From 3219654b7b3dd5b0e21428b1a78a51dd44f69208 Mon Sep 17 00:00:00 2001 From: Martin Arista Date: Mon, 10 Jul 2023 11:54:25 -0400 Subject: [PATCH 1/7] Update README.md (#1015) update links for maven and java/kotlin links --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2e8c55b69..6ff9a8d3e 100644 --- a/README.md +++ b/README.md @@ -79,9 +79,9 @@ Themis is available for the following languages/platforms, refer to [language ho | ⚛️ React Native (iOS, Android) | [React Native Howto](https://docs.cossacklabs.com/themis/languages/react-native/) | [docs/examples/react-native](https://github.com/cossacklabs/themis/tree/master/docs/examples/react-native) | [![npm](https://img.shields.io/npm/v/react-native-themis.svg)](https://www.npmjs.com/package/react-native-themis) | | 🔶 Swift (iOS, macOS) | [Swift Howto](https://docs.cossacklabs.com/themis/languages/swift/) | [docs/examples/swift](https://github.com/cossacklabs/themis/tree/master/docs/examples/swift) | [![CocoaPods](https://img.shields.io/cocoapods/v/themis.svg)](https://cocoapods.org/pods/themis) | | 📱 Objective-C (iOS, macOS) | [Objective-C Howto](https://docs.cossacklabs.com/themis/languages/objc/) | [docs/examples/objc](https://github.com/cossacklabs/themis/tree/master/docs/examples/objc)| [![CocoaPods](https://img.shields.io/cocoapods/v/themis.svg)](https://cocoapods.org/pods/themis) | -| ☕️ Java (Desktop) | [Java (Desktop) Howto](https://docs.cossacklabs.com/themis/languages/java/installation-desktop/) | [Java projects](https://github.com/cossacklabs/themis-java-examples) | | -| ☎️ Java (Android) | [Java (Android) Howto](https://docs.cossacklabs.com/themis/languages/java/installation-android/) | [Android projects](https://github.com/cossacklabs/themis-java-examples) | [![maven](https://api.bintray.com/packages/cossacklabs/maven/themis/images/download.svg)](https://bintray.com/cossacklabs/maven/themis/_latestVersion) | -| 📞 Kotlin (Android) | [Java (Android) Howto](https://docs.cossacklabs.com/themis/languages/java/installation-android/) | [Android projects](https://github.com/cossacklabs/themis-java-examples) | [![maven](https://api.bintray.com/packages/cossacklabs/maven/themis/images/download.svg)](https://bintray.com/cossacklabs/maven/themis/_latestVersion) | +| ☕️ Java (Desktop) | [Java (Desktop) Howto](https://docs.cossacklabs.com/themis/languages/java/installation-desktop/) | [docs/examples/java](https://github.com/cossacklabs/themis/tree/master/docs/examples/java) | [![maven](https://img.shields.io/maven-central/v/com.cossacklabs.com/java-themis )](https://central.sonatype.com/artifact/com.cossacklabs.com/java-themis/0.14.0/overview) | +| ☎️ Java (Android) | [Java (Android) Howto](https://docs.cossacklabs.com/themis/languages/java/installation-android/) | [docs/examples/android](https://github.com/cossacklabs/themis/tree/master/docs/examples/android) | [![maven](https://img.shields.io/maven-central/v/com.cossacklabs.com/java-themis )](https://central.sonatype.com/artifact/com.cossacklabs.com/java-themis/0.14.0/overview) | +| 📞 Kotlin (Android) | [Kotlin (Android) Howto](https://docs.cossacklabs.com/themis/languages/kotlin/installation-android/) | [docs/examples/android](https://github.com/cossacklabs/themis/tree/master/docs/examples/android) | [![maven](https://img.shields.io/maven-central/v/com.cossacklabs.com/themis)](https://central.sonatype.com/artifact/com.cossacklabs.com/themis/0.14.0) | | 🔻 Ruby | [Ruby Howto](https://docs.cossacklabs.com/themis/languages/ruby/) | [docs/examples/ruby](https://github.com/cossacklabs/themis/tree/master/docs/examples/ruby) | [![Gem](https://img.shields.io/gem/v/rbthemis.svg)](https://rubygems.org/gems/rbthemis) | | 🐍 Python | [Python Howto](https://docs.cossacklabs.com/themis/languages/python/) | [docs/examples/python](https://github.com/cossacklabs/themis/tree/master/docs/examples/python) | [![PyPI](https://img.shields.io/pypi/v/pythemis.svg)](https://pypi.python.org/pypi?%3Aaction=search&term=pythemis&submit=search) | | 🐘 PHP | [PHP Howto](https://docs.cossacklabs.com/themis/languages/php/) | [docs/examples/php](https://github.com/cossacklabs/themis/tree/master/docs/examples/php) | | From 86096502c48a80edb11f567c92e26eb463eae36c Mon Sep 17 00:00:00 2001 From: Nazar Serhiichuk <43041209+G1gg1L3s@users.noreply.github.com> Date: Mon, 10 Jul 2023 22:57:46 +0300 Subject: [PATCH 2/7] Avoid specific versions in README (#1016) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Just to avoid responsibility of updating it during release (•_•) ( •_•)>⌐■-■ (⌐■_■) --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6ff9a8d3e..50d8945d4 100644 --- a/README.md +++ b/README.md @@ -79,9 +79,9 @@ Themis is available for the following languages/platforms, refer to [language ho | ⚛️ React Native (iOS, Android) | [React Native Howto](https://docs.cossacklabs.com/themis/languages/react-native/) | [docs/examples/react-native](https://github.com/cossacklabs/themis/tree/master/docs/examples/react-native) | [![npm](https://img.shields.io/npm/v/react-native-themis.svg)](https://www.npmjs.com/package/react-native-themis) | | 🔶 Swift (iOS, macOS) | [Swift Howto](https://docs.cossacklabs.com/themis/languages/swift/) | [docs/examples/swift](https://github.com/cossacklabs/themis/tree/master/docs/examples/swift) | [![CocoaPods](https://img.shields.io/cocoapods/v/themis.svg)](https://cocoapods.org/pods/themis) | | 📱 Objective-C (iOS, macOS) | [Objective-C Howto](https://docs.cossacklabs.com/themis/languages/objc/) | [docs/examples/objc](https://github.com/cossacklabs/themis/tree/master/docs/examples/objc)| [![CocoaPods](https://img.shields.io/cocoapods/v/themis.svg)](https://cocoapods.org/pods/themis) | -| ☕️ Java (Desktop) | [Java (Desktop) Howto](https://docs.cossacklabs.com/themis/languages/java/installation-desktop/) | [docs/examples/java](https://github.com/cossacklabs/themis/tree/master/docs/examples/java) | [![maven](https://img.shields.io/maven-central/v/com.cossacklabs.com/java-themis )](https://central.sonatype.com/artifact/com.cossacklabs.com/java-themis/0.14.0/overview) | -| ☎️ Java (Android) | [Java (Android) Howto](https://docs.cossacklabs.com/themis/languages/java/installation-android/) | [docs/examples/android](https://github.com/cossacklabs/themis/tree/master/docs/examples/android) | [![maven](https://img.shields.io/maven-central/v/com.cossacklabs.com/java-themis )](https://central.sonatype.com/artifact/com.cossacklabs.com/java-themis/0.14.0/overview) | -| 📞 Kotlin (Android) | [Kotlin (Android) Howto](https://docs.cossacklabs.com/themis/languages/kotlin/installation-android/) | [docs/examples/android](https://github.com/cossacklabs/themis/tree/master/docs/examples/android) | [![maven](https://img.shields.io/maven-central/v/com.cossacklabs.com/themis)](https://central.sonatype.com/artifact/com.cossacklabs.com/themis/0.14.0) | +| ☕️ Java (Desktop) | [Java (Desktop) Howto](https://docs.cossacklabs.com/themis/languages/java/installation-desktop/) | [docs/examples/java](https://github.com/cossacklabs/themis/tree/master/docs/examples/java) | [![maven](https://img.shields.io/maven-central/v/com.cossacklabs.com/java-themis )](https://central.sonatype.com/artifact/com.cossacklabs.com/java-themis/) | +| ☎️ Java (Android) | [Java (Android) Howto](https://docs.cossacklabs.com/themis/languages/java/installation-android/) | [docs/examples/android](https://github.com/cossacklabs/themis/tree/master/docs/examples/android) | [![maven](https://img.shields.io/maven-central/v/com.cossacklabs.com/java-themis )](https://central.sonatype.com/artifact/com.cossacklabs.com/java-themis/) | +| 📞 Kotlin (Android) | [Kotlin (Android) Howto](https://docs.cossacklabs.com/themis/languages/kotlin/installation-android/) | [docs/examples/android](https://github.com/cossacklabs/themis/tree/master/docs/examples/android) | [![maven](https://img.shields.io/maven-central/v/com.cossacklabs.com/themis)](https://central.sonatype.com/artifact/com.cossacklabs.com/themis) | | 🔻 Ruby | [Ruby Howto](https://docs.cossacklabs.com/themis/languages/ruby/) | [docs/examples/ruby](https://github.com/cossacklabs/themis/tree/master/docs/examples/ruby) | [![Gem](https://img.shields.io/gem/v/rbthemis.svg)](https://rubygems.org/gems/rbthemis) | | 🐍 Python | [Python Howto](https://docs.cossacklabs.com/themis/languages/python/) | [docs/examples/python](https://github.com/cossacklabs/themis/tree/master/docs/examples/python) | [![PyPI](https://img.shields.io/pypi/v/pythemis.svg)](https://pypi.python.org/pypi?%3Aaction=search&term=pythemis&submit=search) | | 🐘 PHP | [PHP Howto](https://docs.cossacklabs.com/themis/languages/php/) | [docs/examples/php](https://github.com/cossacklabs/themis/tree/master/docs/examples/php) | | From 06d52f4faf60d3ba5d028ac143e16c63ffa1428f Mon Sep 17 00:00:00 2001 From: Anatolii Lishchynskyi Date: Tue, 26 Sep 2023 13:15:37 +0300 Subject: [PATCH 3/7] Fix make target rbthemis_uninstall (#1022) * Fix make target rbthemis_uninstall * Add RbThemis uninstall step to CI --- .github/workflows/test-ruby.yaml | 2 ++ Makefile | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-ruby.yaml b/.github/workflows/test-ruby.yaml index f7efd1494..802a57b6b 100644 --- a/.github/workflows/test-ruby.yaml +++ b/.github/workflows/test-ruby.yaml @@ -59,6 +59,8 @@ jobs: run: | rvm use system make test_ruby + - name: Uninstall RubyThemis + run: sudo make rbthemis_uninstall examples: name: Code examples diff --git a/Makefile b/Makefile index d4eaba55a..ca74b90a8 100644 --- a/Makefile +++ b/Makefile @@ -583,7 +583,7 @@ else @exit 1 endif -rbthemis_uninstall: CMD = gem uninstall themis +rbthemis_uninstall: CMD = gem uninstall rbthemis rbthemis_uninstall: ifdef RUBY_GEM_VERSION @echo -n "rbthemis uninstall " From 05cac26d7949fe62f262ca80c2ceb3a96a181991 Mon Sep 17 00:00:00 2001 From: Anatolii Lishchynskyi Date: Thu, 9 Nov 2023 22:24:35 +0200 Subject: [PATCH 4/7] CI fixes (#1034) Rix Rust CI builds (#1032) * Pin log dependency to 0.4.17 * Pin byteorder dependency to 1.4.3 Last versions that still work with current MSRV 1.58. Fix sanitizers CI job (#1033) * Switch to GCC 10 * Install `libgcc-10-dev` that provides file `libtsan_preinit.o` needed for thread sanitizer Change priority of PREFIX in CFLAGS and LDFLAGS (#1031) * Change include dir priority in CFLAGS Move 'CFLAGS += -I/usr/local/include' below engine selection macros, so that if OS have OpenSSL header files installed in /usr/local/include, it won't mess with vendored BoringSSL or any other selected engine. * Put /usr/local/lib in separate LDFLAGS Introduce ADDITIONAL_LDFLAGS macro and put it after both LDFLAGS and CRYPTO_ENGINE_LDFLAGS during linking. * Add optional verbose logging to Makefile Add VERBOSE option to Makefile. If set, print executed command (compiler, linker etc) even for successful runs, and run ldd on created shared libraries. * Enable verbose builds on macOS jobs --- .github/workflows/test-core.yaml | 9 +++++---- Makefile | 20 +++++++++++++++++--- benches/rust/Cargo.toml | 2 +- benches/themis/Cargo.toml | 2 +- jni/themis_jni.mk | 2 +- src/soter/soter.mk | 15 ++++++++++++++- src/themis/themis.mk | 9 ++++++++- src/wrappers/themis/rust/Cargo.toml | 6 ++++-- tests/soter/soter.mk | 2 +- tests/themis/themis.mk | 2 +- tests/themispp/themispp.mk | 2 +- tools/afl/fuzzy.mk | 2 +- 12 files changed, 55 insertions(+), 18 deletions(-) diff --git a/.github/workflows/test-core.yaml b/.github/workflows/test-core.yaml index 5cfaf73e8..4dd35c759 100644 --- a/.github/workflows/test-core.yaml +++ b/.github/workflows/test-core.yaml @@ -36,6 +36,7 @@ jobs: name: Unit tests runs-on: ${{ matrix.os }} env: + VERBOSE: 1 SOTER_KDF_RUN_LONG_TESTS: yes MATRIX_OS: ${{ matrix.os }} strategy: @@ -153,20 +154,20 @@ jobs: run: | sudo sh -c 'echo "DEBIAN_FRONTEND=noninteractive" >> /etc/environment' sudo apt update - sudo apt install --yes gcc-8 clang-8 make libssl-dev + sudo apt install --yes gcc-10 libgcc-10-dev clang-8 make libssl-dev - name: Check out code uses: actions/checkout@v2 # We test only OpenSSL flavor to not expand the testing matrix too much # (rebuilding BoringSSL is not fun and takes much time) - name: Check with GCC (ASan) if: always() - run: make clean test CC=gcc-8 WITH_ASAN=1 + run: make clean test CC=gcc-10 WITH_ASAN=1 - name: Check with GCC (TSan) if: always() - run: make clean test CC=gcc-8 WITH_TSAN=1 + run: make clean test CC=gcc-10 WITH_TSAN=1 - name: Check with GCC (UBSan) if: always() - run: make clean test CC=gcc-8 WITH_UBSAN=1 + run: make clean test CC=gcc-10 WITH_UBSAN=1 - name: Check with Clang (ASan) if: always() run: make clean test CC=clang-8 WITH_ASAN=1 diff --git a/Makefile b/Makefile index ca74b90a8..658411a81 100644 --- a/Makefile +++ b/Makefile @@ -88,9 +88,6 @@ pkgconfigdir ?= $(libdir)/pkgconfig # Add Themis source directory to search paths CFLAGS += -I$(INC_PATH) -I$(SRC_PATH) -I$(SRC_PATH)/wrappers/themis/ LDFLAGS += -L$(BIN_PATH) -# Not all platforms include /usr/local in default search path -CFLAGS += -I/usr/local/include -LDFLAGS += -L/usr/local/lib # Build shared libraries CFLAGS += -fPIC @@ -111,8 +108,13 @@ OK_STRING=$(MOVE_COLUMN)$(OK_COLOR)[OK]$(NO_COLOR) ERROR_STRING=$(MOVE_COLUMN)$(ERROR_COLOR)[ERRORS]$(NO_COLOR) WARN_STRING=$(MOVE_COLUMN)$(WARN_COLOR)[WARNINGS]$(NO_COLOR) +ifeq ($(VERBOSE),) PRINT_OK = printf "$@ $(OK_STRING)\n" PRINT_OK_ = printf "$(OK_STRING)\n" +else +PRINT_OK = printf "$@ $(OK_STRING)\n" && printf "$(CMD)\n" +PRINT_OK_ = printf "$(OK_STRING)\n" && printf "$(CMD)\n" +endif PRINT_ERROR = printf "$@ $(ERROR_STRING)\n" && printf "$(CMD)\n$$LOG\n" && false PRINT_ERROR_ = printf "$(ERROR_STRING)\n" && printf "$(CMD)\n$$LOG\n" && false PRINT_WARNING = printf "$@ $(WARN_STRING)\n" && printf "$(CMD)\n$$LOG\n" @@ -166,6 +168,18 @@ ifneq ($(ENGINE_LIB_PATH),) CRYPTO_ENGINE_LIB_PATH = $(ENGINE_LIB_PATH) endif +# Basic compiler flags (lower priority than selected engine) +# We got /usr/local as default PREFIX and not all platforms include that path in default search path. +# Make sure whatever PREFIX is used, includes and libs are searched there. +# +# These two additional flags, -I and -L, need to be _after_ engine flags to not override it. +# CFLAGS is populated with CRYPTO_ENGINE_CFLAGS few lines above, so we could add -I to CFLAGS. +# LDFLAGS and CRYPTO_ENGINE_LDFLAGS are used separately, in this same order, so new macro was +# introduced, ADDITIONAL_LDFLAGS, to be used after CRYPTO_ENGINE_LDFLAGS, so that LDFLAGS remain +# at the beginning of linker flags. +CFLAGS += -I$(includedir) +ADDITIONAL_LDFLAGS += -L$(libdir) + ifneq ($(AUTH_SYM_ALG),) CFLAGS += -D$(AUTH_SYM_ALG) endif diff --git a/benches/rust/Cargo.toml b/benches/rust/Cargo.toml index 92eeb266b..78e55989e 100644 --- a/benches/rust/Cargo.toml +++ b/benches/rust/Cargo.toml @@ -13,7 +13,7 @@ criterion = { version = "0.3.4", features = ["cargo_bench_support", "html_report csv = "~1.1" # Freeze `rayon` and `rayon-core` versions (first is used by `criterion`) # so that benchmarks still build/run with Rust 1.58. -# FIXME: remove thiese two after we bump minimum required Rust version +# FIXME: remove these two after we bump minimum required Rust version rayon = "=1.6.1" rayon-core = "=1.10.1" diff --git a/benches/themis/Cargo.toml b/benches/themis/Cargo.toml index f659b4a66..534cfc584 100644 --- a/benches/themis/Cargo.toml +++ b/benches/themis/Cargo.toml @@ -14,7 +14,7 @@ criterion = { version = "0.3.4", features = ["cargo_bench_support", "html_report csv = "~1.1" # Freeze `rayon` and `rayon-core` versions (first is used by `criterion`) # so that benchmarks still build/run with Rust 1.58. -# FIXME: remove thiese two after we bump minimum required Rust version +# FIXME: remove these two after we bump minimum required Rust version rayon = "=1.6.1" rayon-core = "=1.10.1" diff --git a/jni/themis_jni.mk b/jni/themis_jni.mk index 3f912cf26..28b8ca40e 100644 --- a/jni/themis_jni.mk +++ b/jni/themis_jni.mk @@ -53,7 +53,7 @@ endif $(OBJ_PATH)/jni/%: CFLAGS += $(jvm_includes) -$(BIN_PATH)/$(LIBTHEMISJNI_SO): CMD = $(CC) -shared -o $@ $(filter %.o %.a, $^) $(LDFLAGS) -lthemis +$(BIN_PATH)/$(LIBTHEMISJNI_SO): CMD = $(CC) -shared -o $@ $(filter %.o %.a, $^) $(LDFLAGS) -lthemis $(ADDITIONAL_LDFLAGS) $(BIN_PATH)/$(LIBTHEMISJNI_SO): $(THEMIS_JNI_OBJ) $(BIN_PATH)/$(LIBTHEMIS_SO) @mkdir -p $(@D) diff --git a/src/soter/soter.mk b/src/soter/soter.mk index 14cc831c6..fbc0ae936 100644 --- a/src/soter/soter.mk +++ b/src/soter/soter.mk @@ -78,15 +78,28 @@ $(BIN_PATH)/$(LIBSOTER_A): $(SOTER_OBJ) $(SOTER_ENGINE_DEPS) @echo -n "link " @$(BUILD_CMD) -$(BIN_PATH)/$(LIBSOTER_SO): CMD = $(CC) -shared -o $@ $(filter %.o %a, $^) $(LDFLAGS) $(CRYPTO_ENGINE_LDFLAGS) $(LIBSOTER_SO_LDFLAGS) +$(BIN_PATH)/$(LIBSOTER_SO): CMD = $(CC) -shared -o $@ $(filter %.o %a, $^) $(LDFLAGS) $(CRYPTO_ENGINE_LDFLAGS) $(ADDITIONAL_LDFLAGS) $(LIBSOTER_SO_LDFLAGS) $(BIN_PATH)/$(LIBSOTER_SO): $(SOTER_OBJ) $(SOTER_ENGINE_DEPS) @mkdir -p $(@D) +ifneq ($(VERBOSE),) + @echo "LDFLAGS=$(LDFLAGS)" + @echo "CRYPTO_ENGINE_LDFLAGS=$(CRYPTO_ENGINE_LDFLAGS)" + @echo "ADDITIONAL_LDFLAGS=$(ADDITIONAL_LDFLAGS)" + @echo "LIBSOTER_SO_LDFLAGS=$(LIBSOTER_SO_LDFLAGS)" +endif @echo -n "link " @$(BUILD_CMD) ifneq ($(LIBSOTER_SO),$(LIBSOTER_LINK)) @ln -sf $(LIBSOTER_SO) $(BIN_PATH)/$(LIBSOTER_LINK) endif +ifneq ($(VERBOSE),) +ifdef IS_MACOS + -otool -L "$@" +else + -ldd "$@" +endif +endif $(BIN_PATH)/libsoter.pc: @mkdir -p $(BIN_PATH) diff --git a/src/themis/themis.mk b/src/themis/themis.mk index aeba63c16..e32949977 100644 --- a/src/themis/themis.mk +++ b/src/themis/themis.mk @@ -62,7 +62,7 @@ $(BIN_PATH)/$(LIBTHEMIS_A): $(THEMIS_OBJ) @echo -n "link " @$(BUILD_CMD) -$(BIN_PATH)/$(LIBTHEMIS_SO): CMD = $(CC) -shared -o $@ $(filter %.o %.a, $^) $(LDFLAGS) -lsoter $(LIBTHEMIS_SO_LDFLAGS) +$(BIN_PATH)/$(LIBTHEMIS_SO): CMD = $(CC) -shared -o $@ $(filter %.o %.a, $^) $(LDFLAGS) -lsoter $(ADDITIONAL_LDFLAGS) $(LIBTHEMIS_SO_LDFLAGS) $(BIN_PATH)/$(LIBTHEMIS_SO): $(BIN_PATH)/$(LIBSOTER_SO) $(THEMIS_OBJ) @mkdir -p $(@D) @@ -71,6 +71,13 @@ $(BIN_PATH)/$(LIBTHEMIS_SO): $(BIN_PATH)/$(LIBSOTER_SO) $(THEMIS_OBJ) ifneq ($(LIBTHEMIS_SO),$(LIBTHEMIS_LINK)) @ln -sf $(LIBTHEMIS_SO) $(BIN_PATH)/$(LIBTHEMIS_LINK) endif +ifneq ($(VERBOSE),) +ifdef IS_MACOS + -otool -L "$@" +else + -ldd "$@" +endif +endif $(BIN_PATH)/libthemis.pc: @mkdir -p $(BIN_PATH) diff --git a/src/wrappers/themis/rust/Cargo.toml b/src/wrappers/themis/rust/Cargo.toml index 9d782ef33..47981652f 100644 --- a/src/wrappers/themis/rust/Cargo.toml +++ b/src/wrappers/themis/rust/Cargo.toml @@ -30,8 +30,10 @@ zeroize = "1" [dev-dependencies] base64 = "0.10.0" -byteorder = "1.2.7" +# Freeze `log` and `byteorder` so that tests still build/run with Rust 1.58. +# FIXME: remove/update strict version requirement after we bump minimum required Rust version +byteorder = "=1.4.3" clap = "2.32" lazy_static = "1.2.0" -log = "0.4.6" +log = "=0.4.17" env_logger = "0.6.0" diff --git a/tests/soter/soter.mk b/tests/soter/soter.mk index 29a505348..ea00db49f 100644 --- a/tests/soter/soter.mk +++ b/tests/soter/soter.mk @@ -65,7 +65,7 @@ endif $(SOTER_TEST_BIN): $(BIN_PATH)/$(LIBSOTER_SO) endif -$(SOTER_TEST_BIN): CMD = $(CC) -o $@ $(filter %.o %.a, $^) $(LDFLAGS) $(SOTER_TEST_LDFLAGS) +$(SOTER_TEST_BIN): CMD = $(CC) -o $@ $(filter %.o %.a, $^) $(LDFLAGS) $(ADDITIONAL_LDFLAGS) $(SOTER_TEST_LDFLAGS) $(SOTER_TEST_BIN): $(SOTER_TEST_OBJ) $(COMMON_TEST_OBJ) @mkdir -p $(@D) diff --git a/tests/themis/themis.mk b/tests/themis/themis.mk index 8c315302f..6cd44e3e9 100644 --- a/tests/themis/themis.mk +++ b/tests/themis/themis.mk @@ -47,7 +47,7 @@ endif $(THEMIS_TEST_BIN): $(BIN_PATH)/$(LIBTHEMIS_SO) endif -$(THEMIS_TEST_BIN): CMD = $(CC) -o $@ $(filter %.o %.a, $^) $(LDFLAGS) $(THEMIS_TEST_LDFLAGS) +$(THEMIS_TEST_BIN): CMD = $(CC) -o $@ $(filter %.o %.a, $^) $(LDFLAGS) $(ADDITIONAL_LDFLAGS) $(THEMIS_TEST_LDFLAGS) $(THEMIS_TEST_BIN): $(THEMIS_TEST_OBJ) $(COMMON_TEST_OBJ) @mkdir -p $(@D) diff --git a/tests/themispp/themispp.mk b/tests/themispp/themispp.mk index 3f55ee046..19b25112c 100644 --- a/tests/themispp/themispp.mk +++ b/tests/themispp/themispp.mk @@ -39,7 +39,7 @@ endif $(TEST_BIN_PATH)/themispp_test: $(BIN_PATH)/$(LIBTHEMIS_SO) endif -$(TEST_BIN_PATH)/themispp_test: CMD = $(CXX) -o $@ $(filter %.o %.a, $^) $(LDFLAGS) $(THEMISPP_TEST_LDFLAGS) +$(TEST_BIN_PATH)/themispp_test: CMD = $(CXX) -o $@ $(filter %.o %.a, $^) $(LDFLAGS) $(ADDITIONAL_LDFLAGS) $(THEMISPP_TEST_LDFLAGS) $(TEST_BIN_PATH)/themispp_test: $(THEMISPP_TEST_OBJ) $(COMMON_TEST_OBJ) @echo -n "link " diff --git a/tools/afl/fuzzy.mk b/tools/afl/fuzzy.mk index 17341a44f..85130840b 100644 --- a/tools/afl/fuzzy.mk +++ b/tools/afl/fuzzy.mk @@ -38,7 +38,7 @@ FUZZ_UTILS = $(filter-out $(addsuffix .o,$(FUZZ_TOOLS)),$(FUZZ_OBJS)) # Build sources with access to fuzzing headers and link tools to $(FUZZ_THEMIS_LIB). $(FUZZ_OBJS): CFLAGS += -I$(FUZZ_SRC_PATH) -$(FUZZ_TOOLS): LDFLAGS += $(FUZZ_THEMIS_LIB) $(FUZZ_SOTER_LIB) $(CRYPTO_ENGINE_LDFLAGS) +$(FUZZ_TOOLS): LDFLAGS += $(FUZZ_THEMIS_LIB) $(FUZZ_SOTER_LIB) $(CRYPTO_ENGINE_LDFLAGS) $(ADDITIONAL_LDFLAGS) # afl-clang is partially configured via environment variables. For one, it likes to # talk on stdout so tell it to pipe down a bit. Additionally, address sanitizer builds From 61117667ffc753994799aec2cb52780228548f88 Mon Sep 17 00:00:00 2001 From: Anatolii Lishchynskyi Date: Tue, 21 Nov 2023 17:08:51 +0200 Subject: [PATCH 5/7] Update emscripten requirements and WASM CI job (#1036) * Bump emsdk version to 3.1.47 Produces module importable in Node v18 With older (emsdk 3.0.0) version, generated `libthemis.js` that should load `libthemis.wasm` fails due to some internal autogenerated code working differently on v16 and v18 * Add link flag for WASM builds Needed to make new emscripten produce working module * Update Node testing versions Add v18 that should now work, also add v20 that is in active development as of now, but if tests are green then why not? * Switched integration tests to use v16 * Removed testing of quite old and deprecated v10 * Updated