CRY4E - A Small and Efficient Cryptographic Library for Embedded Applications
Release 0.3 - Copyright (C) 2007-2015 Ralf Hoppe <ralf.hoppe@ieee.org>
General
It has the following features:
- conforming to ISO/ANSI C99 (ISO/IEC 9899:1999)
- C++ compatible header files
- auto-configuration (using Autotools, if available)
- customizable for 8-, 16- and 32-bit architectures
- small footprint, good performance
- optimised assembler version for x86 architecture
- no dynamic memory allocation
- no use of signed integer arithmetic
- completely free of third-party rights (see also http://www.gnu.org/licenses/exceptions.en.html)
- no infringement of patents (without warranty of any kind)
Supports the following algorithms:
- RSA (PKCS #1 v1.5 and v2.1), with SHA-1 and SHA-2
- discrete logarithm (DL) based algorithms: DH (PKCS #3, SSL/TLS), DSA (FIPS 186)
- elliptic curve (EC) based algorithms over binary field
: ECDH (X9.63), ECDSA (X9.62, FIPS 186-4) - elliptic curve (EC) based algorithms over prime field
: under development - SHA-1, SHA-224, SHA-256 (FIPS 180-3, ISO 10118-3)
- AES (FIPS 197)
Unsupported:
- key generation
- X.509 certificates
- MD5, SHA-3
- (3)DES
Configure
See the output of configure --help. The following special features were added:
- enable-debug: defines
C4E_CONFIG_DEBUGand sets appropriate compiler flags inCFLAGS - enable-comba: defines
C4E_CONFIG_ENABLE_COMBAand enables Comba's multiplication/squaring method - disable-dh: defines
C4E_CONFIG_DISABLE_DHand disables support for Diffie-Hellman key agreement - disable-dsa: defines
C4E_CONFIG_DISABLE_DSAand disables support for DSA/ECDSA - disable-rsa: defines
C4E_CONFIG_DISABLE_RSAand disables support for RSA - disable-aes: defines
C4E_CONFIG_DISABLE_AESand disables support for AES - disable-ecc: defines
C4E_CONFIG_DISABLE_ECCand disables elliptic curve cryptography
Make
When using Autotools then most GNU targets are supported, for example:
make[all] builds CRY4Emakeinstallinstalls CRY4Emakecleandeletes object files and the executablemakedistgenerates a distribution packagemakedistcleandelete all stuffconfigurehas createdmakedistcheckchecks the CRY4E package for distributionmakemaintainer-cleandeletes all object files, the executable and all distribution files that can be regenerated by Autotools
API
You can see the API documentation on this Modules page.
MISRA-C:2004 Compliance
Rule No. | Deviation | Topic | Remarks | Checking |
1.1 (req) | use of ISO 9899:1999 | ISO 9899:1990 conformance | ANSI/ISO C99 | GCC, Lint |
1.2 (req) | no reliance on undefined behaviour | GCC, Lint | ||
1.3 (req) | n.a. | no use of multiple languages/compilers | users responsibility | |
1.4 (req) | n.a. | 31 character significance (compiler) | users responsibility | |
1.5 (adv) | n.a. | use of floating-point standard | users responsibility | |
2.1 (req) | encapsulation of assembly language | manual review | ||
2.2 (req) | no use of C++ comments | GCC, Lint | ||
2.3 (req) | no nesting comments | Lint | ||
2.4 (adv) | no commented-out code | manual review | ||
3.1 (req) | document implementation-defined behaviour | Lint | ||
3.2 (req) | document charset & encoding | see file headers | Emacs, Lint | |
3.3 (adv) | n.a. | document integer division (compiler) | users responsibility | |
3.4 (req) | document use of pragma directive | no use of pragma directive | manual review | |
3.5 (req) | document bitfield implementation (compiler) | no use of bitfields | manual review | |
3.6 (req) | n.a. | MISRA-C conformance of libraries | users responsibility | |
4.1 (req) | use of escape sequences | no use of escape sequences | Lint | |
4.2 (req) | no use of trigraphs | Lint | ||
5.1 (req) | identifiers with max. 31 characters | GCC, Lint | ||
5.2 (req) | no shadowing of outer scope identifiers | Lint | ||
5.3 (req) | typedef name shall be unique identifier | Lint | ||
5.4 (req) | tag name shall be unique identifier | Lint | ||
5.5 (adv) | reuse of static object/function identifier | Lint | ||
5.6 (adv) | no identifiers with same spelling | Lint | ||
5.7 (adv) | no reuse of identifier name | Lint | ||
6.1 (req) | plain char only for characters | manual review | ||
6.2 (req) | (un)signed char only for numerics | manual review | ||
6.3 (adv) | use types from c4e_arch.h, but w/o size indication | use types which indicate size/signedness | contra portability | Lint (w/o name style) |
6.4 (req) | bitfields only of type int | no use of bitfields | manual review | |
6.5 (req) | at least two bits in signed bitfield | no use of bitfields | manual review | |
7.1 (req) | no use of octal constants | Lint | ||
8.1 (req) | use function prototypes | GCC, Lint | ||
8.2 (req) | no use of implicit int | Lint | ||
8.3 (req) | function declaration/definition match | Lint | ||
8.4 (req) | multiple declaration compatible | no use of multiple declarations | manual review | |
8.5 (req) | no definitions in header file | Lint | ||
8.6 (req) | no function declaration at block scope | Lint | ||
8.7 (req) | deviation for variables s_c4e_aes_array_inv and s_rsa_hash_descr | define variables at block scope | Lint | |
8.8 (req) | only one external declaration | GCC, Lint | ||
