SoftHSMv2/m4/acx_crypto_backend.m4

   1 AC_DEFUN([ACX_CRYPTO_BACKEND],[
   2
   3         # First check if we want to support ECC and GOST
   4
   5         AC_ARG_ENABLE(ecc,
   6                 AC_HELP_STRING([--enable-ecc],
   7                         [Enable support for ECC (default enabled)]
   8                 ),
   9                 [enable_ecc="${enableval}"],
  10                 [enable_ecc="yes"]
  11         )
  12         AC_MSG_CHECKING(for ECC support)
  13         if test "x${enable_ecc}" = "xyes"; then
  14                 AC_MSG_RESULT(yes)
  15                 AC_DEFINE_UNQUOTED(
  16                         [WITH_ECC],
  17                         [],
  18                         [Compile with ECC support]
  19                 )
  20         else
  21                 AC_MSG_RESULT(no)
  22         fi
  23         AM_CONDITIONAL([WITH_ECC], [test "x${enable_ecc}" = "xyes"])
  24
  25         AC_ARG_ENABLE(gost,
  26                 AC_HELP_STRING([--enable-gost],
  27                         [Enable support for GOST (default enabled)]
  28                 ),
  29                 [enable_gost="${enableval}"],
  30                 [enable_gost="yes"]
  31         )
  32         AC_MSG_CHECKING(for GOST support)
  33         if test "x${enable_gost}" = "xyes"; then
  34                 AC_MSG_RESULT(yes)
  35                 AC_DEFINE_UNQUOTED(
  36                         [WITH_GOST],
  37                         [],
  38                         [Compile with GOST support]
  39                 )
  40         else
  41                 AC_MSG_RESULT(no)
  42         fi
  43         AM_CONDITIONAL([WITH_GOST], [test "x${enable_gost}" = "xyes"])
  44
  45         # Add Eddsa check
  46
  47         AC_ARG_ENABLE(eddsa,
  48                 AC_HELP_STRING([--enable-eddsa],
  49                         [Enable support for EDDSA (default disabled)]
  50                 ),
  51                 [enable_eddsa="${enableval}"],
  52                 [enable_eddsa="no"]
  53         )
  54         AC_MSG_CHECKING(for EDDSA support)
  55         if test "x${enable_eddsa}" = "xyes"; then
  56                 AC_MSG_RESULT(yes)
  57                 AC_DEFINE_UNQUOTED(
  58                         [WITH_EDDSA],
  59                         [],
  60                         [Compile with EDDSA support]
  61                 )
  62         else
  63                 AC_MSG_RESULT(no)
  64         fi
  65         AM_CONDITIONAL([WITH_EDDSA], [test "x${enable_eddsa}" = "xyes"])
  66
  67         # Second check for the FIPS 140-2 mode
  68
  69         AC_ARG_ENABLE(fips,
  70                 AC_HELP_STRING([--enable-fips],
  71                         [Enable support for FIPS 140-2 mode (default disabled)]
  72                 ),
  73                 [enable_fips="${enableval}"],
  74                 [enable_fips="no"]
  75         )
  76         AC_MSG_CHECKING(for FIPS 140-2 mode)
  77         if test "x${enable_fips}" = "xyes"; then
  78                 AC_MSG_RESULT(yes)
  79                 AC_DEFINE_UNQUOTED(
  80                         [WITH_FIPS],
  81                         [],
  82                         [Compile with FIPS 140-2 mode]
  83                 )
  84         else
  85                 AC_MSG_RESULT(no)
  86         fi
  87         AM_CONDITIONAL([WITH_GOST], [test "x${enable_fips}" = "xyes"])
  88
  89         # Then check what crypto library we want to use
  90
  91         AC_ARG_WITH(crypto-backend,
  92                 AC_HELP_STRING([--with-crypto-backend],
  93                         [Select crypto backend (openssl|botan)]
  94                 ),
  95                 [crypto_backend="${withval}"],
  96                 [crypto_backend="openssl"]
