From 0c89b3ccba7c9b7332ab67ae1936aff51ca62367 Mon Sep 17 00:00:00 2001 From: NingSun Date: Thu, 8 Feb 2018 08:34:03 -0800 Subject: Initial sshsm project structure Issue-ID: AAF-94 Change-Id: I5e82fff418e7567b161acf9b98013a9b85ffc5b4 Signed-off-by: NingSun --- .gitreview | 5 + Adapter/README | 3 + README.md | 17 + SoftHSMv2/.appveyor.yml | 63 + SoftHSMv2/.gitignore | 80 + SoftHSMv2/.travis.yml | 13 + SoftHSMv2/FIPS-NOTES.md | 56 + SoftHSMv2/LICENSE | 28 + SoftHSMv2/Makefile.am | 65 + SoftHSMv2/NEWS | 292 + SoftHSMv2/OSX-NOTES.md | 182 + SoftHSMv2/README.md | 149 + SoftHSMv2/WIN32-NOTES.md | 311 + SoftHSMv2/aes_wrap_key_with_pad/README | 7 + SoftHSMv2/aes_wrap_key_with_pad/botan-diff | 340 + SoftHSMv2/autogen.sh | 3 + SoftHSMv2/configure.ac | 226 + SoftHSMv2/m4/acx_64bit.m4 | 29 + SoftHSMv2/m4/acx_botan.m4 | 72 + SoftHSMv2/m4/acx_botan_aes_gcm.m4 | 37 + SoftHSMv2/m4/acx_botan_ecc.m4 | 51 + SoftHSMv2/m4/acx_botan_gnump.m4 | 27 + SoftHSMv2/m4/acx_botan_gost.m4 | 52 + SoftHSMv2/m4/acx_botan_rawpss.m4 | 37 + SoftHSMv2/m4/acx_botan_rfc5649.m4 | 47 + SoftHSMv2/m4/acx_cppunit.m4 | 21 + SoftHSMv2/m4/acx_crypto_backend.m4 | 168 + SoftHSMv2/m4/acx_dlopen.m4 | 15 + SoftHSMv2/m4/acx_non_paged_memory.m4 | 57 + SoftHSMv2/m4/acx_openssl.m4 | 60 + SoftHSMv2/m4/acx_openssl_ecc.m4 | 37 + SoftHSMv2/m4/acx_openssl_fips.m4 | 50 + SoftHSMv2/m4/acx_openssl_gost.m4 | 65 + SoftHSMv2/m4/acx_openssl_rfc5649.m4 | 51 + SoftHSMv2/m4/acx_p11kit.m4 | 36 + SoftHSMv2/m4/acx_pedantic.m4 | 12 + SoftHSMv2/m4/acx_prefixhack.m4 | 23 + SoftHSMv2/m4/acx_sqlite3.m4 | 40 + SoftHSMv2/m4/acx_strict.m4 | 12 + SoftHSMv2/m4/acx_visibility.m4 | 14 + SoftHSMv2/m4/acx_yield.m4 | 10 + SoftHSMv2/m4/ax_cxx_compile_stdcxx_11.m4 | 146 + SoftHSMv2/prepdist.sh | 19 + SoftHSMv2/softhsm2.module.in | 4 + SoftHSMv2/src/Makefile.am | 3 + SoftHSMv2/src/bin/Makefile.am | 10 + SoftHSMv2/src/bin/common/Makefile.am | 3 + SoftHSMv2/src/bin/common/findslot.cpp | 372 + SoftHSMv2/src/bin/common/findslot.h | 42 + SoftHSMv2/src/bin/common/getpw.cpp | 207 + SoftHSMv2/src/bin/common/getpw.h | 40 + SoftHSMv2/src/bin/common/library.cpp | 145 + SoftHSMv2/src/bin/common/library.h | 42 + SoftHSMv2/src/bin/dump/Makefile.am | 24 + SoftHSMv2/src/bin/dump/common.h | 506 + SoftHSMv2/src/bin/dump/softhsm2-dump-db.1 | 18 + SoftHSMv2/src/bin/dump/softhsm2-dump-db.cpp | 968 ++ SoftHSMv2/src/bin/dump/softhsm2-dump-file.1 | 18 + SoftHSMv2/src/bin/dump/softhsm2-dump-file.cpp | 537 + SoftHSMv2/src/bin/dump/tables.h | 554 + SoftHSMv2/src/bin/keyconv/Makefile.am | 26 + SoftHSMv2/src/bin/keyconv/base64.c | 311 + .../src/bin/keyconv/softhsm2-keyconv-botan.cpp | 227 + .../src/bin/keyconv/softhsm2-keyconv-ossl.cpp | 261 + SoftHSMv2/src/bin/keyconv/softhsm2-keyconv.1 | 63 + SoftHSMv2/src/bin/keyconv/softhsm2-keyconv.cpp | 351 + SoftHSMv2/src/bin/keyconv/softhsm2-keyconv.h | 134 + SoftHSMv2/src/bin/migrate/Makefile.am | 20 + SoftHSMv2/src/bin/migrate/softhsm2-migrate.1 | 67 + SoftHSMv2/src/bin/migrate/softhsm2-migrate.cpp | 798 ++ SoftHSMv2/src/bin/migrate/softhsm2-migrate.h | 68 + SoftHSMv2/src/bin/util/Makefile.am | 40 + SoftHSMv2/src/bin/util/softhsm2-util-botan.cpp | 704 ++ SoftHSMv2/src/bin/util/softhsm2-util-botan.h | 142 + SoftHSMv2/src/bin/util/softhsm2-util-ossl.cpp | 790 ++ SoftHSMv2/src/bin/util/softhsm2-util-ossl.h | 142 + SoftHSMv2/src/bin/util/softhsm2-util.1 | 259 + SoftHSMv2/src/bin/util/softhsm2-util.cpp | 1318 +++ SoftHSMv2/src/bin/util/softhsm2-util.h | 77 + SoftHSMv2/src/bin/win32/getopt.cpp | 520 + SoftHSMv2/src/bin/win32/getopt.h | 101 + SoftHSMv2/src/bin/win32/getpassphase.cpp | 35 + SoftHSMv2/src/lib/Makefile.am | 52 + SoftHSMv2/src/lib/P11Attributes.cpp | 2514 +++++ SoftHSMv2/src/lib/P11Attributes.h | 1264 +++ SoftHSMv2/src/lib/P11Objects.cpp | 1807 +++ SoftHSMv2/src/lib/P11Objects.h | 398 + SoftHSMv2/src/lib/SoftHSM.cpp | 11178 +++++++++++++++++++ SoftHSMv2/src/lib/SoftHSM.h | 436 + SoftHSMv2/src/lib/access.cpp | 101 + SoftHSMv2/src/lib/access.h | 42 + SoftHSMv2/src/lib/common/Configuration.cpp | 176 + SoftHSMv2/src/lib/common/Configuration.h | 117 + SoftHSMv2/src/lib/common/HandleFactory.h | 121 + SoftHSMv2/src/lib/common/Makefile.am | 28 + SoftHSMv2/src/lib/common/MutexFactory.cpp | 192 + SoftHSMv2/src/lib/common/MutexFactory.h | 133 + SoftHSMv2/src/lib/common/Serialisable.h | 52 + SoftHSMv2/src/lib/common/SimpleConfigLoader.cpp | 352 + SoftHSMv2/src/lib/common/SimpleConfigLoader.h | 63 + SoftHSMv2/src/lib/common/fatal.cpp | 64 + SoftHSMv2/src/lib/common/fatal.h | 52 + SoftHSMv2/src/lib/common/log.cpp | 109 + SoftHSMv2/src/lib/common/log.h | 85 + SoftHSMv2/src/lib/common/osmutex.cpp | 242 + SoftHSMv2/src/lib/common/osmutex.h | 47 + SoftHSMv2/src/lib/common/softhsm2.conf.5.in | 86 + SoftHSMv2/src/lib/common/softhsm2.conf.in | 10 + SoftHSMv2/src/lib/crypto/AESKey.cpp | 67 + SoftHSMv2/src/lib/crypto/AESKey.h | 51 + SoftHSMv2/src/lib/crypto/AsymmetricAlgorithm.cpp | 221 + SoftHSMv2/src/lib/crypto/AsymmetricAlgorithm.h | 184 + SoftHSMv2/src/lib/crypto/AsymmetricKeyPair.cpp | 41 + SoftHSMv2/src/lib/crypto/AsymmetricKeyPair.h | 66 + SoftHSMv2/src/lib/crypto/AsymmetricParameters.h | 59 + SoftHSMv2/src/lib/crypto/BotanAES.cpp | 354 + SoftHSMv2/src/lib/crypto/BotanAES.h | 60 + SoftHSMv2/src/lib/crypto/BotanCryptoFactory.cpp | 308 + SoftHSMv2/src/lib/crypto/BotanCryptoFactory.h | 105 + SoftHSMv2/src/lib/crypto/BotanDES.cpp | 153 + SoftHSMv2/src/lib/crypto/BotanDES.h | 63 + SoftHSMv2/src/lib/crypto/BotanDH.cpp | 408 + SoftHSMv2/src/lib/crypto/BotanDH.h | 80 + SoftHSMv2/src/lib/crypto/BotanDHKeyPair.cpp | 70 + SoftHSMv2/src/lib/crypto/BotanDHKeyPair.h | 67 + SoftHSMv2/src/lib/crypto/BotanDHPrivateKey.cpp | 310 + SoftHSMv2/src/lib/crypto/BotanDHPrivateKey.h | 117 + SoftHSMv2/src/lib/crypto/BotanDHPublicKey.cpp | 146 + SoftHSMv2/src/lib/crypto/BotanDHPublicKey.h | 77 + SoftHSMv2/src/lib/crypto/BotanDSA.cpp | 760 ++ SoftHSMv2/src/lib/crypto/BotanDSA.h | 86 + SoftHSMv2/src/lib/crypto/BotanDSAKeyPair.cpp | 70 + SoftHSMv2/src/lib/crypto/BotanDSAKeyPair.h | 67 + SoftHSMv2/src/lib/crypto/BotanDSAPrivateKey.cpp | 243 + SoftHSMv2/src/lib/crypto/BotanDSAPrivateKey.h | 86 + SoftHSMv2/src/lib/crypto/BotanDSAPublicKey.cpp | 162 + SoftHSMv2/src/lib/crypto/BotanDSAPublicKey.h | 78 + SoftHSMv2/src/lib/crypto/BotanECDH.cpp | 356 + SoftHSMv2/src/lib/crypto/BotanECDH.h | 79 + SoftHSMv2/src/lib/crypto/BotanECDHKeyPair.cpp | 71 + SoftHSMv2/src/lib/crypto/BotanECDHKeyPair.h | 67 + SoftHSMv2/src/lib/crypto/BotanECDHPrivateKey.cpp | 259 + SoftHSMv2/src/lib/crypto/BotanECDHPrivateKey.h | 87 + SoftHSMv2/src/lib/crypto/BotanECDHPublicKey.cpp | 151 + SoftHSMv2/src/lib/crypto/BotanECDHPublicKey.h | 79 + SoftHSMv2/src/lib/crypto/BotanECDSA.cpp | 465 + SoftHSMv2/src/lib/crypto/BotanECDSA.h | 84 + SoftHSMv2/src/lib/crypto/BotanECDSAKeyPair.cpp | 71 + SoftHSMv2/src/lib/crypto/BotanECDSAKeyPair.h | 67 + SoftHSMv2/src/lib/crypto/BotanECDSAPrivateKey.cpp | 255 + SoftHSMv2/src/lib/crypto/BotanECDSAPrivateKey.h | 87 + SoftHSMv2/src/lib/crypto/BotanECDSAPublicKey.cpp | 151 + SoftHSMv2/src/lib/crypto/BotanECDSAPublicKey.h | 79 + SoftHSMv2/src/lib/crypto/BotanGOST.cpp | 535 + SoftHSMv2/src/lib/crypto/BotanGOST.h | 82 + SoftHSMv2/src/lib/crypto/BotanGOSTKeyPair.cpp | 71 + SoftHSMv2/src/lib/crypto/BotanGOSTKeyPair.h | 67 + SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp | 201 + SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.h | 94 + SoftHSMv2/src/lib/crypto/BotanGOSTPublicKey.cpp | 201 + SoftHSMv2/src/lib/crypto/BotanGOSTPublicKey.h | 86 + SoftHSMv2/src/lib/crypto/BotanGOSTR3411.cpp | 47 + SoftHSMv2/src/lib/crypto/BotanGOSTR3411.h | 48 + SoftHSMv2/src/lib/crypto/BotanHashAlgorithm.cpp | 133 + SoftHSMv2/src/lib/crypto/BotanHashAlgorithm.h | 64 + SoftHSMv2/src/lib/crypto/BotanMAC.cpp | 154 + SoftHSMv2/src/lib/crypto/BotanMAC.h | 107 + SoftHSMv2/src/lib/crypto/BotanMD5.cpp | 45 + SoftHSMv2/src/lib/crypto/BotanMD5.h | 48 + SoftHSMv2/src/lib/crypto/BotanMacAlgorithm.cpp | 310 + SoftHSMv2/src/lib/crypto/BotanMacAlgorithm.h | 74 + SoftHSMv2/src/lib/crypto/BotanRNG.cpp | 87 + SoftHSMv2/src/lib/crypto/BotanRNG.h | 66 + SoftHSMv2/src/lib/crypto/BotanRSA.cpp | 1219 ++ SoftHSMv2/src/lib/crypto/BotanRSA.h | 90 + SoftHSMv2/src/lib/crypto/BotanRSAKeyPair.cpp | 70 + SoftHSMv2/src/lib/crypto/BotanRSAKeyPair.h | 67 + SoftHSMv2/src/lib/crypto/BotanRSAPrivateKey.cpp | 304 + SoftHSMv2/src/lib/crypto/BotanRSAPrivateKey.h | 89 + SoftHSMv2/src/lib/crypto/BotanRSAPublicKey.cpp | 131 + SoftHSMv2/src/lib/crypto/BotanRSAPublicKey.h | 75 + SoftHSMv2/src/lib/crypto/BotanSHA1.cpp | 45 + SoftHSMv2/src/lib/crypto/BotanSHA1.h | 48 + SoftHSMv2/src/lib/crypto/BotanSHA224.cpp | 45 + SoftHSMv2/src/lib/crypto/BotanSHA224.h | 48 + SoftHSMv2/src/lib/crypto/BotanSHA256.cpp | 45 + SoftHSMv2/src/lib/crypto/BotanSHA256.h | 48 + SoftHSMv2/src/lib/crypto/BotanSHA384.cpp | 45 + SoftHSMv2/src/lib/crypto/BotanSHA384.h | 48 + SoftHSMv2/src/lib/crypto/BotanSHA512.cpp | 45 + SoftHSMv2/src/lib/crypto/BotanSHA512.h | 48 + .../src/lib/crypto/BotanSymmetricAlgorithm.cpp | 593 + SoftHSMv2/src/lib/crypto/BotanSymmetricAlgorithm.h | 83 + SoftHSMv2/src/lib/crypto/BotanUtil.cpp | 146 + SoftHSMv2/src/lib/crypto/BotanUtil.h | 68 + SoftHSMv2/src/lib/crypto/Botan_ecb.cpp | 153 + SoftHSMv2/src/lib/crypto/Botan_ecb.h | 107 + SoftHSMv2/src/lib/crypto/Botan_rounding.h | 68 + SoftHSMv2/src/lib/crypto/CryptoFactory.cpp | 102 + SoftHSMv2/src/lib/crypto/CryptoFactory.h | 97 + SoftHSMv2/src/lib/crypto/DESKey.cpp | 115 + SoftHSMv2/src/lib/crypto/DESKey.h | 55 + SoftHSMv2/src/lib/crypto/DHParameters.cpp | 111 + SoftHSMv2/src/lib/crypto/DHParameters.h | 81 + SoftHSMv2/src/lib/crypto/DHPrivateKey.cpp | 120 + SoftHSMv2/src/lib/crypto/DHPrivateKey.h | 81 + SoftHSMv2/src/lib/crypto/DHPublicKey.cpp | 118 + SoftHSMv2/src/lib/crypto/DHPublicKey.h | 74 + SoftHSMv2/src/lib/crypto/DSAParameters.cpp | 108 + SoftHSMv2/src/lib/crypto/DSAParameters.h | 78 + SoftHSMv2/src/lib/crypto/DSAPrivateKey.cpp | 134 + SoftHSMv2/src/lib/crypto/DSAPrivateKey.h | 83 + SoftHSMv2/src/lib/crypto/DSAPublicKey.cpp | 132 + SoftHSMv2/src/lib/crypto/DSAPublicKey.h | 76 + SoftHSMv2/src/lib/crypto/ECParameters.cpp | 78 + SoftHSMv2/src/lib/crypto/ECParameters.h | 64 + SoftHSMv2/src/lib/crypto/ECPrivateKey.cpp | 106 + SoftHSMv2/src/lib/crypto/ECPrivateKey.h | 82 + SoftHSMv2/src/lib/crypto/ECPublicKey.cpp | 104 + SoftHSMv2/src/lib/crypto/ECPublicKey.h | 75 + SoftHSMv2/src/lib/crypto/GOSTPrivateKey.cpp | 75 + SoftHSMv2/src/lib/crypto/GOSTPrivateKey.h | 79 + SoftHSMv2/src/lib/crypto/GOSTPublicKey.cpp | 75 + SoftHSMv2/src/lib/crypto/GOSTPublicKey.h | 72 + SoftHSMv2/src/lib/crypto/HashAlgorithm.cpp | 76 + SoftHSMv2/src/lib/crypto/HashAlgorithm.h | 80 + SoftHSMv2/src/lib/crypto/MacAlgorithm.cpp | 128 + SoftHSMv2/src/lib/crypto/MacAlgorithm.h | 101 + SoftHSMv2/src/lib/crypto/Makefile.am | 126 + SoftHSMv2/src/lib/crypto/OSSLAES.cpp | 275 + SoftHSMv2/src/lib/crypto/OSSLAES.h | 64 + SoftHSMv2/src/lib/crypto/OSSLCMAC.cpp | 84 + SoftHSMv2/src/lib/crypto/OSSLCMAC.h | 55 + SoftHSMv2/src/lib/crypto/OSSLComp.cpp | 415 + SoftHSMv2/src/lib/crypto/OSSLComp.h | 98 + SoftHSMv2/src/lib/crypto/OSSLCryptoFactory.cpp | 388 + SoftHSMv2/src/lib/crypto/OSSLCryptoFactory.h | 116 + SoftHSMv2/src/lib/crypto/OSSLDES.cpp | 165 + SoftHSMv2/src/lib/crypto/OSSLDES.h | 64 + SoftHSMv2/src/lib/crypto/OSSLDH.cpp | 430 + SoftHSMv2/src/lib/crypto/OSSLDH.h | 80 + SoftHSMv2/src/lib/crypto/OSSLDHKeyPair.cpp | 70 + SoftHSMv2/src/lib/crypto/OSSLDHKeyPair.h | 67 + SoftHSMv2/src/lib/crypto/OSSLDHPrivateKey.cpp | 239 + SoftHSMv2/src/lib/crypto/OSSLDHPrivateKey.h | 85 + SoftHSMv2/src/lib/crypto/OSSLDHPublicKey.cpp | 175 + SoftHSMv2/src/lib/crypto/OSSLDHPublicKey.h | 77 + SoftHSMv2/src/lib/crypto/OSSLDSA.cpp | 695 ++ SoftHSMv2/src/lib/crypto/OSSLDSA.h | 86 + SoftHSMv2/src/lib/crypto/OSSLDSAKeyPair.cpp | 70 + SoftHSMv2/src/lib/crypto/OSSLDSAKeyPair.h | 67 + SoftHSMv2/src/lib/crypto/OSSLDSAPrivateKey.cpp | 256 + SoftHSMv2/src/lib/crypto/OSSLDSAPrivateKey.h | 86 + SoftHSMv2/src/lib/crypto/OSSLDSAPublicKey.cpp | 193 + SoftHSMv2/src/lib/crypto/OSSLDSAPublicKey.h | 78 + SoftHSMv2/src/lib/crypto/OSSLECDH.cpp | 375 + SoftHSMv2/src/lib/crypto/OSSLECDH.h | 79 + SoftHSMv2/src/lib/crypto/OSSLECDSA.cpp | 457 + SoftHSMv2/src/lib/crypto/OSSLECDSA.h | 80 + SoftHSMv2/src/lib/crypto/OSSLECKeyPair.cpp | 71 + SoftHSMv2/src/lib/crypto/OSSLECKeyPair.h | 67 + SoftHSMv2/src/lib/crypto/OSSLECPrivateKey.cpp | 187 + SoftHSMv2/src/lib/crypto/OSSLECPrivateKey.h | 85 + SoftHSMv2/src/lib/crypto/OSSLECPublicKey.cpp | 131 + SoftHSMv2/src/lib/crypto/OSSLECPublicKey.h | 76 + SoftHSMv2/src/lib/crypto/OSSLEVPCMacAlgorithm.cpp | 244 + SoftHSMv2/src/lib/crypto/OSSLEVPCMacAlgorithm.h | 77 + SoftHSMv2/src/lib/crypto/OSSLEVPHashAlgorithm.cpp | 133 + SoftHSMv2/src/lib/crypto/OSSLEVPHashAlgorithm.h | 66 + SoftHSMv2/src/lib/crypto/OSSLEVPMacAlgorithm.cpp | 220 + SoftHSMv2/src/lib/crypto/OSSLEVPMacAlgorithm.h | 77 + .../src/lib/crypto/OSSLEVPSymmetricAlgorithm.cpp | 575 + .../src/lib/crypto/OSSLEVPSymmetricAlgorithm.h | 81 + SoftHSMv2/src/lib/crypto/OSSLGOST.cpp | 658 ++ SoftHSMv2/src/lib/crypto/OSSLGOST.h | 85 + SoftHSMv2/src/lib/crypto/OSSLGOSTKeyPair.cpp | 71 + SoftHSMv2/src/lib/crypto/OSSLGOSTKeyPair.h | 67 + SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp | 184 + SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.h | 88 + SoftHSMv2/src/lib/crypto/OSSLGOSTPublicKey.cpp | 162 + SoftHSMv2/src/lib/crypto/OSSLGOSTPublicKey.h | 80 + SoftHSMv2/src/lib/crypto/OSSLGOSTR3411.cpp | 48 + SoftHSMv2/src/lib/crypto/OSSLGOSTR3411.h | 48 + SoftHSMv2/src/lib/crypto/OSSLHMAC.cpp | 109 + SoftHSMv2/src/lib/crypto/OSSLHMAC.h | 92 + SoftHSMv2/src/lib/crypto/OSSLMD5.cpp | 46 + SoftHSMv2/src/lib/crypto/OSSLMD5.h | 48 + SoftHSMv2/src/lib/crypto/OSSLRNG.cpp | 52 + SoftHSMv2/src/lib/crypto/OSSLRNG.h | 53 + SoftHSMv2/src/lib/crypto/OSSLRSA.cpp | 1554 +++ SoftHSMv2/src/lib/crypto/OSSLRSA.h | 87 + SoftHSMv2/src/lib/crypto/OSSLRSAKeyPair.cpp | 70 + SoftHSMv2/src/lib/crypto/OSSLRSAKeyPair.h | 67 + SoftHSMv2/src/lib/crypto/OSSLRSAPrivateKey.cpp | 320 + SoftHSMv2/src/lib/crypto/OSSLRSAPrivateKey.h | 90 + SoftHSMv2/src/lib/crypto/OSSLRSAPublicKey.cpp | 155 + SoftHSMv2/src/lib/crypto/OSSLRSAPublicKey.h | 76 + SoftHSMv2/src/lib/crypto/OSSLSHA1.cpp | 46 + SoftHSMv2/src/lib/crypto/OSSLSHA1.h | 48 + SoftHSMv2/src/lib/crypto/OSSLSHA224.cpp | 46 + SoftHSMv2/src/lib/crypto/OSSLSHA224.h | 48 + SoftHSMv2/src/lib/crypto/OSSLSHA256.cpp | 46 + SoftHSMv2/src/lib/crypto/OSSLSHA256.h | 48 + SoftHSMv2/src/lib/crypto/OSSLSHA384.cpp | 46 + SoftHSMv2/src/lib/crypto/OSSLSHA384.h | 48 + SoftHSMv2/src/lib/crypto/OSSLSHA512.cpp | 46 + SoftHSMv2/src/lib/crypto/OSSLSHA512.h | 48 + SoftHSMv2/src/lib/crypto/OSSLUtil.cpp | 199 + SoftHSMv2/src/lib/crypto/OSSLUtil.h | 67 + SoftHSMv2/src/lib/crypto/PrivateKey.h | 72 + SoftHSMv2/src/lib/crypto/PublicKey.h | 65 + SoftHSMv2/src/lib/crypto/RNG.h | 67 + SoftHSMv2/src/lib/crypto/RSAParameters.cpp | 94 + SoftHSMv2/src/lib/crypto/RSAParameters.h | 74 + SoftHSMv2/src/lib/crypto/RSAPrivateKey.cpp | 186 + SoftHSMv2/src/lib/crypto/RSAPrivateKey.h | 91 + SoftHSMv2/src/lib/crypto/RSAPublicKey.cpp | 105 + SoftHSMv2/src/lib/crypto/RSAPublicKey.h | 72 + SoftHSMv2/src/lib/crypto/SymmetricAlgorithm.cpp | 229 + SoftHSMv2/src/lib/crypto/SymmetricAlgorithm.h | 148 + SoftHSMv2/src/lib/crypto/SymmetricKey.cpp | 109 + SoftHSMv2/src/lib/crypto/SymmetricKey.h | 78 + SoftHSMv2/src/lib/crypto/odd.h | 72 + SoftHSMv2/src/lib/crypto/test/AESTests.cpp | 1182 ++ SoftHSMv2/src/lib/crypto/test/AESTests.h | 78 + SoftHSMv2/src/lib/crypto/test/DESTests.cpp | 1164 ++ SoftHSMv2/src/lib/crypto/test/DESTests.h | 65 + SoftHSMv2/src/lib/crypto/test/DHTests.cpp | 245 + SoftHSMv2/src/lib/crypto/test/DHTests.h | 65 + SoftHSMv2/src/lib/crypto/test/DSATests.cpp | 338 + SoftHSMv2/src/lib/crypto/test/DSATests.h | 65 + SoftHSMv2/src/lib/crypto/test/ECDHTests.cpp | 268 + SoftHSMv2/src/lib/crypto/test/ECDHTests.h | 65 + SoftHSMv2/src/lib/crypto/test/ECDSATests.cpp | 301 + SoftHSMv2/src/lib/crypto/test/ECDSATests.h | 65 + SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp | 304 + SoftHSMv2/src/lib/crypto/test/GOSTTests.h | 76 + SoftHSMv2/src/lib/crypto/test/HashTests.cpp | 269 + SoftHSMv2/src/lib/crypto/test/HashTests.h | 73 + SoftHSMv2/src/lib/crypto/test/MacTests.cpp | 687 ++ SoftHSMv2/src/lib/crypto/test/MacTests.h | 83 + SoftHSMv2/src/lib/crypto/test/Makefile.am | 39 + SoftHSMv2/src/lib/crypto/test/RNGTests.cpp | 85 + SoftHSMv2/src/lib/crypto/test/RNGTests.h | 59 + SoftHSMv2/src/lib/crypto/test/RSATests.cpp | 682 ++ SoftHSMv2/src/lib/crypto/test/RSATests.h | 67 + SoftHSMv2/src/lib/crypto/test/chisq.c | 144 + SoftHSMv2/src/lib/crypto/test/cryptotest.cpp | 91 + SoftHSMv2/src/lib/crypto/test/ent.c | 110 + SoftHSMv2/src/lib/crypto/test/ent.h | 56 + SoftHSMv2/src/lib/crypto/test/iso8859.c | 25 + SoftHSMv2/src/lib/crypto/test/iso8859.h | 23 + SoftHSMv2/src/lib/crypto/test/randtest.c | 190 + SoftHSMv2/src/lib/crypto/test/randtest.h | 13 + SoftHSMv2/src/lib/data_mgr/ByteString.cpp | 365 + SoftHSMv2/src/lib/data_mgr/ByteString.h | 131 + SoftHSMv2/src/lib/data_mgr/Makefile.am | 17 + SoftHSMv2/src/lib/data_mgr/RFC4880.cpp | 110 + SoftHSMv2/src/lib/data_mgr/RFC4880.h | 54 + SoftHSMv2/src/lib/data_mgr/SecureAllocator.h | 203 + SoftHSMv2/src/lib/data_mgr/SecureDataManager.cpp | 537 + SoftHSMv2/src/lib/data_mgr/SecureDataManager.h | 154 + .../src/lib/data_mgr/SecureMemoryRegistry.cpp | 142 + SoftHSMv2/src/lib/data_mgr/SecureMemoryRegistry.h | 73 + SoftHSMv2/src/lib/data_mgr/salloc.cpp | 126 + SoftHSMv2/src/lib/data_mgr/salloc.h | 56 + .../src/lib/data_mgr/test/ByteStringTests.cpp | 356 + SoftHSMv2/src/lib/data_mgr/test/ByteStringTests.h | 71 + SoftHSMv2/src/lib/data_mgr/test/Makefile.am | 27 + SoftHSMv2/src/lib/data_mgr/test/RFC4880Tests.cpp | 116 + SoftHSMv2/src/lib/data_mgr/test/RFC4880Tests.h | 56 + .../src/lib/data_mgr/test/SecureDataMgrTests.cpp | 207 + .../src/lib/data_mgr/test/SecureDataMgrTests.h | 56 + SoftHSMv2/src/lib/data_mgr/test/datamgrtest.cpp | 91 + SoftHSMv2/src/lib/handle_mgr/Handle.cpp | 50 + SoftHSMv2/src/lib/handle_mgr/Handle.h | 62 + SoftHSMv2/src/lib/handle_mgr/HandleManager.cpp | 239 + SoftHSMv2/src/lib/handle_mgr/HandleManager.h | 94 + SoftHSMv2/src/lib/handle_mgr/Makefile.am | 17 + .../src/lib/handle_mgr/test/HandleManagerTests.cpp | 178 + .../src/lib/handle_mgr/test/HandleManagerTests.h | 58 + SoftHSMv2/src/lib/handle_mgr/test/Makefile.am | 26 + .../src/lib/handle_mgr/test/handlemgrtest.cpp | 65 + SoftHSMv2/src/lib/main.cpp | 1187 ++ SoftHSMv2/src/lib/object_store/DB.cpp | 926 ++ SoftHSMv2/src/lib/object_store/DB.h | 188 + SoftHSMv2/src/lib/object_store/DBObject.cpp | 1493 +++ SoftHSMv2/src/lib/object_store/DBObject.h | 142 + SoftHSMv2/src/lib/object_store/DBToken.cpp | 874 ++ SoftHSMv2/src/lib/object_store/DBToken.h | 135 + SoftHSMv2/src/lib/object_store/Directory.cpp | 278 + SoftHSMv2/src/lib/object_store/Directory.h | 89 + SoftHSMv2/src/lib/object_store/File.cpp | 765 ++ SoftHSMv2/src/lib/object_store/File.h | 136 + SoftHSMv2/src/lib/object_store/FindOperation.cpp | 80 + SoftHSMv2/src/lib/object_store/FindOperation.h | 67 + SoftHSMv2/src/lib/object_store/Generation.cpp | 261 + SoftHSMv2/src/lib/object_store/Generation.h | 92 + SoftHSMv2/src/lib/object_store/Makefile.am | 34 + SoftHSMv2/src/lib/object_store/OSAttribute.cpp | 187 + SoftHSMv2/src/lib/object_store/OSAttribute.h | 103 + SoftHSMv2/src/lib/object_store/OSAttributes.h | 50 + SoftHSMv2/src/lib/object_store/OSObject.h | 95 + SoftHSMv2/src/lib/object_store/OSPathSep.h | 45 + SoftHSMv2/src/lib/object_store/OSToken.cpp | 722 ++ SoftHSMv2/src/lib/object_store/OSToken.h | 160 + SoftHSMv2/src/lib/object_store/ObjectFile.cpp | 870 ++ SoftHSMv2/src/lib/object_store/ObjectFile.h | 154 + SoftHSMv2/src/lib/object_store/ObjectStore.cpp | 187 + SoftHSMv2/src/lib/object_store/ObjectStore.h | 88 + .../src/lib/object_store/ObjectStoreToken.cpp | 84 + SoftHSMv2/src/lib/object_store/ObjectStoreToken.h | 106 + SoftHSMv2/src/lib/object_store/SessionObject.cpp | 334 + SoftHSMv2/src/lib/object_store/SessionObject.h | 132 + .../src/lib/object_store/SessionObjectStore.cpp | 212 + .../src/lib/object_store/SessionObjectStore.h | 100 + SoftHSMv2/src/lib/object_store/UUID.cpp | 68 + SoftHSMv2/src/lib/object_store/UUID.h | 48 + .../lib/object_store/test/DBObjectStoreTests.cpp | 159 + .../src/lib/object_store/test/DBObjectStoreTests.h | 79 + .../src/lib/object_store/test/DBObjectTests.cpp | 816 ++ .../src/lib/object_store/test/DBObjectTests.h | 93 + SoftHSMv2/src/lib/object_store/test/DBTests.cpp | 648 ++ SoftHSMv2/src/lib/object_store/test/DBTests.h | 134 + .../src/lib/object_store/test/DBTokenTests.cpp | 491 + SoftHSMv2/src/lib/object_store/test/DBTokenTests.h | 66 + .../src/lib/object_store/test/DirectoryTests.cpp | 227 + .../src/lib/object_store/test/DirectoryTests.h | 54 + SoftHSMv2/src/lib/object_store/test/FileTests.cpp | 340 + SoftHSMv2/src/lib/object_store/test/FileTests.h | 63 + SoftHSMv2/src/lib/object_store/test/Makefile.am | 39 + .../src/lib/object_store/test/OSTokenTests.cpp | 504 + SoftHSMv2/src/lib/object_store/test/OSTokenTests.h | 60 + .../src/lib/object_store/test/ObjectFileTests.cpp | 911 ++ .../src/lib/object_store/test/ObjectFileTests.h | 72 + .../src/lib/object_store/test/ObjectStoreTests.cpp | 278 + .../src/lib/object_store/test/ObjectStoreTests.h | 58 + .../object_store/test/SessionObjectStoreTests.cpp | 319 + .../object_store/test/SessionObjectStoreTests.h | 56 + .../lib/object_store/test/SessionObjectTests.cpp | 436 + .../src/lib/object_store/test/SessionObjectTests.h | 68 + SoftHSMv2/src/lib/object_store/test/UUIDTests.cpp | 61 + SoftHSMv2/src/lib/object_store/test/UUIDTests.h | 54 + .../src/lib/object_store/test/objstoretest.cpp | 91 + SoftHSMv2/src/lib/pkcs11/cryptoki.h | 94 + SoftHSMv2/src/lib/pkcs11/pkcs11.h | 265 + SoftHSMv2/src/lib/pkcs11/pkcs11f.h | 939 ++ SoftHSMv2/src/lib/pkcs11/pkcs11t.h | 2003 ++++ SoftHSMv2/src/lib/session_mgr/Makefile.am | 17 + SoftHSMv2/src/lib/session_mgr/Session.cpp | 454 + SoftHSMv2/src/lib/session_mgr/Session.h | 175 + SoftHSMv2/src/lib/session_mgr/SessionManager.cpp | 246 + SoftHSMv2/src/lib/session_mgr/SessionManager.h | 66 + SoftHSMv2/src/lib/session_mgr/test/Makefile.am | 26 + .../lib/session_mgr/test/SessionManagerTests.cpp | 260 + .../src/lib/session_mgr/test/SessionManagerTests.h | 53 + .../src/lib/session_mgr/test/sessionmgrtest.cpp | 111 + SoftHSMv2/src/lib/slot_mgr/Makefile.am | 18 + SoftHSMv2/src/lib/slot_mgr/Slot.cpp | 116 + SoftHSMv2/src/lib/slot_mgr/Slot.h | 81 + SoftHSMv2/src/lib/slot_mgr/SlotManager.cpp | 179 + SoftHSMv2/src/lib/slot_mgr/SlotManager.h | 71 + SoftHSMv2/src/lib/slot_mgr/Token.cpp | 573 + SoftHSMv2/src/lib/slot_mgr/Token.h | 112 + SoftHSMv2/src/lib/slot_mgr/test/Makefile.am | 25 + .../src/lib/slot_mgr/test/SlotManagerTests.cpp | 485 + SoftHSMv2/src/lib/slot_mgr/test/SlotManagerTests.h | 60 + SoftHSMv2/src/lib/slot_mgr/test/slotmgrtest.cpp | 91 + SoftHSMv2/src/lib/test/AsymEncryptDecryptTests.cpp | 206 + SoftHSMv2/src/lib/test/AsymEncryptDecryptTests.h | 55 + SoftHSMv2/src/lib/test/AsymWrapUnwrapTests.cpp | 228 + SoftHSMv2/src/lib/test/AsymWrapUnwrapTests.h | 55 + SoftHSMv2/src/lib/test/DeriveTests.cpp | 737 ++ SoftHSMv2/src/lib/test/DeriveTests.h | 73 + SoftHSMv2/src/lib/test/DigestTests.cpp | 326 + SoftHSMv2/src/lib/test/DigestTests.h | 60 + SoftHSMv2/src/lib/test/InfoTests.cpp | 320 + SoftHSMv2/src/lib/test/InfoTests.h | 65 + SoftHSMv2/src/lib/test/InitTests.cpp | 247 + SoftHSMv2/src/lib/test/InitTests.h | 65 + SoftHSMv2/src/lib/test/Makefile.am | 40 + SoftHSMv2/src/lib/test/ObjectTests.cpp | 2393 ++++ SoftHSMv2/src/lib/test/ObjectTests.h | 194 + SoftHSMv2/src/lib/test/README | 17 + SoftHSMv2/src/lib/test/RandomTests.cpp | 94 + SoftHSMv2/src/lib/test/RandomTests.h | 51 + SoftHSMv2/src/lib/test/SessionTests.cpp | 176 + SoftHSMv2/src/lib/test/SessionTests.h | 57 + SoftHSMv2/src/lib/test/SignVerifyTests.cpp | 830 ++ SoftHSMv2/src/lib/test/SignVerifyTests.h | 73 + SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.cpp | 998 ++ SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.h | 80 + SoftHSMv2/src/lib/test/TestsBase.cpp | 49 + SoftHSMv2/src/lib/test/TestsBase.h | 44 + SoftHSMv2/src/lib/test/TestsNoPINInitBase.cpp | 160 + SoftHSMv2/src/lib/test/TestsNoPINInitBase.h | 78 + SoftHSMv2/src/lib/test/TokenTests.cpp | 98 + SoftHSMv2/src/lib/test/TokenTests.h | 50 + SoftHSMv2/src/lib/test/UserTests.cpp | 270 + SoftHSMv2/src/lib/test/UserTests.h | 56 + SoftHSMv2/src/lib/test/p11test.cpp | 92 + SoftHSMv2/src/lib/test/softhsm2-alt.conf.in | 6 + SoftHSMv2/src/lib/test/softhsm2-alt.conf.win32 | 6 + SoftHSMv2/src/lib/test/softhsm2.conf.in | 6 + SoftHSMv2/src/lib/test/softhsm2.conf.win32 | 6 + SoftHSMv2/src/lib/test/tokens/dummy.in | 0 SoftHSMv2/src/lib/win32/dllmain.cc | 18 + SoftHSMv2/src/lib/win32/setenv.cpp | 20 + SoftHSMv2/src/lib/win32/setenv.h | 12 + SoftHSMv2/src/lib/win32/syslog.cpp | 69 + SoftHSMv2/src/lib/win32/syslog.h | 46 + SoftHSMv2/testing/appveyor/APPVEYOR-NOTES.MD | 27 + SoftHSMv2/testing/appveyor/appveyor_build.bat | 51 + .../appveyor/appveyor_download_requirements.ps1 | 80 + SoftHSMv2/testing/build-botan.sh | 85 + SoftHSMv2/testing/build-softhsm2.sh | 110 + SoftHSMv2/testing/lib.sh | 2232 ++++ SoftHSMv2/testing/travis/travis.sh | 35 + SoftHSMv2/win32/.gitignore | 35 + SoftHSMv2/win32/Configure.py | 1167 ++ SoftHSMv2/win32/config.h.in | 185 + .../win32/convarch/convarch.vcxproj.filters.in | 928 ++ SoftHSMv2/win32/convarch/convarch.vcxproj.in | 374 + SoftHSMv2/win32/convarch/convarch.vcxproj.user | 3 + .../win32/cryptotest/cryptotest.vcxproj.filters | 123 + SoftHSMv2/win32/cryptotest/cryptotest.vcxproj.in | 127 + SoftHSMv2/win32/cryptotest/cryptotest.vcxproj.user | 3 + .../win32/datamgrtest/datamgrtest.vcxproj.filters | 54 + SoftHSMv2/win32/datamgrtest/datamgrtest.vcxproj.in | 104 + .../win32/datamgrtest/datamgrtest.vcxproj.user | 3 + SoftHSMv2/win32/dump/dump.vcxproj.filters | 33 + SoftHSMv2/win32/dump/dump.vcxproj.in | 95 + SoftHSMv2/win32/dump/dump.vcxproj.user | 3 + .../handlemgrtest/handlemgrtest.vcxproj.filters | 42 + .../win32/handlemgrtest/handlemgrtest.vcxproj.in | 100 + .../win32/handlemgrtest/handlemgrtest.vcxproj.user | 3 + SoftHSMv2/win32/keyconv/keyconv.vcxproj.filters.in | 88 + SoftHSMv2/win32/keyconv/keyconv.vcxproj.in | 116 + SoftHSMv2/win32/keyconv/keyconv.vcxproj.user | 3 + .../objstoretest/objstoretest.vcxproj.filters | 84 + .../win32/objstoretest/objstoretest.vcxproj.in | 114 + .../win32/objstoretest/objstoretest.vcxproj.user | 3 + SoftHSMv2/win32/p11test/p11test.vcxproj.filters | 181 + SoftHSMv2/win32/p11test/p11test.vcxproj.in | 159 + SoftHSMv2/win32/p11test/p11test.vcxproj.user | 3 + .../sessionmgrtest/sessionmgrtest.vcxproj.filters | 42 + .../win32/sessionmgrtest/sessionmgrtest.vcxproj.in | 100 + .../sessionmgrtest/sessionmgrtest.vcxproj.user | 3 + .../win32/slotmgrtest/slotmgrtest.vcxproj.filters | 42 + SoftHSMv2/win32/slotmgrtest/slotmgrtest.vcxproj.in | 100 + .../win32/slotmgrtest/slotmgrtest.vcxproj.user | 3 + SoftHSMv2/win32/softhsm2.sln.in | 117 + SoftHSMv2/win32/softhsm2/softhsm2.vcxproj.filters | 63 + SoftHSMv2/win32/softhsm2/softhsm2.vcxproj.in | 107 + SoftHSMv2/win32/softhsm2/softhsm2.vcxproj.user | 3 + SoftHSMv2/win32/util/util.vcxproj.filters.in | 108 + SoftHSMv2/win32/util/util.vcxproj.in | 130 + SoftHSMv2/win32/util/util.vcxproj.user | 3 + TPM2-Plugin/README | 5 + 559 files changed, 112872 insertions(+) create mode 100644 .gitreview create mode 100644 Adapter/README create mode 100644 README.md create mode 100644 SoftHSMv2/.appveyor.yml create mode 100644 SoftHSMv2/.gitignore create mode 100644 SoftHSMv2/.travis.yml create mode 100644 SoftHSMv2/FIPS-NOTES.md create mode 100644 SoftHSMv2/LICENSE create mode 100644 SoftHSMv2/Makefile.am create mode 100644 SoftHSMv2/NEWS create mode 100644 SoftHSMv2/OSX-NOTES.md create mode 100644 SoftHSMv2/README.md create mode 100644 SoftHSMv2/WIN32-NOTES.md create mode 100644 SoftHSMv2/aes_wrap_key_with_pad/README create mode 100644 SoftHSMv2/aes_wrap_key_with_pad/botan-diff create mode 100644 SoftHSMv2/autogen.sh create mode 100644 SoftHSMv2/configure.ac create mode 100644 SoftHSMv2/m4/acx_64bit.m4 create mode 100644 SoftHSMv2/m4/acx_botan.m4 create mode 100644 SoftHSMv2/m4/acx_botan_aes_gcm.m4 create mode 100644 SoftHSMv2/m4/acx_botan_ecc.m4 create mode 100644 SoftHSMv2/m4/acx_botan_gnump.m4 create mode 100644 SoftHSMv2/m4/acx_botan_gost.m4 create mode 100644 SoftHSMv2/m4/acx_botan_rawpss.m4 create mode 100644 SoftHSMv2/m4/acx_botan_rfc5649.m4 create mode 100644 SoftHSMv2/m4/acx_cppunit.m4 create mode 100644 SoftHSMv2/m4/acx_crypto_backend.m4 create mode 100644 SoftHSMv2/m4/acx_dlopen.m4 create mode 100644 SoftHSMv2/m4/acx_non_paged_memory.m4 create mode 100644 SoftHSMv2/m4/acx_openssl.m4 create mode 100644 SoftHSMv2/m4/acx_openssl_ecc.m4 create mode 100644 SoftHSMv2/m4/acx_openssl_fips.m4 create mode 100644 SoftHSMv2/m4/acx_openssl_gost.m4 create mode 100644 SoftHSMv2/m4/acx_openssl_rfc5649.m4 create mode 100644 SoftHSMv2/m4/acx_p11kit.m4 create mode 100644 SoftHSMv2/m4/acx_pedantic.m4 create mode 100644 SoftHSMv2/m4/acx_prefixhack.m4 create mode 100644 SoftHSMv2/m4/acx_sqlite3.m4 create mode 100644 SoftHSMv2/m4/acx_strict.m4 create mode 100644 SoftHSMv2/m4/acx_visibility.m4 create mode 100644 SoftHSMv2/m4/acx_yield.m4 create mode 100644 SoftHSMv2/m4/ax_cxx_compile_stdcxx_11.m4 create mode 100644 SoftHSMv2/prepdist.sh create mode 100644 SoftHSMv2/softhsm2.module.in create mode 100644 SoftHSMv2/src/Makefile.am create mode 100644 SoftHSMv2/src/bin/Makefile.am create mode 100644 SoftHSMv2/src/bin/common/Makefile.am create mode 100644 SoftHSMv2/src/bin/common/findslot.cpp create mode 100644 SoftHSMv2/src/bin/common/findslot.h create mode 100644 SoftHSMv2/src/bin/common/getpw.cpp create mode 100644 SoftHSMv2/src/bin/common/getpw.h create mode 100644 SoftHSMv2/src/bin/common/library.cpp create mode 100644 SoftHSMv2/src/bin/common/library.h create mode 100644 SoftHSMv2/src/bin/dump/Makefile.am create mode 100644 SoftHSMv2/src/bin/dump/common.h create mode 100644 SoftHSMv2/src/bin/dump/softhsm2-dump-db.1 create mode 100644 SoftHSMv2/src/bin/dump/softhsm2-dump-db.cpp create mode 100644 SoftHSMv2/src/bin/dump/softhsm2-dump-file.1 create mode 100644 SoftHSMv2/src/bin/dump/softhsm2-dump-file.cpp create mode 100644 SoftHSMv2/src/bin/dump/tables.h create mode 100644 SoftHSMv2/src/bin/keyconv/Makefile.am create mode 100644 SoftHSMv2/src/bin/keyconv/base64.c create mode 100644 SoftHSMv2/src/bin/keyconv/softhsm2-keyconv-botan.cpp create mode 100644 SoftHSMv2/src/bin/keyconv/softhsm2-keyconv-ossl.cpp create mode 100644 SoftHSMv2/src/bin/keyconv/softhsm2-keyconv.1 create mode 100644 SoftHSMv2/src/bin/keyconv/softhsm2-keyconv.cpp create mode 100644 SoftHSMv2/src/bin/keyconv/softhsm2-keyconv.h create mode 100644 SoftHSMv2/src/bin/migrate/Makefile.am create mode 100644 SoftHSMv2/src/bin/migrate/softhsm2-migrate.1 create mode 100644 SoftHSMv2/src/bin/migrate/softhsm2-migrate.cpp create mode 100644 SoftHSMv2/src/bin/migrate/softhsm2-migrate.h create mode 100644 SoftHSMv2/src/bin/util/Makefile.am create mode 100644 SoftHSMv2/src/bin/util/softhsm2-util-botan.cpp create mode 100644 SoftHSMv2/src/bin/util/softhsm2-util-botan.h create mode 100644 SoftHSMv2/src/bin/util/softhsm2-util-ossl.cpp create mode 100644 SoftHSMv2/src/bin/util/softhsm2-util-ossl.h create mode 100644 SoftHSMv2/src/bin/util/softhsm2-util.1 create mode 100644 SoftHSMv2/src/bin/util/softhsm2-util.cpp create mode 100644 SoftHSMv2/src/bin/util/softhsm2-util.h create mode 100644 SoftHSMv2/src/bin/win32/getopt.cpp create mode 100644 SoftHSMv2/src/bin/win32/getopt.h create mode 100644 SoftHSMv2/src/bin/win32/getpassphase.cpp create mode 100644 SoftHSMv2/src/lib/Makefile.am create mode 100644 SoftHSMv2/src/lib/P11Attributes.cpp create mode 100644 SoftHSMv2/src/lib/P11Attributes.h create mode 100644 SoftHSMv2/src/lib/P11Objects.cpp create mode 100644 SoftHSMv2/src/lib/P11Objects.h create mode 100644 SoftHSMv2/src/lib/SoftHSM.cpp create mode 100644 SoftHSMv2/src/lib/SoftHSM.h create mode 100644 SoftHSMv2/src/lib/access.cpp create mode 100644 SoftHSMv2/src/lib/access.h create mode 100644 SoftHSMv2/src/lib/common/Configuration.cpp create mode 100644 SoftHSMv2/src/lib/common/Configuration.h create mode 100644 SoftHSMv2/src/lib/common/HandleFactory.h create mode 100644 SoftHSMv2/src/lib/common/Makefile.am create mode 100644 SoftHSMv2/src/lib/common/MutexFactory.cpp create mode 100644 SoftHSMv2/src/lib/common/MutexFactory.h create mode 100644 SoftHSMv2/src/lib/common/Serialisable.h create mode 100644 SoftHSMv2/src/lib/common/SimpleConfigLoader.cpp create mode 100644 SoftHSMv2/src/lib/common/SimpleConfigLoader.h create mode 100644 SoftHSMv2/src/lib/common/fatal.cpp create mode 100644 SoftHSMv2/src/lib/common/fatal.h create mode 100644 SoftHSMv2/src/lib/common/log.cpp create mode 100644 SoftHSMv2/src/lib/common/log.h create mode 100644 SoftHSMv2/src/lib/common/osmutex.cpp create mode 100644 SoftHSMv2/src/lib/common/osmutex.h create mode 100644 SoftHSMv2/src/lib/common/softhsm2.conf.5.in create mode 100644 SoftHSMv2/src/lib/common/softhsm2.conf.in create mode 100644 SoftHSMv2/src/lib/crypto/AESKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/AESKey.h create mode 100644 SoftHSMv2/src/lib/crypto/AsymmetricAlgorithm.cpp create mode 100644 SoftHSMv2/src/lib/crypto/AsymmetricAlgorithm.h create mode 100644 SoftHSMv2/src/lib/crypto/AsymmetricKeyPair.cpp create mode 100644 SoftHSMv2/src/lib/crypto/AsymmetricKeyPair.h create mode 100644 SoftHSMv2/src/lib/crypto/AsymmetricParameters.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanAES.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanAES.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanCryptoFactory.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanCryptoFactory.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanDES.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanDES.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanDH.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanDH.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanDHKeyPair.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanDHKeyPair.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanDHPrivateKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanDHPrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanDHPublicKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanDHPublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanDSA.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanDSA.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanDSAKeyPair.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanDSAKeyPair.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanDSAPrivateKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanDSAPrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanDSAPublicKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanDSAPublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanECDH.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanECDH.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanECDHKeyPair.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanECDHKeyPair.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanECDHPrivateKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanECDHPrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanECDHPublicKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanECDHPublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanECDSA.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanECDSA.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanECDSAKeyPair.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanECDSAKeyPair.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanECDSAPrivateKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanECDSAPrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanECDSAPublicKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanECDSAPublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanGOST.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanGOST.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanGOSTKeyPair.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanGOSTKeyPair.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanGOSTPublicKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanGOSTPublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanGOSTR3411.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanGOSTR3411.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanHashAlgorithm.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanHashAlgorithm.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanMAC.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanMAC.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanMD5.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanMD5.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanMacAlgorithm.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanMacAlgorithm.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanRNG.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanRNG.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanRSA.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanRSA.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanRSAKeyPair.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanRSAKeyPair.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanRSAPrivateKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanRSAPrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanRSAPublicKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanRSAPublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanSHA1.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanSHA1.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanSHA224.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanSHA224.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanSHA256.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanSHA256.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanSHA384.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanSHA384.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanSHA512.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanSHA512.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanSymmetricAlgorithm.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanSymmetricAlgorithm.h create mode 100644 SoftHSMv2/src/lib/crypto/BotanUtil.cpp create mode 100644 SoftHSMv2/src/lib/crypto/BotanUtil.h create mode 100644 SoftHSMv2/src/lib/crypto/Botan_ecb.cpp create mode 100644 SoftHSMv2/src/lib/crypto/Botan_ecb.h create mode 100644 SoftHSMv2/src/lib/crypto/Botan_rounding.h create mode 100644 SoftHSMv2/src/lib/crypto/CryptoFactory.cpp create mode 100644 SoftHSMv2/src/lib/crypto/CryptoFactory.h create mode 100644 SoftHSMv2/src/lib/crypto/DESKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/DESKey.h create mode 100644 SoftHSMv2/src/lib/crypto/DHParameters.cpp create mode 100644 SoftHSMv2/src/lib/crypto/DHParameters.h create mode 100644 SoftHSMv2/src/lib/crypto/DHPrivateKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/DHPrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/DHPublicKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/DHPublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/DSAParameters.cpp create mode 100644 SoftHSMv2/src/lib/crypto/DSAParameters.h create mode 100644 SoftHSMv2/src/lib/crypto/DSAPrivateKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/DSAPrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/DSAPublicKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/DSAPublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/ECParameters.cpp create mode 100644 SoftHSMv2/src/lib/crypto/ECParameters.h create mode 100644 SoftHSMv2/src/lib/crypto/ECPrivateKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/ECPrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/ECPublicKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/ECPublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/GOSTPrivateKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/GOSTPrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/GOSTPublicKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/GOSTPublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/HashAlgorithm.cpp create mode 100644 SoftHSMv2/src/lib/crypto/HashAlgorithm.h create mode 100644 SoftHSMv2/src/lib/crypto/MacAlgorithm.cpp create mode 100644 SoftHSMv2/src/lib/crypto/MacAlgorithm.h create mode 100644 SoftHSMv2/src/lib/crypto/Makefile.am create mode 100644 SoftHSMv2/src/lib/crypto/OSSLAES.