logos-storage/nim-bearssl
1
0
Fork 0
mirror of https://github.com/logos-storage/nim-bearssl.git synced 2026-01-11 01:43:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: logos-storage:master
Branches Tags
logos-storage:master
logos-storage:ci/add-windows-gcc-14
logos-storage:fix-unittest2-version-range
logos-storage:v0.2.5
logos-storage:v0.2.4
logos-storage:v0.2.3
logos-storage:v0.2.2
logos-storage:v0.2.1
logos-storage:v0.1.5
..
compare: logos-storage:v0.2.2
Branches Tags
logos-storage:ci/add-windows-gcc-14
logos-storage:master
logos-storage:fix-unittest2-version-range
logos-storage:v0.2.5
logos-storage:v0.2.4
logos-storage:v0.2.3
logos-storage:v0.2.2
logos-storage:v0.2.1
logos-storage:v0.1.5

No commits in common. "master" and "v0.2.2" have entirely different histories.
master ... v0.2.2

16 changed files with 4890 additions and 5151 deletions
Show Stats Expand all files Collapse all files

36
.github/workflows/ci.yml vendored
View File

@ -18,32 +18,22 @@ jobs:
target:
- os: linux
cpu: amd64
- os: linux-gcc-14 # this is to use ubuntu 24 and install gcc 14. Must be removed when ubuntu-latest is 24.04
cpu: amd64
- os: linux
cpu: i386
- os: macos
cpu: amd64
- os: macos
cpu: arm64
- os: windows
cpu: amd64
#- os: windows
#cpu: i386
branch: [version-1-6, version-2-0, devel]
include:
- target:
os: linux
builder: ubuntu-latest
- target:
os: linux-gcc-14 # this is to use ubuntu 24 and install gcc 14. Must be removed when ubuntu-latest is 24.04
builder: ubuntu-24.04
builder: ubuntu-20.04
- target:
os: macos
cpu: amd64
builder: macos-13
- target:
os: macos
cpu: arm64
builder: macos-latest
builder: macos-12
- target:
os: windows
builder: windows-latest
@ -57,7 +47,7 @@ jobs:
continue-on-error: ${{ matrix.branch == 'devel' }}
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v3
with:
submodules: true
@ -84,7 +74,7 @@ jobs:
- name: Restore llvm-mingw (Windows) from cache
if: runner.os == 'Windows'
id: windows-mingw-cache
uses: actions/cache@v4
uses: actions/cache@v3
with:
path: external/mingw-${{ matrix.target.cpu }}
key: 'mingw-llvm-17-${{ matrix.target.cpu }}'
@ -110,7 +100,7 @@ jobs:
- name: Restore Nim DLLs dependencies (Windows) from cache
if: runner.os == 'Windows'
id: windows-dlls-cache
uses: actions/cache@v4
uses: actions/cache@v3
with:
path: external/dlls-${{ matrix.target.cpu }}
key: 'dlls-${{ matrix.target.cpu }}'
@ -135,8 +125,6 @@ jobs:
run: |
if [[ '${{ matrix.target.cpu }}' == 'amd64' ]]; then
PLATFORM=x64
elif [[ '${{ matrix.target.cpu }}' == 'arm64' ]]; then
PLATFORM=arm64
else
PLATFORM=x86
fi
@ -168,20 +156,10 @@ jobs:
bash build_nim.sh nim csources dist/nimble NimBinaries
echo '${{ github.workspace }}/nim/bin' >> $GITHUB_PATH
- name: Use gcc 14
if : ${{ matrix.target.os == 'linux-gcc-14' }}
run: |
# Add GCC-14 to alternatives
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 14
# Set GCC-14 as the default
sudo update-alternatives --set gcc /usr/bin/gcc-14
- name: Run tests
run: |
nim --version
nimble --version
gcc --version
nimble install -y --depsOnly
env NIMLANG=c nimble test
# C++ support requires fixing const pointer proc assignments

6
bearssl.nimble
View File

@ -1,7 +1,7 @@
mode = ScriptMode.Verbose
packageName = "bearssl"
version = "0.2.5"
version = "0.2.2"
author = "Status Research & Development GmbH"
description = "BearSSL wrapper"
license = "MIT or Apache License 2.0"
@ -24,9 +24,9 @@ proc build(args, path: string) =
exec nimc & " " & lang & " " & cfg & " " & flags & " " & args & " " & path
proc run(args, path: string) =
build args & " --mm:refc -r", path
build args & " -r", path
if (NimMajor, NimMinor) > (1, 6):
build args & " --mm:orc -r", path
build args & " --mm:refc -r", path
from std/strutils import endsWith