version of BoringSSL submodule to a newer one (not the latest though) --- .github/workflows/integration.yaml | 4 ++-- .github/workflows/test-wasm.yaml | 17 ++++++++++------- CHANGELOG.md | 5 +++++ src/wrappers/themis/wasm/emscripten/VERSION | 2 +- .../wasm/emscripten/exported_functions.json | 1 + src/wrappers/themis/wasm/wasmthemis.mk | 6 ++++-- tests/soter/soter_sym_test.c | 2 +- third_party/boringssl/src | 2 +- 8 files changed, 25 insertions(+), 14 deletions(-) create mode 100644 src/wrappers/themis/wasm/emscripten/exported_functions.json diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index 726509d0d..81e2cea40 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -66,10 +66,10 @@ jobs: with: toolchain: stable profile: minimal - - name: Install Node.js 10.x + - name: Install Node.js 16.x uses: actions/setup-node@v1 with: - node-version: 10.x + node-version: 16.x - name: Install Emscripten run: | version=$(cat src/wrappers/themis/wasm/emscripten/VERSION) diff --git a/.github/workflows/test-wasm.yaml b/.github/workflows/test-wasm.yaml index 6fabe6da4..079c30566 100644 --- a/.github/workflows/test-wasm.yaml +++ b/.github/workflows/test-wasm.yaml @@ -78,10 +78,11 @@ jobs: strategy: matrix: node-version: - - 10.x # legacy - - 12.x # old LTS - - 14.x # current LTS - - 16.x # current stable + - 12.x # legacy + - 14.x # legacy + - 16.x # legacy + - 18.x # current LTS + - 20.x # current active fail-fast: false steps: - name: Install Node.js ${{ matrix.node-version }} @@ -110,9 +111,11 @@ jobs: strategy: matrix: node-version: - - 12.x # old LTS - - 14.x # current LTS - - 16.x # current stable + - 12.x # legacy + - 14.x # legacy + - 16.x # legacy + - 18.x # current LTS + - 20.x # current active fail-fast: false env: # WasmThemis uses promises to handle asynchronous WebAssmebly compilation. diff --git a/CHANGELOG.md b/CHANGELOG.md index c14d3c3c3..790e18442 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -43,6 +43,11 @@ _Code:_ - Minimum supported Rust version is now 1.58 ([#977](https://github.com/cossacklabs/themis/pull/977), [#984](https://github.com/cossacklabs/themis/pull/984)). +- **WasmThemis** + + - Updated required `emsdk` version to 3.1.47 ([#1036](https://github.com/cossacklabs/themis/pull/1036)). + - WasmThemis now works with Node v18 and v20 ([#1036](https://github.com/cossacklabs/themis/pull/1036)). + - **WebAssembly** - Node.js v8 is no longer supported ([#901](https://github.com/cossacklabs/themis/pull/901)). diff --git a/src/wrappers/themis/wasm/emscripten/VERSION b/src/wrappers/themis/wasm/emscripten/VERSION index 4a36342fc..e1ace7c6e 100644 --- a/src/wrappers/themis/wasm/emscripten/VERSION +++ b/src/wrappers/themis/wasm/emscripten/VERSION @@ -1 +1 @@ -3.0.0 +3.1.47 diff --git a/src/wrappers/themis/wasm/emscripten/exported_functions.json b/src/wrappers/themis/wasm/emscripten/exported_functions.json new file mode 100644 index 000000000..8beb22d93 --- /dev/null +++ b/src/wrappers/themis/wasm/emscripten/exported_functions.json @@ -0,0 +1 @@ +["_malloc", "_free"] diff --git a/src/wrappers/themis/wasm/wasmthemis.mk b/src/wrappers/themis/wasm/wasmthemis.mk index 9232ee6bd..910f85a99 100644 --- a/src/wrappers/themis/wasm/wasmthemis.mk +++ b/src/wrappers/themis/wasm/wasmthemis.mk @@ -19,8 +19,9 @@ WASM_PATH = src/wrappers/themis/wasm WASM_SRC += $(WASM_PATH)/package.json WASM_SRC += $(wildcard $(WASM_PATH)/src/*.js) -WASM_RUNTIME = $(abspath $(WASM_PATH)/emscripten/runtime_exports.json) -WASM_PRE_JS = $(abspath $(WASM_PATH)/emscripten/pre.js) +WASM_RUNTIME = $(abspath $(WASM_PATH)/emscripten/runtime_exports.json) +WASM_PRE_JS = $(abspath $(WASM_PATH)/emscripten/pre.js) +WASM_EXPORTED_FUNCTIONS = $(abspath $(WASM_PATH)/emscripten/exported_functions.json) WASM_PACKAGE = $(BIN_PATH)/wasm-themis.tgz @@ -28,6 +29,7 @@ $(BIN_PATH)/libthemis.js: LDFLAGS += -s EXPORTED_RUNTIME_METHODS=@$(WASM_RUNTIME $(BIN_PATH)/libthemis.js: LDFLAGS += -s ALLOW_TABLE_GROWTH $(BIN_PATH)/libthemis.js: LDFLAGS += -s MODULARIZE=1 $(BIN_PATH)/libthemis.js: LDFLAGS += -s ALLOW_MEMORY_GROWTH=1 +$(BIN_PATH)/libthemis.js: LDFLAGS += -s EXPORTED_FUNCTIONS=@$(WASM_EXPORTED_FUNCTIONS) # FIXME(ilammy, 2020-11-29): rely in EMSCRIPTEN_KEEPALIVE instead of LINKABLE # For some reason existing EMSCRIPTEN_KEEPALIVE macros do not work and without # LINKABLE flag wasm-ld ends up stripping *all* Themis functions from "*.wasm" diff --git a/tests/soter/soter_sym_test.c b/tests/soter/soter_sym_test.c index 6990d7250..20b7518b9 100644 --- a/tests/soter/soter_sym_test.c +++ b/tests/soter/soter_sym_test.c @@ -605,7 +605,7 @@ static void test_invalid_params(void) } } -void run_soter_sym_test() +void run_soter_sym_test(void) { testsuite_enter_suite("soter sym"); // testsuite_run_test(soter_sym_test); diff --git a/third_party/boringssl/src b/third_party/boringssl/src index 897a2ca3f..a43c76dbe 160000 --- a/third_party/boringssl/src +++ b/third_party/boringssl/src @@ -1 +1 @@ -Subproject commit 897a2ca3f184b34278641138c726ef902ab1fab2 +Subproject commit a43c76dbe30d619188dc685b7d432a92e7c2b66b From 30578c84d9e8d59deaa33a3a9559d35a7085da31 Mon Sep 17 00:00:00 2001 From: Anatolii Lishchynskyi Date: Mon, 27 Nov 2023 17:53:02 +0200 Subject: [PATCH 6/7] Fix clippy and fmt issues, update MSRV (#1039) Fix clippy and fmt issues Update MSRV to 1.60 Freeze test deps so they compile on Rust 1.60, with no effect on themis itself (does not use those frozen crates) --- .github/workflows/test-rust.yaml | 4 +- CHANGELOG.md | 2 +- .../secure_message_encrypt_decrypt_ecdsa.rs | 2 +- .../secure_message_encrypt_decrypt_rsa.rs | 2 +- .../secure_message_sign_verify_ecdsa.rs | 2 +- .../benches/secure_message_sign_verify_rsa.rs | 2 +- docs/examples/rust/secure_cell.rs | 12 +- .../rust/secure_message_client_encrypt.rs | 2 +- .../rust/secure_message_client_verify.rs | 2 +- docs/examples/rust/secure_message_server.rs | 2 +- .../rust/secure_session_echo_client.rs | 8 +- .../rust/secure_session_echo_server.rs | 4 +- src/wrappers/themis/rust/Cargo.toml | 19 +- .../themis/rust/libthemis-sys/Cargo.toml | 2 +- src/wrappers/themis/rust/src/secure_cell.rs | 12 +- tests/rust/keys.rs | 8 +- tests/rust/secure_cell.rs | 200 +++++++++--------- tests/rust/secure_message.rs | 14 +- tests/rust/secure_session.rs | 68 +++--- tools/rust/scell_context_string_echo.rs | 6 +- tools/rust/scell_seal_string_echo.rs | 6 +- tools/rust/scell_seal_string_echo_pw.rs | 6 +- tools/rust/scell_token_string_echo.rs | 16 +- tools/rust/smessage_encryption.rs | 8 +- 24 files changed, 208 insertions(+), 201 deletions(-) diff --git a/.github/workflows/test-rust.yaml b/.github/workflows/test-rust.yaml index df01e21e2..f3f30c2eb 100644 --- a/.github/workflows/test-rust.yaml +++ b/.github/workflows/test-rust.yaml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - rust: [stable, '1.58'] + rust: [stable, '1.60'] fail-fast: false steps: - name: Install system dependencies @@ -81,7 +81,7 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - rust: [stable, '1.58'] + rust: [stable, '1.60'] fail-fast: false steps: - name: Install system dependencies diff --git a/CHANGELOG.md b/CHANGELOG.md index 790e18442..eedf6ef98 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -41,7 +41,7 @@ _Code:_ This is technically a breaking change, but most reasonble implementations should be `Send` already. Please raise an issue if your code fails to build. - - Minimum supported Rust version is now 1.58 ([#977](https://github.com/cossacklabs/themis/pull/977), [#984](https://github.com/cossacklabs/themis/pull/984)). + - Minimum supported Rust version is now 1.60 ([#977](https://github.com/cossacklabs/themis/pull/977), [#984](https://github.com/cossacklabs/themis/pull/984), [#1039](https://github.com/cossacklabs/themis/pull/1039)). - **WasmThemis** diff --git a/benches/themis/benches/secure_message_encrypt_decrypt_ecdsa.rs b/benches/themis/benches/secure_message_encrypt_decrypt_ecdsa.rs index bde821ab3..28d416ccb 100644 --- a/benches/themis/benches/secure_message_encrypt_decrypt_ecdsa.rs +++ b/benches/themis/benches/secure_message_encrypt_decrypt_ecdsa.rs @@ -106,7 +106,7 @@ pub fn decryption(c: &mut Criterion) { |b, &size| { let message = vec![0; size]; let encrypted = SecureMessage::new(key_pair.clone()) - .encrypt(&message) + .encrypt(message) .expect("failed encryption"); let mut decrypted = vec![0; size]; diff --git a/benches/themis/benches/secure_message_encrypt_decrypt_rsa.rs b/benches/themis/benches/secure_message_encrypt_decrypt_rsa.rs index f5d336f06..85a2a20e5 100644 --- a/benches/themis/benches/secure_message_encrypt_decrypt_rsa.rs +++ b/benches/themis/benches/secure_message_encrypt_decrypt_rsa.rs @@ -106,7 +106,7 @@ pub fn decryption(c: &mut Criterion) { |b, &size| { let message = vec![0; size]; let encrypted = SecureMessage::new(key_pair.clone()) - .encrypt(&message) + .encrypt(message) .expect("failed encryption"); let mut decrypted = vec![0; size]; diff --git a/benches/themis/benches/secure_message_sign_verify_ecdsa.rs b/benches/themis/benches/secure_message_sign_verify_ecdsa.rs index 6771cb45a..c4401b635 100644 --- a/benches/themis/benches/secure_message_sign_verify_ecdsa.rs +++ b/benches/themis/benches/secure_message_sign_verify_ecdsa.rs @@ -102,7 +102,7 @@ pub fn verification(c: &mut Criterion) { |b, &size| { let message = vec![0; size]; let signature = SecureSign::new(private.clone()) - .sign(&message) + .sign(message) .expect("failed signing"); let mut received_message = vec![0; size]; diff --git a/benches/themis/benches/secure_message_sign_verify_rsa.rs b/benches/themis/benches/secure_message_sign_verify_rsa.rs index 3265a3257..e96b0e1a8 100644 --- a/benches/themis/benches/secure_message_sign_verify_rsa.rs +++ b/benches/themis/benches/secure_message_sign_verify_rsa.rs @@ -102,7 +102,7 @@ pub fn verification(c: &mut Criterion) { |b, &size| { let message = vec![0; size]; let signature = SecureSign::new(private.clone()) - .sign(&message) + .sign(message) .expect("failed signing"); let mut received_message = vec![0; size]; diff --git a/docs/examples/rust/secure_cell.rs b/docs/examples/rust/secure_cell.rs index f24f360ac..de2f0533b 100644 --- a/docs/examples/rust/secure_cell.rs +++ b/docs/examples/rust/secure_cell.rs @@ -33,7 +33,7 @@ fn main() -> themis::Result<()> { println!("Encoded: {}", base64::encode(&message)); - let encrypted_message = scell_mk.encrypt(&message)?; + let encrypted_message = scell_mk.encrypt(message)?; println!("Encrypted: {}", base64::encode(&encrypted_message)); let decrypted_message = scell_mk.decrypt(&encrypted_message)?; @@ -44,11 +44,11 @@ fn main() -> themis::Result<()> { println!("## Passphrase API"); { - let scell_pw = SecureCell::with_passphrase(&passphrase)?.seal(); + let scell_pw = SecureCell::with_passphrase(passphrase)?.seal(); println!("Encoded: {}", base64::encode(&message)); - let encrypted_message = scell_pw.encrypt(&message)?; + let encrypted_message = scell_pw.encrypt(message)?; println!