9 files changed, 352 insertions, 0 deletions

diff --git a/src/BTLS/BoringSSL/Base.chs b/src/BTLS/BoringSSL/Base.chs
new file mode 100644
index 0000000..347e3f4
--- /dev/null
+++ b/src/BTLS/BoringSSL/Base.chs
@@ -0,0 +1,42 @@
+-- Copyright 2018 Google LLC
+--
+-- Licensed under the Apache License, Version 2.0 (the "License"); you may not
+-- use this file except in compliance with the License. You may obtain a copy of
+-- the License at
+--
+--     https://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+-- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+-- License for the specific language governing permissions and limitations under
+-- the License.
+
+{-# OPTIONS_GHC -Wno-unused-imports #-}
+
+module BTLS.BoringSSL.Base where
+
+import Foreign (Ptr, nullPtr)
+
+#include <openssl/base.h>
+
+-- | The BoringSSL @ENGINE@ type.
+data Engine
+{#pointer *ENGINE as 'Ptr Engine' -> Engine nocode#}
+
+noEngine :: Ptr Engine
+noEngine = nullPtr
+
+-- | The BoringSSL @EVP_MD_CTX@ type, representing the state of a pending
+-- hashing operation.
+data EVPMDCtx
+{#pointer *EVP_MD_CTX as 'Ptr EVPMDCtx' -> EVPMDCtx nocode#}
+
+-- | The BoringSSL @EVP_MD@ type, representing a hash algorithm.
+data EVPMD
+{#pointer *EVP_MD as 'Ptr EVPMD' -> EVPMD nocode#}
+
+-- | The BoringSSL @HMAC_CTX@ type, representing the state of a pending HMAC
+-- operation.
+data HMACCtx
+{#pointer *HMAC_CTX as 'Ptr HMACCtx' -> HMACCtx nocode#}
diff --git a/src/BTLS/BoringSSL/Digest.chs b/src/BTLS/BoringSSL/Digest.chs
new file mode 100644
index 0000000..69f3a0a
--- /dev/null
+++ b/src/BTLS/BoringSSL/Digest.chs
@@ -0,0 +1,67 @@
+-- Copyright 2018 Google LLC
+--
+-- Licensed under the Apache License, Version 2.0 (the "License"); you may not
+-- use this file except in compliance with the License. You may obtain a copy of
+-- the License at
+--
+--     https://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+-- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+-- License for the specific language governing permissions and limitations under
+-- the License.
+
+{-# OPTIONS_GHC -Wno-missing-methods #-}
+
+module BTLS.BoringSSL.Digest
+  ( evpMD5, evpSHA1, evpSHA224, evpSHA256, evpSHA384, evpSHA512
+  , mallocEVPMDCtx
+  , evpDigestInitEx, evpDigestUpdate, evpDigestFinalEx
+  , evpMaxMDSize
+  ) where
+
+import Foreign (FinalizerPtr, ForeignPtr, Ptr, Storable(alignment, sizeOf))
+import Foreign.C.Types
+
+{#import BTLS.BoringSSL.Base#}
+import BTLS.Cast (asVoidPtr)
+import BTLS.CreateWithFinalizer (createWithFinalizer)
+import BTLS.Result
+
+#include <openssl/digest.h>
+
+evpMD5, evpSHA1, evpSHA224, evpSHA256, evpSHA384, evpSHA512 :: Ptr EVPMD
+evpMD5    = {#call pure EVP_md5 as ^#}
+evpSHA1   = {#call pure EVP_sha1 as ^#}
+evpSHA224 = {#call pure EVP_sha224 as ^#}
+evpSHA256 = {#call pure EVP_sha256 as ^#}
+evpSHA384 = {#call pure EVP_sha384 as ^#}
+evpSHA512 = {#call pure EVP_sha512 as ^#}
+
+-- | Memory-safe allocator for 'EVPMDCtx'.
