Gost

m4/acx_botan_ecc.m4

@@ -0,0 +1,51 @@
+AC_DEFUN([ACX_BOTAN_ECC],[
+	AC_MSG_CHECKING(for Botan ECC support)
+
+	tmp_CPPFLAGS=$CPPFLAGS
+	tmp_LIBS=$LIBS
+
+	CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES"
+	LIBS="$LIBS $CRYPTO_LIBS"
+
+	AC_LANG_PUSH([C++])
+	AC_RUN_IFELSE([
+		AC_LANG_SOURCE([[
+			#include <botan/ec_group.h>
+			#include <botan/oids.h>
+			int main()
+			{
+				const std::string name("secp256r1");
+				const Botan::OID oid(Botan::OIDS::lookup(name));
+				const Botan::EC_Group ecg(oid);
+				try {
+					const Botan::SecureVector<Botan::byte> der =
+					    ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
+				} catch(...) {
+					return 1;
+				}
+				return 0;
+			}
+		]])
+	],[
+		AC_MSG_RESULT([Found P256])
+	],[
+		AC_MSG_RESULT([Cannot find P256])
+		AC_MSG_ERROR([
+Botan library has no ECC support
+or src/pubkey/ec_group/ec_group.cpp must be fixed: at line 124:
+@@ -121,7 +121,7 @@
+          .get_contents();
+       }
+    else if(form == EC_DOMPAR_ENC_OID)
+-      return DER_Encoder().encode(get_oid()).get_contents();
++      return DER_Encoder().encode(OID(get_oid())).get_contents();
+    else if(form == EC_DOMPAR_ENC_IMPLICITCA)
+       return DER_Encoder().encode_null().get_contents();
+    else
+])
+	],[])
+	AC_LANG_POP([C++])
+
+	CPPFLAGS=$tmp_CPPFLAGS
+	LIBS=$tmp_LIBS
+])

m4/acx_botan_gost.m4

@@ -0,0 +1,33 @@
+AC_DEFUN([ACX_BOTAN_GOST],[
+	AC_MSG_CHECKING(for Botan GOST support)
+
+	tmp_CPPFLAGS=$CPPFLAGS
+	tmp_LIBS=$LIBS
+
+	CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES"
+	LIBS="$LIBS $CRYPTO_LIBS"
+
+	AC_LANG_PUSH([C++])
+	AC_RUN_IFELSE([
+		AC_LANG_SOURCE([[
+			#include <botan/gost_3410.h>
+			#include <botan/oids.h>
+			int main()
+			{
+				const std::string name("gost_256A");
+				const Botan::OID oid(Botan::OIDS::lookup(name));
+				const Botan::EC_Group group(oid);
+				return 0;
+			}
+		]])
+	],[
+		AC_MSG_RESULT([Found GOST])
+	],[
+		AC_MSG_RESULT([Cannot find GOST])
+		AC_MSG_ERROR([Botan library has no GOST support])
+	],[])
+	AC_LANG_POP([C++])
+
+	CPPFLAGS=$tmp_CPPFLAGS
+	LIBS=$tmp_LIBS
+])

m4/acx_crypto_backend.m4

@@ -1,6 +1,26 @@
 AC_DEFUN([ACX_CRYPTO_BACKEND],[
 
-	# First check if we want to support GOST
+	# First check if we want to support ECC and GOST
+
+	AC_ARG_ENABLE(ecc,
+		AC_HELP_STRING([--enable-ecc],
+			[Enable support for ECC (default enabled)]
+		),
+		[enable_ecc="${enableval}"],
+		[enable_ecc="yes"]
+	)
+	AC_MSG_CHECKING(for ECC support)
+	if test "x${enable_ecc}" = "xyes"; then
+		AC_MSG_RESULT(yes)
+		AC_DEFINE_UNQUOTED(
+			[WITH_ECC],
+			[],
+			[Compile with ECC support]
+		)
+	else
+		AC_MSG_RESULT(no)
+	fi
+	AM_CONDITIONAL([WITH_ECC], [test "x${enable_ecc}" = "xyes"])
 
 	AC_ARG_ENABLE(gost,
 		AC_HELP_STRING([--enable-gost],
@@ -46,6 +66,14 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[
 		CRYPTO_INCLUDES=$OPENSSL_INCLUDES
 		CRYPTO_LIBS=$OPENSSL_LIBS
 
+		if test "x${enable_ecc}" = "xyes"; then
+			ACX_OPENSSL_ECC
+		fi
+
+		if test "x${enable_gost}" = "xyes"; then
+			ACX_OPENSSL_GOST
+		fi
+
 		AC_DEFINE_UNQUOTED(
 			[WITH_OPENSSL],
 			[],
@@ -64,6 +92,14 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[
 		CRYPTO_INCLUDES=$BOTAN_INCLUDES
 		CRYPTO_LIBS=$BOTAN_LIBS
 
