开源opensc的子工程pkcs11-engine在windows平台下编译

 根据网上一位前辈写的：
开源opensc工程windows平台下编译，自己结合实际项目中的操作记录下来。至于接口的编写下一篇文章会来介绍。

在Google上搜了一下opensc的简介，没有，算了还是自己说吧。
opensc官方网站http://www.opensc-project.org/
工程简介：对于智能卡的访问，opensc工程提供了一套库和工具。opensc重点放在了卡片的密码操作，推进卡片的应用如邮件加密、认证和签名。opensc实现了PKCS#11的API以便支持Mozilla FireFox（浏览器）和Thunderbird（邮件客户端）能使用它。opensc实现了PKCS#15标准以便兼容所有的应用。
opensc支持以下卡片：

National ID Cards

·                 Finnish ID Card FINEID

·                 Swedish Posten eID

·                 Estonian ID Card EstEID

·                 Italian Infocamere

·                 Italian Postecert

·                 Italian CNS/CIE (eID)

·                 Belgian eID

·                 Spanish Ceres

·                 German ID Cards, eHBA, eGK

·                 Taiwan

·                 Austrian Bürgerkarte, e-card

·                 Australian national ID card

·                 United States PIV card applet

·                 Turkish EID Card

Smart Cards

·                 Schlumberger/Axalto Cryptoflex

·                 Schlumberger/Axalto Cyberflex

·                 Gemplus GPK

·                 EMV

·                 Siemens CardOS M4

·                 IBM JCOP

·                 Micardo

·                 Oberthur

·                 OpenPGP

·                 Setec Setcos

·                 Giesecke & Devrient Starcos

·                 Giesecke & Devrient Seccos

·                 TCOS based cards (NetKey E4, SignTrust, Smartkey)

·                 AKIS Smart Cards

USB Tokens

·                 Aladdin eToken Pro

·                 Eutron CryptoIdentity ITSEC

·                 Schlumberger/Axalto e-gate

·                 Rainbow iKey 3000

·                 Rainbow iKey 4000 not supported

·                 Feitian ePass3000 （中国飞天诚信的epass3000）

二、编译环境
操作系统：Windows XP SP3
开发工具：vistual C++
代码：Engine-pkcs11-0.1.8.tar.gz
库：openssl 0.9.8l.tar.gz、libtool-1.5.26-lib.zip、libp11-0.2.7.tar.gz

三、编译过程

由于engine_pkcs11-0.1.8 使用了libp11-0.2.7库文件，而ibp11-0.2.7库文件又使用了libtool-1.5.26-lib， 所以先编译libp11-0.2.7，再编译engine_pkcs11-0.1.8。（libtool-1.5.26-lib在下载时就已经编译好了）

3.1.  libtool-1.5.26-lib解压缩至c:/下：其中文件目录如下：

3.2.  openssl：把tar.gz包解压至c:/下，编译之，步骤略（google上有很多在windows下编译openssl的例子）

3.3  编译libp11-0.2.7 文件：编辑 src/ Makefile.mak。下面贴出编辑好的文件：

LIBLTDL_INC =  /IC:/libtool-1.5.26-lib/include # E.g. /IC:/libtool-1.5.8-lib/include 修改为自己电脑上libtool的库文件

LIBLTDL_LIB =     C:/libtool-1.5.26-lib/lib/ltdl.lib # E.g. C:/libtool-1.5.8-lib/lib/libltdl.lib 修改为自己电脑上libtool的库文件

 

OPENSSL_INC = /IC:/openssl-0.9.8l/include  # e.g. /IC:/openssl/include 修改为自己电脑上openssl的库文件

OPENSSL_LIB = C:/openssl-0.9.8l/out32dll/libeay32.lib # eg. C:/openssl/out32dll/libeay32.lib修改为自己电脑上openssl的库文件

 

COPTS = /Zi /MD /nologo /I../ /I. $(OPENSSL_INC) $(LIBLTDL_INC) /D_WIN32_WINNT=0x0400 /DWIN32 /DWIN32_LEAN_AND_MEAN

LINKFLAGS = /DEBUG /NOLOGO /INCREMENTAL:NO /MACHINE:IX86

 

TARGET                  = libp11.dll

 

OBJECTS                 = libpkcs11.obj p11_attr.obj p11_cert.obj p11_err.obj /

    p11_key.obj p11_load.obj p11_misc.obj p11_rsa.obj p11_slot.obj p11_ops.obj

 

all: $(TARGET) versioninfo.res

 

RSC_PROJ=/l 0x809 /r /fo"versioninfo.res"

 

versioninfo.res: versioninfo.rc

    rc $(RSC_PROJ) versioninfo.rc

 

 

.c.obj::

    cl $(COPTS) /c $<

 

$(TARGET): $(OBJECTS) versioninfo.res

    echo LIBRARY $* > $*.def

    echo EXPORTS >> $*.def

    type $*.exports >> $*.def

    link $(LINKFLAGS) /dll /def:$*.def /implib:$*.lib /out:$(TARGET) /

        $(OBJECTS) $(OPENSSL_LIB) $(LIBLTDL_LIB) versioninfo.res

    if EXIST $*.dll.manifest mt -manifest $*.dll.manifest -outputresource:$*.dll;2

 

进入cmd的 C:/libp11-0.2.7> 编译 nmake -f Makefile.mak 。输出为：

Microsoft (R) Program Maintenance Utility   Version 6.00.8168.0

Copyright (C) Microsoft Corp 1988-1998. All rights reserved.