("Encrypted: {}", base64::encode(&encrypted_message)); let decrypted_message = scell_pw.decrypt(&encrypted_message)?; @@ -64,7 +64,7 @@ fn main() -> themis::Result<()> { println!("Encoded: {}", base64::encode(&message)); - let (encrypted_message, auth_token) = scell_tp.encrypt(&message)?; + let (encrypted_message, auth_token) = scell_tp.encrypt(message)?; println!("Encrypted: {}", base64::encode(&encrypted_message)); println!("Auth token: {}", base64::encode(&auth_token)); @@ -81,10 +81,10 @@ fn main() -> themis::Result<()> { println!("Encoded: {}", base64::encode(&message)); - let encrypted_message = scell_ci.encrypt_with_context(&message, &context)?; + let encrypted_message = scell_ci.encrypt_with_context(message, context)?; println!("Encrypted: {}", base64::encode(&encrypted_message)); - let decrypted_message = scell_ci.decrypt_with_context(&encrypted_message, &context)?; + let decrypted_message = scell_ci.decrypt_with_context(&encrypted_message, context)?; println!("Decrypted: {}", as_str(&decrypted_message)); assert_eq!(decrypted_message, message); } diff --git a/docs/examples/rust/secure_message_client_encrypt.rs b/docs/examples/rust/secure_message_client_encrypt.rs index b79903ede..1a41fb941 100644 --- a/docs/examples/rust/secure_message_client_encrypt.rs +++ b/docs/examples/rust/secure_message_client_encrypt.rs @@ -51,7 +51,7 @@ fn main() { let key_pair = KeyPair::try_join(private_key, public_key).expect("matching keys"); let socket = UdpSocket::bind("localhost:0").expect("client socket"); - socket.connect(&remote_addr).expect("client connection"); + socket.connect(remote_addr).expect("client connection"); let receive_socket = socket; let relay_socket = receive_socket.try_clone().unwrap(); diff --git a/docs/examples/rust/secure_message_client_verify.rs b/docs/examples/rust/secure_message_client_verify.rs index 3144aabfc..e4e774d1e 100644 --- a/docs/examples/rust/secure_message_client_verify.rs +++ b/docs/examples/rust/secure_message_client_verify.rs @@ -49,7 +49,7 @@ fn main() { let public_key = PublicKey::try_from_slice(public_key).expect("parse public key"); let socket = UdpSocket::bind("localhost:0").expect("client socket"); - socket.connect(&remote_addr).expect("client connection"); + socket.connect(remote_addr).expect("client connection"); let receive_socket = socket; let relay_socket = receive_socket.try_clone().unwrap(); diff --git a/docs/examples/rust/secure_message_server.rs b/docs/examples/rust/secure_message_server.rs index 9e3d52350..f34ef3ad5 100644 --- a/docs/examples/rust/secure_message_server.rs +++ b/docs/examples/rust/secure_message_server.rs @@ -36,7 +36,7 @@ fn main() { let port = matches.value_of("port").unwrap_or("7573").parse().unwrap(); let listen_addr = SocketAddr::new([0; 16].into(), port); - let socket = UdpSocket::bind(&listen_addr).expect("server listen"); + let socket = UdpSocket::bind(listen_addr).expect("server listen"); let mut peers = HashSet::new(); let mut process_message = || -> io::Result<()> { let (message, sender) = recv_from(&socket)?; diff --git a/docs/examples/rust/secure_session_echo_client.rs b/docs/examples/rust/secure_session_echo_client.rs index 3af94f867..21ac4284a 100644 --- a/docs/examples/rust/secure_session_echo_client.rs +++ b/docs/examples/rust/secure_session_echo_client.rs @@ -64,9 +64,9 @@ fn main() { info!("connecting to {:?}", remote_addr); - let mut socket = TcpStream::connect(&remote_addr).expect("client connection"); + let mut socket = TcpStream::connect(remote_addr).expect("client connection"); - let mut session = SecureSession::new(&CLIENT_ID, &CLIENT_PRIVATE, ExpectServer) + let mut session = SecureSession::new(CLIENT_ID, &CLIENT_PRIVATE, ExpectServer) .expect("Secure Session client"); let mut buffer = [0; MAX_MESSAGE_SIZE]; @@ -75,7 +75,7 @@ fn main() { loop { let reply = read_framed(&mut socket, &mut buffer).expect("receive reply"); - let response = session.negotiate_reply(&reply).expect("negotiate"); + let response = session.negotiate_reply(reply).expect("negotiate"); if session.is_established() { break; } @@ -95,7 +95,7 @@ fn main() { write_framed(&mut socket, &message).expect("write to socket"); let reply = read_framed(&mut socket, &mut buffer).expect("read from socket"); - let reply = session.unwrap(&reply).expect("unwrap incoming"); + let reply = session.unwrap(reply).expect("unwrap incoming"); io::stdout().write_all(&reply).expect("write to stdout"); } diff --git a/docs/examples/rust/secure_session_echo_server.rs b/docs/examples/rust/secure_session_echo_server.rs index 8286bcb0f..bce945820 100644 --- a/docs/examples/rust/secure_session_echo_server.rs +++ b/docs/examples/rust/secure_session_echo_server.rs @@ -105,7 +105,7 @@ fn main() { .expect("valid port"); let listen_addr = SocketAddr::new([0; 16].into(), port); - let listen_socket = TcpListener::bind(&listen_addr).expect("server listen"); + let listen_socket = TcpListener::bind(listen_addr).expect("server listen"); info!("listening on port {}", port); @@ -123,7 +123,7 @@ fn main() { info!("{:?}: connected", client_address); let transport = SocketTransport::new(client); - let mut session = SecureSession::new(&SERVER_ID, &SERVER_PRIVATE, transport) + let mut session = SecureSession::new(SERVER_ID, &SERVER_PRIVATE, transport) .expect("Secure Session server"); while !session.is_established() { diff --git a/src/wrappers/themis/rust/Cargo.toml b/src/wrappers/themis/rust/Cargo.toml index 47981652f..0fabc6de1 100644 --- a/src/wrappers/themis/rust/Cargo.toml +++ b/src/wrappers/themis/rust/Cargo.toml @@ -2,7 +2,7 @@ name = "themis" version = "0.14.0" edition = "2018" -rust-version = "1.58.0" +rust-version = "1.60.0" authors = ["rust-themis developers"] description = "High-level cryptographic services for storage and messaging" homepage = "https://www.cossacklabs.com/themis/" @@ -29,11 +29,18 @@ bindings = { package = "libthemis-sys", path = "libthemis-sys", version = "0.14. zeroize = "1" [dev-dependencies] -base64 = "0.10.0" -# Freeze `log` and `byteorder` so that tests still build/run with Rust 1.58. +# Freeze byteorder, log so that tests still build/run with Rust 1.60. +# Other crates are frozen in hope to avoid more problems in future, where something updates +# and requires newer toolchain version compared to what we require for RustThemis. # FIXME: remove/update strict version requirement after we bump minimum required Rust version +base64 = "=0.10.1" byteorder = "=1.4.3" -clap = "2.32" -lazy_static = "1.2.0" +clap = "=2.34.0" +lazy_static = "=1.4.0" log = "=0.4.17" -env_logger = "0.6.0" +env_logger = "=0.6.2" + +# These are not used in themis tests, but are rather dependencies of dev-dependencies listed above. +# Specifying exact versions so that tests could build/run on Rust 1.60. +regex = "=1.9.5" +memchr = "=2.6.1" diff --git a/src/wrappers/themis/rust/libthemis-sys/Cargo.toml b/src/wrappers/themis/rust/libthemis-sys/Cargo.toml index ad5f740e5..8c79f8808 100644 --- a/src/wrappers/themis/rust/libthemis-sys/Cargo.toml +++ b/src/wrappers/themis/rust/libthemis-sys/Cargo.toml @@ -2,7 +2,7 @@ name = "libthemis-sys" version = "0.14.0" edition = "2018" -rust-version = "1.58.0" +rust-version = "1.60.0" authors = ["rust-themis developers"] description = "FFI binding to libthemis" homepage = "https://www.cossacklabs.com/themis/" diff --git a/src/wrappers/themis/rust/src/secure_cell.rs b/src/wrappers/themis/rust/src/secure_cell.rs index 5564e5629..06bd5038d 100644 --- a/src/wrappers/themis/rust/src/secure_cell.rs +++ b/src/wrappers/themis/rust/src/secure_cell.rs @@ -358,7 +358,7 @@ impl SecureCellSeal { /// # } /// ``` pub fn encrypt(&self, message: impl AsRef<[u8]>) -> Result> { - self.encrypt_with_context(message, &[]) + self.encrypt_with_context(message, []) } /// Encrypts the provided message with associated context. @@ -501,7 +501,7 @@ impl SecureCellSeal { /// # } /// ``` pub fn decrypt(&self, message: impl AsRef<[u8]>) -> Result> { - self.decrypt_with_context(message, &[]) + self.decrypt_with_context(message, []) } /// Decrypts the provided message with associated context. @@ -689,7 +689,7 @@ impl SecureCellSealWithPassphrase { /// # } /// ``` pub fn encrypt(&self, message: impl AsRef<[u8]>) -> Result> { - self.encrypt_with_context(message, &[]) + self.encrypt_with_context(message, []) } /// Encrypts the provided message with associated context. @@ -822,7 +822,7 @@ impl SecureCellSealWithPassphrase { /// # } /// ``` pub fn decrypt(&self, message: impl AsRef<[u8]>) -> Result> { - self.decrypt_with_context(message, &[]) + self.decrypt_with_context(message, []) } /// Decrypts the provided message with associated context. @@ -1225,7 +1225,7 @@ impl SecureCellTokenProtect { /// # } /// ``` pub fn encrypt(&self, message: impl AsRef<[u8]>) -> Result<(Vec, Vec)> { - self.encrypt_with_context(message, &[]) + self.encrypt_with_context(message, []) } /// Encrypts the provided message with associated context. @@ -1393,7 +1393,7 @@ impl SecureCellTokenProtect { /// # } /// ``` pub fn decrypt(&self, message: impl AsRef<[u8]>, token: impl AsRef<[u8]>) -> Result> { - self.decrypt_with_context(message, token, &[]) + self.decrypt_with_context(message, token, []) } /// Decrypts the provided message with associated context. diff --git a/tests/rust/keys.rs b/tests/rust/keys.rs index 32884dc81..0fdb52281 100644 --- a/tests/rust/keys.rs +++ b/tests/rust/keys.rs @@ -64,10 +64,10 @@ fn parse_generated_keys_back() { #[test] fn parse_invalid_buffers() { - let error = EcdsaPublicKey::try_from_slice(&[1, 2, 3]).expect_err("parse failure"); + let error = EcdsaPublicKey::try_from_slice([1, 2, 3]).expect_err("parse failure"); assert_eq!(error.kind(), ErrorKind::InvalidParameter); - let error = RsaPrivateKey::try_from_slice(&[]).expect_err("parse failure"); + let error = RsaPrivateKey::try_from_slice([]).expect_err("parse failure"); assert_eq!(error.kind(), ErrorKind::InvalidParameter); } @@ -105,6 +105,6 @@ fn parse_generated_symmetric_keys_back() { #[test] fn parse_custom_symmetric_keys() { - assert!(SymmetricKey::try_from_slice(&[0]).is_ok()); - assert!(SymmetricKey::try_from_slice(&[]).is_err()); + assert!(SymmetricKey::try_from_slice([0]).is_ok()); + assert!(SymmetricKey::try_from_slice([]).is_err()); } diff --git a/tests/rust/secure_cell.rs b/tests/rust/secure_cell.rs index c455f4987..e0d2af18e 100644 --- a/tests/rust/secure_cell.rs +++ b/tests/rust/secure_cell.rs @@ -23,7 +23,7 @@ mod context_imprint { #[test] fn initialization() { assert!(SecureCell::with_key(SymmetricKey::new()).is_ok()); - assert!(SecureCell::with_key(&[]).is_err()); + assert!(SecureCell::with_key([]).is_err()); } #[test] @@ -34,8 +34,8 @@ mod context_imprint { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context).unwrap(); - let decrypted = cell.decrypt_with_context(&encrypted, &context).unwrap(); + let encrypted = cell.encrypt_with_context(message, context).unwrap(); + let decrypted = cell.decrypt_with_context(encrypted, context).unwrap(); assert_eq!(decrypted, message); } @@ -48,7 +48,7 @@ mod context_imprint { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context).unwrap(); + let encrypted = cell.encrypt_with_context(message, context).unwrap(); assert_eq!