Commit 0676c9ae by Steffen Jaeckel

Merge branch 'release/1.18.0'

parents bbc52b9e c165f3a2
---
AccessModifierOffset: -2
ConstructorInitializerIndentWidth: 4
AlignEscapedNewlinesLeft: false
AlignTrailingComments: true
AllowAllParametersOfDeclarationOnNextLine: false
AllowShortIfStatementsOnASingleLine: false
AllowShortLoopsOnASingleLine: false
AlwaysBreakTemplateDeclarations: false
AlwaysBreakBeforeMultilineStrings: false
BreakBeforeBinaryOperators: false
BreakConstructorInitializersBeforeComma: false
BinPackParameters: true
ColumnLimit: 120
ConstructorInitializerAllOnOneLineOrOnePerLine: true
DerivePointerBinding: true
ExperimentalAutoDetectBinPacking: false
IndentCaseLabels: true
MaxEmptyLinesToKeep: 1
NamespaceIndentation: None
ObjCSpaceBeforeProtocolList: false
PenaltyBreakComment: 60
PenaltyBreakString: 1000
PenaltyBreakFirstLessLess: 120
PenaltyExcessCharacter: 1000000
PenaltyReturnTypeOnItsOwnLine: 200
PointerBindsToType: false
SpacesBeforeTrailingComments: 1
Cpp11BracedListStyle: false
Standard: Cpp03
IndentWidth: 3
TabWidth: 8
UseTab: Never
BreakBeforeBraces: Linux
IndentFunctionDeclarationAfterType: false
SpacesInParentheses: false
SpaceInEmptyParentheses: false
SpacesInCStyleCastParentheses: false
SpaceAfterControlStatementKeyword: true
SpaceBeforeAssignmentOperators: true
...
/.gitattributes export-ignore
/.gitignore export-ignore
/** export-subst
# suppress compiler/linker output
*.[oa]
*.obj
*.l[oa]
