.github/workflows/main.yml

@@ -25,8 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: fsfe/reuse-action@v4
-
+      - uses: fsfe/reuse-action@v5
 
   c-lint:
     name: 🚨 C lint
@@ -159,7 +158,7 @@ jobs:
   arm32-test:
     name: 🦾 ARM32 build test
     needs: [reuse, c-lint, lua-lint]
-    if: "github.event_name == 'pull_request'"
+    if: "contains(github.event.pull_request.labels.*.name, 'TEST_ARM32') && github.event_name == 'pull_request'"
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4

Makefile

@@ -35,6 +35,10 @@ debug-asan: ## Address sanitizer debug build
 	$(MAKE) -f build/posix.mk ASAN=1
 	$(MAKE) -f build/posix.mk libzenroom.so ASAN=1
 
+quick-asan: # quick debug rebuild skipping deps and embed-lua
+	$(MAKE) -f build/posix.mk ASAN=1 BUILD_DEPS=""
+	$(MAKE) -f build/posix.mk libzenroom.so ASAN=1 BUILD_DEPS=""
+
 musl: ## Static executable for Musl
 	$(MAKE) -f build/musl.mk
 

bindings/javascript/src/index.spec.ts

@@ -10,7 +10,8 @@ import {
   introspect,
   zencode_valid_code,
   safe_zencode_valid_code,
-  decode_error
+  decode_error,
+  zencode_get_statements,
 } from "./index";
 import { TextEncoder } from "util";
 var enc = new TextEncoder();
@@ -531,3 +532,23 @@ test("decode zencode error", async (t) => {
     t.is(jsonError[4], '[!] Execution aborted with errors.', errorLines);
   }
 })
+
+test("get all the statements", async (t) => {
+  const res = await zencode_get_statements();
+  const jsonResult = JSON.parse(res.result);
+  t.truthy(jsonResult.Foreach);
+  t.truthy(jsonResult.If);
+  t.truthy(jsonResult.Given);
+  t.truthy(jsonResult.When);
+  t.truthy(jsonResult.Then);
+})
+
+test("get all the statements from the then scenario", async (t) => {
+  const res = await zencode_get_statements("then");
+  const jsonResult = JSON.parse(res.result);
+  t.deepEqual(jsonResult.Foreach, []);
+  t.deepEqual(jsonResult.If, []);
+  t.deepEqual(jsonResult.Given, []);
+  t.deepEqual(jsonResult.When, []);
+  t.is(jsonResult.Then && jsonResult.Then.length !== 0, true);
+})

bindings/javascript/src/index.ts

@@ -288,3 +288,28 @@ export const decode_error = (err: {result: string, logs: string}): string => {
     return err.logs;
   }
 }
+
+export const zencode_get_statements = async (
+  scenario: string | null = null
+): Promise<ZenroomResult> => {
+  const Module = await getModule();
+  return new Promise((resolve, reject) => {
+    let result = "";
+    let logs = "";
+    const _exec = Module.cwrap("zencode_get_statements", "number", [
+      "string"
+    ]);
+    Module.print = (t: string) => (result += t);
+    Module.printErr = (t: string) => (logs += t);
+    Module.exec_ok = () => {
+      resolve({ result, logs });
+    };
+    Module.exec_error = () => {
+      reject({ result, logs });
+    };
+    Module.onAbort = () => {
+      reject({ result, logs });
+    };
+    _exec(scenario);
+  });
+}

build/embed-lualibs

@@ -34,8 +34,9 @@ libs=$(find src/lua -type f -name '*.lua')
 
