Add configurable support for Apple Common Crypto and Nettle libraries.
This commit is contained in:
John Hood
+43
-2
@@ -251,8 +251,6 @@ AC_CHECK_FUNCS(m4_normalize([
|
||||
|
||||
AC_SEARCH_LIBS([clock_gettime], [rt], [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Define if clock_gettime is available.])])
|
||||
|
||||
PKG_CHECK_MODULES([OPENSSL], [openssl])
|
||||
|
||||
# Start by trying to find the needed tinfo parts by pkg-config
|
||||
PKG_CHECK_MODULES([TINFO], [tinfo],
|
||||
[AC_DEFINE([HAVE_CURSES_H], [1], [Define to 1 if <curses.h> is present])],
|
||||
@@ -293,6 +291,49 @@ if test "x$ax_cv_have_TINFO" = xno ; then
|
||||
fi
|
||||
fi
|
||||
|
||||
dnl Default to OpenSSL, or OS X crypto library if found
|
||||
AC_CHECK_HEADERS([CommonCrypto/CommonCrypto.h],
|
||||
[default_crypto_library="apple-common-crypto"],
|
||||
[default_crypto_library="openssl"]
|
||||
)
|
||||
|
||||
dnl Allow user to select over the default.
|
||||
AC_ARG_WITH(
|
||||
[crypto-library],
|
||||
[AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|nettle|apple-common-crypto @<:@default=openssl@:>@])],
|
||||
[
|
||||
case "${withval}" in
|
||||
openssl|nettle|apple-common-crypto) ;;
|
||||
*) AC_MSG_ERROR([bad value ${withval} for --with-crypto-library]) ;;
|
||||
esac
|
||||
],
|
||||
[with_crypto_library="$default_crypto_library"]
|
||||
)
|
||||
|
||||
dnl Checks for chosen crypto library
|
||||
case "${with_crypto_library}" in
|
||||
openssl)
|
||||
PKG_CHECK_MODULES([CRYPTO], [openssl],
|
||||
[],
|
||||
[AC_MSG_ERROR([OpenSSL crypto library not found])])
|
||||
AC_DEFINE([USE_OPENSSL_AES], [1], [Use OpenSSL library])
|
||||
;;
|
||||
nettle)
|
||||
PKG_CHECK_MODULES([CRYPTO], [nettle],
|
||||
[],
|
||||
[AC_MSG_ERROR([Nettle crypto library not found])])
|
||||
AC_DEFINE([USE_NETTLE_AES], [1], [Use Nettle library])
|
||||
;;
|
||||
apple-common-crypto)
|
||||
dnl Common Crypto is in Apple's standard paths and base libraries.
|
||||
dnl So just check for presence of the header.
|
||||
AC_CHECK_HEADERS([CommonCrypto/CommonCrypto.h],
|
||||
[],
|
||||
[AC_MSG_ERROR([Apple Common Crypto header not found])])
|
||||
AC_DEFINE([USE_APPLE_COMMON_CRYPTO_AES], [1], [Use Apple Common Crypto library])
|
||||
;;
|
||||
esac
|
||||
|
||||
AC_CHECK_DECL([forkpty],
|
||||
[AC_DEFINE([FORKPTY_IN_LIBUTIL], [1],
|
||||
[Define if libutil.h necessary for forkpty().])],
|
||||
|
||||
+1
-2
@@ -59,8 +59,7 @@ for arch in $ARCHS; do
|
||||
mkdir "${prefix}"
|
||||
if ./configure --prefix="${prefix}/local" \
|
||||
CC="cc -arch ${arch}" CPP="cc -arch ${arch} -E" CXX="c++ -arch ${arch}" \
|
||||
TINFO_LIBS=-lncurses \
|
||||
OPENSSL_CFLAGS=" " OPENSSL_LIBS="-lssl -lcrypto -lz" &&
|
||||
TINFO_LIBS=-lncurses &&
