CMake: add -DUSE_CRYPTO and -DUSE_CRYPTO25519 options

Signed-off-by: Steven Noonan <[email protected]>

Author: Steven Noonan

.travis/build-cmake.sh

@@ -20,7 +20,7 @@ cmake_build() {
 
 cleanup() {
 	echo "Cleaning up CMake build directories" >&2
-	rm -rf build-{a,ub,t}san build-cmake
+	rm -rf build-{a,ub,t}san build-cmake build-cmake-ref
 }
 
 trap cleanup EXIT
@@ -57,11 +57,14 @@ if [[ $BUILD_SANITIZERS -ne 0 ]]; then
 	fi
 fi
 
-cmake_configure build-cmake ${CMAKE_ARGS[@]} -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
-
 # Build normal unsanitized binaries
+cmake_configure build-cmake ${CMAKE_ARGS[@]} -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
 cmake_build build-cmake
 
+# Build binaries with reference ed25519/curve25519
+cmake_configure build-cmake-ref ${CMAKE_ARGS[@]} -DCMAKE_BUILD_TYPE=RelWithDebInfo -DUSE_CRYPTO25519=Reference ..
+cmake_build build-cmake-ref
+
 # Build specific extended tests for code correctness validation
 if [[ $BUILD_SANITIZERS -ne 0 ]]; then
 	cmake_build build-asan test_connection test_crypto
@@ -72,6 +75,7 @@ if [[ $BUILD_SANITIZERS -ne 0 ]]; then
 fi
 
 # Run basic tests
+build-cmake-ref/tests/test_crypto
 build-cmake/tests/test_crypto
 build-cmake/tests/test_connection
 

CMakeLists.txt

@@ -30,6 +30,21 @@ endif()
 option(Protobuf_USE_STATIC_LIBS "Build with a static Protobuf library" OFF)
 option(LIGHT_TESTS "Use smaller/shorter tests for simple integration testing (e.g. Travis)" OFF)
 
+#
+# Primary crypto library (for AES, SHA256, etc)
+#
+set(useCryptoOptions OpenSSL BCrypt)
+set(USE_CRYPTO "OpenSSL" CACHE STRING "Crypto library to use for AES/SHA256")
+set_property(CACHE USE_CRYPTO PROPERTY STRINGS ${useCryptoOptions})
+
+list(FIND useCryptoOptions ${USE_CRYPTO} useCryptoIndex)
+if(useCryptoIndex EQUAL -1)
+	message(FATAL_ERROR "USE_CRYPTO must be one of: ${useCryptoOptions}")
+endif()
+if(USE_CRYPTO STREQUAL "BCrypt" AND NOT WIN32)
+	message(FATAL_ERROR "USE_CRYPTO=\"BCrypt\" is only valid on Windows")
+endif()
+
 if (WIN32)
 	#
 	# Strip compiler flags which conflict with ones we explicitly set. If we don't
@@ -45,14 +60,60 @@ if (WIN32)
 	set(CMAKE_REQUIRED_LIBRARIES bcrypt)
 	check_symbol_exists(BCryptEncrypt windows.h BCRYPT_AVAILABLE)
 	cmake_pop_check_state()
-	option(USE_BCRYPT "Use Windows BCrypt API for hashing and encryption" OFF)
-	if (NOT BCRYPT_AVAILABLE AND USE_BCRYPT)
+	if (NOT BCRYPT_AVAILABLE AND USE_CRYPTO STREQUAL "BCrypt")
 		message(FATAL_ERROR "You're on Windows but BCrypt seems to be unavailable, you will need OpenSSL")
 	endif()
 endif()
 
