From 22d8443149b554f07df26e436a8979fe2975eb8e Mon Sep 17 00:00:00 2001 From: Nazar Serhiichuk <43041209+G1gg1L3s@users.noreply.github.com> Date: Wed, 21 Jun 2023 23:21:54 +0300 Subject: [PATCH 1/6] Pre-release Themis 0.15.0 (#1011) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fix rust issues (pin log, run bindgen) (#1005) * rust: Pin log version to =0.4.18 The 0.4.19 requires rustc 1.60, but currently we support 1.58. Pinning it is not a big deal since it's development dependecy for tests and examples. * rust: Regenerate and update lib.rs bindgen was updated again and changed something which resulted in new output (seems like some internal constants are removed). * Pythemis: introduce `pyproject.toml` (#1006) * pythemis: Add pyproject.toml Since setup.py is deprecated, let's try moving to the pyproject.toml and configuring it with the same data as in setup.py. Use setuptools as a backend for no particular reasons ¯\_(ツ)_/¯, just because the name is familiar and we have no reasons to not use it or use something else. Keep the old setup.py for backward compatibility so old systems can try to build the package. For now, keep 0.14.0, we will bump the version in another PR. * makefile: Use pyproject.toml for installing pythemis According to this [1] article, the correct command is pip install . in the project's root. Let's try that. Also, the other option is python -m build --wheel which builds the package but doesn't install it. We can provide something like `pythemis_build` for it for example. [1]: https://godatadriven.com/blog/a-practical-guide-to-setuptools-and-pyproject-toml/ * pythemis: Update classifiers to Python3.6+ With many hours and docker containers I tested that themis actually works up to python 3.4. The other versions require some changes in makefile so they are more like "grey area". However, python3.5 is deprecated and it produces warning like "DEPRECATION: Python 3.5 reached the end of its life on..." so many libraries don't support it. Instead they start with 3.6 which will do as well, I guess. Though, actually python3.6 is also deprecated [1]. The same will be true for python3.7 in a couple of days (Jun 27 2023), so the question is, should we declare support of these versions? [1]: https://devguide.python.org/versions/ * pythemis: Extend range of supported py versions * Update changelog * Run and pin bindgen (#1008) * rust-themis: Update bindgen It updated and broke something again :facepalm: * rust-themis: Pin bindgen version It is pretty unstable with its frequent releases, so let's pin it. * Update changelog * Bump wrapper versions to 0.15.0 (#1007) * changelog: Add 0.15.0 summary * themis-core: Update version * pythemis: Update version * pythemis: Fix 8-year old typo in AUTHORS :) * rbthemis: Update version * jsthemis: Update versions * wasm-themis: Update versions * android-themis: Update version * rust-themis: Update versions * react-native-themis: Update versions * pythemis: https in AUTHORS Co-authored-by: vixentael * rust-themis: Update bench versions Somehow missed that. * changelog: Forgot to mention rust 1.58 * changelog: Mention the new iteration count --------- Co-authored-by: vixentael * Bump embedded BoringSSL (#1004) * Bump BoringSSL and fix makefile This is not the latest BoringSSL version yet, because there are a couple of fixes. So, treat it as the first. Here we also fix our makefile because the BoringSSL team fixed bug with the strange behaviour of absolute path to symbols.txt [1]. [1]: https://boringssl.googlesource.com/boringssl/+/8c75ed046f799f1d8b805036b1dea9c5ec0a0fb5%5E%21/#F0 * Bump BoringSSL and fix opaque EVP As OpenSSL, BoringSSL made many types opaque, so it will require updating some of the code to not use fields. * Bump BoringSSL again and fix RSA The same issue - RSA type became opaque, so we need to use accessors similar to what Openssl had. * Bump BoringSSL once more This is (hoperfully) the last bump. This time without issues but we will see what CI says. * Make bignum_to_bytes accept const bignum* It will prevent some of the warnings. This function doesn't mutate bignum anyway. * Update changelog * boringssl: Bump once again * msys2: Update hashes temporarily This are test values because we will move the tag. But for now, let's just test it. * phpthemis: Update version for the sake of testing They will fail probably, but just out of curiosity let's try to run the tests. * Update date of the release Solstice! --------- Co-authored-by: vixentael --- .github/workflows/test-rust.yaml | 2 +- CHANGELOG.md | 20 ++++++++++ Makefile | 2 +- PKGBUILD.MSYS2 | 8 ++-- Themis.nsi | 8 ++-- VERSION | 2 +- benches/rust/Cargo.toml | 2 +- benches/themis/Cargo.toml | 4 +- gradle.properties | 4 +- src/soter/boringssl/soter.mk | 4 +- src/soter/boringssl/soter_rsa_key.c | 26 ++++++------ src/soter/boringssl/soter_sign_ecdsa.c | 2 +- .../themis/android/AndroidManifest.xml | 2 +- .../themis/jsthemis/package-lock.json | 4 +- src/wrappers/themis/jsthemis/package.json | 2 +- src/wrappers/themis/php/php_themis.h | 3 +- src/wrappers/themis/php7/php_themis.h | 2 +- src/wrappers/themis/python/AUTHORS | 2 +- src/wrappers/themis/python/PKG-INFO | 11 ++++- src/wrappers/themis/python/pyproject.toml | 40 +++++++++++++++++++ src/wrappers/themis/python/setup.py | 9 ++++- .../themis/react-native-themis/package.json | 2 +- src/wrappers/themis/ruby/rbthemis.gemspec | 6 +-- src/wrappers/themis/rust/Cargo.toml | 7 ++-- .../themis/rust/libthemis-sys/Cargo.toml | 2 +- .../themis/rust/libthemis-sys/bindgen.sh | 2 +- src/wrappers/themis/wasm/package-lock.json | 4 +- src/wrappers/themis/wasm/package.json | 2 +- third_party/boringssl/src | 2 +- 29 files changed, 129 insertions(+), 57 deletions(-) create mode 100644 src/wrappers/themis/python/pyproject.toml diff --git a/.github/workflows/test-rust.yaml b/.github/workflows/test-rust.yaml index df01e21e2..8fdac80da 100644 --- a/.github/workflows/test-rust.yaml +++ b/.github/workflows/test-rust.yaml @@ -215,7 +215,7 @@ jobs: ${{ runner.os }}-cargo-build-target-unit-tests- ${{ runner.os }}-cargo-build-target- - name: Install Bindgen - run: cargo install bindgen-cli + run: cargo install bindgen-cli --version 0.66.1 --force - name: Check out code uses: actions/checkout@v2 - name: Check bindgen.sh output diff --git a/CHANGELOG.md b/CHANGELOG.md index c14d3c3c3..268e28602 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,23 @@ Changes that are currently in development and have not been released yet. +## [0.15.0](https://github.com/cossacklabs/themis/releases/tag/0.15.0), June 21st 2023 + +**TL;DR:** + +- Uncompressed EC public keys are now supported. +- Increased PBKDF2 iteration count from 200000 to 314110 for Secure Cell passphrase mode. +- OpenSSL 3.0 is now supported. +- Pythemis now uses `pyproject.toml`. +- And as usual: enhanced security measures and fixed bugs. + +**Breaking changes and deprecations:** +- AndroidThemis build requires Gradle 7.3, Android SDK 11, Android NDK 25. +- Some Soter functions are deprecated. +- Node.js 8 is no longer supported. +- Rust `SecureSessionTransport` implementations are now `Send`. +- Rust 1.58 is now the minimum supported version. + _Code:_ - **Core** @@ -11,6 +28,7 @@ _Code:_ - Uncompressed EC public keys are now supported ([#959](https://github.com/cossacklabs/themis/pull/959), [#954](https://github.com/cossacklabs/themis/pull/954)) - Themis will generate uncompressed EC public keys when `THEMIS_GEN_EC_KEY_PAIR_UNCOMPRESSED=1` environment variable is set ([#959](https://github.com/cossacklabs/themis/pull/959)) - Increased PBKDF2 iteration count to maintain security of Secure Cell passphrase mode ([#976](https://github.com/cossacklabs/themis/pull/976)). + - Bumped embedded BoringSSL to the latest version ([#1004](https://github.com/cossacklabs/themis/pull/1004)). - **Soter** (low-level security core used by Themis) @@ -30,6 +48,7 @@ _Code:_ - **Python** - `pythemis.scomparator` and `pythemis.skeygen` are now imported with `from pythemis import *` ([#914](https://github.com/cossacklabs/themis/pull/914)). + - Pythemis supports `pyproject.toml` as a main way of building packages. The old `setup.py` is preserved for backwards compatibility ([#1006](https://github.com/cossacklabs/themis/pull/1006)). - **Ruby** @@ -42,6 +61,7 @@ _Code:_ This is technically a breaking change, but most reasonble implementations should be `Send` already. Please raise an issue if your code fails to build. - Minimum supported Rust version is now 1.58 ([#977](https://github.com/cossacklabs/themis/pull/977), [#984](https://github.com/cossacklabs/themis/pull/984)). + - Bindgen is pinned to 0.66.1 on CI ([#1008](https://github.com/cossacklabs/themis/pull/1008)). - **WebAssembly** diff --git a/Makefile b/Makefile index d4eaba55a..e36a44d39 100644 --- a/Makefile +++ b/Makefile @@ -598,7 +598,7 @@ ifdef PIP_VERSION PIP_THEMIS_INSTALL := $(shell pip freeze |grep themis) endif -pythemis_install: CMD = cd src/wrappers/themis/python/ && python3 setup.py install --record files3.txt +pythemis_install: CMD = cd src/wrappers/themis/python/ && pip3 install . pythemis_install: ifeq ($(PYTHON3_VERSION),) @echo "python3 not found" diff --git a/PKGBUILD.MSYS2 b/PKGBUILD.MSYS2 index 05f5839e6..312645b0e 100644 --- a/PKGBUILD.MSYS2 +++ b/PKGBUILD.MSYS2 @@ -4,7 +4,7 @@ pkgname=('themis' 'themis-devel') pkgbase=themis -pkgver=0.14.0 +pkgver=0.15.0 pkgrel=1 pkgdesc="Data security library for network communication and data storage" @@ -17,9 +17,9 @@ depends=('libopenssl>=1.1.1') makedepends=('tar' 'gcc' 'make' 'openssl-devel>=1.1.1') source=("https://github.com/cossacklabs/themis/archive/$pkgver.tar.gz") -sha256sums=('2efb793e0ef604fb97258b07671a83135ad9229d83b92d7758b43510dcc6cb07') -sha1sums=('6d89a69014c24f39aedea684a78fc10f6019e505') -md5sums=('46a69d51d9e8a5d96ae919f3bf547ce9') +sha256sums=('1c6082c6440b44eb1331637a39ffe3c5924fb99c28e630cd9adb300f5f46ed69') +sha1sums=('7fa6ca58eed08030b7c68e18bc7eebea8660c39d') +md5sums=('64dbed936994c402a337218854471a28') # TODO: verify package signature # Unfortunately, bsdtar cannot handle symlinks on MSYS2 [1] so we have to use diff --git a/Themis.nsi b/Themis.nsi index b6dc14253..702080869 100644 --- a/Themis.nsi +++ b/Themis.nsi @@ -7,10 +7,10 @@ VIAddVersionKey "ProductName" "Themis" VIAddVersionKey "CompanyName" "Cossack Labs Limited" VIAddVersionKey "LegalCopyright" "(c) Cossack Labs Limited" VIAddVersionKey "FileDescription" "Themis library installer" -VIAddVersionKey "FileVersion" "0.14.0" -VIAddVersionKey "ProductVersion" "0.14.0" -VIFileVersion 0.14.0.0 -VIProductVersion 0.14.0.0 +VIAddVersionKey "FileVersion" "0.15.0" +VIAddVersionKey "ProductVersion" "0.15.0" +VIFileVersion 0.15.0.0 +VIProductVersion 0.15.0.0 Page license Page directory diff --git a/VERSION b/VERSION index 0548fb4e9..7092c7c46 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.14.0 \ No newline at end of file +0.15.0 \ No newline at end of file diff --git a/benches/rust/Cargo.toml b/benches/rust/Cargo.toml index 92eeb266b..713ce55fb 100644 --- a/benches/rust/Cargo.toml +++ b/benches/rust/Cargo.toml @@ -5,7 +5,7 @@ edition = "2018" publish = false [dependencies] -themis = { version = "0.14", path = "../../src/wrappers/themis/rust" } +themis = { version = "0.15", path = "../../src/wrappers/themis/rust" } [dev-dependencies] criterion = { version = "0.3.4", features = ["cargo_bench_support", "html_reports"] } diff --git a/benches/themis/Cargo.toml b/benches/themis/Cargo.toml index f659b4a66..fb4f4a680 100644 --- a/benches/themis/Cargo.toml +++ b/benches/themis/Cargo.toml @@ -5,8 +5,8 @@ edition = "2018" publish = false [dependencies] -themis = { version = "0.14", path = "../../src/wrappers/themis/rust" } -libthemis-sys = { version = "0.14", path = "../../src/wrappers/themis/rust/libthemis-sys" } +themis = { version = "0.15", path = "../../src/wrappers/themis/rust" } +libthemis-sys = { version = "0.15", path = "../../src/wrappers/themis/rust/libthemis-sys" } [dev-dependencies] criterion = { version = "0.3.4", features = ["cargo_bench_support", "html_reports"] } diff --git a/gradle.properties b/gradle.properties index c56140283..2b3b3911c 100644 --- a/gradle.properties +++ b/gradle.properties @@ -5,8 +5,8 @@ org.gradle.configureondemand=true # Versions of AndroidThemis and JavaThemis packages. -androidThemisVersion=0.14.0 -javaThemisVersion=0.14.0 +androidThemisVersion=0.15.0 +javaThemisVersion=0.15.0 # Android Studio insists that this is set to use JUnit test runner. android.useAndroidX=true diff --git a/src/soter/boringssl/soter.mk b/src/soter/boringssl/soter.mk index 617208e88..a55420e81 100644 --- a/src/soter/boringssl/soter.mk +++ b/src/soter/boringssl/soter.mk @@ -87,14 +87,12 @@ ifeq ($(RENAME_BORINGSSL_SYMBOLS),yes) $(GO) run util/read_symbols.go -out $(abspath $(BIN_PATH)/boringssl/symbols.txt) \ $(abspath $(BIN_PATH)/boringssl/stage-1/crypto/libcrypto.a) \ $(abspath $(BIN_PATH)/boringssl/stage-1/decrepit/libdecrepit.a) - @# Path to symbols must be a relative one (relative to the build directory) - @# because absolute paths confuse BoringSSL's make. @echo "building embedded BoringSSL again with renamed symbols..." @mkdir -p $(BIN_PATH)/boringssl/stage-2 @cd $(BIN_PATH)/boringssl/stage-2 && \ $(CMAKE) $(SOTER_ENGINE_CMAKE_FLAGS) \ -DBORINGSSL_PREFIX=$(SOTER_BORINGSSL_PREFIX) \ - -DBORINGSSL_PREFIX_SYMBOLS=../symbols.txt \ + -DBORINGSSL_PREFIX_SYMBOLS=$(abspath $(BIN_PATH)/boringssl/symbols.txt) \ $(abspath third_party/boringssl/src) ifeq ($(NINJA),) @$(MAKE) -C $(BIN_PATH)/boringssl/stage-2 crypto decrepit diff --git a/src/soter/boringssl/soter_rsa_key.c b/src/soter/boringssl/soter_rsa_key.c index b6c090ef4..c105b4726 100644 --- a/src/soter/boringssl/soter_rsa_key.c +++ b/src/soter/boringssl/soter_rsa_key.c @@ -101,7 +101,7 @@ static bool is_mod_size_supported(unsigned mod_size) } } -static soter_status_t bignum_to_bytes(BIGNUM* bn, uint8_t* to, size_t to_length) +static soter_status_t bignum_to_bytes(const BIGNUM* bn, uint8_t* to, size_t to_length) { size_t bn_size = (size_t)BN_num_bytes(bn); size_t bytes_copied; @@ -159,16 +159,16 @@ soter_status_t soter_engine_specific_to_rsa_pub_key(const soter_engine_specific_ } pub_exp = (uint32_t*)((unsigned char*)(key + 1) + rsa_mod_size); - if (BN_is_word(rsa->e, RSA_F4)) { + if (BN_is_word(RSA_get0_e(rsa), RSA_F4)) { *pub_exp = htobe32(RSA_F4); - } else if (BN_is_word(rsa->e, RSA_3)) { + } else if (BN_is_word(RSA_get0_e(rsa), RSA_3)) { *pub_exp = htobe32(RSA_3); } else { res = SOTER_INVALID_PARAMETER; goto err; } - res = bignum_to_bytes(rsa->n, (unsigned char*)(key + 1), rsa_mod_size); + res = bignum_to_bytes(RSA_get0_n(rsa), (unsigned char*)(key + 1), rsa_mod_size); if (SOTER_SUCCESS != res) { goto err; } @@ -225,9 +225,9 @@ soter_status_t soter_engine_specific_to_rsa_priv_key(const soter_engine_specific } pub_exp = (uint32_t*)(curr_bn + ((rsa_mod_size * 4) + (rsa_mod_size / 2))); - if (BN_is_word(rsa->e, RSA_F4)) { + if (BN_is_word(RSA_get0_e(rsa), RSA_F4)) { *pub_exp = htobe32(RSA_F4); - } else if (BN_is_word(rsa->e, RSA_3)) { + } else if (BN_is_word(RSA_get0_e(rsa), RSA_3)) { *pub_exp = htobe32(RSA_3); } else { res = SOTER_INVALID_PARAMETER; @@ -235,49 +235,49 @@ soter_status_t soter_engine_specific_to_rsa_priv_key(const soter_engine_specific } /* Private exponent */ - res = bignum_to_bytes(rsa->d, curr_bn, rsa_mod_size); + res = bignum_to_bytes(RSA_get0_d(rsa), curr_bn, rsa_mod_size); if (SOTER_SUCCESS != res) { goto err; } curr_bn += rsa_mod_size; /* p */ - res = bignum_to_bytes(rsa->p, curr_bn, rsa_mod_size / 2); + res = bignum_to_bytes(RSA_get0_p(rsa), curr_bn, rsa_mod_size / 2); if (SOTER_SUCCESS != res) { goto err; } curr_bn += rsa_mod_size / 2; /* q */ - res = bignum_to_bytes(rsa->q, curr_bn, rsa_mod_size / 2); + res = bignum_to_bytes(RSA_get0_q(rsa), curr_bn, rsa_mod_size / 2); if (SOTER_SUCCESS != res) { goto err; } curr_bn += rsa_mod_size / 2; /* dp */ - res = bignum_to_bytes(rsa->dmp1, curr_bn, rsa_mod_size / 2); + res = bignum_to_bytes(RSA_get0_dmp1(rsa), curr_bn, rsa_mod_size / 2); if (SOTER_SUCCESS != res) { goto err; } curr_bn += rsa_mod_size / 2; /* dq */ - res = bignum_to_bytes(rsa->dmq1, curr_bn, rsa_mod_size / 2); + res = bignum_to_bytes(RSA_get0_dmq1(rsa), curr_bn, rsa_mod_size / 2); if (SOTER_SUCCESS != res) { goto err; } curr_bn += rsa_mod_size / 2; /* qp */ - res = bignum_to_bytes(rsa->iqmp, curr_bn, rsa_mod_size / 2); + res = bignum_to_bytes(RSA_get0_iqmp(rsa), curr_bn, rsa_mod_size / 2); if (SOTER_SUCCESS != res) { goto err; } curr_bn += rsa_mod_size / 2; /* modulus */ - res = bignum_to_bytes(rsa->n, curr_bn, rsa_mod_size); + res = bignum_to_bytes(RSA_get0_n(rsa), curr_bn, rsa_mod_size); if (SOTER_SUCCESS != res) { goto err; } diff --git a/src/soter/boringssl/soter_sign_ecdsa.c b/src/soter/boringssl/soter_sign_ecdsa.c index ebc0ff6c0..adc38db47 100644 --- a/src/soter/boringssl/soter_sign_ecdsa.c +++ b/src/soter/boringssl/soter_sign_ecdsa.c @@ -135,7 +135,7 @@ soter_status_t soter_sign_final_ecdsa_none_pkcs8(soter_sign_ctx_t* ctx, if (!pkey) { return SOTER_INVALID_PARAMETER; } - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) { + if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_EC) { return SOTER_INVALID_PARAMETER; } /* TODO: need review */ diff --git a/src/wrappers/themis/android/AndroidManifest.xml b/src/wrappers/themis/android/AndroidManifest.xml index 12f1c4a8a..23c2056b8 100644 --- a/src/wrappers/themis/android/AndroidManifest.xml +++ b/src/wrappers/themis/android/AndroidManifest.xml @@ -1,3 +1,3 @@ - + diff --git a/src/wrappers/themis/jsthemis/package-lock.json b/src/wrappers/themis/jsthemis/package-lock.json index 3c11c000a..bf7481178 100644 --- a/src/wrappers/themis/jsthemis/package-lock.json +++ b/src/wrappers/themis/jsthemis/package-lock.json @@ -1,12 +1,12 @@ { "name": "jsthemis", - "version": "0.14.0", + "version": "0.15.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "jsthemis", - "version": "0.14.0", + "version": "0.15.0", "license": "Apache-2.0", "dependencies": { "nan": "^2.14.0" diff --git a/src/wrappers/themis/jsthemis/package.json b/src/wrappers/themis/jsthemis/package.json index 4f968edc0..43a5e25b0 100644 --- a/src/wrappers/themis/jsthemis/package.json +++ b/src/wrappers/themis/jsthemis/package.json @@ -1,6 +1,6 @@ { "name": "jsthemis", - "version": "0.14.0", + "version": "0.15.0", "description": "Themis is a convenient cryptographic library for data protection.", "main": "build/Release/jsthemis.node", "scripts": { diff --git a/src/wrappers/themis/php/php_themis.h b/src/wrappers/themis/php/php_themis.h index fd0acd19c..59789fed6 100644 --- a/src/wrappers/themis/php/php_themis.h +++ b/src/wrappers/themis/php/php_themis.h @@ -17,7 +17,7 @@ #ifndef _PHP_THEMIS_H_ #define _PHP_THEMIS_H_ -#define PHP_THEMIS_VERSION "0.14.0" +#define PHP_THEMIS_VERSION "0.15.0" #define PHP_THEMIS_EXTNAME "phpthemis" PHP_FUNCTION(phpthemis_secure_message_wrap); @@ -38,5 +38,4 @@ PHP_FUNCTION(phpthemis_scell_context_imprint_decrypt); extern zend_module_entry phpthemis_module_entry; #define phpext_themis_ptr &phpthemis_module_entry - #endif /* _PHP_THEMIS_H_ */ diff --git a/src/wrappers/themis/php7/php_themis.h b/src/wrappers/themis/php7/php_themis.h index 4db7e08bc..eb7e2cb6b 100644 --- a/src/wrappers/themis/php7/php_themis.h +++ b/src/wrappers/themis/php7/php_themis.h @@ -17,7 +17,7 @@ #ifndef _PHP_THEMIS_H_ #define _PHP_THEMIS_H_ -#define PHP_THEMIS_VERSION "0.14.0" +#define PHP_THEMIS_VERSION "0.15.0" #define PHP_THEMIS_EXTNAME "phpthemis" extern zend_module_entry phpthemis_module_entry; diff --git a/src/wrappers/themis/python/AUTHORS b/src/wrappers/themis/python/AUTHORS index 3a6314bcf..911673f6e 100644 --- a/src/wrappers/themis/python/AUTHORS +++ b/src/wrappers/themis/python/AUTHORS @@ -1 +1 @@ -CossackLabs (http://cossacklabs.com/) +CossackLabs (https://cossacklabs.com/) diff --git a/src/wrappers/themis/python/PKG-INFO b/src/wrappers/themis/python/PKG-INFO index 1f78f28b6..0b089be24 100644 --- a/src/wrappers/themis/python/PKG-INFO +++ b/src/wrappers/themis/python/PKG-INFO @@ -1,6 +1,6 @@ -Metadata-Version: 0.14.0 +Metadata-Version: 0.15.0 Name: pythemis -Version: 0.14.0 +Version: 0.15.0 Summary: Data security library for network communication and data storage for Python Home-page: https://cossacklabs.com Author: Cossack Labs @@ -26,5 +26,12 @@ Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3.2 Classifier: Programming Language :: Python :: 3.3 Classifier: Programming Language :: Python :: 3.4 +Classifier: Programming Language :: Python :: 3.5 +Classifier: Programming Language :: Python :: 3.6 +Classifier: Programming Language :: Python :: 3.7 +Classifier: Programming Language :: Python :: 3.8 +Classifier: Programming Language :: Python :: 3.9 +Classifier: Programming Language :: Python :: 3.10 +Classifier: Programming Language :: Python :: 3.11 Classifier: Programming Language :: Python :: Implementation :: CPython Classifier: Programming Language :: Python :: Implementation :: PyPy diff --git a/src/wrappers/themis/python/pyproject.toml b/src/wrappers/themis/python/pyproject.toml new file mode 100644 index 000000000..d68400eb3 --- /dev/null +++ b/src/wrappers/themis/python/pyproject.toml @@ -0,0 +1,40 @@ +[build-system] +requires = ["setuptools"] +build-backend = "setuptools.build_meta" + +[project] +name = "pythemis" +version = "0.15.0" +authors = [{ name = "CossackLabs", email = "dev@cossacklabs.com" }] +description = "Themis is multi-platform library with a high-level and easy-to-use cryptographic toolkit for data protection" +readme = "README.md" +requires-python = ">=3.2" +license = { file = "LICENSE" } +dependencies = ["six", "enum34; python_version<'3.4'"] +classifiers = [ + "Intended Audience :: Developers", + "License :: OSI Approved :: Apache Software License", + "Natural Language :: English", + "Operating System :: MacOS :: MacOS X", + "Operating System :: POSIX", + "Operating System :: POSIX :: BSD", + "Operating System :: POSIX :: Linux", + "Programming Language :: Python", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3.2", + "Programming Language :: Python :: 3.3", + "Programming Language :: Python :: 3.4", + "Programming Language :: Python :: 3.5", + "Programming Language :: Python :: 3.6", + "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: Implementation :: CPython", + "Programming Language :: Python :: Implementation :: PyPy", +] + +[tool.setuptools] +packages = ["pythemis"] diff --git a/src/wrappers/themis/python/setup.py b/src/wrappers/themis/python/setup.py index c12aa61e9..e0c1520d0 100644 --- a/src/wrappers/themis/python/setup.py +++ b/src/wrappers/themis/python/setup.py @@ -23,7 +23,7 @@ setup( name='pythemis', - version='0.14.0', + version='0.15.0', description='', long_description=open("README.md").read(), @@ -48,6 +48,13 @@ "Programming Language :: Python :: 3.3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", + "Programming Language :: Python :: 3.6", + "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Python :: Implementation :: PyPy", ], diff --git a/src/wrappers/themis/react-native-themis/package.json b/src/wrappers/themis/react-native-themis/package.json index 92cb2b817..cd63936cf 100644 --- a/src/wrappers/themis/react-native-themis/package.json +++ b/src/wrappers/themis/react-native-themis/package.json @@ -1,6 +1,6 @@ { "name": "react-native-themis", - "version": "0.14.10", + "version": "0.15.0", "description": "Themis React Native is a convenient cryptographic library for data protection", "react-native": "src/index", "source": "src/index", diff --git a/src/wrappers/themis/ruby/rbthemis.gemspec b/src/wrappers/themis/ruby/rbthemis.gemspec index 13926e51e..29200c545 100644 --- a/src/wrappers/themis/ruby/rbthemis.gemspec +++ b/src/wrappers/themis/ruby/rbthemis.gemspec @@ -1,7 +1,7 @@ Gem::Specification.new do |s| s.name = 'rbthemis' - s.version = '0.14.0' - s.date = '2021-12-24' + s.version = '0.15.0' + s.date = '2023-06-21' s.summary = 'Data security library for network communication and data storage for Ruby' s.description = 'Themis is a convenient cryptographic library for data protection. It provides secure messaging with forward secrecy and secure data storage. Themis is aimed at modern development practices and has a unified API across 12 platforms, including Ruby, JavaScript, iOS/macOS, Python, and Java/Android.' s.authors = ['CossackLabs'] @@ -10,5 +10,5 @@ Gem::Specification.new do |s| s.homepage = 'http://cossacklabs.com/' s.license = 'Apache-2.0' s.add_runtime_dependency 'ffi', '~> 1.9', '>= 1.9.8' - s.requirements << 'libthemis, v0.14.0' + s.requirements << 'libthemis, v0.15.0' end diff --git a/src/wrappers/themis/rust/Cargo.toml b/src/wrappers/themis/rust/Cargo.toml index 9d782ef33..f3b819a76 100644 --- a/src/wrappers/themis/rust/Cargo.toml +++ b/src/wrappers/themis/rust/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "themis" -version = "0.14.0" +version = "0.15.0" edition = "2018" rust-version = "1.58.0" authors = ["rust-themis developers"] @@ -25,7 +25,7 @@ circle-ci = { repository = "cossacklabs/themis", branch = "master" } maintenance = { status = "actively-developed" } [dependencies] -bindings = { package = "libthemis-sys", path = "libthemis-sys", version = "0.14.0" } +bindings = { package = "libthemis-sys", path = "libthemis-sys", version = "0.15.0" } zeroize = "1" [dev-dependencies] @@ -33,5 +33,6 @@ base64 = "0.10.0" byteorder = "1.2.7" clap = "2.32" lazy_static = "1.2.0" -log = "0.4.6" +# it can be unpinned when we update the minimum supported version of rustc +log = "=0.4.18" env_logger = "0.6.0" diff --git a/src/wrappers/themis/rust/libthemis-sys/Cargo.toml b/src/wrappers/themis/rust/libthemis-sys/Cargo.toml index ad5f740e5..c37f50aac 100644 --- a/src/wrappers/themis/rust/libthemis-sys/Cargo.toml +++ b/src/wrappers/themis/rust/libthemis-sys/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libthemis-sys" -version = "0.14.0" +version = "0.15.0" edition = "2018" rust-version = "1.58.0" authors = ["rust-themis developers"] diff --git a/src/wrappers/themis/rust/libthemis-sys/bindgen.sh b/src/wrappers/themis/rust/libthemis-sys/bindgen.sh index ec0a70e31..7ef008c29 100755 --- a/src/wrappers/themis/rust/libthemis-sys/bindgen.sh +++ b/src/wrappers/themis/rust/libthemis-sys/bindgen.sh @@ -10,7 +10,7 @@ # You need to have Bindgen, LLVM, rustfmt installed to run this script. # Bindgen can be installed with # -# cargo install bindgen +# cargo install bindgen-cli --version 0.66.1 --force # # rustfmt can be installed with # diff --git a/src/wrappers/themis/wasm/package-lock.json b/src/wrappers/themis/wasm/package-lock.json index 90e39d595..7b284f9d5 100644 --- a/src/wrappers/themis/wasm/package-lock.json +++ b/src/wrappers/themis/wasm/package-lock.json @@ -1,12 +1,12 @@ { "name": "wasm-themis", - "version": "0.14.6", + "version": "0.15.