Fix build errors with BoringSSL

cisco · Sep 12, 2023 · 434b132 · 434b132
1 parent a05b0d7
commit 434b132
Show file tree

Hide file tree

Showing 25 changed files with 378 additions and 134 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -74,8 +74,10 @@ endif()
 
 set(OPENSSL_ROOT_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../boringssl/")
 set(OPENSSL_INCLUDE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../boringssl/include")
-set(OPENSSL_CRYPTO_LIBRARY "${CMAKE_CURRENT_BINARY_DIR}/../boringssl/build/crypto/libcrypto.a")
+set(OPENSSL_CRYPTO_LIBRARY "${CMAKE_CURRENT_SOURCE_DIR}/../boringssl/build/crypto/libcrypto.a")
 find_package(OpenSSL REQUIRED)
+add_compile_definitions(WITH_BORINGSSL)
+add_compile_options(-Wno-gnu-anonymous-struct -Wno-nested-anon-types)
 
 #find_package(OpenSSL REQUIRED)
 #if ( OPENSSL_FOUND )

diff --git a/include/mls/crypto.h b/include/mls/crypto.h
@@ -133,7 +133,11 @@ struct CipherSuite
   static const bytes& reference_label();
 };
 
+#if WITH_BORINGSSL
+extern const std::array<CipherSuite::ID, 5> all_supported_suites;
+#else
 extern const std::array<CipherSuite::ID, 7> all_supported_suites;
+#endif
 
 // Utilities
 using hpke::random_bytes;

diff --git a/lib/hpke/CMakeLists.txt b/lib/hpke/CMakeLists.txt
@@ -13,7 +13,7 @@ file(GLOB_RECURSE LIB_SOURCES CONFIGURE_DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/src
 
 add_library(${CURRENT_LIB_NAME} ${LIB_HEADERS} ${LIB_SOURCES})
 add_dependencies(${CURRENT_LIB_NAME} bytes tls_syntax)
-target_link_libraries(${CURRENT_LIB_NAME} PRIVATE bytes tls_syntax crypto)
+target_link_libraries(${CURRENT_LIB_NAME} PRIVATE bytes tls_syntax)
 target_include_directories(${CURRENT_LIB_NAME}
   PUBLIC
     ${CMAKE_CURRENT_SOURCE_DIR}/include

diff --git a/lib/hpke/include/hpke/hpke.h b/lib/hpke/include/hpke/hpke.h
@@ -16,7 +16,9 @@ struct KEM
     DHKEM_P384_SHA384 = 0x0011,
     DHKEM_P521_SHA512 = 0x0012,
     DHKEM_X25519_SHA256 = 0x0020,
+#if !defined(WITH_BORINGSSL)
     DHKEM_X448_SHA512 = 0x0021,
+#endif
   };
 
   template<KEM::ID>

diff --git a/lib/hpke/include/hpke/signature.h b/lib/hpke/include/hpke/signature.h
@@ -15,7 +15,9 @@ struct Signature
     P384_SHA384,
     P521_SHA512,
     Ed25519,
+#if !defined(WITH_BORINGSSL)
     Ed448,
+#endif
     RSA_SHA256,
     RSA_SHA384,
     RSA_SHA512,

diff --git a/lib/hpke/src/aead_cipher.cpp b/lib/hpke/src/aead_cipher.cpp
@@ -3,6 +3,10 @@
 