(encrypted.len(), message.len()); } @@ -63,8 +63,8 @@ mod context_imprint { let context_long = b"Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo".as_ref(); - let encrypted_short = cell.encrypt_with_context(&message, &context_short).unwrap(); - let encrypted_long = cell.encrypt_with_context(&message, &context_long).unwrap(); + let encrypted_short = cell.encrypt_with_context(message, context_short).unwrap(); + let encrypted_long = cell.encrypt_with_context(message, context_long).unwrap(); // Context is not (directly) included into encrypted message. assert_eq!(encrypted_short.len(), encrypted_long.len()); @@ -81,16 +81,16 @@ mod context_imprint { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let encrypted = cell_a.encrypt_with_context(&message, &context).unwrap(); + let encrypted = cell_a.encrypt_with_context(message, context).unwrap(); // Context Imprint mode does not validate message data so using an incorrect key // will successfully return garbage output. - let decrypted_incorrect = cell_b.decrypt_with_context(&encrypted, &context).unwrap(); + let decrypted_incorrect = cell_b.decrypt_with_context(&encrypted, context).unwrap(); assert_ne!(decrypted_incorrect, message); assert_ne!(decrypted_incorrect, encrypted); // Only the correct key will work. - let decrypted_correct = cell_a.decrypt_with_context(&encrypted, &context).unwrap(); + let decrypted_correct = cell_a.decrypt_with_context(&encrypted, context).unwrap(); assert_eq!(decrypted_correct, message); } @@ -103,16 +103,16 @@ mod context_imprint { let context_a = b"The jaws that bite, the claws that catch!".as_ref(); let context_b = b"One, two! One, two! And through and through".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context_a).unwrap(); + let encrypted = cell.encrypt_with_context(message, context_a).unwrap(); // Context Imprint mode does not validate message data so using an incorrect context // will successfully return garbage output. - let decrypted_incorrect = cell.decrypt_with_context(&encrypted, &context_b).unwrap(); + let decrypted_incorrect = cell.decrypt_with_context(&encrypted, context_b).unwrap(); assert_ne!(decrypted_incorrect, message); assert_ne!(decrypted_incorrect, encrypted); // Only the correct context will work. - let decrypted_correct = cell.decrypt_with_context(&encrypted, &context_a).unwrap(); + let decrypted_correct = cell.decrypt_with_context(&encrypted, context_a).unwrap(); assert_eq!(decrypted_correct, message); } @@ -124,7 +124,7 @@ mod context_imprint { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context).unwrap(); + let encrypted = cell.encrypt_with_context(message, context).unwrap(); // Invert every odd byte, this will surely break the message. let mut corrupted = encrypted; @@ -135,7 +135,7 @@ mod context_imprint { } // Decrypts successfully but the content is garbage. - let decrypted = cell.decrypt_with_context(&corrupted, &context).unwrap(); + let decrypted = cell.decrypt_with_context(&corrupted, context).unwrap(); assert_ne!(decrypted, message); } @@ -147,12 +147,12 @@ mod context_imprint { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context).unwrap(); + let encrypted = cell.encrypt_with_context(message, context).unwrap(); let truncated = &encrypted[..encrypted.len() - 1]; // Decrypts successfully but the content is garbage. - let decrypted = cell.decrypt_with_context(&truncated, &context).unwrap(); + let decrypted = cell.decrypt_with_context(truncated, context).unwrap(); assert_ne!(decrypted, message); } @@ -164,13 +164,13 @@ mod context_imprint { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context).unwrap(); + let encrypted = cell.encrypt_with_context(message, context).unwrap(); let mut extended = encrypted; extended.push(0); // Decrypts successfully but the content is garbage. - let decrypted = cell.decrypt_with_context(&extended, &context).unwrap(); + let decrypted = cell.decrypt_with_context(&extended, context).unwrap(); assert_ne!(decrypted, message); } @@ -183,11 +183,11 @@ mod context_imprint { let context = b"...and a toilet seat cover!".as_ref(); // With Context Imprint the context cannot be empty. - assert!(cell.encrypt_with_context(&message, &[]).is_err()); - assert!(cell.encrypt_with_context(&[], &context).is_err()); + assert!(cell.encrypt_with_context(message, []).is_err()); + assert!(cell.encrypt_with_context([], context).is_err()); - assert!(cell.decrypt_with_context(&message, &[]).is_err()); - assert!(cell.decrypt_with_context(&[], &context).is_err()); + assert!(cell.decrypt_with_context(message, []).is_err()); + assert!(cell.decrypt_with_context([], context).is_err()); } } @@ -197,7 +197,7 @@ mod seal { #[test] fn initialization() { assert!(SecureCell::with_key(SymmetricKey::new()).is_ok()); - assert!(SecureCell::with_key(&[]).is_err()); + assert!(SecureCell::with_key([]).is_err()); } #[test] @@ -206,8 +206,8 @@ mod seal { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context).unwrap(); - let decrypted = cell.decrypt_with_context(&encrypted, &context).unwrap(); + let encrypted = cell.encrypt_with_context(message, context).unwrap(); + let decrypted = cell.decrypt_with_context(encrypted, context).unwrap(); assert_eq!(decrypted, message); } @@ -217,7 +217,7 @@ mod seal { let cell = SecureCell::with_key(SymmetricKey::new()).unwrap().seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell.encrypt(&message).unwrap(); + let encrypted = cell.encrypt(message).unwrap(); assert!(encrypted.len() > message.len()); } @@ -230,8 +230,8 @@ mod seal { let context_long = b"Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo".as_ref(); - let encrypted_short = cell.encrypt_with_context(&message, &context_short).unwrap(); - let encrypted_long = cell.encrypt_with_context(&message, &context_long).unwrap(); + let encrypted_short = cell.encrypt_with_context(message, context_short).unwrap(); + let encrypted_long = cell.encrypt_with_context(message, context_long).unwrap(); // Context is not (directly) included into encrypted message. assert_eq!(encrypted_short.len(), encrypted_long.len()); @@ -243,18 +243,18 @@ mod seal { let message = b"Colorless green ideas sleep furiously".as_ref(); // encrypt(...) is encrypt_with_context(..., &[]) - let encrypted_1 = cell.encrypt(&message).unwrap(); - let encrypted_2 = cell.encrypt_with_context(&message, &[]).unwrap(); + let encrypted_1 = cell.encrypt(message).unwrap(); + let encrypted_2 = cell.encrypt_with_context(message, []).unwrap(); assert_eq!(cell.decrypt(&encrypted_1), Ok(message.to_vec())); assert_eq!(cell.decrypt(&encrypted_2), Ok(message.to_vec())); assert_eq!( - cell.decrypt_with_context(&encrypted_1, &[]), + cell.decrypt_with_context(&encrypted_1, []), Ok(message.to_vec()) ); assert_eq!( - cell.decrypt_with_context(&encrypted_2, &[]), + cell.decrypt_with_context(&encrypted_2, []), Ok(message.to_vec()) ); } @@ -265,7 +265,7 @@ mod seal { let cell_b = SecureCell::with_key(SymmetricKey::new()).unwrap().seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell_a.encrypt(&message).unwrap(); + let encrypted = cell_a.encrypt(message).unwrap(); // You cannot use a different key to decrypt data. assert!(cell_b.decrypt(&encrypted).is_err()); @@ -282,13 +282,13 @@ mod seal { let context_a = b"The jaws that bite, the claws that catch!".as_ref(); let context_b = b"One, two! One, two! And through and through".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context_a).unwrap(); + let encrypted = cell.encrypt_with_context(message, context_a).unwrap(); // You cannot use a different context to decrypt data. - assert!(cell.decrypt_with_context(&encrypted, &context_b).is_err()); + assert!(cell.decrypt_with_context(&encrypted, context_b).is_err()); // Only the correct context will work. - let decrypted = cell.decrypt_with_context(&encrypted, &context_a).unwrap(); + let decrypted = cell.decrypt_with_context(&encrypted, context_a).unwrap(); assert_eq!(decrypted, message); } @@ -297,7 +297,7 @@ mod seal { let cell = SecureCell::with_key(SymmetricKey::new()).unwrap().seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell.encrypt(&message).unwrap(); + let encrypted = cell.encrypt(message).unwrap(); // Invert every odd byte, this will surely break the message. let mut corrupted = encrypted; @@ -315,7 +315,7 @@ mod seal { let cell = SecureCell::with_key(SymmetricKey::new()).unwrap().seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell.encrypt(&message).unwrap(); + let encrypted = cell.encrypt(message).unwrap(); let truncated = &encrypted[..encrypted.len() - 1]; @@ -327,7 +327,7 @@ mod seal { let cell = SecureCell::with_key(SymmetricKey::new()).unwrap().seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell.encrypt(&message).unwrap(); + let encrypted = cell.encrypt(message).unwrap(); let mut extended = encrypted; extended.push(0); @@ -339,8 +339,8 @@ mod seal { fn empty_messages_not_allowed() { let cell = SecureCell::with_key(SymmetricKey::new()).unwrap().seal(); - assert!(cell.encrypt(&[]).is_err()); - assert!(cell.decrypt(&[]).is_err()); + assert!(cell.encrypt([]).is_err()); + assert!(cell.decrypt([]).is_err()); } } @@ -361,8 +361,8 @@ mod seal_with_passphrase { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context).unwrap(); - let decrypted = cell.decrypt_with_context(&encrypted, &context).unwrap(); + let encrypted = cell.encrypt_with_context(message, context).unwrap(); + let decrypted = cell.decrypt_with_context(encrypted, context).unwrap(); assert_eq!(decrypted, message); } @@ -374,7 +374,7 @@ mod seal_with_passphrase { .seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell.encrypt(&message).unwrap(); + let encrypted = cell.encrypt(message).unwrap(); assert!(encrypted.len() > message.len()); } @@ -389,8 +389,8 @@ mod seal_with_passphrase { let context_long = b"Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo".as_ref(); - let encrypted_short = cell.encrypt_with_context(&message, &context_short).unwrap(); - let encrypted_long = cell.encrypt_with_context(&message, &context_long).unwrap(); + let encrypted_short = cell.encrypt_with_context(message, context_short).unwrap(); + let encrypted_long = cell.encrypt_with_context(message, context_long).unwrap(); // Context is not (directly) included into encrypted message. assert_eq!(encrypted_short.len(), encrypted_long.len()); @@ -404,18 +404,18 @@ mod seal_with_passphrase { let message = b"Colorless green ideas sleep furiously".as_ref(); // encrypt is encrypt_with_context(..., ) - let encrypted_1 = cell.encrypt(&message).unwrap(); - let encrypted_2 = cell.encrypt_with_context(&message, &[]).unwrap(); + let encrypted_1 = cell.encrypt(message).unwrap(); + let encrypted_2 = cell.encrypt_with_context(message, []).unwrap(); assert_eq!(cell.decrypt(&encrypted_1), Ok(message.to_vec())); assert_eq!(cell.decrypt(&encrypted_2), Ok(message.to_vec())); assert_eq!( - cell.decrypt_with_context(&encrypted_1, &[]), + cell.decrypt_with_context(&encrypted_1, []), Ok(message.to_vec()) ); assert_eq!