 # emscripten doesn't supports embedding this way
 # will use --preload-file instead
-
 zen_extensions=""
+scenarios=""
+
 [ -r luac45 ] || {
 	curl -Ls -o luac54 https://github.com/dyne/luabinaries/releases/latest/download/luac54
 	chmod +x luac54
@@ -63,16 +64,23 @@ for i in ${libs}; do
 	echo "" >>  ${dst}
 	cd - > /dev/null
 	rm -rf $tmp
-	ext_nes="{\"${n}\", &${n}_len, (const char *)${n}},"
-	ext_es="{\"${n}\", &fakelen, \"/$p\"},"
+	ext_nes="\t{\"${n}\", &${n}_len, (const char *)${n}},"
+	ext_es="\t{\"${n}\", &fakelen, \"/$p\"},"
 	zen_extensions="${zen_extensions}\n#ifndef __EMSCRIPTEN__\n${ext_nes}\n#else\n${ext_es}\n#endif"
+
+	[ "$(echo "$n" | cut -d'_' -f1)" = "zencode" ] && {
+		scenarios="${scenarios}\n\t\"$(echo "$n" | cut -d'_' -f2-)\","
+	}
 done
 
 cat <<EOF >> ${dst}
 #endif // __EMSCRIPTEN__
 
-zen_extension_t zen_extensions[] = {
-	$(printf "%b" "$zen_extensions")
+zen_extension_t zen_extensions[] = {$(printf "%b" "$zen_extensions")
 	{ NULL, NULL, NULL }
 };
+
+const char* const zen_scenarios[] = {$(printf "%b" "$scenarios")
+	NULL
+};
 EOF

build/init.mk

@@ -11,7 +11,7 @@ ZEN_SOURCES := \
     src/zen_io.o src/zen_parse.o src/zen_config.o \
     src/zen_octet.o src/zen_ecp.o src/zen_ecp2.o src/zen_big.o \
     src/zen_fp12.o src/zen_random.o src/zen_hash.o \
-    src/zen_ecdh_factory.o src/zen_ecdh.o \
+    src/zen_ecdh_factory.o src/zen_ecdh.o src/zen_x509.o \
     src/zen_aes.o src/zen_qp.o src/zen_ed.o src/zen_float.o src/zen_time.o \
     src/api_hash.o src/api_sign.o src/randombytes.o \
     src/cortex_m.o src/p256-m.o src/zen_p256.o src/zen_rsa.o src/zen_bbs.o
@@ -42,6 +42,7 @@ ldadd += ${milib}/libamcl_curve_${ecp_curve}.a
 ldadd += ${milib}/libamcl_pairing_${ecp_curve}.a
 ldadd += ${milib}/libamcl_curve_${ecdh_curve}.a
 ldadd += ${milib}/libamcl_rsa_2048.a ${milib}/libamcl_rsa_4096.a
+ldadd += ${milib}/libamcl_x509.a
 ldadd += ${milib}/libamcl_core.a
 ldadd += ${pwd}/lib/pqclean/libqpz.a
 ldadd += ${pwd}/lib/ed25519-donna/libed25519.a
@@ -80,7 +81,7 @@ rsa_bits := "2048,4096"
 # NUMS384E NUMS512W NUMS512E SECP256K1 BN254 BN254CX BLS381 BLS383
 # BLS24 BLS48 FP256BN FP512BN BLS461
 # see lib/milagro-crypto-c/cmake/AMCLParameters.cmake
-milagro_cmake_flags += -DBUILD_SHARED_LIBS=OFF -DBUILD_PYTHON=OFF -DBUILD_DOXYGEN=OFF -DBUILD_DOCS=OFF -DBUILD_BENCHMARKS=OFF -DBUILD_EXAMPLES=OFF -DWORD_SIZE=32 -DBUILD_PAILLIER=OFF -DBUILD_X509=OFF -DBUILD_WCC=OFF -DBUILD_MPIN=OFF -DAMCL_CURVE=${ecdh_curve},${ecp_curve} -DAMCL_RSA=${rsa_bits} -DAMCL_PREFIX=AMCL_ -DCMAKE_SHARED_LIBRARY_LINK_FLAGS="" -DC99=1 -DPAIRING_FRIENDLY_BLS381='BLS' -DCOMBA=1 -DBUILD_TESTING=OFF
+milagro_cmake_flags += -DBUILD_SHARED_LIBS=OFF -DBUILD_PYTHON=OFF -DBUILD_DOXYGEN=OFF -DBUILD_DOCS=OFF -DBUILD_BENCHMARKS=OFF -DBUILD_EXAMPLES=OFF -DWORD_SIZE=32 -DBUILD_PAILLIER=OFF -DBUILD_X509=ON -DBUILD_WCC=OFF -DBUILD_MPIN=OFF -DAMCL_CURVE=${ecdh_curve},${ecp_curve} -DAMCL_RSA=${rsa_bits} -DAMCL_PREFIX=AMCL_ -DCMAKE_SHARED_LIBRARY_LINK_FLAGS="" -DC99=1 -DPAIRING_FRIENDLY_BLS381='BLS' -DCOMBA=1 -DBUILD_TESTING=OFF
 