 

已复制         1 个文件。

        rc /l 0x809 /r /fo"versioninfo.res" versioninfo.rc

        cl /Zi /MD /nologo /I../ /I. /IC:/openssl-0.9.8l/include /IC:/libtool-1.

5.26-lib/include /D_WIN32_WINNT=0x0400 /DWIN32 /DWIN32_LEAN_AND_MEAN /c libpkcs1

1.c p11_attr.c p11_cert.c p11_err.c p11_key.c p11_load.c p11_misc.c p11_rsa.c p1

1_slot.c p11_ops.c

libpkcs11.c

p11_attr.c

p11_cert.c

p11_err.c

p11_key.c

p11_load.c

p11_misc.c

p11_rsa.c

p11_slot.c

p11_ops.c

Generating Code...

        echo LIBRARY libp11 > libp11.def

        echo EXPORTS >> libp11.def

        type libp11.exports >> libp11.def

        link /DEBUG /NOLOGO /INCREMENTAL:NO /MACHINE:IX86 /dll /def:libp11.def /

implib:libp11.lib /out:libp11.dll  libpkcs11.obj p11_attr.obj p11_cert.obj p11_e

rr.obj  p11_key.obj p11_load.obj p11_misc.obj p11_rsa.obj p11_slot.

 

此时生成了libp11.dll和libp11.lib 文件 ，编译ok

在目录下新建两个文件include和lib ，在inlcude中copy这些头文件config.h 、winconfig.h 、pkcs11.h 、libp11.h 、libp11-int.h ；而在lib文件夹中copy进 libp11.lib和libp11.dll 就可以了。

3.4  编译engine_pkcs11-0.1.8 文件：把tar.gz包解压至c:/下，编辑 src / Makefile.mak。下面贴出编辑好的文件：

# - set the OPENSSL_INCL_DIR below to your openssl include directory, preceded by "/I"

# - set the OPENSSL_LIB below to your openssl lib file

# Note: these instructions obsolete the instructions in opensc.html

 

OPENSSL_INC = /IC:/openssl-0.9.8l/include  # eg. /IC:/openssl/include 修改为自己电脑上openssl的库文件

OPENSSL_LIB = C:/openssl-0.9.8l/out32dll/libeay32.lib # eg. C:/openssl/lib/libeay32.lib修改为自己电脑上openssl的库文件

LIBP11_INC = /IC:/libp11-0.2.7/include   # eg. /IC:/libp11/include修改为自己电脑上libp11的库文件

LIBP11_LIB = C:/libp11-0.2.7/lib/libp11.lib  # eg. C:/libp11/lib/libp11.lib修改为自己电脑上libp11的库文件

 

COPTS = /Zi /MD /nologo /I../ /DHAVE_CONFIG_H $(OPENSSL_INC) $(LIBP11_INC) /D_WIN32_WINNT=0x0400 /DWIN32_LEAN_AND_MEAN /DHAVE_OPENSSL

LINKFLAGS = /DEBUG /NOLOGO /INCREMENTAL:NO /MACHINE:IX86

 

 

TARGET                  = engine_pkcs11.dll

 

OBJECTS            = engine_pkcs11.obj hw_pkcs11.obj

 

all: $(TARGET)

 

.c.obj::

     cl $(COPTS) /c $<

 

$(TARGET): $(OBJECTS) .

     echo LIBRARY $* > $*.def

     echo EXPORTS >> $*.def

     type $*.exports >> $*.def

     link $(LINKFLAGS) /dll /def:$*.def /implib:$*.lib /out:$(TARGET) $(OBJECTS) $(OPENSSL_LIB) $(LIBP11_LIB) gdi32.lib

 

进入cmd的 C:/ engine_pkcs11-0.1.8>

 

由于此目录中没有Makefile.mak  将 libp11-0.2.7 目录中的Makefile.mak 文件copy到此处。

编译 nmake -f Makefile.mak 。输出为：

Microsoft (R) Program Maintenance Utility   Version 6.00.8168.0

Copyright (C) Microsoft Corp 1988-1998. All rights reserved.

