diff --git a/icc/DELTA/Delta_test.c b/icc/DELTA/Delta_test.c index e5f2336..32032f3 100644 --- a/icc/DELTA/Delta_test.c +++ b/icc/DELTA/Delta_test.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/DELTA/delta.c b/icc/DELTA/delta.c index e629cb7..5a02499 100644 --- a/icc/DELTA/delta.c +++ b/icc/DELTA/delta.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/DELTA/delta_t.h b/icc/DELTA/delta_t.h index 24ae6e7..968ce9a 100644 --- a/icc/DELTA/delta_t.h +++ b/icc/DELTA/delta_t.h @@ -1,8 +1,8 @@ /* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. */ diff --git a/icc/DELTA/iccstub.c b/icc/DELTA/iccstub.c index c4a0cc9..22c47d2 100644 --- a/icc/DELTA/iccstub.c +++ b/icc/DELTA/iccstub.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/DepScanner.java b/icc/DepScanner.java index baa4c78..6c599ec 100644 --- a/icc/DepScanner.java +++ b/icc/DepScanner.java @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/ICCPKG.mk b/icc/ICCPKG.mk index 7ca5891..6fbc966 100644 --- a/icc/ICCPKG.mk +++ b/icc/ICCPKG.mk @@ -2,21 +2,21 @@ # Make file for ICCPKG components exported to GSkit # -iccpkg: ICC_ver.txt ../package/ICCPKG.tar \ - ../package/gsk_crypto.tar ../package/gsk_crypto_sdk.tar \ - ../package/jgsk_crypto.tar ../package/jgsk_crypto_sdk.tar +iccpkg: ICC_ver.txt $(ICC_ROOT)/package/ICCPKG.tar \ + $(ICC_ROOT)/package/gsk_crypto.tar $(ICC_ROOT)/package/gsk_crypto_sdk.tar \ + $(ICC_ROOT)/package/jgsk_crypto.tar $(ICC_ROOT)/package/jgsk_crypto_sdk.tar -../package/gsk_crypto.tar: ../package/gskit_crypto - -$(RM) ../package/gskit_crypto/dummyfile +$(ICC_ROOT)/package/gsk_crypto.tar: $(ICC_ROOT)/package/gskit_crypto + -$(RM) $(ICC_ROOT)/package/gskit_crypto/dummyfile ( \ - cd ../package/gskit_crypto/; \ - $(TARCMD) ../gsk_crypto.tar * \ + cd $(ICC_ROOT)/package/gskit_crypto/; \ + $(TARCMD) $(ICC_ROOT)/gsk_crypto.tar * \ ) -../package/gsk_crypto_sdk.tar: ../package/gsk_sdk +$(ICC_ROOT)/package/gsk_crypto_sdk.tar: $(ICC_ROOT)/package/gsk_sdk ( \ - cd ../package; \ + cd $(ICC_ROOT)/package; \ ( \ cd gsk_sdk ; \ touch keep_tar_quiet.pdb ; \ @@ -26,19 +26,19 @@ iccpkg: ICC_ver.txt ../package/ICCPKG.tar \ $(TARCMD) gsk_crypto_sdk.tar gsk_sdk \ ) -../package/jgsk_crypto.tar: ../package/jgskit_crypto +$(ICC_ROOT)/package/jgsk_crypto.tar: $(ICC_ROOT)/package/jgskit_crypto ( \ - cd ../package/jgskit_crypto/; \ - $(TARCMD) ../jgsk_crypto.tar *; \ + cd $(ICC_ROOT)/package/jgskit_crypto/; \ + $(TARCMD) $(ICC_ROOT)/jgsk_crypto.tar *; \ ) -../package/jgsk_crypto_sdk.tar: ../package/jgsk_sdk +$(ICC_ROOT)/package/jgsk_crypto_sdk.tar: $(ICC_ROOT)/package/jgsk_sdk ( \ - cd ../package; \ + cd $(ICC_ROOT)/package; \ $(TARCMD) jgsk_crypto_sdk.tar jgsk_sdk ; \ ) -../package/ICCPKG.tar: ../iccpkg/gsk_wrap2.c +$(ICC_ROOT)/package/ICCPKG.tar: $(ICC_ROOT)/iccpkg/gsk_wrap2.c $(MKDIR) $(PACKAGE_DIR)/sources $(MKDIR) $(PACKAGE_DIR)/sources/exports $(MKDIR) $(PACKAGE_DIR)/bvt @@ -51,16 +51,15 @@ iccpkg: ICC_ver.txt ../package/ICCPKG.tar \ $(MKDIR) $(PACKAGE_DIR)/doc echo "Dummy file to stop tar complaining" > $(PACKAGE_DIR)/gskit_crypto/dummyfile # Copy the bits that end up in the iccpkg SDK - $(CP) ../iccpkg/iccpkg_a.h $(PACKAGE_DIR)/iccpkg_sdk/icc_a.h - $(CP) icc.h $(PACKAGE_DIR)/iccpkg_sdk/ - $(CP) iccglobals.h $(PACKAGE_DIR)/iccpkg_sdk/ - -$(CP) $(SDK_DIR)/GenRndData $(PACKAGE_DIR)/iccpkg_sdk/ - $(CP) $(SDK_DIR)/openssl $(PACKAGE_DIR)/iccpkg_sdk/ + $(CP) $(ICC_ROOT)/iccpkg/iccpkg_a.h $(PACKAGE_DIR)/iccpkg_sdk/icc_a.h + $(CP) $(ICC_ROOT)/icc/icc.h $(PACKAGE_DIR)/iccpkg_sdk/ + $(CP) $(ICC_ROOT)/icc/iccglobals.h $(PACKAGE_DIR)/iccpkg_sdk/ + $(CP) $(SDK_DIR)/openssl$(EXESUFX) $(PACKAGE_DIR)/iccpkg_sdk/ # Copy the sources for ICCPKG component - $(CP) ../iccpkg/gsk_wrap2.c $(PACKAGE_DIR)/sources/ - $(CP) ../iccpkg/gsk_wrap2_a.c $(PACKAGE_DIR)/sources/ + $(CP) $(ICC_ROOT)/iccpkg/gsk_wrap2.c $(PACKAGE_DIR)/sources/ + $(CP) $(ICC_ROOT)/iccpkg/gsk_wrap2_a.c $(PACKAGE_DIR)/sources/ # Copy the exports files - $(CP) ../iccpkg/exports/* $(PACKAGE_DIR)/sources/exports/ + $(CP) $(ICC_ROOT)/iccpkg/exports/* $(PACKAGE_DIR)/sources/exports/ # Copy the static libraries, ICC's and ICCPKG PKCS#11 $(CP) $(SDK_DIR)/$(STLPRFX)icc$(STLSUFX) $(PACKAGE_DIR)/sources/ # Copy the zlib library and headers @@ -69,10 +68,8 @@ iccpkg: ICC_ver.txt ../package/ICCPKG.tar \ $(CP) $(ZLIB_DIR)/zconf.h $(PACKAGE_DIR)/zlib/include/ # Copy the test case sources $(CP) icctest.c $(PACKAGE_DIR)/bvt/icc/ -# Copy the GSkit-Crypto doc - -$(CP) ../doc/GSKit_Crypto.pdf $(PACKAGE_DIR)/doc/ ( \ - cd ../package; \ + cd $(ICC_ROOT)/package; \ $(TARCMD) ICCPKG.tar icc/* sources/* bvt/* iccpkg_sdk/* \ zlib/*; \ ) diff --git a/icc/ICCencapsulator.java b/icc/ICCencapsulator.java index cd136c2..426e634 100644 --- a/icc/ICCencapsulator.java +++ b/icc/ICCencapsulator.java @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -201,15 +201,20 @@ static int parsefile(char[] buf, boolean primary) throws Exception { int k = func.numarguments; // Check for argument mismatch - but tolerate pointer / void * for (int i = 0; i < k; i++) { - if (!funcX.argumenttypes[i].equals(func.argumenttypes[i]) - && !(funcX.argumenttypes[i].indexOf("void") >= 0 - || func.argumenttypes[i].indexOf("void") >= 0)) { - System.out.println("Argument type mismatch " + funcX.name + " " - + func.argumenttypes[i] + " != " + funcX.argumenttypes[i] - + " !"); - // found = false; + if (!funcX.argumenttypes[i].equals(func.argumenttypes[i])) { + System.out.println("Argument type mismatch " + funcX.name + "() '" + + func.argumenttypes[i] + "' != '" + funcX.argumenttypes[i] + "'"); + if ( funcX.argumenttypes[i].indexOf("void") >= 0 || func.argumenttypes[i].indexOf("void") >= 0 ) { + System.out.println("\tok: void"); + } + else if ( func.argumenttypes[i].indexOf("const") >= 0 ) { + System.out.println("\tok: const"); + } + else { + found = false; break; } + } } } @@ -400,7 +405,13 @@ public static void main(String[] args) doWork(new File_Muppet_mk()); // muppet.mk - doWork(new File_one_sh()); // one.sh + try { + doWork(new File_one_sh()); // one.sh + } + catch (FileNotFoundException e) { + System.out.println("Failed: out.sh"); + // ignore + } // Extra functions to support replacement of // OpenSSL in various language backends @@ -449,6 +460,8 @@ public static void SetupPrependWords() { prependwords.add("BIGNUM"); prependwords.add("PRNG"); prependwords.add("CMAC"); + prependwords.add("EVP_KDF"); + prependwords.add("OSSL_PARAM"); prependwords.add("HMAC"); prependwords.add("KDF"); prependwords.add("DES"); @@ -513,8 +526,8 @@ class FileType { "/*-----------------------------------------------------------------\n"+ "// Copyright IBM Corp. 2023\n"+ "//\n"+ - "// Licensed under the Apache License 2.0 (the \"License\").  You may not use\n"+ - "// this file except in compliance with the License.  You can obtain a copy\n"+ + "// Licensed under the Apache License 2.0 (the \"License\"). You may not use\n"+ + "// this file except in compliance with the License. You can obtain a copy\n"+ "// in the file LICENSE in the source distribution.\n"+ "//----------------------------------------------------------------*/\n\n\n"; static final String preambleend = "/* Machine generated code: DO NOT EDIT */"; @@ -1087,6 +1100,9 @@ public void Preamble() throws Exception { super.Preamble(); writer.write("/** \\file icc_a.h\n" + "* Function prototypes for the ICC API (ICCSDK).\n" + "* This file is autogenerated and should only be included via icc.h.\n" + "*/\n\n"); + + writer.write("\n#ifndef INCLUDED_ICC_A\n#define INCLUDED_ICC_A\n"); + writer.write("\n#define NUM_ICCFUNCTIONS " + ICCencapsulator.number_of_functions + "\n\n"); writer.write("#if !defined(ICCLIB)\n"); @@ -1104,6 +1120,9 @@ public void Postamble() throws Exception { writeExtraHeaderStuff(true); writeMischeaderStuff(); + + writer.write("\n#endif /*INCLUDED_ICC_A*/\n"); + super.Postamble(); writer.write("#endif /*!defined(ICCLIB) */\n"); } @@ -1351,6 +1370,7 @@ void write_ICClib_t() throws Exception { + "\tint lock; /*!< Set once initialized to prevent invalid mode changes*/\n" + "\tint unicode; /*!< Flag to let us know we were initialized with a unicode string */\n" + "\tCALLBACK_T callback; /*!< Callback for fips indicator*/\n" + + "\tTRACE_CALLBACK_T trace_callback; /*!< Tracecallback */\n" + "};\n\n" + "typedef struct ICClib_t ICClib;\n\n"); } } @@ -1401,7 +1421,10 @@ public void Preamble() throws Exception { super.Preamble(); writer.write("/*! \\file icc_a.h\n" + "* Function prototypes for the ICC API (ICCSDK)\n" - + "* This file is autogenerated and should only be included via icc.h\n" + "*/\n\n"); + + "* This file is autogenerated and should only be included via icc.h\n" + "*/\n"); + + writer.write("\n#ifndef INCLUDED_ICC_A\n#define INCLUDED_ICC_A\n\n"); + // Write the defines for ICC_Init/ICC_InitW writeExtraHeaderStuffUnCon("", false); writeGSKitExtraHeaderStuff(); @@ -1418,6 +1441,8 @@ public void Body(ICCFunction func) throws Exception { public void Postamble() throws Exception { + writer.write("\n#endif /*INCLUDED_ICC_A*/\n"); + super.Postamble(); } @@ -1507,15 +1532,16 @@ public void Preamble() throws Exception // but the FIPS one is present if( ICCencapsulator.Prefix.indexOf("C") >= 0) { FIPS = true; - writer.write("#define HAVE_C_ICC 1\n"); + writer.write("#define HAVE_C_ICC\n"); } else if(ICCencapsulator.oldICC == true) { // Normal build, we have TWO ICC's present, FIPS and non-FIPS - writer.write("#define HAVE_C_ICC 1\n"); - writer.write("#define HAVE_N_ICC 1\n"); + writer.write("#define HAVE_C_ICC\n"); + writer.write("#define HAVE_N_ICC\n"); } else { // non-FIPS build with no FIPS partner available - writer.write("#define HAVE_N_ICC 1\n"); + writer.write("#define HAVE_N_ICC\n"); } + writer.write("\n"); } /** * emit the body of a relayed function call - GSkit style, which just calls the namespaced function @@ -1543,8 +1569,10 @@ public void Body(ICCFunction func) throws Exception func.WriteFunction(writer,ICCencapsulator.ICCPrefix,pcbtype); writer.write(";\n"); if(func.isLegacy(this)) { + writer.write("#if defined(HAVE_C_ICC)\n"); func.WriteFunction(writer,ICCencapsulator.ALT_ICCPrefix,pcbtype); writer.write(";\n"); + writer.write("#endif\n"); } // Is documentation available for the entry point, if so add it so GSkit's doxygen can pick it up ? writer.write(func.GenComment(this)); @@ -1580,15 +1608,14 @@ public void Body(ICCFunction func) throws Exception } else { /* Syntactic fluff, so we can map the indentation on generated code */ writer.write("\t\tif(NULL != wpcb->Nctx) {\n"); - { writer.write("\t\t\t"); if (! func.returntype.equals("void")) { writer.write("return "); } func.WriteCallingFunction(writer,ICCencapsulator.ICCPrefix,"(wpcb->Nctx"); writer.write("\n\t\t}\n"); - } if(func.isLegacy(this)) { + writer.write("#if defined(HAVE_C_ICC)\n"); writer.write("\t\tif(NULL != wpcb->Cctx) {\n"); { @@ -1599,6 +1626,7 @@ public void Body(ICCFunction func) throws Exception func.WriteCallingFunction(writer,ICCencapsulator.ALT_ICCPrefix,"(wpcb->Cctx"); writer.write("\n\t\t}\n"); } + writer.write("#endif\n"); } else { if( !func.returntype.equals("void") && func.returntype.indexOf("*") < 0) { @@ -2746,6 +2774,10 @@ class OS { "jgsk_exp_init" */ }; + private static String ICKCExports[] = { + "ICKC_Init", + }; + private static String AUXExports[] = { "AUX_Init", "AUX_Cleanup" }; // Windows only exported symbols. I did consider making this per-OS, but @@ -2753,6 +2785,7 @@ class OS { // only Windows has this issue. private static String GSKWinExports[] = { "ICC_InitW","gskiccs8_pathW","gskiccs_pathW" }; private static String JGSKWinExports[] = { "JCC_InitW" }; + private static String ICKCWinExports[] = { "ICKC_InitW" }; // Extra exported symbols, used by our FVT code calling into OpenSSL private static String OSSLExports[] = { "CRYPTO_num_locks" }; @@ -2785,6 +2818,7 @@ public OSTYPE os() { private List ICCExport; private List GSKExport; private List JGSKExport; + private List ICKCExport; private List AUXExport; OS() { @@ -2842,6 +2876,26 @@ public OSTYPE os() { JGSKExport.add(new ExportMe("jccstepZOS.h", OSTYPE.ZOS)); JGSKExport.add(new ExportMe("jccstepOSX.def", OSTYPE.OSX)); + // ICKCkit exports + ICKCExport = new ArrayList(); + + ICKCExport.add(new ExportMe("ickcstepaix4.exp", OSTYPE.AIX)); + ICKCExport.add(new ExportMe("ickcstepsun64.exp", OSTYPE.SUN)); + ICKCExport.add(new ExportMe("ickcstepaix64.exp", OSTYPE.AIX)); + ICKCExport.add(new ExportMe("ickcstepsun64_x86.exp", OSTYPE.SUN)); + ICKCExport.add(new ExportMe("ickcstephpux.exp", OSTYPE.HP)); + ICKCExport.add(new ExportMe("ickcstepsun_x86.exp", OSTYPE.SUN)); + ICKCExport.add(new ExportMe("ickcstephpux64.exp", OSTYPE.HP)); + ICKCExport.add(new ExportMe("ickcstepwin.def", OSTYPE.WIN)); + ICKCExport.add(new ExportMe("ickcstephpux64_ia64_gcc.exp", OSTYPE.HP)); + ICKCExport.add(new ExportMe("ickcstepwin64.def", OSTYPE.WIN)); + ICKCExport.add(new ExportMe("ickcstephpux_ia64.exp", OSTYPE.HP)); + ICKCExport.add(new ExportMe("ickcsteplinux.exp", OSTYPE.LINUX)); + ICKCExport.add(new ExportMe("ickcstepsun4-sol2.exp", OSTYPE.SUN)); + ICKCExport.add(new ExportMe("ickcstepOS400.exp", OSTYPE.OS400)); + ICKCExport.add(new ExportMe("ickcstepZOS.h", OSTYPE.ZOS)); + ICKCExport.add(new ExportMe("ickcstepOSX.def", OSTYPE.OSX)); + // AUX exports AUXExport = new ArrayList(); AUXExport.add(new ExportMe("iccauxaix4.exp", OSTYPE.AIX)); @@ -2900,7 +2954,11 @@ public void write_GSKexports(List functionlist) throws Exception { writeJGSKDefFile(myWriter, Ex.os(), functionlist, "JGSKICCS", "JCC_"); myWriter.close(); } - + for (ExportMe Ex : ICKCExport) { + FileWriter myWriter = new FileWriter("../iccpkg/exports/" + Ex.fname); + writeICKCDefFile(myWriter, Ex.os(), functionlist, "ICKCICCS", "ICKC_"); + myWriter.close(); + } } /** @@ -3213,6 +3271,97 @@ public void writeJGSKDefFile(FileWriter myWriter, OSTYPE os, List functi } } + /** + * Write a properly formatted exports file for various OS's The exported + * functions are the ones currently in the functionnames list This version + * writes the exports file GSkit needs. + * + * @param myWriter The output stream + * @param osnum The OS type to process. + */ + + public void writeICKCDefFile(FileWriter myWriter, OSTYPE os, List functionlist, String compat, String prefix) throws Exception { + switch (os) { + case WIN: + myWriter.write("DESCRIPTION 'GSKICCS EXPORT FILE'\n\nEXPORTS\n"); + for (String name : ICKCExports) { + myWriter.write(name + "\n"); + } + for (String name : ICKCWinExports) { + myWriter.write(name + "\n"); + } + for (String name : functionlist) { + myWriter.write(prefix + name + "\n"); + } + break; + case AIX: + myWriter.write("#!\n*DESCRIPTION 'GSKICCS EXPORT FILE'\n\n"); + for (String name : ICKCExports) { + myWriter.write(name + "\n"); + } + for (String name : functionlist) { + myWriter.write(prefix + name + "\n"); + } + break; + case SUN: + case LINUX: + myWriter.write("#DESCRIPTION 'GSKICCS EXPORT FILE'\n\n" + compat + " {\n global:\n"); + for (String name : ICKCExports) { + myWriter.write(" " + name + ";\n"); + } + for (String name : functionlist) { + myWriter.write(" " + prefix + name + ";\n"); + } + + myWriter.write(" local:\n *;\n};"); + break; + case HP: + myWriter.write("#DESCRIPTION 'GSKICCS EXPORT FILE'\n\n"); + for (String name : ICKCExports) { + myWriter.write("+e " + name + "\n"); + } + for (String name : functionlist) { + myWriter.write("+e " + prefix + name + "\n"); + } + myWriter.write("+e " + "ickciccs8_loaded_from" + ICCencapsulator.ICC_Version + "\n"); + break; + case OSX: + for (String name : ICKCExports) { + myWriter.write("_" + name + "\n"); + } + for (String name : functionlist) { + // we need the '_' prepended here + myWriter.write("_" + prefix + name + "\n"); + } + break; + case OS400: + myWriter.write("STRPGMEXP PGMLVL(*CURRENT) SIGNATURE(\"LIBICCLIB\")\n"); + for (String name : ICKCExports) { + myWriter.write("EXPORT SYMBOL(\"" + name + "\")\n"); + } + for (String name : functionlist) { + myWriter.write("EXPORT SYMBOL(\"" + prefix + name + "\")\n"); + } + myWriter.write("ENDPGMEXP\n"); + break; + case ZOS: + myWriter.write("/* z/OS pragma's to control symbol visibility */\n\n"); + myWriter.write("\n#ifdef __cplusplus\n"); + myWriter.write("extern \"C\" {\n"); + myWriter.write("#endif\n\n"); + for (String name : ICKCExports) { + myWriter.write("#pragma export(" + name + ")\n"); + } + for (String name : functionlist) { + myWriter.write("#pragma export(" + prefix + name + ")\n"); + } + myWriter.write("\n#ifdef __cplusplus\n"); + myWriter.write("};\n"); + myWriter.write("#endif\n"); + break; + } + } + /** * Write a properly formatted exports file for the ICC_AUX library on various * OS's The exported functions are the ones currently in the functionnames list @@ -3335,6 +3484,7 @@ static String Readit() { if(f.exists()) { BufferedReader reader = new BufferedReader(new InputStreamReader(new FileInputStream(myfile))); vstr = reader.readLine(); + vstr = vstr.trim(); /* System.out.println("ICCVersion ["+vstr+"]"); */ } init = true; diff --git a/icc/KA/chacha.c b/icc/KA/chacha.c index 5838c6f..5e0537a 100644 --- a/icc/KA/chacha.c +++ b/icc/KA/chacha.c @@ -1,8 +1,8 @@ /* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. */ #include "KA/ka.h" diff --git a/icc/KA/ka.c b/icc/KA/ka.c index 053a3d8..51753a0 100644 --- a/icc/KA/ka.c +++ b/icc/KA/ka.c @@ -1,8 +1,8 @@ /* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. */ diff --git a/icc/KA/ka.h b/icc/KA/ka.h index 2f9c1cc..e89eaa8 100644 --- a/icc/KA/ka.h +++ b/icc/KA/ka.h @@ -1,8 +1,8 @@ /* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. */ #if defined(STANDALONE) diff --git a/icc/Makefile b/icc/Makefile index f23ff14..c29871d 100644 --- a/icc/Makefile +++ b/icc/Makefile @@ -1,6 +1,11 @@ #****************************************************************************** #****************************************************************************** +#- Default targets, before the makefile stubs below (some of which +# have their own targets) so it *IS* the default + +default: help + # Makefile needs to define this as relative path from Makefile's dir to the base of ICC source dir ICC_ROOT=.. @@ -29,21 +34,27 @@ OFFICIAL_CFLAGS = -DICC_OFFICIAL_BUILD -DVTAG=$(VTAG) # # Windows only, the signing script # +ifeq ($(findstring VS2022, $(OPSYS)), VS2022) +SIGN_COMMAND = ../../signwindowsfile.ksh +else SIGN_COMMAND = /build/build/scripts/signwindowsfile.ksh +endif + #-- Directories -PACKAGE_DIR = ../package -NOSHIP_DIR = $(PACKAGE_DIR)/NOSHIP + +# Note: match same definitions in other Makefiles +PACKAGE_DIR = $(ICC_ROOT)/package RTE_DIR = $(PACKAGE_DIR)/icc SDK_DIR = $(PACKAGE_DIR)/iccsdk + +NOSHIP_DIR = $(PACKAGE_DIR)/NOSHIP NOSHIP_RTE_DIR = $(NOSHIP_DIR)/icc PRNG_DIR = fips-prng TRNG_DIR = TRNG OSSL_RTE_DIR = $(RTE_DIR)/osslib ICC_RTE_DIR = $(RTE_DIR)/icclib NOSHIP_ICC_RTE_DIR = $(NOSHIP_RTE_DIR)/icclib -ICCPKG_DIR = ../iccpkg - #- Default targets, before the makefile stubs below (some of which # have their own targets) so it *IS* the default @@ -51,6 +62,10 @@ ICCPKG_DIR = ../iccpkg default: all +# Stub that lets us know standalone ICC and FIPS ICC +# written by create_all (java pre-build) +# we may override MUPPET in platforms.mk +include $(ICC_ROOT)/iccpkg/muppet.mk # Define what OpenSSL version we are using. @@ -69,7 +84,8 @@ include ./tools.mk # Moved to icc_defs.mk , platform specific #ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) ICCDLL = $(ICC_RTE_DIR)/$(ICCDLL_NAME) -ICCLIB = $(SDK_DIR)/$(STLPRFX)icc$(STLSUFX) +ICCLIB = $(STLPRFX)icc$(STLSUFX) +ICCLIB_SDK = $(SDK_DIR)/$(STLPRFX)icc$(STLSUFX) OSSLLIB = $(OSSLOBJ_DIR)/$(OSSLLIB_NAME)$(STLSUFX) ICCTEST = icctest$(EXESUFX) PRNGTST1 = fips-prng-testprg$(EXESUFX) @@ -77,17 +93,19 @@ PRNGTST2 = fips-prng-testprg2$(EXESUFX) ICCSDK = $(PACKAGE_DIR)/iccsdk.tar ICCRTE = $(PACKAGE_DIR)/iccrte.tar + MYOPENSSL = $(SDK_DIR)/openssl$(EXESUFX) +REALOPENSSL = $(ICC_ROOT)/$(OPENSSL_VER)/apps/openssl$(EXESUFX) DOXYFILE = $(SDK_DIR)/ICC_API_htm.tar ICCREAD = iccread$(EXESUFX) ICC400 = icc400$(EXESUFX) +ICCPKG_DIR = $(ICC_ROOT)/iccpkg ICCPKG_TEST = $(ICCPKG_DIR)/$(ICCTEST) -SDK_HDRS = icc.h icc_a.h iccglobals.h - # Autogenerated code. (Also export files) -AUTOGEN = icc_a.c icc_a.h icclib_a.c \ - ../iccpkg/iccpkg_a.c ../iccpkg/iccpkg_a.h ../iccpkg/gsk_wrap.c +AUTOGEN = icc_a.c icc_a.h icclib_a.c icclib_a.h \ + $(ICC_ROOT)/iccpkg/iccpkg_a.c $(ICC_ROOT)/iccpkg/iccpkg_a.h $(ICC_ROOT)/iccpkg/gsk_wrap.c \ + $(ICC_ROOT)/iccpkg/gsk_wrap2_a.c $(ICC_ROOT)/iccpkg/icc_aux_a.c $(ICC_ROOT)/iccpkg/icc_aux_a.h $(ICC_ROOT)/iccpkg/jcc_a.h # define OpenSSL related variables include ./ossl.mk @@ -104,14 +122,38 @@ include ./ICCPKG.mk include ./delta.mk # Pick up default install path for fallback code -include ../iccpkg/gsk_crypto.mk - -# Stub that lets us know standalone ICC and FIPS ICC -include ../iccpkg/muppet.mk +include $(ICC_ROOT)/iccpkg/gsk_crypto.mk + +# Handle Argon2 MAKE +# Note: iccpkg/Argon2/Argon2.mk gets copied with edits to icc to resolve file namespacing problem on Z +-include $(ICC_ROOT)/icc/Argon2/Argon2.mk + +#Argon Create target +CREATE_ARGON = create_libArgon + +# Note tools.mk also uses ARGON + +# default add argon to module +$(OPSYS)_ARGON = $(argon2_obj) +ARGON = $($(OPSYS)_ARGON) + +help: + echo make targets: + echo create_all - clean_all - scrubbed, create_all_no_legacy, create_all_FIPS + echo e.g: make -C icc OPSYS=WIN64_VS2022 CONFIG=debug create_all + echo PQC=NONE, PQC=LIBOQS, PQC= (default LIBDKS) + echo set_icc_version + echo e.g: 'make ... ICC_VERSION_VER=x ICC_VERSION_REL=y ICC_VERSION_MOD=z set_icc_version' to get "x.y.z" as version number + echo build_all + echo create_pqc, build_pqc, clean_pqc + echo backup_libdks + echo tars up libdks which can be checked in to avoid git clones + echo show_config, show_version_info # Fix a problem only on z/OS, the two stub loaders created from icc.c need to have # different object names on this platform # Since the FIPS ICC was already built, change ONLY the name of the object used in non-FIPS mode +# This gets linked into step library for ICCN_ symbols ifeq ($(strip $(IS_FIPS)),) MYICC = newicc @@ -123,11 +165,11 @@ API_DIR = platforms/$(OPENSSL_LIBVER)/API # What we build. -TARGETS = Build_OSSL_Complete $(MYOPENSSL) tmp/dummyfile \ +TARGETS = $(MYOPENSSL) tmp/dummyfile \ signer$(EXESUFX) \ $(DELTA) \ $(STLPRFX)zlib$(STLSUFX) \ - $(ICCDLL) $(ICCLIB) \ + $(ICCDLL) $(ICCLIB_SDK) \ $(ICCTEST) \ $(ICCRTE) \ $(TOOLS) \ @@ -135,6 +177,13 @@ TARGETS = Build_OSSL_Complete $(MYOPENSSL) tmp/dummyfile \ $(ICCPKG_TEST) +# These headers will link an application to the ICC module library - icc_a.h has the ICCX_ prefix +SDK_TARGETS: $(SDK_DIR)/icc.h $(SDK_DIR)/icc_a.h $(SDK_DIR)/iccglobals.h + ls $(SDK_DIR) + +# These headers will link an application to the ICC step library - icc_a.h (iccpkg_a.h) has the ICC_ prefix - ref gsk_crypto.mk +ICCPKG_SDK_HEADERS: $(GSK_SDK)/icc.h $(GSK_SDK)/icc_a.h $(GSK_SDK)/iccglobals.h + ls $(GSK_SDK) # $(CAVSON) @@ -143,56 +192,51 @@ TARGETS = Build_OSSL_Complete $(MYOPENSSL) tmp/dummyfile \ #------------------------------------------------------------------------------- # log our build machine name and working directory -ctx: +ctx: show_version_info -uname -a; pwd -all: ctx build_all package_all +all: ctx create_dirs build_all package_all + @echo $@ made #- Create the ICC source code #- This is typically run once on one machine then tar'd up and distributed #- to the real build machines. -create_all: create_openssl create_zlib create_icc_no_legacy -create_all_FIPS: create_openssl create_zlib create_icc_FIPS create_icc_no_legacy +create_all: create_openssl create_zlib create_icc_no_legacy $(CREATE_ARGON) $(PQC_CREATE) +create_all_FIPS: create_icc_FIPS create_all #- Create the OpenSSL sources from tarfile and patches #- This has NO automated dependencies as that messes the automated builds #- this MUST be tripped manually. #- -create_openssl: ../openssl_source/$(OPENSSL_VER)-icc.tar.gz +create_openssl: $(ICC_ROOT)/openssl_source/$(OPENSSL_VER)-icc.tar.gz # Untar the sources for the version of OpenSSL we use +# sometimes get permission denied on the mv after the tar - delay # since 1.1.1u the OpenSSL tar has icc patches applied # the first dir name in the archive will vary so we make an empty directory to extract +# old mv: +# mv `ls -d *`/openssl $(ICC_ROOT)/$(OPENSSL_VER) ; + if [ -e $(ICC_ROOT)/$(OPENSSL_VER) ] ; then rm -r $(ICC_ROOT)/$(OPENSSL_VER) ; fi + if [ -e $(ICC_ROOT)/openssl ] ; then rm -r $(ICC_ROOT)/openssl ; fi + [ -n "$(EX_SUFFIX)" ] || \ ( \ cd .. ; \ - rm -r $(OPENSSL_VER) openssl ; \ rm -rf x; mkdir x; cd x; \ tar xzf ../openssl_source/$(OPENSSL_VER)-icc.tar.gz ; \ sleep 1; \ mv openssl ../$(OPENSSL_VER) ; \ chmod +x ../$(OPENSSL_VER)/Configure ; \ cd ..; \ - rmdir x; \ + rm -rf x; \ ) -# Apply all the patches and fixes -# rm Makefile , which SHOULDN'T BE THERE ANYWAY -# Note: since 1.1.1u we are not applying patches. -# ref opensslver.mk: OSSL_DIR is ../$(OPENSSL_VER)$(EX_SUFFIX) and EX_SUFFIX is usually "" so they are the same. - ( \ - if [ -d $(OSSL_DIR) ] ; then \ - cd $(OSSL_DIR) ;\ - sh ../openssl_source/tools/patchem2 "../openssl_source/$(OPENSSL_BIN)" ;\ - chmod +x tools/*;\ - rm -f Makefile; \ - else exit 1 ; \ - fi \ - ) - +# test if the extract worked + cd $(ICC_ROOT)/$(OPENSSL_VER) + -rm Build_OSSL_Complete #- Create the OpenSSL sources from tarfile and patches on zOS #- This has NO automated dependencies as that messes the automated builds #- this MUST be tripped manually. #- -create_openssl_zos: ../openssl_source/$(OPENSSL_VER).tar.gz +create_openssl_zos: $(ICC_ROOT)/openssl_source/$(OPENSSL_VER).tar.gz # Untar the sources for the version of OpenSSL we use # Skip this step if using extracted openssl files in Clearcase [ -n "$(EX_SUFFIX)" ] || \ @@ -200,95 +244,520 @@ create_openssl_zos: ../openssl_source/$(OPENSSL_VER).tar.gz cd .. ;\ gzip -d -c openssl_source/$(OPENSSL_VER).tar.gz | pax -ofrom=ISO8859-1,to=IBM-1047 -rv ; \ ) -# Apply all the patches -# rm Makefile , which SHOULDN'T BE THERE ANYWAY -# Move the script which allows zOS to build properly into place - ( \ - cd $(OSSL_DIR) ;\ - [ -n "$(EX_SUFFIX)" ] || \ - sh ../openssl_source/tools/patchem2 "../openssl_source/$(OPENSSL_BIN)" ;\ - rm -f Makefile; \ - cp ../openssl_source/tools/c99.sh . ;\ + +### Argon2 + +clean_argon: + -rm $(ICC_ROOT)/icc/Argon2/*.o $(ICC_ROOT)/icc/Argon2/*.obj + +clean_libArgon: + -rm -rf $(ICC_ROOT)/libArgon + -rm -rf $(ICC_ROOT)/icc/Argon2 + +create_libArgon: $(ICC_ROOT)/libArgon $(ICC_ROOT)/libArgon/phc-winner-argon2 + +$(ICC_ROOT)/libArgon: + $(MKDIR) $@ +$(ICC_ROOT)/icc/Argon2: + $(MKDIR) $@ + +# get a local copy of mystdint.h from DilKyb dir +$(ICC_ROOT)/icc/Argon2/mystdint.h: $(ICC_ROOT)/icc/Argon2 $(ICC_ROOT)/iccpkg/mystdint.h + $(CP) $(ICC_ROOT)/iccpkg/mystdint.h $@ + +$(ICC_ROOT)/libArgon/phc-winner-argon2: $(ICC_ROOT)/icc/Argon2 $(ICC_ROOT)/icc/Argon2/mystdint.h + -rm -rf $(ICC_ROOT)/libArgon/* + if [ -e $(ICC_ROOT)/libArgon.tar.gz ] ; then \ + ( cd ..; tar xzf libArgon.tar.gz -C libArgon/ ) ; \ + else \ + git clone https://github.com/P-H-C/phc-winner-argon2.git --depth 1 -b standard $(ICC_ROOT)/libArgon/Argon2; \ + echo Argon2 > $(ICC_ROOT)/libArgon/log.txt ; \ + git -C $(ICC_ROOT)/libArgon/Argon2 log >> $(ICC_ROOT)/libArgon/log.txt ; \ + cat $(ICC_ROOT)/libdks/log.txt ; \ + fi + $(CP) -r $(ICC_ROOT)/libArgon/phc-winner-argon2/src/* $(ICC_ROOT)/icc/Argon2/ + $(CP) $(ICC_ROOT)/libArgon/phc-winner-argon2/include/* $(ICC_ROOT)/icc/Argon2/ +# sed -i wont work on some platforms but this runs on linux pre-build as part of create + cd $(ICC_ROOT)/icc/Argon2 ; sed -i "s/^#include /#include /" argon2.h \ + blake2/blake2-impl.h blake2/blake2b.c opt.c ref.c test.c bench.c run.c +# make sure the sed worked + grep mystdint.h $(ICC_ROOT)/icc/Argon2/argon2.h +# resolve Z's 'file name clash with openssl's blake2b - some sharing with iccpkg/Argon2 so fix that copy too +# Note: We include Argon2.mk so this needs to be done in the pre-build/create so it is ready for the build which includes Argon2.mk + $(CP) $(ICC_ROOT)/icc/Argon2/blake2/blake2b.c $(ICC_ROOT)/icc/Argon2/blake2/blake2b_icc.c + sed "s/blake2b/blake2b_icc/g" $(ICC_ROOT)/iccpkg/Argon2/Argon2.mk > $(ICC_ROOT)/icc/Argon2/Argon2.mk +# make sure the sed worked + grep blake2b_icc.c $(ICC_ROOT)/icc/Argon2/Argon2.mk + +# command to make the argon archive to checkin +tar_libArgon: + cd libArgon ; tar czf $(ICC_ROOT)/libArgon.tar.gz phc-winner-argon2 + +#Build_Argon: create_libArgon $(ICC_ROOT)/libArgon/phc-winner-argon2/Makefile +# $(MAKE) -C $(ICC_ROOT)/libArgon/phc-winner-argon2/ $(DKS_MAKE_FLAGS) libs + + +### Dilithium Kyber Sphincs + +clean_dks: + -rm -rf $(ICC_ROOT)/libdks + +create_dks: $(ICC_ROOT)/libdks $(ICC_ROOT)/libdks/kyber $(ICC_ROOT)/libdks/dilithium $(ICC_ROOT)/libdks/sphincs + +# if the tar archive is available then use it otherwise git clone it +# Note: use backup_libdks target to create the tar archive +# our makefile patches that are in libdks_icc will just overwrite originals so back them up too + +$(ICC_ROOT)/libdks: + $(MKDIR) $@ + +$(ICC_ROOT)/libdks/kyber $(ICC_ROOT)/libdks/dilithium $(ICC_ROOT)/libdks/sphincs: + -rm -rf $(ICC_ROOT)/libdks/* + if [ -e $(ICC_ROOT)/libdks$(LIBDKS_VER).tar.gz ] ; then \ + ( cd ..; tar xzf libdks$(LIBDKS_VER).tar.gz ) ; \ + else \ + git clone https://github.com/pq-crystals/kyber.git --depth 1 -b standard $(ICC_ROOT)/libdks/kyber ; \ + git clone https://github.com/pq-crystals/dilithium.git --depth 1 $(ICC_ROOT)/libdks/dilithium ; \ + git clone https://github.com/sphincs/sphincsplus.git --depth 1 $(ICC_ROOT)/libdks/sphincs ; \ + echo kyber > $(ICC_ROOT)/libdks/log.txt ; \ + git -C $(ICC_ROOT)/libdks/kyber log >> $(ICC_ROOT)/libdks/log.txt ; \ + echo dilithium >> $(ICC_ROOT)/libdks/log.txt ; \ + git -C $(ICC_ROOT)/libdks/dilithium log >> $(ICC_ROOT)/libdks/log.txt ; \ + echo sphincs >> $(ICC_ROOT)/libdks/log.txt ; \ + git -C $(ICC_ROOT)/libdks/sphincs log >> $(ICC_ROOT)/libdks/log.txt ; \ + cat $(ICC_ROOT)/libdks/log.txt ; \ + fi + $(CP) $(ICC_ROOT)/libdks/kyber/ref/Makefile $(ICC_ROOT)/libdks_icc/kyber/ref/Makefile.orig + ( cd $(ICC_ROOT)/libdks/kyber/ref ; for i in $$(ls *.c) ; do for j in 512 768 1024 ; do cp $$i $$j-$$i ; done ; done ) + $(CP) $(ICC_ROOT)/libdks/dilithium/ref/Makefile $(ICC_ROOT)/libdks_icc/dilithium/ref/Makefile.orig + ( cd $(ICC_ROOT)/libdks/dilithium/ref ; for i in $$(ls *.c) ; do for j in 2 3 5 ; do cp $$i $$j-$$i ; done ; done ) + $(CP) $(ICC_ROOT)/libdks/sphincs/ref/Makefile $(ICC_ROOT)/libdks_icc/sphincs/ref/Makefile.orig +# copy in our patched files + $(CP) -r $(ICC_ROOT)/libdks_icc/* $(ICC_ROOT)/libdks/ +# edit in remaining changes + sed -i "s/SPX_##s/SPX_SHAKE_128s_##s/" $(ICC_ROOT)/libdks/sphincs/ref/params/params-sphincs-shake-128s.h + sed -i "s/SPX_##s/SPX_SHAKE_128f_##s/" $(ICC_ROOT)/libdks/sphincs/ref/params/params-sphincs-shake-128f.h + sed -i "s/SPX_##s/SPX_SHA2_128s_##s/" $(ICC_ROOT)/libdks/sphincs/ref/params/params-sphincs-sha2-128s.h + sed -i "s/SPX_##s/SPX_SHA2_128f_##s/" $(ICC_ROOT)/libdks/sphincs/ref/params/params-sphincs-sha2-128f.h + sed -i "s/SPX_##s/SPX_SHAKE_192s_##s/" $(ICC_ROOT)/libdks/sphincs/ref/params/params-sphincs-shake-192s.h + sed -i "s/SPX_##s/SPX_SHAKE_192f_##s/" $(ICC_ROOT)/libdks/sphincs/ref/params/params-sphincs-shake-192f.h + sed -i "s/SPX_##s/SPX_SHA2_192s_##s/" $(ICC_ROOT)/libdks/sphincs/ref/params/params-sphincs-sha2-192s.h + sed -i "s/SPX_##s/SPX_SHA2_192f_##s/" $(ICC_ROOT)/libdks/sphincs/ref/params/params-sphincs-sha2-192f.h + sed -i "s/SPX_##s/SPX_SHAKE_256s_##s/" $(ICC_ROOT)/libdks/sphincs/ref/params/params-sphincs-shake-256s.h + sed -i "s/SPX_##s/SPX_SHAKE_256f_##s/" $(ICC_ROOT)/libdks/sphincs/ref/params/params-sphincs-shake-256f.h + sed -i "s/SPX_##s/SPX_SHA2_256s_##s/" $(ICC_ROOT)/libdks/sphincs/ref/params/params-sphincs-sha2-256s.h + sed -i "s/SPX_##s/SPX_SHA2_256f_##s/" $(ICC_ROOT)/libdks/sphincs/ref/params/params-sphincs-sha2-256f.h +# There is a symbol clash that can be resolved by moving some functions from one file to another + ( cd $(ICC_ROOT)/libdks/sphincs/ref; \ + linenum=$$(grep -n "void mgf1_256(unsigned char \*out, unsigned long outlen," sha2.c | head -n 1 | cut -d: -f1); \ + head -n $$((linenum-7)) sha2.c > file_temp.txt; \ + tail -n +$$((linenum-7)) sha2.c >> hash_sha2.c; \ + mv file_temp.txt sha2.c; \ + for i in $$(ls *.c) ; do for j in 128 192 256 ; do for k in shake sha2 ; do for m in s f ; do cp $$i $$k-$$j$$m-$$i ; done ; done ; done ; done ; \ ) +# nistkat needs to link to openssl so only build it for 64 bit linux +AMD64_LINUX_PQCKAT=nistkat tests +# the nistkat test is crashing in 32 bit linux. Some linking problem +LINUX_PQCKAT=nistkat +WIN64_VS2022_PQCKAT=nistkat tests +AIX64_PQCKAT=nistkat tests +PQCKAT=$($(OPSYS)_PQCKAT) + +# the build (make) should always run +build_dks: create_dks $(ICC_ROOT)/libdks/defs.mk $(ICC_ROOT)/libdks/kyber/ref/Makefile $(ICC_ROOT)/libdks/dilithium/ref/Makefile \ + $(ICC_ROOT)/libdks/sphincs/ref/Makefile $(ICC_ROOT)/libdks/sphincs/ref/api.h + $(MAKE) -C $(ICC_ROOT)/libdks/kyber/ref $(DKS_MAKE_FLAGS) static $(PQCKAT) + $(MAKE) -C $(ICC_ROOT)/libdks/dilithium/ref $(DKS_MAKE_FLAGS) static $(PQCKAT) + $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-128s static + $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-128f static + $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-192s static + $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-192f static + $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-256s static + $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=shake-256f static + $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-128s static + $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-128f static + $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-192s static + $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-192f static + $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-256s static + $(MAKE) -C $(ICC_ROOT)/libdks/sphincs/ref $(DKS_MAKE_FLAGS) VARIANT=sha2-256f static + +# update from our Makefile patches +$(ICC_ROOT)/libdks/defs.mk: $(ICC_ROOT)/libdks_icc/defs.mk + $(CP) $< $@ +$(ICC_ROOT)/libdks/kyber/ref/Makefile: $(ICC_ROOT)/libdks_icc/kyber/ref/Makefile + $(CP) $< $@ +$(ICC_ROOT)/libdks/dilithium/ref/Makefile: $(ICC_ROOT)/libdks_icc/dilithium/ref/Makefile + $(CP) $< $@ +$(ICC_ROOT)/libdks/sphincs/ref/Makefile: $(ICC_ROOT)/libdks_icc/sphincs/ref/Makefile + $(CP) $< $@ +$(ICC_ROOT)/libdks/sphincs/ref/api.h: $(ICC_ROOT)/libdks_icc/sphincs/ref/api.h + $(CP) $< $@ + +backup_original_makefiles: + +# remember to backup any DKS makefile changes with backup_dks_makefiles target and checkin changes +# not needed if you already modified in libdks_icc +backup_dks_makefiles: + $(CP) $(ICC_ROOT)/libdks/defs.mk $(ICC_ROOT)/libdks_icc/defs.mk + $(CP) $(ICC_ROOT)/libdks/kyber/ref/Makefile $(ICC_ROOT)/libdks_icc/kyber/ref/Makefile + $(CP) $(ICC_ROOT)/libdks/dilithium/ref/Makefile $(ICC_ROOT)/libdks_icc/dilithium/ref/Makefile + $(CP) $(ICC_ROOT)/libdks/sphincs/ref/Makefile $(ICC_ROOT)/libdks_icc/sphincs/ref/Makefile + $(CP) $(ICC_ROOT)/libdks/sphincs/ref/Makefile $(ICC_ROOT)/libdks_icc/sphincs/ref/api.h + +# make the libdks backup that we can check in to repo to avoid git clone calls in build +# remove all the stuff we dont need since this may be checked into repo +# keep git files +# find $(ICC_ROOT)/libdks -name ".git" -exec rm -rf {} + +$(ICC_ROOT)/libdks$(LIBDKS_VER).tar.gz: create_dks Makefile + find $(ICC_ROOT)/libdks -name ".github" -exec rm -rf {} + + find $(ICC_ROOT)/libdks -name "avx2" -exec rm -rf {} + + find $(ICC_ROOT)/libdks -name ".gitignore" -exec rm {} + + find $(ICC_ROOT)/libdks -name ".gitattributes" -exec rm {} + + find $(ICC_ROOT)/libdks -name ".travis" -exec rm {} + + find $(ICC_ROOT)/libdks -name "*.yml" -exec rm {} + + tar czf $(ICC_ROOT)/libdks$(LIBDKS_VER).tar.gz $(ICC_ROOT)/libdks + +rm_libdks_backup: + $(RM) $(ICC_ROOT)/libdks$(LIBDKS_VER).tar.gz + +backup_libdks: rm_libdks_backup $(ICC_ROOT)/libdks$(LIBDKS_VER).tar.gz Makefile + +### liboqs + +clean_oqs: + -rm -rf $(ICC_ROOT)/liboqs icc_oqs build_oqs + +create_oqs: $(ICC_ROOT)/liboqs/CMakeLists.txt + +# if the tar archive is available then use it otherwise git clone it + +$(ICC_ROOT)/liboqs/CMakeLists.txt : + if [ -e $(ICC_ROOT)/liboqs$(LIBOQS_VER).tar.gz ] ; then \ + mkdir $(ICC_ROOT)/liboqs ; cd $(ICC_ROOT)/liboqs ; \ + tar xzf $(ICC_ROOT)/liboqs$(LIBOQS_VER).tar.gz ; \ + mv liboqs$(LIBOQS_VER)/* . ; mv liboqs$(LIBOQS_VER)/.* . ; \ + rmdir liboqs$(LIBOQS_VER) ; \ + else \ + git clone https://github.com/open-quantum-safe/liboqs.git --depth 1 $(ICC_ROOT)/liboqs ; \ + echo liboqs > $(ICC_ROOT)/liboqs/log.txt ; \ + git -C $(ICC_ROOT)/liboqs log >> $(ICC_ROOT)/liboqs/log.txt ; \ + fi + +$(ICC_ROOT)/liboqs$(LIBOQS_VER).tar.gz: create_oqs Makefile + find $(ICC_ROOT)/liboqs -name ".github" -exec rm -rf {} + + find $(ICC_ROOT)/liboqs -name "avx2" -exec rm -rf {} + + find $(ICC_ROOT)/liboqs -name ".gitignore" -exec rm {} + + find $(ICC_ROOT)/liboqs -name ".gitattributes" -exec rm {} + + find $(ICC_ROOT)/liboqs -name ".travis" -exec rm {} + + find $(ICC_ROOT)/liboqs -name "*.yml" -exec rm {} + + tar czf $(ICC_ROOT)/liboqs$(LIBDKS_VER).tar.gz $(ICC_ROOT)/liboqs + +rm_liboqs_backup: + $(RM) $(ICC_ROOT)/liboqs$(LIBOQS_VER).tar.gz + +backup_liboqs: rm_liboqs_backup $(ICC_ROOT)/liboqs$(LIBOQS_VER).tar.gz Makefile + +$(ICC_ROOT)/liboqs/CMakeCache.txt: $(ICC_ROOT)/liboqs/CMakeLists.txt + cd $(ICC_ROOT)/liboqs && $(CMAKE_OQS) + +config_oqs: $(ICC_ROOT)/liboqs/CMakeCache.txt + +clean_config_oqs: + $(RM) $(ICC_ROOT)/liboqs/CMakeCache.txt + +# the build (make) should always run +build_oqs: $(ICC_ROOT)/liboqs/CMakeCache.txt + cd $(ICC_ROOT)/liboqs && $(BUILD_OQS) + +# our local liboqs integration and test code +#icc_oqs: build_oqs +# $(MAKE) -C $(ICC_ROOT)/iccpkg/liboqs all + +create_pqc: $(PQC_CREATE) + echo "create: configured for: $(PQC_CREATE)" +build_pqc: $(PQC_TARGET) + echo "build: configured for: $(PQC_TARGET)" +clean_pqc: clean_oqs clean_dks + echo "clean: configured for: $(PQC_CREATE)" + -$(MAKE) -C $(ICC_ROOT)/iccpkg/pqc clean + +$(PACKAGE_DIR): + $(MKDIR) $@ + +$(SDK_DIR): $(PACKAGE_DIR) + $(MKDIR) $@ + +$(RTE_DIR): $(PACKAGE_DIR) + $(MKDIR) $@ + +$(ICC_RTE_DIR): $(RTE_DIR) + $(MKDIR) $@ + +#- Make directory for OpenSSL shared library +$(OSSL_RTE_DIR): $(RTE_DIR) + $(MKDIR) $@ + +$(NOSHIP_DIR): $(PACKAGE_DIR) + $(MKDIR) $@ + +$(NOSHIP_RTE_DIR): $(NOSHIP_DIR) + $(MKDIR) $@ + +$(NOSHIP_ICC_RTE_DIR): $(NOSHIP_RTE_DIR) + $(MKDIR) $@ + +create_dirs: $(NOSHIP_DIR) $(NOSHIP_RTE_DIR) $(NOSHIP_ICC_RTE_DIR) $(SDK_DIR) $(ICC_RTE_DIR) $(OSSL_RTE_DIR) exports $(ICC_ROOT)/iccpkg/exports + +# Forces a rebuild in case we have a leftover .o or .exe from create_all from another system +clean_iccVdump: + -$(RM) iccVdump$(EXESUFX) iccVdump$(OBJSUFX) + +iccVdump$(EXESUFX): iccVdump.c buildinfo.h + $(CC) $(CFLAGS) iccVdump.c + $(LD) $(LDFLAGS) iccVdump$(OBJSUFX) + +# we need to build then delete iccVdump because the build is split with a pre-build on linux then build on the target build machine. +# So a pre-built binary may not run on the target build machine. +# So we dont depend on iccVdump binary but we force the build if we actually need it - then delete it. +ICC_ver.txt: buildinfo.h + $(MAKE) clean_iccVdump + $(MAKE) iccVdump$(EXESUFX) + ./iccVdump$(EXESUFX) >ICC_ver.txt + $(MAKE) clean_iccVdump + +exports: + $(MKDIR) $@ + +$(ICC_ROOT)/iccpkg/exports: + $(MKDIR) $@ + #- Build and run the code generator if necsssary #- We typically only do this on one (fast) platform as setup for the #- builds. Then copy the populated source tree to the other build machines -#- Avoids the Java "write once - debug everywhere" problem #- -create_dirs: - -$(MKDIR) exports ../iccpkg/exports - -$(MKDIR) ../icc_test - -$(MKDIR) ../package - -$(MKDIR) ../package/iccsdk - -$(MKDIR) ../package/icc - -$(MKDIR) ../package/icc/icclib - -$(MKDIR) ../package/icc/osslib - -$(MKDIR) $(NOSHIP_DIR) - -$(MKDIR) $(NOSHIP_RTE_DIR) - -$(MKDIR) $(NOSHIP_ICC_RTE_DIR) -# Delete these files they aren't used any more - -$(RM) deleted/* - -iccVdump$(OBJSUFX): iccVdump.c buildinfo.h - $(CC) $(CFLAGS) iccVdump.c +ICCencapsulator.class: ICCencapsulator.java + javac ICCencapsulator.java -iccVdump$(EXESUFX): iccVdump$(OBJSUFX) - $(LD) $(LDFLAGS) iccVdump$(OBJSUFX) +# the create_all_* needs to be ran manually +icc_a.h icc_a.c icclib_a.h icclib_a.c: + echo please make create_all + false # -# Note that this will ONLY work on Linux as there's a gcc dependency to -# preprocess the C header files +# Create the _a.[ch] files and export files for ICC +# create a .0 file to indicate if we have legacy FIPS icc so we can test for it +# muppet.mk also records the FIPS build state # -ICC_ver.txt: iccVdump$(EXESUFX) - ./iccVdump$(EXESUFX) >ICC_ver.txt +create_icc: ICC_ver.txt create_dirs functions.txt \ + ICCencapsulator.class OLD_ICC/functions.txt ICC_ver.txt + java ICCencapsulator OLD_ICC/functions.txt + -$(RM) create*.0 + touch create_icc.0 + echo muppet.mk + cat $(ICC_ROOT)/iccpkg/muppet.mk #- Run the code generator for those OS's where there's #- no "old/FIPS" ICC #- We assume the pre-req dirs were created already create_icc_no_legacy: ICC_ver.txt create_dirs functions.txt \ - ICCencapsulator.java ICC_ver.txt - javac ICCencapsulator.java + ICCencapsulator.class ICC_ver.txt java ICCencapsulator + -$(RM) create*.0 touch create_icc_no_legacy.0 - -$(RM) create_icc.0 - cat ../iccpkg/muppet.mk + echo muppet.mk + cat $(ICC_ROOT)/iccpkg/muppet.mk # Note that this will edit a controlled file (icc/functions.txt) so don't check it in! create_icc_FIPS: - cp functions.txt functions.txt.bak + -$(RM) create*.0 + touch create_fips.0 + if [ ! -e functions.txt.bak ] ; then cp functions.txt functions.txt.bak ; fi sed -i 's/^# non-FIPS;$$/# FIPS;/' functions.txt sed -i 's/^PREFIX=N;$$/PREFIX=C;/' functions.txt + sed -i 's/VTAG=085$$/VTAG=084/' VTAG.mk + echo 'FIPS ICC builds have convention of even number release, E.g. 8.8.1, non-FIPS 8.9.1' + cat icc_curr_version + +# needs 'make ... ICC_VERSION_VER=x ICC_VERSION_REL=y ICC_VERSION_MOD=z set_icc_version' to get "x.y.z" as version number +set_icc_version: buildinfo.h + echo 'ICC_VERSION_VER.ICC_VERSION_REL.ICC_VERSION_MOD=$(ICC_VERSION_VER).$(ICC_VERSION_REL).$(ICC_VERSION_MOD)' + if [ ! -e iccversion.h.bak ] ; then cp iccversion.h iccversion.h.bak ; fi + sed -i 's/ICC_VERSION_REL .$$/ICC_VERSION_REL $(ICC_VERSION_REL)/' iccversion.h + sed -i 's/ICC_VERSION_MOD .$$/ICC_VERSION_MOD $(ICC_VERSION_MOD)/' iccversion.h + if [ ! -e icc_minor_version.h.bak ] ; then cp icc_minor_version.h icc_minor_version.h.bak ; fi + sed -i 's/ICC_VERSION_MOD .$$/ICC_VERSION_MOD $(ICC_VERSION_MOD)/' icc_minor_version.h + if [ ! -e buildinfo.h.bak ] ; then cp buildinfo.h buildinfo.h.bak ; fi + sed -i 's/ICC_VERSION_MOD .$$/ICC_VERSION_MOD $(ICC_VERSION_MOD)/' buildinfo.h + sed -i 's/8.9/$(ICC_VERSION_VER).$(ICC_VERSION_REL)/' buildinfo.h + if [ ! -e icc_curr_version.bak ] ; then cp icc_curr_version icc_curr_version.bak ; fi + echo '$(ICC_VERSION_VER).$(ICC_VERSION_REL).$(ICC_VERSION_MOD)' > icc_curr_version + sed -i 's/ICC_VER "8.."$$/ICC_VER "$(ICC_VERSION_VER).$(ICC_VERSION_REL)"/' $(ICC_ROOT)/icc_test/test_common.c + +# MUPPET comes from muppet.mk written by the ICCencapsulator +# - it causes FIPS module from OLD_ICC to get linked in to step library +# triggered by create_all (defined) or create_all_no_legacy (empty) +# Also, iccpkg/gsk_wrap2_a.c written by the ICCencapsulator +# - will select Module functions ICCN_ or ICCC_ or both + +show_version_info: buildinfo.h ICC_ver.txt + echo ICC_ver.txt + cat ICC_ver.txt + echo VTAG.mk + cat VTAG.mk + echo buildinfo.h + cat buildinfo.h + echo iccversion.h + cat iccversion.h + echo icc_minor_version.h + cat icc_minor_version.h + echo icc_curr_version + cat icc_curr_version + grep "PREFIX=" functions.txt + head -20 $(ICC_ROOT)/iccpkg/gsk_wrap2_a.c + cat $(ICC_ROOT)/iccpkg/muppet.mk + echo MUPPET=$(MUPPET) + echo MYICC=$(MYICC) + echo IS_FIPS=$(IS_FIPS) + -ls create*.0 # # Just an annoyance during dev. builds. It's fine if it's empty. Typically a dev build. +# buildinfo.h is normally written by the build system at extract time. +# Note: buildinfo.h is only included (in iccversion.h) if ICC_OFFICIAL_BUILD is defined in CFLAGS, +# or make ... BUILD=OFFICIAL ... # +ifeq ($(strip $(ICC_VERSION_MOD)),) +ICC_VERSION_MOD = 0 +endif + buildinfo.h: - touch buildinfo.h + touch $@ + echo '#define ICC_PRODUCT_NAME "icc_$(ICC_VERSION_VER).$(ICC_VERSION_REL)"' >> $@ + echo '#define ICC_VERSION_MOD $(ICC_VERSION_MOD)' >> $@ + echo '#define ICC_VERSION_FIX 0' >> $@ + echo '#define ICC_BUILD_DATE ""' >> $@ + echo '#define ICC_BUILD_TIME ""' >> $@ + echo '#define ICC_CMVC_INFO ""' >> $@ + echo '#define ICC_GIT_BRANCH ""' >> $@ + echo '#define ICC_GIT_HASH ""' >> $@ + echo '#define OCKC_GIT_BRANCH ""' >> $@ + echo '#define OCKC_GIT_HASH ""' >> $@ #- Run BVT + +# make sure we show the log even if the test fails +log_init: + touch GSKIT_CRYPTO.log; $(RM) GSKIT_CRYPTO.log; touch GSKIT_CRYPTO.log +log_cat: + cat GSKIT_CRYPTO.log + $(RM) GSKIT_CRYPTO.log +log_rm: + -$(RM) GSKIT_CRYPTO.log + # no dependancies - that causes re-signing into .sig files since they've been deleted -tests: - $(ICC_RUN_SETUP) $(OPENSSL_PATH_SETUP)$(TEST_CMD) +tests: show_version_info pre_test log_init icctest_module log_cat icctest_openssl iccpkg_tests + @echo $@ complete + +# run this before running tests - note: zosa defines this +pre_test: + $(ICC_RUN_SETUP) + +# This runs $(ICCTEST) which is icctest linked to the module, not the step library +# TEST_CMD is set per platform in icc_defs.mak +icctest_module: $(TEST_CMD) + $(TEST_CMD) + @echo $@ complete + +icctest_openssl: + $(OPENSSL_PATH_SETUP) $(OPENSSL_TEST_CMD) + @echo $@ complete + +iccpkg_tests: $(ICCPKG_TEST) + unset MAKEOVERRIDES MAKELEVEL MAKEFILES; \ + $(MAKE) -C $(ICC_ROOT)/iccpkg tests + @echo $@ complete + +# not FIPS: +#LINUX_TARGETS = CAVS +#IA64_LINUX_TARGETS = CAVS + +# disable/enable liboqs for all platforms +disable_oqs_build: + touch icc_oqs build_oqs +enable_oqs_build: + $(RM) icc_oqs build_oqs + +# fix up gsk_wrap2_a.c which may want FIPS module but it is not present +# if it is NOT present then remove calls to it that may be in the step library +gsk_wrap: $(ICC_ROOT)/iccpkg/gsk_wrap2_a.c + if [ ! -e $(ICC_ROOT)/iccpkg/$(OLD_ICC) ] ; \ + then \ + echo 'FIPS module Not found:' $(ICC_ROOT)/iccpkg/$(OLD_ICC) ; \ + $(CP) $(ICC_ROOT)/iccpkg/gsk_wrap2_a.c $(ICC_ROOT)/iccpkg/gsk_wrap2_a.c.bak ;\ + sed 's/^#define HAVE_C_ICC$$//' $(ICC_ROOT)/iccpkg/gsk_wrap2_a.c.bak > $(ICC_ROOT)/iccpkg/gsk_wrap2_a.c ;\ + fi #- Just build -build_all: Build_OSSL_Complete $(TARGETS) +# show which pre-build "create" variant we are working with -build_all_os400: Build_OSSL_Complete $(TARGETS400) +build_all: gsk_wrap Build_OSSL_Complete SDK_TARGETS ICCPKG_SDK_HEADERS $(PQC_TARGET) $(TARGETS) -openssl.c: ../$(OPENSSL_VER)/apps/openssl.c - $(CP) ../$(OPENSSL_VER)/apps/openssl.c $@ +# obsolete +#build_all_os400: Build_OSSL_Complete $(TARGETS400) +# Build the performance test code for ICC +$(ICC_PERF): $(ICCLIB_SDK) + unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ + $(MAKE) -C $(ICC_ROOT)/iccspeed icc; + $(CP) $(ICC_ROOT)/iccspeed/bin/$(OPSYS)/icc_thread$(EXESUFX) $(ICC_PERF) + +icc_test: + if [ -d $(ICC_ROOT)/icc_test/ ] ; then \ + unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ + $(MAKE) -C $(ICC_ROOT)/icc_test all ; \ + fi -# This generates sdk contents +$(ICCPKG_TEST): $(ICCLIB_SDK) PKCS11 + unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ + $(MAKE) -C $(ICC_ROOT)/iccpkg all -$(ICCPKG_TEST): $(ICCLIB) $(ICCTEST) - unset MAKEOVERRIDES MAKELEVEL MAKEFILES; "$(MAKE)" -C $(ICCPKG_DIR) all; +# note from icc_defs.mk +# ..._EXTRAS = PKCS11 PKCS11_PERF +# and $(ICCSDK): $(ICC_PERF) $(EXTRAS) +# So EXTRAS are only for the ICC SDK + +# Build the performance test code for PKCS#11 +PKCS11_PERF: $(ICCLIB_SDK) PKCS11 + if [ -d $(ICC_ROOT)/pkcs11/ ] ; then \ + unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ + $(MAKE) -C $(ICC_ROOT)/iccspeed pkcs11 ; \ + $(CP) $(ICC_ROOT)/iccspeed/bin/$(OPSYS)/pkcs11_thread$(EXESUFX) $(SDK_DIR)/ ; \ + fi + +$(ICC_ROOT)/pkcs11: + $(MKDIR) $@ + +create_pkcs11: $(ICC_ROOT)/pkcs11 + cd $(ICC_ROOT)/pkcs11 && tar xzf $(ICC_ROOT)/openssl_source/pkcs11_v2.20.tar.gz + + +# +# Note, to build PKCS#11 you need the headers. +# We expect to have installed +# +PKCS11: $(ICCLIB_SDK) + if [ -d $(ICC_ROOT)/pkcs11/ ] ; then \ + unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ + $(MAKE) -C $(ICC_ROOT)/pk11/ all ; \ + fi; #- Clean both ICC & OpenSSL +# use scrubbed to remove openssl (need create_all to get it back) #- Note the OS400 clean is done directly here, not as a dependency as it won't exist on some platforms -clean_all: clean_openssl clean clean_tools +clean_all: clean_openssl clean clean_tools clean_pqc clean_argon + -$(RM) *.0 -$(CLEAN400_ICC) -$(CLEAN400_OSSL) -$(CLEAN400_MODS) @@ -306,32 +775,59 @@ clean_openssl: #- Clean just ICC -clean: clean_iccpkg - -$(RM) $(TARGETS) *$(OBJSUFX) $(EXTRA_FILES) $(SDK_DIR)/*.h +clean: clean_perf clean_pkcs11 clean_iccpkg clean_icc clean_icc_test + +# Note: some artifacts may be from older builds that are not used anymore but can interfere (like .h files) +clean_icc: + -$(RM) $(TARGETS) *.o *.obj $(EXTRA_FILES) $(SDK_DIR)/*.h $(ASMOBJS) -$(RM) ./openssl$(EXESUFX) $(SHLPRFX)icclib$(SHLSUFX) $(STLPRFX)icc$(STLSUFX) -$(RM) *.so *.dylib *.dll *.sl *.x *.lib + -$(RM) aes_gcm.* aes_ccm.* nist_algs1.c + -$(RM) delta.exp + -$(RM) ICCTEST_BUILT -$(RM) *.ilk *.manifest *.pdb *.class - -$(RM) tmp/*/* - -$(RM) ../package/icc/icclib/* + -$(RM) -r $(ICC_ROOT)/package -$(RM) -r $(SDK_DIR)/* -$(RM) openssl.c high_res_timer.c -$(RM) iccVdump$(EXESUFX) + -$(RM) ICCSIG.txt ICCLIB_SA.txt newicc.c + -$(RM) -r $(ZLIB_DIR)/x64 + -find $(ICC_ROOT)/msvc -name "x64" -type d -exec rm -rf {} + + -find $(ICC_ROOT)/msvc -name "*.user" -exec rm {} + + +clean_icc_test: + if [ -d $(ICC_ROOT)/icc_test/ ] ; then \ + unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ + $(MAKE) -C $(ICC_ROOT)/icc_test clean ; \ + fi # tools has no Makefile clean_tools: -$(RM) $(TOOLS) +clean_perf: + if [ -d $(ICC_ROOT)/iccspeed/ ] ; then \ + unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ + $(MAKE) -C $(ICC_ROOT)/iccspeed clean ; \ + fi + +clean_pkcs11: + if [ -d $(ICC_ROOT)/pk11/ ] ; then \ + unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ + $(MAKE) -C $(ICC_ROOT)/pk11 clean ; \ + fi + clean_iccpkg: - ( if [ -d ../iccpkg/ ] ; then \ - cd ../iccpkg; \ + if [ -d $(ICC_ROOT)/iccpkg/ ] ; then \ unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ - $(MAKE) clean; \ - fi; \ - ) + $(MAKE) -C $(ICC_ROOT)/iccpkg clean ; \ + fi #- Clean out everything including the autogenerated files -scrubbed: clean - -$(RM) $(AUTOGEN) exports/* ../iccpkg/exports/* ICCencapsulator.class +# Will need a create_all after this to get openssl back + +scrubbed: clean clean_libArgon + -$(RM) $(AUTOGEN) exports/* $(ICC_ROOT)/iccpkg/exports/* ICCencapsulator.class -$(RM) -r $(OSSL_DIR) #- Build ICC package files (SDK & RTE) @@ -339,7 +835,7 @@ package_all: $(ICCSDK) $(ICCRTE) #- Build ICC SDK -$(ICCSDK): $(EXTRAS) +$(ICCSDK): $(ICC_PERF) $(EXTRAS) - cd $(PACKAGE_DIR); $(TARCMD) iccsdk.tar iccsdk #- Build ICC RTE @@ -347,35 +843,21 @@ $(ICCRTE): $(RTE_DIR)/ReadMe.txt $(NOSHIP_RTE_DIR)/ReadMe.txt - cd $(PACKAGE_DIR); $(RM) icc/icclib/*.exp icc/icclib/*.lib - cd $(PACKAGE_DIR); $(TARCMD) iccrte.tar icc/ReadMe.txt icc/icclib +# SDK_DIR, iccpkg - These headers will link an application to the ICC module, not the step library +# GSK_SDK, gsk_sdk - is the step library includes - icc_a.h (iccpkg_a.h) has the ICC_ prefix - ref gsk_crypto.mk -#- Build (copy) SDK headers -$(SDK_DIR)/icc.h: icc.h +$(SDK_DIR)/icc.h: icc.h $(SDK_DIR) $(CP) icc.h $@ -$(SDK_DIR)/icc_a.h: icc_a.h +$(SDK_DIR)/icc_a.h: icc_a.h $(SDK_DIR) $(CP) icc_a.h $@ -$(SDK_DIR)/iccglobals.h: iccglobals.h +$(SDK_DIR)/iccglobals.h: iccglobals.h $(SDK_DIR) $(CP) iccglobals.h $@ -$(ICCPKG_DIR)/iccversion.h: iccversion.h - $(CP) iccversion.h $@ - -$(ICCPKG_DIR)/buildinfo.h: buildinfo.h - $(CP) buildinfo.h $@ - -#- Run ICC BVT test -icc_run: $(ICCTEST) - ( \ - $(TOUCH) GSKIT_CRYPTO.log; \ - $(ICC_RUN_SETUP) ./icctest; \ - cat GSKIT_CRYPTO.log; \ - $(RM) GSKIT_CRYPTO.log ; \ - ) - -#- Debug ICC BVT test -icc_dbg: $(ICCTEST) - $(ICC_RUN_SETUP) $(DEBUGGER) ./icctest +# get a local copy of mystdint.h from DilKyb dir - icclib.c needs it for Argon2 +$(SDK_DIR)/mystdint.h: $(ICC_ROOT)/iccpkg/mystdint.h $(SDK_DIR) + $(CP) $(ICC_ROOT)/iccpkg/mystdint.h $@ # List of objs - minus the trigger for exec on load in a shared object LIBOBJS1 = fips$(OBJSUFX) \ @@ -426,41 +908,45 @@ tmp/tmp/dummyfile: Build_OSSL_Complete tmp/dummyfile touch tmp/tmp/dummyfile #- Build ICC shared library -#- $(ASMOBJS) is an UGLY hack to cater for small assembler files +#- $(ASMOBJS) is required to cater for small assembler files #- needed on some platforms #- Split this into 2 phases for the OS/X fat binaries work - resolves circular dependencies -# this is target for icclib085 shared library +# this is target for icclib085 shared library (icclib084 if FIPS) +# the target for the step library is in iccpkg/platforms/* -$(ICCDLL_NAME): privkey.rsa icclib$(OBJSUFX) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) tmp/tmp/dummyfile signer$(EXESUFX) tracer.h extsig.h +$(ICCDLL_NAME): Makefile $(PQC_TARGET) privkey.rsa icclib$(OBJSUFX) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) tmp/tmp/dummyfile signer$(EXESUFX) tracer.h extsig.h $(GSK_SDK) $(ICC_RTE_DIR) $(NOSHIP_ICC_RTE_DIR) $(ARGON) $(SLD) $(SLDFLAGS) $(ICCLIB_LNK) $(EXPORT_FLAG)$(ICCLIB_EXPFILE) icclib$(OBJSUFX) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) \ - tmp/tmp/*$(OBJSUFX) $(LDLIBS) -#- Unstripped goes into NOSHIP + $(ARGON) tmp/tmp/*$(OBJSUFX) $(LDLIBS) $(PQCLIBS) +#- Unstripped goes into NOSHIP and sdk $(OPENSSL_PATH_SETUP) ./signer$(EXESUFX) ICCSIG.txt privkey.rsa -SELF -FILE $(ICCDLL_NAME) $(TWEAKS) "ICC_ALLOW_2KEY3DES=1" $(CP) ICCSIG.txt $(NOSHIP_ICC_RTE_DIR)/ +#- Unstripped goes into NOSHIP and sdk +ifeq ($(findstring WIN, $(OPSYS)), WIN) + $(CP) $@ $(GSK_SDK)/ +else $(CP) $@ $(NOSHIP_ICC_RTE_DIR)/$@.unstripped -#- Regular lib + $(CP) $@ $(GSK_SDK)/$@.unstripped $(STRIP) $@ +endif +#- Regular lib $(OPENSSL_PATH_SETUP) ./signer$(EXESUFX) ICCSIG.txt privkey.rsa -SELF -FILE $(ICCDLL_NAME) $(TWEAKS) "ICC_ALLOW_2KEY3DES=1" $(CP) ICCSIG.txt $(ICC_RTE_DIR)/ # # Add MS Authenticode signing -# Note the two files at the end are a hack to make up for a problem with GSkit's -# packaging, just placeholders, but they need to have signatures. # -$(ICC_RTE_DIR)/$(SHLPRFX)icclib$(VTAG).dll: $(ICCDLL_NAME) signer$(EXESUFX) - $(MT) -manifest $(ICCDLL_NAME).manifest -outputresource:$(ICCDLL_NAME)\;2 - +$(ICC_RTE_DIR)/$(SHLPRFX)icclib$(VTAG).dll: $(ICC_RTE_DIR) $(SDK_DIR) $(ICCDLL_NAME) signer$(EXESUFX) $(CP) $(ICCDLL_NAME) $@ ( \ if [ -e $(SIGN_COMMAND) ] ; then \ echo "Authenticode signing $@" ; \ $(SIGN_COMMAND) $@ ; \ + $(CP) $@ $(ICCDLL_NAME) ; \ + touch $@ ; \ else \ echo " $(SIGN_COMMAND) is missing skip signing $@" ;\ fi ;\ ) - $(CP) $@ $(ICCDLL_NAME) $(OPENSSL_PATH_SETUP) ./signer$(EXESUFX) ICCSIG.txt privkey.rsa -SELF -FILE $(ICCDLL_NAME) $(TWEAKS) $(CP) $(ICCDLL_NAME) $@ $(CP) ICCSIG.txt $(ICC_RTE_DIR)/ @@ -468,26 +954,20 @@ $(ICC_RTE_DIR)/$(SHLPRFX)icclib$(VTAG).dll: $(ICCDLL_NAME) signer$(EXESUFX) -$(CP) tmp/*.pdb $(SDK_DIR)/ -$(CP) $(SHLPRFX)icclib$(VTAG).x $(SDK_DIR) -$(ICC_RTE_DIR)/$(SHLPRFX)icclib$(VTAG).so : $(ICCDLL_NAME) +$(ICC_RTE_DIR)/$(SHLPRFX)icclib$(VTAG).so : $(ICC_RTE_DIR) $(ICCDLL_NAME) $(CP) $(ICCDLL_NAME) $@ -$(ICC_RTE_DIR)/$(SHLPRFX)icclib$(VTAG).sl : $(ICCDLL_NAME) +$(ICC_RTE_DIR)/$(SHLPRFX)icclib$(VTAG).sl :$(ICC_RTE_DIR) $(ICCDLL_NAME) $(CP) $(ICCDLL_NAME) $@ -# dont think OSX uses this Makefile any more -# but just in case -$(ICC_RTE_DIR)/$(SHLPRFX)icclib$(VTAG).dylib : $(ICCDLL_NAME) +$(ICC_RTE_DIR)/$(SHLPRFX)icclib$(VTAG).dylib : $(ICC_RTE_DIR) $(ICCDLL_NAME) $(CP) $(ICCDLL_NAME) $@ - #- Compile the ICC shared library main source -icclib$(OBJSUFX): icclib.c loaded.c loaded.h \ - $(SDK_DIR)/iccglobals.h platform.h iccversion.h \ - platfsl.h iccerr.h $(TRNG_DIR)/ICC_NRBG.h tracer.h +icclib$(OBJSUFX): Makefile icclib.c loaded.c loaded.h iccglobals.h platform.h iccversion.h \ + platfsl.h iccerr.h $(TRNG_DIR)/ICC_NRBG.h tracer.h icc.h icc_a.h extsig.h $(SDK_DIR)/mystdint.h $(CC) $(CFLAGS) -DOPSYS="\"$(OPSYS)\"" -DICCDLL_NAME="\"$(ICCDLL_NAME)\"" -DMYNAME=icclib$(VTAG) \ - -DINSTDIR=\""$(GSK_GLOBAL)"\" -I../$(ZLIB) \ - -I./ -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) icclib.c - + -DINSTDIR=\""$(GSK_GLOBAL)"\" $(PQCINC) -I./ -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) icclib.c # Code specifically for Java/JCEPlus @@ -500,7 +980,7 @@ OS_helpers$(OBJSUFX): OS_helpers.c #- Note some platforms, SUN_SOL8/SUN64 AIX/AIX64 need added assembler tweaks # which affect timer_entropy.c # -TRNG_HDRS = -I./ -I../$(ZLIB) -I $(SDK_DIR) -I $(OSSLINC_DIR) -I$(TRNG_DIR) -I$(API_DIR) +TRNG_HDRS = -I./ -I$(ICC_ROOT)/$(ZLIB) -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(TRNG_DIR) -I$(API_DIR) TRNG_OBJS = timer_entropy$(OBJSUFX) timer_fips$(OBJSUFX) \ personalise$(OBJSUFX) nist_algs$(OBJSUFX) noise_to_entropy$(OBJSUFX) \ @@ -548,6 +1028,11 @@ entropy_to_NRBG$(OBJSUFX): $(TRNG_DIR)/entropy_to_NRBG.c \ entropy_estimator$(OBJSUFX): $(TRNG_DIR)/entropy_estimator.c $(TRNG_DIR)/entropy_estimator.h $(CC) $(CFLAGS) $(TRNG_HDRS) $(TRNG_DIR)/entropy_estimator.c +# Unused +minibuf$(OBJSUFX): $(TRNG_DIR)/minibuf.c $(TRNG_DIR)/minibuf.h + $(CC) $(CFLAGS) $(TRNG_HDRS) $(TRNG_DIR)/minibuf.c + + MINIMAL$(OBJSUFX): $(TRNG_DIR)/MINIMAL.c $(TRNG_DIR)/MINIMAL.h $(TRNG_DIR)/timer_entropy.h $(CC) $(CFLAGS) $(TRNG_HDRS) $(TRNG_DIR)/MINIMAL.c @@ -593,26 +1078,22 @@ nist_algs$(EXESUFX): nist_algs1$(OBJSUFX) #- stand alone signing tool privkey.rsa: - $(OPENSSL_PATH_SETUP) $(MYOPENSSL) genrsa -out privkey.rsa 2048 + $(OPENSSL_PATH_SETUP) $(REALOPENSSL) genrsa -out privkey.rsa 2048 pubkey.h: privkey.rsa - $(OPENSSL_PATH_SETUP) $(MYOPENSSL) rsa -in privkey.rsa -outform DER -RSAPublicKey_out > rsa_pub_key.der + $(OPENSSL_PATH_SETUP) $(REALOPENSSL) rsa -in privkey.rsa -outform DER -RSAPublicKey_out > rsa_pub_key.der echo "/*This is an auto generated code please DO NOT modify*/" > pubkey.h - perl $(ICC_ROOT)/icc/bin2hex.pl rsa_pub_key.der temp.h + perl bin2hex.pl rsa_pub_key.der temp.h cat temp.h >> pubkey.h - echo pubkey.h - cat pubkey.h rm temp.h rsa_pub_key.der signer$(OBJSUFX): extsig.c $(CC) -DSTANDALONE -DOPSYS=\"$(OPSYS)\" $(CFLAGS) -I$(OSSLINC_DIR) extsig.c $(OUT)$@ -signer: signer$(OBJSUFX) - $(LD) $(LDFLAGS) signer$(OBJSUFX) $(SLIBCRYPTO) $(LDLIBS) - -signer.exe: signer$(OBJSUFX) tmp/tmp/dummyfile $(SLIBCRYPTO) +signer$(EXESUFX): signer$(OBJSUFX) $(SLIBCRYPTO) $(LD) $(LDFLAGS) signer$(OBJSUFX) $(SLIBCRYPTO) $(LDLIBS) +# ref tools.mk icclib_sa uses extsig.o extsig$(OBJSUFX): extsig.c $(CC) $(CFLAGS) -I$(SDK_DIR) -I$(OSSLINC_DIR) extsig.c @@ -633,23 +1114,23 @@ fips-prng-err$(OBJSUFX): $(PRNG_DIR)/fips-prng-err.c $(PRNG_DIR)/fips-prng-err.h $(CC) $(CFLAGS) -I$(OSSLINC_DIR) -I$(OSSL_DIR) $(PRNG_DIR)/fips-prng-err.c fips-prng-RAND$(OBJSUFX): $(PRNG_DIR)/fips-prng-RAND.c $(PRNG_DIR)/fips-prng-RAND.h $(PRNG_DIR)/fips-prng-err.h icclib.h - $(CC) $(CFLAGS) -I./ -I$(TRNG_DIR) -I../$(ZLIB) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) $(PRNG_DIR)/fips-prng-RAND.c + $(CC) $(CFLAGS) -I./ -I$(TRNG_DIR) -I$(ICC_ROOT)/$(ZLIB) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) $(PRNG_DIR)/fips-prng-RAND.c SP800-90$(OBJSUFX): $(PRNG_DIR)/SP800-90.c $(PRNG_DIR)/ds.h \ $(PRNG_DIR)/SP800-90.h $(PRNG_DIR)/SP800-90i.h - $(CC) $(CFLAGS) -I./ -I../$(ZLIB) -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) $(PRNG_DIR)/SP800-90.c + $(CC) $(CFLAGS) -I./ -I$(ICC_ROOT)/$(ZLIB) -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) $(PRNG_DIR)/SP800-90.c SP800-90HashData$(OBJSUFX): $(PRNG_DIR)/SP800-90HashData.c \ $(PRNG_DIR)/SP800-90.h $(PRNG_DIR)/SP800-90i.h - $(CC) $(CFLAGS) -I./ -I../$(ZLIB) -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) $(PRNG_DIR)/SP800-90HashData.c + $(CC) $(CFLAGS) -I./ -I$(ICC_ROOT)/$(ZLIB) -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) $(PRNG_DIR)/SP800-90HashData.c SP800-90Cipher$(OBJSUFX): $(PRNG_DIR)/SP800-90Cipher.c \ $(PRNG_DIR)/SP800-90.h $(PRNG_DIR)/SP800-90i.h - $(CC) $(CFLAGS) -I./ -I../$(ZLIB) -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) $(PRNG_DIR)/SP800-90Cipher.c + $(CC) $(CFLAGS) -I./ -I$(ICC_ROOT)/$(ZLIB) -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) $(PRNG_DIR)/SP800-90Cipher.c SP800-90HMAC$(OBJSUFX): $(PRNG_DIR)/SP800-90HMAC.c \ $(PRNG_DIR)/SP800-90.h $(PRNG_DIR)/SP800-90i.h - $(CC) $(CFLAGS) -I./ -I../$(ZLIB) -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) $(PRNG_DIR)/SP800-90HMAC.c + $(CC) $(CFLAGS) -I./ -I$(ICC_ROOT)/$(ZLIB) -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) $(PRNG_DIR)/SP800-90HMAC.c ds$(OBJSUFX): $(PRNG_DIR)/ds.c $(PRNG_DIR)/ds.h $(CC) $(CFLAGS) -I./ -I$(PRNG_DIR) $(PRNG_DIR)/ds.c @@ -674,15 +1155,16 @@ platform$(OBJSUFX): platform.c platform.h platfsl$(OBJSUFX): platfsl.c platfsl.h platform.h $(CC) $(CFLAGS) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I./ -I$(SDK_DIR)/ platfsl.c +# ICCLIB_LINK is never defined. #- Build ICC static library stub $(STLPRFX)icc$(STLSUFX): $(MYICC)$(OBJSUFX) $(AR) $(ARFLAGS) $(MYICC)$(OBJSUFX) $(ICCLIB_LINK) -# Copy the ICC static library stub to the sdk dmake OPSYS=${OPSYS} icc;irectory +# Copy the ICC static library stub to the sdk directory # Done this way so we can build fat libs on OS/X without circular dependencies -$(ICCLIB): $(SDK_DIR) $(STLPRFX)icc$(STLSUFX) - $(CP) $(STLPRFX)icc$(STLSUFX) $@ +$(ICCLIB_SDK): $(ICCLIB) $(SDK_DIR) + $(CP) $< $@ #- Compile the ICC static stub library source @@ -694,8 +1176,13 @@ $(ICCLIB): $(SDK_DIR) $(STLPRFX)icc$(STLSUFX) $(MYICC).c: icc.c $(CP) icc.c $@ -$(MYICC)$(OBJSUFX): $(MYICC).c $(SDK_DIR)/icc.h $(SDK_DIR)/icc_a.h platform.h iccversion.h - $(CC) $(CFLAGS) $(SDKFLAGS) -I./ -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(SDK_DIR) $(MYICC).c $(OUT)$@ +$(MYICC)$(OBJSUFX): $(MYICC).c icc_a.c icc.h icc_a.h platform.h iccversion.h + $(CC) $(CFLAGS) $(SDKFLAGS) -I./ -I$(OSSLINC_DIR) -I$(OSSL_DIR) $(MYICC).c $(OUT)$@ + +# Notes: +# ICCLIB is the ICC module static library +# This icctest is different from iccpkg/icctest which links to the step library +# icc_test/Makefile looks for ICCTEST_BUILT as a pre-req to running tests #- Build ICC test executables $(ICCTEST): $(ICCDLL) $(ICCLIB) icctest$(OBJSUFX) @@ -704,18 +1191,24 @@ $(ICCTEST): $(ICCDLL) $(ICCLIB) icctest$(OBJSUFX) #- Compile the ICC test code source -icctest$(OBJSUFX): icctest.c $(SDK_DIR)/icc.h $(SDK_DIR)/icc_a.h $(SDK_DIR)/iccglobals.h - $(CC) $(CFLAGS) -I./ -I $(SDK_DIR) icctest.c - +icctest$(OBJSUFX): icctest.c icc.h icc_a.h iccglobals.h + $(CC) $(CFLAGS) -I./ icctest.c +# libcrypto.sl.1.1.1 is another alias - usually libcrypto.sl.1.1 +# probably not used - ignore error $(OSSLOBJ_DIR)/$(SHLPRFX)crypto$(SHLSUFX).$(OPENSSL_LIBVER): Build_OSSL_Complete $(RM) $@ -ln -s $(OSSLOBJ_DIR)/$(SHLPRFX)crypto$(SHLSUFX) $@ +# this is in WIN_like.mk - probably should be here instead +#$(ICC_ROOT)/$(OPENSSL_VER)/apps/openssl$(OBJSUFX): $(ICC_ROOT)/$(OPENSSL_VER)/apps/openssl.c +# $(BUILD_OSSL) + # # Bail if the directory isn't present - checked via the Configure script +# BUILD_OSSL is coming from icc_defs.mk It is the ./Configure command to build openssl # Build_OSSL_Complete: $(OSSL_DIR)/Configure $(BUILD_OSSL) @@ -728,14 +1221,6 @@ Build_OSSL_Complete: $(OSSL_DIR)/Configure $(SLIBCRYPTO): Build_OSSL_Complete $(OSSLOBJ_DIR)/$(SHLPRFX)crypto$(SHLSUFX).$(OPENSSL_LIBVER) -#- Make directory for OpenSSL shared library -$(RTE_DIR)/osslib: $(RTE_DIR) - $(MKDIR) $@ - -#- Make directory for OpenSSL shared library -$(RTE_DIR)/icclib: $(RTE_DIR) - $(MKDIR) $@ - $(RTE_DIR)/ReadMe.txt: $(RTE_DIR) ICC_ReadMe.txt $(CP) ICC_ReadMe.txt $@ chmod +w $@ @@ -746,9 +1231,13 @@ $(NOSHIP_RTE_DIR)/ReadMe.txt: ICC_ReadMe.txt chmod +w $@ -cat $(OSSL_DIR)/LICENSE >> $@ -#- Make ICC RTE directory -$(RTE_DIR): - $(MKDIR) $@ +#$(RTE_DIR)/Standard_International_Program_License_Agreement.pdf: $(RTE_DIR) Standard_International_Program_License_Agreement.pdf +# $(CP) Standard_International_Program_License_Agreement.pdf $@ +# chmod +w $@ +# +#$(NOSHIP_RTE_DIR)/Standard_International_Program_License_Agreement.pdf: Standard_International_Program_License_Agreement.pdf +# $(CP) Standard_International_Program_License_Agreement.pdf $@ +# chmod +w $@ #- Assist in debugging Makefiles, show config. Also useful for build. @@ -761,6 +1250,8 @@ show_config: echo "BUILD = " "$(BUILD)" echo "ZLIB = " "$(ZLIB)" echo "XPLINK = " "$(XPLINK)" + echo "PQC_TARGET = " "$(PQC_TARGET)" + echo "ARGON = " "$(ARGON)" echo "========== Directories ============" echo "PACKAGE_DIR = " "$(PACKAGE_DIR)" echo "RTE_DIR = " "$(RTE_DIR)" @@ -774,12 +1265,14 @@ show_config: echo "ICCDLL_NAME = " $(ICCDLL_NAME) echo "ICCDLL = " $(ICCDLL) echo "ICCLIB = " $(ICCLIB) + echo "ICCLIB_SDK = " $(ICCLIB_SDK) echo "OSSLLIB = " $(OSSLLIB) echo "ICCTEST = " $(ICCTEST) echo "PRNGTST1 = " $(PRNGTST1) echo "PRNGTST2 = " $(PRNGTST2) echo "ICCSDK = " $(ICCSDK) echo "ICCRTE = " $(ICCRTE) + echo "MUPPET = " $(MUPPET) echo echo "From platforms.mk" echo "========= System utils ============" @@ -839,10 +1332,16 @@ show_config: echo "EXTRAS = " "$(EXTRAS)" echo "TARGETS = " "$(TARGETS)" echo "MANIFESTS = " "$(MANIFESTS)" + echo "CAVSON = " "$(CAVSON)" + echo "CAVSBVT = " "$(CAVSBVT)" echo show_ossl: - echo "E_OBJ = " "$(E_OBJ)" - echo "ASM_OBJS = " "$(ASM_OBJS)" - echo "SLIBCRYPTO = " "$(SLIBCRYPTO)" - echo "SLIBSSL = " "$(SLIBSSL)" + @echo "E_OBJ = " "$(E_OBJ)" + @echo "ASM_OBJS = " "$(ASM_OBJS)" + @echo "SLIBCRYPTO = " "$(SLIBCRYPTO)" + @echo "SLIBSSL = " "$(SLIBSSL)" + @echo REALOPENSSL = "$(REALOPENSSL)" + @echo MYOPENSSL = "$(MYOPENSSL)" + @echo OPENSSL_PATH_SETUP = "$(OPENSSL_PATH_SETUP)" + diff --git a/icc/OS_helpers.c b/icc/OS_helpers.c index c34e084..360e2d4 100644 --- a/icc/OS_helpers.c +++ b/icc/OS_helpers.