 #-----------------
 # quantum-proof

build/wasm.mk

@@ -2,7 +2,7 @@
 include build/init.mk
 
 # Add here any function used from JS
-WASM_EXPORTS := '["_malloc","_zenroom_exec","_zencode_exec","_zenroom_hash_init","_zenroom_hash_update","_zenroom_hash_final","_zencode_valid_input","_zencode_valid_code"]'
+WASM_EXPORTS := '["_malloc","_zenroom_exec","_zencode_exec","_zenroom_hash_init","_zenroom_hash_update","_zenroom_hash_final","_zencode_valid_input","_zencode_valid_code","_zencode_get_statements"]'
 
 # EMSDK should point to installation of EMSDK i.e.: /opt/emsdk
 EMSCRIPTEN ?= ${EMSDK}/upstream/emscripten

lib/milagro-crypto-c/include/x509.h

@@ -1,23 +1,23 @@
 /*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
+ * Copyright (c) 2012-2020 MIRACL UK Ltd.
+ *
+ * This file is part of MIRACL Core
+ * (see https://github.com/miracl/core).
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 
-/* AMCL x509 header file */
+/* CORE x509 header file */
 
 /**
  * @file x509.h
@@ -29,6 +29,42 @@ under the License.
 #ifndef X509_H
 #define X509_H
 
+// Supported Encryption Methods
+
+#define X509_ECC 1      /**< Uses Elliptic Curve Cryptography */
+#define X509_RSA 2      /**< Uses RSA Cryptography */
+#define X509_ECD 3      /**< Uses Ed25519 cryptography */
+#define X509_PQ 4       /**< Uses Post Quantum Cryptography */
+
+// Supported Hash functions
+
+#define X509_H256 2     /**< Using SHA256 hashing */
+#define X509_H384 3     /**< Using SHA384 hashing */
+#define X509_H512 4     /**< Using SHA512 hashing */
+#define X509_SHAKE256 5 /**< Using SHA3-SHAKE256 hashing */
+
+// Supported Curves
+
+#define USE_NIST256 0    /**< For the NIST 256-bit standard curve - WEIERSTRASS only */
+#define USE_ED25519 1       /**< Bernstein's Modulus 2^255-19 - EDWARDS */
+#define USE_ED448 4         /**< Goldilocks Modulus Ed448 - EDWARDS */
+#define USE_BRAINPOOL 2  /**< For Brainpool 256-bit curve - WEIERSTRASS only */
+#define USE_ANSSI 3      /**< For French 256-bit standard curve - WEIERSTRASS only */
+#define USE_NIST384 10   /**< For the NIST 384-bit standard curve - WEIERSTRASS only */
+#define USE_NIST521 12   /**< For the NIST 521-bit standard curve - WEIERSTRASS only */
+
+extern octet X509_CN;       /**< Country Name */
+extern octet X509_ON;       /**< Organisation Name */
+extern octet X509_EN;       /**< Email */
+extern octet X509_LN;       /**< Local Name */
+extern octet X509_UN;       /**< Unit Name */
+extern octet X509_MN;       /**< My name */
+extern octet X509_SN;       /**< State Name */
+
+extern octet X509_AN;  /**< Alternate Name */
+extern octet X509_KU;  /**< Key Usage */
+extern octet X509_BC;  /**< Basic Constraints */
+
 /**
  * @brief Public key type
  */
@@ -41,34 +77,62 @@ typedef struct
 
 
 /* X.509 functions */
+
+/** @brief Extract private key
+ *
+	@param c an X.509 private key 
+	@param pk the extracted private key - for RSA octet = p|q|dp|dq|c, for ECC octet = k
+	@return indicator of private key type (ECC or RSA)
+*/
+extern pktype X509_extract_private_key(octet *c,octet *pk);
+
 /** @brief Extract certificate signature
  *
 	@param c an X.509 certificate
 	@param s the extracted signature
-	@return 0 on failure, or indicator of signature type (ECC or RSA)
+	@return indicator of signature type (ECC or RSA)
 
