to add the following lines to this file: + + #<domain> <type> <item> <value> + * - memlock unlimited + + Alternatively, you can elect to disable this feature of SoftHSM by + re-running cmake with the option \"-DDISABLE_NON_PAGED_MEMORY=ON\". + Please be advised that this may seriously degrade the security of + SoftHSM. + ======================================================================") + endif(NOT "${MLOCK_SIZE}" STREQUAL "unlimited") +endif(DISABLE_NON_PAGED_MEMORY) + +# Check if -ldl exists (equivalent of acx_dlopen.m4) +check_library_exists(dl dlopen "" HAVE_DLOPEN) +check_function_exists(LoadLibrary HAVE_LOADLIBRARY) + +# acx_libtool.m4 +check_include_files(dlfcn.h HAVE_DLFCN_H) + +# configure: + +# STDC_HEADERS +check_include_files(sys/types.h HAVE_SYS_TYPES_H) +check_include_files(sys/stat.h HAVE_SYS_STAT_H) +check_include_files(stdlib.h HAVE_STDLIB_H) +check_include_files(stddef.h HAVE_STDDEF_H) +check_include_files(string.h HAVE_STRING_H) +check_include_files(strings.h HAVE_STRINGS_H) +check_include_files(inttypes.h HAVE_INTTYPES_H) +check_include_files(stdint.h HAVE_STDINT_H) +check_include_files(unistd.h HAVE_UNISTD_H) + +check_include_files(memory.h HAVE_MEMORY_H) +check_include_files(pthread.h HAVE_PTHREAD_H) +check_function_exists(getpwuid_r HAVE_GETPWUID_R) + +# Find Botan Crypto Backend +if(WITH_CRYPTO_BACKEND STREQUAL "botan") + set(WITH_BOTAN 1) + + include(FindBotan) + if(NOT BOTAN_FOUND) + message(FATAL_ERROR "Failed to find Botan!") + endif() + + set(CRYPTO_INCLUDES ${BOTAN_INCLUDE_DIRS}) + set(CRYPTO_LIBS ${BOTAN_LIBRARIES}) + message(STATUS "Botan: Includes: ${CRYPTO_INCLUDES}") + message(STATUS "Botan: Libs: ${CRYPTO_LIBS}") + + # CXX11 flag is not added to try_run, so set it locally. + CHECK_CXX_COMPILER_FLAG("-std=c++11" COMPILER_SUPPORTS_CXX11) + CHECK_CXX_COMPILER_FLAG("-std=c++0x" COMPILER_SUPPORTS_CXX0X) + set(TMP_CXX_FLAGS ${CMAKE_CXX_FLAGS}) + if(COMPILER_SUPPORTS_CXX11) + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11") + elseif(COMPILER_SUPPORTS_CXX0X) + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++0x") + endif() + + # acx_botan_ecc.m4 + if(ENABLE_ECC) + set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_ecc.cpp) + try_run(RUN_ECC COMPILE_RESULT + "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile} + LINK_LIBRARIES ${CRYPTO_LIBS} + CMAKE_FLAGS + "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}" + ) + if(COMPILE_RESULT AND RUN_ECC EQUAL 0) + set(WITH_ECC 1) + message(STATUS "Botan: Found P-256") + else() + set(error_msg "Botan: Cannot find P-256! Botan library has no ECC support!") + message(FATAL_ERROR ${error_msg}) + endif() + else(ENABLE_ECC) + message(STATUS "Botan: Support for ECC is disabled") + endif(ENABLE_ECC) + + # acx_botan_eddsa.m4 + if(ENABLE_EDDSA) + # ED25519 + set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_ed25519.cpp) + try_run(RUN_ED25519 COMPILE_RESULT + "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile} + LINK_LIBRARIES ${CRYPTO_LIBS} + CMAKE_FLAGS + "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}" + ) + if(COMPILE_RESULT AND RUN_ED25519 EQUAL 0) + set(WITH_EDDSA 1) + message(STATUS "Botan: Found ED25519") + else() + set(error_msg "Botan: Cannot find ED25519! Botan library has no EDDSA support!") + message(FATAL_ERROR ${error_msg}) + endif() + else(ENABLE_EDDSA) + message(STATUS "Botan: Support for EDDSA is disabled") + endif(ENABLE_EDDSA) + + # acx_botan_gost.m4 + if(ENABLE_GOST) + set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_gost.cpp) + try_run(RUN_GOST COMPILE_RESULT + "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile} + LINK_LIBRARIES ${CRYPTO_LIBS} + CMAKE_FLAGS + "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}" + ) + if(COMPILE_RESULT AND RUN_GOST EQUAL 0) + set(WITH_GOST 1) + message(STATUS "Botan: Found GOST") + else() + set(error_msg "Botan: Cannot find GOST! Botan library has no GOST support!") + message(FATAL_ERROR ${error_msg}) + endif() + else(ENABLE_GOST) + message(STATUS "Botan: Support for GOST is disabled") + endif(ENABLE_GOST) + + if(ENABLE_FIPS) + message(FATAL_ERROR "Botan does not support FIPS 140-2 mode") + endif(ENABLE_FIPS) + + # Compile with AES KEY WRAP + set(HAVE_AES_KEY_WRAP 1) + + # acx_botan_rfc5649.m4 + set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_rfc5649.cpp) + try_run(RUN_AES_KEY_WRAP_PAD COMPILE_RESULT + "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile} + LINK_LIBRARIES ${CRYPTO_LIBS} + CMAKE_FLAGS + "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}" + ) + if(COMPILE_RESULT AND RUN_AES_KEY_WRAP_PAD EQUAL 0) + set(HAVE_AES_KEY_WRAP_PAD 1) + message(STATUS "Botan: RFC 5649 is supported") + else() + message(STATUS "Botan: RFC 5649 is not supported") + endif() + + # acx_botan_rawpss.m4 + set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_rawpss.cpp) + try_run(RUN_RAWPSS COMPILE_RESULT + "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile} + LINK_LIBRARIES ${CRYPTO_LIBS} + CMAKE_FLAGS + "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}" + ) + if(COMPILE_RESULT AND RUN_RAWPSS EQUAL 0) + set(WITH_RAW_PSS 1) + message(STATUS "Botan: Found raw PSS") + else() + message(STATUS "Botan: Cannot find raw PSS support, upgrade to Botan >= v2.3.0") + endif() + + # acx_botan_aes_gcm.m4 + set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_aes_gcm.cpp) + try_run(RUN_AESGCM COMPILE_RESULT + "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile} + LINK_LIBRARIES ${CRYPTO_LIBS} + CMAKE_FLAGS + "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}" + ) + if(COMPILE_RESULT AND RUN_AESGCM EQUAL 0) + set(WITH_AES_GCM 1) + message(STATUS "Botan: Found AES GCM") + else() + message(STATUS "Botan: Cannot find AES GCM support, upgrade to Botan >= v2.0.0") + endif() + + # Restore flags + set(CMAKE_CXX_FLAGS ${TMP_CXX_FLAGS}) + +# Find OpenSSL Crypto Backend +elseif(WITH_CRYPTO_BACKEND STREQUAL "openssl") + set(WITH_OPENSSL 1) + + include(FindOpenSSL) + if(NOT OPENSSL_FOUND) + message(FATAL_ERROR "Failed to find OpenSSL!") + endif() + + set(CRYPTO_INCLUDES ${OPENSSL_INCLUDE_DIR}) + set(CRYPTO_LIBS ${OPENSSL_LIBRARIES}) + message(STATUS "OpenSSL: Found version ${OPENSSL_VERSION}") + message(STATUS "OpenSSL: Includes: ${CRYPTO_INCLUDES}") + message(STATUS "OpenSSL: Libs: ${CRYPTO_LIBS}") + + check_include_files(openssl/ssl.h