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/SP800_108/SP800-108.c b/icc/SP800_108/SP800-108.c index f525a30..54d9ca8 100644 --- a/icc/SP800_108/SP800-108.c +++ b/icc/SP800_108/SP800-108.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/SP800_108/SP800-108.h b/icc/SP800_108/SP800-108.h index 49c25f9..0a03649 100644 --- a/icc/SP800_108/SP800-108.h +++ b/icc/SP800_108/SP800-108.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/SP800_38F/SP80038F.c b/icc/SP800_38F/SP80038F.c index 0ef624a..63a34f9 100644 --- a/icc/SP800_38F/SP80038F.c +++ b/icc/SP800_38F/SP80038F.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -206,7 +206,7 @@ static int KW(unsigned char *in, int inl, unsigned char *out, int *outl, unsigne } /* 2 to (2^54)-1 semiblocks */ if((sizeof(n) > 4) && (sizeof(long) > 4)) { -#if defined(WIN64) +#if defined(_WIN64) long long l = 0x40000000000000 - 1; #else long l = 0x40000000000000 - 1; @@ -339,7 +339,7 @@ static int KU(unsigned char *in, int inl, unsigned char *out, int *outl, unsigne KWX T[2]; KWX A; int bytes = 0; -#if defined(WIN64) +#if defined(_WIN64) long long l = 0; #else long l = 0; diff --git a/icc/SP800_38F/SP80038F.h b/icc/SP800_38F/SP80038F.h index 02556a1..76b6b69 100644 --- a/icc/SP800_38F/SP80038F.h +++ b/icc/SP800_38F/SP80038F.h @@ -1,8 +1,8 @@ /* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. */ /*! diff --git a/icc/TRNG/ICC_NRBG.c b/icc/TRNG/ICC_NRBG.c index 3e1e7c3..f9e07be 100644 --- a/icc/TRNG/ICC_NRBG.c +++ b/icc/TRNG/ICC_NRBG.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -363,12 +363,14 @@ static TRNG_ERRORS TRNG_ESourceInit(E_SOURCE *es,int e_exp) es->cnt = 0; if(NULL != es->impl.avail) { if( 0 == (es->impl.avail())) { + MARK("TRNG_ESourceInit:avail=", "fail"); debug(printf("TRNG_ESourceInit:avail=0\n")); rv = TRNG_INIT; } } if(TRNG_OK == rv) { if (1 != ht_Init(&(es->hti),e_exp)) { + MARK("ht_Init=", "fail"); rv = TRNG_INIT; } } @@ -384,8 +386,12 @@ static TRNG_ERRORS TRNG_ESourceInit(E_SOURCE *es,int e_exp) if (TRNG_OK == rv) { /* Run the optional per-type initialization */ if (NULL != es->impl.init) { - rv = (es->impl.init)(es,NULL,0); + if (0 != (es->impl.init)(es,NULL,0)) { + MARK("es->impl.init=", "fail"); + rv = TRNG_INIT; + } } else { + MARK("es->impl.init=", "NULL"); rv = TRNG_INIT; } } @@ -420,8 +426,6 @@ TRNG_TYPE GetDefaultTrng() defined(__INTEL__) || \ defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64)) && (!(defined(__SunOS) && !defined(__amd64)))) \ || \ - ( defined(__s390__) || defined(__MVS__)) \ - || \ ( defined(__ppc__) || defined(__powerpc__) || defined(_AIX)) \ ) if(!global_trng_type_attempted_upgrade) { @@ -444,7 +448,10 @@ TRNG_TYPE GetDefaultTrng() global_trng_type_attempted_upgrade = 1; } -#endif /*x86_64, z/architecture, power */ +#else /*x86_64, power */ +MARK("Not attempting to automatically upgrade to TRNG_HW on this platform", ""); +#endif /* platforms that won't try HW, such as z/architecture */ + #endif /*non-FIPS*/ return global_trng_type; } diff --git a/icc/TRNG/ICC_NRBG.h b/icc/TRNG/ICC_NRBG.h index 7314e64..005cc17 100644 --- a/icc/TRNG/ICC_NRBG.h +++ b/icc/TRNG/ICC_NRBG.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/Makefile b/icc/TRNG/Makefile index bb34739..e3e45aa 100644 --- a/icc/TRNG/Makefile +++ b/icc/TRNG/Makefile @@ -22,11 +22,12 @@ # #****************************************************************************** +ICC_ROOT=../.. #-- Directories ICC_INC_DIR = ../ ICC_PRNG_DIR = -OPENSSL_INC_DIR = ../../openssl-1.0.1/include/ +OPENSSL_INC_DIR = $(ICC_ROOT)/openssl-1.0.1/include/ HDRS = -I ./ -I $(ICC_INC_DIR) -I $(OPENSSL_INC_DIR) -I../fips-prng diff --git a/icc/TRNG/SP800-90TRNG.c b/icc/TRNG/SP800-90TRNG.c index 219febb..d6b70b5 100644 --- a/icc/TRNG/SP800-90TRNG.c +++ b/icc/TRNG/SP800-90TRNG.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/TRNG_ALT.c b/icc/TRNG/TRNG_ALT.c index 3255355..b0b2b6d 100644 --- a/icc/TRNG/TRNG_ALT.c +++ b/icc/TRNG/TRNG_ALT.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/TRNG_ALT.h b/icc/TRNG/TRNG_ALT.h index 810d946..50091d1 100644 --- a/icc/TRNG/TRNG_ALT.h +++ b/icc/TRNG/TRNG_ALT.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/TRNG_ALT4.c b/icc/TRNG/TRNG_ALT4.c index 9a3f0f2..29904fa 100644 --- a/icc/TRNG/TRNG_ALT4.c +++ b/icc/TRNG/TRNG_ALT4.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -17,7 +17,7 @@ entropy */ -#include +/*#include */ #include "platform.h" #include "TRNG/nist_algs.h" #include "TRNG/timer_entropy.h" diff --git a/icc/TRNG/TRNG_ALT4.h b/icc/TRNG/TRNG_ALT4.h index 91581a5..fbb20cf 100644 --- a/icc/TRNG/TRNG_ALT4.h +++ b/icc/TRNG/TRNG_ALT4.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/TRNG_FIPS.c b/icc/TRNG/TRNG_FIPS.c index 9b861e1..cca4f25 100644 --- a/icc/TRNG/TRNG_FIPS.c +++ b/icc/TRNG/TRNG_FIPS.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/TRNG_FIPS.h b/icc/TRNG/TRNG_FIPS.h index 9990ef5..8628112 100644 --- a/icc/TRNG/TRNG_FIPS.h +++ b/icc/TRNG/TRNG_FIPS.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/entropy_estimator.c b/icc/TRNG/entropy_estimator.c index e2f31bf..3d7e831 100644 --- a/icc/TRNG/entropy_estimator.c +++ b/icc/TRNG/entropy_estimator.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/entropy_estimator.h b/icc/TRNG/entropy_estimator.h index 7f9e697..41db0d0 100644 --- a/icc/TRNG/entropy_estimator.h +++ b/icc/TRNG/entropy_estimator.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/entropy_to_NRBG.c b/icc/TRNG/entropy_to_NRBG.c index cebf6f4..8400d91 100644 --- a/icc/TRNG/entropy_to_NRBG.c +++ b/icc/TRNG/entropy_to_NRBG.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/entropy_to_NRBG.h b/icc/TRNG/entropy_to_NRBG.h index c5a5d49..7fed375 100644 --- a/icc/TRNG/entropy_to_NRBG.h +++ b/icc/TRNG/entropy_to_NRBG.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/entropy_to_NRBGi.h b/icc/TRNG/entropy_to_NRBGi.h index a23012e..4e0bf98 100644 --- a/icc/TRNG/entropy_to_NRBGi.h +++ b/icc/TRNG/entropy_to_NRBGi.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/ext_filter.c b/icc/TRNG/ext_filter.c index 090a755..43d9c61 100644 --- a/icc/TRNG/ext_filter.c +++ b/icc/TRNG/ext_filter.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/looper.h b/icc/TRNG/looper.h index 7c4bdd9..3177b68 100644 --- a/icc/TRNG/looper.h +++ b/icc/TRNG/looper.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/nist_algs.c b/icc/TRNG/nist_algs.c index 7de54ef..3f8687e 100644 --- a/icc/TRNG/nist_algs.c +++ b/icc/TRNG/nist_algs.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/nist_algs.h b/icc/TRNG/nist_algs.h index 0cb53c3..e654c10 100644 --- a/icc/TRNG/nist_algs.h +++ b/icc/TRNG/nist_algs.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/noise_to_entropy.c b/icc/TRNG/noise_to_entropy.c index 096aefd..1d03194 100644 --- a/icc/TRNG/noise_to_entropy.c +++ b/icc/TRNG/noise_to_entropy.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -76,8 +76,8 @@ int trng_raw(E_SOURCE *E, while (len > 0) { - /* Try to gather data with sufficient entropy, if we can't eventually - time out and die. We read a buffer at a time, optomistically copy + /* Try to gather data with sufficient entropy, if we can't we shutdown. + We read a buffer at a time, optimistically copy data when it passes the health tests, refill buffer if we didn't get enough 'good' data */ diff --git a/icc/TRNG/noise_to_entropy.h b/icc/TRNG/noise_to_entropy.h index 9b7bf1e..78d2327 100644 --- a/icc/TRNG/noise_to_entropy.h +++ b/icc/TRNG/noise_to_entropy.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/personalise.c b/icc/TRNG/personalise.c index 448158d..f6d9596 100644 --- a/icc/TRNG/personalise.c +++ b/icc/TRNG/personalise.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/sampler.c b/icc/TRNG/sampler.c index 887d4eb..219614f 100644 --- a/icc/TRNG/sampler.c +++ b/icc/TRNG/sampler.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/stats.c b/icc/TRNG/stats.c index 92bab6b..e5cd4a9 100644 --- a/icc/TRNG/stats.c +++ b/icc/TRNG/stats.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/stats.h b/icc/TRNG/stats.h index 796ffbc..30f735c 100644 --- a/icc/TRNG/stats.h +++ b/icc/TRNG/stats.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/timer_entropy.c b/icc/TRNG/timer_entropy.c index 62eb151..9ded610 100644 --- a/icc/TRNG/timer_entropy.c +++ b/icc/TRNG/timer_entropy.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -253,7 +253,7 @@ ICC_UINT64 RdCTR_raw() /* START Windows 32 bit (ia32) */ -#elif defined(_WIN32) && !defined(WIN64) +#elif defined(_WIN32) && !defined(_WIN64) /* Windows on ia32 rdtsc , well this isn't QUITE right, but we only support x86 and itanium currently @@ -266,7 +266,7 @@ ICC_UINT64 RdCTR_raw() } /* END Windows on ia32 */ /* Start Windows 64 on x86 */ -#elif defined(WIN64) && !defined(_IA64_) +#elif defined(_WIN64) && !defined(_IA64_) #include #include ICC_UINT64 RdCTR_raw() diff --git a/icc/TRNG/timer_entropy.h b/icc/TRNG/timer_entropy.h index 1e67d9f..7395115 100644 --- a/icc/TRNG/timer_entropy.h +++ b/icc/TRNG/timer_entropy.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/TRNG/timer_fips.c b/icc/TRNG/timer_fips.c index 1073a92..769e054 100644 --- a/icc/TRNG/timer_fips.c +++ b/icc/TRNG/timer_fips.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -395,7 +395,7 @@ int FIPS_getbytes(E_SOURCE *E, unsigned char *buffer, int len) if(0 != ht(&(E->hti),buffer) ) { ecount++; TF->done = 0; - len = 0; + count = 0; } } if(ecount > MAX_HT_FAIL) { diff --git a/icc/TRNG/timer_fips.h b/icc/TRNG/timer_fips.h index 58ac5f1..98624b2 100644 --- a/icc/TRNG/timer_fips.h +++ b/icc/TRNG/timer_fips.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/callbacks_pkey.c b/icc/callbacks_pkey.c index 9269860..48825b0 100644 --- a/icc/callbacks_pkey.c +++ b/icc/callbacks_pkey.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/extsig.c b/icc/extsig.c index 00489b3..e9fb21f 100644 --- a/icc/extsig.c +++ b/icc/extsig.c @@ -1,15 +1,14 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ -/************************************************************************* +/* // Description: Checking own signature against external signature file -// -*************************************************************************/ +*/ /* File format # Comments @@ -649,7 +648,7 @@ static void usage(char *pname, char *str) { printf("usage:\t %s sigfile keyfile [-v(erify)] [-SELF] [-FILE file] " "[\"X=Y\"] ...[\"Z=K\"]\n", pname); - printf("OR:\t$s sigfile keyfile -v(erify) -FILE file\n"); + printf("OR:\t%s sigfile keyfile -v(erify) -FILE file\n", pname); if (NULL != str) { printf("\t\tError:%s\n", str); } @@ -675,7 +674,7 @@ int main(int argc, char *argv[]) { char *tptr = NULL; char *pptr = NULL; EVP_PKEY *rsakey = NULL; - char *tweaks[MAXTWEAKS]; /* Seriously, more than twenty ? */ + char *tweaks[MAXTWEAKS]; int i = 0, j = 0; int signself = 0; int verify = 0; @@ -699,10 +698,18 @@ int main(int argc, char *argv[]) { exit(1); } - OPENSSL_init_crypto( + { + int rc = 0; + rc = OPENSSL_init_crypto( OPENSSL_INIT_NO_LOAD_CONFIG | OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_ADD_ALL_CIPHERS, NULL); + if (rc != 1) { + usage("OpenSSL", "OPENSSL_init_crypto"); + exit(1); + } + ERR_load_crypto_strings(); + } /* Step through and pick up anything else */ for (i = 3; i < argc; i++) { @@ -765,10 +772,10 @@ int main(int argc, char *argv[]) { case 0: printf("Binary file %s verified O.K.\n", bname); printf("Signature file verified O.K.\n"); - for (i = 0; i < 20; i++) { + for (i = 0; i < MAXTWEAKS; i++) { if (tweaks[i] != NULL) { if (i == 0) { - printf("Global settings\n"); + printf("Global Settings\n"); } printf("\t%s\n", tweaks[i]); } @@ -839,6 +846,8 @@ int main(int argc, char *argv[]) { fseek(bfile, 0L, SEEK_SET); len = GenSig(bfile, signB, rsakey, 0); if (len <= 0) { + printf("Error: GenSig: %d\n", len); + printf("OpenSSL Error: %s\n", ERR_error_string(ERR_get_error(), NULL)); usage(argv[0], "Failed to generate signature"); exit(1); } diff --git a/icc/extsig.h b/icc/extsig.h index c717ede..3f9be62 100644 --- a/icc/extsig.h +++ b/icc/extsig.h @@ -1,15 +1,14 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ -/************************************************************************* +/* // Description: Header for shared functions -// -*************************************************************************/ +*/ #if defined(_WIN32) #define EOL "\r\n" diff --git a/icc/filesize.c b/icc/filesize.c index b419c95..bfdd500 100644 --- a/icc/filesize.c +++ b/icc/filesize.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/fips-prng/SP800-90.c b/icc/fips-prng/SP800-90.c index 996944b..cffbddc 100644 --- a/icc/fips-prng/SP800-90.c +++ b/icc/fips-prng/SP800-90.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/fips-prng/SP800-90.h b/icc/fips-prng/SP800-90.h index c7e7cf2..b071e7b 100644 --- a/icc/fips-prng/SP800-90.h +++ b/icc/fips-prng/SP800-90.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/fips-prng/SP800-90Cipher.c b/icc/fips-prng/SP800-90Cipher.c index 4377b40..15adc0f 100644 --- a/icc/fips-prng/SP800-90Cipher.c +++ b/icc/fips-prng/SP800-90Cipher.c @@ -1,16 +1,12 @@ -/************************************************************************* + +/* // Copyright IBM Corp. 2023 -// -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. -*************************************************************************/ - -/************************************************************************* -// Description: Data tables for SP800-90 Cipher based PRNG structures and self -//test -// -*************************************************************************/ +*/ +/* Description: Data tables for SP800-90 Cipher based PRNG structures and self test +*/ #include "icclib.h" #include "ds.h" diff --git a/icc/fips-prng/SP800-90HMAC.c b/icc/fips-prng/SP800-90HMAC.c index 948c825..83f050f 100644 --- a/icc/fips-prng/SP800-90HMAC.c +++ b/icc/fips-prng/SP800-90HMAC.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/fips-prng/SP800-90HashData.c b/icc/fips-prng/SP800-90HashData.c index e02ee30..f2d01c0 100644 --- a/icc/fips-prng/SP800-90HashData.c +++ b/icc/fips-prng/SP800-90HashData.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/fips-prng/SP800-90i.h b/icc/fips-prng/SP800-90i.h index f2f661f..6b0f1d7 100644 --- a/icc/fips-prng/SP800-90i.h +++ b/icc/fips-prng/SP800-90i.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/fips-prng/ds.c b/icc/fips-prng/ds.c index 5ce784d..61be1f1 100644 --- a/icc/fips-prng/ds.c +++ b/icc/fips-prng/ds.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/fips-prng/ds.h b/icc/fips-prng/ds.h index 9334d72..f847b19 100644 --- a/icc/fips-prng/ds.h +++ b/icc/fips-prng/ds.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/fips-prng/fips-prng-RAND.c b/icc/fips-prng/fips-prng-RAND.c index 22f283d..1c4baf0 100644 --- a/icc/fips-prng/fips-prng-RAND.c +++ b/icc/fips-prng/fips-prng-RAND.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/fips-prng/fips-prng-RAND.h b/icc/fips-prng/fips-prng-RAND.h index 4789bbd..1ed074f 100644 --- a/icc/fips-prng/fips-prng-RAND.h +++ b/icc/fips-prng/fips-prng-RAND.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/fips-prng/fips-prng-err.c b/icc/fips-prng/fips-prng-err.c index cd15fa2..22fae99 100644 --- a/icc/fips-prng/fips-prng-err.c +++ b/icc/fips-prng/fips-prng-err.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/fips-prng/fips-prng-err.h b/icc/fips-prng/fips-prng-err.h index 625dd5d..969c8be 100644 --- a/icc/fips-prng/fips-prng-err.h +++ b/icc/fips-prng/fips-prng-err.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/fips-prng/utils.c b/icc/fips-prng/utils.c index 81933c3..38ee48b 100644 --- a/icc/fips-prng/utils.c +++ b/icc/fips-prng/utils.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/fips-prng/utils.h b/icc/fips-prng/utils.h index 566e27b..c863821 100644 --- a/icc/fips-prng/utils.h +++ b/icc/fips-prng/utils.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/fips.c b/icc/fips.c index 4f49ef9..508e0d1 100644 --- a/icc/fips.c +++ b/icc/fips.c @@ -1,8 +1,8 @@ /************************************************************************* -// Copyright IBM Corp. 2023 +// Copyright IBM Corp. 2025 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -384,11 +384,11 @@ static const unsigned char DSA_sig[] = { /** \known Data: Broken DSA signature generated by DSA_key - broken RNG */ static const unsigned char DSA_sig_broken[] = { - 0x30,0x44,0x02,0x20,0x5E,0x50,0x6A,0xD7,0xAB,0x5B,0x9E,0x78,0x0C,0xB7,0x25,0x40, - 0xEB,0x04,0xB7,0x1D,0xF5,0x2C,0x1C,0x9D,0xDD,0x18,0xA4,0xBB,0x38,0x06,0xDF,0x08, - 0x0A,0x86,0x32,0xB9,0x02,0x20,0x1F,0x30,0xD4,0x4A,0xBC,0xF1,0x57,0x58,0xFF,0xB4, - 0x6D,0xC8,0x49,0x16,0x64,0x59,0x91,0x30,0xC1,0x24,0x45,0x9B,0x2E,0xD6,0xC9,0x89, - 0x33,0x2F,0x86,0x47,0x22,0xEF + 0x30,0x46,0x02,0x21,0x00,0x96,0x0C,0x50,0xF6,0x36,0x9F,0x83,0x27,0x79,0xD5,0xFB, + 0xCC,0xAC,0x87,0xB0,0x3E,0xFD,0x34,0xCE,0xD2,0xED,0x41,0x29,0xD0,0x3B,0xA4,0xC8, + 0x3B,0xBE,0x9F,0x9A,0xEA,0x02,0x21,0x00,0x82,0x7C,0xE8,0xEB,0xE7,0x2E,0xF4,0x49, + 0xB2,0x85,0x24,0x46,0x4E,0x89,0xEC,0x0F,0xFD,0xF0,0x24,0x03,0xC7,0xF0,0xF4,0x9D, + 0x38,0x14,0x67,0xB1,0xA8,0x42,0x4D,0x8C }; @@ -540,8 +540,7 @@ static const unsigned char RSA_PKCS_sig[] = { 0x7C, 0x5E, 0x96, 0xF1, 0x3D, 0x72, 0x82, 0xD8, 0xB4, 0x30, 0xCA, 0x58, 0x9A, 0x54, 0x48, 0x1E, 0x2C, 0x2D, 0x15, 0x1A, 0x4F, 0xB3, 0x22, 0xB3, 0x89, 0xD1, 0xDE, 0x32, 0x97, 0x51, 0xAB, 0x28, 0xF7, 0x6E, 0x37, 0xD1, 0xCE, 0x39, 0x53, 0xDA, 0x3D, 0x0E, 0x10, 0x56, 0x05, 0x02, 0x5B, 0xA3, - 0xFE, 0xA1, 0x0E, 0xF7, 0x15, 0x68, 0x28, 0x73, 0xBB, 0x20, 0xA0, 0xA2, 0x33, 0x30, 0x8F, 0x0C - + 0xFE,0xA1,0x0E,0xF7,0x15,0x68,0x28,0x73,0xBB,0x20,0xA0,0xA2,0x33,0x30,0x8F,0x0C, }; static const unsigned char RSA_PSS_sig[] = { 0x13, 0x48, 0x2D, 0x92, 0x5F, 0x3E, 0x48, 0x50, 0xDD, 0x76, 0x3F, 0x59, 0x46, 0x44, 0xC2, 0x26, @@ -561,22 +560,23 @@ static const unsigned char RSA_PSS_sig[] = { 0x22, 0xBE, 0x68, 0x8E, 0x69, 0x1F, 0x99, 0x4B, 0x6D, 0xB6, 0xDE, 0x27, 0xE9, 0x2F, 0x0E, 0x4D, 0x4E, 0x54, 0x23, 0xA7, 0x18, 0xFF, 0x4D, 0xDB, 0x53, 0xD9, 0x4A, 0x53, 0x7A, 0x27, 0xDB, 0x11}; static const unsigned char RSA_PSS_sig_broken[] = { - 0x8C, 0xB3, 0x4D, 0x28, 0x0F, 0xB8, 0x10, 0xFE, 0x56, 0x08, 0xEF, 0x22, 0x3E, 0xC6, 0x39, 0xDD, - 0x93, 0x9B, 0x13, 0x26, 0xC2, 0x18, 0x3D, 0x36, 0xB4, 0x09, 0x5D, 0x4D, 0x23, 0x97, 0xA7, 0x3F, - 0x9C, 0x6D, 0xEB, 0x48, 0x44, 0xF9, 0x40, 0xA8, 0x84, 0xA1, 0xC0, 0x87, 0x4E, 0xEB, 0x2C, 0xAF, - 0x83, 0x50, 0xEB, 0x19, 0x8A, 0x14, 0xEB, 0xF1, 0x7F, 0xF2, 0x48, 0x15, 0x54, 0xEB, 0xFE, 0xCE, - 0x9B, 0x39, 0xDF, 0x29, 0x04, 0xEA, 0xD8, 0x74, 0xFF, 0x9B, 0x4A, 0x8B, 0x29, 0x93, 0x79, 0x7B, - 0xC0, 0x73, 0xD6, 0xF1, 0x37, 0x23, 0x84, 0xF1, 0x53, 0xE9, 0xC0, 0xCF, 0xA2, 0x5F, 0xF6, 0x23, - 0xD9, 0xFC, 0x23, 0x9E, 0xEA, 0xCE, 0x4B, 0x62, 0xD6, 0xA5, 0x57, 0x61, 0xFA, 0xE6, 0x27, 0xBF, - 0xE0, 0x27, 0xC4, 0x33, 0x88, 0x35, 0x05, 0x05, 0x06, 0x9A, 0x00, 0x6E, 0xB6, 0xC0, 0xDD, 0x01, - 0x14, 0x86, 0x78, 0xAF, 0x27, 0x24, 0x19, 0x7A, 0xB3, 0x86, 0xB7, 0x93, 0x27, 0xC3, 0xC0, 0x89, - 0x1E, 0xAF, 0xFF, 0xA3, 0xF8, 0xF0, 0x21, 0x97, 0xF7, 0xCD, 0x51, 0xD0, 0xF0, 0xE4, 0xBC, 0x9B, - 0x3C, 0x20, 0x15, 0xBB, 0x7A, 0x67, 0x66, 0x63, 0x3F, 0x98, 0x82, 0x27, 0x56, 0x1E, 0x83, 0x99, - 0x03, 0xA7, 0x20, 0x47, 0xF6, 0x3B, 0x6A, 0x04, 0x6A, 0x84, 0x36, 0x89, 0x88, 0xA6, 0x51, 0xC0, - 0xC0, 0x2D, 0xF0, 0xE0, 0xD4, 0xE5, 0xD1, 0xD8, 0x17, 0xFD, 0xEA, 0x2F, 0x25, 0xBA, 0xE8, 0xEF, - 0x3D, 0xA8, 0xAE, 0x38, 0xB8, 0x25, 0x59, 0x0D, 0xF8, 0x37, 0xD0, 0x7A, 0x88, 0x4B, 0x6B, 0x0E, - 0x51, 0x3F, 0xF5, 0x9F, 0x01, 0x8F, 0x70, 0xAE, 0x43, 0x36, 0xCF, 0x7A, 0x5B, 0xE0, 0x71, 0x9E, - 0x5B, 0xD0, 0xE9, 0xC4, 0x25, 0x5E, 0x63, 0xA1, 0xA0, 0xB8, 0x74, 0x17, 0xFD, 0x2D, 0x8E, 0xEC}; + 0x4B,0x03,0xC8,0xBC,0xE6,0x42,0xD5,0xA5,0x39,0x0F,0x94,0x32,0xC3,0x95,0x1B,0xC0, + 0x53,0xBA,0xDB,0x09,0xAA,0x26,0x4D,0xF8,0xD2,0x6A,0x4A,0xDA,0x71,0x1D,0x29,0xF5, + 0xC4,0x35,0x0D,0xF3,0x72,0xDD,0xF6,0x33,0xB0,0xC4,0xCE,0xFD,0x1B,0xCF,0x75,0x13, + 0x02,0xB8,0xB9,0x70,0x17,0x6F,0xD9,0x3F,0x00,0x59,0x79,0xF5,0x76,0xBF,0xEC,0xA7, + 0x49,0x91,0x62,0x3B,0x00,0x9F,0xEB,0x29,0x65,0x91,0x81,0x07,0x53,0x57,0x32,0x99, + 0xF8,0xB1,0xB9,0x58,0x34,0x52,0xD2,0xCC,0xED,0x49,0xD7,0x9A,0xF8,0xC8,0xD7,0xF1, + 0x00,0xEE,0x9A,0x49,0xC9,0xFD,0xB5,0x56,0xF4,0x4F,0x2D,0x65,0x6D,0x5C,0xF1,0xDA, + 0x53,0x9E,0x58,0xD1,0x54,0xE5,0x3C,0xEB,0xE1,0x01,0xCA,0x37,0xA9,0x22,0x5C,0x64, + 0x81,0x2A,0xBB,0xFF,0x6B,0xC1,0x06,0x3B,0x6B,0xDE,0x02,0x4F,0xC8,0xB4,0x02,0xEA, + 0xD9,0x8B,0x47,0x05,0x09,0xA4,0x4F,0x10,0xC3,0xE9,0x44,0xB2,0x22,0xEC,0xD2,0x09, + 0xA4,0x89,0x71,0xA1,0x1D,0x76,0x42,0x64,0xE3,0x05,0xB7,0x7F,0x51,0x2E,0xAE,0x4D, + 0x4E,0x60,0x11,0x94,0xEF,0x4A,0xF1,0x5F,0xB4,0xAD,0x46,0x9B,0x69,0xD9,0x15,0x2C, + 0x90,0x06,0xF4,0x2D,0x4B,0x30,0xC3,0x48,0xFF,0x11,0x89,0x2B,0x11,0xD3,0xB3,0x3E, + 0xBD,0x6C,0x5F,0xA2,0x4F,0x32,0xEF,0x57,0x19,0x11,0xFD,0xD9,0x6C,0x3C,0x50,0x54, + 0xD6,0x40,0x90,0x9E,0x4C,0x1F,0x31,0xCE,0xDA,0x3F,0x3A,0x5A,0x15,0xAB,0xEC,0xCC, + 0x3B,0xDD,0xC3,0x37,0x31,0x7E,0x7B,0xD4,0xBA,0xE6,0x93,0x7C,0xED,0x4D,0xA4,0x78, +}; /** \known Data: (rsa_privK_ka) RSA encrypt output */ static const unsigned char rsa_privK_ka[] = @@ -889,14 +889,13 @@ static const unsigned char EC_sig_P384[] = { */ static const unsigned char EC_sig_P384_broken[] = { -0x30,0x65,0x02,0x30,0x50,0x89,0xA9,0x06,0x4C,0xA4,0x92,0x12,0xBF,0xE5,0x43,0x4C, -0x82,0xF2,0x8D,0xE5,0x5A,0x93,0x57,0x9C,0xC2,0x60,0xAA,0x08,0xDE,0x59,0x72,0x99, -0x82,0x30,0x20,0xE0,0xB4,0x60,0x27,0x18,0x42,0xB9,0x73,0x24,0xD5,0xFF,0x46,0x10, -0xF1,0x8C,0x74,0x70,0x02,0x31,0x00,0xC3,0x9E,0x54,0x15,0x81,0xFD,0xFE,0x14,0xEC, -0x63,0x95,0x3B,0xAB,0x63,0x78,0x9B,0x31,0x5E,0xDF,0xB9,0x44,0xB0,0x80,0xD0,0x6A, -0xDC,0x90,0xF1,0xAC,0x41,0x36,0x0F,0x6D,0x1B,0x09,0x34,0xAD,0x5E,0xDA,0xD6,0xA0, -0xA3,0x4D,0xA9,0xA3,0x4E,0x0C,0x09 - + 0x30,0x65,0x02,0x31,0x00,0x92,0x82,0x64,0x26,0xE5,0xE1,0xB9,0xFA,0xF4,0x78,0xC0, + 0xEA,0xF5,0x67,0x87,0x8D,0xD8,0x1A,0x73,0xD4,0x3B,0xC0,0x3B,0x26,0x7B,0x03,0x5F, + 0x7E,0x2A,0x40,0x85,0x36,0x77,0xA5,0x35,0x5B,0xC0,0x73,0x1E,0xD3,0xAD,0xCE,0xEC, + 0x07,0xD6,0xB7,0xA7,0xDD,0x02,0x30,0x08,0x0F,0xC8,0x55,0x87,0x7D,0x51,0xAB,0xDF, + 0xFF,0x2F,0x59,0x51,0xCB,0x36,0x6B,0x2F,0x96,0xC0,0x5C,0xB4,0x68,0xC8,0x07,0xEC, + 0x2F,0x8E,0x7B,0x23,0xB2,0x05,0x25,0xA0,0x5D,0xC7,0x21,0x99,0xF0,0x6B,0x9E,0x6B, + 0x70,0x04,0x96,0x13,0xDF,0x01,0x75 }; /** \known Data: EC DER encoded Private key from NIST B-233 @@ -933,12 +932,10 @@ static const unsigned char EC_sig_B233[] = { */ static const unsigned char EC_sig_B233_broken[] = { -0x30,0x3F,0x02,0x1E,0x00,0xCB,0x10,0x70,0x11,0x07,0x94,0xD9,0x8C,0xC5,0xB3,0xF3, -0x35,0xA2,0xF8,0x6D,0x21,0x35,0xE4,0x4C,0x86,0x4B,0x56,0x25,0x99,0xCF,0x84,0xA8, -0x75,0x6F,0x02,0x1D,0x2A,0x74,0x1B,0xFE,0xD9,0x9F,0x3C,0x30,0xCA,0xD3,0x5A,0x59, -0xB6,0xCD,0x00,0x7A,0x0E,0x8E,0x0A,0x35,0x36,0xD9,0x1A,0xA8,0xE6,0xA0,0x9A,0x06, -0x4F - + 0x30,0x3E,0x02,0x1D,0x41,0x90,0x1B,0x50,0x91,0x3C,0x84,0x0F,0x40,0xFF,0x4F,0x0A, + 0x1C,0xFE,0xE2,0xB0,0x8D,0x64,0xAB,0xE6,0xD1,0x41,0x5F,0xA6,0x55,0x79,0xFA,0xBD, + 0xB2,0x02,0x1D,0x47,0x4B,0x19,0xC9,0x32,0x8F,0xFA,0x9C,0xF4,0x13,0xFC,0xB0,0x73, + 0x90,0x66,0x83,0x27,0x0E,0x46,0xB2,0x42,0x54,0x21,0xBA,0xB3,0x3A,0x58,0xEB,0x72, }; /** \known Data: EC DER encoded Private key from NIST K-233 for binary field KAT @@ -975,12 +972,10 @@ static const unsigned char EC_sig_K233[] = { */ static const unsigned char EC_sig_K233_broken[] = { - -0x30,0x3E,0x02,0x1D,0x05,0x34,0x4B,0x34,0x82,0xDC,0x4B,0xE6,0xA0,0x7F,0xA3,0xD0, -0x4E,0x81,0x12,0xCA,0x94,0xE1,0x3F,0x38,0xD3,0xB3,0x6E,0x61,0x9C,0x9B,0x07,0xCD, -0x34,0x02,0x1D,0x2A,0x21,0x57,0x01,0xD1,0x77,0x5F,0x89,0xED,0x30,0x28,0x6D,0x8E, -0xB9,0x8D,0xFD,0x22,0x19,0x73,0x47,0xFA,0x56,0x6F,0x9B,0x20,0x1F,0x4E,0xE2,0x87, - + 0x30,0x3E,0x02,0x1D,0x16,0x13,0x0F,0x52,0x6F,0x3C,0xA6,0x72,0xEE,0x47,0x0A,0xA8, + 0x34,0x03,0x3B,0x03,0x94,0xF6,0x75,0xD4,0x99,0xC1,0x3D,0x66,0x8E,0xC7,0xCA,0x28, + 0x3D,0x02,0x1D,0x48,0x6A,0x97,0x8A,0xC9,0x92,0x79,0x9E,0xA7,0x39,0x96,0x69,0x23, + 0x0B,0xDC,0xF6,0x20,0x4B,0x36,0x14,0x3C,0xA1,0xA1,0x39,0x97,0x01,0x97,0x30,0xA1, }; /** \known Data: EC DER encoded Private key from X448 @@ -1328,8 +1323,8 @@ static const unsigned char PBKDF2_key[] = {0x34,0x8c,0x89,0xdb,0xcb,0xd3,0x2b,0x static const int PBKDF2_Iters = 4096; static const char *PBKDF2_digest = "SHA256"; -/* Welcome to the big fat security hole NIST insist we install to get FIPS now - We have to do DSA/ECDSA/RSA-PSS sign verify tests with known answers. This means +/*NIST requires for FIPS that we replace typically random values with fixed values, + because we have to do DSA/ECDSA/RSA-PSS sign verify tests with known answers. It means we need to install a broken RNG to achieve reproducable signatures. This is done once at startup because it's unsafe to do it at any other time. Later calls to ICC_SelfTest() do a verify on a known signature, then a sign/verify with a real @@ -1357,10 +1352,17 @@ static int insecure_rand_bytes(unsigned char *buf, int num) } +/* This was updated for ossl_bn_gen_dsa_nonce_fixed_top since the digest it was internally producing was not usable given our dummy value. +It may need to be updated if signature generations start to fail after an OpenSSL update. +Changes in the way the output from this random number are processed, or the criteria for a usable value +within OpenSSL can cause it to not be accepted. When OpenSSL tries to get a new random number, these retries obviously fail too. +0x25 is currently producing usable values for signature generation in 1.1.1zb. + +Just change this value, uncomment #define KNOWN 1, compile and run icctest to test a new candidate value. */ static int insecure_rand_pseudo_bytes(unsigned char *buf, int num) { if(num > 0) { - memset(buf,0xa5,num); + memset(buf,0x25,num); } return 1; @@ -1422,6 +1424,11 @@ static int GenerateSig(ICC_STATUS *stat,EVP_PKEY *pkey,unsigned char *sig,size_t } EVP_MD_CTX_free(md_ctx); if(1 != rc) { + int errc = 0; + char* errs = (char *)malloc(120); + errc = ERR_get_error(); + ERR_error_string(errc, errs); + fprintf(stderr, "GenerateSig: %s\n", errs); SetStatusLn2(NULL,stat,FATAL_ERROR,ICC_LIBRARY_VERIFICATION_FAILED,msg,"Signature generation failed",__FILE__,__LINE__); } OUTRC(stat->majRC); @@ -3071,7 +3078,7 @@ static int KATest_broken(ICC_STATUS *stat,EVP_PKEY *pkey, const unsigned char *s isig = (unsigned char *)ICC_Malloc(ioutL,__FILE__,__LINE__); MARK("Sign/Verify KA with broken RNG",msg); if(NULL != isig) { - /* Relies on a kneecapped RNG */ + /* Relies on a broken RNG */ VerifySig(stat,pkey,sig,outL,flags,msg,error); if(0 == stat->majRC) { GenerateSig(stat,pkey,isig,&ioutL,flags,msg); @@ -4135,6 +4142,7 @@ static int DoVeryBrokenTests(ICClib *pcb, ICC_STATUS *stat) rngICCRand = RAND_FIPS(); MARK("Install broken RNG - required for FIPS compliance","Only used during POST"); /* Only need to cripple PRNG paths */ + /* see note at insecure_rand_pseudo_bytes if things suddenly fail */ insecure_rand_meth.bytes = rngICCRand->bytes; RAND_set_rand_method(&insecure_rand_meth); @@ -4271,7 +4279,7 @@ static int DoVeryBrokenTests(ICClib *pcb, ICC_STATUS *stat) } MARK("Restore real rng",""); RAND_set_rand_method( rngICCRand); - MARK("Poison broken RNG so it can't be used again",""); + MARK("Decommission broken RNG so it can't be used again",""); memset(&insecure_rand_meth,0,sizeof(insecure_rand_meth)); OUTRC(stat->majRC); return stat->majRC; diff --git a/icc/fips.h b/icc/fips.h index c9fc70f..ea71427 100644 --- a/icc/fips.h +++ b/icc/fips.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/functions.txt b/icc/functions.txt index eff02d9..6907357 100644 --- a/icc/functions.txt +++ b/icc/functions.txt @@ -1,8 +1,8 @@ #-------------------------------------------------------------------------------; # Copyright IBM Corp. 2023; #; -# Licensed under the Apache License 2.0 (the "License").  You may not use; -# this file except in compliance with the License.  You can obtain a copy; +# Licensed under the Apache License 2.0 (the "License"). You may not use; +# this file except in compliance with the License. You can obtain a copy; # in the file LICENSE in the source distribution.; #-------------------------------------------------------------------------------; #; @@ -254,7 +254,7 @@ OPENSSLPREFIX=; #! @note the return value returns the value embedded in the ; #! opaque EVP_MD structure without any error checking; -0abcd const EVP_MD * EVP_MD_CTX_md(EVP_MD_CTX *e); +0abcd const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *e); #; #! @brief sets up digest context ctx to use the specified digest type; @@ -416,7 +416,7 @@ OPENSSLPREFIX=; #! @param iv the iv to use.; #! @return ICC_OSSL_SUCCESS, ICC_OSSL_FAILURE; -0abcdEFM int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *key, unsigned char *iv); +0abcdEFM int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *key, const unsigned char *iv); #; @@ -434,7 +434,7 @@ OPENSSLPREFIX=; #! @param inl the length (bytes) of the input data; #! @return ICC_OSSL_SUCCESS, ICC_OSSL_FAILURE; -0abcdEF int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,int *outl, unsigned char *in, int inl); +0abcdEF int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,int *outl, const unsigned char *in, int inl); #; #! @brief encrypts the 'final' data.; @@ -458,7 +458,7 @@ OPENSSLPREFIX=; #! @param iv the iv to use.; #! @return 1 on success, 0 on failure; -0abcdEM int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *key, unsigned char *iv); +0abcdEM int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *key, const unsigned char *iv); #; #! @brief decrypts inl bytes from the buffer in and writes; @@ -475,7 +475,7 @@ OPENSSLPREFIX=; #! @param inl the length (bytes) of the input data; #! @return ICC_OSSL_SUCCESS, ICC_OSSL_FAILURE; -0abcdE int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,int *outl, unsigned char *in, int inl); +0abcdE int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,int *outl, const unsigned char *in, int inl); #; #! @brief decrypts the 'final' data.; @@ -599,7 +599,7 @@ OPENSSLPREFIX=; #! @param in pointer to the input buffer; #! @param inl length of input data; -0abcd void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, unsigned char *in,int inl); +0abcd void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in,int inl); #; #! @brief encodes the 'final' data. ; @@ -635,7 +635,7 @@ OPENSSLPREFIX=; #! 1 - Successful.; -0abcd int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, unsigned char *in, int inl); +0abcd int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); #; #! @brief decodes the 'final' data. This is any data that remains in a partial block.; @@ -704,14 +704,14 @@ OPENSSLPREFIX=; #! @param pkey pointer to the EVP_PKEY structure to size; #! @return size of the pkey in bits; -0abcd int EVP_PKEY_bits(EVP_PKEY *pkey); +0abcd int EVP_PKEY_bits(const EVP_PKEY *pkey); #; #! @brief return the maximum size of a generated signature in bytes; #! @param pkey pointer to the EVP_PKEY structure to size; #! @return size of the signature generated by this pkey ; -0abcd int EVP_PKEY_size(EVP_PKEY *pkey); +0abcd int EVP_PKEY_size(const EVP_PKEY *pkey); #; #! @brief allocate a new EVP_PKEY structure; @@ -723,7 +723,13 @@ OPENSSLPREFIX=; #! @brief free an EVP_PKEY structure; #! @param pkey a pointer to the EVP_PKEY; -0abcd void EVP_PKEY_free(EVP_PKEY *pkey); +0abcdM void EVP_PKEY_free(EVP_PKEY *pkey); + +#; +#! @brief compare two EVP_PKEY keys; +#! @return return 1 if the keys match, 0 if they don't match, -1 if the key types are different and -2 if the operation is not supported; + +0abcdE int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); #; #! @brief Set the key field in the generic key PKEY to the RSA key key; @@ -752,7 +758,7 @@ OPENSSLPREFIX=; #! @return a pointer to an EVP_PKEY when it is successful or NULL on failure; #! @note - Use EVP_PKEY_free to free the returned object ; -0abcdE EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp,long length); +0abcdE EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp,long length); #; #! @brief DER decode PKCS#1 data into an EVP_PKEY public key.; @@ -766,7 +772,7 @@ OPENSSLPREFIX=; #! @note Use EVP_PKEY_free to free the returned object ; #! @note d2i_PUBKEY is the more standard form and should be used instead ; -0abcdE EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a,unsigned char **pp,long length); +0abcdEM EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp,long length); #; #! @brief allocates and initializes an ICC_RSA structure. When done with the key call ICC_RSA_free.; @@ -839,7 +845,7 @@ OPENSSLPREFIX=; #! @param padding the padding mode that was used to sign the data (RSA_PKCS1_PADDING, RSA_PKCS1_OAEP_PADDING, RSA_SSLV23_PADDING , RSA_X931_PADDING or RSA_NO_PADDING); #! @return ICC_OSSL_FAILURE on failure, the size of the decrypted data in bytes on success; -0abcdEMP int RSA_private_decrypt(int flen, unsigned char *from,unsigned char *to, RSA *rsa,int padding); +0abcdEMP int RSA_private_decrypt(int flen, const unsigned char *from,unsigned char *to, RSA *rsa,int padding); #; #! @brief encrypts the flen bytes at from (usually a session; @@ -855,7 +861,7 @@ OPENSSLPREFIX=; #! @param padding RSA_PKCS1_PADDING, RSA_PKCS1_OAEP_PADDING, RSA_SSLV23_PADDING , RSA_X931_PADDING or RSA_NO_PADDING; #! @return ICC_OSSL_FAILURE on failure, the size of the encrypted and padded data in bytes on success; -0abcdEMP int RSA_public_encrypt(int flen, unsigned char *from,unsigned char *to, RSA *rsa,int padding); +0abcdEMP int RSA_public_encrypt(int flen, const unsigned char *from,unsigned char *to, RSA *rsa,int padding); #; #! @brief decrypts the flen bytes at from using the private; @@ -1221,7 +1227,7 @@ OPENSSLPREFIX=; #! where it would be useful to set these to non-NULL values ; #! @return a pointer to a newly allocated DSA structure containing both the public and private keys or NULL on failure; -0abcdECMP DSA * DSA_generate_parameters(int bits,unsigned char *seed,int seed_len,int *counter_ret, unsigned long *h_ret,void (*callback)(int, int, void *),void *cb_arg); +0abcdECMP DSA * DSA_generate_parameters(int bits, const unsigned char *seed,int seed_len,int *counter_ret, unsigned long *h_ret,void (*callback)(int, int, void *),void *cb_arg); # DSA input/output ; #; @@ -1388,7 +1394,7 @@ OPENSSLPREFIX=; #! @param rsa pointer to RSA structure; #! @return size of the RSA modulus; -0abcd int RSA_size(RSA *rsa); +0abcd int RSA_size(const RSA *rsa); #; #! @brief allocate BN_CTX structures; @@ -1943,7 +1949,7 @@ OPENSSLPREFIX=; #! @return An X509_ALGOR structure (Blob) containing the algorithm configuration; -0abcdEC X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen); +0abcdEC X509_ALGOR *PKCS5_pbe_set(int alg, int iter, const unsigned char *salt, int saltlen); #; #! @brief Create the data object used to contain PBE2 configuration ; @@ -1972,7 +1978,7 @@ OPENSSLPREFIX=; #! @param en_de 0 for decrypt, otherwise encrypt; #! @return a newly malloc'd buffer containing the encrypted or decrypted data ; -0abcdE unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen, unsigned char *in, int inlen, unsigned char **data, int *datalen, int en_de); +0abcdE unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen, const unsigned char *in, int inlen, unsigned char **data, int *datalen, int en_de); #; #! @brief Free an X509_ALGOR blob returned by PKCS5_pbe2_set ; @@ -1988,7 +1994,7 @@ OPENSSLPREFIX=; #! @param text the text string to convert to an ASN.1 object NID; #! @return the NID corresponding to an ASN.1 object or NID_undef (0) on error; -0abcd int OBJ_txt2nid(char *text); +0abcdM int OBJ_txt2nid(const char *text); #; #! @brief Base64 Encode a block of data - 'just do it' - no whitespace; @@ -1998,7 +2004,7 @@ OPENSSLPREFIX=; #! @param n number of from bytes to convert; #! @return the number of bytes in the encoded output; -0abcdE int EVP_EncodeBlock(unsigned char *to, unsigned char *from, int n); +0abcdE int EVP_EncodeBlock(unsigned char *to, const unsigned char *from, int n); #; #! @brief Base64 Decode a block of data - 'just do it' - no whitespace; @@ -2010,7 +2016,7 @@ OPENSSLPREFIX=; #! @note Extra '\0' characters may be appended to the output data ; #! depending on how the data is packed/aligned ; -0abcdE int EVP_DecodeBlock(unsigned char *to, unsigned char *from, int n); +0abcdE int EVP_DecodeBlock(unsigned char *to, const unsigned char *from, int n); #; #! @brief Allocate a new CMAC context; @@ -2036,7 +2042,7 @@ OPENSSLPREFIX=; #! the CMAC context. Some internal derived data depends on the cipher and; #! the key and must be regenerated if either change; -0abcdME int CMAC_Init(CMAC_CTX *cmac_ctx,const EVP_CIPHER *cipher,unsigned char *key,unsigned int keylen); +0abcdME int CMAC_Init(CMAC_CTX *cmac_ctx,const EVP_CIPHER *cipher, const unsigned char *key,unsigned int keylen); #; #! @brief Update phase of a CMAC operation; @@ -2046,7 +2052,7 @@ OPENSSLPREFIX=; #! @note blocked/aligned data will be more efficient, but this will; #! survive incorrectly blocked/misaligned data; -0abcdE int CMAC_Update(CMAC_CTX *cmac_ctx,unsigned char *in,unsigned int inlen); +0abcdE int CMAC_Update(CMAC_CTX *cmac_ctx, const unsigned char *in,unsigned int inlen); #; #! @brief Finish a CMAC operation and return the CMAC value; @@ -2442,7 +2448,7 @@ OPENSSLPREFIX=; 1abcdE const EC_POINT *EC_GROUP_get0_generator(EC_GROUP *group); #; -#! @brief i2d_ECPublicKey - yes, I know, but the specification is; +#! @brief i2d_ECPublicKey - the specification is; #! just a BIT STRING so we use i2o; #! @param a A pointer to an EC_KEY; #! @param out a pointer to a pointer to the output buffer; @@ -2455,7 +2461,7 @@ OPENSSLPREFIX=; 1abcd int i2o_ECPublicKey(EC_KEY *a, unsigned char **out); #; -#! @brief d2i_ECPublicKey - yes, I know, but the specification is; +#! @brief o2i_ECPublicKey - the specification is; #! just a BIT STRING so we use o2i; #! @param a A pointer to pointer to an EC_KEY; #! @param in a pointer a pointer to the input buffer, updated; @@ -2463,7 +2469,7 @@ OPENSSLPREFIX=; #! @return The EC_KEY with the public key populated or NULL; #! @note Use EC_KEY_free to release the returned object ; -1abcd EC_KEY * o2i_ECPublicKey(EC_KEY **a, unsigned char **in,long len); +1abcd EC_KEY * o2i_ECPublicKey(EC_KEY **a, const unsigned char **in,long len); #; @@ -2505,14 +2511,14 @@ OPENSSLPREFIX=; #! @param p8 a pointer to a PKCS8_PRIV_KEY_INFO structure; #! @return a pointer to an EVP_PKEY or NULL on failure; -0abcd EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); +0abcd EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); #; #! @brief Convert an EVP_PKEY into a PKCS#8 encoded structure; #! @param pkey a pointer to an EVP_PKEY; #! @return a pointer to a PKCS8_PRIV_KEY_INFO structure or NULL on error; -0abcd PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); +0abcd PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey); #; #; @@ -2530,7 +2536,7 @@ OPENSSLPREFIX=; #! @return a pointer to a PKCS8_PRIV_KEY_INFO structure when it is successful or NULL on failure; #! @note Use PKCS8_PRIV_KEY_INFO_free to release the returned object ; -0abcd PKCS8_PRIV_KEY_INFO * d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *p8,unsigned char **pp,long length); +0abcd PKCS8_PRIV_KEY_INFO * d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *p8, const unsigned char **pp,long length); #; #! @brief DER encode a PKCS8_PRIV_KEY_INFO structure ; @@ -2566,7 +2572,7 @@ OPENSSLPREFIX=; #! @note This is the format specified in ANSI X9.62 ; #! @note Use EC_GROUP_free to release the returned object ; -0abcd EC_GROUP * d2i_ECPKParameters(EC_GROUP ** groupP, unsigned char **in , long len); +0abcd EC_GROUP * d2i_ECPKParameters(EC_GROUP ** groupP, const unsigned char **in , long len); #; #! @brief free an EC_GROUP structure ; @@ -2867,7 +2873,7 @@ OPENSSLPREFIX=; #! @param pkey the pkey to use; #! @return the NID; -0abcd int EVP_PKEY_id(EVP_PKEY *pkey); +0abcd int EVP_PKEY_id(const EVP_PKEY *pkey); #; #! @brief DER encode an EVP private key.; @@ -2881,7 +2887,7 @@ OPENSSLPREFIX=; #! @return >0 The length of the DER encoding, otherwise an error occurred; #! @note The DER encoded private key also contains a copy of the public key; -0abcdE int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); +0abcdE int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp); #; #! @brief DER encode an EVP public key; @@ -2895,7 +2901,7 @@ OPENSSLPREFIX=; #! @return >0 The length of the DER encoding, otherwise an error occurred; #! @note i2d_PUBKEY is the form that should be used ; -0abcdE int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); +0abcdEM int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp); #; #! @brief DER decode PKCS#1 data into an EVP_PKEY public key.; @@ -2921,7 +2927,7 @@ OPENSSLPREFIX=; #! @return >0 The length of the DER encoding, otherwise an error occurred; #! @note i2d_PUBKEY is the form that should be used ; -0abcdE int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); +0abcdE int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp); #; #!@brief performs a public key encryption operation using ectx.; @@ -2972,7 +2978,7 @@ OPENSSLPREFIX=; #! @brief Free an EVP_PKEY_CTX structure ; #! @param pkey_ctx a pointer to the context to free ; -0abcd void EVP_PKEY_CTX_free(EVP_PKEY_CTX *pkey_ctx); +0abcdM void EVP_PKEY_CTX_free(EVP_PKEY_CTX *pkey_ctx); #; #! @brief Check a DH public key for consistancy ; @@ -3012,7 +3018,7 @@ OPENSSLPREFIX=; #! @param e The cipher to use ; #! @return The flags ; -0abcd int EVP_CIPHER_flags(EVP_CIPHER *e); +0abcd int EVP_CIPHER_flags(const EVP_CIPHER *e); #! @brief Decodes a EC_POINT from a octet string ; #! @param group underlying EC_GROUP object ; @@ -3099,6 +3105,130 @@ required buffer size. ; 0abcd int EVP_PKEY_verify_recover(EVP_PKEY_CTX *pctx,unsigned char *rout, size_t *routlen,const unsigned char *sig, size_t siglen); +#! @brief PKEY EVP_KEM set operation ; +#! @param ctx A pointer to an EVP_PKEY_CTX; +#! @param properties A pointer to the operation; +#! @return 1 on sucess; + +0abcd int EVP_PKEY_CTX_set_kem_op(EVP_PKEY_CTX *ctx, const char *op); + +#! @brief PKEY EVP_KEM initialization ; +#! @param algorithm An algorithm name; +#! @param properties A pointer to properties; +#! @return 1 on sucess; + +0abcd EVP_KEM* EVP_KEM_fetch(const char *algorithm, const char *properties); + +#! @brief PKEY EVP_KEM free ; +#! @param wrap The EVP_KEM; +#! @return 1 on sucess; + +0abcd void EVP_KEM_free(EVP_KEM *wrap); + +#! @brief PKEY encapsulate init ; +#! @param ctx A pointer to an EVP_PKEY_CTX; +#! @param params A pointer to parameters; +#! @return 1 on sucess; + +0abcd int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX* ctx, const unsigned char* params); + +#! @brief PKEY auth encapsulate init ; +#! @param ctx A pointer to an EVP_PKEY_CTX; +#! @param params A pointer to parameters; +#! @return 1 on sucess; + +0abcd int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv, const unsigned char* params); + +#! @brief Perform PKEY key encapsulation (KEM) ; +#! @param ctx a pointer to an EVP_PKEY_CTX; +#! @param wrappedkey pointer to key data ; +#! @param wrappedkeylen pointer to key data size ; +#! @param genkey pointer to key data ; +#! @param genkeylen pointer to key data size ; +#! @return 1 on sucess; + +0abcd int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx, unsigned char* wrappedkey, size_t* wrappedkeylen, unsigned char* genkey, size_t* genkeylen); + +#! @brief PKEY decapsulate init ; +#! @param ctx A pointer to an EVP_PKEY_CTX; +#! @param params A pointer to parameters; +#! @return 1 on sucess; + +0abcd int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM* params); + +#! @brief PKEY auth decapsulate init ; +#! @param ctx A pointer to an EVP_PKEY_CTX; +#! @param params A pointer to parameters; +#! @return 1 on sucess; + +0abcd int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub, const OSSL_PARAM* params); + +#! @brief Perform PKEY key decapsulation (KEM) ; +#! @param ctx a pointer to an EVP_PKEY_CTX; +#! @param unwrapped pointer to key data ; +#! @param unwrappedlen pointer to key data size ; +#! @param wrapped pointer to key data ; +#! @param wrappedlen pointer to key data size ; +#! @return 1 on sucess; + +0abcd int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx, + unsigned char *unwrapped, size_t *unwrappedlen, + const unsigned char *wrapped, size_t wrappedlen); + + +#! @brief Allows to select specific KDF algorithms +#! @param libctx the openssl library context; +#! @param algorithm the KDF algorithm ; +#! @param properties always NULL for ICC; +#! @return NULL on failure, otherwise a pointer to an EVP_KDF; + +0abcdE EVP_KDF* EVP_KDF_fetch(void *libctx, const char *algorithm, const char *properties); + +#! @brief Allows set OSSL_Param struct for uint value; +#! @param key kdf param name; +#! @param buf value of kdf param; +#! @return ICC_OSSL_PARAM value after setting the key and value; + +0abcd OSSL_PARAM* OSSL_PARAM_construct_uint32(const char* key, unsigned int* buf); + +#! @brief Allows set OSSL_Param struct for uint char*; +#! @param key kdf param name; +#! @param buf value of kdf param; +#! @param bsize size of buf; +#! @return ICC_OSSL_PARAM value after setting the key and value; + +0abcd OSSL_PARAM* OSSL_PARAM_construct_octet_string(const char* key, void* buf, size_t bsize); + +#! @brief Use to mark end of ICC_OSSL_PARAM Array; +#! @return ICC_OSSL_PARAM after setting NULL and 0's; + +0abcd OSSL_PARAM* OSSL_PARAM_construct_end(void); + +#! @brief derives a key using the specified algorithm and parameters; +#! @param ctx configured KDF context; +#! @param key pointer to a buffer where the derived key will be stored; +#! @param keylen size of the output key stored in the key buffer; +#! @param params pointer to an array of OSSL_PARAM used to specify configuration options for the key derivation process; +#! @return ZERO on failure, 1 on success; + +0abcd int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen, const OSSL_PARAM **params); + +#! @brief Allocate a new EVP_KDF_CTX ; +#! @param kdf A EVP_KDF to serve as a template for the new context ; +#! @return NULL on failure, otherwise a pointer to an EVP_KDF_CTX; + +0abcdE EVP_KDF_CTX* EVP_KDF_CTX_new(EVP_KDF *kdf); + +#! @brief Free an new EVP_KDF structure; +#! @param kdf a pointer to the EVP_KDF; + +0abcd void EVP_KDF_free(EVP_KDF *kdf); + +#! @brief Free an EVP_KDF_CTX structure ; +#! @param ctx a pointer to the EVP_KDF_CTX; + +0abcd void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); + #! @brief returns a bignum constant of value 1; #! @return as described ; @@ -3155,11 +3285,18 @@ required buffer size. ; 0abcdE X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,unsigned char *salt, int saltlen,unsigned char *aiv, int prf_nid); +#! @brief PKEY key generation ; +#! @param ctx A pointer to an EVP_PKEY_CTX; +#! @param ppkey A pointer to an EVP_PKEY pointer; +#! @return 1 on sucess; + +0abcdEMPC int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); + #! @brief PKEY keygen initialization ; #! @param ctx A pointer to an EVP_PKEY_CTX; #! @return 1 on sucess; -0abcdE int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +0abcdEM int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); #! @brief Perform PKEY keygen ; #! @param ctx a pointer to an EVP_PKEY_CTX; @@ -3217,7 +3354,24 @@ required buffer size. ; #! @return NULL or an EVP_PKEY_CTX set up for the operations ; #! appropriate to id; -0abcdE EVP_PKEY_CTX * EVP_PKEY_CTX_new_id(int id,void *e); +0abcdEM EVP_PKEY_CTX * EVP_PKEY_CTX_new_id(int id,void *e); + +#! @brief Create a new PKEY_CTX of the type determined by name ; +#! @param name the name/type of the desired object ; +#! @param propquery always NULL for ICC; +#! @return NULL or an EVP_PKEY_CTX set up for the operations ; +#! appropriate to id; + +0abcdE EVP_PKEY_CTX * EVP_PKEY_CTX_new_from_name(void *libctx, const char *name, const char *propquery); + +#! @brief Create a new PKEY_CTX of the type determined from key ; +#! @param libctx the openssl library context (can use NULL) ; +#! @param pkey the key ; +#! @param propquery always NULL for ICC; +#! @return NULL or an EVP_PKEY_CTX set up for the operations ; +#! appropriate to id; + +0abcdE EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(void *libctx, EVP_PKEY *pkey, const char *propquery); #! @brief initializes a public key algorithm context using key pkey for a verify operation.; #! @param pctx the EVP_PKEY_CTX to use; diff --git a/icc/getnmi.c b/icc/getnmi.c index ff863eb..62c6f7f 100644 --- a/icc/getnmi.c +++ b/icc/getnmi.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/icc.c b/icc/icc.c index 5a7c97d..baa70e3 100644 --- a/icc/icc.c +++ b/icc/icc.c @@ -1,15 +1,14 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ -/************************************************************************* +/* // Description: Source file for the icc static library -// -*************************************************************************/ +*/ /* IMPORTANT NOTE This file generates the ICC static stub - a static library. @@ -58,8 +57,6 @@ const char ICC_SCCSInfo[] = }; - - /*#define DEBUG_VERBOSE */ static char **parse_path (char *path); diff --git a/icc/icc.h b/icc/icc.h index 873a896..9d81f71 100644 --- a/icc/icc.h +++ b/icc/icc.h @@ -7,8 +7,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -58,6 +58,10 @@ struct ICC_CMAC_CTX_t; struct ICC_AES_GCM_CTX_t; struct ICC_EVP_PKEY_CTX_t; struct ICC_ASN1_OBJECT_t; +struct ICC_EVP_KEM_t; +struct ICC_EVP_KDF_t; +struct ICC_EVP_KDF_CTX_t; + /*! @brief - Placeholder for message digest types. - Must be allocated/freed using ICC API's only. @@ -277,6 +281,10 @@ typedef unsigned char ICC_DES_cblock[8]; /*!< What a des key looks like */ */ #define ICC_BN_num_bytes(a,b) ((ICC_BN_num_bits(a,b)+7)/8) +typedef struct ICC_EVP_KEM_t ICC_EVP_KEM; +typedef struct ICC_EVP_KDF_t ICC_EVP_KDF; +typedef struct ICC_EVP_KDF_CTX_t ICC_EVP_KDF_CTX; + /* Include autogenerated API prototypes/defines */ #include "icc_a.h" diff --git a/icc/iccVdump.c b/icc/iccVdump.c index 6f81b49..4e99843 100644 --- a/icc/iccVdump.c +++ b/icc/iccVdump.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -20,6 +20,6 @@ int main(int argc, char *argv[]) { - printf("%1d_%1d_%d_%d",ICC_VERSION_VER,ICC_VERSION_REL,ICC_VERSION_MOD,ICC_VERSION_FIX); + printf("%1d_%1d_%d_%d\n",ICC_VERSION_VER,ICC_VERSION_REL,ICC_VERSION_MOD,ICC_VERSION_FIX); return 0; } diff --git a/icc/icc_cdefs.h b/icc/icc_cdefs.h index f888c56..0be39d1 100644 --- a/icc/icc_cdefs.h +++ b/icc/icc_cdefs.h @@ -1,15 +1,11 @@ -/************************************************************************* +/*----------------------------------------------------------------------------- // Copyright IBM Corp. 2023 -// -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. -*************************************************************************/ - -/************************************************************************* -// Description: Common data shared between the static stub and shared lib -// -*************************************************************************/ +*/ +/* Description: Common data shared between the static stub and shared lib +*/ #if !defined(DEFINE_FUNC) #define DEFINE_FUNC diff --git a/icc/icc_common.h b/icc/icc_common.h index 6412201..cfa4781 100644 --- a/icc/icc_common.h +++ b/icc/icc_common.h @@ -1,15 +1,11 @@ -/************************************************************************* +/* // Copyright IBM Corp. 2023 -// -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. -*************************************************************************/ - -/************************************************************************* -// Description: Common data shared between the static stub and shared lib -// -*************************************************************************/ +*/ +/* Description: Common data shared between the static stub and shared lib +*/ /*! @brief This structure holds the ICC shared library information It holds the name/function pointer data for diff --git a/icc/icc_curr_version b/icc/icc_curr_version index 435ffdb..6e657d9 100644 --- a/icc/icc_curr_version +++ b/icc/icc_curr_version @@ -1 +1 @@ -8.9.6 +8.9.11 diff --git a/icc/icc_defs.mk b/icc/icc_defs.mk index 2299360..347a324 100644 --- a/icc/icc_defs.mk +++ b/icc/icc_defs.mk @@ -3,6 +3,7 @@ DEFAULT_EXPORT_FLAG = -def: DEFAULT_ICCLIB_EXPFILE = exports/icclib_win32.def DEFAULT_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) DEFAULT_OSSLDLL_NAME = libeay32.dll +DEFAULT_MY_OSSLDLL_NAME = libeay32IBM$(VTAG).dll DEFAULT_OSSLINC_DIR = $(OSSL_DIR)/inc32 DEFAULT_release_OSSL_SUFFIX = DEFAULT_debug_OSSL_SUFFIX = @@ -10,8 +11,10 @@ DEFAULT_release_EXPORT = export OSSL_RELEASE=1 DEFAULT_debug_EXPORT = export OSSL_DEBUG=debug DEFAULT_OSSLOBJ_DIR = $(OSSL_DIR)/out32dll$($(OPSYS)_$(CONFIG)_OSSL_SUFFIX) DEFAULT_OPENSSL = openssl -DEFAULT_TARCMD = tar -cvf -DEFAULT_TEST_CMD = ./icctest.exe +# drop -v from tar because logs get too full, -h follow symlinks; archive and dump the files they point to +DEFAULT_TARCMD = tar -chf +DEFAULT_TEST_CMD = ./icctest$(EXESUFX) +DEFAULT_OPENSSL_TEST_CMD = cd $(OSSL_DIR); make tests; apps/openssl speed # This is actually used to build an rc file on Windows DEFAULT_ASMOBJS = DEFAULT_EXTRAS = @@ -19,12 +22,24 @@ DEFAULT_debug_FILES = icclib$(VTAG).pdb openssl.pdb vc90.pdb \ $(OSSL_DIR)/out32dll/libeay32.pdb DEFAULT_MANIFESTS = +OQS_K_ALGS = KEM_kyber_512;KEM_kyber_768;KEM_kyber_1024 +OQS_D_ALGS = SIG_dilithium_2;SIG_dilithium_3;SIG_dilithium_5 +OQS_S_ALGS = SIG_sphincs_shake_128s_simple;SIG_sphincs_shake_128f_simple;SIG_sphincs_shake_192s_simple;SIG_sphincs_shake_192f_simple;SIG_sphincs_shake_256s_simple;SIG_sphincs_shake_256f_simple;SIG_sphincs_sha2_128s_simple;SIG_sphincs_sha2_128f_simple;SIG_sphincs_sha2_192s_simple;SIG_sphincs_sha2_192f_simple;SIG_sphincs_sha2_256s_simple;SIG_sphincs_sha2_256f_simple +OQS_FLAGS = -DOQS_MINIMAL_BUILD="$(OQS_K_ALGS);$(OQS_D_ALGS);$(OQS_S_ALGS)" -DOQS_BUILD_ONLY_LIB=ON -DOQS_USE_OPENSSL=OFF +# ICC is going to link the static lib. But applications normally link to the .dll. There is no way to build both at once so uncomment this line to get .so/.dll +#OQS_FLAGS =+ -DBUILD_SHARED_LIBS=ON +DEFAULT_CMAKE_OQS = cmake -G "Unix Makefiles" $(OQS_FLAGS) . +DEFAULT_BUILD_OQS = make +$(OPSYS)_CMAKE_OQS = $(DEFAULT_CMAKE_OQS) +$(OPSYS)_BUILD_OQS = $(DEFAULT_BUILD_OQS) + #set up defaults for future stanzas $(OPSYS)_EXTRA_FILES = $(DEFAULT)_EXTRA_FILES $(OPSYS)_EXPORT_FLAG = $(DEFAULT_EXPORT_FLAG) $(OPSYS)_ICCLIB_EXPFILE = $(DEFAULT_ICCLIB_EXPFILE) $(OPSYS)_ICCDLL_NAME = $(DEFAULT_ICCDLL_NAME) $(OPSYS)_OSSLDLL_NAME = $(DEFAULT_OSSLDLL_NAME) +$(OPSYS)_MY_OSSLDLL_NAME = $(DEFAULT_MY_OSSLDLL_NAME) $(OPSYS)_OSSLINC_DIR = $(DEFAULT_OSSLINC_DIR) $(OPSYS)_release_OSSL_SUFFIX = $(DEFAULT_release_OSSL_SUFFIX) $(OPSYS)_debug_OSSL_SUFFIX = $(DEFAULT_debug_OSSL_SUFFIX) @@ -34,38 +49,208 @@ $(OPSYS)_OSSLOBJ_DIR = $(DEFAULT_OSSLOBJ_DIR) $(OPSYS)_OPENSSL = $(DEFAULT_OPENSSL) $(OPSYS)_TARCMD = $(DEFAULT_TARCMD) $(OPSYS)_TEST_CMD = $(DEFAULT_TEST_CMD) +$(OPSYS)_OPENSSL_TEST_CMD = $(DEFAULT_OPENSSL_TEST_CMD) # This is actually used to build an rc file on Windows $(OPSYS)_ASMOBJS = $(DEFAULT_ASMOBJS) $(OPSYS)_EXTRAS = $(DEFAULT_EXTRAS) $(OPSYS)_debug_FILES = $(DEFAULT_debug_FILES) $(OPSYS)_MANIFESTS = $(DEFAULT_MANIFESTS) +# -------- BEGIN PQC Definitions + +#LIBOQS stuff + +LIBOQS_VER=-0.10.0 + +WIN32_LIBOQS_LIB_release=Release +WIN32_LIBOQS_LIB_debug=Debug + +LIBOQS_LIB_$(OPSYS)=$(ICC_ROOT)/liboqs/lib/$(STLPRFX)oqs$(STLSUFX) +LIBOQS_LIB_WIN64_VS2022=$(ICC_ROOT)/liboqs/lib/$(WIN32_LIBOQS_LIB_$(CONFIG))/$(STLPRFX)oqs$(STLSUFX) +LIBOQS_LIB=$(LIBOQS_LIB_$(OPSYS)) + +PQCLIBS_LIBOQS=$(LIBOQS_LIB) +PQCINC_LIBOQS=-DLIBOQS -I$(ICC_ROOT)/liboqs/include +PQC_CREATE_LIBOQS=create_oqs +PQC_TARGET_LIBOQS=build_oqs + +# DKS stuff + +DKS_MAKE_FLAGS_$(OPSYS) = CC=$(CC) +#DKS_MAKE_FLAGS_WIN = CC=cl +#DKS_MAKE_FLAGS_WIN64 = $(DKS_MAKE_FLAGS_WIN) +#DKS_MAKE_FLAGS_WIN64_VS2022 = $(DKS_MAKE_FLAGS_WIN) +DKS_MAKE_FLAGS = $(DKS_MAKE_FLAGS_$(OPSYS)) OS=$(OPSYS) + +LIBDKS_LIB_$(OPSYS)=\ +$(ICC_ROOT)/libdks/kyber/ref/lib/libpqcrystals_kyber512_ref$(STLSUFX) \ +$(ICC_ROOT)/libdks/kyber/ref/lib/libpqcrystals_kyber768_ref$(STLSUFX) \ +$(ICC_ROOT)/libdks/kyber/ref/lib/libpqcrystals_kyber1024_ref$(STLSUFX) \ +$(ICC_ROOT)/libdks/dilithium/ref/libpqcrystals_dilithium2_ref$(STLSUFX) \ +$(ICC_ROOT)/libdks/dilithium/ref/libpqcrystals_dilithium3_ref$(STLSUFX) \ +$(ICC_ROOT)/libdks/dilithium/ref/libpqcrystals_dilithium5_ref$(STLSUFX) \ +$(ICC_ROOT)/libdks/sphincs/ref/libsphincs_ref-sphincs-shake-128s$(STLSUFX) \ +$(ICC_ROOT)/libdks/sphincs/ref/libsphincs_ref-sphincs-shake-128f$(STLSUFX) \ +$(ICC_ROOT)/libdks/sphincs/ref/libsphincs_ref-sphincs-shake-192s$(STLSUFX) \ +$(ICC_ROOT)/libdks/sphincs/ref/libsphincs_ref-sphincs-shake-192f$(STLSUFX) \ +$(ICC_ROOT)/libdks/sphincs/ref/libsphincs_ref-sphincs-shake-256s$(STLSUFX) \ +$(ICC_ROOT)/libdks/sphincs/ref/libsphincs_ref-sphincs-shake-256f$(STLSUFX) \ +$(ICC_ROOT)/libdks/sphincs/ref/libsphincs_ref-hash-sphincs-shake-256f$(STLSUFX) \ +\ +$(ICC_ROOT)/libdks/sphincs/ref/libsphincs_ref-sphincs-sha2-128s$(STLSUFX) \ +$(ICC_ROOT)/libdks/sphincs/ref/libsphincs_ref-sphincs-sha2-128f$(STLSUFX) \ +$(ICC_ROOT)/libdks/sphincs/ref/libsphincs_ref-sphincs-sha2-192s$(STLSUFX) \ +$(ICC_ROOT)/libdks/sphincs/ref/libsphincs_ref-sphincs-sha2-192f$(STLSUFX) \ +$(ICC_ROOT)/libdks/sphincs/ref/libsphincs_ref-sphincs-sha2-256s$(STLSUFX) \ +$(ICC_ROOT)/libdks/sphincs/ref/libsphincs_ref-sphincs-sha2-256f$(STLSUFX) \ +$(ICC_ROOT)/libdks/sphincs/ref/libsphincs_ref-hash-sphincs-sha2-256f$(STLSUFX) + +LIBDKS_LIB=$(LIBDKS_LIB_$(OPSYS)) + +PQCLIBS_LIBDKS=$(LIBDKS_LIB) +PQCINC_LIBDKS=-DLIBDKS -I$(ICC_ROOT)/libdks +PQC_CREATE_LIBDKS=create_dks +PQC_TARGET_LIBDKS=build_dks + +# add platform definitions here to enable PQC +# disable PQC by default +# enable DKS on selected platforms +# define to nothing to remove PQC + +# Note: PQCLIBS and PQCINC may get overwritten by icc/Makefile which uses them +# Note: create_pqc and build_pqc can be switched in icc/Makefile to select pqc support +# This just enables it per platform. PQC=xxx selects the support + +#PQC will be LIBDKS LIBOQS or undefined +# default to LIBDKS where PQC is enabled, set PQC=NONE on command line to disable +PQC=LIBDKS + +LINUX_PQCLIBS=$(PQCLIBS_$(PQC)) +LINUX_PQCINC=$(PQCINC_$(PQC)) +LINUX_PQC_CREATE=$(PQC_CREATE_$(PQC)) +LINUX_PQC_TARGET=$(PQC_TARGET_$(PQC)) + +AIX64_PQCLIBS=$(LINUX_PQCLIBS) +AIX64_PQCINC=$(LINUX_PQCINC) +AIX64_PQC_CREATE=$(LINUX_PQC_CREATE) +AIX64_PQC_TARGET=$(LINUX_PQC_TARGET) + +AMD64_LINUX_PQCLIBS=$(LINUX_PQCLIBS) +AMD64_LINUX_PQCINC=$(LINUX_PQCINC) +AMD64_LINUX_PQC_CREATE=$(LINUX_PQC_CREATE) +AMD64_LINUX_PQC_TARGET=$(LINUX_PQC_TARGET) + +ARM64_LINUX_PQCLIBS=$(LINUX_PQCLIBS) +ARM64_LINUX_PQCINC=$(LINUX_PQCINC) +ARM64_LINUX_PQC_CREATE=$(LINUX_PQC_CREATE) +ARM64_LINUX_PQC_TARGET=$(LINUX_PQC_TARGET) + +OSX_ARM64_PQCLIBS=$(LINUX_PQCLIBS) +OSX_ARM64_PQCINC=$(LINUX_PQCINC) +OSX_ARM64_PQC_CREATE=$(LINUX_PQC_CREATE) +OSX_ARM64_PQC_TARGET=$(LINUX_PQC_TARGET) + +PPC64_LINUX_PQCLIBS=$(LINUX_PQCLIBS) +PPC64_LINUX_PQCINC=$(LINUX_PQCINC) +PPC64_LINUX_PQC_CREATE=$(LINUX_PQC_CREATE) +PPC64_LINUX_PQC_TARGET=$(LINUX_PQC_TARGET) + +PPC64LE_LINUX_PQCLIBS=$(LINUX_PQCLIBS) +PPC64LE_LINUX_PQCINC=$(LINUX_PQCINC) +PPC64LE_LINUX_PQC_CREATE=$(LINUX_PQC_CREATE) +PPC64LE_LINUX_PQC_TARGET=$(LINUX_PQC_TARGET) + +#WIN32_PQCLIBS=$(LINUX_PQCLIBS) +#WIN32_PQCINC=$(LINUX_PQCINC) + +WIN32_VS2022_PQCLIBS=$(LINUX_PQCLIBS) +WIN32_VS2022_PQCINC=$(LINUX_PQCINC) +WIN32_VS2022_PQC_CREATE=$(LINUX_PQC_CREATE) +WIN32_VS2022_PQC_TARGET=$(LINUX_PQC_TARGET) + +WIN64_AMD_VS2013_PQCLIBS=$(LINUX_PQCLIBS) +WIN64_AMD_VS2013_PQCINC=$(LINUX_PQCINC) +WIN64_AMD_VS2013_PQC_CREATE=$(LINUX_PQC_CREATE) +WIN64_AMD_VS2013_PQC_TARGET=$(LINUX_PQC_TARGET) + +WIN64_VS2022_PQCLIBS=$(LINUX_PQCLIBS) +WIN64_VS2022_PQCINC=$(LINUX_PQCINC) +WIN64_VS2022_PQC_CREATE=$(LINUX_PQC_CREATE) +WIN64_VS2022_PQC_TARGET=$(LINUX_PQC_TARGET) + +S390X_LINUX_PQCLIBS=$(LINUX_PQCLIBS) +S390X_LINUX_PQCINC=$(LINUX_PQCINC) +S390X_LINUX_PQC_CREATE=$(LINUX_PQC_CREATE) +S390X_LINUX_PQC_TARGET=$(LINUX_PQC_TARGET) + +ZOSA_PQCLIBS=$(LINUX_PQCLIBS) +ZOSA_PQCINC=$(LINUX_PQCINC) +ZOSA_PQC_CREATE=$(LINUX_PQC_CREATE) +ZOSA_PQC_TARGET=$(LINUX_PQC_TARGET) + +ZOS_PQCLIBS=$(LINUX_PQCLIBS) +ZOS_PQCINC=$(LINUX_PQCINC) +ZOS_PQC_CREATE=$(LINUX_PQC_CREATE) +ZOS_PQC_TARGET=$(LINUX_PQC_TARGET) + +ZOS31_PQCLIBS=$(LINUX_PQCLIBS) +ZOS31_PQCINC=$(LINUX_PQCINC) +ZOS31_PQC_CREATE=$(LINUX_PQC_CREATE) +ZOS31_PQC_TARGET=$(LINUX_PQC_TARGET) + +ZOSA31_PQCLIBS=$(LINUX_PQCLIBS) +ZOSA31_PQCINC=$(LINUX_PQCINC) +ZOSA31_PQC_CREATE=$(LINUX_PQC_CREATE) +ZOSA31_PQC_TARGET=$(LINUX_PQC_TARGET) + +PQCLIBS=$($(OPSYS)_PQCLIBS) +PQCINC=$($(OPSYS)_PQCINC) +#PQC_CREATE=$($(OPSYS)_PQC_CREATE) +# Always create PQC for all platforms because release build does prebuild for all platforms on a single platform +PQC_CREATE=$(PQC_CREATE_$(PQC)) +PQC_TARGET=$($(OPSYS)_PQC_TARGET) + +# -------- END PQC Definitions + WIN32_EXTRA_FILES = *.pdb *.ilk *.plg WIN32_EXPORT_FLAG = -def: WIN32_ICCLIB_EXPFILE = exports/icclib_win32.def WIN32_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) WIN32_OSSLDLL_NAME = libeay32.dll -WIN32_OSSLINC_DIR = $(OSSL_DIR)/inc32 +WIN32_MY_OSSLDLL_NAME = libeay32IBM$(VTAG).dll +#WIN32_OSSLINC_DIR = $(OSSL_DIR)/inc32 +WIN32_OSSLINC_DIR = $(OSSL_DIR)/include +# For the .bat file to work we need to be running a cmd processor, not cygmin. +# alternative is to convert b64_VS2022.bat to .sh which will run on either. +# OPENSSL build wants to run on CMD +WIN32_BUILD_OSSL = chmod +w b32.bat; cp platforms/$(OPENSSL_LIBVER)/b32.bat .; cmd /A /D /C b32.bat $(OPENSSL_VER) +WIN32_CLEAN_OSSL = rm $(OSSL_DIR)/*.dll; rm $(OSSL_DIR)/*.ilk ; rm $(OSSL_DIR)/*/*.obj; rm $(OSSL_DIR)/*/*/*.obj ; rm openssl.c WIN32_release_OSSL_SUFFIX = WIN32_debug_OSSL_SUFFIX = WIN32_release_EXPORT = export OSSL_RELEASE=1 WIN32_debug_EXPORT = export OSSL_DEBUG=debug WIN32_OSSLOBJ_DIR = $(OSSL_DIR)/out32dll$(WIN32_$(CONFIG)_OSSL_SUFFIX) WIN32_OPENSSL = openssl -WIN32_TARCMD = tar -cvf -WIN32_TEST_CMD = ./icctest.exe +WIN32_TARCMD = tar -cf +WIN32_TEST_CMD = $(DEFAULT_TEST_CMD) +WIN32_OPENSSL_TEST_CMD = echo openssl tests not run # This is actually used to build an rc file on Windows WIN32_ASMOBJS = icc.res WIN32_EXTRAS = WIN32_debug_FILES = icclib$(VTAG).pdb openssl.pdb vc90.pdb \ $(OSSL_DIR)/out32dll/libeay32.pdb -WIN32_MANIFESTS = openssl.exe.manifest ../package/iccsdk/GenRndData.exe.manifest ../package/iccsdk/GenRndData2.exe.manifest ../iccspeed/bin/WIN32/icc_thread.exe.manifest $(WIN32_$(CONFIG)_FILES) +WIN32_MANIFESTS = +WIN32_OPENSSL_PATH_SETUP = PATH="$(ICC_ROOT)/$(OPENSSL_VER)" + +WIN32_CMAKE_OQS = cmake -G "Visual Studio 17 2022" $(OQS_FLAGS) -DCMAKE_INSTALL_PREFIX=install . +WIN32_BUILD_OQS = msbuild.exe liboqs.sln /property:Configuration=$(WIN32_LIBOQS_LIB_$(CONFIG)) WIN64_AMD_EXTRA_FILES = *.pdb *.ilk *.plg WIN64_AMD_EXPORT_FLAG = -def: WIN64_AMD_ICCLIB_EXPFILE = $(WIN32_ICCLIB_EXPFILE) -WIN64_AMD_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) +WIN64_AMD_ICCDLL_NAME = $(WIN32_ICCDLL_NAME) WIN64_AMD_OSSLDLL_NAME = $(WIN32_OSSLDLL_NAME) +WIN64_AMD_MY_OSSLDLL_NAME = $(WIN32_MY_OSSLDLL_NAME) WIN64_AMD_OSSLINC_DIR = $(OSSL_DIR)/inc32 WIN64_AMD_release_OSSL_SUFFIX = WIN64_AMD_debug_OSSL_SUFFIX = @@ -74,18 +259,24 @@ WIN64_AMD_debug_EXPORT = export OSSL_DEBUG=debug WIN64_AMD_OSSLOBJ_DIR = $(OSSL_DIR)/out32dll$(WIN64_AMD_$(CONFIG)_OSSL_SUFFIX) WIN64_AMD_OPENSSL = $(OSSLOBJ_DIR)/openssl # Moved to platforms/ -WIN64_AMD_TARCMD = tar -cvf -WIN64_AMD_TEST_CMD = ./icctest.exe +WIN64_AMD_TARCMD = $(WIN32_TARCMD) +WIN64_AMD_TEST_CMD = $(WIN32_TEST_CMD) +WIN64_AMD_OPENSSL_TEST_CMD = $(WIN32_OPENSSL_TEST_CMD) WIN64_AMD_ASMOBJS = icc.res WIN64_AMD_EXTRAS = $(WIN32_EXTRAS) WIN64_AMD_MANIFESTS = +WIN64_OPENSSL_PATH_SETUP = $(WIN32_OPENSSL_PATH_SETUP) + +WIN64_AMD_CMAKE_OQS = $(WIN32_CMAKE_OQS) +WIN64_AMD_BUILD_OQS = $(WIN32_BUILD_OQS) #- Visual studio 2013 WIN32_VS2013_EXTRA_FILES = *.pdb *.ilk *.plg WIN32_VS2013_EXPORT_FLAG = -def: -WIN32_VS2013_ICCLIB_EXPFILE = exports/icclib_win32.def -WIN32_VS2013_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) +WIN32_VS2013_ICCLIB_EXPFILE = $(WIN32_ICCLIB_EXPFILE) +WIN32_VS2013_ICCDLL_NAME = $(WIN32_ICCDLL_NAME) WIN32_VS2013_OSSLDLL_NAME = libeay32.dll +WIN32_VS2013_MY_OSSLDLL_NAME = libeay32IBM$(VTAG).dll WIN32_VS2013_OSSLINC_DIR = $(OSSL_DIR)/inc32 WIN32_VS2013_release_OSSL_SUFFIX = WIN32_VS2013_debug_OSSL_SUFFIX = @@ -93,23 +284,33 @@ WIN32_VS2013_release_EXPORT = export OSSL_RELEASE=1 WIN32_VS2013_debug_EXPORT = export OSSL_DEBUG=debug WIN32_VS2013_OSSLOBJ_DIR = $(OSSL_DIR)/out32dll$(WIN32_VS2013_$(CONFIG)_OSSL_SUFFIX) WIN32_VS2013_OPENSSL = openssl -WIN32_VS2013_TARCMD = tar -cvf -WIN32_VS2013_TEST_CMD = ./icctest.exe +WIN32_VS2013_TARCMD = $(WIN32_TARCMD) +WIN32_VS2013_TEST_CMD = $(WIN32_TEST_CMD) +WIN32_VS2013_OPENSSL_TEST_CMD = $(WIN32_OPENSSL_TEST_CMD) # This is actually used to build an rc file on Windows WIN32_VS2013_ASMOBJS = icc.res WIN32_VS2013_EXTRAS = WIN32_VS2013_debug_FILES = icclib$(VTAG).pdb openssl.pdb vc90.pdb \ $(OSSL_DIR)/out32dll/libeay32.pdb -WIN32_VS2013_MANIFESTS = openssl.exe.manifest ../package/iccsdk/GenRndData.exe.manifest ../package/iccsdk/GenRndData2.exe.manifest ../iccspeed/bin/WIN32/icc_thread.exe.manifest $($(OPSYS)_$(CONFIG)_FILES) +WIN32_VS2013_MANIFESTS = +WIN32_VS2013_OPENSSL_PATH_SETUP = $(WIN32_OPENSSL_PATH_SETUP) WIN32_VS2022_ASMOBJS = icc.res +WIN32_VS2022_ICCLIB_EXPFILE = $(WIN32_ICCLIB_EXPFILE) + +WIN32_VS2022_CMAKE_OQS = $(WIN32_CMAKE_OQS) +WIN32_VS2022_BUILD_OQS = $(WIN32_BUILD_OQS) WIN64_AMD_VS2013_EXTRA_FILES = *.pdb *.ilk *.plg WIN64_AMD_VS2013_EXPORT_FLAG = -def: WIN64_AMD_VS2013_ICCLIB_EXPFILE = $(WIN32_ICCLIB_EXPFILE) -WIN64_AMD_VS2013_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) +WIN64_AMD_VS2013_ICCDLL_NAME = $(WIN32_ICCDLL_NAME) WIN64_AMD_VS2013_OSSLDLL_NAME = $(WIN32_OSSLDLL_NAME) -WIN64_AMD_VS2013_OSSLINC_DIR = $(OSSL_DIR)/inc32 +WIN64_AMD_VS2013_MY_OSSLDLL_NAME = $(WIN32_MY_OSSLDLL_NAME) +#WIN64_AMD_VS2013_OSSLINC_DIR = $(OSSL_DIR)/inc32 +WIN64_AMD_VS2013_OSSLINC_DIR = $(OSSL_DIR)/include +WIN64_AMD_VS2013_BUILD_OSSL = chmod +w b64.bat; cp platforms/$(OPENSSL_LIBVER)/b64_VS2013.bat b64.bat; cmd /A /D /C b64.bat $(OPENSSL_VER) +WIN64_AMD_VS2013_CLEAN_OSSL = rm $(OSSL_DIR)/*.dll; rm $(OSSL_DIR)/*.ilk ; rm $(OSSL_DIR)/*/*.obj; rm $(OSSL_DIR)/*/*/*.obj ; rm openssl.c WIN64_AMD_VS2013_release_OSSL_SUFFIX = WIN64_AMD_VS2013_debug_OSSL_SUFFIX = WIN64_AMD_VS2013_release_EXPORT = export OSSL_RELEASE=1 @@ -117,18 +318,27 @@ WIN64_AMD_VS2013_debug_EXPORT = export OSSL_DEBUG=debug WIN64_AMD_VS2013_OSSLOBJ_DIR = $(OSSL_DIR)/out32dll$(WIN64_AMD_$(CONFIG)_OSSL_SUFFIX) WIN64_AMD_VS2013_OPENSSL = $(OSSLOBJ_DIR)/openssl # Moved to platforms/ -WIN64_AMD_VS2013_TARCMD = tar -cvf -WIN64_AMD_VS2013_TEST_CMD = ./icctest.exe +WIN64_AMD_VS2013_TARCMD = $(WIN32_TARCMD) +WIN64_AMD_VS2013_TEST_CMD = $(WIN32_TEST_CMD) +WIN64_AMD_VS2013_OPENSSL_TEST_CMD = $(WIN32_OPENSSL_TEST_CMD) WIN64_AMD_VS2013_ASMOBJS = icc.res WIN64_AMD_VS2013_EXTRAS = $(WIN32_EXTRAS) WIN64_AMD_VS2013_MANIFESTS = +WIN64_AMD_VS2013_OPENSSL_PATH_SETUP = $(WIN32_OPENSSL_PATH_SETUP) + +WIN64_AMD_VS2013_CMAKE_OQS = $(WIN32_CMAKE_OQS) +WIN64_AMD_VS2013_BUILD_OQS = $(WIN32_BUILD_OQS) WIN64_VS2022_EXTRA_FILES = *.pdb *.ilk *.plg WIN64_VS2022_EXPORT_FLAG = -def: WIN64_VS2022_ICCLIB_EXPFILE = $(WIN32_ICCLIB_EXPFILE) -WIN64_VS2022_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) +WIN64_VS2022_ICCDLL_NAME = $(WIN32_ICCDLL_NAME) WIN64_VS2022_OSSLDLL_NAME = $(WIN32_OSSLDLL_NAME) -WIN64_VS2022_OSSLINC_DIR = $(OSSL_DIR)/inc32 +WIN64_VS2022_MY_OSSLDLL_NAME = $(WIN32_MY_OSSLDLL_NAME) +#WIN64_VS2022_OSSLINC_DIR = $(OSSL_DIR)/inc32 +WIN64_VS2022_OSSLINC_DIR = $(OSSL_DIR)/include +WIN64_VS2022_BUILD_OSSL = platforms\$(OPENSSL_LIBVER)\b64_VS2022.bat $(OPENSSL_VER) $(OPENSSL_$(CONFIG)_FLAG) +WIN64_VS2022_CLEAN_OSSL = rm $(OSSL_DIR)/*.dll; rm $(OSSL_DIR)/*.ilk ; rm $(OSSL_DIR)/*/*.obj ; rm $(OSSL_DIR)/*/*/*.obj ; find . -name \*.obj -type f -delete ; rm openssl.c WIN64_VS2022_release_OSSL_SUFFIX = WIN64_VS2022_debug_OSSL_SUFFIX = WIN64_VS2022_release_EXPORT = export OSSL_RELEASE=1 @@ -136,17 +346,23 @@ WIN64_VS2022_debug_EXPORT = export OSSL_DEBUG=debug WIN64_VS2022_OSSLOBJ_DIR = $(OSSL_DIR)/out32dll$(WIN64_VS2022_$(CONFIG)_OSSL_SUFFIX) WIN64_VS2022_OPENSSL = $(OSSLOBJ_DIR)/openssl # Moved to platforms/ -WIN64_VS2022_TARCMD = tar -cvf -WIN64_VS2022_TEST_CMD = ./icctest.exe +WIN64_VS2022_TARCMD = $(WIN32_TARCMD) +WIN64_VS2022_TEST_CMD = $(WIN32_TEST_CMD) +WIN64_VS2022_OPENSSL_TEST_CMD = $(WIN32_OPENSSL_TEST_CMD) WIN64_VS2022_ASMOBJS = icc.res WIN64_VS2022_EXTRAS = $(WIN32_EXTRAS) WIN64_VS2022_MANIFESTS = +WIN64_VS2022_OPENSSL_PATH_SETUP = PATH="$(ICC_ROOT)/$(OPENSSL_VER)" + +WIN64_VS2022_CMAKE_OQS = $(WIN32_CMAKE_OQS) +WIN64_VS2022_BUILD_OQS = $(WIN32_BUILD_OQS) # Linux, generic, but targetted at ia32. Build with this first on a new platform LINUX_EXPORT_FLAG = -Wl,--version-script, LINUX_ICCLIB_EXPFILE = exports/icclib_linux.exp LINUX_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) LINUX_OSSLDLL_NAME = libcrypto.so.