Get rid of libsodium

configure.ac

@@ -276,14 +276,6 @@ if test "x$enable_omemo" != xno; then
             [AC_MSG_ERROR([libsignal-protocol-c is required for omemo support])],
             [AC_MSG_NOTICE([libsignal-protocol-c not found, omemo support not enabled])])])
 
-    AC_CHECK_LIB([sodium], [sodium_init],
-        [AM_CONDITIONAL([BUILD_OMEMO], [true])
-         AC_DEFINE([HAVE_OMEMO], [1], [Have omemo]),
-         LIBS="-lsodium $LIBS"],
-        [AS_IF([test "x$enable_omemo" = xyes],
-            [AC_MSG_ERROR([libsodium is required for omemo support])],
-            [AC_MSG_NOTICE([libsodium not found, omemo support not enabled])])])
-
     AC_CHECK_LIB([gcrypt], [gcry_check_version],
         [AM_CONDITIONAL([BUILD_OMEMO], [true])
          AC_DEFINE([HAVE_OMEMO], [1], [Have omemo]),

src/command/cmd_funcs.c

@@ -7944,7 +7944,7 @@ cmd_omemo_start(ProfWin *window, const char *const command, gchar **args)
         }
 
         if (!omemo_loaded()) {
-            win_println(window, THEME_DEFAULT, '!', "You have not generated or loaded a cryptographic materials, use '/omemo init'");
+            win_println(window, THEME_DEFAULT, '!', "You have not generated or loaded a cryptographic materials, use '/omemo gen'");
             return TRUE;
         }
 

src/omemo/crypto.c

@@ -1,19 +1,15 @@
 #include <assert.h>
 #include <signal/signal_protocol.h>
 #include <signal/signal_protocol_types.h>
-#include <sodium.h>
 #include <gcrypt.h>
 
+#include "log.h"
 #include "omemo/omemo.h"
 #include "omemo/crypto.h"
 
 int
 omemo_crypto_init(void)
 {
-    if (sodium_init() < 0) {
-        return -1;
-    }
-
     if (!gcry_check_version(GCRYPT_VERSION)) {
         return -1;
     }
@@ -26,74 +22,114 @@ omemo_crypto_init(void)
 int
 omemo_random_func(uint8_t *data, size_t len, void *user_data)
 {
-    randombytes_buf(data, len);
+    gcry_randomize(data, len, GCRY_VERY_STRONG_RANDOM);
     return 0;
 }
 
 int
 omemo_hmac_sha256_init_func(void **hmac_context, const uint8_t *key, size_t key_len, void *user_data)
 {
-    *hmac_context = sodium_malloc(sizeof(crypto_auth_hmacsha256_state));
-    return crypto_auth_hmacsha256_init(*hmac_context, key, key_len);
+    gcry_error_t res;
+    gcry_mac_hd_t hd;
+
+    res = gcry_mac_open(&hd, GCRY_MAC_HMAC_SHA256, 0, NULL);
+    if (res != GPG_ERR_NO_ERROR) {
+        log_error("OMEMO: %s", gcry_strerror(res));
+        return OMEMO_ERR_GCRYPT;
+    }
+
+    *hmac_context = hd;
+    res = gcry_mac_setkey(hd, key, key_len);
+    if (res != GPG_ERR_NO_ERROR) {
+        log_error("OMEMO: %s", gcry_strerror(res));
+        return OMEMO_ERR_GCRYPT;
+    }
+
+    return 0;
 }
 
 int
 omemo_hmac_sha256_update_func(void *hmac_context, const uint8_t *data, size_t data_len, void *user_data)
 {
-    return crypto_auth_hmacsha256_update(hmac_context, data, data_len);
+    gcry_error_t res;
+
+    res = gcry_mac_write(hmac_context, data, data_len);
+    if (res != GPG_ERR_NO_ERROR) {
+        log_error("OMEMO: %s", gcry_strerror(res));
+        return OMEMO_ERR_GCRYPT;
+    }
+
+    return 0;
 }
 
 int
 omemo_hmac_sha256_final_func(void *hmac_context, signal_buffer **output, void *user_data)
 {
-    int ret;
-    unsigned char out[crypto_auth_hmacsha256_BYTES];
+    gcry_error_t res;
+    size_t mac_len = 32;
+    unsigned char out[mac_len];
 
-    if ((ret = crypto_auth_hmacsha256_final(hmac_context, out)) != 0) {
-        return ret;
+    res = gcry_mac_read(hmac_context, out, &mac_len);
+    if (res != GPG_ERR_NO_ERROR) {
+        log_error("OMEMO: %s", gcry_strerror(res));
+        return OMEMO_ERR_GCRYPT;
     }
 
