From 8e5392784d05f2bc60e5a305a1c4ec3ea2bcd053 Mon Sep 17 00:00:00 2001
From: R4SAS <r4sas@i2pmail.org>
Date: Wed, 11 Nov 2020 14:59:57 +0300
Subject: [PATCH] add config options to disable aes/avx

---
 daemon/Daemon.cpp  |  4 +++-
 libi2pd/CPU.cpp    |  6 +++---
 libi2pd/CPU.h      |  2 +-
 libi2pd/Config.cpp | 12 +++++++-----
 libi2pd/Crypto.cpp |  4 ++--
 libi2pd/Crypto.h   | 10 +++++-----
 libi2pd/api.cpp    |  4 +++-
 7 files changed, 24 insertions(+), 18 deletions(-)

diff --git a/daemon/Daemon.cpp b/daemon/Daemon.cpp
index 0317704a..9988b1fd 100644
--- a/daemon/Daemon.cpp
+++ b/daemon/Daemon.cpp
@@ -128,7 +128,9 @@ namespace i2p
 			LogPrint(eLogDebug, "FS: data directory: ", datadir);
 
 			bool precomputation; i2p::config::GetOption("precomputation.elgamal", precomputation);
-			i2p::crypto::InitCrypto (precomputation);
+			bool aesni; i2p::config::GetOption("aesni", aesni);
+			bool avx; i2p::config::GetOption("avx", avx);
+			i2p::crypto::InitCrypto (precomputation, aesni, avx);
 
 			int netID; i2p::config::GetOption("netid", netID);
 			i2p::context.SetNetID (netID);
diff --git a/libi2pd/CPU.cpp b/libi2pd/CPU.cpp
index 0259bf54..e4282187 100644
--- a/libi2pd/CPU.cpp
+++ b/libi2pd/CPU.cpp
@@ -27,7 +27,7 @@ namespace cpu
 	bool aesni = false;
 	bool avx = false;
 
-	void Detect()
+	void Detect(bool AesSwitch, bool AvxSwitch)
 	{
 #if defined(__x86_64__) || defined(__i386__)
 		__builtin_cpu_init();
@@ -35,10 +35,10 @@ namespace cpu
 		__cpuid(0, info[0], info[1], info[2], info[3]);
 		if (info[0] >= 0x00000001) {
 			__cpuid(0x00000001, info[0], info[1], info[2], info[3]);
-			if (__builtin_cpu_supports("aes")) {
+			if (__builtin_cpu_supports("aes") && AesSwitch) {
 				aesni = info[2] & bit_AES;  // AESNI
 			}
-			if (__builtin_cpu_supports("avx")) {
+			if (__builtin_cpu_supports("avx") && AvxSwitch) {
 				avx = info[2] & bit_AVX;  // AVX
 			}
 		}
diff --git a/libi2pd/CPU.h b/libi2pd/CPU.h
index 9677b293..5d712e14 100644
--- a/libi2pd/CPU.h
+++ b/libi2pd/CPU.h
@@ -16,7 +16,7 @@ namespace cpu
 	extern bool aesni;
 	extern bool avx;
 