6
bearssl/abi/bearssl_ec.nim
View File

@ -325,14 +325,10 @@ const
EC_KBUF_PUB_MAX_SIZE* = 145
proc ecKeygen*(rngCtx: PrngClassPointerConst; impl: ptr EcImpl; sk: ptr EcPrivateKey;
proc ecKeygen*(rngCtx: ptr ptr PrngClass; impl: ptr EcImpl; sk: ptr EcPrivateKey;
kbuf: pointer; curve: cint): uint {.importcFunc, importc: "br_ec_keygen",
header: "bearssl_ec.h".}
proc ecKeygen*(rngCtx: ptr ptr PrngClass; impl: ptr EcImpl; sk: ptr EcPrivateKey;
kbuf: pointer; curve: cint): uint =
ecKeygen(PrngClassPointerConst(rngCtx), impl, sk, kbuf, curve)
proc ecComputePub*(impl: ptr EcImpl; pk: ptr EcPublicKey; kbuf: pointer;
sk: ptr EcPrivateKey): uint {.importcFunc,
importc: "br_ec_compute_pub", header: "bearssl_ec.h".}

13
bearssl/abi/bearssl_hash.nim
View File

@ -23,20 +23,19 @@ const
{.compile: bearHashPath & "sha2small.c".}
type
ConstPtrPtrHashClass* {.importc: "const br_hash_class**", header: "bearssl_hash.h", bycopy.} = pointer
HashClass* {.importc: "br_hash_class", header: "bearssl_hash.h", bycopy.} = object
contextSize* {.importc: "context_size".}: uint
desc* {.importc: "desc".}: uint32
init* {.importc: "init".}: proc (ctx: ConstPtrPtrHashClass) {.importcFunc.}
update* {.importc: "update".}: proc (ctx: ConstPtrPtrHashClass; data: pointer;
init* {.importc: "init".}: proc (ctx: ptr ptr HashClass) {.importcFunc.}
update* {.importc: "update".}: proc (ctx: ptr ptr HashClass; data: pointer;
len: uint) {.importcFunc.}
`out`* {.importc: "out".}: proc (ctx: ConstPtrPtrHashClass; dst: pointer) {.importcFunc.}
state* {.importc: "state".}: proc (ctx: ConstPtrPtrHashClass; dst: pointer): uint64 {.
`out`* {.importc: "out".}: proc (ctx: ptr ptr HashClass; dst: pointer) {.importcFunc.}
state* {.importc: "state".}: proc (ctx: ptr ptr HashClass; dst: pointer): uint64 {.
importcFunc.}
setState* {.importc: "set_state".}: proc (ctx: ConstPtrPtrHashClass; stb: pointer;
setState* {.importc: "set_state".}: proc (ctx: ptr ptr HashClass; stb: pointer;
count: uint64) {.importcFunc.}
template hashdesc_Id*(id: untyped): untyped =
((uint32)(id) shl hashdesc_Id_Off)

7
bearssl/abi/bearssl_rand.nim
View File

@ -21,7 +21,6 @@ type
update* {.importc: "update".}: proc (ctx: ptr ptr PrngClass; seed: pointer;
seedLen: uint) {.importcFunc.}
PrngClassPointerConst* {.importc: "const br_prng_class**", header: "bearssl_rand.h", bycopy.} = pointer
type
@ -52,10 +51,10 @@ proc hmacDrbgGetHash*(ctx: var HmacDrbgContext): ptr HashClass {.inline.} =
type
PrngSeeder* {.importc: "br_prng_seeder".} = proc (ctx: PrngClassPointerConst): cint {.importcFunc.}
constCstringArray* {.importc: "const char**", nodecl.} = pointer
PrngSeeder* {.importc: "br_prng_seeder".} = proc (ctx: ptr ptr PrngClass): cint {.importcFunc.}
proc prngSeederSystem*(name: constCstringArray): PrngSeeder {.importcFunc,
proc prngSeederSystem*(name: cstringArray): PrngSeeder {.importcFunc,
importc: "br_prng_seeder_system", header: "bearssl_rand.h".}
# type

