Browse Source

added support for monocypher crypto libraries

now execution engine support a NaCL subset of functions: Chacha20
- Chacha with a 24-byte nonce and Poly1305 MAC
- Curve25519-based key exchange and public key encryption
- Blake2b hash function
- Ed25519-based signature function using Blake2b hash
- Argon2i, a modern key derivation function based on Blake2b
all statically included using the luanacha wrapper (submodule)
Jaromil 2 years ago
parent
commit
801ac884ac
7 changed files with 40 additions and 5 deletions
  1. 3 0
      .gitmodules
  2. 6 2
      Makefile
  3. 10 0
      build/luanacha/Makefile
  4. 1 0
      lib/luanacha
  5. 1 0
      src/Makefile
  6. 16 0
      src/decode-exec.c
  7. 3 3
      src/decode-exec.conf

+ 3 - 0
.gitmodules

@@ -7,3 +7,6 @@
7 7
 [submodule "lib/musl"]
8 8
 	path = lib/musl
9 9
 	url = git://git.musl-libc.org/musl
10
+[submodule "lib/luanacha"]
11
+	path = lib/luanacha
12
+	url = https://github.com/philanc/luanacha

+ 6 - 2
Makefile

@@ -3,8 +3,8 @@ luasand := ${pwd}/build/lua_sandbox
3 3
 musl := ${pwd}/build/musl
4 4
 musl-gcc := ${musl}/obj/musl-gcc
5 5
 
6
-all: musl patches luasandbox
7
-	make -C src musl
6
+all: musl patches luasandbox luanacha
7
+	make -C src
8 8
 
9 9
 patches:
10 10
 	./build/apply-patches
@@ -17,6 +17,9 @@ luasandbox:
17 17
 	if ! [ -r ${luasand}/CMakeCache.txt ]; then mkdir -p ${luasand} && cd ${luasand} && CC=${musl-gcc} cmake ${pwd}/lib/lua_sandbox ; fi
18 18
 	make -C ${luasand} luasandbox
19 19
 
20
+luanacha:
21
+	make -C ${pwd}/build/luanacha
22
+
20 23
 # needed for yices2, in case useful (WIP)
21 24
 # gmp:
22 25
 # 	if ! [ -r lib/gmp/Makefile ]; then cd lib/gmp && CC=${musl-gcc} ./configure --disable-shared --enable-static; fi
@@ -26,3 +29,4 @@ clean:
26 29
 	rm -rf ${luasand}
27 30
 	rm -rf ${musl}
28 31
 	make -C src clean
32
+	make -C ${pwd}/build/luanacha clean

+ 10 - 0
build/luanacha/Makefile

@@ -0,0 +1,10 @@
1
+CC := ../musl/obj/musl-gcc
2
+INCFLAGS := -I../../lib/lua_sandbox/include/luasandbox
3
+CFLAGS   += -std=gnu99 -Os $(INCFLAGS)
4
+
5
+luanacha.a:
6
+	${CC} -c ${CFLAGS} ../../lib/luanacha/src/*.c
7
+	ar rcc libluanacha.a *.o
8
+
9
+clean:
10
+	rm -f *.o

+ 1 - 0
lib/luanacha

@@ -0,0 +1 @@
1
+Subproject commit 5bb09df064efab21d0dc27e99a1af572f218792c

+ 1 - 0
src/Makefile

@@ -7,6 +7,7 @@ CFLAGS  := -I. -I../lib/lua_sandbox/include
7 7
 SOURCES := jutils.o timing.o decode-exec.o
8 8
 LDADD   := ../build/lua_sandbox/src/libluasandbox.a
9 9
 LDADD   += ../build/lua_sandbox/src/util/libluasandboxutil.a
10
+LDADD   += ../build/luanacha/libluanacha.a
10 11
 
11 12
 all: musl
12 13
 

+ 16 - 0
src/decode-exec.c

@@ -26,9 +26,12 @@
26 26
 
27 27
 #include <luasandbox.h>
28 28
 #include <luasandbox/util/util.h>
29
+#include <luasandbox/lauxlib.h>
29 30
 
30 31
 #define CONF "decode-exec.conf"
31 32
 
33
+extern const struct luaL_Reg luanachalib;
34
+
32 35
 // from timing.c
33 36
 // extern int set_hook(lua_State *L);
34 37
 
@@ -77,6 +80,19 @@ int main(int argc, char **argv) {
77 80
 		error("Error creating sandbox: %s", lsb_get_error(lsb));
78 81
 		goto teardown; }
79 82
 
83
+	// load our own extensions
84
+	{
85
+		const luaL_Reg *lib = &luanachalib;
86
+		notice("Loading crypto extensions");
87
+		for (; lib->func; lib++) {
88
+			func("%s",lib->name);
89
+			lsb_add_function(lsb, lib->func, lib->name);
90
+		}
91
+			// lua_pushstring(lua, lib->name);
92
+			// lua_pushcfunction(lua, lib->func);
93
+			// lua_rawset(lua, -3);
94
+	}
95
+
80 96
 
81 97
 	{
82 98
 		const char *r = lsb_init(lsb, NULL);

+ 3 - 3
src/decode-exec.conf

@@ -2,11 +2,11 @@ memory_limit = 1024*1024*1
2 2
 instruction_limit = 10000
3 3
 output_limit = 64*1024
4 4
 log_level = 7
5
-path = '/usr/local/lib/decode/modules/?.lua'
6
-cpath = '/usr/local/lib/decode/modules/?.so'
5
+path = '/dev/null'
6
+cpath = '/dev/null'
7 7
 remove_entries = {
8 8
 	[''] = {'collectgarbage','coroutine','dofile','load',
9 9
 			'loadfile','loadstring','newproxy'},
10 10
 	os = {'getenv','execute','exit','remove','rename',
11 11
 		  'setlocale','tmpname'} }
12
-disable_modules = {os = 1, io = 1}
12
+disable_modules = {io = 1}