hmac,md5,sha: add mbedtls backend (#871)

* hmac,md5,sha: add mbedtls backend

* cmake: MBEDTLS - use uppercase letters for find_package variables

* tls: add a stub for USE_OPENSSL=no

* cmake: decide between openssl and mbedtls

CMakeLists.txt

@@ -535,6 +535,7 @@ else()
   list(APPEND SRCS
     src/aes/stub.c
     src/hmac/hmac.c
+    src/tls/stub.c
   )
 endif()
 

cmake/FindMBEDTLS.cmake

@@ -0,0 +1,30 @@
+find_path(MBEDTLS_INCLUDE_DIR
+    NAMES mbedtls/ssl.h mbedtls/md.h mbedtls/md5.h mbedtls/error.h
+          mbedtls/sha1.h mbedtls/sha256.h
+    HINTS
+      "${MBEDTLS_INCLUDE_DIRS}"
+      "${MBEDTLS_HINTS}/include"
+    PATHS /usr/local/include /usr/include
+)
+
+find_library(MBEDTLS_LIBRARY
+  NAMES mbedtls mbedx509 mbedcrypto
+  HINTS
+    "${MBEDTLS_LIBRARY_DIRS}"
+    "${MBEDTLS_HINTS}/lib"
+  PATHS /usr/local/lib /usr/lib
+)
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(MBEDTLS DEFAULT_MSG
+    MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY)
+
+if(MBEDTLS_FOUND)
+  set( MBEDTLS_INCLUDE_DIRS ${MBEDTLS_INCLUDE_DIR} )
+  set( MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARY} )
+else()
+  set( MBEDTLS_INCLUDE_DIRS )
+  set( MBEDTLS_LIBRARIES )
+endif()
+
+mark_as_advanced(MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARIES)

cmake/re-config.cmake

@@ -2,10 +2,17 @@ include(CheckIncludeFile)
 include(CheckFunctionExists)
 include(CheckSymbolExists)
 
+option(USE_MBEDTLS "Enable MbedTLS" OFF)
+
 find_package(Backtrace)
 find_package(Threads REQUIRED)
 find_package(ZLIB)
+
+if (USE_MBEDTLS)
+find_package(MBEDTLS)
+else()
 find_package(OpenSSL "1.1.1")
+endif()
 
 option(USE_OPENSSL "Enable OpenSSL" ${OPENSSL_FOUND})
 option(USE_UNIXSOCK "Enable Unix Domain Sockets" ON)
@@ -135,6 +142,12 @@ if(USE_OPENSSL)
   )
 endif()
 
+if(USE_MBEDTLS)
+  list(APPEND RE_DEFINITIONS
+    -DUSE_MBEDTLS
+  )
+endif()
+
 if(USE_UNIXSOCK)
   list(APPEND RE_DEFINITIONS
     -DHAVE_UNIXSOCK=1

src/hmac/hmac_sha1.c

@@ -14,6 +14,9 @@
 #elif defined (WIN32)
 #include <windows.h>
 #include <wincrypt.h>
+#elif defined (USE_MBEDTLS)
+#include <mbedtls/md.h>
+#include <mbedtls/error.h>
 #endif
 #include <re_hmac.h>
 
@@ -113,6 +116,16 @@ void hmac_sha1(const uint8_t *k,  /* secret key */
 #elif defined (WIN32)
 	compute_hash(CALG_SHA1, d, ld,
 		     out, (DWORD)t, k, lk);
+#elif defined (MBEDTLS_MD_C)
+	int err;
+	(void)t;
+
+	err = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1),
+			      k, lk, d, ld, out);
+	if (err)
+		DEBUG_WARNING("mbedtls_md_hmac: %s\n",
+			      mbedtls_high_level_strerr(err));
+
 #else
 	(void)k;
 	(void)lk;
@@ -147,6 +160,15 @@ void hmac_sha256(const uint8_t *key, size_t key_len,
 #elif defined (WIN32)
 	compute_hash(CALG_SHA_256, data, data_len,
 		     out, (DWORD)out_len, key, key_len);
+#elif defined (MBEDTLS_MD_C)
+	int err;
+	(void)out_len;
+
+	err = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+			      key, key_len, data, data_len, out);
+	if (err)
+		DEBUG_WARNING("mbedtls_md_hmac: %s\n",
+			      mbedtls_high_level_strerr(err));
 #else
 	(void)key;
 	(void)key_len;

src/md5/wrap.c

@@ -12,6 +12,9 @@
 #elif defined (WIN32)
 #include <windows.h>
 #include <wincrypt.h>
+#elif defined (USE_MBEDTLS)
+#include <mbedtls/md5.h>
+#include <mbedtls/error.h>
 #endif
 #include <re_types.h>
 #include <re_fmt.h>
@@ -20,6 +23,10 @@
 #include <re_md5.h>
 
 
+#define DEBUG_MODULE "md5"
+#define DEBUG_LEVEL 5
+#include <re_dbg.h>
+
 /**
  * Calculate the MD5 hash from a buffer
  *
@@ -52,6 +59,13 @@ void md5(const uint8_t *d, size_t n, uint8_t *md)
 
 	CryptDestroyHash(hash);
 	CryptReleaseContext(context, 0);
+#elif defined (MBEDTLS_MD_C)
+	int err;
+
+	err = mbedtls_md5(d, n, md);
+	if (err)
+		DEBUG_WARNING("mbedtls_md5: %s\n",
+			      mbedtls_high_level_strerr(err));
 #else
 #error missing MD5 backend
 #endif

src/sha/wrap.c

@@ -14,10 +14,18 @@
 #elif defined (WIN32)
 #include <windows.h>
 #include <wincrypt.h>
+#elif defined (USE_MBEDTLS)
+#include <mbedtls/sha1.h>
+#include <mbedtls/sha256.h>
+#include <mbedtls/error.h>
 #endif
 #include <re_sha.h>
 
 
+#define DEBUG_MODULE "sha"
+#define DEBUG_LEVEL 5
+#include <re_dbg.h>
+
 #if !defined (USE_OPENSSL) && defined (WIN32)
 static void compute_hash(ALG_ID alg_id, const void *data, size_t data_size,
 			 uint8_t *md, DWORD hash_size)
@@ -52,6 +60,13 @@ void sha1(const uint8_t *d, size_t n, uint8_t *md)
 	CC_SHA1(d, (uint32_t)n, md);
 #elif defined (WIN32)
 	compute_hash(CALG_SHA1, d, n, md, SHA1_DIGEST_SIZE);
+#elif defined (MBEDTLS_MD_C)
+	int err;
+
+	err = mbedtls_sha1(d, n, md);
+	if (err)
+		DEBUG_WARNING("mbedtls_sha1: %s\n",
+			      mbedtls_high_level_strerr(err));
 #else
 	(void)d;
 	(void)n;
@@ -76,6 +91,13 @@ void sha256(const uint8_t *d, size_t n, uint8_t *md)
 	CC_SHA256(d, (uint32_t)n, md);
 #elif defined (WIN32)
 	compute_hash(CALG_SHA_256, d, n, md, SHA256_DIGEST_SIZE);
+#elif defined (MBEDTLS_MD_C)
+	int err;
+
+	err = mbedtls_sha256(d, n, md, 0);
+	if (err)
+		DEBUG_WARNING("mbedtls_sha256: %s\n",
+			      mbedtls_high_level_strerr(err));
 #else
 	(void)d;
 	(void)n;