pool/libica
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1010295 from devel:openSUSE:Factory

Browse Source 
- Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365).
  v4.1.1
   - [PATCH] Fix aes-xts multi-part operations
     [PATCH] Fix make dist
  v4.1.0
   - [FEATURE] FIPS: make libica FIPS 140-3 compliant
     [FEATURE] New API function ica_ecdsa_sign_ex()
     [FEATURE] New icainfo output option -r
   - [PATCH] Various bug fixes
- Removed the following obsolete files:
  baselibs.conf
  icaioctl.h

OBS-URL: https://build.opensuse.org/request/show/1010295
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=25
This commit is contained in:
Dominique Leuenberger 2022-10-13 13:53:31 +00:00 committed by Git OBS Bridge
commit 97fc0d45ba
6 changed files with 29 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
baselibs.conf
View File

@ -1 +0,0 @@
libica4

219
icaioctl.h
View File

@ -1,219 +0,0 @@
/* Copyright (c) International Business Machines Corp., 2001 */
/*
* linux/include/linux/icaioctl.h
*
*/
#ifndef _LINUX_ICAIOCTL_H_
#define _LINUX_ICAIOCTL_H_
enum _sizelimits {
ICA_DES_DATALENGTH_MIN = 8,
ICA_DES_DATALENGTH_MAX = 32 * 1024 * 1024 - 8,
ICA_SHA_DATALENGTH = 20,
ICA_SHA_BLOCKLENGTH = 64,
ICA_RSA_DATALENGTH_MIN = 256/8,
ICA_RSA_DATALENGTH_MAX = 2048/8
};
typedef struct _ica_rng_rec {
unsigned int nbytes;
char *buf;
} ica_rng_t;
// May have some porting issues here
typedef struct _ica_rsa_modexpo {
char *inputdata;
unsigned int inputdatalength;
char *outputdata;
unsigned int outputdatalength;
char *b_key;
char *n_modulus;
} ica_rsa_modexpo_t;
typedef ica_rsa_modexpo_t ica_rsa_modmult_t;
typedef struct _ica_rsa_modexpo_crt {
char *inputdata;
unsigned int inputdatalength;
char *outputdata;
unsigned int outputdatalength;
char *bp_key;
char *bq_key;
char *np_prime;
char *nq_prime;
char *u_mult_inv;
} ica_rsa_modexpo_crt_t;
typedef unsigned char ica_des_vector_t[8];
typedef unsigned char ica_des_key_t[8];
typedef ica_des_key_t ica_des_single_t[1];
typedef ica_des_single_t ica_des_triple_t[3];
enum _ica_mode_des {
DEVICA_MODE_DES_CBC = 0,
DEVICA_MODE_DES_ECB = 1
};
enum _ica_direction_des {
DEVICA_DIR_DES_ENCRYPT = 0,
DEVICA_DIR_DES_DECRYPT = 1
};
typedef struct _ica_des {
unsigned int mode;
unsigned int direction;
unsigned char *inputdata;
unsigned int inputdatalength;
ica_des_vector_t *iv;
ica_des_key_t *keys;
unsigned char *outputdata;
int outputdatalength;
} ica_des_t;
typedef struct _ica_desmac {
unsigned char *inputdata;
unsigned int inputdatalength;
ica_des_vector_t *iv;
ica_des_key_t *keys;
unsigned char *outputdata;
int outputdatalength;
} ica_desmac_t;
typedef unsigned char ica_sha1_result_t[ICA_SHA_DATALENGTH];
typedef struct _ica_sha1 {
unsigned char *inputdata;
unsigned int inputdatalength;
ica_sha1_result_t *outputdata;
ica_sha1_result_t *initialh;
} ica_sha1_t;
/* The following structs are used by conversion functions
on PowerPC 64 bit only. They should not be used by externel
applications. Should the non PPC specific structs change, these
structures may need to change as well. Also, new conversion
routines will need to be added to devica.c to deal with new
structs or structure members.
*/
#ifdef CONFIG_PPC64
typedef struct _ica_rng_rec_32 {
unsigned int nbytes;