$(OPENSSL_LIBVER) +LINUX_MY_OSSLDLL_NAME = libcryptoIBM$(VTAG).so.$(OPENSSL_LIBVER) LINUX_OSSLINC_DIR = $(OSSL_DIR)/include LINUX_OSSLOBJ_DIR = $(OSSL_DIR) LINUX_OPENSSL = $(OSSL_DIR)/apps/openssl @@ -154,9 +370,10 @@ LINUX_OPENSSL = $(OSSL_DIR)/apps/openssl LINUX_OPENSSL_PATH_SETUP = export LD_LIBRARY_PATH=$(OSSL_DIR); LINUX_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(LINUX_$(CONFIG)_CFLAGS) -m32 linux-elf; make depend; make LINUX_CLEAN_OSSL = cd $(OSSL_DIR); make clean -LINUX_TARCMD = tar -cvhf -LINUX_TEST_CMD = ./icctest;cd $(OSSL_DIR);make tests;apps/openssl speed;cd ../icc -LINUX_EXTRAS = +LINUX_TEST_CMD = $(DEFAULT_TEST_CMD) +# LINUX_EXTRAS = PKCS11 PKCS11_PERF + +LINUX_CMAKE_OQS = cmake -G "Unix Makefiles" $(OQS_FLAGS) -DBUILD_ONLY="s3;iam;sts" -DCMAKE_C_FLAGS=-m32 . # Linux using normal shared library conventions # used to test the build for platforms with no dlopen/dlsym. @@ -164,14 +381,13 @@ LINUXDL_EXPORT_FLAG = $(LINUX_EXPORT_FLAG) LINUXDL_ICCLIB_EXPFILE = $(LINUX_ICCLIB_EXPFILE) LINUXDL_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) LINUXDL_OSSLDLL_NAME = $(LINUX_OSSLDLL_NAME) +LINUXDL_MY_OSSLDLL_NAME = libcryptoIBM$(VTAG).so LINUXDL_OSSLINC_DIR = $(OSSL_DIR)/include LINUXDL_OSSLOBJ_DIR = $(OSSL_DIR) LINUXDL_OPENSSL = $(OSSL_DIR)/apps/openssl -# semicolon deliberate -LINUXDL_OPENSSL_PATH_SETUP = export LD_LIBRARY_PATH=$(OSSL_DIR); +LINUXDL_OPENSSL_PATH_SETUP = $(LINUX_OPENSSL_PATH_SETUP) LINUXDL_BUILD_OSSL = $(LINUX_BUILD_OSSL) LINUXDL_CLEAN_OSSL = $(LINUX_CLEAN_OSSL) -LINUXDL_TARCMD = tar -cvhf LINUXDL_TEST_CMD = $(LINUX_TEST_CMD) LINUXDL_ICCLIB_FLAGS = -L ../package/icc/osslib -lcryptoIBM$(VTAG) -L ../package/icc/icclib -licclib LINUXDL_EXTRAS = $(LINUX_EXTRAS) @@ -182,6 +398,7 @@ LINUX_CICC_EXPORT_FLAG = $(LINUX_EXPORT_FLAG) LINUX_CICC_ICCLIB_EXPFILE = $(LINUX_ICCLIB_EXPFILE) LINUX_CICC_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) LINUX_CICC_OSSLDLL_NAME = $(LINUX_OSSLDLL_NAME) +LINUX_CICC_MY_OSSLDLL_NAME = $(LINUX_OSSLDLL_NAME) LINUX_CICC_OSSLINC_DIR = $(LINUX_OSSLINC_DIR) LINUX_CICC_OSSLOBJ_DIR = $(LINUX_OSSLOBJ_DIR) LINUX_CICC_OPENSSL = $(LINUX_OPENSSL) @@ -189,7 +406,6 @@ LINUX_CICC_OPENSSL_PATH_SETUP = $(LINUX_OPENSSL_PATH_SETUP) # This one DOES differ LINUX_CICC_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(LINUX_CICC_$(CONFIG)_CFLAGS) linux-pentium-icc; make depend; make LINUX_CICC_CLEAN_OSSL = $(LINUX_CLEAN_OSSL) -LINUX_CICC_TARCMD = $(LINUX_TARCMD) LINUX_CICC_TEST_CMD = $(LINUX_TEST_CMD) LINUX_CICC_EXTRAS = $(LINUX_EXTRAS) @@ -197,14 +413,13 @@ IA64_LINUX_EXPORT_FLAG = $(LINUX_EXPORT_FLAG) IA64_LINUX_ICCLIB_EXPFILE = $(LINUX_ICCLIB_EXPFILE) IA64_LINUX_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) IA64_LINUX_OSSLDLL_NAME = $(LINUX_OSSLDLL_NAME) +IA64_LINUX_MY_OSSLDLL_NAME = $(LINUX_MY_OSSLDLL_NAME) IA64_LINUX_OSSLINC_DIR = $(OSSL_DIR)/include IA64_LINUX_OSSLOBJ_DIR = $(OSSL_DIR) IA64_LINUX_OPENSSL = $(OSSL_DIR)/apps/openssl -# semicolon deliberate -IA64_LINUX_OPENSSL_PATH_SETUP = export LD_LIBRARY_PATH=$(OSSL_DIR); +IA64_LINUX_OPENSSL_PATH_SETUP = $(LINUX_OPENSSL_PATH_SETUP) IA64_LINUX_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(IA64_LINUX_$(CONFIG)_CFLAGS) linux-ia64; make depend; make IA64_LINUX_CLEAN_OSSL = cd $(OSSL_DIR); make clean clean-shared; $(RM) $(OSSL_DIR)/Makefile -IA64_LINUX_TARCMD = tar -cvhf IA64_LINUX_TEST_CMD = $(LINUX_TEST_CMD) IA64_LINUX_EXTRAS = $(LINUX_EXTRAS) @@ -212,14 +427,13 @@ ARM_LINUX_EXPORT_FLAG = $(LINUX_EXPORT_FLAG) ARM_LINUX_ICCLIB_EXPFILE = $(LINUX_ICCLIB_EXPFILE) ARM_LINUX_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) ARM_LINUX_OSSLDLL_NAME = $(LINUX_OSSLDLL_NAME) +ARM_LINUX_MY_OSSLDLL_NAME = $(LINUX_MY_OSSLDLL_NAME) ARM_LINUX_OSSLINC_DIR = $(OSSL_DIR)/include ARM_LINUX_OSSLOBJ_DIR = $(OSSL_DIR) ARM_LINUX_OPENSSL = $(OSSL_DIR)/apps/openssl -# semicolon deliberate -ARM_LINUX_OPENSSL_PATH_SETUP = export LD_LIBRARY_PATH=$(OSSL_DIR); +ARM_LINUX_OPENSSL_PATH_SETUP = $(LINUX_OPENSSL_PATH_SETUP) ARM_LINUX_BUILD_OSSL = cd $(OSSL_DIR);./Configure threads shared $(OSSL_FLAGS) $(ARM_LINUX_$(CONFIG)_CFLAGS) linux-armv4; make depend; make ARM_LINUX_CLEAN_OSSL = cd $(OSSL_DIR); make clean clean-shared; $(RM) $(OSSL_DIR)/Makefile -ARM_LINUX_TARCMD = tar -cvhf ARM_LINUX_TEST_CMD = $(LINUX_TEST_CMD) ARM_LINUX_EXTRAS = $(LINUX_EXTRAS) @@ -227,14 +441,13 @@ ARM64_LINUX_EXPORT_FLAG = $(LINUX_EXPORT_FLAG) ARM64_LINUX_ICCLIB_EXPFILE = $(LINUX_ICCLIB_EXPFILE) ARM64_LINUX_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) ARM64_LINUX_OSSLDLL_NAME = $(LINUX_OSSLDLL_NAME) +ARM64_LINUX_MY_OSSLDLL_NAME = $(LINUX_MY_OSSLDLL_NAME) ARM64_LINUX_OSSLINC_DIR = $(OSSL_DIR)/include ARM64_LINUX_OSSLOBJ_DIR = $(OSSL_DIR) ARM64_LINUX_OPENSSL = $(OSSL_DIR)/apps/openssl -# semicolon deliberate -ARM64_LINUX_OPENSSL_PATH_SETUP = export LD_LIBRARY_PATH=$(OSSL_DIR); +ARM64_LINUX_OPENSSL_PATH_SETUP = $(LINUX_OPENSSL_PATH_SETUP) ARM64_LINUX_BUILD_OSSL = cd $(OSSL_DIR);./Configure threads shared $(OSSL_FLAGS) $(ARM_LINUX_$(CONFIG)_CFLAGS) linux-aarch64; make depend; make ARM64_LINUX_CLEAN_OSSL = cd $(OSSL_DIR); make clean clean-shared; $(RM) $(OSSL_DIR)/Makefile -ARM64_LINUX_TARCMD = tar -cvhf ARM64_LINUX_TEST_CMD = $(LINUX_TEST_CMD) ARM64_LINUX_EXTRAS = $(LINUX_EXTRAS) @@ -243,10 +456,12 @@ CROSS_IA64_LINUX_EXPORT_FLAG = $(IA64_LINUX_EXPORT_FLAG) CROSS_IA64_LINUX_ICCLIB_EXPFILE = $(IA64_LINUX_ICCLIB_EXPFILE) CROSS_IA64_LINUX_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) CROSS_IA64_LINUX_OSSLDLL_NAME = $(IA64_LINUX_OSSLDLL_NAME) +CROSS_IA64_LINUX_MY_OSSLDLL_NAME = $(IA_64_LINUX_MY_OSSLDLL_NAME) CROSS_IA64_LINUX_OSSLINC_DIR = $(IA64_LINUX_OSSLINC_DIR) CROSS_IA64_LINUX_OSSLOBJ_DIR = $(IA64_LINUX_OSSLOBJ_DIR) CROSS_IA64_LINUX_OPENSSL = openssl -CROSS_IA64_LINUX_OPENSSL_PATH_SETUP = $(IA64_LINU;./Configure threads shared $(OSSL_FLAGS) $(CROSS_IA64_LINUX_$(CONFIG)_CFLAGS) linux-ia64-cross ; make depend; make +CROSS_IA64_LINUX_OPENSSL_PATH_SETUP = $(LINUX_OPENSSL_PATH_SETUP) +CROSS_IA64_LINUX_BUILD_OSSL = cd $(OSSL_DIR);./Configure threads shared $(OSSL_FLAGS) $(CROSS_IA64_LINUX_$(CONFIG)_CFLAGS) linux-ia64-cross ; make depend; make CROSS_IA64_LINUX_CLEAN_OSSL = $(IA64_LINUX_CLEAN_OSSL) CROSS_IA64_LINUX_TARCMD = $(IA64_LINUX_TARCMD) CROSS_IA64_LINUX_TEST_CMD = $(IA64_LINUX_TEST_CMD) @@ -256,14 +471,13 @@ AMD64_LINUX_EXPORT_FLAG = $(LINUX_EXPORT_FLAG) AMD64_LINUX_ICCLIB_EXPFILE = $(LINUX_ICCLIB_EXPFILE) AMD64_LINUX_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) AMD64_LINUX_OSSLDLL_NAME = $(LINUX_OSSLDLL_NAME) +AMD64_LINUX_MY_OSSLDLL_NAME = $(LINUX_MY_OSSLDLL_NAME) AMD64_LINUX_OSSLINC_DIR = $(OSSL_DIR)/include AMD64_LINUX_OSSLOBJ_DIR = $(OSSL_DIR) AMD64_LINUX_OPENSSL = $(OSSL_DIR)/apps/openssl -# semicolon deliberate -AMD64_LINUX_OPENSSL_PATH_SETUP = export LD_LIBRARY_PATH=$(OSSL_DIR); +AMD64_LINUX_OPENSSL_PATH_SETUP = $(LINUX_OPENSSL_PATH_SETUP) AMD64_LINUX_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(AMD64_LINUX_$(CONFIG)_CFLAGS) linux-x86_64; make depend; make AMD64_LINUX_CLEAN_OSSL = $(LINUX_CLEAN_OSSL) -AMD64_LINUX_TARCMD = tar -cvhf AMD64_LINUX_TEST_CMD = $(LINUX_TEST_CMD) AMD64_LINUX_EXTRAS = $(LINUX_EXTRAS) @@ -271,13 +485,13 @@ PPC_LINUX_EXPORT_FLAG = $(LINUX_EXPORT_FLAG) PPC_LINUX_ICCLIB_EXPFILE = $(LINUX_ICCLIB_EXPFILE) PPC_LINUX_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) PPC_LINUX_OSSLDLL_NAME = $(LINUX_OSSLDLL_NAME) +PPC_LINUX_MY_OSSLDLL_NAME = $(LINUX_MY_OSSLDLL_NAME) PPC_LINUX_OSSLINC_DIR = $(OSSL_DIR)/include PPC_LINUX_OSSLOBJ_DIR = $(OSSL_DIR) PPC_LINUX_OPENSSL = $(OSSL_DIR)/apps/openssl -PPC_LINUX_OPENSSL_PATH_SETUP = export LD_LIBRARY_PATH=$(OSSL_DIR); +PPC_LINUX_OPENSSL_PATH_SETUP = $(LINUX_OPENSSL_PATH_SETUP) PPC_LINUX_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(PPC_LINUX_$(CONFIG)_CFLAGS) linux-ppc; make depend; make PPC_LINUX_CLEAN_OSSL = $(LINUX_CLEAN_OSSL) -PPC_LINUX_TARCMD = tar -cvhf PPC_LINUX_TEST_CMD = $(LINUX_TEST_CMD) PPC_LINUX_EXTRAS = $(LINUX_EXTRAS) @@ -286,13 +500,13 @@ PPC64_LINUX_EXPORT_FLAG = $(LINUX_EXPORT_FLAG) PPC64_LINUX_ICCLIB_EXPFILE = $(LINUX_ICCLIB_EXPFILE) PPC64_LINUX_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) PPC64_LINUX_OSSLDLL_NAME = $(LINUX_OSSLDLL_NAME) +PPC64_LINUX_MY_OSSLDLL_NAME = $(LINUX_MY_OSSLDLL_NAME) PPC64_LINUX_OSSLINC_DIR = $(OSSL_DIR)/include PPC64_LINUX_OSSLOBJ_DIR = $(OSSL_DIR) PPC64_LINUX_OPENSSL = $(OSSL_DIR)/apps/openssl -PPC64_LINUX_OPENSSL_PATH_SETUP = export LD_LIBRARY_PATH=$(OSSL_DIR); +PPC64_LINUX_OPENSSL_PATH_SETUP = $(LINUX_OPENSSL_PATH_SETUP) PPC64_LINUX_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(PPC64_LINUX_$(CONFIG)_CFLAGS) linux-ppc64; make depend; make PPC64_LINUX_CLEAN_OSSL = $(LINUX_CLEAN_OSSL) -PPC64_LINUX_TARCMD = tar -cvhf PPC64_LINUX_TEST_CMD = $(LINUX_TEST_CMD) PPC64_LINUX_EXTRAS = $(LINUX_EXTRAS) @@ -301,13 +515,13 @@ PPC64LE_LINUX_EXPORT_FLAG = $(LINUX_EXPORT_FLAG) PPC64LE_LINUX_ICCLIB_EXPFILE = $(LINUX_ICCLIB_EXPFILE) PPC64LE_LINUX_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) PPC64LE_LINUX_OSSLDLL_NAME = $(LINUX_OSSLDLL_NAME) +PPC64LE_LINUX_MY_OSSLDLL_NAME = $(LINUX_MY_OSSLDLL_NAME) PPC64LE_LINUX_OSSLINC_DIR = $(OSSL_DIR)/include PPC64LE_LINUX_OSSLOBJ_DIR = $(OSSL_DIR) PPC64LE_LINUX_OPENSSL = $(OSSL_DIR)/apps/openssl -PPC64LE_LINUX_OPENSSL_PATH_SETUP = export LD_LIBRARY_PATH=$(OSSL_DIR); +PPC64LE_LINUX_OPENSSL_PATH_SETUP = $(LINUX_OPENSSL_PATH_SETUP) PPC64LE_LINUX_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(PPC64LE_LINUX_$(CONFIG)_CFLAGS) linux-ppc64le; make depend; make PPC64LE_LINUX_CLEAN_OSSL = $(LINUX_CLEAN_OSSL) -PPC64LE_LINUX_TARCMD = tar -cvhf PPC64LE_LINUX_TEST_CMD = $(LINUX_TEST_CMD) PPC64LE_LINUX_EXTRAS = $(LINUX_EXTRAS) @@ -325,13 +539,13 @@ OSX_ICCLIB_FLAGS = -init _ICCLoad -all_load OSX_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) OSX_OSSLDLL_NAME = libcrypto.$(OPENSSL_LIBVER).dylib # What all the fuss is about, all this just to rename the library... +OSX_MY_OSSLDLL_NAME = libcryptoIBM$(VTAG).$(OPENSSL_LIBVER).dylib OSX_OSSLINC_DIR = $(OSSL_DIR)/include OSX_OSSLOBJ_DIR = $(OSSL_DIR) OSX_OPENSSL = $(OSSL_DIR)/apps/openssl OSX_OPENSSL_PATH_SETUP = export DYLD_LIBRARY_PATH=$(OSSL_DIR); OSX_BUILD_OSSL = OSX_CLEAN_OSSL = $(LINUX_CLEAN_OSSL) -OSX_TARCMD = tar -cvhf OSX_TEST_CMD = $(LINUX_TEST_CMD) OSX_ASMMAK = ./dummy.mk OSX_EXTRAS = $(LINUX_EXTRAS) @@ -346,6 +560,7 @@ OSX_X86_ICCLIB_FLAGS = $(OSX_ICCLIB_FLAGS) # exports/icclib_linux.exp OSX_X86_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) OSX_X86_OSSLDLL_NAME = $(OSX_OSSLDLL_NAME) +OSX_X86_MY_OSSLDLL_NAME = $(OSX_MY_OSSLDLL_NAME) OSX_X86_OSSLINC_DIR = $(OSX_OSSLINC_DIR) OSX_X86_OSSLOBJ_DIR = $(OSX_OSSLOBJ_DIR) # Can't always run the x86 version we just built, so use the one on the system @@ -353,7 +568,6 @@ OSX_X86_OPENSSL = openssl OSX_X86_OPENSSL_PATH_SETUP = $(OSX_OPENSSL_PATH_SETUP) OSX_X86_BUILD_OSSL = cd $(OSSL_DIR) ; ./Configure threads shared $(OSSL_FLAGS) darwin-i386-cc; make depend ; make OSX_X86_CLEAN_OSSL = $(OSX_CLEAN_OSSL) -OSX_X86_TARCMD = $(OSX_TARCMD) OSX_X86_TEST_CMD = $(OSX_TEST_CMD) OSX_X86_ASMMAK = $(OSX_ASMMAK) OSX_X86_EXTRAS = $(OSX_EXTRAS) @@ -366,13 +580,13 @@ OSX_X86_64_ICCLIB_EXPFILE = $(OSX_ICCLIB_EXPFILE) OSX_X86_64_ICCLIB_FLAGS = $(OSX_ICCLIB_FLAGS) OSX_X86_64_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) OSX_X86_64_OSSLDLL_NAME = $(OSX_OSSLDLL_NAME) +OSX_X86_64_MY_OSSLDLL_NAME = $(OSX_MY_OSSLDLL_NAME) OSX_X86_64_OSSLINC_DIR = $(OSX_OSSLINC_DIR) OSX_X86_64_OSSLOBJ_DIR = $(OSX_OSSLOBJ_DIR) OSX_X86_64_OPENSSL = openssl OSX_X86_64_OPENSSL_PATH_SETUP = $(OSX_OPENSSL_PATH_SETUP) OSX_X86_64_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) darwin64-x86_64-cc; make depend ; make OSX_X86_64_CLEAN_OSSL = $(OSX_CLEAN_OSSL) -OSX_X86_64_TARCMD = $(OSX_TARCMD) OSX_X86_64_TEST_CMD = $(OSX_TEST_CMD) OSX_X86_64_ASMMAK = $(OSX_ASMMAK) OSX_X86_64_EXTRAS = $(OSX_EXTRAS) @@ -388,13 +602,13 @@ OSX_FAT4_ICCLIB_EXPFILE = $(OSX_ICCLIB_EXPFILE) OSX_FAT4_ICCLIB_FLAGS = $(OSX_ICCLIB_FLAGS) OSX_FAT4_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) OSX_FAT4_OSSLDLL_NAME = $(OSX_OSSLDLL_NAME) +OSX_FAT4_MY_OSSLDLL_NAME = $(OSX_MY_OSSLDLL_NAME) OSX_FAT4_OSSLINC_DIR = $(OSX_OSSLINC_DIR) OSX_FAT4_OSSLOBJ_DIR = OSX_FAT4_OPENSSL = ./openssl OSX_FAT4_OPENSSL_PATH_SETUP = OSX_FAT4_BUILD_OSSL = OSX_FAT4_CLEAN_OSSL = -OSX_FAT4_TARCMD = $(OSX_TARCMD) OSX_FAT4_TEST_CMD = $(OSX_TEST_CMD) OSX_FAT4_ASMMAK = $(OSX_ASMMAK) OSX_FAT4_EXTRAS = $(OSX_EXTRAS) @@ -407,13 +621,13 @@ OSXV9_ICCLIB_EXPFILE = $(OSX_ICCLIB_EXPFILE) OSXV9_ICCLIB_FLAGS = $(OSX_ICCLIB_FLAGS) OSXV9_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) OSXV9_OSSLDLL_NAME = $(OSX_OSSLDLL_NAME) +OSXV9_MY_OSSLDLL_NAME = $(OSX_MY_OSSLDLL_NAME) OSXV9_OSSLINC_DIR = $(OSX_OSSLINC_DIR) OSXV9_OSSLOBJ_DIR = $(OSX_OSSLOBJ_DIR) OSXV9_OPENSSL = openssl OSXV9_OPENSSL_PATH_SETUP = $(OSX_OPENSSL_PATH_SETUP) OSXV9_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) darwin64-x86_64-cc; make depend ; make OSXV9_CLEAN_OSSL = $(OSX_CLEAN_OSSL) -OSXV9_TARCMD = $(OSX_TARCMD) OSXV9_TEST_CMD = $(OSX_TEST_CMD) OSXV9_ASMMAK = $(OSX_ASMMAK) OSXV9_EXTRAS = $(OSX_EXTRAS) @@ -426,28 +640,30 @@ OSX_ARM64_ICCLIB_EXPFILE = $(OSX_ICCLIB_EXPFILE) OSX_ARM64_ICCLIB_FLAGS = $(OSX_ICCLIB_FLAGS) OSX_ARM64_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) OSX_ARM64_OSSLDLL_NAME = $(OSX_OSSLDLL_NAME) +OSX_ARM64_MY_OSSLDLL_NAME = $(OSX_MY_OSSLDLL_NAME) OSX_ARM64_OSSLINC_DIR = $(OSX_OSSLINC_DIR) OSX_ARM64_OSSLOBJ_DIR = $(OSX_OSSLOBJ_DIR) OSX_ARM64_OPENSSL = openssl OSX_ARM64_OPENSSL_PATH_SETUP = $(OSX_OPENSSL_PATH_SETUP) OSX_ARM64_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) darwin64-arm64-cc; make depend ; make OSX_ARM64_CLEAN_OSSL = $(OSX_CLEAN_OSSL) -OSX_ARM64_TARCMD = $(OSX_TARCMD) OSX_ARM64_TEST_CMD = $(OSX_TEST_CMD) OSX_ARM64_ASMMAK = $(OSX_ASMMAK) OSX_ARM64_EXTRAS = $(OSX_EXTRAS) +# zlinux S390_LINUX_EXPORT_FLAG = $(LINUX_EXPORT_FLAG) S390_LINUX_ICCLIB_EXPFILE = $(LINUX_ICCLIB_EXPFILE) S390_LINUX_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) S390_LINUX_OSSLDLL_NAME = $(LINUX_OSSLDLL_NAME) +S390_LINUX_MY_OSSLDLL_NAME = $(LINUX_MY_OSSLDLL_NAME) S390_LINUX_OSSLINC_DIR = $(OSSL_DIR)/include S390_LINUX_OSSLOBJ_DIR = $(OSSL_DIR) S390_LINUX_OPENSSL = $(OSSL_DIR)/apps/openssl +S390_LINUX_OPENSSL_PATH_SETUP = $(LINUX_OPENSSL_PATH_SETUP) S390_LINUX_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(S390_LINUX_$(CONFIG)_CFLAGS) linux32-s390x; make depend; make S390_LINUX_CLEAN_OSSL = $(LINUX_CLEAN_OSSL) -S390_LINUX_TARCMD = tar -cvhf S390_LINUX_TEST_CMD = $(LINUX_TEST_CMD) S390_LINUX_EXTRAS = $(LINUX_EXTRAS) @@ -456,13 +672,14 @@ S390X_LINUX_EXPORT_FLAG = $(LINUX_EXPORT_FLAG) S390X_LINUX_ICCLIB_EXPFILE = $(LINUX_ICCLIB_EXPFILE) S390X_LINUX_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) S390X_LINUX_OSSLDLL_NAME = $(LINUX_OSSLDLL_NAME) +S390X_LINUX_MY_OSSLDLL_NAME = $(LINUX_MY_OSSLDLL_NAME) S390X_LINUX_OSSLINC_DIR = $(OSSL_DIR)/include S390X_LINUX_OSSLOBJ_DIR = $(OSSL_DIR) # HACK alert, for a cross compiler, you need a native openssl S390X_LINUX_OPENSSL = $(OSSL_DIR)/apps/openssl +S390X_LINUX_OPENSSL_PATH_SETUP = $(LINUX_OPENSSL_PATH_SETUP) S390X_LINUX_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(S390X_LINUX_$(CONFIG)_CFLAGS) linux64-s390x; make depend; make S390X_LINUX_CLEAN_OSSL = $(LINUX_CLEAN_OSSL) -S390X_LINUX_TARCMD = tar -cvhf S390X_LINUX_TEST_CMD = $(LINUX_TEST_CMD) S390X_LINUX_EXTRAS = $(LINUX_EXTRAS) @@ -474,6 +691,7 @@ ZOS_EXPORT_FLAG = -Wc,dll,exportall$(CXPLINK) -Wl,dll$(CXPLINK) ZOS_ICCLIB_EXPFILE = ZOS_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) ZOS_OSSLDLL_NAME = libcrypto.$(OPENSSL_LIBVER).dll +ZOS_MY_OSSLDLL_NAME = libcryptoIBM$(VTAG).$(OPENSSL_LIBVER).dll ZOS_OSSLINC_DIR = $(OSSL_DIR)/include ZOS_OSSLOBJ_DIR = $(OSSL_DIR) ZOS_OPENSSL = $(OSSL_DIR)/apps/openssl @@ -488,6 +706,7 @@ ZOSA_EXPORT_FLAG = -Wc,dll,exportall$(CXPLINK) -Wl,dll$(CXPLINK) ZOSA_ICCLIB_EXPFILE = ZOSA_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) ZOSA_OSSLDLL_NAME = libcrypto.$(OPENSSL_LIBVER).dll +ZOSA_MY_OSSLDLL_NAME = libcryptoIBM$(VTAG).$(OPENSSL_LIBVER).dll ZOSA_OSSLINC_DIR = $(OSSL_DIR)/include ZOSA_OSSLOBJ_DIR = $(OSSL_DIR) ZOSA_OPENSSL = $(OSSL_DIR)/apps/openssl @@ -507,6 +726,7 @@ ZOS31_EXPORT_FLAG = -Wc,dll,exportall$(CXPLINK) -Wl,dll$(CXPLINK) ZOS31_ICCLIB_EXPFILE = ZOS31_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) ZOS31_OSSLDLL_NAME = libcrypto.$(OPENSSL_LIBVER).dll +ZOS31_MY_OSSLDLL_NAME = libcryptoIBM$(VTAG).$(OPENSSL_LIBVER).dll ZOS31_OSSLINC_DIR = $(OSSL_DIR)/include ZOS31_OSSLOBJ_DIR = $(OSSL_DIR) ZOS31_OPENSSL = $(OSSL_DIR)/apps/openssl @@ -523,6 +743,7 @@ ZOSA31_EXPORT_FLAG = -Wc,dll,exportall$(CXPLINK) -Wl,dll$(CXPLINK) ZOSA31_ICCLIB_EXPFILE = ZOSA31_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) ZOSA31_OSSLDLL_NAME = libcrypto.$(OPENSSL_LIBVER).dll +ZOSA31_MY_OSSLDLL_NAME = libcryptoIBM$(VTAG).$(OPENSSL_LIBVER).dll ZOSA31_OSSLINC_DIR = $(OSSL_DIR)/include ZOSA31_OSSLOBJ_DIR = $(OSSL_DIR) ZOSA31_OPENSSL = $(OSSL_DIR)/apps/openssl @@ -538,14 +759,14 @@ AIX_ICCLIB_EXPFILE = exports/icclib_aix.exp AIX_OSSLLIB_NAME = libcrypto AIX_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) AIX_OSSLDLL_NAME = $(LINUX_OSSLDLL_NAME) +AIX_MY_OSSLDLL_NAME = $(LINUX_MY_OSSLDLL_NAME) AIX_OSSLINC_DIR = $(OSSL_DIR)/include AIX_OSSLOBJ_DIR = $(OSSL_DIR) AIX_OPENSSL = $(OSSL_DIR)/apps/openssl AIX_OPENSSL_PATH_SETUP = export LIBPATH=$(OSSL_DIR); AIX_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(AIX_$(CONFIG)_CFLAGS) aix-cc; make depend; make AIX_CLEAN_OSSL = $(LINUX_CLEAN_OSSL) -AIX_TARCMD = tar -cvhf -AIX_TEST_CMD = echo "OpenSSL Tests disabled because of hangs" +AIX_OPENSSL_TEST_CMD = echo "OpenSSL Tests disabled because of hangs" AIX_ASM_TWEAKS = -DAIX AIX_ASMOBJS = rng-ppc.o AIX_EXTRAS = $(LINUX_EXTRAS) @@ -555,14 +776,14 @@ AIX64_ICCLIB_EXPFILE = $(AIX_ICCLIB_EXPFILE) AIX64_OSSLLIB_NAME = libcrypto AIX64_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) AIX64_OSSLDLL_NAME = libcrypto64.so.$(OPENSSL_LIBVER) +AIX64_MY_OSSLDLL_NAME = $(AIX_MY_OSSLDLL_NAME) AIX64_OSSLINC_DIR = $(OSSL_DIR)/include AIX64_OSSLOBJ_DIR = $(OSSL_DIR) AIX64_OPENSSL = $(OSSL_DIR)/apps/openssl -AIX64_OPENSSL_PATH_SETUP = export LIBPATH=$(OSSL_DIR); +AIX64_OPENSSL_PATH_SETUP = $(AIX_OPENSSL_PATH_SETUP) AIX64_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(AIX64_$(CONFIG)_CFLAGS) aix64-cc; make depend; make AIX64_CLEAN_OSSL = $(LINUX_CLEAN_OSSL) -AIX64_TARCMD = tar -cvhf -AIX64_TEST_CMD = $(AIX_TEST_CMD) +AIX64_OPENSSL_TEST_CMD = $(AIX_OPENSSL_TEST_CMD) AIX64_ASM_TWEAKS = -DAIX AIX64_ASMOBJS = rng-ppc.o AIX64_EXTRAS = $(LINUX_EXTRAS) @@ -573,13 +794,13 @@ POWERH_ICCLIB_EXPFILE = $(AIX_ICCLIB_EXPFILE) POWERH_OSSLLIB_NAME = libcrypto POWERH_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) POWERH_OSSLDLL_NAME = $(AIX_OSSLDLL_NAME) +POWERH_MY_OSSLDLL_NAME = $(AIX_MY_OSSLDLL_NAME) POWERH_OSSLINC_DIR = $(OSSL_DIR)/include POWERH_OSSLOBJ_DIR = $(OSSL_DIR) POWERH_OPENSSL = $(OSSL_DIR)/apps/openssl POWERH_OPENSSL_PATH_SETUP = export LIBPATH=$(OSSL_DIR); POWERH_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(POWERH_$(CONFIG)_CFLAGS) aix64-cc; make depend; make POWERH_CLEAN_OSSL = $(LINUX_CLEAN_OSSL) -POWERH_TARCMD = tar -cvhf POWERH_TEST_CMD = $(LINUX_TEST_CMD) POWERH_ASM_TWEAKS = -DAIX POWERH_ASMOBJS = rng-ppc.o @@ -589,13 +810,13 @@ SUN_EXPORT_FLAG = -Wl,-M SUN_ICCLIB_EXPFILE = exports/icclib_sun.exp SUN_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) SUN_OSSLDLL_NAME = $(LINUX_OSSLDLL_NAME) +SUN_MY_OSSLDLL_NAME = $(LINUX_MY_OSSLDLL_NAME) SUN_OSSLINC_DIR = $(OSSL_DIR)/include SUN_OSSLOBJ_DIR = $(OSSL_DIR) SUN_OPENSSL = $(OSSL_DIR)/apps/openssl -SUN_OPENSSL_PATH_SETUP = set LD_LIBRARY_PATH=$(OSSL_DIR);export LD_LIBRARY_PATH; +SUN_OPENSSL_PATH_SETUP = LD_LIBRARY_PATH=$(OSSL_DIR);export LD_LIBRARY_PATH; SUN_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(SUN_$(CONFIG)_CFLAGS) -R$(OSSLOBJ_DIR) solaris-sparcv9-cc; make depend; make SUN_CLEAN_OSSL = $(LINUX_CLEAN_OSSL) -SUN_TARCMD = tar -cvhf SUN_TEST_CMD = $(LINUX_TEST_CMD) SUN_ASM_TWEAKS = -DSOL8_FAST_TICK SUN_ASMOBJS = RdCTR_raw.o @@ -607,13 +828,13 @@ SUN_X86_EXPORT_FLAG = $(SUN_EXPORT_FLAG) SUN_X86_ICCLIB_EXPFILE = $(SUN_ICCLIB_EXPFILE) SUN_X86_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) SUN_X86_OSSLDLL_NAME = $(SUN_OSSLDLL_NAME) +SUN_X86_MY_OSSLDLL_NAME = $(SUN_MY_OSSLDLL_NAME) SUN_X86_OSSLINC_DIR = $(OSSL_DIR)/include SUN_X86_OSSLOBJ_DIR = $(OSSL_DIR) SUN_X86_OPENSSL = $(OSSL_DIR)/apps/openssl SUN_X86_OPENSSL_PATH_SETUP = $(SUN_OPENSSL_PATH_SETUP) SUN_X86_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) solaris-x86-gcc; make depend; make SUN_X86_CLEAN_OSSL = $(SUN_CLEAN_OSSL) -SUN_X86_TARCMD = tar -cvhf SUN_X86_TEST_CMD = $(SUN_TEST_CMD) SUN_X86_ASM_TWEAKS = SUN_X86_EXTRAS = $(LINUX_EXTRAS) @@ -622,13 +843,13 @@ SUN_SOL8_EXPORT_FLAG = $(SUN_EXPORT_FLAG) SUN_SOL8_ICCLIB_EXPFILE = $(SUN_ICCLIB_EXPFILE) SUN_SOL8_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) SUN_SOL8_OSSLDLL_NAME = $(SUN_OSSLDLL_NAME) +SUN_SOL8_MY_OSSLDLL_NAME = $(SUN_MY_OSSLDLL_NAME) SUN_SOL8_OSSLINC_DIR = $(SUN_OSSLINC_DIR) SUN_SOL8_OSSLOBJ_DIR = $(SUN_OSSLOBJ_DIR) SUN_SOL8_OPENSSL = $(SUN_OPENSSL) SUN_SOL8_OPENSSL_PATH_SETUP = $(SUN_OPENSSL_PATH_SETUP) SUN_SOL8_BUILD_OSSL = $(SUN_BUILD_OSSL) SUN_SOL8_CLEAN_OSSL = $(SUN_CLEAN_OSSL) -SUN_SOL8_TARCMD = $(SUN_TARCMD) SUN_SOL8_TEST_CMD = $(SUN_TEST_CMD) # inline assembler to read the internal CPU cycle counter SUN_SOL8_ASM_TWEAKS = -DSOL8_FAST_TICK @@ -640,13 +861,13 @@ SUN64_EXPORT_FLAG = $(SUN_EXPORT_FLAG) SUN64_ICCLIB_EXPFILE = $(SUN_ICCLIB_EXPFILE) SUN64_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) SUN64_OSSLDLL_NAME = $(SUN_OSSLDLL_NAME) +SUN64_MY_OSSLDLL_NAME = $(SUN_MY_OSSLDLL_NAME) SUN64_OSSLINC_DIR = $(OSSL_DIR)/include SUN64_OSSLOBJ_DIR = $(OSSL_DIR) SUN64_OPENSSL = $(OSSL_DIR)/apps/openssl SUN64_OPENSSL_PATH_SETUP = $(SUN_OPENSSL_PATH_SETUP) SUN64_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(SUN_$(CONFIG)_CFLAGS) -R$(OSSLOBJ_DIR) solaris64-sparcv9-cc; make depend; make SUN64_CLEAN_OSSL = $(SUN_CLEAN_OSSL) -SUN64_TARCMD = tar -cvhf SUN64_TEST_CMD = $(SUN_TEST_CMD) SUN64_ASM_TWEAKS = -DSOL8_FAST_TICK SUN64_ASMOBJS = RdCTR_raw.o @@ -656,6 +877,7 @@ SUN_AMD64_EXPORT_FLAG = $(SUN_EXPORT_FLAG) SUN_AMD64_ICCLIB_EXPFILE = $(SUN_ICCLIB_EXPFILE) SUN_AMD64_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) SUN_AMD64_OSSLDLL_NAME = $(SUN_OSSLDLL_NAME) +SUN_AMD64_MY_OSSLDLL_NAME = $(SUN_MY_OSSLDLL_NAME) SUN_AMD64_OSSLINC_DIR = $(OSSL_DIR)/include SUN_AMD64_OSSLOBJ_DIR = $(OSSL_DIR) SUN_AMD64_OPENSSL = $(OSSL_DIR)/apps/openssl @@ -664,7 +886,6 @@ SUN_AMD64_OPENSSL_PATH_SETUP = $(SUN_OPENSSL_PATH_SETUP) SUN_AMD64_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) -R$(OSSLOBJ_DIR) solaris64-x86_64-gcc; make depend; make #SUN_AMD64_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(SUN_$(CONFIG)_CFLAGS) -R$(OSSLOBJ_DIR) solaris64-x86_64-cc; make depend; make SUN_AMD64_CLEAN_OSSL = $(SUN_CLEAN_OSSL) -SUN_AMD64_TARCMD = tar -cvhf SUN_AMD64_TEST_CMD = $(SUN_TEST_CMD) SUN_AMD64_ASM_TWEAKS = SUN_AMD64_EXTRAS = $(LINUX_EXTRAS) @@ -674,13 +895,13 @@ HPUX_EXPORT_FLAG = -c HPUX_ICCLIB_EXPFILE = exports/icclib_hpux.exp HPUX_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) HPUX_OSSLDLL_NAME = libcrypto.sl.$(OPENSSL_LIBVER) +HPUX_MY_OSSLDLL_NAME = libcryptoIBM$(VTAG).sl.$(OPENSSL_LIBVER) HPUX_OSSLINC_DIR = $(OSSL_DIR)/include HPUX_OSSLOBJ_DIR = $(OSSL_DIR) HPUX_OPENSSL = $(SDK_DIR)/openssl -HPUX_OPENSSL_PATH_SETUP = export LD_LIBRARY_PATH=$(OSSL_DIR); +HPUX_OPENSSL_PATH_SETUP = SHLIB_PATH=$(OSSL_DIR);export SHLIB_PATH; HPUX_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(HPUX_$(CONFIG)_CFLAGS) hpux-parisc1_1-cc; make depend; make HPUX_CLEAN_OSSL = $(LINUX_CLEAN_OSSL) -HPUX_TARCMD = tar -cvhf HPUX_TEST_CMD = $(LINUX_TEST_CMD) HPUX_EXTRAS = $(LINUX_EXTRAS) @@ -690,13 +911,13 @@ HPUX64_EXPORT_FLAG = -c HPUX64_ICCLIB_EXPFILE = $(HPUX_ICCLIB_EXPFILE) HPUX64_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) HPUX64_OSSLDLL_NAME = $(HPUX_OSSLDLL_NAME) +HPUX64_MY_OSSLDLL_NAME = $(HPUX_MY_OSSLDLL_NAME) HPUX64_OSSLINC_DIR = $(HPUX_OSSLINC_DIR) HPUX64_OSSLOBJ_DIR = $(HPUX_OSSLOBJ_DIR) HPUX64_OPENSSL = $(HPUX_OPENSSL) HPUX64_OPENSSL_PATH_SETUP = $(HPUX_OPENSSL_PATH_SETUP) HPUX64_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(HPUX64_$(CONFIG)_CFLAGS) hpux64-parisc2-cc; make depend; make HPUX64_CLEAN_OSSL = $(HPUX_CLEAN_OSSL) -HPUX64_TARCMD = $(HPUX_TARCMD) HPUX64_TEST_CMD = $(HPUX_TEST_CMD) HPUX64_EXTRAS = $(LINUX_EXTRAS) @@ -708,13 +929,13 @@ IA64_HPUX_ICCLIB_EXPFILE = $(HPUX_ICCLIB_EXPFILE) # Yes, it *IS* different from the pa-risc shared library name IA64_HPUX_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) IA64_HPUX_OSSLDLL_NAME = $(LINUX_OSSLDLL_NAME) +IA64_HPUX_MY_OSSLDLL_NAME = $(LINUX_MY_OSSLDLL_NAME) IA64_HPUX_OSSLINC_DIR = $(OSSL_DIR)/include IA64_HPUX_OSSLOBJ_DIR = $(OSSL_DIR) IA64_HPUX_OPENSSL = $(OSSL_DIR)/apps/openssl -IA64_HPUX_OPENSSL_PATH_SETUP = export LD_LIBRARY_PATH=$(OSSL_DIR); +IA64_HPUX_OPENSSL_PATH_SETUP = $(LINUX_OPENSSL_PATH_SETUP) IA64_HPUX_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(IA64_HPUX_$(CONFIG)_CFLAGS) hpux-ia64-cc; make depend; make IA64_HPUX_CLEAN_OSSL = $(LINUX_CLEAN_OSSL) -IA64_HPUX_TARCMD = tar -cvhf IA64_HPUX_TEST_CMD = $(LINUX_TEST_CMD) IA64_HPUX_EXTRAS = $(LINUX_EXTRAS) @@ -725,13 +946,13 @@ IA64_HPUX64_EXPORT_FLAG = -c IA64_HPUX64_ICCLIB_EXPFILE = $(HPUX_ICCLIB_EXPFILE) IA64_HPUX64_ICCDLL_NAME = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) IA64_HPUX64_OSSLDLL_NAME = $(LINUX_OSSLDLL_NAME) +IA64_HPUX64_MY_OSSLDLL_NAME = $(LINUX_MY_OSSLDLL_NAME) IA64_HPUX64_OSSLINC_DIR = $(OSSL_DIR)/include IA64_HPUX64_OSSLOBJ_DIR = $(OSSL_DIR) IA64_HPUX64_OPENSSL = $(OSSL_DIR)/apps/openssl IA64_HPUX64_OPENSSL_PATH_SETUP = export SHLIB_PATH=$(OSSL_DIR):/usr/lib; IA64_HPUX64_BUILD_OSSL = cd $(OSSL_DIR); ./Configure threads shared $(OSSL_FLAGS) $(IA64_HPUX64_$(CONFIG)_CFLAGS) hpux64-ia64-cc; make depend; make IA64_HPUX64_CLEAN_OSSL = $(LINUX_CLEAN_OSSL) -IA64_HPUX64_TARCMD = tar -cvhf IA64_HPUX64_TEST_CMD = $(LINUX_TEST_CMD) IA64_HPUX64_EXTRAS = $(LINUX_EXTRAS) @@ -754,11 +975,11 @@ OS400_EXPORT_MEMBERPATH = $(OS400_EXPORT_FILEPATH)/LIBICCLIB.MBR OS400_EXPORT_MEMBER = LIBICCLIB OS400_EXPORT_FLAG = -x -qSRCFILE=$(OS400_ICC_OUTPUTDIR)/$(OS400_EXPORT_FILE) -qSRCMBR=$(OS400_EXPORT_MEMBER) OS400_OSSLDLL_NAME = libcrypto.so.$(OPENSSL_LIBVER) +OS400_MY_OSSLDLL_NAME = libcryptoIBM$(VTAG).so.$(OPENSSL_LIBVER) OS400_OSSLINC_DIR = $(OSSL_DIR)/include OS400_OSSLOBJ_DIR = $(OSSL_DIR) OS400_OPENSSL = $(OSSL_DIR)/apps/openssl -# semicolon deliberate -OS400_OPENSSL_PATH_SETUP = export LD_LIBRARY_PATH=$(OSSL_DIR); +OS400_OPENSSL_PATH_SETUP = $(LINUX_OPENSSL_PATH_SETUP) OS400_BUILD_OSSL = $(OS400_SETUP_OSSL); cd $(OSSL_DIR); ./Configure $(CONFIG)-OS400 threads shared $(OSSL_FLAGS); make depend; make OS400_CLEAN_OSSL = $(OS400_SETUP_OSSL); cd $(OSSL_DIR); ./Configure $(CONFIG)-OS400 threads shared $(OSSL_FLAGS); make clean-os400 clean-shared; $(RM) $(OSSL_DIR)/Makefile OS400_OSSLLIB_NAME = libcrypto.so.$(OPENSSL_LIBVER) @@ -785,10 +1006,11 @@ OS400X_debug_OSSL_HOSTBIN = $(OS400X_debug_ICC_HOSTBIN) OS400X_CLEAN400_OSSL = rmlib400x -s $(HOSTSYS) $(OS400X_$(CONFIG)_OSSL_HOSTBIN) OS400X_OSSLLIB_NAME = libcrypto OS400X_OSSLDLL_NAME = libcrypto.so +OS400X_MY_OSSLDLL_NAME = libcrypto.so OS400X_OSSLINC_DIR = $(OSSL_DIR)/include OS400X_OSSLOBJ_DIR = $(OSSL_DIR) OS400X_OPENSSL = $(OSSL_DIR)/apps/openssl -##OS400X_OPENSSL_PATH_SETUP = export LD_LIBRARY_PATH=$(OSSL_DIR); +##OS400X_OPENSSL_PATH_SETUP = $(LINUX_OPENSSL_PATH_SETUP) #-------------------------------------------------------- # need to create dummy version of this header if we are not running 'make depend' in openssl, because # Makefiles come with dependencies that require this file, which is not generated when using the 'no_idea" option @@ -806,7 +1028,6 @@ OS400X_BUILD_OSSL__ex = cd $(OSSL_DIR); export HOSTBINOPT="-H $(OS400X_$(CONFI OS400X_BUILD_OSSL = $(OS400X_BUILD_OSSL_$(EX_SUFFIX)) #-------------------------------------------------------- OS400X_CLEAN_OSSL = cd $(OSSL_DIR); "$(MAKE)" clean clean-shared; $(RM) $(OSSL_DIR)/Makefile -OS400X_TARCMD = tar -cvhf OS400X_TEST_CMD = ./icctest; cd $(OSSL_DIR); export HOSTBINOPT="-H $(OS400X_$(CONFIG)_OSSL_HOSTBIN)"; "$(MAKE)" tests; apps/openssl speed; cd ../icc OS400X_ASM_TWEAKS = OS400X_ASMOBJS = @@ -820,19 +1041,24 @@ OS400X_EXTRAS = EXPORT_FLAG = $($(OPSYS)_EXPORT_FLAG) ICCLIB_EXPFILE = $($(OPSYS)_ICCLIB_EXPFILE) ICCDLL_NAME = $($(OPSYS)_ICCDLL_NAME) +# NOTE OSSLLIB_NAME is unused, instead using $(SLIBCRYPTO) from ossl.mk OSSLLIB_NAME = $($(OPSYS)_OSSLLIB_NAME) # Name of the DLL built by OpenSSL OSSLDLL_NAME = $($(OPSYS)_OSSLDLL_NAME) # Name of the DLL used by ICC. (on OS/X at least we have to rename it) # Most OS's it stays the same as the native OpenSSL name +MY_OSSLDLL_NAME = $($(OPSYS)_MY_OSSLDLL_NAME) OSSLINC_DIR = $($(OPSYS)_OSSLINC_DIR) OSSLOBJ_DIR = $($(OPSYS)_OSSLOBJ_DIR) OPENSSL = $($(OPSYS)_OPENSSL) OPENSSL_PATH_SETUP = $($(OPSYS)_OPENSSL_PATH_SETUP) BUILD_OSSL = $($(OPSYS)_BUILD_OSSL) +CMAKE_OQS = $($(OPSYS)_CMAKE_OQS) +BUILD_OQS = $($(OPSYS)_BUILD_OQS) CLEAN_OSSL = $($(OPSYS)_CLEAN_OSSL) TARCMD = $($(OPSYS)_TARCMD) TEST_CMD = $($(OPSYS)_TEST_CMD) +OPENSSL_TEST_CMD = $($(OPSYS)_OPENSSL_TEST_CMD) # The next lines cater for ugly bits of inline assembler needed # to get the CPU cycle counter on some OS's # It's handled different on different OS's as well (UGLY !!) diff --git a/icc/icc_minor_version.h b/icc/icc_minor_version.h index dba4d51..4d9f7cb 100644 --- a/icc/icc_minor_version.h +++ b/icc/icc_minor_version.h @@ -1,9 +1 @@ -/************************************************************************* -// Copyright IBM Corp. 2023 -// -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy -// in the file LICENSE in the source distribution. -*************************************************************************/ - -#define ICC_VERSION_MOD 6 +#define ICC_VERSION_MOD 11 diff --git a/icc/icc_rand.c b/icc/icc_rand.c index d9f5f3f..3297a2d 100644 --- a/icc/icc_rand.c +++ b/icc/icc_rand.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/iccdef.h b/icc/iccdef.h index 4684345..562febf 100644 --- a/icc/iccdef.h +++ b/icc/iccdef.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -23,8 +23,7 @@ #define ICC_UINT32 uint32_t #endif -/* Can't trust long, which is 4 bytes on windows, 8 on linux - stdint.h should be available everywhere. */ +/* Can't trust long, which is 4 bytes on windows, 8 on linux */ #if defined(_WIN32) #define ICC_INT64 INT64 diff --git a/icc/iccerr.c b/icc/iccerr.c index cce73e0..2ddf9e7 100644 --- a/icc/iccerr.c +++ b/icc/iccerr.c @@ -1,16 +1,15 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ -/************************************************************************* -// Description: -// This incoporates ICC into the error facilities of OpenSSL. -// -*************************************************************************/ +/* +// Description: +// This incorporates ICC into the error facilities of OpenSSL. +*/ #include "openssl/err.h" diff --git a/icc/iccerr.h b/icc/iccerr.h index 158907d..7019023 100644 --- a/icc/iccerr.h +++ b/icc/iccerr.h @@ -1,16 +1,15 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ -/************************************************************************* -// Description: -// This incoporates ICC into the error facilities of OpenSSL. -// -*************************************************************************/ +/* +// Description: +// This incoporates ICC into the error facilities of openSSL. +*/ #ifndef INCLUDED_ICCERR #define INCLUDED_ICCERR diff --git a/icc/iccglobals.h b/icc/iccglobals.h index 9793715..523c53a 100644 --- a/icc/iccglobals.h +++ b/icc/iccglobals.h @@ -1,15 +1,13 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ - -/************************************************************************* +/* // Description: Global definitions ubiquitous across ICC -// -*************************************************************************/ +*/ /** \file iccglobals.h * @brief ICC Global variable and structure definitions (ICCSDK) @@ -29,6 +27,7 @@ extern "C" { #define ICC_LINKAGE #endif +#include /*! @brief These are the error codes returned from ICC API calls where the return type allows an error to be returned. - Note that where a function returns a pointer, ICC will return NULL if an ICC API error occurs. @@ -65,6 +64,7 @@ struct ICC_t; */ typedef struct ICC_t ICC_CTX; +typedef struct ossl_param_st OSSL_PARAM; struct ICC_PRNG_t; @@ -217,6 +217,20 @@ typedef enum { These are the supported types. */ +/*Param names used in OSSL_PARAMS Scraped from Openssl v3 "core_names.h"*/ + +#define ICC_OSSL_KDF_PARAM_THREADS "threads" +#define ICC_OSSL_KDF_PARAM_ARGON2_LANES "lanes" +#define ICC_OSSL_KDF_PARAM_ARGON2_MEMCOST "memcost" +#define ICC_OSSL_KDF_PARAM_SALT "salt" +#define ICC_OSSL_KDF_PARAM_PASSWORD "pass" +#define ICC_OSSL_PARAM_UNSIGNED_INTEGER 2 +#define ICC_OSSL_PARAM_OCTET_STRING 5 +#define ICC_OSSL_KDF_PARAM_ARGON2_VERSION "version" +#define ICC_OSSL_KDF_PARAM_MODE "mode" +#define ICC_OSSL_PARAM_UNMODIFIED ((size_t)-1) +#define ICC_OSSL_PARAM_END { NULL, 0, NULL, 0 } + typedef enum { ICC_DH_GENERATOR_2 = 2, /*!< Type 2 key generator */ ICC_DH_GENERATOR_5 = 5 /*!< Type 5 key generator */ @@ -394,7 +408,8 @@ typedef enum { */ ICC_SEED_GENERATOR = 10, /*!< Change the Entropy source ICC/OpenSSL uses by default - Note that this should only be used when the - default entropy source is unusable + default entropy source is unusable, most likely + a virtualized system or new hardware. - Valid values: (R/W1) - "TRNG_HW" (default) - "TRNG_OS" @@ -499,8 +514,10 @@ typedef enum { overhead. This is known thread safe but thread safety checkers will complain. To clear the callback, close the context and - create a new one. - */ + create a new one.*/ + + ICC_TRACE_CALLBACK = 21, /*!< Set the Trace callback in THIS context */ + GSK_ICC_ACTIVE_LIBS = 52 /*!< Integer bit mask, the low two bits are used. Bit 0 = 1 the FIPS library is loadable Bit 1 = 1 the non-FIPS library is loadable @@ -654,6 +671,16 @@ struct ICC_STATUS_t typedef struct ICC_STATUS_t ICC_STATUS; +/* ossl_param_st is sraped from ossl v3*/ +struct ICC_OSSL_PARAM_t { + const char* key; /* the name of the parameter */ + unsigned int data_type; /* declare what kind of content is in data */ + void* data; /* value being passed in or out */ + size_t data_size; /* data size */ + size_t return_size; /* returned size */ +}; +typedef struct ICC_OSSL_PARAM_t ICC_OSSL_PARAM; + #ifdef __cplusplus } #endif diff --git a/icc/icclib.c b/icc/icclib.c index 0e44aa5..d87a817 100644 --- a/icc/icclib.c +++ b/icc/icclib.c @@ -1,15 +1,14 @@ -/************************************************************************* +/*************************************************************************/ // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. -*************************************************************************/ +/*************************************************************************/ -/************************************************************************* +/*************************************************************************/ // Description: Source for the icclib shared library -// -*************************************************************************/ +/*************************************************************************/ #if defined(__MVS__) /* Exported symbol definitions for z/OS - generated by ICCencapsulator.java @@ -19,6 +18,7 @@ #endif /* Needs to be here to pick up macros to enable Dl_info etc */ #include "loaded.h" + #include #include #include @@ -36,6 +36,7 @@ #include "TRNG/ICC_NRBG.h" #include "openssl/opensslv.h" #include "crypto/evp.h" +#include "crypto/asn1.h" #include "openssl/evp.h" #if(OPENSSL_VERSION_NUMBER < 0x1010105fL) @@ -45,7 +46,9 @@ # include "crypto/rsa/rsa_local.h" # include "crypto/dsa/dsa_local.h" #endif + #define ICCLIB 1 +/* note - not icc.h ! */ #include "icc_a.h" #undef ICCLIB #include "icc_common.h" @@ -54,7 +57,7 @@ #include "DELTA/delta_t.h" #include "DELTA/delta.c" -unsigned long d[10]; +static unsigned long global_d[10]; #endif /* If this is set, the support code for tracing is inserted here @@ -65,7 +68,9 @@ unsigned long d[10]; #include "tracer.h" #if defined(_WIN32) +#pragma warning (disable : 4100) # define strdup(x) _strdup(x) +# define stricmp(x,y) _stricmp(x,y) #endif extern int ex_loops,ex_shift; @@ -74,50 +79,15 @@ extern int Shift(); extern unsigned int Loops(); extern int isFipsTrng(TRNG_TYPE t); +static int my_RAND_bytes(unsigned char* buf, int n); + /* Prototype for the FIPS compliant keygen function */ -int fips_rsa_builtin_keygen(RSA *rsa, int bits,int primes, BIGNUM *e_value,BN_GENCB *cb); +int fips_rsa_builtin_keygen(RSA *rsa, int bits,BIGNUM *e_value,BN_GENCB *cb); /* Forward declarations for redirected functions Note that in all these interfaces pcb is non-NULL just to get here */ -DH * my_DH_generate_parameters(ICClib *pcb,int bits, int generator,void (*callback)(int,int,void *),void *cb_arg); -RSA * my_RSA_generate_key(ICClib *pcb,int bits, unsigned long e,void (*callback)(int,int,void *),void *cb_arg); -int my_RSA_generate_key_ex(ICClib *pcb,RSA *rsa, int bits, BIGNUM *e,void *callback); -DSA *my_DSA_generate_parameters(ICClib *pcb,int bits,unsigned char *seed,int seed_len,int *counter_ret, unsigned long *h_ret,void (*callback)(int, int, void *),void *cb_arg); -int my_DSA_generate_key(ICClib *pcb,DSA *a); -EC_KEY *my_EC_KEY_new_by_curve_name(ICClib *pcb,int nid); -int my_EC_KEY_generate_key(ICClib *pcb,EC_KEY *eckey); -PRNG * my_get_RNGbyname(ICClib *pcb,const char *algname); -int my_EVP_DigestInit(EVP_MD_CTX *ctx,const EVP_MD *md); -int my_EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *size); - -int my_RAND_bytes(unsigned char *buf,int n); -int my_EVP_PKEY_encrypt_new(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); -int my_EVP_PKEY_decrypt_new(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); -int my_EVP_PKEY_keygen(ICClib *pcb, EVP_PKEY_CTX *cctx, EVP_PKEY **pk); -int my_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX * x); -int my_EVP_DigestSignInit(ICClib *pcb,EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); -int my_EVP_DigestVerifyInit(ICClib *pcb,EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); -int my_SP800_38F_KW(ICClib *pcb,unsigned char *in, int inl, unsigned char *out, int *outl, unsigned char *key, int kl,unsigned int flags) ; -int my_EVP_PKEY_sign_init(ICClib *pcb,EVP_PKEY_CTX *pctx); -int my_EVP_PKEY_verify_init(ICClib *pcb,EVP_PKEY_CTX *pctx); -void my_GHASH(AES_GCM_CTX *gcm_ctx,unsigned char *H,unsigned char *Hash,unsigned char *data,unsigned long datalen); -int my_EVP_PKEY_derive_init(ICClib *pcb,EVP_PKEY_CTX *ctx); -int my_RSA_sign(ICClib *pcb,int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, RSA *rsa); -int my_RSA_verify(ICClib *pcb,int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int siglen, RSA *rsa); -int my_DH_generate_key(ICClib *pcb,DH *dh); -int my_RSA_private_decrypt(ICClib *pcb,int flen, const unsigned char *from,unsigned char *to, RSA *rsa,int padding); -int my_RSA_public_encrypt(ICClib *pcb,int flen, unsigned char *from,unsigned char *to, RSA *rsa,int padding); -int my_RSA_private_encrypt(ICClib *pcb,int flen, const unsigned char *from,unsigned char *to, RSA *rsa,int padding); -int my_RSA_public_decrypt(ICClib *pcb,int flen, unsigned char *from,unsigned char *to, RSA *rsa,int padding); -int my_DH_compute_key(ICClib *pcb,unsigned char *key,BIGNUM *pub_key,DH *dh); -int my_DH_compute_key_padded(ICClib *pcb,unsigned char *key,BIGNUM *pub_key,DH *dh); -int my_PKCS5_PBKDF2_HMAC(ICClib *pcb,const char *pass, int passlen, const unsigned char *salt, int saltlen, int iters, const EVP_MD *digest, int keylen, unsigned char *out); unsigned char *HKDF_Extract(ICClib *pcb,const EVP_MD *evp_md,const unsigned char *salt, size_t salt_len,const unsigned char *key, size_t key_len,unsigned char *prk, size_t *prk_len); unsigned char *HKDF_Expand(ICClib *pcb,const EVP_MD *evp_md,const unsigned char *prk, size_t prk_len,const unsigned char *info, size_t info_len,unsigned char *okm, size_t okm_len); unsigned char *HKDF(ICClib *pcb,const EVP_MD *evp_md,const unsigned char *salt, size_t salt_len,const unsigned char *key, size_t key_len,const unsigned char *info, size_t info_len,unsigned char *okm, size_t okm_len); @@ -152,13 +122,17 @@ int EVP_MD_CTX_init(EVP_MD_CTX *ctx); int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx); -int EVP_CIPHER_CTX_flags(EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); int RSA_FixEncodingZeros(RSA* pri, const RSA* pub, int allowDisableBlinding); int InternalIntegrityCheck(ICClib *pcb,ICC_STATUS *status,int partial); int IntegrityCheck(ICClib *pcb,ICC_STATUS *status); void ALT_Final(); /* Clean up the fd used for /dev/random */ + +static +void pqc_evp_init(); + /* *----------------------------------------------------------------------------- * INCLUDED source. @@ -167,10 +141,6 @@ void ALT_Final(); /* Clean up the fd used for /dev/random */ /* Drop in code for digsetbyname,cipherbyname */ #include "nid_cache.c" -/* Include the function table */ -#include "icclib_a.c" - - /* If not NULL we'll attempt to print the first fatal error to this destination */ FILE *errorfile = NULL; @@ -206,15 +176,14 @@ const char ICC_SCCSInfo[] = "@(#)ProductName: " ICC_PRODUCT_NAME "\n" "@(#)ProductVersion: " ICC_PRODUCT_VERSION "\n" "@(#)ProductInfo: " ICC_PRODUCT_INFO "\n" - "@(#)CMVCInfo: " ICC_CMVC_INFO "\n" + "@(#)GIT_BRANCH: " ICC_GIT_BRANCH "\n" + "@(#)GIT_HASH : " ICC_GIT_HASH "\n" + "@(#)OCKC_BRANCH: " OCKC_GIT_BRANCH "\n" + "@(#)OCKC_HASH : " OCKC_GIT_HASH "\n" }; - -char tmp; /* Used solely to force the linker to include SCCSInfo */ - - - +const char* G_tmp; /* Used solely to force the linker to include SCCSInfo */ @@ -238,8 +207,10 @@ void ICC_Free(void *ptr); void CleanupSP800_90(void); +#if (NON_FIPS_ICC == 0) +/* FIPS build ! */ static char *no_excluded_rngs = ""; - +#endif /* *----------------------------------------------------------------------------- @@ -300,7 +271,7 @@ void *ICC_Calloc(size_t n, size_t sz,const char *file, int line) { void *ptr = NULL; - ptr = CRYPTO_calloc(n,sz,file,line); + ptr = CRYPTO_calloc((int)n,(int)sz,file,line); return ptr; @@ -331,11 +302,7 @@ static unsigned char x2bin(unsigned char b) return c; } -/* Called from the status code when a fatal error is tripped */ -void DisableAPI(void) -{ - memcpy(ICCGlobal_default, ICCGlobal_Error, sizeof(ICCGlobal_default)); -} + /* The actual FIPS and ERROR flags are stored inside the opaque PCB object, and the ICC_STATUS is user provided. So we need to set these on exit to ensure the copy in the user supplied status @@ -409,7 +376,7 @@ static void EnvVars() (lie_about_FIPS[0] != 'f') && (lie_about_FIPS[0] != '0') ) { - MARK("ICC_IGNORE_FIPS", tmp); + MARK("ICC_IGNORE_FIPS", lie_about_FIPS); fips_lie = 1; } /*! \EnvVar ICC_INDUCED_FAILURE @@ -691,74 +658,8 @@ void SetParams(char *params[],int n) OUT(); } -/* Set up the call tables that will be used by the static stub to access - crypto. function -*/ -static void LoadTable(ICC_STATUS *status) -{ - int i = 0, j= 0; - IN(); - /* NUM_ICCLIBFUNCTIONS -1 because of the NULL,NULL terminal entry */ - for(i = j = 0; (i < (NUM_ICCLIBFUNCTIONS-1)) && (NULL != Global.funcs[i].name) ; i++, j++) { - /* We sometimes need to redirect functions, so provided we - have a loose match to the name, accept it - */ - if((NULL != ICCGlobal_default[j].name) && (NULL != strstr(Global.funcs[i].name,ICCGlobal_default[j].name))) { - ICCGlobal_default[i].func = Global.funcs[j].func; - } else { - SetStatusLn2 (NULL,status, ICC_ERROR, ICC_LIBRARY_NOT_FOUND,"Symbol not found in function list",(ICCGlobal_default[i].name != NULL) ? ICCGlobal_default[i].name : " prior internal self test failure " ,__FILE__,__LINE__); - break; - } - } - OUT(); -} - -static void LoadTables(ICC_STATUS *status) -{ - int i,j=0; - IN(); - if(ICC_OK == status->majRC) { - /* Populate the default ICCGlobal table */ - LoadTable(&(Global.status)); - - - memcpy(&ICCGlobal_Partial,&ICCGlobal_default, sizeof(ICCGlobal_Partial)); - memcpy(&ICCGlobal_Error,&ICCGlobal_default, sizeof(ICCGlobal_Error)); - /* Now winnow the entry points down - Error state table, I know, but really, it's accurate enough - */ - for (i = 0; i < (NUM_ICCLIBFUNCTIONS - 1); i++) { - if (NULL == ICCGlobal_Error[i].name) - break; - if ((NULL != strstr(ICCGlobal_Error[i].name, "_new")) || - (NULL != strstr(ICCGlobal_Error[i].name, "generate")) || - (NULL != strstr(ICCGlobal_Error[i].name, "Generate")) || - (NULL != strstr(ICCGlobal_Error[i].name, "Init")) || - (NULL != strstr(ICCGlobal_Error[i].name, "get_")) || - (NULL != strstr(ICCGlobal_Error[i].name, "RAND_")) || - (NULL != strstr(ICCGlobal_Error[i].name, "DES_random_key")) || - (NULL != strstr(ICCGlobal_Error[i].name, "AES_CCM_Encrypt")) || - (NULL != strstr(ICCGlobal_Error[i].name, "AES_CCM_Decrypt")) || - (NULL != strstr(ICCGlobal_Error[i].name, "SP800_38F_KW"))) { - ICCGlobal_Error[i].func = NULL; - } - } - /* Init table is a bit simpler - anything beyond SelfTest isn't there - */ - for(i = 0; i < (NUM_ICCLIBFUNCTIONS-1); i++) { - if(NULL == ICCGlobal_Partial[i].name) break; - if(NULL != strstr(ICCGlobal_Partial[i].name,"SelfTest")) { - j = 1; - continue; - } - if( 0 != j) { - ICCGlobal_Partial[i].func = NULL; - } - } - } - OUT(); -} +extern struct ICClibGlobal_t Global; +static void LoadTables(ICC_STATUS* status); /*! @brief Open the ICC signature file and the ICC shared library @param sigfile pointer to the file descriptor pointer for ICCSIG.txt or equivalent @@ -767,7 +668,6 @@ static void LoadTables(ICC_STATUS *status) */ void OpenCheckFiles(FILE **sigfile,FILE **self) { - static char tmppath[MAX_PATH+1]; char *ptr = NULL; #if defined(_WIN32) @@ -858,6 +758,16 @@ void OpenCheckFiles(FILE **sigfile,FILE **self) OUT(); } + +#ifdef LIBOQS +int randombytes(uint8_t* x, unsigned long xlen); + +static void icc_randombytes(uint8_t* random_array, size_t bytes_to_read) +{ + randombytes(random_array, (unsigned long) bytes_to_read); +} +#endif + /*! @brief Set up so that it's called by shared library loading @@ -877,7 +787,7 @@ int ICCLoad () TRACE_START_EX("icclib",NULL); IN(); #if defined(STANDALONE_ICCLIB) - Delta_T(1,&d[0]); + Delta_T(1,&global_d[0]); #endif MARK("OPENSSL_cpuid_setup()","Crypto capability probe"); /* CPUID must be determined before we set TRNG's */ @@ -897,7 +807,7 @@ int ICCLoad () #if defined(STANDALONE_ICCLIB) - d[1] = Delta_T(0,&d[0]); + global_d[1] = Delta_T(0,&global_d[0]); #endif if(NULL != sigfile) { @@ -949,7 +859,7 @@ int ICCLoad () #if defined(STANDALONE_ICCLIB) - d[2] = Delta_T(0,&d[0]); + global_d[2] = Delta_T(0,&global_d[0]); #endif OpenSSL_Init(NULL,&(Global.status)); @@ -957,7 +867,7 @@ int ICCLoad () init_name_caches(); #if defined(STANDALONE_ICCLIB) - d[3] = Delta_T(0,&d[0]); + global_d[3] = Delta_T(0,&global_d[0]); #endif if(runpost) { if(ICC_OK == Global.status.majRC ) { @@ -967,7 +877,7 @@ int ICCLoad () } } #if defined(STANDALONE_ICCLIB) - d[4] = Delta_T(0,&d[0]); + global_d[4] = Delta_T(0,&global_d[0]); #endif if(trc != ICC_OSSL_FAILURE) { @@ -986,7 +896,7 @@ int ICCLoad () } #if defined(STANDALONE_ICCLIB) - d[5] = Delta_T(0,&d[0]); + global_d[5] = Delta_T(0,&global_d[0]); #endif if(Global.status.majRC != ICC_ERROR) { LoadTables(&(Global.status)); @@ -996,7 +906,7 @@ int ICCLoad () MARK("CPUID",cpuid); } - + pqc_evp_init(); OUTRC(rc); return rc; @@ -1205,8 +1115,9 @@ void *lib_init (ICClib * pcb, ICC_STATUS * status, const char *iccpath, IN(); /* Prevent compilers complaining about unused variables */ - tmp = bogusVariable[0]; + G_tmp = bogusVariable; + MARK("Version Info:", G_tmp); if (status == NULL) { return NULL; @@ -1287,11 +1198,23 @@ void *lib_init (ICClib * pcb, ICC_STATUS * status, const char *iccpath, - The callback is only removed by calling ICC_Cleanup() If occasional access only is required, use multiple ICC_CTX's */ -int SetFIPSCallback(ICClib *pcb, CALLBACK_T callback) +static +int SetFIPSCallback(ICClib *pcb, const CALLBACK_T* callback) { int rv = 0; if((NULL != pcb) && (NULL == pcb->callback) && (pcb->flags & ICC_FIPS_FLAG)) { - pcb->callback = callback; + pcb->callback = callback?*callback:NULL; + rv = 1; + } + return rv; +} + +static +int SetTRACECallback(ICClib* pcb, const TRACE_CALLBACK_T* callback) +{ + int rv = 0; + if (pcb) { + pcb->trace_callback = callback?*callback:NULL; rv = 1; } return rv; @@ -1336,6 +1259,7 @@ int SetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, switch(valueID) { case ICC_INDUCED_FAILURE: case ICC_FIPS_CALLBACK: + case ICC_TRACE_CALLBACK: break; default: SetStatusLn (pcb,status, ICC_ERROR, ICC_INVALID_STATE, @@ -1487,14 +1411,34 @@ int SetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, __FILE__, __LINE__); break; case ICC_FIPS_CALLBACK: - if( 0 == SetFIPSCallback(pcb,*(CALLBACK_T *)value) ) { + if (value == NULL) { + SetStatusLn(pcb, status, ICC_WARNING, ICC_VALUE_NOT_SET, + (char *)"Callback cannot be NULL", + __FILE__, __LINE__); + break; + } + + if( 0 == SetFIPSCallback(pcb, (const CALLBACK_T *)value) ) { SetStatusLn(pcb, status, ICC_WARNING, ICC_VALUE_NOT_SET, (char *)"Callbacks are only valid in FIPS mode and the callback can only be set once/ICC_CTX", __FILE__, __LINE__); + break; } + MARK("ICC_FIPS_CALLBACK set",""); break; + case ICC_TRACE_CALLBACK: + if (0 == SetTRACECallback(pcb, (const TRACE_CALLBACK_T *)value)) { + SetStatusLn(pcb, status, ICC_WARNING, ICC_VALUE_NOT_SET, + (char*)"Callbacks are valid in FIPS mode and Non FIPS mode the callback can only be set once/ICC_CTX", + __FILE__, __LINE__); + break; + } + MARK2("ICC_TRACE_CALLBACK", pcb->trace_callback?"set":"NULL"); + break; + + default: SetStatusLn(pcb, status, ICC_ERROR, ICC_UNSUPPORTED_VALUE_ID, (char *)"Attempted to set an invalid value ID", __FILE__, @@ -1525,7 +1469,7 @@ int SetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, int GetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, void *value, int valueLength) { - int tmp = 0; + size_t tmp = 0; int rv = ICC_OK; IN(); if (status == NULL || pcb == NULL) { @@ -1552,6 +1496,9 @@ int GetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, case ICC_FIPS_CALLBACK: tmp = sizeof(CALLBACK_T); break; + case ICC_TRACE_CALLBACK: + tmp = sizeof(TRACE_CALLBACK_T); + break; default: tmp = sizeof(void *); break; @@ -1679,6 +1626,11 @@ int GetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, MARK("ICC_FIPS_CALLBACK",""); break; + case ICC_TRACE_CALLBACK: + *(TRACE_CALLBACK_T*)value = pcb->trace_callback; + MARK2("ICC_TRACE_CALLBACK", pcb->trace_callback?"set":"NULL"); + break; + default: SetStatusLn (pcb,status, ICC_ERROR, ICC_UNSUPPORTED_VALUE_ID, (char *)"Attempted to get an invalid value ID", @@ -1697,70 +1649,6 @@ int GetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, -/*! - @brief - - Perform consistancy checks on requested state. - - Attach to the OpenSSL shared library - - Initialize internal ICC state. (FIPS mode etc) - - Initialize OpenSSL - - Initialize PRNG seed - - Run NIST self tests - The ICC Mutex is held during this operation. - - Most port errors happen here. - @param pcb ICC internal context - @param status status return - @return ICC_OSSL_SUCCESS or ICC_FAILURE - Note need to check status. -*/ -int lib_attach (ICClib * pcb, ICC_STATUS * status) -{ - - int rc = ICC_OSSL_SUCCESS; - - IN(); - - if (status == NULL || pcb == NULL) { - return ICC_FAILURE; - } - SetStatusOK (NULL,status); - - *(DWORD *) (pcb->toa) = (DWORD) time (NULL); - *(DWORD *) (pcb->pIDattach) = ICC_GetProcessId (); - *(DWORD *) (pcb->tIDattach) = ICC_GetThreadId (); - - if(getErrorState()) { - rc = ICC_GetLastError(status); - } - if(ICC_OSSL_SUCCESS == rc) { - if (3 == icc_failure) { - Global.initialized = 0; - } - /*If not valid, return error */ - if ((0 == Global.initialized) && (ICC_OK == Global.status.majRC)) { - /*Could not load DLL */ - SetStatusLn(pcb, status, ICC_ERROR | ICC_FATAL, ICC_INVALID_STATE, - (char *)"ICC was not initialized", __FILE__, __LINE__); - } - switch (status->majRC) { - case ICC_ERROR: - case ICC_OS_ERROR: - case ICC_OPENSSL_ERROR: - rc = ICC_FAILURE; - break; - case ICC_OK: - case ICC_WARNING: - default: - /* Allow full set of crypto. functions */ - pcb->funcs = ICCGlobal_default; - /*and prevent further state changes*/ - pcb->lock = 1; - break; - } - } - SetFlags(pcb,status); - OUTRC(rc); - return rc; -} - /*! @brief hook the OpenSSL RSA default method so we can force use of X9.31 keygen @param icc_stat error return @@ -1974,6 +1862,8 @@ void *CRYPTO_calloc(int n,int sz,const char *file, int line) @param x pointer to an existing MD context @return ICC_OSSL_SUCCESS or ICC_OSSL_FAILURE */ +/* included via icclib_a.c */ +static int my_EVP_MD_CTX_free (EVP_MD_CTX * x) { if (x != NULL) { @@ -1991,6 +1881,8 @@ int my_EVP_MD_CTX_free (EVP_MD_CTX * x) @return ICC_OSSL_SUCCESS or ICC_OSSL_FAILURE */ +/* included via icclib_a.c */ +static int my_EVP_ENCODE_CTX_free (EVP_ENCODE_CTX * x) { if (x != NULL) { @@ -2018,7 +1910,7 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx) { return EVP_CIPHER_CTX_reset(ctx); } -int EVP_CIPHER_CTX_flags(EVP_CIPHER_CTX *ctx) +int EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) { return EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)); } @@ -2029,6 +1921,8 @@ int EVP_CIPHER_CTX_flags(EVP_CIPHER_CTX *ctx) @param x pointer to an existing EVP_CIPHER context @return ICC_OSSL_SUCCESS or ICC_OSSL_FAILURE */ +/* included via icclib_a.c */ +static int my_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX * x) { @@ -2120,6 +2014,8 @@ const BIGNUM *DH_get_PrivateKey (const DH * dh) @return ICC_OSSL_SUCCESS, ICC_OSSL_FAILURE; @note calls EVP_DigestInitEx() which has different behaviour from EVP_DigestInit() */ +/* included via icclib_a.c */ +static int my_EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) { return EVP_DigestInit_ex(ctx,type,NULL); @@ -2130,6 +2026,8 @@ int my_EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) @param md pointer to buffer which will contain the hash; @param s pointer to an integer to hold the size of the hash */ +/* included via icclib_a.c */ +static int my_EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s) { return EVP_DigestFinal_ex(ctx,md,s); @@ -2146,6 +2044,8 @@ int my_EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s) @return ICC_OSSL_SUCCCESS, ICC_OSSL_FAILURE */ +/* included via icclib_a.c */ +static int my_EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *key, unsigned char *iv) { return EVP_EncryptInit_ex(ctx,type,NULL,key,iv); @@ -2161,6 +2061,8 @@ int my_EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char is more flexible and allows us to set rc2 key length etc. @return ICC_OSSL_SUCCCESS, ICC_OSSL_FAILURE */ +/* included via icclib_a.c */ +static int my_EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *key, unsigned char *iv) { return EVP_DecryptInit_ex(ctx,type,NULL,key,iv); @@ -2172,6 +2074,8 @@ int my_EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char @param pcb the ICC library context @return A new RSA context or NULL on failure */ +/* included via icclib_a.c */ +static RSA * my_RSA_new(ICClib *pcb) { RSA *rsa = NULL; @@ -2181,11 +2085,15 @@ RSA * my_RSA_new(ICClib *pcb) return rsa; } +/* included via icclib_a.c */ +static int my_EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key,int enc_key_len,EVP_PKEY *private_key) { return EVP_PKEY_decrypt_old(dec_key,enc_key,enc_key_len,private_key); } +/* included via icclib_a.c */ +static int my_EVP_PKEY_encrypt(unsigned char *enc_key,unsigned char *key,int key_len,EVP_PKEY *pub_key) { return EVP_PKEY_encrypt_old(enc_key,key,key_len,pub_key); } @@ -2202,7 +2110,11 @@ void GenerateRandomSeed(ICClib *pcb, ICC_STATUS *status,int num, unsigned char * } } +static +int my_RSA_generate_key_ex(ICClib* pcb, RSA* rsa, int bits, BIGNUM* e, void* callback); +/* included via icclib_a.c */ +static RSA * my_RSA_generate_key(ICClib *pcb,int bits, unsigned long e,void (*callback)(int,int,void *),void *cb_arg) { RSA *rsa = NULL; @@ -2237,6 +2149,8 @@ RSA * my_RSA_generate_key(ICClib *pcb,int bits, unsigned long e,void (*callback */ +/* included via icclib_a.c */ +static int my_RSA_generate_key_ex(ICClib *pcb, RSA *rsa, int bits, BIGNUM *e, void *callback) { int rv = 1; @@ -2293,6 +2207,8 @@ int my_RSA_generate_key_ex(ICClib *pcb, RSA *rsa, int bits, BIGNUM *e, void *cal return rv; } +/* included via icclib_a.c */ +static DH * my_DH_generate_parameters(ICClib *pcb,int bits, int generator,void (*callback)(int,int,void *),void *cb_arg) { DH *temp = NULL; @@ -2302,6 +2218,8 @@ DH * my_DH_generate_parameters(ICClib *pcb,int bits, int generator,void (*callba } return temp; } +/* included via icclib_a.c */ +static DSA * my_DSA_generate_parameters(ICClib *pcb,int bits,unsigned char *seed,int seed_len,int *counter_ret, unsigned long *h_ret,void (*callback)(int, int, void *),void *cb_arg) { DSA *temp = NULL; @@ -2313,6 +2231,8 @@ DSA * my_DSA_generate_parameters(ICClib *pcb,int bits,unsigned char *seed,int se return temp; } +/* included via icclib_a.c */ +static int my_DSA_generate_key(ICClib *pcb, DSA *a) { int temp = ICC_FAILURE; @@ -2350,6 +2270,8 @@ int my_DSA_generate_key(ICClib *pcb, DSA *a) { } return temp; } +/* included via icclib_a.c */ +static EC_KEY *my_EC_KEY_new_by_curve_name(ICClib *pcb,int nid) { EC_KEY *temp = NULL; @@ -2381,6 +2303,8 @@ EC_KEY *my_EC_KEY_new_by_curve_name(ICClib *pcb,int nid) } return temp; } +/* included via icclib_a.c */ +static int my_EC_KEY_generate_key(ICClib *pcb, EC_KEY *eckey) { int temp = ICC_FAILURE; if ((NULL != pcb) && !