Merge branch 'develop'

CMakeLists.txt

@@ -110,7 +110,7 @@ project (VirgilSecurity)
 # Set library version
 set (VIRGIL_VERSION_MAJOR 2)
 set (VIRGIL_VERSION_MINOR 4)
-set (VIRGIL_VERSION_PATCH 3)
+set (VIRGIL_VERSION_PATCH 4)
 set (VIRGIL_VERSION_FEATURE)
 set (VIRGIL_VERSION ${VIRGIL_VERSION_MAJOR}.${VIRGIL_VERSION_MINOR}.${VIRGIL_VERSION_PATCH})
 set (VIRGIL_SOVERSION 2)

ChangeLog

@@ -1,5 +1,29 @@
 virgil ChangeLog (Sorted per date)
 
+= Version 2.4.4 released 2018-05-17
+
+## Bugfix
+
+  * [Lib] Add missed Pythia headers to the all-in-one header
+
+## Features
+
+  * [Apple] Enable Pythia for platforms: WatchOS MacOS TVOS
+  * [Apple] Add 'module.modulemap' for Apple frameworks
+  * [JS] Add support for nodejs-10.1.0
+  * [Java] Add automatic loading of the JNI native library
+
+## Changes
+
+  * [Lib] Add restriction on the 'keyMaterial' length for deterministic key generation algorithms (at least 32 bytes)
+  * [Java] Downgrade target Java to 1.7
+  * [JS] Disable Pythia for platfroms: AsmJS and Webasm
+  * [JS] Update nodejs version: 4.8.7  -> 4.9.1'
+  * [JS] Update nodejs version: 6.13.0 -> 6.14.2'
+  * [JS] Update nodejs version: 8.9.4  -> 8.11.2'
+  * [JS] Update nodejs version: 9.5.0  -> 9.11.1'
+
+
 = Version 2.4.3 released 2018-05-08
 
 ## Features

Jenkinsfile

@@ -76,11 +76,12 @@ def createNativeUnixBuild(slave) {
             // Java
             sh './utils/build.sh java'
             // NodeJS
-            sh './utils/build.sh nodejs-4.8.7'
-            sh './utils/build.sh nodejs-6.13.0'
+            sh './utils/build.sh nodejs-4.9.1'
+            sh './utils/build.sh nodejs-6.14.2'
             sh './utils/build.sh nodejs-7.10.1'
-            sh './utils/build.sh nodejs-8.9.4'
-            sh './utils/build.sh nodejs-9.5.0'
+            sh './utils/build.sh nodejs-8.11.2'
+            sh './utils/build.sh nodejs-9.11.1'
+            sh './utils/build.sh nodejs-10.1.0'
             organizeFilesUnix('install/nodejs')
             // PHP
             if (slave.contains('os-x')) {
@@ -128,11 +129,12 @@ def createNativeWindowsBuild(slave) {
                 bat 'utils\\build.bat cpp'
                 bat 'utils\\build.bat net'
                 bat 'utils\\build.bat java'
-                bat 'utils\\build.bat nodejs-4.8.7'
-                bat 'utils\\build.bat nodejs-6.13.0'
+                bat 'utils\\build.bat nodejs-4.9.1'
+                bat 'utils\\build.bat nodejs-6.14.2'
                 bat 'utils\\build.bat nodejs-7.10.1'
-                bat 'utils\\build.bat nodejs-8.9.4'
-                bat 'utils\\build.bat nodejs-9.5.0'
+                bat 'utils\\build.bat nodejs-8.11.2'
+                bat 'utils\\build.bat nodejs-9.11.1'
+                bat 'utils\\build.bat nodejs-10.1.0'
                 withEnv(["PATH=C:\\Python27_x86;${env.PATH}"]) {
                     bat 'utils\\build.bat python-2.7-x86'
                 }

README.md

@@ -34,16 +34,16 @@ Crypto Library is suitable for the following platforms:
 * Web (WebAssembly, AsmJS)
 
