Add configurable support for Apple Common Crypto and Nettle libraries.

src/crypto/Makefile.am

@@ -1,4 +1,4 @@
-AM_CPPFLAGS = -I$(srcdir)/../util $(OPENSSL_CFLAGS)
+AM_CPPFLAGS = -I$(srcdir)/../util $(CRYPTO_CFLAGS)
 AM_CXXFLAGS = $(WARNING_CXXFLAGS) $(PICKY_CXXFLAGS) $(HARDEN_CFLAGS) $(MISC_CXXFLAGS)
 
 noinst_LIBRARIES = libmoshcrypto.a

src/crypto/ocb.cc

@@ -50,9 +50,13 @@
 
 /* This implementation has built-in support for multiple AES APIs. Set any
 /  one of the following to non-zero to specify which to use.               */
+#if 0
+#define USE_APPLE_COMMON_CRYPTO_AES       0
+#define USE_NETTLE_AES       0
 #define USE_OPENSSL_AES      1  /* http://openssl.org                      */
 #define USE_REFERENCE_AES    0  /* Internet search: rijndael-alg-fst.c     */
 #define USE_AES_NI           0  /* Uses compiler's intrinsics              */
+#endif
 
 /* During encryption and decryption, various "L values" are required.
 /  The L values can be precomputed during initialization (requiring extra
@@ -72,6 +76,7 @@
 /* Includes and compiler specific definitions                              */
 /* ----------------------------------------------------------------------- */
 
+#include "config.h"
 #include "ae.h"
 #include <stdlib.h>
 #include <string.h>
@@ -95,8 +100,12 @@
 	#include <intrin.h>
 	#pragma intrinsic(_byteswap_uint64, _BitScanForward, memcpy)
 #elif __GNUC__
+	#ifndef inline
 	#define inline __inline__            /* No "inline" in GCC ansi C mode */
+	#endif
+	#ifndef restrict
 	#define restrict __restrict__      /* No "restrict" in GCC ansi C mode */
+	#endif
 #endif
 
 #if _MSC_VER
@@ -347,6 +356,131 @@ static inline void AES_ecb_decrypt_blks(block *blks, unsigned nblks, AES_KEY *ke
 