((pcb->flags & ICC_FIPS_FLAG) && getErrorState())) { @@ -2397,18 +2321,24 @@ int my_EC_KEY_generate_key(ICClib *pcb, EC_KEY *eckey) { } +/* included via icclib_a.c */ +static int my_RAND_bytes(unsigned char *buf,int n) { int rv = 0; rv = RAND_pseudo_bytes(buf,n); return rv; } +/* included via icclib_a.c */ +static int my_EVP_PKEY_decrypt_new(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen) { return EVP_PKEY_decrypt(ctx,out,outlen,in,inlen); } +/* included via icclib_a.c */ +static int my_EVP_PKEY_encrypt_new(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen) { @@ -2416,103 +2346,2319 @@ int my_EVP_PKEY_encrypt_new(EVP_PKEY_CTX *ctx, } - -unsigned char *my_HKDF_Extract(const EVP_MD *evp_md, - const unsigned char *salt, size_t salt_len, - const unsigned char *key, size_t key_len, - unsigned char *prk, size_t *prk_len) +/* Kyber, dilitium and sphincs call this. liboqs call OQS_randombytes which also ends up here */ +/* redirect to our ICC TRNG or whatever is configured */ +/* Note: ICC_RAND_bytes uses my_RAND_bytes */ +int +randombytes(uint8_t* x, unsigned long xlen) { - unsigned int tmp_len; - HMAC_CTX *hmac = NULL; - hmac = HMAC_CTX_new(); - HMAC_Init(hmac,salt, (int)salt_len, evp_md); - HMAC_Update(hmac,key,key_len); - HMAC_Final(hmac,prk,&tmp_len); - HMAC_CTX_free(hmac); - *prk_len = tmp_len; - return prk; +#if 1 + /* this is pseudo rand */ + int rv = my_RAND_bytes(x, (int)xlen); +#else + /* TRNG */ + static PRNG_CTX* pctx = NULL; + if (!pctx) { + pctx = RNG_CTX_new(); +/* ?? RNG_CTX_Init(pctx, ...);*/ + } + int rv = RNG_Generate(pctx, x, xlen, NULL, 0); +#endif + return rv; } -unsigned char *my_HKDF_Expand(const EVP_MD *evp_md, - const unsigned char *prk, size_t prk_len, - const unsigned char *info, size_t info_len, - unsigned char *okm, size_t okm_len) -{ - unsigned char *ret = okm; - HMAC_CTX *hmac = NULL; - unsigned int i =0; - unsigned char prev[ICC_EVP_MAX_MD_SIZE]; - size_t copy_len = 0; - unsigned char ctr = 0; - size_t done_len = 0; - size_t dig_len = 0; - size_t n = 0; +#ifdef LIBOQS - dig_len = EVP_MD_size(evp_md); +#include "oqs/common.h" +#include "oqs/kem.h" - n = okm_len / dig_len; - if (okm_len % dig_len) { - n++; - } - if (n > 255 || okm == NULL) { - ret = NULL; - } - if (NULL == (hmac = HMAC_CTX_new())) { - ret = NULL; - } - if( NULL != hmac) { - if (!HMAC_Init(hmac, prk, (int)prk_len, evp_md)) { - ret = NULL; - } else { - for (i = 1; (i <= n); i++) { - ctr = (unsigned char)i; - if (i > 1) { - if (!HMAC_Init(hmac, NULL, 0, NULL)) { - ret = NULL; - break; - } - HMAC_Update(hmac, prev, dig_len); - } - HMAC_Update(hmac, info, info_len); - HMAC_Update(hmac, &ctr, 1); - HMAC_Final(hmac, prev, NULL); - copy_len = (done_len + dig_len > okm_len) ? (okm_len - done_len) :dig_len; - memcpy(okm + done_len, prev, copy_len); - done_len += copy_len; - } - } - HMAC_CTX_free(hmac); - } - memset(prev,0,sizeof(prev)); - return ret; -} -unsigned char *my_HKDF(const EVP_MD *evp_md, - const unsigned char *salt, size_t salt_len, - const unsigned char *key, size_t key_len, - const unsigned char *info, size_t info_len, - unsigned char *okm, size_t okm_len) -{ - unsigned char prk[ICC_EVP_MAX_MD_SIZE]; - unsigned char *ret; - size_t prk_len; +/* The code was originally written for LIBOQS so the least mapping is required in that case */ - if (!my_HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, &prk_len)) - { - ret = NULL; - } - else - { - ret = my_HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len); - } - memset(prk, 0, sizeof(prk)); +typedef OQS_KEM ICC_KEM; +typedef OQS_SIG ICC_SIG; - return ret; +#define ICC_KEM_new OQS_KEM_new +#define ICC_SIG_new OQS_SIG_new +#define ICC_KEM_free OQS_KEM_free +#define ICC_SIG_free OQS_SIG_free +#define ICC_KEM_keypair OQS_KEM_keypair +#define ICC_SIG_keypair OQS_SIG_keypair +#define ICC_KEM_encaps OQS_KEM_encaps +#define ICC_KEM_decaps OQS_KEM_decaps +#define ICC_SIG_sign OQS_SIG_sign +#define ICC_SIG_verify OQS_SIG_verify + + +#else + +/* scraped from LIBOQS */ + +typedef enum { + /** Used to indicate that some undefined error occurred. */ + OQS_ERROR = -1, + /** Used to indicate successful return from function. */ + OQS_SUCCESS = 0, + /** Used to indicate failures in external libraries (e.g., OpenSSL). */ + OQS_EXTERNAL_LIB_ERROR_OPENSSL = 50, +} OQS_STATUS; + +struct _ICC_KEM { + const char* method_name; + + size_t length_public_key; + size_t length_secret_key; + size_t length_ciphertext; + size_t length_shared_secret; + + OQS_STATUS(*keypair)(uint8_t* public_key, uint8_t* secret_key); + OQS_STATUS(*encaps)(uint8_t* ciphertext, uint8_t* shared_secret, const uint8_t* public_key); + OQS_STATUS(*decaps)(uint8_t* shared_secret, const uint8_t* ciphertext, const uint8_t* secret_key); +}; +typedef struct _ICC_KEM ICC_KEM; + +typedef struct _ICC_SIG { + const char* method_name; + + size_t length_public_key; + size_t length_secret_key; + size_t length_signature; + + OQS_STATUS(*keypair)(uint8_t* public_key, uint8_t* secret_key); + OQS_STATUS(*sign)(uint8_t* signature, size_t* signature_len, const uint8_t* message, size_t message_len, const uint8_t* secret_key); + OQS_STATUS(*verify)(const uint8_t* message, size_t message_len, const uint8_t* signature, size_t signature_len, const uint8_t* public_key); +} ICC_SIG; + +static int ICC_KEM_encaps(ICC_KEM* kc, void* wrappedkey, void* genkey, void* pkc); +static int ICC_KEM_decaps(ICC_KEM* kc, void* unwrapped, const void* wrapped, const void* skc); +static int ICC_SIG_sign(ICC_SIG* sc, void* sig, size_t* len, const void* tbs, size_t tbslen, void* skc); +static int ICC_SIG_verify(ICC_SIG* sc, const void* tbs, size_t tbslen, const void* sig, size_t siglen, void* pkc); +static ICC_KEM* ICC_KEM_new(const char* a); +static ICC_SIG* ICC_SIG_new(const char* a); + +#endif + +/* +* Kyber or Dilithium key pair. +*/ +struct PQC_EVP_PKEY_s { + unsigned char* pkc; /* public */ + size_t pkcLen; + unsigned char* skc; /* private */ + size_t skcLen; + ICC_KEM* kc; + ICC_SIG* sc; + void* pq_ctx; + void* (* newctx)(const char* a); + void (*freectx)(void* x); +}; +typedef struct PQC_EVP_PKEY_s PQC_EVP_PKEY; + + +#ifdef LIBDKS + +#include "kyber/ref/api.h" +/* both define the same guard */ +#undef API_H +#include "dilithium/ref/api.h" + +/* sphincs is not so well namespaced */ +/* so we have to undo definitions each time before redefining for a new algorith variant* / +/* we are including the same header file with different namespacing so undef some clashing names */ +/* api.h includes params/params-...h so both header protections must be reset */ + +#define PARAMS sphincs-shake-128s +#include "sphincs/ref/api.h" + +#undef SPX_API_H +#undef SPX_PARAMS_H +#undef SPX_NAMESPACE + +#undef SPX_FULL_HEIGHT +#undef SPX_D +#undef SPX_N +#undef SPX_FORS_HEIGHT +#undef SPX_FORS_TREES + +#undef PARAMS +#define PARAMS sphincs-shake-128f +#include "sphincs/ref/api.h" + +#undef SPX_API_H +#undef SPX_PARAMS_H +#undef SPX_NAMESPACE + +#undef SPX_FULL_HEIGHT +#undef SPX_D +#undef SPX_N +#undef SPX_FORS_HEIGHT +#undef SPX_FORS_TREES + +#undef PARAMS +#define PARAMS sphincs-shake-192s +#include "sphincs/ref/api.h" + +#undef SPX_API_H +#undef SPX_PARAMS_H +#undef SPX_NAMESPACE + +#undef SPX_FULL_HEIGHT +#undef SPX_D +#undef SPX_N +#undef SPX_FORS_HEIGHT +#undef SPX_FORS_TREES + +#undef PARAMS +#define PARAMS sphincs-shake-192f +#include "sphincs/ref/api.h" + +#undef SPX_API_H +#undef SPX_PARAMS_H +#undef SPX_NAMESPACE + +#undef SPX_FULL_HEIGHT +#undef SPX_D +#undef SPX_N +#undef SPX_FORS_HEIGHT +#undef SPX_FORS_TREES + +#undef PARAMS +#define PARAMS sphincs-shake-256s +#include "sphincs/ref/api.h" + +#undef SPX_API_H +#undef SPX_PARAMS_H +#undef SPX_NAMESPACE + +#undef SPX_FULL_HEIGHT +#undef SPX_D +#undef SPX_N +#undef SPX_FORS_HEIGHT +#undef SPX_FORS_TREES + +#undef PARAMS +#define PARAMS sphincs-shake-256f +#include "sphincs/ref/api.h" + +#undef SPX_API_H +#undef SPX_PARAMS_H +#undef SPX_NAMESPACE + +#undef SPX_FULL_HEIGHT +#undef SPX_D +#undef SPX_N +#undef SPX_FORS_HEIGHT +#undef SPX_FORS_TREES + +#undef PARAMS +#define PARAMS sphincs-sha2-128s +#include "sphincs/ref/api.h" + +#undef SPX_API_H +#undef SPX_PARAMS_H +#undef SPX_NAMESPACE + +#undef SPX_FULL_HEIGHT +#undef SPX_D +#undef SPX_N +#undef SPX_FORS_HEIGHT +#undef SPX_FORS_TREES + +#undef PARAMS +#define PARAMS sphincs-sha2-128f +#include "sphincs/ref/api.h" + +#undef SPX_API_H +#undef SPX_PARAMS_H +#undef SPX_NAMESPACE + +#undef SPX_FULL_HEIGHT +#undef SPX_D +#undef SPX_N +#undef SPX_FORS_HEIGHT +#undef SPX_FORS_TREES + +#undef PARAMS +#define PARAMS sphincs-sha2-192s +#include "sphincs/ref/api.h" + +#undef SPX_API_H +#undef SPX_PARAMS_H +#undef SPX_NAMESPACE + +#undef SPX_FULL_HEIGHT +#undef SPX_D +#undef SPX_N +#undef SPX_FORS_HEIGHT +#undef SPX_FORS_TREES + +#undef PARAMS +#define PARAMS sphincs-sha2-192f +#include "sphincs/ref/api.h" + +#undef SPX_API_H +#undef SPX_PARAMS_H +#undef SPX_NAMESPACE + +#undef SPX_FULL_HEIGHT +#undef SPX_D +#undef SPX_N +#undef SPX_FORS_HEIGHT +#undef SPX_FORS_TREES + +#undef PARAMS +#define PARAMS sphincs-sha2-256s +#include "sphincs/ref/api.h" + +#undef SPX_API_H +#undef SPX_PARAMS_H +#undef SPX_NAMESPACE + +#undef SPX_FULL_HEIGHT +#undef SPX_D +#undef SPX_N +#undef SPX_FORS_HEIGHT +#undef SPX_FORS_TREES + +#undef PARAMS +#define PARAMS sphincs-sha2-256f +#include "sphincs/ref/api.h" + + +/* remove this to avoid namespace problems */ +#define PQC_SHPINCS_SHA2 + + +/* convert all the Kyber length definitions into OQS matching variants */ +#define defpk(n) static const int OQS_KEM_kyber_ ## n ## _length_public_key = pqcrystals_kyber ## n ## _PUBLICKEYBYTES; +#define defsk(n) static const int OQS_KEM_kyber_ ## n ## _length_secret_key = pqcrystals_kyber ## n ## _ref_SECRETKEYBYTES; +#define defck(n) static const int OQS_KEM_kyber_ ## n ## _length_ciphertext = pqcrystals_kyber ## n ## _CIPHERTEXTBYTES; +#define defss(n) static const int OQS_KEM_kyber_ ## n ## _length_shared_secret = pqcrystals_kyber ## n ## _BYTES; +defpk(512) +defsk(512) +defck(512) +defss(512) +defpk(768) +defsk(768) +defck(768) +defss(768) +defpk(1024) +defsk(1024) +defck(1024) +defss(1024) + +/* KEM Kyber API functions */ +#define defkf(n) \ +static OQS_STATUS OQS_KEM_kyber_ ## n ## _keypair(uint8_t* public_key, uint8_t* secret_key) \ +{ if (pqcrystals_kyber ## n ## _ref_keypair(public_key, secret_key) == 0) return OQS_SUCCESS; else return OQS_ERROR; } \ +static OQS_STATUS OQS_KEM_kyber_ ## n ## _encaps(uint8_t* ciphertext, uint8_t* shared_secret, const uint8_t* public_key) \ +{ if (pqcrystals_kyber ## n ## _ref_enc(ciphertext, shared_secret, public_key) == 0) return OQS_SUCCESS; else return OQS_ERROR; } \ +OQS_STATUS OQS_KEM_kyber_ ## n ## _decaps(uint8_t* shared_secret, const uint8_t* ciphertext, const uint8_t* secret_key) \ +{ if (pqcrystals_kyber ## n ## _ref_dec(shared_secret, ciphertext, secret_key) == 0) return OQS_SUCCESS; else return OQS_ERROR; } +defkf(512) +defkf(768) +defkf(1024) + +/* Dilithium length definitions */ + +#define OQS_SIG_dilithium_2_length_public_key pqcrystals_dilithium2_PUBLICKEYBYTES +#define OQS_SIG_dilithium_2_length_secret_key pqcrystals_dilithium2_SECRETKEYBYTES +#define OQS_SIG_dilithium_2_length_signature pqcrystals_dilithium2_BYTES +#define OQS_SIG_dilithium_3_length_public_key pqcrystals_dilithium3_PUBLICKEYBYTES +#define OQS_SIG_dilithium_3_length_secret_key pqcrystals_dilithium3_SECRETKEYBYTES +#define OQS_SIG_dilithium_3_length_signature pqcrystals_dilithium3_BYTES +#define OQS_SIG_dilithium_5_length_public_key pqcrystals_dilithium5_PUBLICKEYBYTES +#define OQS_SIG_dilithium_5_length_secret_key pqcrystals_dilithium5_SECRETKEYBYTES +#define OQS_SIG_dilithium_5_length_signature pqcrystals_dilithium5_BYTES + +/* SIG API Dilithium functions */ + +#define defdf(n) \ +OQS_STATUS OQS_SIG_dilithium_ ## n ## _keypair(uint8_t* public_key, uint8_t* secret_key) \ +{ if (pqcrystals_dilithium ## n ## _ref_keypair(public_key, secret_key) == 0) return OQS_SUCCESS; else return OQS_ERROR; } \ +OQS_STATUS OQS_SIG_dilithium_ ## n ## _sign(uint8_t* signature, size_t* signature_len, const uint8_t* message, size_t message_len, const uint8_t* secret_key) \ +{ \ + const uint8_t* ctx = NULL; \ + size_t ctxlen = 0; \ + if (pqcrystals_dilithium ## n ## _ref_signature(signature, signature_len, message, message_len, ctx, ctxlen, secret_key) == 0) return OQS_SUCCESS; else return OQS_ERROR; \ +} \ +OQS_STATUS OQS_SIG_dilithium_ ## n ## _verify(const uint8_t* message, size_t message_len, const uint8_t* signature, size_t signature_len, const uint8_t* public_key) \ +{ \ + const uint8_t* ctx = NULL; \ + size_t ctxlen = 0; \ + if (pqcrystals_dilithium ## n ## _ref_verify(signature, signature_len, message, message_len, ctx, ctxlen, public_key) == 0) return OQS_SUCCESS; else return OQS_ERROR; \ } -#if 0 -/* Copied from crypto/dsa/dsa_meth.c, see the comments, the droid we want isn't here */ -typedef struct { - /* Parameter gen parameters */ +defdf(2) +defdf(3) +defdf(5) + +/* Sphincs */ + +/* this is what is inside the sphincs headers so we match it here in our wrapper functions */ +/* #define SPX_NAMESPACE(s) SPX_SHAKE_128s_##s */ + +/* SIG API Shpincs functions */ + +#define defsf(n, d) \ +OQS_STATUS OQS_SIG_sphincs_ ## d ## _ ## n ## _keypair(uint8_t* public_key, uint8_t* secret_key) \ +{ if (SPX_ ## d ## _ ## n ## _crypto_sign_keypair(public_key, secret_key) == 0) return OQS_SUCCESS; else return OQS_ERROR; } \ +OQS_STATUS OQS_SIG_sphincs_ ## d ## _ ## n ## _sign(uint8_t* signature, size_t* signature_len, const uint8_t* message, size_t message_len, const uint8_t* secret_key) \ +{ if (SPX_ ## d ## _ ## n ## _crypto_sign_signature(signature, signature_len, message, message_len, secret_key) == 0) return OQS_SUCCESS; else return OQS_ERROR; } \ +OQS_STATUS OQS_SIG_sphincs_ ## d ## _ ## n ## _verify(const uint8_t* message, size_t message_len, const uint8_t* signature, size_t signature_len, const uint8_t* public_key) \ +{ if (SPX_ ## d ## _ ## n ## _crypto_sign_verify(signature, signature_len, message, message_len, public_key) == 0) return OQS_SUCCESS; else return OQS_ERROR; } +defsf(128s, SHAKE) +defsf(128f, SHAKE) +defsf(192s, SHAKE) +defsf(192f, SHAKE) +defsf(256s, SHAKE) +defsf(256f, SHAKE) +#ifdef PQC_SHPINCS_SHA2 +defsf(128s, SHA2) +defsf(128f, SHA2) +defsf(192s, SHA2) +defsf(192f, SHA2) +defsf(256s, SHA2) +defsf(256f, SHA2) +#endif + +#endif + + +#if defined(LIBOQS) || defined(LIBDKS) + +static void pqc_pkey_free(EVP_PKEY* pkey); +static int i2d_PQCPublicKey(const EVP_PKEY* pk, unsigned char** pp); +static int i2d_PQCPrivateKey(const EVP_PKEY* pk, unsigned char** pp); +static int pqc_pub_encode(X509_PUBKEY* pk, const EVP_PKEY* pkey); +static int pqc_pri_encode(PKCS8_PRIV_KEY_INFO* p8, const EVP_PKEY* pkey); +static int d2i_PQCPublicKey(EVP_PKEY* pkey, const unsigned char** pp, long length); +static int d2i_PQCPrivateKey(EVP_PKEY* pkey, const unsigned char** pp, long length); +static int pqc_pub_decode(EVP_PKEY* pkey, X509_PUBKEY* pubkey); +static int pqc_pri_decode(EVP_PKEY* pkey, const PKCS8_PRIV_KEY_INFO* p8inf); +static int pqc_pub_cmp(const EVP_PKEY* a, const EVP_PKEY* b); +static int pqc_pub_size(const EVP_PKEY* a); +static int pqc_pub_bits(const EVP_PKEY* a); +static int pqc_old_priv_decode (EVP_PKEY* pkey, const unsigned char** pder, int derlen); +static int pqc_old_priv_encode (const EVP_PKEY* pkey, unsigned char** pder); +static const char* id2meth(int k); +static PQC_EVP_PKEY* new_pqc_key(int type); +static int isEVPKyber(int id); + +static +EVP_PKEY_ASN1_METHOD kyber512_pkey_asn1_meth = +{ + 0, /* pkey_id */ + 0, /* pkey_base_id */ + ASN1_PKEY_SIGPARAM_NULL, + + "Kyber", +#ifdef LIBOQS + "ICCEVP/LIBOQS Kyber method", +#else + "ICCEVP Kyber method", +#endif + + pqc_pub_decode, + pqc_pub_encode, + pqc_pub_cmp, + 0, /* rsa_pub_print, */ + + pqc_pri_decode, /* rsa_priv_decode, */ + pqc_pri_encode, /* rsa_priv_encode, */ + 0, /* rsa_priv_print, */ + + pqc_pub_size, + pqc_pub_bits, + 0, /* sa_security_bits, */ + + 0, 0, /* param_decode, param_encode */ + 0, 0, /* param_missing, param_copy */ + 0, 0, /* param_cmp, param_print */ + + 0, /* rsa_sig_print, */ + pqc_pkey_free, + 0, /* rsa_pkey_ctrl, */ + pqc_old_priv_decode, pqc_old_priv_encode, + 0, /* rsa_item_verify, */ + 0, /* rsa_item_sign, */ + 0, + 0 /* rsa_pkey_check */ +/* + int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); + int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); + int (*get_priv_key) (const EVP_PKEY *pk, unsigned char *priv, size_t *len); + int (*get_pub_key) (const EVP_PKEY *pk, unsigned char *pub, size_t *len); +*/ +}; + +static +EVP_PKEY_ASN1_METHOD kyber768_pkey_asn1_meth; +static +EVP_PKEY_ASN1_METHOD kyber1024_pkey_asn1_meth; + +static +EVP_PKEY_ASN1_METHOD dilithium_pkey_asn1_meth = +{ + 0, /* pkey_id */ + 0, /* pkey_base_id */ + ASN1_PKEY_SIGPARAM_NULL, + + "DILITHIUM_512", +#ifdef LIBOQS + "ICCEVP/LIBOQS Dilithium method", +#else + "ICCEVP Dilithium method", +#endif + + pqc_pub_decode, + pqc_pub_encode, + pqc_pub_cmp, + 0, /* rsa_pub_print, */ + + pqc_pri_decode, /* rsa_priv_decode, */ + pqc_pri_encode, /* rsa_priv_encode, */ + 0, /* rsa_priv_print, */ + + pqc_pub_size, + pqc_pub_bits, + 0, /* rsa_security_bits, */ + + 0, 0, /* param_decode, param_encode */ + 0, 0, /* param_missing, param_copy */ + 0, 0, /* param_cmp, param_print */ + + 0, /* rsa_sig_print, */ + pqc_pkey_free, + 0, /* rsa_pkey_ctrl, */ + pqc_old_priv_decode, pqc_old_priv_encode, + 0, /* rsa_item_verify, */ + 0, /* rsa_item_sign, */ + 0, + 0 /* rsa_pkey_check */ +}; + +static +EVP_PKEY_ASN1_METHOD dilithium768_pkey_asn1_meth; +static +EVP_PKEY_ASN1_METHOD dilithium1024_pkey_asn1_meth; + +static +EVP_PKEY_ASN1_METHOD sphincs128s_shake_pkey_asn1_meth = +{ + 0, /* pkey_id */ + 0, /* pkey_base_id */ + ASN1_PKEY_SIGPARAM_NULL, + + "Sphincs", +#ifdef LIBOQS + "ICCEVP/LIBOQS Sphincs method", +#else + "ICCEVP Sphincs method", +#endif + + pqc_pub_decode, + pqc_pub_encode, + pqc_pub_cmp, + 0, /* rsa_pub_print, */ + + pqc_pri_decode, /* rsa_priv_decode, */ + pqc_pri_encode, /* rsa_priv_encode, */ + 0, /* rsa_priv_print, */ + + pqc_pub_size, + pqc_pub_bits, + 0, /* rsa_security_bits, */ + + 0, 0, 0, 0, 0, 0, + + 0, /* rsa_sig_print, */ + pqc_pkey_free, + 0, /* rsa_pkey_ctrl, */ + 0, 0, + 0, /* rsa_item_verify, */ + 0, /* rsa_item_sign, */ + 0, + 0 /* rsa_pkey_check */ +}; + +static EVP_PKEY_ASN1_METHOD sphincs128f_shake_pkey_asn1_meth; +static EVP_PKEY_ASN1_METHOD sphincs192s_shake_pkey_asn1_meth; +static EVP_PKEY_ASN1_METHOD sphincs192f_shake_pkey_asn1_meth; +static EVP_PKEY_ASN1_METHOD sphincs256s_shake_pkey_asn1_meth; +static EVP_PKEY_ASN1_METHOD sphincs256f_shake_pkey_asn1_meth; +static EVP_PKEY_ASN1_METHOD sphincs128s_sha2_pkey_asn1_meth; +static EVP_PKEY_ASN1_METHOD sphincs128f_sha2_pkey_asn1_meth; +static EVP_PKEY_ASN1_METHOD sphincs192s_sha2_pkey_asn1_meth; +static EVP_PKEY_ASN1_METHOD sphincs192f_sha2_pkey_asn1_meth; +static EVP_PKEY_ASN1_METHOD sphincs256s_sha2_pkey_asn1_meth; +static EVP_PKEY_ASN1_METHOD sphincs256f_sha2_pkey_asn1_meth; + +/* Note: Returns match libcrypto conventions */ + +static +int pqc_pub_encode(X509_PUBKEY* pubk, const EVP_PKEY* pkey) +{ + unsigned char* penc = NULL; + unsigned char* pp = NULL; + int penclen; + ASN1_STRING* str = NULL; + int strtype = V_ASN1_NULL; + + /* no parameters */ +/* + if (!pqc_param_encode(pkey, &str, &strtype)) + return 0; +*/ + penclen = i2d_PQCPublicKey(pkey, NULL); + if (penclen <= 0) { + ASN1_STRING_free(str); + return 0; + } + pp = penc = OPENSSL_malloc(penclen); + penclen = i2d_PQCPublicKey(pkey, &pp); + if (X509_PUBKEY_set0_param(pubk, OBJ_nid2obj(pkey->ameth->pkey_id), + strtype, str, penc, penclen)) + return 1; + + OPENSSL_free(penc); + ASN1_STRING_free(str); + return 0; +} + +static +int pqc_pub_decode(EVP_PKEY* pkey, X509_PUBKEY* pubkey) +{ + const unsigned char* p = NULL; + int pklen = 0; + ASN1_OBJECT* ppkalg = NULL; + X509_ALGOR* alg = NULL; + + if (!X509_PUBKEY_get0_param(&ppkalg, &p, &pklen, &alg, pubkey)) + return 0; + { + if (!d2i_PQCPublicKey(pkey, &p, pklen)) { + /* RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); */ + return 0; + } + } + return 1; +} + +static int pqc_pri_encode(PKCS8_PRIV_KEY_INFO* p8, const EVP_PKEY* pkey) +{ + unsigned char* penc = NULL; + unsigned char* pp = NULL; + int penclen; + ASN1_STRING* str = NULL; + int strtype = V_ASN1_NULL; + int version = 0; + + /* no parameters */ + penclen = i2d_PQCPrivateKey(pkey, NULL); + if (penclen <= 0) { + ASN1_STRING_free(str); + return 0; + } + pp = penc = OPENSSL_malloc(penclen); + penclen = i2d_PQCPrivateKey(pkey, &pp); + if (PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), version, strtype, str, penc, penclen)) + { + return 1; + } + + OPENSSL_free(penc); + ASN1_STRING_free(str); + return 0; +} + +static int pqc_pri_decode(EVP_PKEY* pkey, const PKCS8_PRIV_KEY_INFO* p8inf) +{ + const unsigned char* p = NULL; + int pklen = 0; + const ASN1_OBJECT* ppkalg = NULL; + const X509_ALGOR* alg = NULL; + + if (!PKCS8_pkey_get0(&ppkalg, &p, &pklen, &alg, p8inf)) + return 0; + if (!d2i_PQCPrivateKey(pkey, &p, pklen)) { + /* RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); */ + return 0; + } + return 1; +} + +static +int pqc_pub_cmp(const EVP_PKEY* a, const EVP_PKEY* b) +{ + const PQC_EVP_PKEY* ak = (const PQC_EVP_PKEY*)a->pkey.ptr; + const PQC_EVP_PKEY* bk = (const PQC_EVP_PKEY*)b->pkey.ptr; + if (!ak || !bk) + return 0; + + /* only compare public keys if both are present */ + if (ak->pkcLen && bk->pkcLen && (ak->pkcLen != bk->pkcLen || memcmp(ak->pkc, bk->pkc, ak->pkcLen) != 0)) + return 0; + /* only compare private keys if both are present */ + if ((ak->skcLen && bk->skcLen) && (ak->skcLen != bk->skcLen || memcmp(ak->skc, bk->skc, ak->skcLen) != 0)) + return 0; + + if ((ak->pkcLen && bk->pkcLen) || (ak->skcLen && bk->skcLen) || (!ak->pkcLen && !bk->pkcLen && !ak->skcLen && !bk->skcLen)) { + /* we checked at least one pair or everything is 0 */ + return 1; + } + + /* neither were checked */ + return 0; +} + +static int pqc_pub_size(const EVP_PKEY* a) +{ + const PQC_EVP_PKEY* pk = (const PQC_EVP_PKEY*)a->pkey.ptr; + + if (!pk) + return 0; + + return (int)(pk->kc ? pk->kc->length_public_key : pk->sc->length_public_key); +} + +static int pqc_pub_bits(const EVP_PKEY* a) +{ + return (int)(pqc_pub_size(a) * 8); +} + +static int pqc_old_priv_decode(EVP_PKEY* pkey, const unsigned char** pder, int derlen) +{ + return d2i_PQCPrivateKey(pkey, pder, derlen); +} +static int pqc_old_priv_encode(const EVP_PKEY* pkey, unsigned char** pder) +{ + return i2d_PQCPrivateKey(pkey, pder); +} + +static +int d2i_PQCPublicKey(EVP_PKEY* pkey, const unsigned char** pp, long length) +{ + if (!pkey) { + return 0; + } + { + PQC_EVP_PKEY* pk = pkey->pkey.ptr; + if (!pk) { + pk = new_pqc_key(pkey->type); + if (!pk) { + return 0; + } + pkey->pkey.ptr = pk; + } + + if (!pp || !*pp) { + return 0; + } + { + ASN1_BIT_STRING* os = ASN1_BIT_STRING_new(); + os = d2i_ASN1_BIT_STRING(&os, pp, length); + if (!os) + return 0; + + pk->pkcLen = os->length; + pk->pkc = ICC_Malloc(os->length, __FILE__, __LINE__); + if (!pk->pkc) + return 0; + memcpy(pk->pkc, os->data, os->length); + ASN1_BIT_STRING_free(os); + } + } + + return 1; +} + +/* return encoded length or < 0 for error */ +/* caller needs to supply buffer */ +/* update pp to point to follow the encoding */ + +static +int i2d_PQCPublicKey(const EVP_PKEY* pkey, unsigned char** pp) +{ + int len = 0; + + if (!pkey) + return 0; + + { + const PQC_EVP_PKEY* pk = (const PQC_EVP_PKEY*)pkey->pkey.ptr; + if (!pk) + return -1; + + { + ASN1_BIT_STRING* os = ASN1_BIT_STRING_new(); + if (os == NULL) + return 0; + + if (!ASN1_BIT_STRING_set(os, pk->pkc, (int)pk->pkcLen)) { + ASN1_BIT_STRING_free(os); + return 0; + } + len = i2d_ASN1_BIT_STRING(os, pp); + ASN1_BIT_STRING_free(os); + } + } + return len; +} + +static +int i2d_PQCPrivateKey(const EVP_PKEY* pkey, unsigned char** pp) +{ + int len; + + if (!pkey) + return 0; + + { + const PQC_EVP_PKEY* pk = (const PQC_EVP_PKEY*)pkey->pkey.ptr; + + if (!pk) + return 0; + + { + ASN1_OCTET_STRING* os = ASN1_OCTET_STRING_new(); + if (os == NULL) + return 0; + + if (!ASN1_OCTET_STRING_set(os, pk->skc, (int)pk->skcLen)) { + ASN1_OCTET_STRING_free(os); + return 0; + } + len = i2d_ASN1_OCTET_STRING(os, pp); + + ASN1_OCTET_STRING_free(os); + } + } + return len; +} + +static +int +d2i_PQCPrivateKey(EVP_PKEY* pkey, const unsigned char** pp, long length) +{ + PQC_EVP_PKEY* pk = pkey->pkey.ptr; + if (!pk) { + pk = new_pqc_key(pkey->type); + if (!pk) { + return 0; + } + pkey->pkey.ptr = pk; + } + if (!pp || !*pp) { + return 0; + } + + { + ASN1_OCTET_STRING* os = ASN1_OCTET_STRING_new(); + os = d2i_ASN1_OCTET_STRING(&os, pp, length); + if (!os) + return 0; + + pk->skcLen = os->length; + pk->skc = ICC_Malloc(pk->skcLen, __FILE__, __LINE__); + if (!pk->skc) + return 0; + memcpy(pk->skc, os->data, os->length); + ASN1_OCTET_STRING_free(os); + } + + return 1; +} + + +#ifdef LIBOQS +#define ICC_KEM_alg_kyber_512 OQS_KEM_alg_kyber_512 +#define ICC_KEM_alg_kyber_768 OQS_KEM_alg_kyber_768 +#define ICC_KEM_alg_kyber_1024 OQS_KEM_alg_kyber_1024 +#else +#define ICC_KEM_alg_kyber_512 "kyber_512" +#define ICC_KEM_alg_kyber_768 "kyber_768" +#define ICC_KEM_alg_kyber_1024 "kyber_1024" +#endif + +#ifdef LIBOQS +#define ICC_SIG_alg_dilithium_2 OQS_SIG_alg_dilithium_2 +#define ICC_SIG_alg_dilithium_3 OQS_SIG_alg_dilithium_3 +#define ICC_SIG_alg_dilithium_5 OQS_SIG_alg_dilithium_5 +#else +#define ICC_SIG_alg_dilithium_2 "dilithium_2" +#define ICC_SIG_alg_dilithium_3 "dilithium_3" +#define ICC_SIG_alg_dilithium_5 "dilithium_5" +#endif + +#ifdef LIBOQS +#define ICC_SIG_alg_sphincs_SHAKE_128s_simple OQS_SIG_alg_sphincs_shake_128s_simple +#define ICC_SIG_alg_sphincs_SHAKE_192s_simple OQS_SIG_alg_sphincs_shake_192s_simple +#define ICC_SIG_alg_sphincs_SHAKE_256s_simple OQS_SIG_alg_sphincs_shake_256s_simple +#define ICC_SIG_alg_sphincs_SHAKE_128f_simple OQS_SIG_alg_sphincs_shake_128f_simple +#define ICC_SIG_alg_sphincs_SHAKE_192f_simple OQS_SIG_alg_sphincs_shake_192f_simple +#define ICC_SIG_alg_sphincs_SHAKE_256f_simple OQS_SIG_alg_sphincs_shake_256f_simple +#define ICC_SIG_alg_sphincs_SHA2_128s_simple OQS_SIG_alg_sphincs_sha2_128s_simple +#define ICC_SIG_alg_sphincs_SHA2_192s_simple OQS_SIG_alg_sphincs_sha2_192s_simple +#define ICC_SIG_alg_sphincs_SHA2_256s_simple OQS_SIG_alg_sphincs_sha2_256s_simple +#define ICC_SIG_alg_sphincs_SHA2_128f_simple OQS_SIG_alg_sphincs_sha2_128f_simple +#define ICC_SIG_alg_sphincs_SHA2_192f_simple OQS_SIG_alg_sphincs_sha2_192f_simple +#define ICC_SIG_alg_sphincs_SHA2_256f_simple OQS_SIG_alg_sphincs_sha2_256f_simple +#else +#define ICC_SIG_alg_sphincs_SHAKE_128s_simple "sphincs_shake_128s_simple" +#define ICC_SIG_alg_sphincs_SHAKE_192s_simple "sphincs_shake_192s_simple" +#define ICC_SIG_alg_sphincs_SHAKE_256s_simple "sphincs_shake_256s_simple" +#define ICC_SIG_alg_sphincs_SHAKE_128f_simple "sphincs_shake_128f_simple" +#define ICC_SIG_alg_sphincs_SHAKE_192f_simple "sphincs_shake_192f_simple" +#define ICC_SIG_alg_sphincs_SHAKE_256f_simple "sphincs_shake_256f_simple" +#define ICC_SIG_alg_sphincs_SHA2_128s_simple "sphincs_sha2_128s_simple" +#define ICC_SIG_alg_sphincs_SHA2_192s_simple "sphincs_sha2_192s_simple" +#define ICC_SIG_alg_sphincs_SHA2_256s_simple "sphincs_sha2_256s_simple" +#define ICC_SIG_alg_sphincs_SHA2_128f_simple "sphincs_sha2_128f_simple" +#define ICC_SIG_alg_sphincs_SHA2_192f_simple "sphincs_sha2_192f_simple" +#define ICC_SIG_alg_sphincs_SHA2_256f_simple "sphincs_sha2_256f_simple" +#endif + +static int pkey_kyber_init(EVP_PKEY_CTX* ctx) +{ + int rv = 1; + return rv; +} +static int pkey_kyber_copy(EVP_PKEY_CTX* dst, EVP_PKEY_CTX* src) +{ + int rv = 0; + return rv; +} + +#ifdef LIBDKS + +static +ICC_KEM* +ICC_KEM_new(const char* a) +{ + ICC_KEM* kem = ICC_Malloc(sizeof(ICC_KEM), __FILE__, __LINE__); + if (kem) { + if (strcmp(a, ICC_KEM_alg_kyber_512) == 0) { + kem->method_name = ICC_KEM_alg_kyber_512; + /*kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard"; */ + + /*kem->claimed_nist_level = 1; */ + /*kem->ind_cca = true; */ + + kem->length_public_key = OQS_KEM_kyber_512_length_public_key; + kem->length_secret_key = OQS_KEM_kyber_512_length_secret_key; + kem->length_ciphertext = OQS_KEM_kyber_512_length_ciphertext; + kem->length_shared_secret = OQS_KEM_kyber_512_length_shared_secret; + + kem->keypair = OQS_KEM_kyber_512_keypair; + kem->encaps = OQS_KEM_kyber_512_encaps; + kem->decaps = OQS_KEM_kyber_512_decaps; + } + else if (strcmp(a, ICC_KEM_alg_kyber_768) == 0) { + kem->method_name = ICC_KEM_alg_kyber_768; + /*kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard"; */ + + /*kem->claimed_nist_level = 1; */ + /*kem->ind_cca = true; */ + + kem->length_public_key = OQS_KEM_kyber_768_length_public_key; + kem->length_secret_key = OQS_KEM_kyber_768_length_secret_key; + kem->length_ciphertext = OQS_KEM_kyber_768_length_ciphertext; + kem->length_shared_secret = OQS_KEM_kyber_768_length_shared_secret; + + kem->keypair = OQS_KEM_kyber_768_keypair; + kem->encaps = OQS_KEM_kyber_768_encaps; + kem->decaps = OQS_KEM_kyber_768_decaps; + } + else if (strcmp(a, ICC_KEM_alg_kyber_1024) == 0) { + kem->method_name = ICC_KEM_alg_kyber_1024; + /*kem->alg_version = "https://github.com/pq-crystals/kyber/tree/standard"; */ + + /*kem->claimed_nist_level = 1; */ + /*kem->ind_cca = true; */ + + kem->length_public_key = OQS_KEM_kyber_1024_length_public_key; + kem->length_secret_key = OQS_KEM_kyber_1024_length_secret_key; + kem->length_ciphertext = OQS_KEM_kyber_1024_length_ciphertext; + kem->length_shared_secret = OQS_KEM_kyber_1024_length_shared_secret; + + kem->keypair = OQS_KEM_kyber_1024_keypair; + kem->encaps = OQS_KEM_kyber_1024_encaps; + kem->decaps = OQS_KEM_kyber_1024_decaps; + } + else { + ICC_Free(kem); + return NULL; + } + } + return kem; +} + +static +ICC_SIG* +ICC_SIG_new(const char* a) +{ + ICC_SIG* sig = ICC_Malloc(sizeof(ICC_SIG), __FILE__, __LINE__); + if (sig) { + /* load up the signature context with algorithm specific details for each algorithm variant */ + if (strcmp(a, ICC_SIG_alg_dilithium_2) == 0) { + sig->method_name = ICC_SIG_alg_dilithium_2; + + sig->length_public_key = OQS_SIG_dilithium_2_length_public_key; + sig->length_secret_key = OQS_SIG_dilithium_2_length_secret_key; + sig->length_signature = OQS_SIG_dilithium_2_length_signature; + + sig->keypair = OQS_SIG_dilithium_2_keypair; + sig->sign = OQS_SIG_dilithium_2_sign; + sig->verify = OQS_SIG_dilithium_2_verify; + } + else if (strcmp(a, ICC_SIG_alg_dilithium_3) == 0) { + sig->method_name = ICC_SIG_alg_dilithium_3; + + sig->length_public_key = OQS_SIG_dilithium_3_length_public_key; + sig->length_secret_key = OQS_SIG_dilithium_3_length_secret_key; + sig->length_signature = OQS_SIG_dilithium_3_length_signature; + + sig->keypair = OQS_SIG_dilithium_3_keypair; + sig->sign = OQS_SIG_dilithium_3_sign; + sig->verify = OQS_SIG_dilithium_3_verify; + } + else if (strcmp(a, ICC_SIG_alg_dilithium_5) == 0) { + sig->method_name = ICC_SIG_alg_dilithium_5; + + sig->length_public_key = OQS_SIG_dilithium_5_length_public_key; + sig->length_secret_key = OQS_SIG_dilithium_5_length_secret_key; + sig->length_signature = OQS_SIG_dilithium_5_length_signature; + + sig->keypair = OQS_SIG_dilithium_5_keypair; + sig->sign = OQS_SIG_dilithium_5_sign; + sig->verify = OQS_SIG_dilithium_5_verify; + } +/* This macro encodes the if clause for each of the 12 variants of sphincs */ +#define if_sphincs(x) \ + else if (strcmp(a, ICC_SIG_alg_sphincs_ ## x ## _simple) == 0) { \ + sig->method_name = ICC_SIG_alg_sphincs_ ## x ## _simple; \ + sig->length_public_key = SPX_ ## x ## _crypto_sign_publickeybytes(); \ + sig->length_secret_key = SPX_ ## x ## _crypto_sign_secretkeybytes(); \ + sig->length_signature = SPX_ ## x ## _crypto_sign_bytes(); \ + sig->keypair = OQS_SIG_sphincs_ ## x ## _keypair; \ + sig->sign = OQS_SIG_sphincs_ ## x ## _sign; \ + sig->verify = OQS_SIG_sphincs_ ## x ## _verify; \ + } + if_sphincs(SHAKE_128s) + if_sphincs(SHAKE_128f) + if_sphincs(SHAKE_192s) + if_sphincs(SHAKE_192f) + if_sphincs(SHAKE_256s) + if_sphincs(SHAKE_256f) +#ifdef PQC_SHPINCS_SHA2 + if_sphincs(SHA2_128s) + if_sphincs(SHA2_128f) + if_sphincs(SHA2_192s) + if_sphincs(SHA2_192f) + if_sphincs(SHA2_256s) + if_sphincs(SHA2_256f) +#endif + else { + ICC_Free(sig); + return NULL; + } + } + return sig; +} + +static void ICC_KEM_free(void *x) +{ + ICC_Free(x); +} + +static void ICC_SIG_free(void* x) +{ + ICC_Free(x); +} + +/* return OQS_SUCCESS for success, OQS_FAILURE failure */ + +static +int ICC_KEM_keypair(const ICC_KEM* kem, void* pkc, void* skc) +{ + if (!kem || !kem->keypair) { + return -1; + } + else { + return kem->keypair(pkc, skc); + } +} + +static +int ICC_SIG_keypair(const ICC_SIG* sig, void* pkc, void* skc) +{ + if (!sig || !sig->keypair) { + return -1; + } + else { + return sig->keypair(pkc, skc); + } +} + +#endif + +static +void pqc_pkey_free(EVP_PKEY* pkey) +{ + { + PQC_EVP_PKEY* pk = pkey->pkey.ptr; + if (pk) { + ICC_Free(pk->pkc); + pk->pkc = NULL; + ICC_Free(pk->skc); + pk->skc = NULL; + if (pk->kc) { + ICC_KEM_free(pk->kc); + pk->kc = NULL; + } + if (pk->sc) { + ICC_SIG_free(pk->sc); + pk->sc = NULL; + } + free(pk); + } + pkey->pkey.ptr = NULL; + } +} + +static void pkey_kyber_cleanup(EVP_PKEY_CTX* ctx) +{ + if (!ctx) + return; + + EVP_PKEY_free(ctx->pkey); + ctx->pkey = NULL; +} + +static +PQC_EVP_PKEY* +new_pqc_key(int type) +{ + PQC_EVP_PKEY* pk = OPENSSL_zalloc(sizeof(PQC_EVP_PKEY)); + if (!pk) { + return NULL; + } + { + const char* method_name = id2meth(type); + if (isEVPKyber(type)) { + pk->newctx = (void* (*)(const char* a))ICC_KEM_new; + pk->freectx = (void (*)(void* x))ICC_KEM_free; + pk->kc = pk->newctx(method_name); + if (!pk->kc) { + return NULL; + } + pk->pq_ctx = pk->kc; + } + else { + pk->newctx = (void* (*)(const char* a))ICC_SIG_new; + pk->freectx = (void (*)(void* x))ICC_SIG_free; + pk->sc = pk->newctx(method_name); + if (!pk->sc) { + return NULL; + } + pk->pq_ctx = pk->sc; + } + } + return pk; +} + +static int pkey_kyber_keygen_init(EVP_PKEY_CTX* ctx) +{ + int rv = 1; + return rv; +} + +static int pkey_kyber_keygen(EVP_PKEY_CTX* ctx, EVP_PKEY* pkey) +{ + int rv = 1; + ENGINE* tmpeng = NULL; + const EVP_PKEY_ASN1_METHOD* ameth; + + pkey->type = ctx->pmeth->pkey_id; + ameth = EVP_PKEY_asn1_find(&tmpeng, pkey->type); + if (ameth == NULL) { + return -1; + } + pkey->ameth = ameth; + + { + PQC_EVP_PKEY* pk = new_pqc_key(pkey->type); + if (!pk) { + return -1; + } + /* attach to key */ + pkey->pkey.ptr = pk; + + { + /* get KEM context */ + const ICC_KEM* kem = pk->kc; + + /* allocate key storage */ + /* note - gets cleaned up in ameth->pqc_pkey_free() callback */ + pk->pkcLen = kem->length_public_key; + pk->pkc = ICC_Malloc(kem->length_public_key, __FILE__, __LINE__); + pk->skcLen = kem->length_secret_key; + pk->skc = ICC_Malloc(kem->length_secret_key, __FILE__, __LINE__); + + /* generate keys */ + { + int rc; + rc = ICC_KEM_keypair(kem, pk->pkc, pk->skc); + if (rc != OQS_SUCCESS) { + rv = -1; + } + else { + rv = 1; + } + } + } + } + + if (!ctx->pkey) { + /* normally the case - attach key to this context */ + ctx->pkey = pkey; + if (pkey != NULL) + EVP_PKEY_up_ref(pkey); + } + + return rv; +} + +static int pkey_dilithium_keygen_init(EVP_PKEY_CTX* ctx) +{ + int rv = 1; + return rv; +} +static int pkey_dilithium_keygen(EVP_PKEY_CTX* ctx, EVP_PKEY* pkey) +{ + int rv = 1; + ENGINE* tmpeng = NULL; + const EVP_PKEY_ASN1_METHOD* ameth; + + pkey->type = ctx->pmeth->pkey_id; + + ameth = EVP_PKEY_asn1_find(&tmpeng, pkey->type); + if (ameth == NULL) { + return -1; + } + pkey->ameth = ameth; + + { + PQC_EVP_PKEY* pk = new_pqc_key(pkey->type); + if (!pk) { + return -1; + } + /* attach to key */ + pkey->pkey.ptr = pk; + + { + /* get SIG context */ + const ICC_SIG* sig = NULL; + sig = pk->sc; + + /* allocate key storage */ + /* note - gets cleaned up in ameth->pqc_pkey_free() callback */ + pk->pkcLen = sig->length_public_key; + pk->pkc = ICC_Malloc(sig->length_public_key, __FILE__, __LINE__); + pk->skcLen = sig->length_secret_key; + pk->skc = ICC_Malloc(sig->length_secret_key, __FILE__, __LINE__); + + /* generate keys */ + { + int rc; + rc = ICC_SIG_keypair(sig, pk->pkc, pk->skc); + if (rc != OQS_SUCCESS) { + rv = -1; + } + else { + rv = 1; + } + } + } + } + + if (!ctx->pkey) { + /* normally the case - attach key to this context */ + ctx->pkey = pkey; + if (pkey != NULL) + EVP_PKEY_up_ref(pkey); + } + + return rv; +} + +static int pkey_sphincs_keygen_init(EVP_PKEY_CTX* ctx) +{ + int rv = 1; + return rv; +} +static int pkey_sphincs_keygen(EVP_PKEY_CTX* ctx, EVP_PKEY* pkey) +{ + int rv = pkey_dilithium_keygen(ctx, pkey); + return rv; +} + +static +int pkey_dilithium_sign_init(EVP_PKEY_CTX* ctx) +{ + return 1; +} + +static +int pkey_dilithium_sign(EVP_PKEY_CTX* ctx, unsigned char* sig, + size_t* siglen, const unsigned char* tbs, + size_t tbslen) +{ + int rc = ICC_OSSL_SUCCESS; + if (!ctx) + return -1; + if (!siglen) + return -1; + { + EVP_PKEY* pkey = ctx->pkey; + if (!pkey) + return -1; + if (pkey->type != ctx->pmeth->pkey_id) { + /* wrong key type */ + return 0; + } + { + size_t len = *siglen; + const PQC_EVP_PKEY* pk = (const PQC_EVP_PKEY*)pkey->pkey.ptr; + if (!pk) + return -1; + + if (!sig) { + /* length prediction */ + len = pk->sc->length_signature; + rc = OQS_SUCCESS; + } + else { + rc = ICC_SIG_sign(pk->sc, sig, &len, tbs, tbslen, pk->skc); + } + *siglen = len; + if (rc == OQS_SUCCESS) { + return 1; + } + } + } + return 0; +} +static int pkey_dilithium_verify(EVP_PKEY_CTX* ctx, + const unsigned char* sig, size_t siglen, + const unsigned char* tbs, size_t tbslen) +{ + int rc = ICC_OSSL_SUCCESS; + if (!ctx) + return -1; + { + const EVP_PKEY* k = ctx->pkey; + if (!k) + return -1; + if (k->type != ctx->pmeth->pkey_id) { + /* wrong key type */ + return 0; + } + { + const PQC_EVP_PKEY* pk = (const PQC_EVP_PKEY*)k->pkey.ptr; + if (!pk) + return -1; + + rc = ICC_SIG_verify(pk->sc, tbs, tbslen, sig, siglen, pk->pkc); + if (rc != OQS_SUCCESS) { + return -1; + } + } + } + return 1; +} +static int pkey_dilithium_verifyrecover(EVP_PKEY_CTX* ctx, + unsigned char* rout, size_t* routlen, + const unsigned char* sig, size_t siglen) +{ + return 0; +} + +static int pkey_sphincs_sign(EVP_PKEY_CTX* ctx, unsigned char* sig, + size_t* siglen, const unsigned char* tbs, + size_t tbslen) +{ + return pkey_dilithium_sign(ctx, sig, siglen, tbs, tbslen); +} +static int pkey_sphincs_verify(EVP_PKEY_CTX* ctx, + const unsigned char* sig, size_t siglen, + const unsigned char* tbs, size_t tbslen ) +{ + return pkey_dilithium_verify(ctx, sig, siglen, tbs, tbslen); +} +static int pkey_sphincs_verifyrecover(EVP_PKEY_CTX* ctx, + unsigned char* rout, size_t* routlen, + const unsigned char* sig, size_t siglen) +{ + return 0; +} + +static int pkey_kyber_encrypt(EVP_PKEY_CTX* ctx, + unsigned char* out, size_t* outlen, + const unsigned char* in, size_t inlen) +{ + return 0; +} +static int pkey_kyber_decrypt(EVP_PKEY_CTX* ctx, + unsigned char* out, size_t* outlen, + const unsigned char* in, size_t inlen) +{ + return 0; +} +static int pkey_kyber_ctrl(EVP_PKEY_CTX* ctx, int type, int p1, void* p2) +{ + return 1; +} +static int pkey_kyber_ctrl_str(EVP_PKEY_CTX* ctx, + const char* type, const char* value) +{ + return 1; +} + +static +EVP_PKEY_METHOD kyber_pkey_meth = { + 0, /* pkey_id */ + 0, /* flags */ + pkey_kyber_init, + pkey_kyber_copy, + pkey_kyber_cleanup, + + 0, 0, + + pkey_kyber_keygen_init, + pkey_kyber_keygen, + + 0, + 0, /*pkey_kyber_sign, */ + + 0, + 0, /*pkey_kyber_verify, */ + + 0, + 0, /*pkey_kyber_verifyrecover, */ + + 0, 0, 0, 0, + + 0, + pkey_kyber_encrypt, + + 0, + pkey_kyber_decrypt, + + 0, 0, + + pkey_kyber_ctrl, + pkey_kyber_ctrl_str +}; +static +EVP_PKEY_METHOD kyber768_pkey_meth; +static +EVP_PKEY_METHOD kyber1024_pkey_meth; + +static +EVP_PKEY_METHOD dilithium_pkey_meth = { + 0, /* pkey_id */ + 0, /* flags */ + pkey_kyber_init, + pkey_kyber_copy, + pkey_kyber_cleanup, + + 0, 0, + + pkey_dilithium_keygen_init, + pkey_dilithium_keygen, + + pkey_dilithium_sign_init, + pkey_dilithium_sign, + + 0, /* verify_init */ + pkey_dilithium_verify, + + 0, /* verifyrecover_init */ + pkey_dilithium_verifyrecover, + + 0, 0, 0, 0, + + 0, /* encrypt_init */ + 0, /* pkey_dilithium_encrypt, */ + + 0, /* decrypt_init */ + 0, /* pkey_dilithium_decrypt, */ + + 0, 0, + + pkey_kyber_ctrl, + pkey_kyber_ctrl_str +}; +static +EVP_PKEY_METHOD dilithium768_pkey_meth; +static +EVP_PKEY_METHOD dilithium1024_pkey_meth; + +static +EVP_PKEY_METHOD sphincs128s_shake_pkey_meth = { + 0, /* pkey_id */ + 0, /* flags */ + pkey_kyber_init, + pkey_kyber_copy, + pkey_kyber_cleanup, + + 0, 0, + + pkey_sphincs_keygen_init, + pkey_sphincs_keygen, + + 0, + pkey_sphincs_sign, + + 0, + pkey_sphincs_verify, + + 0, + pkey_sphincs_verifyrecover, + + 0, 0, 0, 0, + + 0, + pkey_kyber_encrypt, + + 0, + pkey_kyber_decrypt, + + 0, 0, + + pkey_kyber_ctrl, + pkey_kyber_ctrl_str +}; + +static EVP_PKEY_METHOD sphincs128f_shake_pkey_meth; +static EVP_PKEY_METHOD sphincs192s_shake_pkey_meth; +static EVP_PKEY_METHOD sphincs192f_shake_pkey_meth; +static EVP_PKEY_METHOD sphincs256s_shake_pkey_meth; +static EVP_PKEY_METHOD sphincs256f_shake_pkey_meth; +static EVP_PKEY_METHOD sphincs128s_sha2_pkey_meth; +static EVP_PKEY_METHOD sphincs128f_sha2_pkey_meth; +static EVP_PKEY_METHOD sphincs192s_sha2_pkey_meth; +static EVP_PKEY_METHOD sphincs192f_sha2_pkey_meth; +static EVP_PKEY_METHOD sphincs256s_sha2_pkey_meth; +static EVP_PKEY_METHOD sphincs256f_sha2_pkey_meth; + +#endif + +#ifndef LIBOQS + +/* return OQS_SUCCESS for success, OQS_FAILURE failure */ + +static int ICC_KEM_encaps(ICC_KEM* kc, void* wrappedkey, void* genkey, void* pkc) +{ + if (!kc || !kc->encaps) { + return -1; + } + else { + return kc->encaps(wrappedkey, genkey, pkc); + } +} + +static int ICC_KEM_decaps(ICC_KEM* kc, void* unwrapped, const void* wrapped, const void* skc) +{ + if (!kc || !kc->decaps) { + return -1; + } + else { + return kc->decaps(unwrapped, wrapped, skc); + } +} + +static +int ICC_SIG_sign(ICC_SIG* sc, void* sig, size_t* len, const void* tbs, size_t tbslen, void* skc) +{ + if (!sc || !sc->sign) { + return -1; + } + else { + return sc->sign(sig, len, tbs, tbslen, skc); + } +} + +static +int ICC_SIG_verify(ICC_SIG* sc, const void* tbs, size_t tbslen, const void* sig, size_t siglen, void* pkc) +{ + if (!sc || !sc->verify) { + return -1; + } + else { + return sc->verify(tbs, tbslen, sig, siglen, pkc); + } +} +#endif + +/* algorithm name table entry */ +struct s_noid { + char* o; /* OID */ + char* s; /* short name */ + char* l; /* long name */ + char* alias; /* alternative long name */ + char* libOQSalg; /* lib (oqs) name */ + EVP_PKEY_METHOD* pmeth; + EVP_PKEY_ASN1_METHOD* ameth; +}; + +/* + ML_KEM_512("2.16.840.1.101.3.4.4.1"), + ML_KEM_768("2.16.840.1.101.3.4.4.2"), + ML_KEM_1024("2.16.840.1.101.3.4.4.3"); + + ML_DSA_44("2.16.840.1.101.3.4.3.17"), + ML_DSA_65("2.16.840.1.101.3.4.3.18"), + ML_DSA_87("2.16.840.1.101.3.4.3.19"), + +SLH_DSA_SHA2_128s("2.16.840.1.101.3.4.3.20"), +SLH_DSA_SHA2_128f("2.16.840.1.101.3.4.3.21"), +SLH_DSA_SHA2_192s("2.16.840.1.101.3.4.3.22"), +SLH_DSA_SHA2_192f("2.16.840.1.101.3.4.3.23"), +SLH_DSA_SHA2_256s("2.16.840.1.101.3.4.3.24"), +SLH_DSA_SHA2_256f("2.16.840.1.101.3.4.3.25"), + +SLH_DSA_SHAKE_128s("2.16.840.1.101.3.4.3.26"), +SLH_DSA_SHAKE_128f("2.16.840.1.101.3.4.3.27"), +SLH_DSA_SHAKE_192s("12.16.840.1.101.3.4.3.28"), +SLH_DSA_SHAKE_192f("2.16.840.1.101.3.4.3.29"), +SLH_DSA_SHAKE_256s("2.16.840.1.101.3.4.3.30"), +SLH_DSA_SHAKE_256f("2.16.840.1.101.3.4.3.31"), +*/ + +static +struct s_noid noids[] = +{ +#if defined(LIBOQS) || defined(LIBDKS) + {"2.16.840.1.101.3.4.4.1", "ML_KEM_512", "ML_KEM_512-Kyber", "Kyber_512", ICC_KEM_alg_kyber_512, &kyber_pkey_meth, &kyber512_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.4.2", "ML_KEM_768", "ML_KEM_768-Kyber", "Kyber_768", ICC_KEM_alg_kyber_768, &kyber768_pkey_meth, &kyber768_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.4.3", "ML_KEM_1024", "ML_KEM_1024-Kyber", "Kyber_1024", ICC_KEM_alg_kyber_1024, &kyber1024_pkey_meth, &kyber1024_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.3.17", "ML_DSA_44", "ML_DSA_44-Dilithium", "Dilithium_512", ICC_SIG_alg_dilithium_2, &dilithium_pkey_meth, &dilithium_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.3.18", "ML_DSA_65", "ML_DSA_65-Dilithium", "Dilithium_768", ICC_SIG_alg_dilithium_3, &dilithium768_pkey_meth, &dilithium768_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.3.19", "ML_DSA_87", "ML_DSA_87-Dilithium", "Dilithium_1024", ICC_SIG_alg_dilithium_5, &dilithium1024_pkey_meth, &dilithium1024_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.3.20", "SLH_DSA_SHA2_128s", "SPHINCS_SHA2_128S", "Sphincs_sha2_128s", ICC_SIG_alg_sphincs_SHA2_128s_simple, &sphincs128s_sha2_pkey_meth, &sphincs128s_sha2_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.3.21", "SLH_DSA_SHA2_128f", "SPHINCS_SHA2_128F", "Sphincs_sha2_128f", ICC_SIG_alg_sphincs_SHA2_128f_simple, &sphincs128f_sha2_pkey_meth, &sphincs128f_sha2_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.3.22", "SLH_DSA_SHA2_192s", "SPHINCS_SHA2_192S", "Sphincs_sha2_192s", ICC_SIG_alg_sphincs_SHA2_192s_simple, &sphincs192s_sha2_pkey_meth, &sphincs192s_sha2_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.3.23", "SLH_DSA_SHA2_192f", "SPHINCS_SHA2_192F", "Sphincs_sha2_192f", ICC_SIG_alg_sphincs_SHA2_192f_simple, &sphincs192f_sha2_pkey_meth, &sphincs192f_sha2_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.3.24", "SLH_DSA_SHA2_256s", "SPHINCS_SHA2_256S", "Sphincs_sha2_256s", ICC_SIG_alg_sphincs_SHA2_256s_simple, &sphincs256s_sha2_pkey_meth, &sphincs256s_sha2_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.3.25", "SLH_DSA_SHA2_256f", "SPHINCS_SHA2_256F", "Sphincs_sha2_256f", ICC_SIG_alg_sphincs_SHA2_256f_simple, &sphincs256f_sha2_pkey_meth, &sphincs256f_sha2_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.3.26", "SLH_DSA_SHAKE_128s", "SPHINCS_SHAKE_128S", "Sphincs_shake_128s", ICC_SIG_alg_sphincs_SHAKE_128s_simple, &sphincs128s_shake_pkey_meth, &sphincs128s_shake_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.3.27", "SLH_DSA_SHAKE_128f", "SPHINCS_SHAKE_128F", "Sphincs_shake_128f", ICC_SIG_alg_sphincs_SHAKE_128f_simple, &sphincs128f_shake_pkey_meth, &sphincs128f_shake_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.3.28", "SLH_DSA_SHAKE_192s", "SPHINCS_SHAKE_192S", "Sphincs_shake_192s", ICC_SIG_alg_sphincs_SHAKE_192s_simple, &sphincs192s_shake_pkey_meth, &sphincs192s_shake_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.3.29", "SLH_DSA_SHAKE_192f", "SPHINCS_SHAKE_192F", "Sphincs_shake_192f", ICC_SIG_alg_sphincs_SHAKE_192f_simple, &sphincs192f_shake_pkey_meth, &sphincs192f_shake_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.3.30", "SLH_DSA_SHAKE_256s", "SPHINCS_SHAKE_256S", "Sphincs_shake_256s", ICC_SIG_alg_sphincs_SHAKE_256s_simple, &sphincs256s_shake_pkey_meth, &sphincs256s_shake_pkey_asn1_meth}, + {"2.16.840.1.101.3.4.3.31", "SLH_DSA_SHAKE_256f", "SPHINCS_SHAKE_256F", "Sphincs_shake_256f", ICC_SIG_alg_sphincs_SHAKE_256f_simple, &sphincs256f_shake_pkey_meth, &sphincs256f_shake_pkey_asn1_meth}, +#endif + {NULL} +}; + + +/* + Register all of our PQC handlers +*/ +void +pqc_evp_init() +{ +#if defined(LIBOQS) || defined(LIBDKS) + +#ifdef LIBOQS + /* redirect liboqs rng to ICC's rng */ + OQS_randombytes_custom_algorithm(&icc_randombytes); +#endif + + kyber768_pkey_meth = kyber_pkey_meth; + kyber1024_pkey_meth = kyber_pkey_meth; + kyber768_pkey_asn1_meth = kyber512_pkey_asn1_meth; + kyber1024_pkey_asn1_meth = kyber512_pkey_asn1_meth; + + dilithium768_pkey_meth = dilithium_pkey_meth; + dilithium1024_pkey_meth = dilithium_pkey_meth; + dilithium768_pkey_asn1_meth = dilithium_pkey_asn1_meth; + dilithium1024_pkey_asn1_meth = dilithium_pkey_asn1_meth; + + sphincs128f_shake_pkey_meth = sphincs128s_shake_pkey_meth; + sphincs192s_shake_pkey_meth = sphincs128s_shake_pkey_meth; + sphincs192f_shake_pkey_meth = sphincs128s_shake_pkey_meth; + sphincs256s_shake_pkey_meth = sphincs128s_shake_pkey_meth; + sphincs256f_shake_pkey_meth = sphincs128s_shake_pkey_meth; + sphincs128f_shake_pkey_asn1_meth = sphincs128s_shake_pkey_asn1_meth; + sphincs192s_shake_pkey_asn1_meth = sphincs128s_shake_pkey_asn1_meth; + sphincs192f_shake_pkey_asn1_meth = sphincs128s_shake_pkey_asn1_meth; + sphincs256s_shake_pkey_asn1_meth = sphincs128s_shake_pkey_asn1_meth; + sphincs256f_shake_pkey_asn1_meth = sphincs128s_shake_pkey_asn1_meth; + + sphincs128s_sha2_pkey_meth = sphincs128s_shake_pkey_meth; + sphincs128f_sha2_pkey_meth = sphincs128s_shake_pkey_meth; + sphincs192s_sha2_pkey_meth = sphincs128s_shake_pkey_meth; + sphincs192f_sha2_pkey_meth = sphincs128s_shake_pkey_meth; + sphincs256s_sha2_pkey_meth = sphincs128s_shake_pkey_meth; + sphincs256f_sha2_pkey_meth = sphincs128s_shake_pkey_meth; + sphincs128s_sha2_pkey_asn1_meth = sphincs128s_shake_pkey_asn1_meth; + sphincs128f_sha2_pkey_asn1_meth = sphincs128s_shake_pkey_asn1_meth; + sphincs192s_sha2_pkey_asn1_meth = sphincs128s_shake_pkey_asn1_meth; + sphincs192f_sha2_pkey_asn1_meth = sphincs128s_shake_pkey_asn1_meth; + sphincs256s_sha2_pkey_asn1_meth = sphincs128s_shake_pkey_asn1_meth; + sphincs256f_sha2_pkey_asn1_meth = sphincs128s_shake_pkey_asn1_meth; +#endif + + { + struct s_noid* ns; + for (ns = noids; ns->o; ns++) { + ns->pmeth->pkey_id = ns->ameth->pkey_id = ns->ameth->pkey_base_id = OBJ_create(ns->o, ns->s, ns->l); + ns->ameth->info = ns->alias; + EVP_PKEY_meth_add0(ns->pmeth); + EVP_PKEY_asn1_add0(ns->ameth); + } + } +} + +static int isEVPKyber(int id) +{ + struct s_noid* ns; + for (ns = noids; ns->alias; ns++) { + if (id == ns->pmeth->pkey_id && memcmp(ns->alias, "Kyber", 5) == 0) + return 1; + } + return 0; +} +static int isEVPDilithium(int id) +{ + struct s_noid* ns; + for (ns = noids; ns->alias; ns++) { + if (id == ns->pmeth->pkey_id && memcmp(ns->alias, "Dilithium", 9) == 0) + return 1; + } + return 0; +} +static int isEVPSphincs(int id) +{ + struct s_noid* ns; + for (ns = noids; ns->alias; ns++) { + if (id == ns->pmeth->pkey_id && memcmp(ns->alias, "Sphincs", 7) == 0) + return 1; + } + return 0; +} +static int isEVPPQC(int id) +{ + return isEVPKyber(id) || isEVPDilithium(id) || isEVPSphincs(id) + ; +} +static int isPQC(int id) +{ + return isEVPPQC(id) + ; +} + +static +const char* id2meth(int k) +{ + struct s_noid* ns; + for (ns = noids; ns->o; ns++) { + if (k == ns->pmeth->pkey_id) + return ns->libOQSalg; + } + return NULL; +} + +static int isdash(char c) +{ + return (c == '_' || c == '-'); +} + +/* return 0 if strings match with _ - optional */ +static +int strcmpdashed(const char* a, const char* b) +{ + if (!a || !b) + return -1; + + /* where a contains '_', b can be '_', '-' or ''*/ + for (; *a || *b; a++) { + if (*a == *b) { + b++; + } + else { + /* not same - try optional dash */ + if (isdash(*a)) { + if (isdash(*b)) { + b++; + } + /* we skip the a's dash and try to match b with next a */ + } + else { + return (*a - *b); + } + } + } + return 0; +} + +static +const char* cvtalias(const char*a) +{ + const struct s_noid* ns; + for (ns = noids; ns->o; ns++) { + /* explicit alias - exact match */ + if (!strcmp(ns->alias, a)) + return ns->s; + + /* name match with optional dashes */ + if (!strcmpdashed(ns->s, a)) + return ns->s; + } + return NULL; +} + +/* linked to via icclib_a.c (included code below) */ +static +int my_OBJ_txt2nid(const char* text) +{ + int nid; + nid = OBJ_txt2nid(text); + if (nid == NID_undef) { + const char* a = cvtalias(text); + if (a) { + nid = OBJ_txt2nid(a); + } + } + return nid; +} + +/* included via icclib_a.c */ +static +EVP_PKEY_CTX* my_EVP_PKEY_CTX_new_id(int id, void* e) +{ + return EVP_PKEY_CTX_new_id(id, e); +} + +/* included via icclib_a.c */ +static +void my_EVP_PKEY_CTX_free(EVP_PKEY_CTX* pkey_ctx) +{ + EVP_PKEY_CTX_free(pkey_ctx); +} + +EVP_PKEY_CTX* EVP_PKEY_CTX_new_from_name(void* libctx, const char* name, const char* propquery) +{ + /* propquery is a V 3 thing - not sure what to do with that */ + EVP_PKEY_CTX* p = EVP_PKEY_CTX_new_id(my_OBJ_txt2nid(name), NULL); + return p; +} + +EVP_PKEY_CTX* EVP_PKEY_CTX_new_from_pkey(void* libctx, EVP_PKEY* pkey, const char* propquery) +{ + /* propquery is a V 3 thing - not sure what to do with that */ + EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new(pkey, NULL); + return pctx; +} + + +/* +* The following are scraped from OpenSSL 3 +*/ +struct EVP_KEM_t +{ + const char* algorithm; + const char* properties; +}; +typedef struct EVP_KEM_t EVP_KEM; + +#include "Argon2/argon2.h" + +/* note - do not use ICC_ variants or will get compile errors on some platforms */ +struct EVP_KDF_t +{ + void* prov; + int name_id; + char* type_name; /* "ARGON2", "ARGON2ID", "ARGON2I", "ARGON2D" */ + int refCount; + const char* description; +}; +typedef struct EVP_KDF_t EVP_KDF; + + +struct EVP_KDF_CTX_t +{ + EVP_KDF* meth; /*Method Structure*/ + void* algctx; +}; +typedef struct EVP_KDF_CTX_t EVP_KDF_CTX; + +static +int EVP_PKEY_CTX_set_kem_op(EVP_PKEY_CTX* ctx, const char* op) +{ + /* this only gets used for RSA anyway */ + /* nothing to do */ + return 1; +} + +static +EVP_KEM* EVP_KEM_fetch(const char* algorithm, const char* properties) +{ + EVP_KEM* k = OPENSSL_zalloc(sizeof(EVP_KEM)); + k->algorithm = strdup(algorithm); + k->properties = strdup(properties); + return k; +} +static +void EVP_KEM_free(EVP_KEM* wrap) +{ + if (wrap) { + free((void*)wrap->algorithm); + wrap->algorithm = 0; + free((void*)wrap->properties); + wrap->properties = 0; + free(wrap); + } +} + +static +int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX* ctx, const unsigned char* params) +{ + /* nothing to do */ + return 1; +} +static +int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX* ctx, EVP_PKEY* authpub, const unsigned char* params) +{ + /* nothing to do */ + return 1; +} +static +int EVP_PKEY_encapsulate(EVP_PKEY_CTX* ctx, unsigned char* wrappedkey, size_t* wrappedkeylen, unsigned char* genkey, size_t* genkeylen) +{ + int rc = OQS_SUCCESS; + if (!ctx) + return -1; + const EVP_PKEY* k = ctx->pkey; + if (!k) + return -1; + if (k->type != ctx->pmeth->pkey_id) { + /* wrong key type */ + return 0; + } + const PQC_EVP_PKEY* pk = (const PQC_EVP_PKEY*)k->pkey.ptr; + if (!pk) + return -1; + + if (wrappedkeylen) { + *wrappedkeylen = pk->kc->length_ciphertext; + } + if (genkeylen) { + *genkeylen = pk->kc->length_shared_secret; + } + if (wrappedkey && genkey) { + rc = ICC_KEM_encaps(pk->kc, wrappedkey, genkey, pk->pkc); + if (rc != OQS_SUCCESS) { + return -1; + } + } + if (rc == OQS_SUCCESS) { + return 1; + } + return 0; +} + +static +int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX* ctx, const unsigned char* params) +{ + return 1; +} +static +int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX* ctx, EVP_PKEY* authpub, const unsigned char* params) +{ + return 1; +} +static +int EVP_PKEY_decapsulate(EVP_PKEY_CTX* ctx, unsigned char* unwrapped, size_t* unwrappedlen, const unsigned char* wrapped, size_t wrappedlen) +{ + int rc = OQS_SUCCESS; + if (!ctx) + return -1; + const EVP_PKEY* k = ctx->pkey; + if (!k) + return -1; + if (k->type != ctx->pmeth->pkey_id) { + /* wrong key type */ + return 0; + } + const PQC_EVP_PKEY* pk = (const PQC_EVP_PKEY*)k->pkey.ptr; + if (!pk) + return -1; + + if (unwrappedlen) { + *unwrappedlen = pk->kc->length_shared_secret; + } + if (unwrapped) { + rc = ICC_KEM_decaps(pk->kc, unwrapped, wrapped, pk->skc); + if (rc != OQS_SUCCESS) { + return -1; + } + } + if (rc == OQS_SUCCESS) { + return 1; + } + return 0; +} + +static +EVP_KDF* EVP_KDF_fetch(void *libctx, const char *algorithm, + const char *properties) +{ + EVP_KDF *kdf = (EVP_KDF*)OPENSSL_zalloc(sizeof(EVP_KDF)); + kdf->type_name = strdup(algorithm); + kdf->refCount = 1; + return kdf; +} + +static +EVP_KDF_CTX* EVP_KDF_CTX_new(EVP_KDF *kdf) +{ + EVP_KDF_CTX *kdf_ctx = (EVP_KDF_CTX*)OPENSSL_zalloc(sizeof(EVP_KDF_CTX)); + kdf_ctx->meth = kdf; + kdf->refCount++; + return kdf_ctx; +} + + +struct ICC_Argon2_params { + uint32_t lanes; + uint32_t threads; /* Not used in Argon2_hash explicitly but determined by lanes.*/ + uint32_t memcost; + char* password; + char* salt; + char* encoded; + size_t pwdLen; + size_t saltLen; + argon2_type mode; + argon2_version version; /* possible values ARGON2_VERSION_10, ARGON2_VERSION_13*/ +}; +typedef struct ICC_Argon2_params Argon2_params; + +/*scraped from openssl v3 filename: */ + +ICC_OSSL_PARAM* ossl_param_construct(const char* key, unsigned int data_type, + void* data, size_t data_size) +{ + ICC_OSSL_PARAM *res = (ICC_OSSL_PARAM*)OPENSSL_zalloc(sizeof(ICC_OSSL_PARAM)); + + res->key = key; + res->data_type = data_type; + res->data = data; + res->data_size = data_size; + res->return_size = ICC_OSSL_PARAM_UNMODIFIED; + return res; +} + +ICC_OSSL_PARAM* OSSL_PARAM_construct_uint32(const char* key, unsigned int* buf) +{ + return ossl_param_construct(key, ICC_OSSL_PARAM_UNSIGNED_INTEGER, buf, + sizeof(unsigned int)); +} + +ICC_OSSL_PARAM* OSSL_PARAM_construct_octet_string(const char* key, void* buf, + size_t bsize) +{ + return ossl_param_construct(key, ICC_OSSL_PARAM_OCTET_STRING, buf, bsize); +} + +ICC_OSSL_PARAM* OSSL_PARAM_construct_end(void) +{ + return ossl_param_construct(NULL, 0, NULL, 0); +} + +static +argon2_type get_argon2_type(const char* name) { + if (strncmp(name, "argon2_d", sizeof("argon2_d")) == 0) { + return Argon2_d; + } + else if (strncmp(name, "argon2_i", sizeof("argon2_i")) == 0) { + return Argon2_i; + } + else if (strncmp(name, "argon2_id", sizeof("argon2_id")) == 0) { + return Argon2_id; + } + else { + return -1; + } +} + +static +argon2_version get_argon2_version(const char* name) { + if (name != NULL && strcmp(name, "ARGON2_VERSION_10") == 0) { + return ARGON2_VERSION_10; + } + else { + return ARGON2_VERSION_13; /*Default*/ + } +} + +static int get_ossl_paramValues(Argon2_params* params, const ICC_OSSL_PARAM** ossl_params) { + int rv = -1; + const ICC_OSSL_PARAM** pp = ossl_params; + while ((*pp)->key != NULL) { + const ICC_OSSL_PARAM* p = *pp; + if (strncmp(p->key, "lanes", sizeof("lanes")) == 0) { + params->lanes = *(uint32_t*)p->data; + } + else if (strncmp(p->key, "threads", sizeof("threads")) == 0) { + params->threads = *(uint32_t*)p->data; + } + else if (strncmp(p->key, "memcost", sizeof("memcost")) == 0) { + params->memcost = *(uint32_t*)p->data; + } + else if (strncmp(p->key, "pass", sizeof("pass")) == 0) { + params->password = (char*)p->data; + params->pwdLen = p->data_size; + } + else if (strncmp(p->key, "salt", sizeof("salt")) == 0) { + params->salt = (char*)p->data; + params->saltLen = p->data_size; + } + else if (strncmp(p->key, "version", sizeof("version")) == 0) { + params->version = get_argon2_version((char *)p->data); + } + else { + return rv; + } + pp++; + } + return 0; +} + + +static +int EVP_KDF_derive(EVP_KDF_CTX* ctx, unsigned char* out, + size_t outlen, const ICC_OSSL_PARAM** ossl_params) +{ + int result = -1; +#if defined(__MVS__) + /* we are getting unresolved symbols because openssl has a clashing blake2b.o so can't support it */ + return result; +#else + Argon2_params params = { 0 }; + if (ctx == NULL) + return 0; + + + result = get_ossl_paramValues(¶ms, ossl_params); + + params.mode = get_argon2_type(ctx->meth->type_name); + if (params.mode < 0) + { + return 0; + } + + + size_t enclen = argon2_encodedlen(2 /*tc*/, params.memcost, params.threads, (uint32_t)params.saltLen, outlen, params.mode); + + params.encoded = calloc(1, enclen); + + result = argon2_hash(2 /*timeCost*/, params.memcost, params.lanes, params.password, params.pwdLen, + params.salt, params.saltLen, out, outlen, params.encoded, enclen, params.mode, params.version); + + if (result == 0){ + return ICC_OSSL_SUCCESS; + } + else { + return 0; + } +#endif +} + +static +void EVP_KDF_free(EVP_KDF *kdf) +{ + if (kdf) { + kdf->refCount--; + if (kdf->refCount == 0) + { + free((void*)kdf->type_name); + kdf->type_name = NULL; + OPENSSL_free(kdf); + } + } +} + +static +void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx) +{ + if (ctx) { + EVP_KDF_free(ctx->meth); + ctx->meth = NULL; + OPENSSL_free(ctx); + } +} + + +/* included via icclib_a.c */ +static +int my_i2d_PublicKey(EVP_PKEY* pkey, unsigned char** pp) +{ +#if defined(LIBOQS) || defined(LIBDKS) + if (isPQC(pkey->type) && pkey) { + return i2d_PQCPublicKey(pkey, pp); + } + else +#endif + return i2d_PublicKey(pkey, pp); +} + +/* included via icclib_a.c */ +static +EVP_PKEY* my_d2i_PublicKey(int type, EVP_PKEY** a, const unsigned char** pp, long length) +{ +#if defined(LIBOQS) || defined(LIBDKS) + if (isPQC(type)) { + if (!pp || !*pp) { + return NULL; + } + const unsigned char* p = *pp; + if (!p) { + return NULL; + } + EVP_PKEY* pkey = EVP_PKEY_new(); + if (pkey == NULL) + return NULL; + if (a) + *a = pkey; + + pkey->type = type; + { + ENGINE* tmpeng = NULL; + const EVP_PKEY_ASN1_METHOD* ameth; + + ameth = EVP_PKEY_asn1_find(&tmpeng, pkey->type); + if (ameth == NULL) { + EVP_PKEY_free(pkey); + return NULL; + } + pkey->ameth = ameth; + } + + if (!d2i_PQCPublicKey(pkey, pp, length)) { + EVP_PKEY_free(pkey); + return NULL; + } + + return pkey; + } + else +#endif + return d2i_PublicKey(type, a, pp, length); +} + +unsigned char *my_HKDF_Extract(const EVP_MD *evp_md, + const unsigned char *salt, size_t salt_len, + const unsigned char *key, size_t key_len, + unsigned char *prk, size_t *prk_len) +{ + unsigned int tmp_len; + HMAC_CTX *hmac = NULL; + hmac = HMAC_CTX_new(); + HMAC_Init(hmac,salt, (int)salt_len, evp_md); + HMAC_Update(hmac,key,key_len); + HMAC_Final(hmac,prk,&tmp_len); + HMAC_CTX_free(hmac); + *prk_len = tmp_len; + return prk; +} + +unsigned char *my_HKDF_Expand(const EVP_MD *evp_md, + const unsigned char *prk, size_t prk_len, + const unsigned char *info, size_t info_len, + unsigned char *okm, size_t okm_len) +{ + unsigned char *ret = okm; + HMAC_CTX *hmac = NULL; + unsigned int i =0; + unsigned char prev[ICC_EVP_MAX_MD_SIZE]; + size_t copy_len = 0; + unsigned char ctr = 0; + size_t done_len = 0; + size_t dig_len = 0; + size_t n = 0; + + + dig_len = EVP_MD_size(evp_md); + + n = okm_len / dig_len; + if (okm_len % dig_len) { + n++; + } + if (n > 255 || okm == NULL) { + ret = NULL; + } + if (NULL == (hmac = HMAC_CTX_new())) { + ret = NULL; + } + if( NULL != hmac) { + if (!HMAC_Init(hmac, prk, (int)prk_len, evp_md)) { + ret = NULL; + } else { + for (i = 1; (i <= n); i++) { + ctr = (unsigned char)i; + if (i > 1) { + if (!HMAC_Init(hmac, NULL, 0, NULL)) { + ret = NULL; + break; + } + HMAC_Update(hmac, prev, dig_len); + } + HMAC_Update(hmac, info, info_len); + HMAC_Update(hmac, &ctr, 1); + HMAC_Final(hmac, prev, NULL); + copy_len = (done_len + dig_len > okm_len) ? (okm_len - done_len) :dig_len; + memcpy(okm + done_len, prev, copy_len); + done_len += copy_len; + } + } + HMAC_CTX_free(hmac); + } + memset(prev,0,sizeof(prev)); + return ret; +} + +/* included via icclib_a.c */ +static +unsigned char *my_HKDF(const EVP_MD *evp_md, + const unsigned char *salt, size_t salt_len, + const unsigned char *key, size_t key_len, + const unsigned char *info, size_t info_len, + unsigned char *okm, size_t okm_len) +{ + unsigned char prk[ICC_EVP_MAX_MD_SIZE]; + unsigned char *ret; + size_t prk_len; + + if (!my_HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, &prk_len)) + { + ret = NULL; + } + else + { + ret = my_HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len); + } + memset(prk, 0, sizeof(prk)); + + return ret; +} +#if 0 +/* Copied from crypto/dsa/dsa_meth.c, see the comments, the droid we want isn't here */ +typedef struct { + /* Parameter gen parameters */ int nbits; /* size of p in bits (default: 2048) */ int qbits; /* size of q in bits (default: 224) */ const EVP_MD *pmd; /* MD for parameter generation */ @@ -2634,53 +4780,118 @@ static int PKEY_FIPS_id(EVP_PKEY *pk, int *check,int *nid) } return rv; } + +/* included via icclib_a.c */ +static +void my_EVP_PKEY_free(EVP_PKEY* pkey) +{ + EVP_PKEY_free(pkey); +} + +/* included via icclib_a.c */ +static +int my_EVP_PKEY_keygen(ICClib* pcb, EVP_PKEY_CTX* cctx, EVP_PKEY** ppkey); + +/* included via icclib_a.c */ +static +int my_EVP_PKEY_generate(ICClib* pcb, EVP_PKEY_CTX* ctx, EVP_PKEY** ppkey) +{ + int rv = 0; + /* V3 API */ + rv = my_EVP_PKEY_keygen(NULL, ctx, ppkey); + return rv; +} + +/* included via icclib_a.c */ +static +int my_EVP_PKEY_keygen_init(EVP_PKEY_CTX* ctx) +{ + int rv = 0; + rv = EVP_PKEY_keygen_init(ctx); + return rv; +} + /* Generic keygen, trap so we can perform the FIPS key consistancy checks */ -int my_EVP_PKEY_keygen(ICClib *pcb, EVP_PKEY_CTX *cctx, EVP_PKEY **pk) +/* included via icclib_a.c */ +static +int my_EVP_PKEY_keygen(ICClib* pcb, EVP_PKEY_CTX* cctx, EVP_PKEY** ppkey) { int rv = 0; - int rc = 0; - const EVP_MD *md = NULL; - EVP_MD_CTX *md_ctx = NULL; - EVP_PKEY *tpk = NULL; - unsigned char *refsig = NULL; - size_t siglen = 512; - int check = 0; + int nid = 0; int fips = 0; /* FIPS allowed */ - static unsigned char in[32] = "01234567890abcdefghi01234567890"; - int inlen = 20; - int nid = 0; + int done = 0, tries = 0, maxRetry = 100; RAND_seed(NULL,0); /* Reseed before keygen */ - rv = EVP_PKEY_keygen(cctx, pk); - md = EVP_get_digestbyname("SHA-224"); + for (tries = 0; !done && tries < maxRetry; tries++) { + rv = EVP_PKEY_keygen(cctx, ppkey); + done = 1; + /* some keys fail the following test so re-gen in that case */ + /* it appears to be caused by leading zeros in the key (PQC) */ + if (1 == rv && ppkey && *ppkey) { + EVP_PKEY* pkey = *ppkey; + int len = 0; + len = my_i2d_PublicKey(pkey, NULL); + if (len > 0) { + const unsigned char* buf = NULL; + unsigned char* ncpp = NULL; + buf = ncpp = OPENSSL_malloc(len); + len = my_i2d_PublicKey(pkey, &ncpp); + if (len > 0) { + const unsigned char* pp = buf; + int kt = pkey->type; + EVP_PKEY* nkey = NULL; + nkey = my_d2i_PublicKey(kt, &nkey, &pp, len); + if (nkey && 1 != EVP_PKEY_cmp(pkey, nkey)) { + done = 0; /* retry */ + EVP_PKEY_free(pkey); + *ppkey = NULL; + } + EVP_PKEY_free(nkey); + } + OPENSSL_free(buf); + } + } + } + if (1 == rv && !done) { + /* fatal error */ + /* Note for PQC keys: probability of false negative is (2^8)^maxRetry against */ + MARK("i2d - d2i missmatch", "my_EVP_PKEY_keygen"); + rv = 0; + } + if ((pcb != NULL) && (pcb->flags & ICC_FIPS_FLAG)) { - if ((1 == rv) && (NULL != pk) ) + int rc = 0; + size_t siglen = 512; + int check = 0; + + if ((1 == rv) && (NULL != ppkey)) { - fips = PKEY_FIPS_id(*pk,&check,&nid); + EVP_PKEY* pkey = *ppkey; + fips = PKEY_FIPS_id(pkey, &check, &nid); if (1 == check) { + const EVP_MD* md = NULL; + EVP_MD_CTX* md_ctx = NULL; md_ctx = EVP_MD_CTX_new(); + md = EVP_get_digestbyname("SHA-224"); if (NULL != md_ctx) { + unsigned char* refsig = NULL; refsig = ICC_Malloc(8192, __FILE__, __LINE__); /* Large enough for a 4K RSA signature, we won't hit this with anything larger */ - tpk = NULL; if (NULL != refsig) { - rc = EVP_DigestSignInit(md_ctx, &cctx, md, NULL, *pk); + static unsigned char in[32] = "01234567890abcdefghi01234567890"; + int inlen = 20; + + rc = EVP_DigestSignInit(md_ctx, &cctx, md, NULL, pkey); if (1 == rc) { - rc = EVP_DigestSign(md_ctx, refsig, &siglen, in, - inlen); - } - if (NULL != tpk) - { - EVP_PKEY_free(tpk); - tpk = NULL; + rc = EVP_DigestSign(md_ctx, refsig, &siglen, in, inlen); } if (1 == rc) { - rc = EVP_DigestVerifyInit(md_ctx, &cctx, md, NULL, *pk); + rc = EVP_DigestVerifyInit(md_ctx, &cctx, md, NULL, pkey); } if (1 == rc) { @@ -2688,10 +4899,10 @@ int my_EVP_PKEY_keygen(ICClib *pcb, EVP_PKEY_CTX *cctx, EVP_PKEY **pk) } if (1 != rc) { - if (NULL != *pk) + if (NULL != pkey) { - EVP_PKEY_free(*pk); - *pk = NULL; + EVP_PKEY_free(pkey); + *ppkey = NULL; } rv = -1; } @@ -2701,16 +4912,24 @@ int my_EVP_PKEY_keygen(ICClib *pcb, EVP_PKEY_CTX *cctx, EVP_PKEY **pk) } } } - } if(2 == check) { fips = 0; /* DSA */ } - if ((NULL != pcb->callback) && (NULL != *pk)) + } + if ((NULL != pcb) && (NULL != pcb->callback) && (NULL != ppkey) && (NULL != *ppkey)) { (*pcb->callback)("ICC_EVP_PKEY_keygen", nid, fips); } + if ((NULL != pcb) && (NULL != pcb->trace_callback)) + { + (*pcb->trace_callback)("ICC_EVP_PKEY_keygen", __func__); + } return rv; } + + +/* included via icclib_a.c */ +static int my_EVP_PKEY_sign_init(ICClib *pcb,EVP_PKEY_CTX *pctx) { int rv = 0; @@ -2729,6 +4948,9 @@ int my_EVP_PKEY_sign_init(ICClib *pcb,EVP_PKEY_CTX *pctx) } return rv; } + +/* included via icclib_a.c */ +static int my_EVP_PKEY_verify_init(ICClib *pcb,EVP_PKEY_CTX *pctx) { int rv = 0; @@ -2748,6 +4970,8 @@ int my_EVP_PKEY_verify_init(ICClib *pcb,EVP_PKEY_CTX *pctx) return rv; } +/* included via icclib_a.c */ +static int my_EVP_DigestSignInit(ICClib *pcb,EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { int rv = 0; @@ -2780,6 +5004,9 @@ int my_EVP_DigestSignInit(ICClib *pcb,EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,const } return rv; } + +/* included via icclib_a.c */ +static int my_EVP_DigestVerifyInit(ICClib *pcb,EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { int rv = 0; @@ -2807,6 +5034,8 @@ int my_EVP_DigestVerifyInit(ICClib *pcb,EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,con return rv; } +/* included via icclib_a.c */ +static int my_SP800_38F_KW(ICClib *pcb,unsigned char *in, int inl, unsigned char *out, int *outl, unsigned char *key, int kl,unsigned int flags) { int rv = 0; @@ -2839,6 +5068,8 @@ int my_SP800_38F_KW(ICClib *pcb,unsigned char *in, int inl, unsigned char *out, return rv; } +/* included via icclib_a.c */ +static int my_EVP_PKEY_derive_init(ICClib *pcb,EVP_PKEY_CTX *ctx) { int rv = 0; @@ -2856,6 +5087,9 @@ int my_EVP_PKEY_derive_init(ICClib *pcb,EVP_PKEY_CTX *ctx) } return rv; } + +/* included via icclib_a.c */ +static int my_RSA_sign(ICClib *pcb,int nid, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, RSA *rsa) { int rv = 0; @@ -2872,6 +5106,9 @@ int my_RSA_sign(ICClib *pcb,int nid, const unsigned char *dgst, int dlen, unsign } return rv; } + +/* included via icclib_a.c */ +static int my_RSA_verify(ICClib *pcb,int nid, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int siglen, RSA *rsa) { int rv = 0; @@ -2889,6 +5126,8 @@ int my_RSA_verify(ICClib *pcb,int nid, const unsigned char *dgst, int dgst_len, return rv; } +/* included via icclib_a.c */ +static int my_RSA_public_encrypt(ICClib *pcb,int flen, unsigned char *from,unsigned char *to, RSA *rsa,int padding) { int rv = 0; @@ -2919,7 +5158,8 @@ int my_RSA_public_encrypt(ICClib *pcb,int flen, unsigned char *from,unsigned cha return rv; } - +/* included via icclib_a.c */ +static int my_RSA_private_decrypt(ICClib *pcb,int flen, const unsigned char *from,unsigned char *to, RSA *rsa,int padding) { int rv = 0; @@ -2950,7 +5190,8 @@ int my_RSA_private_decrypt(ICClib *pcb,int flen, const unsigned char *from,unsig return rv; } - +/* included via icclib_a.c */ +static int my_RSA_public_decrypt(ICClib *pcb,int flen, unsigned char *from,unsigned char *to, RSA *rsa,int padding) { int rv = 0; @@ -2981,7 +5222,8 @@ int my_RSA_public_decrypt(ICClib *pcb,int flen, unsigned char *from,unsigned cha return rv; } - +/* included via icclib_a.c */ +static int my_RSA_private_encrypt(ICClib *pcb,int flen, const unsigned char *from,unsigned char *to, RSA *rsa,int padding) { int rv = 0; @@ -3012,6 +5254,8 @@ int my_RSA_private_encrypt(ICClib *pcb,int flen, const unsigned char *from,unsig return rv; } +/* included via icclib_a.c */ +static int my_PKCS5_PBKDF2_HMAC(ICClib *pcb,const char *pass, int passlen, const unsigned char *salt, int saltlen, int iters, const EVP_MD *digest, int keylen, unsigned char *out) { int rv = 0; @@ -3031,6 +5275,8 @@ int my_PKCS5_PBKDF2_HMAC(ICClib *pcb,const char *pass, int passlen, const unsign return rv; } +/* included via icclib_a.c */ +static int my_DH_generate_key(ICClib *pcb,DH *dh) { int rv = 0; @@ -3052,6 +5298,8 @@ int my_DH_generate_key(ICClib *pcb,DH *dh) return rv; } +/* included via icclib_a.c */ +static int my_DH_compute_key(ICClib *pcb,unsigned char *key,BIGNUM *pub_key,DH *dh) { int nid = 1039; @@ -3072,6 +5320,9 @@ int my_DH_compute_key(ICClib *pcb,unsigned char *key,BIGNUM *pub_key,DH *dh) } return rv; } + +/* included via icclib_a.c */ +static int my_DH_compute_key_padded(ICClib *pcb,unsigned char *key,BIGNUM *pub_key,DH *dh) { int nid = 1039; @@ -3330,9 +5581,9 @@ void recalculateCRT(RSA* rsa) BN_div(rsa->q, NULL, rsa->n, rsa->p, ctx); if (BN_cmp(rsa->p, rsa->q) < 0) { /* swap p & q so p > q */ - BIGNUM * t = rsa->p; + BIGNUM * tmp = rsa->p; rsa->p = rsa->q; - rsa->q = t; + rsa->q = tmp; } { if (!BN_sub(r1, rsa->p, BN_value_one())) @@ -3433,6 +5684,8 @@ int RSA_FixEncodingZeros(RSA* rsa, const RSA* pub, int allowDisableBlinding) } /* A noop these days */ +/* included via icclib_a.c */ +static void my_GHASH(AES_GCM_CTX *gcm_ctx,unsigned char *H,unsigned char *Hash,unsigned char *data,unsigned long datalen) { @@ -3441,6 +5694,7 @@ void my_GHASH(AES_GCM_CTX *gcm_ctx,unsigned char *H,unsigned char *Hash,unsigned #define MyFree(x) ICC_Free(x) #include "loaded.c" /* Self location code */ + #if defined(STANDALONE_ICCLIB) int check_status( ICC_STATUS *status, const char *file, int line ) @@ -3506,15 +5760,164 @@ int main(int argc,char *argv[]) ICCUnload(); } - d[6] = Delta_T(0,&d[0]); + global_d[6] = Delta_T(0,&global_d[0]); c2t = Delta2Time(1); c2t /= 1000000000.0; - printf("Find paths %g\nRead conf %g\nInit OpenSSL %g\nSelf Test %g\nSig Check %g\n main() %g\n",c2t * d[1],c2t * d[2],c2t *d[3],c2t *d[4] ,c2t *d[5], c2t*d[6]); + printf("Find paths %g\nRead conf %g\nInit OpenSSL %g\nSelf Test %g\nSig Check %g\n main() %g\n",c2t * global_d[1],c2t * global_d[2],c2t * global_d[3],c2t * global_d[4] ,c2t * global_d[5], c2t* global_d[6]); /* Added 2021 because we can hit different paths here */ SetStatusOK(NULL,&status); SelfTest(NULL,&status); return me; } + #endif + +/* from SP800-90.c */ +PRNG* my_get_RNGbyname(ICClib* pcb, const char* algname); + +/* Include the function table */ +#include "icclib_a.c" + +/* Set up the call tables that will be used by the static stub to access + crypto. function +*/ +static void LoadTable(ICC_STATUS* status) +{ + int i = 0, j = 0; + IN(); + /* NUM_ICCLIBFUNCTIONS -1 because of the NULL,NULL terminal entry */ + for (i = j = 0; (i < (NUM_ICCLIBFUNCTIONS - 1)) && (NULL != Global.funcs[i].name); i++, j++) { + /* We sometimes need to redirect functions, so provided we + have a loose match to the name, accept it + */ + if ((NULL != ICCGlobal_default[j].name) && (NULL != strstr(Global.funcs[i].name, ICCGlobal_default[j].name))) { + ICCGlobal_default[i].func = Global.funcs[j].func; + } + else { + SetStatusLn2(NULL, status, ICC_ERROR, ICC_LIBRARY_NOT_FOUND, "Symbol not found in function list", (ICCGlobal_default[i].name != NULL) ? ICCGlobal_default[i].name : " prior internal self test failure ", __FILE__, __LINE__); + break; + } + } + OUT(); +} + +static void LoadTables(ICC_STATUS* status) +{ + int i, j = 0; + IN(); + if (ICC_OK == status->majRC) { + /* Populate the default ICCGlobal table */ + LoadTable(&(Global.status)); + + + memcpy(&ICCGlobal_Partial, &ICCGlobal_default, sizeof(ICCGlobal_Partial)); + memcpy(&ICCGlobal_Error, &ICCGlobal_default, sizeof(ICCGlobal_Error)); + /* Now winnow the entry points down + Error state table, I know, but really, it's accurate enough + */ + for (i = 0; i < (NUM_ICCLIBFUNCTIONS - 1); i++) { + if (NULL == ICCGlobal_Error[i].name) + break; + if ((NULL != strstr(ICCGlobal_Error[i].name, "_new")) || + (NULL != strstr(ICCGlobal_Error[i].name, "generate")) || + (NULL != strstr(ICCGlobal_Error[i].name, "Generate")) || + (NULL != strstr(ICCGlobal_Error[i].name, "Init")) || + (NULL != strstr(ICCGlobal_Error[i].name, "get_")) || + (NULL != strstr(ICCGlobal_Error[i].name, "RAND_")) || + (NULL != strstr(ICCGlobal_Error[i].name, "DES_random_key")) || + (NULL != strstr(ICCGlobal_Error[i].name, "AES_CCM_Encrypt")) || + (NULL != strstr(ICCGlobal_Error[i].name, "AES_CCM_Decrypt")) || + (NULL != strstr(ICCGlobal_Error[i].name, "SP800_38F_KW"))) { + ICCGlobal_Error[i].func = NULL; + } + } + /* Init table is a bit simpler + anything beyond SelfTest isn't there + */ + for (i = 0; i < (NUM_ICCLIBFUNCTIONS - 1); i++) { + if (NULL == ICCGlobal_Partial[i].name) break; + if (NULL != strstr(ICCGlobal_Partial[i].name, "SelfTest")) { + j = 1; + continue; + } + if (0 != j) { + ICCGlobal_Partial[i].func = NULL; + } + } + } + OUT(); +} + +/* Called from the status code when a fatal error is tripped */ +void DisableAPI(void) +{ + memcpy(ICCGlobal_default, ICCGlobal_Error, sizeof(ICCGlobal_default)); +} + +/*! + @brief + lib_attach. + - Perform consistancy checks on requested state. + - Attach to the OpenSSL shared library + - Initialize internal ICC state. (FIPS mode etc) + - Initialize OpenSSL + - Initialize PRNG seed + - Run NIST self tests + The ICC Mutex is held during this operation. + - Most port errors happen here. + @param pcb ICC internal context + @param status status return + @return ICC_OSSL_SUCCESS or ICC_FAILURE - Note need to check status. +*/ +int lib_attach(ICClib* pcb, ICC_STATUS* status) +{ + + int rc = ICC_OSSL_SUCCESS; + + IN(); + + if (status == NULL || pcb == NULL) { + return ICC_FAILURE; + } + SetStatusOK(NULL, status); + + *(DWORD*)(pcb->toa) = (DWORD)time(NULL); + *(DWORD*)(pcb->pIDattach) = ICC_GetProcessId(); + *(DWORD*)(pcb->tIDattach) = ICC_GetThreadId(); + + if (getErrorState()) { + rc = ICC_GetLastError(status); + } + if (ICC_OSSL_SUCCESS == rc) { + if (3 == icc_failure) { + Global.initialized = 0; + } + /*If not valid, return error */ + if ((0 == Global.initialized) && (ICC_OK == Global.status.majRC)) { + /*Could not load DLL */ + SetStatusLn(pcb, status, ICC_ERROR | ICC_FATAL, ICC_INVALID_STATE, + (char*)"ICC was not initialized", __FILE__, __LINE__); + } + switch (status->majRC) { + case ICC_ERROR: + case ICC_OS_ERROR: + case ICC_OPENSSL_ERROR: + rc = ICC_FAILURE; + break; + case ICC_OK: + case ICC_WARNING: + default: + /* Allow full set of crypto. functions */ + pcb->funcs = ICCGlobal_default; + /*and prevent further state changes*/ + pcb->lock = 1; + break; + } + } + SetFlags(pcb, status); + OUTRC(rc); + return rc; +} + diff --git a/icc/icclib.h b/icc/icclib.h index 5e29dd2..ed23abe 100644 --- a/icc/icclib.h +++ b/icc/icclib.h @@ -26,10 +26,8 @@ typedef pthread_mutex_t ICC_Mutex; #endif #endif -#include "iccversion.h" #include "iccglobals.h" /* global definitions */ - #include "openssl/rand.h" /* Wrong order for Windows */ #include "openssl/evp.h" @@ -60,6 +58,7 @@ typedef pthread_mutex_t ICC_Mutex; #include "fips-prng/SP800-90.h" typedef void (*CALLBACK_T)(const char *,int,int); +typedef void (*TRACE_CALLBACK_T)(const char*, const char*); #include "icclib_a.h" /* Pick up KDF_CTX type */ @@ -76,8 +75,6 @@ typedef void (*CALLBACK_T)(const char *,int,int); This only limits the size of very large objects that could be created */ extern void * CRYPTO_calloc(int nmemb,int size,const char *file, int line); -extern int my_EVP_MD_CTX_free (EVP_MD_CTX * x); -int my_EVP_ENCODE_CTX_free(EVP_ENCODE_CTX * a); int my_CMAC_Init(CMAC_CTX *cmac_ctx,const EVP_CIPHER *cipher,unsigned char *key,unsigned int keylen); int my_CMAC_Final(CMAC_CTX *cmac_ctx,unsigned char *md,unsigned int maclen); @@ -113,13 +110,7 @@ int SelfTest (ICClib *pcb,ICC_STATUS * status); const BIGNUM *DH_get_PublicKey (const DH * dh); -RSA * my_RSA_new(); -int my_HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,const EVP_MD *md); -int my_EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *key, unsigned char *iv); -int my_EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *key, unsigned char *iv); -int my_EVP_PKEY_encrypt(unsigned char *enc_key,unsigned char *key,int key_len,EVP_PKEY *pub_key); -int my_EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key,int enc_key_len,EVP_PKEY *private_key); int my_HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,const EVP_MD *md); const FUNC *OS_helpers(); diff --git a/icc/iccread.c b/icc/iccread.c index b2129cb..5762243 100644 --- a/icc/iccread.c +++ b/icc/iccread.