diff options
| -rw-r--r-- | flake.nix | 230 | ||||
| -rw-r--r-- | standalone/src/main/java/cz/crcs/ectester/standalone/libs/LibresslLib.java | 2 | ||||
| -rw-r--r-- | standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile | 11 |
3 files changed, 192 insertions, 51 deletions
@@ -14,25 +14,84 @@ outputs = { self, nixpkgs, flake-utils, gradle2nix, ... }: flake-utils.lib.eachDefaultSystem (system: let - openssl_3013 = pkgs.openssl.overrideAttrs (_old: rec { - version = "3.0.13"; - pname = "openssl"; - src = pkgs.fetchurl { - url = "https://www.openssl.org/source/openssl-${version}.tar.gz"; - hash = "sha256-iFJXU/edO+wn0vp8ZqoLkrOqlJja/ZPXz6SzeAza4xM="; - }; - # FIXME this might cause unwanted things - patches = []; + libresslShim = with pkgs; stdenv.mkDerivation { + name = "LibreSSLShim"; + src = ./standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni; + + buildInputs = [ + libressl + pkg-config + jdk11_headless + ]; + + buildPhase = '' + make libressl + ''; + + installPhase = '' + mkdir --parents $out/lib + cp libressl_provider.so $out/lib + ''; + }; + # openssl_3013 = pkgs.openssl.overrideAttrs (_old: rec { + # version = "3.0.13"; + # pname = "openssl"; + # src = pkgs.fetchurl { + # url = "https://www.openssl.org/source/openssl-${version}.tar.gz"; + # hash = "sha256-iFJXU/edO+wn0vp8ZqoLkrOqlJja/ZPXz6SzeAza4xM="; + # }; + # # FIXME this might cause unwanted things + # patches = []; + # }); + # openssl_315 = pkgs.openssl.overrideAttrs (_old: rec { + # version = "3.1.5"; + # pname = "openssl"; + # src = pkgs.fetchurl { + # url = "https://www.openssl.org/source/openssl-${version}.tar.gz"; + # hash = "sha256-auAVRn2r8EabE5rakzGTJ74kuYJR/67O2gIhhI3AkmI="; + # }; + # # FIXME this might cause unwanted things + # patches = []; + # }); + boirngssl = pkgs.boringssl.overrideAttrs (_old: rec { + postFixup = '' + ls + ''; }); - openssl_315 = pkgs.openssl.overrideAttrs (_old: rec { - version = "3.1.5"; - pname = "openssl"; - src = pkgs.fetchurl { - url = "https://www.openssl.org/source/openssl-${version}.tar.gz"; - hash = "sha256-auAVRn2r8EabE5rakzGTJ74kuYJR/67O2gIhhI3AkmI="; - }; - # FIXME this might cause unwanted things - patches = []; + libressl = pkgs.libressl.overrideAttrs (_old: rec { + # devLibPath = pkgs.lib.makeLibraryPath [ pkgs.libressl.dev ]; + # pname = "libressl"; + # version = "3.9.2"; + # includes = [ "tests/tlstest.sh" ]; + # src = pkgs.fetchurl { + # url = "mirror://openbsd/LibreSSL/${pname}-${version}.tar.gz"; + # hash = "sha256-ewMdrGSlnrbuMwT3/7ddrTOrjJ0nnIR/ksifuEYGj5c="; + # }; + # nativeBuildInputs = _old.nativeBuildInputs ++ (with pkgs; [ + # pkg-config + # ]); + + # Patched according to the previous versions: + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/pkgs/development/libraries/libressl/default.nix#L118 + # For unknown reasons the newer versions are not patched this way (yet?) + patches = [ + (pkgs.fetchpatch { + url = "https://github.com/libressl/portable/commit/86e4965d7f20c3a6afc41d95590c9f6abb4fe788.patch"; + includes = [ "tests/tlstest.sh" ]; + hash = "sha256-XmmKTvP6+QaWxyGFCX6/gDfME9GqBWSx4X8RH8QbDXA="; + }) + ]; + + # NOTE: Due to name conflicts between OpenSSL and LibreSSL we need to resolve this manually. + postFixup = pkgs.lib.concatLines [ + _old.postFixup + '' + cp $dev/lib/pkgconfig/libcrypto.pc $dev/lib/pkgconfig/libresslcrypto.pc + sed --in-place --expression 's/-lcrypto/-lresslcrypto/' $dev/lib/pkgconfig/libresslcrypto.pc + ln -s $out/lib/libcrypto.so $out/lib/libresslcrypto.so + '' + ]; + }); overlays = [ # (final: prev: { @@ -43,7 +102,7 @@ # url = "https://www.openssl.org/source/openssl-${version}.tar.gz"; # hash = "sha256-bBPSvzj98x6sPOKjRwc2c/XWMmM5jx9p0N9KQSU+Sz4="; # }; - # # FIXME this might cause unwanted things + # FIXME Removing patches might cause unwanted things. # patches = []; # }); # }) @@ -53,7 +112,6 @@ }; buildECTesterStandalone = { opensslVersion, opensslHash }: ( let - ov = opensslVersion; patched_openssl = pkgs.openssl.overrideAttrs (_old: rec { version = opensslVersion; pname = "openssl"; @@ -61,9 +119,16 @@ url = "https://www.openssl.org/source/openssl-${version}.tar.gz"; hash = opensslHash; }; - # FIXME this might cause unwanted things + # FIXME Removing patches might cause unwanted things. patches = []; }); + + # devLibPath = pkgs.lib.makeLibraryPath [ pkgs.libressl.dev ]; + # libressl = pkgs.libressl.overrideAttrs (_old: { + # fixupPhase = '' + # cp ${devLibPath}/openssl.pc ${devLibPath}/libressl.pc + # ''; + # }); in with pkgs; gradle2nix.builders.${system}.buildGradlePackage rec { @@ -72,23 +137,33 @@ # gradleInstallFlags = [ "installDist" ]; # gradleBuildFlags = [ "standalone:uberJar" ]; # ":standalone:compileJava" ":standalone:uberJar" ]; "--no-build-cache" lockFile = ./gradle.lock; - gradleBuildFlags = [ "libs" "-PlibName=openssl" ":standalone:uberJar"]; # ":standalone:compileJava" ":standalone:uberJar" ]; "--no-build-cache" + gradleBuildFlags = [ "standalone:libs" "-PlibName=libressl" ":standalone:uberJar"]; # ":standalone:compileJava" ":standalone:uberJar" ]; "--no-build-cache" src = ./.; + # cp ${libresslShim.out}/lib/libressl_provider.so standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/ + # ls -lat standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/libressl_provider.so + # exit 1 + preConfigure = '' + pushd standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/ + make lib_timing.so lib_csignals.so lib_cppsignals.so + popd + ''; + nativeBuildInputs = [ + # libresslShim gdb ant jdk17 pkg-config global-platform-pro gradle - patched_openssl + # patched_openssl makeWrapper # libraries to test # openssl_3013 - boringssl - # libressl + # boringssl + libressl libtomcrypt libtommath botan2 @@ -114,7 +189,6 @@ wolfssl nettle - # libressl gmp libgpg-error @@ -122,33 +196,86 @@ libconfig ]; - # preConfigure = '' - # pushd standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni - # make lib_timing.so - # make lib_csignals.so - # make lib_cppsignals.so - # # make clean - # make openssl - # # openssl version + # buildBoringSSL = '' + # pushd ext/boringssl + # mkdir --parents build + # pushd build + # cmake -GNinja -DBUILD_SHARED_LIBS=1 .. + # ninja + # popd + # ''; + + # buildLibreSSL = '' + # pushd ext/libressl + # ./autogen.sh + # mkdir --parents build + # pushd build + # cmake -GNinja -DBUILD_SHARED_LIBS=1 .. + # ninja # popd # ''; + # TODO OpenJDK 64-Bit Server VM warning: You have loaded library + # /home/qup/.local/share/ECTesterStandalone/lib/lib_ippcp.so which + # might have disabled stack guard. The VM will try to fix the stack + # guard now. It's highly recommended that you fix the library with + # 'execstack -c <libfile>', or link it with '-z noexecstack'. + # buildIppCrypto = '' + # pushd ext/ipp-crypto + # CC=clang CXX=clang++ cmake CMakeLists.txt -GNinja -Bbuild -DARCH=intel64 # Does not work with GCC 12+ + # mkdir --parents build + # pushd build + # ninja + # popd + # ''; + + # buildMbedTLS = '' + # pushd ext/mbedtls + # python -m venv virt + # . virt/bin/activate + # pip install -r scripts/basic.requirements.txt + # cmake -GNinja -Bbuild -DUSE_SHARED_MBEDTLS_LIBRARY=On + # cd build + # ninja + # ''; + + # wolfCrypt-JNI = '' + # pushd ext/wolfcrypt-jni + # mkdir junit + # wget -P junit/ https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar + # wget -P junit/ https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar + # make -f makefile.linux + # env JUNIT_HOME=junit/ ant build-jce-release + # ''; + + # preConfigure = lib.concatLines [ + # buildBoringSSL + # buildLibreSSL + # buildIppCrypto + # buildMbedTLS + # wolfCrypt-JNI + # ]; + # buildPhase = '' # ./gradlew clean build --offline # ''; buildInputs = [ jdk17_headless - patched_openssl + libressl + # patched_openssl ]; LD_LIBRARY_PATH = lib.makeLibraryPath [ + # libresslShim + libtommath libtomcrypt botan2 cryptopp libgcrypt patched_openssl + libressl ninja nettle gmp @@ -193,8 +320,19 @@ # openssl_111w = buildECTesterStandalone "1.1.1w" "sha256-zzCYlQy02FOtlcCEHx+cbT3BAtzPys1SHZOSUgi3asg="; }; devShells.default = with pkgs; mkShell rec { + nativeBuildInputs = [ + libresslShim + ]; + + preConfigure = '' + cp ${libresslShim.out}/libressl_provider.so standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/ + ls standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni + ''; + + buildInputs = [ - # gradle2nix + # # gradle2nix + # libresslShim gdb ant jdk17 @@ -202,9 +340,10 @@ global-platform-pro gradle # libraries to test - openssl_3013 + # openssl + libressl + # glibc boringssl - # libressl libtomcrypt libtommath botan2 @@ -221,7 +360,7 @@ autoconf libb64 - clang + # clang libgcrypt mbedtls nasm @@ -243,7 +382,7 @@ libtomcrypt botan2 cryptopp - openssl_3013 + # openssl libgcrypt nettle gmp @@ -257,6 +396,9 @@ # export PATH=$PATH:$HOME/projects/ts-spect-compiler/build/src/apps; # export TS_REPO_ROOT=`pwd`; # ''; + + # NIX_CFLAGS_COMPILE=""; + buildBoringSSL = '' mkdir --parents build pushd build @@ -305,10 +447,10 @@ ''; # TODO add LD_LIB properly - shellHook = '' - export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:$HOME/projects/ts-spect-compiler/build/src/cosim - - ''; + # shellHook = '' + # export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:$HOME/projects/ts-spect-compiler/build/src/cosim + # NIX_CFLAGS_COMPILE= + # ''; # pushd ext/wolfcrypt-jni # ${wolfCrypt-JNI} diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/LibresslLib.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/LibresslLib.java index 2dba049..a403896 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/LibresslLib.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/LibresslLib.java @@ -8,7 +8,7 @@ import java.util.Set; */ public class LibresslLib extends NativeECLibrary { public LibresslLib() { - super("LibreSSL", "libressl_provider", "lib_libressl.so"); + super("LibreSSL", "libressl_provider"); } @Override diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile index 6282574..0fc0ca6 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile @@ -189,15 +189,14 @@ nettle.o: nettle.c # LibreSSL shim libressl: libressl_provider.so -lib_libressl.so: - cp $(PROJECT_ROOT_PATH)/ext/libressl/build/crypto/libcrypto.so lib_libressl.so +# lib_libressl.so: +# cp $(PROJECT_ROOT_PATH)/ext/libressl/build/crypto/libcrypto.so lib_libressl.so -libressl_provider.so: libressl.o c_utils.o | lib_timing.so lib_csignals.so lib_libressl.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_libressl.so -l:lib_timing.so -l:lib_csignals.so +libressl_provider.so: libressl.o c_utils.o | lib_timing.so lib_csignals.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs libresslcrypto) -l:lib_timing.so -l:lib_csignals.so libressl.o: libressl.c - $(CC) -I$(PROJECT_ROOT_PATH)/ext/libressl/build/include/ $(CFLAGS) -c $< - + $(CC) $(shell pkg-config --cflags libresslcrypto) $(CFLAGS) -c $< help: @echo "# This makefile builds the JNI shims necessary to test native libraries." |