 #define BPI 4  /* Number of blocks in buffer per ECB call */
 
+/*-------------------*/
+#elif USE_APPLE_COMMON_CRYPTO_AES
+/*-------------------*/
+
+#include <fatal_assert.h>
+#include <CommonCrypto/CommonCryptor.h>
+
+typedef struct {
+	CCCryptorRef ref;
+	uint8_t b[4096];
+} AES_KEY;
+#if (OCB_KEY_LEN == 0)
+#define ROUNDS(ctx) ((ctx)->rounds)
+#else
+#define ROUNDS(ctx) (6+OCB_KEY_LEN/4)
+#endif
+
+static inline void AES_set_encrypt_key(unsigned char *handle, const int bits, AES_KEY *key)
+{
+	CCCryptorStatus rv = CCCryptorCreateFromData(
+		kCCEncrypt,
+		kCCAlgorithmAES,
+		kCCOptionECBMode,
+		handle,
+		bits / 8,
+		NULL,
+		&(key->b),
+		sizeof (key->b),
+		&(key->ref),
+		NULL);
+
+	fatal_assert(rv == kCCSuccess);
+}
+static inline void AES_set_decrypt_key(unsigned char *handle, const int bits, AES_KEY *key)
+{
+	CCCryptorStatus rv = CCCryptorCreateFromData(
+		kCCDecrypt,
+		kCCAlgorithmAES,
+		kCCOptionECBMode,
+		handle,
+		bits / 8,
+		NULL,
+		&(key->b),
+		sizeof (key->b),
+		&(key->ref),
+		NULL);
+
+	fatal_assert(rv == kCCSuccess);
+}
+static inline void AES_encrypt(unsigned char *src, unsigned char *dst, AES_KEY *key) {
+	size_t dataOutMoved;
+	CCCryptorStatus rv = CCCryptorUpdate(
+		key->ref,
+		(const void *)src,
+		kCCBlockSizeAES128,
+		(void *)dst,
+		kCCBlockSizeAES128,
+		&dataOutMoved);
+	fatal_assert(rv == kCCSuccess);
+	fatal_assert(dataOutMoved == kCCBlockSizeAES128);
+}
+#if 0
+/* unused */
+static inline void AES_decrypt(unsigned char *src, unsigned char *dst, AES_KEY *key) {
+	AES_encrypt(src, dst, key);
+}
+#endif
+static inline void AES_ecb_encrypt_blks(block *blks, unsigned nblks, AES_KEY *key) {
+	const size_t dataSize = kCCBlockSizeAES128 * nblks;
+	size_t dataOutMoved;
+	CCCryptorStatus rv = CCCryptorUpdate(
+		key->ref,
+		(const void *)blks,
+		dataSize,
+		(void *)blks,
+		dataSize,
+		&dataOutMoved);
+	fatal_assert(rv == kCCSuccess);
+	fatal_assert(dataOutMoved == dataSize);
+}
+static inline void AES_ecb_decrypt_blks(block *blks, unsigned nblks, AES_KEY *key) {
+	AES_ecb_encrypt_blks(blks, nblks, key);
+}
+
+#define BPI 4  /* Number of blocks in buffer per ECB call */
+
+/*-------------------*/
+#elif USE_NETTLE_AES
+/*-------------------*/
+
+#include <nettle/aes.h>
+
+typedef struct aes_ctx AES_KEY;
+#if (OCB_KEY_LEN == 0)
+#define ROUNDS(ctx) ((ctx)->rounds)
+#else
+#define ROUNDS(ctx) (6+OCB_KEY_LEN/4)
+#endif
+
+static inline void AES_set_encrypt_key(unsigned char *handle, const int bits, AES_KEY *key)
+{
+	nettle_aes_set_encrypt_key(key, bits/8, (const uint8_t *)handle);
+}
+static inline void AES_set_decrypt_key(unsigned char *handle, const int bits, AES_KEY *key)
+{
+	nettle_aes_set_decrypt_key(key, bits/8, (const uint8_t *)handle);
+}
+static inline void AES_encrypt(unsigned char *src, unsigned char *dst, AES_KEY *key) {
+	nettle_aes_encrypt(key, AES_BLOCK_SIZE, dst, src);
+}
+#if 0
+/* unused */
+static inline void AES_decrypt(unsigned char *src, unsigned char *dst, AES_KEY *key) {
+	nettle_aes_decrypt(key, AES_BLOCK_SIZE, dst, src);
+}
+#endif
+static inline void AES_ecb_encrypt_blks(block *blks, unsigned nblks, AES_KEY *key) {
+	nettle_aes_encrypt(key, nblks * AES_BLOCK_SIZE, (unsigned char*)blks, (unsigned char*)blks);
+}
+static inline void AES_ecb_decrypt_blks(block *blks, unsigned nblks, AES_KEY *key) {
+	nettle_aes_decrypt(key, nblks * AES_BLOCK_SIZE, (unsigned char*)blks, (unsigned char*)blks);
+}
+
+#define BPI 4  /* Number of blocks in buffer per ECB call */
+
 /*-------------------*/
 #elif USE_REFERENCE_AES
 /*-------------------*/
@@ -560,6 +694,8 @@ static inline void AES_ecb_decrypt_blks(block *blks, unsigned nblks, AES_KEY *ke
 #define BPI 8  /* Number of blocks in buffer per ECB call   */
                /* Set to 4 for Westmere, 8 for Sandy Bridge */
 
+#else
+#error "No AES implementation selected."
 #endif
 
 /* ----------------------------------------------------------------------- */

src/examples/Makefile.am

@@ -7,11 +7,11 @@ endif
 
 encrypt_SOURCES = encrypt.cc
 encrypt_CPPFLAGS = -I$(srcdir)/../crypto
-encrypt_LDADD = ../crypto/libmoshcrypto.a $(OPENSSL_LIBS)
+encrypt_LDADD = ../crypto/libmoshcrypto.a $(CRYPTO_LIBS)
 
 decrypt_SOURCES = decrypt.cc
 decrypt_CPPFLAGS = -I$(srcdir)/../crypto
-decrypt_LDADD = ../crypto/libmoshcrypto.a $(OPENSSL_LIBS)
+decrypt_LDADD = ../crypto/libmoshcrypto.a $(CRYPTO_LIBS)
 
 parse_SOURCES = parse.cc
 parse_CPPFLAGS = -I$(srcdir)/../terminal -I$(srcdir)/../util
@@ -23,8 +23,8 @@ termemu_LDADD = ../terminal/libmoshterminal.a ../util/libmoshutil.a ../statesync
 
