Add mbed TLS support for shadowsocks-libev

Notes: - Test cipher CFB support just in case (i.e. OpenWrt disabled it) - Added some inline notes, please feel free to modify or remove them. - Sorry for my bad English - If you want to compile for OpenWrt, please make sure this hunk[1] not exists. - Only tested on ARM mamba (Linksys WRT1900AC v1), it works. [1] https://github.com/openwrt-mirror/openwrt/blob/master/package/libs/mbedtls/patches/200-config.patch#L12-L20 Have fun! Signed-off-by: Syrone Wong <[email protected]>
cslily · Jul 31, 2015 · e81b205 · e81b205
1 parent aaf7284
commit e81b205
Show file tree

Hide file tree

Showing 13 changed files with 515 additions and 17 deletions.
diff --git a/Makefile.in b/Makefile.in
@@ -64,8 +64,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \
 	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
 	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
 	$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/openssl.m4 \
-	$(top_srcdir)/m4/polarssl.m4 $(top_srcdir)/libev/libev.m4 \
-	$(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/polarssl.m4 $(top_srcdir)/m4/mbedtls.m4 \
+	$(top_srcdir)/libev/libev.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \

diff --git a/aclocal.m4 b/aclocal.m4
@@ -1172,3 +1172,4 @@ m4_include([m4/ltversion.m4])
 m4_include([m4/lt~obsolete.m4])
 m4_include([m4/openssl.m4])
 m4_include([m4/polarssl.m4])
+m4_include([m4/mbedtls.m4])
diff --git a/configure b/configure
@@ -783,6 +783,9 @@ with_openssl_lib
 with_polarssl
 with_polarssl_include
 with_polarssl_lib
+with_mbedtls
+with_mbedtls_include
+with_mbedtls_lib
 enable_applecc
 enable_assert
 enable_largefile
@@ -1440,7 +1443,7 @@ Optional Packages:
                         (or the compiler's sysroot if not specified).
   --with-crypto-library=library
                           build with the given crypto library,
-                          TYPE=openssl|polarssl [default=openssl]
+                          TYPE=openssl|polarssl|mbedtls [default=openssl]
   --with-openssl=DIR      OpenSSL base directory, or:
   --with-openssl-include=DIR
                           OpenSSL headers directory (without trailing
@@ -1451,6 +1454,11 @@ Optional Packages:
                           PolarSSL headers directory (without trailing
                           /polarssl)
   --with-polarssl-lib=DIR PolarSSL library directory
+  --with-mbedtls=DIR      mbed TLS base directory, or:
+  --with-mbedtls-include=DIR
+                          mbed TLS headers directory (without trailing
+                          /mbedtls)
+  --with-mbedtls-lib=DIR  mbed TLS library directory
 
 Some influential environment variables:
   CC          C compiler command
@@ -11724,7 +11732,7 @@ CC="$lt_save_CC"
 if test "${with_crypto_library+set}" = set; then :
   withval=$with_crypto_library;
     case "${withval}" in
-      openssl|polarssl) ;;
+      openssl|polarssl|mbedtls) ;;
       *) as_fn_error $? "bad value ${withval} for --with-crypto-library" "$LINENO" 5 ;;
     esac
 
@@ -13134,6 +13142,114 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 
 $as_echo "#define USE_CRYPTO_POLARSSL 1" >>confdefs.h
 