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/iccsum.c b/icc/iccsum.c index 949cea7..ab63006 100644 --- a/icc/iccsum.c +++ b/icc/iccsum.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/icctest.c b/icc/icctest.c index be4b64f..68d21bb 100644 --- a/icc/icctest.c +++ b/icc/icctest.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -15,8 +15,16 @@ #include #include #if defined(JGSK_WRAP) +/* Using JCC_ namespace - reserved for Java JNI */ # include "jcc_a.h" +#else +#if defined(ICKC_WRAP) +/* Using ICKC_ namespace */ +# include "ickc_a.h" +#endif #endif +/* default is ICC_ namespace */ +/* note: GSKit V8 loads ICC into global symbol with ICC_ symbols */ #include "icc.h" /* Consider using the --tool=massif stacks=yes option to Valgrind instead @@ -693,6 +701,11 @@ int doEVPEnvelopeAndSignatureUnitTest(ICC_CTX *ICC_ctx) check_stack(1); md_ctx = ICC_EVP_MD_CTX_new(ICC_ctx); + if (NULL == md_ctx) { + printf("EVP Envelope And Signature abort. Could not create MD_CTX.\n"); + rv = ICC_ERROR; + } + else { check_stack(1); ICC_EVP_MD_CTX_init(ICC_ctx,md_ctx); check_stack(1); @@ -767,7 +780,8 @@ int doEVPEnvelopeAndSignatureUnitTest(ICC_CTX *ICC_ctx) ICC_EVP_DigestVerifyFinal(ICC_ctx,md_ctx,buf2,uint2); OSSLE(ICC_ctx); printf("\n"); - } else { + } + else { printf("N/A\n"); } @@ -779,6 +793,7 @@ int doEVPEnvelopeAndSignatureUnitTest(ICC_CTX *ICC_ctx) ICC_RSA_free(ICC_ctx,rsa); printf("EVP Envelope And Signature Unit test successfully completed!\n"); } + } if(NULL != status) { free(status); status = NULL; @@ -1005,8 +1020,8 @@ int doKeyUnitTest(ICC_CTX *ICC_ctx) { l1 = retcode = ICC_i2d_PublicKey(ICC_ctx,pkey,&tptr1); ICC_EVP_PKEY_free(ICC_ctx,pkey); } - tptr1 = buf1; - pkey = ICC_d2i_PublicKey(ICC_ctx,ICC_EVP_PKEY_RSA,NULL,&tptr1,l1); + tptr = buf1; + pkey = ICC_d2i_PublicKey(ICC_ctx,ICC_EVP_PKEY_RSA,NULL,&tptr,l1); if (NULL != pkey) { ICC_EVP_PKEY_free(ICC_ctx,pkey); } @@ -1209,7 +1224,7 @@ int doKeyUnitTest(ICC_CTX *ICC_ctx) { pkey = ICC_EVP_PKEY_new(ICC_ctx); /* Generate a DSA key */ - dsa = ICC_DSA_generate_parameters(ICC_ctx, 256, (unsigned char *)buf1, 20, + dsa = ICC_DSA_generate_parameters(ICC_ctx, 256, buf1, 20, &counter, &h, NULL, NULL); retcode = ICC_DSA_generate_key(ICC_ctx, dsa); @@ -1230,8 +1245,8 @@ int doKeyUnitTest(ICC_CTX *ICC_ctx) { pkey = NULL; pkey = ICC_EVP_PKEY_new(ICC_ctx); - tptr1 = buf1; - ICC_d2i_PrivateKey(ICC_ctx, 0, &pkey, &tptr1, 0); + tptr = buf1; + ICC_d2i_PrivateKey(ICC_ctx, 0, &pkey, &tptr, 0); /* free the pkey */ ICC_EVP_PKEY_free(ICC_ctx, pkey); pkey = NULL; @@ -1239,8 +1254,8 @@ int doKeyUnitTest(ICC_CTX *ICC_ctx) { as the d2i overwrites some fields otherwise */ pkey = ICC_EVP_PKEY_new(ICC_ctx); - tptr1 = (unsigned char *)buf1; - ICC_d2i_PublicKey(ICC_ctx, 0, &pkey, &tptr1, 0); + tptr = buf1; + ICC_d2i_PublicKey(ICC_ctx, 0, &pkey, &tptr, 0); /* free the pkey */ ICC_EVP_PKEY_free(ICC_ctx, pkey); pkey = NULL; @@ -1687,7 +1702,9 @@ int doEC_KEYTest(ICC_CTX *ICC_ctx) const ICC_EC_POINT *ec_pub = NULL; unsigned char *ptr = NULL; + const unsigned char *ptr1 = NULL; unsigned char *buf = NULL; + int len = 0; int nid = 0; @@ -1770,8 +1787,8 @@ int doEC_KEYTest(ICC_CTX *ICC_ctx) ptr = buf; len = ICC_i2d_ECPrivateKey(ICC_ctx,ec_key,&ptr); - ptr = buf; - ec_key1 = ICC_d2i_ECPrivateKey(ICC_ctx,NULL,(const unsigned char **)&ptr,len); + ptr1 = buf; + ec_key1 = ICC_d2i_ECPrivateKey(ICC_ctx,NULL,&ptr1,len); if(NULL == ec_key1) { printf("d2i_ECPrivateKey failed, key is NULL\n"); } else { @@ -1788,8 +1805,8 @@ int doEC_KEYTest(ICC_CTX *ICC_ctx) ICC_i2d_ECParameters(ICC_ctx,ec_key,&ptr); - ptr = buf; - ec_key1 = ICC_d2i_ECParameters(ICC_ctx,NULL,(const unsigned char **)&ptr,len); + ptr1 = buf; + ec_key1 = ICC_d2i_ECParameters(ICC_ctx,NULL,&ptr1,len); ICC_EC_KEY_free(ICC_ctx,ec_key1); ec_key1 = NULL; @@ -1806,8 +1823,8 @@ int doEC_KEYTest(ICC_CTX *ICC_ctx) ICC_i2d_ECPKParameters(ICC_ctx,group,&ptr); ICC_EC_GROUP_set_asn1_flag(ICC_ctx,(ICC_EC_GROUP *)group,0); - ptr = buf; - group = ICC_d2i_ECPKParameters(ICC_ctx,NULL,&ptr,len); + ptr1 = buf; + group = ICC_d2i_ECPKParameters(ICC_ctx,NULL, &ptr1,len); OSSLE(ICC_ctx); ICC_EC_GROUP_free(ICC_ctx,(ICC_EC_GROUP *)group); group = NULL; @@ -1821,12 +1838,12 @@ int doEC_KEYTest(ICC_CTX *ICC_ctx) ICC_i2o_ECPublicKey(ICC_ctx,ec_key,&ptr); OSSLE(ICC_ctx); - ptr = buf; + ptr1 = buf; ec_key1 = ICC_EC_KEY_new_by_curve_name(ICC_ctx,nid); - ICC_o2i_ECPublicKey(ICC_ctx,&ec_key1,&ptr,len); + ICC_o2i_ECPublicKey(ICC_ctx,&ec_key1,&ptr1,len); OSSLE(ICC_ctx); free(buf); - ptr = buf = NULL; + ptr1 = ptr = buf = NULL; } /* End export/import */ check_stack(1); @@ -2399,6 +2416,7 @@ static int do_P8_subset(ICC_CTX *ICC_ctx,ICC_EVP_PKEY *pkey) int rv = 0; unsigned char *buf = NULL; unsigned char *tmp = NULL; + const unsigned char *cbuf = NULL; int bufl = 0; ICC_PKCS8_PRIV_KEY_INFO *p8info = NULL; ICC_PKCS8_PRIV_KEY_INFO *p8info1 = NULL; @@ -2421,8 +2439,8 @@ static int do_P8_subset(ICC_CTX *ICC_ctx,ICC_EVP_PKEY *pkey) } if( 0 == rv ) { - buf = tmp; - p8info1 = ICC_d2i_PKCS8_PRIV_KEY_INFO(ICC_ctx,NULL,&buf,bufl); + cbuf = tmp; + p8info1 = ICC_d2i_PKCS8_PRIV_KEY_INFO(ICC_ctx,NULL, &cbuf,bufl); if(NULL == p8info1) { rv = 1; } @@ -3156,6 +3174,9 @@ int doPostStartupTest(ICC_CTX *ICC_ctx, ICC_STATUS *status) { int rv = ICC_OK; int retcode; char value[ICC_VALUESIZE]; +#if 0 + /* this may fail if the path is actually shorter than 9 bytes */ + { char value1[9]; /* Deliberately broken */ value1[0] = '\0'; @@ -3169,11 +3190,11 @@ int doPostStartupTest(ICC_CTX *ICC_ctx, ICC_STATUS *status) { rv = ICC_ERROR; } retcode = ICC_SetValue(ICC_ctx, status, ICC_INSTALL_PATH, (void *)value1); -#if 0 if( retcode == ICC_OK) { printf("ICC vulnerable to invalid ICC_SetValue() - expect a crash [%s]\n",value1); rv = ICC_ERROR; } + } #endif value[0] = '\0'; retcode = ICC_GetValue(ICC_ctx, status, ICC_INSTALL_PATH, (void *)value, @@ -3290,7 +3311,7 @@ int doPostStartupTest(ICC_CTX *ICC_ctx, ICC_STATUS *status) { _declspec(dllexport) #endif #endif -int doUnitTest(int test,char *fips, int unicode) +int doUnitTest(const char* iccPath, int test,char *fips, int unicode) { int rv = ICC_OSSL_SUCCESS; int error = 0; @@ -3300,7 +3321,7 @@ int doUnitTest(int test,char *fips, int unicode) ICC_CTX *ICC_ctx1 = NULL; int retcode = 0, testnum = 1; char* value = NULL; - static char *path = NULL; + static const char *path = NULL; static char tmp[ICC_VALUESIZE]; #if defined(_WIN32) static wchar_t *wpath = NULL; @@ -3312,6 +3333,9 @@ int doUnitTest(int test,char *fips, int unicode) wpath = L"../package"; # endif #endif + /* allow user to override path */ + if (!path) + path = iccPath; fips_mode = 0; status = (ICC_STATUS*)calloc(1,sizeof(ICC_STATUS)); status1 = (ICC_STATUS*)calloc(1,sizeof(ICC_STATUS)); @@ -3553,6 +3577,7 @@ static void usage(char *prgname,char *text) ); printf(" note that correct usage of the ICC API is not guaranteed\n"); printf(" n = a single test number to run\n"); + printf(" -p path to ICC\n"); printf(" -t RNG tuning algorithm, 0 = unset, 1 = heuristic, 2 = estimate\n"); printf(" -x a single test to exclude\n"); printf(" -u start ICC with a Unicode path (Windows only)\n"); @@ -3571,12 +3596,24 @@ int main(int argc, char *argv[]) int test = 0; int unicode = 0; int argi = 1; + const char* iccPath = NULL; + while(argc > argi ) { if(strncmp("-u",argv[argi],2) == 0) { unicode = 1;; } else if(strncmp("-h",argv[argi],2) == 0) { usage(argv[0],NULL); exit(0); + } + else if (strncmp("-p", argv[argi], 2) == 0) { + if (argc > (argi + 1)) { + iccPath = argv[argi + 1]; + argi++; + } + else { + usage(argv[0], NULL); + exit(0); + } } else if(strncmp("-t",argv[argi],2) == 0) { if(argc > (argi+1)) { tuner = atoi(argv[argi+1]); @@ -3600,12 +3637,12 @@ int main(int argc, char *argv[]) return 1; } } - if (ICC_OSSL_SUCCESS != doUnitTest(test,"on",unicode)) { + if (ICC_OSSL_SUCCESS != doUnitTest(iccPath, test,"on",unicode)) { printf("ICC unit test failed - FIPS mode!\n"); return 1; } printf("\n\n\n"); - if ( ICC_OSSL_SUCCESS != doUnitTest(test,"off",unicode)) { + if ( ICC_OSSL_SUCCESS != doUnitTest(iccPath, test,"off",unicode)) { printf("ICC unit test failed - non-FIPS mode!\n"); return 1; } @@ -3618,4 +3655,4 @@ int main(int argc, char *argv[]) x_memdump(); return 0; } -#endif \ No newline at end of file +#endif diff --git a/icc/iccversion.h b/icc/iccversion.h index ba0afd2..18dae41 100644 --- a/icc/iccversion.h +++ b/icc/iccversion.h @@ -30,19 +30,33 @@ #else /* !ICC_OFFICIAL_BUILD */ -# define ICC_PRODUCT_NAME "Unknown" +# define ICC_PRODUCT_NAME "ICC" # define ICC_VERSION_MOD 0 # define ICC_VERSION_FIX 0 # define ICC_BUILD_DATE 0 # define ICC_BUILD_TIME 0 -# define ICC_CMVC_INFO "Unofficial build" # define ICC_EXTRACT_DATE 0 # define ICC_EXTRACT_TIME 0 #endif /* ICC_OFFICIAL_BUILD */ +/* these will normally come from buildinfo.h */ + +#ifndef ICC_GIT_BRANCH +#define ICC_GIT_BRANCH "n/a" +#endif +#ifndef ICC_GIT_HASH +#define ICC_GIT_HASH "n/a" +#endif +#ifndef OCKC_GIT_BRANCH +#define OCKC_GIT_BRANCH "n/a" +#endif +#ifndef OCKC_GIT_HASH +#define OCKC_GIT_HASH "n/a" +#endif + #if !defined(ICC_VERSION_MOD) -# define ICC_VERSION_MOD 0 +# define ICC_VERSION_MOD 11 #endif #if !defined(ICC_VERSION_FIX) diff --git a/icc/induced.h b/icc/induced.h index 51814fb..3fde2c0 100644 --- a/icc/induced.h +++ b/icc/induced.h @@ -1,16 +1,13 @@ -/************************************************************************* +/*---------------------------------------------------------------------------- // Copyright IBM Corp. 2023 -// -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. -*************************************************************************/ - -/************************************************************************* +// // Description: // Define flag for induced failure testing of ICC's error paths // -*************************************************************************/ +//----------------------------------------------------------------------------------*/ #if !defined(INDUCED_H) #define INDUCED_H diff --git a/icc/loaded.c b/icc/loaded.c index 282ec5d..e3449cb 100644 --- a/icc/loaded.c +++ b/icc/loaded.c @@ -1,16 +1,14 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ -/************************************************************************* +/* // Description: Manually created source for the ICCPKG wrapper for GSkit -// -// -*************************************************************************/ +*/ #include "icc.h" /* Only so trace source-of tags work */ #include "loaded.h" @@ -158,10 +156,13 @@ static char *FUNCTION_NAME(MYNAME,_loaded_from)() HMODULE libHandle; IN(); dirName = (char *)calloc(MAX_PATH,1); - libHandle = GetModuleHandle(path); + libHandle = GetModuleHandleA(path); + if (!libHandle) { + libHandle = GetModuleHandleA(NULL); + } if(NULL != dirName) { if (libHandle && - GetModuleFileName(libHandle,dirName, MAX_PATH-1) < MAX_PATH) { + GetModuleFileNameA(libHandle,dirName, MAX_PATH-1) < MAX_PATH) { MARK("dirName",dirName != NULL ? dirName : "NULL"); result = (char *)calloc(strlen(dirName)+1,1); if (NULL != result) { diff --git a/icc/loaded.h b/icc/loaded.h index 10e4040..66de341 100644 --- a/icc/loaded.h +++ b/icc/loaded.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -37,7 +37,7 @@ # define PATH_DELIMITER '\\' # define PATH_DELIMITER_W L'\\' -# define strcasecmp(a,b) stricmp(a,b) +# define strcasecmp(a,b) _stricmp(a,b) #elif defined(_AIX) # include diff --git a/icc/name_cache_tables.c b/icc/name_cache_tables.c index 9215478..f4d9179 100644 --- a/icc/name_cache_tables.c +++ b/icc/name_cache_tables.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/nid_cache.c b/icc/nid_cache.c index a5dbd40..728ddcc 100644 --- a/icc/nid_cache.c +++ b/icc/nid_cache.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/opensslver.mk b/icc/opensslver.mk index ed9b221..b7330d9 100644 --- a/icc/opensslver.mk +++ b/icc/opensslver.mk @@ -35,4 +35,4 @@ OPENSSL__FLAG = ${OPENSSL_release_FLAG} # OpenSSL 1.1.x OSSL_FLAGS = no-engine no-sctp no-idea no-rc5 no-whirlpool no-zlib enable-mdc2 enable-camellia enable-md2 no-seed \ - ${OPENSSL_${CONFIG}_FLAG} + $(OPENSSL_$(CONFIG)_FLAG) diff --git a/icc/os400misc.c b/icc/os400misc.c index bd075bb..56a236b 100644 --- a/icc/os400misc.c +++ b/icc/os400misc.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/ossl.mk b/icc/ossl.mk index beb6f68..aa36c16 100644 --- a/icc/ossl.mk +++ b/icc/ossl.mk @@ -10,13 +10,19 @@ include $(ICC_ROOT)/icc/opensslver.mk DEFAULT_APP_DIR = $(OSSL_DIR)/tmp32dll$($(OPSYS)_$(CONFIG)_OSSL_SUFFIX) DEFAULT_LIB_DIR = $(OSSL_DIR)/out32dll$($(OPSYS)_$(CONFIG)_OSSL_SUFFIX) -DEFAULT_SLIBCRYPTO = $(CRYPTOOBJ) -DEFAULT_SLIBSSL = $(SSLOBJ) -DEFAULT_OPENSSL_LIBS = ws2_32.lib +# We need the objs for producing openssl.exe, default is used for win32 variants +DEFAULT_SLIBCRYPTO_OBJS = $(CRYPTOOBJ) +DEFAULT_SLIBSSL_OBJS = $(SSLOBJ) +# Not used, but just in case there is no OS specific define +DEFAULT_SLIBCRYPTO = $(OSSL_DIR)/libcrypto.a +DEFAULT_SLIBSSL = $(OSSL_DIR)/libssl.a +DEFAULT_OPENSSL_LIBS = $(DEFAULT_SLIBSSL) $(DEFAULT_SLIBCRYPTO) $(OPSYS)_APP_DIR = $(DEFAULT_APP_DIR) $(OPSYS)_LIB_DIR = $(DEFAULT_LIB_DIR) +$(OPSYS)_SLIBCRYPTO_OBJS = $(DEFAULT_SLIBCRYPTO_OBJS) $(OPSYS)_SLIBCRYPTO = $(DEFAULT_SLIBCRYPTO) +$(OPSYS)_SLIBSSL_OBJS = $(DEFAULT_SLIBSSL_OBJS) $(OPSYS)_SLIBSSL = $(DEFAULT_SLIBSSL) $(OPSYS)_OPENSSL_LIBS = $(DEFAULT_OPENSSL_LIBS) @@ -29,46 +35,45 @@ UNIX_SLIBCRYPTO = $(OSSL_DIR)/libcrypto.a UNIX_SLIBSSL = $(OSSL_DIR)/libssl.a UNIX_OPENSSL_LIBS = $(UNIX_SLIBSSL) $(UNIX_SLIBCRYPTO) - WIN_APP_DIR = $(OSSL_DIR)/tmp32dll$($(OPSYS)_$(CONFIG)_OSSL_SUFFIX) WIN_LIB_DIR = $(OSSL_DIR)/out32dll$($(OPSYS)_$(CONFIG)_OSSL_SUFFIX) -WIN_SLIBCRYPTO = $(CRYPTOOBJ) -WIN_SLIBSSL = $(SSLOBJ) - - +WIN_SLIBCRYPTO = $(OSSL_DIR)/libcrypto_static.lib +WIN_SLIBSSL = $(OSSL_DIR)/libssl_static.lib WIN_OPENSSL_LIBS = wsock32.lib + WIN32_APP_DIR = $(WIN_APP_DIR) WIN32_OPENSSL_LIBS = $(WIN_OPENSSL_LIBS) WIN32_SLIBCRYPTO = $(WIN_SLIBCRYPTO) WIN32_SLIBSSL = $(WIN_SLIBSSL) -WIN64_APP_DIR = $(WIN_APP_DIR) -WIN64_OPENSSL_LIBS = ws2_32.lib -WIN64_SLIBCRYPTO = $(WIN_LIB_DIR)/libeay32.lib -WIN64_SLIBSSL = $(WIN_LIB_DIR)/ssleay32.lib -#WIN64_SLIBCRYPTO = $(WIN_SLIBCRYPTO) -#WIN64_SLIBSSL = $(WIN_SLIBSSL) - WIN64_AMD_APP_DIR = $(WIN_APP_DIR) WIN64_AMD_OPENSSL_LIBS = $(WIN_OPENSSL_LIBS) -WIN64_AMD_SLIBCRYPTO = $(WIN64_AMD_CRYPTOOBJ) -WIN64_AMD_SLIBSSL = $(SSLOBJ) +WIN64_AMD_SLIBCRYPTO_OBJS = $(WIN64_AMD_CRYPTOOBJ) +WIN64_AMD_SLIBCRYPTO = $(WIN_SLIBCRYPTO) +WIN64_AMD_SLIBSSL = $(WIN_SLIBSSL) WIN32_VS2013_APP_DIR = $(WIN_APP_DIR) WIN32_VS2013_OPENSSL_LIBS = $(WIN_OPENSSL_LIBS) WIN32_VS2013_SLIBCRYPTO = $(WIN_SLIBCRYPTO) WIN32_VS2013_SLIBSSL = $(WIN_SLIBSSL) +WIN32_VS2022_APP_DIR = $(WIN_APP_DIR) +WIN32_VS2022_OPENSSL_LIBS = $(WIN_OPENSSL_LIBS) +WIN32_VS2022_SLIBCRYPTO = $(WIN_SLIBCRYPTO) +WIN32_VS2022_SLIBSSL = $(WIN_SLIBSSL) + WIN64_AMD_VS2013_APP_DIR = $(WIN_APP_DIR) WIN64_AMD_VS2013_OPENSSL_LIBS = $(WIN_OPENSSL_LIBS) -WIN64_AMD_VS2013_SLIBCRYPTO = $(WIN64_AMD_CRYPTOOBJ) -WIN64_AMD_VS2013_SLIBSSL = $(SSLOBJ) +WIN64_AMD_VS2013_SLIBCRYPTO_OBJS= $(WIN64_AMD_CRYPTOOBJ) +WIN64_AMD_VS2013_SLIBCRYPTO = $(WIN_SLIBCRYPTO) +WIN64_AMD_VS2013_SLIBSSL = $(WIN_SLIBSSL) WIN64_VS2022_APP_DIR = $(WIN_APP_DIR) WIN64_VS2022_OPENSSL_LIBS = $(WIN_OPENSSL_LIBS) -WIN64_VS2022_SLIBCRYPTO = $(WIN64_AMD_CRYPTOOBJ) -WIN64_VS2022_SLIBSSL = $(SSLOBJ) +WIN64_VS2022_SLIBCRYPTO_OBJS= $(WIN64_AMD_CRYPTOOBJ) +WIN64_VS2022_SLIBCRYPTO = $(WIN_SLIBCRYPTO) +WIN64_VS2022_SLIBSSL = $(WIN_SLIBSSL) LINUX_APP_DIR = $(UNIX_APP_DIR) LINUX_OPENSSL_LIBS = $(UNIX_OPENSSL_LIBS) @@ -261,7 +266,9 @@ ZOSA31_SLIBSSL = $(UNIX_SLIBSSL) # OPENSSL_LIBS = $($(OPSYS)_OPENSSL_LIBS) APP_DIR = $($(OPSYS)_APP_DIR) +SLIBCRYPTO_OBJS = $($(OPSYS)_SLIBCRYPTO_OBJS) SLIBCRYPTO = $($(OPSYS)_SLIBCRYPTO) +SLIBSSL_OBJS = $($(OPSYS)_SLIBSSL_OBJS) SLIBSSL = $($(OPSYS)_SLIBSSL) A_OBJ = $(APP_DIR)/apps$(OBJSUFX) diff --git a/icc/platform.c b/icc/platform.c index 13cd638..2d0b67d 100644 --- a/icc/platform.c +++ b/icc/platform.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -13,7 +13,7 @@ *************************************************************************/ /* Note: DO NOT #include icclib.h. - It sucks in macros which resolve to function references on older compilers + It includes macros which resolve to function references on older compilers and that in turn makes libicc.a directly dependent on openssl */ #include "platform.h" diff --git a/icc/platform.h b/icc/platform.h index 0673707..b50426d 100644 --- a/icc/platform.h +++ b/icc/platform.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -67,7 +67,7 @@ extern "C" { /* # define WIN32_LEAN_AND_MEAN */ # include -#define strcasecmp(x,y) _stricmp(x,y) +# define strcasecmp(a,b) _stricmp(a,b) typedef HANDLE ICC_Mutex; diff --git a/icc/platform_api.h b/icc/platform_api.h index 31a49a7..503e5f7 100644 --- a/icc/platform_api.h +++ b/icc/platform_api.h @@ -1,16 +1,13 @@ -/************************************************************************* +/*----------------------------------------------------------------------------- // Copyright IBM Corp. 2023 -// -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. -*************************************************************************/ - -/************************************************************************* +// // Description: Function instantiations for abstraction/indirection for platform // specific code. // -*************************************************************************/ +//---------------------------------------------------------------------------*/ #ifndef INCLUDED_PLATFORM_API #define INCLUDED_PLATFORM_API diff --git a/icc/platforms.mk b/icc/platforms.mk index 4d3bd0f..3409b32 100644 --- a/icc/platforms.mk +++ b/icc/platforms.mk @@ -31,7 +31,7 @@ DEFAULT_LD_CXX = link DEFAULT_SLD = $($(OPSYS)_LD) DEFAULT_AR = $($(OPSYS)_LD) DEFAULT_debug_LDFLAGS = -DEFAULT_LDFLAGS = -DYNAMICBASE -NXCOMPAT -manifest -nologo -DEBUG -out:$@ +DEFAULT_LDFLAGS = -DYNAMICBASE -NXCOMPAT -nologo -DEBUG -out:$@ DEFAULT_LDXXFLAGS = $($(OPSYS)_LDFLAGS) DEFAULT_SLDFLAGS = -dll $($(OPSYS)_LDFLAGS) DEFAULT_ARFLAGS = -lib -nologo -out:$@ @@ -41,6 +41,7 @@ DEFAULT_LDLIBS = -DYNAMICBASE -NXCOMPAT $($(OPSYS)_$(CONFIG)_LDLIBS) DEFAULT_OBJSUFX = .obj DEFAULT_EXESUFX = .exe DEFAULT_SHLPRFX = +# SO_EXT in other words DEFAULT_SHLSUFX = .dll DEFAULT_STLPRFX = DEFAULT_STLSUFX = .lib @@ -52,13 +53,20 @@ DEFAULT_LDFLAGS2 = $($(OPSYS)_LDFLAGS) DEFAULT_SLDFLAGS2 = $($(OPSYS)_SLDFLAGS) # mt is deprecated DEFAULT_MT = echo mt is deprecated , -#--- VisualC++ definitions on Win32 + +# pre-build will set MUPPET but we can override it +# use this when no FIPS module is available +NO_MUPPET = +# use this definition to link in old FIPS module +UNIX_MUPPET = $(OLD_ICC)/iccsdk/$(ICCLIB) + +DEFAULT_MUPPET = $(OLD_ICC)/iccsdk/$(ICCLIB) # any flag can be defaulted this way to reduce copying overhead note = not := # example default LDXXFLAGS to be LDFLAGS # override in OPSYS stanza -#set up defaults for all windows - specific stanzas will redfine as required +#set up defaults for all windows - specific stanzas will redefined as required $(OPSYS)_CC = $(DEFAULT_CC) $(OPSYS)_CXX = $(DEFAULT_CXX) $(OPSYS)_debug_CFLAGS = $(DEFAULT_debug_CFLAGS) @@ -90,6 +98,7 @@ $(OPSYS)_CFLAGS2 = $(DEFAULT_CFLAGS2) $(OPSYS)_LDFLAGS2 = $(DEFAULT_LDFLAGS2) $(OPSYS)_SLDFLAGS2 = $(DEFAULT_SLDFLAGS2) $(OPSYS)_MT = $(DEFAULT_MT) +$(OPSYS)_MUPPET = $(DEFAULT_MUPPET) #--- VisualC++ definitions on Win32 # cant use symlinks so define absolute location of ICC ie parent of package directory @@ -100,13 +109,13 @@ WIN32_CXX = cl -TP WIN32_debug_CFLAGS = -MDd -Zi -D DEBUG -RTCu # Optimization off generates faster starting code ... WIN32_release_CFLAGS = -MD -Zi -WIN32_CFLAGS = -nologo $(WIN32_$(CONFIG)_CFLAGS) -W3 -GF -GS -D WIN32 -D _MBCS -D_CRT_SECURE_NO_WARNINGS -c +WIN32_CFLAGS = -c -nologo $(WIN32_$(CONFIG)_CFLAGS) -W3 -GF -GS -D WIN32 -D_MBCS -D_CRT_SECURE_NO_WARNINGS WIN32_LD = link WIN32_LD_CXX = link WIN32_SLD = $(WIN32_LD) WIN32_AR = $(WIN32_LD) WIN32_debug_LDFLAGS = -WIN32_LDFLAGS = -DYNAMICBASE -NXCOMPAT -manifest -nologo -DEBUG -out:$@ +WIN32_LDFLAGS = -DYNAMICBASE -NXCOMPAT -nologo -DEBUG -out:$@ WIN32_SLDFLAGS = -dll $(WIN32_LDFLAGS) WIN32_ARFLAGS = -lib -nologo -out:$@ WIN32_release_LDLIBS = ws2_32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib @@ -124,7 +133,6 @@ WIN32_OUT = -Fo WIN32_CFLAGS2 = $(WIN32_CFLAGS) WIN32_LDFLAGS2 = $(WIN32_LDFLAGS) WIN32_SLDFLAGS2 = $(WIN32_SLDFLAGS) -WIN32_MT = mt #--- VisualC++ definitions on Win32 #--- VisualC++ definitions on Win64-AMD @@ -146,10 +154,10 @@ WIN64_AMD_LD_CXX = link WIN64_AMD_SLD = $(WIN64_AMD_LD) WIN64_AMD_AR = $(WIN64_AMD_LD) WIN64_AMD_debug_LDFLAGS = -debug -WIN64_AMD_LDFLAGS = -DYNAMICBASE -NXCOMPAT -DEBUG -manifest -nologo $(WIN64_AMD_$(CONFIG)_LDFLAGS) -out:$@ +WIN64_AMD_LDFLAGS = -DYNAMICBASE -NXCOMPAT -DEBUG -nologo $(WIN64_AMD_$(CONFIG)_LDFLAGS) -out:$@ WIN64_AMD_SLDFLAGS = -dll $(WIN64_AMD_LDFLAGS) WIN64_AMD_ARFLAGS = -lib -nologo -out:$@ -WIN64_AMD_release_LDLIBS = gdi32.lib advapi32.lib user32.lib +WIN64_AMD_release_LDLIBS = ws2_32.lib gdi32.lib advapi32.lib user32.lib WIN64_AMD_debug_LDLIBS = $(WIN64_AMD_release_LDLIBS) WIN64_AMD_LDLIBS = -DYNAMICBASE -NXCOMPAT $(WIN64_AMD_$(CONFIG)_LDLIBS) WIN64_AMD_OBJSUFX = .obj @@ -174,15 +182,15 @@ WIN32_VS2013_CC = cl WIN32_VS2013_CXX = cl -TP WIN32_VS2013_debug_CFLAGS = -MDd -Zi -D DEBUG -RTCu WIN32_VS2013_release_CFLAGS = -MD -Zi -WIN32_VS2013_CFLAGS = -nologo $(WIN32_$(CONFIG)_CFLAGS) -W3 -GF -GS -D WIN32 -D _MBCS -D_CRT_SECURE_NO_WARNINGS -c +WIN32_VS2013_CFLAGS = -c -nologo $(WIN32_$(CONFIG)_CFLAGS) -W3 -GF -GS -D WIN32 -D _MBCS -D_CRT_SECURE_NO_WARNINGS WIN32_VS2013_CXXFLAGS = $(WIN32_VS2013_CFLAGS) WIN32_VS2013_LD = link WIN32_VS2013_LD_CXX = link WIN32_VS2013_SLD = $(WIN32_LD) WIN32_VS2013_AR = $(WIN32_LD) WIN32_VS2013_debug_LDFLAGS = -WIN32_VS2013_LDFLAGS = -DYNAMICBASE -NXCOMPAT -manifest -nologo -DEBUG -out:$@ -WIN32_VS2013_SLDFLAGS = -dll $(WIN32_LDFLAGS) +WIN32_VS2013_LDFLAGS = -DYNAMICBASE -NXCOMPAT -nologo -DEBUG -out:$@ +WIN32_VS2013_SLDFLAGS = -dll $(WIN32_VS2013_LDFLAGS) WIN32_VS2013_ARFLAGS = -lib -nologo -out:$@ WIN32_VS2013_release_LDLIBS = ws2_32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib WIN32_VS2013_debug_LDLIBS = ws2_32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib @@ -196,10 +204,9 @@ WIN32_VS2013_STLSUFX = .lib WIN32_VS2013_debug_STRIP = touch WIN32_VS2013_release_STRIP = touch WIN32_VS2013_OUT = -Fo -WIN32_VS2013_CFLAGS2 = $(WIN32_CFLAGS) -WIN32_VS2013_LDFLAGS2 = $(WIN32_LDFLAGS) +WIN32_VS2013_CFLAGS2 = $(WIN32_VS2013_CFLAGS) +WIN32_VS2013_LDFLAGS2 = $(WIN32_VS2013_LDFLAGS) WIN32_VS2013_SLDFLAGS2 = $(WIN32_SLDFLAGS) -WIN32_VS2013_MT = mt #--- VisualC++ definitions on Win32 Visual Studio 2013 # --- VisualC++ definitions on Win32 Visual Studio 2019/22 @@ -231,10 +238,10 @@ WIN64_AMD_VS2013_LD_CXX = link WIN64_AMD_VS2013_SLD = $(WIN64_AMD_LD) WIN64_AMD_VS2013_AR = $(WIN64_AMD_LD) WIN64_AMD_VS2013_debug_LDFLAGS = -debug -WIN64_AMD_VS2013_LDFLAGS = -DYNAMICBASE -NXCOMPAT -DEBUG -manifest -nologo $(WIN64_AMD_$(CONFIG)_LDFLAGS) -out:$@ +WIN64_AMD_VS2013_LDFLAGS = -DYNAMICBASE -NXCOMPAT -DEBUG -nologo $(WIN64_AMD_$(CONFIG)_LDFLAGS) -out:$@ WIN64_AMD_VS2013_SLDFLAGS = -dll $(WIN64_AMD_LDFLAGS) WIN64_AMD_VS2013_ARFLAGS = -lib -nologo -out:$@ -WIN64_AMD_VS2013_release_LDLIBS = gdi32.lib advapi32.lib user32.lib +WIN64_AMD_VS2013_release_LDLIBS = ws2_32.lib gdi32.lib advapi32.lib user32.lib WIN64_AMD_VS2013_debug_LDLIBS = $(WIN64_AMD_release_LDLIBS) WIN64_AMD_VS2013_LDLIBS = -DYNAMICBASE -NXCOMPAT $(WIN64_AMD_$(CONFIG)_LDLIBS) WIN64_AMD_VS2013_OBJSUFX = .obj @@ -249,7 +256,6 @@ WIN64_AMD_VS2013_OUT = $(WIN32_OUT) WIN64_AMD_VS2013_CFLAGS2 = $(WIN64_AMD_CFLAGS) WIN64_AMD_VS2013_LDFLAGS2 = $(WIN64_AMD_LDFLAGS) WIN64_AMD_VS2013_SLDFLAGS2 = $(WIN64_AMD_SLDFLAGS) -#WIN64_AMD_VS2013_MT = mt WIN64_VS2022_RM = rm -f WIN64_VS2022_MKDIR = [ -d $@ ] || mkdir -p @@ -270,7 +276,7 @@ WIN64_VS2022_LD_CXX = link WIN64_VS2022_SLD = $(WIN64_VS2022_LD) WIN64_VS2022_AR = $(WIN64_VS2022_LD) WIN64_VS2022_debug_LDFLAGS = -debug -WIN64_VS2022_LDFLAGS = -DYNAMICBASE -NXCOMPAT -DEBUG -manifest -nologo $(WIN64_VS2022_$(CONFIG)_LDFLAGS) -out:$@ +WIN64_VS2022_LDFLAGS = -DYNAMICBASE -NXCOMPAT -DEBUG -nologo $(WIN64_VS2022_$(CONFIG)_LDFLAGS) -out:$@ WIN64_VS2022_SLDFLAGS = -dll $(WIN64_VS2022_LDFLAGS) WIN64_VS2022_ARFLAGS = -lib -nologo -out:$@ WIN64_VS2022_release_LDLIBS = gdi32.lib advapi32.lib user32.lib ws2_32.lib @@ -288,7 +294,7 @@ WIN64_VS2022_OUT = $(WIN32_OUT) WIN64_VS2022_CFLAGS2 = $(WIN64_VS2022_CFLAGS) WIN64_VS2022_LDFLAGS2 = $(WIN64_VS2022_LDFLAGS) WIN64_VS2022_SLDFLAGS2 = $(WIN64_VS2022_SLDFLAGS) -#WIN64_VS2022_MT = mt +WIN64_VS2022_MUPPET = $(OLD_ICC)/iccsdk/$(ICCLIB) # Convenience definition for Linuxi # @@ -301,15 +307,30 @@ LINUX_release_CFLAGS = -g1 -O3 LINUX_asan_LDFLAGS = -fsanitize=address -LINUX32_CFLAGS = -m32 $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fno-exceptions -fPIC -Wall -c -LINUX32_CXXFLAGS = -m32 $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fPIC -Wall -c -LINUX32_LDFLAGS = -m32 $(LINUX_$(CONFIG)_LDFLAGS) $(LINUX_OUT) $@ -LINUX32_SLDFLAGS = -m32 $(LINUX_$(CONFIG)_LDFLAGS) -shared -Wl,-soname,$@ -Wl,--rpath,\$$ORIGIN $(LINUX_OUT) $@ - -LINUX64_CFLAGS = -m64 $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fno-exceptions -fPIC -Wall -c -LINUX64_CXXFLAGS = -m64 $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fPIC -Wall -c -LINUX64_LDFLAGS = -m64 $(LINUX_$(CONFIG)_LDFLAGS) $(LINUX_OUT) $@ -LINUX64_SLDFLAGS = -m64 $(LINUX_$(CONFIG)_LDFLAGS) -shared -Wl,-soname,$@ -Wl,--rpath,\$$ORIGIN $(LINUX_OUT) $@ +# std=gnu99 will allow declaring variables in the for loop header on phelix (gcc 4.1.2/2006) +LINUX32_CFLAGS = -std=gnu99 -m32 $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fno-exceptions -fPIC -Wall -c +LINUX32_CXXFLAGS = -std=gnu99 -m32 $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fPIC -Wall -c +LINUX32_LDFLAGS = -std=gnu99 -m32 $(LINUX_$(CONFIG)_LDFLAGS) $(LINUX_OUT) $@ +LINUX32_SLDFLAGS = -std=gnu99 -m32 $(LINUX_$(CONFIG)_LDFLAGS) -shared -Wl,-soname,$@ -Wl,--rpath,\$$ORIGIN $(LINUX_OUT) $@ + +# This one makes too many "error" matches in log file searches +#LINUX64_CFLAGS += -Werror=implicit-function-declaration +ifeq (OFFICIAL, $(BUILD)) +LINUX64_CFLAGS = -std=gnu99 -m64 $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fno-exceptions -fPIC -Wall -c +LINUX64_CXXFLAGS = -std=gnu99 -m64 $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fPIC -Wall -c +else +LINUX64_CFLAGS = -std=gnu99 -m64 $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fno-exceptions -fPIC -Wall -c \ + -Werror=incompatible-pointer-types \ + -Werror=implicit-int \ + -Werror=implicit-function-declaration \ + -Werror=return-type \ + -Werror=int-conversion +LINUX64_CXXFLAGS = -std=gnu99 -m64 $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fPIC -Wall -c \ + -Werror=return-type +endif + +LINUX64_LDFLAGS = -std=gnu99 -m64 $(LINUX_$(CONFIG)_LDFLAGS) $(LINUX_OUT) $@ +LINUX64_SLDFLAGS = -std=gnu99 -m64 $(LINUX_$(CONFIG)_LDFLAGS) -shared -Wl,-soname,$@ -Wl,--rpath,\$$ORIGIN $(LINUX_OUT) $@ #--- GCC definitions on Linux IA32 LINUX_RM = rm -f @@ -351,7 +372,6 @@ LINUX_MT = true LINUX_ICCLIB_LNK = - #--- GCC definitions on Linux IA32/IA64, Directly linked to OpenSSL #-- #-- Uses "normal" shared library linkage not dlopen/dlsym @@ -406,10 +426,10 @@ IA64_LINUX_CP = cp -f IA64_LINUX_DEBUGGER = ddd IA64_LINUX_CC = $(LINUX_CC) IA64_LINUX_CXX = $(LINUX_CXX) -IA64_LINUX_CFLAGS = $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fno-exceptions -fPIC -Wall -c +IA64_LINUX_CFLAGS = $(filter-out -m64, $(LINUX64_CFLAGS)) IA64_LINUX_debug_CFLAGS = IA64_LINUX_release_CFLAGS = -IA64_LINUX_CXXFLAGS = $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fPIC -Wall -c +IA64_LINUX_CXXFLAGS = $(filter-out -m64, $(LINUX64_CXXFLAGS)) IA64_LINUX_LD = $(LINUX_CC) IA64_LINUX_LD_CXX = $(LINUX_CXX) IA64_LINUX_SLD = $(LINUX_LD) @@ -431,6 +451,7 @@ IA64_LINUX_CFLAGS2 = $(IA64_LINUX_CFLAGS) IA64_LINUX_LDFLAGS2 = $(IA64_LINUX_LDFLAGS) IA64_LINUX_SLDFLAGS2 = $(IA64_LINUX_SLDFLAGS) -z noexecstack IA64_LINUX_MT = true +IA64_LINUX_MUPPET = #--- GCC definitions on Linux ARM # Note X compile arm x-compiler installed and @@ -446,10 +467,10 @@ ARM_LINUX_DEBUGGER = ddd ARM_LINUX_CC = $(LINUX_CC) ARM_LINUX_CXX = $(LINUX_CXX) ARM_LINUX_CXX = $(LINUX_CXX) -ARM_LINUX_CFLAGS = $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fno-exceptions -fPIC -Wall -c -ARM_LINUX_debug_CFLAGS = -ARM_LINUX_release_CFLAGS = -ARM_LINUX_CXXFLAGS = $(LINUX_$(CONFIG)_CFLAGS) -D_REENTRANT -fno-strict-aliasing -fPIC -Wall -c +ARM_LINUX_debug_CFLAGS = $(LINUX_debug_CFLAGS) +ARM_LINUX_release_CFLAGS = $(LINUX_release_CFLAGS) +ARM_LINUX_CFLAGS = $(filter-out -m64, $(LINUX64_CFLAGS)) +ARM_LINUX_CXXFLAGS = $(filter-out -m64, $(LINUX64_CXXFLAGS)) ARM_LINUX_LD = $(ARM_LINUX_CC) ARM_LINUX_LD_CXX = $(ARM_LINUX_CXX) ARM_LINUX_SLD = $(ARM_LINUX_LD) @@ -481,10 +502,8 @@ ARM64_LINUX_CP = cp -f ARM64_LINUX_DEBUGGER = ddd ARM64_LINUX_CC = $(LINUX_CC) ARM64_LINUX_CXX = $(LINUX_CXX) -ARM64_LINUX_CFLAGS = -D_REENTRANT -fno-strict-aliasing -fno-exceptions -fPIC -Wall -c -ARM64_LINUX_debug_CFLAGS = -ARM64_LINUX_release_CFLAGS = -ARM64_LINUX_CXXFLAGS = -D_REENTRANT -fno-strict-aliasing -fPIC -Wall -c +ARM64_LINUX_CFLAGS = $(filter-out -m64, $(LINUX64_CFLAGS)) +ARM64_LINUX_CXXFLAGS = $(filter-out -m64, $(LINUX64_CXXFLAGS)) ARM64_LINUX_LD = $(ARM64_LINUX_CC) ARM64_LINUX_LD_CXX = $(ARM64_LINUX_CXX) ARM64_LINUX_SLD = $(ARM64_LINUX_LD) @@ -508,18 +527,11 @@ ARM64_LINUX_SLDFLAGS2 = $(ARM64_LINUX_SLDFLAGS) ARM64_LINUX_MT = true #--- GCC definitions on Linux AMD64 -AMD64_LINUX_RM = rm -f -AMD64_LINUX_MKDIR = [ -d $@ ] || mkdir -p -AMD64_LINUX_CP = cp -f -AMD64_LINUX_DEBUGGER = ddd AMD64_LINUX_CC = $(LINUX_CC) AMD64_LINUX_CXX = $(LINUX_CXX) -# -fno-strict-aliasingw orks around GCC 4.x bugs which cause the fork test to crash -AMD64_LINUX_CFLAGS = -fno-strict-aliasing $(LINUX64_CFLAGS) +AMD64_LINUX_CFLAGS = $(LINUX64_CFLAGS) AMD64_LINUX_debug_CFLAGS = AMD64_LINUX_release_CFLAGS = -# Enable to get gcc working as a static analysis tool -#AMD64_LINUX_CFLAGS = -fno-strict-aliasing $(LINUX64_CFLAGS) -fanalyzer AMD64_LINUX_CXXFLAGS = $(LINUX64_CXXFLAGS) AMD64_LINUX_LD = $(LINUX_LD) AMD64_LINUX_LD_CXX = $(LINUX_CXX) @@ -543,6 +555,7 @@ AMD64_LINUX_CFLAGS2 = $(AMD64_LINUX_CFLAGS) AMD64_LINUX_LDFLAGS2 = $(AMD64_LINUX_LDFLAGS) AMD64_LINUX_SLDFLAGS2 = $(AMD64_LINUX_SLDFLAGS) AMD64_LINUX_MT = true +AMD64_LINUX_MUPPET = $(UNIX_MUPPET) #--- GCC definitions on Linux PPC PPC_LINUX_RM = rm -f @@ -610,6 +623,7 @@ PPC64_LINUX_CFLAGS2 = $(PPC64_LINUX_CFLAGS) PPC64_LINUX_LDFLAGS2 = $(PPC64_LINUX_LDFLAGS) PPC64_LINUX_SLDFLAGS2 = $(PPC64_LINUX_SLDFLAGS) PPC64_LINUX_MT = true +PPC64_LINUX_MUPPET = $(UNIX_MUPPET) ##--- GCC definitions on Linux PPC64 Little-Endian PPC64LE_LINUX_RM = rm -f @@ -644,6 +658,7 @@ PPC64LE_LINUX_CFLAGS2 = $(PPC64LE_LINUX_CFLAGS) PPC64LE_LINUX_LDFLAGS2 = $(PPC64LE_LINUX_LDFLAGS) PPC64LE_LINUX_SLDFLAGS2 = $(PPC64LE_LINUX_SLDFLAGS) PPC64LE_LINUX_MT = true +PPC64LE_LINUX_MUPPET = $(UNIX_MUPPET) # Special definitions for OS/X # This changes every release and is a real pain to deal with @@ -651,8 +666,9 @@ PPC64LE_LINUX_MT = true DARWIN_LDFLAGS = -isysroot /Developer/SDKs/MacOSX10.6.sdk -o $@ DARWIN_SLDFLAGS = -dynamiclib -dylib -Wl,-syslibroot /Developer/SDKs/MacOSX10.6.sdk -install_name ./$@ -headerpad_max_install_names -o $@ -OSX_LDFLAGS = $($(OSVER)_LDFLAGS) -OSX_SLDFLAGS = $($(OSVER)_SLDFLAGS) +# OSVER is never defined - this must be a typo +#OSX_LDFLAGS = $($(OSVER)_LDFLAGS) +#OSX_SLDFLAGS = $($(OSVER)_SLDFLAGS) @@ -809,7 +825,7 @@ OSX_FAT4_MT = true #DARWIN_LDFLAGS = -isysroot /Developer/SDKs/MacOSX10.6.sdk -o $@ #DARWIN_SLDFLAGS = -dynamiclib -dylib -Wl,-syslibroot /Developer/SDKs/MacOSX10.6.sdk -install_name ./$@ -headerpad_max_install_names -o $@ -#--- GCC definitions for OSX x86_64 +#--- GCC definitions for OSX x86_64 part build for GSKitV9 #--- NOT The same as the builds above, this is 1/4 of the platform OSXV9_ARCH = -arch x86_64 OSXV9_RM = $(OSX_RM) @@ -946,16 +962,17 @@ S390X_LINUX_CFLAGS2 = $(S390X_LINUX_CFLAGS) S390X_LINUX_LDFLAGS2 = $(S390X_LINUX_LDFLAGS) S390X_LINUX_SLDFLAGS2 = $(S390X_LINUX_SLDFLAGS) S390X_LINUX_MT = true +S390X_LINUX_MUPPET = $(UNIX_MUPPET) #--- c89 definitions on z/OS 64 bit ZOS_DEBUGGER = # cc (not c89 anymore from z/OS 1.6 on) # could be cc ZOS_CC = c99 -# cxx wants .C not .cpp, ZOS_.mk is using xlc++ so copy that + +# xlc++ has trouble with envelope.c. We use a cpp compiler for testing. It doesn't like the openssl headers. #ZOS_CXX = xlc++ -# Actually xlc++ has trouble with envelope.c, so we can compile c++ with the "-+" flag -ZOS_CXX = cxx -+ +ZOS_CXX = c99 -+ ZOS_debug_CFLAGS = -g ZOS_release_CFLAGS = -O3 -Wc,strict,hgpr @@ -984,6 +1001,7 @@ ZOS_CFLAGS2 = $(ZOS_CFLAGS) ZOS_LDFLAGS2 = $(ZOS_LDFLAGS) ZOS_SLDFLAGS2 = $(ZOS_SLDFLAGS) ZOS_MT = true +ZOS_MUPPET = $(UNIX_MUPPET) #--- c89 definitions on z/OS 64 bit @@ -1019,7 +1037,9 @@ ZOSA_CFLAGS2 = $(ZOSA_CFLAGS) ZOSA_LDFLAGS2 = $(ZOSA_LDFLAGS) ZOSA_SLDFLAGS2 = $(ZOSA_SLDFLAGS) ZOSA_MT = true - +ZOSA_MUPPET = $(UNIX_MUPPET) +# Somehow invoking ksh primes the terminal to expect ascii output from icctest and automatically converts it. +ZOSA_ICC_RUN_SETUP = ksh --version; #--- c89 definitions on z/OS 31 bit ZOS31_DEBUGGER = @@ -1086,6 +1106,7 @@ ZOSA31_CFLAGS2 = $(ZOS31_CFLAGS) ZOSA31_LDFLAGS2 = $(ZOS31_LDFLAGS) ZOSA31_SLDFLAGS2 = $(ZOS31_SLDFLAGS) ZOSA31_MT = true +ZOSA31_ICC_RUN_SETUP = ksh --version; #--- end of c89 definitions on z/OS @@ -1095,14 +1116,14 @@ AIX_RM = rm -f AIX_MKDIR = [ -d $@ ] || mkdir -p AIX_CP = cp -f AIX_DEBUGGER = idebug -AIX_CC = cc_r -AIX_CXX = xlC_r +AIX_CC = xlc_r +AIX_CXX = xlc++_r AIX_debug_CFLAGS = -g -qdbxextra -qthreaded AIX_release_CFLAGS = -O -qmaxmem=16384 -qtbtable=full -qthreaded AIX_CFLAGS = $(AIX_$(CONFIG)_CFLAGS) -c AIX_CXXFLAGS = $(AIX_CFLAGS) -AIX_LD = cc_r -AIX_SLD = cc_r +AIX_LD = xlc_r +AIX_SLD = xlc_r AIX_LD_CXX = $(AIX_CXX) AIX_AR = ar AIX_LDFLAGS = $(AIX_OUT) $@ @@ -1123,19 +1144,20 @@ AIX_LDFLAGS2 = $(AIX_LDFLAGS) AIX_SLDFLAGS2 = $(AIX_SLDFLAGS) AIX_MT = true AIX_ICCLIB_LNK = -binitfini:iccSLInit:iccSLFini:0 + #--- VisualAge definitions on AIX AIX64_RM = rm -f AIX64_MKDIR = [ -d $@ ] || mkdir -p AIX64_CP = cp -f AIX64_DEBUGGER = idebug -AIX64_CC = cc_r -AIX64_CXX = xlC_r +AIX64_CC = $(AIX_CC) +AIX64_CXX = $(AIX_CXX) AIX64_debug_CFLAGS = -g -q64 -qdbxextra -qthreaded AIX64_release_CFLAGS = -O -q64 -qmaxmem=16384 -qtbtable=full -qthreaded AIX64_CFLAGS = $(AIX64_$(CONFIG)_CFLAGS) -c AIX64_CXXFLAGS = -q64 -c -AIX64_LD = cc_r -AIX64_SLD = cc_r +AIX64_LD = $(AIX_LD) +AIX64_SLD = $(AIX_SLD) AIX64_LD_CXX = $(AIX64_CXX) AIX64_AR = ar AIX64_LDFLAGS = -q64 $(AIX64_OUT) $@ @@ -1156,20 +1178,21 @@ AIX64_LDFLAGS2 = $(AIX64_LDFLAGS) AIX64_SLDFLAGS2 = $(AIX64_SLDFLAGS) AIX64_MT = true AIX64_ICCLIB_LNK = -binitfini:iccSLInit:iccSLFini:0 +AIX64_MUPPET = $(UNIX_MUPPET) #--- Power hypervisor POWERH_RM = rm -f POWERH_MKDIR = [ -d $@ ] || mkdir -p POWERH_CP = cp -f POWERH_DEBUGGER = idebug -POWERH_CC = cc_r -POWERH_CXX = xlC_r +POWERH_CC = xlc_r +POWERH_CXX = xlc_r++ POWERH_release_CFLAGS = -bstatic -O -qlanglvl=offsetnonpod:nonewexcp:noansifor:nognu_warning:noimplicitint:zeroextarray -qnortti -qnostdinc -qnolib -qlist -qasm -qsource -qlistopt -qarch=pwr6 -qenum=8 -q64 -qnoeh -qdebug=npage0 -qxflag=kernel_node -qdebug=NFPCONC -qidirfirst -qhalt=e POWERH_debug_CFLAGS = $(POWERH_release_CFLAGS) POWERH_CFLAGS = $(POWERH_$(CONFIG)_CFLAGS) -c POWERH_CXXFLAGS = -c -POWERH_LD = cc_r -POWERH_SLD = cc_r +POWERH_LD = xlc_r +POWERH_SLD = xlc_r POWERH_LD_CXX = $(POWERH_CXX) POWERH_AR = ar POWERH_LDFLAGS = -q64 $(POWERH_OUT) $@ @@ -1191,6 +1214,15 @@ POWERH_SLDFLAGS2 = $(POWERH_SLDFLAGS) POWERH_MT = true POWERH_ICCLIB_LNK = -binitfini:iccSLInit:iccSLFini:0 +# default all platforms to current setting /usr/bin/sh +# := prevents assignment loop +$(OPSYS)_SHELL:=$(SHELL) +# SUN's sh is not handling 'if' properly so use ksh +SUN_SHELL=/usr/bin/ksh +SUN_AMD64_SHELL=$(SUN_SHELL) +SUN64_SHELL=$(SUN_SHELL) +SUN_X86_SHELL=$(SUN_SHELL) + #--- Forte definitions on SUN SUN_RM = rm -f SUN_MKDIR = [ -d $@ ] || mkdir -p @@ -1341,7 +1373,7 @@ HPUX_DEBUGGER = dde HPUX_debug_CFLAGS = -g +O2 +Osize +Oprocelim # Keep the opt level low, the OpenSSL build has test failures otherwise HPUX_release_CFLAGS = +O3 +Osize +Oprocelim -HPUX_CFLAGS = $(HPUX_$(CONFIG)_CFLAGS) -Ae +ESlit -D_REENTRANT -D_POSIX_C_SOURCE=199506L -mt +Z -c +HPUX_CFLAGS = $(HPUX_$(CONFIG)_CFLAGS) -AC99 -Ae +ESlit -D_REENTRANT -D_POSIX_C_SOURCE=199506L -mt +Z -c HPUX_CXXFLAGS = $(HPUX_CFLAGS) HPUX_LD = $(HPUX_CC) HPUX_LD_CXX = $(HPUX_CXX) @@ -1376,7 +1408,7 @@ HPUX64_DEBUGGER = dde HPUX64_debug_CFLAGS = -g # DO NOT up the opt level, it causes subtle problems, like not exiting HPUX64_release_CFLAGS = +O3 +Osize +Oprocelim -HPUX64_CFLAGS = $(HPUX64_$(CONFIG)_CFLAGS) +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_POSIX_C_SOURCE=199506L -D_REENTRANT -mt +Z -c +HPUX64_CFLAGS = $(HPUX64_$(CONFIG)_CFLAGS) -AC99 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_POSIX_C_SOURCE=199506L -D_REENTRANT -mt +Z -c HPUX64_CXXFLAGS = $(HPUX64_CFLAGS) HPUX64_LD = $(HPUX64_CC) HPUX64_LD_CXX = $(HPUX64_CXX) @@ -1413,7 +1445,7 @@ IA64_HPUX_CXX = aCC IA64_HPUX_DEBUGGER = dde IA64_HPUX_debug_CFLAGS = -g -DDEBUG IA64_HPUX_release_CFLAGS = -O2 -IA64_HPUX_CFLAGS = $(IA64_HPUX_$(CONFIG)_CFLAGS) -D_POSIX_C_SOURCE=199506L -mt -ext -Ae +O2 +z -c +IA64_HPUX_CFLAGS = $(IA64_HPUX_$(CONFIG)_CFLAGS) -AC99 -D_POSIX_C_SOURCE=199506L -mt -ext -Ae +O2 +z -c IA64_HPUX_CXXFLAGS = $(IA64_HPUX_CFLAGS) IA64_HPUX_LD = $(IA64_HPUX_CC) IA64_HPUX_LD_CXX = $(IA64_HPUX_CXX) @@ -1451,7 +1483,7 @@ IA64_HPUX64_CXX = aCC +DD64 IA64_HPUX64_DEBUGGER = dde IA64_HPUX64_debug_CFLAGS = -g -DDEBUG IA64_HPUX64_release_CFLAGS = -O3 -IA64_HPUX64_CFLAGS = -D_REENTRANT -D_POSIX_C_SOURCE=199506L -mt -Ae $(IA64_HPUX64_$(CONFIG)_CFLAGS) +z -c +IA64_HPUX64_CFLAGS = $(IA64_HPUX64_$(CONFIG)_CFLAGS) -AC99 -D_REENTRANT -D_POSIX_C_SOURCE=199506L -mt -Ae +z -c IA64_HPUX64_CXXFLAGS = $(IA64_HPUX64_CFLAGS) IA64_HPUX64_LD = $(IA64_HPUX64_CC) IA64_HPUX64_LD_CXX = $(IA64_HPUX64_CXX) @@ -1512,7 +1544,7 @@ OS400_LD = icc OS400_LD_CXX = icc OS400_SLD = $(OS400_SETUP_ICC); $(OS400_$(CONFIG)_LD) OS400_AR = ar -v -c -r -S400_LDFLAGS = -v $(OS400_OUT) $@ -qTGTRLS=V5R3M0 -qENTMOD=$(OS400_ICCSDK_OUTPUTDIR)/QADRTMAIN2 -qBNDSRVPGM=$(OS400_ICCSDK_OUTPUTDIR)/QADRTTS +OS400_LDFLAGS = -v $(OS400_OUT) $@ -qTGTRLS=V5R3M0 -qENTMOD=$(OS400_ICCSDK_OUTPUTDIR)/QADRTMAIN2 -qBNDSRVPGM=$(OS400_ICCSDK_OUTPUTDIR)/QADRTTS OS400_LDFLAGS2 = -v $(OS400_OUT) $@ -qTGTRLS=V5R3M0 -qENTMOD=$(OS400_ICCSDK_OUTPUTDIR)/QADRTMAIN2 -qBNDSRVPGM="$(OS400_ICCSDK_OUTPUTDIR)/QADRTTS $(OS400_ICC_LIB)/$(OS400_LIB_400)" OS400_SLDFLAGS = -v $(OS400_OUT) $@ -qTGTRLS=V5R3M0 -qBNDSRVPGM="$(OS400_ICCSDK_OUTPUTDIR)/QADRTTS $(OS400_ICC_LIB)/$(OS400_LIB_400)" -qSTGMDL=*INHERIT -qALWLIBUPD=*NO -qALWUPD=*NO OS400_SLDFLAGS2 = -v $(OS400_OUT) $@ -qTGTRLS=V5R3M0 -qBNDSRVPGM=$(OS400_ICCSDK_OUTPUTDIR)/QADRTTS -qSTGMDL=*INHERIT -qALWLIBUPD=*NO -qALWUPD=*NO @@ -1587,6 +1619,7 @@ OS400X_MT = true #--- Map platform specific definitions to global definitions +SHELL = $($(OPSYS)_SHELL) RM = $($(OPSYS)_RM) MKDIR = $($(OPSYS)_MKDIR) CP = $($(OPSYS)_CP) @@ -1610,7 +1643,6 @@ SHLPRFX = $($(OPSYS)_SHLPRFX) SHLSUFX = $($(OPSYS)_SHLSUFX) STLPRFX = $($(OPSYS)_STLPRFX) STLSUFX = $($(OPSYS)_STLSUFX) -OPENSSL_PATH_SETUP = $($(OPSYS)_OPENSSL_PATH_SETUP) STRIP = $($(OPSYS)_$(CONFIG)_STRIP) ICC_RUN_SETUP = $($(OPSYS)_ICC_RUN_SETUP) @@ -1630,3 +1662,13 @@ EX_SUFFIX = $($(OPSYS)_EX_SUFFIX) CLEAN400_ICC = $($(OPSYS)_CLEAN400_ICC) CLEAN400_MODS = $($(OPSYS)_CLEAN400_MODS) +# muppet.mk needs this definition, maily used in iccpkg +$(OPSYS)_OLD_ICC = OLD_ICC/$(OPSYS) +# avoid directory rename here - WIN_X86_64 can stay +WIN64_VS2022_OLD_ICC = OLD_ICC/WIN_X86_64 +WIN32_VS2022_OLD_ICC = OLD_ICC/WIN32_VS2013 +OLD_ICC = $($(OPSYS)_OLD_ICC) + +# MUPPET is set by the build system based on FIPS module presence and it also writes gsk_wrap2_a.c to match +# if we reset it here then we will be inconsistent with gsk_wrap2_a.c which links in FIPS ICCC_ prefix APIs +#MUPPET = $($(OPSYS)_MUPPET) diff --git a/icc/platforms/1.1.1/API/aes_gcm.c b/icc/platforms/1.1.1/API/aes_gcm.c index f98c7ce..a0ba319 100644 --- a/icc/platforms/1.1.1/API/aes_gcm.c +++ b/icc/platforms/1.1.1/API/aes_gcm.c @@ -482,9 +482,11 @@ int AES_GCM_EncryptUpdate(AES_GCM_CTX *ain, unsigned char *aad, } if (NULL != data) { rv = EVP_EncryptUpdate(a->ctx, out, &outl, data, datalen); + if (outlen) { *outlen = outl; } } + } return rv; } @@ -531,7 +533,9 @@ int AES_GCM_EncryptUpdate(AES_GCM_CTX *ain, unsigned char *aad, } if (NULL != data) { rv = EVP_DecryptUpdate(a->ctx, out, &outl, data, datalen); + if (outlen) { *outlen = outl; + } } } return rv; diff --git a/icc/platforms/1.1.1/BASE_OSSL_FILES.mk b/icc/platforms/1.1.1/BASE_OSSL_FILES.mk index e73054a..2accbb4 100644 --- a/icc/platforms/1.1.1/BASE_OSSL_FILES.mk +++ b/icc/platforms/1.1.1/BASE_OSSL_FILES.mk @@ -4,29 +4,13 @@ # we used to patch OpenSSL to do this, but now everything resides # in the one shared lib this is easier maintenance # -OSSL_XTRA_OBJ = aes_gcm$(OBJSUFX) \ - aes_ccm$(OBJSUFX) - -# icc_cmac$(OBJSUFX) +OSSL_XTRA_OBJ = aes_gcm$(OBJSUFX) aes_ccm$(OBJSUFX) aes_gcm$(OBJSUFX): platforms/$(OPENSSL_LIBVER)/API/aes_gcm.c platforms/$(OPENSSL_LIBVER)/API/aes_gcm.h platforms/$(OPENSSL_LIBVER)/API/aes_ccm.h - $(CC) $(CFLAGS) -I./ -I$(OSSLINC_DIR) -Iplatforms/$(OPENSSL_LIBVER)/API platforms/$(OPENSSL_LIBVER)/API/aes_gcm.c $(OUT)$@ + $(CC) $(CFLAGS) -I./ -Iplatforms/$(OPENSSL_LIBVER)/API -I$(OSSLINC_DIR) platforms/$(OPENSSL_LIBVER)/API/aes_gcm.c $(OUT)$@ aes_ccm$(OBJSUFX): platforms/$(OPENSSL_LIBVER)/API/aes_ccm.c platforms/$(OPENSSL_LIBVER)/API/aes_ccm.h platforms/$(OPENSSL_LIBVER)/API/aes_gcm.h - $(CC) $(CFLAGS) -I./ -I$(OSSLINC_DIR) -Iplatforms/$(OPENSSL_LIBVER)/API platforms/$(OPENSSL_LIBVER)/API/aes_ccm.c $(OUT)$@ - -#aes_gcm.c: platforms/$(OPENSSL_LIBVER)/API/aes_gcm.c -# $(CP) platforms/$(OPENSSL_LIBVER)/API/aes_gcm.c $@ - -#aes_gcm.h: platforms/$(OPENSSL_LIBVER)/API/aes_gcm.h -# $(CP) platforms/$(OPENSSL_LIBVER)/API/aes_gcm.h $@ - -#aes_ccm.c: platforms/$(OPENSSL_LIBVER)/API/aes_ccm.c -# $(CP) platforms/$(OPENSSL_LIBVER)/API/aes_ccm.c $@ - -#aes_ccm.h: platforms/$(OPENSSL_LIBVER)/API/aes_ccm.h -# $(CP) platforms/$(OPENSSL_LIBVER)/API/aes_ccm.h $@ - + $(CC) $(CFLAGS) -I./ -Iplatforms/$(OPENSSL_LIBVER)/API -I$(OSSLINC_DIR) platforms/$(OPENSSL_LIBVER)/API/aes_ccm.c $(OUT)$@ # diff --git a/icc/platforms/1.1.1/OSX_.mk b/icc/platforms/1.1.1/OSX_.mk index 4218806..dc9eb9e 100644 --- a/icc/platforms/1.1.1/OSX_.mk +++ b/icc/platforms/1.1.1/OSX_.mk @@ -19,6 +19,9 @@ ossl.sig: $(MYOPENSSL) $(OSSLDLL) $(FILESIZE) $(MYOPENSSL) dgst -sha256 -hex -sign privkey.rsa $(OSSLDLL) >> ossl.sig +icchash.h: icc.sig ossl.sig icchash$(EXESUFX) + ./icchash icc.sig ossl.sig $@ + # # Moved to platform specific because at least on HP/UX # we need to unarchive libcrypto.a and relink it as a diff --git a/icc/platforms/1.1.1/OSX_ARM64_.mk b/icc/platforms/1.1.1/OSX_ARM64_.mk index 444216e..422dd43 100644 --- a/icc/platforms/1.1.1/OSX_ARM64_.mk +++ b/icc/platforms/1.1.1/OSX_ARM64_.mk @@ -20,6 +20,9 @@ ossl.sig: $(MYOPENSSL) $(OSSLDLL) $(FILESIZE) $(MYOPENSSL) dgst -sha256 -hex -sign privkey.rsa $(OSSLDLL) >> ossl.sig +icchash.h: icc.sig ossl.sig icchash$(EXESUFX) + ./icchash icc.sig ossl.sig $@ + # # Moved to platform specific because at least on HP/UX # we need to unarchive libcrypto.a and relink it as a diff --git a/icc/platforms/1.1.1/S390X_LINUX_.mk b/icc/platforms/1.1.1/S390X_LINUX_.mk index e0021d6..1143156 100644 --- a/icc/platforms/1.1.1/S390X_LINUX_.mk +++ b/icc/platforms/1.1.1/S390X_LINUX_.mk @@ -9,7 +9,8 @@ ASM_OBJS = s390xcpuid.o s390xcap.o s390x.o s390x-mont.o s390x-gf2m.o \ c_enc.o bf_enc.o des_enc.o ghash-s390x.o \ threads_pthread.o async_posix.o \ chacha-s390x.o poly1305-s390x.o \ - keccak1600-s390x.o ecp_s390x_nistp.o + keccak1600-s390x.o ecp_s390x_nistp.o \ + hmac_s390x.o # poly1305-s390x.o diff --git a/icc/platforms/1.1.1/S390_LINUX_.mk b/icc/platforms/1.1.1/S390_LINUX_.mk index bbe7229..684bcf4 100644 --- a/icc/platforms/1.1.1/S390_LINUX_.mk +++ b/icc/platforms/1.1.1/S390_LINUX_.mk @@ -9,7 +9,8 @@ ASM_OBJS = s390xcpuid.o bn_asm.o s390xcap.o s390x-mont.o s390x-gf2m.o \ c_enc.o bf_enc.o des_enc.o ghash-s390x.o \ threads_pthread.o async_posix.o \ chacha-s390x.o poly1305-s390x.o \ - keccak1600-s390x.o ecp_s390x_nistp.o + keccak1600-s390x.o ecp_s390x_nistp.o \ + hmac_s390x.o # poly1305-s390x.o diff --git a/icc/platforms/1.1.1/UNIX_like.mk b/icc/platforms/1.1.1/UNIX_like.mk index 4478300..98e6461 100644 --- a/icc/platforms/1.1.1/UNIX_like.mk +++ b/icc/platforms/1.1.1/UNIX_like.mk @@ -7,11 +7,11 @@ $(ICC_RAND_OBJ): $(OSSLINC_DIR) icc_rand.c $(CC) $(CFLAGS) -I./ -I$(ZLIB_DIR) -I$(TRNG_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(SDK_DIR) icc_rand.c $(ASM_TWEAKS) -$(MYOPENSSL): openssl$(EXESUFX) +$(MYOPENSSL): $(SDK_DIR) openssl$(EXESUFX) $(CP) openssl$(EXESUFX) $@ -openssl$(OBJSUFX): openssl.c - $(CC) -DOPENSSL_NO_ENGINE $(CFLAGS) -I$(OSSLINC_DIR) -I$(OSSL_DIR)/apps/ -I$(OSSL_DIR) openssl.c +openssl$(OBJSUFX): ../$(OPENSSL_VER)/apps/openssl.c + $(CC) -DOPENSSL_NO_ENGINE $(CFLAGS) -I$(OSSLINC_DIR) -I$(OSSL_DIR)/apps/ -I$(OSSL_DIR) ../$(OPENSSL_VER)/apps/openssl.c openssl$(EXESUFX): openssl$(OBJSUFX) $(E_OBJ) $(SLIBCRYPTO) $(SLIBSSL) platform$(OBJSUFX) $(LD) $(LDFLAGS) openssl$(OBJSUFX) platform$(OBJSUFX) $(E_OBJ) $(SLIBSSL) $(OPENSSL_LIBS) $(SLIBCRYPTO) $(LDLIBS) diff --git a/icc/platforms/1.1.1/WIN_like.mk b/icc/platforms/1.1.1/WIN_like.mk index 864ab5a..492224b 100644 --- a/icc/platforms/1.1.1/WIN_like.mk +++ b/icc/platforms/1.1.1/WIN_like.mk @@ -15,13 +15,14 @@ icc.res: icc.rc $(MYOPENSSL): openssl.exe $(CP) openssl.exe $@ +../$(OPENSSL_VER)/apps/openssl$(OBJSUFX): ../$(OPENSSL_VER)/apps/openssl.c + $(BUILD_OSSL) + openssl$(OBJSUFX): $(OSSL_DIR)/apps/openssl$(OBJSUFX) cp $(OSSL_DIR)/apps/openssl$(OBJSUFX) $@ - -openssl.exe: openssl$(OBJSUFX) Build_OSSL_Complete $(E_OBJ) $(SLIBCRYPTO) $(SLIBSSL) platform$(OBJSUFX) - $(LD) $(LDFLAGS) openssl$(OBJSUFX) platform$(OBJSUFX) $(E_OBJ) $(SLIBSSL) $(SLIBCRYPTO) $(OPENSSL_LIBS) $(LDLIBS) ws2_32.lib - mt -manifest $@.manifest -outputresource:$@\;1 +openssl.exe: openssl$(OBJSUFX) Build_OSSL_Complete $(E_OBJ) $(SLIBCRYPTO_OBJS) $(SLIBSSL_OBJS) platform$(OBJSUFX) + $(LD) $(LDFLAGS) openssl$(OBJSUFX) platform$(OBJSUFX) $(E_OBJ) $(SLIBCRYPTO_OBJS) $(SLIBSSL_OBJS) $(OPENSSL_LIBS) $(LDLIBS) ws2_32.lib # # default make stuff used on most platforms diff --git a/icc/platforms/1.1.1/ZOS31_.mk b/icc/platforms/1.1.1/ZOS31_.mk index c0dcbd8..6ec94d3 100644 --- a/icc/platforms/1.1.1/ZOS31_.mk +++ b/icc/platforms/1.1.1/ZOS31_.mk @@ -13,6 +13,7 @@ ASM_OBJS = s390xcpuid.o s390x.o s390x-mont.o bn_nist.o ecp_nist.o s390xcap.o s3 keccak1600-s390x.o ecp_s390x_nistp.o \ ebcdic.o async_null.o \ chacha-s390x.o poly1305-s390x.o \ + hmac_s390x.o \ csvquery.o: asm/zos/csvquery.s -as -aegimrsx=$^.list -m"GOFF,SYSPARM(USE_XPLINK),ESD" $^ diff --git a/icc/platforms/1.1.1/ZOS_.mk b/icc/platforms/1.1.1/ZOS_.mk index 286794c..1b7598d 100644 --- a/icc/platforms/1.1.1/ZOS_.mk +++ b/icc/platforms/1.1.1/ZOS_.mk @@ -15,6 +15,7 @@ include platforms/${OPENSSL_LIBVER}/UNIX_like.mk # keccak1600-s390x.o ecp_s390x_nistp.o \ # ebcdic.o async_null.o \ # chacha-s390x.o poly1305-s390x.o \ +# hmac_s390x.o \ ASM_OBJS = s390xcpuid.o s390x.o s390x-mont.o bn_nist.o ecp_nist.o s390xcap.o s390x-gf2m.o \ aes-s390x.o \ @@ -26,6 +27,7 @@ ASM_OBJS = s390xcpuid.o s390x.o s390x-mont.o bn_nist.o ecp_nist.o s390xcap.o s3 keccak1600-s390x.o ecp_s390x_nistp.o \ ebcdic.o async_null.o \ chacha-s390x.o poly1305-s390x.o \ + hmac_s390x.o \ csvquery_64.o: asm/zos/csvquery_64.s -as -aegimrsx=$^.list -m"GOFF,SYSPARM(USE_XPLINK),ESD" $^ diff --git a/icc/platfsl.c b/icc/platfsl.c index 67e59c2..6fd6478 100644 --- a/icc/platfsl.c +++ b/icc/platfsl.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/platfsl.h b/icc/platfsl.h index ab7a060..6032422 100644 --- a/icc/platfsl.h +++ b/icc/platfsl.h @@ -1,16 +1,13 @@ -/************************************************************************* +/***************************************************************************** // Copyright IBM Corp. 2023 -// -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. -*************************************************************************/ - -/************************************************************************* +// // Description: Provides a layer of abstraction/indirection for platform // specific code. // -*************************************************************************/ +******************************************************************************/ #ifndef INCLUDED_PLATFSL #define INCLUDED_PLATFSL diff --git a/icc/status.c b/icc/status.c index 5e12519..e8cabb4 100644 --- a/icc/status.c +++ b/icc/status.c @@ -1,22 +1,21 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ - -/************************************************************************* +/* // Description: Error message routines.Only usable in an icclib context. -// -// -*************************************************************************/ +*/ #include "icc.h" #include "icclib.h" #include "status.h" #include "tracer.h" +#include "iccversion.h" + #define ICC_VTAG " (ICC"\ MAKESTRING(ICC_VERSION_VER) "." \ MAKESTRING(ICC_VERSION_REL) "." \ diff --git a/icc/tools.mk b/icc/tools.mk index a687c83..6eebfcd 100644 --- a/icc/tools.mk +++ b/icc/tools.mk @@ -29,8 +29,8 @@ TOOLS = \ # GENRND_OBJS = GenRndData$(OBJSUFX) platform$(OBJSUFX) \ timer_entropy$(OBJSUFX) nist_algs$(OBJSUFX) \ - noise_to_entropy$(OBJSUFX) \ - TRNG_ALT4$(OBJSUFX) looper$(OBJSUFX) \ + noise_to_entropy$(OBJSUFX) timer_fips$(OBJSUFX) \ + TRNG_FIPS$(OBJSUFX) looper$(OBJSUFX) \ $(ASMOBJS) GENRNDFIPS_OBJS = GenRndDataFIPS$(OBJSUFX) platform$(OBJSUFX) \ @@ -39,45 +39,37 @@ GENRNDFIPS_OBJS = GenRndDataFIPS$(OBJSUFX) platform$(OBJSUFX) \ TRNG_FIPS$(OBJSUFX) looper$(OBJSUFX) \ $(ASMOBJS) - - #- Build RND data generator executable # GENRND is either GenRdnData.exe (winxxx) or GenRndData # So rather than use generic target keep separate so can do different processing on windows - - - #- Compile RNG data generator GenRndData$(OBJSUFX): tools/GenRndData.c - -$(CC) $(CFLAGS) -I./ -I$(ZLIB_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(SDK_DIR) tools/GenRndData.c $(ASM_TWEAKS) + $(CC) $(CFLAGS) -I./ -I$(ZLIB_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(SDK_DIR) tools/GenRndData.c $(ASM_TWEAKS) -GenRndData: $(GENRND_OBJS) - -$(LD) $(LDFLAGS) $(GENRND_OBJS) tmp/tmp/*$(OBJSUFX) $(LDLIBS) - -$(CP) GenRndData $(SDK_DIR)/ +GenRndData: $(GENRND_OBJS) $(SLIBCRYPTO) + $(LD) $(LDFLAGS) $(GENRND_OBJS) $(LDLIBS) $(SLIBCRYPTO) + $(CP) GenRndData $(SDK_DIR)/ -GenRndData.exe: $(GENRND_OBJS) - -$(LD) $(LDFLAGS) $(GENRND_OBJS) $(ICCLIB) $(LDLIBS) - -$(MT) -manifest $@.manifest -outputresource:$@\;1 +GenRndData.exe: $(GENRND_OBJS) $(SLIBCRYPTO) + $(LD) $(LDFLAGS) $(GENRND_OBJS) $(ICCLIB) $(LDLIBS) $(SLIBCRYPTO) $(SDK_DIR)/GenRndData.exe: GenRndData.exe - -$(CP) GenRndData.exe $@ - -$(CP) GenRndData.exe.manifest $(SDK_DIR)/ + $(CP) GenRndData.exe $@ + if [ -f GenRndData$(EXESUFX).manifest ]; then $(CP) GenRndData.exe.manifest $(SDK_DIR)/; fi #- Compile hash check tool sha256x$(OBJSUFX): tools/sha256x.c - -$(CC) $(CFLAGS) -I./ -I$(OSSLINC_DIR) tools/sha256x.c + $(CC) $(CFLAGS) -I./ -I$(OSSLINC_DIR) tools/sha256x.c -sha256x: sha256x$(OBJSUFX) $(SLIBCRYPTO) - -$(LD) $(LDFLAGS) sha256x$(OBJSUFX) $(SLIBCRYPTO) $(LDLIBS) - -$(CP) sha256x $(SDK_DIR)/ +sha256x: $(SDK_DIR) sha256x$(OBJSUFX) $(SLIBCRYPTO) + $(LD) $(LDFLAGS) sha256x$(OBJSUFX) $(SLIBCRYPTO) $(LDLIBS) + $(CP) sha256x $(SDK_DIR)/ -sha256x.exe: sha256x$(OBJSUFX) $(SLIBCRYPTO) - -$(LD) $(LDFLAGS) sha256x$(OBJSUFX) $(SLIBCRYPTO) $(SLIBSSL) $(LDLIBS) - -$(MT) -manifest $@.manifest -outputresource:$@\;1 - -$(CP) sha256x.exe $(SDK_DIR)/ -# -$(CP) sha256x.exe.manifest $(SDK_DIR)/ +sha256x.exe: $(SDK_DIR) sha256x$(OBJSUFX) $(SLIBCRYPTO) + $(LD) $(LDFLAGS) sha256x$(OBJSUFX) $(SLIBCRYPTO) $(SLIBSSL) $(LDLIBS) + $(CP) sha256x.exe $(SDK_DIR)/ #- Build FIPS RND data generator executable # GENRNDFIPS is either GenRdnDataFIPS.exe (winxxx) or GenRndDataFIPS @@ -87,45 +79,42 @@ sha256x.exe: sha256x$(OBJSUFX) $(SLIBCRYPTO) #- Compile newer RNG data generator -GenRndData2$(OBJSUFX): tools/GenRndData2.c $(SDK_DIR)/icc.h $(SDK_DIR)/icc_a.h $(SDK_DIR)/iccglobals.h $(ICCPKG_DIR)/iccversion.h $(ICCPKG_DIR)/buildinfo.h - -$(CC) $(CFLAGS) -I $(SDK_DIR) tools/GenRndData2.c +GenRndData2$(OBJSUFX): tools/GenRndData2.c $(SDK_DIR)/icc.h $(SDK_DIR)/icc_a.h $(SDK_DIR)/iccglobals.h + $(CC) $(CFLAGS) -I $(SDK_DIR) tools/GenRndData2.c -GenRndData2: GenRndData2$(OBJSUFX) $(ICCLIB) - -$(LD) $(LDFLAGS) GenRndData2$(OBJSUFX) $(ICCLIB) $(LDLIBS) - -$(CP) GenRndData2 $(SDK_DIR)/ +GenRndData2: $(SDK_DIR) GenRndData2$(OBJSUFX) $(ICCLIB) + $(LD) $(LDFLAGS) GenRndData2$(OBJSUFX) $(ICCLIB) $(LDLIBS) + $(CP) GenRndData2 $(SDK_DIR)/ -GenRndData2.exe: GenRndData2$(OBJSUFX) $(ICCLIB) - -$(LD) $(LDFLAGS) GenRndData2$(OBJSUFX) $(ICCLIB) $(LDLIBS) - -$(MT) -manifest $@.manifest -outputresource:$@\;1 - -$(CP) GenRndData2.exe $(SDK_DIR)/ +GenRndData2.exe: $(SDK_DIR) GenRndData2$(OBJSUFX) $(ICCLIB) + $(LD) $(LDFLAGS) GenRndData2$(OBJSUFX) $(ICCLIB) $(LDLIBS) + $(CP) GenRndData2.exe $(SDK_DIR)/ #- FIPS specific RNG data generator GenRndDataFIPS$(OBJSUFX): tools/GenRndDataFIPS.c - -$(CC) $(CFLAGS) -I./ -I$(ZLIB_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(SDK_DIR) tools/GenRndDataFIPS.c $(ASM_TWEAKS) + $(CC) $(CFLAGS) -I./ -I$(ZLIB_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(SDK_DIR) tools/GenRndDataFIPS.c $(ASM_TWEAKS) GenRndDataFIPS : $(GENRNDFIPS_OBJS) - -$(LD) $(LDFLAGS) $(GENRNDFIPS_OBJS) $(LDLIBS) + $(LD) $(LDFLAGS) $(GENRNDFIPS_OBJS) $(LDLIBS) GenRndDataFIPS.exe : $(GENRNDFIPS_OBJS) - -$(LD) $(LDFLAGS) $(GENRNDFIPS_OBJS) $(LDLIBS) - -$(MT) -manifest $@.manifest -outputresource:$@\;1 + $(LD) $(LDFLAGS) $(GENRNDFIPS_OBJS) $(LDLIBS) # #- Build an exectuable version of libicclib.so so we can debug the POST code # -#icclib_sa.c: icclib.c tracer.h -# $(CP) icclib.c $@ +icclib_sa$(OBJSUFX): icclib.c loaded.c loaded.h tracer.h extsig.h $(SDK_DIR)/mystdint.h + $(CC) -DICCDLL_NAME="\"icclib_sa$(EXESUFX)\"" -DSTANDALONE_ICCLIB -DOPSYS="\"$(OPSYS)\"" -DMYNAME=icclib_sa$(VTAG) $(CFLAGS) \ + $(PQCINC) -I./ -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) icclib.c $(OUT)$@ -icclib_sa$(OBJSUFX): icclib.c loaded.c loaded.h tracer.h extsig.h - $(CC) -DICCDLL_NAME="\"icclib_sa$(EXESUFX)\"" -DSTANDALONE_ICCLIB -DOPSYS="\"$(OPSYS)\"" -DMYNAME=icclib_sa$(VTAG) $(CFLAGS) \ - -I../$(ZLIB) -I./ -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) icclib.c $(OUT)$@ +# note: ARGON in the module is disabled on some platforms because of blake2b symbol clash -icclib_sa$(EXESUFX): icclib_sa$(OBJSUFX) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) tmp/tmp/dummyfile extsig$(OBJSUFX) signer$(EXESUFX) - $(LD) $(LDFLAGS) icclib_sa$(OBJSUFX) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) tmp/tmp/*$(OBJSUFX) $(LDLIBS) +icclib_sa$(EXESUFX): icclib_sa$(OBJSUFX) $(ARGON) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) tmp/tmp/dummyfile extsig$(OBJSUFX) signer$(EXESUFX) + $(LD) $(LDFLAGS) icclib_sa$(OBJSUFX) $(ARGON) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) tmp/tmp/*$(OBJSUFX) $(LDLIBS) $(PQCLIBS) $(OPENSSL_PATH_SETUP) ./signer$(EXESUFX) ICCLIB_SA.txt privkey.rsa -SELF -FILE icclib_sa$(EXESUFX) $(TWEAKS) @@ -149,4 +138,86 @@ integ$(OBJSUFX): integ.c $(SDK_DIR)/icc.h $(SDK_DIR)/icc_a.h $(SDK_DIR)/iccglob -$(CC) $(CFLAGS) -I./ -I $(SDK_DIR) tools/integ.c integ$(EXESUFX): $(ICCDLL) $(ICCLIB) integ$(OBJSUFX) - -$(LD) $(LDFLAGS) integ$(OBJSUFX) $(ICCLIB) $(LDLIBS) \ No newline at end of file + -$(LD) $(LDFLAGS) integ$(OBJSUFX) $(ICCLIB) $(LDLIBS) + +test_NIST_algs$(OBJSUFX): TRNG/test_NIST_algs.c + -$(CC) $(CFLAGS) -I./ TRNG/test_NIST_algs.c + +test_NIST_algs$(EXESUFX): test_NIST_algs$(OBJSUFX) nist_algs$(OBJSUFX) noise_to_entropy$(OBJSUFX) + -$(LD) $(LDFLAGS) test_NIST_algs$(OBJSUFX) nist_algs$(OBJSUFX) noise_to_entropy$(OBJSUFX) $(LDLIBS) + +#============================== TRNG test tools ================================ + + +filter$(OBJSUFX): tools/filter.c $(SDK_DIR) $(TRNG_DIR)/timer_fips.h + -$(CC) $(CFLAGS) -I./ $(TRNG_DIRS) -DSTANDALONE_TE=1 tools/filter.c + +filter$(EXESUFX): filter$(OBJSUFX) nist_algs$(OBJSUFX) delta$(OBJSUFX) timer_entropy$(OBJSUFX) timer_fips$(OBJSUFX) $(ASMOBJS) tmp/tmp/dummyfile + -$(LD) $(LDFLAGS) filter$(OBJSUFX) nist_algs$(OBJSUFX) noise_to_entropy$(OBJSUFX) delta$(OBJSUFX) timer_entropy$(OBJSUFX) timer_fips$(OBJSUFX) $(ASMOBJS) $(LDLIBS) + -$(CP) filter$(EXESUFX) $(SDK_DIR)/filter$(EXESUFX) + +sampler$(OBJSUFX): tools/sampler.c $(SDK_DIR) $(TRNG_DIR)/timer_entropy.h $(TRNG_DIR)/stats.h + -$(CC) $(CFLAGS) -I./ $(TRNG_DIRS) tools/sampler.c + +sampler$(EXESUFX): sampler$(OBJSUFX) nist_algs$(OBJSUFX) timer_entropy$(OBJSUFX) noise_to_entropy$(OBJSUFX) $(ASMOBJS) tmp/tmp/dummyfile + -$(LD) $(LDFLAGS) sampler$(OBJSUFX) nist_algs$(OBJSUFX) timer_entropy$(OBJSUFX) noise_to_entropy$(OBJSUFX) $(ASMOBJS) $(LDLIBS) + -$(CP) sampler$(EXESUFX) $(SDK_DIR)/sampler$(EXESUFX) + +faker$(OBJSUFX): tools/faker.c $(SDK_DIR) $(TRNG_DIR)/timer_entropy.h $(TRNG_DIR)/stats.h + -$(CC) $(CFLAGS) -I./ $(TRNG_DIRS) tools/faker.c + +faker$(EXESUFX): faker$(OBJSUFX) nist_algs$(OBJSUFX) noise_to_entropy$(OBJSUFX) tmp/tmp/dummyfile + -$(LD) $(LDFLAGS) faker$(OBJSUFX) nist_algs$(OBJSUFX) noise_to_entropy$(OBJSUFX) $(LDLIBS) + +FIPS_collector$(OBJSUFX): tools/FIPS_collector.c $(SDK_DIR) $(TRNG_DIR)/timer_entropy.c $(TRNG_DIR)/timer_fips.c \ + $(TRNG_DIR)/nist_algs.c + -$(CC) $(CFLAGS) -I./ $(TRNG_DIRS) tools/FIPS_collector.c + + +FIPS_collector$(EXESUFX): FIPS_collector$(OBJSUFX) looper$(OBJSUFX) tmp/tmp/dummyfile + -$(LD) $(LDFLAGS) FIPS_collector$(OBJSUFX) looper$(OBJSUFX) $(ASMOBJS) $(LDLIBS) + +# +# Basic collect plausible noise events +# + +FIPS_filter$(OBJSUFX): tools/FIPS_filter.c $(SDK_DIR) $(TRNG_DIR)/timer_fips.c $(TRNG_DIR)/nist_algs.c $(TRNG_DIR)/ext_filter.c + -$(CC) $(CFLAGS) -I./ $(TRNG_DIRS) tools/FIPS_filter.c + +FIPS_filter$(EXESUFX): FIPS_filter$(OBJSUFX) tmp/tmp/dummyfile + -$(LD) $(LDFLAGS) FIPS_filter$(OBJSUFX) $(LDLIBS) + +# +# Tried, didn't help +# +FIPS_mem_collector$(OBJSUFX): tools/FIPS_mem_collector.c $(SDK_DIR) $(TRNG_DIR)/timer_entropy.c $(TRNG_DIR)/timer_fips.c \ + $(TRNG_DIR)/nist_algs.c + -$(CC) $(CFLAGS) -I./ $(TRNG_DIRS) tools/FIPS_mem_collector.c + +FIPS_mem_collector$(EXESUFX): FIPS_mem_collector$(OBJSUFX) looper$(OBJSUFX) tmp/tmp/dummyfile + -$(LD) $(LDFLAGS) FIPS_mem_collector$(OBJSUFX) looper$(OBJSUFX) $(ASMOBJS) $(LDLIBS) + + + + +FIPS_filter_lt$(OBJSUFX): tools/FIPS_filter_lt.c $(SDK_DIR) $(TRNG_DIR)/timer_fips.c $(TRNG_DIR)/nist_algs.c $(TRNG_DIR)/ext_filter.c + -$(CC) $(CFLAGS) -I./ $(TRNG_DIRS) tools/FIPS_filter_lt.c + +FIPS_filter_lt$(EXESUFX): FIPS_filter_lt$(OBJSUFX) tmp/tmp/dummyfile + -$(LD) $(LDFLAGS) FIPS_filter_lt$(OBJSUFX) $(LDLIBS) + +FIPS_filter_debias$(OBJSUFX): tools/FIPS_filter_debias.c $(SDK_DIR) $(TRNG_DIR)/timer_fips.c $(TRNG_DIR)/nist_algs.c $(TRNG_DIR)/ext_filter.c \ + $(TRNG_DIR)/noise_to_entropy.h + -$(CC) $(CFLAGS) -I./ $(TRNG_DIRS) tools/FIPS_filter_debias.c + +FIPS_filter_debias$(EXESUFX): FIPS_filter_debias$(OBJSUFX) tmp/tmp/dummyfile + -$(LD) $(LDFLAGS) FIPS_filter_debias$(OBJSUFX) $(LDLIBS) + +# Offline test of distribution squeezing. data in, squeezed data out + +squeeze$(OBJSUFX): tools/squeeze.c $(TRNG_DIR)/ext_filter.c + -$(CC) $(CFLAGS) -I./ $(TRNG_DIRS) tools/squeeze.c + +squeeze$(EXESUFX): squeeze$(OBJSUFX) + -$(LD) $(LDFLAGS) squeeze$(OBJSUFX) +#============================= END TRNG components ================================ \ No newline at end of file diff --git a/icc/tools/GenRndData.c b/icc/tools/GenRndData.c index eff925d..e690c65 100644 --- a/icc/tools/GenRndData.c +++ b/icc/tools/GenRndData.