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "wasm-themis", - "version": "0.14.6", + "version": "0.15.0", "license": "Apache-2.0", "devDependencies": { "@types/emscripten": "^1.39.4", diff --git a/src/wrappers/themis/wasm/package.json b/src/wrappers/themis/wasm/package.json index 8f6212e59..943bff683 100644 --- a/src/wrappers/themis/wasm/package.json +++ b/src/wrappers/themis/wasm/package.json @@ -1,6 +1,6 @@ { "name": "wasm-themis", - "version": "0.14.8", + "version": "0.15.0", "description": "Themis is a convenient cryptographic library for data protection.", "main": "dist/index.js", "types": "dist/index.d.ts", diff --git a/third_party/boringssl/src b/third_party/boringssl/src index 897a2ca3f..50ee09552 160000 --- a/third_party/boringssl/src +++ b/third_party/boringssl/src @@ -1 +1 @@ -Subproject commit 897a2ca3f184b34278641138c726ef902ab1fab2 +Subproject commit 50ee09552cde1c2019bef24520848d041920cfd4 From d925c3ba6bb13bf1914a58f2380dfac4698aa09e Mon Sep 17 00:00:00 2001 From: Nazar Serhiichuk <43041209+G1gg1L3s@users.noreply.github.com> Date: Wed, 21 Jun 2023 23:33:40 +0300 Subject: [PATCH 2/6] msys2: Update checksums (#1012) It's the egg-chicken problem: we can update those hashes only after the release. But then, the release tag will not point to the updated hashes. --- PKGBUILD.MSYS2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/PKGBUILD.MSYS2 b/PKGBUILD.MSYS2 index 312645b0e..63f131a37 100644 --- a/PKGBUILD.MSYS2 +++ b/PKGBUILD.MSYS2 @@ -17,9 +17,9 @@ depends=('libopenssl>=1.1.1') makedepends=('tar' 'gcc' 'make' 'openssl-devel>=1.1.1') source=("https://github.com/cossacklabs/themis/archive/$pkgver.tar.gz") -sha256sums=('1c6082c6440b44eb1331637a39ffe3c5924fb99c28e630cd9adb300f5f46ed69') -sha1sums=('7fa6ca58eed08030b7c68e18bc7eebea8660c39d') -md5sums=('64dbed936994c402a337218854471a28') +sha256sums=('e5ff84e020ea02f545be6948b4a5ed04944fed10d4bc500684d8e79be3f6020d') +sha1sums=('abab5054190049cdb00540501316a8df3c2496f3') +md5sums=('30acf0963fae74808041a54b7c902d42') # TODO: verify package signature # Unfortunately, bsdtar cannot handle symlinks on MSYS2 [1] so we have to use From 3e687fd2251d56fed6925e80ec3a39d920b1af38 Mon Sep 17 00:00:00 2001 From: G1gg1L3s Date: Mon, 4 Dec 2023 13:39:33 +0200 Subject: [PATCH 3/6] Squashed commit of the following: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit 784033b1ac300fd975777de6db123d41dd1f46c8 Author: Anatolii Lishchynskyi Date: Tue Nov 28 21:45:12 2023 +0200 New methods of building/installing PyThemis (#1023) Refactor Makefile: * new target pythemis_make_wheel to create a .whl Python package, current modern format to be installed into virtual environmants * new target pythemis_install_wheel to install it in currently active virtualenv * new target deb_python that builds a .deb package for system-wide installation of PyThemis * new target pythemis_install_deb, alias for pythemis_deb + apt install of the created pkg * new target rpm_python, similar to deb_python * new target pythemis_install_rpm, pythemis_install_deb Update GitHub Actions workflow, test .whl and .deb installation See cossacklabs/product-docs/pull/317 for related docs update commit 30578c84d9e8d59deaa33a3a9559d35a7085da31 Author: Anatolii Lishchynskyi Date: Mon Nov 27 17:53:02 2023 +0200 Fix clippy and fmt issues, update MSRV (#1039) Fix clippy and fmt issues Update MSRV to 1.60 Freeze test deps so they compile on Rust 1.60, with no effect on themis itself (does not use those frozen crates) commit 61117667ffc753994799aec2cb52780228548f88 Author: Anatolii Lishchynskyi Date: Tue Nov 21 17:08:51 2023 +0200 Update emscripten requirements and WASM CI job (#1036) * Bump emsdk version to 3.1.47 Produces module importable in Node v18 With older (emsdk 3.0.0) version, generated `libthemis.js` that should load `libthemis.wasm` fails due to some internal autogenerated code working differently on v16 and v18 * Add link flag for WASM builds Needed to make new emscripten produce working module * Update Node testing versions Add v18 that should now work, also add v20 that is in active development as of now, but if tests are green then why not? * Switched integration tests to use v16 * Removed testing of quite old and deprecated v10 * Updated version of BoringSSL submodule to a newer one (not the latest though) commit 05cac26d7949fe62f262ca80c2ceb3a96a181991 Author: Anatolii Lishchynskyi Date: Thu Nov 9 22:24:35 2023 +0200 CI fixes (#1034) Rix Rust CI builds (#1032) * Pin log dependency to 0.4.17 * Pin byteorder dependency to 1.4.3 Last versions that still work with current MSRV 1.58. Fix sanitizers CI job (#1033) * Switch to GCC 10 * Install `libgcc-10-dev` that provides file `libtsan_preinit.o` needed for thread sanitizer Change priority of PREFIX in CFLAGS and LDFLAGS (#1031) * Change include dir priority in CFLAGS Move 'CFLAGS += -I/usr/local/include' below engine selection macros, so that if OS have OpenSSL header files installed in /usr/local/include, it won't mess with vendored BoringSSL or any other selected engine. * Put /usr/local/lib in separate LDFLAGS Introduce ADDITIONAL_LDFLAGS macro and put it after both LDFLAGS and CRYPTO_ENGINE_LDFLAGS during linking. * Add optional verbose logging to Makefile Add VERBOSE option to Makefile. If set, print executed command (compiler, linker etc) even for successful runs, and run ldd on created shared libraries. * Enable verbose builds on macOS jobs commit 06d52f4faf60d3ba5d028ac143e16c63ffa1428f Author: Anatolii Lishchynskyi Date: Tue Sep 26 13:15:37 2023 +0300 Fix make target rbthemis_uninstall (#1022) * Fix make target rbthemis_uninstall * Add RbThemis uninstall step to CI commit 86096502c48a80edb11f567c92e26eb463eae36c Author: Nazar Serhiichuk <43041209+G1gg1L3s@users.noreply.github.com> Date: Mon Jul 10 22:57:46 2023 +0300 Avoid specific versions in README (#1016) Just to avoid responsibility of updating it during release (•_•) ( •_•)>⌐■-■ (⌐■_■) commit 3219654b7b3dd5b0e21428b1a78a51dd44f69208 Author: Martin Arista Date: Mon Jul 10 11:54:25 2023 -0400 Update README.md (#1015) update links for maven and java/kotlin links --- .github/workflows/integration.yaml | 4 +- .github/workflows/test-core.yaml | 9 +- .github/workflows/test-python.yaml | 63 ++++++ .github/workflows/test-ruby.yaml | 2 + .github/workflows/test-rust.yaml | 4 +- .github/workflows/test-wasm.yaml | 17 +- CHANGELOG.md | 11 +- Makefile | 120 ++++++++++- README.md | 6 +- benches/rust/Cargo.toml | 2 +- benches/themis/Cargo.toml | 2 +- .../secure_message_encrypt_decrypt_ecdsa.rs | 2 +- .../secure_message_encrypt_decrypt_rsa.rs | 2 +- .../secure_message_sign_verify_ecdsa.rs | 2 +- .../benches/secure_message_sign_verify_rsa.rs | 2 +- docs/examples/rust/secure_cell.rs | 12 +- .../rust/secure_message_client_encrypt.rs | 2 +- .../rust/secure_message_client_verify.rs | 2 +- docs/examples/rust/secure_message_server.rs | 2 +- .../rust/secure_session_echo_client.rs | 8 +- .../rust/secure_session_echo_server.rs | 4 +- jni/themis_jni.mk | 2 +- src/soter/soter.mk | 15 +- src/themis/themis.mk | 9 +- src/wrappers/themis/rust/Cargo.toml | 24 ++- .../themis/rust/libthemis-sys/Cargo.toml | 2 +- src/wrappers/themis/rust/src/secure_cell.rs | 12 +- src/wrappers/themis/wasm/emscripten/VERSION | 2 +- .../wasm/emscripten/exported_functions.json | 1 + src/wrappers/themis/wasm/wasmthemis.mk | 6 +- tests/rust/keys.rs | 8 +- tests/rust/secure_cell.rs | 200 +++++++++--------- tests/rust/secure_message.rs | 14 +- tests/rust/secure_session.rs | 68 +++--- tests/soter/soter.mk | 2 +- tests/soter/soter_sym_test.c | 2 +- tests/themis/themis.mk | 2 +- tests/themispp/themispp.mk | 2 +- tools/afl/fuzzy.mk | 2 +- tools/rust/scell_context_string_echo.rs | 6 +- tools/rust/scell_seal_string_echo.rs | 6 +- tools/rust/scell_seal_string_echo_pw.rs | 6 +- tools/rust/scell_token_string_echo.rs | 16 +- tools/rust/smessage_encryption.rs | 8 +- 44 files changed, 455 insertions(+), 238 deletions(-) create mode 100644 src/wrappers/themis/wasm/emscripten/exported_functions.json diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index 726509d0d..81e2cea40 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -66,10 +66,10 @@ jobs: with: toolchain: stable profile: minimal - - name: Install Node.js 10.x + - name: Install Node.js 16.x uses: actions/setup-node@v1 with: - node-version: 10.x + node-version: 16.x - name: Install Emscripten run: | version=$(cat src/wrappers/themis/wasm/emscripten/VERSION) diff --git a/.github/workflows/test-core.yaml b/.github/workflows/test-core.yaml index 5cfaf73e8..4dd35c759 100644 --- a/.github/workflows/test-core.yaml +++ b/.github/workflows/test-core.yaml @@ -36,6 +36,7 @@ jobs: name: Unit tests runs-on: ${{ matrix.os }} env: + VERBOSE: 1 SOTER_KDF_RUN_LONG_TESTS: yes MATRIX_OS: ${{ matrix.os }} strategy: @@ -153,20 +154,20 @@ jobs: run: | sudo sh -c 'echo "DEBIAN_FRONTEND=noninteractive" >> /etc/environment' sudo apt update - sudo apt install --yes gcc-8 clang-8 make libssl-dev + sudo apt install --yes gcc-10 libgcc-10-dev clang-8 make libssl-dev - name: Check out code uses: actions/checkout@v2 # We test only OpenSSL flavor to not expand the testing matrix too much # (rebuilding BoringSSL is not fun and takes much time) - name: Check with GCC (ASan) if: always() - run: make clean test CC=gcc-8 WITH_ASAN=1 + run: make clean test CC=gcc-10 WITH_ASAN=1 - name: Check with GCC (TSan) if: always() - run: make clean test CC=gcc-8 WITH_TSAN=1 + run: make clean test CC=gcc-10 WITH_TSAN=1 - name: Check with GCC (UBSan) if: always() - run: make clean test CC=gcc-8 WITH_UBSAN=1 + run: make clean test CC=gcc-10 WITH_UBSAN=1 - name: Check with Clang (ASan) if: always() run: make clean test CC=clang-8 WITH_ASAN=1 diff --git a/.github/workflows/test-python.yaml b/.github/workflows/test-python.yaml index f3aeb8cc6..56bd2f020 100644 --- a/.github/workflows/test-python.yaml +++ b/.github/workflows/test-python.yaml @@ -47,6 +47,69 @@ jobs: - name: Run test suite run: make test_python + unit-tests-venv: + name: Unit tests (virtualenv install) + # TODO: Switch to something more fresh, Ubuntu 22.04 or Debian Bookworm, + # after issue with deprecates in C++ tests is fixed + runs-on: ubuntu-20.04 + steps: + - name: Install system dependencies + run: | + sudo sh -c 'echo "DEBIAN_FRONTEND=noninteractive" >> /etc/environment' + sudo apt update + sudo apt install --yes gcc make libssl-dev \ + python3 python3-setuptools python3-pip python3-venv + - name: Check out code + uses: actions/checkout@v2 + - name: Prepare Themis Core + run: | + make + sudo make install + make prepare_tests_all + - name: Create virtualenv + run: mkdir /tmp/test_venv && python3 -m venv /tmp/test_venv + - name: Install PyThemis into virtualenv + run: | + make pythemis_make_wheel + source /tmp/test_venv/bin/activate && make pythemis_install_wheel + - name: Run test suite + run: source /tmp/test_venv/bin/activate && make test_python + - name: Uninstall PyThemis + run: source /tmp/test_venv/bin/activate && pip uninstall -y pythemis + + unit-tests-deb-pkg: + name: Unit tests (deb package) + # TODO: Switch to something more fresh, Ubuntu 22.04 or Debian Bookworm, + # after issue with deprecates in C++ tests is fixed + runs-on: ubuntu-20.04 + steps: + - name: Install system dependencies + run: | + sudo sh -c 'echo "DEBIAN_FRONTEND=noninteractive" >> /etc/environment' + sudo apt update + sudo apt install --yes gcc make libssl-dev \ + python3 python3-setuptools \ + ruby + sudo gem install fpm + - name: Check out code + uses: actions/checkout@v2 + - name: Prepare Themis Core + run: | + make + sudo make install + make prepare_tests_all + - name: Install libthemis deb + run: | + make deb WITHOUT_THEMISPP=1 WITHOUT_JAVA=1 + sudo apt install ./build/deb/libthemis_*.deb + - name: Install PyThemis (deb package) + run: | + sudo make pythemis_install_deb + - name: Run test suite + run: make test_python + - name: Uninstall PyThemis + run: sudo apt remove -y python3-pythemis + examples: name: Code examples runs-on: ubuntu-20.04 diff --git a/.github/workflows/test-ruby.yaml b/.github/workflows/test-ruby.yaml index f7efd1494..802a57b6b 100644 --- a/.github/workflows/test-ruby.yaml +++ b/.github/workflows/test-ruby.yaml @@ -59,6 +59,8 @@ jobs: run: | rvm use system make test_ruby + - name: Uninstall RubyThemis + run: sudo make rbthemis_uninstall examples: name: Code examples diff --git a/.github/workflows/test-rust.yaml b/.github/workflows/test-rust.yaml index 8fdac80da..6ab96591a 100644 --- a/.github/workflows/test-rust.yaml +++ b/.github/workflows/test-rust.yaml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - rust: [stable, '1.58'] + rust: [stable, '1.60'] fail-fast: false steps: - name: Install system dependencies @@ -81,7 +81,7 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - rust: [stable, '1.58'] + rust: [stable, '1.60'] fail-fast: false steps: - name: Install system dependencies diff --git a/.github/workflows/test-wasm.yaml b/.github/workflows/test-wasm.yaml index 6fabe6da4..079c30566 100644 --- a/.github/workflows/test-wasm.yaml +++ b/.github/workflows/test-wasm.yaml @@ -78,10 +78,11 @@ jobs: strategy: matrix: node-version: - - 10.x # legacy - - 12.x # old LTS - - 14.x # current LTS - - 16.x # current stable + - 12.x # legacy + - 14.x # legacy + - 16.x # legacy + - 18.x # current LTS + - 20.x # current active fail-fast: false steps: - name: Install Node.js ${{ matrix.node-version }} @@ -110,9 +111,11 @@ jobs: strategy: matrix: node-version: - - 12.x # old LTS - - 14.x # current LTS - - 16.x # current stable + - 12.x # legacy + - 14.x # legacy + - 16.x # legacy + - 18.x # current LTS + - 20.x # current active fail-fast: false env: # WasmThemis uses promises to handle asynchronous WebAssmebly compilation. diff --git a/CHANGELOG.md b/CHANGELOG.md index 268e28602..6ad37d9bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -50,6 +50,10 @@ _Code:_ - `pythemis.scomparator` and `pythemis.skeygen` are now imported with `from pythemis import *` ([#914](https://github.com/cossacklabs/themis/pull/914)). - Pythemis supports `pyproject.toml` as a main way of building packages. The old `setup.py` is preserved for backwards compatibility ([#1006](https://github.com/cossacklabs/themis/pull/1006)). + - New installation methods, accessible with make ([#1023](https://github.com/cossacklabs/themis/pull/1023)). + - create/install `.whl` package for virtualenv + - create/install `.deb` or `.rpm` package for system-wide installation + - **Ruby** - Improved compatibility with non-standard installations on Apple M1 ([#917](https://github.com/cossacklabs/themis/pull/917)). @@ -60,9 +64,14 @@ _Code:_ This is technically a breaking change, but most reasonble implementations should be `Send` already. Please raise an issue if your code fails to build. - - Minimum supported Rust version is now 1.58 ([#977](https://github.com/cossacklabs/themis/pull/977), [#984](https://github.com/cossacklabs/themis/pull/984)). + - Minimum supported Rust version is now 1.60 ([#977](https://github.com/cossacklabs/themis/pull/977), [#984](https://github.com/cossacklabs/themis/pull/984), [#1039](https://github.com/cossacklabs/themis/pull/1039)). - Bindgen is pinned to 0.66.1 on CI ([#1008](https://github.com/cossacklabs/themis/pull/1008)). +- **WasmThemis** + + - Updated required `emsdk` version to 3.1.47 ([#1036](https://github.com/cossacklabs/themis/pull/1036)). + - WasmThemis now works with Node v18 and v20 ([#1036](https://github.com/cossacklabs/themis/pull/1036)). + - **WebAssembly** - Node.js v8 is no longer supported ([#901](https://github.com/cossacklabs/themis/pull/901)). diff --git a/Makefile b/Makefile index e36a44d39..7d7ebb56e 100644 --- a/Makefile +++ b/Makefile @@ -45,6 +45,8 @@ $(BUILD_PATH)/configure.mk: # then increment LIBRARY_SO_VERSION as well, and update package names. VERSION := $(shell test -d .git && git describe --tags || cat VERSION) LIBRARY_SO_VERSION = 0 +# Version in format X.Y.Z, without build number and commit hash +VERSION_SHORT := $(shell cat VERSION) #----- Toolchain --------------------------------------------------------------- @@ -88,9 +90,6 @@ pkgconfigdir ?