( - cell.decrypt_with_context(&encrypted_2, &[]), + cell.decrypt_with_context(&encrypted_2, []), Ok(message.to_vec()) ); } @@ -430,7 +430,7 @@ mod seal_with_passphrase { .seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell_a.encrypt(&message).unwrap(); + let encrypted = cell_a.encrypt(message).unwrap(); // You cannot use a different passphrase to decrypt data. assert!(cell_b.decrypt(&encrypted).is_err()); @@ -449,13 +449,13 @@ mod seal_with_passphrase { let context_a = b"The jaws that bite, the claws that catch!".as_ref(); let context_b = b"One, two! One, two! And through and through".as_ref(); - let encrypted = cell.encrypt_with_context(&message, &context_a).unwrap(); + let encrypted = cell.encrypt_with_context(message, context_a).unwrap(); // You cannot use a different context to decrypt data. - assert!(cell.decrypt_with_context(&encrypted, &context_b).is_err()); + assert!(cell.decrypt_with_context(&encrypted, context_b).is_err()); // Only the correct context will work. - let decrypted = cell.decrypt_with_context(&encrypted, &context_a).unwrap(); + let decrypted = cell.decrypt_with_context(&encrypted, context_a).unwrap(); assert_eq!(decrypted, message); } @@ -466,7 +466,7 @@ mod seal_with_passphrase { .seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell.encrypt(&message).unwrap(); + let encrypted = cell.encrypt(message).unwrap(); // Invert every odd byte, this will surely break the message. let mut corrupted = encrypted; @@ -486,7 +486,7 @@ mod seal_with_passphrase { .seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell.encrypt(&message).unwrap(); + let encrypted = cell.encrypt(message).unwrap(); let truncated = &encrypted[..encrypted.len() - 1]; @@ -500,7 +500,7 @@ mod seal_with_passphrase { .seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell.encrypt(&message).unwrap(); + let encrypted = cell.encrypt(message).unwrap(); let mut extended = encrypted; extended.push(0); @@ -514,8 +514,8 @@ mod seal_with_passphrase { .unwrap() .seal(); - assert!(cell.encrypt(&[]).is_err()); - assert!(cell.decrypt(&[]).is_err()); + assert!(cell.encrypt([]).is_err()); + assert!(cell.decrypt([]).is_err()); } #[test] @@ -526,11 +526,11 @@ mod seal_with_passphrase { let message = b"Colorless green ideas sleep furiously".as_ref(); // Passphrases are not keys, keys are not passphrases. - let encrypted_mk = cell_mk.encrypt(&message).unwrap(); - assert!(cell_pw.decrypt(&encrypted_mk).is_err()); + let encrypted_mk = cell_mk.encrypt(message).unwrap(); + assert!(cell_pw.decrypt(encrypted_mk).is_err()); - let encrypted_pw = cell_pw.encrypt(&message).unwrap(); - assert!(cell_mk.decrypt(&encrypted_pw).is_err()); + let encrypted_pw = cell_pw.encrypt(message).unwrap(); + assert!(cell_mk.decrypt(encrypted_pw).is_err()); } #[test] @@ -542,8 +542,8 @@ mod seal_with_passphrase { .seal(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let encrypted = cell_a.encrypt(&message).unwrap(); - let decrypted = cell_b.decrypt(&encrypted).unwrap(); + let encrypted = cell_a.encrypt(message).unwrap(); + let decrypted = cell_b.decrypt(encrypted).unwrap(); assert_eq!(decrypted, message); } @@ -558,7 +558,7 @@ mod seal_with_passphrase { // Message encrypted by PyThemis let encrypted = b"\x00\x01\x01\x41\x0C\x00\x00\x00\x10\x00\x00\x00\x25\x00\x00\x00\x16\x00\x00\x00\x78\x98\x93\x12\xC9\x60\x1E\x22\xD7\xCB\x47\x06\xC9\xEC\x46\xB5\xB5\x9A\xFC\xC8\x3F\x06\x8F\x5B\xBE\x9F\x66\xA6\x40\x0D\x03\x00\x10\x00\x1C\x6D\x16\xFF\x39\xB9\x13\xDF\xC4\x41\x56\x31\x17\xF3\xC4\x05\x28\x15\x13\xA6\x74\x29\x0B\xF0\x5A\xFB\xAC\xD9\x79\x35\x7E\xBA\xD0\x8F\x8C\xA6\x9E\x4E\x83\x2A\x12\xBA\xC7\x59\xAA\xF6\xDF\x62\x8E\xCE\x31\x7C\xCF".as_ref(); - let decrypted = cell.decrypt(&encrypted).unwrap(); + let decrypted = cell.decrypt(encrypted).unwrap(); assert_eq!(decrypted, message); } @@ -570,7 +570,7 @@ mod token_protect { #[test] fn initialization() { assert!(SecureCell::with_key(SymmetricKey::new()).is_ok()); - assert!(SecureCell::with_key(&[]).is_err()); + assert!(SecureCell::with_key([]).is_err()); } #[test] @@ -581,9 +581,9 @@ mod token_protect { let message = b"Colorless green ideas sleep furiously".as_ref(); let context = b"...and a toilet seat cover!".as_ref(); - let (encrypted, token) = cell.encrypt_with_context(&message, &context).unwrap(); + let (encrypted, token) = cell.encrypt_with_context(message, context).unwrap(); let decrypted = cell - .decrypt_with_context(&encrypted, &token, &context) + .decrypt_with_context(encrypted, token, context) .unwrap(); assert_eq!(decrypted, message); @@ -596,7 +596,7 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); assert_eq!(encrypted.len(), message.len()); assert!(!token.is_empty()); @@ -613,9 +613,9 @@ mod token_protect { b"Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo".as_ref(); let (encrypted_short, token_short) = - cell.encrypt_with_context(&message, &context_short).unwrap(); + cell.encrypt_with_context(message, context_short).unwrap(); let (encrypted_long, token_long) = - cell.encrypt_with_context(&message, &context_long).unwrap(); + cell.encrypt_with_context(message, context_long).unwrap(); // Context is not (directly) included into encrypted message. assert_eq!(encrypted_short.len(), encrypted_long.len()); @@ -630,18 +630,18 @@ mod token_protect { let message = b"Colorless green ideas sleep furiously".as_ref(); // encrypt(...) is encrypt_with_context(..., &[]) - let (encrypted_1, token_1) = cell.encrypt(&message).unwrap(); - let (encrypted_2, token_2) = cell.encrypt_with_context(&message, &[]).unwrap(); + let (encrypted_1, token_1) = cell.encrypt(message).unwrap(); + let (encrypted_2, token_2) = cell.encrypt_with_context(message, []).unwrap(); assert_eq!(cell.decrypt(&encrypted_1, &token_1), Ok(message.to_vec())); assert_eq!(cell.decrypt(&encrypted_2, &token_2), Ok(message.to_vec())); assert_eq!( - cell.decrypt_with_context(&encrypted_1, &token_1, &[]), + cell.decrypt_with_context(&encrypted_1, &token_1, []), Ok(message.to_vec()) ); assert_eq!( - cell.decrypt_with_context(&encrypted_2, &token_2, &[]), + cell.decrypt_with_context(&encrypted_2, &token_2, []), Ok(message.to_vec()) ); } @@ -656,7 +656,7 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell_a.encrypt(&message).unwrap(); + let (encrypted, token) = cell_a.encrypt(message).unwrap(); // You cannot use a different key to decrypt data. assert!(cell_b.decrypt(&encrypted, &token).is_err()); @@ -673,8 +673,8 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted_1, token_1) = cell.encrypt(&message).unwrap(); - let (encrypted_2, token_2) = cell.encrypt(&message).unwrap(); + let (encrypted_1, token_1) = cell.encrypt(message).unwrap(); + let (encrypted_2, token_2) = cell.encrypt(message).unwrap(); // You cannot use a different token to decrypt data, even the same original data. assert!(cell.decrypt(&encrypted_1, &token_2).is_err()); @@ -696,16 +696,16 @@ mod token_protect { let context_a = b"The jaws that bite, the claws that catch!".as_ref(); let context_b = b"One, two! One, two! And through and through".as_ref(); - let (encrypted, token) = cell.encrypt_with_context(&message, &context_a).unwrap(); + let (encrypted, token) = cell.encrypt_with_context(message, context_a).unwrap(); // You cannot use a different context to decrypt data. assert!(cell - .decrypt_with_context(&encrypted, &token, &context_b) + .decrypt_with_context(&encrypted, &token, context_b) .is_err()); // Only the correct context will work. let decrypted = cell - .decrypt_with_context(&encrypted, &token, &context_a) + .decrypt_with_context(&encrypted, &token, context_a) .unwrap(); assert_eq!(decrypted, message); } @@ -717,7 +717,7 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); // Invert every odd byte, this will surely break the message. let mut corrupted_data = encrypted; @@ -727,7 +727,7 @@ mod token_protect { } } - assert!(cell.decrypt(&corrupted_data, &token).is_err()); + assert!(cell.decrypt(&corrupted_data, token).is_err()); } #[test] @@ -737,11 +737,11 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); let truncated_data = &encrypted[..encrypted.len() - 1]; - assert!(cell.decrypt(&truncated_data, &token).is_err()); + assert!(cell.decrypt(truncated_data, token).is_err()); } #[test] @@ -751,12 +751,12 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); let mut extended_data = encrypted; extended_data.push(0); - assert!(cell.decrypt(&extended_data, &token).is_err()); + assert!(cell.decrypt(&extended_data, token).is_err()); } #[test] @@ -771,7 +771,7 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); // Invert every odd byte, this will surely break the token. let mut corrupted_token = token; @@ -781,7 +781,7 @@ mod token_protect { } } - assert!(cell.decrypt(&encrypted, &corrupted_token).is_err()); + assert!(cell.decrypt(encrypted, &corrupted_token).is_err()); } #[test] @@ -791,11 +791,11 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); let truncated_token = &token[..token.len() - 1]; - assert!(cell.decrypt(&encrypted, &truncated_token).is_err()); + assert!(cell.decrypt(encrypted, truncated_token).is_err()); } #[test] @@ -805,14 +805,14 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); let mut extended_token = token; extended_token.push(0); // Current implementation of Secure Cell allows the token to be overlong. // Extra data is simply ignored. - let decrypted = cell.decrypt(&encrypted, &extended_token).unwrap(); + let decrypted = cell.decrypt(encrypted, &extended_token).unwrap(); assert_eq!(decrypted, message); } @@ -828,9 +828,9 @@ mod token_protect { .token_protect(); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); - assert!(cell.decrypt(&token, &encrypted).is_err()); + assert!(cell.decrypt(token, encrypted).is_err()); } #[test] @@ -839,12 +839,12 @@ mod token_protect { .unwrap() .token_protect(); - assert!(cell.encrypt(&[]).is_err()); + assert!(cell.encrypt([]).is_err()); let message = b"Colorless green ideas sleep furiously".as_ref(); - let (encrypted, token) = cell.encrypt(&message).unwrap(); + let (encrypted, token) = cell.encrypt(message).unwrap(); - assert!(cell.decrypt(&encrypted, &[]).is_err()); - assert!(cell.decrypt(&[], &token).is_err()); + assert!(cell.decrypt(encrypted, []).is_err()); + assert!(cell.decrypt([], token).is_err()); } } diff --git a/tests/rust/secure_message.rs b/tests/rust/secure_message.rs index 1713ad66e..bf6a4b7a2 100644 --- a/tests/rust/secure_message.rs +++ b/tests/rust/secure_message.rs @@ -23,8 +23,8 @@ fn mode_encrypt_decrypt() { let secure = SecureMessage::new(gen_rsa_key_pair()); let plaintext = b"test message please ignore"; - let encrypted = secure.encrypt(&plaintext).expect("encryption"); - let recovered_message = secure.decrypt(&encrypted).expect("decryption"); + let encrypted = secure.encrypt(plaintext).expect("encryption"); + let recovered_message = secure.decrypt(encrypted).expect("decryption"); assert_eq!