+mallocEVPMDCtx :: IO (ForeignPtr EVPMDCtx)
+mallocEVPMDCtx =
+  createWithFinalizer {#call EVP_MD_CTX_init as ^#} btlsFinalizeEVPMDCtxPtr
+
+foreign import ccall "&btlsFinalizeEVPMDCtx"
+  btlsFinalizeEVPMDCtxPtr :: FinalizerPtr EVPMDCtx
+
+evpDigestInitEx :: Ptr EVPMDCtx -> Ptr EVPMD -> Ptr Engine -> IO ()
+evpDigestInitEx ctx md engine =
+  requireSuccess $ {#call EVP_DigestInit_ex as ^#} ctx md engine
+
+evpDigestUpdate :: Ptr EVPMDCtx -> Ptr a -> CULong -> IO ()
+evpDigestUpdate ctx md bytes =
+  alwaysSucceeds $ {#call EVP_DigestUpdate as ^#} ctx (asVoidPtr md) bytes
+
+evpDigestFinalEx :: Ptr EVPMDCtx -> Ptr CUChar -> Ptr CUInt -> IO ()
+evpDigestFinalEx ctx mdOut outSize =
+  alwaysSucceeds $ {#call EVP_DigestFinal_ex as ^#} ctx mdOut outSize
+
+evpMaxMDSize :: Int
+evpMaxMDSize = {#const EVP_MAX_MD_SIZE#}
+
+instance Storable EVPMDCtx where
+  sizeOf _ = {#sizeof EVP_MD_CTX#}
+  alignment _ = {#alignof EVP_MD_CTX#}
diff --git a/src/BTLS/BoringSSL/HKDF.chs b/src/BTLS/BoringSSL/HKDF.chs
new file mode 100644
index 0000000..3710c0c
--- /dev/null
+++ b/src/BTLS/BoringSSL/HKDF.chs
@@ -0,0 +1,45 @@
+-- Copyright 2018 Google LLC
+--
+-- Licensed under the Apache License, Version 2.0 (the "License"); you may not
+-- use this file except in compliance with the License. You may obtain a copy of
+-- the License at
+--
+--     https://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+-- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+-- License for the specific language governing permissions and limitations under
+-- the License.
+
+module BTLS.BoringSSL.HKDF
+  ( hkdfExtract, hkdfExpand
+  ) where
+
+import Foreign (Ptr)
+import Foreign.C.Types
+
+{#import BTLS.BoringSSL.Base#}
+import BTLS.Result
+
+#include <openssl/hkdf.h>
+
+hkdfExtract ::
+  Ptr CUChar -> Ptr CULong
+  -> Ptr EVPMD
+  -> Ptr CUChar -> CULong
+  -> Ptr CUChar -> CULong
+  -> IO ()
+hkdfExtract outKey outLen digest secret secretLen salt saltLen =
+  requireSuccess $
+    {#call HKDF_extract as ^#} outKey outLen digest secret secretLen salt saltLen
+
+hkdfExpand ::
+  Ptr CUChar -> CULong
+  -> Ptr EVPMD
+  -> Ptr CUChar -> CULong
+  -> Ptr CUChar -> CULong
+  -> IO ()
+hkdfExpand outKey outLen digest prk prkLen info infoLen =
+  requireSuccess $
+    {#call HKDF_expand as ^#} outKey outLen digest prk prkLen info infoLen
diff --git a/src/BTLS/BoringSSL/HMAC.chs b/src/BTLS/BoringSSL/HMAC.chs
new file mode 100644
index 0000000..5c53122
--- /dev/null
+++ b/src/BTLS/BoringSSL/HMAC.chs
@@ -0,0 +1,54 @@
+-- Copyright 2018 Google LLC
+--
+-- Licensed under the Apache License, Version 2.0 (the "License"); you may not
+-- use this file except in compliance with the License. You may obtain a copy of
+-- the License at
+--
+--     https://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+-- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+-- License for the specific language governing permissions and limitations under
+-- the License.