unsigned int buf;
} ica_rng_t_32;
typedef struct _ica_des_32 {
unsigned int mode;
unsigned int direction;
unsigned int inputdata;
unsigned int inputdatalength;
unsigned int iv;
unsigned int keys;
unsigned int outputdata;
unsigned int outputdatalength;
} ica_des_t_32;
typedef struct _ica_sha1_32 {
unsigned int inputdata;
unsigned int inputdatalength;
unsigned int outputdata;
unsigned int initialh;
} ica_sha1_t_32;
typedef struct _ica_desmac_32 {
unsigned int inputdata;
unsigned int inputdatalength;
unsigned int iv;
unsigned int keys;
unsigned int outputdata;
int outputdatalength;
} ica_desmac_t_32;
typedef struct _ica_rsa_modexpo_crt_32 {
unsigned int inputdata;
unsigned int inputdatalength;
unsigned int outputdata;
unsigned int outputdatalength;
unsigned int bp_key;
unsigned int bq_key;
unsigned int np_prime;
unsigned int nq_prime;
unsigned int u_mult_inv;
} ica_rsa_modexpo_crt_t_32;
typedef struct _ica_rsa_modexpo_32 {
unsigned int inputdata;
unsigned int inputdatalength;
unsigned int outputdata;
unsigned int outputdatalength;
unsigned int b_key;
unsigned int n_modulus;
} ica_rsa_modexpo_t_32;
#endif
#define ICA_IOCTL_MAGIC '?' // NOTE: Need to allocate from linux folks
/*
* Note: Some platforms only use 8 bits to define the parameter size. As
* the macros in ioctl.h don't seem to mask off offending bits, they look
* a little unsafe. We should probably just not use the parameter size
* at all for these ioctls. I don't know if we'll ever run on any of those
* architectures, but seems easier just to not count on this feature.
*/
#define ICASETBIND _IOW(ICA_IOCTL_MAGIC, 0x01, int)
#define ICAGETBIND _IOR(ICA_IOCTL_MAGIC, 0x02, int)
#define ICAGETCOUNT _IOR(ICA_IOCTL_MAGIC, 0x03, int)
#define ICAGETID _IOR(ICA_IOCTL_MAGIC, 0x04, int)
#define ICARSAMODEXPO _IOC(_IOC_READ|_IOC_WRITE, ICA_IOCTL_MAGIC, 0x05, 0)
#define ICARSACRT _IOC(_IOC_READ|_IOC_WRITE, ICA_IOCTL_MAGIC, 0x06, 0)
#define ICARSAMODMULT _IOC(_IOC_READ|_IOC_WRITE, ICA_IOCTL_MAGIC, 0x07, 0)
#define ICADES _IOC(_IOC_READ|_IOC_WRITE, ICA_IOCTL_MAGIC, 0x08, 0)
#define ICADESMAC _IOC(_IOC_READ|_IOC_WRITE, ICA_IOCTL_MAGIC, 0x09, 0)
#define ICATDES _IOC(_IOC_READ|_IOC_WRITE, ICA_IOCTL_MAGIC, 0x0a, 0)
#define ICATDESSHA _IOC(_IOC_READ|_IOC_WRITE, ICA_IOCTL_MAGIC, 0x0b, 0)
#define ICATDESMAC _IOC(_IOC_READ|_IOC_WRITE, ICA_IOCTL_MAGIC, 0x0c, 0)
#define ICASHA1 _IOC(_IOC_READ|_IOC_WRITE, ICA_IOCTL_MAGIC, 0x0d, 0)
#define ICARNG _IOC(_IOC_READ, ICA_IOCTL_MAGIC, 0x0e, 0)
#define ICAGETVPD _IOC(_IOC_READ, ICA_IOCTL_MAGIC, 0x0f, 0)
#ifdef __KERNEL__
#ifndef assertk
#ifdef NDEBUG
# define assertk(expr) do {} while (0)
#else
# define assertk(expr) \
if(!(expr)) { \
printk( "Assertion failed! %s,%s,%s,line=%d\n", \
#expr,__FILE__,__FUNCTION__,__LINE__); \
}
#endif
#endif
struct ica_operations {
ssize_t (*read) (struct file *, char *, size_t, loff_t *, void *);
int (*ioctl) (struct inode *, struct file *, unsigned int, unsigned long, void *);
};
typedef struct ica_worker {
struct ica_operations *icaops;
void * private_data;
} ica_worker_t;
extern int ica_register_worker(int partitionnum, ica_worker_t *device);
extern int ica_unregister_worker(int partitionnum, ica_worker_t *device);
#endif /* __KERNEL__ */
#endif /* _LINUX_ICAIOCTL_H_ */

