From af5e42aba4294ce09a263573febe840e804cf1ed Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Sun, 21 Apr 2019 21:13:30 +0200 Subject: nettle: vendor in Curve448 and Ed448 implementation Signed-off-by: Daiki Ueno --- .gitignore | 1 + .gitlab-ci.yml | 2 +- .gitmodules | 3 + bootstrap.conf | 4 +- configure.ac | 10 +++ devel/import-curve448-from-nettle.sh | 154 +++++++++++++++++++++++++++++++++++ devel/nettle | 1 + lib/nettle/Makefile.am | 50 ++++++++++++ 8 files changed, 223 insertions(+), 2 deletions(-) create mode 100755 devel/import-curve448-from-nettle.sh create mode 160000 devel/nettle diff --git a/.gitignore b/.gitignore index 2f1a40a95b..34d9af38a5 100644 --- a/.gitignore +++ b/.gitignore @@ -231,6 +231,7 @@ lib/minitasn1/libminitasn1.la lib/minitasn1/Makefile lib/minitasn1/Makefile.in lib/nettle/libcrypto.la +lib/nettle/curve448 lib/opencdk/libminiopencdk.la lib/opencdk/Makefile lib/opencdk/Makefile.in diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e72c39527d..2f569debc0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -33,7 +33,7 @@ variables: FEDORA_BUILD: buildenv-fedora31 MINGW_BUILD: buildenv-mingw ALPINE_BASE_BUILD: buildenv-alpine-base - CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --suppressions-list=devel/cppcheck.suppressions --template='{id}:{file}:{line},{severity},{message}'" + CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --suppressions-list=devel/cppcheck.suppressions -i lib/nettle/curve448 --template='{id}:{file}:{line},{severity},{message}'" GET_SOURCES_ATTEMPTS: "3" ################################################## diff --git a/.gitmodules b/.gitmodules index dd05bd67df..672f483a31 100644 --- a/.gitmodules +++ b/.gitmodules @@ -13,3 +13,6 @@ [submodule "gnulib"] path = gnulib url = https://gitlab.com/libidn/gnulib-mirror.git +[submodule "devel/nettle"] + path = devel/nettle + url = https://gitlab.com/gnutls/nettle.git diff --git a/bootstrap.conf b/bootstrap.conf index 33f19e7890..38f199a22c 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -23,7 +23,7 @@ gnulib_tool_option_extras="--with-tests --avoid=alignof-tests --avoid=lock-tests use_libtool=1 checkout_only_file= local_gl_dir=gl/override/ -required_submodules="tests/suite/tls-fuzzer/python-ecdsa tests/suite/tls-fuzzer/tlsfuzzer tests/suite/tls-fuzzer/tlslite-ng" +required_submodules="tests/suite/tls-fuzzer/python-ecdsa tests/suite/tls-fuzzer/tlsfuzzer tests/suite/tls-fuzzer/tlslite-ng devel/nettle" # Reproduce by: gnulib-tool --import --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lock-tests --avoid=lseek-tests --lgpl=2 --no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files alloca byteswap c-ctype extensions func gendocs getline gettext-h gettimeofday hash-pjw-bare havelib intprops lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv snprintf stdint strcase strndup strtok_r strverscmp sys_socket sys_stat time_r unistd vasprintf vsnprintf warnings @@ -101,4 +101,6 @@ bootstrap_post_import_hook () # Automake requires that ChangeLog exist. touch ChangeLog || return 1 + + devel/import-curve448-from-nettle.sh } diff --git a/configure.ac b/configure.ac index 8aa72f443b..2e73a904d6 100644 --- a/configure.ac +++ b/configure.ac @@ -650,6 +650,16 @@ LIBS="$LIBS $NETTLE_LIBS" AC_CHECK_FUNCS(nettle_streebog512_update) LIBS=$save_LIBS +# Check for Curve448 and Ed448 +have_curve448=no +save_LIBS=$LIBS +LIBS="$LIBS $HOGWEED_LIBS $NETTLE_LIBS" +AC_CHECK_FUNCS([nettle_curve448_mul nettle_ed448_shake256_sign], + [AC_DEFINE([HAVE_CURVE448], 1, [Enable Curve448]) + have_curve448=yes]) +LIBS=$save_LIBS +AM_CONDITIONAL(NEED_CURVE448, test "$have_curve448" != "yes") + AC_MSG_CHECKING([whether to build libdane]) AC_ARG_ENABLE(libdane, AS_HELP_STRING([--disable-libdane], diff --git a/devel/import-curve448-from-nettle.sh b/devel/import-curve448-from-nettle.sh new file mode 100755 index 0000000000..7cd974302a --- /dev/null +++ b/devel/import-curve448-from-nettle.sh @@ -0,0 +1,154 @@ +#!/bin/sh + +# This script copies the Curve448 and Ed448 implementation from the +# nettle upstream, with necessary adjustments for bundling in GnuTLS. + +set +e + +: ${srcdir=.} +SRC=$srcdir/devel/nettle +DST=$srcdir/lib/nettle/curve448 + +IMPORTS=" +cnd-copy.c +curve448-eh-to-x.c +curve448.h +curve448-mul.c +curve448-mul-g.c +eccdata.c +ecc-curve448.c +ecc-add-eh.c +ecc-add-ehh.c +ecc-a-to-j.c +ecc-dup-eh.c +ecc-eh-to-a.c +ecc-internal.h +ecc-mod-arith.c +ecc-mod.c +ecc-mod-inv.c +ecc-mul-a-eh.c +ecc-mul-g-eh.c +ecc-mul-m.c +ed448-shake256.c +ed448-shake256-pubkey.c +ed448-shake256-sign.c +ed448-shake256-verify.c +eddsa-compress.c +eddsa-decompress.c +eddsa-expand.c +eddsa.h +eddsa-hash.c +eddsa-internal.h +eddsa-pubkey.c +eddsa-sign.c +eddsa-verify.c +gmp-glue.h +gmp-glue.c +nettle-write.h +sec-add-1.c +sec-tabselect.c +sha3.c +sha3.h +sha3-256.c +sha3-internal.h +sha3-permute.c +shake256.c +" + +PUBLIC=" +bignum.h +ecc-curve.h +ecc.h +macros.h +memxor.h +nettle-meta.h +nettle-types.h +" + +test -d $DST || mkdir $DST + +for f in $IMPORTS; do + src=$SRC/$f + dst=$DST/$f + if test -f $src; then + if test -f $dst; then + echo "Replacing $dst (existing file backed up in $dst~)" + mv $dst $dst~ + else + echo "Copying file $dst" + fi + cp $src $dst + # Use for public headers. + for h in $PUBLIC; do + p=$(echo $h | sed 's/\./\\./g') + if grep '^#include "'$p'"' $dst 2>&1 >/dev/null; then + sed 's!^#include "'$p'"!#include !' $dst > $dst-t && \ + mv $dst-t $dst + fi + done + # Remove unused . + if grep '^#include ' $dst 2>&1 >/dev/null; then + if ! grep 'assert *(' $dst 2>&1 >/dev/null; then + sed '/^#include /d' $dst > $dst-t && mv $dst-t $dst + fi + fi + case $dst in + *.h) + # Rename header guard so as not to conflict with the public ones. + if grep '^#ifndef NETTLE_.*_H\(_INCLUDED\)*' $dst 2>&1 >/dev/null; then + g=$(sed -n 's/^#ifndef NETTLE_\(.*_H\(_INCLUDED\)*\)/\1/p' $dst) + sed 's/\(NETTLE_'$g'\)/GNUTLS_LIB_NETTLE_CURVE448_\1/' $dst > $dst-t && \ + mv $dst-t $dst + fi + ;; + esac + case $dst in + *.h) + # Add prefix to function symbols avoid clashing with the public ones. + sed -e 's/^#define \(.*\) nettle_\1/#define \1 gnutls_nettle_curve448_\1/' \ + -e 's/^#define \(.