  97         )
  98
  99         AC_MSG_CHECKING(for crypto backend)
 100
 101         if test "x${crypto_backend}" = "xopenssl"; then
 102                 AC_MSG_RESULT(OpenSSL)
 103
 104                 if test "x${enable_fips}" = "xyes"; then
 105                         ACX_OPENSSL(1,0,1)
 106                 else
 107                         ACX_OPENSSL(1,0,0)
 108                 fi
 109
 110                 CRYPTO_INCLUDES=$OPENSSL_INCLUDES
 111                 CRYPTO_LIBS=$OPENSSL_LIBS
 112
 113                 if test "x${enable_ecc}" = "xyes"; then
 114                         ACX_OPENSSL_ECC
 115                 fi
 116
 117                 if test "x${enable_eddsa}" = "xyes"; then
 118                         ACX_OPENSSL_EDDSA
 119                 fi
 120
 121                 if test "x${enable_gost}" = "xyes"; then
 122                         if test "x${enable_fips}" = "xyes"; then
 123                                 AC_MSG_ERROR([GOST is not FIPS approved])
 124                         fi
 125                         ACX_OPENSSL_GOST
 126                 fi
 127
 128                 if test "x${enable_fips}" = "xyes"; then
 129                         ACX_OPENSSL_FIPS
 130                 else
 131                         ACX_OPENSSL_EVPAESWRAP
 132                 fi
 133
 134                 AC_DEFINE_UNQUOTED(
 135                         [WITH_RAW_PSS],
 136                         [1],
 137                         [Compile with raw RSA PKCS PSS]
 138                 )
 139                 AC_DEFINE_UNQUOTED(
 140                         [WITH_AES_GCM],
 141                         [1],
 142                         [Compile with AES_GCM]
 143                 )
 144                 AC_DEFINE_UNQUOTED(
 145                         [WITH_OPENSSL],
 146                         [],
 147                         [Compile with OpenSSL support]
 148                 )
 149
 150         elif test "x${crypto_backend}" = "xbotan"; then
 151                 AC_MSG_RESULT(Botan)
 152
 153                 ACX_BOTAN(1,10,0)
 154
 155                 CRYPTO_INCLUDES=$BOTAN_CFLAGS
 156                 CRYPTO_LIBS=$BOTAN_LIBS
 157
 158                 if test "x${enable_ecc}" = "xyes"; then
 159                         ACX_BOTAN_ECC
 160                 fi
 161
 162                 if test "x${enable_eddsa}" = "xyes"; then
 163                         ACX_BOTAN_EDDSA
 164                 fi
 165
 166                 if test "x${enable_fips}" = "xyes"; then
 167                         AC_MSG_ERROR([Botan does not support FIPS 140-2 mode])
 168                 fi
 169
 170                 if test "x${enable_gost}" = "xyes"; then
 171                         ACX_BOTAN_GOST
 172                 fi
 173
 174                 if test "x${BOTAN_VERSION_MAJOR}" = "x1" -a "x${BOTAN_VERSION_MINOR}" = "x10"; then
 175                         ACX_BOTAN_GNUMP
 176                 fi
 177
 178                 ACX_BOTAN_RFC5649
 179                 ACX_BOTAN_RAWPSS
 180                 ACX_BOTAN_AES_GCM
 181
 182                 AC_DEFINE_UNQUOTED(
 183                         [WITH_BOTAN],
 184                         [],
 185                         [Compile with Botan support]
 186                 )
 187
 188         else
 189                 AC_MSG_RESULT(Unknown)
 190                 AC_MSG_ERROR([Crypto backend ${crypto_backend} not supported. Use openssl or botan.])
 191         fi
 192
 193         AC_SUBST(CRYPTO_INCLUDES)
 194         AC_SUBST(CRYPTO_LIBS)
 195         AM_CONDITIONAL([WITH_OPENSSL], [test "x${crypto_backend}" = "xopenssl"])
 196         AM_CONDITIONAL([WITH_BOTAN], [test "x${crypto_backend}" = "xbotan"])
 197
 198 ])