HAVE_OPENSSL_SSL_H) + get_filename_component(CRYPTO_LIB_DIR "${OPENSSL_CRYPTO_LIBRARY}" DIRECTORY) + check_library_exists(crypto "BN_new" "${CRYPTO_LIB_DIR}" HAVE_LIBCRYPTO) + + # acx_openssl_ecc.m4 + if(ENABLE_ECC) + set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_ecc.c) + try_run(RUN_ECC COMPILE_RESULT + "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile} + LINK_LIBRARIES ${CRYPTO_LIBS} + CMAKE_FLAGS + "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}" + ) + if(COMPILE_RESULT AND RUN_ECC EQUAL 0) + set(WITH_ECC 1) + message(STATUS "OpenSSL: Found P-256, P-384, and P-521") + else() + set(error_msg "OpenSSL: Cannot find P-256, P-384, or P-521! OpenSSL library has no ECC support!") + message(FATAL_ERROR ${error_msg}) + endif() + else(ENABLE_ECC) + message(STATUS "OpenSSL: Support for ECC is disabled") + endif(ENABLE_ECC) + + # acx_openssl_eddsa.m4 + if(ENABLE_EDDSA) + # ED25519 + set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_ed25519.c) + try_run(RUN_ED25519 COMPILE_RESULT + "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile} + LINK_LIBRARIES ${CRYPTO_LIBS} + CMAKE_FLAGS + "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}" + ) + if(COMPILE_RESULT AND RUN_ED25519 EQUAL 0) + set(WITH_EDDSA 1) + message(STATUS "OpenSSL: Found ED25519") + else() + set(error_msg "OpenSSL: Cannot find ED25519! OpenSSL library has no EDDSA support!") + message(FATAL_ERROR ${error_msg}) + endif() + # ED448 + set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_ed448.c) + try_run(RUN_ED448 COMPILE_RESULT + "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile} + LINK_LIBRARIES ${CRYPTO_LIBS} + CMAKE_FLAGS + "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}" + ) + if(COMPILE_RESULT AND RUN_ED448 EQUAL 0) + message(STATUS "OpenSSL: Found ED448") + else() + # Not used in SoftHSM + message(STATUS "OpenSSL: Cannot find ED448!") + endif() + else(ENABLE_EDDSA) + message(STATUS "OpenSSL: Support for EDDSA is disabled") + endif(ENABLE_EDDSA) + + # acx_openssl_gost.m4 + if(ENABLE_GOST) + set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_gost.c) + try_run(RUN_GOST COMPILE_RESULT + "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile} + LINK_LIBRARIES ${CRYPTO_LIBS} + CMAKE_FLAGS + "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}" + ) + if(COMPILE_RESULT AND RUN_GOST EQUAL 0) + set(WITH_GOST 1) + message(STATUS "OpenSSL: Found GOST engine") + else() + set(error_msg "OpenSSL: Cannot find GOST engine! OpenSSL library has no GOST support!") + message(FATAL_ERROR ${error_msg}) + endif() + else(ENABLE_GOST) + message(STATUS "OpenSSL: Support for GOST is disabled") + endif(ENABLE_GOST) + + # acx_openssl_fips.m4 + if(ENABLE_FIPS) + set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_fips.c) + try_run(RUN_FIPS COMPILE_RESULT + "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile} + LINK_LIBRARIES ${CRYPTO_LIBS} + CMAKE_FLAGS + "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}" + ) + if(COMPILE_RESULT AND RUN_FIPS EQUAL 0) + set(WITH_FIPS 1) + message(STATUS "OpenSSL: Found working FIPS_mode_set()") + else() + set(error_msg "OpenSSL: FIPS_mode_set(1) failed. OpenSSL library is not FIPS capable!") + message(FATAL_ERROR ${error_msg}) + endif() + else(ENABLE_FIPS) + message(STATUS "OpenSSL: Support for FIPS 140-2 mode is disabled") + endif(ENABLE_FIPS) + + # acx_openssl_rfc3349 + set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_rfc3394.c) + try_run(RUN_AES_KEY_WRAP COMPILE_RESULT + "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile} + LINK_LIBRARIES ${CRYPTO_LIBS} + CMAKE_FLAGS + "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}" + ) + if(COMPILE_RESULT AND RUN_AES_KEY_WRAP EQUAL 0) + set(HAVE_AES_KEY_WRAP 1) + message(STATUS "OpenSSL: RFC 3394 is supported") + else() + message(STATUS "OpenSSL: RFC 3394 is not supported") + endif() + + # acx_openssl_rfc5649 + set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_openssl_rfc5649.c) + try_run(RUN_AES_KEY_WRAP_PAD COMPILE_RESULT + "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile} + LINK_LIBRARIES ${CRYPTO_LIBS} + CMAKE_FLAGS + "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}" + ) + if(COMPILE_RESULT AND RUN_AES_KEY_WRAP_PAD EQUAL 0) + set(HAVE_AES_KEY_WRAP_PAD 1) + message(STATUS "OpenSSL: RFC 5649 is supported") + else() + message(STATUS "OpenSSL: RFC 5649 is not supported") + endif() + + # Compile with RAW PKCS PSS + set(WITH_RAW_PSS 1) + # Compile with AES_GCM + set(WITH_AES_GCM 1) + +else() + message(FATAL_ERROR "Crypto backend '${WITH_CRYPTO_BACKEND}' not supported. Use openssl or botan.") +endif() + +# Find SQLite3 +if(WITH_SQLITE3) + include(FindSQLite3) + if(NOT SQLITE3_FOUND) + message(FATAL_ERROR "Failed to find SQLite3!") + endif(NOT SQLITE3_FOUND) + + set(SQLITE3_INCLUDES ${SQLITE3_INCLUDE_DIRS}) + set(SQLITE3_LIBS ${SQLITE3_LIBRARIES}) + message(STATUS "SQLite3: Includes: ${SQLITE3_INCLUDES}") + message(STATUS "SQLite3: Libs: ${SQLITE3_LIBS}") + + check_include_files(sqlite3.h HAVE_SQLITE3_H) + check_library_exists(sqlite3 sqlite3_prepare_v2 "" HAVE_LIBSQLITE3) + find_program(SQLITE3_COMMAND NAMES sqlite3) + if(SQLITE3_COMMAND MATCHES "-NOTFOUND") + message(FATAL_ERROR "SQLite3: Command was not found") + endif(SQLITE3_COMMAND MATCHES "-NOTFOUND") +else(WITH_SQLITE3) + message(STATUS "Not including SQLite3 in build") +endif(WITH_SQLITE3) + +# acx_p11kit.m4 +if(ENABLE_P11_KIT) + if("${WITH_P11_KIT}" STREQUAL "") + find_package(PkgConfig) + if(PKG_CONFIG_FOUND) + function(pkg_check_variable _pkg _name) + string(TOUPPER ${_pkg} _pkg_upper) + string(TOUPPER ${_name} _name_upper) + string(REPLACE "-" "_" _pkg_upper ${_pkg_upper}) + string(REPLACE "-" "_" _name_upper ${_name_upper}) + set(_output_name "${_pkg_upper}_${_name_upper}") + + execute_process(COMMAND ${PKG_CONFIG_EXECUTABLE} --variable=${_name} ${_pkg} OUTPUT_VARIABLE _pkg_result OUTPUT_STRIP_TRAILING_WHITESPACE) + set("${_output_name}" "${_pkg_result}" CACHE STRING "pkg-config variable ${_name} of ${_pkg}") + endfunction() + pkg_check_modules(PC_p11kit QUIET p11-kit-1) + pkg_check_variable(p11-kit-1 p11_module_configs) + set(P11KIT_PATH ${P11_KIT_1_P11_MODULE_CONFIGS}) + endif(PKG_CONFIG_FOUND) + else() + set(P11KIT_PATH ${WITH_P11_KIT}) + endif() + message(STATUS "P11-kit: Install path: ${P11KIT_PATH}") + if("${P11KIT_PATH}" STREQUAL "") + message(WARNING "P11-kit: Missing install path for the p11-kit module, skipping module") + SET(ENABLE_P11_KIT OFF) + endif() +else(ENABLE_P11_KIT) + message(STATUS "P11-kit: No integration") +endif(ENABLE_P11_KIT) + +if(BUILD_TESTS) + # Find CppUnit (equivalent of acx_cppunit.m4) + set(CppUnit_FIND_QUIETLY ON) + include(FindCppUnit) + if(NOT CPPUNIT_FOUND) + message(FATAL_ERROR "Failed to find CppUnit!") + endif(NOT CPPUNIT_FOUND) + + set(CPPUNIT_INCLUDES ${CPPUNIT_INCLUDE_DIR}) + set(CPPUNIT_LIBS ${CPPUNIT_LIBRARY}) + message(STATUS "CppUnit: Includes: ${CPPUNIT_INCLUDES}") + message(STATUS "CppUnit: Libs: ${CPPUNIT_LIBS}") +else(BUILD_TESTS) + message(STATUS "Not building tests") +endif(BUILD_TESTS) + +configure_file(config.h.in.cmake ${CMAKE_BINARY_DIR}/config.h) diff --git a/SoftHSMv2/modules/FindBotan.cmake b/SoftHSMv2/modules/FindBotan.cmake new file mode 100644 index 0000000..6cb85a6 --- /dev/null +++ b/SoftHSMv2/modules/FindBotan.cmake @@ -0,0 +1,46 @@ +# - Try to find the Botan library +# +# Once done this will define +# +# BOTAN_FOUND - System has Botan +# BOTAN_INCLUDE_DIR - The Botan include directory +# BOTAN_LIBRARIES - The libraries needed to use Botan +# BOTAN_DEFINITIONS - Compiler switches required for using Botan + +IF (BOTAN_INCLUDE_DIR AND BOTAN_LIBRARY) + # in cache already + SET(Botan_FIND_QUIETLY TRUE) +ENDIF (BOTAN_INCLUDE_DIR AND BOTAN_LIBRARY) + +IF (NOT WIN32) + # try using pkg-config to get the directories and then use these values + # in the FIND_PATH() and FIND_LIBRARY() calls + # also fills in BOTAN_DEFINITIONS, although that isn't normally useful + FIND_PACKAGE(PkgConfig) + PKG_SEARCH_MODULE(PC_BOTAN botan-2 botan-1.11 botan-1.10) + SET(BOTAN_DEFINITIONS ${PC_BOTAN_CFLAGS}) +ENDIF (NOT WIN32) + +FIND_PATH(BOTAN_INCLUDE_DIR botan/botan.h + HINTS + ${PC_BOTAN_INCLUDEDIR} + ${PC_BOTAN_INCLUDE_DIRS} + ) + +FIND_LIBRARY(BOTAN_LIBRARY NAMES ${PC_BOTAN_LIBRARIES} + HINTS + ${PC_BOTAN_LIBDIR} + ${PC_BOTAN_LIBRARY_DIRS} + ) + +MARK_AS_ADVANCED(BOTAN_INCLUDE_DIR BOTAN_LIBRARY) + +# handle the QUIETLY and REQUIRED arguments and set BOTAN_FOUND to TRUE if +# all listed variables are TRUE +INCLUDE(FindPackageHandleStandardArgs) +FIND_PACKAGE_HANDLE_STANDARD_ARGS(Botan DEFAULT_MSG BOTAN_LIBRARY BOTAN_INCLUDE_DIR) + +IF(BOTAN_FOUND) + SET(BOTAN_LIBRARIES ${BOTAN_LIBRARY}) + SET(BOTAN_INCLUDE_DIRS ${BOTAN_INCLUDE_DIR}) +ENDIF(BOTAN_FOUND) diff --git a/SoftHSMv2/modules/FindCppUnit.cmake b/SoftHSMv2/modules/FindCppUnit.cmake new file mode 100644 index 0000000..0980d1d --- /dev/null +++ b/SoftHSMv2/modules/FindCppUnit.cmake @@ -0,0 +1,33 @@ +# +# http://root.cern.ch/viewvc/trunk/cint/reflex/cmake/modules/FindCppUnit.cmake +# +# - Find CppUnit +# This module finds an installed CppUnit package. +# +# It sets the following variables: +# CPPUNIT_FOUND - Set to false, or undefined, if CppUnit isn't found. +# CPPUNIT_INCLUDE_DIR - The CppUnit include directory. +# CPPUNIT_LIBRARY - The CppUnit library to link against. + +FIND_PATH(CPPUNIT_INCLUDE_DIR cppunit/Test.h) +FIND_LIBRARY(CPPUNIT_LIBRARY NAMES cppunit) + +IF (CPPUNIT_INCLUDE_DIR AND