 ### Supported languages
-Crypto Library is written in C++ and supports bindings for the following programming languages:
-* Go
-* PHP
-* Python
-* Ruby
-* Java
-* C#
-* AsmJS
-* NodeJS
-* WebAssembly
+Crypto Library is written in C++ [[CDN](https://cdn.virgilsecurity.com/virgil-crypto/cpp/)] and supports bindings for the following programming languages:
+* Go [[CDN](https://cdn.virgilsecurity.com/virgil-crypto/go/)]
+* PHP [[CDN](https://cdn.virgilsecurity.com/virgil-crypto/php/)]
+* Python [[CDN](https://cdn.virgilsecurity.com/virgil-crypto/python/)]
+* Ruby [[CDN](https://cdn.virgilsecurity.com/virgil-crypto/ruby/)]
+* Java [[CDN](https://cdn.virgilsecurity.com/virgil-crypto/java/)]
+* C# [[CDN](https://cdn.virgilsecurity.com/virgil-crypto/net/)]
+* AsmJS [[CDN](https://cdn.virgilsecurity.com/virgil-crypto/asmjs/)]
+* NodeJS [[CDN](https://cdn.virgilsecurity.com/virgil-crypto/nodejs/)]
+* WebAssembly [[CDN](https://cdn.virgilsecurity.com/virgil-crypto/webasm/)]
 
 **Swift/Objective_C** language can use the Virgil Crypto Library directly, without any bind.
 

VERSION

@@ -1 +1 @@
-2.4.3
+2.4.4

cmake/apple.cmake

@@ -348,6 +348,7 @@ endmacro(find_host_library)
 # target_apple_framework(<target>
 #                        [NAME name]
 #                        [VERSION version]
+#                        [MODULE_MAP filepath]
 #                        [IDENTIFIER identifier]
 #                        [DEVELOPMENT_TEAM team]
 #                        [CODE_SIGN_IDENTITY identity]
@@ -362,7 +363,7 @@ function(target_apple_framework target)
     # Parse arguments
     #
     set(_option_value CODE_SIGN)
-    set(_one_value NAME VERSION IDENTIFIER DEVELOPMENT_TEAM CODE_SIGN_IDENTITY)
+    set(_one_value NAME VERSION MODULE_MAP IDENTIFIER DEVELOPMENT_TEAM CODE_SIGN_IDENTITY)
     cmake_parse_arguments(FRAMEWORK "${_option_value}" "${_one_value}" "" ${ARGN})
 
     if(FRAMEWORK_UNPARSED_ARGUMENTS)
@@ -407,6 +408,29 @@ function(target_apple_framework target)
         MACOSX_FRAMEWORK_INFO_PLIST "${CMAKE_CURRENT_BINARY_DIR}/Info.plist"
     )
 
+    set_property(TARGET ${target} APPEND_STRING PROPERTY LINK_FLAGS "-all_load")
+
+    #
+    # Set module.modulemap
+    #
+    if (FRAMEWORK_MODULE_MAP)
+        target_sources (${target} PRIVATE "${FRAMEWORK_MODULE_MAP}")
+
+        set_property(
+            SOURCE "${FRAMEWORK_MODULE_MAP}"
+            PROPERTY MACOSX_PACKAGE_LOCATION "Modules"
+        )
+
+        if (APPLE_PLATFORM STREQUAL "MACOS")
+            add_custom_command(
+                TARGET ${target}
+                POST_BUILD
+                COMMAND cmake -E create_symlink "Versions/Current/Modules" "$<TARGET_BUNDLE_DIR:${target}>/Modules"
+            )
+        endif()
+    endif ()
+
+
     #
     # Set Xcode attributes:
     #   - XCODE_ATTRIBUTE_{APPLE_PLATFORM}_DEPLOYMENT_TARGET

lib/CMakeLists.txt

@@ -155,7 +155,7 @@ if (BUILD_LIBRARY_FRAMEWORK)
             message (FATAL_ERROR "Header file 'pythia_buf_sizes.h' is not found within paths $${include_directories}")
         endif ()
 
-        target_sources(${PROJECT_NAME} PRIVATE "${pythia_buf_header_file_path}" "${pythia_buf_sizes_header_file_path}")
+        target_sources (${PROJECT_NAME} PRIVATE "${pythia_buf_header_file_path}" "${pythia_buf_sizes_header_file_path}")
 
         set_property (
             SOURCE ${pythia_buf_header_file_path}
@@ -166,12 +166,15 @@ if (BUILD_LIBRARY_FRAMEWORK)
             SOURCE ${pythia_buf_sizes_header_file_path}
             PROPERTY MACOSX_PACKAGE_LOCATION "Headers/pythia"
         )
+
+
     endif ()
 
