stun: Switch from gcrypt to gnutls

GLib already uses it, instead of adding another dep.

Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Differential Revision: https://phabricator.freedesktop.org/D1705

6 files changed, 42 insertions, 66 deletions

diff --git a/README b/README
index 858ea00..3279743 100644
--- a/README
+++ b/README
@@ -20,7 +20,7 @@ Requirements
  pkg-config
  gupnp-igd >= 0.1.2 (optional)
  gstreamer-0.10 >= 0.10.0 (optional)
- gcrypt >= 1.4.5
+ gnutls >= 2.12.0
 
 Build instructions
 ------------------
diff --git a/configure.ac b/configure.ac
index 2b4a68a..93bf1e2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -184,14 +184,20 @@ AC_CHECK_FUNCS([poll])
 AC_SUBST(LIBRT)
 
 # Dependencies
+
+GNUTLS_PACKAGES_PRIVATE="gnutls >= 2.12.0"
+PKG_CHECK_MODULES(GNUTLS, [$GNUTLS_PACKAGES_PRIVATE])
+
 NICE_PACKAGES_PUBLIC="glib-2.0 >= $GLIB_REQ gio-2.0 >= $GLIB_REQ gobject-2.0 >= $GLIB_REQ"
 NICE_PACKAGES_PRIVATE="gthread-2.0"
-NICE_PACKAGES="$NICE_PACKAGES_PUBLIC $NICE_PACKAGES_PRIVATE"
+
+PKG_CHECK_MODULES(GLIB, [$NICE_PACKAGES_PUBLIC $NICE_PACKAGES_PRIVATE])
+
+NICE_PACKAGES_PRIVATE="$NICE_PACKAGES_PRIVATE $GNUTLS_PACKAGES_PRIVATE"
+
 AC_SUBST([NICE_PACKAGES_PUBLIC])
 AC_SUBST([NICE_PACKAGES_PRIVATE])
-AC_SUBST([NICE_PACKAGES])
 
-PKG_CHECK_MODULES(GLIB, [$NICE_PACKAGES])
 
 AC_ARG_WITH(gstreamer, 
 	AS_HELP_STRING([--with-gstreamer],[build GStreamer plugin]),
@@ -301,22 +307,6 @@ AC_SUBST([GUPNP_PACKAGES])
 AC_SUBST(HAVE_GUPNP)
 AC_SUBST([UPNP_ENABLED])
 
-dnl libgcrypt
-GCRYPT_VERSION=1.6.0
-GCRYPT_LIBVER=1
-
-AM_PATH_LIBGCRYPT($GCRYPT_LIBVER:$GCRYPT_VERSION,,AC_MSG_ERROR([[
-***
-*** libgcrypt was not found. You may want to get it from
-*** ftp://ftp.gnupg.org/gcrypt/libgcrypt/
-***
-]]))
-libgcrypt=yes
-AC_DEFINE_UNQUOTED(LIBGCRYPT_VERSION, "$GCRYPT_VERSION", [Version of GCRYPT we expect])
-
-AC_SUBST([LIBGCRYPT_CFLAGS])
-AC_SUBST([LIBGCRYPT_LIBS])
-
 dnl Test coverage
 AC_ARG_ENABLE([coverage],
 	[AS_HELP_STRING([--enable-coverage],
diff --git a/nice/nice.pc.in b/nice/nice.pc.in
index b968ca8..8805f0d 100644
--- a/nice/nice.pc.in
+++ b/nice/nice.pc.in
@@ -10,5 +10,4 @@ Version: @VERSION@
 Requires: @NICE_PACKAGES_PUBLIC@ @GUPNP_PACKAGES_PUBLIC@
 Requires.private: @NICE_PACKAGES_PRIVATE@ @GUPNP_PACKAGES_PRIVATE@
 Libs: -L${libdir} -lnice
-Libs.private: @LIBGCRYPT_LIBS@
 Cflags: -I${includedir}/nice -I${includedir}
diff --git a/stun/Makefile.am b/stun/Makefile.am
index f532616..c9b0cb2 100644
--- a/stun/Makefile.am
+++ b/stun/Makefile.am
@@ -14,7 +14,7 @@ AM_CFLAGS = \
 	-std=gnu99 \
 	-DG_LOG_DOMAIN=\"libnice-stun\" \
 	$(LIBNICE_CFLAGS) \
-	$(LIBGCRYPT_CFLAGS) \
+	$(GNUTLS_CFLAGS) \
 	$(NULL)
 AM_CPPFLAGS = -I$(top_srcdir)
 
@@ -38,7 +38,7 @@ libstun_la_SOURCES = constants.h \
 	usages/turn.c usages/turn.h \
 	usages/timer.c usages/timer.h
 
-libstun_la_LIBADD = $(LIBRT) $(LIBGCRYPT_LIBS)
+libstun_la_LIBADD = $(LIBRT) $(GNUTLS_LIBS)
 
