Skip to content

Commit b2ae48a

Browse files
aiusepsiSteven Noonan
aiusepsi
authored and
Steven Noonan
committed
implement libsodium support
 - Added support for using libsodium for encryption rather than OpenSSL - Removed AES-GCM tests with keys shorter than 256; libsodium only supports 256 - Added a build with libsodium to the CI matrix Signed-off-by: Andrew Simpson <[email protected]> steven@ edited and rebased: - integrated with new USE_CRYPTO/USE_CRYPTO25519 options in CMake/meson - separated using libsodium for ed25519/curve25519 and AES/SHA256. - ensured libsodium simple crypto tests run on all builders instead of a single isolated builder. - prevented building with -DUSE_CRYPTO=libsodium for non-x86 hardware, as libsodium's AES implementation depends on AES-NI. it is still possible to configure with -DUSE_CRYPTO25519=libsodium on arbitrary hardware targets. Fixes #88. Signed-off-by: Steven Noonan <[email protected]>
1 parent 0bec773 commit b2ae48a

14 files changed

+636
-11
lines changed

.travis/build-cmake.sh

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ cmake_build() {
2020

2121
cleanup() {
2222
echo "Cleaning up CMake build directories" >&2
23-
rm -rf build-{a,ub,t}san build-cmake build-cmake-ref
23+
rm -rf build-{a,ub,t}san build-cmake{,-ref,-sodium{,25519}}
2424
}
2525

2626
trap cleanup EXIT
@@ -35,6 +35,7 @@ CMAKE_ARGS=(
3535
)
3636

3737
BUILD_SANITIZERS=${BUILD_SANITIZERS:-0}
38+
3839
[[ $(uname -s) == MINGW* ]] && BUILD_SANITIZERS=0
3940

4041
# Noticed that Clang's tsan and asan don't behave well on non-x86_64 Travis
@@ -48,6 +49,11 @@ BUILD_SANITIZERS=${BUILD_SANITIZERS:-0}
4849
# Foreign architecture docker containers don't support sanitizers.
4950
[[ $(uname -m) != x86_64 ]] && grep -q -e AuthenticAMD -e GenuineIntel /proc/cpuinfo && BUILD_SANITIZERS=0
5051

52+
BUILD_LIBSODIUM=1
53+
54+
# libsodium's AES implementation only works on x86_64
55+
[[ $(uname -m) != x86_64 ]] && BUILD_LIBSODIUM=0
56+
5157
set -x
5258

5359
# Build some tests with sanitizers
@@ -67,6 +73,16 @@ cmake_build build-cmake
6773
cmake_configure build-cmake-ref ${CMAKE_ARGS[@]} -DCMAKE_BUILD_TYPE=RelWithDebInfo -DUSE_CRYPTO25519=Reference ..
6874
cmake_build build-cmake-ref
6975

76+
# Build binaries with libsodium for ed25519/curve25519 only
77+
cmake_configure build-cmake-sodium25519 ${CMAKE_ARGS[@]} -DCMAKE_BUILD_TYPE=RelWithDebInfo -DUSE_CRYPTO25519=libsodium ..
78+
cmake_build build-cmake-sodium25519
79+
80+
# Build binaries with libsodium
81+
if [[ $BUILD_LIBSODIUM -ne 0 ]]; then
82+
cmake_configure build-cmake-sodium ${CMAKE_ARGS[@]} -DCMAKE_BUILD_TYPE=RelWithDebInfo -DUSE_CRYPTO=libsodium -DUSE_CRYPTO25519=libsodium ..
83+
cmake_build build-cmake-sodium
84+
fi
85+
7086
# Build specific extended tests for code correctness validation
7187
if [[ $BUILD_SANITIZERS -ne 0 ]]; then
7288
cmake_build build-asan test_connection test_crypto
@@ -78,6 +94,8 @@ fi
7894

7995
# Run basic tests
8096
build-cmake-ref/tests/test_crypto
97+
[[ $BUILD_LIBSODIUM -ne 0 ]] && build-cmake-sodium/tests/test_crypto
98+
build-cmake-sodium25519/tests/test_crypto
8199
build-cmake/tests/test_crypto
82100
build-cmake/tests/test_connection
83101

.travis/build-meson.sh

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ set -e
77

88
cleanup() {
99
echo "Cleaning up Meson build directories" >&2
10-
rm -rf build-meson build-meson-ref
10+
rm -rf build-meson{,-ref,-sodium{,25519}}
1111
}
1212

1313
trap cleanup EXIT
@@ -18,18 +18,29 @@ MESON_ARGS=(
1818
-DWerror=true
1919
)
2020

21+
BUILD_LIBSODIUM=1
22+
23+
# libsodium's AES implementation only works on x86_64
24+
[[ $(uname -m) != x86_64 ]] && BUILD_LIBSODIUM=0
25+
2126
set -x
2227