8
bearssl/abi/bearssl_rsa.nim
View File

@ -357,20 +357,20 @@ template rsaKbufPubSize*(size: untyped): untyped =
type
RsaKeygen* {.importc: "br_rsa_keygen".} = proc (rngCtx: PrngClassPointerConst; sk: ptr RsaPrivateKey; kbufPriv: pointer;
RsaKeygen* {.importc: "br_rsa_keygen".} = proc (rngCtx: ptr ptr PrngClass; sk: ptr RsaPrivateKey; kbufPriv: pointer;
pk: ptr RsaPublicKey; kbufPub: pointer; size: cuint; pubexp: uint32): uint32 {.
importcFunc.}
proc rsaI15Keygen*(rngCtx: PrngClassPointerConst; sk: ptr RsaPrivateKey; kbufPriv: pointer;
proc rsaI15Keygen*(rngCtx: ptr ptr PrngClass; sk: ptr RsaPrivateKey; kbufPriv: pointer;
pk: ptr RsaPublicKey; kbufPub: pointer; size: cuint; pubexp: uint32): uint32 {.
importcFunc, importc: "br_rsa_i15_keygen", header: "bearssl_rsa.h".}
proc rsaI31Keygen*(rngCtx: PrngClassPointerConst; sk: ptr RsaPrivateKey; kbufPriv: pointer;
proc rsaI31Keygen*(rngCtx: ptr ptr PrngClass; sk: ptr RsaPrivateKey; kbufPriv: pointer;
pk: ptr RsaPublicKey; kbufPub: pointer; size: cuint; pubexp: uint32): uint32 {.
importcFunc, importc: "br_rsa_i31_keygen", header: "bearssl_rsa.h".}
proc rsaI62Keygen*(rngCtx: PrngClassPointerConst; sk: ptr RsaPrivateKey; kbufPriv: pointer;
proc rsaI62Keygen*(rngCtx: ptr ptr PrngClass; sk: ptr RsaPrivateKey; kbufPriv: pointer;
pk: ptr RsaPublicKey; kbufPub: pointer; size: cuint; pubexp: uint32): uint32 {.
importcFunc, importc: "br_rsa_i62_keygen", header: "bearssl_rsa.h".}

12
bearssl/abi/bearssl_ssl.nim
View File

@ -544,7 +544,7 @@ type
alert* {.importc: "alert".}: byte
closeReceived* {.importc: "close_received".}: byte
mhash* {.importc: "mhash".}: MultihashContext
x509ctx* {.importc: "x509ctx".}: X509ClassPointerConst
x509ctx* {.importc: "x509ctx".}: ptr ptr X509Class
chain* {.importc: "chain".}: ptr X509Certificate
chainLen* {.importc: "chain_len".}: uint
certCur* {.importc: "cert_cur".}: ptr byte
@ -612,12 +612,9 @@ proc sslEngineSetSuites*(cc: var SslEngineContext; suites: ptr uint16;
suitesNum: uint) {.importcFunc,
importc: "br_ssl_engine_set_suites", header: "bearssl_ssl.h".}
proc sslEngineSetX509*(cc: var SslEngineContext;
x509ctx: X509ClassPointerConst) =
proc sslEngineSetX509*(cc: var SslEngineContext; x509ctx: ptr ptr X509Class) {.inline.} =
cc.x509ctx = x509ctx
proc sslEngineSetX509*(cc: var SslEngineContext; x509ctx: ptr ptr X509Class) =
cc.x509ctx = X509ClassPointerConst(x509ctx)
proc sslEngineSetProtocolNames*(ctx: var SslEngineContext; names: cstringArray;
num: uint) {.inline.} =
@ -1080,7 +1077,6 @@ type
params: ptr SslSessionParameters): cint {.importcFunc.}
SslSessionCacheClassPointerConst* {.importc: "const br_ssl_session_cache_class**", header: "bearssl_ssl.h", bycopy.} = pointer
SslSessionCacheLru* {.importc: "br_ssl_session_cache_lru",
@ -1108,7 +1104,7 @@ type
bycopy.} = object
eng* {.importc: "eng".}: SslEngineContext
clientMaxVersion* {.importc: "client_max_version".}: uint16
cacheVtable* {.importc: "cache_vtable".}: SslSessionCacheClassPointerConst
cacheVtable* {.importc: "cache_vtable".}: ptr ptr SslSessionCacheClass
clientSuites* {.importc: "client_suites".}: array[MAX_CIPHER_SUITES,
SuiteTranslated]
clientSuitesNum* {.importc: "client_suites_num".}: byte
@ -1226,7 +1222,7 @@ proc sslServerSetTrustAnchorNamesAlt*(cc: var SslServerContext;
proc sslServerSetCache*(cc: var SslServerContext;
vtable: SslSessionCacheClassPointerConst) {.inline.} =
vtable: ptr ptr SslSessionCacheClass) {.inline.} =
cc.cacheVtable = vtable

2
bearssl/abi/bearssl_x509.nim
View File

@ -200,7 +200,7 @@ type
getPkey* {.importc: "get_pkey".}: proc (ctx: ptr ptr X509Class; usages: ptr cuint): ptr X509Pkey {.
importcFunc.}
X509ClassPointerConst* {.importc: "const br_x509_class**", header: "bearssl_x509.h", bycopy.} = pointer
type
X509KnownkeyContext* {.importc: "br_x509_knownkey_context",