+		if test "x${enable_ecc}" = "xyes"; then
+			ACX_BOTAN_ECC
+		fi
+
+		if test "x${enable_gost}" = "xyes"; then
+			ACX_BOTAN_GOST
+		fi
+
 		AC_DEFINE_UNQUOTED(
 			[WITH_BOTAN],
 			[],

m4/acx_openssl_ecc.m4

@@ -0,0 +1,36 @@
+AC_DEFUN([ACX_OPENSSL_ECC],[
+	AC_MSG_CHECKING(for OpenSSL ECC support)
+
+	tmp_CPPFLAGS=$CPPFLAGS
+	tmp_LIBS=$LIBS
+
+	CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES"
+	LIBS="$LIBS $CRYPTO_LIBS"
+
+	AC_LANG_PUSH([C])
+	AC_RUN_IFELSE([
+		AC_LANG_SOURCE([[
+			#include <openssl/ecdsa.h>
+			#include <openssl/objects.h>
+			int main()
+			{
+				EC_KEY *ec256, *ec384;
+
+				ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+				ec384 = EC_KEY_new_by_curve_name(NID_secp384r1);
+				if (ec256 == NULL || ec384 == NULL)
+					return 1;
+				return 0;
+			}
+		]])
+	],[
+		AC_MSG_RESULT([Found P256 and P384])
+	],[
+		AC_MSG_RESULT([Cannot find P256 or P384])
+		AC_MSG_ERROR([OpenSSL library has no ECC support])
+	],[])
+	AC_LANG_POP([C])
+
+	CPPFLAGS=$tmp_CPPFLAGS
+	LIBS=$tmp_LIBS
+])

m4/acx_openssl_gost.m4

@@ -0,0 +1,41 @@
+AC_DEFUN([ACX_OPENSSL_GOST],[
+	AC_MSG_CHECKING(for OpenSSL GOST support)
+
+	tmp_CPPFLAGS=$CPPFLAGS
+	tmp_LIBS=$LIBS
+
+	CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES"
+	LIBS="$LIBS $CRYPTO_LIBS"
+
+	AC_LANG_PUSH([C])
+	AC_RUN_IFELSE([
+		AC_LANG_SOURCE([[
+			#include <openssl/conf.h>
+			#include <openssl/engine.h>
+			int main()
+			{
+				ENGINE *e;
+				EC_KEY *ek;
+
+				ek = NULL;
+				OPENSSL_config(NULL);
+
+				e = ENGINE_by_id("gost");
+				if (e == NULL)
+					return 1;
+				if (ENGINE_init(e) <= 0)
+					return 1;
+				return 0;
+			}
+		]])
+	],[
+		AC_MSG_RESULT([Found GOST engine])
+	],[
+		AC_MSG_RESULT([Cannot GOST engine])
+		AC_MSG_ERROR([OpenSSL library has no GOST support])
+	],[])
+	AC_LANG_POP([C])
+
+	CPPFLAGS=$tmp_CPPFLAGS
+	LIBS=$tmp_LIBS
+])

src/bin/keyconv/softhsm-keyconv-botan.cpp

@@ -33,6 +33,7 @@
  *****************************************************************************/
 
 #include <config.h>
+#define KEYCONV_BOTAN
 #include "softhsm-keyconv.h"
 
 #include <stdio.h>

src/bin/keyconv/softhsm-keyconv-ossl.cpp

@@ -33,6 +33,7 @@
  *****************************************************************************/
 
 #include <config.h>
+#define KEYCONV_OSSL
 #include "softhsm-keyconv.h"
 
 #include <stdio.h>

src/bin/keyconv/softhsm-keyconv.cpp

@@ -280,7 +280,7 @@ int to_pkcs8(char* in_path, char* out_path, char* file_pin)
 	switch (algorithm)
 	{
 		case DNS_KEYALG_ERROR:
-			fprintf(stderr, "ERROR: The algorithm was not given in the file.\n",
+			fprintf(stderr, "ERROR: The algorithm %i was not given in the file.\n",
 					algorithm);
 			error = 1;
 			break;

src/bin/keyconv/softhsm-keyconv.h

@@ -84,6 +84,7 @@ int b64_ntop(const unsigned char*, size_t, char*, size_t);
 #define MAX_LINE 4096
 
 // The text fields supported
+#if !defined(KEYCONV_BOTAN) && !defined(KEYCONV_OSSL)
 static const char* file_tags[] = {
 	"Private-key-format:",
 	"Algorithm:",
@@ -105,6 +106,7 @@ static const char* file_tags[] = {
 	"Activate:",
 	NULL
 };
+#endif
 