[Dd]ebug/
[Rr]elease/
/MSVC_*
.libs/
# release files
/libtomcrypt-*
/crypt-*
# suppress output of build process
gcc_[12].txt
testok.txt
test_*.txt
tv.txt
*_tv.txt
doxygen/
doc/crypt.pdf
doc/refman.pdf
# *nix/windows test executables
constants
constants.exe
ltcrypt
ltcrypt.exe
hashsum
hashsum.exe
multi
multi.exe
openssl-enc
openssl-enc.exe
sizes
sizes.exe
small
small.exe
test
test.exe
tv_gen
tv_gen.exe
timing
timing.exe
# Visual Studio special files
# ignore user specific settings
*.user
*.suo
# ignore non-compressed browse file (holds information for ClassView, IntelliSense and WizardBar)
*.ncb
# ignore VS intermediate and program database files
*.idb
*.pdb
# Eclipse special files
.project
.cproject
.settings/
# oops ;) but we don't want them to appear in the repository...
*.stackdump
*.core
# misc
*.rej
*.patch
*.diff
*.orig
*.out
*.ll
*.gcda
*.gcno
*.gcov
libtomcrypt.pc
# output from doc generation
doxygen/
*.dvi
*.log
*.aux
*.toc
*.idx
*.ilg
*.ind
*.out
*.lof
*.bak
coverage/
coverage*.info
# coverity intermediate directory etc.
cov-int/
.coverity_*
libtomcrypt.lzma
dist: trusty
sudo: required
language: c
addons:
apt:
sources:
- ubuntu-toolchain-r-test
- llvm-toolchain-precise-3.8
packages:
- clang-3.8
install:
- sudo apt-get update -qq
- sudo apt-get install libtommath-dev
before_script:
- gem install coveralls-lcov
- curl http://ftp.de.debian.org/debian/pool/main/l/lcov/lcov_1.11.orig.tar.gz | tar xz
- export PATH=$PATH:`pwd`/lcov-1.11/bin
- curl -s https://packagecloud.io/install/repositories/libtom/packages/script.deb.sh | sudo bash
- sudo apt-get install libtfm-dev=0.13-5
matrix:
fast_finish: true
branches:
only:
- master
- develop
- /^release\/.*$/
compiler:
- gcc
- clang
script:
- bash "${BUILDSCRIPT}" "${BUILDNAME}" "${BUILDOPTIONS}" "makefile V=1" "-DUSE_LTM -DLTM_DESC" "-ltommath"
- bash "${BUILDSCRIPT}" "${BUILDNAME}" "${BUILDOPTIONS}" "makefile.shared V=1" "-DUSE_TFM -DTFM_DESC" "-ltfm"
env:
- |
BUILDSCRIPT="check_source.sh"
BUILDNAME="CHECK_SOURCES"
BUILDOPTIONS=" "
- |
BUILDSCRIPT="scan_build.sh"
BUILDNAME="SCAN_BUILD"
BUILDOPTIONS=" "
- |
BUILDSCRIPT="coverage.sh"
BUILDNAME="COVERAGE"
BUILDOPTIONS=" "
- |
BUILDSCRIPT="run.sh"
BUILDNAME="STOCK"
BUILDOPTIONS=" "
- |
BUILDSCRIPT="run.sh"
BUILDNAME="EASY"
BUILDOPTIONS="-DLTC_EASY"
- |
BUILDSCRIPT="run.sh"
BUILDNAME="SMALL"
BUILDOPTIONS="-DLTC_SMALL_CODE"
- |
BUILDSCRIPT="run.sh"
BUILDNAME="NOTABLES"
BUILDOPTIONS="-DLTC_NO_TABLES"
- |
BUILDSCRIPT="run.sh"
BUILDNAME="SMALL+NOTABLES"
BUILDOPTIONS="-DLTC_SMALL_CODE -DLTC_NO_TABLES"
- |
BUILDSCRIPT="run.sh"
BUILDNAME="CLEANSTACK"
BUILDOPTIONS="-DLTC_CLEAN_STACK"
- |
BUILDSCRIPT="run.sh"
BUILDNAME="CLEANSTACK+SMALL"
BUILDOPTIONS="-DLTC_SMALL_CODE -DLTC_CLEAN_STACK"
- |
BUILDSCRIPT="run.sh"
BUILDNAME="CLEANSTACK+NOTABLES"
BUILDOPTIONS="-DLTC_NO_TABLES -DLTC_CLEAN_STACK"
- |
BUILDSCRIPT="run.sh"
BUILDNAME="CLEANSTACK+NOTABLES+SMALL"
BUILDOPTIONS="-DLTC_NO_TABLES -DLTC_CLEAN_STACK -DLTC_SMALL_CODE"
- |
BUILDSCRIPT="run.sh"
BUILDNAME="NO_FAST"
BUILDOPTIONS="-DLTC_NO_FAST"
- |
BUILDSCRIPT="run.sh"
BUILDNAME="NO_FAST+NOTABLES"
BUILDOPTIONS="-DLTC_NO_FAST -DLTC_NO_TABLES"
- |
BUILDSCRIPT="run.sh"
BUILDNAME="NO_ASM"
BUILDOPTIONS="-DLTC_NO_ASM"
- |
BUILDSCRIPT="run.sh"
BUILDNAME="NO_TIMING_RESISTANCE"
BUILDOPTIONS="-DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING"
- |
BUILDSCRIPT="run.sh"
BUILDNAME="CLEANSTACK+NOTABLES+SMALL+NO_ASM+NO_TIMING_RESISTANCE"
BUILDOPTIONS="-DLTC_CLEAN_STACK -DLTC_NO_TABLES -DLTC_SMALL_CODE -DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING"
- |
BUILDSCRIPT="run.sh"
BUILDNAME="PTHREAD"
BUILDOPTIONS="-DLTC_PTHREAD"
- |
BUILDSCRIPT="run.sh"
BUILDNAME="CLEANSTACK+NOTABLES+SMALL+NO_ASM+NO_TIMING_RESISTANCE+PTHREAD"
BUILDOPTIONS="-DLTC_CLEAN_STACK -DLTC_NO_TABLES -DLTC_SMALL_CODE -DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING -DLTC_PTHREAD"
- |
BUILDSCRIPT="testbuild.sh"
BUILDNAME="NOTEST"
BUILDOPTIONS="-DLTC_NO_TEST"
- |
BUILDSCRIPT="testbuild.sh"
BUILDNAME="NOFILE"
BUILDOPTIONS="-DLTC_NO_FILE"
after_failure:
- cat test_std.txt
- cat test_err.txt
- cat tv.txt
after_script:
- cat gcc_1.txt
- cat gcc_2.txt
notifications:
irc: "chat.freenode.net#libtom-notifications"
LibTomCrypt is licensed under DUAL licensing terms.
