Skip to content

Commit 0eb6148

Browse files
committed
Add configurable support for Apple Common Crypto and Nettle libraries.
1 parent db311f9 commit 0eb6148

File tree

7 files changed

+190
-14
lines changed

7 files changed

+190
-14
lines changed

configure.ac

Lines changed: 43 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -251,8 +251,6 @@ AC_CHECK_FUNCS(m4_normalize([
251251

252252
AC_SEARCH_LIBS([clock_gettime], [rt], [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Define if clock_gettime is available.])])
253253

254-
PKG_CHECK_MODULES([OPENSSL], [openssl])
255-
256254
# Start by trying to find the needed tinfo parts by pkg-config
257255
PKG_CHECK_MODULES([TINFO], [tinfo],
258256
[AC_DEFINE([HAVE_CURSES_H], [1], [Define to 1 if <curses.h> is present])],
@@ -293,6 +291,49 @@ if test "x$ax_cv_have_TINFO" = xno ; then
293291
fi
294292
fi
295293

294+
dnl Default to OpenSSL, or OS X crypto library if found
295+
AC_CHECK_HEADERS([CommonCrypto/CommonCrypto.h],
296+
[default_crypto_library="apple-common-crypto"],
297+
[default_crypto_library="openssl"]
298+
)
299+
300+
dnl Allow user to select over the default.
301+
AC_ARG_WITH(
302+
[crypto-library],
303+
[AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|nettle|apple-common-crypto @<:@default=openssl@:>@])],
304+
[
305+
case "${withval}" in
306+
openssl|nettle|apple-common-crypto) ;;
307+
*) AC_MSG_ERROR([bad value ${withval} for --with-crypto-library]) ;;
308+
esac
309+
],
310+
[with_crypto_library="$default_crypto_library"]
311+
)
312+
313+
dnl Checks for chosen crypto library
314+
case "${with_crypto_library}" in
315+
openssl)
316+
PKG_CHECK_MODULES([CRYPTO], [openssl],
317+
[],
318+
[AC_MSG_ERROR([OpenSSL crypto library not found])])
319+
AC_DEFINE([USE_OPENSSL_AES], [1], [Use OpenSSL library])
320+
;;
321+
nettle)
322+
PKG_CHECK_MODULES([CRYPTO], [nettle],
323+
[],
324+
[AC_MSG_ERROR([Nettle crypto library not found])])
325+
AC_DEFINE([USE_NETTLE_AES], [1], [Use Nettle library])
326+
;;
327+
apple-common-crypto)
328+
dnl Common Crypto is in Apple's standard paths and base libraries.
329+
dnl So just check for presence of the header.
330+
AC_CHECK_HEADERS([CommonCrypto/CommonCrypto.h],
331+
[],
332+
[AC_MSG_ERROR([Apple Common Crypto header not found])])
333+
AC_DEFINE([USE_APPLE_COMMON_CRYPTO_AES], [1], [Use Apple Common Crypto library])
334+
;;
335+
esac
336+
296337
AC_CHECK_DECL([forkpty],
297338
[AC_DEFINE([FORKPTY_IN_LIBUTIL], [1],
298339
[Define if libutil.h necessary for forkpty().])],

macosx/build.sh

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -59,8 +59,7 @@ for arch in $ARCHS; do
5959
mkdir "${prefix}"
6060
if ./configure --prefix="${prefix}/local" \
6161
CC="cc -arch ${arch}" CPP="cc -arch ${arch} -E" CXX="c++ -arch ${arch}" \
62-
TINFO_LIBS=-lncurses \
63-
OPENSSL_CFLAGS=" " OPENSSL_LIBS="-lssl -lcrypto -lz" &&
62+
TINFO_LIBS=-lncurses &&
6463
make clean &&
6564
make install -j8 &&
6665
rm -f "${prefix}/etc"

src/crypto/Makefile.am

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
AM_CPPFLAGS = -I$(srcdir)/../util $(OPENSSL_CFLAGS)
1+
AM_CPPFLAGS = -I$(srcdir)/../util $(CRYPTO_CFLAGS)
22
AM_CXXFLAGS = $(WARNING_CXXFLAGS) $(PICKY_CXXFLAGS) $(HARDEN_CFLAGS) $(MISC_CXXFLAGS)
33

44
noinst_LIBRARIES = libmoshcrypto.a

src/crypto/ocb.cc

Lines changed: 136 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,9 +50,13 @@
5050