 // The number of each text field.
 // Must match the tags above.

src/bin/util/softhsm-util-botan.cpp

@@ -33,6 +33,7 @@
  *****************************************************************************/
 
 #include <config.h>
+#define UTIL_BOTAN
 #include "softhsm-util.h"
 #include "softhsm-util-botan.h"
 
@@ -86,7 +87,7 @@ int crypto_import_key_pair
 	char* filePIN,
 	char* label,
 	char* objID,
-	int objIDLen,
+	size_t objIDLen,
 	int noPublicKey
 )
 {
@@ -176,7 +177,7 @@ int crypto_save_rsa
 	CK_SESSION_HANDLE hSession,
 	char* label,
 	char* objID,
-	int objIDLen,
+	size_t objIDLen,
 	int noPublicKey,
 	Botan::RSA_PrivateKey* rsa
 )
@@ -335,7 +336,7 @@ int crypto_save_dsa
 	CK_SESSION_HANDLE hSession,
 	char* label,
 	char* objID,
-	int objIDLen,
+	size_t objIDLen,
 	int noPublicKey,
 	Botan::DSA_PrivateKey* dsa
 )

src/bin/util/softhsm-util-botan.h

@@ -103,12 +103,12 @@ typedef struct dsa_key_material_t {
 Botan::Private_Key* crypto_read_file(char* filePath, char* filePIN);
 
 // RSA
-int crypto_save_rsa(CK_SESSION_HANDLE hSession, char* label, char* objID, int objIDLen, int noPublicKey, Botan::RSA_PrivateKey* rsa);
+int crypto_save_rsa(CK_SESSION_HANDLE hSession, char* label, char* objID, size_t objIDLen, int noPublicKey, Botan::RSA_PrivateKey* rsa);
 rsa_key_material_t* crypto_malloc_rsa(Botan::RSA_PrivateKey* rsa);
 void crypto_free_rsa(rsa_key_material_t* keyMat);
 
 // DSA
-int crypto_save_dsa(CK_SESSION_HANDLE hSession, char* label, char* objID, int objIDLen, int noPublicKey, Botan::DSA_PrivateKey* dsa);
+int crypto_save_dsa(CK_SESSION_HANDLE hSession, char* label, char* objID, size_t objIDLen, int noPublicKey, Botan::DSA_PrivateKey* dsa);
 dsa_key_material_t* crypto_malloc_dsa(Botan::DSA_PrivateKey* dsa);
 void crypto_free_dsa(dsa_key_material_t* keyMat);
 

src/bin/util/softhsm-util-ossl.cpp

@@ -33,6 +33,7 @@
  *****************************************************************************/
 
 #include <config.h>
+#define UTIL_OSSL
 #include "softhsm-util.h"
 #include "softhsm-util-ossl.h"
 
@@ -69,7 +70,7 @@ int crypto_import_key_pair
 	char* filePIN,
 	char* label,
 	char* objID,
-	int objIDLen,
+	size_t objIDLen,
 	int noPublicKey
 )
 {
@@ -194,7 +195,7 @@ int crypto_save_rsa
 	CK_SESSION_HANDLE hSession,
 	char* label,
 	char* objID,
-	int objIDLen,
+	size_t objIDLen,
 	int noPublicKey,
 	RSA* rsa
 )
@@ -353,7 +354,7 @@ int crypto_save_dsa
 	CK_SESSION_HANDLE hSession,
 	char* label,
 	char* objID,
-	int objIDLen,
+	size_t objIDLen,
 	int noPublicKey,
 	DSA* dsa
 )

src/bin/util/softhsm-util-ossl.h

@@ -103,12 +103,12 @@ typedef struct dsa_key_material_t {
 EVP_PKEY* crypto_read_file(char* filePath, char* filePIN);
 
 // RSA
-int crypto_save_rsa(CK_SESSION_HANDLE hSession, char* label, char* objID, int objIDLen, int noPublicKey, RSA* rsa);
+int crypto_save_rsa(CK_SESSION_HANDLE hSession, char* label, char* objID, size_t objIDLen, int noPublicKey, RSA* rsa);
 rsa_key_material_t* crypto_malloc_rsa(RSA* rsa);
 void crypto_free_rsa(rsa_key_material_t* keyMat);
 
 // DSA
-int crypto_save_dsa(CK_SESSION_HANDLE hSession, char* label, char* objID, int objIDLen, int noPublicKey, DSA* dsa);
+int crypto_save_dsa(CK_SESSION_HANDLE hSession, char* label, char* objID, size_t objIDLen, int noPublicKey, DSA* dsa);
 dsa_key_material_t* crypto_malloc_dsa(DSA* dsa);
 void crypto_free_dsa(dsa_key_material_t* keyMat);