From 04cbd8165170011272158a90a610d156c9b5d410 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Sun, 17 Dec 2023 16:33:51 +0800 Subject: [PATCH] Update CMakeLists.txt both CMakeLists.txt and source use ENABLE_XXX --- CMakeLists.txt | 88 ++++++++++++++++++++-------------------- cmake/DebPacking.cmake | 3 -- cmake/LinuxPacking.cmake | 17 -------- cmake/RpmPacking.cmake | 2 - include/gmssl/digest.h | 15 ++++--- include/gmssl/tls.h | 2 +- src/digest.c | 15 ++++--- src/sm2_key.c | 4 +- src/sm4_modes.c | 2 +- src/x509_alg.c | 2 +- tests/digesttest.c | 9 ++-- tests/hash_drbgtest.c | 4 +- tests/hkdftest.c | 7 +++- tests/pbkdf2test.c | 2 +- tools/rand.c | 4 +- 15 files changed, 85 insertions(+), 91 deletions(-) delete mode 100644 cmake/DebPacking.cmake delete mode 100644 cmake/LinuxPacking.cmake delete mode 100644 cmake/RpmPacking.cmake diff --git a/CMakeLists.txt b/CMakeLists.txt index 132f756b..969096d2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -27,9 +27,6 @@ set(src src/zuc_modes.c src/aes.c src/aes_modes.c - src/sha256.c - src/sha512.c - src/chacha20.c src/hash_drbg.c src/block_cipher.c src/digest.c @@ -127,11 +124,6 @@ set(tests sm9 zuc aes - sha224 - sha256 - sha384 - sha512 - chacha20 hash_drbg block_cipher digest @@ -171,9 +163,6 @@ set(demos sdf_info_demo sdf_rand_demo sdf_sign_demo - sha256_digest_demo - sha512_256_digest_demo - sha512_digest_demo #sm2_ciphertext_to_der_demo sm2_ecdh_demo sm2_encrypt_demo @@ -241,29 +230,30 @@ include(CheckSymbolExists) option(ENABLE_SM2_ALGOR_ID_ENCODE_NULL "Enable AlgorithmIdenifier with algorithm sm2sign_with_sm3 encode a NULL object as parameters" OFF) if (ENABLE_SM2_ALGOR_ID_ENCODE_NULL) - message(STATUS "ENABLE_SM2_ALGOR_ID_ENCODE_NULL") - add_definitions(-DSM2_ALGOR_ID_ENCODE_NULL) + message(STATUS "ENABLE_SM2_ALGOR_ID_ENCODE_NULL is ON") + add_definitions(-DENABLE_SM2_ALGOR_ID_ENCODE_NULL) endif() option(ENABLE_SM2_PRIVATE_KEY_EXPORT "Enable export un-encrypted SM2 private key" OFF) if (ENABLE_SM2_PRIVATE_KEY_EXPORT) - message(STATUS "ENABLE_SM2_PRIVATE_KEY_EXPORT") - add_definitions(-DSM2_PRIVATE_KEY_EXPORT) + message(STATUS "ENABLE_SM2_PRIVATE_KEY_EXPORT is ON") + add_definitions(-DENABLE_SM2_PRIVATE_KEY_EXPORT) list(APPEND demos sm2_key_export_demo) endif() option(ENABLE_TLS_DEBUG "Enable TLS and TLCP print debug message" OFF) if (ENABLE_TLS_DEBUG) - message(STATUS "ENABLE_TLS_DEBUG") - add_definitions(-DTLS_DEBUG) + message(STATUS "ENABLE_TLS_DEBUG is ON") + add_definitions(-DENABLE_TLS_DEBUG) endif() + #option(ENABLE_SM3_AVX_BMI2 "Enable SM3 AVX+BMI2 assembly implementation" OFF) #if (ENABLE_SM3_AVX_BMI2) -# message(STATUS "ENABLE_SM3_AVX_BMI2") -# add_definitions(-DSM3_AVX_BMI2) +# message(STATUS "ENABLE_SM3_AVX_BMI2 is ON") +# add_definitions(-DENABLE_SM3_AVX_BMI2) # enable_language(ASM) # list(APPEND src src/sm3_avx_bmi2.s) #endif() @@ -271,8 +261,8 @@ endif() option(ENABLE_SM4_AESNI_AVX "Enable SM4 AESNI+AVX assembly implementation" OFF) if (ENABLE_SM4_AESNI_AVX) - message(STATUS "ENABLE_SM4_AESNI_AVX") - add_definitions(-DSM4_AESNI_AVX) + message(STATUS "ENABLE_SM4_AESNI_AVX is