 #include <openssl/evp.h>
 
+#if WITH_BORINGSSL
+#include <openssl/aead.h>
+#endif
+
 namespace hpke {
 
 ///
@@ -108,6 +112,25 @@ cipher_tag_size(AEAD::ID cipher)
   }
 }
 
+#if WITH_BORINGSSL
+static const EVP_AEAD*
+boringssl_cipher(AEAD::ID cipher)
+{
+  switch (cipher) {
+    case AEAD::ID::AES_128_GCM:
+      return EVP_aead_aes_128_gcm();
+
+    case AEAD::ID::AES_256_GCM:
+      return EVP_aead_aes_256_gcm();
+
+    case AEAD::ID::CHACHA20_POLY1305:
+      return EVP_aead_chacha20_poly1305();
+
+    default:
+      throw std::runtime_error("Unsupported algorithm");
+  }
+}
+#else
 static const EVP_CIPHER*
 openssl_cipher(AEAD::ID cipher)
 {
@@ -125,6 +148,7 @@ openssl_cipher(AEAD::ID cipher)
       throw std::runtime_error("Unsupported algorithm");
   }
 }
+#endif // WITH_BORINGSSL
 
 AEADCipher::AEADCipher(AEAD::ID id_in)
   : AEAD(id_in, cipher_key_size(id_in), cipher_nonce_size(id_in))
@@ -138,6 +162,30 @@ AEADCipher::seal(const bytes& key,
                  const bytes& aad,
                  const bytes& pt) const
 {
+#if WITH_BORINGSSL
+  auto ctx = make_typed_unique(
+    EVP_AEAD_CTX_new(boringssl_cipher(id), key.data(), key.size(), tag_size));
+  if (ctx == nullptr) {
+    throw openssl_error();
+  }
+
+  auto ct = bytes(pt.size() + tag_size);
+  auto out_len = ct.size();
+  if (1 != EVP_AEAD_CTX_seal(ctx.get(),
+                             ct.data(),
+                             &out_len,
+                             ct.size(),
+                             nonce.data(),
+                             nonce.size(),
+                             pt.data(),
+                             pt.size(),
+                             aad.data(),
+                             aad.size())) {
+    throw openssl_error();
+  }
+
+  return ct;
+#else
   auto ctx = make_typed_unique(EVP_CIPHER_CTX_new());
   if (ctx == nullptr) {
     throw openssl_error();
@@ -184,6 +232,7 @@ AEADCipher::seal(const bytes& key,
 
   ct += tag;
   return ct;
+#endif // WITH_BORINGSSL
 }
 
 std::optional<bytes>
@@ -196,6 +245,30 @@ AEADCipher::open(const bytes& key,
     throw std::runtime_error("AEAD ciphertext smaller than tag size");
   }
 
+#if WITH_BORINGSSL
+  auto ctx = make_typed_unique(EVP_AEAD_CTX_new(
+    boringssl_cipher(id), key.data(), key.size(), cipher_tag_size(id)));
+  if (ctx == nullptr) {
+    throw openssl_error();
+  }
+
+  auto pt = bytes(ct.size() - tag_size);
+  auto out_len = pt.size();
+  if (1 != EVP_AEAD_CTX_open(ctx.get(),
+                             pt.data(),
+                             &out_len,
+                             pt.size(),
+                             nonce.data(),
+                             nonce.size(),
+                             ct.data(),
+                             ct.size(),
+                             aad.data(),
+                             aad.size())) {
+    throw openssl_error();
+  }
+
+  return pt;
+#else
   auto ctx = make_typed_unique(EVP_CIPHER_CTX_new());
   if (ctx == nullptr) {
     throw openssl_error();
@@ -242,6 +315,7 @@ AEADCipher::open(const bytes& key,
   }
 
   return pt;
+#endif // WITH_BORINGSSL
 }
 
 } // namespace hpke
diff --git a/lib/hpke/src/certificate.cpp b/lib/hpke/src/certificate.cpp
@@ -227,13 +227,22 @@ struct Certificate::ParsedCertificate
 