+    ;;
+  mbedtls)
+
+
+
+# Check whether --with-mbedtls was given.
+if test "${with_mbedtls+set}" = set; then :
+  withval=$with_mbedtls; mbedtls="$withval"
+     CFLAGS="$CFLAGS -I$withval/include"
+     LDFLAGS="$LDFLAGS -L$withval/lib"
+
+fi
+
+
+
+# Check whether --with-mbedtls-include was given.
+if test "${with_mbedtls_include+set}" = set; then :
+  withval=$with_mbedtls_include; mbedtls_include="$withval"
+     CFLAGS="$CFLAGS -I$withval"
+
+fi
+
+
+
+# Check whether --with-mbedtls-lib was given.
+if test "${with_mbedtls_lib+set}" = set; then :
+  withval=$with_mbedtls_lib; mbedtls_lib="$withval"
+     LDFLAGS="$LDFLAGS -L$withval"
+
+fi
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for mbedtls_cipher_setup in -lmbedcrypto" >&5
+$as_echo_n "checking for mbedtls_cipher_setup in -lmbedcrypto... " >&6; }
+if ${ac_cv_lib_mbedtls_mbedtls_cipher_setup+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lmbedcrypto  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char mbedtls_cipher_setup ();
+int
+main ()
+{
+return mbedtls_cipher_setup ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_mbedtls_mbedtls_cipher_setup=yes
+else
+  ac_cv_lib_mbedtls_mbedtls_cipher_setup=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_mbedtls_mbedtls_cipher_setup" >&5
+$as_echo "$ac_cv_lib_mbedtls_mbedtls_cipher_setup" >&6; }
+if test "x$ac_cv_lib_mbedtls_mbedtls_cipher_setup" = xyes; then :
+  LIBS="-lmbedcrypto $LIBS"
+else
+  as_fn_error $? "mbed TLS libraries not found." "$LINENO" 5
+
+fi
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether mbedtls support Cipher Feedback mode or not" >&5
+$as_echo_n "checking whether mbedtls support Cipher Feedback mode or not... " >&6; }
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#include <mbedtls/config.h>
+
+int
+main ()
+{
+
+#ifndef MBEDTLS_CIPHER_MODE_CFB
+#error Cipher Feedback mode a.k.a CFB not supported by your mbed TLS.
+#endif
+
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
+$as_echo "ok" >&6; }
+else
+  as_fn_error $? "MBEDTLS_CIPHER_MODE_CFB required" "$LINENO" 5
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+
+$as_echo "#define USE_CRYPTO_MBEDTLS 1" >>confdefs.h
+
     ;;
 esac
 

diff --git a/configure.ac b/configure.ac
@@ -22,10 +22,10 @@ LT_INIT([dlopen])
 dnl Checks for crypto library
 AC_ARG_WITH(
   [crypto-library],
-  [AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|polarssl @<:@default=openssl@:>@])],
+  [AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|polarssl|mbedtls @<:@default=openssl@:>@])],
   [
     case "${withval}" in
-      openssl|polarssl) ;;
+      openssl|polarssl|mbedtls) ;;
       *) AC_MSG_ERROR([bad value ${withval} for --with-crypto-library]) ;;
     esac
   ],
@@ -66,6 +66,10 @@ case "${with_crypto_library}" in
     ss_POLARSSL
     AC_DEFINE([USE_CRYPTO_POLARSSL], [1], [Use PolarSSL library])
     ;;
+  mbedtls)
+    ss_MBEDTLS
+    AC_DEFINE([USE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library])
+    ;;
 esac
 
 dnl Checks for Apple CommonCrypto API

diff --git a/libcork/Makefile.in b/libcork/Makefile.in
@@ -77,8 +77,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \
 	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
 	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
 	$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/openssl.m4 \
-	$(top_srcdir)/m4/polarssl.m4 $(top_srcdir)/libev/libev.m4 \
-	$(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/polarssl.m4  $(top_srcdir)/m4/mbedtls.m4 \
+	$(top_srcdir)/libev/libev.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 mkinstalldirs = $(install_sh) -d

diff --git a/libev/Makefile.in b/libev/Makefile.in
@@ -61,8 +61,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \
 	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
 	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
 	$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/openssl.m4 \
-	$(top_srcdir)/m4/polarssl.m4 $(top_srcdir)/libev/libev.m4 \
-	$(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/polarssl.m4 $(top_srcdir)/m4/mbedtls.m4 \
+	$(top_srcdir)/libev/libev.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 mkinstalldirs = $(install_sh) -d

diff --git a/libipset/Makefile.in b/libipset/Makefile.in
@@ -77,8 +77,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \
 	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
 	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
 	$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/openssl.m4 \
-	$(top_srcdir)/m4/polarssl.m4 $(top_srcdir)/libev/libev.m4 \
-	$(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/polarssl.m4 $(top_srcdir)/m4/mbedtls.m4 \
+	$(top_srcdir)/libev/libev.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 mkinstalldirs = $(install_sh) -d

diff --git a/libudns/Makefile.in b/libudns/Makefile.in
@@ -77,8 +77,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \
 	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
 	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
 	$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/openssl.m4 \
-	$(top_srcdir)/m4/polarssl.m4 $(top_srcdir)/libev/libev.m4 \
-	$(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/polarssl.m4 $(top_srcdir)/m4/mbedtls.m4 \
+	$(top_srcdir)/libev/libev.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 mkinstalldirs = $(install_sh) -d

