Switch from sodium to tweetnacl.

rescrv · Mar 4, 2016 · 455b4a1 · 455b4a1
1 parent 9cc2f68
commit 455b4a1
Show file tree

Hide file tree

Showing 15 changed files with 1,982 additions and 530 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -26,9 +26,8 @@
 
 ACLOCAL_AMFLAGS = -I m4 ${ACLOCAL_FLAGS}
 AM_MAKEFLAGS = --no-print-directory
-AM_CPPFLAGS = $(SODIUM_CFLAGS)
-AM_CFLAGS   = -fvisibility=hidden $(SODIUM_CFLAGS) $(WANAL_CFLAGS)
-AM_CXXFLAGS = -fvisibility=hidden -fvisibility-inlines-hidden $(SODIUM_CFLAGS) $(WANAL_CXXFLAGS)
+AM_CFLAGS   = -fvisibility=hidden $(WANAL_CFLAGS)
+AM_CXXFLAGS = -fvisibility=hidden -fvisibility-inlines-hidden $(WANAL_CXXFLAGS)
 
 AM_DISTCHECK_CONFIGURE_FLAGS = --enable-python-bindings PYTHON=python2
 TESTS_ENVIRONMENT = . $(abs_top_srcdir)/test/env.sh "${abs_top_srcdir}" "${abs_top_builddir}" "${VERSION}";
@@ -47,12 +46,16 @@ noinst_HEADERS = base64.h constants.h custom-config.h packet.h port.h
 
 lib_LTLIBRARIES = libmacaroons.la
 
-libmacaroons_la_SOURCES = base64.c macaroons.c packet.c port.c
-libmacaroons_la_LIBADD  =
-libmacaroons_la_LIBADD += $(SODIUM_LIBS)
-if ENABLE_JSON_SUPPORT
-libmacaroons_la_LIBADD += $(JSON_LIBS)
-endif
+libmacaroons_la_SOURCES =
+libmacaroons_la_SOURCES += base64.c
+libmacaroons_la_SOURCES += macaroons.c
+libmacaroons_la_SOURCES += packet.c
+libmacaroons_la_SOURCES += port.c
+libmacaroons_la_SOURCES += explicit_bzero.c
+libmacaroons_la_SOURCES += timingsafe_bcmp.c
+libmacaroons_la_SOURCES += tweetnacl.c
+libmacaroons_la_SOURCES += sha256.c
+libmacaroons_la_LIBADD = ${BSDLIBS}
 libmacaroons_la_LDFLAGS = -version-info 0:1:0
 
 pkgconfigdir = $(libdir)/pkgconfig
@@ -67,8 +70,7 @@ EXTRA_DIST += test/readme.sh
 
 check_LTLIBRARIES = libmacaroons-shim.la
 
-libmacaroons_shim_la_SOURCES = shim.c
-libmacaroons_shim_la_LIBADD =  $(SODIUM_LIBS)
+libmacaroons_shim_la_SOURCES = shim.c explicit_bzero.c
 libmacaroons_shim_la_LDFLAGS = -module -avoid-version -rpath /evil/libtool/hack/to/force/shared/lib/creation
 
 TESTS  =

diff --git a/README b/README
@@ -77,11 +77,11 @@ alongside your macaroons and read on!
 Installing Macaroons
 --------------------
 
-This library makes it easy to get started with using macaroons in your service.
-To use the library you must first install it.  You'll need to somehow install
-libsodium[2].  It's packaged in some Linux distributions, and can be installed
-from source on most *NIX platforms.  Once you have libsodium installed,
-installing macaroons is straight forward:
+This library makes it easy to get started with using macaroons in your
+service.  To use the library you must first install it.  You'll need to
+somehow install libbsd[2].  It's packaged in some Linux distributions, and can
+be installed from source on most *NIX platforms.  Once you have libbsd
+installed, installing macaroons is straight forward:
 
     $ autoreconf -i # only when installing from Git
     $ ./configure --enable-python-bindings
@@ -591,4 +591,4 @@ caveat's identifier.  This saves a round trip, and frees the third party from
 having to remember an association between identifiers and key/predicate pairs.
 
