[][openwrt][common][Add libkcapi to test fips140-3]
[Description]
Add libkcapi to pass fips140-3.
Libkcapi allow user-space to access the Linux kernel crypto API.
In this package, we add two command, `kcapi-drbg` and `kcapi-mtk-digst`
The `kcapi-drbg` is to test drbg in linux kernel cryto.
Usage:
-b --bytes <BYTES> Number of bytes to generate
(required option)
-r --rng name <RNGNAME> DRNG name as advertised in
/proc/crypto(require option))
-e --entropy <RNGNAME> DRBG entropy(require option))
-n --nonce <RNGNAME> DRBG nonce(require option))
-p --personalization string <RNGNAME> DRBG personaliztion
string(require option))
--hex The random number is returned
in hexadecimal notation
-h --help This help information
For example:
kcapi-drbg -e entropy -n nonce -p personalization string \
--hex -b 80 -r drbg_nopr_hmac_sha1
The `kcapi-mtk-digest` is to test hmac and sha in linux kernel crypto.
Usage:
-k Key (hmac required option)
-n Digest name such as sha1, sha224, sha256 sha512
hmac-sha1 hmac-sha224 hmac-sha256
hmac-sha384 hmac-sha512
-e empty input
-m message(require option))
-l output len(require option))
notation
-h --help This help information
Worth a question, it only use key in hmac.
For example:
kcapi-mtk-dgst -n sha512 -m data -l 10
kcapi-mtk-dgst -k key -n hmac-sha512 -m data -l 10
[Release-log]
Change-Id: I8a7061873a4cd52cbc02c0f2e2c6b188c7de456f
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/8248293
diff --git a/feed/libkcapi/Makefile b/feed/libkcapi/Makefile
new file mode 100644
index 0000000..874e919
--- /dev/null
+++ b/feed/libkcapi/Makefile
@@ -0,0 +1,49 @@
+#
+# Copyright (C) 2023 Mediatek Ltd.
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libkcapi
+PKG_RELEASE:=1.4.0
+PKG_VERSION:=1.4.0
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_FIXUP:=autoreconf
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/smuellerDD/libkcapi/tar.gz/refs/tags/v$(PKG_VERSION)
+PKG_HASH:=10f96ccb2799f3ef810f3956c48a2d791a9221c9a545de51bd79e5a81030f38e
+
+include $(INCLUDE_DIR)/package.mk
+MAKE_FLAGS:=
+
+define Package/libkcapi
+ SECTION:=Utilities
+ CATEGORY:=Utilities
+ TITLE:=libkcapi
+ SUBMENU:=FIPS
+endef
+
+define Package/libkcapi/description
+ Libkcapi allow user-space to access the Linux kernel crypto API.
+endef
+
+define Build/Configure
+ cd $(PKG_BUILD_DIR) && $(STAGING_DIR_HOST)/bin/autoreconf -i
+ cd $(PKG_BUILD_DIR) && CC=aarch64-openwrt-linux-musl-gcc \
+ CFLAGS="-Wno-error" $(PKG_BUILD_DIR)/configure \
+ --enable-kcapi-test --enable-kcapi-speed \
+ --enable-kcapi-hasher --enable-kcapi-rngapp \
+ --enable-kcapi-encapp --enable-kcapi-dgstapp \
+ --host=x86
+endef
+
+define Package/libkcapi/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(CP) $(PKG_BUILD_DIR)/bin/* $(1)/usr/bin
+endef
+
+$(eval $(call BuildPackage,libkcapi))