3
libica-4.0.3.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fe44e8b31f0d0f09da3f86ef46d6089fea7d7c453f5d196b88cee6ab4621a385
size 553081

3
libica-4.1.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1abb8a2d0dd061dc7741f02a26b07ec897309e60a3866d20c4f1bf6c094d4706
size 559797

16
libica.changes
View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Tue Oct 11 20:32:12 UTC 2022 - Mark Post <mpost@suse.com>
- Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365).
v4.1.1
- [PATCH] Fix aes-xts multi-part operations
[PATCH] Fix make dist
v4.1.0
- [FEATURE] FIPS: make libica FIPS 140-3 compliant
[FEATURE] New API function ica_ecdsa_sign_ex()
[FEATURE] New icainfo output option -r
- [PATCH] Various bug fixes
- Removed the following obsolete files:
baselibs.conf
icaioctl.h
-------------------------------------------------------------------
Mon Sep 12 19:09:59 UTC 2022 - Mark Post <mpost@suse.com>

26
libica.spec
View File

@ -22,21 +22,18 @@
%endif
Name: libica
Version: 4.0.3
Version: 4.1.1
Release: 0
Summary: Library interface for the IBM Cryptographic Accelerator device driver
License: CPL-1.0
Group: Hardware/Other
URL: https://github.com/opencryptoki/libica
Source: https://github.com/opencryptoki/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
# The icaioctl.h file came from https://sourceforge.net/p/opencryptoki/icadd/ci/master/tree/
Source1: icaioctl.h
Source2: README.SUSE
Source3: sysconfig.z90crypt
Source4: z90crypt
Source5: z90crypt.service
Source6: baselibs.conf
Source7: %{name}-rpmlintrc
Source1: README.SUSE
Source2: sysconfig.z90crypt
Source3: z90crypt
Source4: z90crypt.service
Source5: %{name}-rpmlintrc
Patch01: libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch
Patch99: libica-sles15sp5-FIPS-hmac-key.patch
@ -116,9 +113,6 @@ the libica library.
%autosetup -p 1
%build
mkdir -p include/linux/
cp %{SOURCE1} include/linux/
autoreconf --force --install
%configure CPPFLAGS="-Iinclude -fPIC" CFLAGS="%{optflags} -fPIC" \
--enable-fips
@ -136,15 +130,15 @@ mkdir -p %{buildroot}%{_includedir}
cp -p include/ica_api.h %{buildroot}%{_includedir}
mkdir -p %{buildroot}%{_sbindir}
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcz90crypt
install -D %{SOURCE3} %{buildroot}%{_fillupdir}/sysconfig.z90crypt
install -D %{SOURCE4} %{buildroot}%{_prefix}/lib/systemd/scripts/z90crypt
install -D -m 644 %{SOURCE5} %{buildroot}%{_prefix}/lib/systemd/system/z90crypt.service
install -D %{SOURCE2} %{buildroot}%{_fillupdir}/sysconfig.z90crypt
install -D %{SOURCE3} %{buildroot}%{_prefix}/lib/systemd/scripts/z90crypt
install -D -m 644 %{SOURCE4} %{buildroot}%{_prefix}/lib/systemd/system/z90crypt.service
# It is installed 444 and then the __os_install_post cannot update it once the debuginfo is stripped
# We need it early because there is %{buildroot}/%{_libdir}/.*.so.%{major}.hmac symlink pointing at it
# and the dangling symlink test would fail
chmod 644 %{buildroot}/%{_libdir}/.*.so.%{version}.hmac
cp -a %{SOURCE2} .
cp -a %{SOURCE1} .
rm -vf %{buildroot}%{_libdir}/libica*.la
rm -f %{buildroot}%{_datadir}/doc/libica/*
rmdir %{buildroot}%{_datadir}/doc/libica