 [1] http://research.google.com/pubs/pub41892.html
-[2] https://github.com/jedisct1/libsodium
+[2] https://libbsd.freedesktop.org/wiki/
diff --git a/bindings/python/macaroons.pyx b/bindings/python/macaroons.pyx
@@ -67,8 +67,6 @@ cdef extern from "macaroons.h":
     void macaroon_signature(const macaroon* M, const unsigned char** signature, size_t* signature_sz)
     size_t macaroon_serialize_size_hint(macaroon* M)
     int macaroon_serialize(macaroon* M, char* data, size_t data_sz, macaroon_returncode* err)
-    size_t macaroon_serialize_json_size_hint(const macaroon* M)
-    int macaroon_serialize_json(const macaroon* M, char* data, size_t data_sz, macaroon_returncode* err)
     macaroon* macaroon_deserialize(char* data, macaroon_returncode* err)
     size_t macaroon_inspect_size_hint(macaroon* M)
     int macaroon_inspect(macaroon* M, char* data, size_t data_sz, macaroon_returncode* err)
@@ -169,23 +167,6 @@ cdef class Macaroon:
             if data != NULL:
                 free(data)
 
-    def serialize_json(self):
-        cdef char* data = NULL
-        cdef size_t data_sz = 0
-        cdef macaroon_returncode err
-        self.assert_not_null()
-        try:
-            data_sz = macaroon_serialize_json_size_hint(self._M)
-            data = <char*>malloc(sizeof(unsigned char) * data_sz)
-            if data == NULL:
-                raise MemoryError
-            if macaroon_serialize_json(self._M, data, data_sz, &err) < 0:
-                raise_error(err)
-            return bytes(data)
-        finally:
-            if data != NULL:
-                free(data)
-
     def inspect(self):
         cdef char* data = NULL
         cdef size_t data_sz = 0

diff --git a/configure.ac b/configure.ac
@@ -25,9 +25,13 @@ AC_PROG_CXX
 ANAL_WARNINGS
 
 # Checks for libraries.
-PKG_CHECK_MODULES([SODIUM], [libsodium >= 0.4])
+AC_CHECK_FUNC([strlcpy],[BSDLIB=],[BSDLIB=-lbsd])
+AC_SUBST([BSDLIBS], [$BSDLIB])
 
 # Checks for header files.
+AC_CHECK_HEADER([libutil.h],[AC_DEFINE([HAVE_LIBUTIL_H],[1],[Define to 1 if you have the <libutil.h> header file.])],,)
+AC_CHECK_HEADER([bsd/stdlib.h],[AC_DEFINE([HAVE_BSD_STDLIB_H],[1],[Define to 1 if you have the <bsd/stdlib.h> header file.])],,)
+AC_CHECK_HEADER([bsd/libutil.h],[AC_DEFINE([HAVE_BSD_LIBUTIL_H],[1],[Define to 1 if you have the <bsd/libutil.h> header file.])],,)
 
 # Checks for typedefs, structures, and compiler characteristics.
 AC_TYPE_SIZE_T
@@ -44,35 +48,7 @@ if test x"${python_bindings}" = xyes; then
     AC_SUBST([PYTHON_SYMBOL], [${pythonsym}])
 fi
 
-AC_ARG_ENABLE([json_support], [AS_HELP_STRING([--enable-json-support],
-              [enable support for JSON macaroons @<:@default: no@:>@])],
-              [json_support=${enableval}], [json_support=no])
-if test x"${json_support}" = xyes; then
-    AC_DEFINE([MACAROONS_JSON_SUPPORT], [], [Support JSON macaroons])
-    AC_CHECK_LIB([json], [json_object_get_double], [needs_json=yes], [needs_json=no])
-    AC_CHECK_LIB([json-c], [json_object_get_double], [needs_json_c=yes], [needs_json_c=no])
-
-    if test x"${needs_json}" = xyes; then
-        AC_SUBST([JSON_LIBS], ["-ljson"])
-    elif test  x"${needs_json_c}" = xyes; then
-        AC_SUBST([JSON_LIBS], ["-ljson-c"])
-    else
-        AC_MSG_ERROR([
-----------------------------------------
-Macaroons rely upon the libjson library.
-Please install libjson to continue.
-----------------------------------------])
-    fi
-
-    AC_CHECK_HEADER([json/json.h],,[AC_MSG_ERROR([
-----------------------------------------
-Macaroons rely upon the libjson library.
-Please install libjson to continue.
-----------------------------------------])])
-fi
-
 AM_CONDITIONAL([ENABLE_PYTHON_BINDINGS], [test x"${python_bindings}" = xyes])
-AM_CONDITIONAL([ENABLE_JSON_SUPPORT], [test x"${json_support}" = xyes])
 
 AH_BOTTOM([#include <custom-config.h>])
 AC_CONFIG_FILES([Makefile

diff --git a/explicit_bzero.c b/explicit_bzero.c
@@ -0,0 +1,19 @@
+/*	$OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
+/*
+ * Public domain.
+ * Written by Matthew Dempsky.
+ */
+
+#include <string.h>
+
+__attribute__((weak)) void
+__explicit_bzero_hook(void *buf, size_t len)
+{
+}
+
+void
+explicit_bzero(void *buf, size_t len)
+{
+	memset(buf, 0, len);
+	__explicit_bzero_hook(buf, len);
+}