aboutsummaryrefslogtreecommitdiffstats
path: root/testing/softhsm
diff options
context:
space:
mode:
Diffstat (limited to 'testing/softhsm')
-rw-r--r--testing/softhsm/01_aes_mac_fix.patch65
-rw-r--r--testing/softhsm/APKBUILD43
2 files changed, 108 insertions, 0 deletions
diff --git a/testing/softhsm/01_aes_mac_fix.patch b/testing/softhsm/01_aes_mac_fix.patch
new file mode 100644
index 0000000000..38d6c1fabf
--- /dev/null
+++ b/testing/softhsm/01_aes_mac_fix.patch
@@ -0,0 +1,65 @@
+commit b8d509b24958756f845f17e95c9fb8c4f7eaacbc
+Author: Scott Allan <scott.allan@securekey.com>
+Date: Sun Aug 20 01:32:46 2017 -0500
+
+ Fix creating AES keys for MAC functions - Set Type to GENERIC_SECRET per spec 2.20
+
+diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
+index ee94d3f..eb1bbfa 100644
+--- a/src/lib/SoftHSM.cpp
++++ b/src/lib/SoftHSM.cpp
+@@ -5284,7 +5284,7 @@ CK_RV SoftHSM::C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha
+ (objClass != CKO_SECRET_KEY || keyType != CKK_DES3))
+ return CKR_TEMPLATE_INCONSISTENT;
+ if (pMechanism->mechanism == CKM_AES_KEY_GEN &&
+- (objClass != CKO_SECRET_KEY || keyType != CKK_AES))
++ (objClass != CKO_SECRET_KEY || (keyType != CKK_AES && keyType != CKK_GENERIC_SECRET)))
+ return CKR_TEMPLATE_INCONSISTENT;
+
+ // Check authorization
+@@ -5332,7 +5332,7 @@ CK_RV SoftHSM::C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMecha
+ // Generate AES secret key
+ if (pMechanism->mechanism == CKM_AES_KEY_GEN)
+ {
+- return this->generateAES(hSession, pTemplate, ulCount, phKey, isOnToken, isPrivate);
++ return this->generateAES(hSession, pTemplate, ulCount, keyType, phKey, isOnToken, isPrivate);
+ }
+
+ return CKR_GENERAL_ERROR;
+@@ -6554,6 +6554,7 @@ CK_RV SoftHSM::generateAES
+ (CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
++ CK_KEY_TYPE keyType,
+ CK_OBJECT_HANDLE_PTR phKey,
+ CK_BBOOL isOnToken,
+ CK_BBOOL isPrivate)
+@@ -6642,7 +6643,6 @@ CK_RV SoftHSM::generateAES
+ // Create the secret key object using C_CreateObject
+ const CK_ULONG maxAttribs = 32;
+ CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
+- CK_KEY_TYPE keyType = CKK_AES;
+ CK_ATTRIBUTE keyAttribs[maxAttribs] = {
+ { CKA_CLASS, &objClass, sizeof(objClass) },
+ { CKA_TOKEN, &isOnToken, sizeof(isOnToken) },
+@@ -6651,7 +6651,7 @@ CK_RV SoftHSM::generateAES
+ };
+ CK_ULONG keyAttribsCount = 4;
+
+- // Add the additional
++// Add the additional
+ if (ulCount > (maxAttribs - keyAttribsCount))
+ rv = CKR_TEMPLATE_INCONSISTENT;
+ for (CK_ULONG i=0; i < ulCount && rv == CKR_OK; ++i)
+diff --git a/src/lib/SoftHSM.h b/src/lib/SoftHSM.h
+index 72092be..59ce7a2 100644
+--- a/src/lib/SoftHSM.h
++++ b/src/lib/SoftHSM.h
+@@ -236,6 +236,7 @@ private:
+ CK_SESSION_HANDLE hSession,
+ CK_ATTRIBUTE_PTR pTemplate,
+ CK_ULONG ulCount,
++ CK_KEY_TYPE,
+ CK_OBJECT_HANDLE_PTR phKey,
+ CK_BBOOL isOnToken,
+ CK_BBOOL isPrivate
diff --git a/testing/softhsm/APKBUILD b/testing/softhsm/APKBUILD
new file mode 100644
index 0000000000..8f601bce12
--- /dev/null
+++ b/testing/softhsm/APKBUILD
@@ -0,0 +1,43 @@
+# Contributor: Frank Felhoffer <silveraid@hackme.ca>
+# Maintainer: Frank Felhoffer <silveraid@hackme.ca>
+pkgname=softhsm
+pkgver=2.3.0
+pkgrel=0
+pkgdesc="cryptographic store accessible through a PKCS #11"
+url="http://www.softhsm.org/"
+arch="all"
+license="BSD2"
+depends="libressl"
+makedepends="libressl-dev automake autoconf libtool file"
+install=""
+subpackages="$pkgname-doc"
+source="softhsm-$pkgver.tar.gz::https://github.com/opendnssec/SoftHSMv2/archive/$pkgver.tar.gz
+ 01_aes_mac_fix.patch"
+builddir="$srcdir/SoftHSMv2-2.3.0"
+patch_args="-p1"
+
+prepare() {
+ default_prepare
+ cd "$builddir"
+ sh autogen.sh
+}
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --disable-gost \
+ --disable-static
+ make
+}
+
+package() {
+ cd "$builddir"
+ make -j1 DESTDIR="$pkgdir/" install
+}
+
+sha512sums="d5b09a3e28f9cb441a9c74fdd0253466462c480165c1f0def263e48751ec978f82d621c51cfca54ba926ad32a5b33cfd3baba4386338352b54ecc66e9ea052cf softhsm-2.3.0.tar.gz
+d9906fe0b8b9177f651a1839c1a1ea9369b1b664b928b067675d4b3c3c5f669500d1ff464b4ab3356e02e48954d2fdb3cf08255d353d445a86d2711f39b37af7 01_aes_mac_fix.patch"
+