 ntester_SOURCES = ntester.cc
 ntester_CPPFLAGS = -I$(srcdir)/../util -I$(srcdir)/../statesync -I$(srcdir)/../terminal -I$(srcdir)/../network -I$(srcdir)/../crypto -I../protobufs $(protobuf_CFLAGS)
-ntester_LDADD = ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../network/libmoshnetwork.a ../crypto/libmoshcrypto.a ../protobufs/libmoshprotos.a ../util/libmoshutil.a $(LIBUTIL) -lm $(protobuf_LIBS)  $(OPENSSL_LIBS)
+ntester_LDADD = ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../network/libmoshnetwork.a ../crypto/libmoshcrypto.a ../protobufs/libmoshprotos.a ../util/libmoshutil.a $(LIBUTIL) -lm $(protobuf_LIBS)  $(CRYPTO_LIBS)
 
 benchmark_SOURCES = benchmark.cc
 benchmark_CPPFLAGS = -I$(srcdir)/../util -I$(srcdir)/../statesync -I$(srcdir)/../terminal -I../protobufs -I$(srcdir)/../frontend -I$(srcdir)/../crypto -I$(srcdir)/../network $(protobuf_CFLAGS)
-benchmark_LDADD = ../frontend/terminaloverlay.o ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../protobufs/libmoshprotos.a ../network/libmoshnetwork.a ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(STDDJB_LDFLAGS) $(LIBUTIL) -lm $(TINFO_LIBS) $(protobuf_LIBS) $(OPENSSL_LIBS)
+benchmark_LDADD = ../frontend/terminaloverlay.o ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../protobufs/libmoshprotos.a ../network/libmoshnetwork.a ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(STDDJB_LDFLAGS) $(LIBUTIL) -lm $(TINFO_LIBS) $(protobuf_LIBS) $(CRYPTO_LIBS)

src/frontend/Makefile.am

@@ -1,7 +1,7 @@
-AM_CPPFLAGS = -I$(srcdir)/../statesync -I$(srcdir)/../terminal -I$(srcdir)/../network -I$(srcdir)/../crypto -I../protobufs -I$(srcdir)/../util $(TINFO_CFLAGS) $(protobuf_CFLAGS) $(OPENSSL_CFLAGS)
+AM_CPPFLAGS = -I$(srcdir)/../statesync -I$(srcdir)/../terminal -I$(srcdir)/../network -I$(srcdir)/../crypto -I../protobufs -I$(srcdir)/../util $(TINFO_CFLAGS) $(protobuf_CFLAGS) $(CRYPTO_CFLAGS)
 AM_CXXFLAGS = $(WARNING_CXXFLAGS) $(PICKY_CXXFLAGS) $(HARDEN_CFLAGS) $(MISC_CXXFLAGS)
 AM_LDFLAGS  = $(HARDEN_LDFLAGS)
-LDADD = ../crypto/libmoshcrypto.a ../network/libmoshnetwork.a ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../util/libmoshutil.a ../protobufs/libmoshprotos.a -lm $(TINFO_LIBS) $(protobuf_LIBS) $(OPENSSL_LIBS)
+LDADD = ../crypto/libmoshcrypto.a ../network/libmoshnetwork.a ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../util/libmoshutil.a ../protobufs/libmoshprotos.a -lm $(TINFO_LIBS) $(protobuf_LIBS) $(CRYPTO_LIBS)
 
 mosh_server_LDADD = $(LDADD) $(LIBUTIL)
 

src/tests/Makefile.am

@@ -27,12 +27,12 @@ base64_vector.cc: $(srcdir)/genbase64.pl
 	$(AM_V_GEN)perl $(srcdir)/genbase64.pl >> base64_vector.cc || rm base64_vector.cc
 
 ocb_aes_SOURCES = ocb-aes.cc test_utils.cc test_utils.h
-ocb_aes_CPPFLAGS = -I$(srcdir)/../crypto -I$(srcdir)/../util
-ocb_aes_LDADD = ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(OPENSSL_LIBS)
+ocb_aes_CPPFLAGS = -I$(srcdir)/../crypto -I$(srcdir)/../util $(CRYPTO_CFLAGS)
+ocb_aes_LDADD = ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(CRYPTO_LIBS)
 
 encrypt_decrypt_SOURCES = encrypt-decrypt.cc test_utils.cc test_utils.h
 encrypt_decrypt_CPPFLAGS = -I$(srcdir)/../crypto -I$(srcdir)/../util
-encrypt_decrypt_LDADD = ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(OPENSSL_LIBS)
+encrypt_decrypt_LDADD = ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(CRYPTO_LIBS)
 
 base64_SOURCES = base64.cc base64_vector.cc base64_vector.h genbase64.pl
 base64_CPPFLAGS = $(ocb_aes_CPPFLAGS)