diff --git a/m4/mbedtls.m4 b/m4/mbedtls.m4
@@ -0,0 +1,45 @@
+dnl Check to find the mbed TLS headers/libraries
+
+AC_DEFUN([ss_MBEDTLS],
+[
+
+  AC_ARG_WITH(mbedtls,
+    AS_HELP_STRING([--with-mbedtls=DIR], [mbed TLS base directory, or:]),
+    [mbedtls="$withval"
+     CFLAGS="$CFLAGS -I$withval/include"
+     LDFLAGS="$LDFLAGS -L$withval/lib"]
+  )
+
+  AC_ARG_WITH(mbedtls-include,
+    AS_HELP_STRING([--with-mbedtls-include=DIR], [mbed TLS headers directory (without trailing /mbedtls)]),
+    [mbedtls_include="$withval"
+     CFLAGS="$CFLAGS -I$withval"]
+  )
+
+  AC_ARG_WITH(mbedtls-lib,
+    AS_HELP_STRING([--with-mbedtls-lib=DIR], [mbed TLS library directory]),
+    [mbedtls_lib="$withval"
+     LDFLAGS="$LDFLAGS -L$withval"]
+  )
+
+  AC_CHECK_LIB(mbedcrypto, mbedtls_cipher_setup,
+    [LIBS="-lmbedcrypto $LIBS"],
+    [AC_MSG_ERROR([mbed TLS libraries not found.])]
+  )
+
+  AC_MSG_CHECKING([whether mbedtls support Cipher Feedback mode or not])
+  AC_COMPILE_IFELSE(
+    [AC_LANG_PROGRAM(
+      [[
+#include <mbedtls/config.h>
+      ]],
+      [[
+#ifndef MBEDTLS_CIPHER_MODE_CFB
+#error Cipher Feedback mode a.k.a CFB not supported by your mbed TLS.
+#endif
+      ]]
+    )],
+    [AC_MSG_RESULT([ok])],
+    [AC_MSG_ERROR([MBEDTLS_CIPHER_MODE_CFB required])]
+  )
+])
diff --git a/openwrt/Makefile b/openwrt/Makefile
@@ -38,11 +38,19 @@ define Package/shadowsocks-libev-polarssl
   DEPENDS:=+libpolarssl +libpthread
 endef
 
+define Package/shadowsocks-libev-mbedtls
+  $(call Package/shadowsocks-libev/Default)
+  TITLE+= (mbedTLS)
+  VARIANT:=mbedtls
+  DEPENDS:=+libmbedtls +libpthread
+endef
+
 define Package/shadowsocks-libev/description
 Shadowsocks-libev is a lightweight secured socks5 proxy for embedded devices and low end boxes.
 endef
 
 Package/shadowsocks-libev-polarssl/description=$(Package/shadowsocks-libev/description)
+Package/shadowsocks-libev-mbedtls/description=$(Package/shadowsocks-libev/description)
 
 define Package/shadowsocks-libev/conffiles
 /etc/shadowsocks.json
@@ -52,6 +60,10 @@ ifeq ($(BUILD_VARIANT),polarssl)
 	CONFIGURE_ARGS += --with-crypto-library=polarssl
 endif
 
+ifeq ($(BUILD_VARIANT),mbedtls)
+	CONFIGURE_ARGS += --with-crypto-library=mbedtls
+endif
+
 define Package/shadowsocks-libev/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_CONF) ./files/shadowsocks.json $(1)/etc
@@ -61,6 +73,8 @@ define Package/shadowsocks-libev/install
 endef
 
 Package/shadowsocks-libev-polarssl/install=$(Package/shadowsocks-libev/install)
+Package/shadowsocks-libev-mbedtls/install=$(Package/shadowsocks-libev/install)
 
 $(eval $(call BuildPackage,shadowsocks-libev))
 $(eval $(call BuildPackage,shadowsocks-libev-polarssl))
+$(eval $(call BuildPackage,shadowsocks-libev-mbedtls))
diff --git a/src/Makefile.in b/src/Makefile.in
@@ -68,8 +68,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \
 	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
 	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
 	$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/openssl.m4 \
-	$(top_srcdir)/m4/polarssl.m4 $(top_srcdir)/libev/libev.m4 \
-	$(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/polarssl.m4 $(top_srcdir)/m4/mbedtls.m4 \
+	$(top_srcdir)/libev/libev.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 mkinstalldirs = $(install_sh) -d