Added mbedtls encryption library choice for haicrypt (#748)

* Added mbedtls encryption library choice for haicrypt
Haivision · Jul 15, 2019 · cf2aeae · cf2aeae
1 parent 4572752
commit cf2aeae
Show file tree

Hide file tree

Showing 9 changed files with 401 additions and 34 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -105,7 +105,7 @@ option(ENABLE_SUFLIP "Should suflip tool be built" OFF)
 option(ENABLE_GETNAMEINFO "In-logs sockaddr-to-string should do rev-dns" OFF)
 option(ENABLE_UNITTESTS "Enable unit tests" OFF)
 option(ENABLE_ENCRYPTION "Enable encryption in SRT" ON)
-option(USE_GNUTLS "Should use gnutls instead of openssl" OFF)
+option(USE_GNUTLS "DEPRECATED. Use USE_ENCLIB=openssl|gnutls|mbedtls instead" OFF)
 option(ENABLE_CXX_DEPS "Extra library dependencies in srt.pc for the CXX libraries useful with C language" ON)
 option(USE_STATIC_LIBSTDCXX "Should use static rather than shared libstdc++" OFF)
 option(ENABLE_INET_PTON "Set to OFF to prevent usage of inet_pton when building against modern SDKs while still requiring compatibility with older Windows versions, such as Windows XP, Windows Server 2003 etc." ON)
@@ -131,6 +131,17 @@ if ( CYGWIN AND NOT CYGWIN_USE_POSIX )
 	message(STATUS "HAVE CYGWIN. Setting backward compat CMAKE_LEGACY_CYGWIN_WIN32 and -DWIN32")
 endif()
 
+if (NOT USE_ENCLIB)
+	if (USE_GNUTLS)
+		message("NOTE: USE_GNUTLS is deprecated. Use -DUSE_ENCLIB=gnutls instead.")
+		set (USE_ENCLIB gnutls)
+	else()
+		set (USE_ENCLIB openssl)
+	endif()
+
+endif()
+
+
 # Make sure DLLs and executabes go to the same path regardles of subdirectory
 set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR})
 set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR})
@@ -185,14 +196,14 @@ if (DEFINED HAVE_INET_PTON)
 endif()
 
 if (ENABLE_ENCRYPTION)
-	if ( USE_GNUTLS )
+	if ("${USE_ENCLIB}" STREQUAL "gnutls")
 		set (SSL_REQUIRED_MODULES "gnutls nettle")
 		if (WIN32)
 			if (MINGW)
 				set (SSL_REQUIRED_MODULES "${SSL_REQUIRED_MODULES} zlib")
 			endif()
 		endif()
-	 
+
 		pkg_check_modules (SSL REQUIRED ${SSL_REQUIRED_MODULES})
 
 		add_definitions(
@@ -202,15 +213,20 @@ if (ENABLE_ENCRYPTION)
 		link_directories(
 			${SSL_LIBRARY_DIRS}
 		)
-	else()
+	else() # Common for mbedtls and openssl
+		if ("${USE_ENCLIB}" STREQUAL "mbedtls")
+			add_definitions(-DUSE_MBEDTLS=1)
+			set (SSL_REQUIRED_MODULES "mbedtls mbedcrypto")
+		else()
+			add_definitions(-DUSE_OPENSSL=1)
+			set (SSL_REQUIRED_MODULES "openssl libcrypto")
+		endif()
 		# Try using pkg-config method first if enabled,
 		# fall back to find_package method otherwise
 		if (USE_OPENSSL_PC)
-			pkg_check_modules(SSL "openssl libcrypto")
+			pkg_check_modules(SSL ${SSL_REQUIRED_MODULES})
 		endif()
 		if (SSL_FOUND)
-			set (SSL_REQUIRED_MODULES "openssl libcrypto")
-
 			# We have some cases when pkg-config is improperly configured
 			# When it doesn't ship the -L and -I options, and the CMAKE_PREFIX_PATH
 			# is set (also through `configure`), then we have this problem. If so,
@@ -229,15 +245,25 @@ if (ENABLE_ENCRYPTION)
 			)
 			message(STATUS "SSL via pkg-config: -L ${SSL_LIBRARY_DIRS} -I ${SSL_INCLUDE_DIRS} -l;${SSL_LIBRARIES}")
 		else()
-			set (SSL_REQUIRED_MODULES "openssl libcrypto")
-			find_package(OpenSSL REQUIRED)
-			set (SSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIR})
-			set (SSL_LIBRARIES ${OPENSSL_LIBRARIES})
-			message(STATUS "SSL via find_package(OpenSSL): -I ${SSL_INCLUDE_DIRS} -l;${SSL_LIBRARIES}")
+			if ("${USE_ENCLIB}" STREQUAL "mbedtls")
+				if ("${SSL_LIBRARY_DIRS}" STREQUAL "")
+					if (NOT "${CMAKE_PREFIX_PATH}" STREQUAL "")
+						message(STATUS "WARNING: pkg-config has incorrect prefix - enforcing target path prefix: ${CMAKE_PREFIX_PATH}")
+						set (SSL_LIBRARY_DIRS ${CMAKE_PREFIX_PATH}/${CMAKE_INSTALL_LIBDIR})
+						set (SSL_INCLUDE_DIRS ${CMAKE_PREFIX_PATH}/include)
+					endif()
+				endif()
+				if ("${SSL_LIBRARIES}" STREQUAL "")
+					set (SSL_LIBRARIES  mbedtls mbedcrypto)
+				endif()
+				message(STATUS "SSL enforced mbedtls: -I ${SSL_INCLUDE_DIRS} -l;${SSL_LIBRARIES}")
+			else()
+				find_package(OpenSSL REQUIRED)
+				set (SSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIR})
+				set (SSL_LIBRARIES ${OPENSSL_LIBRARIES})
+				message(STATUS "SSL via find_package(OpenSSL): -I ${SSL_INCLUDE_DIRS} -l;${SSL_LIBRARIES}")
+			endif()
 		endif()
-		add_definitions(
-			-DUSE_OPENSSL
-			)
 	endif()
 