CPPUNIT_LIBRARY) + SET(CPPUNIT_FOUND TRUE) +ENDIF (CPPUNIT_INCLUDE_DIR AND CPPUNIT_LIBRARY) + +IF (CPPUNIT_FOUND) + + # show which CppUnit was found only if not quiet + IF (NOT CppUnit_FIND_QUIETLY) + MESSAGE(STATUS "Found CppUnit: ${CPPUNIT_LIBRARY}") + ENDIF (NOT CppUnit_FIND_QUIETLY) + +ELSE (CPPUNIT_FOUND) + + # fatal error if CppUnit is required but not found + IF (CppUnit_FIND_REQUIRED) + MESSAGE(FATAL_ERROR "Could not find CppUnit") + ENDIF (CppUnit_FIND_REQUIRED) + +ENDIF (CPPUNIT_FOUND) diff --git a/SoftHSMv2/modules/FindSQLite3.cmake b/SoftHSMv2/modules/FindSQLite3.cmake new file mode 100644 index 0000000..dc7a3b3 --- /dev/null +++ b/SoftHSMv2/modules/FindSQLite3.cmake @@ -0,0 +1,37 @@ +# Copyright (C) 2007-2009 LuaDist. +# Created by Peter Kapec <kapecp@gmail.com> +# Redistribution and use of this file is allowed according to the terms of the MIT license. +# For details see the COPYRIGHT file distributed with LuaDist. +# Note: +# Searching headers and libraries is very simple and is NOT as powerful as scripts +# distributed with CMake, because LuaDist defines directories to search for. +# Everyone is encouraged to contact the author with improvements. Maybe this file +# becomes part of CMake distribution sometimes. + +# - Find sqlite3 +# Find the native SQLITE3 headers and libraries. +# +# SQLITE3_INCLUDE_DIRS - where to find sqlite3.h, etc. +# SQLITE3_LIBRARIES - List of libraries when using sqlite. +# SQLITE3_FOUND - True if sqlite found. + +# Look for the header file. +FIND_PATH(SQLITE3_INCLUDE_DIR NAMES sqlite3.h) + +# Look for the library. +FIND_LIBRARY(SQLITE3_LIBRARY NAMES sqlite sqlite3) + +# Handle the QUIETLY and REQUIRED arguments and set SQLITE3_FOUND to TRUE if all listed variables are TRUE. +INCLUDE(FindPackageHandleStandardArgs) +FIND_PACKAGE_HANDLE_STANDARD_ARGS(SQLITE3 DEFAULT_MSG SQLITE3_LIBRARY SQLITE3_INCLUDE_DIR) + +# Copy the results to the output variables. +IF(SQLITE3_FOUND) + SET(SQLITE3_LIBRARIES ${SQLITE3_LIBRARY}) + SET(SQLITE3_INCLUDE_DIRS ${SQLITE3_INCLUDE_DIR}) +ELSE(SQLITE3_FOUND) + SET(SQLITE3_LIBRARIES) + SET(SQLITE3_INCLUDE_DIRS) +ENDIF(SQLITE3_FOUND) + +MARK_AS_ADVANCED(SQLITE3_INCLUDE_DIRS SQLITE3_LIBRARIES) diff --git a/SoftHSMv2/modules/tests/test_botan_aes_gcm.cpp b/SoftHSMv2/modules/tests/test_botan_aes_gcm.cpp new file mode 100644 index 0000000..3769342 --- /dev/null +++ b/SoftHSMv2/modules/tests/test_botan_aes_gcm.cpp @@ -0,0 +1,11 @@ +#include <botan/botan.h> +#include <botan/version.h> +int main() +{ + using namespace Botan; + +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) + return 0; +#endif + return 1; +} diff --git a/SoftHSMv2/modules/tests/test_botan_ecc.cpp b/SoftHSMv2/modules/tests/test_botan_ecc.cpp new file mode 100644 index 0000000..cb1be21 --- /dev/null +++ b/SoftHSMv2/modules/tests/test_botan_ecc.cpp @@ -0,0 +1,23 @@ +#include <botan/init.h> +#include <botan/ec_group.h> +#include <botan/oids.h> +#include <botan/version.h> +int main() +{ + Botan::LibraryInitializer::initialize(); + const std::string name("secp256r1"); + const Botan::OID oid(Botan::OIDS::lookup(name)); + const Botan::EC_Group ecg(oid); + try { +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + const std::vector<Botan::byte> der = + ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); +#else + const Botan::SecureVector<Botan::byte> der = + ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); +#endif + } catch(...) { + return 1; + } + return 0; +} diff --git a/SoftHSMv2/modules/tests/test_botan_ed25519.cpp b/SoftHSMv2/modules/tests/test_botan_ed25519.cpp new file mode 100644 index 0000000..8ac4bac --- /dev/null +++ b/SoftHSMv2/modules/tests/test_botan_ed25519.cpp @@ -0,0 +1,14 @@ +#include <botan/init.h> +#include <botan/ed25519.h> +#include <botan/version.h> +int main() +{ + Botan::secure_vector<uint8_t> k(32); + try { + Botan::Ed25519_PrivateKey* key = + new Botan::Ed25519_PrivateKey(k); + } catch(...) { + return 1; + } + return 0; +} diff --git a/SoftHSMv2/modules/tests/test_botan_gost.cpp b/SoftHSMv2/modules/tests/test_botan_gost.cpp new file mode 100644 index 0000000..a141e4b --- /dev/null +++ b/SoftHSMv2/modules/tests/test_botan_gost.cpp @@ -0,0 +1,24 @@ +#include <botan/init.h> +#include <botan/gost_3410.h> +#include <botan/oids.h> +#include <botan/version.h> +int main() +{ + Botan::LibraryInitializer::initialize(); + const std::string name("gost_256A"); + const Botan::OID oid(Botan::OIDS::lookup(name)); + const Botan::EC_Group ecg(oid); + try { +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + const std::vector<Botan::byte> der = + ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); +#else + const Botan::SecureVector<Botan::byte> der = + ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); +#endif + } catch(...) { + return 1; + } + + return 0; +} diff --git a/SoftHSMv2/modules/tests/test_botan_rawpss.cpp b/SoftHSMv2/modules/tests/test_botan_rawpss.cpp new file mode 100644 index 0000000..ba7ad01 --- /dev/null +++ b/SoftHSMv2/modules/tests/test_botan_rawpss.cpp @@ -0,0 +1,11 @@ +#include <botan/botan.h> +#include <botan/version.h> +int main() +{ + using namespace Botan; + +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,3,0) + return 0; +#endif + return 1; +} diff --git a/SoftHSMv2/modules/tests/test_botan_rfc5649.cpp b/SoftHSMv2/modules/tests/test_botan_rfc5649.cpp new file mode 100644 index 0000000..7f1fae4 --- /dev/null +++ b/SoftHSMv2/modules/tests/test_botan_rfc5649.cpp @@ -0,0 +1,19 @@ +#include <botan/botan.h> +#include <botan/rfc3394.h> +#include <botan/version.h> +int main() +{ + using namespace Botan; + +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + secure_vector<byte> key(10); + SymmetricKey kek("AABB"); + secure_vector<byte> x = rfc5649_keywrap(key, kek); +#else + SecureVector<byte> key(10); + SymmetricKey kek("AABB"); + Algorithm_Factory& af = global_state().algorithm_factory(); + SecureVector<byte> x = rfc5649_keywrap(key, kek, af); +#endif + return 0; +} diff --git a/SoftHSMv2/modules/tests/test_openssl_ecc.c b/SoftHSMv2/modules/tests/test_openssl_ecc.c new file mode 100644 index 0000000..d1eb22b --- /dev/null +++ b/SoftHSMv2/modules/tests/test_openssl_ecc.c @@ -0,0 +1,13 @@ +#include <openssl/ecdsa.h> +#include <openssl/objects.h> +int main() +{ + EC_KEY *ec256, *ec384, *ec521; + + ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + ec384 = EC_KEY_new_by_curve_name(NID_secp384r1); + ec521 = EC_KEY_new_by_curve_name(NID_secp521r1); + if (ec256 == NULL || ec384 == NULL || ec521 == NULL) + return 1; + return 0; +} diff --git a/SoftHSMv2/modules/tests/test_openssl_ed25519.c b/SoftHSMv2/modules/tests/test_openssl_ed25519.c new file mode 100644 index 0000000..70dd92f --- /dev/null +++ b/SoftHSMv2/modules/tests/test_openssl_ed25519.c @@ -0,0 +1,11 @@ +#include <openssl/evp.h> +#include <openssl/objects.h> +int main() +{ + EVP_PKEY_CTX *ctx; + + ctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL); + if (ctx == NULL) + return 1; + return 0; +} diff --git a/SoftHSMv2/modules/tests/test_openssl_ed448.c b/SoftHSMv2/modules/tests/test_openssl_ed448.c new file mode 100644 index 0000000..c97b094 --- /dev/null +++ b/SoftHSMv2/modules/tests/test_openssl_ed448.c @@ -0,0 +1,11 @@ +#include <openssl/evp.h> +#include <openssl/objects.h> +int main() +{ + EVP_PKEY_CTX *ctx; + + ctx = EVP_PKEY_CTX_new_id(NID_ED448, NULL); + if (ctx == NULL) + return 1; + return 0; +} diff --git a/SoftHSMv2/modules/tests/test_openssl_fips.c b/SoftHSMv2/modules/tests/test_openssl_fips.c new file mode 100644 index 0000000..51e75cd --- /dev/null +++ b/SoftHSMv2/modules/tests/test_openssl_fips.c @@ -0,0 +1,5 @@ +#include <openssl/crypto.h> +int main() +{ + return !FIPS_mode_set(1); +} diff --git a/SoftHSMv2/modules/tests/test_openssl_gost.c b/SoftHSMv2/modules/tests/test_openssl_gost.c new file mode 100644 index 0000000..33487e1 --- /dev/null +++ b/SoftHSMv2/modules/tests/test_openssl_gost.c @@ -0,0 +1,41 @@ +#include <openssl/engine.h> +#include <openssl/crypto.h> +#include <openssl/opensslv.h> +int main() +{ + ENGINE* eg; + const EVP_MD* EVP_GOST_34_11; + + /* Initialise OpenSSL */ + OpenSSL_add_all_algorithms(); + + /* Load engines */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ENGINE_load_builtin_engines(); +#else + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN | OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif + + /* Initialise the GOST engine */ + eg = ENGINE_by_id("gost"); + if (eg == NULL) + return 1; + if (ENGINE_init(eg) <= 0) + return 1; + + /* better than digest_gost */ + EVP_GOST_34_11 = ENGINE_get_digest(eg, NID_id_GostR3411_94); + if (EVP_GOST_34_11 == NULL) + return 1; + + /* from the openssl.cnf */ + if (ENGINE_register_pkey_asn1_meths(eg) <= 0) + return 1; + if (ENGINE_ctrl_cmd_string(eg, + "CRYPT_PARAMS", + "id-Gost28147-89-CryptoPro-A-ParamSet", + 0) <= 0) + return 1; + + return 0; +} diff --git a/SoftHSMv2/modules/tests/test_openssl_rfc3394.c b/SoftHSMv2/modules/tests/test_openssl_rfc3394.c new file mode 100644 index 0000000..97343ee --- /dev/null +++ b/SoftHSMv2/modules/tests/test_openssl_rfc3394.c @@ -0,0 +1,7 @@ +#include <openssl/evp.h> +int main() +{ + EVP_aes_128_wrap(); + return 0; +} + diff --git a/SoftHSMv2/modules/tests/test_openssl_rfc5649.c b/SoftHSMv2/modules/tests/test_openssl_rfc5649.c new file mode 100644 index 0000000..17d63ba --- /dev/null +++ b/SoftHSMv2/modules/tests/test_openssl_rfc5649.c @@ -0,0 +1,6 @@ +#include <openssl/evp.h> +int main() +{ + EVP_aes_128_wrap_pad(); + return 0; +} |