|
||||
make clean &&
|
||||
make install -j8 &&
|
||||
rm -f "${prefix}/etc"
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
AM_CPPFLAGS = -I$(srcdir)/../util $(OPENSSL_CFLAGS)
|
||||
AM_CPPFLAGS = -I$(srcdir)/../util $(CRYPTO_CFLAGS)
|
||||
AM_CXXFLAGS = $(WARNING_CXXFLAGS) $(PICKY_CXXFLAGS) $(HARDEN_CFLAGS) $(MISC_CXXFLAGS)
|
||||
|
||||
noinst_LIBRARIES = libmoshcrypto.a
|
||||
|
||||
@@ -50,9 +50,13 @@
|
||||
|
||||
/* This implementation has built-in support for multiple AES APIs. Set any
|
||||
/ one of the following to non-zero to specify which to use. */
|
||||
#if 0
|
||||
#define USE_APPLE_COMMON_CRYPTO_AES 0
|
||||
#define USE_NETTLE_AES 0
|
||||
#define USE_OPENSSL_AES 1 /* http://openssl.org */
|
||||
#define USE_REFERENCE_AES 0 /* Internet search: rijndael-alg-fst.c */
|
||||
#define USE_AES_NI 0 /* Uses compiler's intrinsics */
|
||||
#endif
|
||||
|
||||
/* During encryption and decryption, various "L values" are required.
|
||||
/ The L values can be precomputed during initialization (requiring extra
|
||||
@@ -72,6 +76,7 @@
|
||||
/* Includes and compiler specific definitions */
|
||||
/* ----------------------------------------------------------------------- */
|
||||
|
||||
#include "config.h"
|
||||
#include "ae.h"
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
@@ -95,8 +100,12 @@
|
||||
#include <intrin.h>
|
||||
#pragma intrinsic(_byteswap_uint64, _BitScanForward, memcpy)
|
||||
#elif __GNUC__
|
||||
#ifndef inline
|
||||
#define inline __inline__ /* No "inline" in GCC ansi C mode */
|
||||
#endif
|
||||
#ifndef restrict
|
||||
#define restrict __restrict__ /* No "restrict" in GCC ansi C mode */
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if _MSC_VER
|
||||
@@ -347,6 +356,131 @@ static inline void AES_ecb_decrypt_blks(block *blks, unsigned nblks, AES_KEY *ke
|
||||
|
||||
#define BPI 4 /* Number of blocks in buffer per ECB call */
|
||||
|
||||
/*-------------------*/
|
||||
#elif USE_APPLE_COMMON_CRYPTO_AES
|
||||
/*-------------------*/
|
||||
|
||||
#include <fatal_assert.h>
|
||||
#include <CommonCrypto/CommonCryptor.h>
|
||||
|
||||
typedef struct {
|
||||
CCCryptorRef ref;
|
||||
uint8_t b[4096];
|
||||
} AES_KEY;
|
||||
#if (OCB_KEY_LEN == 0)
|
||||
#define ROUNDS(ctx) ((ctx)->rounds)
|
||||
#else
|
||||
#define ROUNDS(ctx) (6+OCB_KEY_LEN/4)
|
||||
#endif
|
||||
|
||||
static inline void AES_set_encrypt_key(unsigned char *handle, const int bits, AES_KEY *key)
|
||||
{
|
||||
CCCryptorStatus rv = CCCryptorCreateFromData(
|
||||
kCCEncrypt,
|
||||
kCCAlgorithmAES,
|
||||
kCCOptionECBMode,
|
||||
handle,
|
||||
bits / 8,
|
||||
NULL,
|
||||
&(key->b),
|
||||
sizeof (key->b),
|
||||
&(key->ref),
|
||||
NULL);
|
||||
|
||||