-    *output = signal_buffer_create(out, crypto_auth_hmacsha256_BYTES);
+    *output = signal_buffer_create(out, mac_len);
     return 0;
 }
 
 void
 omemo_hmac_sha256_cleanup_func(void *hmac_context, void *user_data)
 {
-    sodium_free(hmac_context);
+    gcry_mac_close(hmac_context);
 }
 
 int
 omemo_sha512_digest_init_func(void **digest_context, void *user_data)
 {
-    *digest_context = sodium_malloc(sizeof(crypto_hash_sha512_state));
-    return crypto_hash_sha512_init(*digest_context);
+    gcry_error_t res;
+    gcry_md_hd_t hd;
+
+    res = gcry_md_open(&hd, GCRY_MD_SHA512, 0);
+    if (res != GPG_ERR_NO_ERROR) {
+        log_error("OMEMO: %s", gcry_strerror(res));
+        return OMEMO_ERR_GCRYPT;
+    }
+
+    *digest_context = hd;
+
+    return 0;
 }
 
 int
 omemo_sha512_digest_update_func(void *digest_context, const uint8_t *data, size_t data_len, void *user_data)
 {
-    return crypto_hash_sha512_update(digest_context, data, data_len);
+    gcry_md_write(digest_context, data, data_len);
+
+    return 0;
 }
 
 int
 omemo_sha512_digest_final_func(void *digest_context, signal_buffer **output, void *user_data)
 {
-    int ret;
-    unsigned char out[crypto_hash_sha512_BYTES];
+    gcry_error_t res;
+    unsigned char out[64];
 
-    if ((ret = crypto_hash_sha512_final(digest_context, out)) != 0) {
-        return ret;
+    res = gcry_md_extract(digest_context, GCRY_MD_SHA512, out, 64);
+    if (res != GPG_ERR_NO_ERROR) {
+        log_error("OMEMO: %s", gcry_strerror(res));
+        return OMEMO_ERR_GCRYPT;
     }
 
-    *output = signal_buffer_create(out, crypto_hash_sha512_BYTES);
+    *output = signal_buffer_create(out, 64);
     return 0;
 }
 
 void
 omemo_sha512_digest_cleanup_func(void *digest_context, void *user_data)
 {
-    sodium_free(digest_context);
+    gcry_md_close(digest_context);
 }
 
 int

src/omemo/omemo.c

@@ -9,7 +9,7 @@
 #include <signal/signal_protocol.h>
 #include <signal/session_builder.h>
 #include <signal/session_cipher.h>
-#include <sodium.h>
+#include <gcrypt.h>
 
 #include "config/account.h"
 #include "log.h"
@@ -218,7 +218,8 @@ omemo_generate_crypto_materials(ProfAccount *account)
         return;
     }
 
-    omemo_ctx.device_id = randombytes_uniform(0x80000000);
+    gcry_randomize(&omemo_ctx.device_id, 4, GCRY_VERY_STRONG_RANDOM);
+    omemo_ctx.device_id &= 0x7fffffff;
 
     signal_protocol_key_helper_generate_identity_key_pair(&omemo_ctx.identity_key_pair, omemo_ctx.signal);
     signal_protocol_key_helper_generate_registration_id(&omemo_ctx.registration_id, 0, omemo_ctx.signal);
@@ -245,8 +246,11 @@ omemo_generate_crypto_materials(ProfAccount *account)
 static void
 omemo_generate_short_term_crypto_materials(ProfAccount *account)
 {
+    unsigned int start;
+
+    gcry_randomize(&start, sizeof(unsigned int), GCRY_VERY_STRONG_RANDOM);
     signal_protocol_key_helper_pre_key_list_node *pre_keys_head;
-    signal_protocol_key_helper_generate_pre_keys(&pre_keys_head, randombytes_random(), 100, omemo_ctx.signal);
+    signal_protocol_key_helper_generate_pre_keys(&pre_keys_head, start, 100, omemo_ctx.signal);
 
     session_signed_pre_key *signed_pre_key;
     struct timeval tv;
@@ -442,13 +446,11 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
     unsigned char *ciphertext;
     size_t ciphertext_len;
 
-    key = sodium_malloc(AES128_GCM_KEY_LENGTH);
-    iv = sodium_malloc(AES128_GCM_IV_LENGTH);
     ciphertext_len = strlen(message) + AES128_GCM_TAG_LENGTH;
     ciphertext = malloc(ciphertext_len);
 
-    randombytes_buf(key, 16);
-    randombytes_buf(iv, 16);
+    key = gcry_random_bytes_secure(16, GCRY_VERY_STRONG_RANDOM);
+    iv = gcry_random_bytes_secure(16, GCRY_VERY_STRONG_RANDOM);
 
     res = aes128gcm_encrypt(ciphertext, &ciphertext_len, (const unsigned char * const)message, strlen(message), iv, key);
     if (res != 0) {
@@ -516,8 +518,8 @@ omemo_on_message_send(ProfChatWin *chatwin, const char *const message, gboolean
     free(id);
     g_list_free_full(keys, free);
     free(ciphertext);
-    sodium_free(key);
-    sodium_free(iv);
+    gcry_free(key);
+    gcry_free(iv);
 
     return TRUE;
 }

src/omemo/omemo.h

@@ -4,6 +4,7 @@
 #include "config/account.h"
 
 #define OMEMO_ERR_UNSUPPORTED_CRYPTO -10000
+#define OMEMO_ERR_GCRYPT -20000
 
 typedef struct omemo_context_t omemo_context;