     # Convert target to framework
     target_apple_framework (${PROJECT_NAME}
         NAME "VSCCrypto"
         IDENTIFIER "com.virgilsecurity.VSCCrypto"
+        MODULE_MAP "${CMAKE_CURRENT_LIST_DIR}/module.modulemap"
     )
 
 endif ()

lib/include/virgil/crypto/VirgilCrypto.h

@@ -99,3 +99,16 @@
     #include "stream/VirgilStreamDataSink.h"
     #include "stream/VirgilStreamDataSource.h"
 #endif /* VIRGIL_CRYPTO_FEATURE_STREAM_IMPL */
+
+#if VIRGIL_CRYPTO_FEATURE_PYTHIA
+    #include "pythia/pythia_buf.h"
+    #include "pythia/pythia_buf_sizes.h"
+    #include "pythia/virgil_pythia_c.h"
+    #include "pythia/VirgilPythia.h"
+    #include "pythia/VirgilPythiaBlindResult.h"
+    #include "pythia/VirgilPythiaContext.h"
+    #include "pythia/VirgilPythiaError.h"
+    #include "pythia/VirgilPythiaProveResult.h"
+    #include "pythia/VirgilPythiaTransformationKeyPair.h"
+    #include "pythia/VirgilPythiaTransformResult.h"
+#endif /* VIRGIL_CRYPTO_FEATURE_PYTHIA */

lib/include/virgil/crypto/VirgilKeyPair.h

@@ -152,6 +152,9 @@ class VirgilKeyPair {
      *
      * @param keyMaterial - the only data to be used for key generation, must be strong enough.
      * @param pwd - private key password.
+     *
+     * @throw VirgilCryptoException with VirgilCryptoError::NotSecure,
+     *     if Key Material is weak.
      */
     static VirgilKeyPair generateRecommendedFromKeyMaterial(
             const VirgilByteArray& keyMaterial,

lib/module.modulemap

@@ -0,0 +1,7 @@
+framework module VSCCrypto {
+  header "pythia/pythia_buf.h"
+  header "pythia/pythia_buf_sizes.h"
+  header "pythia/virgil_pythia_c.h"
+
+  export *
+}

lib/src/VirgilAsymmetricCipher.cxx

@@ -50,6 +50,8 @@
 #include <mbedtls/kdf2.h>
 #include <mbedtls/md.h>
 
+#include <tinyformat/tinyformat.h>
+
 #include <virgil/crypto/VirgilByteArrayUtils.h>
 #include <virgil/crypto/foundation/VirgilSystemCryptoError.h>
 #include <virgil/crypto/foundation/asn1/VirgilAsn1Writer.h>
@@ -328,6 +330,13 @@ void VirgilAsymmetricCipher::genKeyPair(VirgilKeyPair::Type type) {
 }
 
 void VirgilAsymmetricCipher::genKeyPairFromKeyMaterial(VirgilKeyPair::Type type, const VirgilByteArray& keyMaterial) {
+    constexpr size_t kKeyMaterialSecureSizeMin = 32;
+
+    if (keyMaterial.size () < kKeyMaterialSecureSizeMin) {
+        throw make_error(VirgilCryptoError::NotSecure,
+                tfm::format("Key material is not secure. Expected length >= %d.", kKeyMaterialSecureSizeMin));
+    }
+
     unsigned int rsaSize = 0;
     impl_->pk_ctx.clear();
     mbedtls_ecp_group_id ecTypeId = MBEDTLS_ECP_DP_NONE;

