wip: add urcrypt

rust/ares/Cargo.toml

@@ -25,6 +25,7 @@ ibig = { path = "../ibig-rs" }
 assert_no_alloc = "1.1.2"
 
 [build-dependencies]
+autotools = "0.2.6"
 cc = "1.0.79"
 
 [[bin]]

rust/ares/build.rs

@@ -1,3 +1,5 @@
+use autotools;
+
 fn main() {
     use std::env;
     let profile = env::var("PROFILE").unwrap();
@@ -42,6 +44,11 @@ fn debug() {
         .flag("-Wnested-externs")
         .flag("-Wmissing-include-dirs")
         .compile("pma_malloc");
+
+    let _urcrypt = autotools::Config::new("./src/urcrypt")
+        .disable_static()
+        .disable_shared()
+        .build();
 }
 
 fn release() {

rust/ares/src/urcrypt/.gitignore

@@ -0,0 +1,56 @@
+*.pc
+config.h
+config.status
+libtool
+
+# the following was adapted from
+# https://github.com/github/gitignore/blob/991e760c1c6d50fdda246e0178b9c58b06770b90/Autotools.gitignore
+
+# http://www.gnu.org/software/automake
+
+Makefile.in
+build-aux/ar-lib
+/mdate-sh
+/py-compile
+/test-driver
+/ylwrap
+.deps/
+.dirstamp
+
+# http://www.gnu.org/software/autoconf
+
+autom4te.cache
+/autoscan.log
+/autoscan-*.log
+/aclocal.m4
+build-aux/compile
+/config.cache
+build-aux/config.guess
+/config.h.in
+build-aux/config.log
+build-aux/config.status
+build-aux/config.sub
+/configure
+/configure.scan
+build-aux/depcomp
+build-aux/install-sh
+build-aux/missing
+/stamp-h1
+
+# https://www.gnu.org/software/libtool/
+
+build-aux/ltmain.sh
+
+# http://www.gnu.org/software/m4/
+
+build-aux/m4/libtool.m4
+build-aux/m4/ltoptions.m4
+build-aux/m4/ltsugar.m4
+build-aux/m4/ltversion.m4
+build-aux/m4/lt~obsolete.m4
+
+# Generated Makefile
+# (meta build system like autotools,
+# can automatically generate from config.status script
+# (which is called by configure script))
+Makefile

rust/ares/src/urcrypt/Makefile.am

@@ -0,0 +1,130 @@
+ACLOCAL_AMFLAGS = -I build-aux/m4
+
+AM_CFLAGS = -Wall -g -O3
+
+lib_LTLIBRARIES = liburcrypt.la
+noinst_LTLIBRARIES = libed25519.la \
+		     libge_additions.la \
+		     libargon2.la \
+		     libkeccak_tiny.la \
+		     libscrypt.la
+
+include_HEADERS = urcrypt/urcrypt.h
+noinst_HEADERS = urcrypt/util.h \
+		 ed25519/src/ed25519.h \
+		 ed25519/src/ge.h \
+		 ge-additions/ge-additions.h \
+		 argon2/include/argon2.h \
+		 argon2/src/blake2/blake2.h \
+		 scrypt/sha256.h \
+		 scrypt/libscrypt.h
+
+# main library
+pkgconfig_DATA = liburcrypt-$(URCRYPT_API_VERSION).pc
+DISTCLEANFILES = $(pkgconfig_DATA)
+
+liburcrypt_la_CPPFLAGS = -I$(srcdir)/ed25519/src \
+			 -I$(srcdir)/ge-additions \
+			 -I$(srcdir)/argon2/include \
+			 -I$(srcdir)/argon2/src/blake2 \
+			 -I$(srcdir)/keccak-tiny \
+			 -I$(srcdir)/scrypt
+liburcrypt_la_LIBADD = $(LIBCRYPTO_LIBS) \
+		       $(LIBSECP256K1_LIBS) \
+		       $(LIBAES_SIV_LIBS) \
+		       libed25519.la \
+		       libge_additions.la \
+		       libargon2.la \
+		       libkeccak_tiny.la \
+		       libscrypt.la
+liburcrypt_la_CFLAGS = $(LIBCRYPTO_CFLAGS) \
+		       $(LIBSECP256K1_CFLAGS) \
+		       $(LIBAES_SIV_CFLAGS)
+# urcrypt_ is used for public symbols, urcrypt__ for internal.
+liburcrypt_la_LDFLAGS = -export-symbols-regex '^urcrypt_[^_]' \
+												-version-info $(URCRYPT_LT_VERSION)
+liburcrypt_la_SOURCES = urcrypt/aes_cbc.c \
+			urcrypt/aes_ecb.c \
+			urcrypt/aes_siv.c \
+			urcrypt/argon.c \
+			urcrypt/ed25519.c \
+			urcrypt/ge_additions.c \
+			urcrypt/ripemd.c \
+			urcrypt/scrypt.c \
+			urcrypt/keccak.c \
+			urcrypt/secp256k1.c \
+			urcrypt/sha.c \
+			urcrypt/util.c \
+			urcrypt/util.h
+
+# ed25519
+libed25519_la_CFLAGS = -Wno-unused-result
+libed25519_la_SOURCES = ed25519/src/fixedint.h \
+			ed25519/src/sha512.h \
+			ed25519/src/fe.h \
+			ed25519/src/precomp_data.h \
+			ed25519/src/sc.h \
+			ed25519/src/add_scalar.c \
+			ed25519/src/keypair.c \
+			ed25519/src/sc.c \
+			ed25519/src/seed.c \
+			ed25519/src/verify.c \
+			ed25519/src/ge.c \
+			ed25519/src/fe.c \
+			ed25519/src/key_exchange.c \
+			ed25519/src/sha512.c \
+			ed25519/src/sign.c
+
+# ge-additions
+libge_additions_la_CPPFLAGS = -I$(srcdir)/ed25519/src
+libge_additions_la_CFLAGS = -Werror -pedantic -std=gnu99
+libge_additions_la_SOURCES = ge-additions/ge-additions.c
+
+# argon2
+libargon2_la_CPPFLAGS = -I$(srcdir)/argon2/include -DARGON2_NO_THREADS
+libargon2_la_CFLAGS = -Wno-unused-value -Wno-unused-function
+libargon2_la_SOURCES = argon2/src/core.h \
+		       argon2/src/thread.h \
+		       argon2/src/encoding.h \
+		       argon2/src/blake2/blake2-impl.h \
+		       argon2/src/blake2/blamka-round-opt.h \
+		       argon2/src/blake2/blamka-round-ref.h \
+		       argon2/src/argon2.c \
+		       argon2/src/core.c \
+		       argon2/src/blake2/blake2b.c \
+		       argon2/src/thread.c \
+		       argon2/src/encoding.c
+
+# argon2 different sources for different CPU architectures
+# opt.c requires SSE instructions and won't work on AArch64 et al.
+if ARCH_X86_64
+libargon2_la_SOURCES += \
+	argon2/src/opt.c
+endif
+if ARCH_GENERIC
+libargon2_la_SOURCES += \
+	argon2/src/ref.c
+endif
+
+# scrypt
+libscrypt_la_CPPFLAGS = -D_FORTIFY_SOURCE=2
+libscrypt_la_SOURCES = scrypt/b64.c \
+		       scrypt/crypto-mcf.c \
+		       scrypt/crypto-scrypt-saltgen.c \
+		       scrypt/crypto_scrypt-check.c \
+		       scrypt/crypto_scrypt-hash.c \
+		       scrypt/crypto_scrypt-hexconvert.c \
+		       scrypt/crypto_scrypt-nosse.c \
+		       scrypt/main.c \
+		       scrypt/sha256.c \
+		       scrypt/slowequals.c \
+		       scrypt/b64.h \
+		       scrypt/crypto_scrypt-hexconvert.h \
+		       scrypt/slowequals.h \
+		       scrypt/sysendian.h
+
+# keccak-tiny
+libkeccak_tiny_la_CFLAGS = -march=native -std=c11 -Wextra -Wpedantic -Wall
+libkeccak_tiny_la_SOURCES = keccak-tiny/keccak-tiny.c \
+		       keccak-tiny/define-macros.h \
+		       keccak-tiny/keccak-tiny.h

