From bad7f584eb11076ae37fd51cdb21842935c6ea57 Mon Sep 17 00:00:00 2001 From: Mike Gelfand Date: Wed, 26 Oct 2016 20:37:10 +0300 Subject: [PATCH] Add support for mbedtls (formely polarssl) --- cmake/FindPolarSSL.cmake | 37 +++++++---- configure.ac | 28 ++++---- libtransmission/CMakeLists.txt | 4 ++ libtransmission/Makefile.am | 3 + libtransmission/crypto-utils-polarssl.c | 112 +++++++++++++++++++------------- 5 files changed, 115 insertions(+), 69 deletions(-) diff --git a/cmake/FindPolarSSL.cmake b/cmake/FindPolarSSL.cmake index 0a958e0..e4e1ac6 100644 --- a/cmake/FindPolarSSL.cmake +++ b/cmake/FindPolarSSL.cmake @@ -8,21 +8,36 @@ if(POLARSSL_PREFER_STATIC_LIB) endif() if(UNIX) - find_package(PkgConfig QUIET) - pkg_check_modules(_POLARSSL QUIET polarssl) + find_package(PkgConfig QUIET) + pkg_check_modules(_MBEDTLS QUIET mbedtls) endif() -find_path(POLARSSL_INCLUDE_DIR NAMES polarssl/version.h HINTS ${_POLARSSL_INCLUDEDIR}) -find_library(POLARSSL_LIBRARY NAMES polarssl HINTS ${_POLARSSL_LIBDIR}) +find_path(MBEDTLS_INCLUDE_DIR NAMES mbedtls/version.h HINTS ${_MBEDTLS_INCLUDEDIR}) +find_library(MBEDTLS_LIBRARY NAMES mbedtls HINTS ${_MBEDTLS_LIBDIR}) +if(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARY) + set(POLARSSL_INCLUDE_DIR ${MBEDTLS_INCLUDE_DIR}) + set(POLARSSL_LIBRARY ${MBEDTLS_LIBRARY}) + set(POLARSSL_VERSION ${_MBEDTLS_VERSION}) + set(POLARSSL_IS_MBEDTLS ON) +else() + if(UNIX) + pkg_check_modules(_POLARSSL QUIET polarssl) + endif() + + find_path(POLARSSL_INCLUDE_DIR NAMES polarssl/version.h HINTS ${_POLARSSL_INCLUDEDIR}) + find_library(POLARSSL_LIBRARY NAMES polarssl HINTS ${_POLARSSL_LIBDIR}) + set(POLARSSL_VERSION ${_POLARSSL_VERSION}) + set(POLARSSL_IS_MBEDTLS OFF) +endif() -if(POLARSSL_INCLUDE_DIR) - if(_POLARSSL_VERSION) - set(POLARSSL_VERSION ${_POLARSSL_VERSION}) +if(NOT POLARSSL_VERSION AND POLARSSL_INCLUDE_DIR) + if(POLARSSL_IS_MBEDTLS) + file(STRINGS "${POLARSSL_INCLUDE_DIR}/mbedtls/version.h" POLARSSL_VERSION_STR REGEX "^#define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[^\"]+\"") else() file(STRINGS "${POLARSSL_INCLUDE_DIR}/polarssl/version.h" POLARSSL_VERSION_STR REGEX "^#define[\t ]+POLARSSL_VERSION_STRING[\t ]+\"[^\"]+\"") - if(POLARSSL_VERSION_STR MATCHES "\"([^\"]+)\"") - set(POLARSSL_VERSION "${CMAKE_MATCH_1}") - endif() + endif() + if(POLARSSL_VERSION_STR MATCHES "\"([^\"]+)\"") + set(POLARSSL_VERSION "${CMAKE_MATCH_1}") endif() endif() @@ -39,7 +54,7 @@ find_package_handle_standard_args(PolarSSL POLARSSL_VERSION ) -mark_as_advanced(POLARSSL_INCLUDE_DIR POLARSSL_LIBRARY) +mark_as_advanced(MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY POLARSSL_INCLUDE_DIR POLARSSL_LIBRARY) if(POLARSSL_PREFER_STATIC_LIB) set(CMAKE_FIND_LIBRARY_SUFFIXES ${POLARSSL_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES}) diff --git a/configure.ac b/configure.ac index aff673b..cb026df 100644 --- a/configure.ac +++ b/configure.ac @@ -149,23 +149,26 @@ AS_IF([test "x$want_crypto" = "xauto" -o "x$want_crypto" = "xcyassl"], [ ) ]) AS_IF([test "x$want_crypto" = "xauto" -o "x$want_crypto" = "xpolarssl"], [ - AC_CHECK_HEADER([polarssl/version.h], - [AC_EGREP_CPP([version_ok], [#include - #if defined (POLARSSL_VERSION_NUMBER) && POLARSSL_VERSION_NUMBER >= $POLARSSL_MINIMUM - version_ok - #endif], - [AC_CHECK_LIB([polarssl], [dhm_calc_secret], - [want_crypto="polarssl"; CRYPTO_PKG="polarssl"; CRYPTO_CFLAGS=""; CRYPTO_LIBS="-lpolarssl"], + PKG_CHECK_MODULES(MBEDTLS, [mbedtls >= $POLARSSL_MINIMUM], + [want_crypto="polarssl"; CRYPTO_PKG="polarssl"; CRYPTO_CFLAGS="$MBEDTLS_CFLAGS"; CRYPTO_LIBS="$MBEDTLS_LIBS"; POLARSSL_IS_MBEDTLS=yes], + [AC_CHECK_HEADER([polarssl/version.h], + [AC_EGREP_CPP([version_ok], [#include + #if defined (POLARSSL_VERSION_NUMBER) && POLARSSL_VERSION_NUMBER >= $POLARSSL_MINIMUM + version_ok + #endif], + [AC_CHECK_LIB([polarssl], [dhm_calc_secret], + [want_crypto="polarssl"; CRYPTO_PKG="polarssl"; CRYPTO_CFLAGS=""; CRYPTO_LIBS="-lpolarssl"], + [AS_IF([test "x$want_crypto" = "xpolarssl"], + [AC_MSG_ERROR([PolarSSL support requested, but library not found.])] + )] + )], [AS_IF([test "x$want_crypto" = "xpolarssl"], - [AC_MSG_ERROR([PolarSSL support requested, but library not found.])] + [AC_MSG_ERROR([PolarSSL support requested, but version not suitable.])] )] )], [AS_IF([test "x$want_crypto" = "xpolarssl"], - [AC_MSG_ERROR([PolarSSL support requested, but version not suitable.])] + [AC_MSG_ERROR([PolarSSL support requested, but headers not found.])] )] - )], - [AS_IF([test "x$want_crypto" = "xpolarssl"], - [AC_MSG_ERROR([PolarSSL support requested, but headers not found.])] )] ) ]) @@ -180,6 +183,7 @@ AS_IF([test "x$CRYPTO_PKG" = "x"], [ AM_CONDITIONAL([CRYPTO_USE_OPENSSL],[test "x$CRYPTO_PKG" = "xopenssl"]) AM_CONDITIONAL([CRYPTO_USE_CYASSL],[test "x$CRYPTO_PKG" = "xcyassl"]) AM_CONDITIONAL([CRYPTO_USE_POLARSSL],[test "x$CRYPTO_PKG" = "xpolarssl"]) +AM_CONDITIONAL([POLARSSL_IS_MBEDTLS],[test "x$POLARSSL_IS_MBEDTLS" = "xyes"]) AC_SUBST(CRYPTO_PKG) AC_SUBST(CRYPTO_CFLAGS) AC_SUBST(CRYPTO_LIBS) diff --git a/libtransmission/CMakeLists.txt b/libtransmission/CMakeLists.txt index 4865dee..b5230b9 100644 --- a/libtransmission/CMakeLists.txt +++ b/libtransmission/CMakeLists.txt @@ -194,6 +194,10 @@ if(USE_SYSTEM_B64) add_definitions(-DUSE_SYSTEM_B64) endif() +if(POLARSSL_IS_MBEDTLS) + add_definitions(-DPOLARSSL_IS_MBEDTLS) +endif() + include_directories( ${PROJECT_SOURCE_DIR} ${PROJECT_BINARY_DIR} diff --git a/libtransmission/Makefile.am b/libtransmission/Makefile.am index f91769a..4d7e85a 100644 --- a/libtransmission/Makefile.am +++ b/libtransmission/Makefile.am @@ -102,6 +102,9 @@ libtransmission_a_SOURCES += crypto-utils-cyassl.c endif if CRYPTO_USE_POLARSSL libtransmission_a_SOURCES += crypto-utils-polarssl.c +if POLARSSL_IS_MBEDTLS +AM_CPPFLAGS += -DPOLARSSL_IS_MBEDTLS +endif endif noinst_HEADERS = \ diff --git a/libtransmission/crypto-utils-polarssl.c b/libtransmission/crypto-utils-polarssl.c index 1c59a7f..e98c13d 100644 --- a/libtransmission/crypto-utils-polarssl.c +++ b/libtransmission/crypto-utils-polarssl.c @@ -1,5 +1,5 @@ /* - * This file Copyright (C) 2014-2015 Mnemosyne LLC + * This file Copyright (C) 2014-2016 Mnemosyne LLC * * It may be used under the GNU GPL versions 2 or 3 * or any future license endorsed by Mnemosyne LLC. @@ -7,15 +7,25 @@ * $Id$ */ +#if defined (POLARSSL_IS_MBEDTLS) + #define API_HEADER(x) + #define API(x) mbedtls_##x + #define API_VERSION_NUMBER MBEDTLS_VERSION_NUMBER +#else + #define API_HEADER(x) + #define API(x) x + #define API_VERSION_NUMBER POLARSSL_VERSION_NUMBER +#endif + #include -#include -#include -#include -#include -#include -#include -#include +#include API_HEADER (arc4.h) +#include API_HEADER (base64.h) +#include API_HEADER (ctr_drbg.h) +#include API_HEADER (dhm.h) +#include API_HEADER (error.h) +#include API_HEADER (sha1.h) +#include API_HEADER (version.h) #include "transmission.h" #include "crypto-utils.h" @@ -41,7 +51,9 @@ log_polarssl_error (int error_code, { char error_message[256]; -#if POLARSSL_VERSION_NUMBER >= 0x01030000 +#if defined (POLARSSL_IS_MBEDTLS) + mbedtls_strerror (error_code, error_message, sizeof (error_message)); +#elif API_VERSION_NUMBER >= 0x01030000 polarssl_strerror (error_code, error_message, sizeof (error_message)); #else error_strerror (error_code, error_message, sizeof (error_message)); @@ -51,7 +63,7 @@ log_polarssl_error (int error_code, } } -#define log_error(error_code) log_polarssl_error(error_code, __FILE__, __LINE__) +#define log_error(error_code) log_polarssl_error ((error_code), __FILE__, __LINE__) static bool check_polarssl_result (int result, @@ -83,15 +95,20 @@ my_rand (void * context UNUSED, unsigned char * buffer, size_t buffer_size) return 0; } -static ctr_drbg_context * +static API (ctr_drbg_context) * get_rng (void) { - static ctr_drbg_context rng; + static API (ctr_drbg_context) rng; static bool rng_initialized = false; if (!rng_initialized) { - if (!check_result (ctr_drbg_init (&rng, &my_rand, NULL, NULL, 0))) +#if API_VERSION_NUMBER >= 0x02000000 + API (ctr_drbg_init) (&rng); + if (!check_result (API (ctr_drbg_seed) (&rng, &my_rand, NULL, NULL, 0))) +#else + if (!check_result (API (ctr_drbg_init) (&rng, &my_rand, NULL, NULL, 0))) +#endif return NULL; rng_initialized = true; } @@ -117,13 +134,13 @@ get_rng_lock (void) tr_sha1_ctx_t tr_sha1_init (void) { - sha1_context * handle = tr_new0 (sha1_context, 1); + API (sha1_context) * handle = tr_new0 (API (sha1_context), 1); -#if POLARSSL_VERSION_NUMBER >= 0x01030800 - sha1_init (handle); +#if API_VERSION_NUMBER >= 0x01030800 + API (sha1_init) (handle); #endif - sha1_starts (handle); + API (sha1_starts) (handle); return handle; } @@ -139,7 +156,7 @@ tr_sha1_update (tr_sha1_ctx_t handle, assert (data != NULL); - sha1_update (handle, data, data_length); + API (sha1_update) (handle, data, data_length); return true; } @@ -151,11 +168,11 @@ tr_sha1_final (tr_sha1_ctx_t handle, { assert (handle != NULL); - sha1_finish (handle, hash); + API (sha1_finish) (handle, hash); } -#if POLARSSL_VERSION_NUMBER >= 0x01030800 - sha1_free (handle); +#if API_VERSION_NUMBER >= 0x01030800 + API (sha1_free) (handle); #endif tr_free (handle); @@ -169,10 +186,10 @@ tr_sha1_final (tr_sha1_ctx_t handle, tr_rc4_ctx_t tr_rc4_new (void) { - arc4_context * handle = tr_new0 (arc4_context, 1); + API (arc4_context) * handle = tr_new0 (API (arc4_context), 1); -#if POLARSSL_VERSION_NUMBER >= 0x01030800 - arc4_init (handle); +#if API_VERSION_NUMBER >= 0x01030800 + API (arc4_init) (handle); #endif return handle; @@ -181,8 +198,8 @@ tr_rc4_new (void) void tr_rc4_free (tr_rc4_ctx_t handle) { -#if POLARSSL_VERSION_NUMBER >= 0x01030800 - arc4_free (handle); +#if API_VERSION_NUMBER >= 0x01030800 + API (arc4_free) (handle); #endif tr_free (handle); @@ -196,7 +213,7 @@ tr_rc4_set_key (tr_rc4_ctx_t handle, assert (handle != NULL); assert (key != NULL); - arc4_setup (handle, key, key_length); + API (arc4_setup) (handle, key, key_length); } void @@ -213,7 +230,7 @@ tr_rc4_process (tr_rc4_ctx_t handle, assert (input != NULL); assert (output != NULL); - arc4_crypt (handle, length, input, output); + API (arc4_crypt) (handle, length, input, output); } /*** @@ -226,19 +243,19 @@ tr_dh_new (const uint8_t * prime_num, const uint8_t * generator_num, size_t generator_num_length) { - dhm_context * handle = tr_new0 (dhm_context, 1); + API (dhm_context) * handle = tr_new0 (API (dhm_context), 1); assert (prime_num != NULL); assert (generator_num != NULL); -#if POLARSSL_VERSION_NUMBER >= 0x01030800 - dhm_init (handle); +#if API_VERSION_NUMBER >= 0x01030800 + API (dhm_init) (handle); #endif - if (!check_result (mpi_read_binary (&handle->P, prime_num, prime_num_length)) || - !check_result (mpi_read_binary (&handle->G, generator_num, generator_num_length))) + if (!check_result (API (mpi_read_binary) (&handle->P, prime_num, prime_num_length)) || + !check_result (API (mpi_read_binary) (&handle->G, generator_num, generator_num_length))) { - dhm_free (handle); + API (dhm_free) (handle); return NULL; } @@ -253,7 +270,7 @@ tr_dh_free (tr_dh_ctx_t handle) if (handle == NULL) return; - dhm_free (handle); + API (dhm_free) (handle); } bool @@ -262,7 +279,7 @@ tr_dh_make_key (tr_dh_ctx_t raw_handle, uint8_t * public_key, size_t * public_key_length) { - dhm_context * handle = raw_handle; + API (dhm_context) * handle = raw_handle; assert (handle != NULL); assert (public_key != NULL); @@ -270,8 +287,8 @@ tr_dh_make_key (tr_dh_ctx_t raw_handle, if (public_key_length != NULL) *public_key_length = handle->len; - return check_result (dhm_make_public (handle, private_key_length, public_key, - handle->len, my_rand, NULL)); + return check_result (API (dhm_make_public) (handle, private_key_length, public_key, + handle->len, my_rand, NULL)); } tr_dh_secret_t @@ -279,26 +296,29 @@ tr_dh_agree (tr_dh_ctx_t raw_handle, const uint8_t * other_public_key, size_t other_public_key_length) { - dhm_context * handle = raw_handle; + API (dhm_context) * handle = raw_handle; struct tr_dh_secret * ret; size_t secret_key_length; assert (handle != NULL); assert (other_public_key != NULL); - if (!check_result (dhm_read_public (handle, other_public_key, - other_public_key_length))) + if (!check_result (API (dhm_read_public )(handle, other_public_key, + other_public_key_length))) return NULL; ret = tr_dh_secret_new (handle->len); secret_key_length = handle->len; -#if POLARSSL_VERSION_NUMBER >= 0x01030000 - if (!check_result (dhm_calc_secret (handle, ret->key, - &secret_key_length, my_rand, NULL))) +#if API_VERSION_NUMBER >= 0x02000000 + if (!check_result (API (dhm_calc_secret) (handle, ret->key, secret_key_length, + &secret_key_length, my_rand, NULL))) +#elif API_VERSION_NUMBER >= 0x01030000 + if (!check_result (API (dhm_calc_secret) (handle, ret->key, + &secret_key_length, my_rand, NULL))) #else - if (!check_result (dhm_calc_secret (handle, ret->key, &secret_key_length))) + if (!check_result (API (dhm_calc_secret) (handle, ret->key, &secret_key_length))) #endif { tr_dh_secret_free (ret); @@ -324,7 +344,7 @@ tr_rand_buffer (void * buffer, assert (buffer != NULL); tr_lockLock (rng_lock); - ret = check_result (ctr_drbg_random (get_rng (), buffer, length)); + ret = check_result (API (ctr_drbg_random) (get_rng (), buffer, length)); tr_lockUnlock (rng_lock); return ret; -- 2.7.4