+if (USE_CRYPTO STREQUAL "BCrypt")
+	set(useCrypto25519Default "Reference")
+else()
+	set(useCrypto25519Default "OpenSSL")
+endif()
+
+#
+# Secondary crypto library (for ed25519/curve25519).
+#
+set(useCrypto25519Options OpenSSL Reference)
+set(USE_CRYPTO25519 "${useCrypto25519Default}" CACHE STRING "Crypto library to use for ed25519/curve25519")
+set_property(CACHE USE_CRYPTO25519 PROPERTY STRINGS ${useCrypto25519Options})
+
+list(FIND useCrypto25519Options ${USE_CRYPTO25519} useCrypto25519Index)
+if(useCrypto25519Index EQUAL -1)
+	message(FATAL_ERROR "USE_CRYPTO25519 must be one of: ${useCrypto25519Options}")
+endif()
+
+if (USE_CRYPTO25519 STREQUAL "OpenSSL" OR USE_CRYPTO STREQUAL "OpenSSL")
+	find_package(OpenSSL REQUIRED)
+
+	# Ensure the OpenSSL version is recent enough. We need a bunch of EVP
+	# functionality.
+	cmake_push_check_state()
+	set(CMAKE_REQUIRED_LIBRARIES OpenSSL::Crypto)
+	check_symbol_exists(EVP_MD_CTX_free openssl/evp.h OPENSSL_NEW_ENOUGH)
+	if (NOT OPENSSL_NEW_ENOUGH)
+		message(FATAL_ERROR "Your OpenSSL version appears to be too old. Check that you're using OpenSSL 1.1.0 or later.")
+	endif()
+	cmake_pop_check_state()
+	cmake_push_check_state()
+	set(CMAKE_REQUIRED_LIBRARIES OpenSSL::Crypto)
+	if(USE_CRYPTO25519 STREQUAL "OpenSSL")
+		check_symbol_exists(EVP_PKEY_get_raw_public_key openssl/evp.h OPENSSL_HAS_25519_RAW)
+	endif()
+	cmake_pop_check_state()
+endif()
+
+if(USE_CRYPTO25519 STREQUAL "OpenSSL" AND NOT OPENSSL_HAS_25519_RAW)
+	message(FATAL_ERROR "This version of OpenSSL does not support ed25519/curve25519. Please use -DUSE_CRYPTO25519=Reference or upgrade OpenSSL to 1.1.1 or later")
+endif()
+
 add_subdirectory(examples)
 add_subdirectory(src)
 add_subdirectory(tests)
 
+message(STATUS "---------------------------------------------------------")
+message(STATUS "Crypto library for AES/SHA256: ${USE_CRYPTO}")
+message(STATUS "Crypto library for ed25519/curve25519: ${USE_CRYPTO25519}")
+message(STATUS "---------------------------------------------------------")
+
 # vim: set ts=4 sts=4 sw=4 noet:

src/CMakeLists.txt

@@ -4,23 +4,6 @@ include(CheckSymbolExists)
 include(CMakePushCheckState)
 
 find_package(Protobuf REQUIRED)
-if (NOT USE_BCRYPT)
-	find_package(OpenSSL REQUIRED)
-
-	# Ensure the OpenSSL version is recent enough. We need a bunch of EVP
-	# functionality.
-	cmake_push_check_state()
-	set(CMAKE_REQUIRED_LIBRARIES OpenSSL::Crypto)
-	check_symbol_exists(EVP_MD_CTX_free openssl/evp.h OPENSSL_NEW_ENOUGH)
-	if (NOT OPENSSL_NEW_ENOUGH)
-		message(FATAL_ERROR "Your OpenSSL version appears to be too old. Check that you're using OpenSSL 1.1.0 or later.")
-	endif()
-	cmake_pop_check_state()
-	cmake_push_check_state()
-	set(CMAKE_REQUIRED_LIBRARIES OpenSSL::Crypto)
-	check_symbol_exists(EVP_PKEY_get_raw_public_key openssl/evp.h OPENSSL_HAS_25519_RAW)
-	cmake_pop_check_state()
-endif()
 find_package(Threads REQUIRED)
 
 set(GNS_PROTOS
@@ -53,7 +36,7 @@ set(GNS_SRCS
 	"vstdlib/strtools.cpp"
 )
 