(recovered_message, plaintext); } @@ -36,8 +36,8 @@ fn mode_sign_verify() { let verify = SecureVerify::new(public); let plaintext = b"test message please ignore"; - let signed_message = sign.sign(&plaintext).unwrap(); - let recovered_message = verify.verify(&signed_message).unwrap(); + let signed_message = sign.sign(plaintext).unwrap(); + let recovered_message = verify.verify(signed_message).unwrap(); assert_eq!(recovered_message, plaintext); } @@ -48,8 +48,8 @@ fn invalid_key() { let secure2 = SecureMessage::new(gen_ec_key_pair()); let plaintext = b"test message please ignore"; - let encrypted = secure1.encrypt(&plaintext).expect("encryption"); - let error = secure2.decrypt(&encrypted).expect_err("decryption error"); + let encrypted = secure1.encrypt(plaintext).expect("encryption"); + let error = secure2.decrypt(encrypted).expect_err("decryption error"); assert_eq!(error.kind(), ErrorKind::Fail); } @@ -62,7 +62,7 @@ fn corrupted_data() { // Using index "10" for example leads to a crash with SIGBUS, so Themis definitely // could use some audit because it does not really handle corrupted messages well. let plaintext = b"test message please ignore"; - let mut encrypted = secure.encrypt(&plaintext).expect("encryption"); + let mut encrypted = secure.encrypt(plaintext).expect("encryption"); encrypted[5] = !encrypted[5]; let error = secure.decrypt(&encrypted).expect_err("decryption error"); diff --git a/tests/rust/secure_session.rs b/tests/rust/secure_session.rs index ac8718fd3..7d4f6b94d 100644 --- a/tests/rust/secure_session.rs +++ b/tests/rust/secure_session.rs @@ -28,8 +28,8 @@ fn invalid_client_id() { let (private, _) = gen_ec_key_pair().split(); let transport = MockTransport::new(); - let error = SecureSession::new(&[], &private, transport) - .expect_err("construction with empty client ID"); + let error = + SecureSession::new([], &private, transport).expect_err("construction with empty client ID"); assert_eq!(error.kind(), ErrorKind::InvalidParameter); } @@ -43,8 +43,8 @@ fn no_transport() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); // The client and the server. let mut client = SecureSession::new(name_client, &private_client, transport_client) @@ -85,11 +85,11 @@ fn no_transport() { // Try sending a message back and forth. let plaintext = b"test message please ignore"; - let wrapped = client.wrap(&plaintext).expect("wrap 1 -> 2 message"); + let wrapped = client.wrap(plaintext).expect("wrap 1 -> 2 message"); let unwrapped = server.unwrap(&wrapped).expect("unwrap 1 -> 2 message"); assert_eq!(unwrapped, plaintext); - let wrapped = server.wrap(&plaintext).expect("wrap 2 -> 1 message"); + let wrapped = server.wrap(plaintext).expect("wrap 2 -> 1 message"); let unwrapped = client.unwrap(&wrapped).expect("unwrap 2 -> 1 message"); assert_eq!(unwrapped, plaintext); @@ -115,8 +115,8 @@ fn with_transport() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -140,7 +140,7 @@ fn with_transport() { // Try sending a message back and forth. let message = b"test message please ignore"; - client.send(&message).expect("send message"); + client.send(message).expect("send message"); let received = server.receive(1024).expect("receive message"); @@ -156,8 +156,8 @@ fn connection_state_reporting() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_server, &name_client, &public_client); - expect_peer(&mut transport_client, &name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); let state_client = monitor_state_changes(&mut transport_client); let state_server = monitor_state_changes(&mut transport_server); @@ -202,9 +202,9 @@ fn server_does_not_identify_client() { let mut transport_server = MockTransport::new(); expect_no_peers(&mut transport_server); - let mut client = SecureSession::new(&name_client, &private_client, transport_client) + let mut client = SecureSession::new(name_client, &private_client, transport_client) .expect("Secure Session client"); - let mut server = SecureSession::new(&name_server, &private_server, transport_server) + let mut server = SecureSession::new(name_server, &private_server, transport_server) .expect("Secure Session server"); let connect_request = client.connect_request().expect("connect request"); @@ -229,11 +229,11 @@ fn client_does_not_identify_server() { expect_no_peers(&mut transport_client); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_server, name_client, &public_client); - let mut client = SecureSession::new(&name_client, &private_client, transport_client) + let mut client = SecureSession::new(name_client, &private_client, transport_client) .expect("Secure Session client"); - let mut server = SecureSession::new(&name_server, &private_server, transport_server) + let mut server = SecureSession::new(name_server, &private_server, transport_server) .expect("Secure Session server"); let connect_request = client.connect_request().expect("connect request"); @@ -282,8 +282,8 @@ fn forward_error_receive_at_connection() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -318,8 +318,8 @@ fn forward_error_send_at_negotiation() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -355,8 +355,8 @@ fn forward_error_receive_at_negotiation() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -391,8 +391,8 @@ fn forward_error_send_at_exchange() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -433,8 +433,8 @@ fn forward_error_receive_at_exchange() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -477,8 +477,8 @@ fn cannot_send_empty_message() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -510,8 +510,8 @@ fn cannot_receive_empty_message() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -548,7 +548,7 @@ fn panic_in_get_pubkey_by_id_client() { let mut transport_server = MockTransport::new(); transport_client.when_get_public_key_for_id(|_| panic!()); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); @@ -573,7 +573,7 @@ fn panic_in_get_pubkey_by_id_server() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); + expect_peer(&mut transport_client, name_server, &public_server); transport_server.when_get_public_key_for_id(|_| panic!()); connect_with_channels(&mut transport_client, &mut transport_server); @@ -634,8 +634,8 @@ fn panic_in_status_change() { let mut transport_client = MockTransport::new(); let mut transport_server = MockTransport::new(); - expect_peer(&mut transport_client, &name_server, &public_server); - expect_peer(&mut transport_server, &name_client, &public_client); + expect_peer(&mut transport_client, name_server, &public_server); + expect_peer(&mut transport_server, name_client, &public_client); connect_with_channels(&mut transport_client, &mut transport_server); diff --git a/tools/rust/scell_context_string_echo.rs b/tools/rust/scell_context_string_echo.rs index 3176d4afc..1eec1fe8a 100644 --- a/tools/rust/scell_context_string_echo.rs +++ b/tools/rust/scell_context_string_echo.rs @@ -35,7 +35,7 @@ fn main() { let message = matches.value_of("message").unwrap(); let context = matches.value_of("context").unwrap(); - let cell = SecureCell::with_key(&key) + let cell = SecureCell::with_key(key) .unwrap_or_else(|_| { eprintln!("invalid parameters: empty master key"); exit(1); @@ -45,7 +45,7 @@ fn main() { match mode { "enc" => { let encrypted = cell - .encrypt_with_context(&message, &context) + .encrypt_with_context(message, context) .unwrap_or_else(|error| { eprintln!("failed to encrypt message: {error}"); exit(1); @@ -58,7 +58,7 @@ fn main() { exit(1); }); let decrypted = cell - .decrypt_with_context(&decoded_message, &context) + .decrypt_with_context(decoded_message, context) .unwrap_or_else(|error| { eprintln!("failed to decrypt message: {error}"); exit(1); diff --git a/tools/rust/scell_seal_string_echo.rs b/tools/rust/scell_seal_string_echo.rs index 6e4190051..27c66f7d7 100644 --- a/tools/rust/scell_seal_string_echo.rs +++ b/tools/rust/scell_seal_string_echo.rs @@ -35,7 +35,7 @@ fn main() { let message = matches.value_of("message").unwrap(); let context = matches.value_of("context").unwrap_or_default(); - let cell = SecureCell::with_key(&key) + let cell = SecureCell::with_key(key) .unwrap_or_else(|_| { eprintln!("invalid parameters: empty master key"); exit(1); @@ -45,7 +45,7 @@ fn main() { match mode { "enc" => { let encrypted = cell - .encrypt_with_context(&message, &context) + .encrypt_with_context(message, context) .unwrap_or_else(|error| { eprintln!("failed to encrypt message: {error}"); exit(1); @@ -58,7 +58,7 @@ fn main() { exit(1); }); let decrypted = cell - .decrypt_with_context(&decoded_message, &context) + .decrypt_with_context(decoded_message, context) .unwrap_or_else(|error| { eprintln!("failed to decrypt message: {error}"); exit(1); diff --git a/tools/rust/scell_seal_string_echo_pw.rs b/tools/rust/scell_seal_string_echo_pw.rs index 29cd8e5ff..b6c861f0f 100644 --- a/tools/rust/scell_seal_string_echo_pw.rs +++ b/tools/rust/scell_seal_string_echo_pw.rs @@ -35,7 +35,7 @@ fn main() { let message = matches.value_of("message").unwrap(); let context = matches.value_of("context").unwrap_or_default(); - let cell = SecureCell::with_passphrase(&passphrase) + let cell = SecureCell::with_passphrase(passphrase) .unwrap_or_else(|_| { eprintln!("invalid parameters: empty passphrase"); exit(1); @@ -45,7 +45,7 @@ fn main() { match command { "enc" => { let encrypted = cell - .encrypt_with_context(&message, &context) + .encrypt_with_context(message, context) .unwrap_or_else(|error| { eprintln!("failed to encrypt message: {error}"); exit(1); @@ -58,7 +58,7 @@ fn main() { exit(1); }); let decrypted = cell - .decrypt_with_context(&decoded_message, &context) + .decrypt_with_context(decoded_message, context) .unwrap_or_else(|error| { eprintln!("failed to decrypt message: {error}"); exit(1); diff --git a/tools/rust/scell_token_string_echo.rs b/tools/rust/scell_token_string_echo.rs index 6aedc36c3..d59333457 100644 --- a/tools/rust/scell_token_string_echo.rs +++ b/tools/rust/scell_token_string_echo.rs @@ -39,7 +39,7 @@ fn main() { let message = parts.next().unwrap(); let token = parts.next().unwrap_or(""); - let cell = SecureCell::with_key(&key) + let cell = SecureCell::with_key(key) .unwrap_or_else(|_| { eprintln!("invalid parameters: empty master key"); exit(1); @@ -48,12 +48,12 @@ fn main() { match mode { "enc" => { - let (encrypted, token) = cell - .encrypt_with_context(&message, &context) - .unwrap_or_else(|error| { - eprintln!("failed to encrypt message: {error}"); - exit(1); - }); + let (encrypted, token) = + cell.encrypt_with_context(message, context) + .unwrap_or_else(|error| { + eprintln!("failed to encrypt message: {error}"); + exit(1); + }); println!("{},{}", base64::encode(&encrypted), base64::encode(&token)); } "dec" => { @@ -66,7 +66,7 @@ fn main() { exit(1); }); let decrypted = cell - .decrypt_with_context(&decoded_message, &decoded_token, &context) + .decrypt_with_context(decoded_message, decoded_token, context) .unwrap_or_else(|error| { eprintln!