-
Notifications
You must be signed in to change notification settings - Fork 5
/
Makefile.am
152 lines (133 loc) · 4.5 KB
/
Makefile.am
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
ACLOCAL_AMFLAGS = -I m4
AM_MAKEFLAGS = --no-print-directory
MAINTAINERCLEANFILES = \
$(srcdir)/Makefile.in \
$(srcdir)/aclocal.m4 \
$(srcdir)/compile \
$(srcdir)/config.guess \
$(srcdir)/config.log \
$(srcdir)/config.status \
$(srcdir)/config.sub \
$(srcdir)/configure \
$(srcdir)/depcomp \
$(srcdir)/install-sh \
$(srcdir)/ltmain.sh \
$(srcdir)/missing \
$(srcdir)/src/config.h.in \
$(srcdir)/src/libpkcs11d.exports
EXTRA_DIST = \
$(srcdir)/include/*.h \
$(srcdir)/README.md \
$(srcdir)/src/*.h \
$(srcdir)/m4/*.m4
AM_CFLAGS = @OPENSSL_INCLUDES@ \
${my_CFLAGS} \
-I$(srcdir)/include \
-I$(srcdir)/src \
-fvisibility=hidden \
-ffunction-sections \
-fdata-sections
if HAVE_OPENSSL
bin_PROGRAMS = pkcs11-util pkcs11d
else
bin_PROGRAMS = pkcs11-util
endif
pkcs11_util_SOURCES = \
src/base64.c \
src/certify.c \
src/clean.c \
src/common.c \
src/crypto.c \
src/extract.c \
src/import.c \
src/info.c \
src/init.c \
src/key.c \
src/keygen.c \
src/keypair.c \
src/mechanisms.c \
src/objects.c \
src/pkcs11-util.c \
src/pkcs11_display.c \
src/random.c \
src/request.c \
src/slots.c \
src/speed.c \
src/ssh.c
pkcs11_util_LDFLAGS = @OPENSSL_LDFLAGS@
pkcs11_util_LDADD = @OPENSSL_LIBS@
pkcs11d_SOURCES = \
src/common.c \
src/crypto.c \
src/dictionary.c \
src/iniparser.c \
src/network.c \
src/pkcs11d.c \
src/pkcs11_display.c
pkcs11d_LDFLAGS = @OPENSSL_LDFLAGS@
pkcs11d_LDADD = @OPENSSL_LIBS@
if HAVE_OPENSSL
lib_LTLIBRARIES = pkcs11-token.la libpkcs11d.la
else
lib_LTLIBRARIES = pkcs11-token.la
endif
pkcs11_token_la_SOURCES = \
src/cryptoki.c \
src/iniparser.c \
src/dictionary.c
pkcs11_token_la_LDFLAGS = \
-version-info @VERSION_INFO@ \
-avoid-version -module -no-undefined
pkcs11_token_la_CFLAGS = $(AM_CFLAGS) $(CFLAGS_VISIBILITY)
libpkcs11d_la_SOURCES = \
src/libpkcs11d.c
libpkcs11d_la_CFLAGS = $(AM_CFLAGS) \
-fvisibility=default
libpkcs11d_la_LDFLAGS = \
-avoid-version -module --shared -export-dynamic \
-export-symbols "$(srcdir)/src/libpkcs11d.exports" \
@OPENSSL_LDFLAGS@
libpkcs11d_la_LIBADD = @OPENSSL_LIBS@
PIN=Vl0RJlAKiUMf
MODULE = -m "@DEFAULT_PKCS11_MODULE@" -d .
SLOT = --slot 2
MODULE_PIN_SLOT = $(MODULE) --pin $(PIN) $(SLOT)
test: pkcs11-util pkcs11-token.la
@rm -f cert8.db key3.db rsa.crt rsa.key rsa2.crt rsa2.key rsa.p12 ec.crt
./pkcs11-util init $(MODULE_PIN_SLOT)
./pkcs11-util keygen $(MODULE_PIN_SLOT) -l rsa2048 -k 2048
./pkcs11-util keygen $(MODULE_PIN_SLOT) -l ec256 -k prime256v1
./pkcs11-util keygen $(MODULE_PIN_SLOT) -l 3des -k des3
./pkcs11-util keygen $(MODULE_PIN_SLOT) -l aes -k aes
./pkcs11-util request $(MODULE_PIN_SLOT) -l rsa2048 | @OPENSSL_BIN@ req -verify
./pkcs11-util certify $(MODULE_PIN_SLOT) -l rsa2048 | @OPENSSL_BIN@ x509 | tee rsa.crt
./pkcs11-util import $(MODULE_PIN_SLOT) --certificate rsa.crt
@OPENSSL_BIN@ genrsa 2048 -nodes > rsa.key
./pkcs11-util import $(MODULE_PIN_SLOT) --key rsa.key --label RSA --id RSA
@OPENSSL_BIN@ genrsa 2048 -nodes > rsa2.key
@OPENSSL_BIN@ req -new -x509 -key rsa2.key -out rsa2.crt -subj /CN=Foo
cat rsa2.key rsa2.crt | @OPENSSL_BIN@ pkcs12 -export -out rsa.p12 -passout pass:$(PIN)
./pkcs11-util import $(MODULE_PIN_SLOT) --pkcs12 rsa.p12 --password $(PIN) --label P12 --id P12
if [ "@HAVE_OPENSSL_ECC@" = 1 ] ; then \
if ! @OPENSSL_BIN@ pkeyutl &>/dev/null ; then \
./pkcs11-util request $(MODULE_PIN_SLOT) -l ec256 | @OPENSSL_BIN@ req -verify ; \
./pkcs11-util certify $(MODULE_PIN_SLOT) -l ec256 | @OPENSSL_BIN@ x509 | tee ec.crt ; \
./pkcs11-util import $(MODULE_PIN_SLOT) --certificate ec.crt --label ec256 --id ec256 ; \
@OPENSSL_BIN@ ecparam -name prime256v1 -genkey | openssl ec > p256.key ; \
@OPENSSL_BIN@ req -new -x509 -key p256.key -out p256.crt -subj /CN=Foo ; \
cat p256.key p256.crt | @OPENSSL_BIN@ pkcs12 -export -out p256.p12 -passout pass:$(PIN) ; \
./pkcs11-util import $(MODULE_PIN_SLOT) --pkcs12 p256.p12 --password $(PIN) \
--label EC-P256 --id EC-P256 ; \
fi ; \
fi
# ./pkcs11-util info $(MODULE)
# ./pkcs11-util list-mechanisms $(MODULE)
# ./pkcs11-util list-slots $(MODULE)
# ./pkcs11-util list-objects $(MODULE_PIN_SLOT)
# ./pkcs11-util ssh $(MODULE_PIN_SLOT)
# ./pkcs11-util extract $(MODULE_PIN_SLOT)
# ./pkcs11-util random $(MODULE) $(SLOT) -l 512 | @OPENSSL_BIN@ base64
# ./pkcs11-util speed $(MODULE_PIN_SLOT) -l rsa2048 -t 2 -o 200
# ./pkcs11-util speed $(MODULE_PIN_SLOT) -l ec256 -e -t 2 -o 500
test-clean:
./pkcs11-util clean $(MODULE_PIN_SLOT) -r