Gitiles
Code Review Sign In
gerrit.nordix.org / onap / aaf / sshsm / 4c48eea00420dff7a46104c0cf0b9a550362c34b / . / SoftHSMv2 / m4 / acx_crypto_backend.m4
blob: c860c89635bfcd6e080fff0ce72676c20c4207cd [file] [log] [blame]
NingSun0c89b3c2018-02-08 08:34:03 -0800[diff] [blame]1AC_DEFUN([ACX_CRYPTO_BACKEND],[
2
3 # First check if we want to support ECC and GOST
4
5 AC_ARG_ENABLE(ecc,
6 AC_HELP_STRING([--enable-ecc],
7 [Enable support for ECC (default enabled)]
8 ),
9 [enable_ecc="${enableval}"],
10 [enable_ecc="yes"]
11 )
12 AC_MSG_CHECKING(for ECC support)
13 if test "x${enable_ecc}" = "xyes"; then
14 AC_MSG_RESULT(yes)
15 AC_DEFINE_UNQUOTED(
16 [WITH_ECC],
17 [],
18 [Compile with ECC support]
19 )
20 else
21 AC_MSG_RESULT(no)
22 fi
23 AM_CONDITIONAL([WITH_ECC], [test "x${enable_ecc}" = "xyes"])
24
25 AC_ARG_ENABLE(gost,
26 AC_HELP_STRING([--enable-gost],
27 [Enable support for GOST (default enabled)]
28 ),
29 [enable_gost="${enableval}"],
30 [enable_gost="yes"]
31 )
32 AC_MSG_CHECKING(for GOST support)
33 if test "x${enable_gost}" = "xyes"; then
34 AC_MSG_RESULT(yes)
35 AC_DEFINE_UNQUOTED(
36 [WITH_GOST],
37 [],
38 [Compile with GOST support]
39 )
40 else
41 AC_MSG_RESULT(no)
42 fi
43 AM_CONDITIONAL([WITH_GOST], [test "x${enable_gost}" = "xyes"])
44
45 # Second check for the FIPS 140-2 mode
46
47 AC_ARG_ENABLE(fips,
48 AC_HELP_STRING([--enable-fips],
49 [Enable support for FIPS 140-2 mode (default disabled)]
50 ),
51 [enable_fips="${enableval}"],
52 [enable_fips="no"]
53 )
54 AC_MSG_CHECKING(for FIPS 140-2 mode)
55 if test "x${enable_fips}" = "xyes"; then
56 AC_MSG_RESULT(yes)
57 AC_DEFINE_UNQUOTED(
58 [WITH_FIPS],
59 [],
60 [Compile with FIPS 140-2 mode]
61 )
62 else
63 AC_MSG_RESULT(no)
64 fi
65 AM_CONDITIONAL([WITH_GOST], [test "x${enable_fips}" = "xyes"])
66
67 # Then check what crypto library we want to use
68
69 AC_ARG_WITH(crypto-backend,
70 AC_HELP_STRING([--with-crypto-backend],
71 [Select crypto backend (openssl|botan)]
72 ),
73 [crypto_backend="${withval}"],
74 [crypto_backend="openssl"]
75 )
76
77 AC_MSG_CHECKING(for crypto backend)
78
79 if test "x${crypto_backend}" = "xopenssl"; then
80 AC_MSG_RESULT(OpenSSL)
81
82 if test "x${enable_fips}" = "xyes"; then
83 ACX_OPENSSL(1,0,1)
84 else
85 ACX_OPENSSL(1,0,0)
86 fi
87
88 CRYPTO_INCLUDES=$OPENSSL_INCLUDES
89 CRYPTO_LIBS=$OPENSSL_LIBS
90
91 if test "x${enable_ecc}" = "xyes"; then
92 ACX_OPENSSL_ECC
93 fi
94
95 if test "x${enable_gost}" = "xyes"; then
96 if test "x${enable_fips}" = "xyes"; then
97 AC_MSG_ERROR([GOST is not FIPS approved])
98 fi
99 ACX_OPENSSL_GOST
100 fi
101
102 if test "x${enable_fips}" = "xyes"; then
103 ACX_OPENSSL_FIPS
104 else
105 ACX_OPENSSL_EVPAESWRAP
106 fi
107
108 AC_DEFINE_UNQUOTED(
109 [WITH_RAW_PSS],
110 [1],
111 [Compile with raw RSA PKCS PSS]
112 )
113 AC_DEFINE_UNQUOTED(
114 [WITH_AES_GCM],
115 [1],
116 [Compile with AES_GCM]
117 )
118 AC_DEFINE_UNQUOTED(
119 [WITH_OPENSSL],
120 [],
121 [Compile with OpenSSL support]
122 )
123
124 elif test "x${crypto_backend}" = "xbotan"; then
125 AC_MSG_RESULT(Botan)
126
127 ACX_BOTAN(1,10,0)
128
129 CRYPTO_INCLUDES=$BOTAN_INCLUDES
130 CRYPTO_LIBS=$BOTAN_LIBS
131
132 if test "x${enable_ecc}" = "xyes"; then
133 ACX_BOTAN_ECC
134 fi
135
136 if test "x${enable_fips}" = "xyes"; then
137 AC_MSG_ERROR([Botan does not support FIPS 140-2 mode])
138 fi
139
140 if test "x${enable_gost}" = "xyes"; then
141 ACX_BOTAN_GOST
142 fi
143
144 if test "x${BOTAN_VERSION_MAJOR}" = "x1" -a "x${BOTAN_VERSION_MINOR}" = "x10"; then
145 ACX_BOTAN_GNUMP
146 fi
147
148 ACX_BOTAN_RFC5649
149 ACX_BOTAN_RAWPSS
150 ACX_BOTAN_AES_GCM
151
152 AC_DEFINE_UNQUOTED(
153 [WITH_BOTAN],
154 [],
155 [Compile with Botan support]
156 )
157
158 else
159 AC_MSG_RESULT(Unknown)
160 AC_MSG_ERROR([Crypto backend ${crypto_backend} not supported. Use openssl or botan.])
161 fi
162
163 AC_SUBST(CRYPTO_INCLUDES)
164 AC_SUBST(CRYPTO_LIBS)
165 AM_CONDITIONAL([WITH_OPENSSL], [test "x${crypto_backend}" = "xopenssl"])
166 AM_CONDITIONAL([WITH_BOTAN], [test "x${crypto_backend}" = "xbotan"])
167
168])