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLAES.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLCMAC.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLCMAC.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLComp.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLComp.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLCryptoFactory.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLCryptoFactory.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDES.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDES.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDH.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDH.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDHKeyPair.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDHKeyPair.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDHPrivateKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDHPrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDHPublicKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDHPublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDSA.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDSA.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDSAKeyPair.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDSAKeyPair.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDSAPrivateKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDSAPrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDSAPublicKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLDSAPublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLECDH.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLECDH.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLECDSA.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLECDSA.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLECKeyPair.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLECKeyPair.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLECPrivateKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLECPrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLECPublicKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLECPublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLEVPCMacAlgorithm.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLEVPCMacAlgorithm.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLEVPHashAlgorithm.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLEVPHashAlgorithm.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLEVPMacAlgorithm.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLEVPMacAlgorithm.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLEVPSymmetricAlgorithm.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLEVPSymmetricAlgorithm.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLGOST.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLGOST.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLGOSTKeyPair.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLGOSTKeyPair.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLGOSTPublicKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLGOSTPublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLGOSTR3411.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLGOSTR3411.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLHMAC.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLHMAC.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLMD5.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLMD5.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLRNG.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLRNG.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLRSA.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLRSA.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLRSAKeyPair.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLRSAKeyPair.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLRSAPrivateKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLRSAPrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLRSAPublicKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLRSAPublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLSHA1.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLSHA1.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLSHA224.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLSHA224.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLSHA256.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLSHA256.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLSHA384.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLSHA384.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLSHA512.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLSHA512.h create mode 100644 SoftHSMv2/src/lib/crypto/OSSLUtil.cpp create mode 100644 SoftHSMv2/src/lib/crypto/OSSLUtil.h create mode 100644 SoftHSMv2/src/lib/crypto/PrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/PublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/RNG.h create mode 100644 SoftHSMv2/src/lib/crypto/RSAParameters.cpp create mode 100644 SoftHSMv2/src/lib/crypto/RSAParameters.h create mode 100644 SoftHSMv2/src/lib/crypto/RSAPrivateKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/RSAPrivateKey.h create mode 100644 SoftHSMv2/src/lib/crypto/RSAPublicKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/RSAPublicKey.h create mode 100644 SoftHSMv2/src/lib/crypto/SymmetricAlgorithm.cpp create mode 100644 SoftHSMv2/src/lib/crypto/SymmetricAlgorithm.h create mode 100644 SoftHSMv2/src/lib/crypto/SymmetricKey.cpp create mode 100644 SoftHSMv2/src/lib/crypto/SymmetricKey.h create mode 100644 SoftHSMv2/src/lib/crypto/odd.h create mode 100644 SoftHSMv2/src/lib/crypto/test/AESTests.cpp create mode 100644 SoftHSMv2/src/lib/crypto/test/AESTests.h create mode 100644 SoftHSMv2/src/lib/crypto/test/DESTests.cpp create mode 100644 SoftHSMv2/src/lib/crypto/test/DESTests.h create mode 100644 SoftHSMv2/src/lib/crypto/test/DHTests.cpp create mode 100644 SoftHSMv2/src/lib/crypto/test/DHTests.h create mode 100644 SoftHSMv2/src/lib/crypto/test/DSATests.cpp create mode 100644 SoftHSMv2/src/lib/crypto/test/DSATests.h create mode 100644 SoftHSMv2/src/lib/crypto/test/ECDHTests.cpp create mode 100644 SoftHSMv2/src/lib/crypto/test/ECDHTests.h create mode 100644 SoftHSMv2/src/lib/crypto/test/ECDSATests.cpp create mode 100644 SoftHSMv2/src/lib/crypto/test/ECDSATests.h create mode 100644 SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp create mode 100644 SoftHSMv2/src/lib/crypto/test/GOSTTests.h create mode 100644 SoftHSMv2/src/lib/crypto/test/HashTests.cpp create mode 100644 SoftHSMv2/src/lib/crypto/test/HashTests.h create mode 100644 SoftHSMv2/src/lib/crypto/test/MacTests.cpp create mode 100644 SoftHSMv2/src/lib/crypto/test/MacTests.h create mode 100644 SoftHSMv2/src/lib/crypto/test/Makefile.am create mode 100644 SoftHSMv2/src/lib/crypto/test/RNGTests.cpp create mode 100644 SoftHSMv2/src/lib/crypto/test/RNGTests.h create mode 100644 SoftHSMv2/src/lib/crypto/test/RSATests.cpp create mode 100644 SoftHSMv2/src/lib/crypto/test/RSATests.h create mode 100644 SoftHSMv2/src/lib/crypto/test/chisq.c create mode 100644 SoftHSMv2/src/lib/crypto/test/cryptotest.cpp create mode 100644 SoftHSMv2/src/lib/crypto/test/ent.c create mode 100644 SoftHSMv2/src/lib/crypto/test/ent.h create mode 100644 SoftHSMv2/src/lib/crypto/test/iso8859.c create mode 100644 SoftHSMv2/src/lib/crypto/test/iso8859.h create mode 100644 SoftHSMv2/src/lib/crypto/test/randtest.c create mode 100644 SoftHSMv2/src/lib/crypto/test/randtest.h create mode 100644 SoftHSMv2/src/lib/data_mgr/ByteString.cpp create mode 100644 SoftHSMv2/src/lib/data_mgr/ByteString.h create mode 100644 SoftHSMv2/src/lib/data_mgr/Makefile.am create mode 100644 SoftHSMv2/src/lib/data_mgr/RFC4880.cpp create mode 100644 SoftHSMv2/src/lib/data_mgr/RFC4880.h create mode 100644 SoftHSMv2/src/lib/data_mgr/SecureAllocator.h create mode 100644 SoftHSMv2/src/lib/data_mgr/SecureDataManager.cpp create mode 100644 SoftHSMv2/src/lib/data_mgr/SecureDataManager.h create mode 100644 SoftHSMv2/src/lib/data_mgr/SecureMemoryRegistry.cpp create mode 100644 SoftHSMv2/src/lib/data_mgr/SecureMemoryRegistry.h create mode 100644 SoftHSMv2/src/lib/data_mgr/salloc.cpp create mode 100644 SoftHSMv2/src/lib/data_mgr/salloc.h create mode 100644 SoftHSMv2/src/lib/data_mgr/test/ByteStringTests.cpp create mode 100644 SoftHSMv2/src/lib/data_mgr/test/ByteStringTests.h create mode 100644 SoftHSMv2/src/lib/data_mgr/test/Makefile.am create mode 100644 SoftHSMv2/src/lib/data_mgr/test/RFC4880Tests.cpp create mode 100644 SoftHSMv2/src/lib/data_mgr/test/RFC4880Tests.h create mode 100644 SoftHSMv2/src/lib/data_mgr/test/SecureDataMgrTests.cpp create mode 100644 SoftHSMv2/src/lib/data_mgr/test/SecureDataMgrTests.h create mode 100644 SoftHSMv2/src/lib/data_mgr/test/datamgrtest.cpp create mode 100644 SoftHSMv2/src/lib/handle_mgr/Handle.cpp create mode 100644 SoftHSMv2/src/lib/handle_mgr/Handle.h create mode 100644 SoftHSMv2/src/lib/handle_mgr/HandleManager.cpp create mode 100644 SoftHSMv2/src/lib/handle_mgr/HandleManager.h create mode 100644 SoftHSMv2/src/lib/handle_mgr/Makefile.am create mode 100644 SoftHSMv2/src/lib/handle_mgr/test/HandleManagerTests.cpp create mode 100644 SoftHSMv2/src/lib/handle_mgr/test/HandleManagerTests.h create mode 100644 SoftHSMv2/src/lib/handle_mgr/test/Makefile.am create mode 100644 SoftHSMv2/src/lib/handle_mgr/test/handlemgrtest.cpp create mode 100644 SoftHSMv2/src/lib/main.cpp create mode 100644 SoftHSMv2/src/lib/object_store/DB.cpp create mode 100644 SoftHSMv2/src/lib/object_store/DB.h create mode 100644 SoftHSMv2/src/lib/object_store/DBObject.cpp create mode 100644 SoftHSMv2/src/lib/object_store/DBObject.h create mode 100644 SoftHSMv2/src/lib/object_store/DBToken.cpp create mode 100644 SoftHSMv2/src/lib/object_store/DBToken.h create mode 100644 SoftHSMv2/src/lib/object_store/Directory.cpp create mode 100644 SoftHSMv2/src/lib/object_store/Directory.h create mode 100644 SoftHSMv2/src/lib/object_store/File.cpp create mode 100644 SoftHSMv2/src/lib/object_store/File.h create mode 100644 SoftHSMv2/src/lib/object_store/FindOperation.cpp create mode 100644 SoftHSMv2/src/lib/object_store/FindOperation.h create mode 100644 SoftHSMv2/src/lib/object_store/Generation.cpp create mode 100644 SoftHSMv2/src/lib/object_store/Generation.h create mode 100644 SoftHSMv2/src/lib/object_store/Makefile.am create mode 100644 SoftHSMv2/src/lib/object_store/OSAttribute.cpp create mode 100644 SoftHSMv2/src/lib/object_store/OSAttribute.h create mode 100644 SoftHSMv2/src/lib/object_store/OSAttributes.h create mode 100644 SoftHSMv2/src/lib/object_store/OSObject.h create mode 100644 SoftHSMv2/src/lib/object_store/OSPathSep.h create mode 100644 SoftHSMv2/src/lib/object_store/OSToken.cpp create mode 100644 SoftHSMv2/src/lib/object_store/OSToken.h create mode 100644 SoftHSMv2/src/lib/object_store/ObjectFile.cpp create mode 100644 SoftHSMv2/src/lib/object_store/ObjectFile.h create mode 100644 SoftHSMv2/src/lib/object_store/ObjectStore.cpp create mode 100644 SoftHSMv2/src/lib/object_store/ObjectStore.h create mode 100644 SoftHSMv2/src/lib/object_store/ObjectStoreToken.cpp create mode 100644 SoftHSMv2/src/lib/object_store/ObjectStoreToken.h create mode 100644 SoftHSMv2/src/lib/object_store/SessionObject.cpp create mode 100644 SoftHSMv2/src/lib/object_store/SessionObject.h create mode 100644 SoftHSMv2/src/lib/object_store/SessionObjectStore.cpp create mode 100644 SoftHSMv2/src/lib/object_store/SessionObjectStore.h create mode 100644 SoftHSMv2/src/lib/object_store/UUID.cpp create mode 100644 SoftHSMv2/src/lib/object_store/UUID.h create mode 100644 SoftHSMv2/src/lib/object_store/test/DBObjectStoreTests.cpp create mode 100644 SoftHSMv2/src/lib/object_store/test/DBObjectStoreTests.h create mode 100644 SoftHSMv2/src/lib/object_store/test/DBObjectTests.cpp create mode 100644 SoftHSMv2/src/lib/object_store/test/DBObjectTests.h create mode 100644 SoftHSMv2/src/lib/object_store/test/DBTests.cpp create mode 100644 SoftHSMv2/src/lib/object_store/test/DBTests.h create mode 100644 SoftHSMv2/src/lib/object_store/test/DBTokenTests.cpp create mode 100644 SoftHSMv2/src/lib/object_store/test/DBTokenTests.h create mode 100644 SoftHSMv2/src/lib/object_store/test/DirectoryTests.cpp create mode 100644 SoftHSMv2/src/lib/object_store/test/DirectoryTests.h create mode 100644 SoftHSMv2/src/lib/object_store/test/FileTests.cpp create mode 100644 SoftHSMv2/src/lib/object_store/test/FileTests.h create mode 100644 SoftHSMv2/src/lib/object_store/test/Makefile.am create mode 100644 SoftHSMv2/src/lib/object_store/test/OSTokenTests.cpp create mode 100644 SoftHSMv2/src/lib/object_store/test/OSTokenTests.h create mode 100644 SoftHSMv2/src/lib/object_store/test/ObjectFileTests.cpp create mode 100644 SoftHSMv2/src/lib/object_store/test/ObjectFileTests.h create mode 100644 SoftHSMv2/src/lib/object_store/test/ObjectStoreTests.cpp create mode 100644 SoftHSMv2/src/lib/object_store/test/ObjectStoreTests.h create mode 100644 SoftHSMv2/src/lib/object_store/test/SessionObjectStoreTests.cpp create mode 100644 SoftHSMv2/src/lib/object_store/test/SessionObjectStoreTests.h create mode 100644 SoftHSMv2/src/lib/object_store/test/SessionObjectTests.cpp create mode 100644 SoftHSMv2/src/lib/object_store/test/SessionObjectTests.h create mode 100644 SoftHSMv2/src/lib/object_store/test/UUIDTests.cpp create mode 100644 SoftHSMv2/src/lib/object_store/test/UUIDTests.h create mode 100644 SoftHSMv2/src/lib/object_store/test/objstoretest.cpp create mode 100644 SoftHSMv2/src/lib/pkcs11/cryptoki.h create mode 100644 SoftHSMv2/src/lib/pkcs11/pkcs11.h create mode 100644 SoftHSMv2/src/lib/pkcs11/pkcs11f.h create mode 100644 SoftHSMv2/src/lib/pkcs11/pkcs11t.h create mode 100644 SoftHSMv2/src/lib/session_mgr/Makefile.am create mode 100644 SoftHSMv2/src/lib/session_mgr/Session.cpp create mode 100644 SoftHSMv2/src/lib/session_mgr/Session.h create mode 100644 SoftHSMv2/src/lib/session_mgr/SessionManager.cpp create mode 100644 SoftHSMv2/src/lib/session_mgr/SessionManager.h create mode 100644 SoftHSMv2/src/lib/session_mgr/test/Makefile.am create mode 100644 SoftHSMv2/src/lib/session_mgr/test/SessionManagerTests.cpp create mode 100644 SoftHSMv2/src/lib/session_mgr/test/SessionManagerTests.h create mode 100644 SoftHSMv2/src/lib/session_mgr/test/sessionmgrtest.cpp create mode 100644 SoftHSMv2/src/lib/slot_mgr/Makefile.am create mode 100644 SoftHSMv2/src/lib/slot_mgr/Slot.cpp create mode 100644 SoftHSMv2/src/lib/slot_mgr/Slot.h create mode 100644 SoftHSMv2/src/lib/slot_mgr/SlotManager.cpp create mode 100644 SoftHSMv2/src/lib/slot_mgr/SlotManager.h create mode 100644 SoftHSMv2/src/lib/slot_mgr/Token.cpp create mode 100644 SoftHSMv2/src/lib/slot_mgr/Token.h create mode 100644 SoftHSMv2/src/lib/slot_mgr/test/Makefile.am create mode 100644 SoftHSMv2/src/lib/slot_mgr/test/SlotManagerTests.cpp create mode 100644 SoftHSMv2/src/lib/slot_mgr/test/SlotManagerTests.h create mode 100644 SoftHSMv2/src/lib/slot_mgr/test/slotmgrtest.cpp create mode 100644 SoftHSMv2/src/lib/test/AsymEncryptDecryptTests.cpp create mode 100644 SoftHSMv2/src/lib/test/AsymEncryptDecryptTests.h create mode 100644 SoftHSMv2/src/lib/test/AsymWrapUnwrapTests.cpp create mode 100644 SoftHSMv2/src/lib/test/AsymWrapUnwrapTests.h create mode 100644 SoftHSMv2/src/lib/test/DeriveTests.cpp create mode 100644 SoftHSMv2/src/lib/test/DeriveTests.h create mode 100644 SoftHSMv2/src/lib/test/DigestTests.cpp create mode 100644 SoftHSMv2/src/lib/test/DigestTests.h create mode 100644 SoftHSMv2/src/lib/test/InfoTests.cpp create mode 100644 SoftHSMv2/src/lib/test/InfoTests.h create mode 100644 SoftHSMv2/src/lib/test/InitTests.cpp create mode 100644 SoftHSMv2/src/lib/test/InitTests.h create mode 100644 SoftHSMv2/src/lib/test/Makefile.am create mode 100644 SoftHSMv2/src/lib/test/ObjectTests.cpp create mode 100644 SoftHSMv2/src/lib/test/ObjectTests.h create mode 100644 SoftHSMv2/src/lib/test/README create mode 100644 SoftHSMv2/src/lib/test/RandomTests.cpp create mode 100644 SoftHSMv2/src/lib/test/RandomTests.h create mode 100644 SoftHSMv2/src/lib/test/SessionTests.cpp create mode 100644 SoftHSMv2/src/lib/test/SessionTests.h create mode 100644 SoftHSMv2/src/lib/test/SignVerifyTests.cpp create mode 100644 SoftHSMv2/src/lib/test/SignVerifyTests.h create mode 100644 SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.cpp create mode 100644 SoftHSMv2/src/lib/test/SymmetricAlgorithmTests.h create mode 100644 SoftHSMv2/src/lib/test/TestsBase.cpp create mode 100644 SoftHSMv2/src/lib/test/TestsBase.h create mode 100644 SoftHSMv2/src/lib/test/TestsNoPINInitBase.cpp create mode 100644 SoftHSMv2/src/lib/test/TestsNoPINInitBase.h create mode 100644 SoftHSMv2/src/lib/test/TokenTests.cpp create mode 100644 SoftHSMv2/src/lib/test/TokenTests.h create mode 100644 SoftHSMv2/src/lib/test/UserTests.cpp create mode 100644 SoftHSMv2/src/lib/test/UserTests.h create mode 100644 SoftHSMv2/src/lib/test/p11test.cpp create mode 100644 SoftHSMv2/src/lib/test/softhsm2-alt.conf.in create mode 100644 SoftHSMv2/src/lib/test/softhsm2-alt.conf.win32 create mode 100644 SoftHSMv2/src/lib/test/softhsm2.conf.in create mode 100644 SoftHSMv2/src/lib/test/softhsm2.conf.win32 create mode 100644 SoftHSMv2/src/lib/test/tokens/dummy.in create mode 100644 SoftHSMv2/src/lib/win32/dllmain.cc create mode 100644 SoftHSMv2/src/lib/win32/setenv.cpp create mode 100644 SoftHSMv2/src/lib/win32/setenv.h create mode 100644 SoftHSMv2/src/lib/win32/syslog.cpp create mode 100644 SoftHSMv2/src/lib/win32/syslog.h create mode 100644 SoftHSMv2/testing/appveyor/APPVEYOR-NOTES.MD create mode 100644 SoftHSMv2/testing/appveyor/appveyor_build.bat create mode 100644 SoftHSMv2/testing/appveyor/appveyor_download_requirements.ps1 create mode 100644 SoftHSMv2/testing/build-botan.sh create mode 100644 SoftHSMv2/testing/build-softhsm2.sh create mode 100644 SoftHSMv2/testing/lib.sh create mode 100644 SoftHSMv2/testing/travis/travis.sh create mode 100644 SoftHSMv2/win32/.gitignore create mode 100644 SoftHSMv2/win32/Configure.py create mode 100644 SoftHSMv2/win32/config.h.in create mode 100644 SoftHSMv2/win32/convarch/convarch.vcxproj.filters.in create mode 100644 SoftHSMv2/win32/convarch/convarch.vcxproj.in create mode 100644 SoftHSMv2/win32/convarch/convarch.vcxproj.user create mode 100644 SoftHSMv2/win32/cryptotest/cryptotest.vcxproj.filters create mode 100644 SoftHSMv2/win32/cryptotest/cryptotest.vcxproj.in create mode 100644 SoftHSMv2/win32/cryptotest/cryptotest.vcxproj.user create mode 100644 SoftHSMv2/win32/datamgrtest/datamgrtest.vcxproj.filters create mode 100644 SoftHSMv2/win32/datamgrtest/datamgrtest.vcxproj.in create mode 100644 SoftHSMv2/win32/datamgrtest/datamgrtest.vcxproj.user create mode 100644 SoftHSMv2/win32/dump/dump.vcxproj.filters create mode 100644 SoftHSMv2/win32/dump/dump.vcxproj.in create mode 100644 SoftHSMv2/win32/dump/dump.vcxproj.user create mode 100644 SoftHSMv2/win32/handlemgrtest/handlemgrtest.vcxproj.filters create mode 100644 SoftHSMv2/win32/handlemgrtest/handlemgrtest.vcxproj.in create mode 100644 SoftHSMv2/win32/handlemgrtest/handlemgrtest.vcxproj.user create mode 100644 SoftHSMv2/win32/keyconv/keyconv.vcxproj.filters.in create mode 100644 SoftHSMv2/win32/keyconv/keyconv.vcxproj.in create mode 100644 SoftHSMv2/win32/keyconv/keyconv.vcxproj.user create mode 100644 SoftHSMv2/win32/objstoretest/objstoretest.vcxproj.filters create mode 100644 SoftHSMv2/win32/objstoretest/objstoretest.vcxproj.in create mode 100644 SoftHSMv2/win32/objstoretest/objstoretest.vcxproj.user create mode 100644 SoftHSMv2/win32/p11test/p11test.vcxproj.filters create mode 100644 SoftHSMv2/win32/p11test/p11test.vcxproj.in create mode 100644 SoftHSMv2/win32/p11test/p11test.vcxproj.user create mode 100644 SoftHSMv2/win32/sessionmgrtest/sessionmgrtest.vcxproj.filters create mode 100644 SoftHSMv2/win32/sessionmgrtest/sessionmgrtest.vcxproj.in create mode 100644 SoftHSMv2/win32/sessionmgrtest/sessionmgrtest.vcxproj.user create mode 100644 SoftHSMv2/win32/slotmgrtest/slotmgrtest.vcxproj.filters create mode 100644 SoftHSMv2/win32/slotmgrtest/slotmgrtest.vcxproj.in create mode 100644 SoftHSMv2/win32/slotmgrtest/slotmgrtest.vcxproj.user create mode 100644 SoftHSMv2/win32/softhsm2.sln.in create mode 100644 SoftHSMv2/win32/softhsm2/softhsm2.vcxproj.filters create mode 100644 SoftHSMv2/win32/softhsm2/softhsm2.vcxproj.in create mode 100644 SoftHSMv2/win32/softhsm2/softhsm2.vcxproj.user create mode 100644 SoftHSMv2/win32/util/util.vcxproj.filters.in create mode 100644 SoftHSMv2/win32/util/util.vcxproj.in create mode 100644 SoftHSMv2/win32/util/util.vcxproj.user create mode 100644 TPM2-Plugin/README diff --git a/.gitreview b/.gitreview new file mode 100644 index 0000000..5b40e19 --- /dev/null +++ b/.gitreview @@ -0,0 +1,5 @@ +[gerrit] +host=gerrit.onap.org +port=29418 +project=aaf/sshsm.git + diff --git a/Adapter/README b/Adapter/README new file mode 100644 index 0000000..0851e1e --- /dev/null +++ b/Adapter/README @@ -0,0 +1,3 @@ +## Introduction + +This is an adapatation layer between SoftHSM and TPM2-Plugin. diff --git a/README.md b/README.md new file mode 100644 index 0000000..4f2c0d7 --- /dev/null +++ b/README.md @@ -0,0 +1,17 @@ +# SoftHSMv2 + TPM-Plugin +## Introduction + +## Installation + +### Configure + +### Compile + +### Install + + + + +## Note +SoftHSMv2 is cloned from https://github.com/opendnssec/SoftHSMv2.git +with commit 6eb01f906ea112572b7bd80ca7b43982f1a160d6 diff --git a/SoftHSMv2/.appveyor.yml b/SoftHSMv2/.appveyor.yml new file mode 100644 index 0000000..121d805 --- /dev/null +++ b/SoftHSMv2/.appveyor.yml @@ -0,0 +1,63 @@ +version: 2.2.