= $(libdir)/pkgconfig # Add Themis source directory to search paths CFLAGS += -I$(INC_PATH) -I$(SRC_PATH) -I$(SRC_PATH)/wrappers/themis/ LDFLAGS += -L$(BIN_PATH) -# Not all platforms include /usr/local in default search path -CFLAGS += -I/usr/local/include -LDFLAGS += -L/usr/local/lib # Build shared libraries CFLAGS += -fPIC @@ -111,8 +110,13 @@ OK_STRING=$(MOVE_COLUMN)$(OK_COLOR)[OK]$(NO_COLOR) ERROR_STRING=$(MOVE_COLUMN)$(ERROR_COLOR)[ERRORS]$(NO_COLOR) WARN_STRING=$(MOVE_COLUMN)$(WARN_COLOR)[WARNINGS]$(NO_COLOR) +ifeq ($(VERBOSE),) PRINT_OK = printf "$@ $(OK_STRING)\n" PRINT_OK_ = printf "$(OK_STRING)\n" +else +PRINT_OK = printf "$@ $(OK_STRING)\n" && printf "$(CMD)\n" +PRINT_OK_ = printf "$(OK_STRING)\n" && printf "$(CMD)\n" +endif PRINT_ERROR = printf "$@ $(ERROR_STRING)\n" && printf "$(CMD)\n$$LOG\n" && false PRINT_ERROR_ = printf "$(ERROR_STRING)\n" && printf "$(CMD)\n$$LOG\n" && false PRINT_WARNING = printf "$@ $(WARN_STRING)\n" && printf "$(CMD)\n$$LOG\n" @@ -166,6 +170,18 @@ ifneq ($(ENGINE_LIB_PATH),) CRYPTO_ENGINE_LIB_PATH = $(ENGINE_LIB_PATH) endif +# Basic compiler flags (lower priority than selected engine) +# We got /usr/local as default PREFIX and not all platforms include that path in default search path. +# Make sure whatever PREFIX is used, includes and libs are searched there. +# +# These two additional flags, -I and -L, need to be _after_ engine flags to not override it. +# CFLAGS is populated with CRYPTO_ENGINE_CFLAGS few lines above, so we could add -I to CFLAGS. +# LDFLAGS and CRYPTO_ENGINE_LDFLAGS are used separately, in this same order, so new macro was +# introduced, ADDITIONAL_LDFLAGS, to be used after CRYPTO_ENGINE_LDFLAGS, so that LDFLAGS remain +# at the beginning of linker flags. +CFLAGS += -I$(includedir) +ADDITIONAL_LDFLAGS += -L$(libdir) + ifneq ($(AUTH_SYM_ALG),) CFLAGS += -D$(AUTH_SYM_ALG) endif @@ -398,7 +414,7 @@ fmt: $(FMT_FIXUP) fmt_check: $(FMT_CHECK) clean: CMD = rm -rf $(BIN_PATH) -clean: nist_rng_test_suite_clean clean_rust +clean: nist_rng_test_suite_clean clean_rust clean_python @$(BUILD_CMD) clean_rust: @@ -407,6 +423,12 @@ ifdef RUST_VERSION @rm -f tools/rust/*.rust endif +clean_python: +ifdef PYTHON3_VERSION + @rm -rf src/wrappers/themis/python/dist + @rm -rf src/wrappers/themis/python/pythemis.egg-info +endif + get_version: @echo $(VERSION) @@ -583,7 +605,7 @@ else @exit 1 endif -rbthemis_uninstall: CMD = gem uninstall themis +rbthemis_uninstall: CMD = gem uninstall rbthemis rbthemis_uninstall: ifdef RUBY_GEM_VERSION @echo -n "rbthemis uninstall " @@ -607,6 +629,25 @@ endif @echo -n "pythemis install " @$(BUILD_CMD_) +pythemis_make_wheel: CMD = cd src/wrappers/themis/python/ && python3 setup.py bdist_wheel +pythemis_make_wheel: +ifeq ($(PYTHON3_VERSION),) + @echo "python3 not found" + @exit 1 +endif + @echo -n "pythemis make wheel " + @$(BUILD_CMD_) + @echo Result: src/wrappers/themis/python/dist/pythemis-$(VERSION_SHORT)-py2.py3-none-any.whl + +pythemis_install_wheel: CMD = pip install src/wrappers/themis/python/dist/pythemis-$(VERSION_SHORT)-py2.py3-none-any.whl +pythemis_install_wheel: +ifeq ($(PYTHON3_VERSION),) + @echo "python3 not found" + @exit 1 +endif + @echo -n "pythemis install wheel " + @$(BUILD_CMD_) + ######################################################################## # # Packaging Themis Core: Linux distributions @@ -729,7 +770,7 @@ deb: PREFIX = /usr deb: libdir = $(PREFIX)$(DEB_LIBDIR) deb: jnidir = $(PREFIX)$(DEB_LIBDIR)/jni -deb: install themispp_install themis_jni_install +deb: install $(if $(WITHOUT_THEMISPP), , themispp_install) $(if $(WITHOUT_JAVA), , themis_jni_install) @printf "ldconfig" > $(POST_INSTALL_SCRIPT) @printf "ldconfig" > $(POST_UNINSTALL_SCRIPT) @@ -750,6 +791,7 @@ deb: install themispp_install themis_jni_install --after-install $(POST_INSTALL_SCRIPT) \ --after-remove $(POST_UNINSTALL_SCRIPT) \ --category $(PACKAGE_CATEGORY) \ + --force \ $(foreach file,$(DEV_PACKAGE_FILES),$(DESTDIR)/$(file)=$(file)) @fpm --input-type dir \ @@ -767,8 +809,10 @@ deb: install themispp_install themis_jni_install --after-remove $(POST_UNINSTALL_SCRIPT) \ --deb-priority optional \ --category $(PACKAGE_CATEGORY) \ + --force \ $(foreach file,$(LIB_PACKAGE_FILES),$(DESTDIR)/$(file)=$(file)) +ifndef WITHOUT_THEMISPP @fpm --input-type dir \ --output-type deb \ --name $(DEB_THEMISPP_PACKAGE_NAME) \ @@ -784,8 +828,11 @@ deb: install themispp_install themis_jni_install --after-install $(POST_INSTALL_SCRIPT) \ --after-remove $(POST_UNINSTALL_SCRIPT) \ --category $(PACKAGE_CATEGORY) \ + --force \ $(foreach file,$(THEMISPP_PACKAGE_FILES),$(DESTDIR)/$(file)=$(file)) +endif +ifndef WITHOUT_JAVA @fpm --input-type dir \ --output-type deb \ --name $(JNI_PACKAGE_NAME) \ @@ -801,10 +848,44 @@ deb: install themispp_install themis_jni_install --after-remove $(POST_UNINSTALL_SCRIPT) \ --deb-priority optional \ --category $(PACKAGE_CATEGORY) \ + --force \ $(foreach file,$(JNI_PACKAGE_FILES),$(DESTDIR)/$(file)=$(file)) +endif @find $(BIN_PATH) -name \*.deb +# Use builtin feature of fpm to create a .deb package from a Python package dir. +# Dependencies are automatically added, i.e. PyThemis depends on `six`, so fpm will add `python3-six` to deps. +deb_python: DEB_ARCHITECTURE = all +deb_python: DESTDIR = $(BIN_PATH)/deb/pythemis_root +deb_python: + @mkdir -p $(BIN_PATH)/deb + @fpm --input-type python \ + --output-type deb \ + --python-bin=python3 \ + --python-package-name-prefix=python3 \ + --name python3-pythemis \ + --license $(LICENSE_NAME) \ + --url '$(COSSACKLABS_URL)' \ + --description '$(SHORT_DESCRIPTION)' \ + --maintainer $(MAINTAINER) \ + --package $(BIN_PATH)/deb/python3-pythemis_$(NAME_SUFFIX) \ + --architecture $(DEB_ARCHITECTURE) \ + --version $(VERSION)+$(OS_CODENAME) \ + --depends python3 --depends libthemis \ + --deb-priority optional \ + --category $(PACKAGE_CATEGORY) \ + --force \ + src/wrappers/themis/python + + @echo $(BIN_PATH)/deb/python3-pythemis_$(NAME_SUFFIX) + +# Using `apt` since it could install dependencies (we depend on python3-six), +# while dpkg would just complain about missing dependency and fail +pythemis_install_deb: DEB_ARCHITECTURE = all +pythemis_install_deb: deb_python + apt install ./$(BIN_PATH)/deb/python3-pythemis_$(NAME_SUFFIX) + rpm: MODE_PACKAGING = 1 rpm: DESTDIR = $(BIN_PATH)/rpm/root rpm: PREFIX = /usr @@ -882,6 +963,33 @@ rpm: install themispp_install themis_jni_install @find $(BIN_PATH) -name \*.rpm +rpm_python: ARCHITECTURE = all +rpm_python: + @mkdir -p $(BIN_PATH)/rpm + @fpm --input-type python \ + --output-type rpm \ + --python-bin=python3 \ + --python-package-name-prefix=python3 \ + --name python3-pythemis \ + --license $(LICENSE_NAME) \ + --url '$(COSSACKLABS_URL)' \ + --description '$(SHORT_DESCRIPTION)' \ + --rpm-summary '$(RPM_SUMMARY)' \ + --maintainer $(MAINTAINER) \ + --package $(BIN_PATH)/rpm/python3-pythemis_$(NAME_SUFFIX) \ + --version $(RPM_VERSION) \ + --depends python3 --depends libthemis \ + --category $(PACKAGE_CATEGORY) \ + --force \ + src/wrappers/themis/python + + @echo $(BIN_PATH)/rpm/python3-pythemis_$(NAME_SUFFIX) + +pythemis_install_rpm: ARCHITECTURE = all +pythemis_install_rpm: rpm_python + yum install ./$(BIN_PATH)/rpm/python3-pythemis_$(NAME_SUFFIX) + + ######################################################################## # # Packaging Themis Core: Windows (NSIS) diff --git a/README.md b/README.md index 2e8c55b69..50d8945d4 100644 --- a/README.md +++ b/README.md @@ -79,9 +79,9 @@ Themis is available for the following languages/platforms, refer to [language ho | ⚛️ React Native (iOS, Android) | [React Native Howto](https://docs.cossacklabs.com/themis/languages/react-native/) | [docs/examples/react-native](https://github.com/cossacklabs/themis/tree/master/docs/examples/react-native) | [![npm](https://img.shields.io/npm/v/react-native-themis.svg)](https://www.npmjs.com/package/react-native-themis) | | 🔶 Swift (iOS, macOS) | [Swift Howto](https://docs.cossacklabs.com/themis/languages/swift/) | [docs/examples/swift](https://github.com/cossacklabs/themis/tree/master/docs/examples/swift) | [![CocoaPods](https://img.shields.io/cocoapods/v/themis.svg)](https://cocoapods.org/pods/themis) | | 📱 Objective-C (iOS, macOS) | [Objective-C Howto](https://docs.cossacklabs.com/themis/languages/objc/) | [docs/examples/objc](https://github.com/cossacklabs/themis/tree/master/docs/examples/objc)| [![CocoaPods](https://img.shields.io/cocoapods/v/themis.svg)](https://cocoapods.org/pods/themis) | -| ☕️ Java (Desktop) | [Java (Desktop) Howto](https://docs.cossacklabs.com/themis/languages/java/installation-desktop/) | [Java projects](https://github.com/cossacklabs/themis-java-examples) | | -| ☎️ Java (Android) | [Java (Android) Howto](https://docs.cossacklabs.com/themis/languages/java/installation-android/) | [Android projects](https://github.com/cossacklabs/themis-java-examples) | [![maven](https://api.bintray.com/packages/cossacklabs/maven/themis/images/download.svg)](https://bintray.com/cossacklabs/maven/themis/_latestVersion) | -| 📞 Kotlin (Android) | [Java (Android) Howto](https://docs.cossacklabs.com/themis/languages/java/installation-android/) | [Android projects](https://github.com/cossacklabs/themis-java-examples) | [![maven](https://api.bintray.com/packages/cossacklabs/maven/themis/images/download.svg)](https://bintray.com/cossacklabs/maven/themis/_latestVersion) | +| ☕️ Java (Desktop) | [Java (Desktop) Howto](https://docs.cossacklabs.com/themis/languages/java/installation-desktop/) | [docs/examples/java](https://github.com/cossacklabs/themis/tree/master/docs/examples/java) | [![maven](https://img.shields.io/maven-central/v/com.cossacklabs.com/java-themis )](https://central.sonatype.com/artifact/com.cossacklabs.com/java-themis/) | +| ☎️ Java (Android) | [Java (Android) Howto](https://docs.cossacklabs.com/themis/languages/java/installation-android/) | [docs/examples/android](https://github.com/cossacklabs/themis/tree/master/docs/examples/android) | [![maven](https://img.shields.io/maven-central/v/com.cossacklabs.com/java-themis )](https://central.sonatype.com/artifact/com.cossacklabs.com/java-themis/) | +| 📞 Kotlin (Android) | [Kotlin (Android) Howto](https://docs.cossacklabs.com/themis/languages/kotlin/installation-android/) | [docs/examples/android](https://github.com/cossacklabs/themis/tree/master/docs/examples/android) | [![maven](https://img.shields.io/maven-central/v/com.cossacklabs.com/themis)](https://central.sonatype.com/artifact/com.cossacklabs.com/themis) | | 🔻 Ruby | [Ruby Howto](https://docs.cossacklabs.com/themis/languages/ruby/) | [docs/examples/ruby](https://github.com/cossacklabs/themis/tree/master/docs/examples/ruby) | [![Gem](https://img.shields.io/gem/v/rbthemis.svg)](https://rubygems.org/gems/rbthemis) | | 🐍 Python | [Python Howto](https://docs.cossacklabs.com/themis/languages/python/) | [docs/examples/python](https://github.com/cossacklabs/themis/tree/master/docs/examples/python) | [![PyPI](https://img.shields.io/pypi/v/pythemis.svg)](https://pypi.python.org/pypi?%3Aaction=search&term=pythemis&submit=search) | | 🐘 PHP | [PHP Howto](https://docs.cossacklabs.com/themis/languages/php/) | [docs/examples/php](https://github.com/cossacklabs/themis/tree/master/docs/examples/php) | | diff --git a/benches/rust/Cargo.toml b/benches/rust/Cargo.toml index 713ce55fb..8a9cc1ac5 100644 --- a/benches/rust/Cargo.toml +++ b/benches/rust/Cargo.toml @@ -13,7 +13,7 @@ criterion = { version = "0.3.4", features = ["cargo_bench_support", "html_report csv = "~1.1" # Freeze `rayon` and `rayon-core` versions (first is used by `criterion`) # so that benchmarks still build/run with Rust 1.58. -# FIXME: remove thiese two after we bump minimum required Rust version +# FIXME: remove these two after we bump minimum required Rust version rayon = "=1.6.1" rayon-core = "=1.10.1" diff --git a/benches/themis/Cargo.toml b/benches/themis/Cargo.toml index fb4f4a680..b49716527 100644 --- a/benches/themis/Cargo.toml +++ b/benches/themis/Cargo.toml @@ -14,7 +14,7 @@ criterion = { version = "0.3.4", features = ["cargo_bench_support", "html_report csv = "~1.1" # Freeze `rayon` and `rayon-core` versions (first is used by `criterion`) # so that benchmarks still build/run with Rust 1.58. -# FIXME: remove thiese two after we bump minimum required Rust version +# FIXME: remove these two after we bump minimum required Rust version rayon = "=1.6.1" rayon-core = "=1.10.1" diff --git a/benches/themis/benches/secure_message_encrypt_decrypt_ecdsa.rs b/benches/themis/benches/secure_message_encrypt_decrypt_ecdsa.rs index bde821ab3..28d416ccb 100644 --- a/benches/themis/benches/secure_message_encrypt_decrypt_ecdsa.rs +++ b/benches/themis/benches/secure_message_encrypt_decrypt_ecdsa.rs @@ -106,7 +106,7 @@ pub fn decryption(c: &mut Criterion) { |b, &size| { let message = vec![0; size]; let encrypted = SecureMessage::new(key_pair.clone()) - .encrypt(&message) + .encrypt(message) .expect("failed encryption"); let mut decrypted = vec![0; size]; diff --git a/benches/themis/benches/secure_message_encrypt_decrypt_rsa.rs b/benches/themis/benches/secure_message_encrypt_decrypt_rsa.rs index f5d336f06..85a2a20e5 100644 --- a/benches/themis/benches/secure_message_encrypt_decrypt_rsa.rs +++ b/benches/themis/benches/secure_message_encrypt_decrypt_rsa.rs @@ -106,7 +106,7 @@ pub fn decryption(c: &mut Criterion) { |b, &size| { let message = vec![0; size]; let encrypted = SecureMessage::new(key_pair.clone()) - .encrypt(&message) + .encrypt(message) .expect("failed encryption"); let mut decrypted = vec![0; size]; diff --git a/benches/themis/benches/secure_message_sign_verify_ecdsa.rs b/benches/themis/benches/secure_message_sign_verify_ecdsa.rs index 6771cb45a..c4401b635 100644 --- a/benches/themis/benches/secure_message_sign_verify_ecdsa.rs +++ b/benches/themis/benches/secure_message_sign_verify_ecdsa.rs @@ -102,7 +102,7 @@ pub fn verification(c: &mut Criterion) { |b, &size| { let message = vec![0; size]; let signature = SecureSign::new(private.clone()) - .sign(&message) + .sign(message) .expect("failed signing"); let mut received_message = vec![0; size]; diff --git a/benches/themis/benches/secure_message_sign_verify_rsa.rs b/benches/themis/benches/secure_message_sign_verify_rsa.rs index 3265a3257..e96b0e1a8 100644 --- a/benches/themis/benches/secure_message_sign_verify_rsa.rs +++ b/benches/themis/benches/secure_message_sign_verify_rsa.rs @@ -102,7 +102,7 @@ pub fn verification(c: &mut Criterion) { |b, &size| { let message = vec![0; size]; let signature = SecureSign::new(private.clone()) - .sign(&message) + .sign(message) .expect("failed signing"); let mut received_message = vec![0; size]; diff --git a/docs/examples/rust/secure_cell.rs b/docs/examples/rust/secure_cell.rs index f24f360ac..de2f0533b 100644 --- a/docs/examples/rust/secure_cell.rs +++ b/docs/examples/rust/secure_cell.rs @@ -33,7 +33,7 @@ fn main() -> themis::Result<()> { println!