Add support nettle AES cryptographic. (#149)

SRT supports nettle AES encryption using
`--with-gnutls` option at build time.

Signed-off-by: Justin Kim <[email protected]>

.travis.yml

@@ -18,11 +18,11 @@ matrix:
           osx_image: xcode7.3
           env: BUILD_TYPE=Debug
           before_install: brew update
-          install: brew install openssl
+          install: brew install openssl gnutls nettle
         - os: osx
           osx_image: xcode7.3
           before_install: brew update
-          install: brew install openssl
+          install: brew install openssl gnutls nettle
           env: BUILD_TYPE=Release
 
 

CMakeLists.txt

@@ -54,6 +54,7 @@ option(ENABLE_LOGGING "Should logging be enabled" ${ENABLE_LOGGING_DEFAULT})
 option(ENABLE_SHARED "Should libsrt be built as a shared library" ON)
 option(ENABLE_SEPARATE_HAICRYPT "Should haicrypt be built as a separate library file" OFF)
 option(ENABLE_SUFLIP "Shuld suflip tool be built" OFF)
+option(USE_GNUTLS "Should use gnutls instead of openssl" OFF)
 
 # Always turn logging on if the build type is debug
 if (ENABLE_DEBUG)
@@ -87,8 +88,28 @@ set_if(DARWIN ${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
 set_if(LINUX ${CMAKE_SYSTEM_NAME} MATCHES "Linux")
 
 # find OpenSSL
-find_package(OpenSSL REQUIRED)
-message (STATUS "OpenSSL libraries: ${OPENSSL_LIBRARIES}")
+if ( USE_GNUTLS )
+	pkg_check_modules (SSL REQUIRED gnutls nettle)
+
+	add_definitions(
+		-DUSE_GNUTLS=1
+	)
+
+	link_directories(
+		${SSL_LIBRARY_DIRS}
+	)
+else()
+	find_package(OpenSSL REQUIRED)
+	set (SSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIR})
+	set (SSL_LIBRARIES ${OPENSSL_LIBRARIES})
+
+	add_definitions(
+		-DHAICRYPT_USE_OPENSSL_EVP=1
+		-DHAICRYPT_USE_OPENSSL_AES
+	)
+endif()
+
+message (STATUS "SSL libraries: ${SSL_LIBRARIES}")
 
 # Detect if the compiler is GNU compatable for flags
 set(HAVE_COMPILER_GNU_COMPAT 0)
@@ -172,8 +193,6 @@ add_definitions(
    -D_GNU_SOURCE
    -DHAI_PATCH=1
    -DHAI_ENABLE_SRT=1
-   -DHAICRYPT_USE_OPENSSL_EVP=1
-   -DHAICRYPT_USE_OPENSSL_AES
    -DSRT_VERSION="${SRT_VERSION}"
 )
 
@@ -222,7 +241,13 @@ endif()
 # Target: haicrypt.
 # Completing sources and installable headers. Flag settings will follow.
 # ---
-MafRead(haicrypt/filelist.maf
+if ( USE_GNUTLS )
+	set (HAICRYPT_FILELIST_MAF "haicrypt/filelist-gnutls.maf")
+else()
+	set (HAICRYPT_FILELIST_MAF "haicrypt/filelist.maf")
+endif()
+
+MafRead(${HAICRYPT_FILELIST_MAF}
 	SOURCES SOURCES_haicrypt_indir
 	PUBLIC_HEADERS HEADERS_haicrypt_indir
 	PROTECTED_HEADERS HEADERS_haicrypt_indir
@@ -327,13 +352,13 @@ add_library(${TARGET_srt} ${srt_libspec} ${SOURCES_srt} ${SOURCES_srt_extra})
 
 
 target_include_directories(${TARGET_haicrypt}
-	PRIVATE  ${OPENSSL_INCLUDE_DIR}
+	PRIVATE  ${SSL_INCLUDE_DIRS}
 	PUBLIC ${SRT_SRC_HAICRYPT_DIR}
 )
 