{build} +configuration: Release +platform: +- x86 +- x64 +init: +- ps: >- + If ($env:Platform -Match "x86") { + $env:VCVARS_PLATFORM="x86" + $env:MSBUILD_PLATFORM="Win32" + $env:ENV_PLATFORM="x86" + $env:CONFIGURE_OPTIONS="disable-debug $env:ADDITIONAL_CONFIGURE_OPTIONS" + } Else { + $env:VCVARS_PLATFORM="amd64" + $env:MSBUILD_PLATFORM="x64" + $env:ENV_PLATFORM="x64" + $env:CONFIGURE_OPTIONS="enable-64bit disable-debug $env:ADDITIONAL_CONFIGURE_OPTIONS" + } + + + $CURRENT_DIR_PATH = (Get-Item -Path ".\" -Verbose).FullName + + $env:BUILD_DIR = Join-Path $CURRENT_DIR_PATH build + + $env:CRYPTO_PACKAGE= "$env:CRYPTO_PACKAGE_NAME-$env:ENV_PLATFORM.zip" + + $env:CRYPTO_PACKAGE_PATH = Join-Path $env:BUILD_DIR "$env:CRYPTO_PACKAGE_NAME-$env:ENV_PLATFORM" + + $env:CPPUNIT_VERSION_NAME = "CppUnit-1.13.2" + + $env:CPPUNIT_PACKAGE_NAME = "cppunit-1.13.2" + + $env:CPPUNIT_PACKAGE = "$env:CPPUNIT_PACKAGE_NAME-$env:ENV_PLATFORM.zip" + + $env:PYTHON_PATH = Join-Path $env:BUILD_DIR python + + $env:CPPUNIT_PATH = Join-Path $env:BUILD_DIR "$env:CPPUNIT_PACKAGE_NAME-$env:ENV_PLATFORM" + + $env:PYTHON_EXE = Join-Path $env:PYTHON_PATH python.exe + + $env:RELEASE_DIR=Join-Path $env:BUILD_DIR "SoftHSMv2-$env:ENV_PLATFORM" + + $env:CONFIGURE_OPTIONS = "$env:CONFIGURE_OPTIONS with-crypto-backend=$env:CRYPTO_BACKEND with-$env:CRYPTO_BACKEND=$env:CRYPTO_PACKAGE_PATH\ with-cppunit=$env:CPPUNIT_PATH\" +environment: + matrix: + - CRYPTO_BACKEND: openssl + PACKAGE_VERSION_NAME: OpenSSL-1.0.2j + CRYPTO_PACKAGE_NAME: openssl-1.0.2j + - CRYPTO_BACKEND: botan + PACKAGE_VERSION_NAME: Botan-1.10.13 + CRYPTO_PACKAGE_NAME: botan-1.10.13 + - CRYPTO_BACKEND: openssl + PACKAGE_VERSION_NAME: OpenSSL-1.1.0b + CRYPTO_PACKAGE_NAME: openssl-1.1.0b + ADDITIONAL_CONFIGURE_OPTIONS: disable-gost +install: +- cmd: powershell -File testing/appveyor/appveyor_download_requirements.ps1 +build_script: +- cmd: testing/appveyor/appveyor_build.bat +test: off +artifacts: +- path: build/SoftHSMv2-$(Platform) + name: SoftHSMv2-$(PACKAGE_VERSION_NAME)-$(Platform) diff --git a/SoftHSMv2/.gitignore b/SoftHSMv2/.gitignore new file mode 100644 index 0000000..88488d9 --- /dev/null +++ b/SoftHSMv2/.gitignore @@ -0,0 +1,80 @@ +# Automake, autoconf, libtool +Makefile +Makefile.in +core +acinclude.m4 +aclocal.m4 +autom4te.cache +compile +py-compile +confdefs.h +config.* +!win32+botan/config.h +!win32+openssl/config.h +configure +conftest +conftest.c +depcomp +install-sh +libtool +libtool.m4 +lt*.m4 +ltmain.sh +missing +mkinstalldirs +stamp-h* +obj +test-driver +.deps +.libs + +# Object files +*.lo +*.o + +# Libraries +*.lib +*.la +*.a + +# Shared objects (inc. Windows DLLs) +*.dll +*.so +*.so.* +*.dylib + +# Test outputs +*.log +*.trs +test-results.xml + +# Temporary files +*~ + +# Building directories +build +Botan-* +ROOT + +# Specifics +softhsm2.module +src/bin/common/.dirstamp +src/bin/dump/softhsm2-dump-db +src/bin/dump/softhsm2-dump-file +src/bin/keyconv/softhsm2-keyconv +src/bin/util/softhsm2-util +src/lib/common/.dirstamp +src/lib/common/softhsm2.conf +src/lib/common/softhsm2.conf.5 +src/lib/crypto/.dirstamp +src/lib/crypto/test/cryptotest +src/lib/data_mgr/test/datamgrtest +src/lib/handle_mgr/test/handlemgrtest +src/lib/object_store/test/objstoretest +src/lib/session_mgr/test/sessionmgrtest +src/lib/slot_mgr/test/slotmgrtest +src/lib/test/p11test +src/lib/test/softhsm2-alt.conf +src/lib/test/softhsm2.conf +src/lib/test/tokens/64d6c3fe-1575-1736-1d26-5ccb28440ea7/ +src/lib/test/tokens/dummy diff --git a/SoftHSMv2/.travis.yml b/SoftHSMv2/.travis.yml new file mode 100644 index 0000000..13f50a5 --- /dev/null +++ b/SoftHSMv2/.travis.yml @@ -0,0 +1,13 @@ +language: cpp +compiler: + - gcc + - clang +before_install: + - sudo apt-get update -qq + - sudo apt-get install build-essential autoconf automake libtool libcppunit-dev libsqlite3-dev sqlite3 libbotan1.10-dev libssl-dev p11-kit +script: sh testing/travis/travis.sh +env: + - CRYPTO=openssl OBJSTORE=file + - CRYPTO=openssl OBJSTORE=sqlite + - CRYPTO=botan OBJSTORE=file + - CRYPTO=botan OBJSTORE=sqlite diff --git a/SoftHSMv2/FIPS-NOTES.md b/SoftHSMv2/FIPS-NOTES.md new file mode 100644 index 0000000..1827a3b --- /dev/null +++ b/SoftHSMv2/FIPS-NOTES.md @@ -0,0 +1,56 @@ +# FIPS 140-2 + +The OpenSSL crypto backend can be a FIPS 140-2 capable library, +cf. the OpenSSL FIPS 140 documents SecurityPolicy and UserGuide. + +## Introduction + +Please read the OpenSSL FIPS 140 documents about to get +a FIPS Capable OpenSSL library. + +## Hard points + +Reread the OpenSSL FIPS 140 documents as they are hard to apply. + +Note the following is for Unix/Linux. + +Now I suppose you have a >= 1.0.1e capable static library (a +dynamic library is far easier but always possible and often +dubious from a security point of view... BTW if you have built +a FIPS Capable OpenSSL library you should not be afraid of +extra complexity :-). + +Do not forget to compile OpenSSL with position indepent code +(aka PIC) as the libsofthsm.so requires it. The FIPS module +canister is already compiled this way. + +A usual issue is the C++ compiler not compiling .c files as C code. +A simple test can show this, put in foo.c file this code: + +foo() { char *x = "ab"; } + +and compile with the C and C++ compilers with all warnings: +the C++ compiler should raise an extra warning or error about +the no type for foo() and/or for the char* string constant. + +When this raises some errors in the fispld script, you have to +insert '-x c' and '-x none' before and after each .c file +in the C++ commands, for instance using this wrapper: + +-------------------------------- cut here -------------------------------- +#!/bin/sh + +commands="g++" + +for elem in $@ +do + case $elem in + *.c) commands+=" -x c $elem -x none";; + *) commands+=" $elem";; + esac +done + +exec $commands +-------------------------------- end -------------------------------- + +In any cases you have to set CC and CXX to fipsld. diff --git a/SoftHSMv2/LICENSE b/SoftHSMv2/LICENSE new file mode 100644 index 0000000..be4c168 --- /dev/null +++ b/SoftHSMv2/LICENSE @@ -0,0 +1,28 @@ +Copyright (c) 2010 .SE, The Internet Infrastructure Foundation + http://www.iis.se + +Copyright (c) 2010 SURFnet bv + http://www.surfnet.nl/en + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE +GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER +IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/SoftHSMv2/Makefile.am b/SoftHSMv2/Makefile.am new file mode 100644 index 0000000..a6573a3 --- /dev/null +++ b/SoftHSMv2/Makefile.am @@ -0,0 +1,65 @@ +ACLOCAL_AMFLAGS = -I m4 + +MAINTAINERCLEANFILES = \ + config.log config.status softhsm2.module \ + $(srcdir)/Makefile.in \ + $(srcdir)/config.h.in $(srcdir)/config.h.in~ \ + $(srcdir)/configure \ + $(srcdir)/install-sh $(srcdir)/ltmain.sh $(srcdir)/missing \ + $(srcdir)/depcomp $(srcdir)/aclocal.m4 $(srcdir)/compile \ + $(srcdir)/config.guess $(srcdir)/config.sub + +SUBDIRS = src + +if WITH_P11KIT +p11moddir = @P11KIT_PATH@ +p11mod_DATA = softhsm2.module +endif + +EXTRA_DIST = $(srcdir)/aes_wrap_key_with_pad/botan-diff \ + $(srcdir)/aes_wrap_key_with_pad/README \ + $(srcdir)/FIPS-NOTES.md \ + $(srcdir)/LICENSE \ + $(srcdir)/m4/*.m4 \ + $(srcdir)/OSX-NOTES.md \ + $(srcdir)/README.md \ + $(srcdir)/win32/config.h.in \ + $(srcdir)/win32/Configure.py \ + $(srcdir)/win32/convarch/convarch.vcxproj.in \ + $(srcdir)/win32/convarch/convarch.vcxproj.filters.in \ + $(srcdir)/win32/convarch/convarch.vcxproj.user \ + $(srcdir)/win32/cryptotest/cryptotest.vcxproj.in \ + $(srcdir)/win32/cryptotest/cryptotest.vcxproj.filters \ + $(srcdir)/win32/cryptotest/cryptotest.vcxproj.user \ + $(srcdir)/win32/datamgrtest/datamgrtest.vcxproj.in \ + $(srcdir)/win32/datamgrtest/datamgrtest.vcxproj.filters \ + $(srcdir)/win32/datamgrtest/datamgrtest.vcxproj.user \ + $(srcdir)/win32/dump/dump.vcxproj.in \ + $(srcdir)/win32/dump/dump.vcxproj.filters \ + $(srcdir)/win32/dump/dump.vcxproj.user \ + $(srcdir)/win32/handlemgrtest/handlemgrtest.vcxproj.in \ + $(srcdir)/win32/handlemgrtest/handlemgrtest.vcxproj.filters \ + $(srcdir)/win32/handlemgrtest/handlemgrtest.vcxproj.user \ + $(srcdir)/win32/keyconv/keyconv.vcxproj.in \ + $(srcdir)/win32/keyconv/keyconv.vcxproj.filters.in \ + $(srcdir)/win32/keyconv/keyconv.vcxproj.user \ + $(srcdir)/win32/objstoretest/objstoretest.vcxproj.in \ + $(srcdir)/win32/objstoretest/objstoretest.vcxproj.filters \ + $(srcdir)/win32/objstoretest/objstoretest.vcxproj.user \ + $(srcdir)/win32/p11test/p11test.vcxproj.in \ + $(srcdir)/win32/p11test/p11test.vcxproj.filters \ + $(srcdir)/win32/p11test/p11test.vcxproj.user \ + $(srcdir)/win32/sessionmgrtest/sessionmgrtest.vcxproj.in \ + $(srcdir)/win32/sessionmgrtest/sessionmgrtest.vcxproj.filters \ + $(srcdir)/win32/sessionmgrtest/sessionmgrtest.vcxproj.user \ + $(srcdir)/win32/slotmgrtest/slotmgrtest.vcxproj.in \ + $(srcdir)/win32/slotmgrtest/slotmgrtest.vcxproj.filters \ + $(srcdir)/win32/slotmgrtest/slotmgrtest.vcxproj.user \ + $(srcdir)/win32/softhsm2/softhsm2.vcxproj.in \ + $(srcdir)/win32/softhsm2/softhsm2.vcxproj.filters \ + $(srcdir)/win32/softhsm2/softhsm2.vcxproj.user \ + $(srcdir)/win32/softhsm2.sln.in \ + $(srcdir)/win32/util/util.vcxproj.in \ + $(srcdir)/win32/util/util.vcxproj.filters.in \ + $(srcdir)/win32/util/util.vcxproj.user \ + $(srcdir)/WIN32-NOTES.md diff --git a/SoftHSMv2/NEWS b/SoftHSMv2/NEWS new file mode 100644 index 0000000..5d209ec --- /dev/null +++ b/SoftHSMv2/NEWS @@ -0,0 +1,292 @@ +NEWS for SoftHSM -- History of user visible changes + +SoftHSM develop + +* Issue #140: Support for CKA_ALLOWED_MECHANISMS. + (Patch from Brad Hess) +* Issue #141: Support CKA_ALWAYS_AUTHENTICATE for private key objects. +* Issue #220: Support for CKM_DES3_CMAC and CKM_AES_CMAC. +* Issue #226: Configuration option for Windows build to enable build with + static CRT (/MT). +* Issue #325: Support for CKM_AES_GCM. +* Issue #334: Document that initialized tokens will be reassigned to another + slot (based on the token serial number). +* Issue #335: Support for CKM_RSA_PKCS_PSS. + (Patch from Nikos Mavrogiannopoulos) +* Issue #341: Import AES keys with softhsm2-util. + (Patch from Pavel Cherezov) +* Issue #348: Document that OSX needs pkg-config to detect cppunit. +* Issue #349: softhsm2-util will check the configuration and report any + issues before loading the PKCS#11 library. +* Issue #351: Upgrade Botan in Jenkins build. + +Bugfixes: +* Issue #345: Private objects are presented to security officer in search + results. +* Issue #358: Race condition when multiple applications are creating and + reading object files. + + +SoftHSM 2.3.0 - 2017-07-03 + +* Issue #130: Upgraded to PKCS#11 v2.40. + * Minor changes to some return values. + * Added CKA_DESTROYABLE to all objects. Used by C_DestroyObject(). + * Added CKA_PUBLIC_KEY_INFO to certificates, private, and public key + objects. Will be accepted from application, but SoftHSM will + currently not calculate it. +* Issue #142: Support for CKM_AES_CTR. +* Issue #155: Add unit tests for SessionManager. +* Issue #189: C_DigestKey returns CKR_KEY_INDIGESTIBLE when key + attribute CKA_EXTRACTABLE = false. Whitelist SHA algorithms to allow + C_DigestKey in this case. +* Issue #225: Show slot id after initialization. +* Issue #247: Run AppVeyor (Windows CI) for each PR and merge. +* Issue #257: Set CKA_DECRYPT/CKA_ENCRYPT flags on key import to true. + (Patch from Martin Domke) +* Issue #261: Add support for libeaycompat lib for FIPS on Windows. + (Patch from Matt Hauck) +* Issue #262: Support importing ECDSA P-521 in softhsm-util. +* Issue #276: Support for Botan 2.0. +* Issue #279: Editorial changes from Mountain Lion to Sierra. + (Patch from Mike Neumann) +* Issue #283: More detailed error messages when initializing SoftHSM. +* Issue #285: Support for LibreSSL. + (Patch from Alon Bar-Lev) +* Issue #286: Update .gitignore. + (Patch from Alon Bar-Lev) +* Issue #291: Change to enable builds and reports on new Jenkinks + environment. +* Issue #293: Detect cppunit in autoconf. + (Patch from Alon Bar-Lev) +* Issue #309: CKO_CERTIFICATE and CKO_PUBLIC_KEY now defaults to + CKA_PRIVATE=false. +* Issue #314: Update README with information about logging. +* Issue #330: Adjust log levels for failing to enumerate object store. + (Patch from Nikos Mavrogiannopoulos) + +Bugfixes: +* Issue #216: Better handling of CRYPTO_set_locking_callback() for OpenSSL. +* Issue #265: Fix deriving shared secret with ECC. +* Issue #280: HMAC with sizes less than L bytes is strongly discouraged. + Set a lower bound equal to L bytes in ulMinKeySize and check it when + initializing the operation. +* Issue #281: Fix test of p11 shared library. + (Patch from Lars Silvén) +* Issue #289: Minor fix of 'EVP_CipherFinal_ex'. + (Patch from Viktor Tarasov) +* Issue #297: Fix build with cppunit. + (Patch from Ludovic Rousseau) +* Issue #302: Export PKCS#11 symbols from the library. + (Patch from Ludovic Rousseau) +* Issue #305: Zero pad key to fit the block in CKM_AES_KEY_WRAP. +* Issue #313: Detecting CppUnit when using Macports. + (Patch from mouse07410) + + +SoftHSM 2.2.0 - 2016-12-05 + +* Issue #143: Delete a token using softhsm2-util. +* Issue #185: Change access mode bits for /var/lib/softhsm/tokens/ + to 1777. All users can now create tokens, but only access their own. + (Patch from Rick van Rein) +* Issue #186: Reinitializing a token will now keep the token, but all + token objects are deleted, the user PIN is removed and the token + label is updated. +* Issue #190: Support for OpenSSL 1.1.0. +* Issue #198: Calling C_GetSlotList with NULL_PTR will make sure that + there is always a slot with an uninitialized token available. +* Issue #199: The token serial number will be used when setting the slot + number. The serial number is set after the token has been initialized. + (Patch from Lars Silvén) +* Issue #203: Update the command utils to use the token label or serial + to find the token and its slot number. +* Issue #209: Possibility to test other PKCS#11 implementations with the + CppUnit test. + (Patch from Lars Silvén) +* Issue #223: Mark public key as non private by default. + (Patch from Nikos Mavrogiannopoulos) +* Issue #230: Install p11-kit module, to disable use --disable-p11-kit. + (Patch from David Woodhouse) +* Issue #237: Add windows continuous integration build. + (Patch from Peter Polačko) + +Bugfixes: +* Issue #201: Missing new source file and test configuration in the + Windows build project. +* Issue #205: ECDSA P-521 support for OpenSSL and better test coverage. +* Issue #207: Fix segmentation faults in loadLibrary function. + (Patch from Jaroslav Imrich) +* Issue #215: Update the Homebrew install notes for OSX. +* Issue #218: Fix build warnings. +* Issue #235: Add the libtool install command for OSX. + (Patch from Mark Wylde) +* Issue #236: Use GetEnvironmentVariable instead of getenv on Windows. + (Patch from Jaroslav Imrich) +* Issue #239: Crash on module unload with OpenSSL. + (Patch from David Woodhouse) +* Issue #241: Added EXTRALIBS to Windows utils project. + (Patch from Peter Polačko) +* Issue #250: C++11 not detected. +* Issue #255: API changes in Botan 1.11.27. +* Issue #260: Fix include guard to check WITH_FIPS. + (Patch from Matt Hauck) +* Issue #268: p11test fails on 32-bit systems. +* Issue #270: Build warning about "converting a string constant". +* Issue #272: Fix C++11 check to look for unique_ptr. + (Patch from Matt Hauck) + + +SoftHSM 2.1.0 - 2016-03-14 + +* Issue #136: Improved guide and build scripts for Windows. + (Thanks to Jaroslav Imrich) +* Issue #144: The password prompt in softhsm2-util can now be + interrupted (ctrl-c). +* Issue #166: Add slots.removable config option. + (Patch from Sumit Bose) +* Issue #180: Windows configure script improvements. + (Patch from Arnaud Grandville) + +Bugfixes: +* Issue #128: Prioritize the return values in C_GetAttributeValue. + (Patch from Nicholas Wilson) +* Issue #129: Fix errors reported by Visual Studio 2015. + (Patch from Jaroslav Imrich) +* Issue #132: Handle the CKA_CHECK_VALUE correctly for certificates + and symmetric key objects. +* Issue #154: Fix the Windows build and destruction order of objects. + (Patch from Arnaud Grandville) +* Issue #162: Not possible to create certificate objects containing + CKA_CERTIFICATE_CATEGORY, CKA_NAME_HASH_ALGORITHM, or + CKA_JAVA_MIDP_SECURITY_DOMAIN. +* Issue #163: Do not attempt decryption of empty byte strings. + (Patch from Michal Kepien) +* Issue #165: Minor changes after a PVS-Studio code analysis, and + C_EncryptUpdate crash if no ciphered data is produced. + (Patch from Arnaud Grandville) +* Issue #169: One-byte buffer overflow in call to EVP_DecryptUpdate. +* Issue #171: Problem while closing library that is initialized but + improperly finalized. +* Issue #173: Adjust return values for the template parsing. +* Issue #174: C_DeriveKey() error with leading zero bytes. +* Issue #177: CKA_NEVER_EXTRACTABLE set to CK_FALSE on objects + created with C_CreateObject. +* Issue #182: Resolve compiler warning. + (Patch from Josh Datko) +* Issue #184: Stop discarding the global OpenSSL libcrypto state. + (Patch from Michal Trojnara) +* SOFTHSM-123: Fix library cleanup on BSD. + + +SoftHSM 2.0.0 - 2015-07-17 + +* SOFTHSM-121: Test cases for C_DecryptUpdate/C_DecryptFinal. +* Support C_DecryptUpdate/C_DecryptFinal for symmetric algorithms. + (Patch from Thomas Calderon) + +Bugfixes: +* SOFTHSM-120: Segfault after renaming variables. + + +SoftHSM 2.0.0b3 - 2015-04-17 + +* SOFTHSM-113: Support for Botan 1.11.15 +* SOFTHSM-119: softhsm2-util: Support ECDSA key import + (Patch from Magnus Ahltorp) +* SUPPORT-139: Support deriving generic secrets, DES, DES2, DES3, and AES. + Using DH, ECDH or symmetric encryption. + +Bugfixes: +* SOFTHSM-108: A marked as trusted certificate cannot be imported. +* SOFTHSM-109: Unused parameter and variable warnings. +* SOFTHSM-110: subdir-objects warnings from autoreconf. +* SOFTHSM-111: Include FIPS-NOTES.md in dist. +* SOFTHSM-112: CKM_AES_KEY_WRAP* conflict in pkcs11.h. +* SOFTHSM-114: Fix memory leak in a test script. +* SOFTHSM-115: Fix static analysis warnings. +* SUPPORT-154: A marked as non-modifiable object cannot be generated. +* SUPPORT-155: auto_ptr is deprecated in C++11, use unique_ptr. +* SUPPORT-157: Derived secrets were truncated after encryption