 

        cl /Zi /MD /nologo /I../ /DHAVE_CONFIG_H /IC:/openssl-0.9.8l/include /IC

:/libp11-0.2.7/include /D_WIN32_WINNT=0x0400 /DWIN32_LEAN_AND_MEAN /DHAVE_OPENSS

L /c engine_pkcs11.c hw_pkcs11.c

engine_pkcs11.c

hw_pkcs11.c

hw_pkcs11.c(179) : warning C4028: formal parameter 5 different from declaration

hw_pkcs11.c(179) : warning C4024: 'ENGINE_set_ctrl_function' : different types f

or formal and actual parameter 2

Generating Code...

        echo LIBRARY engine_pkcs11 > engine_pkcs11.def

        echo EXPORTS >> engine_pkcs11.def

        type engine_pkcs11.exports >> engine_pkcs11.def

        link /DEBUG /NOLOGO /INCREMENTAL:NO /MACHINE:IX86 /dll /def:engine_pkcs1

1.def /implib:engine_pkcs11.lib /out:engine_pkcs11.dll engine_pkcs11.lib 2

 

 

此时，engine_pkcs11也编译ok了，可以开始编写接口代码了。代码下一篇文章会贴出：

下面是上面那位网友写的一个关于opensc的编译方法，我自己也试过了，可以生成一些命令，结合OpenSSL一起使用。

3.5编译opensc-0.11.12 文件：把tar.gz包解压至c:/下，编辑 win32 / Make.rules.mak。下面贴出编辑好的文件：
# Note: these instructions obsolete the instructions in opensc.html
# You first need to download the gnuwin32 libtool (e.g. the "Binaries" and "Developer
# files" from http://gnuwin32.sourceforge.net/packages/libtool.htm)
# Then fill in the directory path to ltdl.h on the LIBLTDL_INCL line below, preceeded
# by an "/I"; and fill in the path to the libltdl.lib on the LIBLTDL_LIB line below.
# Then you can build this OpenSC package; and afterwards you'll need to copy the
# libltdl3.dll somewhere on your execution path.
LIBLTDL_INCL = /IC:/libtool-1.5.26-bin/include    # E.g. /IC:/libtool-1.5.8-lib/include （这里改成你自己的路径，我的是c盘）
LIBLTDL_LIB = C:/libtool-1.5.26-bin/lib/ltdl.lib    # E.g. C:/libtool-1.5.8-lib/lib/libltdl.lib（这里改成你自己的路径，我的是c盘）

OPENSC_FEATURES = pcsc
# If you want support for OpenSSL (needed for a.o. pkcs15-init tool and openssl engine):
# - download and build OpenSSL
# - uncomment the line starting with OPENSSL_DEF
# - set the OPENSSL_INCL_DIR below to your openssl include directory, preceded by "/I"
# - set the OPENSSL_LIB below to your openssl lib file
OPENSSL_DEF = /DENABLE_OPENSSL  #把这个选项打开，源代码中使用了openssl，不然会报错
!IF "$(OPENSSL_DEF)" == "/DENABLE_OPENSSL"
OPENSSL_INCL_DIR = /IE:/软件/加密库/openssl/openssl-0.9.7c/include      #改这里的路径
OPENSSL_LIB = E:/软件/加密库/openssl/openssl-0.9.7c/out32dll/Debug/libeay32.lib #指向编译好的libeay32.lib
PROGRAMS_OPENSSL = pkcs15-init.exe cryptoflex-tool.exe netkey-tool.exe piv-tool.exe
OPENSC_FEATURES = $(OPENSC_FEATURES) openssl
!ENDIF
# If you want support for zlib (Used for PIV, infocamere and actalis:
# - Download zlib and build
# - uncomment the line starting with ZLIB_DEF
# - set the ZLIB_INCL_DIR below to the zlib include lib proceeded by "/I"
# - set the ZLIB_LIB  below to your zlib lib file
#ZLIB_DEF = /DENABLE_ZLIB
!IF "$(ZLIB_DEF)" == "/DENABLE_ZLIB"
ZLIB_INCL_DIR = /IC:/ZLIB/INCLUDE
ZLIB_LIB = C:/ZLIB/LIB/zlib.lib
OPENSC_FEATURES = $(OPENSC_FEATURES) zlib
!ENDIF

COPTS = /D_CRT_SECURE_NO_DEPRECATE /Zi /MD /nologo /DHAVE_CONFIG_H /I$(TOPDIR)/src/include /I$(TOPDIR)/src/include/opensc /I$(TOPDIR)/src/common $(OPENSSL_INCL_DIR) $(ZLIB_INCL_DIR) $(LIBLTDL_INCL) /D_WIN32_WINNT=0x0400 /DWIN32_LEAN_AND_MEAN $(OPENSSL_DEF) $(ZLIB_DEF) /DOPENSC_FEATURES="/"$(OPENSC_FEATURES)/""
LINKFLAGS = /DEBUG /NOLOGO /INCREMENTAL:NO /MACHINE:IX86

install-headers:
@for %i in ( $(HEADERS) ) do /
  @xcopy /d /q /y %i $(HEADERSDIR) > nul
install-headers-dir:
@for %i in ( $(HEADERSDIRFROM2) ) do /
  @xcopy /d /q /y %i/*.h $(HEADERSDIR2)/*.h > nul
.c.obj::
cl $(COPTS) /c $<
.rc.res::
rc /l 0x0409 /r $<
clean::
del /Q *.obj *.dll *.exe *.pdb *.lib *.def

打开vistudio studio .net 2003 command prompt 窗口，然后在opensc根目录下执行 nmake -f Makefile.mak，编译成功！

opensc是对pkcs 15的实现？好像并不没有实现pkcs11

opensc没有实现pkcs11，是对pkcs11又封了一层对上层提供服务