diff options
author | Frank Felhoffer <silveraid@hackme.ca> | 2017-08-15 15:26:28 -0400 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2017-09-03 02:05:40 +0000 |
commit | 147cd562d9c1d94d4c3e52c634c265b32b8a2e49 (patch) | |
tree | 4676ff12060bcf022076c36c5f6114b7de112681 | |
parent | 3de7c681a8ff6fd8068208bea734191e63fe4cc0 (diff) | |
download | aports-147cd562d9c1d94d4c3e52c634c265b32b8a2e49.tar.bz2 aports-147cd562d9c1d94d4c3e52c634c265b32b8a2e49.tar.xz |
testing/softhsm: new aport
http://www.softhsm.org/
cryptographic store accessible through a PKCS #11
-rw-r--r-- | testing/softhsm/01_aes_mac_fix.patch | 65 | ||||
-rw-r--r-- | testing/softhsm/APKBUILD | 43 |
2 files changed, 108 insertions, 0 deletions
diff --git a/testing/softhsm/01_aes_mac_fix.patch b/testing/softhsm/01_aes_mac_fix.patch new file mode 100644 index 0000000000..38d6c1fabf --- /dev/null +++ b/testing/softhsm/01_aes_mac_fix.patch @@ -0,0 +1,65 @@ +commit b8d509b24958756f845f17e95c9fb8c4f7eaacbc +Author: Scott Allan <scott.allan@securekey.com> +Date: Sun Aug 20 01:32:46 2017 -0500 + + Fix creating AES keys for MAC functions - Set Type to GENERIC_SECRET per spec 2.20 + +diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp +index ee94d3f..eb1bbfa 100644 +--- a/src/lib/SoftHSM.cpp ++++ b/src/lib/SoftHSM.cpp +@@ -5284,7 +5284,7 @@ CK_RV SoftHSM::C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha + (objClass != CKO_SECRET_KEY || keyType != CKK_DES3)) + return CKR_TEMPLATE_INCONSISTENT; + if (pMechanism->mechanism == CKM_AES_KEY_GEN && +- (objClass != CKO_SECRET_KEY || keyType != CKK_AES)) ++ (objClass != CKO_SECRET_KEY || (keyType != CKK_AES && keyType != CKK_GENERIC_SECRET))) + return CKR_TEMPLATE_INCONSISTENT; + + // Check authorization +@@ -5332,7 +5332,7 @@ CK_RV SoftHSM::C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha + // Generate AES secret key + if (pMechanism->mechanism == CKM_AES_KEY_GEN) + { +- return this->generateAES(hSession, pTemplate, ulCount, phKey, isOnToken, isPrivate); ++ return this->generateAES(hSession, pTemplate, ulCount, keyType, phKey, isOnToken, isPrivate); + } + + return CKR_GENERAL_ERROR; +@@ -6554,6 +6554,7 @@ CK_RV SoftHSM::generateAES + (CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, ++ CK_KEY_TYPE keyType, + CK_OBJECT_HANDLE_PTR phKey, + CK_BBOOL isOnToken, + CK_BBOOL isPrivate) +@@ -6642,7 +6643,6 @@ CK_RV SoftHSM::generateAES + // Create the secret key object using C_CreateObject + const CK_ULONG maxAttribs = 32; + CK_OBJECT_CLASS objClass = CKO_SECRET_KEY; +- CK_KEY_TYPE keyType = CKK_AES; + CK_ATTRIBUTE keyAttribs[maxAttribs] = { + { CKA_CLASS, &objClass, sizeof(objClass) }, + { CKA_TOKEN, &isOnToken, sizeof(isOnToken) }, +@@ -6651,7 +6651,7 @@ CK_RV SoftHSM::generateAES + }; + CK_ULONG keyAttribsCount = 4; + +- // Add the additional ++// Add the additional + if (ulCount > (maxAttribs - keyAttribsCount)) + rv = CKR_TEMPLATE_INCONSISTENT; + for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i) +diff --git a/src/lib/SoftHSM.h b/src/lib/SoftHSM.h +index 72092be..59ce7a2 100644 +--- a/src/lib/SoftHSM.h ++++ b/src/lib/SoftHSM.h +@@ -236,6 +236,7 @@ private: + CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulCount, ++ CK_KEY_TYPE, + CK_OBJECT_HANDLE_PTR phKey, + CK_BBOOL isOnToken, + CK_BBOOL isPrivate diff --git a/testing/softhsm/APKBUILD b/testing/softhsm/APKBUILD new file mode 100644 index 0000000000..8f601bce12 --- /dev/null +++ b/testing/softhsm/APKBUILD @@ -0,0 +1,43 @@ +# Contributor: Frank Felhoffer <silveraid@hackme.ca> +# Maintainer: Frank Felhoffer <silveraid@hackme.ca> +pkgname=softhsm +pkgver=2.3.0 +pkgrel=0 +pkgdesc="cryptographic store accessible through a PKCS #11" +url="http://www.softhsm.org/" +arch="all" +license="BSD2" +depends="libressl" +makedepends="libressl-dev automake autoconf libtool file" +install="" +subpackages="$pkgname-doc" +source="softhsm-$pkgver.tar.gz::https://github.com/opendnssec/SoftHSMv2/archive/$pkgver.tar.gz + 01_aes_mac_fix.patch" +builddir="$srcdir/SoftHSMv2-2.3.0" +patch_args="-p1" + +prepare() { + default_prepare + cd "$builddir" + sh autogen.sh +} + +build() { + cd "$builddir" + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --disable-gost \ + --disable-static + make +} + +package() { + cd "$builddir" + make -j1 DESTDIR="$pkgdir/" install +} + +sha512sums="d5b09a3e28f9cb441a9c74fdd0253466462c480165c1f0def263e48751ec978f82d621c51cfca54ba926ad32a5b33cfd3baba4386338352b54ecc66e9ea052cf softhsm-2.3.0.tar.gz +d9906fe0b8b9177f651a1839c1a1ea9369b1b664b928b067675d4b3c3c5f669500d1ff464b4ab3356e02e48954d2fdb3cf08255d353d445a86d2711f39b37af7 01_aes_mac_fix.patch" + |