and + could thus not be decrypted. +* Mutex should call MutexFactory wrapper functions. + (Patch from Jerry Lundström) +* Return detailed error message to loadLibrary(). + (Patch from Petr Spacek) + + +SoftHSM 2.0.0b2 - 2014-12-28 + +* SOFTHSM-50: OpenSSL FIPS support. +* SOFTHSM-64: Updated build script for Windows. +* SOFTHSM-100: Use --free with softhsm2-util to initialize the first + free token. +* SOFTHSM-103: Allow runtime configuration of log level. +* SOFTHSM-107: Support for CKM__CBC_PAD. +* Add support for CKM_RSA_PKCS_OAEP key un/wrapping. + (Patch from Petr Spacek) +* Use OpenSSL EVP interface for AES key wrapping. + (Patch from Petr Spacek) +* Allow reading configuration file from user's home directory. + (Patch from Nikos Mavrogiannopoulos) + +Bugfixes: +* SOFTHSM-102: C_DeriveKey() uses OBJECT_OP_GENERATE. +* Coverity found a number of issues. + + +SoftHSM 2.0.0b1 - 2014-09-10 + +* SOFTHSM-84: Check that all mandatory attributes are given during + the creation process. +* SOFTHSM-92: Enable -fvisibility=hidden on per default +* SUPPORT-137: Implement C_EncryptUpdate and C_EncryptFinal + (Patch from Martin Paljak) +* Add support for CKM_RSA_PKCS key un/wrapping + (Patch from Petr Spacek) + +Bugfixes: +* SOFTHSM-66: Attribute handling when using multiple threads +* SOFTHSM-93: Invalid C++ object recycling. +* SOFTHSM-95: umask affecting the calling application. +* SOFTHSM-97: Check if Botan has already been initialized. +* SOFTHSM-98: Handle mandatory attributes for DSA, DH, and ECDSA + correctly. +* SOFTHSM-99: Binary encoding of GOST values. +* SUPPORT-136: softhsm2-keyconv creates files with sensitive material + in insecure way. + + +SoftHSM 2.0.0a2 - 2014-03-25 + +* SOFTHSM-68: Display a better configure message when there is a + version of Botan with a broken ECC/GOST/OID implementation. +* SOFTHSM-70: Improved handling of the database backend. +* SOFTHSM-71: Supporting Botan 1.11. +* SOFTHSM-76: Do not generate RSA keys smaller than 1024 bit when + using the Botan crypto backend. +* SOFTHSM-83: Support CKA_VALUE_BITS for CKK_DH private key object. +* SOFTHSM-85: Rename libsofthsm.so to libsofthsm2.so and prefix the + command line utilties with softhsm2-. +* SOFTHSM-89: Use constants and not strings for signaling algorithms. +* SUPPORT-129: Possible to use an empty template in C_GenerateKey. + The class and key type are inherited from the generation mechanism. + Some mechanisms do however require a length attribute. [SOFTHSM-88] +* SUPPORT-131: Support RSA-PSS using SHA1, SHA224, SHA256, SHA384, + or SHA512. [SOFTHSM-87] + +Bugfixes: +* SOFTHSM-39: Fix 64 bit build on sparc sun4v. +* SOFTHSM-69: GOST did not work when you disabled ECC. +* SOFTHSM-78: Correct the attribute checks for a number of objects. +* SOFTHSM-80: Prevent segfault in OpenSSL GOST HMAC code. +* SOFTHSM-91: Fix a warning from static code analysis. +* Fixed a number of memory leaks. + + +SoftHSM 2.0.0a1 - 2014-02-10 + +This is the first alpha release of SoftHSMv2. It focuses on a higher +level of security by encrypting sensitive information and using +unswappable memory. There is also a more generalized crypto backend, +where you can use Botan or OpenSSL. diff --git a/SoftHSMv2/OSX-NOTES.md b/SoftHSMv2/OSX-NOTES.md new file mode 100644 index 0000000..f1c7ee2 --- /dev/null +++ b/SoftHSMv2/OSX-NOTES.md @@ -0,0 +1,182 @@ +# Building SoftHSMv2 on macOS 10.12.3 (Sierra) + +This document contains instructions for building SoftHSMv2 from the command +line on macOS 10.12.3. + +This may work for other versions of OS X/macOS, but this has not been verified. + +## Command Line Tools + +We assume that XCode has been installed. To find out where Xcode keeps the C++ +compiler type the following at the command line: + + $ xcode-select --print-path + /Applications/Xcode.app/Contents/Developer + +The gcc compiler in this case can be found at +/Applications/Xcode.app/Contents/Developer/usr/bin/gcc + +Alternatively if you don't want to install XCode you could install command line +tools for macOS that can be downloaded from Apple. + +e.g. currently the following package for the Sierra release of macOS is +available for download. + + Command_Line_Tools_macOS_10.12_for_Xcode_8.2.dmg + +This dmg file is ~150MB but it is at least orders of magnitude smaller than +installing all of XCode. + +## Homebrew + +The libraries that come as part of macOS are rather old. We need to use more +recent versions of these libraries to avoid unexpected failures during building +and running. + +There is a community supported command line package manager for installing the +dependencies we need. It's called homebrew. First we'll need to install it as +follows: + + $ ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" + +Now we need to install some dependencies + + $ brew install automake + $ brew install pkg-config + $ brew install openssl + $ brew install sqlite + $ brew install cppunit + $ brew install libtool + +openssl, sqlite, and libtool are pre-installed on the system. The versions downloaded +by brew are stored in an alternative location under /usr/local + +The only brew warning of note is for libtool: + + ==> Caveats + In order to prevent conflicts with Apple's own libtool we have prepended a "g" + so, you have instead: glibtool and glibtoolize. + +Note: gblitoolize seems to be found in the configuration step below just fine. It's unclear +if glibtool is used since autogen.sh generates its own libtool script that is used by make. + +During configure, the paths to the newly installed libraries need to be passed +in so configure can actually find the libraries. We'll show how to do that +later. + +## Cloning SoftHSMv2 + +We now need to clone SoftHSMv2 from github. + + $ git clone https://github.com/opendnssec/SoftHSMv2.git + $ cd SoftHSMv2 + +## Configuring the build + +Start by installing autoconf in the source directory by executing the +autogen.sh script. + + $ sh ./autogen.sh + +If all went well a configure script should have been generated. To find out the +options available for building issue the following command: + + $ ./configure --help + +In the example below I will enable the optional token object store database +backend. + + $ ./configure --with-objectstore-backend-db \ + --with-openssl=/usr/local/opt/openssl \ + --with-sqlite3=/usr/local/opt/sqlite + +Now if for some reason the compilers are not found, do the following at the +command line. + + $ export CC="xcrun gcc" + $ export CPP="xcrun cpp" + $ export CXX="xcrun g++" + $ ./configure --with-objectstore-backend-db \ + --with-openssl=/usr/local/opt/openssl \ + --with-sqlite3=/usr/local/opt/sqlite + +By exporting these environment variables we are instructing configure to use +the compilers stored inside the installed XCode.app. + +## Building and Testing SoftHSMv2 + +Now we can build SoftHSMv2 by just executing make. + + $ make + +And we can check that it works by running all tests. + + $ make check + +To try a specific test, e.g. to check just the PKCS#11 test cases use the +following make command: + + $ make -C src/lib/test check + +Then change src/lib/test/softhsm2.conf so it contains the following lines. + + # SoftHSM v2 configuration file + directories.tokendir = ./tokens + objectstore.backend = db + log.level = INFO + slots.removable = false + +Then change src/lib/test/softhsm2-alt.conf so it contains the following lines. + + # SoftHSM v2 configuration file + directories.tokendir = ./tokens + objectstore.backend = db + log.level = INFO + slots.removable = true + +We are now ready to run the tests again. + + $ make -C src/lib/test check + +Because the object store backend was changed from file to db we have used +sqlite for storing the token objects. Verify this by looking in the sub-folders +of src/lib/test/tokens There you should find a database file named sqlite3.db + +## Performance + +The file backend currently exhibits the best performance. It is normally at +least twice as fast as the database backend. + +The idea behind storing token objects in a database is that it has advantages +when a large number (> 100K) of keys are stored in a token. A database allows +for selectively querying and loading in only a subset of the keys into memory. +The file based storage backend reads in the complete contents of the token. +Also because the database is only a single file, we should not hit any system +limitations w.r.t. the number of files that can be stored in a file system. + +The database backend uses transactions to write changes to the token database. +For modifiable attributes this will require a round trip to the database every +time an attribute has been read as another process may have modified the given +attribute. + +The database backend uses approximately 20% less memory because it will only +load in object attributes on demand. For non-mutable attributes that is not a +problem because once an object with its attributes is created those attributes +won't change. On the other hand the mutable attributes of the object are always +read when the object is accessed, making it slower because this will require a +roundtrip to the database for every mutable attribute. Note that most +attributes are non-mutable and especially the key material is non-mutable. So +once this (encrypted !) material has been read into memory it will remain +cached (encrypted !). + +Currently the query functionality for only retrieving a subset of the objects +is not yet implemented. Therefore the database solution has no advantages +w.r.t. the file based solution for large number of files other than the 20% +less memory usage mentioned before. + +For applications that need the highest speed possible and only read/use the +token, a solution would be to copy the whole of the token database to a +ramdisk. This should only be used when the application doesn't modify the +token, because a power-cycle of the host will wipe out the ramdisk. + +3-January-2017 diff --git a/SoftHSMv2/README.md b/SoftHSMv2/README.md new file mode 100644 index 0000000..c8230e8 --- /dev/null +++ b/SoftHSMv2/README.md @@ -0,0 +1,149 @@ +# SoftHSM version 2 + +SoftHSM is part of the OpenDNSSEC project. Read more at www.opendnssec.org. + +[![Travis Build Status](https://api.travis-ci.org/opendnssec/SoftHSMv2.png)](https://travis-ci.org/opendnssec/SoftHSMv2) +[![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/github/opendnssec/SoftHSMv2?svg=true)](https://ci.appveyor.com/project/opendnssec/softhsmv2) + +## Introduction + +OpenDNSSEC handles and stores its cryptographic keys via the PKCS#11 interface. +This interface specifies how to communicate with cryptographic devices such as +HSM:s (Hardware Security Modules) and smart cards. The purpose of these devices +is, among others, to generate cryptographic keys and sign information without +revealing private-key material to the outside world. They are often designed to +perform well on these specific tasks compared to ordinary processes in a normal +computer. + +A potential problem with the use of the PKCS#11 interface is that it might +limit the wide spread use of OpenDNSSEC, since a potential user might not be +willing to invest in a new hardware device. To counter this effect, OpenDNSSEC +is providing a software implementation of a generic cryptographic device with a +PKCS#11 interface, the SoftHSM. SoftHSM is designed to meet the requirements of +OpenDNSSEC, but can also work together with other cryptographic products +because of the PKCS#11 interface. + +## Developers + +- Rickard Bellgrim (Knowit Secure AB, www.knowitgroup.com) +- Francis Dupont (ISC, www.isc.org) +- René Post (XPT Software and Consulting, www.xpt.nl) +- Roland van Rijswijk (SURFnet bv, www.surfnet.nl) + +## Dependencies + +SoftHSM depends on a cryptographic library, Botan or OpenSSL. +Minimum required versions: + +- Botan 1.10.0 +- OpenSSL 1.0.0 + +If you are using Botan, make sure that it has support for GNU MP (--with-gnump). +This will improve the performance when doing public key operations. + +The GNU Autotools are also required for building the software. + +There is a migration tool for converting token databases from SoftHSMv1 into +the new type of tokens. If this tool is built, then SQLite3 is required (>= +3.4.2). + +## Installation + +### Configure + +Configure the installation/compilation scripts: + + sh ./autogen.sh + ./configure + +Options: + + --disable-non-paged-memory + Disable non-paged memory for secure storage + (default enabled) + --disable-ecc Disable support for ECC (default enabled) + --disable-gost Disable support for GOST (default enabled) + --disable-visibility Disable hidden visibilty link mode [enabled] + --with-crypto-backend Select crypto backend (openssl|botan) + --with-openssl=PATH Specify prefix of path of OpenSSL + --with-botan=PATH Specify prefix of path of Botan + --with-migrate Build the migration tool. Used when migrating + a SoftHSM v1 token database. Requires SQLite3 + --with-objectstore-backend-db + Build with database object store (SQLite3) + --with-sqlite3=PATH Specify prefix of path of SQLite3 + --disable-p11-kit Disable p11-kit integration (default enabled) + --with-p11-kit=PATH Specify install path of the p11-kit module, will + override path given by pkg-config + +For more options: + + ./configure --help + + +### Compile + +Compile the source code using the following command: + + make + +### Install Library + +Install the library using the follow command: + + sudo make install + +### Configure + +The default location of the config file is /etc/softhsm2.conf. This location +can be change by setting the environment variable. + + export SOFTHSM2_CONF=/home/user/config.file + +Details on the configuration can be found in "man softhsm2.conf". + +Create the token directory you defined in your config file: + + mkdir + +### Initialize Tokens + +Use either softhsm2-util or the PKCS#11 interface. The SO PIN can e.g. be used +to re-initialize the token and the user PIN is handed out to the application so +it can interact with the token. + + softhsm2-util --init-token --slot 0 --label "My token 1" + +Type in SO PIN and user PIN. Once a token has been initialized, more slots will +be added automatically with a new uninitialized token. + +Initialized tokens will be reassigned to another slot (based on the token +serial number). It is recommended to find and interact with the token by +searching for the token label or serial number in the slot list / token info. + +### Link + +Link to this library and use the PKCS#11 interface. + + +## Backup + +All of the tokens and their objects are stored in the location given by +softhsm2.conf. Backup can thus be done as a regular file copy. + + +## Log information + +Log information is sent to syslog or the Windows event log and the log +level is set in the configuration file. Each log event is prepended with +the source file name and line number. + + +## Building from the repository + +If the code is downloaded directly from the code repository, you have to +prepare the configuration scripts before continuing with the real README. + +1. You need to install automake, autoconf, libtool, etc. +2. Run the command 'sh autogen.sh' +3. Continue reading this README. diff --git a/SoftHSMv2/WIN32-NOTES.md b/SoftHSMv2/WIN32-NOTES.md new file mode 100644 index 0000000..a3ce7ab --- /dev/null +++ b/SoftHSMv2/WIN32-NOTES.md @@ -0,0 +1,311 @@ +# Building SoftHSM2 for Windows + +This document describes process of building both 32-bit and 64-bit versions of SoftHSM2 on 64-bit Windows 8.1 machine. +Either OpenSSL or Botan can be used as the crypto backend. + +## Required software + +- [Visual Studio](https://www.visualstudio.com/products/visual-studio-community-vs) (2015 Community) +- [GNU Privacy Guard for Windows](http://www.gpg4win.org/) (2.2.5) +- [7-zip](http://www.7-zip.org/) (9.20) +- [Strawberry Perl](http://strawberryperl.com/) (5.22.0.1) +- [The Netwide Assembler](http://www.nasm.us/) (2.11.08) +- [Python](https://www.python.org/downloads/windows/) (3.4.2) + +## Prepare working directories + + mkdir C:\build\bin\ + mkdir C:\build\src\ + +## Build OpenSSL 1.0.2d static library + +Download [OpenSSL 1.0.2d](http://openssl.org/source/openssl-1.0.2d.tar.gz) with [its signature](http://openssl.org/source/openssl-1.0.2d.tar.gz.asc) into `C:\build\src\` directory and verify signature of the downloaded archive: + + cd C:\build\src\ + gpg --keyserver pgp.mit.edu --recv-keys 0E604491 + gpg --verify openssl-1.0.2d.tar.gz.asc openssl-1.0.2d.tar.gz + +### 32-bit + +Extract archive `openssl-1.0.2d.tar.gz` into `C:\build\src\openssl-1.0.2d-x86` directory: + + cd C:\build\src\ + "C:\Program Files\7-Zip\7z" x openssl-1.0.2d.tar.gz + "C:\Program Files\7-Zip\7z" x openssl-1.0.2d.tar + rename openssl-1.0.2d openssl-1.0.2d-x86 + del openssl-1.0.2d.tar* + +In a **new command line window** build OpenSSL and install it into `C:\build\bin\openssl-1.0.2d-x86` directory: + + cd C:\build\src\openssl-1.0.2d-x86 + set PATH=%PATH%;C:\nasm + "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" + perl Configure VC-WIN32 --prefix=C:\build\bin\openssl-1.0.2d-x86 enable-static-engine + ms\do_nasm + nmake /f ms\nt.mak + nmake /f ms\nt.mak test + nmake /f ms\nt.mak install + +## 64-bit + +Extract archive `openssl-1.0.2d.tar.gz` into `C:\build\src\openssl-1.0.2d-x64` directory: + + cd C:\build\src\ + "C:\Program Files\7-Zip\7z" x openssl-1.0.2d.tar.gz + "C:\Program Files\7-Zip\7z" x openssl-1.0.2d.tar + rename openssl-1.0.2d openssl-1.0.2d-x64 + del openssl-1.0.2d.tar* + +In a **new command line window** build OpenSSL and install it into `C:\build\bin\openssl-1.0.2d-x64` directory: + + cd C:\build\src\openssl-1.0.2d-x64 + set PATH=%PATH%;C:\nasm + "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" amd64 + perl Configure VC-WIN64A --prefix=C:\build\bin\openssl-1.0.2d-x64 enable-static-engine + ms\do_win64a + nmake /f ms\nt.mak + nmake /f ms\nt.mak test + nmake /f ms\nt.mak install + +## Build OpenSSL 1.1.0a static library + +Download [OpenSSL 1.1.0a](https://www.openssl.org/source/openssl-1.1.0a.tar.gz) with [its signature](https://www.openssl.org/source/openssl-1.1.0a.tar.gz.asc) into `C:\build\src\` directory and verify signature of the downloaded archive: + + cd C:\build\src\ + gpg --keyserver pgp.mit.edu --recv-keys 0E604491 + gpg --verify openssl-1.1.0a.tar.gz.asc openssl-1.1.0a.tar.gz + +### 32-bit + +Extract archive `openssl-1.1.0a.tar.gz` into `C:\build\src\openssl-1.1.0a-x86` directory: + + cd C:\build\src\ + "C:\Program Files\7-Zip\7z" x openssl-1.1.0a.tar.gz + "C:\Program Files\7-Zip\7z" x openssl-1.1.0a.tar + rename openssl-1.1.0a openssl-1.1.0a-x86 + del openssl-1.1.0a.tar* + +In a **new command line window** build OpenSSL and install it into `C:\build\bin\openssl-1.1.0a-x86` directory: + + cd C:\build\src\openssl-1.1.0a-x86 + set PATH=%PATH%;C:\nasm + "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" + perl Configure VC-WIN32 --prefix=C:\build\bin\openssl-1.1.0a-x86 --openssldir=C:\build\bin\openssl-1.1.0a-x86\ssl no-shared + nmake + nmake test + nmake install + +## 64-bit + +Extract archive `openssl-1.1.0a.tar.gz` into `C:\build\src\openssl-1.1.0a-x64` directory: + + cd C:\build\src\ + "C:\Program Files\7-Zip\7z" x openssl-1.1.0a.tar.gz + "C:\Program Files\7-Zip\7z" x openssl-1.1.0a.tar + rename openssl-1.1.0a openssl-1.1.0a-x64 + del openssl-1.1.0a.tar* + +In a **new command line window** build OpenSSL and install it into `C:\build\bin\openssl-1.1.0a-x64` directory: + + cd C:\build\src\openssl-1.1.0a-x64 + set PATH=%PATH%;C:\nasm + "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" amd64 + perl Configure VC-WIN64A --prefix=C:\build\bin\openssl-1.1.0a-x64 --openssldir=C:\build\bin\openssl-1.1.0a-x64\ssl no-shared + nmake + nmake test + nmake install + +## Build Botan 1.10.10 + +Download [Botan 1.10.10](http://botan.randombit.net/releases/Botan-1.10.10.tgz) with [its signature](http://botan.randombit.net/releases/Botan-1.10.10.tgz.asc) into `C:\build\src\` directory and verify signature of the downloaded archive: + + cd C:\build\src\ + gpg --keyserver pgp.mit.edu --recv-keys