5151
/* This implementation has built-in support for multiple AES APIs. Set any
5252
/ one of the following to non-zero to specify which to use. */
53+
#if 0
54+
#define USE_APPLE_COMMON_CRYPTO_AES 0
55+
#define USE_NETTLE_AES 0
5356
#define USE_OPENSSL_AES 1 /* http://openssl.org */
5457
#define USE_REFERENCE_AES 0 /* Internet search: rijndael-alg-fst.c */
5558
#define USE_AES_NI 0 /* Uses compiler's intrinsics */
59+
#endif
5660

5761
/* During encryption and decryption, various "L values" are required.
5862
/ The L values can be precomputed during initialization (requiring extra
@@ -72,6 +76,7 @@
7276
/* Includes and compiler specific definitions */
7377
/* ----------------------------------------------------------------------- */
7478

79+
#include "config.h"
7580
#include "ae.h"
7681
#include <stdlib.h>
7782
#include <string.h>
@@ -95,8 +100,12 @@
95100
#include <intrin.h>
96101
#pragma intrinsic(_byteswap_uint64, _BitScanForward, memcpy)
97102
#elif __GNUC__
103+
#ifndef inline
98104
#define inline __inline__ /* No "inline" in GCC ansi C mode */
105+
#endif
106+
#ifndef restrict
99107
#define restrict __restrict__ /* No "restrict" in GCC ansi C mode */
108+
#endif
100109
#endif
101110

102111
#if _MSC_VER
@@ -347,6 +356,131 @@ static inline void AES_ecb_decrypt_blks(block *blks, unsigned nblks, AES_KEY *ke
347356

348357
#define BPI 4 /* Number of blocks in buffer per ECB call */
349358

359+
/*-------------------*/
360+
#elif USE_APPLE_COMMON_CRYPTO_AES
361+
/*-------------------*/
362+
363+
#include <fatal_assert.h>
364+
#include <CommonCrypto/CommonCryptor.h>
365+
366+
typedef struct {
367+
CCCryptorRef ref;
368+
uint8_t b[4096];
369+
} AES_KEY;
370+
#if (OCB_KEY_LEN == 0)
371+
#define ROUNDS(ctx) ((ctx)->rounds)
372+
#else
373+
#define ROUNDS(ctx) (6+OCB_KEY_LEN/4)
374+
#endif
375+
376+
static inline void AES_set_encrypt_key(unsigned char *handle, const int bits, AES_KEY *key)
377+
{
378+
CCCryptorStatus rv = CCCryptorCreateFromData(
379+
kCCEncrypt,
380+
kCCAlgorithmAES,
381+
kCCOptionECBMode,
382+
handle,
383+
bits / 8,
384+
NULL,
385+
&(key->b),
386+
sizeof (key->b),
387+
&(key->ref),
388+
NULL);
389+
390+
fatal_assert(rv == kCCSuccess);
391+
}
392+
static inline void AES_set_decrypt_key(unsigned char *handle, const int bits, AES_KEY *key)
393+
{
394+
CCCryptorStatus rv = CCCryptorCreateFromData(
395+
kCCDecrypt,
396+
kCCAlgorithmAES,
397+
kCCOptionECBMode,
398+
handle,
399+
bits / 8,
400+
NULL,
401+
&(key->b),
402+
sizeof (key->b),
403+
&(key->ref),
404+
NULL);
405+
406+
fatal_assert(rv == kCCSuccess);
407+
}
408+
static inline void AES_encrypt(unsigned char *src, unsigned char *dst, AES_KEY *key) {
409+
size_t dataOutMoved;
410+
CCCryptorStatus rv = CCCryptorUpdate(
411+
key->ref,
412+
(const void *)src,
413+
kCCBlockSizeAES128,
414+
(void *)dst,
415+
kCCBlockSizeAES128,
416+
&dataOutMoved);
417+
fatal_assert(rv == kCCSuccess);
418+
fatal_assert(dataOutMoved == kCCBlockSizeAES128);
419+
}
420+
#if 0
421+
/* unused */
422+
static inline void AES_decrypt(unsigned char *src, unsigned char *dst, AES_KEY *key) {
423+
AES_encrypt(src, dst, key);
424+
}
425+
#endif
426+
static inline void AES_ecb_encrypt_blks(block *blks, unsigned nblks, AES_KEY *key) {
427+
const size_t dataSize = kCCBlockSizeAES128 * nblks;
428+
size_t dataOutMoved;
429+
CCCryptorStatus rv = CCCryptorUpdate(
430+
key->ref,
431+
(const void *)blks,
432+
dataSize,
433+
(void *)blks,
434+
dataSize,
435+
&dataOutMoved);
436+
fatal_assert(rv == kCCSuccess);
437+
fatal_assert(dataOutMoved == dataSize);
438+
}
439+
static inline void AES_ecb_decrypt_blks(block *blks, unsigned nblks, AES_KEY *key) {
440+
AES_ecb_encrypt_blks(blks, nblks, key);
441+
}
442+
443+
#define BPI 4 /* Number of blocks in buffer per ECB call */
444+
445+
/*-------------------*/
446+
#elif USE_NETTLE_AES
447+
/*-------------------*/
448+
449+
#include <nettle/aes.h>
450+
451+
typedef struct aes_ctx AES_KEY;
452+
#if (OCB_KEY_LEN == 0)
453+
#define ROUNDS(ctx) ((ctx)->rounds)
454+
#else
455+
#define ROUNDS(ctx) (6+OCB_KEY_LEN/4)
456+
#endif
457+
458+
static inline void AES_set_encrypt_key(unsigned char *handle, const int bits, AES_KEY *key)
459+
{
460+
nettle_aes_set_encrypt_key(key, bits/8, (const uint8_t *)handle);
461+
}
462+
static inline void AES_set_decrypt_key(unsigned char *handle, const int bits, AES_KEY *key)
463+
{
464+
nettle_aes_set_decrypt_key(key, bits/8, (const uint8_t *)handle);
465+
}
466+
static inline void AES_encrypt(unsigned char *src, unsigned char *dst, AES_KEY *key) {
467+
nettle_aes_encrypt(key, AES_BLOCK_SIZE, dst, src);
468+
}
469+
#if 0
470+
/* unused */
471+
static inline void AES_decrypt(unsigned char *src, unsigned char *dst, AES_KEY *key) {
472+
nettle_aes_decrypt(key, AES_BLOCK_SIZE, dst, src);
473+
}
474+
#endif
475+
static inline void AES_ecb_encrypt_blks(block *blks, unsigned nblks, AES_KEY *key) {
476+
nettle_aes_encrypt(key, nblks * AES_BLOCK_SIZE, (unsigned char*)blks, (unsigned char*)blks);
477+
}
478+
static inline void AES_ecb_decrypt_blks(block *blks, unsigned nblks, AES_KEY *key) {
479+
nettle_aes_decrypt(key, nblks * AES_BLOCK_SIZE, (unsigned char*)blks, (unsigned char*)blks);
480+
}
481+
482+
#define BPI 4 /* Number of blocks in buffer per ECB call */
483+
350484
/*-------------------*/
351485
#elif USE_REFERENCE_AES
352486
/*-------------------*/
@@ -560,6 +694,8 @@ static inline void AES_ecb_decrypt_blks(block *blks, unsigned nblks, AES_KEY *ke
560694
#define BPI 8 /* Number of blocks in buffer per ECB call */
561695
/* Set to 4 for Westmere, 8 for Sandy Bridge */
562696

