libkmipclient: Add KMIP client shared library

libkmipclient is a shared library that provides an KMIP client to
communicate with an KMIP server. KMIP stands for Key Management
Interoperability Protocol, and is an extensible communication protocol
that defines message formats for the manipulation of cryptographic
keys on a key management server.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>

.gitignore

@@ -45,6 +45,11 @@ libekmfweb/detect-openssl-version.dep
 libekmfweb/libekmfweb.so
 libekmfweb/libekmfweb.so.1
 libekmfweb/libekmfweb.so.1.0
+libkmipclient/check-dep-libkmipclient
+libkmipclient/detect-openssl-version.dep
+libkmipclient/libkmipclient.so
+libkmipclient/libkmipclient.so.1
+libkmipclient/libkmipclient.so.1.0
 libseckey/check-dep-libseckey
 libseckey/detect-openssl-version.dep
 libutil/*_example

Makefile

@@ -4,7 +4,7 @@ ARCH := $(shell uname -m | sed -e s/i.86/i386/ -e s/sun4u/sparc64/ -e s/arm.*/ar
 include common.mak
 
 LIB_DIRS = libvtoc libutil libzds libdasd libvmdump libccw libvmcp libekmfweb \
-	   libseckey
+	   libseckey libkmipclient
 TOOL_DIRS = zipl zdump fdasd dasdfmt dasdview tunedasd \
 	   tape390 osasnmpd qetharp ip_watcher qethconf scripts zconf \
 	   vmconvert vmcp man mon_tools dasdinfo vmur cpuplugd ipl_tools \

README.md

@@ -249,6 +249,12 @@ Package contents
    Management Foundation - Web Edition, and is used to manage keys in an
    enterprise.
 
+ * libkmipclient:
+   A shared library that provides an KMIP client to communicate with an KMIP
+   server. KMIP stands for Key Management Interoperability Protocol, and is an
+   extensible communication protocol that defines message formats for the
+   manipulation of cryptographic keys on a key management server.
+
  * hsci:
    Manage HiperSockets Converged Interfaces (HSCI).
 
@@ -285,11 +291,14 @@ build options:
 | pfm            | `HAVE_PFM`         | cpacfstats                            |
 | net-snmp       | `HAVE_SNMP`        | osasnmpd                              |
 | glibc-static   | `HAVE_LIBC_STATIC` | zfcpdump                              |
-| openssl        | `HAVE_OPENSSL`     | genprotimg, zkey, libekmfweb          |
+| openssl        | `HAVE_OPENSSL`     | genprotimg, zkey, libekmfweb,         |
+|                |                    | libkmipclient                         |
 | cryptsetup     | `HAVE_CRYPTSETUP2` | zkey-cryptsetup                       |
-| json-c         | `HAVE_JSONC`       | zkey-cryptsetup, libekmfweb           |
+| json-c         | `HAVE_JSONC`       | zkey-cryptsetup, libekmfweb,          |
+|                |                    | libkmipclient                         |
 | glib2          | `HAVE_GLIB2`       | genprotimg                            |
-| libcurl        | `HAVE_LIBCURL`     | genprotimg, libekmfweb                |
+| libcurl        | `HAVE_LIBCURL`     | genprotimg, libekmfweb, libkmipclient |
+| libxml2        | `HAVE_LIBXML2`     | libkmipclient                         |
 | systemd        | `HAVE_SYSTEMD`     | hsavmcore                             |
 
 This table lists additional build or install options:
@@ -444,3 +453,11 @@ the different tools are provided:
   add `HAVE_SYSTEMD=0` to the make invocation.
   Tip: you may skip the hsavmcore build by adding `HAVE_FUSE=0`
   to the make invocation.
+
+* libkmipclient:
+  For building the libkmipclient shared library you need openssl version 1.1.1
+  or newer installed (openssl-devel.rpm). Also required are json-c version 0.13
+  or newer (json-c-devel.rpm), libxml2 version 2.9.10 or newer
+  (libxml2-devel.rpm), and libcurl version 7.59 or newer (libcurl-devel.rpm).
+  Tip: you may skip the libkmipclient build by adding `HAVE_OPENSSL=0`,
+  `HAVE_JSONC=0`, `HAVE_LIBXML2=0`, or `HAVE_LIBCURL=0` to the make invocation.

common.mak

@@ -378,6 +378,10 @@ $(rootdir)/libseckey/libseckey.a: $(rootdir)/libseckey
 	$(MAKE) -C $(rootdir)/libseckey/ libseckey.a
 .PHONY: $(rootdir)/libseckey
 