EFBADFBC + gpg --verify Botan-1.10.10.tgz.asc Botan-1.10.10.tgz + +### 32-bit + +Extract archive `Botan-1.10.10.tgz` into `C:\build\src\botan-1.10.10-x86` directory: + + cd C:\build\src\ + rename Botan-1.10.10.tgz Botan-1.10.10.tar.gz + "C:\Program Files\7-Zip\7z" x Botan-1.10.10.tar.gz + "C:\Program Files\7-Zip\7z" x Botan-1.10.10.tgz + rename Botan-1.10.10 botan-1.10.10-x86 + del Botan-1.10.10.t* + +In a **new command line window as admin** build Botan and install it into `C:\build\bin\botan-1.10.10-x86` directory. Need to run the configure script as admin so it can link objects: + + cd C:\build\src\botan-1.10.10-x86 + "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" + python configure.py --cc=msvc --cpu=x86 --prefix=C:\build\bin\botan-1.10.10-x86 + nmake + nmake check + check.exe --validate + nmake install + +## 64-bit + +Extract archive `Botan-1.10.10.tgz` into `C:\build\src\botan-1.10.10-x64` directory: + + cd C:\build\src\ + rename Botan-1.10.10.tgz Botan-1.10.10.tar.gz + "C:\Program Files\7-Zip\7z" x Botan-1.10.10.tar.gz + "C:\Program Files\7-Zip\7z" x Botan-1.10.10.tgz + rename Botan-1.10.10 botan-1.10.10-x64 + del Botan-1.10.10.t* + +In a **new command line window as admin** build Botan and install it into `C:\build\bin\botan-1.10.10-x64` directory. Need to run the configure script as admin so it can link objects: + + cd C:\build\src\botan-1.10.10-x64 + "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" amd64 + python configure.py --cc=msvc --cpu=x64 --prefix=C:\build\bin\botan-1.10.10-x64 + nmake + nmake check + check.exe --validate + nmake install + +## Build CppUnit 1.13.2 unicode library + +Download [CppUnit 1.13.2](http://dev-www.libreoffice.org/src/cppunit-1.13.2.tar.gz) into `C:\build\src\` directory. + +### 32-bit + +Extract archive `cppunit-1.13.2.tar.gz` into `C:\build\src\cppunit-1.13.2-x86` directory: + + cd C:\build\src\ + "C:\Program Files\7-Zip\7z" x cppunit-1.13.2.tar.gz + "C:\Program Files\7-Zip\7z" x cppunit-1.13.2.tar + rename cppunit-1.13.2 cppunit-1.13.2-x86 + del cppunit-1.13.2.tar* + +Open solution `C:\build\src\cppunit-1.13.2-x86\src\CppUnitLibraries2010.sln` in Visual Studio and rebuild the source with `Release Unicode\Win32` solution configuration. + +(If you want to compile SoftHSM with static CRT, then you must also compile CppUnit with static CRT. Change "Runtime Library" to "Multi-threaded (/MT)" in the project "cppunit". This will create some build errors for project "TestRunner", but that can be ignored since it is not used by SoftHSM.) + +Copy the results into `C:\build\bin\cppunit-1.13.2-x86` directory: + + mkdir C:\build\bin\cppunit-1.13.2-x86\lib + xcopy C:\build\src\cppunit-1.13.2-x86\lib C:\build\bin\cppunit-1.13.2-x86\lib /E + mkdir C:\build\bin\cppunit-1.13.2-x86\include + xcopy C:\build\src\cppunit-1.13.2-x86\include C:\build\bin\cppunit-1.13.2-x86\include /E + +### 64-bit + +Extract archive `cppunit-1.13.2.tar.gz` into `C:\build\src\cppunit-1.13.2-x64` directory: + + cd C:\build\src\ + "C:\Program Files\7-Zip\7z" x cppunit-1.13.2.tar.gz + "C:\Program Files\7-Zip\7z" x cppunit-1.13.2.tar + rename cppunit-1.13.2 cppunit-1.13.2-x64 + del cppunit-1.13.2.tar* + +Open solution `C:\build\src\cppunit-1.13.2-x64\src\CppUnitLibraries2010.sln` in Visual Studio and rebuild the source with `Release Unicode\x64` solution configuration. + +(If you want to compile SoftHSM with static CRT, then you must also compile CppUnit with static CRT. Change "Runtime Library" to "Multi-threaded (/MT)" in the project "cppunit". This will create some build errors for project "TestRunner", but that can be ignored since it is not used by SoftHSM.) + +Copy the results into `C:\build\bin\cppunit-1.13.2-x64` directory: + + mkdir C:\build\bin\cppunit-1.13.2-x64\lib + xcopy C:\build\src\cppunit-1.13.2-x64\lib C:\build\bin\cppunit-1.13.2-x64\lib /E + mkdir C:\build\bin\cppunit-1.13.2-x64\include + xcopy C:\build\src\cppunit-1.13.2-x64\include C:\build\bin\cppunit-1.13.2-x64\include /E + +## Build SoftHSM + +Download the latest version of [SoftHSMv2](https://dist.opendnssec.org/source/) with its signature into `C:\build\src\` directory and verify signature of the downloaded archive: + + cd C:\build\src\ + gpg --keyserver pgp.mit.edu --recv-keys 4EE17CD2 + gpg --verify softhsm-2.x.y.tar.gz.sig softhsm-2.x.y.tar.gz + "C:\Program Files\7-Zip\7z" x softhsm-2.x.y.tar.gz + "C:\Program Files\7-Zip\7z" x softhsm-2.x.y.tar + rename softhsm-2.x.y SoftHSMv2 + del softhsm-2.x.y.tar* + +Or clone the source code from GitHub: + + cd C:\build\src\ + git clone https://github.com/opendnssec/SoftHSMv2.git + +### 32-bit + +Configure build process in a **new command line window**: + + cd C:\build\src\SoftHSMv2\win32\ + "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" + +OpenSSL (OpenSSL GOST engine does not support OpenSSL 1.1.0) or Botan crypto backend: + + python Configure.py disable-debug disable-gost with-crypto-backend=openssl with-openssl=C:\build\bin\openssl-1.1.0a-x86\ with-cppunit=C:\build\bin\cppunit-1.13.2-x86\ + python Configure.py disable-debug with-crypto-backend=botan with-botan=C:\build\bin\botan-1.10.10-x86\ with-cppunit=C:\build\bin\cppunit-1.13.2-x86\ + +(Add option enable-static-runtime if you want to compile with static CRT (/MT)) + +Open solution `C:\build\src\SoftHSMv2\win32\softhsm2.sln` in Visual Studio and rebuild the source with `Release\Win32` solution configuration. + +Verify the build by running the test programs: + + C:\build\src\SoftHSMv2\win32\Release\cryptotest.exe + C:\build\src\SoftHSMv2\win32\Release\datamgrtest.exe + C:\build\src\SoftHSMv2\win32\Release\handlemgrtest.exe + C:\build\src\SoftHSMv2\win32\Release\objstoretest.exe + C:\build\src\SoftHSMv2\win32\Release\p11test.exe + C:\build\src\SoftHSMv2\win32\Release\sessionmgrtest.exe + C:\build\src\SoftHSMv2\win32\Release\slotmgrtest.exe + +Copy the results into `C:\build\bin\SoftHSMv2-x86` directory: + + mkdir C:\build\bin\SoftHSMv2-x86 + mkdir C:\build\bin\SoftHSMv2-x86\tokens + copy C:\build\src\SoftHSMv2\win32\Release\softhsm2.dll C:\build\bin\SoftHSMv2-x86\ + copy C:\build\src\SoftHSMv2\win32\Release\softhsm2-dump-file.exe C:\build\bin\SoftHSMv2-x86\ + copy C:\build\src\SoftHSMv2\win32\Release\softhsm2-keyconv.exe C:\build\bin\SoftHSMv2-x86\ + copy C:\build\src\SoftHSMv2\win32\Release\softhsm2-util.exe C:\build\bin\SoftHSMv2-x86\ + copy C:\build\src\SoftHSMv2\src\lib\common\softhsm2.conf.in C:\build\bin\SoftHSMv2-x86\softhsm2.conf + +Replace `@softhsmtokendir@` with `C:\build\bin\SoftHSMv2-x86\tokens` in the file `C:\build\bin\SoftHSMv2-x86\softhsm2.conf` + +Set the environment variable SOFTHSM2_CONF to `C:\build\bin\SoftHSMv2-x86\softhsm2.conf` + +### 64-bit + +Configure build process in a **new command line window**: + + cd C:\build\src\SoftHSMv2\win32\ + "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" amd64 + +OpenSSL (OpenSSL GOST engine does not support OpenSSL 1.1.0) or Botan crypto backend: + + python Configure.py enable-64bit disable-debug disable-gost with-crypto-backend=openssl with-openssl=C:\build\bin\openssl-1.1.0a-x64\ with-cppunit=C:\build\bin\cppunit-1.13.2-x64\ + python Configure.py enable-64bit disable-debug with-crypto-backend=botan with-botan=C:\build\bin\botan-1.10.10-x64\ with-cppunit=C:\build\bin\cppunit-1.13.2-x64\ + +(Add option enable-static-runtime if you want to compile with static CRT (/MT)) + +Open solution `C:\build\src\SoftHSMv2\win32\softhsm2.sln` in Visual Studio and rebuild the source with `Release\x64` solution configuration. + +Verify the build by running the test programs: + + C:\build\src\SoftHSMv2\win32\x64\Release\cryptotest.exe + C:\build\src\SoftHSMv2\win32\x64\Release\datamgrtest.exe + C:\build\src\SoftHSMv2\win32\x64\Release\handlemgrtest.exe + C:\build\src\SoftHSMv2\win32\x64\Release\objstoretest.exe + C:\build\src\SoftHSMv2\win32\x64\Release\p11test.exe + C:\build\src\SoftHSMv2\win32\x64\Release\sessionmgrtest.exe + C:\build\src\SoftHSMv2\win32\x64\Release\slotmgrtest.exe + +Copy the results into `C:\build\bin\SoftHSMv2-x64` directory: + + mkdir C:\build\bin\SoftHSMv2-x64 + mkdir C:\build\bin\SoftHSMv2-x64\tokens + copy C:\build\src\SoftHSMv2\win32\x64\Release\softhsm2.dll C:\build\bin\SoftHSMv2-x64\ + copy C:\build\src\SoftHSMv2\win32\x64\Release\softhsm2-dump-file.exe C:\build\bin\SoftHSMv2-x64\ + copy C:\build\src\SoftHSMv2\win32\x64\Release\softhsm2-keyconv.exe C:\build\bin\SoftHSMv2-x64\ + copy C:\build\src\SoftHSMv2\win32\x64\Release\softhsm2-util.exe C:\build\bin\SoftHSMv2-x64\ + copy C:\build\src\SoftHSMv2\src\lib\common\softhsm2.conf.in C:\build\bin\SoftHSMv2-x64\softhsm2.conf + +Replace `@softhsmtokendir@` with `C:\build\bin\SoftHSMv2-x64\tokens` in the file `C:\build\bin\SoftHSMv2-x64\softhsm2.conf` + +Set the environment variable SOFTHSM2_CONF to `C:\build\bin\SoftHSMv2-x64\softhsm2.conf` + +## Continue reading in the README diff --git a/SoftHSMv2/aes_wrap_key_with_pad/README b/SoftHSMv2/aes_wrap_key_with_pad/README new file mode 100644 index 0000000..883cbf4 --- /dev/null +++ b/SoftHSMv2/aes_wrap_key_with_pad/README @@ -0,0 +1,7 @@ +Here are the patches to add advanced AES key wrap *with pad*, aka RFC 5649, +to Botan (1.10, not 1.11 even it should be easy). +PS: standardized (and approved) under the KWP name in NIST SP 800-38F. + +OpenSSL added support for RFC 5649 in commit +d31fed73e25391cd71a0de488d88724db78f6f8a and it is waiting for nearest release. +Some distributions backported the interface, e.g. Fedora and RHEL. diff --git a/SoftHSMv2/aes_wrap_key_with_pad/botan-diff b/SoftHSMv2/aes_wrap_key_with_pad/botan-diff new file mode 100644 index 0000000..bf03118 --- /dev/null +++ b/SoftHSMv2/aes_wrap_key_with_pad/botan-diff @@ -0,0 +1,340 @@ +--- src/constructs/rfc3394/rfc3394.h-dist 2013-11-10 17:06:11.000000000 +0100 ++++ src/constructs/rfc3394/rfc3394.h 2013-12-22 02:14:50.000000000 +0100 +@@ -27,6 +27,13 @@ + const SymmetricKey& kek, + Algorithm_Factory& af); + ++/* overload with an extra initial value */ ++ ++SecureVector BOTAN_DLL rfc3394_keywrap(const MemoryRegion& key, ++ const byte iv[8], ++ const SymmetricKey& kek, ++ Algorithm_Factory& af); ++ + /** + * Decrypt a key under a key encryption key using the algorithm + * described in RFC 3394 +@@ -40,6 +47,47 @@ + const SymmetricKey& kek, + Algorithm_Factory& af); + ++/* overload with an extra initial value */ ++ ++SecureVector BOTAN_DLL rfc3394_keyunwrap(const MemoryRegion& key, ++ const byte iv[8], ++ const SymmetricKey& kek, ++ Algorithm_Factory& af); ++ ++/* overload with an extra initial value and integrity check value */ ++ ++SecureVector BOTAN_DLL rfc3394_keyunwrap(const MemoryRegion& key, ++ const byte iv[8], ++ byte icv[8], ++ const SymmetricKey& kek, ++ Algorithm_Factory& af); ++ ++/** ++* Pad and encrypt a key under a key encryption key using the algorithm ++* described in RFC 5649 ++* ++* @param key the plaintext key to encrypt ++* @param kek the key encryption key ++* @param af an algorithm factory ++* @return key encrypted under kek ++*/ ++SecureVector BOTAN_DLL rfc5649_keywrap(const MemoryRegion& key, ++ const SymmetricKey& kek, ++ Algorithm_Factory& af); ++ ++/** ++* Decrypt and unpad a key under a key encryption key using the algorithm ++* described in RFC 5649 ++* ++* @param key the encrypted key to decrypt ++* @param kek the key encryption key ++* @param af an algorithm factory ++* @return key decrypted under kek ++*/ ++SecureVector BOTAN_DLL rfc5649_keyunwrap(const MemoryRegion& key, ++ const SymmetricKey& kek, ++ Algorithm_Factory& af); ++ + } + + #endif +--- src/constructs/rfc3394/rfc3394.cpp-dist 2013-11-10 17:06:11.000000000 +0100 ++++ src/constructs/rfc3394/rfc3394.cpp 2013-12-22 03:46:13.000000000 +0100 +@@ -30,12 +30,35 @@ + throw std::invalid_argument("Bad KEK length for NIST keywrap"); + } + ++BlockCipher* make_aesp(size_t keylength, ++ Algorithm_Factory& af) ++ { ++ if(keylength == 16) ++ return af.make_block_cipher("AES-128"); ++ else if(keylength == 24) ++ return af.make_block_cipher("AES-192"); ++ else if(keylength == 32) ++ return af.make_block_cipher("AES-256"); ++ else ++ throw std::invalid_argument("Bad KEK length for NIST keywrap with pad"); ++ } + } + + SecureVector rfc3394_keywrap(const MemoryRegion& key, + const SymmetricKey& kek, + Algorithm_Factory& af) + { ++ byte iv[8]; ++ for(size_t i = 0; i != 8; ++i) ++ iv[i] = 0xA6; ++ return rfc3394_keywrap(key, iv, kek, af); ++ } ++ ++SecureVector rfc3394_keywrap(const MemoryRegion& key, ++ const byte iv[8], ++ const SymmetricKey& kek, ++ Algorithm_Factory& af) ++ { + if(key.size() % 8 != 0) + throw std::invalid_argument("Bad input key size for NIST key wrap"); + +@@ -48,7 +71,7 @@ + SecureVector A(16); + + for(size_t i = 0; i != 8; ++i) +- A[i] = 0xA6; ++ A[i] = iv[i]; + + copy_mem(&R[8], key.begin(), key.size()); + +@@ -78,6 +101,29 @@ + const SymmetricKey& kek, + Algorithm_Factory& af) + { ++ byte iv[8]; ++ for(size_t i = 0; i != 8; ++i) ++ iv[i] = 0xA6; ++ return rfc3394_keyunwrap(key, iv, kek, af); ++ } ++ ++SecureVector rfc3394_keyunwrap(const MemoryRegion& key, ++ const byte iv[8], ++ const SymmetricKey& kek, ++ Algorithm_Factory& af) ++ { ++ byte icv[8]; ++ for(size_t i = 0; i != 8; ++i) ++ icv[i] = iv[i]; ++ return rfc3394_keyunwrap(key, iv, icv, kek, af); ++ } ++ ++SecureVector rfc3394_keyunwrap(const MemoryRegion& key, ++ const byte iv[8], ++ byte icv[8], ++ const SymmetricKey& kek, ++ Algorithm_Factory& af) ++ { + if(key.size() < 16 || key.size() % 8 != 0) + throw std::invalid_argument("Bad input key size for NIST key unwrap"); + +@@ -113,10 +159,107 @@ + } + } + +- if(load_be(&A[0], 0) != 0xA6A6A6A6A6A6A6A6) +- throw Integrity_Failure("NIST key unwrap failed"); ++ if(load_be(iv, 0) == load_be(icv, 0)) ++ { ++ if(load_be(&A[0], 0) != load_be(iv, 0)) ++ throw Integrity_Failure("NIST key unwrap failed"); ++ } ++ else ++ store_be(load_be(&A[0], 0), icv); + + return R; + } + ++SecureVector rfc5649_keywrap(const MemoryRegion& key, ++ const SymmetricKey& kek, ++ Algorithm_Factory& af) ++ { ++ const size_t len = key.size() + ++ (key.size() % 8 == 0 ? 0 : (8 - key.size() % 8)); ++ ++ u32bit aivh = 0xA65959A6; ++ byte ivh[4] = { 0 }; ++ store_be(aivh, ivh); ++ u32bit mli = key.size(); ++ byte ivl[4] = { 0 }; ++ store_be(mli, ivl); ++ ++ if(len == 8) ++ { ++ std::auto_ptr aes(make_aesp(kek.length(), af)); ++ aes->set_key(kek); ++ ++ SecureVector buf(16); ++ copy_mem(&buf[0], ivh, 4); ++ copy_mem(&buf[4], ivl, 4); ++ copy_mem(&buf[8], key.begin(), key.size()); ++ ++ aes->encrypt(&buf[0]); ++ ++ return buf; ++ } ++ else ++ { ++ MemoryVector buf(len); ++ copy_mem(&buf[0], key.begin(), key.size()); ++ byte iv[8] = { 0 }; ++ copy_mem(iv, ivh, 4); ++ copy_mem(&iv[4], ivl, 4); ++ return rfc3394_keywrap(buf, iv, kek, af); ++ } ++ } ++ ++SecureVector rfc5649_keyunwrap(const MemoryRegion& key, ++ const SymmetricKey& kek, ++ Algorithm_Factory& af) ++ { ++ if(key.size() < 16 || key.size() % 8 != 0) ++ throw std::invalid_argument("Bad input key size for NIST key unwrap with pad"); ++ ++ byte iv[8] = { 0 }; ++ SecureVector out; ++ ++ if(key.size() == 16) ++ { ++ std::auto_ptr aes(make_aesp(kek.length(), af)); ++ aes->set_key(kek); ++ ++ SecureVector buf(key); ++ ++ aes->decrypt(&buf[0]); ++ ++ copy_mem(iv, buf.begin(), 8); ++ out.resize(8); ++ copy_mem(&out[0], &buf[8], 8); ++ } ++ else ++ { ++ byte dummy[8] = { 1 }; ++ try ++ { ++ out = rfc3394_keyunwrap(key, dummy, iv, kek, af); ++ } ++ catch(...) ++ { ++ throw Integrity_Failure("NIST key unwrap with pad failed"); ++ } ++ } ++ ++ if(load_be(&iv[0], 0) != 0xA65959A6) ++ throw Integrity_Failure("NIST key unwrap with pad failed"); ++ ++ u32bit mli = load_be(iv, 1); ++ if(mli > out.size() || mli <= out.size() - 8) ++ throw Integrity_Failure("NIST key unwrap with pad failed"); ++ ++ size_t padlen = out.size() - mli; ++ byte zero[8] = { 0 }; ++ clear_mem(zero, 8); ++ if(padlen && !same_mem(zero, &out[mli], padlen)) ++ throw Integrity_Failure("NIST key unwrap with pad failed"); ++ ++ out.resize(mli); ++ return out; ++ } ++ + } +--- src/constructs/rfc3394/info.txt-dist 2013-11-10 17:06:11.000000000 +0100 ++++ src/constructs/rfc3394/info.txt 2013-12-22 00:42:08.000000000 +0100 +@@ -1 +1,2 @@ + define RFC3394_KEYWRAP ++define RFC5649_KEYWRAP +--- checks/validate.cpp-dist 2013-11-10 17:06:11.000000000 +0100 ++++ checks/validate.cpp 2013-12-22 02:15:12.000000000 +0100 +@@ -180,6 +180,68 @@ + return ok; + } + ++bool keywrap_withpad_test(const char* key_str, ++ const char* expected_str, ++ const char* kek_str) ++ { ++ std::cout << '.' << std::flush; ++ ++ bool ok = true; ++ ++#if defined(BOTAN_HAS_RFC5649_KEYWRAP) ++ try ++ { ++ SymmetricKey key(key_str); ++ SymmetricKey expected(expected_str); ++ SymmetricKey kek(kek_str); ++ ++ Algorithm_Factory& af = global_state().algorithm_factory(); ++ ++ SecureVector enc = rfc5649_keywrap(key.bits_of(), kek, af); ++ ++ if(enc != expected.bits_of()) ++ { ++ std::cout << "NIST key wrap encryption failure: " ++ << hex_encode(enc) << " != " << hex_encode(expected.bits_of()) << "\n"; ++ ok = false; ++ } ++ ++ SecureVector dec = rfc5649_keyunwrap(expected.bits_of(), kek, af); ++ ++ if(dec != key.bits_of()) ++ { ++ std::cout << "NIST key wrap decryption failure: " ++ << hex_encode(dec) << " != " << hex_encode(key.bits_of()) << "\n"; ++ ok = false; ++ } ++ } ++ catch(std::exception& e) ++ { ++ std::cout << e.what() << "\n"; ++ } ++#endif ++ ++ return ok; ++ } ++ ++bool test_keywrap_withpad() ++ { ++ std::cout << "Testing NIST keywrap with pad: " << std::flush; ++ ++ bool ok = true; ++ ++ ok &= keywrap_withpad_test("C37B7E6492584340BED12207808941155068F738", ++ "138BDEAA9B8FA7FC61F97742E72248EE5AE6AE5360D1AE6A5F54F373FA543B6A", ++ "5840DF6E29B02AF1AB493B705BF16EA1AE8338F4DCC176A8"); ++ ++ ok &= keywrap_withpad_test("466f7250617369", ++ "AFBEB0F07DFBF5419200F2CCB50BB24F", ++ "5840DF6E29B02AF1AB493B705BF16EA1AE8338F4DCC176A8"); ++ ++ std::cout << "\n"; ++ return ok; ++ } ++ + bool test_bcrypt(RandomNumberGenerator& rng) + { + #if defined(BOTAN_HAS_BCRYPT) +@@ -410,6 +472,12 @@ + errors++; + } + ++ if(should_pass && !test_keywrap_withpad()) ++ { ++ std::cout << "NIST keywrap with pad tests failed" << std::endl; ++ errors++; ++ } ++ + if(should_pass && !test_cryptobox(rng)) + { + std::cout << "Cryptobox tests failed" << std::endl; diff --git a/SoftHSMv2/autogen.sh b/SoftHSMv2/autogen.sh new file mode 100644 index 0000000..01db361 --- /dev/null +++ b/SoftHSMv2/autogen.