("failed to decrypt message: {error}"); exit(1); diff --git a/tools/rust/smessage_encryption.rs b/tools/rust/smessage_encryption.rs index 9358e98ec..c6536d854 100644 --- a/tools/rust/smessage_encryption.rs +++ b/tools/rust/smessage_encryption.rs @@ -48,7 +48,7 @@ fn main() { let key_pair = KeyPair::try_join(private_key, public_key).expect("matching keys"); let encrypter = SecureMessage::new(key_pair); - let encrypted = encrypter.encrypt(&message).unwrap_or_else(|error| { + let encrypted = encrypter.encrypt(message).unwrap_or_else(|error| { eprintln!("failed to encrypt message: {error}"); exit(1); }); @@ -63,7 +63,7 @@ fn main() { eprintln!("failed to decode message: {error}"); exit(1); }); - let decrypted = encrypter.decrypt(&decoded_message).unwrap_or_else(|error| { + let decrypted = encrypter.decrypt(decoded_message).unwrap_or_else(|error| { eprintln!("failed to decrypt message: {error}"); exit(1); }); @@ -73,7 +73,7 @@ fn main() { "sign" => { let signer = SecureSign::new(private_key); - let signed = signer.sign(&message).unwrap_or_else(|error| { + let signed = signer.sign(message).unwrap_or_else(|error| { eprintln!("failed to sign message: {error}"); exit(1); }); @@ -87,7 +87,7 @@ fn main() { eprintln!("failed to decode message: {error}"); exit(1); }); - let verified = signer.verify(&decoded_message).unwrap_or_else(|error| { + let verified = signer.verify(decoded_message).unwrap_or_else(|error| { eprintln!("failed to verify message: {error}"); exit(1); }); From 784033b1ac300fd975777de6db123d41dd1f46c8 Mon Sep 17 00:00:00 2001 From: Anatolii Lishchynskyi Date: Tue, 28 Nov 2023 21:45:12 +0200 Subject: [PATCH 7/7] New methods of building/installing PyThemis (#1023) Refactor Makefile: * new target pythemis_make_wheel to create a .whl Python package, current modern format to be installed into virtual environmants * new target pythemis_install_wheel to install it in currently active virtualenv * new target deb_python that builds a .deb package for system-wide installation of PyThemis * new target pythemis_install_deb, alias for pythemis_deb + apt install of the created pkg * new target rpm_python, similar to deb_python * new target pythemis_install_rpm, pythemis_install_deb Update GitHub Actions workflow, test .whl and .deb installation See cossacklabs/product-docs/pull/317 for related docs update --- .github/workflows/test-python.yaml | 63 +++++++++++++++++++ CHANGELOG.md | 4 ++ Makefile | 98 +++++++++++++++++++++++++++++- 3 files changed, 163 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-python.yaml b/.github/workflows/test-python.yaml index f3aeb8cc6..56bd2f020 100644 --- a/.github/workflows/test-python.yaml +++ b/.github/workflows/test-python.yaml @@ -47,6 +47,69 @@ jobs: - name: Run test suite run: make test_python + unit-tests-venv: + name: Unit tests (virtualenv install) + # TODO: Switch to something more fresh, Ubuntu 22.04 or Debian Bookworm, + # after issue with deprecates in C++ tests is fixed + runs-on: ubuntu-20.04 + steps: + - name: Install system dependencies + run: | + sudo sh -c 'echo "DEBIAN_FRONTEND=noninteractive" >> /etc/environment' + sudo apt update + sudo apt install --yes gcc make libssl-dev \ + python3 python3-setuptools python3-pip python3-venv + - name: Check out code + uses: actions/checkout@v2 + - name: Prepare Themis Core + run: | + make + sudo make install + make prepare_tests_all + - name: Create virtualenv + run: mkdir /tmp/test_venv && python3 -m venv /tmp/test_venv + - name: Install PyThemis into virtualenv + run: | + make pythemis_make_wheel + source /tmp/test_venv/bin/activate && make pythemis_install_wheel + - name: Run test suite + run: source /tmp/test_venv/bin/activate && make test_python + - name: Uninstall PyThemis + run: source /tmp/test_venv/bin/activate && pip uninstall -y pythemis + + unit-tests-deb-pkg: + name: Unit tests (deb package) + # TODO: Switch to something more fresh, Ubuntu 22.04 or Debian Bookworm, + # after issue with deprecates in C++ tests is fixed + runs-on: ubuntu-20.04 + steps: + - name: Install system dependencies + run: | + sudo sh -c 'echo "DEBIAN_FRONTEND=noninteractive" >> /etc/environment' + sudo apt update + sudo apt install --yes gcc make libssl-dev \ + python3 python3-setuptools \ + ruby + sudo gem install fpm + - name: Check out code + uses: actions/checkout@v2 + - name: Prepare Themis Core + run: | + make + sudo make install + make prepare_tests_all + - name: Install libthemis deb + run: | + make deb WITHOUT_THEMISPP=1 WITHOUT_JAVA=1 + sudo apt install ./build/deb/libthemis_*.deb + - name: Install PyThemis (deb package) + run: | + sudo make pythemis_install_deb + - name: Run test suite + run: make test_python + - name: Uninstall PyThemis + run: sudo apt remove -y python3-pythemis + examples: name: Code examples runs-on: ubuntu-20.04 diff --git a/CHANGELOG.md b/CHANGELOG.md index eedf6ef98..37b742068 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,10 @@ _Code:_ - `pythemis.scomparator` and `pythemis.skeygen` are now imported with `from pythemis import *` ([#914](https://github.com/cossacklabs/themis/pull/914)). + - New installation methods, accessible with make ([#1023](https://github.com/cossacklabs/themis/pull/1023)). + - create/install `.whl` package for virtualenv + - create/install `.deb` or `.rpm` package for system-wide installation + - **Ruby** - Improved compatibility with non-standard installations on Apple M1 ([#917](https://github.com/cossacklabs/themis/pull/917)). diff --git a/Makefile b/Makefile index 658411a81..4b8d0af54 100644 --- a/Makefile +++ b/Makefile @@ -45,6 +45,8 @@ $(BUILD_PATH)/configure.mk: # then increment LIBRARY_SO_VERSION as well, and update package names. VERSION := $(shell test -d .git && git describe --tags || cat VERSION) LIBRARY_SO_VERSION = 0 +# Version in format X.Y.Z, without build number and commit hash +VERSION_SHORT := $(shell cat VERSION) #----- Toolchain --------------------------------------------------------------- @@ -412,7 +414,7 @@ fmt: $(FMT_FIXUP) fmt_check: $(FMT_CHECK) clean: CMD = rm -rf $(BIN_PATH) -clean: nist_rng_test_suite_clean clean_rust +clean: nist_rng_test_suite_clean clean_rust clean_python @$(BUILD_CMD) clean_rust: @@ -421,6 +423,12 @@ ifdef RUST_VERSION @rm -f tools/rust/*.rust endif +clean_python: +ifdef PYTHON3_VERSION + @rm -rf src/wrappers/themis/python/dist + @rm -rf src/wrappers/themis/python/pythemis.egg-info +endif + get_version: @echo $(VERSION) @@ -621,6 +629,25 @@ endif @echo -n "pythemis install " @$(BUILD_CMD_) +pythemis_make_wheel: CMD = cd src/wrappers/themis/python/ && python3 setup.py bdist_wheel +pythemis_make_wheel: +ifeq ($(PYTHON3_VERSION),) + @echo "python3 not found" + @exit 1 +endif + @echo -n "pythemis make wheel " + @$(BUILD_CMD_) + @echo Result: src/wrappers/themis/python/dist/pythemis-$(VERSION_SHORT)-py2.py3-none-any.whl + +pythemis_install_wheel: CMD = pip install src/wrappers/themis/python/dist/pythemis-$(VERSION_SHORT)-py2.py3-none-any.whl +pythemis_install_wheel: +ifeq ($(PYTHON3_VERSION),) + @echo "python3 not found" + @exit 1 +endif + @echo -n "pythemis install wheel " + @$(BUILD_CMD_) + ######################################################################## # # Packaging Themis Core: Linux distributions @@ -743,7 +770,7 @@ deb: PREFIX = /usr deb: libdir = $(PREFIX)$(DEB_LIBDIR) deb: jnidir = $(PREFIX)$(DEB_LIBDIR)/jni -deb: install themispp_install themis_jni_install +deb: install $(if $(WITHOUT_THEMISPP), , themispp_install) $(if $(WITHOUT_JAVA), , themis_jni_install) @printf "ldconfig" > $(POST_INSTALL_SCRIPT) @printf "ldconfig" > $(POST_UNINSTALL_SCRIPT) @@ -764,6 +791,7 @@ deb: install themispp_install themis_jni_install --after-install $(POST_INSTALL_SCRIPT) \ --after-remove $(POST_UNINSTALL_SCRIPT) \ --category $(PACKAGE_CATEGORY) \ + --force \ $(foreach file,$(DEV_PACKAGE_FILES),$(DESTDIR)/$(file)=$(file)) @fpm --input-type dir \ @@ -781,8 +809,10 @@ deb: install themispp_install themis_jni_install --after-remove $(POST_UNINSTALL_SCRIPT) \ --deb-priority optional \ --category $(PACKAGE_CATEGORY) \ + --force \ $(foreach file,$(LIB_PACKAGE_FILES),$(DESTDIR)/$(file)=$(file)) +ifndef WITHOUT_THEMISPP @fpm --input-type dir \ --output-type deb \ --name $(DEB_THEMISPP_PACKAGE_NAME) \ @@ -798,8 +828,11 @@ deb: install themispp_install themis_jni_install --after-install $(POST_INSTALL_SCRIPT) \ --after-remove $(POST_UNINSTALL_SCRIPT) \ --category $(PACKAGE_CATEGORY) \ + --force \ $(foreach file,$(THEMISPP_PACKAGE_FILES),$(DESTDIR)/$(file)=$(file)) +endif +ifndef WITHOUT_JAVA @fpm --input-type dir \ --output-type deb \ --name $(JNI_PACKAGE_NAME) \ @@ -815,10 +848,44 @@ deb: install themispp_install themis_jni_install --after-remove $(POST_UNINSTALL_SCRIPT) \ --deb-priority optional \ --category $(PACKAGE_CATEGORY) \ + --force \ $(foreach file,$(JNI_PACKAGE_FILES),$(DESTDIR)/$(file)=$(file)) +endif @find $(BIN_PATH) -name \*.deb +# Use builtin feature of fpm to create a .deb package from a Python package dir. +# Dependencies are automatically added, i.e. PyThemis depends on `six`, so fpm will add `python3-six` to deps. +deb_python: DEB_ARCHITECTURE = all +deb_python: DESTDIR = $(BIN_PATH)/deb/pythemis_root +deb_python: + @mkdir -p $(BIN_PATH)/deb + @fpm --input-type python \ + --output-type deb \ + --python-bin=python3 \ + --python-package-name-prefix=python3 \ + --name python3-pythemis \ + --license $(LICENSE_NAME) \ + --url '$(COSSACKLABS_URL)' \ + --description '$(SHORT_DESCRIPTION)' \ + --maintainer $(MAINTAINER) \ + --package $(BIN_PATH)/deb/python3-pythemis_$(NAME_SUFFIX) \ + --architecture $(DEB_ARCHITECTURE) \ + --version $(VERSION)+$(OS_CODENAME) \ + --depends python3 --depends libthemis \ + --deb-priority optional \ + --category $(PACKAGE_CATEGORY) \ + --force \ + src/wrappers/themis/python + + @echo $(BIN_PATH)/deb/python3-pythemis_$(NAME_SUFFIX) + +# Using `apt` since it could install dependencies (we depend on python3-six), +# while dpkg would just complain about missing dependency and fail +pythemis_install_deb: DEB_ARCHITECTURE = all +pythemis_install_deb: deb_python + apt install ./$(BIN_PATH)/deb/python3-pythemis_$(NAME_SUFFIX) + rpm: MODE_PACKAGING = 1 rpm: DESTDIR = $(BIN_PATH)/rpm/root rpm: PREFIX = /usr @@ -896,6 +963,33 @@ rpm: install themispp_install themis_jni_install @find $(BIN_PATH) -name \*.rpm +rpm_python: ARCHITECTURE = all +rpm_python: + @mkdir -p $(BIN_PATH)/rpm + @fpm --input-type python \ + --output-type rpm \ + --python-bin=python3 \ + --python-package-name-prefix=python3 \ + --name python3-pythemis \ + --license $(LICENSE_NAME) \ + --url '$(COSSACKLABS_URL)' \ + --description '$(SHORT_DESCRIPTION)' \ + --rpm-summary '$(RPM_SUMMARY)' \ + --maintainer $(MAINTAINER) \ + --package $(BIN_PATH)/rpm/python3-pythemis_$(NAME_SUFFIX) \ + --version $(RPM_VERSION) \ + --depends python3 --depends libthemis \ + --category $(PACKAGE_CATEGORY) \ + --force \ + src/wrappers/themis/python + + @echo $(BIN_PATH)/rpm/python3-pythemis_$(NAME_SUFFIX) + +pythemis_install_rpm: ARCHITECTURE = all +pythemis_install_rpm: rpm_python + yum install ./$(BIN_PATH)/rpm/python3-pythemis_$(NAME_SUFFIX) + + ######################################################################## # # Packaging Themis Core: Windows (NSIS)