 */
-extern pktype X509_extract_cert_sig(octet *c,octet *s);
+extern pktype X509_extract_cert_sig(octet *c, octet *s);
 /** @brief
  *
 	@param sc a signed certificate
 	@param c the extracted certificate
 	@return 0 on failure
 */
-extern int X509_extract_cert(octet *sc,octet *c);
+extern int X509_extract_cert(octet *sc, octet *c);
+
+
+/** @brief
+ *
+	@param c an X.509 certificate
+	@param ptr pointer to ASN.1 raw public key
+	@return length of raw public key
+*/
+extern int X509_find_public_key(octet *c,int *ptr);
+
+/** @brief
+ *
+	@param c an ASN.1 encoded public key
+	@param key the extracted public key
+	@return indicator of public key type (ECC or RSA)
+*/
+extern pktype X509_get_public_key(octet *c,octet *key);
+
 /** @brief
  *
 	@param c an X.509 certificate
 	@param k the extracted key
-	@return 0 on failure, or indicator of public key type (ECC or RSA)
+	@return indicator of public key type (ECC or RSA)
 */
-extern pktype X509_extract_public_key(octet *c,octet *k);
+extern pktype X509_extract_public_key(octet *c, octet *k);
 /** @brief
  *
 	@param c an X.509 certificate
+    @param len length of issuer field
 	@return 0 on failure, or pointer to issuer field in cert
 */
-extern int X509_find_issuer(octet *c);
+extern int X509_find_issuer(octet *c,int *len);
 /** @brief
  *
 	@param c an X.509 certificate
@@ -78,9 +142,18 @@ extern int X509_find_validity(octet *c);
 /** @brief
  *
 	@param c an X.509 certificate
+    @param len length of subject field
 	@return 0 on failure, or pointer to subject field in cert
 */
-extern int X509_find_subject(octet *c);
+extern int X509_find_subject(octet *c,int *len);
+
+/** @brief
+ *
+	@param c an X.509 certificate
+	@return true if self-signed, else false
+*/
+extern int X509_self_signed(octet *c);
+
 /** @brief
  *
 	@param c an X.509 certificate
@@ -89,21 +162,45 @@ extern int X509_find_subject(octet *c);
 	@param f is pointer to the length of the property
 	@return 0 on failure, or pointer to the property
 */
-extern int X509_find_entity_property(octet *c,octet *S,int s,int *f);
+extern int X509_find_entity_property(octet *c, octet *S, int s, int *f);
 /** @brief
  *
 	@param c an X.509 certificate
 	@param s is a pointer to the start of the validity field
 	@return 0 on failure, or pointer to the start date
 */
-extern int X509_find_start_date(octet *c,int s);
+extern int X509_find_start_date(octet *c, int s);
 /** @brief
  *
 	@param c an X.509 certificate
 	@param s is a pointer to the start of the validity field
 	@return 0 on failure, or pointer to the expiry date
 */
-extern int X509_find_expiry_date(octet *c,int s);
+extern int X509_find_expiry_date(octet *c, int s);
 
+/** @brief
+ *
+	@param c an X.509 certificate
+	@return 0 on failure (or no extensions), or pointer to extensions field in cert
+*/
+extern int X509_find_extensions(octet *c);
+/** @brief
+ *
+	@param c an X.509 certificate
+	@param S is OID of particular extension we are looking for
+	@param s is a pointer to the section of interest in the cert
+	@param f is pointer to the length of the extension
+	@return 0 on failure, or pointer to the extension
+*/
+extern int X509_find_extension(octet *c, octet *S, int s, int *f);
+
+/** @brief
+ *
+	@param c an X.509 certificate
+    @param s is a pointer to certificate extension SubjectAltNames
+    @param name is a URL
+    @return 0 on failure, 1 if URL is in list of alt names
+*/
+extern int X509_find_alt_name(octet *c,int s,char *name);
 
 #endif