Choose and use the license of your needs.
[LICENSE #1]
LibTomCrypt is public domain. As should all quality software be.
Tom St Denis
[/LICENSE #1]
[LICENSE #2]
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
Version 2, December 2004
Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
Everyone is permitted to copy and distribute verbatim or modified
copies of this license document, and changing it is allowed as long
as the name is changed.
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. You just DO WHAT THE FUCK YOU WANT TO.
[/LICENSE #2]
See doc/crypt.pdf
# libtomcrypt
Previously the git repository contained `doc/crypt.pdf` for detailed documentation.
This was changed and the file is now only available from the tarball of the appropriate version
or from the page https://github.com/libtom/libtomcrypt/releases .
## Project Status
master: [![Build Status](https://api.travis-ci.org/libtom/libtomcrypt.png?branch=master)](https://travis-ci.org/libtom/libtomcrypt) [![Coverage Status](https://coveralls.io/repos/libtom/libtomcrypt/badge.png?branch=master)](https://coveralls.io/r/libtom/libtomcrypt)
develop: [![Build Status](https://api.travis-ci.org/libtom/libtomcrypt.png?branch=develop)](https://travis-ci.org/libtom/libtomcrypt) [![Coverage Status](https://coveralls.io/repos/libtom/libtomcrypt/badge.png?branch=develop)](https://coveralls.io/r/libtom/libtomcrypt)
[![Coverity Scan Build Status](https://scan.coverity.com/projects/487/badge.svg)](https://scan.coverity.com/projects/487)
API/ABI changes: [check here](https://abi-laboratory.pro/tracker/timeline/libtomcrypt/)
## Submitting patches
Please branch off from develop if you want to submit a patch.
Patch integration will be faster if tests and documentation are included.
Please update the makefiles in a separate commit. To update them simply run the `updatemakes.sh` script.
If you have something bigger to submit, feel free to contact us beforehand.
Then we can give you write access to this repo, so you can open your PR based on this repo
and we can easier follow the rebase-before-merge approach we're using (or even do the rebase ourself).
### Reviews
We're using Pull Request reviews to make sure that the code is in line with the existing code base.
Please have a look [here](https://help.github.com/articles/approving-a-pull-request-with-required-reviews/) to get an idea of the approach.
## Branches
Please be aware, that all branches besides _master_ and _develop_ __can__ and __will be__ force-pushed, rebased and/or removed!
If you want to rely on such an _unstable_ branch, create your own fork of this repository to make sure nothing breaks for you.
## Configuration options
By default the library builds its entire feature set (besides `katja`) in a (depending on your needs more or less) optimal way.
There are numerous configuration options available if you want to trim down the functionality of the library.
Please have a look at `src/headers/tomcrypt_custom.h` for all available configuration options.