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +autoreconf --install --force diff --git a/SoftHSMv2/configure.ac b/SoftHSMv2/configure.ac new file mode 100644 index 0000000..7a9e665 --- /dev/null +++ b/SoftHSMv2/configure.ac @@ -0,0 +1,226 @@ +################## +# # +# Version # +# # +################ + +# Program version + +define([SOFTHSM_VERSION_MAJOR], [2]) +define([SOFTHSM_VERSION_MINOR], [3]) +define([SOFTHSM_VERSION_FIX], [0]) +define([PACKAGE_SUFFIX], []) + +# Library version + +# Code changed: SOFTHSM_VERSION_REVISION++ +# Interface added/removed/changed: SOFTHSM_VERSION_CURRENT++, SOFTHSM_VERSION_REVISION=0 +# Interface added: SOFTHSM_VERSION_AGE++ +# Interface removed: SOFTHSM_VERSION_AGE=0 + +define([SOFTHSM_VERSION_CURRENT], [2]) +define([SOFTHSM_VERSION_AGE], [1]) +define([SOFTHSM_VERSION_REVISION], [3]) + +################## +# # +# Configure code # +# # +################## + +# Init +AC_PREREQ(2.61) +AC_INIT([SoftHSM],[SOFTHSM_VERSION_MAJOR.SOFTHSM_VERSION_MINOR.SOFTHSM_VERSION_FIX[]PACKAGE_SUFFIX]) +AC_CONFIG_HEADER([config.h]) +AC_CONFIG_SRCDIR([src/Makefile.am]) +AC_CONFIG_MACRO_DIR([m4]) +AM_INIT_AUTOMAKE([foreign subdir-objects]) +ACX_PREFIXHACK + +# Version info for the library +VERSION_INFO="SOFTHSM_VERSION_CURRENT:SOFTHSM_VERSION_REVISION:SOFTHSM_VERSION_AGE" +AC_SUBST(VERSION_INFO) + +# Checks for compilers +AC_PROG_CC +AC_PROG_CXX + +# Compiler flags +ACX_PEDANTIC +ACX_STRICT +ACX_64BIT +AX_CXX_COMPILE_STDCXX_11([noext],[optional]) + +# Check for libraries (-ldl can be required by OpenSSL too) +ACX_DLOPEN + +# Check for headers +AC_CHECK_HEADERS([pthread.h]) + +# What crypto backend to use and if we want to have support GOST +ACX_CRYPTO_BACKEND + +# Non-paged memory for secure storage +ACX_NON_PAGED_MEMORY + +# If the user want to have the migration tool +# Requires SQLite3 +AC_ARG_WITH(migrate, + AC_HELP_STRING([--with-migrate], + [Build the migration tool. Requires SQLite3.] + ), + [build_migrate="${withval}"], + [build_migrate="no"] +) +AC_MSG_CHECKING(if building with softhsm2-migrate) +if test "x${build_migrate}" = "xyes"; then + AC_MSG_RESULT(yes) + ACX_YIELD +else + AC_MSG_RESULT(no) +fi +AM_CONDITIONAL([BUILD_MIGRATE], [test "x${build_migrate}" = "xyes"]) + +# If the user wants to have the database storage backend +AC_ARG_WITH([objectstore-backend-db], + AC_HELP_STRING([--with-objectstore-backend-db], + [Build with object store backend database (SQLite3).] + ), + [build_objectstore_backend_db="${withval}"], + [build_objectstore_backend_db="no"] +) +AC_MSG_CHECKING(if building database object store backend) +if test "x${build_objectstore_backend_db}" = "xyes"; then + AC_MSG_RESULT(yes) + AC_DEFINE_UNQUOTED( + [HAVE_OBJECTSTORE_BACKEND_DB], + [1], + [Build with object store database backend.] + ) +else + AC_MSG_RESULT(no) +fi +AM_CONDITIONAL([BUILD_OBJECTSTORE_BACKEND_DB], [test "x${build_objectstore_backend_db}" = "xyes"]) + +# Require SQLite3 if either building --with-migrate or --with-objectstore-backend-db +AC_MSG_CHECKING(if SQLite3 required) +if test "x${build_migrate}" = "xyes" -o "x${build_objectstore_backend_db}" = "xyes"; then + AC_MSG_RESULT(yes) + ACX_SQLITE3 +else + AC_MSG_RESULT(no) +fi + +# Set visibility flags so only PKCS#11 entry points are exported +ACX_VISIBILITY + +# If we should install the p11-kit module +ACX_P11KIT + +# cppunit settings +ACX_CPPUNIT + +# Set full directory paths +full_sysconfdir=`eval eval eval eval eval echo "${sysconfdir}" | sed "s#NONE#${prefix}#" | sed "s#NONE#${ac_default_prefix}#"` +full_localstatedir=`eval eval eval eval eval echo "${localstatedir}" | sed "s#NONE#${prefix}#" | sed "s#NONE#${ac_default_prefix}#"` +full_libdir=`eval eval eval eval eval echo "${libdir}" | sed "s#NONE#${prefix}#" | sed "s#NONE#${ac_default_prefix}#"` +default_softhsm2_conf="`eval echo ${full_sysconfdir} | sed s,NONE,$ac_default_prefix,g`/softhsm2.conf" +softhsmtokendir=${full_localstatedir}/lib/softhsm/tokens/ + +# Install the library in a sub-directory +full_libdir="$full_libdir/softhsm" +libdir=$full_libdir +default_softhsm2_lib="$full_libdir/libsofthsm2.so" + +# For getConfigPath() +AC_CHECK_FUNCS([getpwuid_r]) + +# Define some variables for the code +AC_DEFINE_UNQUOTED( + [VERSION_MAJOR], + [SOFTHSM_VERSION_MAJOR], + [SoftHSM major version number via PKCS#11] +) +AC_DEFINE_UNQUOTED( + [VERSION_MINOR], + [SOFTHSM_VERSION_MINOR], + [SoftHSM minor version number via PKCS#11] +) +AC_DEFINE_UNQUOTED( + [MAX_PIN_LEN], + [255], + [Maximum PIN length] +) +AC_DEFINE_UNQUOTED( + [MIN_PIN_LEN], + [4], + [Minimum PIN length] +) +AC_DEFINE_UNQUOTED( + [DEFAULT_SOFTHSM2_CONF], + ["$default_softhsm2_conf"], + [The default location of softhsm2.conf] +) +AC_DEFINE_UNQUOTED( + [DEFAULT_TOKENDIR], + ["$softhsmtokendir"], + [The default location of the token directory] +) +AC_DEFINE_UNQUOTED( + [DEFAULT_OBJECTSTORE_BACKEND], + ["file"], + [Default storage backend for token objects] +) +AC_DEFINE_UNQUOTED( + [DEFAULT_LOG_LEVEL], + ["INFO"], + [The default log level] +) +AC_DEFINE_UNQUOTED( + [DEFAULT_PKCS11_LIB], + ["$default_softhsm2_lib"], + [The default PKCS#11 library] +) + +AC_SUBST([softhsmtokendir]) +AC_SUBST([default_softhsm2_conf]) +AC_SUBST([default_softhsm2_lib]) + +# Generate the libtool script and install script +AC_PROG_INSTALL +AC_PROG_LIBTOOL + +# Generate the makefiles +AC_CONFIG_FILES([ + Makefile + softhsm2.module + src/Makefile + src/lib/Makefile + src/lib/common/Makefile + src/lib/common/softhsm2.conf + src/lib/common/softhsm2.conf.5 + src/lib/crypto/Makefile + src/lib/crypto/test/Makefile + src/lib/data_mgr/Makefile + src/lib/data_mgr/test/Makefile + src/lib/object_store/Makefile + src/lib/object_store/test/Makefile + src/lib/session_mgr/Makefile + src/lib/session_mgr/test/Makefile + src/lib/slot_mgr/Makefile + src/lib/slot_mgr/test/Makefile + src/lib/handle_mgr/Makefile + src/lib/handle_mgr/test/Makefile + src/lib/test/Makefile + src/lib/test/softhsm2.conf + src/lib/test/softhsm2-alt.conf + src/lib/test/tokens/dummy + src/bin/Makefile + src/bin/common/Makefile + src/bin/dump/Makefile + src/bin/keyconv/Makefile + src/bin/migrate/Makefile + src/bin/util/Makefile +]) + +AC_OUTPUT diff --git a/SoftHSMv2/m4/acx_64bit.m4 b/SoftHSMv2/m4/acx_64bit.m4 new file mode 100644 index 0000000..f610b21 --- /dev/null +++ b/SoftHSMv2/m4/acx_64bit.m4 @@ -0,0 +1,29 @@ +AC_DEFUN([ACX_64BIT],[ + AC_ARG_ENABLE( + [64bit], + [AS_HELP_STRING([--enable-64bit],[enable 64-bit compiling @<:@disabled@:>@])], + [enable_64bit="${enableval}"], + [enable_64bit="no"]) + + if test "x$enable_64bit" = "xyes" + then + AC_MSG_CHECKING(if we can compile in 64-bit mode) + tmp_CFLAGS=$CFLAGS + CFLAGS="-m64" + AC_RUN_IFELSE( + [ + AC_LANG_PROGRAM([],[return sizeof(void*) == 8 ? 0 : 1;]) + ], [ + AC_MSG_RESULT(yes) + CXXFLAGS="-m64 $CXXFLAGS" + LDFLAGS="-m64 $LDFLAGS" + CFLAGS="-m64 $tmp_CFLAGS" + ],[ + AC_MSG_RESULT(no) + AC_MSG_ERROR([Don't know how to compile in 64-bit mode.]) + CFLAGS=$tmp_CFLAGS + ] + ) + fi + +]) diff --git a/SoftHSMv2/m4/acx_botan.m4 b/SoftHSMv2/m4/acx_botan.m4 new file mode 100644 index 0000000..ed93786 --- /dev/null +++ b/SoftHSMv2/m4/acx_botan.m4 @@ -0,0 +1,72 @@ +AC_DEFUN([ACX_BOTAN],[ + AC_ARG_WITH(botan, + AC_HELP_STRING([--with-botan=PATH],[Specify prefix of path of Botan]), + [ + BOTAN_PATH="$withval" + ], + [ + BOTAN_PATH="/usr/local" + ]) + + BOTAN_VERSION_MAJOR=2 + BOTAN_VERSION_MINOR=0 + AC_CHECK_FILE($BOTAN_PATH/include/botan-2/botan/version.h, + BOTAN_VERSION_MAJOR=2 + BOTAN_VERSION_MINOR=0, + AC_CHECK_FILE($BOTAN_PATH/include/botan-1.11/botan/version.h, + BOTAN_VERSION_MAJOR=1 + BOTAN_VERSION_MINOR=11, + AC_CHECK_FILE($BOTAN_PATH/include/botan-1.10/botan/version.h, + BOTAN_VERSION_MAJOR=1 + BOTAN_VERSION_MINOR=10, + AC_MSG_ERROR([Cannot find Botan includes])))) + AC_MSG_CHECKING(what are the Botan includes) + if test "x${BOTAN_VERSION_MAJOR}" = "x2"; then + BOTAN_INCLUDES="-I$BOTAN_PATH/include/botan-2" + else + BOTAN_INCLUDES="-I$BOTAN_PATH/include/botan-1.$BOTAN_VERSION_MINOR" + fi + AC_MSG_RESULT($BOTAN_INCLUDES) + + AC_MSG_CHECKING(what are the Botan libs) + if test "x${BOTAN_VERSION_MAJOR}" = "x2"; then + BOTAN_LIBS="-L$BOTAN_PATH/lib -lbotan-2" + else + BOTAN_LIBS="-L$BOTAN_PATH/lib -lbotan-1.$BOTAN_VERSION_MINOR" + fi + AC_MSG_RESULT($BOTAN_LIBS) + + if test "x${BOTAN_VERSION_MAJOR}" != "x1" -o "x${BOTAN_VERSION_MINOR}" != "x10"; then + AX_CXX_COMPILE_STDCXX_11([noext],[mandatory]) + fi + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $BOTAN_INCLUDES" + LIBS="$LIBS $BOTAN_LIBS" + + AC_LANG_PUSH([C++]) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [#include + #include ], + [using namespace Botan; + LibraryInitializer::initialize(); + #if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR($1,$2,$3) + #error "Botan version too old"; + #endif])], + [AC_MSG_RESULT([checking for Botan >= v$1.$2.$3 ... yes])], + [AC_MSG_RESULT([checking for Botan >= v$1.$2.$3 ... no]) + AC_MSG_ERROR([Missing the correct version of the Botan library])] + ) + AC_LANG_POP([C++]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS + + AC_SUBST(BOTAN_INCLUDES) + AC_SUBST(BOTAN_LIBS) + AC_SUBST(BOTAN_VERSION_MAJOR) + AC_SUBST(BOTAN_VERSION_MINOR) +]) diff --git a/SoftHSMv2/m4/acx_botan_aes_gcm.m4 b/SoftHSMv2/m4/acx_botan_aes_gcm.m4 new file mode 100644 index 0000000..d52c9cb --- /dev/null +++ b/SoftHSMv2/m4/acx_botan_aes_gcm.m4 @@ -0,0 +1,37 @@ +AC_DEFUN([ACX_BOTAN_AES_GCM],[ + AC_MSG_CHECKING(for Botan AES GCM support) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_LANG_PUSH([C++]) + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include + #include + int main() + { + using namespace Botan; + +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) + return 0; +#endif + return 1; + } + ]]) + ],[ + AC_MSG_RESULT([Found AES GCM]) + AC_DEFINE([WITH_AES_GCM], [1], + [Compile with AES GCM]) + ],[ + AC_MSG_RESULT([Cannot find AES GCM support, upgrade to Botan >= v2.0.0]) + + ]) + AC_LANG_POP([C++]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_botan_ecc.m4 b/SoftHSMv2/m4/acx_botan_ecc.m4 new file mode 100644 index 0000000..9bce21d --- /dev/null +++ b/SoftHSMv2/m4/acx_botan_ecc.m4 @@ -0,0 +1,51 @@ +AC_DEFUN([ACX_BOTAN_ECC],[ + AC_MSG_CHECKING(for Botan ECC support) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_LANG_PUSH([C++]) + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include + #include + #include + #include + int main() + { + Botan::LibraryInitializer::initialize(); + const std::string name("secp256r1"); + const Botan::OID oid(Botan::OIDS::lookup(name)); + const Botan::EC_Group ecg(oid); + try { +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + const std::vector der = + ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); +#else + const Botan::SecureVector der = + ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); +#endif + } catch(...) { + return 1; + } + return 0; + } + ]]) + ],[ + AC_MSG_RESULT([Found P256]) + ],[ + AC_MSG_RESULT([Cannot find P256]) + AC_MSG_ERROR([ +Botan library has no valid ECC support. Please upgrade to a later version +of Botan, above or including version 1.10.6 or 1.11.5. +Alternatively disable ECC support in SoftHSM with --disable-ecc +]) + ],[]) + AC_LANG_POP([C++]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_botan_gnump.m4 b/SoftHSMv2/m4/acx_botan_gnump.m4 new file mode 100644 index 0000000..d15859a --- /dev/null +++ b/SoftHSMv2/m4/acx_botan_gnump.m4 @@ -0,0 +1,27 @@ +AC_DEFUN([ACX_BOTAN_GNUMP],[ + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $BOTAN_INCLUDES" + LIBS="$LIBS $BOTAN_LIBS" + + AC_LANG_PUSH([C++]) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [#include ], + [#ifndef BOTAN_HAS_ENGINE_GNU_MP + #error "No GNU MP support"; + #endif])], + [AC_MSG_RESULT([checking for Botan GNU MP support... yes])], + [AC_MSG_RESULT([checking for Botan GNU MP support... no]) + AC_MSG_WARN([ +==================================================== +Botan has not been built with GNU MP (--with-gnump). +This will give negative impact on the performance. +====================================================])] + ) + AC_LANG_POP([C++]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_botan_gost.m4 b/SoftHSMv2/m4/acx_botan_gost.m4 new file mode 100644 index 0000000..3720f4a --- /dev/null +++ b/SoftHSMv2/m4/acx_botan_gost.m4 @@ -0,0 +1,52 @@ +AC_DEFUN([ACX_BOTAN_GOST],[ + AC_MSG_CHECKING(for Botan GOST support) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_LANG_PUSH([C++]) + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include + #include + #include + #include + int main() + { + Botan::LibraryInitializer::initialize(); + const std::string name("gost_256A"); + const Botan::OID oid(Botan::OIDS::lookup(name)); + const Botan::EC_Group ecg(oid); + try { +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + const std::vector der = + ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); +#else + const Botan::SecureVector der = + ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); +#endif + } catch(...) { + return 1; + } + + return 0; + } + ]]) + ],[ + AC_MSG_RESULT([Found GOST]) + ],[ + AC_MSG_RESULT([Cannot find GOST]) + AC_MSG_ERROR([ +Botan library has no valid GOST support. Please upgrade to a later version +of Botan, above or including version 1.10.6 or 1.11.5. +Alternatively disable GOST support in SoftHSM with --disable-gost +]) + ],[]) + AC_LANG_POP([C++]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_botan_rawpss.m4 b/SoftHSMv2/m4/acx_botan_rawpss.m4 new file mode 100644 index 0000000..018e324 --- /dev/null +++ b/SoftHSMv2/m4/acx_botan_rawpss.m4 @@ -0,0 +1,37 @@ +AC_DEFUN([ACX_BOTAN_RAWPSS],[ + AC_MSG_CHECKING(for Botan raw PSS support) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_LANG_PUSH([C++]) + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include + #include + int main() + { + using namespace Botan; + +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,3,0) + return 0; +#endif + return 1; + } + ]]) + ],[ + AC_MSG_RESULT([Found raw PSS]) + AC_DEFINE([WITH_RAW_PSS], [1], + [Compile with raw RSA PKCS PSS]) + ],[ + AC_MSG_RESULT([Cannot find raw PSS support, upgrade to Botan >= v2.3.0]) + + ]) + AC_LANG_POP([C++]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_botan_rfc5649.m4 b/SoftHSMv2/m4/acx_botan_rfc5649.m4 new file mode 100644 index 0000000..25a3d26 --- /dev/null +++ b/SoftHSMv2/m4/acx_botan_rfc5649.m4 @@ -0,0 +1,47 @@ +AC_DEFUN([ACX_BOTAN_RFC5649],[ + AC_MSG_CHECKING(for Botan RFC5649 support) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_DEFINE([HAVE_AES_KEY_WRAP], [1], + [Define if advanced AES key wrap without pad is supported]) + AC_LANG_PUSH([C++]) + AC_LINK_IFELSE([ + AC_LANG_SOURCE([[ + #include + #include + #include + int main() + { + using namespace Botan; + +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + secure_vector key(10); + SymmetricKey kek("AABB"); + secure_vector x = rfc5649_keywrap(key, kek); +#else + SecureVector key(10); + SymmetricKey kek("AABB"); + Algorithm_Factory& af = global_state().algorithm_factory(); + SecureVector x = rfc5649_keywrap(key, kek, af); +#endif + return 1; + } + ]]) + ],[ + AC_MSG_RESULT([Found AES key wrap with pad]) + AC_DEFINE([HAVE_AES_KEY_WRAP_PAD], [1], + [Define if advanced AES key wrap with pad is supported]) + ],[ + AC_MSG_RESULT([Cannot find AES key wrap with pad]) + + ]) + AC_LANG_POP([C++]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_cppunit.m4 b/SoftHSMv2/m4/acx_cppunit.m4 new file mode 100644 index 0000000..2720d81 --- /dev/null +++ b/SoftHSMv2/m4/acx_cppunit.m4 @@ -0,0 +1,21 @@ +AC_DEFUN([ACX_CPPUNIT],[ + AC_PATH_PROG([CPPUNIT_CONFIG], [cppunit-config]) + AC_PATH_PROG([PKG_CONFIG], [pkg-config]) + if test -n "${CPPUNIT_CONFIG}"; then + AC_MSG_CHECKING([cppunit cflags]) + CPPUNIT_CFLAGS=`${CPPUNIT_CONFIG} --cflags` + AC_MSG_RESULT([${CPPUNIT_CFLAGS}]) + AC_MSG_CHECKING([cppunit libs]) + CPPUNIT_LIBS=`${CPPUNIT_CONFIG} --libs` + AC_MSG_RESULT([${CPPUNIT_LIBS}]) + elif test -n "${PKG_CONFIG}"; then + AC_MSG_CHECKING([cppunit cflags]) + CPPUNIT_CFLAGS=`${PKG_CONFIG} cppunit --cflags` + AC_MSG_RESULT([${CPPUNIT_CFLAGS}]) + AC_MSG_CHECKING([cppunit libs]) + CPPUNIT_LIBS=`${PKG_CONFIG} cppunit --libs` + AC_MSG_RESULT([${CPPUNIT_LIBS}]) + fi + AC_SUBST([CPPUNIT_CFLAGS]) + AC_SUBST([CPPUNIT_LIBS]) +]) diff --git a/SoftHSMv2/m4/acx_crypto_backend.m4 b/SoftHSMv2/m4/acx_crypto_backend.m4 new file mode 100644 index 0000000..c860c89 --- /dev/null +++ b/SoftHSMv2/m4/acx_crypto_backend.m4 @@ -0,0 +1,168 @@ +AC_DEFUN([ACX_CRYPTO_BACKEND],[ + + # First check if we want to support ECC and GOST + + AC_ARG_ENABLE(ecc, + AC_HELP_STRING([--enable-ecc], + [Enable support for ECC (default enabled)] + ), + [enable_ecc="${enableval}"], + [enable_ecc="yes"] + ) + AC_MSG_CHECKING(for ECC support) + if test "x${enable_ecc}" = "xyes"; then + AC_MSG_RESULT(yes) + AC_DEFINE_UNQUOTED( + [WITH_ECC], + [], + [Compile with ECC support] + ) + else + AC_MSG_RESULT(no) + fi + AM_CONDITIONAL([WITH_ECC], [test "x${enable_ecc}" = "xyes"]) + + AC_ARG_ENABLE(gost, + AC_HELP_STRING([--enable-gost], + [Enable support for GOST (default enabled)] + ), + [enable_gost="${enableval}"], + [enable_gost="yes"] + ) + AC_MSG_CHECKING(for GOST support) + if test "x${enable_gost}" = "xyes"; then + AC_MSG_RESULT(yes) + AC_DEFINE_UNQUOTED( + [WITH_GOST], + [], + [Compile with GOST support] + ) + else + AC_MSG_RESULT(no) + fi + AM_CONDITIONAL([WITH_GOST], [test "x${enable_gost}" = "xyes"]) + + # Second check for the FIPS 140-2 mode + + AC_ARG_ENABLE(fips, + AC_HELP_STRING([--enable-fips], + [Enable support for FIPS 140-2 mode (default disabled)] + ), + [enable_fips="${enableval}"], + [enable_fips="no"] + ) + AC_MSG_CHECKING(for FIPS 140-2 mode) + if test "x${enable_fips}" = "xyes"; then + AC_MSG_RESULT(yes) + AC_DEFINE_UNQUOTED( + [WITH_FIPS], + [], + [Compile with FIPS 140-2 mode] + ) + else + AC_MSG_RESULT(no) + fi + AM_CONDITIONAL([WITH_GOST], [test "x${enable_fips}" = "xyes"]) + + # Then check what crypto library we want to use + + AC_ARG_WITH(crypto-backend, + AC_HELP_STRING([--with-crypto-backend], + [Select crypto backend (openssl|botan)] + ), + [crypto_backend="${withval}"], + [crypto_backend="openssl"] + ) + + AC_MSG_CHECKING(for crypto backend) + + if test "x${crypto_backend}" = "xopenssl"; then + AC_MSG_RESULT(OpenSSL) + + if test "x${enable_fips}" = "xyes"; then + ACX_OPENSSL(1,0,1) + else + ACX_OPENSSL(1,0,0) + fi + + CRYPTO_INCLUDES=$OPENSSL_INCLUDES + CRYPTO_LIBS=$OPENSSL_LIBS + + if test "x${enable_ecc}" = "xyes"; then + ACX_OPENSSL_ECC + fi + + if test "x${enable_gost}" = "xyes"; then + if test "x${enable_fips}" = "xyes"; then + AC_MSG_ERROR([GOST is not FIPS approved]) + fi + ACX_OPENSSL_GOST + fi + + if test "x${enable_fips}" = "xyes"; then + ACX_OPENSSL_FIPS + else + ACX_OPENSSL_EVPAESWRAP + fi + + AC_DEFINE_UNQUOTED( + [WITH_RAW_PSS], + [1], + [Compile with raw RSA PKCS PSS] + ) + AC_DEFINE_UNQUOTED( + [WITH_AES_GCM], + [1], + [Compile with AES_GCM] + ) + AC_DEFINE_UNQUOTED( + [WITH_OPENSSL], + [], + [Compile with OpenSSL support] + ) + + elif test "x${crypto_backend}" = "xbotan"; then + AC_MSG_RESULT(Botan) + + ACX_BOTAN(1,10,0) + + CRYPTO_INCLUDES=$BOTAN_INCLUDES + CRYPTO_LIBS=$BOTAN_LIBS + + if test "x${enable_ecc}" = "xyes"; then + ACX_BOTAN_ECC + fi + + if test "x${enable_fips}" = "xyes"; then + AC_MSG_ERROR([Botan does not support FIPS 140-2 mode]) + fi + + if test "x${enable_gost}" = "xyes"; then + ACX_BOTAN_GOST + fi + + if test "x${BOTAN_VERSION_MAJOR}" = "x1" -a "x${BOTAN_VERSION_MINOR}" = "x10"; then + ACX_BOTAN_GNUMP + fi + + ACX_BOTAN_RFC5649 + ACX_BOTAN_RAWPSS + ACX_BOTAN_AES_GCM + + AC_DEFINE_UNQUOTED( + [WITH_BOTAN], + [], + [Compile with Botan support] + ) + + else + AC_MSG_RESULT(Unknown) + AC_MSG_ERROR([Crypto backend ${crypto_backend} not supported. Use openssl or botan.]) + fi + + AC_SUBST(CRYPTO_INCLUDES) + AC_SUBST(CRYPTO_LIBS) + AM_CONDITIONAL([WITH_OPENSSL], [test "x${crypto_backend}" = "xopenssl"]) + AM_CONDITIONAL([WITH_BOTAN], [test "x${crypto_backend}" = "xbotan"]) + +]) diff --git a/SoftHSMv2/m4/acx_dlopen.m4 b/SoftHSMv2/m4/acx_dlopen.m4 new file mode 100644 index 0000000..2d67614 --- /dev/null +++ b/SoftHSMv2/m4/acx_dlopen.m4 @@ -0,0 +1,15 @@ +AC_DEFUN([ACX_DLOPEN],[ + AC_CHECK_FUNC(dlopen, [AC_DEFINE(HAVE_DLOPEN,1,[Define if you have dlopen])], + [ + AC_CHECK_LIB([dl],[dlopen], + [AC_DEFINE(HAVE_DLOPEN,1,[Define if you have dlopen]) + LIBS="$LIBS -ldl"], + [AC_CHECK_FUNC(LoadLibrary, + [if test $ac_cv_func_LoadLibrary = yes; then + AC_DEFINE(HAVE_LOADLIBRARY, 1, [Whether LoadLibrary is available]) + fi + ], [AC_MSG_ERROR(No dynamic library loading support)] + )] + ) + ]) +]) diff --git a/SoftHSMv2/m4/acx_non_paged_memory.m4 b/SoftHSMv2/m4/acx_non_paged_memory.m4 new file mode 100644 index 0000000..0253e98 --- /dev/null +++ b/SoftHSMv2/m4/acx_non_paged_memory.m4 @@ -0,0 +1,57 @@ +AC_DEFUN([ACX_NON_PAGED_MEMORY],[ + + AC_ARG_ENABLE(non-paged-memory, + AC_HELP_STRING([--disable-non-paged-memory], + [Disable non-paged memory for secure storage (default enabled)] + ), + [enable_non_paged_memory="${enableval}"], + [enable_non_paged_memory="yes"] + ) + + AC_MSG_CHECKING(for non-paged memory for secure storage) + + if test "x${enable_non_paged_memory}" = "xyes"; then + AC_MSG_RESULT(enabled) + AC_DEFINE_UNQUOTED( + [SENSITIVE_NON_PAGE], + [], + [Non-paged memory for secure storage] + ) + AC_CHECK_HEADERS([sys/mman.h]) + + AC_MSG_CHECKING(the maximum size that may be locked into memory) + MLOCK_SIZE="`ulimit -l`" + AC_MSG_RESULT($MLOCK_SIZE) + + if test "x${MLOCK_SIZE}" != "xunlimited"; then + AC_MSG_WARN([ +====================================================================== +SoftHSM has been configured to store sensitive data in non-page RAM +(i.e. memory that is not swapped out to disk). This is the default and +most secure configuration. Your system, however, is not configured to +support this model in non-privileged accounts (i.e. user accounts). + +You can check the setting on your system by running the following +command in a shell: + + ulimit -l + +If this does not return "unlimited" and you plan to run SoftHSM from +non-privileged accounts then you should edit the configuration file +/etc/security/limits.conf (on most systems). + +You will need to add the following lines to this file: + +# +* - memlock unlimited + +Alternatively, you can elect to disable this feature of SoftHSM by +re-running configure with the option "--disable-non-paged-memory". +Please be advised that this may seriously degrade the security of +SoftHSM. +======================================================================]) + fi + else + AC_MSG_RESULT(disabled) + fi +]) diff --git a/SoftHSMv2/m4/acx_openssl.m4 b/SoftHSMv2/m4/acx_openssl.m4 new file mode 100644 index 0000000..e90c78f --- /dev/null +++ b/SoftHSMv2/m4/acx_openssl.m4 @@ -0,0 +1,60 @@ +AC_DEFUN([ACX_OPENSSL],[ + AC_ARG_WITH(openssl, + AC_HELP_STRING([--with-openssl=PATH],[Specify prefix of path of OpenSSL]), + [ + OPENSSL_PATH="$withval" + ], + [ + OPENSSL_PATH="/usr/local" + ]) + + AC_MSG_CHECKING(what are the OpenSSL includes) + OPENSSL_INCLUDES="-I$OPENSSL_PATH/include" + AC_MSG_RESULT($OPENSSL_INCLUDES) + + AC_MSG_CHECKING(what are the OpenSSL libs) + OPENSSL_LIBS="-L$OPENSSL_PATH/lib -lcrypto" + AC_MSG_RESULT($OPENSSL_LIBS) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $OPENSSL_INCLUDES" + LIBS="$OPENSSL_LIBS $LIBS" + + AC_CHECK_HEADERS([openssl/ssl.h],,[AC_MSG_ERROR([Can't find OpenSSL headers])]) + AC_CHECK_LIB(crypto, BN_new,,[AC_MSG_ERROR([Can't find OpenSSL library])]) + + AC_MSG_CHECKING([for OpenSSL version]) + CHECK_OPENSSL_VERSION=m4_format(0x%02x%02x%02x000L, $1, $2, $3) + AC_LANG_PUSH([C]) + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include + #include + int main() + { + #ifndef OPENSSL_VERSION_NUMBER + return -1; + #endif + #if OPENSSL_VERSION_NUMBER >= $CHECK_OPENSSL_VERSION + return 0; + #else + return 1; + #endif + } + ]]) + ],[ + AC_MSG_RESULT([>= $1.