("Encoded: {}", base64::encode(&message)); - let encrypted_message = scell_mk.encrypt(&message)?; + let encrypted_message = scell_mk.encrypt(message)?; println!("Encrypted: {}", base64::encode(&encrypted_message)); let decrypted_message = scell_mk.decrypt(&encrypted_message)?; @@ -44,11 +44,11 @@ fn main() -> themis::Result<()> { println!("## Passphrase API"); { - let scell_pw = SecureCell::with_passphrase(&passphrase)?.seal(); + let scell_pw = SecureCell::with_passphrase(passphrase)?.seal(); println!("Encoded: {}", base64::encode(&message)); - let encrypted_message = scell_pw.encrypt(&message)?; + let encrypted_message = scell_pw.encrypt(message)?; println!("Encrypted: {}", base64::encode(&encrypted_message)); let decrypted_message = scell_pw.decrypt(&encrypted_message)?; @@ -64,7 +64,7 @@ fn main() -> themis::Result<()> { println!("Encoded: {}", base64::encode(&message)); - let (encrypted_message, auth_token) = scell_tp.encrypt(&message)?; + let (encrypted_message, auth_token) = scell_tp.encrypt(message)?; println!("Encrypted: {}", base64::encode(&encrypted_message)); println!("Auth token: {}", base64::encode(&auth_token)); @@ -81,10 +81,10 @@ fn main() -> themis::Result<()> { println!("Encoded: {}", base64::encode(&message)); - let encrypted_message = scell_ci.encrypt_with_context(&message, &context)?; + let encrypted_message = scell_ci.encrypt_with_context(message, context)?; println!("Encrypted: {}", base64::encode(&encrypted_message)); - let decrypted_message = scell_ci.decrypt_with_context(&encrypted_message, &context)?; + let decrypted_message = scell_ci.decrypt_with_context(&encrypted_message, context)?; println!("Decrypted: {}", as_str(&decrypted_message)); assert_eq!(decrypted_message, message); } diff --git a/docs/examples/rust/secure_message_client_encrypt.rs b/docs/examples/rust/secure_message_client_encrypt.rs index b79903ede..1a41fb941 100644 --- a/docs/examples/rust/secure_message_client_encrypt.rs +++ b/docs/examples/rust/secure_message_client_encrypt.rs @@ -51,7 +51,7 @@ fn main() { let key_pair = KeyPair::try_join(private_key, public_key).expect("matching keys"); let socket = UdpSocket::bind("localhost:0").expect("client socket"); - socket.connect(&remote_addr).expect("client connection"); + socket.connect(remote_addr).expect("client connection"); let receive_socket = socket; let relay_socket = receive_socket.try_clone().unwrap(); diff --git a/docs/examples/rust/secure_message_client_verify.rs b/docs/examples/rust/secure_message_client_verify.rs index 3144aabfc..e4e774d1e 100644 --- a/docs/examples/rust/secure_message_client_verify.rs +++ b/docs/examples/rust/secure_message_client_verify.rs @@ -49,7 +49,7 @@ fn main() { let public_key = PublicKey::try_from_slice(public_key).expect("parse public key"); let socket = UdpSocket::bind("localhost:0").expect("client socket"); - socket.connect(&remote_addr).expect("client connection"); + socket.connect(remote_addr).expect("client connection"); let receive_socket = socket; let relay_socket = receive_socket.try_clone().unwrap(); diff --git a/docs/examples/rust/secure_message_server.rs b/docs/examples/rust/secure_message_server.rs index 9e3d52350..f34ef3ad5 100644 --- a/docs/examples/rust/secure_message_server.rs +++ b/docs/examples/rust/secure_message_server.rs @@ -36,7 +36,7 @@ fn main() { let port = matches.value_of("port").unwrap_or("7573").parse().unwrap(); let listen_addr = SocketAddr::new([0; 16].into(), port); - let socket = UdpSocket::bind(&listen_addr).expect("server listen"); + let socket = UdpSocket::bind(listen_addr).expect("server listen"); let mut peers = HashSet::new(); let mut process_message = || -> io::Result<()> { let (message, sender) = recv_from(&socket)?; diff --git a/docs/examples/rust/secure_session_echo_client.rs b/docs/examples/rust/secure_session_echo_client.rs index 3af94f867..21ac4284a 100644 --- a/docs/examples/rust/secure_session_echo_client.rs +++ b/docs/examples/rust/secure_session_echo_client.rs @@ -64,9 +64,9 @@ fn main() { info!("connecting to {:?}", remote_addr); - let mut socket = TcpStream::connect(&remote_addr).expect("client connection"); + let mut socket = TcpStream::connect(remote_addr).expect("client connection"); - let mut session = SecureSession::new(&CLIENT_ID, &CLIENT_PRIVATE, ExpectServer) + let mut session = SecureSession::new(CLIENT_ID, &CLIENT_PRIVATE, ExpectServer) .expect("Secure Session client"); let mut buffer = [0; MAX_MESSAGE_SIZE]; @@ -75,7 +75,7 @@ fn main() { loop { let reply = read_framed(&mut socket, &mut buffer).expect("receive reply"); - let response = session.negotiate_reply(&reply).expect("negotiate"); + let response = session.negotiate_reply(reply).expect("negotiate"); if session.is_established() { break; } @@ -95,7 +95,7 @@ fn main() { write_framed(&mut socket, &message).expect("write to socket"); let reply = read_framed(&mut socket, &mut buffer).expect("read from socket"); - let reply = session.unwrap(&reply).expect("unwrap incoming"); + let reply = session.unwrap(reply).expect("unwrap incoming"); io::stdout().write_all(&reply).expect("write to stdout"); } diff --git a/docs/examples/rust/secure_session_echo_server.rs b/docs/examples/rust/secure_session_echo_server.rs index 8286bcb0f..bce945820 100644 --- a/docs/examples/rust/secure_session_echo_server.rs +++ b/docs/examples/rust/secure_session_echo_server.rs @@ -105,7 +105,7 @@ fn main() { .expect("valid port"); let listen_addr = SocketAddr::new([0; 16].into(), port); - let listen_socket = TcpListener::bind(&listen_addr).expect("server listen"); + let listen_socket = TcpListener::bind(listen_addr).expect("server listen"); info!("listening on port {}", port); @@ -123,7 +123,7 @@ fn main() { info!("{:?}: connected", client_address); let transport = SocketTransport::new(client); - let mut session = SecureSession::new(&SERVER_ID, &SERVER_PRIVATE, transport) + let mut session = SecureSession::new(SERVER_ID, &SERVER_PRIVATE, transport) .expect("Secure Session server"); while !session.is_established() { diff --git a/jni/themis_jni.mk b/jni/themis_jni.mk index 3f912cf26..28b8ca40e 100644 --- a/jni/themis_jni.mk +++ b/jni/themis_jni.mk @@ -53,7 +53,7 @@ endif $(OBJ_PATH)/jni/%: CFLAGS += $(jvm_includes) -$(BIN_PATH)/$(LIBTHEMISJNI_SO): CMD = $(CC) -shared -o $@ $(filter %.o %.a, $^) $(LDFLAGS) -lthemis +$(BIN_PATH)/$(LIBTHEMISJNI_SO): CMD = $(CC) -shared -o $@ $(filter %.o %.a, $^) $(LDFLAGS) -lthemis $(ADDITIONAL_LDFLAGS) $(BIN_PATH)/$(LIBTHEMISJNI_SO): $(THEMIS_JNI_OBJ) $(BIN_PATH)/$(LIBTHEMIS_SO) @mkdir -p $(@D) diff --git a/src/soter/soter.mk b/src/soter/soter.mk index 14cc831c6..fbc0ae936 100644 --- a/src/soter/soter.mk +++ b/src/soter/soter.mk @@ -78,15 +78,28 @@ $(BIN_PATH)/$(LIBSOTER_A): $(SOTER_OBJ) $(SOTER_ENGINE_DEPS) @echo -n "link " @$(BUILD_CMD) -$(BIN_PATH)/$(LIBSOTER_SO): CMD = $(CC) -shared -o $@ $(filter %.o %a, $^) $(LDFLAGS) $(CRYPTO_ENGINE_LDFLAGS) $(LIBSOTER_SO_LDFLAGS) +$(BIN_PATH)/$(LIBSOTER_SO): CMD = $(CC) -shared -o $@ $(filter %.o %a, $^) $(LDFLAGS) $(CRYPTO_ENGINE_LDFLAGS) $(ADDITIONAL_LDFLAGS) $(LIBSOTER_SO_LDFLAGS) $(BIN_PATH)/$(LIBSOTER_SO): $(SOTER_OBJ) $(SOTER_ENGINE_DEPS) @mkdir -p $(@D) +ifneq ($(VERBOSE),) + @echo "LDFLAGS=$(LDFLAGS)" + @echo "CRYPTO_ENGINE_LDFLAGS=$(CRYPTO_ENGINE_LDFLAGS)" + @echo "ADDITIONAL_LDFLAGS=$(ADDITIONAL_LDFLAGS)" + @echo "LIBSOTER_SO_LDFLAGS=$(LIBSOTER_SO_LDFLAGS)" +endif @echo -n "link " @$(BUILD_CMD) ifneq ($(LIBSOTER_SO),$(LIBSOTER_LINK)) @ln -sf $(LIBSOTER_SO) $(BIN_PATH)/$(LIBSOTER_LINK) endif +ifneq ($(VERBOSE),) +ifdef IS_MACOS + -otool -L "$@" +else + -ldd "$@" +endif +endif $(BIN_PATH)/libsoter.pc: @mkdir -p $(BIN_PATH) diff --git a/src/themis/themis.mk b/src/themis/themis.mk index aeba63c16..e32949977 100644 --- a/src/themis/themis.mk +++ b/src/themis/themis.mk @@ -62,7 +62,7 @@ $(BIN_PATH)/$(LIBTHEMIS_A): $(THEMIS_OBJ) @echo -n "link " @$(BUILD_CMD) -$(BIN_PATH)/$(LIBTHEMIS_SO): CMD = $(CC) -shared -o $@ $(filter %.o %.a, $^) $(LDFLAGS) -lsoter $(LIBTHEMIS_SO_LDFLAGS) +$(BIN_PATH)/$(LIBTHEMIS_SO): CMD = $(CC) -shared -o $@ $(filter %.o %.a, $^) $(LDFLAGS) -lsoter $(ADDITIONAL_LDFLAGS) $(LIBTHEMIS_SO_LDFLAGS) $(BIN_PATH)/$(LIBTHEMIS_SO): $(BIN_PATH)/$(LIBSOTER_SO) $(THEMIS_OBJ) @mkdir -p $(@D) @@ -71,6 +71,13 @@ $(BIN_PATH)/$(LIBTHEMIS_SO): $(BIN_PATH)/$(LIBSOTER_SO) $(THEMIS_OBJ) ifneq ($(LIBTHEMIS_SO),$(LIBTHEMIS_LINK)) @ln -sf $(LIBTHEMIS_SO) $(BIN_PATH)/$(LIBTHEMIS_LINK) endif +ifneq ($(VERBOSE),) +ifdef IS_MACOS + -otool -L "$@" +else + -ldd "$@" +endif +endif $(BIN_PATH)/libthemis.pc: @mkdir -p $(BIN_PATH) diff --git a/src/wrappers/themis/rust/Cargo.toml b/src/wrappers/themis/rust/Cargo.toml index f3b819a76..b1a8d5ea2 100644 --- a/src/wrappers/themis/rust/Cargo.toml +++ b/src/wrappers/themis/rust/Cargo.toml @@ -2,7 +2,7 @@ name = "themis" version = "0.15.0" edition = "2018" -rust-version = "1.58.0" +rust-version = "1.60.0" authors = ["rust-themis developers"] description = "High-level cryptographic services for storage and messaging" homepage = "https://www.cossacklabs.com/themis/" @@ -29,10 +29,18 @@ bindings = { package = "libthemis-sys", path = "libthemis-sys", version = "0.15. zeroize = "1" [dev-dependencies] -base64 = "0.10.0" -byteorder = "1.2.7" -clap = "2.32" -lazy_static = "1.2.0" -# it can be unpinned when we update the minimum supported version of rustc -log = "=0.4.18" -env_logger = "0.6.0" +# Freeze byteorder, log so that tests still build/run with Rust 1.60. +# Other crates are frozen in hope to avoid more problems in future, where something updates +# and requires newer toolchain version compared to what we require for RustThemis. +# FIXME: remove/update strict version requirement after we bump minimum required Rust version +base64 = "=0.10.1" +byteorder = "=1.4.3" +clap = "=2.34.0" +lazy_static = "=1.4.0" +log = "=0.4.17" +env_logger = "=0.6.2" + +# These are not used in themis tests, but are rather dependencies of dev-dependencies listed above. +# Specifying exact versions so that tests could build/run on Rust 1.60. +regex = "=1.9.5" +memchr = "=2.6.1" diff --git a/src/wrappers/themis/rust/libthemis-sys/Cargo.toml b/src/wrappers/themis/rust/libthemis-sys/Cargo.toml index c37f50aac..5ea879b35 100644 --- a/src/wrappers/themis/rust/libthemis-sys/Cargo.toml +++ b/src/wrappers/themis/rust/libthemis-sys/Cargo.toml @@ -2,7 +2,7 @@ name = "libthemis-sys" version = "0.15.0" edition = "2018" -rust-version = "1.58.0" +rust-version = "1.60.0" authors = ["rust-themis developers"] description = "FFI binding to libthemis" homepage = "https://www.cossacklabs.com/themis/" diff --git a/src/wrappers/themis/rust/src/secure_cell.rs b/src/wrappers/themis/rust/src/secure_cell.rs index 5564e5629..06bd5038d 100644 --- a/src/wrappers/themis/rust/src/secure_cell.rs +++ b/src/wrappers/themis/rust/src/secure_cell.rs @@ -358,7 +358,7 @@ impl SecureCellSeal { /// # } /// ``` pub fn encrypt(&self, message: impl AsRef<[u8]>) -> Result> { - self.encrypt_with_context(message, &[]) + self.encrypt_with_context(message, []) } /// Encrypts the provided message with associated context. @@ -501,7 +501,7 @@ impl SecureCellSeal { /// # } /// ``` pub fn decrypt(&self, message: impl AsRef<[u8]>) -> Result> { - self.decrypt_with_context(message, &[]) + self.decrypt_with_context(message, []) } /// Decrypts the provided message with associated context. @@ -689,7 +689,7 @@ impl SecureCellSealWithPassphrase { /// # } /// ``` pub fn encrypt(&self, message: impl AsRef<[u8]>) -> Result> { - self.encrypt_with_context(message, &[]) + self.encrypt_with_context(message, []) } /// Encrypts the provided message with associated context. @@ -822,7 +822,7 @@ impl SecureCellSealWithPassphrase { /// # } /// ``` pub fn decrypt(&self, message: impl AsRef<[u8]>) -> Result> { - self.decrypt_with_context(message, &[]) + self.decrypt_with_context(message, []) } /// Decrypts the provided message with associated context. @@ -1225,7 +1225,7 @@ impl SecureCellTokenProtect { /// # } /// ``` pub fn encrypt(&self, message: impl AsRef<[u8]>) -> Result<(Vec, Vec)> { - self.encrypt_with_context(message, &[]) + self.encrypt_with_context(message, []) } /// Encrypts the provided message with associated context. @@ -1393,7 +1393,7 @@ impl SecureCellTokenProtect { /// # } /// ``` pub fn decrypt(&self, message: impl AsRef<[u8]>, token: impl AsRef<[u8]>) -> Result> { - self.decrypt_with_context(message, token, &[]) + self.decrypt_with_context(message, token, []) } /// Decrypts the provided message with associated context. diff --git a/src/wrappers/themis/wasm/emscripten/VERSION b/src/wrappers/themis/wasm/emscripten/VERSION index 4a36342fc..e1ace7c6e 100644 --- a/src/wrappers/themis/wasm/emscripten/VERSION +++ b/src/wrappers/themis/wasm/emscripten/VERSION @@ -1 +1 @@ -3.0.0 +3.1.47 diff --git a/src/wrappers/themis/wasm/emscripten/exported_functions.json b/src/wrappers/themis/wasm/emscripten/exported_functions.json new file mode 100644 index 000000000..8beb22d93 --- /dev/null +++ b/src/wrappers/themis/wasm/emscripten/exported_functions.json @@ -0,0 +1 @@ +["_malloc", "_free"] diff --git a/src/wrappers/themis/wasm/wasmthemis.mk b/src/wrappers/themis/wasm/wasmthemis.mk index 9232ee6bd..910f85a99 100644 --- a/src/wrappers/themis/wasm/wasmthemis.mk +++ b/src/wrappers/themis/wasm/wasmthemis.mk @@ -19,8 +19,9 @@ WASM_PATH = src/wrappers/themis/wasm WASM_SRC += $(WASM_PATH)/package.json WASM_SRC += $(wildcard $(WASM_PATH)/src/*.js) -WASM_RUNTIME = $(abspath $(WASM_PATH)/emscripten/runtime_exports.json) -WASM_PRE_JS = $(abspath $(WASM_PATH)/emscripten/pre.js) +WASM_RUNTIME = $(abspath $(WASM_PATH)/emscripten/runtime_exports.json) +WASM_PRE_JS = $(abspath $(WASM_PATH)/emscripten/pre.js) +WASM_EXPORTED_FUNCTIONS = $(abspath $(WASM_PATH)/emscripten/exported_functions.json) WASM_PACKAGE = $(BIN_PATH)/wasm-themis.tgz @@ -28,6 +29,7 @@ $(BIN_PATH)/libthemis.js: LDFLAGS += -s EXPORTED_RUNTIME_METHODS=@$(WASM_RUNTIME $(BIN_PATH)/libthemis.js: LDFLAGS += -s ALLOW_TABLE_GROWTH $(BIN_PATH)/libthemis.js: LDFLAGS += -s MODULARIZE=1 $(BIN_PATH)/libthemis.js: LDFLAGS += -s ALLOW_MEMORY_GROWTH=1 +$(BIN_PATH)/libthemis.js: LDFLAGS += -s EXPORTED_FUNCTIONS=@$(WASM_EXPORTED_FUNCTIONS) # FIXME(ilammy, 2020-11-29): rely in EMSCRIPTEN_KEEPALIVE instead of LINKABLE # For some reason existing EMSCRIPTEN_KEEPALIVE macros do not work and without # LINKABLE flag wasm-ld ends up stripping *all* Themis functions from "*.wasm" diff --git a/tests/rust/keys.rs b/tests/rust/keys.rs index 32884dc81..0fdb52281 100644 --- a/tests/rust/keys.rs +++ b/tests/rust/keys.rs @@ -64,10 +64,10 @@ fn parse_generated_keys_back() { #[test] fn parse_invalid_buffers() { - let error = EcdsaPublicKey::try_from_slice(&[1, 2, 3]).expect_err("parse failure"); + let error = EcdsaPublicKey::try_from_slice([1, 2, 3]).expect_err("parse failure"); assert_eq!