   static Signature::ID public_key_algorithm(X509* x509)
   {
-    switch (EVP_PKEY_base_id(X509_get0_pubkey(x509))) {
+#if WITH_BORINGSSL
+    const auto pub = make_typed_unique(X509_get_pubkey(x509));
+    const auto* pub_ptr = pub.get();
+#else
+    const auto* pub_ptr = X509_get0_pubkey(x509);
+#endif
+
+    switch (EVP_PKEY_base_id(pub_ptr)) {
       case EVP_PKEY_ED25519:
         return Signature::ID::Ed25519;
+#if !defined(WITH_BORINGSSL)
       case EVP_PKEY_ED448:
         return Signature::ID::Ed448;
+#endif
       case EVP_PKEY_EC: {
-        auto key_size = EVP_PKEY_bits(X509_get0_pubkey(x509));
+        auto key_size = EVP_PKEY_bits(pub_ptr);
         switch (key_size) {
           case 256:
             return Signature::ID::P256_SHA256;
@@ -260,8 +269,10 @@ struct Certificate::ParsedCertificate
     switch (nid) {
       case EVP_PKEY_ED25519:
         return Signature::ID::Ed25519;
+#if !defined(WITH_BORINGSSL)
       case EVP_PKEY_ED448:
         return Signature::ID::Ed448;
+#endif
       case NID_ecdsa_with_SHA256:
         return Signature::ID::P256_SHA256;
       case NID_ecdsa_with_SHA384:

diff --git a/lib/hpke/src/dhkem.cpp b/lib/hpke/src/dhkem.cpp
@@ -61,6 +61,7 @@ DHKEM::get<KEM::ID::DHKEM_X25519_SHA256>()
   return instance;
 }
 
+#if !defined(WITH_BORINGSSL)
 template<>
 const DHKEM&
 DHKEM::get<KEM::ID::DHKEM_X448_SHA512>()
@@ -70,6 +71,7 @@ DHKEM::get<KEM::ID::DHKEM_X448_SHA512>()
                                           KDF::get<KDF::ID::HKDF_SHA512>());
   return instance;
 }
+#endif
 
 DHKEM::DHKEM(KEM::ID kem_id_in, const Group& group_in, const KDF& kdf_in)
   : KEM(kem_id_in,

diff --git a/lib/hpke/src/digest.cpp b/lib/hpke/src/digest.cpp
@@ -142,7 +142,7 @@ Digest::hmac_for_hkdf_extract(const bytes& key, const bytes& data) const
   // OpenSSL 3 does not support the flag EVP_MD_CTX_FLAG_NON_FIPS_ALLOW anymore.
   // However, OpenSSL 3 in FIPS mode doesn't seem to check the HMAC key size
   // constraint.
-#if !defined(WITH_OPENSSL3)
+#if !defined(WITH_OPENSSL3) && !defined(WITH_BORINGSSL)
   static const auto fips_min_hmac_key_len = 14;
   if (FIPS_mode() != 0 && key_size < fips_min_hmac_key_len) {
     HMAC_CTX_set_flags(ctx.get(), EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);

diff --git a/lib/hpke/src/group.cpp b/lib/hpke/src/group.cpp
@@ -5,6 +5,7 @@
 #include "common.h"
 #include "openssl_common.h"
 
+#include "openssl/bn.h"
 #include "openssl/ec.h"
 #include "openssl/evp.h"
 #include "openssl/obj_mac.h"
@@ -491,7 +492,14 @@ struct ECKeyGroup : public EVPGroup
 #endif
 
     auto out = bytes(BN_num_bytes(d));
-    if (BN_bn2bin(d, out.data()) != int(out.size())) {
+#if WITH_BORINGSSL
+    // In BoringSSL, BN_bn2bin returns size_t
+    const auto out_size = out.size();
+#else
+    // In OpenSSL, BN_bn2bin returns int
+    const auto out_size = static_cast<int>(out.size());
+#endif
+    if (BN_bn2bin(d, out.data()) != out_size) {
       throw openssl_error();
     }
 