rust/ares/src/urcrypt/README.md

@@ -0,0 +1,36 @@
+What is urcrypt?
+----------------
+urcrypt is a library of cryptography routines used by urbit jets.
+
+Why is urcrypt?
+---------------
+Urbit's C runtime (long the only urbit runtime) has accumulated a collection of
+cryptography dependencies, some with custom additions or patches. These
+libraries have different conventions and have been managed by u3 in an ad-hoc
+manner. Reproducing that arrangement in other runtimes is tricky and
+error-prone. The (sometimes inconsistent) logic must be reproduced and suitable
+cryptography primitives must be found (or worse, written) for the new
+environment.
+
+To ease these burdens, urcrypt isolates the quirks behind a consistent calling
+convention. Everything is a little-endian byte array, and each jetted operation
+has a corresponding function in the library. Jets simply unpack their nouns,
+call urcrypt, and pack the results.
+
+What is a cryptography routine?
+-------------------------------
+This is more of a subjective question than it might appear. Any of the following
+conditions are sufficient, but not necessary, for a function to be included in
+urcrypt:
+
+  * The routine is sensitive to side-channel attacks (encryption, etc)
+  * Some property of the routine is cryptographically useful (SHA, RIPE, etc)
+  * The routine typically lives in a crypto library, for whatever reason.
+
+A word on OpenSSL
+-----------------
+Urcrypt depends on OpenSSL's libcrypto, which has global state. In order
+to avoid dealing with this state, urcrypt refuses to build with an internal
+libcrypto. Either build statically (pass `--disable-shared` to `./configure`)
+or provide a shared libcrypto for urcrypt to link against. It is the library
+user's responsibility to initialize openssl, set custom memory functions, etc.

rust/ares/src/urcrypt/argon2/.gitattributes

@@ -0,0 +1,10 @@
+# Export ignore
+.gitattributes export-ignore
+.gitignore export-ignore
+.travis.yml export-ignore
+appveyor.yml export-ignore
+export.sh export-ignore
+latex/* export-ignore
+
+# Linguist documentation
+latex/* linguist-documentation

rust/ares/src/urcrypt/argon2/.gitignore

@@ -0,0 +1,21 @@
+argon2
+libargon2.a
+libargon2.so*
+libargon2.dylib
+.DS_Store
+src/*.o
+src/blake2/*.o
+genkat
+.idea
+*.pyc
+testcase
+*.gcda
+*.gcno
+*.gcov
+bench
+vs2015/build
+Argon2.sdf
+Argon2.VC.opendb
+*.zip
+*.tar.gz
+tags

rust/ares/src/urcrypt/argon2/.travis.yml

@@ -0,0 +1,25 @@
+language: c
+
+compiler:
+  - clang
+  - gcc
+
+os:
+  - linux
+  - osx
+
+# Clang on Linux needs to run in a VM to use ASAN.
+# See: https://github.com/travis-ci/travis-ci/issues/9033
+matrix:
+  exclude:
+    - compiler: clang
+      os: linux
+  include:
+    - compiler: clang
+      os: linux
+      sudo: true
+
+script: make && make testci
+
+after_success:
+  - bash <(curl -s https://codecov.io/bash)