(error.kind(), ErrorKind::InvalidParameter); - let error = RsaPrivateKey::try_from_slice(&[]).expect_err("parse failure"); + let error = RsaPrivateKey::try_from_slice([]).expect_err("parse failure"); assert_eq!(error.kind(), ErrorKind::InvalidParameter); } @@ -105,6 +105,6 @@ fn parse_generated_symmetric_keys_back() { #[test] fn parse_custom_symmetric_keys() { - assert!(SymmetricKey::try_from_slice(&[0]).is_ok()); - assert!(SymmetricKey::try_from_slice(&[]).is_err()); + assert!(SymmetricKey::try_from_slice([0]).is_ok()); + assert!(SymmetricKey::try_from_slice([]).is_err()); } diff --git a/tests/rust/secure_cell.rs b/tests/rust/secure_cell.rs index c455f4987..e0d2af18e 100644 --- a/tests/rust/secure_cell.rs +++ b/tests/rust/secure_cell.rs @@ -23,7 +23,7 @@ mod context_imprint { #[test] fn initialization() { assert!(SecureCell::with_key(SymmetricKey::new()).is_ok()); - assert!(SecureCell::with_key(&[]).is_err()); + assert!(SecureCell::with_key([]).is_err()); } #[test] @@ -34,8 +34,8 @@ mod context_imprint { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context).unwrap(); - let decrypted = cell.decrypt_with_context(&encrypted, &context).unwrap(); + let encrypted = cell.encrypt_with_context(message, context).unwrap(); + let decrypted = cell.decrypt_with_context(encrypted, context).unwrap(); assert_eq!(decrypted, message); } @@ -48,7 +48,7 @@ mod context_imprint { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context).unwrap(); + let encrypted = cell.encrypt_with_context(message, context).unwrap(); assert_eq!(encrypted.len(), message.len()); } @@ -63,8 +63,8 @@ mod context_imprint { let context_long = b"Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo".as_ref(); - let encrypted_short = cell.encrypt_with_context(&message, &context_short).unwrap(); - let encrypted_long = cell.encrypt_with_context(&message, &context_long).unwrap(); + let encrypted_short = cell.encrypt_with_context(message, context_short).unwrap(); + let encrypted_long = cell.encrypt_with_context(message, context_long).unwrap(); // Context is not (directly) included into encrypted message. assert_eq!(encrypted_short.len(), encrypted_long.len()); @@ -81,16 +81,16 @@ mod context_imprint { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let encrypted = cell_a.encrypt_with_context(&message, &context).unwrap(); + let encrypted = cell_a.encrypt_with_context(message, context).unwrap(); // Context Imprint mode does not validate message data so using an incorrect key // will successfully return garbage output. - let decrypted_incorrect = cell_b.decrypt_with_context(&encrypted, &context).unwrap(); + let decrypted_incorrect = cell_b.decrypt_with_context(&encrypted, context).unwrap(); assert_ne!(decrypted_incorrect, message); assert_ne!(decrypted_incorrect, encrypted); // Only the correct key will work. - let decrypted_correct = cell_a.decrypt_with_context(&encrypted, &context).unwrap(); + let decrypted_correct = cell_a.decrypt_with_context(&encrypted, context).unwrap(); assert_eq!(decrypted_correct, message); } @@ -103,16 +103,16 @@ mod context_imprint { let context_a = b"The jaws that bite, the claws that catch!".as_ref(); let context_b = b"One, two! One, two! And through and through".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context_a).unwrap(); + let encrypted = cell.encrypt_with_context(message, context_a).unwrap(); // Context Imprint mode does not validate message data so using an incorrect context // will successfully return garbage output. - let decrypted_incorrect = cell.decrypt_with_context(&encrypted, &context_b).unwrap(); + let decrypted_incorrect = cell.decrypt_with_context(&encrypted, context_b).unwrap(); assert_ne!(decrypted_incorrect, message); assert_ne!(decrypted_incorrect, encrypted); // Only the correct context will work. - let decrypted_correct = cell.decrypt_with_context(&encrypted, &context_a).unwrap(); + let decrypted_correct = cell.decrypt_with_context(&encrypted, context_a).unwrap(); assert_eq!(decrypted_correct, message); } @@ -124,7 +124,7 @@ mod context_imprint { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context).unwrap(); + let encrypted = cell.encrypt_with_context(message, context).unwrap(); // Invert every odd byte, this will surely break the message. let mut corrupted = encrypted; @@ -135,7 +135,7 @@ mod context_imprint { } // Decrypts successfully but the content is garbage. - let decrypted = cell.decrypt_with_context(&corrupted, &context).unwrap(); + let decrypted = cell.decrypt_with_context(&corrupted, context).unwrap(); assert_ne!(decrypted, message); } @@ -147,12 +147,12 @@ mod context_imprint { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context).unwrap(); + let encrypted = cell.encrypt_with_context(message, context).unwrap(); let truncated = &encrypted[..encrypted.len() - 1]; // Decrypts successfully but the content is garbage. - let decrypted = cell.decrypt_with_context(&truncated, &context).unwrap(); + let decrypted = cell.decrypt_with_context(truncated, context).unwrap(); assert_ne!(decrypted, message); } @@ -164,13 +164,13 @@ mod context_imprint { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context).unwrap(); + let encrypted = cell.encrypt_with_context(message, context).unwrap(); let mut extended = encrypted; extended.push(0); // Decrypts successfully but the content is garbage. - let decrypted = cell.decrypt_with_context(&extended, &context).unwrap(); + let decrypted = cell.decrypt_with_context(&extended, context).unwrap(); assert_ne!(decrypted, message); } @@ -183,11 +183,11 @@ mod context_imprint { let context = b"...and a toilet seat cover!".as_ref(); // With Context Imprint the context cannot be empty. - assert!(cell.encrypt_with_context(&message, &[]).is_err()); - assert!(cell.encrypt_with_context(&[], &context).is_err()); + assert!(cell.encrypt_with_context(message, []).is_err()); + assert!(cell.encrypt_with_context([], context).is_err()); - assert!(cell.decrypt_with_context(&message, &[]).is_err()); - assert!(cell.decrypt_with_context(&[], &context).is_err()); + assert!(cell.decrypt_with_context(message, []).is_err()); + assert!(cell.decrypt_with_context([], context).is_err()); } } @@ -197,7 +197,7 @@ mod seal { #[test] fn initialization() { assert!(SecureCell::with_key(SymmetricKey::new()).is_ok()); - assert!(SecureCell::with_key(&[]).is_err()); + assert!(SecureCell::with_key([]).is_err()); } #[test] @@ -206,8 +206,8 @@ mod seal { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context).unwrap(); - let decrypted = cell.decrypt_with_context(&encrypted, &context).unwrap(); + let encrypted = cell.encrypt_with_context(message, context).unwrap(); + let decrypted = cell.decrypt_with_context(encrypted, context).unwrap(); assert_eq!(decrypted, message); } @@ -217,7 +217,7 @@ mod seal { let cell = SecureCell::with_key(SymmetricKey::new()).unwrap().seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell.encrypt(&message).unwrap(); + let encrypted = cell.encrypt(message).unwrap(); assert!(encrypted.len() > message.len()); } @@ -230,8 +230,8 @@ mod seal { let context_long = b"Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo".as_ref(); - let encrypted_short = cell.encrypt_with_context(&message, &context_short).unwrap(); - let encrypted_long = cell.encrypt_with_context(&message, &context_long).unwrap(); + let encrypted_short = cell.encrypt_with_context(message, context_short).unwrap(); + let encrypted_long = cell.encrypt_with_context(message, context_long).unwrap(); // Context is not (directly) included into encrypted message. assert_eq!(encrypted_short.len(), encrypted_long.len()); @@ -243,18 +243,18 @@ mod seal { let message = b"Colorless green ideas sleep furiously".as_ref(); // encrypt(...) is encrypt_with_context(..., &[]) - let encrypted_1 = cell.encrypt(&message).unwrap(); - let encrypted_2 = cell.encrypt_with_context(&message, &[]).unwrap(); + let encrypted_1 = cell.encrypt(message).unwrap(); + let encrypted_2 = cell.encrypt_with_context(message, []).unwrap(); assert_eq!(cell.decrypt(&encrypted_1), Ok(message.to_vec())); assert_eq!(cell.decrypt(&encrypted_2), Ok(message.to_vec())); assert_eq!( - cell.decrypt_with_context(&encrypted_1, &[]), + cell.decrypt_with_context(&encrypted_1, []), Ok(message.to_vec()) ); assert_eq!( - cell.decrypt_with_context(&encrypted_2, &[]), + cell.decrypt_with_context(&encrypted_2, []), Ok(message.to_vec()) ); } @@ -265,7 +265,7 @@ mod seal { let cell_b = SecureCell::with_key(SymmetricKey::new()).unwrap().seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell_a.encrypt(&message).unwrap(); + let encrypted = cell_a.encrypt(message).unwrap(); // You cannot use a different key to decrypt data. assert!(cell_b.decrypt(&encrypted).is_err()); @@ -282,13 +282,13 @@ mod seal { let context_a = b"The jaws that bite, the claws that catch!".as_ref(); let context_b = b"One, two! One, two! And through and through".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context_a).unwrap(); + let encrypted = cell.encrypt_with_context(message, context_a).unwrap(); // You cannot use a different context to decrypt data. - assert!(cell.decrypt_with_context(&encrypted, &context_b).is_err()); + assert!(cell.decrypt_with_context(&encrypted, context_b).is_err()); // Only the correct context will work. - let decrypted = cell.decrypt_with_context(&encrypted, &context_a).unwrap(); + let decrypted = cell.decrypt_with_context(&encrypted, context_a).unwrap(); assert_eq!(decrypted, message); } @@ -297,7 +297,7 @@ mod seal { let cell = SecureCell::with_key(SymmetricKey::new()).unwrap().seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell.encrypt(&message).unwrap(); + let encrypted = cell.encrypt(message).unwrap(); // Invert every odd byte, this will surely break the message. let mut corrupted = encrypted; @@ -315,7 +315,7 @@ mod seal { let cell = SecureCell::with_key(SymmetricKey::new()).unwrap().seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell.encrypt(&message).unwrap(); + let encrypted = cell.encrypt(message).unwrap(); let truncated = &encrypted[..encrypted.len() - 1]; @@ -327,7 +327,7 @@ mod seal { let cell = SecureCell::with_key(SymmetricKey::new()).unwrap().seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell.encrypt(&message).unwrap(); + let encrypted = cell.encrypt(message).unwrap(); let mut extended = encrypted; extended.push(0); @@ -339,8 +339,8 @@ mod seal { fn empty_messages_not_allowed() { let cell = SecureCell::with_key(SymmetricKey::new()).unwrap().seal(); - assert!(cell.encrypt(&[]).is_err()); - assert!(cell.decrypt(&[]).is_err()); + assert!(cell.encrypt([]).is_err()); + assert!(cell.decrypt([]).is_err()); } } @@ -361,8 +361,8 @@ mod seal_with_passphrase { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context).unwrap(); - let decrypted = cell.decrypt_with_context(&encrypted, &context).unwrap(); + let encrypted = cell.encrypt_with_context(message, context).unwrap(); + let decrypted = cell.decrypt_with_context(encrypted, context).unwrap(); assert_eq!(decrypted, message); } @@ -374,7 +374,7 @@ mod seal_with_passphrase { .seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell.encrypt(&message).unwrap(); + let encrypted = cell.encrypt(message).unwrap(); assert!(encrypted.len() > message.len()); } @@ -389,8 +389,8 @@ mod seal_with_passphrase { let context_long = b"Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo".as_ref(); - let encrypted_short = cell.encrypt_with_context(&message, &context_short).unwrap(); - let encrypted_long = cell.encrypt_with_context(&message, &context_long).unwrap(); + let encrypted_short = cell.encrypt_with_context(message, context_short).unwrap(); + let encrypted_long = cell.encrypt_with_context(message, context_long).unwrap(); // Context is not (directly) included into encrypted message. assert_eq!