The following list is a small part of the available, but the most often required, configuration switches.
| Flag | Behavior |
| ---- | -------- |
| `LTC_NO_TEST` | Remove all algorithm self-tests from the library |
| `LTC_NO_FILE` | Remove all API functions requiring a pre-defined `FILE` data-type (mostly useful for embedded targets) |
| `GMP_DESC` | enable [gmp](https://gmplib.org/) as MPI provider *\*1* |
| `LTM_DESC` | enable [libtommath](http://www.libtom.net/) as MPI provider *\*1* |
| `TFM_DESC` | enable [tomsfastmath](http://www.libtom.net/) as MPI provider *\*1* *\*2* |
| `USE_GMP` | use `gmp` as MPI provider when building the binaries *\*3* |
| `USE_LTM` | use `libtommath` as MPI provider when building the binaries *\*3* |
| `USE_TFM` | use `tomsfastmath` as MPI provider when building the binaries *\*3* |
*\*1* It is possible to build the library against all MPI providers in parallel and choose at startup-time which math library should be used.
*\*2* Please be aware that `tomsfastmath` has the limitation of a fixed max size of MPI's.
*\*3* Only one is supported at the time & this is only required when building the binaries, not when building the library itself.
## Building the library
There are several `makefile`s provided. Please choose the one that fits best for you.
| makefile | use-case |
| -------- | -------- |
| `makefile` | builds a static library (GNU Make required) |
| `makefile.shared` | builds a shared (and static) library (GNU Make required) |
| `makefile.unix` | for unusual UNIX platforms, or if you do not have GNU Make |
| `makefile.mingw` | for usage with the mingw compiler on MS Windows |
| `makefile.msvc` | for usage with the MSVC compiler on MS Windows |
| `libtomcrypt_VS2008.sln` | A VisualStudio 2008 project for MS Windows |
### Make targets
The `makefile`s provide several targets to build (VS project excluded).
The following list does not claim to be complete resp. to be available across all `makefile` variants.
| target | application |
| ------ | ----------- |
| *empty target*/none given | c.f. `library`
| `library` | builds only the library |
| `hashsum` | builds the `hashsum` binary, similar to [`shasum`](https://linux.die.net/man/1/shasum), but with support for all hash-algorithms included in the library *\*4* |
| `ltcrypt` | builds the `ltcrypt` binary, implementing something similar to [`crypt`](https://linux.die.net/man/3/crypt) *\*4* |
| `sizes` | builds the `sizes` binary, printing all internal data sizes on invocation *\*4* |
| `constants` | builds the `constants` binary, printing all internal constants on invocation *\*4* |
| `openssl-enc` | builds the `openssl-enc` binary, which is more or less compatible to [`openssl enc`](https://linux.die.net/man/1/enc) *\*4* *\*5* |
| `test` | builds the `test` binary, which runs all algorithm self-tests + some extended tests *\*4* |
| `timing` | builds the `timing` binary, which can be used to measure timings for algorithms and modes *\*4* |
| `bins` | builds `hashsum` *\*4* |
| `all_test` | builds `test`, `hashsum`, `ltcrypt`, `small`, `tv_gen`, `sizes` & `constants` *\*4* |
| `docs` | builds the developer documentation `doc/crypt.pdf` |
| `install` | installs the `library` and header files *\*7* *\*8* |
| `install_bins` | installs the binaries created by the `bins` target *\*7* *\*8* |
| `install_docs` | installs the documentation created by the `docs` target *\*7* *\*8* |
| `install_test` | installs the test-app created by the `test` target *\*7* *\*8* |
| `install_all` | installs everything (i.e. `library`, `bins`, `docs` and `test`) *\*8* |
| `uninstall` | uninstalls the `library` and header files |
*\*4* also builds `library`
*\*5* broken build in some configurations, therefore not built by default
*\*7* also builds the necessary artifact(s) before installing it
*\*8* also have a look at the 'Installation' section of this file
### Examples
You want to build the library as static library
make
You want to build the library as shared library
make -f makefile.shared
You have `libtommath` installed on your system and want to build a static library and the `test` binary to run the self-tests.