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -28,7 +28,7 @@ #endif #include "TRNG/noise_to_entropy.h" -#include "TRNG/TRNG_ALT4.h" +#include "TRNG/TRNG_FIPS.h" #define MIN_SAMP 64 @@ -50,7 +50,9 @@ void *ICC_Calloc(size_t n, size_t sz, const char *file, int line) { void ICC_Free(void *ptr) { free(ptr); } - +/* Disable this facility in GenRndData for now +*/ +int OPENSSL_HW_rand(unsigned char *buf) { return 0; } /* Not on ARM */ #if defined(__ARMEL__) || defined(__ARMEB__) || defined(__aarch64__) long efOPENSSL_rdtsc() @@ -72,20 +74,21 @@ unsigned int Personalize(unsigned char *buffer) static E_SOURCE trng; -static ENTROPY_IMPL MYTRNGS [] = { +static ENTROPY_IMPL MYTRNGS [2] = { { - "TRNG_HW", - TRNG_HW, - 2, - ALT4_getbytes, - ALT4_Init, - ALT4_Cleanup, - ALT4_preinit, - ALT4_Avail, + "TRNG_FIPS", /*!< Common name */ + TRNG_FIPS, /*!< Enum used internally */ + 4, /*!< Number of bits needed to produce nominally one bit of entropy after compression */ + TRNG_FIPS_getbytes, /*!< Callback to a buffer of entropy data */ + TRNG_FIPS_Init, /*!< Callback for TRNG Initialization */ + TRNG_FIPS_Cleanup, /*!< Callback for TRNG Cleanup */ + TRNG_FIPS_preinit, /*!< Callback for (global) setup for this TYPE of entropy source */ + TRNG_FIPS_Avail, /*!< availability */ NULL, - 0 + 1 } + }; @@ -99,6 +102,9 @@ void usage(char *me, char *why) { fprintf(stderr," N is the number of bytes of data to generate, N should be > 20,000, 250,000 is recommended\n"); fprintf(stderr," Output will be rounded up to a 256 byte boundary\n"); fprintf(stderr," %s is intended to generate raw random from ICC's internal TRNG for offile statistical testing.\n",me); + + fprintf(stderr," Note: To test other variants, install GSKit-Crypto and use GenRndData2\n"); + } /*! @brief Generate data needed for offline statistical testing of ICC's "raw" TRNG source diff --git a/icc/tools/GenRndData2.c b/icc/tools/GenRndData2.c index 7e2f4f3..3eac73e 100644 --- a/icc/tools/GenRndData2.c +++ b/icc/tools/GenRndData2.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/tools/GenRndDataFIPS.c b/icc/tools/GenRndDataFIPS.c index d50dd06..80b1bf3 100644 --- a/icc/tools/GenRndDataFIPS.c +++ b/icc/tools/GenRndDataFIPS.c @@ -1,17 +1,14 @@ -/************************************************************************* +/***************************************************************************** // Copyright IBM Corp. 2023 -// -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. -*************************************************************************/ - -/************************************************************************* +// // Description: // This module generates N bytes of random data for offline // statistical testing. (I.e. with the NIST test suite) // -*************************************************************************/ +******************************************************************************/ #include diff --git a/icc/tools/integ.c b/icc/tools/integ.c index 247c28a..48bddb8 100644 --- a/icc/tools/integ.c +++ b/icc/tools/integ.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/tools/nidtest.c b/icc/tools/nidtest.c index 44a181e..859796d 100644 --- a/icc/tools/nidtest.c +++ b/icc/tools/nidtest.c @@ -1,8 +1,8 @@ /* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. */ diff --git a/icc/tools/sha256x.c b/icc/tools/sha256x.c index 009a463..f2b8559 100644 --- a/icc/tools/sha256x.c +++ b/icc/tools/sha256x.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/tools/smalltest.c b/icc/tools/smalltest.c index 2ca221d..9cad07d 100644 --- a/icc/tools/smalltest.c +++ b/icc/tools/smalltest.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/tools/smalltest4.c b/icc/tools/smalltest4.c index 8534254..7e3a8d8 100644 --- a/icc/tools/smalltest4.c +++ b/icc/tools/smalltest4.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/tracer.h b/icc/tracer.h index e1cd12f..6d8bd4a 100644 --- a/icc/tracer.h +++ b/icc/tracer.h @@ -57,8 +57,8 @@ void TRACE_END(const char* fn); #define OUT() if (NULL != logfile) { fprintf(logfile,"%-16s:%-16s:%-8d:%-1s:%*s<%s\n",TimeMark(),__FILE__,mypid(),FIPS_TAG,((--TRACE_indent) < 40) ? TRACE_indent:40,"",__func__);fflush(logfile);} /* Out with integer return code */ #define OUTRC(rc) if(NULL != logfile) { fprintf(logfile,"%-16s:%-16s:%-8d:%1s:%*s<%s (%d)\n" ,TimeMark(),__FILE__,mypid(),FIPS_TAG,((--TRACE_indent) < 40) ? TRACE_indent : 40, "", __func__,rc);fflush(logfile);} -#define MARK(x,y) if(NULL != logfile) { fprintf(logfile,"%-16s:%-16s:%-8d:%-1s:%*s!%s %s %s\n",TimeMark(),__FILE__,mypid(),FIPS_TAG,(TRACE_indent < 40) ? TRACE_indent:40,"",__func__,x,y);fflush(logfile);} - +#define MARK(x,y) if(NULL != logfile) { fprintf(logfile,"%-16s:%-16s:%-8d:%-1s:%*s!%s %s %s\n",TimeMark(),__FILE__,mypid(),FIPS_TAG,(TRACE_indent < 40) ? TRACE_indent:40,"",__func__,(x),(y));fflush(logfile);} +#define MARK2(a,b) {MARK(a,b); if (pcb->trace_callback) pcb->trace_callback((a), (b)); } /* Include this ONLY in one file which will contain the active tracing code */ #if defined(TRACE_CODE) @@ -190,7 +190,7 @@ void TRACE_START(const char *source, const char *application, const char *fn) { FILE *tmpfile = NULL; char *path = NULL; - int alen = 0; + size_t alen = 0; char *platform = OPSYS; /* Yes, thread safe, this is called during library load */ static char trc_buffer[1024]; /* Path construction */ @@ -242,8 +242,8 @@ void TRACE_START(const char *source, const char *application, const char *fn) setbuf(logfile,NULL); TimeStamp(trc_buffer); if(NULL != logfile) { - fprintf(logfile,"%-16s:%-16s:%-8d,%1s:%s %s %s %s\n",TimeMark(),fn,mypid(),FIPS_TAG,application,source,platform,trc_buffer); - fprintf(logfile,"%-16s:%-16s:%-8d,%1s,CLOCKS_PER_SEC=%ld\n",TimeMark(),fn,mypid(),FIPS_TAG,(long)CLOCKS_PER_SEC); + fprintf(logfile,"%-16s:%-16s:%-8d:%1s:%s %s %s %s\n",TimeMark(),fn,mypid(),FIPS_TAG,application,source,platform,trc_buffer); + fprintf(logfile,"%-16s:%-16s:%-8d:%1s:CLOCKS_PER_SEC=%ld\n",TimeMark(),fn,mypid(),FIPS_TAG,(long)CLOCKS_PER_SEC); fflush(logfile); } } diff --git a/icc/zlib.mk b/icc/zlib.mk index 58a3641..9065c35 100644 --- a/icc/zlib.mk +++ b/icc/zlib.mk @@ -12,7 +12,7 @@ ZLIB = zlib-$(ZLIB_VER) # EX_SUFFIX (=_ex) is defined to build from source already extracted from tar file and # checked into source control. This option is used by iSeries/OS400 for Clearcase builds. -ZLIB_DIR = ../$(ZLIB)$(EX_SUFFIX) +ZLIB_DIR = $(ICC_ROOT)/$(ZLIB)$(EX_SUFFIX) ZLIB_SRC = $(ZLIB_DIR)/adler32.c $(ZLIB_DIR)/compress.c $(ZLIB_DIR)/crc32.c \ $(ZLIB_DIR)/deflate.c $(ZLIB_DIR)/inffast.c $(ZLIB_DIR)/inflate.c \ diff --git a/iccpkg/Argon2/Argon2.mk b/iccpkg/Argon2/Argon2.mk new file mode 100644 index 0000000..32d924a --- /dev/null +++ b/iccpkg/Argon2/Argon2.mk @@ -0,0 +1,43 @@ +ARGON2_SRC = Argon2/argon2.c Argon2/core.c Argon2/blake2/blake2b.c \ + Argon2/thread.c Argon2/encoding.c Argon2/opt.c + +ARGON2_CFLAGS = -I Argon2/ $(CFLAGS) + +argon2_obj = Argon2/argon2$(OBJSUFX) Argon2/blake2b$(OBJSUFX) Argon2/thread$(OBJSUFX) Argon2/encoding$(OBJSUFX) Argon2/core$(OBJSUFX) Argon2/ref$(OBJSUFX) + + + +Argon2/argon2$(OBJSUFX): $(ICC_ROOT)/iccpkg/Argon2/Argon2.mk Argon2/argon2.c Argon2/argon2.h Argon2/encoding.h \ + Argon2/core.h + $(CC) $(ARGON2_CFLAGS) Argon2/argon2.c $(OUT)$@ + +Argon2/core$(OBJSUFX): $(ICC_ROOT)/iccpkg/Argon2/Argon2.mk Argon2/core.c Argon2/core.h Argon2/thread.h \ + Argon2/blake2/blake2.h Argon2/blake2/blake2-impl.h + $(CC) $(ARGON2_CFLAGS) Argon2/core.c $(OUT)$@ + +Argon2/blake2b$(OBJSUFX): $(ICC_ROOT)/iccpkg/Argon2/Argon2.mk Argon2/blake2/blake2b.c \ + Argon2/blake2/blake2.h Argon2/blake2/blake2-impl.h + $(CC) $(ARGON2_CFLAGS) Argon2/blake2/blake2b.c $(OUT)$@ + +Argon2/thread$(OBJSUFX): $(ICC_ROOT)/iccpkg/Argon2/Argon2.mk Argon2/thread.c Argon2/thread.h + $(CC) $(ARGON2_CFLAGS) Argon2/thread.c $(OUT)$@ + +Argon2/encoding$(OBJSUFX): $(ICC_ROOT)/iccpkg/Argon2/Argon2.mk Argon2/encoding.c Argon2/core.h Argon2/encoding.h + $(CC) $(ARGON2_CFLAGS) Argon2/encoding.c $(OUT)$@ + +Argon2/ref$(OBJSUFX): $(ICC_ROOT)/iccpkg/Argon2/Argon2.mk Argon2/ref.c Argon2/argon2.h \ + Argon2/blake2/blamka-round-ref.h + $(CC) $(ARGON2_CFLAGS) Argon2/ref.c $(OUT)$@ + + +clean_argon2: + rm -f $(argon2_obj) + +show_argon2: + echo "ARGON2_CFLAGS = $(ARGON2_CFLAGS)" + echo "argon2_obj = $(argon2_obj)" + +test: Argon2/test.c + $(CC) $(CFLAGS) -Wextra -Wno-type-limits $^ -o testcase + @sh kats/test.sh + ./testcase \ No newline at end of file diff --git a/iccpkg/Makefile b/iccpkg/Makefile index 1d7afcb..b8bf986 100644 --- a/iccpkg/Makefile +++ b/iccpkg/Makefile @@ -5,53 +5,81 @@ # make OPSYS= # +default: all + # Makefile needs to define this as relative path from Makefile's dir to the base of ICC source dir ICC_ROOT=.. CONFIG = debug BUILD = developer -include ../icc/VTAG.mk - - - -include ../icc/platforms.mk - - - -# Version # of the old ICC -OLDVER = $(FVTAG) +# Allow us to build a gskit_crypto without the OLD icc present +include muppet.mk -# Version # of the new ICC +include $(ICC_ROOT)/icc/VTAG.mk +include $(ICC_ROOT)/icc/platforms.mk -include ../icc/icc_defs.mk -include ../icc/opensslver.mk +include $(ICC_ROOT)/icc/icc_defs.mk +include $(ICC_ROOT)/icc/opensslver.mk # GSKit-Crypto defs +# defines JGSK_DIR and GSK_DIR ($(ICC_ROOT)/package/gskit_crypto) include gsk_crypto.mk ## Build specific definitions - file target etc. include iccpkg.mk - -# Hack to allow us to build a gskit_crypto without the OLD icc present -include muppet.mk - developer_CFLAGS = -DVTAG=$(VTAG) -DINSTDIR=\""$(GSK_GLOBAL)"\" OFFICIAL_CFLAGS = -DICC_OFFICIAL_BUILD $(developer_CFLAGS) - ICCLIB = $(STLPRFX)icc$(STLSUFX) +#STKPK11 = pkcs11_iccpkg_container$(OBJSUFX) + +# Note: match same definitions in icc/Makefile +PACKAGE_DIR = $(ICC_ROOT)/package +RTE_DIR = $(PACKAGE_DIR)/icc +SDK_DIR = $(PACKAGE_DIR)/iccsdk -NEW_ICC = ../package +# platforms/*.mk are still using this alias +NEW_ICC = $(PACKAGE_DIR) -ZLIB_LIB = ../icc/$(STLPRFX)zlib$(STLSUFX) +ZLIB_LIB = $(ICC_ROOT)/icc/$(STLPRFX)zlib$(STLSUFX) +# Version # of the old ICC from VTAG.mk +OLDVER = $(FVTAG) +OLD_LIBICC = $(SHLPRFX)icclib$(OLDVER)$(SHLSUFX) +# ref ICCDLL_NAME NEW_LIBICC = $(SHLPRFX)icclib$(VTAG)$(SHLSUFX) +# This gets linked into step library for ICCN_ symbols +ifeq ($(strip $(IS_FIPS)),) + MYICC = newicc +else + MYICC = icc +endif + +# local alias directory names - deprecated and only used in this Makefile +# These are the runtime directories (package/*gskit_crypto/) +INST_DIR = $(GSK_DIR) +JINST_DIR = $(JGSK_DIR) + + # Sign tool for Microsoft Authenticode +ifeq ($(findstring VS2022, $(OPSYS)), VS2022) +SIGN_COMMAND = ../../signwindowsfile.ksh +else SIGN_COMMAND = /build/build/scripts/signwindowsfile.ksh +endif + +# IBM Crypto for C perf tool +ICCPKG_PERF = $(GSK_SDK)/icc_perf$(EXESUFX) + +# IBM Crypto for C perf tool (Java variant) +JICC_PERF = $(JGSK_SDK)/bin/jicc_perf$(EXESUFX) + +# PKCS#11 perf tool +PK11_PERF = $(GSK_SDK)/pkcs11_thread$(EXESUFX) #Random number generator GSK_RNG = $(GSK_SDK)/GenRndData2$(EXESUFX) @@ -59,16 +87,27 @@ GSK_RNG = $(GSK_SDK)/GenRndData2$(EXESUFX) #ICC RNG core ICC_RNG = $(GSK_SDK)/GenRndData$(EXESUFX) -#BVT -GSK_BVT = $(GSK_SDK)/icctest$(EXESUFX) - # OpenSSL command line GSK_OPENSSL = $(GSK_SDK)/openssl$(EXESUFX) +$(GSK_DIR)/Standard_International_Program_License_Agreement.pdf: $(GSK_DIR) $(ICC_ROOT)/icc/Standard_International_Program_License_Agreement.pdf + $(CP) $(ICC_ROOT)/icc/Standard_International_Program_License_Agreement.pdf $@ + chmod +w $@ +$(GSK_SDK)/Standard_International_Program_License_Agreement.pdf: $(GSK_SDK) $(ICC_ROOT)/icc/Standard_International_Program_License_Agreement.pdf + $(CP) $(ICC_ROOT)/icc/Standard_International_Program_License_Agreement.pdf $@ + chmod +w $@ +SDK_TARGETS = \ + $(GSK_RNG) \ + $(GSK_OPENSSL) \ + $(GSK_SDK)/icctest$(EXESUFX) \ + $(GSK_SDK)/chkiccload$(EXESUFX) \ + $(GSK_SDK)/sigtest$(EXESUFX) \ + $(GSK_SDK)/kemtest$(EXESUFX) \ + $(GSK_SDK)/sigtest.c \ + $(GSK_SDK)/kemtest.c -SDK_TARGETS = $(GSK_RNG) # $(ICC_RNG) \ @@ -79,24 +118,34 @@ JSDK_TARGETS = \ $(JGSK_SDK)/inc/jcc_a.h \ $(JGSK_SDK)/bin/jcctest$(EXESUFX) +# $(JGSK_SDK)/inc/hkdf.h \ + # Note the lib/ dir in the JSDK only exists on windows and # is built & populated when we build the shared lib JGSK_TARGETS = \ $(JGSK_LIB) + +ICKC_TARGETS = $(ICKC_LIB) +ICKCSDK_TARGETS : runtime_setup sdk_setup Jruntime_setup $(ICKC_SDK) \ + $(ICKC_SDK)/inc/icc.h \ + $(ICKC_SDK)/inc/iccglobals.h \ + $(ICKC_SDK)/inc/icc_a.h \ + $(ICKC_SDK)/inc/ickc_a.h \ + $(ICKC_SDK)/bin/ickctest$(EXESUFX) + echo $@ made + # # Source .[c|h] files created as part of the build # -TMP_SRC = iccpkg.h icc.h icc_a.h iccglobals.h \ - iccversion.h \ - jcctest.c jgsk_wrap2.c +TMP_SRC = iccpkg.h icc_a.h jcctest.c ickctest.c # # objects copied from elsewhere, don't exist on all platforms ! # TMP_OBJS = delta$(OBJSUFX) iccstub$(OBJSUFX) high_res_timer$(OBJSUFX) \ - rng-ppc.o RdCTR_raw.o \ + rng-ppc.o RdCTR_raw.o $(STLPRFX)pkcs11_iccpkg_api$(STLSUFX) \ looper$(OBJSUFX) # @@ -104,27 +153,44 @@ TMP_OBJS = delta$(OBJSUFX) iccstub$(OBJSUFX) high_res_timer$(OBJSUFX) \ # EX_OBJS = #EX_OBJS = exp$(OBJSUFX) totp$(OBJSUFX) +JEX_OBJS = +#JEX_OBJS = jexp$(OBJSUFX) -TARGETS = runtime_setup Jruntime_setup \ +TARGETS = \ $(TIMER_OBJS) \ - $(GSK_LIB) \ icctest$(EXESUFX) \ + icctest_s$(EXESUFX) \ GenRndData2$(EXESUFX) \ smalltest$(EXESUFX) \ - $(SDK_TARGETS) \ - $(GSK_OPENSSL) \ - $(GSK_BVT) \ - $(JGSK_TARGETS) $(JSDK_TARGETS) + $(JGSK_TARGETS) $(JSDK_TARGETS) \ + $(ICKC_TARGETS) ICKCSDK_TARGETS + +SDK_HEADERS = $(GSK_SDK)/icc.h $(GSK_SDK)/icc_a.h $(GSK_SDK)/iccglobals.h +# our local dks integration and test code +# sigtest and kemtest comes from here +pqc_test_build: + $(MAKE) -C pqc all + +# only run the pqc test if we have pqc support present +ifeq ($(strip $(PQCLIBS)),) +pqc_tests: + echo "No dks pqc support" +else +pqc_tests: + $(MAKE) -C pqc tests +endif # cache_test$(EXESUFX) Specify manually as a target, may not build/run on all platforms due # to duplaicted objects in the executable -all: $(TARGETS) +# note: from gsk_crypto.mk GSK_LIB = $(GSK_DIR)/$(GSK_LIBNAME) + +all: $(SDK_HEADERS) $(GSK_LIB) $(GSK_LIB_STATIC) runtime_setup sdk_setup Jruntime_setup $(TARGETS) pqc_test_build $(SDK_TARGETS) -include ../icc/zlib.mk +include $(ICC_ROOT)/icc/zlib.mk # Disabled. The reference code doesn't implement the spec. #include Argon2/Argon2.mk @@ -169,60 +235,126 @@ ICCPKG_DOC_PARTS = \ iccpkg.h: $(ICCPKG_DOC_PARTS) cat $(ICCPKG_DOC_PARTS) >$@ -icc_a.h: iccpkg_a.h - $(CP) iccpkg_a.h $@ - -iccversion.h: ../icc/iccversion.h - $(CP) ../icc/iccversion.h $@ - -icc.h: ../icc/icc.h - $(CP) ../icc/icc.h $@ - -iccglobals.h: ../icc/iccglobals.h - $(CP) ../icc/iccglobals.h $@ +# iccpkg_a.h is written by the ICCencapsulator but is always copied to icc_a.h to be used so is not the same as icc/icc_a.h +# it has the ICC_ API names for the step library and NOT the NICC or CICC names that the module gets. +# This header substitution is what allows the icctest.c source to be built against the module (in icc) or the step library (in iccpkg) +#icc_a.h: iccpkg_a.h +# $(CP) iccpkg_a.h $@ -delta$(OBJSUFX): ../icc/delta$(OBJSUFX) - $(CP) ../icc/delta$(OBJSUFX) $@ +delta$(OBJSUFX): $(ICC_ROOT)/icc/delta$(OBJSUFX) + $(CP) $(ICC_ROOT)/icc/delta$(OBJSUFX) $@ -looper$(OBJSUFX): ../icc/looper$(OBJSUFX) - $(CP) ../icc/looper$(OBJSUFX) $@ +looper$(OBJSUFX): $(ICC_ROOT)/icc/looper$(OBJSUFX) + $(CP) $(ICC_ROOT)/icc/looper$(OBJSUFX) $@ -iccstub$(OBJSUFX): ../icc/iccstub$(OBJSUFX) - $(CP) ../icc/iccstub$(OBJSUFX) $@ +iccstub$(OBJSUFX): $(ICC_ROOT)/icc/iccstub$(OBJSUFX) + $(CP) $(ICC_ROOT)/icc/iccstub$(OBJSUFX) $@ -high_res_timer$(OBJSUFX): ../icc/high_res_timer$(OBJSUFX) - $(CP) ../icc/high_res_timer$(OBJSUFX) $@ +high_res_timer$(OBJSUFX): $(ICC_ROOT)/icc/high_res_timer$(OBJSUFX) + $(CP) $(ICC_ROOT)/icc/high_res_timer$(OBJSUFX) $@ # Needed on some platforms $(ASMOBJS) -rng-ppc.o: ../icc/rng-ppc.o - $(CP) ../icc/rng-ppc.o $@ +rng-ppc.o: $(ICC_ROOT)/icc/rng-ppc.o + $(CP) $(ICC_ROOT)/icc/rng-ppc.o $@ -RdCTR_raw.o: ../icc/RdCTR_raw.o - $(CP) ../icc/RdCTR_raw.o $@ +RdCTR_raw.o: $(ICC_ROOT)/icc/RdCTR_raw.o + $(CP) $(ICC_ROOT)/icc/RdCTR_raw.o $@ +# note: not $(ARGON) here - step library has no blake2b clash TIMER_OBJS = delta$(OBJSUFX) iccstub$(OBJSUFX) \ high_res_timer$(OBJSUFX) $(ASMOBJS) \ - looper$(OBJSUFX) -#$(argon2_obj) $(DilKyb_obj) + $(argon2_obj) $(DilKyb_obj) looper$(OBJSUFX) JTIMER_OBJS = delta$(OBJSUFX) iccstub$(OBJSUFX) \ + high_res_timer$(OBJSUFX) $(ASMOBJS) \ + $(argon2_obj) $(DilKyb_java_obj) looper$(OBJSUFX) + +# no experimental APIs - these are integrated into the module now. +ICKCTIMER_OBJS = delta$(OBJSUFX) iccstub$(OBJSUFX) \ high_res_timer$(OBJSUFX) $(ASMOBJS) \ looper$(OBJSUFX) -#$(argon2_obj) $(DilKyb_java_obj) +# edit the base Doxyfile to convert project heading "(confidential)" to the current release version info + +Doxyfile: ICCPKG_Doxyfile $(ICC_ROOT)/icc/ICC_ver.txt docbits/h.txt docbits/t.txt + $(CP) $(ICC_ROOT)/icc/ICC_ver.txt docbits/ver.txt + sed -i 's/_/./g' docbits/ver.txt + cat docbits/h.txt > docbits/sedcmd + echo -n `cat docbits/ver.txt` >> docbits/sedcmd + cat docbits/t.txt >> docbits/sedcmd + sed -f docbits/sedcmd ICCPKG_Doxyfile >Doxyfile + +doc:IBM_CKC.pdf + +IBM_CKC.pdf: iccpkg.h iccpkg_a.h $(ICC_ROOT)/icc/icc.h $(ICC_ROOT)/icc/iccglobals.h Doxyfile $(ICC_ROOT)/icc/ICC_ver.txt + doxygen Doxyfile + $(CP) $(ICCPKG_GFX) API_html/ + ( \ + $(CP) $(ICC_ROOT)/doc/doxygen.sty latex/ ; \ + perl ./makePDFver.pl ; \ + cd latex ; \ + rm -f *.ps *.dvi *.aux *.toc *.idx *.ind *.ilg *.log *.out *.brf *.blg *.bbl refman.pdf; \ + pdflatex refman; \ + makeindex refman.idx ; \ + pdflatex refman; \ + latex_count=5 ; \ + while egrep -s 'Rerun (LaTeX|to get cross-references right)' refman.log && [ $$latex_count -gt 0 ] ;\ + do \ + echo "Rerunning latex...." ;\ + pdflatex refman ;\ + latex_count=`expr $$latex_count - 1` ;\ + done; \ + $(CP) refman.pdf IBM_CKC.pdf ;\ + cd ..;\ + ) + + +# Headers for experimental algorithms +$(GSK_SDK)/gsk_argon2.h: $(GSK_SDK) Argon2/gsk_argon2.h + $(CP) Argon2/gsk_argon2.h $@ + +$(GSK_SDK)/pqapi.h: $(GSK_SDK) DilKyb/headers/pqapi.h + $(CP) DilKyb/headers/pqapi.h $@ + +$(GSK_SDK)/pqparams.h: $(GSK_SDK) DilKyb/headers/pqparams.h + $(CP) DilKyb/headers/pqparams.h $@ + +$(GSK_SDK)/gsk_exp.h: $(GSK_SDK) gsk_exp.h + $(CP) gsk_exp.h $@ + +# deprecated - use newer API - ref kemtest.c +# Example code for 'experimental' algorithms +$(GSK_SDK)/PQCgenKAT_sign.c: $(GSK_SDK) DilKyb/dilithium/PQCgenKAT_sign.c + $(CP) DilKyb/dilithium/PQCgenKAT_sign.c $@ + +$(GSK_SDK)/PQCgenKAT_kem.c: $(GSK_SDK) DilKyb/kyber/PQCgenKAT_kem.c + $(CP) DilKyb/kyber/PQCgenKAT_kem.c $@ +# end deprecated + +$(GSK_SDK)/argon2_example.c: $(GSK_SDK) Argon2/argon2_example.c + $(CP) Argon2/argon2_example.c $@ + +pqc/kemtest$(EXESUFX): + $(MAKE) -C pqc all -$(GSK_SDK): - $(MKDIR) $(GSK_SDK) +$(GSK_SDK)/kemtest$(EXESUFX): $(GSK_SDK) pqc/kemtest$(EXESUFX) + $(CP) pqc/kemtest$(EXESUFX) $@ -$(GSK_DIR): - $(MKDIR) $(GSK_DIR) +$(GSK_SDK)/kemtest.c: $(GSK_SDK) pqc/kemtest.c + $(CP) pqc/kemtest.c $@ -$(GSK_SDK)/icc.h: $(GSK_SDK) icc.h - $(CP) icc.h $@ +pqc/sigtest$(EXESUFX): + $(MAKE) -C pqc all -$(GSK_SDK)/icc_a.h: $(GSK_SDK) icc_a.h - $(CP) icc_a.h $@ +$(GSK_SDK)/sigtest$(EXESUFX): $(GSK_SDK) pqc/sigtest$(EXESUFX) + $(CP) pqc/sigtest$(EXESUFX) $@ + +$(GSK_SDK)/sigtest.c: $(GSK_SDK) pqc/sigtest.c + $(CP) pqc/sigtest.c $@ + +OS_helpers.c: $(ICC_ROOT)/icc/OS_helpers.c + $(CP) $(ICC_ROOT)/icc/OS_helpers.c $@ $(GSK_SDK)/icc_aux.h: $(GSK_SDK) icc_aux.h $(CP) icc_aux.h $@ @@ -230,74 +362,130 @@ $(GSK_SDK)/icc_aux.h: $(GSK_SDK) icc_aux.h $(GSK_SDK)/icc_aux_a.h: $(GSK_SDK) icc_aux_a.h $(CP) icc_aux_a.h $@ -$(GSK_SDK)/iccglobals.h: $(GSK_SDK) iccglobals.h - $(CP) iccglobals.h $@ +$(GSK_SDK)/totp.h: $(GSK_SDK) TOTP/totp.h + $(CP) TOTP/totp.h $@ + +$(GSK_SDK)/delta_t.h: $(GSK_SDK) $(ICC_ROOT)/icc/DELTA/delta_t.h + $(CP) $(ICC_ROOT)/icc/DELTA/delta_t.h $@ + +$(ICC_ROOT)/doc/IBM_CKC.pdf: + echo "this needs to be checked in after building docs" + +$(GSK_SDK)/IBM_CKC.pdf: $(GSK_SDK) $(ICC_ROOT)/doc/IBM_CKC.pdf + $(CP) $(ICC_ROOT)/doc/IBM_CKC.pdf $@ + +# if it is a no_legacy build then delete the C dir completely + +runtime_setup_C: $(INST_DIR)/C/icc/icclib/$(OLD_LIBICC) $(INST_DIR)/C/icc/ReadMe.txt + if [ -f $(ICC_ROOT)/icc/create_icc_no_legacy.0 ]; then echo "No FIPS ICC build"; fi ; + if [ -f $(ICC_ROOT)/icc/create_icc_no_legacy.0 ]; then $(RM) -r $(INST_DIR)/C; fi ; + +sdk_setup_C: $(GSK_SDK)/icc.h $(GSK_SDK)/icc_a.h $(GSK_SDK)/iccglobals.h + +# $(GSK_SDK)/pqapi.h $(GSK_SDK)/pqparams.h \ +# $(GSK_SDK)/gsk_argon2.h $(GSK_SDK)/gsk_exp.h +# $(GSK_SDK)/hkdf.h -$(GSK_SDK)/delta_t.h: $(GSK_SDK) ../icc/DELTA/delta_t.h - $(CP) ../icc/DELTA/delta_t.h $@ +# create archive to upload to github release - ref icc/Makefile create_icc and OLD_ICC/$(OPSYS) targets +# this needs to be loaded manually into a github release +oldicc_$(OPSYS).tar.gz: OLD_ICC/$(OPSYS) + tar czf $@ $< -$(GSK_SDK)/GSKit_Crypto.pdf: $(GSK_SDK) ../doc/GSKit_Crypto.pdf - $(CP) ../doc/GSKit_Crypto.pdf $@ +$(INST_DIR)/C : $(INST_DIR) + $(MKDIR) $@ +$(INST_DIR)/C/icc : $(INST_DIR)/C + $(MKDIR) $@ +$(INST_DIR)/C/icc/icclib: $(INST_DIR)/C/icc + $(MKDIR) $@ -$(INST_DIR): - $(MKDIR) $(INST_DIR) +$(INST_DIR)/C/icc/ReadMe.txt: $(INST_DIR)/C/icc/icclib + -$(CP) OLD_ICC/AMD64_LINUX/icc/ReadMe.txt $@ +# OLD_ICC has checked in binaries so enforce correct permissions +# ignore errors because it may not be present +# for a no legacy build we will remove the FIPS lib if present +$(INST_DIR)/C/icc/icclib/$(OLD_LIBICC): $(INST_DIR)/C/icc/icclib + -$(CP) $(OLD_ICC)/icc/icclib/* $(INST_DIR)/C/icc/icclib/ + -chmod +x $@ -runtime_setup_N: $(GSK_SDK) $(INST_DIR)/N/icc/icclib/$(NEW_LIBICC) \ - $(INST_DIR)/N/icc/ReadMe.txt \ - $(GSK_SDK)/delta_t.h +# if we are building FIPS then there is no legacy and we only have C which we just built in N - so rename it +runtime_setup_N: $(INST_DIR)/N/icc/icclib/$(NEW_LIBICC) $(INST_DIR)/N/icc/ReadMe.txt + if [ -f $(ICC_ROOT)/icc/create_fips.0 ]; then mv $(INST_DIR)/N $(INST_DIR)/C; fi ; -$(INST_DIR)/N/icc/ReadMe.txt: - -$(CP) $(NEW_ICC)/icc/ReadMe.txt $@ +# unstripped modules will need matching ICCSIG.txt and be OS signed on some platforms. +#$(INST_DIR)/N/icc/icclib/$(NEW_LIBICC).unstripped: $(GSK_SDK)/$(NEW_LIBICC).unstripped +# $(CP) $(GSK_SDK)/$(NEW_LIBICC).unstripped $@ +sdk_setup_N: $(GSK_SDK)/delta_t.h -$(INST_DIR)/N/icc/icclib/$(NEW_LIBICC): $(NEW_ICC)/icc/icclib/$(NEW_LIBICC) - -$(MKDIR) $(INST_DIR)/N/icc/icclib - $(CP) $(NEW_ICC)/icc/icclib/* $(INST_DIR)/N/icc/icclib/ +$(INST_DIR)/N : $(INST_DIR) + $(MKDIR) $@ +$(INST_DIR)/N/icc : $(INST_DIR)/N + $(MKDIR) $@ -runtime_setup: $(INST_DIR) runtime_setup_N +$(INST_DIR)/N/icc/icclib: $(INST_DIR) + $(MKDIR) $@ +$(INST_DIR)/N/icc/ReadMe.txt: $(INST_DIR)/N/icc/icclib $(RTE_DIR)/ReadMe.txt + $(CP) $(RTE_DIR)/ReadMe.txt $@ +$(INST_DIR)/N/icc/icclib/$(NEW_LIBICC): $(INST_DIR)/N/icc/icclib $(RTE_DIR)/icclib/$(NEW_LIBICC) + $(CP) $(RTE_DIR)/icclib/* $(INST_DIR)/N/icc/icclib/ -clean: clean_jgsk - -$(RM) icctest$(EXESUFX) - -$(RM) smalltest$(EXESUFX) memleak$(EXESUFX) \ - smalltest1$(EXESUFX) smalltest2$(EXESUFX) smalltest4$(EXESUFX) \ - smalltest5$(EXESUFX) \ - GenRndData2$(EXESUFX) cache_test$(EXESUFX) \ - smalltestW$(EXESUFX) - -$(RM) *.so *.dylib *.dll *.sl *.x *.lib - -$(RM) -r $(GSK_LIB) + +jexp$(OBJSUFX): exp.c + $(CC) $(CFLAGS) -DJGSK_WRAP exp.c $(OUT)$@ + +exp$(OBJSUFX): exp.c + $(CC) $(CFLAGS) exp.c $(OUT)$@ + +totp$(OBJSUFX): TOTP/totp.c TOTP/totp.h + $(CC) $(CFLAGS) TOTP/totp.c -I$(ICC_ROOT)/icc -ITOTP $(OUT)$@ + +runtime_setup: runtime_setup_C runtime_setup_N + +sdk_setup: sdk_setup_C sdk_setup_N + +clean: clean_jgsk clean_ickc + -$(RM) icctest$(EXESUFX) pktest_direct$(EXESUFX) loadtest$(EXESUFX) chkiccload$(EXESUFX) + -$(RM) icctest.c jcctest.c ickctest.c + -$(RM) $(TARGETS) $(SDK_TARGETS) + -$(RM) *.o *.obj *.so *.dylib *.dll *.sl *.x *.lib + -$(RM) *.ilk *.manifest *.pdb + -$(RM) $(GSK_LIB) -$(RM) $(GSK_LIB).unstripped - -$(RM) gsk_wrap2$(OBJSUFX) \ - icctest$(OBJSUFX) \ - $(TIMER_OBJS) $(JTIMER_OBJS) smalltest1$(OBJSUFX) \ - cache_test$(OBJSUFX) \ - jgsk_wrap2$(OBJSUFX) - -$(RM) loaded.c loaded.h tracer.h jrng_real.c jhkdf.c cache_test.c - -$(RM) iccpkg.h + -$(RM) delta.exp -$(RM) API_html/* -$(RM) $(INST_DIR)/N/icc/icclib/$(NEW_LIBICC) -$(RM) -r $(INST_DIR)/* -$(RM) -r $(GSK_SDK)/* -$(RM) -r $(TMP_SRC) $(TMP_OBJS) + -$(RM) exports_old/*.exp exports_old/iccstepZOS.h + -$(MAKE) -C TOTP clean + -$(RM) Doxyfile + -$(MAKE) -C pqc clean + +# Note: Need to rm after copy as Windows looks in the same directory as exe's +# for DLL's, but in this case the rest of the directory structure is missing -# Need to rm after copy as Windows looks in the same directory as exe's -# for DLL's, but in this case the rest of the directory structure is -# missing -# Note the target for $(GSK_LIBNAME) is set in platforms/$(OPSYS)_.mk using GSK_LIB_B and must match this one -$(GSK_LIB): $(GSK_SDK) $(GSK_LIBNAME) - -$(CP) $(GSK_LIBNAME) $@ - -$(RM) $(GSK_LIBNAME) +# GSK_LIBNAME (shared step library file name (e.g gsk8iccs_64.dll)), GSKLIB_B (no extension) +# and GSK_LIB ($(GSK_DIR)/$(GSK_LIBNAME)) are coming from gsk_crypto.mk. +# $(GSK_LIBNAME) is defined in gsk_crypto.mk but the build target is defined in platforms/$(OPSYS)_.mk using GSKLIB_B (e.g WIN64_.mk) + +$(GSK_LIB): $(GSK_DIR) $(GSK_LIBNAME) + $(CP) $(GSK_LIBNAME) $@ + $(RM) $(GSK_LIBNAME) touch keep_tar_quiet.pdb -$(CP) *.pdb $(GSK_SDK) - touch ../package/iccsdk/keep_tar_quiet.pdb - -$(CP) ../package/iccsdk/*.pdb $(GSK_SDK) + touch $(ICC_ROOT)/package/iccsdk/keep_tar_quiet.pdb + -$(CP) $(ICC_ROOT)/package/iccsdk/*.pdb $(GSK_SDK) + -touch OLD_ICC/$(OPSYS)/iccsdk/keep_tar_quiet.pdb + -$(CP) OLD_ICC/$(OPSYS)/iccsdk/*.pdb $(GSK_SDK) # Separate rules for Windows and "other" platforms @@ -305,81 +493,169 @@ $(GSK_LIB): $(GSK_SDK) $(GSK_LIBNAME) # and we have the 32 and 64 bit variants ... ugly, really ugly # plus z/OS which doesn't link normally # -# These have been moved into platforms/${OPSYS}_.mk +# These have been moved into platforms/$(OPSYS)_.mk # # Platform specifc recipies for building libs include platforms/$(OPSYS)_.mk -gsk_wrap2$(OBJSUFX): gsk_wrap2.c gsk_wrap2_a.c ../icc/loaded.c name_cache.c name_cache_tables.c \ - ../icc/loaded.h icc.h icc_a.h iccglobals.h iccversion.h ../icc/tracer.h - $(CC) $(CFLAGS) -DICCPKG -DMYNAME=gskiccs8 -DGSK_LIBNAME=\""$(GSK_LIBNAME)"\" -DOPSYS="\"$(OPSYS)\"" -DGSK_GLOBAL=\""$(GSK_GLOBAL)"\" -I ./ -I $(ICC_ROOT)/icc gsk_wrap2.c +gsk_wrap2$(OBJSUFX): gsk_wrap2.c gsk_wrap2_a.c $(ICC_ROOT)/icc/loaded.c name_cache.c $(ICC_ROOT)/icc/name_cache_tables.c \ + $(GSK_SDK)/icc.h $(GSK_SDK)/icc_a.h $(GSK_SDK)/iccglobals.h $(ICC_ROOT)/icc/loaded.h $(ICC_ROOT)/icc/iccversion.h $(ICC_ROOT)/icc/tracer.h + $(CC) $(CFLAGS) -DICCPKG -DMYNAME=gskiccs8 -DGSK_LIBNAME=\""$(GSK_LIBNAME)"\" -DOPSYS="\"$(OPSYS)\"" -DGSK_GLOBAL=\""$(GSK_GLOBAL)"\" -I./ -I$(GSK_SDK) -I$(ICC_ROOT)/icc gsk_wrap2.c + +$(SDK_DIR)/$(ICCLIB): runtime_setup_N + +OS_helpers$(OBJSUFX): OS_helpers.c + $(CC) $(CFLAGS) OS_helpers.c + +loadtest$(OBJSUFX): loadtest.c + $(CC) $(CFLAGS) -DGSK_LIBNAME=\""$(GSK_LIBNAME)"\" -I$(GSK_SDK) loadtest.c + +icc.res: $(ICC_ROOT)/icc/icc.res + $(CP) $(ICC_ROOT)/icc/icc.res $@ + +cache_test$(OBJSUFX): gsk_wrap2.c gsk_wrap2_a.c $(ICC_ROOT)/icc/loaded.c name_cache.c $(ICC_ROOT)/icc/name_cache_tables.c \ + $(GSK_SDK)/icc.h $(GSK_SDK)/icc_a.h $(GSK_SDK)/iccglobals.h $(ICC_ROOT)/icc/loaded.h $(ICC_ROOT)/icc/iccversion.h $(ICC_ROOT)/icc/tracer.h + $(CC) $(CFLAGS) -DICCPKG -DMYNAME=gskiccs8 -DGSK_LIBNAME=\""$(GSK_LIBNAME)"\" -DOPSYS="\"$(OPSYS)\"" -DGSK_GLOBAL=\""$(GSK_GLOBAL)"\" -DSTANDALONE -I$(ICC_ROOT)/icc/DELTA -I./ -I$(GSK_SDK) -I$(ICC_ROOT)/icc gsk_wrap2.c $(OUT)$@ + + +# GSK_LIB and ICCPKG_LIBS is coming from gsk_crypto.mk - references the step import library +# Note different from icc/icctest which links direct to the module + +icctest$(OBJSUFX): $(ICC_ROOT)/icc/icctest.c $(SDK_HEADERS) + $(CP) $(ICC_ROOT)/icc/icctest.c . + $(CC) $(CFLAGS) -I$(GSK_SDK) -I$(ICC_ROOT)/icc -DICCPKG icctest.c + -$(RM) icctest.c + +icctest$(EXESUFX): icctest$(OBJSUFX) $(GSK_LIB) + $(LD) $(LDFLAGS) icctest$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) + +icctest_s$(EXESUFX): icctest$(OBJSUFX) $(GSK_LIB_STATIC) + $(LD) $(LDFLAGS) icctest$(OBJSUFX) $(ICCPKG_S_LIBS) $(LDLIBS) + +$(GSK_SDK)/icctest$(EXESUFX): icctest$(EXESUFX) + $(CP) icctest$(EXESUFX) $@ + +argon2_example$(EXESUFX): Argon2/argon2_example.c $(GSK_LIB) + $(CC) $(CFLAGS) -I./ -I$(GSK_SDK) Argon2/argon2_example.c + $(LD) $(LDFLAGS) argon2_example$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) -#loaded.c: ../icc/loaded.c -# $(CP) ../icc/loaded.c $@ +smalltest$(EXESUFX): $(ICC_ROOT)/icc/tools/smalltest.c $(GSK_LIB) + $(CC) $(CFLAGS) -I./ -I$(GSK_SDK) -DICCPKG $(ICC_ROOT)/icc/tools/smalltest.c + $(LD) $(LDFLAGS) smalltest$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) -#loaded.h: ../icc/loaded.h -# $(CP) ../icc/loaded.h $@ +memleak$(EXESUFX): memleak.c $(GSK_LIB) + $(CC) $(CFLAGS) -I./ -I$(GSK_SDK) -DGSK_LIBNAME=\""$(GSK_LIBNAME)"\" memleak.c + $(LD) $(LDFLAGS) memleak$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) -#tracer.h: ../icc/tracer.h -# $(CP) ../icc/tracer.h $@ +smalltest1$(EXESUFX): smalltest1.c $(GSK_LIB) + $(CC) $(CFLAGS) -I$(GSK_SDK) -DICCPKG smalltest1.c + $(LD) $(LDFLAGS) smalltest1$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) -$(NEW_ICC)/iccsdk/$(ICCLIB): runtime_setup_N +smalltest2$(EXESUFX): smalltest2.c $(GSK_LIB) + $(CC) $(CFLAGS) -I./ -I$(GSK_SDK) -DICCPKG smalltest2.c + $(LD) $(LDFLAGS) smalltest2$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) -OS_helpers$(OBJSUFX): ../icc/OS_helpers.c - $(CC) $(CFLAGS) ../icc/OS_helpers.c $(OUT)$@ +smalltest3$(EXESUFX): smalltest3.c $(GSK_LIB) + $(CC) $(CFLAGS) -I./ -I$(GSK_SDK) -DICCPKG smalltest3.c + $(LD) $(LDFLAGS) smalltest3$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) -#hkdf$(OBJSUFX): HKDF/hkdf.c HKDF/hkdf.h -# $(CC) $(CFLAGS) -I$(OSSL_DIR)/include -I $(GSK_SDK) HKDF/hkdf.c +smalltest4$(EXESUFX): smalltest4.c $(GSK_LIB) + $(CC) $(CFLAGS) -I./ -I$(GSK_SDK) -DICCPKG smalltest4.c + $(LD) $(LDFLAGS) smalltest4$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) -#jhkdf.c: HKDF/hkdf.c -# $(CP) HKDF/hkdf.c $@ +smalltest5$(EXESUFX): smalltest5.c $(GSK_LIB) + $(CC) $(CFLAGS) -I./ -I$(GSK_SDK) -DICCPKG smalltest5.c + $(LD) $(LDFLAGS) smalltest5$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) +smalltestW$(EXESUFX): smalltestW.c $(GSK_LIB) + $(CC) $(CFLAGS) -I./ -I$(GSK_SDK) -DICCPKG smalltestW.c + $(LD) $(LDFLAGS) smalltestW$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) -#jhkdf$(OBJSUFX): jhkdf.c -# $(CC) $(CFLAGS) -DJGSK_WRAP -I$(OSSL_DIR)/include -I $(GSK_SDK) jhkdf.c +dltest$(EXESUFX): dltest.c $(GSK_LIB) + $(CC) $(CFLAGS) -I./ -I$(GSK_SDK) -DICCPKG -DGSK_LIBNAME=\""$(GSK_LIBNAME)"\" dltest.c + $(LD) $(LDFLAGS) dltest$(OBJSUFX) $(LDLIBS) -icctest.c: ../icc/icctest.c - $(CP) ../icc/icctest.c . +icc_aux_sa$(EXESUFX): icc_aux$(OBJSUFX) icc_aux_test$(OBJSUFX) $(GSK_LIB) + $(LD) $(LDFLAGS) icc_aux$(OBJSUFX) icc_aux_test$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) -icc.res: ../icc/icc.res - $(CP) ../icc/icc.res $@ +icc_aux$(OBJSUFX): icc_aux.c + $(CC) $(CFLAGS) -I./ -I$(OSSL_DIR)/include/ icc_aux.c -cache_test$(OBJSUFX): gsk_wrap2.c gsk_wrap2_a.c ../icc/loaded.c name_cache.c name_cache_tables.c \ - ../icc/loaded.h icc.h icc_a.h iccglobals.h iccversion.h ../icc/tracer.h - $(CC) $(CFLAGS) -I../icc/DELTA -DSTANDALONE -DICCPKG -DMYNAME=gskiccs8 -DGSK_LIBNAME=\""$(GSK_LIBNAME)"\" -DOPSYS="\"$(OPSYS)\"" -DGSK_GLOBAL=\""$(GSK_GLOBAL)"\" -I ./ -I $(ICC_ROOT)/icc gsk_wrap2.c $(OUT)$@ +icc_aux_test$(OBJSUFX): icc_aux_test.c + $(CC) $(CFLAGS) -I./ -I$(OSSL_DIR)/include/ icc_aux_test.c +icc_aux_test$(EXESUFX): icc_aux_test$(OBJSUFX) $(AUXLIB) $(GSK_LIB) + $(LD) $(LDFLAGS) icc_aux_test$(OBJSUFX) $(AUX_LIBS) $(ICCPKG_LIBS) $(LDLIBS) -icctest$(EXESUFX): icctest.c $(GSK_SDK) - $(CC) $(CFLAGS) -I./ -I ../icc -DICCPKG icctest.c - $(LD) $(LDFLAGS) icctest$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) - $(CP) icctest$(EXESUFX) $(GSK_SDK)/ -smalltest$(EXESUFX): ../icc/tools/smalltest.c - $(CC) $(CFLAGS) -I./ -I ../icc -DICCPKG ../icc/tools/smalltest.c - $(LD) $(LDFLAGS) smalltest$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) -GenRndData2$(EXESUFX): ../icc/tools/GenRndData2.c $(GSK_SDK) - $(CC) $(CFLAGS) -I./ -I ../icc -DICCPKG ../icc/tools/GenRndData2.c $(OUT)GenRndData2$(OBJSUFX) +GenRndData2$(EXESUFX): $(ICC_ROOT)/icc/tools/GenRndData2.c $(GSK_LIB) + $(CC) $(CFLAGS) -I./ -I$(GSK_SDK) -DICCPKG $(ICC_ROOT)/icc/tools/GenRndData2.c $(OUT)GenRndData2$(OBJSUFX) $(LD) $(LDFLAGS) GenRndData2$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) - $(CP) GenRndData2$(EXESUFX) $(GSK_SDK)/ + -$(CP) GenRndData2$(EXESUFX) $(GSK_SDK)/ # GSK_LIB and ICCPKG_LIBS is coming from gsk_crypto.mk - references the step import library -# IS_FIPS and MUPPET comes from muppet.mk +# IS_FIPS and MUPPET comes from muppet.mk (written by ICCencapsulator in prebuild step) +chkiccload$(OBJSUFX): chkiccload.c muppet.mk + $(CC) $(CFLAGS) -I./ -I$(GSK_SDK) -DICCPKG -DIS_FIPS=$(IS_FIPS) -DLEGACY=\""$(MUPPET)"\" chkiccload.c + +chkiccload$(EXESUFX): chkiccload$(OBJSUFX) $(GSK_LIB) + $(LD) $(LDFLAGS) chkiccload$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) + +$(GSK_SDK)/chkiccload$(EXESUFX) : chkiccload$(EXESUFX) + $(CP) chkiccload$(EXESUFX) $@ + +loadtest$(EXESUFX): loadtest$(OBJSUFX) + $(LD) $(LDFLAGS) loadtest$(OBJSUFX) $(LDLIBS) + + +pktest_common$(OBJSUFX): $(ICC_ROOT)/pk11/pktest_common.c + $(CC) $(CFLAGS) -DPKTEST_STATIC -I$(ICC_ROOT)/pkcs11/v2.20/rsa/inc \ + -I$(ICC_ROOT)/pk11 $(ICC_ROOT)/pk11/pktest_common.c + +pktest$(OBJSUFX): $(ICC_ROOT)/pk11/pktest.c + $(CC) $(CFLAGS) -I$(ICC_ROOT)/pkcs11/v2.20/rsa/inc -I$(ICC_ROOT)/pk11 -I$(ICC_ROOT)/pk11/tests -I$(GSK_SDK) \ + $(ICC_ROOT)/pk11/pktest.c + +$(GSK_SDK)/pktest_direct$(EXESUFX): $(GSK_SDK) pktest_direct$(EXESUFX) + $(CP) pktest_direct$(EXESUFX) $@ + +pktest_direct$(EXESUFX): pktest$(OBJSUFX) pktest_common$(OBJSUFX) \ + $(ICC_ROOT)/pk11/pk11_errs$(OBJSUFX) $(ICC_ROOT)/pk11/utils$(OBJSUFX) $(GSK_LIB) + $(LD) $(LDFLAGS) pktest$(OBJSUFX) pktest_common$(OBJSUFX) \ + $(ICC_ROOT)/pk11/pk11_errs$(OBJSUFX) $(ICC_ROOT)/pk11/utils$(OBJSUFX) \ + $(LDLIBS) $(ICCPKG_LIBS) + +# Build the performance test code for ICCPKG +$(ICCPKG_PERF): $(GSK_LIB) + $(SETUP_ICCSPEED) $(MAKE) -C $(ICC_ROOT)/iccspeed OPSYS=$(OPSYS) CONFIG=$(CONFIG) BUILD=$(BUILD) XPLINK=$(XPLINK) gsk + $(CP) $(ICC_ROOT)/iccspeed/bin/$(OPSYS)/icc_perf$(EXESUFX) $@ + +$(JICC_PERF): $(JGSK_LIB) + $(SETUP_ICCSPEED) $(MAKE) -C $(ICC_ROOT)/iccspeed OPSYS=$(OPSYS) CONFIG=$(CONFIG) BUILD=$(BUILD) XPLINK=$(XPLINK) jgsk; + $(CP) $(ICC_ROOT)/iccspeed/bin/$(OPSYS)/jicc_perf$(EXESUFX) $@ + +$(ICC_ROOT)/pk11/keystoretool$(EXESUFX): + $(MAKE) -C $(ICC_ROOT)/pk11 keystoretool$(EXESUFX) + +$(GSK_SDK)/keystoretool$(EXESUFX): $(ICC_ROOT)/pk11/keystoretool$(EXESUFX) + $(CP) $(ICC_ROOT)/pk11/keystoretool$(EXESUFX) $@ + +$(PK11_PERF): $(GSK_LIB) + $(SETUP_ICCSPEED) $(MAKE) -C $(ICC_ROOT)/iccspeed OPSYS=$(OPSYS) CONFIG=$(CONFIG) BUILD=$(BUILD) XPLINK=$(XPLINK) pkcs11 + $(CP) $(ICC_ROOT)/iccspeed/bin/$(OPSYS)/pkcs11_thread$(EXESUFX) $@ $(GSK_RNG): $(GSK_LIB) GenRndData2$(EXESUFX) $(CP) GenRndData2$(EXESUFX) $@ -$(ICC_RNG): ../package/iccsdk/GenRndData$(EXESUFX) - $(CP) ../package/iccsdk/GenRndData$(EXESUFX) $@ - +$(ICC_RNG): $(ICC_ROOT)/package/iccsdk/GenRndData$(EXESUFX) + $(CP) $(ICC_ROOT)/package/iccsdk/GenRndData$(EXESUFX) $@ -$(GSK_OPENSSL): ../package/iccsdk/openssl$(EXESUFX) - $(CP) ../package/iccsdk/openssl$(EXESUFX) $@ -$(GSK_BVT): icctest$(EXESUFX) - $(CP) icctest$(EXESUFX) $@ +$(GSK_OPENSSL): $(ICC_ROOT)/package/iccsdk/openssl$(EXESUFX) + $(CP) $(ICC_ROOT)/package/iccsdk/openssl$(EXESUFX) $@ # # -------------- JCEPlus variants ------------- @@ -391,39 +667,54 @@ $(GSK_BVT): icctest$(EXESUFX) # and keep it like that. # +#$(JGSK_DIR)/Standard_International_Program_License_Agreement.pdf: $(JGSK_DIR) $(ICC_ROOT)/icc/Standard_International_Program_License_Agreement.pdf +# $(CP) $(ICC_ROOT)/icc/Standard_International_Program_License_Agreement.pdf $@ +# chmod +w $@ +# +#$(JGSK_SDK)/Standard_International_Program_License_Agreement.pdf: $(JGSK_DIR) $(ICC_ROOT)/icc/Standard_International_Program_License_Agreement.pdf +# $(CP) $(ICC_ROOT)/icc/Standard_International_Program_License_Agreement.pdf $@ +# chmod +w $@ + +Jruntime_setup_C: $(JINST_DIR)/C/icc/icclib/$(OLD_LIBICC) $(JINST_DIR)/C/icc/ReadMe.txt + if [ -f $(ICC_ROOT)/icc/create_icc_no_legacy.0 ]; then echo "No FIPS ICC build" >> $(JINST_DIR)/C/icc/ReadMe.txt; fi ; + if [ -f $(ICC_ROOT)/icc/create_icc_no_legacy.0 ]; then $(RM) $(JINST_DIR)/C/icc/icclib/*; fi ; + +$(JINST_DIR)/C/icc/icclib: $(JINST_DIR) + $(MKDIR) $@ + +$(JINST_DIR)/N/icc/icclib: $(JINST_DIR) + $(MKDIR) $@ -$(JINST_DIR): - $(MKDIR) $(JINST_DIR) +$(JINST_DIR)/C/icc/ReadMe.txt: $(JINST_DIR)/C/icc + -$(CP) OLD_ICC/AMD64_LINUX/icc/ReadMe.txt $@ -Jruntime_setup_N: $(JINST_DIR)/N/icc/icclib/$(NEW_LIBICC) \ - $(JINST_DIR)/N/icc/ReadMe.txt +# OLD_ICC has checked in binaries so enforce correct permissions +$(JINST_DIR)/C/icc/icclib/$(OLD_LIBICC): $(JINST_DIR)/C/icc/icclib + -$(CP) $(OLD_ICC)/icc/icclib/* $(JINST_DIR)/C/icc/icclib/ + -chmod +x $@ -$(JINST_DIR)/N/icc/ReadMe.txt: $(JINST_DIR) - $(CP) $(NEW_ICC)/icc/ReadMe.txt $@ +Jruntime_setup_N: $(JINST_DIR)/N/icc/icclib/$(NEW_LIBICC) $(JINST_DIR)/N/icc/ReadMe.txt -$(JINST_DIR)/N/icc/icclib/$(NEW_LIBICC): - -$(MKDIR) $(JINST_DIR)/N/icc/icclib - -$(CP) $(NEW_ICC)/icc/icclib/* $(JINST_DIR)/N/icc/icclib/ +$(JINST_DIR)/N/icc/ReadMe.txt: $(JINST_DIR) $(RTE_DIR)/ReadMe.txt + -$(CP) $(RTE_DIR)/ReadMe.txt $@ +$(JINST_DIR)/N/icc/icclib/$(NEW_LIBICC): $(JINST_DIR)/N/icc/icclib + -$(CP) $(RTE_DIR)/icclib/* $(JINST_DIR)/N/icc/icclib/ -Jruntime_setup: $(JINST_DIR) Jruntime_setup_N -$(JGSK_DIR): - $(MKDIR) $(JGSK_DIR) +Jruntime_setup: Jruntime_setup_C Jruntime_setup_N -$(JGSK_LIB): $(JGSK_SDK) $(JGSK_DIR) $(JGSK_LIBNAME) - -$(MKDIR) $(JGSK_SDK)/debug - -$(CP) $(JGSK_LIBNAME) $@ - -$(RM) $(JGSK_LIBNAME) +# $(JGSK_LIBNAME) is defined in gsk_crypto.mk but the build target is defined in platforms/$(OPSYS)_.mk using GSKLIB_B (e.g WIN64_.mk) +$(JGSK_LIB): $(JGSK_DIR) $(JGSK_LIBNAME) + $(CP) $(JGSK_LIBNAME) $@ + $(RM) $(JGSK_LIBNAME) -jgsk_wrap2$(OBJSUFX): gsk_wrap2.c gsk_wrap2_a.c ../icc/loaded.c name_cache.c name_cache_tables.c \ - ../icc/loaded.h icc.h icc_a.h iccglobals.h iccversion.h ../icc/tracer.h jcc_a.h - $(CC) $(CFLAGS) -DICCPKG -DJGSK_WRAP -DMYNAME=jgskiccs8 -DGSK_LIBNAME=\""$(JGSK_LIBNAME)"\" -DOPSYS="\"$(OPSYS)\"" -DGSK_GLOBAL=\""$(GSK_GLOBAL)"\" -I ./ -I $(ICC_ROOT)/icc gsk_wrap2.c $(OUT)$@ -#jgsk_wrap2.c: gsk_wrap2.c -# $(CP) gsk_wrap2.c jgsk_wrap2.c +jgsk_wrap2$(OBJSUFX): gsk_wrap2.c gsk_wrap2_a.c $(ICC_ROOT)/icc/loaded.c name_cache.c $(ICC_ROOT)/icc/name_cache_tables.c \ + $(JGSK_SDK)/inc/icc.h $(JGSK_SDK)/inc/icc_a.h $(JGSK_SDK)/inc/iccglobals.h $(ICC_ROOT)/icc/loaded.h $(ICC_ROOT)/icc/iccversion.h $(ICC_ROOT)/icc/tracer.h $(JGSK_SDK)/inc/jcc_a.h + $(CC) $(CFLAGS) -DICCPKG -DJGSK_WRAP -DMYNAME=jgskiccs8 -DGSK_LIBNAME=\""$(JGSK_LIBNAME)"\" -DOPSYS="\"$(OPSYS)\"" -DGSK_GLOBAL=\""$(GSK_GLOBAL)"\" -I$(JGSK_SDK)/inc/ -I$(ICC_ROOT)/icc/ gsk_wrap2.c $(OUT)$@ clean_jgsk: -$(RM) $(JGSK_DIR)/N/icc/icclib/* @@ -439,59 +730,126 @@ clean_jgsk: # JGSK BVT executable # -jcctest.c: icctest.c - $(CP) icctest.c $@ +jcctest$(OBJSUFX): $(ICC_ROOT)/icc/icctest.c $(SDK_HEADERS) + $(CP) $(ICC_ROOT)/icc/icctest.c jcctest.c + $(CC) $(CFLAGS) -I./ -I$(GSK_SDK) -I$(ICC_ROOT)/icc -DICCPKG -DJGSK_WRAP jcctest.c $(OUT)$@ + -$(RM) jcctest.c + +jcctest$(EXESUFX): jcctest$(OBJSUFX) $(JGSK_LIB) + $(LD) $(LDFLAGS) jcctest$(OBJSUFX) $(JCCPKG_LIBS) $(LDLIBS) + +$(JGSK_SDK)/bin/jcctest$(EXESUFX): $(JGSK_SDK)/bin jcctest$(EXESUFX) + -$(CP) jcctest$(EXESUFX) $@ + +$(JGSK_SDK)/docs/IBM_CKC.pdf: $(JGSK_SDK)/docs $(ICC_ROOT)/doc/IBM_CKC.pdf + $(CP) $(ICC_ROOT)/doc/IBM_CKC.pdf $@ + +$(JGSK_SDK)/inc/icc.h: $(JGSK_SDK)/inc $(ICC_ROOT)/icc/icc.h + $(CP) $(ICC_ROOT)/icc/icc.h $@ + +$(JGSK_SDK)/inc/iccglobals.h: $(JGSK_SDK)/inc $(ICC_ROOT)/icc/iccglobals.h + $(CP) $(ICC_ROOT)/icc/iccglobals.h $@ + +$(JGSK_SDK)/inc/icc_a.h: $(JGSK_SDK)/inc $(ICC_ROOT)/iccpkg/iccpkg_a.h + $(CP) $(ICC_ROOT)/iccpkg/iccpkg_a.h $@ + +$(JGSK_SDK)/inc/jcc_a.h: $(JGSK_SDK)/inc jcc_a.h + $(CP) jcc_a.h $@ + +$(JGSK_SDK)/inc/gsk_exp.h: $(JGSK_SDK)/inc gsk_exp.h + $(CP) gsk_exp.h $@ + +$(JGSK_SDK)/inc/pqapi.h: $(JGSK_SDK)/inc DilKyb/headers/pqapi.h + $(CP) DilKyb/headers/pqapi.h $@ + +$(JGSK_SDK)/inc/pqparams.h: $(JGSK_SDK)/inc DilKyb/headers/pqparams.h + $(CP) DilKyb/headers/pqparams.h $@ + +$(JGSK_SDK)/docs/PQCgenKAT_kem.c: $(JGSK_SDK)/docs DilKyb/kyber/PQCgenKAT_kem.c + $(CP) DilKyb/kyber/PQCgenKAT_kem.c $@ + +$(JGSK_SDK)/docs/PQCgenKAT_sign.c: $(JGSK_SDK)/docs DilKyb/dilithium/PQCgenKAT_sign.c + $(CP) DilKyb/dilithium/PQCgenKAT_sign.c $@ + # -# Common tables for name/nid caches +# ICKC_ Namespaced # -name_cache_tables.c: ../icc/name_cache_tables.c - $(CP) ../icc/name_cache_tables.c $@ -jcctest$(EXESUFX): jcctest.c $(JGSK_LIB) - $(CC) $(CFLAGS) -I./ -DICCPKG -DJGSK_WRAP jcctest.c $(OUT)jcctest$(OBJSUFX) - $(LD) $(LDFLAGS) jcctest$(OBJSUFX) $(JCCPKG_LIBS) $(LDLIBS) - $(MT) -manifest $@.manifest -outputresource:$@\;1 +$(ICKC_DIR)/Standard_International_Program_License_Agreement.pdf: $(ICKC_DIR) $(ICC_ROOT)/icc/Standard_International_Program_License_Agreement.pdf + $(CP) $(ICC_ROOT)/icc/Standard_International_Program_License_Agreement.pdf $@ + chmod +w $@ +$(ICKC_SDK)/Standard_International_Program_License_Agreement.pdf: $(ICKC_DIR) $(ICC_ROOT)/icc/Standard_International_Program_License_Agreement.pdf + $(CP) $(ICC_ROOT)/icc/Standard_International_Program_License_Agreement.pdf $@ + chmod +w $@ -$(JGSK_SDK): - $(MKDIR) $(JGSK_SDK) +# $(ICKC_LIBNAME) is defined in gsk_crypto.mk but the build target is defined in platforms/$(OPSYS)_.mk using GSKLIB_B (e.g WIN64_.mk) -$(JGSK_SDK)/bin/jcctest$(EXESUFX): $(JGSK_SDK) jcctest$(EXESUFX) - -$(MKDIR) $(JGSK_SDK)/bin - -$(CP) jcctest$(EXESUFX) $@ - if [ -f jcctest$(EXESUFX).manifest ]; then $(CP) jcctest$(EXESUFX).manifest $(JGSK_SDK)/bin/; fi +$(ICKC_LIB): $(ICKC_DIR) $(ICKC_LIBNAME) + $(CP) $(ICKC_LIBNAME) $@ +ickc_wrap2$(OBJSUFX): gsk_wrap2.c gsk_wrap2_a.c $(ICC_ROOT)/icc/loaded.c name_cache.c $(ICC_ROOT)/icc/name_cache_tables.c \ + $(ICKC_SDK)/inc/icc.h $(ICKC_SDK)/inc/icc_a.h $(ICKC_SDK)/inc/iccglobals.h $(ICC_ROOT)/icc/loaded.h $(ICC_ROOT)/icc/iccversion.h $(ICC_ROOT)/icc/tracer.h $(ICKC_SDK)/inc/ickc_a.h + $(CC) $(CFLAGS) -DICCPKG -DICKC_WRAP -DMYNAME=ickc -DGSK_LIBNAME=\""$(ICKC_LIBNAME)"\" -DOPSYS="\"$(OPSYS)\"" -DGSK_GLOBAL=\""$(GSK_GLOBAL)"\" -I$(ICKC_SDK)/inc/ -I$(ICC_ROOT)/icc/ gsk_wrap2.c $(OUT)$@ -$(JGSK_SDK)/docs/GSKit_Crypto.pdf: $(JGSK_SDK) ../doc/GSKit_Crypto.pdf - -$(MKDIR) $(JGSK_SDK)/docs - -$(MKDIR) $(JGSK_SDK)/bin - $(CP) ../doc/GSKit_Crypto.pdf $@ +ickctest$(OBJSUFX): $(ICC_ROOT)/icc/icctest.c $(SDK_HEADERS) + $(CP) $(ICC_ROOT)/icc/icctest.c ickctest.c + $(CC) $(CFLAGS) -I./ -I$(ICKC_SDK)/inc -I$(ICC_ROOT)/icc -DICCPKG -DICKC_WRAP ickctest.c $(OUT)$@ + -$(RM) ickctest.c -$(JGSK_SDK)/inc: $(JGSK_SDK) - $(MKDIR) $(JGSK_SDK)/inc +ickctest$(EXESUFX): ickctest$(OBJSUFX) $(ICKC_LIB) + $(LD) $(LDFLAGS) ickctest$(OBJSUFX) $(ICKCPKG_LIBS) $(LDLIBS) -$(JGSK_SDK)/inc/icc.h: $(JGSK_SDK)/inc icc.h - $(CP) icc.h $@ +$(ICKC_SDK)/bin/ickctest$(EXESUFX): $(ICKC_SDK)/bin ickctest$(EXESUFX) + -$(CP) ickctest$(EXESUFX) $@ -$(JGSK_SDK)/inc/iccglobals.h: iccglobals.h - $(CP) iccglobals.h $@ +$(ICKC_SDK)/inc/icc.h: $(ICKC_SDK)/inc $(ICC_ROOT)/icc/icc.h + $(CP) $(ICC_ROOT)/icc/icc.h $@ -$(JGSK_SDK)/inc/icc_a.h: icc_a.h - $(CP) icc_a.h $@ +$(ICKC_SDK)/inc/iccglobals.h: $(ICKC_SDK)/inc $(ICC_ROOT)/icc/iccglobals.h + $(CP) $(ICC_ROOT)/icc/iccglobals.h $@ + +$(ICKC_SDK)/inc/icc_a.h: $(ICKC_SDK)/inc $(ICC_ROOT)/iccpkg/iccpkg_a.h + $(CP) $(ICC_ROOT)/iccpkg/iccpkg_a.h $@ + +# just convert the JCC namespacer to ICKC +$(ICKC_SDK)/inc/ickc_a.h: $(ICKC_SDK)/inc jcc_a.h + sed 's/JCC_/ICKC_/g' jcc_a.h > $@ + +clean_ickc: + -$(RM) $(ICKC_DIR)/N/icc/icclib/* + -$(RM) $(ICKC_DIR)/C/icc/icclib/* + -$(RM) $(ICKC_SDK)/inc/*.h + -$(RM) $(ICKC_SDK)/debug/* + -$(RM) $(ICKC_SDK)/docs/* + -$(RM) $(ICKC_SDK)/bin/jcctest$(EXESUFX) + -$(RM) $(ICKC_LIBNAME) jcctest$(EXESUFX) + -$(RM) -r $(ICKC_LIB) -$(JGSK_SDK)/inc/jcc_a.h: jcc_a.h - $(CP) jcc_a.h $@ # Tests. BVT # GSK_SETUP comes from gsk_crypto.mk and sets PATH for these tests # ignored errors will be reported in the log +# This is called from icc/Makefile:tests PATH:=..\package\gskit_crypto;$(PATH) -tests: - $(RM) GSKIT_CRYPTO.log; touch GSKIT_CRYPTO.log; - $(GSK_SETUP); - cat GSKIT_CRYPTO.log; $(RM) GSKIT_CRYPTO.log; touch GSKIT_CRYPTO.log; + +# make sure we show the log even if the test fails +log_init: + touch GSKIT_CRYPTO.log; $(RM) GSKIT_CRYPTO.log; touch GSKIT_CRYPTO.log +log_cat: + cat GSKIT_CRYPTO.log + $(RM) GSKIT_CRYPTO.log +log_rm: + -$(RM) GSKIT_CRYPTO.log + +tests: log_init chkiccload_test log_cat log_init icctest_test log_cat pqc_tests + echo tests complete + +chkiccload_test: + $(GSK_SETUP); ./chkiccload + +icctest_test: $(GSK_SETUP); ./icctest - cat GSKIT_CRYPTO.log; $(RM) GSKIT_CRYPTO.log; # # ---------------- End of JCEPlus stanzas -------------------------- @@ -512,6 +870,7 @@ show_config: echo "GSK_SDK = $(GSK_SDK)" echo "============= Files ===============" echo "TARGETS = $(TARGETS)" + echo "SDK_TARGETS = $(SDK_TARGETS)" echo "ICCLIB = $(ICCLIB)" echo "From platforms.mk" echo "========= System utils ============" @@ -546,11 +905,11 @@ show_config: echo "STLSUFX = $(STLSUFX)" echo echo "Set in iccpkg.mk" + echo "OLD_LIBICC = $(OLD_LIBICC)" echo "NEW_LIBICC = $(NEW_LIBICC)" echo "ICCPKG_LIBS = $(ICCPKG_LIBS)" echo echo "Set in icc_defs.mk" - echo "TARGETS = $(TARGETS)" echo "OPSYS = $(OPSYS)" echo "Linker = $(SLD)" echo "Link flag = $(SLDFLAGS)" @@ -569,6 +928,7 @@ show_config: echo "GSKLIB = $(GSKLIB)" echo "GSK_LIBNAME = $(GSK_LIBNAME)" echo "GSK_LIB = $(GSK_LIB)" + echo "GSK_LIB_STATIC = $(GSK_LIB_STATIC)" echo "ICCPKG_LIBS = $(ICCPKG_LIBS)" echo "ICCPKG_OBJS = $(ICCPKG_OBJS)" echo "GSK_GLOBAL = $(GSK_GLOBAL)" diff --git a/iccpkg/chkiccload.c b/iccpkg/chkiccload.c new file mode 100644 index 0000000..faaaf9b --- /dev/null +++ b/iccpkg/chkiccload.c @@ -0,0 +1,211 @@ +/* Copyright IBM Corp. 2023 + + Licensed under the Apache License 2.0 (the "License"). You may not use + this file except in compliance with the License. You can obtain a copy + in the file LICENSE in the source distribution. + */ +/* + Description: Check that FIPS/non-FIPS module is present and loadable +*/ + +#include +#include +#include +#include "icc.h" + +#if defined(_WIN32) +# define strcasecmp(a,b) _stricmp(a,b) +# if defined(ICCPKG) +# define PATH NULL +# else +# define PATH L"../package" +# endif +#else + +# if defined(ICCPKG) +# define PATH NULL +# else +# define PATH "../package" +# endif +#endif + +float version = 0.0; /* Used to compare ICC version numbers */ + + + + +int check_status( ICC_STATUS *status,char *tag, const char *file, int line ) +{ + const char *sev = "UNKNOWN ERROR TYPE"; + int rv = ICC_OK; + + + switch(status->majRC) { + case ICC_ERROR: + sev = "ICC_ERROR"; + break; + case ICC_WARNING: + sev = "ICC_WARNING"; + break; + case ICC_FAILURE: + sev = "ICC_FAILURE"; + break; + case ICC_OPENSSL_ERROR: + sev = "ICC_OPENSSL_ERROR"; + break; + case ICC_OS_ERROR: + sev = "ICC_OS_ERROR"; + break; + case ICC_OK: + sev = "OK"; + default: + rv = ICC_ERROR; + break; + } + switch(status->minRC) { + case ICC_ERROR: + case ICC_FAILURE: + case ICC_WARNING: + case ICC_OPENSSL_ERROR: + case ICC_OS_ERROR: + case ICC_OK: + printf("%s: Status Check (%s): majRC: %d minRC: %d\n",tag,status->desc, status->majRC,status->minRC); + break; + default: + printf("%s: Status Check (%s): majRC: %d minRC: %d \"Something bad happened\"\n",tag,sev,status->majRC,status->minRC); + break; + } + + rv = status->majRC; + + return rv; +} + + +int doTest(int fips) +{ + int rv = ICC_OK; + ICC_STATUS * status = NULL; + ICC_CTX *ICC_ctx = NULL; + int retcode = 0; + char* value = NULL; + + status = (ICC_STATUS*)calloc(1,sizeof(ICC_STATUS)); + value = (char*)malloc(ICC_VALUESIZE); + + ICC_ctx = ICC_Init(status,PATH); + + rv = check_status(status, "Init", __FILE__, __LINE__); + + if(NULL == ICC_ctx) { + printf("ICC_Init failed - NULL returned - ICC shared library missing or not loadable ?\n"); + rv = ICC_ERROR; + } + else { + retcode = ICC_SetValue(ICC_ctx,status,ICC_FIPS_APPROVED_MODE, fips?"on":"off"); + rv = check_status(status,"SetValue ICC_FIPS_APPROVED_MODE",__FILE__,__LINE__); + + if(retcode != ICC_OK) { + printf("Couldn't enter %sFIPS mode.\n", fips?"":"NON-"); + rv = ICC_ERROR; + } + else { + retcode = ICC_Attach(ICC_ctx, status); + rv = check_status(status, "Attach", __FILE__, __LINE__); + if (retcode != ICC_OSSL_SUCCESS) { + printf("attach failed\n"); + rv = ICC_ERROR; + } + else { + retcode = ICC_GetValue(ICC_ctx, status, ICC_FIPS_APPROVED_MODE, value, ICC_VALUESIZE); + rv = check_status(status, "ICC_GetValue ICC_FIPS_APPROVED_MODE", __FILE__, __LINE__); + if (retcode != ICC_OK) { + printf("ICC_GetValue failed\n"); + rv = ICC_ERROR; + } + else if ((0 != strcmp(value, fips ? "on" : "off"))) + { + printf("%s mode failed\n", fips ? "FIPS" : "NON-FIPS"); + rv = ICC_ERROR; + } + else { + retcode = ICC_GetValue(ICC_ctx, status, ICC_VERSION, value, ICC_VALUESIZE); + rv = check_status(status, "ICC_GetValue", __FILE__, __LINE__); + if (retcode != ICC_OK) { + printf("ICC_GetValue ICC_VERSION failed\n"); + rv = ICC_ERROR; + } + else { + printf("ICC %s\n", value); + } + } + } + } + + ICC_Cleanup(ICC_ctx,status); + } + free(status); + free(value); + + return rv; +} + + + +static void usage(char *prgname,char *text) +{ + printf("Usage: %s -f -n",prgname); + printf(" %s Checks if ICC is loadable, use -f to check for FIPS, -n for non-FIPS. Default set on compile\n",prgname); + if(text) { + printf("\n%s\n",text); + } +} + +#define DO_EXPAND(VAL) VAL ## 1 +#define EXPAND(VAL) DO_EXPAND(VAL) + +int main(int argc, char *argv[]) +{ + int fips = 0; + int argi = 1; + int rc = 0; + + /* the Makefile knows the build settings so can tell us if FIPS should be present + // ref: muppet.mk + */ +#if (defined(IS_FIPS) && (EXPAND(IS_FIPS) != 1)) + fips = IS_FIPS; +#endif + if (!fips) { + /* check for legacy FIPS module present in build + // LEGACY is the name of the OLD_ICC FIPS module "" if not present (no-FIPS module) + */ + const char* legacy = LEGACY; + fips = strlen(legacy); + } + + /* command line override for FIPS module check */ + while(argc > argi ) { + if (strcmp("-f", argv[argi]) == 0) { + fips = 1; + } + else if (strcmp("-n", argv[argi]) == 0) { + fips = 0; + } else { + usage(argv[0],NULL); + exit(1); + } + argi++; + } + + printf("FIPS %s\n", fips?"required":"not required"); + if (ICC_OK != doTest(fips)) { + printf("Module check failed\n"); + rc = 1; + } + else { + printf("Module check passed\n"); + } + + return rc; +} diff --git a/iccpkg/gsk_crypto.mk b/iccpkg/gsk_crypto.mk index 3f1cf8b..744a9a5 100644 --- a/iccpkg/gsk_crypto.mk +++ b/iccpkg/gsk_crypto.mk @@ -7,46 +7,122 @@ # # GSkit version we are building for GSK_VER = 8 + # Where we park the binaries GSK_DIR = $(ICC_ROOT)/package/gskit_crypto -INST_DIR = $(GSK_DIR) +$(GSK_DIR): + $(MKDIR) $@ -# -# The following may need to be altered to rebuild the regression tests -# in a developer environment -# # Where we find the header files for using GSkit-crypto GSK_SDK = $(ICC_ROOT)/package/gsk_sdk +$(GSK_SDK): + $(MKDIR) $@ + +# static lib must be seperate from the shared lib +$(GSK_SDK)/static: $(GSK_SDK) + $(MKDIR) $@ + +# SDK headers + +$(GSK_SDK)/icc.h: $(ICC_ROOT)/icc/icc.h $(GSK_SDK) + $(CP) $< $@ + +$(GSK_SDK)/icc_a.h: $(ICC_ROOT)/iccpkg/iccpkg_a.h $(GSK_SDK) + $(CP) $< $@ + +$(GSK_SDK)/iccglobals.h: $(ICC_ROOT)/icc/iccglobals.h $(GSK_SDK) + $(CP) $< $@ + +#$(GSK_SDK)/iccversion.h: $(ICC_ROOT)/icc/iccversion.h $(GSK_SDK) +# $(CP) $< $@ + + # # Directories for Java version of GSkit_Crypto # JGSK_DIR = $(ICC_ROOT)/package/jgskit_crypto +$(JGSK_DIR): + $(MKDIR) $@ + JGSK_SDK = $(ICC_ROOT)/package/jgsk_sdk -JINST_DIR = $(JGSK_DIR) +$(JGSK_SDK): + $(MKDIR) $@ +$(JGSK_SDK)/docs: $(JGSK_SDK) + $(MKDIR) $@ +$(JGSK_SDK)/inc: $(JGSK_SDK) + $(MKDIR) $@ +$(JGSK_SDK)/bin: $(JGSK_SDK) + $(MKDIR) $@ +$(JGSK_SDK)/lib: $(JGSK_SDK) + $(MKDIR) $@ +$(JGSK_SDK)/debug: $(JGSK_SDK) + $(MKDIR) $@ + +# +# Directories for ICKC_ namespaced version +# +ICKC_DIR = $(ICC_ROOT)/package/ickc_crypto +$(ICKC_DIR): + $(MKDIR) $@ + +ICKC_SDK = $(ICC_ROOT)/package/ickc_sdk +$(ICKC_SDK): + $(MKDIR) $@ +$(ICKC_SDK)/docs: $(ICKC_SDK) + $(MKDIR) $@ +$(ICKC_SDK)/inc: $(ICKC_SDK) + $(MKDIR) $@ +$(ICKC_SDK)/bin: $(ICKC_SDK) + $(MKDIR) $@ +$(ICKC_SDK)/lib: $(ICKC_SDK) + $(MKDIR) $@ +$(ICKC_SDK)/debug: $(ICKC_SDK) + $(MKDIR) $@ + + +# Base library name +GSKLIB_ROOT = gsk$(GSK_VER)iccs +GSKLIB_B = $(SHLPRFX)$(GSKLIB_ROOT) +GSKLIB32 = $(GSKLIB_B)$(SHLSUFX) +GSKLIB64 = $(GSKLIB_B)_64$(SHLSUFX) +#GSKLIBS64 = $(GSKLIB_B)_s_64$(STLSUFX) +#GSKLIBI64 = $(GSKLIB_B)_64$(STLSUFX) +# JCEPlus variant +JGSKLIB_B = $(SHLPRFX)j$(GSKLIB_ROOT) +JGSKLIB32 = $(JGSKLIB_B)$(SHLSUFX) +JGSKLIB64 = $(JGSKLIB_B)_64$(SHLSUFX) +# ICKC variant +ICKCLIB_B = $(SHLPRFX)ickcs +ICKCLIB32 = $(ICKCLIB_B)$(SHLSUFX) +ICKCLIB64 = $(ICKCLIB_B)_64$(SHLSUFX) # Where we find the link time dependencies. -WIN_ICCPKG_LIBS = $(GSK_SDK)/gsk$(GSK_VER)iccs.lib -UNIX_ICCPKG_LIBS = -L$(GSK_DIR) -lgsk$(GSK_VER)iccs -UNIX64_ICCPKG_LIBS = -L$(GSK_DIR) -lgsk$(GSK_VER)iccs_64 +# no "lib" prefix when -L is used - could just use lib full path like in windows +UNIX_ICCPKG_LIBS = -L$(GSK_DIR) -l$(GSKLIB_ROOT) +UNIX_ICCPKG_S_LIBS = -L$(GSK_SDK)/static -l$(GSKLIB_ROOT) +UNIX_GSK_LIB_STATIC = $(GSK_SDK)/static/$(GSKLIB_B)$(STLSUFX) +UNIX64_ICCPKG_LIBS = -L$(GSK_DIR) -l$(GSKLIB_ROOT)_64 +UNIX64_ICCPKG_S_LIBS = -L$(GSK_SDK)/static -l$(GSKLIB_ROOT)_64 +UNIX64_GSK_LIB_STATIC = $(GSK_SDK)/static/$(GSKLIB_B)_64$(STLSUFX) # JCEPlus variant -WIN_JCCPKG_LIBS = $(JGSK_SDK)/lib/jgsk$(GSK_VER)iccs.lib -UNIX_JCCPKG_LIBS = -L$(JGSK_DIR) -ljgsk$(GSK_VER)iccs -UNIX64_JCCPKG_LIBS = -L$(JGSK_DIR) -ljgsk$(GSK_VER)iccs_64 +UNIX_JCCPKG_LIBS = -L$(JGSK_DIR) -lj$(GSKLIB_ROOT) +UNIX64_JCCPKG_LIBS = -L$(JGSK_DIR) -lj$(GSKLIB_ROOT)_64 +# ICKC variant +UNIX_ICKCPKG_LIBS = -L$(ICKC_DIR) -lickcs +UNIX64_ICKCPKG_LIBS = -L$(ICKC_DIR) -lickcs_64 + +#defaults to unix64 - need to override 32 bit and all WIN +$(OPSYS)_GSK_LIB_STATIC = $(UNIX64_GSK_LIB_STATIC) +$(OPSYS)_ICCPKG_S_LIBS = $(UNIX64_ICCPKG_S_LIBS) +$(OPSYS)_ICKCLIB = $(ICKCLIB64) +$(OPSYS)_ICKCPKG_LIBS = $(ICKC_SDK)/$(ICKCLIB_B)_64$(STLSUFX) # Aux lib for linking WIN_AUX_LIBS = $(GSK_SDK)/iccaux$(VTAG).lib UNIX_AUX_LIBS = -L$(GSK_SDK) -liccaux$(VTAG) UNIX64_AUX_LIBS = -L$(GSK_SDK) -liccaux$(VTAG) -# Base library name -GSKLIB_B = $(SHLPRFX)gsk$(GSK_VER)iccs -GSKLIB32 = $(SHLPRFX)gsk$(GSK_VER)iccs$(SHLSUFX) -GSKLIB64 = $(SHLPRFX)gsk$(GSK_VER)iccs_64$(SHLSUFX) -# JCEPlus variant -JGSKLIB_B = $(SHLPRFX)jgsk$(GSK_VER)iccs -JGSKLIB32 = $(SHLPRFX)jgsk$(GSK_VER)iccs$(SHLSUFX) -JGSKLIB64 = $(SHLPRFX)jgsk$(GSK_VER)iccs_64$(SHLSUFX) # default install loc UNIX_GSK_GLOBAL = "/opt/ibm/gsk8/lib" @@ -54,80 +130,120 @@ UNIX64_GSK_GLOBAL = "/opt/ibm/gsk8_64/lib64" LINUX_GSK_GLOBAL = "/usr/local/ibm/gsk8/lib" LINUX64_GSK_GLOBAL = "/usr/local/ibm/gsk8_64/lib64" -# Base library name -WIN32_ICCPKG_LIBS = $(GSK_SDK)/gsk$(GSK_VER)iccs.lib -WIN32_GSKLIB = $(GSKLIB_B)$(SHLSUFX) -WIN32_JGSKLIB = $(JGSKLIB_B)$(SHLSUFX) -WIN32_JCCPKG_LIBS = $(JGSK_SDK)/lib/jgsk$(GSK_VER)iccs.lib -WIN32_GSK_SETUP = set PATH='$(GSK_DIR);$(PACKAGE_DIR);${PATH}' +WIN_ICCPKG_LIBS = $(GSK_SDK)/$(GSKLIB_B).lib +WIN_JCCPKG_LIBS = $(JGSK_SDK)/lib/$(JGSKLIB_B).lib +WIN_ICKCPKG_LIBS = $(ICKC_SDK)/$(ICKCLIB_B).lib + +WIN32_ICCPKG_LIBS = $(WIN_ICCPKG_LIBS) +WIN32_ICCPKG_S_LIBS = $(GSK_SDK)/static/$(GSKLIB_B)$(STLSUFX) +WIN32_GSK_LIB_STATIC = $(GSK_SDK)/static/$(GSKLIB_B)$(STLSUFX) +WIN32_GSKLIB = $(GSKLIB32) +WIN32_JGSKLIB = $(JGSKLIB32) +WIN32_JCCPKG_LIBS = $(WIN_JCCPKG_LIBS) +WIN32_ICKCLIB = $(ICKCLIB32) +WIN32_ICKCPKG_LIBS = $(WIN_ICKCPKG_LIBS) +# Cygwin +WIN32_GSK_SETUP = export PATH='$(GSK_DIR):$(PACKAGE_DIR):${PATH}' WIN32_AUX_LIBS = $(WIN_AUX_LIBS) -WIN32_VS2013_ICCPKG_LIBS = $(GSK_SDK)/gsk$(GSK_VER)iccs.lib -WIN32_VS2013_GSKLIB = $(GSKLIB_B)$(SHLSUFX) -WIN32_VS2013_JGSKLIB = $(JGSKLIB_B)$(SHLSUFX) -WIN32_VS2013_JCCPKG_LIBS = $(JGSK_SDK)/lib/jgsk$(GSK_VER)iccs.lib -WIN32_VS2013_GSK_SETUP = set PATH='$(GSK_DIR);$(PACKAGE_DIR);${PATH}' +WIN32_VS2013_ICCPKG_LIBS = $(WIN_ICCPKG_LIBS) +WIN32_VS2013_ICCPKG_S_LIBS = $(WIN32_ICCPKG_S_LIBS) +WIN32_VS2013_GSK_LIB_STATIC = $(WIN32_GSK_LIB_STATIC) +WIN32_VS2013_GSKLIB = $(GSKLIB32) +WIN32_VS2013_JGSKLIB = $(JGSKLIB32) +WIN32_VS2013_JCCPKG_LIBS = $(WIN_JCCPKG_LIBS) +WIN32_VS2013_ICKCLIB = $(ICKCLIB32) +WIN32_VS2013_ICKCPKG_LIBS = $(WIN_ICKCPKG_LIBS) +# Cygwin +WIN32_VS2013_GSK_SETUP = export PATH='$(GSK_DIR):$(PACKAGE_DIR):${PATH}' WIN32_VS2013_AUX_LIBS = $(WIN_AUX_LIBS) -WIN32_VS2022_ICCPKG_LIBS = $(GSK_SDK)/gsk$(GSK_VER)iccs.lib -WIN32_VS2022_GSKLIB = $(GSKLIB_B)$(SHLSUFX) -WIN32_VS2022_JGSKLIB = $(JGSKLIB_B)$(SHLSUFX) -WIN32_VS2022_JCCPKG_LIBS = $(JGSK_SDK)/lib/jgsk$(GSK_VER)iccs.lib -WIN32_VS2022_GSK_SETUP = set PATH='$(GSK_DIR);$(PACKAGE_DIR);${PATH}' +WIN32_VS2022_ICCPKG_LIBS = $(WIN_ICCPKG_LIBS) +WIN32_VS2022_ICCPKG_S_LIBS = $(WIN32_ICCPKG_S_LIBS) +WIN32_VS2022_GSK_LIB_STATIC = $(WIN32_GSK_LIB_STATIC) +WIN32_VS2022_GSKLIB = $(GSKLIB32) +WIN32_VS2022_JGSKLIB = $(JGSKLIB32) +WIN32_VS2022_JCCPKG_LIBS = $(WIN_JCCPKG_LIBS) +WIN32_VS2022_ICKCLIB = $(ICKCLIB32) +WIN32_VS2022_ICKCPKG_LIBS = $(WIN_ICKCPKG_LIBS) +WIN32_VS2022_GSK_SETUP = export PATH='$(GSK_DIR)' WIN32_VS2022_AUX_LIBS = $(WIN_AUX_LIBS) -WIN64_ICCPKG_LIBS = $(GSK_SDK)/gsk$(GSK_VER)iccs_64.lib -WIN64_GSKLIB = $(GSKLIB_B)_64$(SHLSUFX) -WIN64_JGSKLIB = $(JGSKLIB_B)_64$(SHLSUFX) -WIN64_JCCPKG_LIBS = $(JGSK_SDK)/lib/jgsk$(GSK_VER)iccs_64.lib +WIN64_ICCPKG_LIBS = $(GSK_SDK)/$(GSKLIB_B)_64$(STLSUFX) +WIN64_ICCPKG_S_LIBS = $(GSK_SDK)/static/$(GSKLIB_B)_64$(STLSUFX) +WIN64_GSK_LIB_STATIC = $(GSK_SDK)/static/$(GSKLIB_B)_64$(STLSUFX) +WIN64_GSKLIB = $(GSKLIB64) +WIN64_JGSKLIB = $(JGSKLIB64) +WIN64_JCCPKG_LIBS = $(JGSK_SDK)/lib/$(JGSKLIB_B)_64$(STLSUFX) +WIN64_ICKCLIB = $(ICKCLIB64) +WIN64_ICKCPKG_LIBS = $(ICKC_SDK)/$(ICKCLIB_B)_64$(STLSUFX) WIN64_GSK_SETUP = $(WIN32_GSK_SETUP) WIN64_AUX_LIBS = $(WIN_AUX_LIBS) -WIN64_AMD_ICCPKG_LIBS = $(GSK_SDK)/gsk$(GSK_VER)iccs_64.lib -WIN64_AMD_GSKLIB = $(GSKLIB_B)_64$(SHLSUFX) -WIN64_AMD_JGSKLIB = $(JGSKLIB_B)_64$(SHLSUFX) -WIN64_AMD_JCCPKG_LIBS = $(JGSK_SDK)/lib/jgsk$(GSK_VER)iccs_64.lib +WIN64_AMD_ICCPKG_LIBS = $(WIN64_ICCPKG_LIBS) +WIN64_AMD_ICCPKG_S_LIBS = $(WIN64_ICCPKG_S_LIBS) +WIN64_AMD_GSK_LIB_STATIC = $(WIN64_GSK_LIB_STATIC) +WIN64_AMD_GSKLIB = $(GSKLIB64) +WIN64_AMD_JGSKLIB = $(JGSKLIB64) +WIN64_AMD_JCCPKG_LIBS = $(WIN64_JCCPKG_LIBS) +WIN64_AMD_ICKCLIB = $(ICKCLIB64) +WIN64_AMD_ICKCPKG_LIBS = $(ICKC_SDK)/$(ICKCLIB_B)_64$(STLSUFX) WIN64_AMD_GSK_SETUP = $(WIN32_GSK_SETUP) WIN64_AMD_AUX_LIBS = $(WIN_AUX_LIBS) -WIN64_AMD_VS2013_ICCPKG_LIBS = $(GSK_SDK)/gsk$(GSK_VER)iccs_64.lib -WIN64_AMD_VS2013_GSKLIB = $(GSKLIB_B)_64$(SHLSUFX) -WIN64_AMD_VS2013_JGSKLIB = $(JGSKLIB_B)_64$(SHLSUFX) -WIN64_AMD_VS2013_JCCPKG_LIBS = $(JGSK_SDK)/lib/jgsk$(GSK_VER)iccs_64.lib +WIN64_AMD_VS2013_ICCPKG_LIBS = $(WIN64_ICCPKG_LIBS) +WIN64_AMD_VS2013_ICCPKG_S_LIBS = $(WIN64_ICCPKG_S_LIBS) +WIN64_AMD_VS2013_GSK_LIB_STATIC = $(WIN64_GSK_LIB_STATIC) +WIN64_AMD_VS2013_GSKLIB = $(GSKLIB64) +WIN64_AMD_VS2013_JGSKLIB = $(JGSKLIB64) +WIN64_AMD_VS2013_JCCPKG_LIBS = $(WIN64_JCCPKG_LIBS) +WIN64_AMD_VS2013_ICKCLIB = $(ICKCLIB64) +WIN64_AMD_VS2013_ICKCPKG_LIBS = $(ICKC_SDK)/$(ICKCLIB_B)_64$(STLSUFX) WIN64_AMD_VS2013_GSK_SETUP = $(WIN32_GSK_SETUP) WIN64_AMD_VS2013_AUX_LIBS = $(WIN_AUX_LIBS) -WIN64_VS2022_ICCPKG_LIBS = $(GSK_SDK)/gsk$(GSK_VER)iccs_64.lib -WIN64_VS2022_GSKLIB = $(GSKLIB_B)_64$(SHLSUFX) -WIN64_VS2022_JGSKLIB = $(JGSKLIB_B)_64$(SHLSUFX) -WIN64_VS2022_JCCPKG_LIBS = $(JGSK_SDK)/lib/jgsk$(GSK_VER)iccs_64.lib -WIN64_VS2022_GSK_SETUP = $(WIN32_GSK_SETUP) +WIN64_VS2022_ICCPKG_LIBS = $(WIN64_ICCPKG_LIBS) +WIN64_VS2022_ICCPKG_S_LIBS = $(WIN64_ICCPKG_S_LIBS) +WIN64_VS2022_GSK_LIB_STATIC = $(WIN64_GSK_LIB_STATIC) +WIN64_VS2022_GSKLIB = $(GSKLIB64) +WIN64_VS2022_JGSKLIB = $(JGSKLIB64) +WIN64_VS2022_JCCPKG_LIBS = $(WIN64_JCCPKG_LIBS) +WIN64_VS2022_ICKCLIB = $(ICKCLIB64) +WIN64_VS2022_ICKCPKG_LIBS = $(ICKC_SDK)/$(ICKCLIB_B)_64$(STLSUFX) +WIN64_VS2022_GSK_SETUP = $(WIN32_VS2022_GSK_SETUP) WIN64_VS2022_AUX_LIBS = $(WIN_AUX_LIBS) + LINUX_ICCPKG_LIBS = $(UNIX_ICCPKG_LIBS) +LINUX_ICCPKG_S_LIBS = $(UNIX_ICCPKG_S_LIBS) +LINUX_GSK_LIB_STATIC = $(UNIX_GSK_LIB_STATIC) LINUX_GSKLIB = $(GSKLIB32) LINUX_JGSKLIB = $(JGSKLIB32) LINUX_JCCPKG_LIBS = $(UNIX_JCCPKG_LIBS) +LINUX_ICKCLIB = $(ICKCLIB32) +LINUX_ICKCPKG_LIBS = $(UNIX_ICKCPKG_LIBS) +LINUX_GSK_SETUP = export LD_LIBRARY_PATH=$(GSK_DIR) LINUX_AUX_LIBS = $(UNIX_AUX_LIBS) -#LINUX_GSK_GLOBAL See above -# Disabled while we clobber DSA in FIPS mode -#LINUX_GSK_SETUP = export LD_LIBRARY_PATH=$(GSK_DIR); ./icctest; -LINUX_GSK_SETUP = export LD_LIBRARY_PATH=$(GSK_DIR) - AMD64_LINUX_ICCPKG_LIBS = $(UNIX64_ICCPKG_LIBS) AMD64_LINUX_GSKLIB = $(GSKLIB64) AMD64_LINUX_JGSKLIB = $(JGSKLIB64) AMD64_LINUX_JCCPKG_LIBS = $(UNIX64_JCCPKG_LIBS) +AMD64_LINUX_ICKCLIB = $(ICKCLIB64) +AMD64_LINUX_ICKCPKG_LIBS = $(UNIX64_ICKCPKG_LIBS) AMD64_LINUX_GSK_GLOBAL = $(LINUX64_GSK_GLOBAL) AMD64_LINUX_GSK_SETUP = $(LINUX_GSK_SETUP) AMD64_LINUX_AUX_LIBS = $(UNIX_AUX_LIBS) ARM_LINUX_ICCPKG_LIBS = $(UNIX_ICCPKG_LIBS) +ARM_LINUX_ICCPKG_S_LIBS = $(UNIX_ICCPKG_S_LIBS) +ARM_LINUX_GSK_LIB_STATIC = $(UNIX_GSK_LIB_STATIC) ARM_LINUX_GSKLIB = $(GSKLIB32) ARM_LINUX_JGSKLIB = $(JGSKLIB32) ARM_LINUX_JCCPKG_LIBS = $(UNIX_JCCPKG_LIBS) +ARM_LINUX_ICKCLIB = $(ICKCLIB32) +ARM_LINUX_ICKCPKG_LIBS = $(UNIX_ICKCPKG_LIBS) ARM_LINUX_GSK_GLOBAL = $(LINUX_GSK_GLOBAL) ARM_LINUX_GSK_SETUP = $(LINUX_GSK_SETUP) ARM_LINUX_AUX_LIBS = $(UNIX_AUX_LIBS) @@ -136,14 +252,21 @@ ARM64_LINUX_ICCPKG_LIBS = $(UNIX64_ICCPKG_LIBS) ARM64_LINUX_GSKLIB = $(GSKLIB64) ARM64_LINUX_JGSKLIB = $(JGSKLIB64) ARM64_LINUX_JCCPKG_LIBS = $(UNIX64_JCCPKG_LIBS) +ARM64_LINUX_ICKCLIB = $(ICKCLIB64) +ARM64_LINUX_ICKCPKG_LIBS = $(UNIX64_ICKCPKG_LIBS) ARM64_LINUX_GSK_GLOBAL = $(LINUX64_GSK_GLOBAL) ARM64_LINUX_GSK_SETUP = $(LINUX_GSK_SETUP) ARM64_LINUX_AUX_LIBS = $(UNIX_AUX_LIBS) + PPC_LINUX_ICCPKG_LIBS = $(UNIX_ICCPKG_LIBS) +PPC_LINUX_ICCPKG_S_LIBS = $(UNIX_ICCPKG_S_LIBS) +PPC_LINUX_GSK_LIB_STATIC = $(UNIX_GSK_LIB_STATIC) PPC_LINUX_GSKLIB = $(GSKLIB32) PPC_LINUX_JGSKLIB = $(JGSKLIB32) PPC_LINUX_JCCPKG_LIBS = $(UNIX_JCCPKG_LIBS) +PPC_LINUX_ICKCLIB = $(ICKCLIB32) +PPC_LINUX_ICKCPKG_LIBS = $(UNIX_ICKCPKG_LIBS) PPC_LINUX_GSK_GLOBAL = $(LINUX_GSK_GLOBAL) PPC_LINUX_GSK_SETUP = $(LINUX_GSK_SETUP) PPC_LINUX_AUX_LIBS = $(UNIX_AUX_LIBS) @@ -152,6 +275,8 @@ PPC64_LINUX_ICCPKG_LIBS = $(UNIX64_ICCPKG_LIBS) PPC64_LINUX_GSKLIB = $(GSKLIB64) PPC64_LINUX_JGSKLIB = $(JGSKLIB64) PPC64_LINUX_JCCPKG_LIBS = $(UNIX64_JCCPKG_LIBS) +PPC64_LINUX_ICKCLIB = $(ICKCLIB64) +PPC64_LINUX_ICKCPKG_LIBS = $(UNIX64_ICKCPKG_LIBS) PPC64_LINUX_GSK_GLOBAL = $(LINUX64_GSK_GLOBAL) PPC64_LINUX_GSK_SETUP = $(LINUX_GSK_SETUP) PPC64_LINUX_AUX_LIBS = $(UNIX_AUX_LIBS) @@ -160,23 +285,32 @@ PPC64LE_LINUX_ICCPKG_LIBS = $(UNIX64_ICCPKG_LIBS) PPC64LE_LINUX_GSKLIB = $(GSKLIB64) PPC64LE_LINUX_JGSKLIB = $(JGSKLIB64) PPC64LE_LINUX_JCCPKG_LIBS = $(UNIX64_JCCPKG_LIBS) +PPC64LE_LINUX_ICKCLIB = $(ICKCLIB64) +PPC64LE_LINUX_ICKCPKG_LIBS = $(UNIX64_ICKCPKG_LIBS) PPC64LE_LINUX_GSK_GLOBAL = $(LINUX64_GSK_GLOBAL) PPC64LE_LINUX_GSK_SETUP = $(LINUX_GSK_SETUP) PPC64LE_LINUX_AUX_LIBS = $(UNIX_AUX_LIBS) +# May be obsolete (2025) IA64_LINUX_ICCPKG_LIBS = $(UNIX64_ICCPKG_LIBS) IA64_LINUX_GSKLIB = $(GSKLIB64) IA64_LINUX_JGSKLIB = $(JGSKLIB64) IA64_LINUX_JCCPKG_LIBS = $(UNIX64_JCCPKG_LIBS) +IA64_LINUX_ICKCLIB = $(ICKCLIB64) +IA64_LINUX_ICKCPKG_LIBS = $(UNIX64_ICKCPKG_LIBS) IA64_LINUX_GSK_GLOBAL = $(LINUX64_GSK_GLOBAL) IA64_LINUX_GSK_SETUP = $(LINUX_GSK_SETUP) IA64_LINUX_AUX_LIBS = $(UNIX_AUX_LIBS) S390_LINUX_ICCPKG_LIBS = $(UNIX_ICCPKG_LIBS) +S390_LINUX_ICCPKG_S_LIBS = $(UNIX_ICCPKG_S_LIBS) +S390_LINUX_GSK_LIB_STATIC = $(UNIX_GSK_LIB_STATIC) S390_LINUX_GSKLIB = $(GSKLIB32) S390_LINUX_JGSKLIB = $(JGSKLIB32) S390_LINUX_JCCPKG_LIBS = $(UNIX_JCCPKG_LIBS) +S390_LINUX_ICKCLIB = $(ICKCLIB32) +S390_LINUX_ICKCPKG_LIBS = $(UNIX_ICKCPKG_LIBS) S390_LINUX_GSK_GLOBAL = $(LINUX_GSK_GLOBAL) S390_LINUX_GSK_SETUP = $(LINUX_GSK_SETUP) S390_LINUX_AUX_LIBS = $(UNIX_AUX_LIBS) @@ -185,65 +319,65 @@ S390X_LINUX_ICCPKG_LIBS = $(UNIX64_ICCPKG_LIBS) S390X_LINUX_GSKLIB = $(GSKLIB64) S390X_LINUX_JGSKLIB = $(JGSKLIB64) S390X_LINUX_JCCPKG_LIBS = $(UNIX64_JCCPKG_LIBS) +S390X_LINUX_ICKCLIB = $(ICKCLIB64) +S390X_LINUX_ICKCPKG_LIBS = $(UNIX64_ICKCPKG_LIBS) S390X_LINUX_GSK_GLOBAL = $(LINUX64_GSK_GLOBAL) S390X_LINUX_GSK_SETUP = $(LINUX_GSK_SETUP) S390X_LINUX_AUX_LIBS = $(UNIX_AUX_LIBS) -ZOS_ICCPKG_LIBS = $(GSK_SDK)/libgsk$(GSK_VER)iccs_64.x +ZOS_ICCPKG_LIBS = $(GSK_SDK)/$(GSKLIB_B)_64.x $(ICC_ROOT)/icc/csvquery_64$(OBJSUFX) +ZOS_ICCPKG_S_LIBS = $(UNIX64_GSK_LIB_STATIC) $(ICC_ROOT)/icc/csvquery_64$(OBJSUFX) ZOS_GSKLIB = $(GSKLIB64) ZOS_JGSKLIB = $(JGSKLIB64) -ZOS_JCCPKG_LIBS = $(JGSK_SDK)/libjgsk$(GSK_VER)iccs_64.x +ZOS_JCCPKG_LIBS = $(JGSK_SDK)/$(JGSKLIB_B)_64.x +ZOS_ICKCLIB = $(ICKCLIB64) +ZOS_ICKCPKG_LIBS = $(ICKC_SDK)/$(ICKCLIB_B)_64.x ZOS_GSK_GLOBAL = $(LINUX_GSK_GLOBAL) -ZOS_GSK_SETUP = $(LINUX_GSK_SETUP) +ZOS_GSK_SETUP = export LIBPATH=$(GSK_DIR) ZOS_AUX_LIBS = $(UNIX_AUX_LIBS) # ZOS ASCII mode -ZOSA_ICCPKG_LIBS = $(GSK_SDK)/libgsk$(GSK_VER)iccs_64.x +ZOSA_ICCPKG_LIBS = $(GSK_SDK)/$(GSKLIB_B)_64.x $(ICC_ROOT)/icc/csvquery_64$(OBJSUFX) +ZOSA_ICCPKG_S_LIBS = $(UNIX64_GSK_LIB_STATIC) $(ICC_ROOT)/icc/csvquery_64$(OBJSUFX) ZOSA_GSKLIB = $(GSKLIB64) ZOSA_JGSKLIB = $(JGSKLIB64) -ZOSA_JCCPKG_LIBS = $(JGSK_SDK)/libjgsk$(GSK_VER)iccs_64.x +ZOSA_JCCPKG_LIBS = $(JGSK_SDK)/$(JGSKLIB_B)_64.x +ZOSA_ICKCLIB = $(ICKCLIB64) +ZOSA_ICKCPKG_LIBS = $(ICKC_SDK)/$(ICKCLIB_B)_64.x ZOSA_GSK_GLOBAL = $(LINUX_GSK_GLOBAL) -ZOSA_GSK_SETUP = $(LINUX_GSK_SETUP) +ZOSA_GSK_SETUP = $(ZOS_GSK_SETUP) ZOSA_AUX_LIBS = $(UNIX_AUX_LIBS) - -ZOS31_ICCPKG_LIBS = $(GSK_SDK)/libgsk$(GSK_VER)iccs.x +ZOS31_ICCPKG_LIBS = $(GSK_SDK)/$(GSKLIB_B).x $(ICC_ROOT)/icc/csvquery$(OBJSUFX) +ZOS31_ICCPKG_S_LIBS = $(UNIX_GSK_LIB_STATIC) $(ICC_ROOT)/icc/csvquery$(OBJSUFX) +ZOS31_GSK_LIB_STATIC = $(UNIX_GSK_LIB_STATIC) ZOS31_GSKLIB = $(GSKLIB32) ZOS31_JGSKLIB = $(JGSKLIB32) -ZOS31_JCCPKG_LIBS = $(JGSK_SDK)/libjgsk$(GSK_VER)iccs.x +ZOS31_JCCPKG_LIBS = $(JGSK_SDK)/$(JGSKLIB_B).x +ZOS31_ICKCLIB = $(ICKCLIB32) +ZOS31_ICKCPKG_LIBS = $(ICKC_SDK)/$(ICKCLIB_B).x ZOS31_GSK_GLOBAL = $(LINUX_GSK_GLOBAL) -ZOS31_GSK_SETUP = $(LINUX_GSK_SETUP) +ZOS31_GSK_SETUP = $(ZOS_GSK_SETUP) ZOS31_AUX_LIBS = $(UNIX_AUX_LIBS) # ZOS 31 bit ASCII mode -ZOSA31_ICCPKG_LIBS = $(GSK_SDK)/libgsk$(GSK_VER)iccs.x +ZOSA31_ICCPKG_LIBS = $(GSK_SDK)/$(GSKLIB_B).x $(ICC_ROOT)/icc/csvquery$(OBJSUFX) +ZOSA31_ICCPKG_S_LIBS = $(UNIX_GSK_LIB_STATIC) $(ICC_ROOT)/icc/csvquery$(OBJSUFX) +ZOSA31_GSK_LIB_STATIC = $(UNIX_GSK_LIB_STATIC) ZOSA31_GSKLIB = $(GSKLIB32) ZOSA31_JGSKLIB = $(JGSKLIB32) -ZOSA31_JCCPKG_LIBS = $(JGSK_SDK)/libjgsk$(GSK_VER)iccs.x +ZOSA31_JCCPKG_LIBS = $(JGSK_SDK)/$(JGSKLIB_B).x +ZOSA31_ICKCLIB = $(ICKCLIB32) +ZOSA31_ICKCPKG_LIBS = $(ICKC_SDK)/$(ICKCLIB_B).x ZOSA31_GSK_GLOBAL = $(LINUX_GSK_GLOBAL) -ZOSA31_GSK_SETUP = $(LINUX_GSK_SETUP) +ZOSA31_GSK_SETUP = $(ZOS_GSK_SETUP) ZOSA31_AUX_LIBS = $(UNIX_AUX_LIBS) -OS400X_ICCPKG_LIBS = $(UNIX_ICCPKG_LIBS) -OS400X_GSKLIB = $(GSKLIB32) -OS400X_JGSKLIB = $(JGSKLIB32) -OS400X_JCCPKG_LIBS = $(UNIX_JCCPKG_LIBS) -OS400X_GSK_GLOBAL = $(LINUX_GSK_GLOBAL) -OS400X_GSK_SETUP = $(LINUX_GSK_SETUP) -OS400X_AUX_LIBS = $(UNIX_AUX_LIBS) - - -OSX_FAT4_ICCPKG_LIBS = $(UNIX_ICCPKG_LIBS) -OSX_FAT4_GSKLIB = $(GSKLIB32) -OSX_FAT4_JGSKLIB = $(JGSKLIB32) -OSX_FAT4_JCCPKG_LIBS = $(UNIX_JCCPKG_LIBS) -OSX_FAT4_GSK_GLOBAL = $(LINUX_GSK_GLOBAL) -OSX_FAT4_GSK_SETUP = export DYLD_LIBRARY_PATH=$(GSK_DIR) -OSX_FAT4_AUX_LIBS = $(UNIX_AUX_LIBS) - OSX_X86_ICCPKG_LIBS = $(UNIX_ICCPKG_LIBS) +OSX_X86_ICCPKG_S_LIBS = $(UNIX_ICCPKG_S_LIBS) +OSX_X86_GSK_LIB_STATIC = $(UNIX_GSK_LIB_STATIC) OSX_X86_GSKLIB = $(GSKLIB32) OSX_X86_GSK_GLOBAL = $(LINUX_GSK_GLOBAL) OSX_X86_GSK_SETUP = export DYLD_LIBRARY_PATH=$(GSK_DIR) @@ -251,126 +385,178 @@ OSX_X86_AUX_LIBS = $(UNIX_AUX_LIBS) OSX_X86_64_ICCPKG_LIBS = $(UNIX_ICCPKG_LIBS) OSX_X86_64_GSKLIB = $(GSKLIB64) +OSX_X86_64_JGSKLIB = $(JGSKLIB64) +OSX_X86_64_JCCPKG_LIBS = $(UNIX_JCCPKG_LIBS) +OSX_X86_64_ICKCLIB = $(ICKCLIB64) +OSX_X86_64_ICKCPKG_LIBS = $(UNIX_ICKCPKG_LIBS) OSX_X86_64_GSK_GLOBAL = $(LINUX_GSK_GLOBAL) OSX_X86_64_GSK_SETUP = export DYLD_LIBRARY_PATH=$(GSK_DIR) OSX_X86_64_AUX_LIBS = $(UNIX_AUX_LIBS) OSX_ARM64_ICCPKG_LIBS = $(UNIX_ICCPKG_LIBS) +OSX_ARM64_ICCPKG_S_LIBS = $(UNIX_ICCPKG_S_LIBS) +OSX_ARM64_GSK_LIB_STATIC = $(UNIX_GSK_LIB_STATIC) OSX_ARM64_GSKLIB = $(GSKLIB32) OSX_ARM64_JGSKLIB = $(JGSKLIB32) OSX_ARM64_JCCPKG_LIBS = $(UNIX_JCCPKG_LIBS) +OSX_ARM64_ICKCLIB = $(ICKCLIB32) +OSX_ARM64_ICKCPKG_LIBS = $(UNIX_ICKCPKG_LIBS) OSX_ARM64_GSK_GLOBAL = $(LINUX_GSK_GLOBAL) OSX_ARM64_GSK_SETUP = export DYLD_LIBRARY_PATH=$(GSK_DIR) OSX_ARM64_AUX_LIBS = $(UNIX_AUX_LIBS) OSXV9_ICCPKG_LIBS = $(UNIX_ICCPKG_LIBS) +OSXV9_ICCPKG_S_LIBS = $(UNIX_ICCPKG_S_LIBS) +OSXV9_GSK_LIB_STATIC = $(UNIX_GSK_LIB_STATIC) OSXV9_GSKLIB = $(GSKLIB32) OSXV9_JGSKLIB = $(JGSKLIB32) OSXV9_JCCPKG_LIBS = $(UNIX_JCCPKG_LIBS) +OSXV9_ICKCLIB = $(ICKCLIB32) +OSXV9_ICKCPKG_LIBS = $(UNIX_ICKCPKG_LIBS) OSXV9_GSK_GLOBAL = $(LINUX_GSK_GLOBAL) OSXV9_GSK_SETUP = export DYLD_LIBRARY_PATH=$(GSK_DIR) OSXV9_AUX_LIBS = $(UNIX_AUX_LIBS) + AIX_ICCPKG_LIBS = -brtl $(UNIX_ICCPKG_LIBS) +AIX_ICCPKG_S_LIBS = $(UNIX_ICCPKG_S_LIBS) +AIX_GSK_LIB_STATIC = $(UNIX_GSK_LIB_STATIC) AIX_GSKLIB = $(GSKLIB32) AIX_JGSKLIB = $(JGSKLIB32) AIX_JCCPKG_LIBS = -brtl $(UNIX_JCCPKG_LIBS) +AIX_ICKCLIB = $(ICKCLIB32) +AIX_ICKCPKG_LIBS = -brtl $(UNIX_ICKCPKG_LIBS) AIX_GSK_GLOBAL = "/usr/opt/ibm/gsk8/lib" AIX_GSK_SETUP = export LIBPATH=$(GSK_DIR) AIX_AUX_LIBS = $(UNIX_AUX_LIBS) - AIX64_ICCPKG_LIBS = -brtl $(UNIX64_ICCPKG_LIBS) +# static lib does not include old icc.o on this platform so try linking MUPPET instead +AIX64_ICCPKG_S_LIBS = $(MUPPET) $(UNIX64_ICCPKG_S_LIBS) AIX64_GSKLIB = $(GSKLIB64) AIX64_JGSKLIB = $(JGSKLIB64) AIX64_JCCPKG_LIBS = -brtl $(UNIX64_JCCPKG_LIBS) +AIX64_ICKCLIB = $(ICKCLIB64) +AIX64_ICKCPKG_LIBS = -brtl $(UNIX64_ICKCPKG_LIBS) AIX64_GSK_GLOBAL = "/usr/opt/ibm/gsk8_64/lib64" AIX64_GSK_SETUP = export LIBPATH=$(GSK_DIR) AIX64_AUX_LIBS = $(UNIX_AUX_LIBS) SUN_ICCPKG_LIBS = $(UNIX_ICCPKG_LIBS) +SUN_ICCPKG_S_LIBS = $(UNIX_ICCPKG_S_LIBS) +SUN_GSK_LIB_STATIC = $(UNIX_GSK_LIB_STATIC) SUN_GSKLIB = $(GSKLIB32) SUN_JGSKLIB = $(JGSKLIB32) SUN_JCCPKG_LIBS = $(UNIX_JCCPKG_LIBS) +SUN_ICKCLIB = $(ICKCLIB32) +SUN_ICKCPKG_LIBS = $(UNIX_ICKCPKG_LIBS) SUN_GSK_GLOBAL = $(UNIX_GSK_GLOBAL) SUN_GSK_SETUP = $(LINUX_GSK_SETUP) SUN_AUX_LIBS = $(UNIX_AUX_LIBS) - SUN64_ICCPKG_LIBS = $(UNIX64_ICCPKG_LIBS) SUN64_GSKLIB = $(GSKLIB64) SUN64_JGSKLIB = $(JGSKLIB64) SUN64_JCCPKG_LIBS = $(UNIX64_JCCPKG_LIBS) +SUN64_ICKCLIB = $(ICKCLIB64) +SUN64_ICKCPKG_LIBS = $(UNIX64_ICKCPKG_LIBS) SUN64_GSK_GLOBAL = $(UNIX64_GSK_GLOBAL) SUN64_GSK_SETUP = $(SUN_GSK_SETUP) SUN64_AUX_LIBS = $(UNIX_AUX_LIBS) - SUN_AMD64_ICCPKG_LIBS = $(UNIX64_ICCPKG_LIBS) SUN_AMD64_GSKLIB = $(GSKLIB64) SUN_AMD64_JGSKLIB = $(JGSKLIB64) SUN_AMD64_JCCPKG_LIBS = $(UNIX64_JCCPKG_LIBS) +SUN_AMD64_ICKCLIB = $(ICKCLIB64) +SUN_AMD64_ICKCPKG_LIBS = $(UNIX64_ICKCPKG_LIBS) SUN_AMD64_GSK_GLOBAL = $(SUN64_GSK_GLOBAL) SUN_AMD64_GSK_SETUP = $(SUN_GSK_SETUP) SUN_AMD64_AUX_LIBS = $(UNIX_AUX_LIBS) - SUN_X86_ICCPKG_LIBS = $(UNIX_ICCPKG_LIBS) +SUN_X86_ICCPKG_S_LIBS = $(UNIX_ICCPKG_S_LIBS) +SUN_X86_GSK_LIB_STATIC = $(UNIX_GSK_LIB_STATIC) SUN_X86_GSKLIB = $(GSKLIB32) SUN_X86_JGSKLIB = $(JGSKLIB32) SUN_X86_JCCPKG_LIBS = $(UNIX_JCCPKG_LIBS) +SUN_X86_ICKCLIB = $(ICKCLIB32) +SUN_X86_ICKCPKG_LIBS = $(UNIX_ICKCPKG_LIBS) SUN_X86_GSK_GLOBAL = $(SUN_GSK_GLOBAL) SUN_X86_GSK_SETUP = $(SUN_GSK_SETUP) SUN_X86_AUX_LIBS = $(UNIX_AUX_LIBS) HPUX_ICCPKG_LIBS = $(UNIX_ICCPKG_LIBS) +HPUX_ICCPKG_S_LIBS = $(UNIX_ICCPKG_S_LIBS) +HPUX_GSK_LIB_STATIC = $(UNIX_GSK_LIB_STATIC) HPUX_GSKLIB = $(GSKLIB32) HPUX_JGSKLIB = $(JGSKLIB32) HPUX_JCCPKG_LIBS = $(UNIX_JCCPKG_LIBS) +HPUX_ICKCLIB = $(ICKCLIB32) +HPUX_ICKCPKG_LIBS = $(UNIX_ICKCPKG_LIBS) HPUX_GSK_GLOBAL = $(UNIX_GSK_GLOBAL) HPUX_GSK_SETUP = $(LINUX_GSK_SETUP) HPUX_AUX_LIBS = $(UNIX_AUX_LIBS) - HPUX64_ICCPKG_LIBS = $(UNIX64_ICCPKG_LIBS) HPUX64_GSKLIB = $(GSKLIB64) HPUX64_JGSKLIB = $(JGSKLIB64) HPUX64_JCCPKG_LIBS = $(UNIX64_JCCPKG_LIBS) +HPUX64_ICKCLIB = $(ICKCLIB64) +HPUX64_ICKCPKG_LIBS = $(UNIX64_ICKCPKG_LIBS) HPUX64_GSK_GLOBAL = $(UNIX64_GSK_GLOBAL) HPUX64_GSK_SETUP = $(LINUX_GSK_SETUP) HPUX64_AUX_LIBS = $(UNIX_AUX_LIBS) - -IA64_HPUX_ICCPKG_LIBS = -L$(GSK_DIR) -lgsk$(GSK_VER)iccs_32 +IA64_HPUX_ICCPKG_LIBS = -L$(GSK_DIR) -l$(GSKLIB_ROOT)_32 +IA64_HPUX_ICCPKG_S_LIBS = $(UNIX_ICCPKG_S_LIBS) +IA64_HPUX_GSK_LIB_STATIC = $(UNIX_GSK_LIB_STATIC) IA64_HPUX_GSKLIB = $(GSKLIB_B)_32$(SHLSUFX) IA64_HPUX_JGSKLIB = $(JGSKLIB_B)_32$(SHLSUFX) -IA64_HPUX_JCCPKG_LIBS = -L$(JGSK_DIR) -ljgsk$(GSK_VER)iccs_32 +IA64_HPUX_JCCPKG_LIBS = -L$(JGSK_DIR) -lj$(GSKLIB_ROOT)_32 +IA64_HPUX_ICKCLIB = $(ICKCLIB_B)_32$(SHLSUFX) +IA64_HPUX_ICKCPKG_LIBS = -L$(ICKC_DIR) -lickcs_32 IA64_HPUX_GSK_GLOBAL = $(HPUX_GSK_GLOBAL) IA64_HPUX_GSK_SETUP = $(LINUX_GSK_SETUP) IA64_HPUX_AUX_LIBS = $(UNIX_AUX_LIBS) - IA64_HPUX64_ICCPKG_LIBS = $(UNIX64_ICCPKG_LIBS) IA64_HPUX64_GSKLIB = $(GSKLIB64) IA64_HPUX64_JGSKLIB = $(JGSKLIB64) IA64_HPUX64_JCCPKG_LIBS = $(UNIX64_JCCPKG_LIBS) +IA64_HPUX64_ICKCLIB = $(ICKCLIB64) +IA64_HPUX64_ICKCPKG_LIBS = $(UNIX64_ICKCPKG_LIBS) IA64_HPUX64_GSK_GLOBAL = $(HPUX64_GSK_GLOBAL) IA64_HPUX64_GSK_SETUP = $(LINUX_GSK_SETUP) IA64_HPUX64_AUX_LIBS = $(UNIX_AUX_LIBS) +# all the same for 64 bit +#$(OPSYS)_GSKLIBS = $(GSKLIBS64) # Names of the GSkit-crypto libs for GSkit8 GSK_LIBNAME = $($(OPSYS)_GSKLIB) GSK_LIB = $(GSK_DIR)/$(GSK_LIBNAME) +#GSK_LIBNAME_S = $($(OPSYS)_GSKLIBS) +GSK_LIB_STATIC = $($(OPSYS)_GSK_LIB_STATIC) +#GSK_LIB_IMPORT = $(GSK_SDK)/import/$(GSKLIB_B)_64$(STLSUFX) +ICCPKG_S_LIBS = $($(OPSYS)_ICCPKG_S_LIBS) ICCPKG_LIBS = $($(OPSYS)_ICCPKG_LIBS) + # Names of the GSkit-Crypto libs for Java components JGSK_LIBNAME = $($(OPSYS)_JGSKLIB) JGSK_LIB = $(JGSK_DIR)/$(JGSK_LIBNAME) JCCPKG_LIBS = $($(OPSYS)_JCCPKG_LIBS) + +# Names of the GSkit-Crypto libs with ICKC_ namespace +ICKC_LIBNAME = $($(OPSYS)_ICKCLIB) +ICKC_LIB = $(ICKC_DIR)/$(ICKC_LIBNAME) +ICKCPKG_LIBS = $($(OPSYS)_ICKCPKG_LIBS) + # Global GSkit install dir GSK_GLOBAL = $($(OPSYS)_GSK_GLOBAL) + # LD_LIBRARY_PATH setup to find libs at runtume GSK_SETUP = $($(OPSYS)_GSK_SETUP) # Link path to the aux library diff --git a/iccpkg/gsk_wrap2.c b/iccpkg/gsk_wrap2.c index dace920..f50d2e0 100644 --- a/iccpkg/gsk_wrap2.c +++ b/iccpkg/gsk_wrap2.c @@ -1,15 +1,14 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ -/************************************************************************* +/* // Description: Manually created source for the ICCPKG wrapper for GSkit -// -*************************************************************************/ +*/ /*! \IMPLEMENT This is the frequently changing part of the code that becomes @@ -42,7 +41,25 @@ # define JCC_EVP_get_digestbyname(a, b) JCC_EVP_get_digestbyname_disabled(a, b) # define JCC_EVP_get_cipherbyname(a, b) JCC_EVP_get_cipherbyname_disabled(a, b) # endif -#else /* Normal step library */ + +#else +#if defined(ICKC_WRAP) + +/* Using ICKC_ namespace */ +# include "ickc_a.h" +# if defined(__MVS__) +# include "exports/ickcstepZOS.h" +# endif +# if defined(GEN_RAND_SEED_HACK) +# undef ICC_GenerateRandomSeed +# define ICC_GenerateRandomSeed(a,b,c,d) ICKC_GenerateRandomSeed_disabled(a,b,c,d) +# endif /* GEN_RAND_SEED_HACK */ +# if defined(GETVALUE_HACK) +# undef ICC_GetValue +# define ICC_GetValue(a, b, c, d, e) ICKC_GetValue_disabled(a, b, c, d, e) +# endif /* GETVALUE_HACK */ + +#else /* Normal GSKit step library */ # if defined(__MVS__) # include "exports/iccstepZOS.h" # endif @@ -59,19 +76,13 @@ # define ICC_EVP_get_cipherbyname(a, b) ICC_EVP_get_cipherbyname_disabled(a, b) # endif #endif +#endif #if !defined(GSK_GLOBAL) #define GSK_GLOBAL "" #endif - - - #include "icc.h" -/* -#include "HKDF/hkdf.h" -*/ -#include "iccversion.h" #include "loaded.h" #include #define TRACE_CODE 1 @@ -83,6 +94,7 @@ static int truncated_status(ICC_STATUS *status); static int invalid_status(ICC_STATUS *status); static int memory_status(ICC_STATUS *status); +int gskiccs_path(char* returned_path, int path_len); #if !defined(JGSK_WRAP) /* Pick up PKCS#11 */ typedef unsigned long (*PF_C_GetFL)(void *); @@ -183,8 +195,12 @@ static wchar_t mypath[ICC_VALUESIZE]; #if defined(JGSK_WRAP) int ICC_LINKAGE JCC_GetValue(ICC_CTX *pcb,ICC_STATUS* status,ICC_VALUE_IDS_ENUM valueID,void* value,int valueLength) #else +#if defined(ICKC_WRAP) +int ICC_LINKAGE ICKC_GetValue(ICC_CTX* pcb, ICC_STATUS* status, ICC_VALUE_IDS_ENUM valueID, void* value, int valueLength) +#else int ICC_LINKAGE ICC_GetValue(ICC_CTX *pcb,ICC_STATUS* status,ICC_VALUE_IDS_ENUM valueID,void* value,int valueLength) #endif +#endif { WICC_CTX *wpcb = (WICC_CTX *)pcb; int done = 0; @@ -196,12 +212,12 @@ int ICC_LINKAGE ICC_GetValue(ICC_CTX *pcb,ICC_STATUS* status,ICC_VALUE_IDS_ENUM rv = default_status(status); } if(NULL != wpcb) { -# if HAVE_N_ICC +# if defined(HAVE_N_ICC) if(NULL != wpcb->Nctx) { rv = ICCN_GetValue(wpcb->Nctx,status,valueID,value,valueLength); } # endif -# if HAVE_C_ICC +# if defined(HAVE_C_ICC ) if(NULL != wpcb->Cctx) { # if defined(_WIN32) if(ICC_INSTALL_PATH == valueID) { @@ -287,15 +303,19 @@ int ICC_LINKAGE ICC_GetValue(ICC_CTX *pcb,ICC_STATUS* status,ICC_VALUE_IDS_ENUM #if defined(GEN_RAND_SEED_HACK) -#if defined(JGSK_WRAP) #undef ICC_GenerateRandomSeed +#if defined(JGSK_WRAP) void ICC_LINKAGE JCC_GenerateRandomSeed(ICC_CTX *pcb, ICC_STATUS *status, int len, void *buffer) #else -#undef ICC_GenerateRandomSeed +#if defined(ICKC_WRAP) +void ICC_LINKAGE ICKC_GenerateRandomSeed(ICC_CTX* pcb, ICC_STATUS* status, + int len, void* buffer) +#else void ICC_LINKAGE ICC_GenerateRandomSeed(ICC_CTX *pcb, ICC_STATUS *status, int len, void *buffer) #endif +#endif { WICC_CTX *wpcb = (WICC_CTX *)pcb; if(NULL != status) { @@ -325,6 +345,15 @@ int ICC_LINKAGE JCC_SetValue(ICC_CTX *pcb,ICC_STATUS* status,ICC_VALUE_IDS_ENUM int ICC_LINKAGE JCC_Cleanup(ICC_CTX *pcb,ICC_STATUS *status); #else +#if defined(ICKC_WRAP) +ICC_CTX* ICC_LINKAGE ICKC_Init(ICC_STATUS* status, const char* iccpath); + +int ICC_LINKAGE ICKC_Attach(ICC_CTX* pcb, ICC_STATUS* status); + +int ICC_LINKAGE ICKC_SetValue(ICC_CTX* pcb, ICC_STATUS* status, ICC_VALUE_IDS_ENUM valueID, const void* value); + +int ICC_LINKAGE ICKC_Cleanup(ICC_CTX* pcb, ICC_STATUS* status); +#else ICC_CTX * ICC_LINKAGE ICC_Init(ICC_STATUS* status,const char* iccpath); int ICC_LINKAGE ICC_Attach(ICC_CTX *pcb,ICC_STATUS* status); @@ -334,6 +363,7 @@ int ICC_LINKAGE ICC_SetValue(ICC_CTX *pcb,ICC_STATUS* status,ICC_VALUE_IDS_ENUM int ICC_LINKAGE ICC_Cleanup(ICC_CTX *pcb,ICC_STATUS *status); #endif +#endif #if defined(HAVE_N_ICC) @@ -378,8 +408,12 @@ const char gskiccs_SCCSInfo[] = #if defined (JGSK_WRAP) ICC_CTX * ICC_LINKAGE JCC_InitW(ICC_STATUS* status,const wchar_t* iccpath); #else +#if defined (ICKC_WRAP) +ICC_CTX* ICC_LINKAGE ICKC_InitW(ICC_STATUS* status, const wchar_t* iccpath); +#else ICC_CTX * ICC_LINKAGE ICC_InitW(ICC_STATUS* status,const wchar_t* iccpath); #endif +#endif #if defined(HAVE_N_ICC) ICC_CTX * ICC_LINKAGE ICCN_InitW(ICC_STATUS* status,const wchar_t* iccpath); #endif @@ -590,6 +624,7 @@ static void ICC_InitReal(WICC_CTX *wctx, ICC_STATUS *status, int fips) { ICC_STATUS *stat = NULL; IN(); + MARK("MYNAME", MAKESTRING(FUNCTION_NAME(MYNAME, _))); if ((NULL != wctx) && (NULL != status)) { libsCheck(); @@ -628,7 +663,8 @@ static void ICC_InitReal(WICC_CTX *wctx, ICC_STATUS *status, int fips) { #else strcat(tmppath, "/N"); #endif -#if !defined(JGSK_WRAP) +/* PKCS11 is just in the ICC_ build - It is not an official part of ICC */ +#if !defined(JGSK_WRAP) && !defined(ICKC_WRAP) hook = C_GetFunctionList; /* So the linker will pull in the PKCS#11 lib */ if (NULL == hook) { @@ -929,7 +965,7 @@ int ICC_LINKAGE ICC_SetValue(ICC_CTX *pcb,ICC_STATUS* status,ICC_VALUE_IDS_ENUM } else { /* FIPS approved mode we catch if we can */ if (ICC_FIPS_APPROVED_MODE == valueID) { - MARK("ICC_FIPS_APPROVED_MODE in", (char *)value); + MARK("ICC_FIPS_APPROVED_MODE is", (char *)value); if (NULL != wctx) { if (0 == strcasecmp("on", (char *)value)) { wctx->prefer_FIPS = 1; diff --git a/iccpkg/iccpkg.mk b/iccpkg/iccpkg.mk index 16079c5..4787830 100644 --- a/iccpkg/iccpkg.mk +++ b/iccpkg/iccpkg.mk @@ -1,117 +1,72 @@ # Makefile stub containing the hacks needed to build gskit-crypto - +# defaults +UNIX_ICCPKG_EXPFILE = exports/iccsteplinux.exp +UNIX_JCCPKG_EXPFILE = exports/jccsteplinux.exp +UNIX_ICKCPKG_EXPFILE = exports/ickcsteplinux.exp +UNIX_ICCAUX_EXPFILE = exports/iccauxlinux.exp + +# default all platforms to UNIX +$(OPSYS)_ICCPKG_EXPFILE = $(UNIX_ICCPKG_EXPFILE) +$(OPSYS)_JCCPKG_EXPFILE = $(UNIX_JCCPKG_EXPFILE) +$(OPSYS)_ICKCPKG_EXPFILE = $(UNIX_ICKCPKG_EXPFILE) +$(OPSYS)_ICCAUX_EXPFILE = $(UNIX_ICCAUX_EXPFILE) + +# Windows WIN32_ICCPKG_EXPFILE = exports/iccstepwin.def WIN32_JCCPKG_EXPFILE = exports/jccstepwin.def -WIN32_JCCPKG_EXPFILE = exports/jccstepwin.def +WIN32_ICKCPKG_EXPFILE = exports/ickcstepwin.def WIN32_ICCAUX_EXPFILE = exports/iccauxwin.def - WIN64_AMD_ICCPKG_EXPFILE = $(WIN32_ICCPKG_EXPFILE) WIN64_AMD_JCCPKG_EXPFILE = $(WIN32_JCCPKG_EXPFILE) +WIN64_AMD_ICKCPKG_EXPFILE = $(WIN32_ICKCPKG_EXPFILE) WIN64_AMD_ICCAUX_EXPFILE = $(WIN32_ICCAUX_EXPFILE) - -WIN32_VS2013_ICCPKG_EXPFILE = exports/iccstepwin.def -WIN32_VS2013_JCCPKG_EXPFILE = exports/jccstepwin.def -WIN32_VS2013_ICCAUX_EXPFILE = exports/iccauxwin.def +WIN32_VS2013_ICCPKG_EXPFILE = $(WIN32_ICCPKG_EXPFILE) +WIN32_VS2013_JCCPKG_EXPFILE = $(WIN32_JCCPKG_EXPFILE) +WIN32_VS2013_ICKCPKG_EXPFILE = $(WIN32_ICKCPKG_EXPFILE) +WIN32_VS2013_ICCAUX_EXPFILE = $(WIN32_ICCAUX_EXPFILE) WIN32_VS2022_ICCPKG_EXPFILE = $(WIN32_ICCPKG_EXPFILE) WIN32_VS2022_JCCPKG_EXPFILE = $(WIN32_JCCPKG_EXPFILE) +WIN32_VS2022_ICKCPKG_EXPFILE = $(WIN32_ICKCPKG_EXPFILE) WIN32_VS2022_ICCAUX_EXPFILE = $(WIN32_ICCAUX_EXPFILE) WIN64_AMD_VS2013_ICCPKG_EXPFILE = $(WIN32_ICCPKG_EXPFILE) WIN64_AMD_VS2013_JCCPKG_EXPFILE = $(WIN32_JCCPKG_EXPFILE) +WIN64_AMD_VS2013_ICKCPKG_EXPFILE = $(WIN32_ICKCPKG_EXPFILE) WIN64_AMD_VS2013_ICCAUX_EXPFILE = $(WIN32_ICCAUX_EXPFILE) WIN64_VS2022_ICCPKG_EXPFILE = $(WIN32_ICCPKG_EXPFILE) WIN64_VS2022_JCCPKG_EXPFILE = $(WIN32_JCCPKG_EXPFILE) +WIN64_VS2022_ICKCPKG_EXPFILE = $(WIN32_ICKCPKG_EXPFILE) WIN64_VS2022_ICCAUX_EXPFILE = $(WIN32_ICCAUX_EXPFILE) -LINUX_ICCPKG_EXPFILE = exports/iccsteplinux.exp -LINUX_JCCPKG_EXPFILE = exports/jccsteplinux.exp -LINUX_ICCAUX_EXPFILE = exports/iccauxlinux.exp - - -AMD64_LINUX_ICCPKG_EXPFILE = $(LINUX_ICCPKG_EXPFILE) -AMD64_LINUX_JCCPKG_EXPFILE = $(LINUX_JCCPKG_EXPFILE) -AMD64_LINUX_ICCAUX_EXPFILE = $(LINUX_ICCAUX_EXPFILE) - - -ARM_LINUX_ICCPKG_EXPFILE = $(LINUX_ICCPKG_EXPFILE) -ARM_LINUX_JCCPKG_EXPFILE = $(LINUX_JCCPKG_EXPFILE) -ARM_LINUX_ICCAUX_EXPFILE = $(LINUX_ICCAUX_EXPFILE) - - -ARM64_LINUX_ICCPKG_EXPFILE = $(LINUX_ICCPKG_EXPFILE) -ARM64_LINUX_JCCPKG_EXPFILE = $(LINUX_JCCPKG_EXPFILE) -ARM64_LINUX_ICCAUX_EXPFILE = $(LINUX_ICCAUX_EXPFILE) - - -PPC_LINUX_ICCPKG_EXPFILE = $(LINUX_ICCPKG_EXPFILE) -PPC_LINUX_JCCPKG_EXPFILE = $(LINUX_JCCPKG_EXPFILE) -PPC_LINUX_ICCAUX_EXPFILE = $(LINUX_ICCAUX_EXPFILE) - - -PPC64_LINUX_ICCPKG_EXPFILE = $(LINUX_ICCPKG_EXPFILE) -PPC64_LINUX_JCCPKG_EXPFILE = $(LINUX_JCCPKG_EXPFILE) -PPC64_LINUX_ICCAUX_EXPFILE = $(LINUX_ICCAUX_EXPFILE) - - -PPC64LE_LINUX_ICCPKG_EXPFILE = $(LINUX_ICCPKG_EXPFILE) -PPC64LE_LINUX_JCCPKG_EXPFILE = $(LINUX_JCCPKG_EXPFILE) -PPC64LE_LINUX_ICCAUX_EXPFILE = $(LINUX_ICCAUX_EXPFILE) - - -IA64_LINUX_ICCPKG_EXPFILE = $(LINUX_ICCPKG_EXPFILE) -IA64_LINUX_JCCPKG_EXPFILE = $(LINUX_JCCPKG_EXPFILE) -IA64_LINUX_ICCAUX_EXPFILE = $(LINUX_ICCAUX_EXPFILE) - - -S390_LINUX_ICCPKG_EXPFILE = $(LINUX_ICCPKG_EXPFILE) -S390_LINUX_JCCPKG_EXPFILE = $(LINUX_JCCPKG_EXPFILE) -S390_LINUX_ICCAUX_EXPFILE = $(LINUX_ICCAUX_EXPFILE) - - -S390X_LINUX_ICCPKG_EXPFILE = $(LINUX_ICCPKG_EXPFILE) -S390X_LINUX_JCCPKG_EXPFILE = $(LINUX_JCCPKG_EXPFILE) -S390X_LINUX_ICCAUX_EXPFILE = $(LINUX_ICCAUX_EXPFILE) - - -# OSX Components -# Partial build here so these don't need to be complete - -OSX_X86_ICCPKG_EXPFILE = $(LINUX_ICCPKG_EXPFILE) -OSX_X86_JCCPKG_EXPFILE = $(LINUX_JCCPKG_EXPFILE) - - -OSX_X86_64_ICCPKG_EXPFILE = $(LINUX_ICCPKG_EXPFILE) -OSX_X86_64_JCCPKG_EXPFILE = $(LINUX_JCCPKG_EXPFILE) - ZOS_ICCPKG_EXPFILE = exports/iccstepZOS.h ZOS_JCCPKG_EXPFILE = exports/jccstepZOS.h +ZOS_ICKCPKG_EXPFILE = exports/ickcZOS.h ZOS_ICCAUX_EXPFILE = exports/iccauxZOS.h +ZOSA_ICCPKG_EXPFILE = $(ZOS_ICCPKG_EXPFILE) +ZOSA_JCCPKG_EXPFILE = $(ZOS_JCCPKG_EXPFILE) +ZOSA_ICKCPKG_EXPFILE = $(ZOS_ICKCPKG_EXPFILE) +ZOSA_ICCAUX_EXPFILE = $(ZOS_ICCAUX_EXPFILE) -ZOSA_ICCPKG_EXPFILE = exports/iccstepZOS.h -ZOSA_JCCPKG_EXPFILE = exports/jccstepZOS.h -ZOSA_ICCAUX_EXPFILE = exports/iccauxZOS.h - -ZOS31_ICCPKG_EXPFILE = exports/iccstepZOS.h -ZOS31_JCCPKG_EXPFILE = exports/jccstepZOS.h -ZOS31_ICCAUX_EXPFILE = exports/iccauxZOS.h - -ZOSA31_ICCPKG_EXPFILE = exports/iccstepZOS.h -ZOSA31_JCCPKG_EXPFILE = exports/jccstepZOS.h -ZOSA31_ICCAUX_EXPFILE = exports/iccauxZOS.h - +ZOS31_ICCPKG_EXPFILE = $(ZOS_ICCPKG_EXPFILE) +ZOS31_JCCPKG_EXPFILE = $(ZOS_JCCPKG_EXPFILE) +ZOS31_ICKCPKG_EXPFILE = $(ZOS_ICKCPKG_EXPFILE) +ZOS31_ICCAUX_EXPFILE = $(ZOS_ICCAUX_EXPFILE) +ZOSA31_ICCPKG_EXPFILE = $(ZOS_ICCPKG_EXPFILE) +ZOSA31_JCCPKG_EXPFILE = $(ZOS_JCCPKG_EXPFILE) +ZOSA31_ICKCPKG_EXPFILE = $(ZOS_ICKCPKG_EXPFILE) +ZOSA31_ICCAUX_EXPFILE = $(ZOS_ICCAUX_EXPFILE) -OS400X_ICCPKG_EXPFILE = exports/iccstepOS400.exp -OS400X_JCCPKG_EXPFILE = exports/jccstepOS400.exp -OS400X_ICCAUX_EXPFILE = exports/iccauxOS400.exp - +#OS400X_ICCPKG_EXPFILE = exports/iccstepOS400.exp +#OS400X_JCCPKG_EXPFILE = exports/jccstepOS400.exp +#OS400X_ICCAUX_EXPFILE = exports/iccauxOS400.exp OSX_FAT4_EXPORT_FLAG = -exported_symbols_list OSX_FAT4_ICCPKG_EXPFILE = exports/iccstepOSX.def @@ -121,67 +76,71 @@ OSX_FAT4_ICCAUX_EXPFILE = exports/iccauxOSX.def OSXV9_EXPORT_FLAG = -exported_symbols_list OSXV9_ICCPKG_EXPFILE = exports/iccstepOSX.def OSXV9_JCCPKG_EXPFILE = exports/jccstepOSX.def +OSXV9_ICKCPKG_EXPFILE = exports/ickcstepOSX.def OSXV9_ICCAUX_EXPFILE = exports/iccauxOSX.def OSX_ARM64_EXPORT_FLAG = -exported_symbols_list OSX_ARM64_ICCPKG_EXPFILE = exports/iccstepOSX.def OSX_ARM64_JCCPKG_EXPFILE = exports/jccstepOSX.def +OSX_ARM64_ICKCPKG_EXPFILE = exports/ickcstepOSX.def OSX_ARM64_ICCAUX_EXPFILE = exports/iccauxOSX.def AIX_ICCPKG_EXPFILE = exports/iccstepaix4.exp AIX_JCCPKG_EXPFILE = exports/jccstepaix4.exp +AIX_ICKCPKG_EXPFILE = exports/ickcstepaix4.exp AIX_ICCAUX_EXPFILE = exports/iccauxaix4.exp - AIX64_ICCPKG_EXPFILE = $(AIX_ICCPKG_EXPFILE) AIX64_JCCPKG_EXPFILE = $(AIX_JCCPKG_EXPFILE) +AIX64_ICKCPKG_EXPFILE = $(AIX_ICKCPKG_EXPFILE) AIX64_ICCAUX_EXPFILE = $(AIX_ICCAUX_EXPFILE) SUN_ICCPKG_EXPFILE = exports/iccstepsun64.exp SUN_JCCPKG_EXPFILE = exports/jccstepsun64.exp +SUN_ICKCPKG_EXPFILE = exports/ickcstepsun64.exp SUN_ICCAUX_EXPFILE = exports/iccauxsun64.exp - SUN64_ICCPKG_EXPFILE = $(SUN_ICCPKG_EXPFILE) SUN64_JCCPKG_EXPFILE = $(SUN_JCCPKG_EXPFILE) +SUN64_ICKCPKG_EXPFILE = $(SUN_ICKCPKG_EXPFILE) SUN64_ICCAUX_EXPFILE = $(SUN_ICCAUX_EXPFILE) - SUN_AMD64_ICCPKG_EXPFILE = $(SUN_ICCPKG_EXPFILE) SUN_AMD64_JCCPKG_EXPFILE = $(SUN_JCCPKG_EXPFILE) +SUN_AMD64_ICKCPKG_EXPFILE = $(SUN_ICKCPKG_EXPFILE) SUN_AMD64_ICCAUX_EXPFILE = $(SUN_ICCAUX_EXPFILE) - SUN_X86_ICCPKG_EXPFILE = $(SUN_ICCPKG_EXPFILE) SUN_X86_JCCPKG_EXPFILE = $(SUN_JCCPKG_EXPFILE) +SUN_X86_ICKCPKG_EXPFILE = $(SUN_ICKCPKG_EXPFILE) SUN_X86_ICCAUX_EXPFILE = $(SUN_ICCAUX_EXPFILE) - - HPUX_ICCPKG_EXPFILE = exports/iccstephpux.exp HPUX_JCCPKG_EXPFILE = exports/jccstephpux.exp +HPUX_ICKCPKG_EXPFILE = exports/ickcstephpux.exp HPUX_ICCAUX_EXPFILE = exports/iccauxhpux.exp - HPUX64_ICCPKG_EXPFILE = $(HPUX_ICCPKG_EXPFILE) HPUX64_JCCPKG_EXPFILE = $(HPUX_JCCPKG_EXPFILE) +HPUX64_ICKCPKG_EXPFILE = $(HPUX_ICKCPKG_EXPFILE) HPUX64_ICCAUX_EXPFILE = $(HPUX_ICCAUX_EXPFILE) - IA64_HPUX_ICCPKG_EXPFILE = $(HPUX_ICCPKG_EXPFILE) IA64_HPUX_JCCPKG_EXPFILE = $(HPUX_JCCPKG_EXPFILE) +IA64_HPUX_ICKCPKG_EXPFILE = $(HPUX_ICKCPKG_EXPFILE) IA64_HPUX_ICCAUX_EXPFILE = $(HPUX_ICCAUX_EXPFILE) - IA64_HPUX64_ICCPKG_EXPFILE = $(HPUX_ICCPKG_EXPFILE) IA64_HPUX64_JCCPKG_EXPFILE = $(HPUX_JCCPKG_EXPFILE) +IA64_HPUX64_ICKCPKG_EXPFILE = $(HPUX_ICKCPKG_EXPFILE) IA64_HPUX64_ICCAUX_EXPFILE = $(HPUX_ICCAUX_EXPFILE) ICCPKG_EXPFILE = $($(OPSYS)_ICCPKG_EXPFILE) JCCPKG_EXPFILE = $($(OPSYS)_JCCPKG_EXPFILE) +ICKCPKG_EXPFILE = $($(OPSYS)_ICKCPKG_EXPFILE) ICCAUX_EXPFILE = $($(OPSYS)_ICCAUX_EXPFILE) diff --git a/iccpkg/mystdint.h b/iccpkg/mystdint.h new file mode 100644 index 0000000..21716ed --- /dev/null +++ b/iccpkg/mystdint.h @@ -0,0 +1,44 @@ +#if defined(_WIN32) +typedef __int8 int8_t; +typedef unsigned __int8 uint8_t; +typedef __int16 int16_t; +typedef unsigned __int16 uint16_t; +typedef __int32 int32_t; +typedef unsigned __int32 uint32_t; +typedef __int64 int64_t; +typedef unsigned __int64 uint64_t; +#define INT8_MIN (-127i8 - 1) +#define INT16_MIN (-32767i16 - 1) +#define INT32_MIN (-2147483647i32 - 1) +#define INT64_MIN (-9223372036854775807i64 - 1) +#define INT8_MAX 127i8 +#define INT16_MAX 32767i16 +#define INT32_MAX 2147483647i32 +#define INT64_MAX 9223372036854775807i64 +#define UINT8_MAX 0xffui8 +#define UINT16_MAX 0xffffui16 +#define UINT32_MAX 0xffffffffui32 +#define UINT64_MAX 0xffffffffffffffffui64 + +#define INT8_C(x) (x) +#define INT16_C(x) (x) +#define INT32_C(x) (x) +#define INT64_C(x) (x ## LL) + +#define UINT8_C(x) (x) +#define UINT16_C(x) (x) +#define UINT32_C(x) (x ## U) +#define UINT64_C(x) (x ## ULL) +#else +# if defined(__hpux) || defined(__sun) +# include +# endif +# if defined(__hpux) +# include +# endif +# if !defined(__sun) +# include +# else +# include +# endif +#endif diff --git a/iccpkg/name_cache.c b/iccpkg/name_cache.c index e1297b9..10cc8c2 100644 --- a/iccpkg/name_cache.c +++ b/iccpkg/name_cache.c @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License").  You may not use -// this file except in compliance with the License.  You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ @@ -90,13 +90,16 @@ static void init_caches(WICC_CTX *wctx) +#undef ICC_EVP_get_digestbyname #if defined(JGSK_WRAP) -#undef JCC_EVP_get_digestbyname const ICC_EVP_MD * JCC_EVP_get_digestbyname(ICC_CTX *ctx, const char *name) #else -#undef ICC_EVP_get_digestbyname +#if defined(ICKC_WRAP) +const ICC_EVP_MD* ICKC_EVP_get_digestbyname(ICC_CTX* ctx, const char* name) +#else const ICC_EVP_MD * ICC_EVP_get_digestbyname(ICC_CTX *ctx, const char *name) #endif +#endif { WICC_CTX *wctx = (WICC_CTX *)ctx; const ICC_EVP_MD *rv = NULL; @@ -129,13 +132,16 @@ const ICC_EVP_MD * ICC_EVP_get_digestbyname(ICC_CTX *ctx, const char *name) } +#undef ICC_EVP_get_cipherbyname #if defined(JGSK_WRAP) -#undef JCC_EVP_get_cipherbyname const ICC_EVP_CIPHER *JCC_EVP_get_cipherbyname(ICC_CTX *ctx, const char *name) #else -#undef ICC_EVP_get_cipherbyname +#if defined(ICKC_WRAP) +const ICC_EVP_CIPHER* ICKC_EVP_get_cipherbyname(ICC_CTX* ctx, const char* name) +#else const ICC_EVP_CIPHER *ICC_EVP_get_cipherbyname(ICC_CTX *ctx, const char *name) #endif +#endif { WICC_CTX *wctx = (WICC_CTX *)ctx; const ICC_EVP_CIPHER *rv = NULL; diff --git a/iccpkg/platforms/AIX64_.mk b/iccpkg/platforms/AIX64_.mk index ee310a2..6afb04e 100644 --- a/iccpkg/platforms/AIX64_.mk +++ b/iccpkg/platforms/AIX64_.mk @@ -1,2 +1,75 @@ -include platforms/UNIX64.mk +# Filenames should come from iccpkg/gsk_crypto.mk +# GSKit8/9 +$(AUXLIB_B)$(SHLSUFX): $(GSK_SDK) $(GSK_DIR) icc_aux$(OBJSUFX) + $(SLD) $(SLDFLAGS) icc_aux$(OBJSUFX) $(LDLIBS) + $(CP) $@ $(GSK_SDK)/$@.unstripped + $(STRIP) $@ + $(CP) $@ $(GSK_SDK)/ + +$(GSK_LIBNAME): $(GSK_SDK) $(GSK_DIR) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) + $(SLD) $(SLDFLAGS) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) $(EXPORT_FLAG)$(ICCPKG_EXPFILE) \ + $(LDLIBS) + $(CP) $@ $(GSK_SDK)/$@.unstripped + $(STRIP) $@ + $(CP) $@ $(GSK_DIR)/ + +ifneq ($(strip $(MUPPET)),) +# ar x not working on AIX64 for some reason +# will need to link $(MUPPET) in icctest_s +#OLD_ICC_OBJ=icc$(OBJSUFX) +#OLD_ICC_OBJ_AR=$(AR) t $(MUPPET) ; $(AR) x $(MUPPET) $(OLD_ICC_OBJ) +#OLD_ICC_OBJ_CLEAN=$(RM) $(OLD_ICC_OBJ) +OLD_ICC_OBJ= +OLD_ICC_OBJ_AR= +OLD_ICC_OBJ_CLEAN= +endif + +# Static lib +$(GSK_LIB_STATIC): $(GSK_SDK)/static gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) + echo static lib + $(OLD_ICC_OBJ_AR) + $(AR) $(ARFLAGS) \ + gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(ICC_ROOT)/icc/$(MYICC)$(OBJSUFX) $(OLD_ICC_OBJ)\ + $(STKPK11) $(addprefix $(ICC_ROOT)/icc/,$(ZLIB_OBJ)) + $(OLD_ICC_OBJ_CLEAN) + $(CP) $(MUPPET) $(GSK_SDK)/static + +# Java +$(JGSK_LIBNAME): $(JGSK_SDK)/debug $(JGSK_DIR) jgsk_wrap2$(OBJSUFX) jexp$(OBJSUFX) \ + $(JTIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(ZLIB_LIB) + $(SLD) $(SLDFLAGS) jgsk_wrap2$(OBJSUFX) jexp$(OBJSUFX) \ + $(JTIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(ZLIB_LIB) $(EXPORT_FLAG)$(JCCPKG_EXPFILE) \ + $(LDLIBS) + $(CP) $@ $(JGSK_SDK)/debug/$@.unstripped + $(STRIP) $@ + $(CP) $@ $(JGSK_DIR)/ + +# ICKC +$(ICKC_LIBNAME): $(ICKC_SDK)/debug $(ICKC_DIR) ickc_wrap2$(OBJSUFX) \ + $(ICKCTIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(ZLIB_LIB) + $(SLD) $(SLDFLAGS) ickc_wrap2$(OBJSUFX) \ + $(ICKCTIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(ZLIB_LIB) $(EXPORT_FLAG)$(ICKCPKG_EXPFILE) \ + $(LDLIBS) + $(CP) $@ $(ICKC_SDK)/debug/$@.unstripped + $(STRIP) $@ + $(CP) $@ $(ICKC_DIR)/ + +cache_test$(EXESUFX): cache_test$(OBJSUFX) exp$(OBJSUFX) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) + $(LD) cache_test$(OBJSUFX) exp$(OBJSUFX) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) \ + $(LDLIBS) $(OUT) $@ diff --git a/iccpkg/platforms/AIX_.mk b/iccpkg/platforms/AIX_.mk index 7560518..78757f1 100644 --- a/iccpkg/platforms/AIX_.mk +++ b/iccpkg/platforms/AIX_.mk @@ -1 +1 @@ -include platforms/UNIX32.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/AMD64_LINUX_.mk b/iccpkg/platforms/AMD64_LINUX_.mk index 84f847a..78757f1 100644 --- a/iccpkg/platforms/AMD64_LINUX_.mk +++ b/iccpkg/platforms/AMD64_LINUX_.mk @@ -1 +1 @@ -include platforms/UNIX64.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/ARM64_LINUX_.mk b/iccpkg/platforms/ARM64_LINUX_.mk index 84f847a..78757f1 100644 --- a/iccpkg/platforms/ARM64_LINUX_.mk +++ b/iccpkg/platforms/ARM64_LINUX_.mk @@ -1 +1 @@ -include platforms/UNIX64.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/ARM_LINUX_.mk b/iccpkg/platforms/ARM_LINUX_.mk index 7560518..78757f1 100644 --- a/iccpkg/platforms/ARM_LINUX_.mk +++ b/iccpkg/platforms/ARM_LINUX_.mk @@ -1 +1 @@ -include platforms/UNIX32.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/HPUX64_.mk b/iccpkg/platforms/HPUX64_.mk index 6edc553..78757f1 100644 --- a/iccpkg/platforms/HPUX64_.mk +++ b/iccpkg/platforms/HPUX64_.mk @@ -1,40 +1 @@ -# GSkit8 - -$(AUXLIB_B).sl: icc_aux$(OBJSUFX) - $(SLD) $(SLDFLAGS) icc_aux$(OBJSUFX) $(LDLIBS) - -$(CP) $@ $(GSK_SDK)/$@.unstripped - $(STRIP) $@ - -$(CP) $@ $(GSK_SDK)/$@ - -$(GSKLIB_B)_64.sl: gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ - $(TIMER_OBJS) \ - $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) - $(SLD) $(SLDFLAGS) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ - $(TIMER_OBJS) $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) $(EXPORT_FLAG)$(ICCPKG_EXPFILE) \ - $(LDLIBS) - -$(CP) $@ $(GSK_DIR)/$@.unstripped - $(STRIP) $@ - -#Java - -$(JGSKLIB_B)_64.sl: jgsk_wrap2$(OBJSUFX) $(EX_OBJS) \ - $(JTIMER_OBJS) \ - $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(ZLIB_LIB) - $(SLD) $(SLDFLAGS) jgsk_wrap2$(OBJSUFX) $(EX_OBJS) \ - $(JTIMER_OBJS) $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(ZLIB_LIB) $(EXPORT_FLAG)$(JCCPKG_EXPFILE) \ - $(LDLIBS) - -$(MKDIR) $(JGSK_SDK)/debug - -$(CP) $@ $(JGSK_SDK)/debug/$@.unstripped - $(STRIP) $@ - -cache_test$(EXESUFX): cache_test$(OBJSUFX) exp$(OBJSUFX) \ - $(TIMER_OBJS) $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) - $(LD) cache_test$(OBJSUFX) exp$(OBJSUFX) \ - $(TIMER_OBJS) $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) \ - $(LDLIBS) $(OUT) $@ \ No newline at end of file +include platforms/UNIX.mk diff --git a/iccpkg/platforms/HPUX_.mk b/iccpkg/platforms/HPUX_.mk index 83a0f6a..78757f1 100644 --- a/iccpkg/platforms/HPUX_.mk +++ b/iccpkg/platforms/HPUX_.mk @@ -1,44 +1 @@ -# GSkit8 - -$(AUXLIB_B).sl: icc_aux$(OBJSUFX) - $(SLD) $(SLDFLAGS) icc_aux$(OBJSUFX) $(LDLIBS) - -$(CP) $@ $(GSK_SDK)/$@.unstripped - $(STRIP) $@ - -$(CP) $@ $(GSK_SDK)/$@ - - -$(GSKLIB_B).sl: gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ - $(TIMER_OBJS) \ - $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) - $(SLD) $(SLDFLAGS) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ - $(TIMER_OBJS) \ - $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) $(EXPORT_FLAG)$(ICCPKG_EXPFILE) \ - $(LDLIBS) - -$(CP) $@ $(GSK_DIR)/$@.unstripped - $(STRIP) $@ - -#Java - - -$(JGSKLIB_B).sl: jgsk_wrap2$(OBJSUFX) jexp$(OBJSUFX) \ - $(JTIMER_OBJS) \ - $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(ZLIB_LIB) - $(SLD) $(SLDFLAGS) jgsk_wrap2$(OBJSUFX) jexp$(OBJSUFX) \ - $(JTIMER_OBJS) \ - $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(ZLIB_LIB) $(EXPORT_FLAG)$(JCCPKG_EXPFILE) \ - $(LDLIBS) - -$(MKDIR) $(JGSK_SDK)/debug - -$(CP) $@ $(JGSK_SDK)/debug/$@.unstripped - $(STRIP) $@ - -cache_test$(EXESUFX): cache_test$(OBJSUFX) exp$(OBJSUFX) \ - $(TIMER_OBJS) $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) - $(LD) cache_test$(OBJSUFX) exp$(OBJSUFX) \ - $(TIMER_OBJS) $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) \ - $(LDLIBS) $(OUT) $@ \ No newline at end of file +include platforms/UNIX.mk diff --git a/iccpkg/platforms/IA64_HPUX64_.mk b/iccpkg/platforms/IA64_HPUX64_.mk index ee310a2..81fa935 100644 --- a/iccpkg/platforms/IA64_HPUX64_.mk +++ b/iccpkg/platforms/IA64_HPUX64_.mk @@ -1,2 +1,2 @@ -include platforms/UNIX64.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/IA64_HPUX_.mk b/iccpkg/platforms/IA64_HPUX_.mk index 684a071..81fa935 100644 --- a/iccpkg/platforms/IA64_HPUX_.mk +++ b/iccpkg/platforms/IA64_HPUX_.mk @@ -1,2 +1,2 @@ -include platforms/UNIX32.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/IA64_LINUX_.mk b/iccpkg/platforms/IA64_LINUX_.mk index 84f847a..78757f1 100644 --- a/iccpkg/platforms/IA64_LINUX_.mk +++ b/iccpkg/platforms/IA64_LINUX_.mk @@ -1 +1 @@ -include platforms/UNIX64.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/LINUX_.mk b/iccpkg/platforms/LINUX_.mk index 7560518..78757f1 100644 --- a/iccpkg/platforms/LINUX_.mk +++ b/iccpkg/platforms/LINUX_.mk @@ -1 +1 @@ -include platforms/UNIX32.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/OSX_ARM64_.mk b/iccpkg/platforms/OSX_ARM64_.mk index cc13326..78757f1 100644 --- a/iccpkg/platforms/OSX_ARM64_.mk +++ b/iccpkg/platforms/OSX_ARM64_.mk @@ -1,41 +1 @@ -# GSkit8 - -$(AUXLIB_B).dylib: icc_aux$(OBJSUFX) $(GSK_LIB) - $(SLD) $(SLDFLAGS) icc_aux$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) - -$(CP) $@ $(GSK_SDK)/$@.unstripped - $(STRIP) $@ - -$(CP) $@ $(GSK_SDK)/$@ - -$(GSKLIB_B).dylib: gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ - $(TIMER_OBJS) \ - $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) - $(SLD) $(SLDFLAGS) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ - $(TIMER_OBJS) $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) $(EXPORT_FLAG)$(ICCPKG_EXPFILE) \ - $(LDLIBS) - -$(CP) $@ $(GSK_DIR)/$@.unstripped - $(STRIP) $@ - -#Java - -$(JGSKLIB_B).dylib: jgsk_wrap2$(OBJSUFX) jexp$(OBJSUFX) \ - $(JTIMER_OBJS) \ - $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(ZLIB_LIB) - $(SLD) $(SLDFLAGS) jgsk_wrap2$(OBJSUFX) jexp$(OBJSUFX) \ - $(JTIMER_OBJS) $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(ZLIB_LIB) $(EXPORT_FLAG)$(JCCPKG_EXPFILE) \ - $(LDLIBS) - -$(MKDIR) $(JGSK_SDK)/debug - -$(CP) $@ $(JGSK_SDK)/debug/$@.unstripped - $(STRIP) $@ - -cache_test$(EXESUFX): cache_test$(OBJSUFX) exp$(OBJSUFX) \ - $(TIMER_OBJS) $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) - $(LD) cache_test$(OBJSUFX) exp$(OBJSUFX) \ - $(TIMER_OBJS) $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) \ - $(LDLIBS) $(OUT) $@ - +include platforms/UNIX.mk diff --git a/iccpkg/platforms/PPC64LE_LINUX_.mk b/iccpkg/platforms/PPC64LE_LINUX_.mk index 84f847a..78757f1 100644 --- a/iccpkg/platforms/PPC64LE_LINUX_.mk +++ b/iccpkg/platforms/PPC64LE_LINUX_.mk @@ -1 +1 @@ -include platforms/UNIX64.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/PPC64_LINUX_.mk b/iccpkg/platforms/PPC64_LINUX_.mk index ee310a2..81fa935 100644 --- a/iccpkg/platforms/PPC64_LINUX_.mk +++ b/iccpkg/platforms/PPC64_LINUX_.mk @@ -1,2 +1,2 @@ -include platforms/UNIX64.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/PPC_LINUX_.mk b/iccpkg/platforms/PPC_LINUX_.mk index 684a071..81fa935 100644 --- a/iccpkg/platforms/PPC_LINUX_.mk +++ b/iccpkg/platforms/PPC_LINUX_.mk @@ -1,2 +1,2 @@ -include platforms/UNIX32.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/S390X_LINUX_.mk b/iccpkg/platforms/S390X_LINUX_.mk index 84f847a..78757f1 100644 --- a/iccpkg/platforms/S390X_LINUX_.mk +++ b/iccpkg/platforms/S390X_LINUX_.mk @@ -1 +1 @@ -include platforms/UNIX64.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/S390_LINUX_.mk b/iccpkg/platforms/S390_LINUX_.mk index 684a071..81fa935 100644 --- a/iccpkg/platforms/S390_LINUX_.mk +++ b/iccpkg/platforms/S390_LINUX_.mk @@ -1,2 +1,2 @@ -include platforms/UNIX32.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/SUN64_.mk b/iccpkg/platforms/SUN64_.mk index ee310a2..81fa935 100644 --- a/iccpkg/platforms/SUN64_.mk +++ b/iccpkg/platforms/SUN64_.mk @@ -1,2 +1,2 @@ -include platforms/UNIX64.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/SUN_.mk b/iccpkg/platforms/SUN_.mk index 7560518..78757f1 100644 --- a/iccpkg/platforms/SUN_.mk +++ b/iccpkg/platforms/SUN_.mk @@ -1 +1 @@ -include platforms/UNIX32.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/SUN_AMD64_.mk b/iccpkg/platforms/SUN_AMD64_.mk index 84f847a..78757f1 100644 --- a/iccpkg/platforms/SUN_AMD64_.mk +++ b/iccpkg/platforms/SUN_AMD64_.mk @@ -1 +1 @@ -include platforms/UNIX64.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/SUN_X86_.mk b/iccpkg/platforms/SUN_X86_.mk index 684a071..81fa935 100644 --- a/iccpkg/platforms/SUN_X86_.mk +++ b/iccpkg/platforms/SUN_X86_.mk @@ -1,2 +1,2 @@ -include platforms/UNIX32.mk +include platforms/UNIX.mk diff --git a/iccpkg/platforms/UNIX.mk b/iccpkg/platforms/UNIX.mk new file mode 100644 index 0000000..426d384 --- /dev/null +++ b/iccpkg/platforms/UNIX.mk @@ -0,0 +1,69 @@ +# Filenames should come from iccpkg/gsk_crypto.mk +# GSKit8/9 + +$(AUXLIB_B)$(SHLSUFX): $(GSK_SDK) $(GSK_DIR) icc_aux$(OBJSUFX) + $(SLD) $(SLDFLAGS) icc_aux$(OBJSUFX) $(LDLIBS) + $(CP) $@ $(GSK_SDK)/$@.unstripped + $(STRIP) $@ + $(CP) $@ $(GSK_SDK)/ + +$(GSK_LIBNAME): $(GSK_SDK) $(GSK_DIR) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) + $(SLD) $(SLDFLAGS) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) $(EXPORT_FLAG)$(ICCPKG_EXPFILE) \ + $(LDLIBS) + $(CP) $@ $(GSK_SDK)/$@.unstripped + $(STRIP) $@ + $(CP) $@ $(GSK_DIR)/ + +ifneq ($(strip $(MUPPET)),) +OLD_ICC_OBJ=icc$(OBJSUFX) +OLD_ICC_OBJ_AR=$(AR) t $(MUPPET) ; $(AR) x $(MUPPET) $(OLD_ICC_OBJ) +OLD_ICC_OBJ_CLEAN=$(RM) $(OLD_ICC_OBJ) +endif + +# Static lib +$(GSK_LIB_STATIC): $(GSK_SDK)/static gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) + echo static lib + $(OLD_ICC_OBJ_AR) + $(AR) $(ARFLAGS) \ + gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(ICC_ROOT)/icc/$(MYICC)$(OBJSUFX) $(OLD_ICC_OBJ)\ + $(STKPK11) $(addprefix $(ICC_ROOT)/icc/,$(ZLIB_OBJ)) + $(OLD_ICC_OBJ_CLEAN) + +# Java +$(JGSK_LIBNAME): $(JGSK_SDK)/debug $(JGSK_DIR) jgsk_wrap2$(OBJSUFX) $(JEX_OBJS) \ + $(JTIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(ZLIB_LIB) + $(SLD) $(SLDFLAGS) jgsk_wrap2$(OBJSUFX) $(JEX_OBJS) \ + $(JTIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(ZLIB_LIB) $(EXPORT_FLAG)$(JCCPKG_EXPFILE) \ + $(LDLIBS) + $(CP) $@ $(JGSK_SDK)/debug/$@.unstripped + $(STRIP) $@ + $(CP) $@ $(JGSK_DIR)/ + +# ICKC +$(ICKC_LIBNAME): $(ICKC_SDK)/debug $(ICKC_DIR) ickc_wrap2$(OBJSUFX) \ + $(ICKCTIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(ZLIB_LIB) + $(SLD) $(SLDFLAGS) ickc_wrap2$(OBJSUFX) \ + $(ICKCTIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(ZLIB_LIB) $(EXPORT_FLAG)$(ICKCPKG_EXPFILE) \ + $(LDLIBS) + $(CP) $@ $(ICKC_SDK)/debug/$@.unstripped + $(STRIP) $@ + $(CP) $@ $(ICKC_DIR)/ + +cache_test$(EXESUFX): cache_test$(OBJSUFX) exp$(OBJSUFX) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) + $(LD) cache_test$(OBJSUFX) exp$(OBJSUFX) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) \ + $(LDLIBS) $(OUT) $@ diff --git a/iccpkg/platforms/WIN32_.mk b/iccpkg/platforms/WIN32_.mk index 78e0307..c8c5169 100644 --- a/iccpkg/platforms/WIN32_.mk +++ b/iccpkg/platforms/WIN32_.mk @@ -5,9 +5,8 @@ $(AUXLIB_B).dll: icc_aux$(OBJSUFX) $(ICCPKG_LIBS) $(SLD) $(SLDFLAGS) -DEBUG -PDB:$(AUXLIB_B).pdb $(EXPORT_FLAG)$(ICCAUX_EXPFILE) icc_aux$(OBJSUFX) \ $(ICCPKG_LIBS) $(LDLIBS) - -$(MT) -manifest $@.manifest -outputresource:$@\;2 - -$(CP) *.lib $(GSK_SDK)/ - -$(CP) *.pdb $(GSK_SDK)/ + $(CP) *.lib $(GSK_SDK)/ + $(CP) *.pdb $(GSK_SDK)/ $(STRIP) $@ ( \ if [ -e $(SIGN_COMMAND) ] ; then \ @@ -17,20 +16,17 @@ $(AUXLIB_B).dll: icc_aux$(OBJSUFX) $(ICCPKG_LIBS) echo " $(SIGN_COMMAND) is missing skip signing $@" ;\ fi ;\ ) - -$(CP) $@ $(GSK_SDK)/ + $(CP) $@ $(GSK_SDK)/ -$(GSKLIB_B).dll: gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ - $(TIMER_OBJS) \ - $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ +$(GSK_LIBNAME): $(GSK_SDK) $(GSK_DIR) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ $(STKPK11) $(ZLIB_LIB) icc.res - $(SLD) $(SLDFLAGS) -DEBUG -PDB:$(GSKLIB_B).pdb gsk_wrap2$(OBJSUFX) \ - $(EX_OBJS) $(TIMER_OBJS) \ - $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(SLD) $(SLDFLAGS) -DEBUG -PDB:$(GSKLIB_B).pdb gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ $(STKPK11) $(ZLIB_LIB) $(EXPORT_FLAG)$(ICCPKG_EXPFILE) \ $(LDLIBS) - -$(MT) -manifest $@.manifest -outputresource:$@\;2 - -$(CP) *.lib $(GSK_SDK)/ - -$(CP) *.pdb $(GSK_SDK)/ + $(CP) *.lib $(GSK_SDK)/ + $(CP) *.pdb $(GSK_SDK)/ $(STRIP) $@ ( \ if [ -e $(SIGN_COMMAND) ] ; then \ @@ -41,23 +37,27 @@ $(GSKLIB_B).dll: gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ fi ;\ ) +$(GSK_LIB_STATIC): $(GSK_SDK)/static gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) icc.res + echo static lib + $(AR) $(ARFLAGS) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) + # Java variant +# $(JGSK_LIBNAME) is defined in gsk_crypto.mk -$(JGSKLIB_B).dll: jgsk_wrap2$(OBJSUFX) $(JEX_OBJS) \ - $(JTIMER_OBJS) \ - $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ +$(JGSK_LIBNAME): $(JGSK_SDK)/lib $(JGSK_SDK)/debug jgsk_wrap2$(OBJSUFX) $(JEX_OBJS) \ + $(JTIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ $(ZLIB_LIB) icc.res $(SLD) $(SLDFLAGS) -DEBUG -PDB:$(JGSKLIB_B).pdb jgsk_wrap2$(OBJSUFX) $(JEX_OBJS) \ - $(JTIMER_OBJS) \ - $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(JTIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ $(ZLIB_LIB) $(EXPORT_FLAG)$(JCCPKG_EXPFILE) \ $(LDLIBS) - -$(MT) -manifest $@.manifest -outputresource:$@\;2 - -$(MKDIR) $(JGSK_SDK)/lib - -$(CP) jgsk*.lib $(JGSK_SDK)/lib/ - -$(MKDIR) $(JGSK_SDK)/debug - -$(CP) jgsk*.pdb $(JGSK_SDK)/debug/ - -$(CP) ../package/iccsdk/icclib*.pdb $(JGSK_SDK)/debug/ + $(CP) jgsk*.lib $(JGSK_SDK)/lib/ + $(CP) jgsk*.pdb $(JGSK_SDK)/debug/ + $(CP) $(PACKAGE_DIR)/iccsdk/icclib*.pdb $(JGSK_SDK)/debug/ $(STRIP) $@ ( \ if [ -e $(SIGN_COMMAND) ] ; then \ @@ -68,6 +68,26 @@ $(JGSKLIB_B).dll: jgsk_wrap2$(OBJSUFX) $(JEX_OBJS) \ fi ;\ ) +# ICKC +$(ICKC_LIBNAME): $(ICKC_SDK) ickc_wrap2$(OBJSUFX) \ + $(ICKCTIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(ZLIB_LIB) icc.res + $(SLD) $(SLDFLAGS) -DEBUG -PDB:$(ICKCLIB_B)_64.pdb ickc_wrap2$(OBJSUFX) \ + $(ICKCTIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(ZLIB_LIB) $(EXPORT_FLAG)$(ICKCPKG_EXPFILE) \ + $(LDLIBS) + $(CP) ickc*.lib $(ICKC_SDK)/ + $(CP) ickc*.pdb $(ICKC_SDK)/ + $(CP) $(PACKAGE_DIR)/iccsdk/icclib*.pdb $(ICKC_SDK)/ + $(STRIP) $@ + ( \ + if [ -e $(SIGN_COMMAND) ] ; then \ + echo "Authenticode signing $@" ; \ + $(SIGN_COMMAND) $@ ; \ + else \ + echo " $(SIGN_COMMAND) is missing skip signing $@" ;\ + fi ;\ + ) cache_test$(EXESUFX): cache_test$(OBJSUFX) exp$(OBJSUFX) \ $(TIMER_OBJS) $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ diff --git a/iccpkg/platforms/WIN64_.mk b/iccpkg/platforms/WIN64_.mk index 65ba1a6..adcc620 100644 --- a/iccpkg/platforms/WIN64_.mk +++ b/iccpkg/platforms/WIN64_.mk @@ -2,12 +2,22 @@ # GSkit8 -$(AUXLIB_B).dll: icc_aux$(OBJSUFX) $(ICCPKG_LIBS) - $(SLD) $(SLDFLAGS) -DEBUG -PDB:$(AUXLIB_B).pdb $(EXPORT_FLAG)$(ICCAUX_EXPFILE) icc_aux$(OBJSUFX) \ - $(ICCPKG_LIBS) $(LDLIBS) - -$(MT) -manifest $@.manifest -outputresource:$@\;2 - -$(CP) *.lib $(GSK_SDK)/ - -$(CP) *.pdb $(GSK_SDK)/ +# EX_OBJS TIMER_OBJS comes from the calling Makefile (iccpkg/Makefile) +# IS_FIPS and MUPPET comes from muppet.mk (written by ICCencapsulator in prebuild step) - it is to oiptionally link in OLD_ICC +# STKPK11 comes from the calling Makefile (iccpkg/Makefile) - it is the pkcs11 provider API +# ZLIB_LIB is the external zlib for compression + +# $(GSK_LIBNAME) is defined in gsk_crypto.mk + +$(GSK_LIBNAME): $(GSK_SDK) $(GSK_DIR) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) icc.res + $(SLD) $(SLDFLAGS) -DEBUG -PDB:$(GSKLIB_B)_64.pdb gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) $(EXPORT_FLAG)$(ICCPKG_EXPFILE) \ + $(LDLIBS) + $(CP) *.lib $(GSK_SDK)/ + $(CP) *.pdb $(GSK_SDK)/ $(STRIP) $@ ( \ if [ -e $(SIGN_COMMAND) ] ; then \ @@ -17,21 +27,29 @@ $(AUXLIB_B).dll: icc_aux$(OBJSUFX) $(ICCPKG_LIBS) echo " $(SIGN_COMMAND) is missing skip signing $@" ;\ fi ;\ ) - -$(CP) $@ $(GSK_SDK)/ -$(GSKLIB_B)_64.dll: gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ - $(TIMER_OBJS) \ - $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ +$(GSK_LIB_STATIC): $(GSK_SDK)/static gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ $(STKPK11) $(ZLIB_LIB) icc.res - $(SLD) $(SLDFLAGS) -DEBUG -PDB:$(GSKLIB_B)_64.pdb \ - gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ - $(TIMER_OBJS) \ - $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) $(EXPORT_FLAG)$(ICCPKG_EXPFILE) \ + echo static lib + $(AR) $(ARFLAGS) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) + $(CP) $(GSK_SDK)/$(GSKLIB_B)_64.pdb $(GSK_SDK)/static + +# Java +# $(JGSK_LIBNAME) is defined in gsk_crypto.mk + +$(JGSK_LIBNAME): $(JGSK_SDK)/lib $(JGSK_SDK)/debug jgsk_wrap2$(OBJSUFX) $(JEX_OBJS) \ + $(JTIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(ZLIB_LIB) icc.res + $(SLD) $(SLDFLAGS) -DEBUG -PDB:$(JGSKLIB_B)_64.pdb jgsk_wrap2$(OBJSUFX) $(JEX_OBJS) \ + $(JTIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(ZLIB_LIB) $(EXPORT_FLAG)$(JCCPKG_EXPFILE) \ $(LDLIBS) - -$(MT) -manifest $@.manifest -outputresource:$@\;2 - -$(CP) *.lib $(GSK_SDK)/ - -$(CP) *.pdb $(GSK_SDK)/ + $(CP) jgsk*.lib $(JGSK_SDK)/lib/ + $(CP) jgsk*.pdb $(JGSK_SDK)/debug/ + $(CP) $(PACKAGE_DIR)/iccsdk/icclib*.pdb $(JGSK_SDK)/debug/ $(STRIP) $@ ( \ if [ -e $(SIGN_COMMAND) ] ; then \ @@ -42,24 +60,17 @@ $(GSKLIB_B)_64.dll: gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ fi ;\ ) -# Java - -$(JGSKLIB_B)_64.dll: jgsk_wrap2$(OBJSUFX) $(JEX_OBJS) \ - $(JTIMER_OBJS) \ - $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ +# ICKC +$(ICKC_LIBNAME): $(ICKC_SDK) ickc_wrap2$(OBJSUFX) \ + $(ICKCTIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ $(ZLIB_LIB) icc.res - $(SLD) $(SLDFLAGS) -DEBUG -PDB:$(JGSKLIB_B)_64.pdb \ - jgsk_wrap2$(OBJSUFX) $(JEX_OBJS) \ - $(JTIMER_OBJS) \ - $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(ZLIB_LIB) $(EXPORT_FLAG)$(JCCPKG_EXPFILE) \ + $(SLD) $(SLDFLAGS) -DEBUG -PDB:$(ICKCLIB_B)_64.pdb ickc_wrap2$(OBJSUFX) \ + $(ICKCTIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(ZLIB_LIB) $(EXPORT_FLAG)$(ICKCPKG_EXPFILE) \ $(LDLIBS) - -$(MT) -manifest $@.manifest -outputresource:$@\;2 - -$(MKDIR) $(JGSK_SDK)/lib - -$(CP) jgsk*.lib $(JGSK_SDK)/lib/ - -$(MKDIR) $(JGSK_SDK)/debug - -$(CP) jgsk*.pdb $(JGSK_SDK)/debug/ - -$(CP) ../package/iccsdk/icclib*.pdb $(JGSK_SDK)/debug/ + $(CP) ickc*.lib $(ICKC_SDK)/ + $(CP) ickc*.pdb $(ICKC_SDK)/ + $(CP) $(PACKAGE_DIR)/iccsdk/icclib*.pdb $(ICKC_SDK)/ $(STRIP) $@ ( \ if [ -e $(SIGN_COMMAND) ] ; then \ @@ -71,10 +82,10 @@ $(JGSKLIB_B)_64.dll: jgsk_wrap2$(OBJSUFX) $(JEX_OBJS) \ ) cache_test$(EXESUFX): cache_test$(OBJSUFX) exp$(OBJSUFX) \ - $(TIMER_OBJS) $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ $(STKPK11) $(ZLIB_LIB) $(LD) cache_test$(OBJSUFX) exp$(OBJSUFX) \ - $(TIMER_OBJS) $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ $(STKPK11) $(ZLIB_LIB) \ $(LDLIBS) $(OUT) $@ \ No newline at end of file diff --git a/iccpkg/platforms/ZOS31_.mk b/iccpkg/platforms/ZOS31_.mk index 1135774..f311e2a 100644 --- a/iccpkg/platforms/ZOS31_.mk +++ b/iccpkg/platforms/ZOS31_.mk @@ -1,35 +1,76 @@ -$(AUXLIB_B).so: icc_aux$(OBJSUFX) +# Ref ZOS_.mk if there is a FIPS module (MUPPET) +# ZICCOBJ = ../icc/$(MYICC)$(OBJSUFX) + +$(AUXLIB_B)$(SHLSUFX): icc_aux$(OBJSUFX) $(SLD) $(SLDFLAGS) icc_aux$(OBJSUFX) ../package/gsk_sdk/libgsk8iccs.x $(LDLIBS) + -$(CP) $@ $(GSK_SDK)/$@.unstripped $(STRIP) $@ -$(CP) $@ $(GSK_SDK)/$@ -$(GSKLIB_B).so: gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ +$(GSK_LIBNAME): $(GSK_SDK) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ $(TIMER_OBJS) \ $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ $(STKPK11) $(ZLIB_LIB) ../icc/csvquery.o + if [ -e OLD_ICC/ZOS*/iccsdk/libicc.a ] ; then chtag -r OLD_ICC/ZOS*/iccsdk/libicc.a; fi + if [ -e OLD_ICC/ZOS*A*/icc/icclib/ICCSIG.txt ] ; then chtag -c ISO8859-1 OLD_ICC/ZOS*A*/icc/icclib/ICCSIG.txt; fi $(SLD) $(SLDFLAGS) \ gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ $(TIMER_OBJS) ../icc/csvquery.o \ $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ $(STKPK11) $(ZLIB_LIB) \ $(LDLIBS) - -$(CP) $(GSKLIB_B).x $(GSK_SDK)/ + $(CP) $(GSKLIB_B).x $(GSK_SDK)/ $(STRIP) $@ -# Java +ifneq ($(strip $(MUPPET)),) +OLD_ICC_OBJ=icc$(OBJSUFX) +OLD_ICC_OBJ_AR=$(AR) x $(MUPPET) $(OLD_ICC_OBJ) +OLD_ICC_OBJ_CLEAN=$(RM) $(OLD_ICC_OBJ) +endif + +# Static lib +$(GSK_LIB_STATIC): $(GSK_SDK)/static gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) ../icc/csvquery.o + echo static lib + if [ -e OLD_ICC/ZOS*/iccsdk/libicc.a ] ; then chtag -r OLD_ICC/ZOS*/iccsdk/libicc.a; fi + if [ -e OLD_ICC/ZOS*A*/icc/icclib/ICCSIG.txt ] ; then chtag -c ISO8859-1 OLD_ICC/ZOS*A*/icc/icclib/ICCSIG.txt; fi + $(OLD_ICC_OBJ_AR) + $(AR) $(ARFLAGS) \ + gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(ICC_ROOT)/icc/$(MYICC)$(OBJSUFX) $(OLD_ICC_OBJ)\ + $(STKPK11) $(addprefix $(ICC_ROOT)/icc/,$(ZLIB_OBJ)) ../icc/csvquery.o + $(OLD_ICC_OBJ_CLEAN) -$(JGSKLIB_B).so: jgsk_wrap2$(OBJSUFX) jexp$(OBJSUFX) \ +# Java +$(JGSK_LIBNAME): $(JGSK_SDK) jgsk_wrap2$(OBJSUFX) jexp$(OBJSUFX) \ $(JTIMER_OBJS) \ $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ $(ZLIB_LIB) ../icc/csvquery.o + if [ -e OLD_ICC/ZOS*/iccsdk/libicc.a ] ; then chtag -r OLD_ICC/ZOS*/iccsdk/libicc.a; fi + if [ -e OLD_ICC/ZOS*A*/icc/icclib/ICCSIG.txt ] ; then chtag -c ISO8859-1 OLD_ICC/ZOS*A*/icc/icclib/ICCSIG.txt; fi $(SLD) $(SLDFLAGS) \ jgsk_wrap2$(OBJSUFX) jexp$(OBJSUFX) \ $(JTIMER_OBJS) ../icc/csvquery.o \ $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ $(ZLIB_LIB) \ $(LDLIBS) - -$(MKDIR) $(JGSK_SDK) - -$(CP) $(JGSKLIB_B).x $(JGSK_SDK)/ + $(CP) $(JGSKLIB_B).x $(JGSK_SDK)/ + $(STRIP) $@ + +# ICKC +$(ICKC_LIBNAME): $(ICKC_SDK) $(ICKC_DIR) ickc_wrap2$(OBJSUFX) \ + $(ICKCTIMER_OBJS) ../icc/csvquery.o \ + $(ZICCOBJ) $(MUPPET) \ + $(ZLIB_LIB) + if [ -e OLD_ICC/ZOS*/iccsdk/libicc.a ] ; then chtag -r OLD_ICC/ZOS*/iccsdk/libicc.a; fi + if [ -e OLD_ICC/ZOS*A*/icc/icclib/ICCSIG.txt ] ; then chtag -c ISO8859-1 OLD_ICC/ZOS*A*/icc/icclib/ICCSIG.txt; fi + $(SLD) $(SLDFLAGS) ickc_wrap2$(OBJSUFX) \ + $(ICKCTIMER_OBJS) ../icc/csvquery.o \ + $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(ZLIB_LIB) \ + $(LDLIBS) + $(CP) $(ICKCLIB_B).x $(ICKC_SDK)/ $(STRIP) $@ cache_test$(EXESUFX): cache_test$(OBJSUFX) exp$(OBJSUFX) \ @@ -38,5 +79,4 @@ cache_test$(EXESUFX): cache_test$(OBJSUFX) exp$(OBJSUFX) \ $(LD) cache_test$(OBJSUFX) exp$(OBJSUFX) \ $(TIMER_OBJS) $(NEW_ICC)/iccsdk/$(ICCLIB) $(MUPPET) \ $(STKPK11) $(ZLIB_LIB) \ - $(LDLIBS) $(OUT) $@ - \ No newline at end of file + $(LDLIBS) $(OUT) $@ \ No newline at end of file diff --git a/iccpkg/platforms/ZOS_.mk b/iccpkg/platforms/ZOS_.mk index 8eb2773..f7e93ba 100644 --- a/iccpkg/platforms/ZOS_.mk +++ b/iccpkg/platforms/ZOS_.mk @@ -22,39 +22,73 @@ endif ZICCOBJ = ../icc/$(MYICC)$(OBJSUFX) -$(AUXLIB_B).so: icc_aux$(OBJSUFX) +$(AUXLIB_B)$(SHLSUFX): icc_aux$(OBJSUFX) $(SLD) $(SLDFLAGS) icc_aux$(OBJSUFX) ../package/gsk_sdk/libgsk8iccs_64.x $(LDLIBS) + -$(CP) $@ $(GSK_SDK)/$@.unstripped $(STRIP) $@ -$(CP) $@ $(GSK_SDK)/$@ -$(GSKLIB_B)_64.so: gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ - $(TIMER_OBJS) \ +$(GSK_LIBNAME): $(GSK_SDK) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) ../icc/csvquery_64.o \ $(ZICCOBJ) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) ../icc/csvquery_64.o - $(SLD) $(SLDFLAGS) \ - gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(STKPK11) $(ZLIB_LIB) + if [ -e OLD_ICC/ZOS*/iccsdk/libicc.a ] ; then chtag -r OLD_ICC/ZOS*/iccsdk/libicc.a; fi + if [ -e OLD_ICC/ZOS*A*/icc/icclib/ICCSIG.txt ] ; then chtag -c ISO8859-1 OLD_ICC/ZOS*A*/icc/icclib/ICCSIG.txt; fi + $(SLD) $(SLDFLAGS) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ $(TIMER_OBJS) ../icc/csvquery_64.o \ $(ZICCOBJ) $(MUPPET) \ $(STKPK11) $(ZLIB_LIB) \ $(LDLIBS) - -$(CP) $(GSKLIB_B)_64.x $(GSK_SDK)/ + $(CP) $(GSKLIB_B)_64.x $(GSK_SDK)/ $(STRIP) $@ -# Java +ifneq ($(strip $(MUPPET)),) +OLD_ICC_OBJ=icc$(OBJSUFX) +OLD_ICC_OBJ_AR=$(AR) x $(MUPPET) $(OLD_ICC_OBJ) +OLD_ICC_OBJ_CLEAN=$(RM) $(OLD_ICC_OBJ) +endif -$(JGSKLIB_B)_64.so: jgsk_wrap2$(OBJSUFX) $(JEX_OBJS) \ - $(JTIMER_OBJS) \ +# Static lib +$(GSK_LIB_STATIC): $(GSK_SDK)/static gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(STKPK11) $(ZLIB_LIB) ../icc/csvquery_64.o + echo static lib + $(OLD_ICC_OBJ_AR) + $(AR) $(ARFLAGS) \ + gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ + $(TIMER_OBJS) $(ICC_ROOT)/icc/$(MYICC)$(OBJSUFX) $(OLD_ICC_OBJ) \ + $(STKPK11) $(addprefix $(ICC_ROOT)/icc/,$(ZLIB_OBJ)) ../icc/csvquery_64.o + $(OLD_ICC_OBJ_CLEAN) + +# Java +$(JGSK_LIBNAME): $(JGSK_SDK) $(JGSK_DIR) jgsk_wrap2$(OBJSUFX) jexp$(OBJSUFX) \ + $(JTIMER_OBJS) ../icc/csvquery_64.o \ $(ZICCOBJ) $(MUPPET) \ - $(ZLIB_LIB) ../icc/csvquery_64.o - $(SLD) $(SLDFLAGS) \ - jgsk_wrap2$(OBJSUFX) $(JEX_OBJS) \ + $(ZLIB_LIB) + if [ -e OLD_ICC/ZOS*/iccsdk/libicc.a ] ; then chtag -r OLD_ICC/ZOS*/iccsdk/libicc.a; fi + if [ -e OLD_ICC/ZOS*A*/icc/icclib/ICCSIG.txt ] ; then chtag -c ISO8859-1 OLD_ICC/ZOS*A*/icc/icclib/ICCSIG.txt; fi + $(SLD) $(SLDFLAGS) jgsk_wrap2$(OBJSUFX) jexp$(OBJSUFX) \ $(JTIMER_OBJS) ../icc/csvquery_64.o \ $(ZICCOBJ) $(MUPPET) \ $(ZLIB_LIB) \ $(LDLIBS) - -$(MKDIR) $(JGSK_SDK) - -$(CP) $(JGSKLIB_B)_64.x $(JGSK_SDK)/ + $(CP) $(JGSKLIB_B)_64.x $(JGSK_SDK)/ + $(STRIP) $@ + +# ICKC +$(ICKC_LIBNAME): $(ICKC_SDK) $(ICKC_DIR) ickc_wrap2$(OBJSUFX) \ + $(ICKCTIMER_OBJS) ../icc/csvquery_64.o \ + $(ZICCOBJ) $(MUPPET) \ + $(ZLIB_LIB) + if [ -e OLD_ICC/ZOS*/iccsdk/libicc.a ] ; then chtag -r OLD_ICC/ZOS*/iccsdk/libicc.a; fi + if [ -e OLD_ICC/ZOS*A*/icc/icclib/ICCSIG.txt ] ; then chtag -c ISO8859-1 OLD_ICC/ZOS*A*/icc/icclib/ICCSIG.txt; fi + $(SLD) $(SLDFLAGS) ickc_wrap2$(OBJSUFX) \ + $(ICKCTIMER_OBJS) ../icc/csvquery_64.o \ + $(ZICCOBJ) $(MUPPET) \ + $(ZLIB_LIB) \ + $(LDLIBS) + $(CP) $(ICKCLIB_B)_64.x $(ICKC_SDK)/ $(STRIP) $@ cache_test$(EXESUFX): cache_test$(OBJSUFX) exp$(OBJSUFX) \ diff --git a/iccpkg/pqc/kemtest.c b/iccpkg/pqc/kemtest.c new file mode 100644 index 0000000..7b7089e --- /dev/null +++ b/iccpkg/pqc/kemtest.c @@ -0,0 +1,819 @@ +/* Copyright IBM Corp. 2023 + + Licensed under the Apache License 2.0 (the "License"). You may not use + this file except in compliance with the License. You can obtain a copy + in the file LICENSE in the source distribution. + */ + + /* + kemtest.c +*/ +#include +#include +#include +#include + +#if 0 +#include +#else +#define bool int +#define false 0 +#define true 1 +#endif + +#if defined(_WIN32) +# include +#else +# include +#endif + +# include "icc.h" + +/* We want to use PKCS1 and PKCS8 encodings for i2d/d2i */ +/* these are all independent bits that can be combined */ +/* public is pkcs1 or binary (default) */ +/* private is none, raw or pkcs8 */ +enum ed { none = 0, raw = 1, pkcs1 = 2, pkcs8 = 4 }; + +/* Helper function to print byte arrays in hexadecimal */ +static +void fprintBstr(FILE* fp, const char* S, const unsigned char* A, size_t L) +{ + size_t i; + + fprintf(fp, "%s", S); + + for (i = 0; i < L; i++) + fprintf(fp, "%02X", A[i]); + + if (L == 0) + fprintf(fp, "00"); + + fprintf(fp, "\n"); +} + +/* Key buffer definitions */ +struct kbuf_s { + unsigned char* data; + size_t len; +}; +typedef struct kbuf_s kbuf; + +/* Public key - encoded */ +struct pkbuf_s { + int nid; /* ICC key id */ + kbuf der; +}; +typedef struct pkbuf_s pkbuf; + +/* Private key - holds context */ +struct skbuf_s { + ICC_EVP_PKEY_CTX* ctx; /* ICC context for the key */ + ICC_EVP_PKEY* key; /* the key */ + int nid; /* ICC key id */ + kbuf der; +}; +typedef struct skbuf_s skbuf; + +/* Shared secret */ +typedef kbuf ssbuf; + +int pubEncode(ICC_CTX* ctx, const ICC_EVP_PKEY* pa, kbuf* der, enum ed encdec) +{ + int rv = 0; + int len; + unsigned char* pp = NULL; + if (encdec & pkcs1) { + /* PKCS1 */ + /* this variant encodes the OID for the key type rather than a raw encoding */ + len = ICC_i2d_PUBKEY(ctx, pa, NULL); + if (len <= 0) { + return 5; + } + der->len = len; + pp = der->data = malloc(len); + rv = ICC_i2d_PUBKEY(ctx, pa, &pp); + } + else { + /* binary */ + len = ICC_i2d_PublicKey(ctx, pa, NULL); + if (len <= 0) { + return 5; /* Invalid public key length */ + } + der->len = len; + pp = der->data = malloc(len); + rv = ICC_i2d_PublicKey(ctx, pa, &pp); + } + if (rv <= 0) { + return 6; /* Failed to encode public key */ + } + + return rv; +} + +ICC_EVP_PKEY* pubDecode(ICC_CTX* ctx, int nid, const kbuf* der, enum ed encdec) +{ + ICC_EVP_PKEY* npa = NULL; /* For decoded key */ + const unsigned char* pp = NULL; + int len; + + pp = der->data; + len = (int)der->len; + if (encdec & pkcs1) { + /* reconstruct key from encoding */ + npa = ICC_d2i_PUBKEY(ctx, &npa, &pp, len); + } + else { + /* Reconstruct public key from encoding and type */ + npa = ICC_d2i_PublicKey(ctx, nid, &npa, &pp, len); + } + return npa; +} + +int priEncode(ICC_CTX* ctx, const ICC_EVP_PKEY* pa, kbuf* der, enum ed encdec) +{ + int rv = 0; + int len; + unsigned char* pp = NULL; + if (encdec & pkcs8) { + ICC_PKCS8_PRIV_KEY_INFO* p8 = ICC_EVP_PKEY2PKCS8(ctx, pa); + if (!p8) { + return 11; + } + len = ICC_i2d_PKCS8_PRIV_KEY_INFO(ctx, p8, NULL); + der->len = len; + pp = der->data = malloc(len); + rv = ICC_i2d_PKCS8_PRIV_KEY_INFO(ctx, p8, &pp); + if (rv <= 0) { + return 7; /* Failed to encode private key */ + } + } + else if (encdec & raw) { + len = ICC_i2d_PrivateKey(ctx, pa, NULL); + der->len = len; + pp = der->data = malloc(len); + rv = ICC_i2d_PrivateKey(ctx, pa, &pp); + if (rv <= 0) { + return 7; /* Failed to encode private key */ + } + } + return rv; +} + +ICC_EVP_PKEY* priDecode(ICC_CTX* ctx, int nid, const kbuf* der, enum ed encdec) +{ + ICC_EVP_PKEY* npa = NULL; /* For decoded key */ + const unsigned char* pp = NULL; + int len; + + pp = der->data; + len = (int)der->len; + if (encdec & pkcs8) { + ICC_PKCS8_PRIV_KEY_INFO* p8 = NULL; + p8 = ICC_d2i_PKCS8_PRIV_KEY_INFO(ctx, NULL, &pp, len); + if (!p8) { + return NULL; + } + npa = ICC_EVP_PKCS82PKEY(ctx, p8); + ICC_PKCS8_PRIV_KEY_INFO_free(ctx, p8); + if (!npa) { + return NULL; + } + } + else if (encdec & raw) { + npa = ICC_d2i_PrivateKey(ctx, nid, &npa, &pp, len); + if (!npa) { + return NULL; + } + } + /* else no encoding - not an error */ + return npa; +} + +/* Generate KEM key pair - return 0 for success */ + +int +KEMEVP_gen(ICC_CTX* ctx, const char* nm, pkbuf* p_pkc, skbuf* p_skc, enum ed encdec) +{ + ICC_EVP_PKEY_CTX* evp_sp; /* key context */ + ICC_EVP_PKEY* pa = NULL; /* key pair */ + int rv = ICC_OSSL_SUCCESS; + + const int nid = ICC_OBJ_txt2nid(ctx, nm); + if (!nid) { + return 1; /* Unsupported algorithm */ + } + + evp_sp = ICC_EVP_PKEY_CTX_new_id(ctx, nid, NULL); + if (!evp_sp) { + /* try newer API */ + evp_sp = ICC_EVP_PKEY_CTX_new_from_name(ctx, NULL, nm, NULL); + if (!evp_sp) { + return 2; /* Failed to create key context */ + } + } + rv = ICC_EVP_PKEY_keygen_init(ctx, evp_sp); + if (rv != ICC_OSSL_SUCCESS) { + if (evp_sp) { + ICC_EVP_PKEY_CTX_free(ctx, evp_sp); + } + return 3; /* Keygen initialization failed */ + } + + rv = ICC_EVP_PKEY_keygen(ctx, evp_sp, &pa); + if (rv != ICC_OSSL_SUCCESS) { + if (evp_sp) { + ICC_EVP_PKEY_CTX_free(ctx, evp_sp); + } + if (pa) { + ICC_EVP_PKEY_free(ctx, pa); + } + return 4; /* Key generation failed */ + } + + /* public key */ + + p_pkc->nid = nid; + + /* encode (always) */ + pubEncode(ctx, pa, &p_pkc->der, encdec); + + /* private key */ + p_skc->nid = nid; + /* encode (optional) */ + priEncode(ctx, pa, &p_skc->der, encdec); + p_skc->ctx = evp_sp; + p_skc->key = pa; + + /* verify encodings */ + /* reconstruct keys from encoding */ + { + ICC_EVP_PKEY* npa = NULL; /* For decoded key */ + + /* public */ + npa = pubDecode(ctx, p_pkc->nid, &p_pkc->der, encdec); + if (!npa) { + printf("Error pubDecode failed\n"); + return 1; + } + + if (1 != ICC_EVP_PKEY_cmp(ctx, pa, npa)) { /*compare pubkey and decoded key */ + kbuf pb = { 0 }; + printf("warning - public key encode/decode missmatch\n"); + fprintBstr(stdout, "public key old\n", p_pkc->der.data, p_pkc->der.len); + pubEncode(ctx, npa, &pb, encdec); + if (p_pkc->der.len != pb.len || memcmp(p_pkc->der.data, pb.data, pb.len)) { + printf("warning - public key encode/decode/encode missmatch\n"); + fprintBstr(stdout, "public key new\n", pb.data, pb.len); + } + return 20; + } + ICC_EVP_PKEY_free(ctx, npa); + npa = NULL; + + /* private */ + npa = priDecode(ctx, p_skc->nid, &p_skc->der, encdec); + if (npa) { + size_t keylen = ICC_EVP_PKEY_size(ctx, pa); + size_t kl = ICC_EVP_PKEY_size(ctx, npa); + if (keylen == 0 || kl != keylen) { + printf("warning - key size missmatch %d != %d\n", (int)keylen, (int)kl); + return 22; + } + if (1 != ICC_EVP_PKEY_cmp(ctx, pa, npa)) { + kbuf sb = { 0 }; + printf("warning - private key encode/decode missmatch\n"); + fprintBstr(stdout, "private key old\n", p_skc->der.data, p_skc->der.len); + priEncode(ctx, npa, &sb, encdec); + if (p_skc->der.len != sb.len || memcmp(p_skc->der.data, sb.data, sb.len)) { + printf("warning - private key encode/decode/encode missmatch\n"); + fprintBstr(stdout, "private key new\n", sb.data, sb.len); + } + return 21; + } + + ICC_EVP_PKEY_free(ctx, npa); + npa = NULL; + } + } + + return 0; +} + +/* KEM encapsulation - return 0 for success */ + +int +KEMEVP_enc(ICC_CTX* ctx, kbuf* pks, kbuf* ss, const pkbuf* p_pkc, int argc, const char * argv[], enum ed encdec) +{ + ICC_EVP_PKEY* pa = NULL; + const unsigned char* pp; + pp = p_pkc->der.data; + size_t len = p_pkc->der.len; + + pa = pubDecode(ctx, p_pkc->nid, &p_pkc->der, encdec); + if (!pa) { + printf("KEMEVP_enc: Error pubDecode failed\n"); + return 1; + } + + ICC_EVP_PKEY_CTX* evp_pk; + evp_pk = ICC_EVP_PKEY_CTX_new_from_pkey(ctx, NULL, pa, NULL); + if (!evp_pk) { + return 2; + } + +#if 1 + /* ICC doesn't support ICC_EVP_PKEY_CTX_set_kem_op and only RSA appears to use it */ + /* make any kem operational settings */ + if (argv && argc) { + int i = 0; + for (i = 1; i < argc; i++) { + if (NULL == strstr(argv[i], "-op") || i+1 == argc) { + continue; + } + i++; + + /* Set the mode - only 'RSASVE' is currently supported */ + if (ICC_EVP_PKEY_CTX_set_kem_op(ctx, evp_pk, argv[i]) <= 0) { + return 7; + } + } + } +#endif + + int rc = -1; + + rc = ICC_EVP_PKEY_encapsulate_init(ctx, NULL, NULL); + if (rc != ICC_OSSL_SUCCESS) { + return 3; + } + + size_t wrappedkeylen = 0; + size_t genkeylen = 0; + + rc = ICC_EVP_PKEY_encapsulate(ctx, evp_pk, NULL, &wrappedkeylen, NULL, &genkeylen); + if (rc != ICC_OSSL_SUCCESS) { + return 4; + } + + kbuf wk; + wk.len = wrappedkeylen; + wk.data = malloc(wrappedkeylen); + unsigned char* wrappedkey = wk.data; + kbuf gk; + gk.len = genkeylen; + gk.data = malloc(genkeylen); + unsigned char* genkey = gk.data; + + rc = ICC_EVP_PKEY_encapsulate(ctx, evp_pk, wrappedkey, &wrappedkeylen, genkey, &genkeylen); + if (rc != ICC_OSSL_SUCCESS) { + return 5; + } + + ICC_EVP_PKEY_free(ctx, pa); + ICC_EVP_PKEY_CTX_free(ctx, evp_pk); + *ss = gk; + /* public key to share with peer is just the ss encrypted with peer's public key */ + *pks = wk; + + return 0; +} + +/* KEM decapsulation - return 0 for success */ + +int +KEMEVP_dec(ICC_CTX* ctx, const skbuf* p_skc, kbuf* ss, const kbuf* p_pks, enum ed encdec) +{ + ICC_EVP_PKEY_CTX* skc = p_skc->ctx; /* private key context */ + int rc; + + if (!skc) { + /* make a temporary context */ + ICC_EVP_PKEY* skey = p_skc->key; /* private key */ + + if (!skey) { + /* reconstruct key from encoding */ + const unsigned char* pp = p_skc->der.data; + if (!pp) { + /* no key or encoding present - give up */ + return 10; + } + skey = priDecode(ctx, p_skc->nid, &p_skc->der, encdec); + if (!skey) { + return 9; + } + } + + /* load a context with this key */ + skc = ICC_EVP_PKEY_CTX_new_from_pkey(ctx, NULL, skey, NULL); + if (!skc) { + return 2; + } + + if (!p_skc->key) { + /* the key is reference counted in the context so we can delete this temporary reference */ + ICC_EVP_PKEY_free(ctx, skey); + } + } + + rc = ICC_EVP_PKEY_decapsulate_init(ctx, NULL, NULL); + if (rc != ICC_OSSL_SUCCESS) { + return 1; + } + + { + /* peer's public key is just the ss encrypted (by peer) with our public key */ + size_t wrappedkeylen = 0; + wrappedkeylen = p_pks->len; + unsigned char* wrappedkey = p_pks->data; + size_t genkeylen = 0; + + rc = ICC_EVP_PKEY_decapsulate(ctx, skc, NULL, &genkeylen, NULL, wrappedkeylen); + if (rc != ICC_OSSL_SUCCESS) { + return 2; + } + + { + kbuf gk; + unsigned char* genkey; + gk.len = genkeylen; + genkey = gk.data = malloc(genkeylen); + /*unsigned char* unwrapped, size_t* unwrappedlen, const unsigned char* wrapped, size_t wrappedlen */ + rc = ICC_EVP_PKEY_decapsulate(ctx, skc, genkey, &genkeylen, wrappedkey, wrappedkeylen); + if (rc != ICC_OSSL_SUCCESS) { + return 3; + } + + *ss = gk; + } + } + + if (!p_skc->ctx) { + ICC_EVP_PKEY_CTX_free(ctx, skc); + } + return 0; +} + +/* Signature test function - generates keys, signs a message, and verifies the signature */ +/* return 0 for success */ +int +PQC_KEM_test(ICC_CTX* ctx, const char* algname, int verbose, int argc, const char* argv[], enum ed encdec) +{ + FILE* fp_rsp = stdout; + int ret_val; + + { + pkbuf pk = {0}; /*initialise these*/ + skbuf sk = {0}; + kbuf ct = {0}; + kbuf ss = {0}, ss1 = {0}; + + if (verbose) { + printf("PQC_KEM_test: Algorithm : %s)\n", algname); + } + /* Peer 1 generates the public/private keypair */ + if (verbose) { + printf("keygen\n"); + } + if ((ret_val = KEMEVP_gen(ctx, algname, &pk, &sk, encdec)) != 0) { + printf("Error: KEMEVP_gen returned <%d>\n", ret_val); + return 1; + } + if (verbose) { + fprintf(fp_rsp, "pk encoding length = %d\n", (int)pk.der.len); + fprintf(fp_rsp, "pk %s\n", (encdec & pkcs1) ? "pkcs1" : "raw"); + fprintBstr(fp_rsp, "", pk.der.data, pk.der.len); + + fprintf(fp_rsp, "sk encoding length = %d\n", (int)sk.der.len); + if (encdec & (raw | pkcs8)) { + fprintf(fp_rsp, "sk %s\n", (encdec & pkcs8) ? "pkcs8" : "raw"); + fprintBstr(fp_rsp, "", sk.der.data, sk.der.len); + } + } + { + int keylen = 0; + keylen = ICC_EVP_PKEY_size(ctx, sk.key); + if (verbose) { + fprintf(fp_rsp, "key size = %d\n", keylen); + } + } + + /* get rid of gen context */ + if (sk.ctx) { + ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); + sk.ctx = NULL; + } + + if (encdec & (raw | pkcs8)) { + /* delete ICC key and context so we use private encoding */ + if (sk.key) { + ICC_EVP_PKEY_free(ctx, sk.key); + sk.key = NULL; + } + } + + /* Typical usage: Send public key (pk) to peer 2, keep private/secret key (sk) */ + + if (verbose) { + printf("encrypt\t"); + } + + /* peer 2 generates shared secret (ss) and uses pk to encapsulate ss (ct) */ + if ((ret_val = KEMEVP_enc(ctx, &ct, &ss, &pk, argc, argv, encdec)) != 0) { + printf("kem encapsulate returned <%d>\n", ret_val); + return 2; + } + fprintBstr(fp_rsp, "ct = ", ct.data, ct.len); + fprintBstr(fp_rsp, "ss = ", ss.data, ss.len); + /* send ct to peer 1 */ + + /* peer 1 uses sk to decapsulate (decrypt) ct to get ss */ + fprintf(fp_rsp, "\n"); + if (verbose) { + printf("decrypt\n"); + } + if ((ret_val = KEMEVP_dec(ctx, &sk, &ss1, &ct, encdec)) != 0) { + printf("kem decapsulate returned <%d>\n", ret_val); + return 3; + } + + /* ss's should match */ + if (ss.len != ss1.len || memcmp(ss.data, ss1.data, ss.len)) { + printf("kem decapsulate returned bad 'ss' value\n"); + fprintBstr(fp_rsp, "ss = ", ss1.data, ss1.len); + return 4; + } + + /* Clean up allocated resources */ + if (pk.der.data) { + free(pk.der.data); + pk.der.data = NULL; + } + if (sk.ctx) { + ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); + sk.ctx = NULL; + } + if (sk.key) { + ICC_EVP_PKEY_free(ctx, sk.key); + sk.key = NULL; + } + + if (sk.der.data) { + free(sk.der.data); + } + if (ct.data) { + free(ct.data); + } + if (ss.data) free(ss.data); + if (ss1.data) free(ss1.data); + } + return 0; +} + + +/* map command line arguments to ICC parameters */ +/* these algorithm names are self explanitory but will come from icc.h */ + +static +char* algs[] = +{ + "Kyber_512", + "ML-KEM-768", + "Kyber_1024", + NULL +}; + +/* Map command line arguments to Key Encapsulation algorithm names */ +static +const char* to_KEM_ALGNAME(int k) +{ + /* k is 1 based so adjust for 0 based index */ + if (k > sizeof(algs) / sizeof(algs[0])) + return NULL; + return algs[k-1]; +} + +static +void fcb(const char* a, int b, int c) +{ + printf("KemTest fcb:%s, %d, %d\n", a, b, c); +} + +static +void tcb(const char* val1, const char* val2) +{ + printf("KemTest Tcb:%s, %s \n", val1, val2); +} + + +/* Main function to parse arguments and execute KEM tests */ +int main(int argc, const char* argv[]) +{ + const char* algname = NULL; + const char* iccPath = NULL; + bool isFips = false, wantFips = false, verbose = false; + bool wantTraceCB = false; /* Trace callback */ + bool wantFipsCB = false; /* FIPS callback */ + enum ed encdec = none; + int rv = 0; + size_t iterations = 1; + + /* Parse command-line arguments */ + if (argc > 1) { + const char* arg; + int i; + for ( i = 1; i < argc; i++) { + arg = argv[i]; + if (NULL != strstr(arg, "-?")) { + int j; + printf("Usage: KemTest [-v] [-fips] [-fcb] [-tcb] [-alg ] [-ed ] []\n"); + printf(" -fips Request FIPS mode ICC\n"); + printf(" -fcb Install a FIPS callback routine (prints message 'fcb:...')