fatal_assert(rv == kCCSuccess);
|
||||
}
|
||||
static inline void AES_set_decrypt_key(unsigned char *handle, const int bits, AES_KEY *key)
|
||||
{
|
||||
CCCryptorStatus rv = CCCryptorCreateFromData(
|
||||
kCCDecrypt,
|
||||
kCCAlgorithmAES,
|
||||
kCCOptionECBMode,
|
||||
handle,
|
||||
bits / 8,
|
||||
NULL,
|
||||
&(key->b),
|
||||
sizeof (key->b),
|
||||
&(key->ref),
|
||||
NULL);
|
||||
|
||||
fatal_assert(rv == kCCSuccess);
|
||||
}
|
||||
static inline void AES_encrypt(unsigned char *src, unsigned char *dst, AES_KEY *key) {
|
||||
size_t dataOutMoved;
|
||||
CCCryptorStatus rv = CCCryptorUpdate(
|
||||
key->ref,
|
||||
(const void *)src,
|
||||
kCCBlockSizeAES128,
|
||||
(void *)dst,
|
||||
kCCBlockSizeAES128,
|
||||
&dataOutMoved);
|
||||
fatal_assert(rv == kCCSuccess);
|
||||
fatal_assert(dataOutMoved == kCCBlockSizeAES128);
|
||||
}
|
||||
#if 0
|
||||
/* unused */
|
||||
static inline void AES_decrypt(unsigned char *src, unsigned char *dst, AES_KEY *key) {
|
||||
AES_encrypt(src, dst, key);
|
||||
}
|
||||
#endif
|
||||
static inline void AES_ecb_encrypt_blks(block *blks, unsigned nblks, AES_KEY *key) {
|
||||
const size_t dataSize = kCCBlockSizeAES128 * nblks;
|
||||
size_t dataOutMoved;
|
||||
CCCryptorStatus rv = CCCryptorUpdate(
|
||||
key->ref,
|
||||
(const void *)blks,
|
||||
dataSize,
|
||||
(void *)blks,
|
||||
dataSize,
|
||||
&dataOutMoved);
|
||||
fatal_assert(rv == kCCSuccess);
|
||||
fatal_assert(dataOutMoved == dataSize);
|
||||
}
|
||||
static inline void AES_ecb_decrypt_blks(block *blks, unsigned nblks, AES_KEY *key) {
|
||||
AES_ecb_encrypt_blks(blks, nblks, key);
|
||||
}
|
||||
|
||||
#define BPI 4 /* Number of blocks in buffer per ECB call */
|
||||
|
||||
/*-------------------*/
|
||||
#elif USE_NETTLE_AES
|
||||
/*-------------------*/
|
||||
|
||||
#include <nettle/aes.h>
|
||||
|
||||
typedef struct aes_ctx AES_KEY;
|
||||
#if (OCB_KEY_LEN == 0)
|
||||
#define ROUNDS(ctx) ((ctx)->rounds)
|
||||
#else
|
||||
#define ROUNDS(ctx) (6+OCB_KEY_LEN/4)
|
||||
#endif
|
||||
|
||||
static inline void AES_set_encrypt_key(unsigned char *handle, const int bits, AES_KEY *key)
|
||||
{
|
||||
nettle_aes_set_encrypt_key(key, bits/8, (const uint8_t *)handle);
|
||||
}
|
||||
static inline void AES_set_decrypt_key(unsigned char *handle, const int bits, AES_KEY *key)
|
||||
{
|
||||
nettle_aes_set_decrypt_key(key, bits/8, (const uint8_t *)handle);
|
||||
}
|
||||
static inline void AES_encrypt(unsigned char *src, unsigned char *dst, AES_KEY *key) {
|
||||
nettle_aes_encrypt(key, AES_BLOCK_SIZE, dst, src);
|
||||
}
|
||||
#if 0
|
||||
/* unused */
|
||||
static inline void AES_decrypt(unsigned char *src, unsigned char *dst, AES_KEY *key) {
|
||||