-if(USE_BCRYPT)
+if(USE_CRYPTO STREQUAL "BCrypt")
     set(GNS_CRYPTO_DEFINES  ${GNS_CRYPTO_DEFINES} STEAMNETWORKINGSOCKETS_CRYPTO_BCRYPT ED25519_HASH_BCRYPT)
     set(GNS_SRCS ${GNS_SRCS}
         "common/crypto_bcrypt.cpp"
@@ -64,18 +47,18 @@ else()
 		"common/crypto_openssl.cpp"
 		"common/opensslwrapper.cpp"
 	)
+endif()
 
-	# Use OpenSSL for 25519 if possible
-	if(OPENSSL_HAS_25519_RAW)
-		set(GNS_CRYPTO_DEFINES  ${GNS_CRYPTO_DEFINES} STEAMNETWORKINGSOCKETS_CRYPTO_25519_OPENSSL)
-		set(GNS_SRCS ${GNS_SRCS}
-			"common/crypto_25519_openssl.cpp"
-		)
-	endif()
+# Use OpenSSL for 25519 if possible
+if(USE_CRYPTO25519 STREQUAL "OpenSSL")
+	set(GNS_CRYPTO_DEFINES  ${GNS_CRYPTO_DEFINES} STEAMNETWORKINGSOCKETS_CRYPTO_25519_OPENSSL)
+	set(GNS_SRCS ${GNS_SRCS}
+		"common/crypto_25519_openssl.cpp"
+	)
 endif()
 
 # Use reference 25519 crypto implementation?
-if(USE_BCRYPT OR NOT OPENSSL_HAS_25519_RAW)
+if(USE_CRYPTO25519 STREQUAL "Reference")
 	set(GNS_CRYPTO_DEFINES ${GNS_CRYPTO_DEFINES} VALVE_CRYPTO_25519_DONNA)
 	set(GNS_SRCS ${GNS_SRCS}
 		"common/crypto_25519_donna.cpp"
@@ -98,14 +81,20 @@ set(GNS_COMMON_FLAGS
 	-fvisibility=hidden
 	-fno-strict-aliasing
 	-Wall
-	#-Wextra
 	-Wno-unknown-pragmas
 	-Wno-sign-compare
 	-Wno-unused-local-typedef
 	-Wno-unused-const-variable
 	-Wno-nested-anon-types
 )
 
+if(USE_CRYPTO25519 STREQUAL "Reference")
+	# We don't use some of the 25519 functions with static linkage. Silence
+	# -Wunused-function if we're including the reference ed25519/curve25519
+	# stuff.
+	set(GNS_COMMON_FLAGS ${GNS_COMMON_FLAGS} -Wno-unused-function)
+endif()
+
 if(WERROR)
 	set(GNS_COMMON_FLAGS
 		${GNS_COMMON_FLAGS}
@@ -158,7 +147,7 @@ macro(gamenetworkingsockets_common GNS_TARGET)
 		Threads::Threads
 	)
 
-	if(NOT USE_BCRYPT)
+	if(USE_CRYPTO STREQUAL "OpenSSL" OR USE_CRYPTO25519 STREQUAL "OpenSSL")
 		target_link_libraries(${GNS_TARGET} PUBLIC
 			OpenSSL::Crypto
 		)
@@ -240,7 +229,7 @@ macro(gamenetworkingsockets_common GNS_TARGET)
 			target_compile_options(${GNS_TARGET} PRIVATE -fno-stack-protector)
 		endif()
 		target_link_libraries(${GNS_TARGET} PUBLIC ws2_32 crypt32)
-		if(USE_BCRYPT)
+		if(USE_CRYPTO STREQUAL "BCrypt")
 			target_link_libraries(${GNS_TARGET} PUBLIC bcrypt)
 		endif()
 	else()