697+
#else
698+
#error "No AES implementation selected."
563699
#endif
564700

565701
/* ----------------------------------------------------------------------- */

src/examples/Makefile.am

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,11 @@ endif
77

88
encrypt_SOURCES = encrypt.cc
99
encrypt_CPPFLAGS = -I$(srcdir)/../crypto
10-
encrypt_LDADD = ../crypto/libmoshcrypto.a $(OPENSSL_LIBS)
10+
encrypt_LDADD = ../crypto/libmoshcrypto.a $(CRYPTO_LIBS)
1111

1212
decrypt_SOURCES = decrypt.cc
1313
decrypt_CPPFLAGS = -I$(srcdir)/../crypto
14-
decrypt_LDADD = ../crypto/libmoshcrypto.a $(OPENSSL_LIBS)
14+
decrypt_LDADD = ../crypto/libmoshcrypto.a $(CRYPTO_LIBS)
1515

1616
parse_SOURCES = parse.cc
1717
parse_CPPFLAGS = -I$(srcdir)/../terminal -I$(srcdir)/../util
@@ -23,8 +23,8 @@ termemu_LDADD = ../terminal/libmoshterminal.a ../util/libmoshutil.a ../statesync
2323

2424
ntester_SOURCES = ntester.cc
2525
ntester_CPPFLAGS = -I$(srcdir)/../util -I$(srcdir)/../statesync -I$(srcdir)/../terminal -I$(srcdir)/../network -I$(srcdir)/../crypto -I../protobufs $(protobuf_CFLAGS)
26-
ntester_LDADD = ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../network/libmoshnetwork.a ../crypto/libmoshcrypto.a ../protobufs/libmoshprotos.a ../util/libmoshutil.a $(LIBUTIL) -lm $(protobuf_LIBS) $(OPENSSL_LIBS)
26+
ntester_LDADD = ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../network/libmoshnetwork.a ../crypto/libmoshcrypto.a ../protobufs/libmoshprotos.a ../util/libmoshutil.a $(LIBUTIL) -lm $(protobuf_LIBS) $(CRYPTO_LIBS)
2727