 set_target_properties (${TARGET_haicrypt} PROPERTIES VERSION ${SRT_VERSION} SOVERSION ${SRT_VERSION_MAJOR})
-target_link_libraries(${TARGET_haicrypt} PRIVATE ${OPENSSL_LIBRARIES})
-set (SRT_LIBS_PRIVATE ${OPENSSL_LIBRARIES})
+target_link_libraries(${TARGET_haicrypt} PRIVATE ${SSL_LIBRARIES})
+set (SRT_LIBS_PRIVATE ${SSL_LIBRARIES})
 if (WIN32)
 	target_link_libraries(${TARGET_haicrypt} PRIVATE ws2_32.lib)
 	set (SRT_LIBS_PRIVATE ${SRT_LIBS_PRIVATE} ws2_32.lib)

configure-data.tcl

@@ -46,6 +46,7 @@ set options {
 	with-openssl-ldflags=<ldflags> "Use given -lDIR values for OpenSSL or absolute library filename"
 	with-pthread-includedir=<incdir> "Use extra path for pthreads (usually for Windows)"
 	with-pthread-ldflags=<flags> "Use specific flags for pthreads (some platforms require -pthread)"
+	with-gnutls "Use GnuTLS"
 }
 
 # Just example. Available in the system.
@@ -199,6 +200,20 @@ proc postprocess {} {
 		set have_openssl 1
 	}
 
+	set have_gnutls 0
+	if { [lsearch -glob $::optkeys --with-gnutls] != -1 } {
+		set have_gnutls 1
+	}
+
+	if { $have_openssl && $have_gnutls } {
+		puts "NOTE: SSL library is exclusively selectable. Thus, --with-gnutls option will be ignored"
+		set have_gnutls 0
+	}
+
+	if { $have_gnutls } {
+		lappend ::cmakeopt "-DUSE_GNUTLS=ON"
+	}
+
 	set have_pthread 0
 	if { [lsearch -glob $::optkeys --with-pthread*] != -1 } {
 		set have_pthread 1
@@ -207,8 +222,10 @@ proc postprocess {} {
 	# Autodetect OpenSSL and pthreads
 	if { $::HAVE_WINDOWS } {
 
-		if { !$have_openssl } {
-    		puts "Letting cmake detect OpenSSL installation"
+		if { !$have_openssl || !$have_gnutls } {
+			puts "Letting cmake detect OpenSSL installation"
+		} elseif { $have_gnutls } {
+			puts "Letting cmake detect GnuTLS installation"
 		} else {
 			puts "HAVE_OPENSSL: [lsearch -inline $::optkeys --with-openssl*]"
 		}
@@ -229,7 +246,7 @@ proc postprocess {} {
 		# ON Darwin there's a problem with linking against the Mac-provided OpenSSL.
 		# This must use brew-provided OpenSSL.
 		#
-		if { !$have_openssl } {
+		if { !$have_openssl || !$have_gnutls } {
 
 			set er [catch {exec brew info openssl} res]
 			if { $er } {
@@ -238,6 +255,11 @@ proc postprocess {} {
 
 			lappend ::cmakeopt "-DOPENSSL_INCLUDE_DIR=/usr/local/opt/openssl/include"
 			lappend ::cmakeopt "-DOPENSSL_LIBRARIES=/usr/local/opt/openssl/lib/libcrypto.a"
+		} elseif { $have_gnutls } {
+			set er [catch {exec brew info gnutls} res]
+			if { $er } {
+				error "Cannot find gnutls in brew"
+			}
 		}
 	}
 

haicrypt/filelist-gnutls.maf

@@ -0,0 +1,25 @@
+# This file is currently reserved for future refactoring, when all headers
+# are going to be moved here. This is the list of headers considered to be
+# attached to the installation package. Once possible, please move the below
+# header files from ../include back to this directory.
+PUBLIC HEADERS
+haicrypt.h
+hcrypt_ctx.h
+hcrypt_msg.h
+
+PRIVATE HEADERS
+hcrypt.h
+hcrypt-gnutls.h
+
+SOURCES
+hc_nettle_aes.c
+hcrypt.c
+hcrypt-gnutls.c
+hcrypt_ctx_rx.c
+hcrypt_ctx_tx.c
+hcrypt_rx.c
+hcrypt_sa.c
+hcrypt_tx.c
+hcrypt_ut.c
+hcrypt_xpt_srt.c
+hcrypt_xpt_sta.c