-	void Detect();
+	void Detect(bool AesSwitch, bool AvxSwitch);
 }
 }
 
diff --git a/libi2pd/Config.cpp b/libi2pd/Config.cpp
index fc479532..187373f1 100644
--- a/libi2pd/Config.cpp
+++ b/libi2pd/Config.cpp
@@ -47,11 +47,11 @@ namespace config {
 			("ifname", value<std::string>()->default_value(""),               "Network interface to bind to")
 			("ifname4", value<std::string>()->default_value(""),              "Network interface to bind to for ipv4")
 			("ifname6", value<std::string>()->default_value(""),              "Network interface to bind to for ipv6")
-			("nat", value<bool>()->default_value(true),                       "Should we assume we are behind NAT? (default: enabled)")
+			("nat", bool_switch()->default_value(true),                       "Should we assume we are behind NAT? (default: enabled)")
 			("port", value<uint16_t>()->default_value(0),                     "Port to listen for incoming connections (default: auto)")
-			("ipv4", value<bool>()->default_value(true),                      "Enable communication through ipv4 (default: enabled)")
+			("ipv4", bool_switch()->default_value(true),                      "Enable communication through ipv4 (default: enabled)")
 			("ipv6", bool_switch()->default_value(false),                     "Enable communication through ipv6 (default: disabled)")
-			("reservedrange", value<bool>()->default_value(true),             "Check remote RI for being in blacklist of reserved IP ranges (default: enabled)")
+			("reservedrange", bool_switch()->default_value(true),             "Check remote RI for being in blacklist of reserved IP ranges (default: enabled)")
 			("netid", value<int>()->default_value(I2PD_NET_ID),               "Specify NetID. Main I2P is 2")
 			("daemon", bool_switch()->default_value(false),                   "Router will go to background after start (default: disabled)")
 			("service", bool_switch()->default_value(false),                  "Router will use system folders like '/var/lib/i2pd' (default: disabled)")
@@ -59,9 +59,11 @@ namespace config {
 			("floodfill", bool_switch()->default_value(false),                "Router will be floodfill (default: disabled)")
 			("bandwidth", value<std::string>()->default_value(""),            "Bandwidth limit: integer in KBps or letters: L (32), O (256), P (2048), X (>9000)")
 			("share", value<int>()->default_value(100),                       "Limit of transit traffic from max bandwidth in percents. (default: 100)")
-			("ntcp", value<bool>()->default_value(false),                     "Ignored. Always false")
-			("ssu", value<bool>()->default_value(true),                       "Enable SSU transport (default: enabled)")
+			("ntcp", bool_switch()->default_value(false),                     "Ignored. Always false")
+			("ssu", bool_switch()->default_value(true),                       "Enable SSU transport (default: enabled)")
 			("ntcpproxy", value<std::string>()->default_value(""),            "Ignored")
+			("aesni", bool_switch()->default_value(true),                     "Use auto detection for AESNI CPU extensions. If false, AESNI will be not used")
+			("avx", bool_switch()->default_value(true),                       "Use auto detection for AVX CPU extensions. If false, AVX will be not used")
 #ifdef _WIN32
 			("svcctl", value<std::string>()->default_value(""),               "Windows service management ('install' or 'remove')")
 			("insomnia", bool_switch()->default_value(false),                 "Prevent system from sleeping (default: disabled)")
diff --git a/libi2pd/Crypto.cpp b/libi2pd/Crypto.cpp
index a0f65df2..9dcff128 100644
--- a/libi2pd/Crypto.cpp
+++ b/libi2pd/Crypto.cpp
@@ -1345,9 +1345,9 @@ namespace crypto
 		}
 	}*/
 
-	void InitCrypto (bool precomputation)
+	void InitCrypto (bool precomputation, bool aesni, bool avx)
 	{
-		i2p::cpu::Detect ();
+		i2p::cpu::Detect (aesni, avx);
 #if LEGACY_OPENSSL
 		SSL_library_init ();
 #endif
diff --git a/libi2pd/Crypto.h b/libi2pd/Crypto.h
index e2f84b65..d9eb3323 100644
--- a/libi2pd/Crypto.h
+++ b/libi2pd/Crypto.h
@@ -313,13 +313,13 @@ namespace crypto
 	struct NoiseSymmetricState
 	{
 		uint8_t m_H[32] /*h*/, m_CK[64] /*[ck, k]*/;
-		
+
 		void MixHash (const uint8_t * buf, size_t len);
-    	void MixKey (const uint8_t * sharedSecret);	
-    };
-	
+		void MixKey (const uint8_t * sharedSecret);	
+	};
+
 // init and terminate
-	void InitCrypto (bool precomputation);
+	void InitCrypto (bool precomputation, bool aesni, bool avx);
 	void TerminateCrypto ();
 }
 }
diff --git a/libi2pd/api.cpp b/libi2pd/api.cpp
index 569fbd8c..de6d7bb8 100644
--- a/libi2pd/api.cpp
+++ b/libi2pd/api.cpp
@@ -37,7 +37,9 @@ namespace api
 		i2p::fs::Init();
 
 		bool precomputation; i2p::config::GetOption("precomputation.elgamal", precomputation);
-		i2p::crypto::InitCrypto (precomputation);
+		bool aesni; i2p::config::GetOption("aesni", aesni);
+		bool avx; i2p::config::GetOption("avx", avx);
+		i2p::crypto::InitCrypto (precomputation, aesni, avx);
 
 		int netID; i2p::config::GetOption("netid", netID);
 		i2p::context.SetNetID (netID);