summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authordimitri staessens <[email protected]>2017-08-09 18:55:37 +0200
committerdimitri staessens <[email protected]>2017-08-09 20:48:27 +0200
commit24aa46946349529bf36d3569796a28917d3e756f (patch)
tree58ef8a40142323771eecbd8ce6c2eaea409bc138 /src/lib
parentc1d7ff1e1bd44e1a38af8a1b498c68f3378fa342 (diff)
downloadouroboros-24aa46946349529bf36d3569796a28917d3e756f.tar.gz
ouroboros-24aa46946349529bf36d3569796a28917d3e756f.zip
build, lib, ipcpd, irmd: Add support for libgcrypt
This adds support for libgcrypt. If at least version 1.7.0 of libgcrypt is present, it may be used for secure random number generation and is used for hashing in the irmd/ipcp. The hash definitions are moved to the internal hash.h header, and defined independently of the hashes that are defined as part of the directory policy for the normal IPCP. The translation is moved from the IRMd to ipcpd/ipcp.h. The bootstrap call from the IRMd expects the IPCP to return the correct hash algorithm with a dif_info struct, which is in line with the behavior of the enroll call. This also improves how some platform checks in the build system are handled.
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/CMakeLists.txt67
-rw-r--r--src/lib/hash.c15
-rw-r--r--src/lib/random.c11
3 files changed, 65 insertions, 28 deletions
diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt
index fe4dd88c..34bf5b1f 100644
--- a/src/lib/CMakeLists.txt
+++ b/src/lib/CMakeLists.txt
@@ -26,10 +26,48 @@ if (NOT LIBPTHREAD_LIBRARIES)
message(FATAL_ERROR "Could not find libpthread.")
endif ()
-find_path(LINUX_RND_HDR
- sys/random.h
- HINTS /usr/include /usr/local/include
- )
+include(CheckSymbolExists)
+list(APPEND CMAKE_REQUIRED_DEFINITIONS -D_POSIX_C_SOURCE=200809L)
+list(APPEND CMAKE_REQUIRED_DEFINITIONS -D__XSI_VISIBLE=500)
+list(APPEND CMAKE_REQUIRED_LIBRARIES pthread)
+check_symbol_exists(pthread_mutexattr_setrobust pthread.h HAVE_ROBUST_MUTEX)
+set(HAVE_ROBUST_MUTEX CACHE STRING "Have robust mutexes")
+
+find_library(LIBGCRYPT_LIBRARIES gcrypt)
+if (LIBGCRYPT_LIBRARIES)
+ find_path(GCRYPT_INCLUDE_DIR gcrypt.h HINTS /usr/include /usr/local/include)
+ if (NOT ${GCRYPT_INCLUDE_DIR} STREQUAL "GRYPT_INCLUDE_DIR-NOTFOUND")
+ file(STRINGS ${GCRYPT_INCLUDE_DIR}/gcrypt.h GCSTR
+ REGEX "^#define GCRYPT_VERSION ")
+ string(REGEX REPLACE "^#define GCRYPT_VERSION \"(.*)\".*$" "\\1"
+ GCVER "${GCSTR}")
+ message(STATUS "Found libgcrypt: ${LIBGCRYPT_LIBRARIES} (found version \"${GCVER}\")")
+ if (NOT GCVER VERSION_LESS "1.7.0")
+ include_directories(${GCRYPT_INCLUDE_DIR})
+ set(HAVE_LIBGCRYPT "1" CACHE STRING "Have libgcrypt")
+ endif()
+ endif ()
+endif ()
+
+find_package(OpenSSL)
+if (OPENSSL_FOUND)
+ include_directories(${OPENSSL_INCLUDE_DIR})
+ set(HAVE_OPENSSL "1" CACHE STRING "Have OpenSSL")
+endif ()
+
+find_path(LINUX_RND_HDR sys/random.h HINTS /usr/include/ /usr/local/include/)
+if (NOT ${LINUX_RND_HDR} STREQUAL "LINUX_RND_HDR-NOTFOUND")
+ message(STATUS "Found sys/random.h in ${LINUX_RND_HDR}")
+ include_directories(${LINUX_RND_HDR})
+ set(HAVE_SYS_RANDOM "1" CACHE STRING "Have Random Header")
+endif ()
+
+if (NOT ((CMAKE_SYSTEM_NAME STREQUAL "FreeBSD") OR
+ HAVE_SYS_RANDOM OR HAVE_OPENSSL OR HAVE_LIBGCRYPT))
+ message(FATAL_ERROR "No secure random generator found, "
+ "please install libgcrypt (> 1.7.0) or OpenSSL"
+ )
+endif ()
set(SOURCE_FILES
# Add source files here
@@ -71,26 +109,9 @@ if (CMAKE_BUILD_TYPE MATCHES Debug)
add_compile_flags(ouroboros -DCONFIG_OUROBOROS_DEBUG)
endif (CMAKE_BUILD_TYPE MATCHES Debug)
-if (CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")
- message(STATUS "Found FreeBSD, using arc4random.")