(encrypted_short.len(), encrypted_long.len()); @@ -404,18 +404,18 @@ mod seal_with_passphrase { let message = b"Colorless green ideas sleep furiously".as_ref(); // encrypt is encrypt_with_context(..., ) - let encrypted_1 = cell.encrypt(&message).unwrap(); - let encrypted_2 = cell.encrypt_with_context(&message, &[]).unwrap(); + let encrypted_1 = cell.encrypt(message).unwrap(); + let encrypted_2 = cell.encrypt_with_context(message, []).unwrap(); assert_eq!(cell.decrypt(&encrypted_1), Ok(message.to_vec())); assert_eq!(cell.decrypt(&encrypted_2), Ok(message.to_vec())); assert_eq!( - cell.decrypt_with_context(&encrypted_1, &[]), + cell.decrypt_with_context(&encrypted_1, []), Ok(message.to_vec()) ); assert_eq!( - cell.decrypt_with_context(&encrypted_2, &[]), + cell.decrypt_with_context(&encrypted_2, []), Ok(message.to_vec()) ); } @@ -430,7 +430,7 @@ mod seal_with_passphrase { .seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell_a.encrypt(&message).unwrap(); + let encrypted = cell_a.encrypt(message).unwrap(); // You cannot use a different passphrase to decrypt data. assert!(cell_b.decrypt(&encrypted).is_err()); @@ -449,13 +449,13 @@ mod seal_with_passphrase { let context_a = b"The jaws that bite, the claws that catch!".as_ref(); let context_b = b"One, two! One, two! And through and through".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context_a).unwrap(); + let encrypted = cell.encrypt_with_context(message, context_a).unwrap(); // You cannot use a different context to decrypt data. - assert!(cell.decrypt_with_context(&encrypted, &context_b).is_err()); + assert!(cell.decrypt_with_context(&encrypted, context_b).is_err()); // Only the correct context will work. - let decrypted = cell.decrypt_with_context(&encrypted, &context_a).unwrap(); + let decrypted = cell.decrypt_with_context(&encrypted, context_a).unwrap(); assert_eq!(decrypted, message); } @@ -466,7 +466,7 @@ mod seal_with_passphrase { .seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell.encrypt(&message).unwrap(); + let encrypted = cell.encrypt(message).unwrap(); // Invert every odd byte, this will surely break the message. let mut corrupted = encrypted; @@ -486,7 +486,7 @@ mod seal_with_passphrase { .seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell.encrypt(&message).unwrap(); + let encrypted = cell.encrypt(message).unwrap(); let truncated = &encrypted[..encrypted.len() - 1]; @@ -500,7 +500,7 @@ mod seal_with_passphrase { .seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell.encrypt(&message).unwrap(); + let encrypted = cell.encrypt(message).unwrap(); let mut extended = encrypted; extended.push(0); @@ -514,8 +514,8 @@ mod seal_with_passphrase { .unwrap() .seal(); - assert!(cell.encrypt(&[]).is_err()); - assert!(cell.decrypt(&[]).is_err()); + assert!(cell.encrypt([]).is_err()); + assert!(cell.decrypt([]).is_err()); } #[test] @@ -526,11 +526,11 @@ mod seal_with_passphrase { let message = b"Colorless green ideas sleep furiously".as_ref(); // Passphrases are not keys, keys are not passphrases. - let encrypted_mk = cell_mk.encrypt(&message).unwrap(); - assert!(cell_pw.decrypt(&encrypted_mk).is_err()); + let encrypted_mk = cell_mk.encrypt(message).unwrap(); + assert!(cell_pw.decrypt(encrypted_mk).is_err()); - let encrypted_pw = cell_pw.encrypt(&message).unwrap(); - assert!(cell_mk.decrypt(&encrypted_pw).is_err()); + let encrypted_pw = cell_pw.encrypt(message).unwrap(); + assert!(cell_mk.decrypt(encrypted_pw).is_err()); } #[test] @@ -542,8 +542,8 @@ mod seal_with_passphrase { .seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell_a.encrypt(&message).unwrap(); - let decrypted = cell_b.decrypt(&encrypted).unwrap(); + let encrypted = cell_a.encrypt(message).unwrap(); + let decrypted = cell_b.decrypt(encrypted).unwrap(); assert_eq!(decrypted, message); } @@ -558,7 +558,7 @@ mod seal_with_passphrase { // Message encrypted by PyThemis let encrypted = b"\x00\x01\x01\x41\x0C\x00\x00\x00\x10\x00\x00\x00\x25\x00\x00\x00\x16\x00\x00\x00\x78\x98\x93\x12\xC9\x60\x1E\x22\xD7\xCB\x47\x06\xC9\xEC\x46\xB5\xB5\x9A\xFC\xC8\x3F\x06\x8F\x5B\xBE\x9F\x66\xA6\x40\x0D\x03\x00\x10\x00\x1C\x6D\x16\xFF\x39\xB9\x13\xDF\xC4\x41\x56\x31\x17\xF3\xC4\x05\x28\x15\x13\xA6\x74\x29\x0B\xF0\x5A\xFB\xAC\xD9\x79\x35\x7E\xBA\xD0\x8F\x8C\xA6\x9E\x4E\x83\x2A\x12\xBA\xC7\x59\xAA\xF6\xDF\x62\x8E\xCE\x31\x7C\xCF".as_ref(); - let decrypted = cell.decrypt(&encrypted).unwrap(); + let decrypted = cell.decrypt(encrypted).unwrap(); assert_eq!(decrypted, message); } @@ -570,7 +570,7 @@ mod token_protect { #[test] fn initialization() { assert!(SecureCell::with_key(SymmetricKey::new()).is_ok()); - assert!(SecureCell::with_key(&[]).is_err()); + assert!(SecureCell::with_key([]).is_err()); } #[test] @@ -581,9 +581,9 @@ mod token_protect { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let (encrypted, token) = cell.encrypt_with_context(&message, &context).unwrap(); + let (encrypted, token) = cell.encrypt_with_context(message, context).unwrap(); let decrypted = cell - .decrypt_with_context(&encrypted, &token, &context) + .decrypt_with_context(encrypted, token, context) .unwrap(); assert_eq!(decrypted, message); @@ -596,7 +596,7 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); assert_eq!(encrypted.len(), message.len()); assert!(!token.is_empty()); @@ -613,9 +613,9 @@ mod token_protect { b"Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo".as_ref(); let (encrypted_short, token_short) = - cell.encrypt_with_context(&message, &context_short).unwrap(); + cell.encrypt_with_context(message, context_short).unwrap(); let (encrypted_long, token_long) = - cell.encrypt_with_context(&message, &context_long).unwrap(); + cell.encrypt_with_context(message, context_long).unwrap(); // Context is not (directly) included into encrypted message. assert_eq!(encrypted_short.len(), encrypted_long.len()); @@ -630,18 +630,18 @@ mod token_protect { let message = b"Colorless green ideas sleep furiously".as_ref(); // encrypt(...) is encrypt_with_context(..., &[]) - let (encrypted_1, token_1) = cell.encrypt(&message).unwrap(); - let (encrypted_2, token_2) = cell.encrypt_with_context(&message, &[]).unwrap(); + let (encrypted_1, token_1) = cell.encrypt(message).unwrap(); + let (encrypted_2, token_2) = cell.encrypt_with_context(message, []).unwrap(); assert_eq!(cell.decrypt(&encrypted_1, &token_1), Ok(message.to_vec())); assert_eq!(cell.decrypt(&encrypted_2, &token_2), Ok(message.to_vec())); assert_eq!( - cell.decrypt_with_context(&encrypted_1, &token_1, &[]), + cell.decrypt_with_context(&encrypted_1, &token_1, []), Ok(message.to_vec()) ); assert_eq!( - cell.decrypt_with_context(&encrypted_2, &token_2, &[]), + cell.decrypt_with_context(&encrypted_2, &token_2, []), Ok(message.to_vec()) ); } @@ -656,7 +656,7 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell_a.encrypt(&message).unwrap(); + let (encrypted, token) = cell_a.encrypt(message).unwrap(); // You cannot use a different key to decrypt data. assert!(cell_b.decrypt(&encrypted, &token).is_err()); @@ -673,8 +673,8 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted_1, token_1) = cell.encrypt(&message).unwrap(); - let (encrypted_2, token_2) = cell.encrypt(&message).unwrap(); + let (encrypted_1, token_1) = cell.encrypt(message).unwrap(); + let (encrypted_2, token_2) = cell.encrypt(message).unwrap(); // You cannot use a different token to decrypt data, even the same original data. assert!(cell.decrypt(&encrypted_1, &token_2).is_err()); @@ -696,16 +696,16 @@ mod token_protect { let context_a = b"The jaws that bite, the claws that catch!".as_ref(); let context_b = b"One, two! One, two! And through and through".as_ref(); - let (encrypted, token) = cell.encrypt_with_context(&message, &context_a).unwrap(); + let (encrypted, token) = cell.encrypt_with_context(message, context_a).unwrap(); // You cannot use a different context to decrypt data. assert!(cell - .decrypt_with_context(&encrypted, &token, &context_b) + .decrypt_with_context(&encrypted, &token, context_b) .is_err()); // Only the correct context will work. let decrypted = cell - .decrypt_with_context(&encrypted, &token, &context_a) + .decrypt_with_context(&encrypted, &token, context_a) .unwrap(); assert_eq!(decrypted, message); } @@ -717,7 +717,7 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); // Invert every odd byte, this will surely break the message. let mut corrupted_data = encrypted; @@ -727,7 +727,7 @@ mod token_protect { } } - assert!(cell.decrypt(&corrupted_data, &token).is_err()); + assert!(cell.decrypt(&corrupted_data, token).is_err()); } #[test] @@ -737,11 +737,11 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); let truncated_data = &encrypted[..encrypted.len() - 1]; - assert!(cell.decrypt(&truncated_data, &token).is_err()); + assert!(cell.decrypt(truncated_data, token).is_err()); } #[test] @@ -751,12 +751,12 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); let mut extended_data = encrypted; extended_data.push(0); - assert!(cell.decrypt(&extended_data, &token).is_err()); + assert!(cell.decrypt(&extended_data, token).is_err()); } #[test] @@ -771,7 +771,7 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); // Invert every odd byte, this will surely break the token. let mut corrupted_token = token; @@ -781,7 +781,7 @@ mod token_protect { } } - assert!(cell.decrypt(&encrypted, &corrupted_token).is_err()); + assert!(cell.decrypt(encrypted, &corrupted_token).is_err()); } #[test] @@ -791,11 +791,11 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); let truncated_token = &token[..token.len() - 1]; - assert!(cell.decrypt(&encrypted, &truncated_token).is_err()); + assert!(cell.decrypt(encrypted, truncated_token).is_err()); } #[test] @@ -805,14 +805,14 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); let mut extended_token = token; extended_token.push(0); // Current implementation of Secure Cell allows the token to be overlong. // Extra data is simply ignored. - let decrypted = cell.decrypt(&encrypted, &extended_token).unwrap(); + let decrypted = cell.decrypt(encrypted, &extended_token).unwrap(); assert_eq!(decrypted, message); } @@ -828,9 +828,9 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); - assert!(cell.decrypt(&token, &encrypted).is_err()); + assert!(cell.decrypt(token, encrypted).is_err()); } #[test] @@ -839,12 +839,12 @@ mod token_protect { .unwrap() .token_protect(); - assert!(cell.encrypt(&[]).is_err()); + assert!(cell.encrypt([]).is_err()); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); - assert!(cell.decrypt(&encrypted, &[]).is_err()); - assert!(cell.decrypt(&[], &token).is_err()); + assert!(cell.decrypt(encrypted, []).is_err()); + assert!(cell.decrypt([], token).is_err()); } } diff --git a/tests/rust/secure_message.rs b/tests/rust/secure_message.rs index 1713ad66e..bf6a4b7a2 100644 --- a/tests/rust/secure_message.rs +++ b/tests/rust/secure_message.rs @@ -23,8 +23,8 @@ fn mode_encrypt_decrypt() { let secure = SecureMessage::new(gen_rsa_key_pair()); let plaintext = b"test message please ignore"; - let encrypted = secure.encrypt(&plaintext).expect("encryption"); - let recovered_message = secure.decrypt(&encrypted).expect("decryption"); + let encrypted = secure.encrypt(plaintext).expect("encryption"); + let recovered_message = secure.decrypt(encrypted).expect("decryption"); assert_eq!(recovered_message, plaintext); } @@ -36,8 +36,8 @@ fn mode_sign_verify() { let verify = SecureVerify::new(public); let plaintext = b"test message please ignore"; - let signed_message = sign.sign(&plaintext).unwrap(); - let recovered_message = verify.verify(&signed_message).unwrap(); + let signed_message = sign.sign(plaintext).unwrap(); + let recovered_message = verify.verify(signed_message).unwrap(); assert_eq!(recovered_message, plaintext); } @@ -48,8 +48,8 @@ fn invalid_key() { let secure2 = SecureMessage::new(gen_ec_key_pair()); let plaintext = b"test message please ignore"; - let encrypted = secure1.encrypt(&plaintext).expect("encryption"); - let error = secure2.decrypt(&encrypted).expect_err("decryption error"); + let encrypted = secure1.encrypt(plaintext).expect("encryption"); + let error = secure2.decrypt(encrypted).expect_err("decryption error"); assert_eq!(error.kind(), ErrorKind::Fail); } @@ -62,7 +62,7 @@ fn corrupted_data() { // Using index "10" for example leads to a crash with SIGBUS, so Themis definitely // could use some audit because it does not really handle corrupted messages well. let plaintext = b"test message please ignore"; - let mut encrypted = secure.encrypt(&plaintext).expect("encryption"); + let mut encrypted = secure.encrypt(plaintext).expect("encryption"); encrypted[5] = !encrypted[5]; let error = secure.decrypt(&encrypted).expect_err("decryption error"); diff --git a/tests/rust/secure_session.rs b/tests/rust/secure_session.rs index ac8718fd3..7d4f6b94d 100644 --- a/tests/rust/secure_session.rs +++ b/tests/rust/secure_session.rs @@ -28,8 +28,8 @@ fn invalid_client_id() { let (private, _) = gen_ec_key_pair().split(); let transport = MockTransport::new(); - let error = SecureSession::new(&[], &private, transport) - .expect_err("construction with empty client ID"); + let error = + SecureSession::new([], &private, transport).expect_err("construction with empty client ID"); assert_eq!(error.kind(), ErrorKind::InvalidParameter); } @@ -43,8 +43,8 @@ fn no_transport() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); // The client and the server. let mut client = SecureSession::new(name_client, &private_client, transport_client) @@ -85,11 +85,11 @@ fn no_transport() { // Try sending a message back and forth. let plaintext = b"test message please ignore"; - let wrapped = client.wrap(&plaintext).expect("wrap 1 -> 2 message"); + let wrapped = client.wrap(plaintext).expect("wrap 1 -> 2 message"); let unwrapped = server.unwrap(&wrapped).expect("unwrap 1 -> 2 message"); assert_eq!(unwrapped, plaintext); - let wrapped = server.wrap(&plaintext).expect("wrap 2 -> 1 message"); + let wrapped = server.wrap(plaintext).expect("wrap 2 -> 1 message"); let unwrapped = client.unwrap(&wrapped).expect("unwrap 2 -> 1 message"); assert_eq!