nettle_aes_decrypt(key, AES_BLOCK_SIZE, dst, src);
|
||||
}
|
||||
#endif
|
||||
static inline void AES_ecb_encrypt_blks(block *blks, unsigned nblks, AES_KEY *key) {
|
||||
nettle_aes_encrypt(key, nblks * AES_BLOCK_SIZE, (unsigned char*)blks, (unsigned char*)blks);
|
||||
}
|
||||
static inline void AES_ecb_decrypt_blks(block *blks, unsigned nblks, AES_KEY *key) {
|
||||
nettle_aes_decrypt(key, nblks * AES_BLOCK_SIZE, (unsigned char*)blks, (unsigned char*)blks);
|
||||
}
|
||||
|
||||
#define BPI 4 /* Number of blocks in buffer per ECB call */
|
||||
|
||||
/*-------------------*/
|
||||
#elif USE_REFERENCE_AES
|
||||
/*-------------------*/
|
||||
@@ -560,6 +694,8 @@ static inline void AES_ecb_decrypt_blks(block *blks, unsigned nblks, AES_KEY *ke
|
||||
#define BPI 8 /* Number of blocks in buffer per ECB call */
|
||||
/* Set to 4 for Westmere, 8 for Sandy Bridge */
|
||||
|
||||
#else
|
||||
#error "No AES implementation selected."
|
||||
#endif
|
||||
|
||||
/* ----------------------------------------------------------------------- */
|
||||
|
||||
@@ -7,11 +7,11 @@ endif
|
||||
|
||||
encrypt_SOURCES = encrypt.cc
|
||||
encrypt_CPPFLAGS = -I$(srcdir)/../crypto
|
||||
encrypt_LDADD = ../crypto/libmoshcrypto.a $(OPENSSL_LIBS)
|
||||
encrypt_LDADD = ../crypto/libmoshcrypto.a $(CRYPTO_LIBS)
|
||||
|
||||
decrypt_SOURCES = decrypt.cc
|
||||
decrypt_CPPFLAGS = -I$(srcdir)/../crypto
|
||||
decrypt_LDADD = ../crypto/libmoshcrypto.a $(OPENSSL_LIBS)
|
||||
decrypt_LDADD = ../crypto/libmoshcrypto.a $(CRYPTO_LIBS)
|
||||
|
||||
parse_SOURCES = parse.cc
|
||||
parse_CPPFLAGS = -I$(srcdir)/../terminal -I$(srcdir)/../util
|
||||
@@ -23,8 +23,8 @@ termemu_LDADD = ../terminal/libmoshterminal.a ../util/libmoshutil.a ../statesync
|
||||
|
||||
ntester_SOURCES = ntester.cc
|
||||
ntester_CPPFLAGS = -I$(srcdir)/../util -I$(srcdir)/../statesync -I$(srcdir)/../terminal -I$(srcdir)/../network -I$(srcdir)/../crypto -I../protobufs $(protobuf_CFLAGS)
|
||||
ntester_LDADD = ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../network/libmoshnetwork.a ../crypto/libmoshcrypto.a ../protobufs/libmoshprotos.a ../util/libmoshutil.a $(LIBUTIL) -lm $(protobuf_LIBS) $(OPENSSL_LIBS)
|
||||
ntester_LDADD = ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../network/libmoshnetwork.a ../crypto/libmoshcrypto.a ../protobufs/libmoshprotos.a ../util/libmoshutil.a $(LIBUTIL) -lm $(protobuf_LIBS) $(CRYPTO_LIBS)
|
||||
|
||||
benchmark_SOURCES = benchmark.cc
|
||||
benchmark_CPPFLAGS = -I$(srcdir)/../util -I$(srcdir)/../statesync -I$(srcdir)/../terminal -I../protobufs -I$(srcdir)/../frontend -I$(srcdir)/../crypto -I$(srcdir)/../network $(protobuf_CFLAGS)
|
||||