5
bearssl/abi/brssl.nim
View File

@ -18,11 +18,8 @@ type
vtable* {.importc: "vtable".}: ptr X509Class
inner* {.importc: "inner".}: ptr ptr X509Class
proc x509NoanchorInit*(xwc: var X509NoanchorContext; inner: X509ClassPointerConst) {.importcFunc,
proc x509NoanchorInit*(xwc: var X509NoanchorContext; inner: ptr ptr X509Class) {.importcFunc,
importc: "x509_noanchor_init", header: "brssl_cpp.h".}
proc x509NoanchorInit*(xwc: var X509NoanchorContext; inner: ptr ptr X509Class) =
x509NoanchorInit(xwc, X509ClassPointerConst(inner))
proc initNoAnchor*(xwc: var X509NoanchorContext, inner: ptr ptr X509Class) {.
importcFunc, importc: "x509_noanchor_init", header: "brssl_cpp.h", deprecated: "x509NoanchorInit".}

4
bearssl/certs/cacert.nim
View File

@ -20,9 +20,9 @@
import ../abi/csources
from ../abi/bearssl_x509 import X509TrustAnchor
{.compile: bearPath & "/../certs/cacert20240311.c".}
{.compile: bearPath & "/../certs/cacert20221116.c".}
const MozillaTrustAnchorsCount* = 147 # TAs_NUM
const MozillaTrustAnchorsCount* = 142 # TAs_NUM
var MozillaTrustAnchors* {.importc: "TAs".}: array[
MozillaTrustAnchorsCount, X509TrustAnchor]

9873
bearssl/certs/cacert20240311.c → bearssl/certs/cacert20221116.c
View File

File diff suppressed because it is too large Load Diff

4
bearssl/rand.nim
View File

@ -32,14 +32,14 @@ proc new*(T: type HmacDrbgContext): ref HmacDrbgContext =
##
## The context is seeded with randomness from the OS / system.
## Returns `nil` if the OS / system has no randomness API.
let seeder = prngSeederSystem(constCstringArray(nil))
let seeder = prngSeederSystem(nil)
if seeder == nil:
return nil
let rng = (ref HmacDrbgContext)()
hmacDrbgInit(rng[], addr sha256Vtable, nil, 0)
if seeder(PrngClassPointerConst(addr rng.vtable)) == 0:
if seeder(addr rng.vtable) == 0:
return nil
rng

2
tests/test_brssl.nim
View File

@ -9,4 +9,4 @@ suite "x509":
var x509: X509MinimalContext
x509MinimalInit(x509, nil, nil, 0)
x509NoanchorInit(xwc, X509ClassPointerConst(addr x509.vtable))
x509NoanchorInit(xwc, addr x509.vtable)

20
tests/test_ec.nim
View File

@ -1,20 +0,0 @@
import
unittest2,
../bearssl/[rand, ec]
{.used.}
type
EcPrivateKey* = ref object
buffer*: array[EC_KBUF_PRIV_MAX_SIZE, byte]
key*: ec.EcPrivateKey
suite "ec":
test "test ecKeygen interface":
let rng = HmacDrbgContext.new()
var ecimp = ecGetDefault()
var res = new EcPrivateKey
check ecKeygen(
PrngClassPointerConst(addr rng.vtable), ecimp, addr res.key, addr res.buffer[0], cint(EC_secp256r1)
) != 0

2
tests/test_rand.nim
View File

@ -20,7 +20,7 @@ suite "random":
v2 != default(array[1024, byte]) # probable
for i in 0..<1000:
doAssert int(rng[].generate(bool)) in [0, 1]
doAssert cast[int](rng[].generate(bool)) in [0, 1]
var bools: array[64 * 1024, bool]
rng[].generate(bools)

41
tests/test_rsa.nim
View File

@ -1,41 +0,0 @@
import
unittest2,
../bearssl/[rand, rsa]
{.used.}
const
DefaultKeySize* = 3072 ## Default RSA key size in bits.
DefaultPublicExponent* = 65537'u32
type
RsaPrivateKey* = ref object
buffer*: seq[byte]
seck*: rsa.RsaPrivateKey
pubk*: rsa.RsaPublicKey
pexp*: ptr byte
pexplen*: uint
suite "rsa":
test "test rsaKeygenGetDefault interface":
let rng = HmacDrbgContext.new()
let
sko = 0
pko = rsaKbufPrivSize(DefaultKeySize)
eko = pko + rsaKbufPubSize(DefaultKeySize)
length = eko + ((DefaultKeySize + 7) shr 3)
let res = new RsaPrivateKey
res.buffer = newSeq[byte](length)
var keygen = rsaKeygenGetDefault()
check keygen(
addr rng.vtable,
addr res.seck,
addr res.buffer[sko],
addr res.pubk,
addr res.buffer[pko],
cuint(DefaultKeySize),
DefaultPublicExponent,
) != 0