ON") + add_definitions(-DENABLE_SM4_AESNI_AVX) list(APPEND src src/sm4_aesni_avx.c) list(APPEND tests sm4_aesni_avx) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -march=native") @@ -293,15 +283,35 @@ if (ENABLE_SM2_EXTS) endif() -option(ENABLE_BROKEN_CRYPTO "Enable broken crypto algorithms" OFF) -if (ENABLE_BROKEN_CRYPTO) - message(STATUS "ENABLE_BROKEN_CRYPTO") +option(ENABLE_SHA1 "Enable SHA1" OFF) +if (ENABLE_SHA1) + message(STATUS "ENABLE_SHA1 is ON") + add_definitions(-DENABLE_SHA1) list(APPEND src src/sha1.c) list(APPEND tests sha1) list(APPEND demos sha1_digest_demo) endif() +# TODO: pbkdf, hkdf and tls13 rely on sha2 +option(ENABLE_SHA2 "Enable SHA2" ON) +if (ENABLE_SHA2) + message(STATUS "ENABLE_SHA2 is ON") + add_definitions(-DENABLE_SHA2) + list(APPEND src src/sha256.c src/sha512.c) + list(APPEND tests sha224 sha256 sha384 sha512) + list(APPEND demos sha256_digest_demo sha512_digest_demo sha512_256_digest_demo) +endif() + + +option(ENABLE_CHACHA20 "Enable Chacha20" OFF) +if (ENABLE_CHACHA20) + message(STATUS "ENABLE_CHACHA20 is ON") + list(APPEND src src/chacha20.c) + list(APPEND tests chacha20) +endif() + + option(ENABLE_INTEL_RDRAND "Enable Intel RDRAND instructions" OFF) option(ENABLE_INTEL_RDSEED "Enable Intel RDSEED instructions" OFF) @@ -313,7 +323,7 @@ if (ENABLE_INTEL_RDRAND) HAVE_INTEL_RDRAND) if (HAVE_INTEL_RDRAND) message(STATUS "ENABLE_INTEL_RDRAND") - add_definitions(-DINTEL_RDRAND) + add_definitions(-DENABLE_INTEL_RDRAND) list(APPEND src src/rdrand.c) list(APPEND demos rdrand_demo) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mrdrnd") @@ -325,7 +335,7 @@ if (ENABLE_INTEL_RDRAND) HAVE_INTEL_RDSEED) if (HAVE_INTEL_RDSEED) message(STATUS "ENABLE_INTEL_RDSEED") - add_definitions(-DINTEL_RDSEED) + add_definitions(-DENABLE_INTEL_RDSEED) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mrdseed") endif() endif() @@ -348,7 +358,7 @@ elseif (APPLE) list(APPEND src src/rand_apple.c src/http.c) elseif (HAVE_GETENTROPY) list(APPEND src src/rand_unix.c src/http.c) - message(STATUS "have getentropy") + message(STATUS "have getentropy") else() list(APPEND src src/rand.c src/http.c) endif() @@ -440,30 +450,22 @@ if (ENABLE_DEMOS) endforeach() endif() - +# Generate install package with cpack +# cpack -G TGZ +# cpack -G STGZ +# cpack -G NSIS64 # Windows only +# +# Install the STGZ package +# ./GmSSL--Linux.sh --prefix=/usr/local +# set(CPACK_PACKAGE_NAME "GmSSL") set(CPACK_PACKAGE_VENDOR "GmSSL develop team") set(CPACK_PACKAGE_VERSION "3.1.2-Dev") - -set(CPACK_RPM_PACKAGE_GROUP "GmSSL Group") -set(CPACK_PACKAGE_VENDOR "GmSSL Vendor") - set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md) string(CONCAT CPACK_PACKAGE_DESCRIPTION_SUMMARY "GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM9 " "and other national secret (national commercial password) algorithm. ") set(CPACK_RESOURCE_FILE_LICENSE "${PROJECT_SOURCE_DIR}/LICENSE") -set(CPACK_PACKAGE_CONTACT "https://github.com/guanzhi/GmSSL/issues") -# The general number of package itself. -# Should be incremented when the package content changes for the same version. -# Can be used to distinguish between different