(unwrapped, plaintext); @@ -115,8 +115,8 @@ fn with_transport() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -140,7 +140,7 @@ fn with_transport() { // Try sending a message back and forth. let message = b"test message please ignore"; - client.send(&message).expect("send message"); + client.send(message).expect("send message"); let received = server.receive(1024).expect("receive message"); @@ -156,8 +156,8 @@ fn connection_state_reporting() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_server, &name_client, &public_client); - expect_peer(&mut transport_client, &name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); let state_client = monitor_state_changes(&mut transport_client); let state_server = monitor_state_changes(&mut transport_server); @@ -202,9 +202,9 @@ fn server_does_not_identify_client() { let mut transport_server = MockTransport::new(); expect_no_peers(&mut transport_server); - let mut client = SecureSession::new(&name_client, &private_client, transport_client) + let mut client = SecureSession::new(name_client, &private_client, transport_client) .expect("Secure Session client"); - let mut server = SecureSession::new(&name_server, &private_server, transport_server) + let mut server = SecureSession::new(name_server, &private_server, transport_server) .expect("Secure Session server"); let connect_request = client.connect_request().expect("connect request"); @@ -229,11 +229,11 @@ fn client_does_not_identify_server() { expect_no_peers(&mut transport_client); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_server, name_client, &public_client); - let mut client = SecureSession::new(&name_client, &private_client, transport_client) + let mut client = SecureSession::new(name_client, &private_client, transport_client) .expect("Secure Session client"); - let mut server = SecureSession::new(&name_server, &private_server, transport_server) + let mut server = SecureSession::new(name_server, &private_server, transport_server) .expect("Secure Session server"); let connect_request = client.connect_request().expect("connect request"); @@ -282,8 +282,8 @@ fn forward_error_receive_at_connection() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -318,8 +318,8 @@ fn forward_error_send_at_negotiation() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -355,8 +355,8 @@ fn forward_error_receive_at_negotiation() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -391,8 +391,8 @@ fn forward_error_send_at_exchange() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -433,8 +433,8 @@ fn forward_error_receive_at_exchange() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -477,8 +477,8 @@ fn cannot_send_empty_message() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -510,8 +510,8 @@ fn cannot_receive_empty_message() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -548,7 +548,7 @@ fn panic_in_get_pubkey_by_id_client() { let mut transport_server = MockTransport::new(); transport_client.when_get_public_key_for_id(|_| panic!()); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -573,7 +573,7 @@ fn panic_in_get_pubkey_by_id_server() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); + expect_peer(&mut transport_client, name_server, &public_server); transport_server.when_get_public_key_for_id(|_| panic!()); connect_with_channels(&mut transport_client, &mut transport_server); @@ -634,8 +634,8 @@ fn panic_in_status_change() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); diff --git a/tests/soter/soter.mk b/tests/soter/soter.mk index 29a505348..ea00db49f 100644 --- a/tests/soter/soter.mk +++ b/tests/soter/soter.mk @@ -65,7 +65,7 @@ endif $(SOTER_TEST_BIN): $(BIN_PATH)/$(LIBSOTER_SO) endif -$(SOTER_TEST_BIN): CMD = $(CC) -o $@ $(filter %.o %.a, $^) $(LDFLAGS) $(SOTER_TEST_LDFLAGS) +$(SOTER_TEST_BIN): CMD = $(CC) -o $@ $(filter %.o %.a, $^) $(LDFLAGS) $(ADDITIONAL_LDFLAGS) $(SOTER_TEST_LDFLAGS) $(SOTER_TEST_BIN): $(SOTER_TEST_OBJ) $(COMMON_TEST_OBJ) @mkdir -p $(@D) diff --git a/tests/soter/soter_sym_test.c b/tests/soter/soter_sym_test.c index 6990d7250..20b7518b9 100644 --- a/tests/soter/soter_sym_test.c +++ b/tests/soter/soter_sym_test.c @@ -605,7 +605,7 @@ static void test_invalid_params(void) } } -void run_soter_sym_test() +void run_soter_sym_test(void) { testsuite_enter_suite("soter sym"); // testsuite_run_test(soter_sym_test); diff --git a/tests/themis/themis.mk b/tests/themis/themis.mk index 8c315302f..6cd44e3e9 100644 --- a/tests/themis/themis.mk +++ b/tests/themis/themis.mk @@ -47,7 +47,7 @@ endif $(THEMIS_TEST_BIN): $(BIN_PATH)/$(LIBTHEMIS_SO) endif -$(THEMIS_TEST_BIN): CMD = $(CC) -o $@ $(filter %.o %.a, $^) $(LDFLAGS) $(THEMIS_TEST_LDFLAGS) +$(THEMIS_TEST_BIN): CMD = $(CC) -o $@ $(filter %.o %.a, $^) $(LDFLAGS) $(ADDITIONAL_LDFLAGS) $(THEMIS_TEST_LDFLAGS) $(THEMIS_TEST_BIN): $(THEMIS_TEST_OBJ) $(COMMON_TEST_OBJ) @mkdir -p $(@D) diff --git a/tests/themispp/themispp.mk b/tests/themispp/themispp.mk index 3f55ee046..19b25112c 100644 --- a/tests/themispp/themispp.mk +++ b/tests/themispp/themispp.mk @@ -39,7 +39,7 @@ endif $(TEST_BIN_PATH)/themispp_test: $(BIN_PATH)/$(LIBTHEMIS_SO) endif -$(TEST_BIN_PATH)/themispp_test: CMD = $(CXX) -o $@ $(filter %.o %.a, $^) $(LDFLAGS) $(THEMISPP_TEST_LDFLAGS) +$(TEST_BIN_PATH)/themispp_test: CMD = $(CXX) -o $@ $(filter %.o %.a, $^) $(LDFLAGS) $(ADDITIONAL_LDFLAGS) $(THEMISPP_TEST_LDFLAGS) $(TEST_BIN_PATH)/themispp_test: $(THEMISPP_TEST_OBJ) $(COMMON_TEST_OBJ) @echo -n "link " diff --git a/tools/afl/fuzzy.mk b/tools/afl/fuzzy.mk index 17341a44f..85130840b 100644 --- a/tools/afl/fuzzy.mk +++ b/tools/afl/fuzzy.mk @@ -38,7 +38,7 @@ FUZZ_UTILS = $(filter-out $(addsuffix .o,$(FUZZ_TOOLS)),$(FUZZ_OBJS)) # Build sources with access to fuzzing headers and link tools to $(FUZZ_THEMIS_LIB). $(FUZZ_OBJS): CFLAGS += -I$(FUZZ_SRC_PATH) -$(FUZZ_TOOLS): LDFLAGS += $(FUZZ_THEMIS_LIB) $(FUZZ_SOTER_LIB) $(CRYPTO_ENGINE_LDFLAGS) +$(FUZZ_TOOLS): LDFLAGS += $(FUZZ_THEMIS_LIB) $(FUZZ_SOTER_LIB) $(CRYPTO_ENGINE_LDFLAGS) $(ADDITIONAL_LDFLAGS) # afl-clang is partially configured via environment variables. For one, it likes to # talk on stdout so tell it to pipe down a bit. Additionally, address sanitizer builds diff --git a/tools/rust/scell_context_string_echo.rs b/tools/rust/scell_context_string_echo.rs index 3176d4afc..1eec1fe8a 100644 --- a/tools/rust/scell_context_string_echo.rs +++ b/tools/rust/scell_context_string_echo.rs @@ -35,7 +35,7 @@ fn main() { let message = matches.value_of("message").unwrap(); let context = matches.value_of("context").unwrap(); - let cell = SecureCell::with_key(&key) + let cell = SecureCell::with_key(key) .unwrap_or_else(|_| { eprintln!("invalid parameters: empty master key"); exit(1); @@ -45,7 +45,7 @@ fn main() { match mode { "enc" => { let encrypted = cell - .encrypt_with_context(&message, &context) + .encrypt_with_context(message, context) .unwrap_or_else(|error| { eprintln!("failed to encrypt message: {error}"); exit(1); @@ -58,7 +58,7 @@ fn main() { exit(1); }); let decrypted = cell - .decrypt_with_context(&decoded_message, &context) + .decrypt_with_context(decoded_message, context) .unwrap_or_else(|error| { eprintln!("failed to decrypt message: {error}"); exit(1); diff --git a/tools/rust/scell_seal_string_echo.rs b/tools/rust/scell_seal_string_echo.rs index 6e4190051..27c66f7d7 100644 --- a/tools/rust/scell_seal_string_echo.rs +++ b/tools/rust/scell_seal_string_echo.rs @@ -35,7 +35,7 @@ fn main() { let message = matches.value_of("message").unwrap(); let context = matches.value_of("context").unwrap_or_default(); - let cell = SecureCell::with_key(&key) + let cell = SecureCell::with_key(key) .unwrap_or_else(|_| { eprintln!("invalid parameters: empty master key"); exit(1); @@ -45,7 +45,7 @@ fn main() { match mode { "enc" => { let encrypted = cell - .encrypt_with_context(&message, &context) + .encrypt_with_context(message, context) .unwrap_or_else(|error| { eprintln!("failed to encrypt message: {error}"); exit(1); @@ -58,7 +58,7 @@ fn main() { exit(1); }); let decrypted = cell - .decrypt_with_context(&decoded_message, &context) + .decrypt_with_context(decoded_message, context) .unwrap_or_else(|error| { eprintln!("failed to decrypt message: {error}"); exit(1); diff --git a/tools/rust/scell_seal_string_echo_pw.rs b/tools/rust/scell_seal_string_echo_pw.rs index 29cd8e5ff..b6c861f0f 100644 --- a/tools/rust/scell_seal_string_echo_pw.rs +++ b/tools/rust/scell_seal_string_echo_pw.rs @@ -35,7 +35,7 @@ fn main() { let message = matches.value_of("message").unwrap(); let context = matches.value_of("context").unwrap_or_default(); - let cell = SecureCell::with_passphrase(&passphrase) + let cell = SecureCell::with_passphrase(passphrase) .unwrap_or_else(|_| { eprintln!("invalid parameters: empty passphrase"); exit(1); @@ -45,7 +45,7 @@ fn main() { match command { "enc" => { let encrypted = cell - .encrypt_with_context(&message, &context) + .encrypt_with_context(message, context) .unwrap_or_else(|error| { eprintln!("failed to encrypt message: {error}"); exit(1); @@ -58,7 +58,7 @@ fn main() { exit(1); }); let decrypted = cell - .decrypt_with_context(&decoded_message, &context) + .decrypt_with_context(decoded_message, context) .unwrap_or_else(|error| { eprintln!("failed to decrypt message: {error}"); exit(1); diff --git a/tools/rust/scell_token_string_echo.rs b/tools/rust/scell_token_string_echo.rs index 6aedc36c3..d59333457 100644 --- a/tools/rust/scell_token_string_echo.rs +++ b/tools/rust/scell_token_string_echo.rs @@ -39,7 +39,7 @@ fn main() { let message = parts.next().unwrap(); let token = parts.next().unwrap_or(""); - let cell = SecureCell::with_key(&key) + let cell = SecureCell::with_key(key) .unwrap_or_else(|_| { eprintln!("invalid parameters: empty master key"); exit(1); @@ -48,12 +48,12 @@ fn main() { match mode { "enc" => { - let (encrypted, token) = cell - .encrypt_with_context(&message, &context) - .unwrap_or_else(|error| { - eprintln!("failed to encrypt message: {error}"); - exit(1); - }); + let (encrypted, token) = + cell.encrypt_with_context(message, context) + .unwrap_or_else(|error| { + eprintln!("failed to encrypt message: {error}"); + exit(1); + }); println!("{},{}", base64::encode(&encrypted), base64::encode(&token)); } "dec" => { @@ -66,7 +66,7 @@ fn main() { exit(1); }); let decrypted = cell - .decrypt_with_context(&decoded_message, &decoded_token, &context) + .decrypt_with_context(decoded_message, decoded_token, context) .unwrap_or_else(|error| { eprintln!("failed to decrypt message: {error}"); exit(1); diff --git a/tools/rust/smessage_encryption.rs b/tools/rust/smessage_encryption.rs index 9358e98ec..c6536d854 100644 --- a/tools/rust/smessage_encryption.rs +++ b/tools/rust/smessage_encryption.rs @@ -48,7 +48,7 @@ fn main() { let key_pair = KeyPair::try_join(private_key, public_key).expect("matching keys"); let encrypter = SecureMessage::new(key_pair); - let encrypted = encrypter.encrypt(&message).unwrap_or_else(|error| { + let encrypted = encrypter.encrypt(message).unwrap_or_else(|error| { eprintln!("failed to encrypt message: {error}"); exit(1); }); @@ -63,7 +63,7 @@ fn main() { eprintln!("failed to decode message: {error}"); exit(1); }); - let decrypted = encrypter.decrypt(&decoded_message).unwrap_or_else(|error| { + let decrypted = encrypter.decrypt(decoded_message).unwrap_or_else(|error| { eprintln!("failed to decrypt message: {error}"); exit(1); }); @@ -73,7 +73,7 @@ fn main() { "sign" => { let signer = SecureSign::new(private_key); - let signed = signer.sign(&message).unwrap_or_else(|error| { + let signed = signer.sign(message).unwrap_or_else(|error| { eprintln!("failed to sign message: {error}"); exit(1); }); @@ -87,7 +87,7 @@ fn main() { eprintln!("failed to decode message: {error}"); exit(1); }); - let verified = signer.verify(&decoded_message).unwrap_or_else(|error| { + let verified = signer.verify(decoded_message).unwrap_or_else(|error| { eprintln!("failed to verify message: {error}"); exit(1); }); From dee8388e03d705060af08eacb13c552bf40a1ddc Mon Sep 17 00:00:00 2001 From: G1gg1L3s Date: Mon, 4 Dec 2023 14:41:48 +0200 Subject: [PATCH 4/6] Bump boringssl --- third_party/boringssl/src | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/third_party/boringssl/src b/third_party/boringssl/src index 50ee09552..a43c76dbe 160000 --- a/third_party/boringssl/src +++ b/third_party/boringssl/src @@ -1 +1 @@ -Subproject commit 50ee09552cde1c2019bef24520848d041920cfd4 +Subproject commit a43c76dbe30d619188dc685b7d432a92e7c2b66b From 2bc8977a0aaaa077ccca7d741571f61b41186b93 Mon Sep 17 00:00:00 2001 From: G1gg1L3s Date: Mon, 4 Dec 2023 14:53:45 +0200 Subject: [PATCH 5/6] Revert "Bump boringssl" This reverts commit dee8388e03d705060af08eacb13c552bf40a1ddc. Okay, this time I checked, the previous commit of boiringssl was newer than one in the master. --- third_party/boringssl/src | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/third_party/boringssl/src b/third_party/boringssl/src index a43c76dbe..50ee09552 160000 --- a/third_party/boringssl/src +++ b/third_party/boringssl/src @@ -1 +1 @@ -Subproject commit a43c76dbe30d619188dc685b7d432a92e7c2b66b +Subproject commit 50ee09552cde1c2019bef24520848d041920cfd4 From 00ec1100369af71a24eb38627a83b2f5b417909b Mon Sep 17 00:00:00 2001 From: Nazar Serhiichuk <43041209+G1gg1L3s@users.noreply.github.com> Date: Mon, 4 Dec 2023 23:14:59 +0200 Subject: [PATCH 6/6] msys2: Fix hashes for 0.15.0 release (#1040) Since we already have 0.15.0 assets on GitHub, we can specify those and expect successful builds on stable. --- PKGBUILD.MSYS2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/PKGBUILD.MSYS2 b/PKGBUILD.MSYS2 index 63f131a37..339d2b675 100644 --- a/PKGBUILD.MSYS2 +++ b/PKGBUILD.MSYS2 @@ -17,9 +17,9 @@ depends=('libopenssl>=1.1.1') makedepends=('tar' 'gcc' 'make' 'openssl-devel>=1.1.1') source=("https://github.com/cossacklabs/themis/archive/$pkgver.tar.gz") -sha256sums=('e5ff84e020ea02f545be6948b4a5ed04944fed10d4bc500684d8e79be3f6020d') -sha1sums=('abab5054190049cdb00540501316a8df3c2496f3') -md5sums=('30acf0963fae74808041a54b7c902d42') +sha256sums=('82caaae4659986f0a096fea25837244d9380f6cfdaefdea9572d07cbd0d64dbb') +sha1sums=('1d9ab4872c3f2e5e0dfae81ce11267de9474bbc2') +md5sums=('87ed049f75704f9fb9b6e6c26a8fa056') # TODO: verify package signature # Unfortunately, bsdtar cannot handle symlinks on MSYS2 [1] so we have to use