*\) _nettle_\1/#define \1 _gnutls_nettle_curve448_\1/' $dst > $dst-t && \ + mv $dst-t $dst + ;; + esac + case $dst in + */eccdata.c) + sed 's/^#include "mini-gmp.c"/#include /' $dst > $dst-t && \ + mv $dst-t $dst + ;; + esac + case $dst in + */ecc-curve448.c) + # The generated file is arch dependent, conditionalize the + # inclusion. + sed '/^#include "ecc-curve448\.h"/ { i\ +#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)\ +# pragma GCC diagnostic ignored "-Wunused-const-variable"\ +#endif\ +#if GMP_NUMB_BITS == 32\ +#include "curve448/ecc-curve448-32.h"\ +#elif GMP_NUMB_BITS == 64\ +#include "curve448/ecc-curve448-64.h"\ +#else\ +#error unsupported configuration\ +#endif +; d +}' $dst > $dst-t && mv $dst-t $dst + ;; + esac + case $dst in + */eddsa-hash.c) + # Known to be unnecessary. + sed '/^#include "nettle-internal\.h"/d' $dst > $dst-t && mv $dst-t $dst + ;; + esac + case $dst in + */ecc-add-eh*.c) + # Suppress whitespace errors in 'make syntax-check'. + sed 's/ * / /g' $dst > $dst-t && mv $dst-t $dst + ;; + esac + else + echo "Error: $src not found" 1>&2 + exit 1 + fi +done diff --git a/devel/nettle b/devel/nettle new file mode 160000 index 0000000000..d1dbba1e7f --- /dev/null +++ b/devel/nettle @@ -0,0 +1 @@ +Subproject commit d1dbba1e7fcf4ad54e5d3435e381ae336c36cf2a diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am index c1ac2b2125..8c1a2d17ee 100644 --- a/lib/nettle/Makefile.am +++ b/lib/nettle/Makefile.am @@ -97,3 +97,53 @@ libcrypto_la_SOURCES += \ libcrypto_la_SOURCES += gost_keywrap.c endif + +if NEED_CURVE448 +curve448_generated_headers = \ + curve448/ecc-curve448-32.h curve448/ecc-curve448-64.h + +BUILT_SOURCES = $(curve448_generated_headers) +EXTRA_DIST = $(curve448_generated_headers) curve448/eccdata.stamp + +noinst_PROGRAMS = curve448/eccdata$(EXEEXT) + +curve448_eccdata_SOURCES = curve448/eccdata.c +curve448_eccdata_CFLAGS = $(GMP_CFLAGS) +curve448_eccdata_LDADD = $(GMP_LIBS) ../../gl/libgnu.la + +curve448/eccdata.stamp: $(curve448_eccdata_SOURCES) + $(AM_V_GEN)$(MAKE) $(AM_MAKEFLAGS) curve448/eccdata$(EXEEXT) && touch $@ + +curve448/ecc-curve448-32.h: curve448/eccdata.stamp + $(AM_V_GEN)curve448/eccdata$(EXEEXT) curve448 38 6 32 > $@T && mv $@T $@ + +curve448/ecc-curve448-64.h: curve448/eccdata.stamp + $(AM_V_GEN)curve448/eccdata$(EXEEXT) curve448 38 6 64 > $@T && mv $@T $@ + +libcrypto_la_SOURCES += \ + curve448/nettle-write.h curve448/gmp-glue.h curve448/gmp-glue.c + +libcrypto_la_SOURCES += \ + curve448/sha3.c curve448/sha3.h curve448/sha3-256.c \ + curve448/sha3-permute.c curve448/sha3-internal.h \ + curve448/shake256.c + +libcrypto_la_SOURCES += \ + curve448/ecc-internal.h \ + curve448/ecc-add-eh.c curve448/ecc-add-ehh.c curve448/ecc-dup-eh.c \ + curve448/ecc-eh-to-a.c curve448/ecc-mul-a-eh.c curve448/ecc-mul-g-eh.c \ + curve448/ecc-mul-m.c curve448/ecc-mod.c curve448/ecc-mod-arith.c \ + curve448/ecc-mod-inv.c \ + curve448/ecc-a-to-j.c \ + curve448/sec-tabselect.c curve448/cnd-copy.c curve448/sec-add-1.c \ + curve448/ecc-curve448.c $(curve448_genereated_headers) \ + curve448/curve448-eh-to-x.c curve448/curve448.h curve448/curve448-mul.c \ + curve448/curve448-mul-g.c + +libcrypto_la_SOURCES += \ + curve448/eddsa.h curve448/eddsa-compress.c curve448/eddsa-decompress.c \ + curve448/eddsa-expand.c curve448/eddsa-hash.c curve448/eddsa-internal.h \ + curve448/eddsa-pubkey.c curve448/eddsa-sign.c curve448/eddsa-verify.c \ + curve448/ed448-shake256.c curve448/ed448-shake256-pubkey.c \ + curve448/ed448-shake256-sign.c curve448/ed448-shake256-verify.c +endif -- cgit v1.2.1