-else()
- if (${LINUX_RND_HDR} STREQUAL "LINUX_RND_HDR-NOTFOUND")
- find_package(OpenSSL)
- if (NOT OPENSSL_FOUND)
- message(FATAL_ERROR "No secure random generation, please install libssl.")
- else()
- include_directories($OPENSSL_INCLUDE_DIR})
- add_compile_flags(ouroboros -DHAVE_OPENSSL)
- endif()
- else ()
- message(STATUS "Found linux random header in ${LINUX_RND_HDR}.")
- include_directories(${LINUX_RND_HDR})
- add_compile_flags(ouroboros -DHAVE_SYS_RANDOM)
- endif ()
-endif()
-
target_link_libraries(ouroboros ${LIBRT_LIBRARIES}
- ${LIBPTHREAD_LIBRARIES} ${PROTOBUF_C_LIBRARY} ${OPENSSL_LIBRARIES})
+ ${LIBPTHREAD_LIBRARIES} ${PROTOBUF_C_LIBRARY} ${OPENSSL_LIBRARIES}
+ ${LIBGCRYPT_LIBRARIES})
install(TARGETS ouroboros LIBRARY DESTINATION usr/lib)
diff --git a/src/lib/hash.c b/src/lib/hash.c
index 9db3a276..088d43cd 100644
--- a/src/lib/hash.c
+++ b/src/lib/hash.c
@@ -27,12 +27,22 @@
#include <ouroboros/config.h>
#include <ouroboros/hash.h>
+#ifndef HAVE_LIBGCRYPT
+#include <ouroboros/crc32.h>
+#include <ouroboros/md5.h>
+#include <ouroboros/sha3.h>
+#else
+#include <gcrypt.h>
+#endif
#include <string.h>
#include <assert.h>
#include <stdbool.h>
uint16_t hash_len(enum hash_algo algo)
{
+#ifdef HAVE_LIBGCRYPT
+ return (uint16_t) gcry_md_get_algo_dlen(algo);
+#else
switch (algo) {
case HASH_CRC32:
return CRC32_HASH_LEN;
@@ -52,12 +62,16 @@ uint16_t hash_len(enum hash_algo algo)
}
return 0;
+#endif
}
void str_hash(enum hash_algo algo,
void * buf,
const char * str)
{
+#ifdef HAVE_LIBGCRYPT
+ gcry_md_hash_buffer(algo, buf, str, strlen(str));
+#else
struct sha3_ctx sha3_ctx;
struct md5_ctx md5_ctx;
@@ -95,4 +109,5 @@ void str_hash(enum hash_algo algo,
assert(false);
break;
}
+#endif
}
diff --git a/src/lib/random.c b/src/lib/random.c
index d6bde0f8..17973695 100644
--- a/src/lib/random.c
+++ b/src/lib/random.c
@@ -21,10 +21,13 @@
* 02110-1301 USA
*/
+#include <ouroboros/config.h>
#include <ouroboros/random.h>
#if defined(HAVE_SYS_RANDOM)
#include <sys/random.h>
+#elif defined(HAVE_LIBGCRYPT)
+#include <grypt.h>
#elif defined(__FreeBSD__)
#include <stdlib.h>
#elif defined(HAVE_OPENSSL)
@@ -36,16 +39,14 @@ int random_buffer(void * buf,
size_t len)
{
#if defined(HAVE_SYS_RANDOM)
- return getrandom(buf, len, GRND_NONBLOCK); /* also in glibc 2.25 */
+ return getrandom(buf, len, GRND_NONBLOCK); /* glibc 2.25 */
+#elif defined(HAVE_LIBGCRYPT)
+ return gcry_randomize(buf, len, GCRY_STRONG_RANDOM);
#elif defined(__FreeBSD__)
return arc4random_buf(buf, len);
#elif defined(HAVE_OPENSSL)
if (len > 0 && len < INT_MAX)
return RAND_bytes((unsigned char *) buf, (int) len);
return -1;
-#else
- (void) buf;
- (void) len;
- return -1;
#endif
}