Use OpenSSL for elliptic curve crypto

This commit removes the curve25519-donna and ed25519 libraries and replaces them with their OpenSSL implementations. Two new macros were defined in `lib/pairing.h`: - `X25519_KEX_SIZE` for the size of the keys in bytes - `PAIRING_SIG_SIZE` for the length of the signature in bytes These macros were implemented in `lib/raop_handlers.h` too. Also, the `handle_error` function from `lib/crypto.c` was renamed to `crypto_handle_error`, improved slightly and placed into the header `lib/crypto.h`. This way `lib/pairing.c` can call this function when an OpenSSL error occurs.
FD- · Nov 22, 2020 · f79e588 · f79e588
1 parent 83b0652
commit f79e588
Show file tree

Hide file tree

Showing 29 changed files with 188 additions and 5,991 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -6,8 +6,6 @@ set (CMAKE_CXX_STANDARD 11)
 
 set (RENDERER_FLAGS "")
 
-add_subdirectory(lib/curve25519)
-add_subdirectory(lib/ed25519)
 add_subdirectory(lib/playfair)
 add_subdirectory(lib/llhttp)
 add_subdirectory(lib)

diff --git a/README.md b/README.md
@@ -134,9 +134,7 @@ The code in this repository accumulated from various sources over time. Here is
 * **Juho Vähä-Herttua** and contributors: Created an AirPlay audio server called [ShairPlay](https://github.com/juhovh/shairplay), including support for Fairplay based on PlayFair. Most of the code in `lib/` originally stems from this project. License: GNU LGPLv2.1+
 * **EstebanKubata**: Created a FairPlay library called [PlayFair](https://github.com/EstebanKubata/playfair). Located in the `lib/playfair` folder. License: GNU GPL
 * **Joyent, Inc and contributors**: Created an http library called [llhttp](https://github.com/nodejs/llhttp). Located at `lib/llhttp/`. License: MIT
-* **Google, Inc and contributors**: Created an implementation of curve 25519 called [curve25519-donna](https://github.com/agl/curve25519-donna). Located in the `lib/curve25519` folder. License: 3-Clause BSD
 * **Team XBMC**: Managed to show a black background for OpenMAX video rendering. This code is used in the video renderer. License: GNU GPL
-* **Orson Peters and contributors**: An implementation of [Ed25519](https://github.com/orlp/ed25519) signatures. Located in `lib/ed25519`, License: ZLIB; Depends on LibTomCrypt, License: Public Domain
 * **Alex Izvorski and contributors**: Wrote [h264bitstream](https://github.com/aizvorski/h264bitstream), a library for manipulation h264 streams. Used for reducing delay in the Raspberry Pi video pipeline. Located in the `renderers/h264-bitstream` folder. License: GNU LGPLv2.1
 
 
@@ -149,7 +147,6 @@ Your contributions are more than welcome!
 
 # Todo
 
-* Use OpenSSL for the elliptic curve crypto?
 * Bug: Sometimes cannot be stopped?
 
 # Changelog

diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
@@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 3.4.1)
-include_directories( curve25519 ed25519 playfair llhttp )
+include_directories( playfair llhttp )
 
 aux_source_directory(. play_src)
 set(DIR_SRCS ${play_src})
@@ -13,14 +13,12 @@ find_library( LIBPLIST NAMES plist plist-2.0 )
 
 target_link_libraries( airplay
 	    pthread
-        curve25519
-        ed25519
         playfair
         llhttp
         ${LIBPLIST} )
 
 if( UNIX AND NOT APPLE )
-  find_package(OpenSSL REQUIRED)
+  find_package(OpenSSL 1.1.1 REQUIRED)
   target_link_libraries( airplay OpenSSL::Crypto )
   target_link_libraries( airplay dns_sd )
 else()

diff --git a/lib/crypto.c b/lib/crypto.c
@@ -23,6 +23,7 @@
 #include <openssl/err.h>
 
 #include <assert.h>
+#include <stdlib.h>
 #include <string.h>
 #include <stdbool.h>
 
@@ -38,11 +39,11 @@ uint8_t waste[AES_128_BLOCK_SIZE];
 