make CFLAGS="-DUSE_LTM -DLTM_DESC" EXTRALIBS="-ltommath" test
You have `tomsfastmath` installed on your system and want to build a shared library and all binaries
make -f makefile.shared CFLAGS="-DUSE_TFM -DTFM_DESC" EXTRALIBS="-ltfm" all demos
You have `gmp`, `libtommath` and `tomsfastmath` installed on your system and want to build a static library and the `timing` binary to measure timings against `gmp`.
make CFLAGS="-DUSE_GMP -DGMP_DESC -DLTM_DESC -DTFM_DESC" EXTRALIBS="-lgmp" timing
If you have `libtommath` in a non-standard location:
make CFLAGS="-DUSE_LTM -DLTM_DESC -I/opt/devel/ltm" EXTRALIBS="/opt/devel/ltm/libtommath.a" all
## Installation
There exist several _install_ make-targets which are described in the table above.
These targets support the standard ways (c.f. [[GNU]], [[FreeBSD]])
to modify the installation path via the following set of variables:
DESTDIR
PREFIX
LIBPATH
INCPATH
DATAPATH
BINPATH
The entire set of the variables is only supported in `makefile`, `makefile.shared` and `makefile.unix`.
In case you have to use one of the other makefiles, check in the file which variables are supported.
### Examples
You want to install the static library to the default paths
make install
You want to install the shared library to a special path and use it from this path
make -f makefile.shared PREFIX=/opt/special/path
Have a look at the developer documentation, [[GNU]] or [[FreeBSD]] to get a detailed explanation of all the variables.
[GNU]: https://www.gnu.org/prep/standards/html_node/DESTDIR.html
[FreeBSD]: https://www.freebsd.org/doc/en/books/porters-handbook/porting-prefix.html
for 1.18
- document new ECC functions
- add test for new functions
#!/bin/bash
echo "$1 ($2, $3)..."
make clean 1>/dev/null 2>/dev/null
echo -n "building..."
CFLAGS="$2 $CFLAGS $4" EXTRALIBS="$5" make -j4 -f $3 test tv_gen 1>gcc_1.txt 2>gcc_2.txt || (echo "build $1 failed see gcc_2.txt for more information" && cat gcc_2.txt && exit 1)
if [ -f /proc/cpuinfo ]
then
MAKE_JOBS=$(( ($(cat /proc/cpuinfo | grep -E '^processor[[:space:]]*:' | tail -n -1 | cut -d':' -f2) + 1) * 2 + 1 ))
else
MAKE_JOBS=8
fi
CFLAGS="$2 $CFLAGS $4" EXTRALIBS="$5" make -j$MAKE_JOBS -f $3 all_test 1>gcc_1.txt 2>gcc_2.txt
mret=$?
cnt=$(wc -l < gcc_2.txt)
# ignore 1 line since ar prints to stderr instead of stdout and ar is called for
# $(LIBNAME)
if [[ $mret -ne 0 ]] || [[ $cnt -gt 1 ]]; then
echo "build $1 failed! printing gcc_2.txt now for convenience"
cat gcc_2.txt
exit 1
fi
echo -n "testing..."