\n"); + printf(" -tcb Install a TRACE callback routine (prints message 'tcb:...')\n"); + printf(" -ed Encode/Decode keys, pkcs=pkcs1|pkcs8\n"); + printf(" -alg Refer following table...\n"); + for ( j = 1; to_KEM_ALGNAME(j); j++) { + printf(" %d %s\n", j, to_KEM_ALGNAME(j)); + } + } + else if (NULL != strstr(arg, "-fips")) { + wantFips = true; + } + else if (NULL != strstr(arg, "-fcb")) { + wantFips = true; + wantFipsCB = true; + } + else if (NULL != strstr(arg, "-tcb")) { + wantTraceCB = true; + } + else if (NULL != strstr(arg, "-p")) { + i++; + iccPath = argv[i]; + } + else if (NULL != strstr(arg, "-v")) { + verbose = true; + } + else if (NULL != strstr(arg, "-ed")) { + i++; + arg = argv[i]; + if (!strcmp(arg, "none")) + encdec = none; + else if (!strcmp(arg, "raw")) + encdec = raw; + else if (!strcmp(arg, "pkcs1")) + encdec = pkcs1; + else if (!strcmp(arg, "pkcs8")) + encdec = pkcs8; + else if (!strcmp(arg, "pkcs")) + encdec = pkcs1 | pkcs8; + else { + printf("%s: bad encoding, try -? to get help\n", arg); + return -1; + } + } + else if (NULL != strstr(arg, "-alg")) { + i++; + algname = argv[i]; + } + else if (NULL != strstr(arg, "-i")) { + i++; + iterations = atoi(argv[i]); + } + else if (*arg == '-') { + /* another setting - pass it on */ + i++; + } + else { + int k = 0; + k = (int)atoi(arg); + algname = to_KEM_ALGNAME(k); + if (k == 0 || !algname) { + printf("%s: bad argument, try -? to get help\n", arg); + return -1; + } + } + } + } + + { + ICC_STATUS status; + ICC_CTX* icc_ctx = NULL; + char iccversion[ICC_VALUESIZE + 1]; + iccversion[ICC_VALUESIZE] = '\0'; + + /* Initialize ICC context */ + icc_ctx = ICC_Init(&status, iccPath); + if (NULL == icc_ctx) { + printf("ICC not initialized, exiting\n"); + if (iccPath) + printf("icc path was: %s\n", iccPath); + exit(1); + } + + /* check and report the ICC step version we found (before attach) */ + { + iccversion[0] = '\0'; + if (ICC_ERROR == ICC_GetValue(icc_ctx, &status, ICC_VERSION, (void*)iccversion, ICC_VALUESIZE)) { + printf("ICC_GetValue() failed, exiting\n"); + ICC_Cleanup(icc_ctx, &status); + exit(1); + } + iccversion[ICC_VALUESIZE] = '\0'; + printf("ICC_Version step: %s\n", iccversion); + } + + /* + * Set FIPS only work before the attach + */ + if (wantFips) { + isFips = wantFips; + ICC_SetValue(icc_ctx, &status, ICC_FIPS_APPROVED_MODE, wantFips ? "on" : "off"); + if (ICC_OK != status.majRC) + { + printf("ICC_SetValue(ICC_FIPS_APPROVED_MODE) failed %d\n", rv); + isFips = false; + } + } + printf("FIPS %s.\n", isFips ? "on" : "off"); + + + /* Attach to ICC */ + if (ICC_ERROR == ICC_Attach(icc_ctx, &status)) { + printf("ICC_Attach() failed, exiting\n"); + ICC_Cleanup(icc_ctx, &status); + exit(1); + } + + /* check and report the ICC module version we found */ + { + iccversion[0] = '\0'; + if (ICC_ERROR == ICC_GetValue(icc_ctx, &status, ICC_VERSION, (void*)iccversion, ICC_VALUESIZE)) { + printf("ICC_GetValue() failed, exiting\n"); + ICC_Cleanup(icc_ctx, &status); + exit(1); + } + iccversion[ICC_VALUESIZE] = '\0'; + printf("ICC_Version module: %s\n", iccversion); + //if (strstr(iccversion, "8.6") != NULL) { + // printf("Error: %s\n", "ICC 8.6 not supported"); + // ICC_Cleanup(icc_ctx, &status); + // exit(1); + //} + } + + /* + * Callbacks only work after the attach + * Also, FIPS callback only works in FIPS mode + */ + if (wantFipsCB) { + typedef void (*CALLBACK_T)(const char*, int, int); + CALLBACK_T x = fcb; + + rv = ICC_SetValue(icc_ctx, &status, ICC_FIPS_CALLBACK, &x); + if (ICC_OK != status.majRC && isFips) + { + printf("ICC_SetValue(ICC_FIPS_CALLBACK) failed %d\n", rv); + isFips = false; + } + } + + if (wantTraceCB) { + typedef void (*TRACE_CALLBACK_T)(const char*, const char*); + TRACE_CALLBACK_T x = tcb; + + rv = ICC_SetValue(icc_ctx, &status, ICC_TRACE_CALLBACK, &x); + if (ICC_OK != status.majRC) + { + printf("ICC_SetValue(ICC_TRACE_CALLBACK) failed %d\n", rv); + } + ICC_GetValue(icc_ctx, &status, ICC_TRACE_CALLBACK, &x, sizeof(TRACE_CALLBACK_T)); + } + + if (!algname) { + /* default */ + algname = to_KEM_ALGNAME(2); /* Kyber_768 */ + printf("algname = %s\n", algname?algname:"NULL"); + } + /* Execute the KemTest test */ + { + size_t iteration; + for (iteration = 0; iteration < iterations; iteration++) { + rv = PQC_KEM_test(icc_ctx, algname, verbose, argc - 1, argv + 1, encdec); + if (iterations > 1 && verbose) { + printf("iteration %d\n", (int)iteration); + } + if (rv) { + if (iterations > 1 && !verbose) { + printf("iteration %d\n", (int)iteration); + } + printf("%s: Error %d, try -? to get help\n", algname, rv); + } + } + } + + /* Clean up ICC context */ + ICC_Cleanup(icc_ctx, &status); + } + + return rv; +} diff --git a/iccpkg/pqc/makefile b/iccpkg/pqc/makefile new file mode 100644 index 0000000..92ac90c --- /dev/null +++ b/iccpkg/pqc/makefile @@ -0,0 +1,112 @@ +#OQS_FLAGS = -DOQS_MINIMAL_BUILD="KEM_kyber_768;SIG_dilithium_3;SIG_sphincs_shake_256s_simple" -DOQS_BUILD_ONLY_LIB=ON +#DEFAULT_BUILD_OQS = cd $(ICC_ROOT)/liboqs; cmake -G "Unix Makefiles" $(OQS_FLAGS) . ; make + +ICC_ROOT=../.. + +include $(ICC_ROOT)/iccpkg/muppet.mk +include $(ICC_ROOT)/icc/platforms.mk +include $(ICC_ROOT)/icc/icc_defs.mk +include $(ICC_ROOT)/iccpkg/gsk_crypto.mk + +#-I common/aes -I common/rand -I common/sha2 -I common/sha3 +DilKyb_CFLAGS_$(OPSYS) = -I $(GSK_SDK) -I . $(PQCINC) $(CFLAGS) + +DilKyb_CFLAGS_SUN_X86 := -std=c99 $(DilKyb_CFLAGS_$(OPSYS)) +DilKyb_CFLAGS_SUN_AMD64 := -xc99=all $(DilKyb_CFLAGS_$(OPSYS)) + +DilKyb_CFLAGS=$(DilKyb_CFLAGS_$(OPSYS)) + +OBJD=o + +# LDLIBS is from platforms.mk +SYSLIBS=$(LDLIBS) + +all : $(OBJD) kemtest$(EXESUFX) sigtest$(EXESUFX) + +t_kemtest: + $(GSK_SETUP) ; ./kemtest +t_kemtest_v: + $(GSK_SETUP) ; ./kemtest -v +t_k1024: +ifeq ($(strip $(IS_FIPS)),) + $(GSK_SETUP) ; ./kemtest -alg "Kyber_1024" +else + echo Kyber_1024 not tested on FIPS +endif +t_k768: + $(GSK_SETUP) ; ./kemtest -alg "MLKEM768" +t_ktcb: + $(GSK_SETUP) ; ./kemtest -tcb + +t_sigtest_v: + $(GSK_SETUP) ; ./sigtest -v +t_srsa: + $(GSK_SETUP) ; ./sigtest -alg "rsaEncryption" +t_srsa_tcb: + $(GSK_SETUP) ; ./sigtest -tcb -alg "rsaEncryption" +# FIPS 8.6 may show an error here +t_srsa_fips: + $(GSK_SETUP) ; ./sigtest -fips -fcb -alg "rsaEncryption" +t_sdsa44: + $(GSK_SETUP) ; ./sigtest -alg "ML_DSA_44" -l 8000 +t_sdsa65: +ifeq ($(strip $(IS_FIPS)),) + $(GSK_SETUP) ; ./sigtest -alg "ML_DSA_65" -h "SHA256" + $(GSK_SETUP) ; ./sigtest -alg "MLDSA65" -l 80000 +else + echo ML_DSA_65 not tested on FIPS +endif +t_sshake128s: + $(GSK_SETUP) ; ./sigtest -alg "SLH_DSA_SHAKE_128s" -l 10000 + +testkem: kemtest$(EXESUFX) t_kemtest t_kemtest_v t_k1024 t_k768 t_ktcb + $(GSK_SETUP) ; ./kemtest -? +testsig: sigtest$(EXESUFX) t_sigtest_v t_srsa t_srsa_tcb t_srsa_fips t_sdsa44 t_sdsa65 t_sshake128s + $(GSK_SETUP) ; ./sigtest -? + +tests: testkem testsig + @echo PQC tests complete + +tests_all_kyber: kemtest$(EXESUFX) + $(GSK_SETUP) ; ./kemtest -alg "MLKEM512" + $(GSK_SETUP) ; ./kemtest -alg "MLKEM768" + $(GSK_SETUP) ; ./kemtest -alg "MLKEM1024" + +tests_all_dilithium: sigtest$(EXESUFX) + $(GSK_SETUP) ; ./sigtest -alg "ML_DSA_44" + $(GSK_SETUP) ; ./sigtest -alg "ML_DSA_65" + $(GSK_SETUP) ; ./sigtest -alg "ML_DSA_87" + +tests_all_sphincs: sigtest$(EXESUFX) + $(GSK_SETUP) ; ./sigtest -alg "SLH_DSA_SHA2_128s" + $(GSK_SETUP) ; ./sigtest -alg "SLH_DSA_SHA2_128f" + $(GSK_SETUP) ; ./sigtest -alg "SLH_DSA_SHA2_192s" + $(GSK_SETUP) ; ./sigtest -alg "SLH_DSA_SHA2_192f" + $(GSK_SETUP) ; ./sigtest -alg "SLH_DSA_SHA2_256s" + $(GSK_SETUP) ; ./sigtest -alg "SLH_DSA_SHA2_256f" + $(GSK_SETUP) ; ./sigtest -alg "SLH_DSA_SHAKE_128s" + $(GSK_SETUP) ; ./sigtest -alg "SLH_DSA_SHAKE_128f" + $(GSK_SETUP) ; ./sigtest -alg "SLH_DSA_SHAKE_192s" + $(GSK_SETUP) ; ./sigtest -alg "SLH_DSA_SHAKE_192f" + $(GSK_SETUP) ; ./sigtest -alg "SLH_DSA_SHAKE_256s" + $(GSK_SETUP) ; ./sigtest -alg "SLH_DSA_SHAKE_256f" + +$(OBJD): + mkdir $@ + +kemtest$(EXESUFX): $(OBJD)/kemtest$(OBJSUFX) + $(LD) $(LDFLAGS) $^ $(ICCPKG_LIBS) $(SYSLIBS) + +sigtest$(EXESUFX): $(OBJD)/sigtest$(OBJSUFX) + $(LD) $(LDFLAGS) $^ $(ICCPKG_LIBS) $(SYSLIBS) + +$(OBJD)/kemtest$(OBJSUFX): kemtest.c makefile $(OBJD) + $(CC) $(DilKyb_CFLAGS) $< $(OUT)$@ + +$(OBJD)/sigtest$(OBJSUFX): sigtest.c makefile $(OBJD) + $(CC) $(DilKyb_CFLAGS) $< $(OUT)$@ + +clean: + -$(RM) -rf $(OBJD) + -$(RM) kemtest$(EXESUFX) sigtest$(EXESUFX) *.ilk *.pdb + diff --git a/iccpkg/pqc/sigtest.c b/iccpkg/pqc/sigtest.c new file mode 100644 index 0000000..65be3ed --- /dev/null +++ b/iccpkg/pqc/sigtest.c @@ -0,0 +1,1042 @@ +/* Copyright IBM Corp. 2023 + + Licensed under the Apache License 2.0 (the "License"). You may not use + this file except in compliance with the License. You can obtain a copy + in the file LICENSE in the source distribution. + */ + + /* + sigtest.c +*/ +#include +#include +#include +#include +#include + +#if 0 +#include +#else +#define bool int +#define false 0 +#define true 1 +#endif + +#if defined(_WIN32) +# include +#else +# include +#endif + +# include "icc.h" + +/* We want to use PKCS1 and PKCS8 encodings for i2d/d2i */ +/* these are all independent bits that can be combined */ +/* public is pkcs1 or binary (default) */ +/* private is none, raw or pkcs8 */ +enum ed { none = 0, raw = 1, pkcs1 = 2, pkcs8 = 4 }; + +/* Helper function to print byte arrays in hexadecimal */ +static +void fprintBstr(FILE* fp, const char* S, const unsigned char* A, size_t L) +{ + size_t i; + + fprintf(fp, "%s", S); + + for (i = 0; i < L; i++) + fprintf(fp, "%02X", A[i]); + + if (L == 0) + fprintf(fp, "00"); + + fprintf(fp, "\n"); +} + +static +void +count_up(unsigned char* b, size_t n) +{ + size_t i; + for (i = 0; i < n; i++) { + b[i] = (unsigned char)i; + } +} + + +/* Key buffer definitions */ +struct kbuf_s { + unsigned char* data; + size_t len; +}; +typedef struct kbuf_s kbuf; + +/* Public key - encoded */ +struct pkbuf_s { + int nid; /* ICC key id */ + kbuf der; +}; +typedef struct pkbuf_s pkbuf; + +/* Private key - holds context */ +struct skbuf_s { + ICC_EVP_PKEY_CTX* ctx; /* ICC context for the key */ + ICC_EVP_PKEY* key; /* the key */ + int nid; /* ICC key id */ + kbuf der; +}; +typedef struct skbuf_s skbuf; + +/* Signature buffer */ +typedef kbuf sbuf; + +/* Generate signature key pair - return 0 for success */ + +int +SignatureEVP_gen(ICC_CTX* ctx, const char* nm, pkbuf* p_pkc, skbuf* p_skc, enum ed encdec) +{ + ICC_EVP_PKEY_CTX* evp_sp; /* key context */ + ICC_EVP_PKEY* pa = NULL; /* key pair */ + int rv = ICC_OSSL_SUCCESS; + + const int nid = ICC_OBJ_txt2nid(ctx, nm); + if (!nid) { + return 1; /* Unsupported algorithm */ + } + + evp_sp = ICC_EVP_PKEY_CTX_new_id(ctx, nid, NULL); + if (!evp_sp) { + /* try newer API */ + evp_sp = ICC_EVP_PKEY_CTX_new_from_name(ctx, NULL, nm, NULL); + if (!evp_sp) { + return 2; /* Failed to create key context */ + } + } + rv = ICC_EVP_PKEY_keygen_init(ctx, evp_sp); + if (rv != ICC_OSSL_SUCCESS) { + if (evp_sp) { + ICC_EVP_PKEY_CTX_free(ctx, evp_sp); + } + return 3; /* Keygen initialization failed */ + } + + rv = ICC_EVP_PKEY_keygen(ctx, evp_sp, &pa); + if (rv != ICC_OSSL_SUCCESS) { + if (evp_sp) { + ICC_EVP_PKEY_CTX_free(ctx, evp_sp); + } + if (pa) { + ICC_EVP_PKEY_free(ctx, pa); + } + return 4; /* Key generation failed */ + } + + /* public key */ + + p_pkc->nid = nid; + + /* encode (always) */ + { + int len; + unsigned char* pp = NULL; + if (encdec & pkcs1) { + /* PKCS1 */ + /* this variant encodes the OID for the key type rather than a raw encoding */ + len = ICC_i2d_PUBKEY(ctx, pa, NULL); + if (len <= 0) { + return 5; + } + p_pkc->der.len = len; + pp = p_pkc->der.data = malloc(len); + rv = ICC_i2d_PUBKEY(ctx, pa, &pp); + } + else { + /* binary */ + len = ICC_i2d_PublicKey(ctx, pa, NULL); + if (len <= 0) { + return 5; /* Invalid public key length */ + } + p_pkc->der.len = len; + pp = p_pkc->der.data = malloc(len); + rv = ICC_i2d_PublicKey(ctx, pa, &pp); + } + if (rv <= 0) { + return 6; /* Failed to encode public key */ + } + } + + /* private key */ + + p_skc->nid = nid; + + /* encode (optional) */ + + { + int len; + unsigned char* pp = NULL; + if (encdec & pkcs8) { + ICC_PKCS8_PRIV_KEY_INFO* p8 = ICC_EVP_PKEY2PKCS8(ctx, pa); + if (!p8) { + return 11; + } + len = ICC_i2d_PKCS8_PRIV_KEY_INFO(ctx, p8, NULL); + p_skc->der.len = len; + pp = p_skc->der.data = malloc(len); + rv = ICC_i2d_PKCS8_PRIV_KEY_INFO(ctx, p8, &pp); + if (rv <= 0) { + return 7; /* Failed to encode private key */ + } + } + else if (encdec & raw) { + len = ICC_i2d_PrivateKey(ctx, pa, NULL); + p_skc->der.len = len; + pp = p_skc->der.data = malloc(len); + rv = ICC_i2d_PrivateKey(ctx, pa, &pp); + if (rv <= 0) { + return 7; /* Failed to encode private key */ + } + } + } + + p_skc->ctx = evp_sp; + p_skc->key = pa; + + /* verify encodings */ + /* reconstruct keys from encoding */ + { + int len; + ICC_EVP_PKEY* npa = NULL; /* For decoded key */ + const unsigned char* pp = NULL; + + /* public */ + pp = p_pkc->der.data; + len = (int)p_pkc->der.len; + if (encdec & pkcs1) { + /* reconstruct key from encoding */ + npa = ICC_d2i_PUBKEY(ctx, &npa, &pp, len); + } + else { + /* Reconstruct public key from encoding and type */ + npa = ICC_d2i_PublicKey(ctx, p_pkc->nid, &npa, &pp, len); + } + if (!npa) { + return 1; /* Failed to reconstruct public key */ + } + + if (1 != ICC_EVP_PKEY_cmp(ctx, pa, npa)) { /*compare pubkey and decoded key */ + printf("warning - public key encode/decode missmatch\n"); + /* return 20; */ + } + ICC_EVP_PKEY_free(ctx, npa); + npa = NULL; + + /* private */ + pp = p_skc->der.data; + len = (int)p_skc->der.len; + if (encdec & pkcs8) { + ICC_PKCS8_PRIV_KEY_INFO* p8 = NULL; + p8 = ICC_d2i_PKCS8_PRIV_KEY_INFO(ctx, NULL, &pp, len); + if (!p8) { + return 11; + } + npa = ICC_EVP_PKCS82PKEY(ctx, p8); + ICC_PKCS8_PRIV_KEY_INFO_free(ctx, p8); + if (!npa) { + return 9; + } + } + else if (encdec & raw) { + npa = ICC_d2i_PrivateKey(ctx, p_skc->nid, &npa, &pp, len); + if (!npa) { + return 9; + } + } + + if(npa) { + size_t keylen = ICC_EVP_PKEY_size(ctx, pa); + size_t kl = ICC_EVP_PKEY_size(ctx, npa); + if (keylen == 0 || kl != keylen) { + printf("warning - key size missmatch %d != %d\n", (int)keylen, (int)kl); + return 22; + } + if (1 != ICC_EVP_PKEY_cmp(ctx, pa, npa)) { + printf("warning - private key encode/decode missmatch\n"); + /* return 21; */ + } + } + + ICC_EVP_PKEY_free(ctx, npa); + } + + return 0; +} + +/* Sign a message - return 0 for success, non-zero otherwise */ + +int +SignatureEVP_sign(ICC_CTX* ctx, sbuf* sig, const skbuf* p_skc, const unsigned char* msg, size_t msg_len, enum ed encdec, const char* hash) +{ + int rc; + size_t siglen = 0; + unsigned char* signature; + + ICC_EVP_PKEY* skey = p_skc->key; + if (!skey) { + /* reconstruct key from encoding */ + const unsigned char* pp = p_skc->der.data; + if (encdec & pkcs8) { + ICC_PKCS8_PRIV_KEY_INFO* p8 = NULL; + p8 = ICC_d2i_PKCS8_PRIV_KEY_INFO(ctx, NULL, &pp, (long)p_skc->der.len); + if (!p8) { + return 11; + } + skey = ICC_EVP_PKCS82PKEY(ctx, p8); + ICC_PKCS8_PRIV_KEY_INFO_free(ctx, p8); + } + else { + skey = ICC_d2i_PrivateKey(ctx, p_skc->nid, &skey, &pp, (long)p_skc->der.len); + } + if (!skey) { + return 9; + } + } + + /* + * May need to hash if sign alg is limited in size. + * Note that PQC hash internally so no hashing reqired. + */ + if (!hash) { + ICC_EVP_PKEY_CTX* skc = p_skc->ctx; /* Private key context */ + + if (!skc) { + /* create context from key */ + skc = ICC_EVP_PKEY_CTX_new(ctx, skey, NULL); + if (!skc) { + return 10; /* no context */ + } + } + + rc = ICC_EVP_PKEY_sign_init(ctx, skc); + if (rc != ICC_OSSL_SUCCESS) { + return 1; /* Sign initialization failed */ + } + + rc = ICC_EVP_PKEY_sign(ctx, skc, NULL, &siglen, msg, msg_len); + if (rc != ICC_OSSL_SUCCESS) { + return 2; /* Failed to get signature length */ + } + + signature = malloc(siglen); + if (!signature) { + return 3; /* Memory allocation failed */ + } + + rc = ICC_EVP_PKEY_sign(ctx, skc, signature, &siglen, msg, msg_len); + if (rc != ICC_OSSL_SUCCESS) { + free(signature); + return 4; /* Signing failed */ + } + + if (!p_skc->ctx) { + /* free temp ctx */ + ICC_EVP_PKEY_CTX_free(ctx, skc); + } + } + else { + /* need to hash / sign */ + unsigned int slen; + ICC_EVP_MD_CTX* md = NULL; + md = ICC_EVP_MD_CTX_new(ctx); + ICC_EVP_MD_CTX_init(ctx, md); + { + const ICC_EVP_MD* mdt = NULL; /* does not need to be freed */ + mdt = ICC_EVP_get_digestbyname(ctx, hash); + rc = ICC_EVP_SignInit(ctx, md, mdt); + if (rc != ICC_OSSL_SUCCESS) { + return 5; + } + } + rc = ICC_EVP_SignUpdate(ctx, md, msg, (unsigned int)msg_len); + if (rc != ICC_OSSL_SUCCESS) { + return 6; + } + + rc = ICC_EVP_SignFinal(ctx, md, NULL, &slen, skey); + if (rc != ICC_OSSL_SUCCESS) { + if (!p_skc->key) { + /* clean up temporary */ + ICC_EVP_PKEY_free(ctx, skey); + } + return 7; + } + signature = malloc(slen); + if (!signature) { + if (!p_skc->key) { + /* clean up temporary */ + ICC_EVP_PKEY_free(ctx, skey); + } + return 3; /* Memory allocation failed */ + } + rc = ICC_EVP_SignFinal(ctx, md, signature, &slen, skey); + if (rc != ICC_OSSL_SUCCESS) { + free(signature); + if (!p_skc->key) { + /* clean up temporary */ + ICC_EVP_PKEY_free(ctx, skey); + } + return 4; /* Signing failed */ + } + siglen = slen; + + ICC_EVP_MD_CTX_free(ctx, md); + } + + sig->data = signature; + sig->len = siglen; + + if (!p_skc->key) { + /* clean up temporary */ + ICC_EVP_PKEY_free(ctx, skey); + } + + return 0; /* Success */ +} + +/* Verify a signature - return 0 for success, non-zero for failure */ +int +SignatureEVP_verify(ICC_CTX* ctx, const pkbuf* p_pkc, const unsigned char* msg, size_t msg_len, const sbuf* sig, enum ed encdec, const char* hash) +{ + int rc = -1; + ICC_EVP_PKEY* pa = NULL; + ICC_EVP_PKEY_CTX* evp_pk = NULL; + + /* public key */ + { + const unsigned char* pp = p_pkc->der.data; + long len = (long)p_pkc->der.len; + + if (encdec & pkcs1) { + /* reconstruct key from encoding */ + pa = ICC_d2i_PUBKEY(ctx, &pa, &pp, (long)len); + } + else { + /* Reconstruct public key from encoding and type */ + pa = ICC_d2i_PublicKey(ctx, p_pkc->nid, &pa, &pp, len); + } + if (!pa) { + return 1; /* Failed to reconstruct public key */ + } + } + + /* EVP context */ + evp_pk = ICC_EVP_PKEY_CTX_new(ctx, pa, NULL); + if (!evp_pk) { + /* try new API */ + evp_pk = ICC_EVP_PKEY_CTX_new_from_pkey(ctx, NULL, pa, NULL); + if (!evp_pk) { + ICC_EVP_PKEY_free(ctx, pa); + return 2; /* Failed to create public key context */ + } + } + + if (!hash) { + rc = ICC_EVP_PKEY_verify_init(ctx, evp_pk); + if (rc != ICC_OSSL_SUCCESS) { + ICC_EVP_PKEY_free(ctx, pa); + ICC_EVP_PKEY_CTX_free(ctx, evp_pk); + return 3; /* Verification initialization failed */ + } + + rc = ICC_EVP_PKEY_verify(ctx, evp_pk, sig->data, sig->len, msg, msg_len); + } + else { + /* need to hash / verify */ + + ICC_EVP_MD_CTX* md = NULL; + md = ICC_EVP_MD_CTX_new(ctx); + ICC_EVP_MD_CTX_init(ctx, md); + { + const ICC_EVP_MD* mdt = NULL; /* does not need to be freed */ + mdt = ICC_EVP_get_digestbyname(ctx, hash); + rc = ICC_EVP_VerifyInit(ctx, md, mdt); + if (rc != ICC_OSSL_SUCCESS) { + ICC_EVP_MD_CTX_free(ctx, md); + ICC_EVP_PKEY_free(ctx, pa); + ICC_EVP_PKEY_CTX_free(ctx, evp_pk); + return 5; + } + } + rc = ICC_EVP_VerifyUpdate(ctx, md, msg, (unsigned int)msg_len); + if (rc != ICC_OSSL_SUCCESS) { + ICC_EVP_MD_CTX_free(ctx, md); + ICC_EVP_PKEY_free(ctx, pa); + ICC_EVP_PKEY_CTX_free(ctx, evp_pk); + return 6; + } + + rc = ICC_EVP_VerifyFinal(ctx, md, sig->data, (unsigned int)sig->len, pa); + ICC_EVP_MD_CTX_free(ctx, md); + } + + /* clean up */ + ICC_EVP_PKEY_free(ctx, pa); + ICC_EVP_PKEY_CTX_free(ctx, evp_pk); + + /* final status check of the verification call */ + if (rc < 0) { + return 4; /* Verification error */ + } + if (rc == 0) { + return 5; /* Verification failed */ + } + + return 0; /* Verification succeeded */ +} + +/* Signature test function - generates keys, signs a message, and verifies the signature */ +int +PQC_sign_test(ICC_CTX* ctx, const char* algname, const char* hash, size_t msg_len, int verbose, int encdec) +{ + FILE* fp_rsp = stdout; + int ret_val; + + pkbuf pk = { 0 }; /* public key */ + skbuf sk = { 0 }; /* private/secret key */ + + if (verbose) { + printf("Algorithm : %s\n", algname); + printf("Hash : %s\n", hash? hash:"NULL"); + printf("Data length : %u\n", (unsigned)msg_len); + } + + { + /* Generate the public/private keypair */ + if (verbose) { + printf("keygen\t"); + } + if ((ret_val = SignatureEVP_gen(ctx, algname, &pk, &sk, encdec)) != 0) { + printf("Error: SignatureEVP_gen(ctx, %s, &pk, &sk, %d) returned <%d>\n", algname, encdec, ret_val); + return 1; + } + if (verbose) { + fprintBstr(fp_rsp, "pk = ", pk.der.data, pk.der.len); + if (encdec & (raw | pkcs8)) { + fprintBstr(fp_rsp, "sk = ", sk.der.data, sk.der.len); + } + } + } + + { + int keylen = 0; + keylen = ICC_EVP_PKEY_size(ctx, sk.key); + if (verbose) { + fprintf(fp_rsp, "key size = %d", keylen); + } + } + + /* get rid of gen context */ + if (sk.ctx) { + ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); + sk.ctx = NULL; + } + + if (encdec & (raw|pkcs8)) { + /* delete ICC key and context so we use private encoding */ + if (sk.key) { + ICC_EVP_PKEY_free(ctx, sk.key); + sk.key = NULL; + } + } + + { + sbuf signature; + unsigned char* message = malloc(msg_len); + if (message) { + count_up(message, msg_len); + } + + if (verbose) { + printf("sign\t"); + } + if ((ret_val = SignatureEVP_sign(ctx, &signature, &sk, message, msg_len, encdec, hash)) != 0) { + printf("SignatureEVP_sign returned <%d>\n", ret_val); + return 2; + } + if (verbose) { + fprintBstr(fp_rsp, "signature = ", signature.data, signature.len); + } + + fprintf(fp_rsp, "\n"); + if (verbose) { + printf("verify\t"); + } + { + ret_val = SignatureEVP_verify(ctx, &pk, message, msg_len, &signature, encdec, hash); + if (ret_val != 0) { + printf("SignatureEVP_verify failed with code <%d>\n", ret_val); + return 3; + } + else { + if (verbose) + printf("Signature verification succeeded.\n"); + } + } + if (signature.data) { + free(signature.data); + signature.data = NULL; + } + free(message); + } + + /* Clean up allocated resources */ + if (pk.der.data) { + free(pk.der.data); + pk.der.data = NULL; + } + if (sk.ctx) { + ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); + sk.ctx = NULL; + } + if (sk.key) { + ICC_EVP_PKEY_free(ctx, sk.key); + sk.key = NULL; + } + if (sk.der.data) { + free(sk.der.data); + sk.der.data = NULL; + } + + return 0; +} + +double PQC_speed_test_keygen(ICC_CTX *ctx, const char *algname, int num_iters, enum ed encdec) +{ + int i, ret_val; + clock_t start, end; + + start = clock(); + for (i = 0; i < num_iters; i++) + { + pkbuf pk = {0}; + skbuf sk = {0}; + ret_val = SignatureEVP_gen(ctx, algname, &pk, &sk, encdec); + if (ret_val != 0) + { + printf("SignatureEVP_gen failed at iteration %d with code %d\n", i, ret_val); + return 1; + } + /* Clean up allocated resources */ + if (pk.der.data) + free(pk.der.data); + if (sk.ctx) + ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); + if (sk.key) + ICC_EVP_PKEY_free(ctx, sk.key); + if (sk.der.data) + free(sk.der.data); + } + end = clock(); + + return (double)(end - start) / CLOCKS_PER_SEC / num_iters; +} + +double PQC_speed_test_sign(ICC_CTX *ctx, const char *algname, const char *hash, size_t msg_len, int num_iters, enum ed encdec) +{ + int i, ret_val; + clock_t start, end; + pkbuf pk = {0}; + skbuf sk = {0}; + sbuf signature = {0}; + unsigned char *message = malloc(msg_len); + if (!message) + return 1; + count_up(message, msg_len); + + ret_val = SignatureEVP_gen(ctx, algname, &pk, &sk, encdec); + if (ret_val != 0) + { + printf("SignatureEVP_gen failed at iteration %d with code %d\n", i, ret_val); + return 1; + } + /* get rid of gen context */ + if (sk.ctx) + { + ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); + sk.ctx = NULL; + } + if (encdec & (raw | pkcs8)) + { + /* delete ICC key and context so we use private encoding */ + if (sk.key) + { + ICC_EVP_PKEY_free(ctx, sk.key); + sk.key = NULL; + } + } + + start = clock(); + for (i = 0; i < num_iters; i++) + { + if (signature.data) + free(signature.data); + ret_val = SignatureEVP_sign(ctx, &signature, &sk, message, msg_len, encdec, hash); + if (ret_val != 0) + { + printf("SignatureEVP_sign failed at iteration %d with code %d\n", i, ret_val); + return 1; + } + } + end = clock(); + /* Clean up allocated resources */ + if (signature.data) + free(signature.data); + if (message) + free(message); + if (pk.der.data) + free(pk.der.data); + if (sk.der.data) + free(sk.der.data); + + return (double)(end - start) / CLOCKS_PER_SEC / num_iters; +} + +double PQC_speed_test_verify(ICC_CTX *ctx, const char *algname, const char *hash, size_t msg_len, int num_iters, enum ed encdec) +{ + int i, ret_val; + clock_t start, end; + pkbuf pk = {0}; + skbuf sk = {0}; + sbuf signature = {0}; + unsigned char *message = malloc(msg_len); + if (!message) + return 1; + count_up(message, msg_len); + + ret_val = SignatureEVP_gen(ctx, algname, &pk, &sk, encdec); + if (ret_val != 0) + return 1; + + ret_val = SignatureEVP_sign(ctx, &signature, &sk, message, msg_len, encdec, hash); + if (ret_val != 0) + return 1; + + start = clock(); + for (i = 0; i < num_iters; i++) + { + ret_val = SignatureEVP_verify(ctx, &pk, message, msg_len, &signature, encdec, hash); + if (ret_val != 0) + { + printf("SignatureEVP_verify failed at iteration %d with code %d\n", i, ret_val); + return 1; + } + } + end = clock(); + /* Clean up allocated resources */ + free(signature.data); + free(message); + if (pk.der.data) + free(pk.der.data); + if (sk.ctx) + ICC_EVP_PKEY_CTX_free(ctx, sk.ctx); + if (sk.key) + ICC_EVP_PKEY_free(ctx, sk.key); + if (sk.der.data) + free(sk.der.data); + + return (double)(end - start) / CLOCKS_PER_SEC / num_iters; +} + +void print_speed_results(double keygen_t, double sign_t, double verify_t, int iters) +{ + printf("\n=== Timing results over %d iterations ===\n", iters); + printf("Average keygen: %.6f sec\n", keygen_t); + printf("Average sign : %.6f sec\n", sign_t); + printf("Average verify: %.6f sec\n", verify_t); + printf("========================================\n"); +} + +static +char* algs[] = +{ + "rsaEncryption", + "ML_DSA_44", /* "Dilithium_512",*/ + "ML_DSA_65", /* "Dilithium_768",*/ + "ML_DSA_87", /* "Dilithium_1024",*/ + "SLH_DSA_SHAKE_128s", /* sphincs */ + /* + "SLH_DSA_SHAKE_192s", + "SLH_DSA_SHAKE_256s", + */ + NULL +}; + +/* Map command line arguments to signature algorithm names */ +static +const char* to_SIGNATURE_ALGNAME(int k) +{ + /* k is 1 based so adjust for 0 based index */ + if (k > sizeof(algs) / sizeof(algs[0])) + return NULL; + return algs[k-1]; +} + +static +void fcb(const char* a, int b, int c) +{ + printf("fcb:%s, %d, %d\n", a, b, c); +} + +static +void tcb(const char* val1, const char* val2) +{ + printf("Tcb:%s, %s \n", val1, val2); +} + +static +int OpenSSLError(ICC_CTX* ctx) +{ + unsigned long retcode = -1; + unsigned max = 5; + /* may be more than one error recorded so print them all */ + while (retcode) { + retcode = ICC_ERR_get_error(ctx); + if (retcode) { + static char buf[4096]; + ICC_ERR_error_string(ctx, retcode, buf); + printf("OpenSSL error %d [%s]\n", retcode, buf); + } + /* infinite loop breaker */ + if (max == 0) break; + max--; + } + return retcode; +} + +/* Main function to parse arguments and execute signature tests */ +int main(int argc, const char *argv[]) +{ + const char* algname = NULL; + const char* hash = NULL; /*eg, "SHA256"*/ + const char* iccPath = NULL; + bool isFips = false, wantFips = false, verbose = false ; + bool wantTraceCB = false; /* Trace callback */ + bool wantFipsCB = false; /* FIPS callback */ + size_t dataSize = 100; + enum ed encdec = none; + int rv = 0; + bool speed_test = false; + int iterations = 100; /* default iterations for speed test */ + + /* Parse command-line arguments */ + if(argc > 1) { + const char* arg; + int i; + for( i = 1; i < argc; i++) { + arg = argv[i]; + if (NULL != strstr(arg, "-?")) { + int j; + printf("Usage: sigtest [-v] [-fips] [-fcb] [-tcb] [-alg ] [-h ] [-l ] [-ed ] []\n"); + printf(" -fips Request FIPS mode ICC\n"); + printf(" -fcb Install a FIPS callback routine (prints message 'fcb:...')\n"); + printf(" -tcb Install a TRACE callback routine (prints message 'tcb:...')\n"); + printf(" -alg Refer following table...\n"); + for ( j = 1; to_SIGNATURE_ALGNAME(j); j++) { + printf(" %d %s\n", j, to_SIGNATURE_ALGNAME(j)); + } + printf(" -hash OpenSSL/ICC hash function (e.g. SHA256)\n"); + printf(" -ed Key Encoding\n"); + return 0; + } + else if (NULL != strstr(arg, "-fips")) { + wantFips = true; + } + else if (NULL != strstr(arg, "-fcb")) { + wantFipsCB = true; + wantFips = true; + } + else if (NULL != strstr(arg, "-tcb")) { + wantTraceCB = true; + } + else if (NULL != strstr(arg, "-h")) { + i++; + hash = argv[i]; + } + else if (NULL != strstr(arg, "-l")) { + i++; + dataSize = atoi(argv[i]); + } + else if (NULL != strstr(arg, "-p")) { + i++; + iccPath = argv[i]; + } + else if (NULL != strstr(arg, "-v")) { + verbose = true; + } + else if (NULL != strstr(arg, "-ed")) { + i++; + arg = argv[i]; + if (!strcmp(arg, "none")) + encdec = none; + else if (!strcmp(arg, "raw")) + encdec = raw; + else if (!strcmp(arg, "pkcs1")) + encdec = pkcs1; + else if (!strcmp(arg, "pkcs8")) + encdec = pkcs8; + else if (!strcmp(arg, "pkcs")) + encdec = pkcs1 | pkcs8; + else { + printf("%s: bad encoding, try -? to get help\n", arg); + return -1; + } + } + else if (NULL != strstr(arg, "-alg")) { + i++; + algname = argv[i]; + } + else if (NULL != strstr(arg, "-speed")) + { + speed_test = true; + } + else if (NULL != strstr(arg, "-iterations")) + { + i++; + if (i < argc) + iterations = atoi(argv[i]); + else + { + printf("Missing value after -iterations\n"); + return -1; + } + } + else if (*arg == '-') { + /* another setting - pass it on */ + i++; + } + else { + int k = 0; + k = (int)atoi(arg); + algname = to_SIGNATURE_ALGNAME(k); + if (k == 0 || !algname) { + printf("%s: bad argument, try -? to get help\n", arg); + return -1; + } + } + } + } + + { + ICC_STATUS status; + ICC_CTX* icc_ctx = NULL; + + /* Initialize ICC context */ + icc_ctx = ICC_Init(&status, iccPath); + if (NULL == icc_ctx) { + printf("ICC not initialized, exiting\n"); + if (iccPath) + printf("icc path was: %s\n", iccPath); + exit(1); + } + + /* + * Set FIPS only work before the attach + */ + if (wantFips) { + isFips = true; + ICC_SetValue(icc_ctx, &status, ICC_FIPS_APPROVED_MODE, wantFips ? "on" : "off"); + if (ICC_OK != status.majRC) + { + printf("ICC_SetValue(ICC_FIPS_APPROVED_MODE) failed %d\n", rv); + isFips = false; + } + } + printf("FIPS %s.\n", isFips ? "on" : "off"); + + /* Attach to ICC */ + if (ICC_ERROR == ICC_Attach(icc_ctx, &status)) { + printf("ICC_Attach() failed, exiting\n"); + ICC_Cleanup(icc_ctx, &status); + exit(1); + } + + /* check and report the ICC version we found */ + { + char iccversion[ICC_VALUESIZE+1]; + if (ICC_ERROR == ICC_GetValue(icc_ctx, &status, ICC_VERSION, (void*)iccversion, ICC_VALUESIZE)) { + printf("ICC_GetValue() failed, exiting\n"); + ICC_Cleanup(icc_ctx, &status); + exit(1); + } + iccversion[ICC_VALUESIZE] = '\0'; + printf("ICC_Version: %s\n", iccversion); + if (strstr(iccversion, "8.6") != NULL) { + printf("sigtest: %s\n", "ICC 8.6 not supported"); + exit(1); + } + } + + /* + * Callbacks only work after the attach + * Also, FIPS callback only works in FIPS mode + */ + if (wantFipsCB) { + typedef void (*CALLBACK_T)(const char*, int, int); + CALLBACK_T x = fcb; + + rv = ICC_SetValue(icc_ctx, &status, ICC_FIPS_CALLBACK, &x); + if (ICC_OK != status.majRC && isFips) + { + printf("ICC_SetValue(ICC_FIPS_CALLBACK) failed %d\n", rv); + isFips = false; + } + } + + if (wantTraceCB) { + typedef void (*TRACE_CALLBACK_T)(const char*, const char*); + TRACE_CALLBACK_T x = tcb; + + rv = ICC_SetValue(icc_ctx, &status, ICC_TRACE_CALLBACK, &x); + if (ICC_OK != status.majRC) + { + printf("ICC_SetValue(ICC_TRACE_CALLBACK) failed %d\n", rv); + } + ICC_GetValue(icc_ctx, &status, ICC_TRACE_CALLBACK, &x, sizeof(TRACE_CALLBACK_T)); + } + +#if 0 + /* ICC has no DRGB so we can't do KAT on ICC */ + { + unsigned char entropy_input[48]; + count_up(entropy_input, sizeof(entropy_input)); + randombytes_init(entropy_input, NULL, 256); + } +#endif + + if (!algname) { + /* default */ + algname = to_SIGNATURE_ALGNAME(3); /* Dilithium 768 */ + printf("algname = %s\n", algname?algname:"NULL"); + } + /* Execute the signature test or speed test if the flag is set */ + if (speed_test) + { + double t_k = PQC_speed_test_keygen(icc_ctx, algname, iterations, encdec); + double t_s = PQC_speed_test_sign(icc_ctx, algname, hash, dataSize, iterations, encdec); + double t_v = PQC_speed_test_verify(icc_ctx, algname, hash, dataSize, iterations, encdec); + print_speed_results(t_k, t_s, t_v, iterations); + } + else + { + rv = PQC_sign_test(icc_ctx, algname, hash, dataSize, verbose, encdec); + } + if (rv) { + OpenSSLError(icc_ctx); + printf("%s: Error %d, try -? to get help\n", algname, rv); + } + + /* Clean up ICC context */ + ICC_Cleanup(icc_ctx, &status); + } + + return rv; +} \ No newline at end of file diff --git a/libArgon.tar.gz b/libArgon.tar.gz new file mode 100644 index 0000000..354958e Binary files /dev/null and b/libArgon.tar.gz differ diff --git a/libdks.tar.gz b/libdks.tar.gz new file mode 100644 index 0000000..6f08f29 Binary files /dev/null and b/libdks.tar.gz differ diff --git a/libdks_icc/defs.mk b/libdks_icc/defs.mk new file mode 100644 index 0000000..eb1e88f --- /dev/null +++ b/libdks_icc/defs.mk @@ -0,0 +1,150 @@ +# set defaults to be LINUX where OS=, undefined or some unknown value, use WIN defaults if "WIN" is found in OS + +# From Makefile: +# LINUX_CFLAGS += -Wall -Wextra -Wpedantic -Wmissing-prototypes -Wredundant-decls \ + -Wshadow -Wpointer-arith -O3 -fomit-frame-pointer -z noexecstack +# We remove non-essential flags that cause problems on some official build platforms. +# Inherit cflags and nistflags and append/remove flags depending on what we need. +# If there is no $(OS)_CFLAGS i.e AMD64_LINUX_CFLAGS set it to the $(OSLIKE)_CFLAGS) base. Then CFLAGS is set to our OS specfici (AMD64 etc) version. +# Note LINUX_CFLAGS is used for OSLIKE and then OS for ia32. + +# main ICC makefiles use OPSYS, PQC uses OS so make sure both are set +ifeq ($(OPSYS),) +OPSYS=$(OS) +endif + +OSLIKE=LINUX +ifeq ($(findstring WIN, $(OS)),WIN) +OSLIKE=WIN +endif + +include $(ICC_ROOT)/icc/opensslver.mk +include $(ICC_ROOT)/icc/icc_defs.mk +include $(ICC_ROOT)/icc/platforms.mk + +# installed SDKs are outside of icc dir +SDK_PATH=../../../.. +#OPENSSL_SDK_PATH=$(SDK_PATH)/openssl +# use the one we build for this platform +OPENSSL_SDK_PATH=../../../openssl-1.1.1 + +LINUX_CFLAGS += -fPIC +LINUX_NISTFLAGS += -fPIC + +ifeq ($(CONFIG), debug) +LINUX_CFLAGS += -g +LINUX_NISTFLAGS += -g +endif + +# Expliticly set for if platform specific flag modifications are needed +# linux64 needs c99 for nistkat/*.c on phelix +AMD64_LINUX_CFLAGS := -std=gnu99 $(filter-out -Wpedantic -Wvla -m32,$(LINUX_CFLAGS)) +LINUX_CFLAGS := -std=gnu99 -m32 $(filter-out -Wpedantic -Wvla -Wno-unused-result -m32,$(LINUX_CFLAGS)) +PPC64_LINUX_CFLAGS := -m64 $(filter-out -Wpedantic -Wvla -z noexecstack -m32,$(LINUX_CFLAGS)) +S390X_LINUX_CFLAGS := -std=c99 $(filter-out -Wpedantic -Wvla -m32,$(LINUX_CFLAGS)) +AIX64_CFLAGS := -q64 -qmaxmem=16384 -qtbtable=full -qthreaded $(filter-out -fPIC -Wall -Wextra -Wpedantic -Wmissing-prototypes -Wredundant-decls -Wshadow -Wpointer-arith -Wvla -Wconversion -fomit-frame-pointer -z noexecstack -m32,$(LINUX_CFLAGS)) + +AMD64_LINUX_NISTFLAGS := $(AMD64_LINUX_CFLAGS) +LINUX_NISTFLAGS := $(LINUX_CFLAGS) +PPC64_LINUX_NISTFLAGS := $(PPC64_LINUX_CFLAGS) +S390X_LINUX_NISTFLAGS := $(S390X_LINUX_CFLAGS) +AIX64_NISTFLAGS := $(AIX64_CFLAGS) + +# win-like defaults +WIN_CFLAGS=-GS -Zi +WIN_debug_CFLAGS=-MDd +WIN_release_CFLAGS=-MD +WIN_CFLAGS+=$(WIN_$(CONFIG)_CFLAGS) + +WIN_NISTFLAGS=$(WIN_CFLAGS) + +ifeq ($(strip $($(OS)_CFLAGS)),) +$(OS)_CFLAGS:=$($(OSLIKE)_CFLAGS) +endif +CFLAGS=$($(OS)_CFLAGS) -I $(OPENSSL_SDK_PATH)/include + +ifeq ($(strip $($(OS)_NISTFLAGS)),) +$(OS)_NISTFLAGS=$($(OSLIKE)_NISTFLAGS) +endif +NISTFLAGS=$($(OS)_NISTFLAGS) -I $(OPENSSL_SDK_PATH)/include + +WIN_OUT=-Fe: +LINUX_OUT=-o +AMD64_LINUX_OUT=$(LINUX_OUT) +ifeq ($(strip $($(OS)_OUT)),) +$(OS)_OUT=$($(OSLIKE)_OUT) +endif +OUT=$($(OS)_OUT) + +LINUX_OBJ_EXT=.o +WIN_OBJ_EXT=.obj +ifeq ($(strip $($(OS)_OBJ_EXT)),) +$(OS)_OBJ_EXT=$($(OSLIKE)_OBJ_EXT) +endif +OBJ_EXT=$($(OS)_OBJ_EXT) + +LINUX_SO_EXT=.so +WIN_SO_EXT=.dll +ifeq ($(strip $($(OS)_SO_EXT)),) +$(OS)_SO_EXT=$($(OSLIKE)_SO_EXT) +endif +SO_EXT=$($(OS)_SO_EXT) + +WIN_STLPRFX= +LINUX_STLPRFX=lib +ifeq ($(strip $($(OS)_STLPRFX)),) +$(OS)_STLPRFX=$($(OSLIKE)_STLPRFX) +endif +STLPRFX=$($(OS)_STLPRFX) + +WIN_STLSUFX=.lib +LINUX_STLSUFX=.a +ifeq ($(strip $($(OS)_STLSUFX)),) +$(OS)_STLSUFX=$($(OSLIKE)_STLSUFX) +endif +STLSUFX=$($(OS)_STLSUFX) + +LINUX_SO_FLAGS=-shared -fPIC +WIN_SO_FLAGS=-dll +ifeq ($(strip $($(OS)_SO_FLAGS)),) +$(OS)_SO_FLAGS=$($(OSLIKE)_SO_FLAGS) +endif +SO_FLAGS=$($(OS)_SO_FLAGS) + +WIN_LIBS=Advapi32.lib $(OPENSSL_SDK_PATH)/libcrypto.lib +LINUX_LIBS=-L $(OPENSSL_SDK_PATH) -lcrypto +ifeq ($(strip $($(OS)_LIBS)),) +$(OS)_LIBS=$($(OSLIKE)_LIBS) +endif +LIBS=$($(OS)_LIBS) + +WIN_LDFLAGS=-link +ifeq ($(OS),LINUX) +else +ifeq ($(strip $($(OS)_LDFLAGS)),) +$(OS)_LDFLAGS=$($(OSLIKE)_LDFLAGS) +endif +endif +LDFLAGS=$($(OS)_LDFLAGS) + +LINUX_AR=ar +WIN_AR=link +ifeq ($(strip $($(OS)_AR)),) +$(OS)_AR=$($(OSLIKE)_AR) +endif +AR=$($(OS)_AR) + +LINUX_ARFLAGS=rcs $@ +WIN_ARFLAGS=-lib -nologo -out:$@ +ifeq ($(strip $($(OS)_ARFLAGS)),) +$(OS)_ARFLAGS=$($(OSLIKE)_ARFLAGS) +endif +ARFLAGS=$($(OS)_ARFLAGS) + +show_config: + echo "Set in defs.mk or ref/Makefile" + echo "=========== Config ================" + echo "CFLAGS = " "$(CFLAGS)" + echo "LINUX_CFLAGS = " "$(LINUX_CFLAGS)" + echo "OS = " "$(OS)" + echo "OSLIKE = " "$(OSLIKE)" diff --git a/libdks_icc/dilithium/ref/Makefile b/libdks_icc/dilithium/ref/Makefile new file mode 100644 index 0000000..84d6898 --- /dev/null +++ b/libdks_icc/dilithium/ref/Makefile @@ -0,0 +1,182 @@ +CC ?= /usr/bin/cc +LINUX_CFLAGS += -Wall -Wextra -Wpedantic -Wmissing-prototypes -Wredundant-decls \ + -Wshadow -Wvla -Wpointer-arith -O3 -fomit-frame-pointer +LINUX_NISTFLAGS += -Wno-unused-result -O3 -fomit-frame-pointer +RM = rm + +SOURCES = sign.c packing.c polyvec.c poly.c ntt.c reduce.c rounding.c +HEADERS = config.h params.h api.h sign.h packing.h polyvec.h poly.h ntt.h \ + reduce.h rounding.h symmetric.h randombytes.h +KECCAK_SOURCES = $(SOURCES) fips202.c symmetric-shake.c +KECCAK_SOURCES_2 = $(addprefix 2-,$(KECCAK_SOURCES)) +KECCAK_SOURCES_3 = $(addprefix 3-,$(KECCAK_SOURCES)) +KECCAK_SOURCES_5 = $(addprefix 5-,$(KECCAK_SOURCES)) +KECCAK_HEADERS = $(HEADERS) fips202.h + +TESTS = nistkat/PQCgenKAT_sign2$(EXESUFX) + +.PHONY: default all nistkat static speed shared clean + +default: all + +ICC_ROOT=../../.. +include ../../defs.mk + +all: \ + test/test_dilithium2$(EXESUFX) \ + test/test_dilithium3$(EXESUFX) \ + test/test_dilithium5$(EXESUFX) \ + test/test_vectors2$(EXESUFX) \ + test/test_vectors3$(EXESUFX) \ + test/test_vectors5$(EXESUFX) + +nistkat: \ + nistkat/PQCgenKAT_sign2$(EXESUFX) \ + nistkat/PQCgenKAT_sign3$(EXESUFX) \ + nistkat/PQCgenKAT_sign5$(EXESUFX) + +speed: \ + test/test_mul$(EXESUFX) \ + test/test_speed2$(EXESUFX) \ + test/test_speed3$(EXESUFX) \ + test/test_speed5$(EXESUFX) + +static: \ + libpqcrystals_dilithium2_ref$(STLSUFX) \ + libpqcrystals_dilithium3_ref$(STLSUFX) \ + libpqcrystals_dilithium5_ref$(STLSUFX) \ + libpqcrystals_fips202_ref$(STLSUFX) \ + +shared: \ + libpqcrystals_dilithium2_ref$(SO_EXT) \ + libpqcrystals_dilithium3_ref$(SO_EXT) \ + libpqcrystals_dilithium5_ref$(SO_EXT) \ + libpqcrystals_fips202_ref$(SO_EXT) \ + +tests: $(TESTS) + $(OPENSSL_PATH_SETUP) nistkat/PQCgenKAT_sign2$(EXESUFX) + +Makefile: ../../defs.mk + touch $@ + +libpqcrystals_fips202_ref$(STLSUFX): fips202.c fips202.h Makefile + $(CC) $(CFLAGS) -c $< + $(AR) $(ARFLAGS) fips202$(OBJ_EXT) + +libpqcrystals_fips202_ref$(SO_EXT): fips202.c fips202.h Makefile + $(CC) $(SO_FLAGS) $(CFLAGS) -o $@ $< + +libpqcrystals_dilithium2_ref$(STLSUFX): $(KECCAK_SOURCES_2) $(KECCAK_HEADERS) Makefile + $(CC) $(CFLAGS) -DDILITHIUM_MODE=2 -c $(KECCAK_SOURCES_2) + $(AR) $(ARFLAGS) $(subst .c,$(OBJ_EXT), $(KECCAK_SOURCES_2)) + +libpqcrystals_dilithium2_ref$(SO_EXT): libpqcrystals_dilithium2_ref$(STLSUFX) + $(CC) $(SO_FLAGS) $(CFLAGS) -DDILITHIUM_MODE=2 -o $@ libpqcrystals_dilithium2_ref$(STLSUFX) + +libpqcrystals_dilithium3_ref$(STLSUFX): $(KECCAK_SOURCES_3) $(KECCAK_HEADERS) Makefile + $(CC) $(CFLAGS) -DDILITHIUM_MODE=3 -c $(KECCAK_SOURCES_3) + $(AR) $(ARFLAGS) $(subst .c,$(OBJ_EXT), $(KECCAK_SOURCES_3)) + +libpqcrystals_dilithium3_ref$(SO_EXT): libpqcrystals_dilithium3_ref$(STLSUFX) + $(CC) $(SO_FLAGS) $(CFLAGS) -DDILITHIUM_MODE=3 -o $@ libpqcrystals_dilithium3_ref$(STLSUFX) + +libpqcrystals_dilithium5_ref$(STLSUFX): $(KECCAK_SOURCES_5) $(KECCAK_HEADERS) Makefile + $(CC) $(CFLAGS) -DDILITHIUM_MODE=5 -c $(KECCAK_SOURCES_5) + $(AR) $(ARFLAGS) $(subst .c,$(OBJ_EXT), $(KECCAK_SOURCES_5)) + +libpqcrystals_dilithium5_ref$(SO_EXT): libpqcrystals_dilithium5_ref$(STLSUFX) + $(CC) $(SO_FLAGS) $(CFLAGS) -DDILITHIUM_MODE=5 -o $@ libpqcrystals_dilithium5_ref$(STLSUFX) + +test/test_dilithium2$(EXESUFX): test/test_dilithium.c randombytes.c $(KECCAK_SOURCES) \ + $(KECCAK_HEADERS) + $(CC) $(CFLAGS) -DDILITHIUM_MODE=2 \ + -o $@ $< randombytes.c $(KECCAK_SOURCES) + +test/test_dilithium3$(EXESUFX): test/test_dilithium.c randombytes.c $(KECCAK_SOURCES) \ + $(KECCAK_HEADERS) + $(CC) $(CFLAGS) -DDILITHIUM_MODE=3 \ + -o $@ $< randombytes.c $(KECCAK_SOURCES) + +test/test_dilithium5$(EXESUFX): test/test_dilithium.c randombytes.c $(KECCAK_SOURCES) \ + $(KECCAK_HEADERS) + $(CC) $(CFLAGS) -DDILITHIUM_MODE=5 \ + -o $@ $< randombytes.c $(KECCAK_SOURCES) + +test/test_vectors2$(EXESUFX): test/test_vectors.c $(KECCAK_SOURCES) \ + $(KECCAK_HEADERS) + $(CC) $(CFLAGS) -DDILITHIUM_MODE=2 \ + -o $@ $< $(KECCAK_SOURCES) + +test/test_vectors3$(EXESUFX): test/test_vectors.c $(KECCAK_SOURCES) $(KECCAK_HEADERS) + $(CC) $(CFLAGS) -DDILITHIUM_MODE=3 \ + -o $@ $< $(KECCAK_SOURCES) + +test/test_vectors5: test/test_vectors.c $(KECCAK_SOURCES) \ + $(KECCAK_HEADERS) + $(CC) $(CFLAGS) -DDILITHIUM_MODE=5 \ + -o $@ $< $(KECCAK_SOURCES) + +test/test_speed2$(EXESUFX): test/test_speed.c test/speed_print.c test/speed_print.h \ + test/cpucycles.c test/cpucycles.h randombytes.c $(KECCAK_SOURCES) \ + $(KECCAK_HEADERS) + $(CC) $(CFLAGS) -DDILITHIUM_MODE=2 \ + -o $@ $< test/speed_print.c test/cpucycles.c randombytes.c \ + $(KECCAK_SOURCES) + +test/test_speed3$(EXESUFX): test/test_speed.c test/speed_print.c test/speed_print.h \ + test/cpucycles.c test/cpucycles.h randombytes.c $(KECCAK_SOURCES) \ + $(KECCAK_HEADERS) + $(CC) $(CFLAGS) -DDILITHIUM_MODE=3 \ + -o $@ $< test/speed_print.c test/cpucycles.c randombytes.c \ + $(KECCAK_SOURCES) + +test/test_speed5$(EXESUFX): test/test_speed.c test/speed_print.c test/speed_print.h \ + test/cpucycles.c test/cpucycles.h randombytes.c $(KECCAK_SOURCES) \ + $(KECCAK_HEADERS) + $(CC) $(CFLAGS) -DDILITHIUM_MODE=5 \ + -o $@ $< test/speed_print.c test/cpucycles.c randombytes.c \ + $(KECCAK_SOURCES) + +test/test_mul$(EXESUFX): test/test_mul.c randombytes.c $(KECCAK_SOURCES) $(KECCAK_HEADERS) + $(CC) $(CFLAGS) -UDBENCH -o $@ $< randombytes.c $(KECCAK_SOURCES) + +nistkat/rng$(OBJ_EXT) : nistkat/rng.c nistkat/rng.h + $(CC) $(CFLAGS) $(OUT)$@ -c $< +nistkat/PQCgenKAT_sign2$(OBJ_EXT) : nistkat/PQCgenKAT_sign.c + $(CC) $(CFLAGS) $(OUT)$@ -DDILITHIUM_MODE=2 -c $< +nistkat/PQCgenKAT_sign3$(OBJ_EXT) : nistkat/PQCgenKAT_sign.c + $(CC) $(CFLAGS) $(OUT)$@ -DDILITHIUM_MODE=3 -c $< +nistkat/PQCgenKAT_sign5$(OBJ_EXT) : nistkat/PQCgenKAT_sign.c + $(CC) $(CFLAGS) $(OUT)$@ -DDILITHIUM_MODE=5 -c $< + +nistkat/PQCgenKAT_sign2$(EXESUFX): nistkat/PQCgenKAT_sign2$(OBJ_EXT) nistkat/rng$(OBJ_EXT) \ + libpqcrystals_dilithium2_ref$(STLSUFX) + $(LD) $(LDFLAGS) $< nistkat/rng$(OBJ_EXT) $(LDFLAGS) libpqcrystals_dilithium2_ref$(STLSUFX) $(LIBS) + +nistkat/PQCgenKAT_sign3$(EXESUFX): nistkat/PQCgenKAT_sign3$(OBJ_EXT) nistkat/rng$(OBJ_EXT) \ + libpqcrystals_dilithium3_ref$(STLSUFX) + $(LD) $(LDFLAGS) $< nistkat/rng$(OBJ_EXT) $(LDFLAGS) libpqcrystals_dilithium3_ref$(STLSUFX) $(LIBS) + +nistkat/PQCgenKAT_sign5$(EXESUFX): nistkat/PQCgenKAT_sign5$(OBJ_EXT) nistkat/rng$(OBJ_EXT) \ + libpqcrystals_dilithium5_ref$(STLSUFX) + $(LD) $(LDFLAGS) $< nistkat/rng$(OBJ_EXT) $(LDFLAGS) libpqcrystals_dilithium5_ref$(STLSUFX) $(LIBS) + +clean: + rm -f *~ test/*~ *.gcno *.gcda *.lcov + rm -f libpqcrystals_dilithium2_ref.so + rm -f libpqcrystals_dilithium3_ref.so + rm -f libpqcrystals_dilithium5_ref.so + rm -f libpqcrystals_fips202_ref.so + rm -f test/test_dilithium2 + rm -f test/test_dilithium3 + rm -f test/test_dilithium5 + rm -f test/test_vectors2 + rm -f test/test_vectors3 + rm -f test/test_vectors5 + rm -f test/test_speed2 + rm -f test/test_speed3 + rm -f test/test_speed5 + rm -f test/test_mul + rm -f nistkat/PQCgenKAT_sign2 + rm -f nistkat/PQCgenKAT_sign3 + rm -f nistkat/PQCgenKAT_sign5 diff --git a/libdks_icc/kyber/ref/Makefile b/libdks_icc/kyber/ref/Makefile new file mode 100644 index 0000000..aaa0717 --- /dev/null +++ b/libdks_icc/kyber/ref/Makefile @@ -0,0 +1,164 @@ +CC ?= /usr/bin/cc +LINUX_CFLAGS += -Wall -Wextra -Wpedantic -Wmissing-prototypes -Wredundant-decls \ + -Wshadow -Wpointer-arith -O3 -fomit-frame-pointer -z noexecstack +LINUX_NISTFLAGS += -Wno-unused-result -O3 -fomit-frame-pointer +RM = rm + +SOURCES = kem.c indcpa.c polyvec.c poly.c ntt.c cbd.c reduce.c verify.c +SOURCES_512 = $(addprefix 512-,$(SOURCES)) +SOURCES_768 = $(addprefix 768-,$(SOURCES)) +SOURCES_1024 = $(addprefix 1024-,$(SOURCES)) +SOURCESKECCAK = fips202.c symmetric-shake.c +SOURCESKECCAK_512 = $(addprefix 512-,$(SOURCESKECCAK)) +SOURCESKECCAK_768 = $(addprefix 768-,$(SOURCESKECCAK)) +SOURCESKECCAK_1024 = $(addprefix 1024-,$(SOURCESKECCAK)) +HEADERS = params.h kem.h indcpa.h polyvec.h poly.h ntt.h cbd.h reduce.c verify.h symmetric.h +HEADERSKECCAK = $(HEADERS) fips202.h + +#OS=LINUX +OS=WIN + +TESTS = nistkat/PQCgenKAT_kem512$(EXESUFX) + +.PHONY: default all speed static shared clean nistkat + +default: all + +ICC_ROOT=../../.. +include ../../defs.mk + +all: static shared test nistkat + +test: \ + test/test_kyber512$(EXESUFX) \ + test/test_kyber768$(EXESUFX) \ + test/test_kyber1024$(EXESUFX) \ + test/test_vectors512$(EXESUFX) \ + test/test_vectors768$(EXESUFX) \ + test/test_vectors1024$(EXESUFX) \ + +speed: \ + test/test_speed512$(EXESUFX) \ + test/test_speed768$(EXESUFX) \ + test/test_speed1024$(EXESUFX) \ + +static: lib \ + lib/libpqcrystals_kyber512_ref$(STLSUFX) \ + lib/libpqcrystals_kyber768_ref$(STLSUFX) \ + lib/libpqcrystals_kyber1024_ref$(STLSUFX) \ + lib/libpqcrystals_fips202_ref$(STLSUFX) \ + +shared: \ + lib/libpqcrystals_kyber512_ref$(SO_EXT) \ + lib/libpqcrystals_kyber768_ref$(SO_EXT) \ + lib/libpqcrystals_kyber1024_ref$(SO_EXT) \ + lib/libpqcrystals_fips202_ref$(SO_EXT) \ + +nistkat: \ + nistkat/PQCgenKAT_kem512$(EXESUFX) \ + nistkat/PQCgenKAT_kem768$(EXESUFX) \ + nistkat/PQCgenKAT_kem1024$(EXESUFX) \ + +tests: $(TESTS) + $(OPENSSL_PATH_SETUP) nistkat/PQCgenKAT_kem512$(EXESUFX) + +Makefile: ../../defs.mk + touch $@ + +lib: + mkdir lib + +lib/libpqcrystals_fips202_ref$(STLSUFX): lib fips202.c fips202.h Makefile + $(CC) $(CFLAGS) -c fips202.c + $(AR) $(ARFLAGS) fips202$(OBJ_EXT) + +lib/libpqcrystals_fips202_ref$(SO_EXT): fips202.c fips202.h + $(CC) $(CFLAGS) fips202.c $(OUT)$@ $(LDFLAGS) $(SO_FLAGS) + +lib/libpqcrystals_kyber512_ref$(STLSUFX): $(SOURCES_512) $(HEADERS) $(SOURCESKECCAK_512) $(HEADERSKECCAK) Makefile + $(CC) $(CFLAGS) -DKYBER_K=2 -c $(SOURCES_512) $(SOURCESKECCAK_512) + $(AR) $(ARFLAGS) $(subst .c,$(OBJ_EXT), $(SOURCES_512) $(SOURCESKECCAK_512)) + +lib/libpqcrystals_kyber512_ref$(SO_EXT): lib/libpqcrystals_kyber512_ref$(STLSUFX) $(HEADERS) symmetric-shake.c fips202.c fips202.h randombytes.c + $(CC) $(CFLAGS) -DKYBER_K=2 symmetric-shake.c fips202.c randombytes.c lib/libpqcrystals_kyber512_ref$(STLSUFX) $(LIBS) $(OUT)$@ $(LDFLAGS) $(SO_FLAGS) + +lib/libpqcrystals_kyber768_ref$(STLSUFX): $(SOURCES_768) $(HEADERS) $(SOURCESKECCAK_768) $(HEADERSKECCAK) Makefile + $(CC) $(CFLAGS) -DKYBER_K=3 -c $(SOURCES_768) $(SOURCESKECCAK_768) + $(AR) $(ARFLAGS) $(subst .c,$(OBJ_EXT), $(SOURCES_768) $(SOURCESKECCAK_768)) + +lib/libpqcrystals_kyber768_ref$(SO_EXT): lib/libpqcrystals_kyber768_ref$(STLSUFX) $(HEADERS) symmetric-shake.c fips202.c fips202.h randombytes.c + $(CC) $(CFLAGS) -DKYBER_K=3 symmetric-shake.c fips202.c randombytes.c lib/libpqcrystals_kyber768_ref$(STLSUFX) $(LIBS) $(OUT)$@ $(LDFLAGS) $(SO_FLAGS) + +lib/libpqcrystals_kyber1024_ref$(STLSUFX): $(SOURCES_1024) $(HEADERS) $(SOURCESKECCAK_1024) $(HEADERSKECCAK) Makefile + $(CC) $(CFLAGS) -DKYBER_K=4 -c $(SOURCES_1024) $(SOURCESKECCAK_1024) + $(AR) $(ARFLAGS) $(subst .c,$(OBJ_EXT), $(SOURCES_1024) $(SOURCESKECCAK_1024)) + +lib/libpqcrystals_kyber1024_ref$(SO_EXT): lib/libpqcrystals_kyber1024_ref$(STLSUFX) $(HEADERS) symmetric-shake.c fips202.c fips202.h randombytes.c + $(CC) $(CFLAGS) -DKYBER_K=4 symmetric-shake.c fips202.c randombytes.c lib/libpqcrystals_kyber1024_ref$(STLSUFX) $(LIBS) $(OUT)$@ $(LDFLAGS) $(SO_FLAGS) + +test/test_kyber512$(EXESUFX): $(SOURCESKECCAK) $(HEADERSKECCAK) test/test_kyber.c randombytes.c lib/libpqcrystals_kyber512_ref$(STLSUFX) + $(CC) $(CFLAGS) -DKYBER_K=2 $(SOURCESKECCAK) randombytes.c test/test_kyber.c $(OUT)$@ $(LDFLAGS) lib/libpqcrystals_kyber512_ref$(STLSUFX) $(LIBS) + +test/test_kyber768$(EXESUFX): $(SOURCESKECCAK) $(HEADERSKECCAK) test/test_kyber.c randombytes.c lib/libpqcrystals_kyber768_ref$(STLSUFX) + $(CC) $(CFLAGS) -DKYBER_K=3 $(SOURCESKECCAK) randombytes.c test/test_kyber.c $(OUT)$@ $(LDFLAGS) lib/libpqcrystals_kyber768_ref$(STLSUFX) $(LIBS) + +test/test_kyber1024$(EXESUFX): $(SOURCESKECCAK) $(HEADERSKECCAK) test/test_kyber.c randombytes.c lib/libpqcrystals_kyber1024_ref$(STLSUFX) + $(CC) $(CFLAGS) -DKYBER_K=4 $(SOURCESKECCAK) randombytes.c test/test_kyber.c $(OUT)$@ $(LDFLAGS) lib/libpqcrystals_kyber1024_ref$(STLSUFX) $(LIBS) + +test/test_vectors512$(EXESUFX): $(SOURCESKECCAK) $(HEADERSKECCAK) test/test_vectors.c + $(CC) $(CFLAGS) -DKYBER_K=2 $(SOURCESKECCAK) test/test_vectors.c $(OUT)$@ $(LDFLAGS) lib/libpqcrystals_kyber512_ref$(STLSUFX) $(LIBS) + +test/test_vectors768$(EXESUFX): $(SOURCESKECCAK) $(HEADERSKECCAK) test/test_vectors.c + $(CC) $(CFLAGS) -DKYBER_K=3 $(SOURCESKECCAK) test/test_vectors.c $(OUT)$@ $(LDFLAGS) lib/libpqcrystals_kyber768_ref$(STLSUFX) $(LIBS) + +test/test_vectors1024$(EXESUFX): $(SOURCESKECCAK) $(HEADERSKECCAK) test/test_vectors.c + $(CC) $(CFLAGS) -DKYBER_K=4 $(SOURCESKECCAK) test/test_vectors.c $(OUT)$@ $(LDFLAGS) lib/libpqcrystals_kyber1024_ref$(STLSUFX) $(LIBS) + +test/test_speed512$(EXESUFX): $(SOURCESKECCAK) $(HEADERSKECCAK) test/cpucycles.h test/cpucycles.c test/speed_print.h test/speed_print.c test/test_speed.c randombytes.c + $(CC) $(CFLAGS) -DKYBER_K=2 $(SOURCESKECCAK) randombytes.c test/cpucycles.c test/speed_print.c test/test_speed.c $(OUT)$@ $(LDFLAGS) $(LIBS) + +test/test_speed768$(EXESUFX): $(SOURCESKECCAK) $(HEADERSKECCAK) test/cpucycles.h test/cpucycles.c test/speed_print.h test/speed_print.c test/test_speed.c randombytes.c + $(CC) $(CFLAGS) -DKYBER_K=3 $(SOURCESKECCAK) randombytes.c test/cpucycles.c test/speed_print.c test/test_speed.c $(OUT)$@ $(LDFLAGS) $(LIBS) + +test/test_speed1024$(EXESUFX): $(SOURCESKECCAK) $(HEADERSKECCAK) test/cpucycles.h test/cpucycles.c test/speed_print.h test/speed_print.c test/test_speed.c randombytes.c + $(CC) $(CFLAGS) -DKYBER_K=4 $(SOURCESKECCAK) randombytes.c test/cpucycles.c test/speed_print.c test/test_speed.c $(OUT)$@ $(LDFLAGS) $(LIBS) + +nistkat/rng$(OBJ_EXT) : nistkat/rng.c nistkat/rng.h + $(CC) $(CFLAGS) $(OUT)$@ -c $< +nistkat/PQCgenKAT_kem512$(OBJ_EXT) : nistkat/PQCgenKAT_kem.c + $(CC) $(CFLAGS) $(OUT)$@ -DKYBER_K=2 -c $< +nistkat/PQCgenKAT_kem768$(OBJ_EXT) : nistkat/PQCgenKAT_kem.c + $(CC) $(CFLAGS) $(OUT)$@ -DKYBER_K=3 -c $< +nistkat/PQCgenKAT_kem1024$(OBJ_EXT) : nistkat/PQCgenKAT_kem.c + $(CC) $(CFLAGS) $(OUT)$@ -DKYBER_K=4 -c $< + +nistkat/PQCgenKAT_kem512$(EXESUFX): nistkat/PQCgenKAT_kem512$(OBJ_EXT) nistkat/rng$(OBJ_EXT) \ + lib/libpqcrystals_kyber512_ref$(STLSUFX) + $(LD) $(LDFLAGS) nistkat/PQCgenKAT_kem512$(OBJ_EXT) nistkat/rng$(OBJ_EXT) lib/libpqcrystals_kyber512_ref$(STLSUFX) $(LIBS) + +nistkat/PQCgenKAT_kem768$(EXESUFX): nistkat/PQCgenKAT_kem768$(OBJ_EXT) nistkat/rng$(OBJ_EXT) \ + lib/libpqcrystals_kyber768_ref$(STLSUFX) + $(LD) $(LDFLAGS) nistkat/PQCgenKAT_kem768$(OBJ_EXT) nistkat/rng$(OBJ_EXT) lib/libpqcrystals_kyber768_ref$(STLSUFX) $(LIBS) + +nistkat/PQCgenKAT_kem1024$(EXESUFX): nistkat/PQCgenKAT_kem1024$(OBJ_EXT) nistkat/rng$(OBJ_EXT) \ + lib/libpqcrystals_kyber1024_ref$(STLSUFX) + $(LD) $(LDFLAGS) nistkat/PQCgenKAT_kem1024$(OBJ_EXT) nistkat/rng$(OBJ_EXT) lib/libpqcrystals_kyber1024_ref$(STLSUFX) $(LIBS) + +clean: + -$(RM) -f *.gcno *.gcda *.lcov *.o *.obj *.so *.dll + -$(RM) -f test/test_kyber512$(EXESUFX) + -$(RM) -f test/test_kyber768$(EXESUFX) + -$(RM) -f test/test_kyber1024$(EXESUFX) + -$(RM) -f test/test_vectors512$(EXESUFX) + -$(RM) -f test/test_vectors768$(EXESUFX) + -$(RM) -f test/test_vectors1024$(EXESUFX) + -$(RM) -f test/test_speed512$(EXESUFX) + -$(RM) -f test/test_speed768$(EXESUFX) + -$(RM) -f test/test_speed1024$(EXESUFX) + -$(RM) -f nistkat/PQCgenKAT_kem512$(EXESUFX) + -$(RM) -f nistkat/PQCgenKAT_kem768$(EXESUFX) + -$(RM) -f nistkat/PQCgenKAT_kem1024$(EXESUFX) + -$(RM) -f nistkat/*.req + -$(RM) -f nistkat/*.rsp + -$(RM) -rf lib/ + diff --git a/libdks_icc/sphincs/ref/Makefile b/libdks_icc/sphincs/ref/Makefile new file mode 100644 index 0000000..5a3178b --- /dev/null +++ b/libdks_icc/sphincs/ref/Makefile @@ -0,0 +1,99 @@ +VARIANT = shake-128s +PARAMS = sphincs-$(VARIANT) +THASH = robust + +CC=/usr/bin/gcc +LINUX_CFLAGS=-Wall -Wextra -Wpedantic -O3 -std=c99 -Wconversion -Wmissing-prototypes + +MY_CFLAGS=-DPARAMS=$(PARAMS) $(EXTRA_CFLAGS) + +LIB_SOURCES = address.c merkle.c wots.c wotsx1.c utils.c utilsx1.c fors.c sign.c +HEADERS = params.h randombytes.h address.h merkle.h wots.h wotsx1.h utils.h utilsx1.h fors.h api.h hash.h thash.h + +ifneq (,$(findstring shake,$(PARAMS))) + HASH_SOURCES = fips202.c + THASH_SOURCES = hash_shake.c thash_shake_$(THASH).c + HASH_HEADERS = fips202.h +endif +ifneq (,$(findstring haraka,$(PARAMS))) + HASH_SOURCES = haraka.c + THASH_SOURCES = hash_haraka.c thash_haraka_$(THASH).c + HASH_HEADERS = haraka.h +endif +ifneq (,$(findstring sha2,$(PARAMS))) + HASH_SOURCES = sha2.c + THASH_SOURCES = hash_sha2.c thash_sha2_$(THASH).c + HASH_HEADERS = sha2.h +endif +LIB_SOURCES += $(THASH_SOURCES) +LIB_SOURCES := $(addprefix $(VARIANT)-,$(LIB_SOURCES)) +HEADERS += $(HASH_HEADERS) + +SOURCES = $(LIB_SOURCES) $(addprefix $(VARIANT)-,randombytes.c) + +DET_SOURCES = $(SOURCES:randombytes.%=rng.%) +DET_HEADERS = $(HEADERS:randombytes.%=rng.%) + +TESTS = test/fors \ + test/spx \ + +BENCHMARK = test/benchmark + +#OS=LINUX +OS=WIN + +.PHONY: default clean test benchmark static + +default: PQCgenKAT_sign + +ICC_ROOT=../../.. +include ../../defs.mk + +CFLAGS+=$(MY_CFLAGS) + +Makefile: ../../defs.mk + touch $@ + +all: static PQCgenKAT_sign tests benchmarks + +tests: $(TESTS) + +test: $(TESTS:=.exec) + +benchmarks: $(BENCHMARK) + +benchmark: $(BENCHMARK:=.exec) + +static: libsphincs_ref-$(PARAMS)$(STLSUFX) libsphincs_ref-hash-$(PARAMS)$(STLSUFX) + +libsphincs_ref-$(PARAMS)$(STLSUFX): $(LIB_SOURCES) $(HEADERS) Makefile + $(CC) $(CFLAGS) -c $(LIB_SOURCES) + $(AR) $(ARFLAGS) $(subst .c,$(OBJ_EXT), $(LIB_SOURCES)) + $(RM) $(subst .c,$(OBJ_EXT), $(LIB_SOURCES)) + +libsphincs_ref-hash-$(PARAMS)$(STLSUFX): $(HASH_SOURCES) $(HASH_HEADERS) Makefile + $(CC) $(CFLAGS) -c $(HASH_SOURCES) + $(AR) $(ARFLAGS) $(subst .c,$(OBJ_EXT), $(HASH_SOURCES)) + $(RM) $(subst .c,$(OBJ_EXT), $(HASH_SOURCES)) + +PQCgenKAT_sign: PQCgenKAT_sign.c $(DET_SOURCES) $(DET_HEADERS) + $(CC) $(CFLAGS) -o $@ $(DET_SOURCES) $< -lcrypto + +test/benchmark: test/benchmark.c test/cycles.c $(SOURCES) $(HEADERS) + $(CC) $(CFLAGS) -o $@ test/cycles.c $(SOURCES) $< $(LDLIBS) + +test/%: test/%.c $(SOURCES) $(HEADERS) + $(CC) $(CFLAGS) -o $@ $(SOURCES) $< $(LDLIBS) + +test/haraka: test/haraka.c $(filter-out haraka.c,$(SOURCES)) $(HEADERS) + $(CC) $(CFLAGS) -o $@ $(filter-out haraka.c,$(SOURCES)) $< $(LDLIBS) + +test/%.exec: test/% + @$< + +clean: + -$(RM) $(TESTS) + -$(RM) $(BENCHMARK) + -$(RM) PQCgenKAT_sign + -$(RM) PQCsignKAT_*.rsp + -$(RM) PQCsignKAT_*.req diff --git a/libdks_icc/sphincs/ref/api.h b/libdks_icc/sphincs/ref/api.h new file mode 100644 index 0000000..29d3090 --- /dev/null +++ b/libdks_icc/sphincs/ref/api.h @@ -0,0 +1,87 @@ +#ifndef SPX_API_H +#define SPX_API_H + +#include +#include + +#include "params.h" + +#define CRYPTO_ALGNAME "SPHINCS+" + +#define CRYPTO_SECRETKEYBYTES SPX_SK_BYTES +#define CRYPTO_PUBLICKEYBYTES SPX_PK_BYTES +#define CRYPTO_BYTES SPX_BYTES +#define CRYPTO_SEEDBYTES 3*SPX_N + +/* + * Returns the length of a secret key, in bytes + */ +#define crypto_sign_secretkeybytes SPX_NAMESPACE(crypto_sign_secretkeybytes) +unsigned long long crypto_sign_secretkeybytes(void); + +/* + * Returns the length of a public key, in bytes + */ +#define crypto_sign_publickeybytes SPX_NAMESPACE(crypto_sign_publickeybytes) +unsigned long long crypto_sign_publickeybytes(void); + +/* + * Returns the length of a signature, in bytes + */ +#define crypto_sign_bytes SPX_NAMESPACE(crypto_sign_bytes) +unsigned long long crypto_sign_bytes(void); + +/* + * Returns the length of the seed required to generate a key pair, in bytes + */ +#define crypto_sign_seedbytes SPX_NAMESPACE(crypto_sign_seedbytes) +unsigned long long crypto_sign_seedbytes(void); + +/* + * Generates a SPHINCS+ key pair given a seed. + * Format sk: [SK_SEED || SK_PRF || PUB_SEED || root] + * Format pk: [root || PUB_SEED] + */ +#define crypto_sign_seed_keypair SPX_NAMESPACE(crypto_sign_seed_keypair) +int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk, + const unsigned char *seed); + +/* + * Generates a SPHINCS+ key pair. + * Format sk: [SK_SEED || SK_PRF || PUB_SEED || root] + * Format pk: [root || PUB_SEED] + */ +#define crypto_sign_keypair SPX_NAMESPACE(crypto_sign_keypair) +int crypto_sign_keypair(unsigned char *pk, unsigned char *sk); + +/** + * Returns an array containing a detached signature. + */ +#define crypto_sign_signature SPX_NAMESPACE(crypto_sign_signature) +int crypto_sign_signature(uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk); + +/** + * Verifies a detached signature and message under a given public key. + */ +#define crypto_sign_verify SPX_NAMESPACE(crypto_sign_verify) +int crypto_sign_verify(const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk); + +/** + * Returns an array containing the signature followed by the message. + */ +#define crypto_sign SPX_NAMESPACE(crypto_sign) +int crypto_sign(unsigned char *sm, unsigned long long *smlen, + const unsigned char *m, unsigned long long mlen, + const unsigned char *sk); + +/** + * Verifies a given signature-message pair under a given public key. + */ +#define crypto_sign_open SPX_NAMESPACE(crypto_sign_open) +int crypto_sign_open(unsigned char *m, unsigned long long *mlen, + const unsigned char *sm, unsigned long long smlen, + const unsigned char *pk); + +#endif diff --git a/openssl_source/openssl-1.1.1-icc.tar.gz b/openssl_source/openssl-1.1.1-icc.tar.gz index 6090515..63dbf86 100644 Binary files a/openssl_source/openssl-1.1.1-icc.tar.gz and b/openssl_source/openssl-1.1.1-icc.tar.gz differ