builds of the same version. -# Can be overridden by `cmake -DCPACK_NOARCH_PACKAGE_RELEASE=1` -set(CPACK_NOARCH_PACKAGE_RELEASE 1 CACHE STRING "The general release number of package") - -#set(CPACK_PACKAGING_INSTALL_PREFIX "/usr/local") set(CPACK_NSIS_MODIFY_PATH ON) - -include(DebPacking) -include(RpmPacking) include(CPack) diff --git a/cmake/DebPacking.cmake b/cmake/DebPacking.cmake deleted file mode 100644 index 60312bbd..00000000 --- a/cmake/DebPacking.cmake +++ /dev/null @@ -1,3 +0,0 @@ -set(CPACK_DEBIAN_FILE_NAME DEB-DEFAULT) -set(CPACK_DEBIAN_PACKAGE_RELEASE ${CPACK_NOARCH_PACKAGE_RELEASE}) -set(CPACK_DEBIAN_PACKAGE_MAINTAINER ${CPACK_PACKAGE_VENDOR}) diff --git a/cmake/LinuxPacking.cmake b/cmake/LinuxPacking.cmake deleted file mode 100644 index 86451253..00000000 --- a/cmake/LinuxPacking.cmake +++ /dev/null @@ -1,17 +0,0 @@ -set(CPACK_PACKAGE_NAME "gmssl") -set(CPACK_PACKAGE_VENDOR "GmSSL develop team") -set(CPACK_PACKAGE_VERSION_MAJOR 3) -set(CPACK_PACKAGE_VERSION_MINOR 0) -set(CPACK_PACKAGE_VERSION_PATCH 0) -set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md) -string(CONCAT CPACK_PACKAGE_DESCRIPTION_SUMMARY - "GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM9 " - "and other national secret (national commercial password) algorithm. ") -set(CPACK_RESOURCE_FILE_LICENSE "${PROJECT_SOURCE_DIR}/LICENSE") -set(CPACK_PACKAGE_INSTALL_DIRECTORY /usr) -set(CPACK_PACKAGE_CONTACT "https://github.com/guanzhi/GmSSL/issues") -# The general number of package itself. -# Should be incremented when the package content changes for the same version. -# Can be used to distinguish between different builds of the same version. -# Can be overridden by `cmake -DCPACK_NOARCH_PACKAGE_RELEASE=1` -set(CPACK_NOARCH_PACKAGE_RELEASE 1 CACHE STRING "The general release number of package") diff --git a/cmake/RpmPacking.cmake b/cmake/RpmPacking.cmake deleted file mode 100644 index 61aefece..00000000 --- a/cmake/RpmPacking.cmake +++ /dev/null @@ -1,2 +0,0 @@ -set(CPACK_RPM_FILE_NAME RPM-DEFAULT) -set(CPACK_RPM_PACKAGE_RELEASE ${CPACK_NOARCH_PACKAGE_RELEASE}) diff --git a/include/gmssl/digest.h b/include/gmssl/digest.h index ce5947be..0b158c9f 100644 --- a/include/gmssl/digest.h +++ b/include/gmssl/digest.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -16,11 +16,12 @@ #include #include #include -#ifdef ENABLE_BROKEN_CRYPTO +#ifdef ENABLE_SHA1 #include #endif +#ifdef ENABLE_SHA2 #include - +#endif #ifdef __cplusplus extern "C" { @@ -38,13 +39,15 @@ typedef struct DIGEST_CTX DIGEST_CTX; struct DIGEST_CTX { union { SM3_CTX sm3_ctx; -#ifdef ENABLE_BROKEN_CRYPTO +#ifdef ENABLE_SHA1 SHA1_CTX sha1_ctx; #endif +#ifdef ENABLE_SHA2 SHA224_CTX sha224_ctx; SHA256_CTX sha256_ctx; SHA384_CTX sha384_ctx; SHA512_CTX sha512_ctx; +#endif } u; const DIGEST *digest; }; @@ -60,15 +63,17 @@ struct DIGEST { }; const DIGEST *DIGEST_sm3(void); -#ifdef ENABLE_BROKEN_CRYPTO +#ifdef ENABLE_SHA1 const DIGEST *DIGEST_sha1(void); #endif +#ifdef ENABLE_SHA2 const DIGEST *DIGEST_sha224(void); const DIGEST *DIGEST_sha256(void); const DIGEST *DIGEST_sha384(void); const DIGEST *DIGEST_sha512(void); const DIGEST *DIGEST_sha512_224(void); const DIGEST *DIGEST_sha512_256(void); +#endif const DIGEST *digest_from_name(const char *name); const char *digest_name(const DIGEST *digest); diff --git a/include/gmssl/tls.h b/include/gmssl/tls.h index 4d39ac9c..7c5474ed 100644 --- a/include/gmssl/tls.h +++ b/include/gmssl/tls.h @@ -854,7 +854,7 @@ int tls13_gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12], int *record_type, uint8_t *out, size_t *outlen); -#ifdef TLS_DEBUG +#ifdef ENABLE_TLS_DEBUG # define tls_trace(s) fprintf(stderr,(s)) # define tls_record_trace(fp,rec,reclen,fmt,ind) tls_record_print(fp,rec,reclen,fmt,ind) # define tlcp_record_trace(fp,rec,reclen,fmt,ind) tlcp_record_print(fp,rec,reclen,fmt,ind) diff --git a/src/digest.c b/src/digest.c index 5b9710ca..45da51b8 100644 --- a/src/digest.c +++ b/src/digest.c @@ -24,13 +24,15 @@ typedef struct { DIGEST_TABLE digest_table[] = { { OID_sm3, "sm3", "SM3" }, -#ifdef ENABLE_BROKEN_CRYPTO +#ifdef ENABLE_SHA1 { OID_sha1, "sha1", "SHA-1" }, #endif +#ifdef ENABLE_SHA2 { OID_sha224, "sha224", "SHA-224" }, { OID_sha256, "sha256", "SHA-256" }, { OID_sha384, "sha384", "SHA-384" }, { OID_sha512, "sha512", "SHA-512" }, +#endif }; const char *digest_name(const DIGEST *digest) @@ -94,10 +96,11 @@ const DIGEST *digest_from_name(const char *name) { if (!strcmp(name, "sm3") || !strcmp(name, "SM3")) { return DIGEST_sm3(); -#ifdef ENABLE_BROKEN_CRYPTO +#ifdef ENABLE_SHA1 } else if (!strcmp(name, "sha1") || !strcmp(name, "SHA1")) { return DIGEST_sha1(); #endif +#ifdef ENABLE_SHA2 } else if (!strcmp(name, "sha224") || !strcmp(name, "SHA224")) { return DIGEST_sha224(); } else if (!strcmp(name, "sha256") || !strcmp(name, "SHA256")) { @@ -110,6 +113,7 @@ const DIGEST *digest_from_name(const char *name) return DIGEST_sha512_224(); } else if (!strcmp(name, "sha512-256") || !strcmp(name, "SHA512-256")) { return DIGEST_sha512_256(); +#endif } return NULL; } @@ -159,8 +163,7 @@ const DIGEST *DIGEST_sm3(void) return &sm3_digest_object; } -#ifdef ENABLE_BROKEN_CRYPTO - +#ifdef ENABLE_SHA1 #include static int sha1_digest_init(DIGEST_CTX *ctx) @@ -207,8 +210,9 @@ const DIGEST *DIGEST_sha1(void) { return &sha1_digest_object; } -#endif +#endif // ENABLE SHA1 +#ifdef ENABLE_SHA2 #include static int sha224_digest_init(DIGEST_CTX *ctx) @@ -451,3 +455,4 @@ const DIGEST *DIGEST_sha512_256(void) { return &sha512_256_digest_object; } +#endif // ENABLE_SHA2 diff --git a/src/sm2_key.c b/src/sm2_key.c index e376d6b7..574d4a8c 100644 --- a/src/sm2_key.c +++ b/src/sm2_key.c @@ -361,7 +361,7 @@ err: return -1; } -#ifdef SM2_PRIVATE_KEY_EXPORT +#ifdef ENABLE_SM2_PRIVATE_KEY_EXPORT int sm2_private_key_info_to_pem(const SM2_KEY *key, FILE *fp) { int ret = -1; @@ -445,7 +445,7 @@ int sm2_public_key_info_from_der(SM2_KEY *pub_key, const uint8_t **in, size_t *i return 1; } -#ifdef SM2_PRIVATE_KEY_EXPORT +#ifdef ENABLE_SM2_PRIVATE_KEY_EXPORT // FIXME: side-channel of Base64 int sm2_private_key_to_pem(const SM2_KEY *a, FILE *fp) diff --git a/src/sm4_modes.c b/src/sm4_modes.c index ec8e1f00..f54925ed 100644 --- a/src/sm4_modes.c +++ b/src/sm4_modes.c @@ -101,7 +101,7 @@ static