tests/test_asymmetric_cipher.cxx

@@ -185,6 +185,16 @@ TEST_CASE("Asymmetric Cipher - Keys Validation", "[asymmetric-cipher]") {
 TEST_CASE("Asymmetric Cipher - Deterministic Key Pair generation", "[asymmetric-cipher]") {
     VirgilAsymmetricCipher cipher;
     VirgilByteArray strongKeyMaterial = hex2bytes(kDeterministic_KeyMaterial);
+    VirgilByteArray weakKeyMaterial = VirgilByteArray(31, 0xAB);
+    VirgilByteArray strongEnaughKeyMaterial = VirgilByteArray(32, 0xAB);
+
+    SECTION("key material with length 31 fail") {
+        REQUIRE_THROWS(cipher.genKeyPairFromKeyMaterial(VirgilKeyPair::Algorithm::RSA_256, weakKeyMaterial));
+    }
+
+    SECTION("key material with length 32 pass") {
+        REQUIRE_NOTHROW(cipher.genKeyPairFromKeyMaterial(VirgilKeyPair::Algorithm::RSA_256, strongEnaughKeyMaterial));
+    }
 
     SECTION("check RSA_256") {
         REQUIRE_NOTHROW(cipher.genKeyPairFromKeyMaterial(VirgilKeyPair::Algorithm::RSA_256, strongKeyMaterial));

utils/build.sh

@@ -388,7 +388,7 @@ if [ "${TARGET_NAME}" == "ios" ]; then
                         -DINSTALL_LIB_DIR_NAME=lib/sim32 "${SRC_DIR}"
     make -j8 install
 
-    # Build for i386 simulator (Pythia is in a multi-thread mode!!!)
+    # Build for x86_64 simulator (Pythia is in a multi-thread mode!!!)
     rm -fr -- *
     cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=IOS_SIM64 \
                         -DVIRGIL_CRYPTO_FEATURE_PYTHIA_MT=ON \
@@ -412,13 +412,19 @@ if [ "${TARGET_NAME}" == "tvos" ] || [ "${TARGET_NAME}" == "watchos" ] || [ "${T
     CMAKE_ARGS+=" -DINSTALL_EXT_LIBS=NO"
     CMAKE_ARGS+=" -DINSTALL_EXT_HEADERS=NO"
     CMAKE_ARGS+=" -DCMAKE_TOOLCHAIN_FILE='${SRC_DIR}/cmake/apple.cmake'"
+    CMAKE_ARGS+=" -DVIRGIL_CRYPTO_FEATURE_PYTHIA=ON"
 
     # Build for device
     cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=${APPLE_PLATFORM_DEVICE} -DINSTALL_LIB_DIR_NAME=lib/dev "${SRC_DIR}"
     make -j8 install
 
     if [ "${TARGET_NAME}" != "macos" ]; then
         # Build for simulator
+
+        if [ "${TARGET_NAME}" == "watchos" ]; then
+            CMAKE_ARGS+=" -DVIRGIL_CRYPTO_FEATURE_PYTHIA_MT=OFF"
+        fi
+
         rm -fr ./*
         cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=${APPLE_PLATFORM_SIMULATOR} -DINSTALL_LIB_DIR_NAME=lib/sim "${SRC_DIR}"
         make -j8 install
@@ -534,8 +540,6 @@ if [[ "${TARGET_NAME}" =~ (asmjs|webasm) ]]; then
     fi
     source "${EMSDK_HOME}/emsdk_env.sh"
 
-    CMAKE_ARGS+=" -DVIRGIL_CRYPTO_FEATURE_PYTHIA=ON"
-
     cmake ${CMAKE_ARGS} -DLANG=${TARGET_NAME} \
         -DCMAKE_TOOLCHAIN_FILE="$EMSCRIPTEN/cmake/Modules/Platform/Emscripten.cmake" \
         -DCMAKE_CXX_FLAGS_RELEASE="-O3" \

wrappers/emsdk/wrapper.cxx

@@ -532,6 +532,8 @@ EMSCRIPTEN_BINDINGS(virgil_crypto_pfs) {
         ;
 }
 
+#if VIRGIL_CRYPTO_FEATURE_PYTHIA
+
 EMSCRIPTEN_BINDINGS(virgil_crypto_pythia) {
         class_<VirgilPythia>("VirgilPythia")
             .constructor<>()
@@ -569,3 +571,5 @@ EMSCRIPTEN_BINDINGS(virgil_crypto_pythia) {
             .function("transformedTweak", &VirgilPythiaTransformResult::transformedTweak)
         ;
 }
+
+#endif /* VIRGIL_CRYPTO_FEATURE_PYTHIA */

wrappers/java/CMakeLists.txt

@@ -38,17 +38,24 @@ cmake_minimum_required (VERSION 3.10 FATAL_ERROR)
 
 project (${WRAPPED_LIB_NAME}_java)
 