+$(rootdir)/libkmipclient/libkmipclient.so: $(rootdir)/libkmipclient
+	$(MAKE) -C $(rootdir)/libkmipclient/ libkmipclient.so
+.PHONY: $(rootdir)/libkmipclient
+
 $(rootdir)/zipl/boot/data.o:
 	$(MAKE) -C $(rootdir)/zipl/boot/ data.o
 

libkmipclient/Makefile

@@ -0,0 +1,130 @@
+include ../common.mak
+
+VERSION = 1.0
+VERM = $(shell echo $(VERSION) | cut -d '.' -f 1)
+
+ifneq (${HAVE_OPENSSL},0)
+	ifneq (${HAVE_JSONC},0)
+		ifneq (${HAVE_LIBXML2},0)
+			ifneq (${HAVE_LIBCURL},0)
+				BUILD_TARGETS += libkmipclient.so.$(VERSION)
+				INSTALL_TARGETS += install-libkmipclient.so.$(VERSION)
+			else
+				BUILD_TARGETS += skip-libkmipclient-curl
+				INSTALL_TARGETS += skip-libkmipclient-curl
+			endif
+		else
+			BUILD_TARGETS += skip-libkmipclient-xml
+			INSTALL_TARGETS += skip-libkmipclient-xml
+		endif
+	else
+		BUILD_TARGETS += skip-libkmipclient-jsonc
+		INSTALL_TARGETS += skip-libkmipclient-jsonc
+	endif
+else
+	BUILD_TARGETS += skip-libkmipclient-openssl
+	INSTALL_TARGETS += skip-libkmipclient-openssl
+endif
+
+TMPFILE := $(shell mktemp)
+
+detect-openssl-version.dep:
+	echo "#include <openssl/opensslv.h>" > $(TMPFILE)
+	echo "#include <openssl/evp.h>" >> $(TMPFILE)
+	echo "#ifndef OPENSSL_VERSION_PREREQ" >> $(TMPFILE)
+	echo "  #if defined(OPENSSL_VERSION_MAJOR) && defined(OPENSSL_VERSION_MINOR)" >> $(TMPFILE)
+	echo "    #define OPENSSL_VERSION_PREREQ(maj, min) \\" >> $(TMPFILE)
+	echo "                 ((OPENSSL_VERSION_MAJOR << 16) + \\" >> $(TMPFILE)
+	echo "                  OPENSSL_VERSION_MINOR >= ((maj) << 16) + (min))" >> $(TMPFILE)
+	echo "  #else" >> $(TMPFILE)
+	echo "    #define OPENSSL_VERSION_PREREQ(maj, min) \\" >> $(TMPFILE)
+	echo "                 (OPENSSL_VERSION_NUMBER >= (((maj) << 28) | \\" >> $(TMPFILE)
+	echo "		        ((min) << 20)))" >> $(TMPFILE)
+	echo "  #endif" >> $(TMPFILE)
+	echo "#endif" >> $(TMPFILE)
+	echo "#if !OPENSSL_VERSION_PREREQ(1, 1)" >> $(TMPFILE)
+	echo "  #error openssl version 1.1 is required" >> $(TMPFILE)
+	echo "#endif" >> $(TMPFILE)
+	echo "static void __attribute__((unused)) test(void) {" >> $(TMPFILE)
+	echo "    EVP_PKEY_meth_remove(NULL);" >> $(TMPFILE)
+	echo "}" >> $(TMPFILE)
+	mv $(TMPFILE) $@
+
+check-dep-libkmipclient: detect-openssl-version.dep
+	$(call check_dep, \
+		"libkmipclient", \
+		"detect-openssl-version.dep", \
+		"openssl-devel version >= 1.1.1", \
+		"HAVE_OPENSSL=0", \
+		-I. -lcrypto -DOPENSSL_SUPPRESS_DEPRECATED)
+	$(call check_dep, \
+		"libkmipclient", \
+		"json-c/json.h", \
+		"json-c-devel", \
+		"HAVE_JSONC=0")
+	$(call check_dep, \
+		"libkmipclient", \
+		"libxml/tree.h", \
+		"libxml2-devel", \
+		"HAVE_LIBXML2=0", \
+		`xml2-config --cflags` `xml2-config --libs`)
+	$(call check_dep, \
+		"libkmipclient", \
+		"curl/curl.h", \
+		"libcurl-devel", \
+		"HAVE_LIBCURL=0" \
+		`curl-config --cflags` `curl-config --libs`)
+	curl-config --ssl-backends | grep OpenSSL >/dev/null 2>&1 || { echo "Error: libcurl is not built with the OpenSSL backend"; exit 1; }
+	touch check-dep-libkmipclient
+
+skip-libkmipclient-openssl:
+	echo "  SKIP    libkmipclient due to HAVE_OPENSSL=0"
+
+skip-libkmipclient-jsonc:
+	echo "  SKIP    libkmipclient due to HAVE_JSONC=0"
+
+skip-libkmipclient-xml:
+	echo "  SKIP    libkmipclient due to HAVE_LIBXML2=0"
+
+skip-libkmipclient-curl:
+	echo "  SKIP    libkmipclient due to HAVE_LIBCURL=0"
+
+all: $(BUILD_TARGETS)
+
+kmip.o: check-dep-libkmipclient kmip.c kmip.h utils.h $(rootdir)include/kmipclient/kmipclient.h
+request.o: check-dep-libkmipclient request.c kmip.h names.h $(rootdir)include/kmipclient/kmipclient.h
+response.o: check-dep-libkmipclient response.c kmip.h names.h $(rootdir)include/kmipclient/kmipclient.h
+attribute.o: check-dep-libkmipclient attribute.c kmip.h names.h $(rootdir)include/kmipclient/kmipclient.h
+key.o: check-dep-libkmipclient key.c kmip.h names.h $(rootdir)include/kmipclient/kmipclient.h
+ttlv.o: check-dep-libkmipclient ttlv.c kmip.h utils.h $(rootdir)include/kmipclient/kmipclient.h
+json.o: check-dep-libkmipclient json.c kmip.h names.h utils.h $(rootdir)include/kmipclient/kmipclient.h
+xml.o: check-dep-libkmipclient xml.c kmip.h names.h utils.h $(rootdir)include/kmipclient/kmipclient.h
+https.o: check-dep-libkmipclient https.c kmip.h utils.h $(rootdir)include/kmipclient/kmipclient.h
+tls.o: check-dep-libkmipclient tls.c kmip.h utils.h $(rootdir)include/kmipclient/kmipclient.h
+names.o: check-dep-libkmipclient names.c names.h utils.h $(rootdir)include/kmipclient/kmipclient.h
+utils.o: check-dep-libkmipclient utils.c names.h utils.h $(rootdir)include/kmipclient/kmipclient.h
+
+libkmipclient.so.$(VERSION): ALL_CFLAGS += -fPIC `xml2-config --cflags` `curl-config --cflags`
+libkmipclient.so.$(VERSION): LDLIBS = -ljson-c -lcrypto -lssl `xml2-config --libs` `curl-config --libs`
+libkmipclient.so.$(VERSION): ALL_LDFLAGS += -shared -Wl,--version-script=libkmipclient.map \
+	-Wl,-z,defs,-Bsymbolic -Wl,-soname,libkmipclient.so.$(VERM)
+libkmipclient.so.$(VERSION): kmip.o request.o response.o attribute.o key.o ttlv.o json.o \
+	xml.o https.o tls.o names.o utils.o
+	$(LINK) $(ALL_LDFLAGS) $^ $(LDLIBS) -o $@
+	ln -srf libkmipclient.so.$(VERSION) libkmipclient.so.$(VERM)
+	ln -srf libkmipclient.so.$(VERSION) libkmipclient.so
+
+install-libkmipclient.so.$(VERSION): libkmipclient.so.$(VERSION)
+	$(INSTALL) -g $(GROUP) -o $(OWNER) -m 755 -T libkmipclient.so.$(VERSION) $(DESTDIR)$(SOINSTALLDIR)/libkmipclient.so.$(VERSION)
+	ln -srf $(DESTDIR)$(SOINSTALLDIR)/libkmipclient.so.$(VERSION) $(DESTDIR)$(SOINSTALLDIR)/libkmipclient.so.$(VERM)
+	ln -srf $(DESTDIR)$(SOINSTALLDIR)/libkmipclient.so.$(VERSION) $(DESTDIR)$(SOINSTALLDIR)/libkmipclient.so
+	$(INSTALL) -d -m 770 $(DESTDIR)$(USRINCLUDEDIR)/kmipclient
+	$(INSTALL) -g $(GROUP) -o $(OWNER) -m 644 $(rootdir)include/kmipclient/kmipclient.h $(DESTDIR)$(USRINCLUDEDIR)/kmipclient
+
+install: all $(INSTALL_TARGETS)
+
+clean:
+	rm -f *.o libkmipclient.so* check-dep-libkmipclient detect-openssl-version.dep
+
+.PHONY: all install clean skip-libkmipclient-openssl skip-libkmipclient-jsonc \
+	skip-libkmipclient-xml skip-libkmipclient-curl install-libkmipclient.so.$(VERSION)