if [ -a test ] && [ -f test ] && [ -x test ]; then
((./test >test_std.txt 2>test_err.txt && ./tv_gen > tv.txt) && echo "$1 test passed." && echo "y" > testok.txt) || (echo "$1 test failed" && cat test_err.txt && exit 1)
((./test >test_std.txt 2>test_err.txt && ./tv_gen > tv.txt) && echo "$1 test passed." && echo "y" > testok.txt) || (echo "$1 test failed, look at test_err.txt or tv.txt" && exit 1)
if find *_tv.txt -type f 1>/dev/null 2>/dev/null ; then
for f in *_tv.txt; do if (diff --ignore-case $f notes/$f) then true; else (echo "tv_gen $f failed" && rm -f testok.txt && exit 1); fi; done
for f in *_tv.txt; do
# check for lines starting with '<' ($f might be a subset of notes/$f)
difftroubles=$(diff -i -w -B $f notes/$f | grep '^<')
if [ -n "$difftroubles" ]; then
echo "FAILURE: $f"
diff -i -w -B $f notes/$f
echo "tv_gen $f failed" && rm -f testok.txt && exit 1
else
true
fi
done
fi
fi
if [ -a testok.txt ] && [ -f testok.txt ]; then
if [ "$LTC_COVERAGE" != "" ]; then
./coverage_more.sh > test_coverage_more.txt || exit 1
lcov_opts="--capture --no-external --directory src -q"
lcov_out=$(echo coverage_$1_$2_$3 | tr ' -=+' '_')".info"
lcov $lcov_opts --output-file $lcov_out
fi
exit 0
fi
exit 1
# $Source: /cvs/libtom/libtomcrypt/build.sh,v $
# $Revision: 1.9 $
# $Date: 2006/03/18 14:10:55 $
# ref: $Format:%D$
# git commit: $Format:%H$
# commit time: $Format:%ai$
XXX, 2017
v1.18.0
-- Bugfix multi2
-- Bugfix Noekeon
-- Bugfix XTEA
-- Bugfix rng_get_bytes() on windows where we could read from c:\dev\random
-- Fixed the Bleichbacher Signature attack in PKCS#1 v1.5 EMSA, thanks to Alex Dent
-- Fixed a potential cache-based timing attack in CCM, thanks to Sebastian Verschoor
-- Fix GCM counter reuse and potential timing attacks in EAX, OCB and OCBv3,
thanks to Raphaël Jamet
-- Implement hardened RSA operations when CRT is used
-- Enabled timing resistant calculations of ECC and RSA operations per default
-- Applied some patches from the OLPC project regarding PKCS#1 and preventing
the hash algorithms from overflowing
-- Larry Bugbee contributed the necessary stuff to more easily call libtomcrypt
from a dynamic language like Python, as shown in his pyTomCrypt
-- Nikos Mavrogiannopoulos contributed RSA blinding and export of RSA and DSA keys
in OpenSSL/GnuTLS compatible format
-- Patrick Pelletier contributed a smart volley of patches
-- Christopher Brown contributed some patches and additions to ASN.1/DER
-- Pascal Brand of STMicroelectronics contributed patches regarding CCM, the
XTS mode and RSA private key operations with keys without CRT parameters
-- RC2 now also works with smaller key-sizes
-- Improved/extended several tests & demos
-- Hardened DSA and RSA by testing (through Karel's perl-CryptX)
against Google's "Wycheproof" and Kudelski Security's "CDF"
-- Fixed all compiler warnings
-- Fixed several build issues on FreeBSD, NetBSD, Linux x32 ABI, HP-UX/IA64,
Mac OS X, Windows (32&64bit, Cygwin, MingW & MSVC) ...
-- Re-worked all makefiles
-- Re-worked most PRNG's
-- The code is now verified by a linter, thanks to Francois Perrad
-- Documentation (crypt.pdf) is now built deterministically, thanks to Michael Stapelberg
-- Add Adler32 and CRC32 checksum algorithms
-- Add Base64-URL de-/encoding and some strict variants
-- Add Blake2b & Blake2s (hash & mac), thanks to Kelvin Sherlock
-- Add Camellia block cipher
-- Add ChaCha (stream cipher), Poly1305 (mac), ChaCha20Poly1305 (encauth)
-- Add constant-time mem-compare mem_neq()
-- Add DER GeneralizedTime de-/encoding
-- Add DSA and ECC key generation FIPS-186-4 compliance
-- Add HKDF, thanks to RyanC (especially for also providing documentation :-) )
-- Add OCBv3
-- Add PKCS#1 v1.5 mode of SSL3.0
-- Add PKCS#1 testvectors from RSA
-- Add PKCS#8 & X.509 import for RSA keys
-- Add stream cipher API
-- Add SHA3 & SHAKE
-- Add SHA512/256 and SHA512/224
-- Add Triple-DES 2-key mode, thanks to Paul Howarth
-- Brought back Diffie-Hellman
May 12th, 2007