- download packages
ocf-linux (current release 20071215) http://ocf-linux.sourceforge.net/crypto-tools-20071215.tar.gz
linux kernel (2.4 and 2.6 kernels up to and include 2.4.34 and 2.6.23)
ocf-linux-20071215.tar.gz
ocf-linux-24-20071215.patch.gz
ocf-linux-26-20071215.patch.gz
ocf-openswan-2.4.11-20071215.patch.gz
openssl-0.9.8g (or e)
openswan-2.4.11 - build ocf-linux
- patch linux kernel source with ocf-linux-26-20071215.patch.gz
- change kernel config
Cryptographic options --->
OCF Configuration --->
<*> OCF (Open Cryptograhic Framework)
<*> cryptodev (user space support)
<*> cryptosoft (software crypto engine)
<*> safenet (HW crypto engine) - build kernel
- install cryptodev.h
mkdir include/crypto;
or install it at /usr/include/crypto/cryptodev.h
ln -s crypto/ocf/cryptodev.h include/crypto/cryptodev.h;
- build openssl-ocf
patch openssl-0.9.8g (or e) with openssl-0.9.8g.patch (or e) in ocf-linux-20071215.tar.gz, then build it. - build crypto-tools-20071215.tar.gz
ensure crypto/cryptodev.h is installed somewhere - build openswan-ocf
patch openswan-2.4.11 with ocf-openswan-2.4.11-20071215.patch.gz and build it
However, building KLIPS module doesn't use OCF crypto by default. (?)Because there is a default config included in the Makefile(linux/net/ipsec/defconfig) and it doesn't include CONFIG_KLIPS_OCF=y.
Adding "CONFIG_KLIPS_OCF=y" do cause ipsec_ocf.o compiled, but still failed because CONFIG_KLIPS_OCF is not defined. Additional flags "-DCONFIG_KLIPS_OCF" should be added when CONFIG_KLIPS_OCF is required while compiling.Index: packaging/makefiles/module26.make
===================================================================
--- packaging/makefiles/module26.make (revision 96)
+++ packaging/makefiles/module26.make (working copy)
@@ -50,7 +50,12 @@
include ${OPENSWANSRCDIR}/packaging/makefiles/module.defs
ifneq ($(strip $(MODULE_DEFCONFIG)),)
include ${MODULE_DEFCONFIG}
+
+ifneq ($(strip $(CONFIG_KLIPS_OCF)),)
+EXTRA_CFLAGS += -DCONFIG_KLIPS_OCF
endif
+
+endif
include ${KLIPSSRC}/Makefile.fs2_6
Index: linux/net/ipsec/defconfig
===================================================================
--- linux/net/ipsec/defconfig (revision 96)
+++ linux/net/ipsec/defconfig (working copy)
@@ -1,3 +1,4 @@
+CONFIG_KLIPS_OCF=y
#
# RCSID $Id: defconfig,v 1.28.2.1 2006-10-11 18:14:33 paul Exp $
- according to ./crypto/ocf/README,enable debug option of ocf/cryptodev/safe/cryptosoft
- use cryptotest/openssl command to test, and there should be debug message from ocf modules printed.
- use openswan to get connected, and there should be debug message from ocf modules printed.
沒有留言:
張貼留言