+
+{-# OPTIONS_GHC -Wno-missing-methods #-}
+
+module BTLS.BoringSSL.HMAC
+  ( mallocHMACCtx
+  , hmacInitEx, hmacUpdate, hmacFinal
+  ) where
+
+import Foreign (FinalizerPtr, ForeignPtr, Ptr, Storable(alignment, sizeOf))
+import Foreign.C.Types
+
+{#import BTLS.BoringSSL.Base#}
+import BTLS.Cast (asVoidPtr)
+import BTLS.CreateWithFinalizer (createWithFinalizer)
+import BTLS.Result
+
+#include <openssl/hmac.h>
+
+-- | Memory-safe allocator for 'HMACCtx'.
+mallocHMACCtx :: IO (ForeignPtr HMACCtx)
+mallocHMACCtx = createWithFinalizer {#call HMAC_CTX_init as ^#} hmacCtxCleanup
+
+foreign import ccall "&HMAC_CTX_cleanup"
+  hmacCtxCleanup :: FinalizerPtr HMACCtx
+
+hmacInitEx :: Ptr HMACCtx -> Ptr a -> CULong -> Ptr EVPMD -> Ptr Engine -> IO ()
+hmacInitEx ctx bytes size md engine =
+  requireSuccess $
+    {#call HMAC_Init_ex as ^#} ctx (asVoidPtr bytes) size md engine
+
+hmacUpdate :: Ptr HMACCtx -> Ptr CUChar -> CULong -> IO ()
+hmacUpdate ctx bytes size =
+  alwaysSucceeds $ {#call HMAC_Update as ^#} ctx bytes size
+
+hmacFinal :: Ptr HMACCtx -> Ptr CUChar -> Ptr CUInt -> IO ()
+hmacFinal ctx out outSize =
+  requireSuccess $ {#call HMAC_Final as ^#} ctx out outSize
+
+instance Storable HMACCtx where
+  sizeOf _ = {#sizeof HMAC_CTX#}
+  alignment _ = {#alignof HMAC_CTX#}
diff --git a/src/BTLS/Cast.hs b/src/BTLS/Cast.hs
new file mode 100644
index 0000000..6f29469
--- /dev/null
+++ b/src/BTLS/Cast.hs
@@ -0,0 +1,21 @@
+-- Copyright 2018 Google LLC
+--
+-- Licensed under the Apache License, Version 2.0 (the "License"); you may not
+-- use this file except in compliance with the License. You may obtain a copy of
+-- the License at
+--
+--     https://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+-- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+-- License for the specific language governing permissions and limitations under
+-- the License.
+
+module BTLS.Cast where
+
+import Foreign (Ptr)
+import Unsafe.Coerce (unsafeCoerce)
+
+asVoidPtr :: Ptr a -> Ptr ()
+asVoidPtr = unsafeCoerce
diff --git a/src/BTLS/ConstantTimeEquals.chs b/src/BTLS/ConstantTimeEquals.chs
new file mode 100644
index 0000000..77b1af0
--- /dev/null
+++ b/src/BTLS/ConstantTimeEquals.chs
@@ -0,0 +1,30 @@
+-- Copyright 2018 Google LLC
+--
+-- Licensed under the Apache License, Version 2.0 (the "License"); you may not
+-- use this file except in compliance with the License. You may obtain a copy of
+-- the License at
+--
+--     https://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+-- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+-- License for the specific language governing permissions and limitations under
+-- the License.
+
+module BTLS.ConstantTimeEquals where
+
+import Foreign (Ptr)
+import Foreign.C.Types
+
+import BTLS.Cast (asVoidPtr)
+
+#include <openssl/mem.h>
+
+-- | Directly compares two buffers for equality. This operation takes an amount
+-- of time dependent on the specified size but independent of either buffer's
+-- contents.