@@ -723,6 +731,8 @@ Group::get<Group::ID::Ed25519>()
   return instance;
 }
 
+// BoringSSL doesn't support X448 / Ed448
+#if !defined(WITH_BORINGSSL)
 template<>
 const Group&
 Group::get<Group::ID::X448>()
@@ -731,6 +741,7 @@ Group::get<Group::ID::X448>()
                                     KDF::get<KDF::ID::HKDF_SHA512>());
   return instance;
 }
+#endif
 
 template<>
 const Group&

diff --git a/lib/hpke/src/hpke.cpp b/lib/hpke/src/hpke.cpp
@@ -124,12 +124,14 @@ KEM::get<KEM::ID::DHKEM_X25519_SHA256>()
   return DHKEM::get<KEM::ID::DHKEM_X25519_SHA256>();
 }
 
+#if !defined(WITH_BORINGSSL)
 template<>
 const KEM&
 KEM::get<KEM::ID::DHKEM_X448_SHA512>()
 {
   return DHKEM::get<KEM::ID::DHKEM_X448_SHA512>();
 }
+#endif
 
 bytes
 KEM::serialize_private(const KEM::PrivateKey& /* unused */) const
@@ -352,8 +354,10 @@ select_kem(KEM::ID id)
       return KEM::get<KEM::ID::DHKEM_P521_SHA512>();
     case KEM::ID::DHKEM_X25519_SHA256:
       return KEM::get<KEM::ID::DHKEM_X25519_SHA256>();
+#if !defined(WITH_BORINGSSL)
     case KEM::ID::DHKEM_X448_SHA512:
       return KEM::get<KEM::ID::DHKEM_X448_SHA512>();
+#endif
     default:
       throw std::runtime_error("Unsupported algorithm");
   }

diff --git a/lib/hpke/src/openssl_common.cpp b/lib/hpke/src/openssl_common.cpp
@@ -19,6 +19,15 @@ typed_delete(EVP_CIPHER_CTX* ptr)
   EVP_CIPHER_CTX_free(ptr);
 }
 
+#if WITH_BORINGSSL
+template<>
+void
+typed_delete(EVP_AEAD_CTX* ptr)
+{
+  EVP_AEAD_CTX_free(ptr);
+}
+#endif
+
 template<>
 void
 typed_delete(EVP_PKEY_CTX* ptr)

diff --git a/lib/hpke/src/signature.cpp b/lib/hpke/src/signature.cpp
@@ -39,8 +39,10 @@ struct GroupSignature : public Signature
         return Signature::ID::P521_SHA512;
       case Group::ID::Ed25519:
         return Signature::ID::Ed25519;
+#if !defined(WITH_BORINGSSL)
       case Group::ID::Ed448:
         return Signature::ID::Ed448;
+#endif
       default:
         throw std::runtime_error("Unsupported group");
     }
@@ -139,13 +141,15 @@ Signature::get<Signature::ID::Ed25519>()
   return instance;
 }
 
+#if !defined(WITH_BORINGSSL)
 template<>
 const Signature&
 Signature::get<Signature::ID::Ed448>()
 {
   static const auto instance = GroupSignature(Group::get<Group::ID::Ed448>());
   return instance;
 }
+#endif
 
 template<>
 const Signature&

diff --git a/lib/hpke/test/CMakeLists.txt b/lib/hpke/test/CMakeLists.txt
@@ -8,7 +8,7 @@ file(GLOB TEST_SOURCES CONFIGURE_DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/*.cpp)
 
 add_executable(${TEST_APP_NAME} ${TEST_SOURCES})
 add_dependencies(${TEST_APP_NAME} ${CURRENT_LIB_NAME} bytes tls_syntax)
-target_link_libraries(${TEST_APP_NAME} ${CURRENT_LIB_NAME} bytes tls_syntax doctest::doctest crypto)
+target_link_libraries(${TEST_APP_NAME} ${CURRENT_LIB_NAME} bytes tls_syntax doctest::doctest ${OPENSSL_CRYPTO_LIBRARY})
 
 # Enable CTest
 include(doctest)