benchmark_LDADD = ../frontend/terminaloverlay.o ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../protobufs/libmoshprotos.a ../network/libmoshnetwork.a ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(STDDJB_LDFLAGS) $(LIBUTIL) -lm $(TINFO_LIBS) $(protobuf_LIBS) $(OPENSSL_LIBS)
|
||||
benchmark_LDADD = ../frontend/terminaloverlay.o ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../protobufs/libmoshprotos.a ../network/libmoshnetwork.a ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(STDDJB_LDFLAGS) $(LIBUTIL) -lm $(TINFO_LIBS) $(protobuf_LIBS) $(CRYPTO_LIBS)
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
AM_CPPFLAGS = -I$(srcdir)/../statesync -I$(srcdir)/../terminal -I$(srcdir)/../network -I$(srcdir)/../crypto -I../protobufs -I$(srcdir)/../util $(TINFO_CFLAGS) $(protobuf_CFLAGS) $(OPENSSL_CFLAGS)
|
||||
AM_CPPFLAGS = -I$(srcdir)/../statesync -I$(srcdir)/../terminal -I$(srcdir)/../network -I$(srcdir)/../crypto -I../protobufs -I$(srcdir)/../util $(TINFO_CFLAGS) $(protobuf_CFLAGS) $(CRYPTO_CFLAGS)
|
||||
AM_CXXFLAGS = $(WARNING_CXXFLAGS) $(PICKY_CXXFLAGS) $(HARDEN_CFLAGS) $(MISC_CXXFLAGS)
|
||||
AM_LDFLAGS = $(HARDEN_LDFLAGS)
|
||||
LDADD = ../crypto/libmoshcrypto.a ../network/libmoshnetwork.a ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../util/libmoshutil.a ../protobufs/libmoshprotos.a -lm $(TINFO_LIBS) $(protobuf_LIBS) $(OPENSSL_LIBS)
|
||||
LDADD = ../crypto/libmoshcrypto.a ../network/libmoshnetwork.a ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../util/libmoshutil.a ../protobufs/libmoshprotos.a -lm $(TINFO_LIBS) $(protobuf_LIBS) $(CRYPTO_LIBS)
|
||||
|
||||
mosh_server_LDADD = $(LDADD) $(LIBUTIL)
|
||||
|
||||
|
||||
@@ -27,12 +27,12 @@ base64_vector.cc: $(srcdir)/genbase64.pl
|
||||
$(AM_V_GEN)perl $(srcdir)/genbase64.pl >> base64_vector.cc || rm base64_vector.cc
|
||||
|
||||
ocb_aes_SOURCES = ocb-aes.cc test_utils.cc test_utils.h
|
||||
ocb_aes_CPPFLAGS = -I$(srcdir)/../crypto -I$(srcdir)/../util
|
||||
ocb_aes_LDADD = ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(OPENSSL_LIBS)
|
||||
ocb_aes_CPPFLAGS = -I$(srcdir)/../crypto -I$(srcdir)/../util $(CRYPTO_CFLAGS)
|
||||
ocb_aes_LDADD = ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(CRYPTO_LIBS)
|
||||
|
||||
encrypt_decrypt_SOURCES = encrypt-decrypt.cc test_utils.cc test_utils.h
|
||||
encrypt_decrypt_CPPFLAGS = -I$(srcdir)/../crypto -I$(srcdir)/../util
|
||||
encrypt_decrypt_LDADD = ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(OPENSSL_LIBS)
|
||||
encrypt_decrypt_LDADD = ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(CRYPTO_LIBS)
|
||||
|
||||
base64_SOURCES = base64.cc base64_vector.cc base64_vector.h genbase64.pl
|
||||
base64_CPPFLAGS = $(ocb_aes_CPPFLAGS)
|
||||
|
||||
Reference in New Issue
Block a user