+#
 # Configure Java
+#
 set (JAVA_MODULE_NAME ${PROJECT_NAME})
 set (JAVA_JAR_NAME ${JAVA_MODULE_NAME})
 set (JAVA_JAR_TARGET_NAME ${JAVA_MODULE_NAME}_jar)
 set (SWIG_MODULE_NAME ${JAVA_MODULE_NAME})
+set(CMAKE_JAVA_COMPILE_FLAGS -source 1.7 -target 1.7)
 
+#
 # Find Java
+#
 find_host_package (Java REQUIRED)
 include (UseJava)
 
+#
 # Find Java JNI
+#
 if (ANDROID)
     find_path (JAVA_INCLUDE_PATH jni.h)
     set (JNI_INCLUDE_DIRS ${JAVA_INCLUDE_PATH})
@@ -57,13 +64,17 @@ else (ANDROID)
 endif (ANDROID)
 include_directories (SYSTEM ${JNI_INCLUDE_DIRS})
 
+#
 # Make sure the nested directory structure exists
+#
 set (JAVA_BINARY_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/bin CACHE INTERNAL "")
 set (JAVA_SWIG_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/src CACHE INTERNAL "")
 file (MAKE_DIRECTORY ${JAVA_BINARY_DIRECTORY})
 file (MAKE_DIRECTORY ${JAVA_SWIG_OUTPUT_DIRECTORY})
 
+#
 # Configure SWIG
+#
 find_host_package (SWIG REQUIRED)
 include (${SWIG_USE_FILE})
 
@@ -91,7 +102,9 @@ swig_link_libraries (${JAVA_MODULE_NAME} ${WRAPPED_LIB_NAME})
 
 set (JAVA_SWIG_TARGET_NAME ${SWIG_MODULE_${JAVA_MODULE_NAME}_REAL_NAME})
 
+#
 # Configure assembly
+#
 set_target_properties (${JAVA_SWIG_TARGET_NAME}
         PROPERTIES OUTPUT_NAME ${JAVA_MODULE_NAME})
 set_target_properties (${JAVA_SWIG_TARGET_NAME}
@@ -120,15 +133,20 @@ foreach (JAVA_FILE ${JAVA_SRC})
     )
 endforeach (JAVA_FILE)
 
+#
 # Add assembly dependencies
+#
 add_jar (${JAVA_JAR_TARGET_NAME}
-    "${CMAKE_CURRENT_BINARY_DIR}/src/VirgilStreamDataSink.java"
-    "${CMAKE_CURRENT_BINARY_DIR}/src/VirgilStreamDataSource.java"
+    # Just add one source to satisfy precondition for 'java_sources' file creation.
+    # All *.java files will be added when SWIG generates them.
+    "${CMAKE_CURRENT_BINARY_DIR}/src/JniLoader.java"
     OUTPUT_NAME ${JAVA_JAR_NAME}
 )
 add_dependencies (${JAVA_JAR_TARGET_NAME} ${JAVA_SWIG_TARGET_NAME})
 
-# Payload 'java_sources' file with generated classes
+#
+# Payload file 'java_sources' with generated classes and custom classes.
+#
 get_property (JAVA_CLASS_DIR TARGET ${JAVA_JAR_TARGET_NAME} PROPERTY CLASS_DIR)
 if (NOT JAVA_CLASS_DIR)
     get_property (JAVA_CLASS_DIR TARGET ${JAVA_JAR_TARGET_NAME} PROPERTY CLASSDIR)
@@ -145,7 +163,9 @@ add_custom_command (TARGET ${JAVA_SWIG_TARGET_NAME} POST_BUILD
         COMMENT "Create java source list file: ${JAVA_SOURCE_LIST_FILE}."
     )
 
+#
 # Install
+#
 set (PLATFORM_VERSION "${Java_VERSION_MAJOR}.${Java_VERSION_MINOR}" PARENT_SCOPE)
 
 if (ANDROID)