+constantTimeEquals :: Ptr a -> Ptr a -> Int -> IO Bool
+constantTimeEquals a b size =
+  let size' = fromIntegral size :: CULong in
+  (== 0) <$> {#call CRYPTO_memcmp as ^#} (asVoidPtr a) (asVoidPtr b) size'
diff --git a/src/BTLS/CreateWithFinalizer.hs b/src/BTLS/CreateWithFinalizer.hs
new file mode 100644
index 0000000..3862225
--- /dev/null
+++ b/src/BTLS/CreateWithFinalizer.hs
@@ -0,0 +1,27 @@
+-- Copyright 2018 Google LLC
+--
+-- Licensed under the Apache License, Version 2.0 (the "License"); you may not
+-- use this file except in compliance with the License. You may obtain a copy of
+-- the License at
+--
+--     https://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+-- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+-- License for the specific language governing permissions and limitations under
+-- the License.
+
+module BTLS.CreateWithFinalizer (createWithFinalizer) where
+
+import Foreign
+  (FinalizerPtr, ForeignPtr, Ptr, Storable, addForeignPtrFinalizer,
+   mallocForeignPtr, withForeignPtr)
+
+createWithFinalizer ::
+  Storable a => (Ptr a -> IO ()) -> FinalizerPtr a -> IO (ForeignPtr a)
+createWithFinalizer initialize finalize = do
+  fp <- mallocForeignPtr
+  withForeignPtr fp initialize
+  addForeignPtrFinalizer finalize fp
+  return fp
diff --git a/src/BTLS/Result.hs b/src/BTLS/Result.hs
new file mode 100644
index 0000000..b9ad4a7
--- /dev/null
+++ b/src/BTLS/Result.hs
@@ -0,0 +1,27 @@
+-- Copyright 2018 Google LLC
+--
+-- Licensed under the Apache License, Version 2.0 (the "License"); you may not
+-- use this file except in compliance with the License. You may obtain a copy of
+-- the License at
+--
+--     https://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+-- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+-- License for the specific language governing permissions and limitations under
+-- the License.
+
+module BTLS.Result where
+
+import Control.Exception (assert)
+import Foreign (throwIf_)
+import Foreign.C.Types
+
+alwaysSucceeds :: IO CInt -> IO ()
+alwaysSucceeds f = do
+  r <- f
+  assert (r == 1) (return ())
+
+requireSuccess :: IO CInt -> IO ()
+requireSuccess f = throwIf_ (/= 1) (const "BoringSSL failure") f
diff --git a/src/BTLS/Types.hs b/src/BTLS/Types.hs
new file mode 100644
index 0000000..dbd806a
--- /dev/null
+++ b/src/BTLS/Types.hs
@@ -0,0 +1,39 @@
+-- Copyright 2018 Google LLC
+--
+-- Licensed under the Apache License, Version 2.0 (the "License"); you may not
+-- use this file except in compliance with the License. You may obtain a copy of
+-- the License at
+--
+--     https://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+-- WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+-- License for the specific language governing permissions and limitations under
+-- the License.
+
+module BTLS.Types
+  ( AssociatedData(AssociatedData)
+  , Salt(Salt), noSalt
+  , SecretKey(SecretKey)
+  ) where
+
+import Data.ByteString (ByteString)
+import qualified Data.ByteString as ByteString
+
+-- | Context or application-specific information. Equality comparisons on this
+-- type are variable-time.
+newtype AssociatedData = AssociatedData ByteString
+  deriving (Eq, Ord, Show)
+
+-- | A salt. Equality comparisons on this type are variable-time.
+newtype Salt = Salt ByteString
+  deriving (Eq, Ord, Show)
+
+noSalt :: Salt
+noSalt = Salt ByteString.empty
+
+-- | A secret key used as input to a cipher or HMAC. Equality comparisons on
+-- this type are variable-time.
+newtype SecretKey = SecretKey ByteString
+  deriving (Eq, Ord, Show)