$2.$3]) + ],[ + AC_MSG_RESULT([< $1.$2.$3]) + AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)]) + ],[]) + AC_LANG_POP([C]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS + + AC_SUBST(OPENSSL_INCLUDES) + AC_SUBST(OPENSSL_LIBS) +]) diff --git a/SoftHSMv2/m4/acx_openssl_ecc.m4 b/SoftHSMv2/m4/acx_openssl_ecc.m4 new file mode 100644 index 0000000..612c505 --- /dev/null +++ b/SoftHSMv2/m4/acx_openssl_ecc.m4 @@ -0,0 +1,37 @@ +AC_DEFUN([ACX_OPENSSL_ECC],[ + AC_MSG_CHECKING(for OpenSSL ECC support) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_LANG_PUSH([C]) + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include + #include + int main() + { + EC_KEY *ec256, *ec384, *ec521; + + ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + ec384 = EC_KEY_new_by_curve_name(NID_secp384r1); + ec521 = EC_KEY_new_by_curve_name(NID_secp521r1); + if (ec256 == NULL || ec384 == NULL || ec521 == NULL) + return 1; + return 0; + } + ]]) + ],[ + AC_MSG_RESULT([Found P256, P384, and P521]) + ],[ + AC_MSG_RESULT([Cannot find P256, P384, or P521]) + AC_MSG_ERROR([OpenSSL library has no ECC support]) + ],[]) + AC_LANG_POP([C]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_openssl_fips.m4 b/SoftHSMv2/m4/acx_openssl_fips.m4 new file mode 100644 index 0000000..0491397 --- /dev/null +++ b/SoftHSMv2/m4/acx_openssl_fips.m4 @@ -0,0 +1,50 @@ +AC_DEFUN([ACX_OPENSSL_FIPS],[ + AC_MSG_CHECKING(for OpenSSL FIPS capable library) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + # check whether we can build an application which can + # "reference the OpenSSL FIPS object module" + + AC_LANG_PUSH([C]) + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include + int main() + { + return !FIPS_mode_set(1); + } + ]]) + ],[ + AC_MSG_RESULT([Found working FIPS_mode_set()]) + ],[ + AC_MSG_RESULT([FIPS_mode_set(1) failed]) + AC_MSG_ERROR([OpenSSL library is not FIPS capable]) + ],[]) + AC_LANG_POP([C]) + + # build missing fips_premain_dso tool + + if test "x${FIPSLD_CC}" != "x"; then + THERE="`echo $CC | sed -e 's|[[^/]]*$||'`".. + if test "x${FIPSLIBDIR}" != "x"; then + PREMAIN_C="${FIPSLIBDIR}/fips_premain.c" + elif test -f "${THERE}/fips/fips_premain.c"; then + PREMAIN_C="${THERE}/fips/fips_premain.c" + elif test -f "${THERE}/lib/fips_premain.c"; then + PREMAIN_C="${THERE}/lib/fips_premain.c" + else + AC_MSG_WARN([can't find fips_premain.c]) + fi + + $FIPSLD_CC $CPPFLAGS -DFINGERPRINT_PREMAIN_DSO_LOAD \ + -o src/lib/fips_premain_dso $PREMAIN_C $LIBS + fi + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_openssl_gost.m4 b/SoftHSMv2/m4/acx_openssl_gost.m4 new file mode 100644 index 0000000..dca489b --- /dev/null +++ b/SoftHSMv2/m4/acx_openssl_gost.m4 @@ -0,0 +1,65 @@ +AC_DEFUN([ACX_OPENSSL_GOST],[ + AC_MSG_CHECKING(for OpenSSL GOST support) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_LANG_PUSH([C]) + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include + #include + #include + int main() + { + ENGINE* eg; + const EVP_MD* EVP_GOST_34_11; + + /* Initialise OpenSSL */ + OpenSSL_add_all_algorithms(); + + /* Load engines */ + #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ENGINE_load_builtin_engines(); + #else + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN | OPENSSL_INIT_LOAD_CONFIG, NULL); + #endif + + /* Initialise the GOST engine */ + eg = ENGINE_by_id("gost"); + if (eg == NULL) + return 1; + if (ENGINE_init(eg) <= 0) + return 1; + + /* better than digest_gost */ + EVP_GOST_34_11 = ENGINE_get_digest(eg, NID_id_GostR3411_94); + if (EVP_GOST_34_11 == NULL) + return 1; + + /* from the openssl.cnf */ + if (ENGINE_register_pkey_asn1_meths(eg) <= 0) + return 1; + if (ENGINE_ctrl_cmd_string(eg, + "CRYPT_PARAMS", + "id-Gost28147-89-CryptoPro-A-ParamSet", + 0) <= 0) + return 1; + + return 0; + } + ]]) + ],[ + AC_MSG_RESULT([Found GOST engine]) + ],[ + AC_MSG_RESULT([Cannot find GOST engine]) + AC_MSG_ERROR([OpenSSL library has no GOST support]) + ],[]) + AC_LANG_POP([C]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_openssl_rfc5649.m4 b/SoftHSMv2/m4/acx_openssl_rfc5649.m4 new file mode 100644 index 0000000..c68a336 --- /dev/null +++ b/SoftHSMv2/m4/acx_openssl_rfc5649.m4 @@ -0,0 +1,51 @@ +AC_DEFUN([ACX_OPENSSL_EVPAESWRAP],[ + AC_MSG_CHECKING(OpenSSL EVP interface for AES key wrapping) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_LANG_PUSH([C]) + + AC_LINK_IFELSE([ + AC_LANG_SOURCE([[ + #include + int main() + { + EVP_aes_128_wrap(); + return 1; + } + ]]) + ],[ + AC_MSG_RESULT([RFC 3394 is supported]) + AC_DEFINE([HAVE_AES_KEY_WRAP], [1], + [Define if advanced AES key wrap without pad is supported in EVP interface]) + ],[ + AC_MSG_RESULT([RFC 3394 is not supported]) + ]) + + AC_MSG_CHECKING(OpenSSL EVP interface for AES key wrapping with pad) + AC_LINK_IFELSE([ + AC_LANG_SOURCE([[ + #include + int main() + { + EVP_aes_128_wrap_pad(); + return 1; + } + ]]) + ],[ + AC_MSG_RESULT([RFC 5649 is supported]) + AC_DEFINE([HAVE_AES_KEY_WRAP_PAD], [1], + [Define if advanced AES key wrap with pad is supported in EVP interface]) + ],[ + AC_MSG_RESULT([RFC 5649 is not supported]) + ]) + + AC_LANG_POP([C]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_p11kit.m4 b/SoftHSMv2/m4/acx_p11kit.m4 new file mode 100644 index 0000000..20c7b7e --- /dev/null +++ b/SoftHSMv2/m4/acx_p11kit.m4 @@ -0,0 +1,36 @@ +AC_DEFUN([ACX_P11KIT],[ + AC_ARG_ENABLE([p11-kit], + AC_HELP_STRING([--enable-p11-kit], + [Enable p11-kit integration (default enabled)] + ), + [enable_p11kit="${enableval}"], + [enable_p11kit="yes"] + ) + + AC_ARG_WITH(p11-kit, + AC_HELP_STRING([--with-p11-kit=PATH],[Specify install path of the p11-kit module, will override path given by pkg-config]), + [P11KIT_PATH="$withval"], + [P11KIT_PATH=""] + ) + + AC_MSG_CHECKING(for p11-kit integration) + if test "x${enable_p11kit}" = "xyes"; then + AC_MSG_RESULT(yes) + if test "x${P11KIT_PATH}" = "x"; then + AC_PATH_PROG(PKGCONFIG, [pkg-config]) + if test "x${PKGCONFIG}" != "x" && ${PKGCONFIG} --exists p11-kit-1; then + P11KIT_PATH=`${PKGCONFIG} --variable=p11_module_configs p11-kit-1` + fi + fi + AC_MSG_CHECKING(where to install the p11-kit module) + AC_MSG_RESULT($P11KIT_PATH) + if test "x${P11KIT_PATH}" = "x"; then + AC_MSG_WARN([Missing install path for the p11-kit module, skipping module]) + fi + else + AC_MSG_RESULT(no) + fi + + AC_SUBST(P11KIT_PATH) + AM_CONDITIONAL([WITH_P11KIT], [test "x${enable_p11kit}" = "xyes" -a "x${P11KIT_PATH}" != "x"]) +]) diff --git a/SoftHSMv2/m4/acx_pedantic.m4 b/SoftHSMv2/m4/acx_pedantic.m4 new file mode 100644 index 0000000..11808ee --- /dev/null +++ b/SoftHSMv2/m4/acx_pedantic.m4 @@ -0,0 +1,12 @@ +AC_DEFUN([ACX_PEDANTIC],[ + AC_ARG_ENABLE( + [pedantic], + [AS_HELP_STRING([--enable-pedantic],[enable pedantic compile mode @<:@enabled@:>@])], + , + [enable_pedantic="yes"] + ) + if test "${enable_pedantic}" = "yes"; then + enable_strict="yes"; + CFLAGS="${CFLAGS} -pedantic" + fi +]) diff --git a/SoftHSMv2/m4/acx_prefixhack.m4 b/SoftHSMv2/m4/acx_prefixhack.m4 new file mode 100644 index 0000000..16a50a2 --- /dev/null +++ b/SoftHSMv2/m4/acx_prefixhack.m4 @@ -0,0 +1,23 @@ +# Special processing of paths depending on whether --prefix, +# --sysconfdir or --localstatedir arguments were given. + +AC_DEFUN([ACX_PREFIXHACK],[ + case "$prefix" in + NONE) + case "$sysconfdir" in + '${prefix}/etc') + sysconfdir=/etc + ac_configure_args="$ac_configure_args --sysconfdir=$sysconfdir" + AC_MSG_NOTICE([sysconfdir set to $sysconfdir]) + ;; + esac + case "$localstatedir" in + '${prefix}/var') + localstatedir=/var + ac_configure_args="$ac_configure_args --localstatedir=$localstatedir" + AC_MSG_NOTICE([localstate set to $localstatedir]) + ;; + esac + ;; + esac +]) diff --git a/SoftHSMv2/m4/acx_sqlite3.m4 b/SoftHSMv2/m4/acx_sqlite3.m4 new file mode 100644 index 0000000..cf829b7 --- /dev/null +++ b/SoftHSMv2/m4/acx_sqlite3.m4 @@ -0,0 +1,40 @@ +AC_DEFUN([ACX_SQLITE3],[ + AC_ARG_WITH(sqlite3, + AC_HELP_STRING([--with-sqlite3=PATH],[Specify prefix of path of SQLite3]), + [ + SQLITE3_PATH="$withval" + AC_PATH_PROGS(SQLITE3, sqlite3, sqlite3, $withval/bin) + + ],[ + SQLITE3_PATH="/usr/local" + AC_PATH_PROGS(SQLITE3, sqlite3, sqlite3, $PATH) + ]) + + + if ! test -x "$SQLITE3"; then + AC_MSG_ERROR([sqlite3 command not found]) + fi + + AC_MSG_CHECKING(what are the SQLite3 includes) + SQLITE3_INCLUDES="-I$SQLITE3_PATH/include" + AC_MSG_RESULT($SQLITE3_INCLUDES) + + AC_MSG_CHECKING(what are the SQLite3 libs) + SQLITE3_LIBS="-L$SQLITE3_PATH/lib -lsqlite3" + AC_MSG_RESULT($SQLITE3_LIBS) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $SQLITE3_INCLUDES" + LIBS="$LIBS $SQLITE3_LIBS" + + AC_CHECK_HEADERS(sqlite3.h,,[AC_MSG_ERROR([Can't find SQLite3 headers])]) + AC_CHECK_LIB(sqlite3, sqlite3_prepare_v2, [], [AC_MSG_ERROR([Missing SQLite3 library v3.4.2 or greater])]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS + + AC_SUBST(SQLITE3_INCLUDES) + AC_SUBST(SQLITE3_LIBS) +]) diff --git a/SoftHSMv2/m4/acx_strict.m4 b/SoftHSMv2/m4/acx_strict.m4 new file mode 100644 index 0000000..0bb8089 --- /dev/null +++ b/SoftHSMv2/m4/acx_strict.m4 @@ -0,0 +1,12 @@ +AC_DEFUN([ACX_STRICT],[ + AC_ARG_ENABLE( + [strict], + [AS_HELP_STRING([--enable-strict],[enable strict compile mode @<:@enabled@:>@])], + , + [enable_strict="yes"] + ) + if test "${enable_strict}" = "yes"; then + CFLAGS="${CFLAGS} -Wall -Wextra" + CXXFLAGS="${CXXFLAGS} -Wall -Wextra" + fi +]) diff --git a/SoftHSMv2/m4/acx_visibility.m4 b/SoftHSMv2/m4/acx_visibility.m4 new file mode 100644 index 0000000..589a72e --- /dev/null +++ b/SoftHSMv2/m4/acx_visibility.m4 @@ -0,0 +1,14 @@ +AC_DEFUN([ACX_VISIBILITY],[ + AC_ARG_ENABLE( + [visibility], + [AS_HELP_STRING([--disable-visibility],[disable hidden visibilty link mode @<:@enabled@:>@])], + [enable_visibility="${enableval}"], + [enable_visibility="yes"] + ) + if test "${enable_visibility}" = "yes"; then + CFLAGS="${CFLAGS} -fvisibility=hidden" + CXXFLAGS="${CXXFLAGS} -fvisibility=hidden" + AC_DEFINE(CRYPTOKI_VISIBILITY, 1, + [Define to default visibility of PKCS@%:@11 entry points]) + fi +]) diff --git a/SoftHSMv2/m4/acx_yield.m4 b/SoftHSMv2/m4/acx_yield.m4 new file mode 100644 index 0000000..335c190 --- /dev/null +++ b/SoftHSMv2/m4/acx_yield.m4 @@ -0,0 +1,10 @@ +AC_DEFUN([ACX_YIELD],[ + YIELD_LIB= + # Solaris has sched_yield in librt, not in libpthread or libc. + # Solaris 2.5.1, 2.6 has sched_yield in libposix4, not librt. + AC_CHECK_LIB(rt, sched_yield, [YIELD_LIB=-lrt], + [AC_CHECK_LIB(posix4, sched_yield, [YIELD_LIB=-lposix4])]) + AC_SUBST([YIELD_LIB]) + + AC_CHECK_HEADER([sched.h]) +]) diff --git a/SoftHSMv2/m4/ax_cxx_compile_stdcxx_11.m4 b/SoftHSMv2/m4/ax_cxx_compile_stdcxx_11.m4 new file mode 100644 index 0000000..28ab4eb --- /dev/null +++ b/SoftHSMv2/m4/ax_cxx_compile_stdcxx_11.m4 @@ -0,0 +1,146 @@ +# ============================================================================ +# http://www.gnu.org/software/autoconf-archive/ax_cxx_compile_stdcxx_11.html +# ============================================================================ +# +# SYNOPSIS +# +# AX_CXX_COMPILE_STDCXX_11([ext|noext],[mandatory|optional]) +# +# DESCRIPTION +# +# Check for baseline language coverage in the compiler for the C++11 +# standard; if necessary, add switches to CXXFLAGS to enable support. +# +# The first argument, if specified, indicates whether you insist on an +# extended mode (e.g. -std=gnu++11) or a strict conformance mode (e.g. +# -std=c++11). If neither is specified, you get whatever works, with +# preference for an extended mode. +# +# The second argument, if specified 'mandatory' or if left unspecified, +# indicates that baseline C++11 support is required and that the macro +# should error out if no mode with that support is found. If specified +# 'optional', then configuration proceeds regardless, after defining +# HAVE_CXX11 if and only if a supporting mode is found. +# +# LICENSE +# +# Copyright (c) 2008 Benjamin Kosnik +# Copyright (c) 2012 Zack Weinberg +# Copyright (c) 2013 Roy Stogner +# Copyright (c) 2014 Alexey Sokolov +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 4 + +m4_define([_AX_CXX_COMPILE_STDCXX_11_testbody], [[ + #include + + template + struct check + { + static_assert(sizeof(int) <= sizeof(T), "not big enough"); + }; + + struct Base { + virtual void f() {} + }; + struct Child : public Base { + virtual void f() override {} + }; + + std::unique_ptr ptr_to_base; + + typedef check> right_angle_brackets; + + int a; + decltype(a) b; + + typedef check check_type; + check_type c; + check_type&& cr = static_cast(c); + + auto d = a; + auto l = [](){}; +]]) + +AC_DEFUN([AX_CXX_COMPILE_STDCXX_11], [dnl + m4_if([$1], [], [], + [$1], [ext], [], + [$1], [noext], [], + [m4_fatal([invalid argument `$1' to AX_CXX_COMPILE_STDCXX_11])])dnl + m4_if([$2], [], [ax_cxx_compile_cxx11_required=true], + [$2], [mandatory], [ax_cxx_compile_cxx11_required=true], + [$2], [optional], [ax_cxx_compile_cxx11_required=false], + [m4_fatal([invalid second argument `$2' to AX_CXX_COMPILE_STDCXX_11])]) + AC_LANG_PUSH([C++])dnl + ac_success=no + AC_CACHE_CHECK(whether $CXX supports C++11 features by default, + ax_cv_cxx_compile_cxx11, + [AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_11_testbody])], + [ax_cv_cxx_compile_cxx11=yes], + [ax_cv_cxx_compile_cxx11=no])]) + if test x$ax_cv_cxx_compile_cxx11 = xyes; then + ac_success=yes + fi + + m4_if([$1], [noext], [], [dnl + if test x$ac_success = xno; then + for switch in -std=gnu++11 -std=gnu++0x; do + cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx11_$switch]) + AC_CACHE_CHECK(whether $CXX supports C++11 features with $switch, + $cachevar, + [ac_save_CXXFLAGS="$CXXFLAGS" + CXXFLAGS="$CXXFLAGS $switch" + AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_11_testbody])], + [eval $cachevar=yes], + [eval $cachevar=no]) + CXXFLAGS="$ac_save_CXXFLAGS"]) + if eval test x\$$cachevar = xyes; then + CXXFLAGS="$CXXFLAGS $switch" + ac_success=yes + break + fi + done + fi]) + + m4_if([$1], [ext], [], [dnl + if test x$ac_success = xno; then + for switch in -std=c++11 -std=c++0x; do + cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx11_$switch]) + AC_CACHE_CHECK(whether $CXX supports C++11 features with $switch, + $cachevar, + [ac_save_CXXFLAGS="$CXXFLAGS" + CXXFLAGS="$CXXFLAGS $switch" + AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_11_testbody])], + [eval $cachevar=yes], + [eval $cachevar=no]) + CXXFLAGS="$ac_save_CXXFLAGS"]) + if eval test x\$$cachevar = xyes; then + CXXFLAGS="$CXXFLAGS $switch" + ac_success=yes + break + fi + done + fi]) + AC_LANG_POP([C++]) + if test x$ax_cxx_compile_cxx11_required = xtrue; then + if test x$ac_success = xno; then + AC_MSG_ERROR([*** A compiler with support for C++11 language features is required.]) + fi + else + if test x$ac_success = xno; then + HAVE_CXX11=0 + AC_MSG_NOTICE([No compiler with C++11 support was found]) + else + HAVE_CXX11=1 + AC_DEFINE(HAVE_CXX11,1, + [define if the compiler supports basic C++11 syntax]) + fi + + AC_SUBST(HAVE_CXX11) + fi +]) diff --git a/SoftHSMv2/prepdist.sh b/SoftHSMv2/prepdist.sh new file mode 100644 index 0000000..93e5cb2 --- /dev/null +++ b/SoftHSMv2/prepdist.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +PREFIX=/tmp/softhsm2-release +export LD_LIBRARY_PATH=/usr/local/lib + +if [ ! -f autogen.sh -a ! -f configure ]; then + echo "Unable to continue, no autogen.sh or configure" + exit 1 +fi + +if [ -f autogen.sh ]; then + sh autogen.sh +fi && +mkdir -p build && +cd build && +../configure --prefix=${PREFIX} \ + --with-crypto-backend=botan \ + --with-botan=/usr/local \ + $@ diff --git a/SoftHSMv2/softhsm2.module.in b/SoftHSMv2/softhsm2.module.in new file mode 100644 index 0000000..fe88908 --- /dev/null +++ b/SoftHSMv2/softhsm2.module.in @@ -0,0 +1,4 @@ +# This file describes how to load the pk11 module +# See: http://p11-glue.freedesktop.org/doc/p11-kit/config.html + +module: @default_softhsm2_lib@ diff --git a/SoftHSMv2/src/Makefile.am b/SoftHSMv2/src/Makefile.am new file mode 100644 index 0000000..7f51142 --- /dev/null +++ b/SoftHSMv2/src/Makefile.am @@ -0,0 +1,3 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in + +SUBDIRS = lib bin diff --git a/SoftHSMv2/src/bin/Makefile.am b/SoftHSMv2/src/bin/Makefile.am new file mode 100644 index 0000000..354c272 --- /dev/null +++ b/SoftHSMv2/src/bin/Makefile.am @@ -0,0 +1,10 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in + +SUBDIRS = common keyconv util dump + +if BUILD_MIGRATE +SUBDIRS += migrate +endif + +EXTRA_DIST = $(srcdir)/win32/*.cpp \ + $(srcdir)/win32/*.h diff --git a/SoftHSMv2/src/bin/common/Makefile.am b/SoftHSMv2/src/bin/common/Makefile.am new file mode 100644 index 0000000..e3a2b24 --- /dev/null +++ b/SoftHSMv2/src/bin/common/Makefile.am @@ -0,0 +1,3 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in + +EXTRA_DIST = $(srcdir)/*.h diff --git a/SoftHSMv2/src/bin/common/findslot.cpp b/SoftHSMv2/src/bin/common/findslot.cpp new file mode 100644 index 0000000..5936db7 --- /dev/null +++ b/SoftHSMv2/src/bin/common/findslot.cpp @@ -0,0 +1,372 @@ +/* + * Copyright (c) 2016 SURFnet bv + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER + * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN + * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/***************************************************************************** + findslot.cpp + + Helper function to find the slot + *****************************************************************************/ + +#include +#include "findslot.h" + +#include +#include +#include + +extern CK_FUNCTION_LIST_PTR p11; + +// Find the slot/token +int findSlot(char* slot, char* serial, char* token, bool freeToken, CK_SLOT_ID& slotID) +{ + if (slot != NULL) + { + int slotNumber = atoi(slot); + if (slotNumber < 0) + { + fprintf(stderr, "ERROR: The slot number is negative.\n"); + return 1; + } + + slotID = slotNumber; + return 0; + } + + if (serial == NULL && token == NULL && freeToken == false) + { + fprintf(stderr, "ERROR: A slot/token must be supplied. " + "Use --slot , --serial , " + "--token