2328
# Build lightweight test builds
2429
meson . build-meson ${MESON_ARGS[@]} --buildtype debugoptimized
2530
meson . build-meson-ref ${MESON_ARGS[@]} --buildtype debugoptimized -Duse_crypto25519=Reference
31+
[[ $BUILD_LIBSODIUM -ne 0 ]] && meson . build-meson-sodium ${MESON_ARGS[@]} --buildtype debugoptimized -Duse_crypto=libsodium -Duse_crypto25519=libsodium
32+
meson . build-meson-sodium25519 ${MESON_ARGS[@]} --buildtype debugoptimized -Duse_crypto25519=libsodium
2633

2734
# Build all targets
2835
ninja -v -C build-meson
36+
[[ $BUILD_LIBSODIUM -ne 0 ]] && ninja -v -C build-meson-sodium
37+
ninja -v -C build-meson-sodium25519
2938
ninja -v -C build-meson-ref
3039

3140
# Run basic tests
3241
build-meson/tests/test_crypto
42+
[[ $BUILD_LIBSODIUM -ne 0 ]] && build-meson-sodium/tests/test_crypto
43+
build-meson-sodium25519/tests/test_crypto
3344
build-meson-ref/tests/test_crypto
3445

3546
set +x

.travis/install-alpine.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ PACKAGES=(
2020

2121
PACKAGES+=(protobuf-dev)
2222
PACKAGES+=(openssl-dev)
23+
PACKAGES+=(libsodium-dev)
2324

2425
apk add "${PACKAGES[@]}"
2526

.travis/install-archlinux.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ PACKAGES=(
1515

1616
PACKAGES+=(protobuf)
1717
PACKAGES+=(openssl)
18+
PACKAGES+=(libsodium)
1819

1920
pacman --noconfirm -Sy "${PACKAGES[@]}"
2021

.travis/install-fedora.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ PACKAGES=(
1818

1919
PACKAGES+=(protobuf-compiler protobuf-devel)
2020
PACKAGES+=(openssl-devel)
21+
PACKAGES+=(libsodium-devel)
2122

2223
dnf install -y "${PACKAGES[@]}"
2324

.travis/install-ubuntu.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ PACKAGES=(build-essential pkg-config ccache cmake meson clang)
1212

1313
PACKAGES+=(libprotobuf-dev protobuf-compiler)
1414
PACKAGES+=(libssl-dev)
15+
PACKAGES+=(libsodium-dev)
1516

1617
apt-get install -y "${PACKAGES[@]}"
1718

CMakeLists.txt

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ option(LIGHT_TESTS "Use smaller/shorter tests for simple integration testing (e.
3333
#
3434
# Primary crypto library (for AES, SHA256, etc)
3535
#
36-
set(useCryptoOptions OpenSSL BCrypt)
36+
set(useCryptoOptions OpenSSL libsodium BCrypt)
3737
set(USE_CRYPTO "OpenSSL" CACHE STRING "Crypto library to use for AES/SHA256")
3838
set_property(CACHE USE_CRYPTO PROPERTY STRINGS ${useCryptoOptions})
3939

@@ -74,7 +74,7 @@ endif()
7474
#
7575
# Secondary crypto library (for ed25519/curve25519).
7676
#
77-
set(useCrypto25519Options OpenSSL Reference)
77+
set(useCrypto25519Options OpenSSL libsodium Reference)
7878
set(USE_CRYPTO25519 "${useCrypto25519Default}" CACHE STRING "Crypto library to use for ed25519/curve25519")
7979
set_property(CACHE USE_CRYPTO25519 PROPERTY STRINGS ${useCrypto25519Options})
8080

@@ -107,6 +107,16 @@ if(USE_CRYPTO25519 STREQUAL "OpenSSL" AND NOT OPENSSL_HAS_25519_RAW)
107107
message(FATAL_ERROR "This version of OpenSSL does not support ed25519/curve25519. Please use -DUSE_CRYPTO25519=Reference or upgrade OpenSSL to 1.1.1 or later")
108108
endif()
109109

110+
if(USE_CRYPTO STREQUAL "libsodium" OR USE_CRYPTO25519 STREQUAL "libsodium")
111+
find_package(sodium REQUIRED)
112+
endif()
113+
114+
if(USE_CRYPTO STREQUAL "libsodium")
115+
if(NOT CMAKE_SYSTEM_PROCESSOR MATCHES "amd64.*|x86_64.*|AMD64.*|i686.*|i386.*|x86.*")
116+
message(FATAL_ERROR "-DUSE_CRYPTO=libsodium invalid, libsodium AES implementation only works on x86/x86_64 CPUs")
117+
endif()
118+
endif()
119+
110120
add_subdirectory(examples)
111121
add_subdirectory(src)
112122
add_subdirectory(tests)

0 commit comments

Comments
 (0)