 // Common AES utilities
 
-void handle_error(const char* location) {
+void crypto_handle_error(const char* location) {
     long error = ERR_get_error();
     const char* error_str = ERR_error_string(error, NULL);
-    printf("Crypto error at %s: %s\n", location, error_str);
-    assert(false);
+    fprintf(stderr, "Crypto error at %s: %s\n", location, error_str);
+    exit(EXIT_FAILURE);
 }
 
 aes_ctx_t *aes_init(const uint8_t *key, const uint8_t *iv, const EVP_CIPHER *type, aes_direction_t direction) {
@@ -56,11 +57,11 @@ aes_ctx_t *aes_init(const uint8_t *key, const uint8_t *iv, const EVP_CIPHER *typ
 
     if (direction == AES_ENCRYPT) {
         if (!EVP_EncryptInit_ex(ctx->cipher_ctx, type, NULL, key, iv)) {
-            handle_error(__func__);
+            crypto_handle_error(__func__);
         }
     } else {
         if (!EVP_DecryptInit_ex(ctx->cipher_ctx, type, NULL, key, iv)) {
-            handle_error(__func__);
+            crypto_handle_error(__func__);
         }
     }
 
@@ -72,7 +73,7 @@ aes_ctx_t *aes_init(const uint8_t *key, const uint8_t *iv, const EVP_CIPHER *typ
 void aes_encrypt(aes_ctx_t *ctx, const uint8_t *in, uint8_t *out, int in_len) {
     int out_len = 0;
     if (!EVP_EncryptUpdate(ctx->cipher_ctx, out, &out_len, in, in_len)) {
-        handle_error(__func__);
+        crypto_handle_error(__func__);
     }
 
     assert(out_len <= in_len);
@@ -81,7 +82,7 @@ void aes_encrypt(aes_ctx_t *ctx, const uint8_t *in, uint8_t *out, int in_len) {
 void aes_decrypt(aes_ctx_t *ctx, const uint8_t *in, uint8_t *out, int in_len) {
     int out_len = 0;
     if (!EVP_DecryptUpdate(ctx->cipher_ctx, out, &out_len, in, in_len)) {
-        handle_error(__func__);
+        crypto_handle_error(__func__);
     }
 
     assert(out_len <= in_len);
@@ -96,16 +97,16 @@ void aes_destroy(aes_ctx_t *ctx) {
 
 void aes_reset(aes_ctx_t *ctx, const EVP_CIPHER *type, aes_direction_t direction) {
     if (!EVP_CIPHER_CTX_reset(ctx->cipher_ctx)) {
-        handle_error(__func__);
+        crypto_handle_error(__func__);
     }
 
     if (direction == AES_ENCRYPT) {
         if (!EVP_EncryptInit_ex(ctx->cipher_ctx, type, NULL, ctx->key, ctx->iv)) {
-            handle_error(__func__);
+            crypto_handle_error(__func__);
         }
     } else {
         if (!EVP_DecryptInit_ex(ctx->cipher_ctx, type, NULL, ctx->key, ctx->iv)) {
-            handle_error(__func__);
+            crypto_handle_error(__func__);
         }
     }
 }
@@ -176,28 +177,28 @@ sha_ctx_t *sha_init() {
     assert(ctx->digest_ctx != NULL);
 
     if (!EVP_DigestInit_ex(ctx->digest_ctx, EVP_sha512(), NULL)) {
-        handle_error(__func__);
+        crypto_handle_error(__func__);
     }
     return ctx;
 }
 
 void sha_update(sha_ctx_t *ctx, const uint8_t *in, int len) {
     if (!EVP_DigestUpdate(ctx->digest_ctx, in, len)) {
-        handle_error(__func__);
+        crypto_handle_error(__func__);
     }
 }
 
 void sha_final(sha_ctx_t *ctx, uint8_t *out, unsigned int *len) {
     if (!EVP_DigestFinal_ex(ctx->digest_ctx, out, len)) {
-        handle_error(__func__);
+        crypto_handle_error(__func__);
     }
 }
 
 void sha_reset(sha_ctx_t *ctx) {
     if (!EVP_MD_CTX_reset(ctx->digest_ctx) ||
         !EVP_DigestInit_ex(ctx->digest_ctx, EVP_sha512(), NULL)) {
 
-        handle_error(__func__);
+        crypto_handle_error(__func__);
     }
 }
 

diff --git a/lib/crypto.h b/lib/crypto.h
@@ -39,6 +39,8 @@ typedef enum aes_direction_e { AES_DECRYPT, AES_ENCRYPT } aes_direction_t;
 
 typedef struct aes_ctx_s aes_ctx_t;
 
+void crypto_handle_error(const char* location);
+
 aes_ctx_t *aes_ctr_init(const uint8_t *key, const uint8_t *iv);
 void aes_ctr_reset(aes_ctx_t *ctx);
 void aes_ctr_encrypt(aes_ctx_t *ctx, const uint8_t *in, uint8_t *out, int len);

diff --git a/lib/curve25519/CMakeLists.txt b/lib/curve25519/CMakeLists.txt