2828
benchmark_SOURCES = benchmark.cc
2929
benchmark_CPPFLAGS = -I$(srcdir)/../util -I$(srcdir)/../statesync -I$(srcdir)/../terminal -I../protobufs -I$(srcdir)/../frontend -I$(srcdir)/../crypto -I$(srcdir)/../network $(protobuf_CFLAGS)
30-
benchmark_LDADD = ../frontend/terminaloverlay.o ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../protobufs/libmoshprotos.a ../network/libmoshnetwork.a ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(STDDJB_LDFLAGS) $(LIBUTIL) -lm $(TINFO_LIBS) $(protobuf_LIBS) $(OPENSSL_LIBS)
30+
benchmark_LDADD = ../frontend/terminaloverlay.o ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../protobufs/libmoshprotos.a ../network/libmoshnetwork.a ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(STDDJB_LDFLAGS) $(LIBUTIL) -lm $(TINFO_LIBS) $(protobuf_LIBS) $(CRYPTO_LIBS)

src/frontend/Makefile.am

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
1-
AM_CPPFLAGS = -I$(srcdir)/../statesync -I$(srcdir)/../terminal -I$(srcdir)/../network -I$(srcdir)/../crypto -I../protobufs -I$(srcdir)/../util $(TINFO_CFLAGS) $(protobuf_CFLAGS) $(OPENSSL_CFLAGS)
1+
AM_CPPFLAGS = -I$(srcdir)/../statesync -I$(srcdir)/../terminal -I$(srcdir)/../network -I$(srcdir)/../crypto -I../protobufs -I$(srcdir)/../util $(TINFO_CFLAGS) $(protobuf_CFLAGS) $(CRYPTO_CFLAGS)
22
AM_CXXFLAGS = $(WARNING_CXXFLAGS) $(PICKY_CXXFLAGS) $(HARDEN_CFLAGS) $(MISC_CXXFLAGS)
33
AM_LDFLAGS = $(HARDEN_LDFLAGS)
4-
LDADD = ../crypto/libmoshcrypto.a ../network/libmoshnetwork.a ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../util/libmoshutil.a ../protobufs/libmoshprotos.a -lm $(TINFO_LIBS) $(protobuf_LIBS) $(OPENSSL_LIBS)
4+
LDADD = ../crypto/libmoshcrypto.a ../network/libmoshnetwork.a ../statesync/libmoshstatesync.a ../terminal/libmoshterminal.a ../util/libmoshutil.a ../protobufs/libmoshprotos.a -lm $(TINFO_LIBS) $(protobuf_LIBS) $(CRYPTO_LIBS)
55

66
mosh_server_LDADD = $(LDADD) $(LIBUTIL)
77

src/tests/Makefile.am

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,12 +27,12 @@ base64_vector.cc: $(srcdir)/genbase64.pl
2727
$(AM_V_GEN)perl $(srcdir)/genbase64.pl >> base64_vector.cc || rm base64_vector.cc
2828

2929
ocb_aes_SOURCES = ocb-aes.cc test_utils.cc test_utils.h
30-
ocb_aes_CPPFLAGS = -I$(srcdir)/../crypto -I$(srcdir)/../util
31-
ocb_aes_LDADD = ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(OPENSSL_LIBS)
30+
ocb_aes_CPPFLAGS = -I$(srcdir)/../crypto -I$(srcdir)/../util $(CRYPTO_CFLAGS)
31+
ocb_aes_LDADD = ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(CRYPTO_LIBS)
3232

3333
encrypt_decrypt_SOURCES = encrypt-decrypt.cc test_utils.cc test_utils.h
3434
encrypt_decrypt_CPPFLAGS = -I$(srcdir)/../crypto -I$(srcdir)/../util
35-
encrypt_decrypt_LDADD = ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(OPENSSL_LIBS)
35+
encrypt_decrypt_LDADD = ../crypto/libmoshcrypto.a ../util/libmoshutil.a $(CRYPTO_LIBS)
3636

3737
base64_SOURCES = base64.cc base64_vector.cc base64_vector.h genbase64.pl
3838
base64_CPPFLAGS = $(ocb_aes_CPPFLAGS)

0 commit comments

Comments
 (0)