CPPFLAGS="$TOMCRYPT_CFLAGS $CPPFLAGS"
LIBS="$TOMCRYPT_LIBS $LIBS"
-AS_IF([test "x$use_openssl" != "xyes" -a "x$use_tomcrypt" != "xyes"], [
- AC_MSG_ERROR([[Neither openssl nor tomcrypt libraries present]])
+AC_ARG_ENABLE(gcrypt,
+ [ --enable-gcrypt use libgcrypt even when openssl present])
+
+AS_IF([test "x$use_openssl" != "xyes" && test "x$use_tomcrypt" != "xyes" || \
+ test "x$enable_tomcrypt" = "xyes"], [
+ AM_PATH_LIBGCRYPT()
+])
+AC_ARG_WITH(libgcrypt-include-path,
+ [ --with-libgcrypt-include-path=PATH path to libgcrypt includes],
+ [LIBGCRYPT_CFLAGS="-I $withval"],
+ [])
+AC_ARG_WITH(libgcrypt-lib-path,
+ [ --with-libgcrypt-lib-path=PATH path to libgcrypt libs],
+ [LIBGCRYPT_LIBS="-L $withval -lgcrypt"],
+ [])
+AS_IF([test "x$LIBGCRYPT_CFLAGS" != "x" -o "x$LIBGCRYPT_LIBS" != "x" ], [
+ use_gcrypt=yes
+])
+CPPFLAGS="$LIBGCRYPT_CFLAGS $CPPFLAGS"
+LIBS="$LIBGCRYPT_LIBS $LIBS"
+
+AS_IF([test "x$use_openssl" != "xyes" -a "x$use_tomcrypt" != "xyes" -a "x$use_gcrypt" != "xyes"], [
+ AC_MSG_ERROR([[Neither openssl, tomcrypt or gcrypt libraries present]])
])
AS_IF([test "x$use_openssl" = "xyes"], [
CRYPTO_OBJS+=" tom_crypto.lo"
AC_DEFINE([HAVE_TOMCRYPT], [1], [Use libtomcrypt])
])
+AS_IF([test "x$use_gcrypt" = "xyes"], [
+ CRYPTO_OBJS+=" gnu_crypto.lo"
+ AC_DEFINE([HAVE_GCRYPT], [1], [Use libgcrypt])
+])
AC_SUBST(CRYPTO_OBJS)
dnl Checks for header files.
--- /dev/null
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+#include <errno.h>
+#include <gcrypt.h>
+#include "crypto_if.h"
+
+static const char *gnu_init(void)
+{
+ (void)gcry_check_version(GCRYPT_VERSION);
+ gcry_control(GCRYCTL_SUSPEND_SECMEM_WARN);
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+ return "gcrypt";
+}
+
+static unsigned long gnu_encrypt(void *key, int keylen, void *iv,
+ void *pt, void *ct, int tlen)
+{
+ gcry_error_t err;
+ gcry_cipher_hd_t hd;
+
+ if ((err = gcry_cipher_open(&hd, GCRY_CIPHER_AES128,
+ GCRY_CIPHER_MODE_CBC, 0)))
+ return (unsigned long)err;
+ if ((err = gcry_cipher_setkey(hd, key, keylen)))
+ return (unsigned long)err;
+ if ((err = gcry_cipher_setiv(hd, iv, keylen)))
+ return (unsigned long)err;
+ if ((err = gcry_cipher_encrypt(hd, ct, tlen, pt, tlen)))
+ return (unsigned long)err;
+ if ((err = gcry_cipher_reset(hd)))
+ return (unsigned long)err;
+ return 0UL;
+}
+
+static unsigned long gnu_decrypt(void *key, int keylen, void *iv,
+ void *ct, void *pt, int tlen)
+{
+ gcry_error_t err;
+ gcry_cipher_hd_t hd;
+
+ if ((err = gcry_cipher_open(&hd, GCRY_CIPHER_AES128,
+ GCRY_CIPHER_MODE_CBC, 0)))
+ return (unsigned long)err;
+ if ((err = gcry_cipher_setkey(hd, key, keylen)))
+ return (unsigned long)err;
+ if ((err = gcry_cipher_setiv(hd, iv, keylen)))
+ return (unsigned long)err;
+ if ((err = gcry_cipher_decrypt(hd, pt, tlen, ct, tlen)))
+ return (unsigned long)err;
+ if ((err = gcry_cipher_reset(hd)))
+ return (unsigned long)err;
+ return 0UL;
+}
+
+static unsigned long gnu_hash(void *pt, int tlen, void *tag, int *taglen)
+{
+ gcry_error_t err;
+ gcry_md_hd_t hd;
+
+ unsigned int dlen = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
+ if (*taglen < dlen)
+ return (unsigned long)gcry_error_from_errno(ENOMEM);
+ if ((err = gcry_md_open(&hd, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE)))
+ return (unsigned long)err;
+ gcry_md_write(hd, pt, tlen);
+ gcry_md_final(hd);
+ memcpy(tag, gcry_md_read(hd, GCRY_MD_SHA1), dlen);
+ gcry_md_close(hd);
+ *taglen = dlen;
+ return 0UL;
+}
+
+static unsigned long gnu_hmac(void *key, int keylen, void *pt, int tlen,
+ void *tag, int *taglen)
+{
+ gcry_error_t err;
+ gcry_md_hd_t hd;
+
+ unsigned int dlen = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
+ if (*taglen < dlen)
+ return (unsigned long)gcry_error_from_errno(ENOMEM);
+ if ((err = gcry_md_open(&hd, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE |
+ GCRY_MD_FLAG_HMAC)))
+ return (unsigned long)err;
+ if ((err = gcry_md_setkey(hd, key, keylen)))
+ return (unsigned long)err;
+ gcry_md_write(hd, pt, tlen);
+ gcry_md_final(hd);
+ memcpy(tag, gcry_md_read(hd, GCRY_MD_SHA1), dlen);
+ gcry_md_close(hd);
+ *taglen = dlen;
+ return 0UL;
+}
+
+static const char *gnu_errstr(unsigned long err)
+{
+ return gcry_strerror((gcry_error_t)err);
+}
+
+struct crypto_interface gnu_crypto_if = {
+ .init = gnu_init,
+ .encrypt = gnu_encrypt,
+ .decrypt = gnu_decrypt,
+ .hash = gnu_hash,
+ .hmac = gnu_hmac,
+ .errstr = gnu_errstr,
+};
projects / pam_pcsc_cr.git / commitdiff