void ctr_incr(uint8_t a[16]) } } -#ifndef SM4_AESNI_AVX +#ifndef ENABLE_SM4_AESNI_AVX void sm4_ctr_encrypt(const SM4_KEY *key, uint8_t ctr[16], const uint8_t *in, size_t inlen, uint8_t *out) { uint8_t block[16]; diff --git a/src/x509_alg.c b/src/x509_alg.c index 67223d6b..7387a122 100644 --- a/src/x509_alg.c +++ b/src/x509_alg.c @@ -325,7 +325,7 @@ from RFC 5758 Internet X.509 Public Key Infrastructure: */ -#ifdef SM2_ALGOR_ID_ENCODE_NULL // from CMakeLists.txt +#ifdef ENABLE_SM2_ALGOR_ID_ENCODE_NULL // from CMakeLists.txt #define SM2_SIGN_ALGOR_FLAGS 1 #else #define SM2_SIGN_ALGOR_FLAGS 0 diff --git a/tests/digesttest.c b/tests/digesttest.c index 34f01d28..22b8c2ab 100644 --- a/tests/digesttest.c +++ b/tests/digesttest.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -15,17 +15,18 @@ #include const char *digests[] = { -#ifdef ENABLE_BROKEN_CRYPTO - "md5", + "sm3", +#ifdef ENABLE_SHA1 "sha1", #endif - "sm3", +#ifdef ENABLE_SHA2 "sha224", "sha256", "sha384", "sha512", "sha512-224", "sha512-256", +#endif }; int main(void) diff --git a/tests/hash_drbgtest.c b/tests/hash_drbgtest.c index da4e6be1..0985ba65 100644 --- a/tests/hash_drbgtest.c +++ b/tests/hash_drbgtest.c @@ -37,7 +37,7 @@ int main(void) { // currently we only has SHA-1 test suites -#ifdef ENABLE_BROKEN_CRYPTO +#ifdef ENABLE_SHA1 HASH_DRBG drbg; uint8_t entropy[sizeof(EntropyInput)/2]; @@ -89,6 +89,6 @@ int main(void) printf("%02x", out[i]); } printf("\n"); -#endif +#endif // ENABLE_SHA1 return 0; } diff --git a/tests/hkdftest.c b/tests/hkdftest.c index 9754e655..33351046 100644 --- a/tests/hkdftest.c +++ b/tests/hkdftest.c @@ -24,6 +24,7 @@ static struct { char *prk; char *okm; } hkdf_tests[] = { +#ifdef ENABLE_SHA2 // FIXME: add SM3 test suites, if neither SHA1, SHA2 enabled, build failure { // test 1 "sha256", @@ -78,7 +79,9 @@ static struct { "b8a11f5c5ee1879ec3454e5f3c738d2d" "9d201395faa4b61a96c8", }, -#ifdef ENABLE_BROKEN_CRYPTO +#endif // ENABLE_SHA2 + +#ifdef ENABLE_SHA1 { // test 4 "sha1", @@ -142,7 +145,7 @@ static struct { "b3bae548aa53d423b0d1f27ebba6f5e5" "673a081d70cce7acfc48", }, -#endif +#endif // ENABLE_SHA1 }; int test_hkdf(void) diff --git a/tests/pbkdf2test.c b/tests/pbkdf2test.c index 15a1eba5..e2c0f2a0 100644 --- a/tests/pbkdf2test.c +++ b/tests/pbkdf2test.c @@ -102,7 +102,7 @@ void test(void) static int test_pbkdf2_genkey(void) { // FIXME: currently we only has SHA-1 tests, replace with SHA-256 -#ifdef ENABLE_BROKEN_CRYPTO +#ifdef ENABLE_SHA1 int i; uint8_t key[64]; uint8_t buf[64]; diff --git a/tools/rand.c b/tools/rand.c index b71610b5..0a94d2c4 100644 --- a/tools/rand.c +++ b/tools/rand.c @@ -85,7 +85,7 @@ bad: size_t len = outlen < sizeof(buf) ? outlen : sizeof(buf); if (rdrand) { -#ifdef INTEL_RDRAND +#ifdef ENABLE_INTEL_RDRAND if (rdrand_bytes(buf, len) != 1) { fprintf(stderr, "%s: inner error\n", prog); goto end; @@ -94,7 +94,7 @@ bad: fprintf(stderr, "%s: `-rdrand` is not supported on your platform\n", prog); #endif } else if (rdseed) { -#ifdef INTEL_RDSEED +#ifdef ENABLE_INTEL_RDSEED if (rdseed_bytes(buf, len) != 1) { fprintf(stderr, "%s: inner error\n", prog); goto end;