 	add_definitions(-DSRT_ENABLE_ENCRYPTION)
@@ -422,11 +448,7 @@ endif()
 # Completing sources and installable headers. Flag settings will follow.
 # ---
 if (ENABLE_ENCRYPTION)
-	if ( USE_GNUTLS )
-		set (HAICRYPT_FILELIST_MAF "filelist-gnutls.maf")
-	else()
-		set (HAICRYPT_FILELIST_MAF "filelist.maf")
-	endif()
+	set (HAICRYPT_FILELIST_MAF "filelist-${USE_ENCLIB}.maf")
 
 	MafReadDir(haicrypt ${HAICRYPT_FILELIST_MAF}
 		SOURCES SOURCES_haicrypt
@@ -499,6 +521,7 @@ set (VIRTUAL_srt $<TARGET_OBJECTS:srt_virtual> $<TARGET_OBJECTS:haicrypt_virtual
 if (srt_libspec_shared)
 	add_library(${TARGET_srt}_shared SHARED ${OBJECT_LIB_SUPPORT} ${VIRTUAL_srt})
 	# shared libraries need PIC
+	set (CMAKE_POSITION_INDEPENDENT_CODE ON)
 	set_property(TARGET ${TARGET_srt}_shared PROPERTY OUTPUT_NAME ${TARGET_srt})
 	set_target_properties (${TARGET_srt}_shared PROPERTIES VERSION ${SRT_VERSION} SOVERSION ${SRT_VERSION_MAJOR})
 	list (APPEND INSTALL_TARGETS ${TARGET_srt}_shared)

diff --git a/configure-data.tcl b/configure-data.tcl
@@ -54,7 +54,8 @@ set cmake_options {
     pkg-config-executable=<filepath> "pkg-config executable"
     pthread-include-dir=<path> "Path to a file."
     pthread-library=<filepath> "Path to a library."
-    use-gnutls "Should use gnutls instead of openssl (default: OFF)"
+    use-gnutls "DEPRECATED. Use --use-enclib=openssl|gnutls|mbedtls"
+    use-enclib "Encryption library to be used: openssl(default), gnutls, mbedtls"
     use-static-libstdc++ "Should use static rather than shared libstdc++ (default: OFF)"
 }
 
@@ -126,8 +127,15 @@ proc preprocess {} {
 	# Alias to old name --with-gnutls, which enforces using gnutls instead of openssl
 	if { [info exists ::optval(--with-gnutls)] } {
 		unset ::optval(--with-gnutls)
-		set ::optval(--use-gnutls) ON
-		puts "WARNING: --with-gnutls is a deprecated alias to --use-gnutls, please use the latter one"
+		set ::optval(--use-enclib) gnutls
+		puts "WARNING: --with-gnutls is a deprecated alias to --use-enclib=gnutls, please use the latter one"
+	}
+
+	# Alias to old name --use-gnutls, which enforces using gnutls instead of openssl
+	if { [info exists ::optval(--use-gnutls)] } {
+		unset ::optval(--use-gnutls)
+		set ::optval(--use-enclib) gnutls
+		puts "WARNING: --use-gnutls is a deprecated alias to --use-enclib=gnutls, please use the latter one"
 	}
 
 	if { [info exists ::optval(--with-target-path)] } {

diff --git a/haicrypt/cryspr-config.h b/haicrypt/cryspr-config.h
@@ -0,0 +1,22 @@
+#ifndef INC__CRYSPR_CONFIG_H
+#define INC__CRYSPR_CONFIG_H
+
+// Size of the single block for encryption.
+// This might need tweaking for particular implementation library.
+#define CRYSPR_AESBLKSZ 16              /* 128-bit */
+
+#if defined(USE_OPENSSL)
+#include "cryspr-openssl.h"
+#define cryspr4SRT()  crysprOpenSSL()
+#elif defined(USE_GNUTLS)
+#include "cryspr-gnutls.h"
+#define cryspr4SRT()  crysprGnuTLS()
+#elif defined(USE_MBEDTLS)
+#include "cryspr-mbedtls.h"
+#define cryspr4SRT() crysprMbedtls()
+#else
+#error Cryspr implementation not selected. Please define USE_* + OPENSSL/GNUTLS/MBEDTLS.
+#endif
+
+
+#endif