 EXTRA_DIST = win32_common.h
 
diff --git a/stun/rand.c b/stun/rand.c
index a375f33..1deaf56 100644
--- a/stun/rand.c
+++ b/stun/rand.c
@@ -68,23 +68,13 @@ void nice_RAND_bytes (uint8_t *dst, int len)
 }
 #else
 
-#include <gcrypt.h>
+#include <sys/types.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
 
 void nice_RAND_bytes (uint8_t *dst, int len)
 {
-  /* Initialise libgcrypt. The application might do this first, but we need to
-   * do it otherwise. Abort if this fails, as we can’t do random number
-   * generation. */
-  if (!gcry_check_version (GCRYPT_VERSION))
-    abort ();
-
-  if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P))
-    {
-      gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
-      gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
-    }
-
-  gcry_randomize (dst, len, GCRY_STRONG_RANDOM);
+  gnutls_rnd (GNUTLS_RND_NONCE, dst, len);
 }
 
 #endif /* _WIN32 */
diff --git a/stun/stunhmac.c b/stun/stunhmac.c
index 795e987..825656a 100644
--- a/stun/stunhmac.c
+++ b/stun/stunhmac.c
@@ -47,40 +47,40 @@
 
 #include <string.h>
 #include <assert.h>
-#include <gcrypt.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
 
 void stun_sha1 (const uint8_t *msg, size_t len, size_t msg_len, uint8_t *sha,
     const void *key, size_t keylen, int padding)
 {
   uint16_t fakelen = htons (msg_len);
   uint8_t pad_char[64] = {0};
-  gcry_mac_hd_t hd;
-  size_t sha_len = 20;
-
-#define TRY(s) \
-  if (!(s)) \
-    abort ();
+  gnutls_hmac_hd_t handle;
+  int ret;
 
   assert (len >= 44u);
 
-  TRY (gcry_mac_open (&hd, GCRY_MAC_HMAC_SHA1, 0  /* flags */, NULL) == 0);
-  TRY (gcry_mac_setkey (hd, key, keylen) == 0);
+  assert (gnutls_hmac_get_len (GNUTLS_MAC_SHA1) == 20);
+  ret = gnutls_hmac_init (&handle, GNUTLS_MAC_SHA1, key, keylen);
+  assert (ret >= 0);
 
-  TRY (gcry_mac_write (hd, msg, 2) == 0);
-  TRY (gcry_mac_write (hd, &fakelen, 2) == 0);
-  TRY (gcry_mac_write (hd, msg + 4, len - 28) == 0);
+  ret = gnutls_hmac (handle, msg, 2);
+  assert (ret >= 0);
+  ret = gnutls_hmac (handle, &fakelen, 2);
+  assert (ret >= 0);
+  ret = gnutls_hmac (handle, msg + 4, len - 28);
+  assert (ret >= 0);
 
   /* RFC 3489 specifies that the message's size should be 64 bytes,
      and \x00 padding should be done */
   if (padding && ((len - 24) % 64) > 0) {
     uint16_t pad_size = 64 - ((len - 24) % 64);
-    TRY (gcry_mac_write (hd, pad_char, pad_size) == 0);
-  }
 
-  TRY (gcry_mac_read (hd, sha, &sha_len) == 0);
-  assert (sha_len == 20);
+    ret = gnutls_hmac (handle, pad_char, pad_size);
+    assert (ret >= 0);
+  }
 
-  gcry_mac_close (hd);
+  gnutls_hmac_deinit (handle, sha);
 }
 
 static const uint8_t *priv_trim_var (const uint8_t *var, size_t *var_len)
@@ -109,19 +109,16 @@ void stun_hash_creds (const uint8_t *realm, size_t realm_len,
   const uint8_t *password_trimmed = priv_trim_var (password, &password_len);
   const uint8_t *realm_trimmed = priv_trim_var (realm, &realm_len);
   const uint8_t *colon = (uint8_t *)":";
+  gnutls_hash_hd_t handle;
+
+  gnutls_hash_init (&handle, GNUTLS_DIG_MD5);
+  gnutls_hash (handle, username_trimmed, username_len);
+  gnutls_hash (handle, colon, 1);
+  gnutls_hash (handle, realm_trimmed, realm_len);
+  gnutls_hash (handle, colon, 1);
+  gnutls_hash (handle, password_trimmed, password_len);
 
-  /* https://gnupg.org/documentation/manuals/gcrypt/Buffer-description.html */
-  const gcry_buffer_t iov[] = {
-      /* size, off, len, data */
-      { 0, 0, username_len, (void *) username_trimmed },
-      { 0, 0, 1, (void *) colon },
-      { 0, 0, realm_len, (void *) realm_trimmed },
-      { 0, 0, 1, (void *) colon },
-      { 0, 0, password_len, (void *) password_trimmed },
-  };
-
-  gcry_md_hash_buffers (GCRY_MD_MD5, 0  /* flags */, md5,
-                        iov, sizeof (iov) / sizeof (*iov));
+  gnutls_hash_deinit (handle, md5);
 }