8.9 (req) | only one definition | GCC, Lint | ||
8.10 (req) | use internal linkage if possible | Lint | ||
8.11 (req) | use keyword static for internal linkage | Lint | ||
8.12 (req) | external array declarations with size | no external array declarations | Lint | |
9.1 (req) | no use before definition | Lint | ||
9.2 (req) | array initialization with braces | Lint | ||
9.3 (req) | assignment of constants to enums | Lint | ||
10.1 (req) | implicit integer type conversions | Lint | ||
10.2 (req) | implicit float type conversions | no use of float type | Lint | |
10.3 (req) | explicit integer casts to narrower type | Lint | ||
10.4 (req) | explicit float casts | no use of float type | Lint | |
10.5 (req) | concept of underlying type disregarded | cast after SHIFT LEFT and NOT | Lint | |
10.6 (req) | unsigned constants with suffix "U" | manual review | ||
11.1 (req) | no function pointer casts | Lint | ||
11.2 (req) | pointer casts restrictions | Lint | ||
11.3 (adv) | pointer casts to integrals not allowed | Lint | ||
11.4 (adv) | no pointer cast to different type with stricter alignment | GCC, Lint | ||
11.5 (req) | no removing qualifiers pointer casts | GCC, Lint | ||
12.1 (adv) | use of parentheses in expressions | Lint | ||
12.2 (req) | order of expression evaluation | Lint | ||
12.3 (req) | use sizeof only in standard way | Lint | ||
12.4 (req) | no side effects in logical expressions | Lint | ||
12.5 (req) | logical expression shall be primary | Lint | ||
12.6 (adv) | boolean logical expression operands | Lint | ||
12.7 (req) | no bit-wise operations on signed | Lint | ||
12.8 (req) | range of shift left | GCC, Lint | ||
12.9 (req) | no unary minus on unsigned | Lint | ||
12.10 (req) | no use of comma operator | Lint | ||
12.11 (adv) | uint constants w/o wrap-around | Lint | ||
12.12 (req) | no access to underlaying float-coding | no use of float type | Lint | |
12.13 (adv) | no use of ++ or -- in expressions | Lint | ||
13.1 (req) | no assignments in conditions | Lint | ||
13.2 (adv) | test against zero explicit | Lint | ||
13.3 (req) | no (un)equal tests on float | no use of float type | Lint | |
13.4 (req) | for-loop never controlled by floats | no use of float type | Lint | |
13.5 (req) | for statement expressions only for loop control | Lint | ||
13.6 (req) | modification of for-loop control variable | Lint | ||
14.1 (req) | no unreachable code | GCC, Lint | ||
14.2 (req) | all statements shall have effect | Lint | ||
14.3 (req) | for, while, if statement with non-empty body | Lint | ||
14.4 (req) | no use of goto statement | Lint | ||
14.5 (req) | no use of continue statement | Lint | ||
14.6 (req) | at most one break in loop | Lint | ||
14.7 (req) | single point of function return | Lint | ||
14.8 (req) | loop body with compound statement | Lint | ||
14.9 (req) | if statement with braces | Lint | ||
14.10 (req) | if...else if must be terminated by else | Lint | ||
15.1 (req) | scope of case and default is the switch | Lint | ||
15.2 (req) | each switch case with break | Lint | ||
15.3 (req) | last switch case shall be default | Lint | ||
15.4 (req) | switch control by boolean not allowed | Lint | ||
15.5 (req) | at least one switch case required | Lint | ||
16.1 (req) | no use of varargs | Lint | ||
16.2 (req) | no use of recursive calls | Lint | ||
16.3 (req) | use of named parameters in function prototypes | GCC, Lint | ||
16.4 (req) | use same parameter names in declaration/definition | Lint | ||
16.5 (req) | use void for functions w/o parameters | GCC, Lint | ||
16.6 (req) | number of arguments/parameters shall match | GCC, Lint | ||
16.7 (adv) | use const for non-modifying pointers | Lint | ||
16.8 (req) | use return value in non-void functions | GCC, Lint | ||
16.9 (req) | no use of prefix & for function pointers | use of function name only in two ways | Lint | |
16.10 (req) | test function return status | Lint | ||
17.1 (req) | pointer arithmetic only in arrays | Lint | ||
17.2 (req) | pointer difference only on same array | Lint, with manual review | ||
17.3 (req) | pointer comparision only on same array | Lint, with manual review | ||
17.4 (req) | pointer arithmetic used | pointer arithmetic only for indexing arrays | performance issue | Lint |
17.5 (adv) | max. two levels of pointer indirection | Lint | ||
17.6 (req) | no reference to non-existing variables | Lint | ||
18.1 (req) | no use of incomplete types | Lint | ||
18.2 (req) | no assignment on overlapping memory | manual review | ||
18.3 (req) | no variable reuse for unrelated purposes | manual review | ||
18.4 (req) | no use of unions | Lint | ||
19.1 (adv) | include directive only at top of file | manual review | ||
19.2 (adv) | constraints on include file names | Lint, manual review | ||
19.3 (req) | include directive only with ".." or <..> | Lint | ||
19.4 (req) | style of preprocessor macros | Lint | ||
19.5 (req) | no use of define in "C" function blocks | Lint | ||
19.6 (req) | no use of undef preprocessor directive | Lint | ||
19.7 (adv) | function-like macros used | try to avoid function-like macros (use functions instead) | portability and performance issue | Lint |
19.8 (req) | argument list of function-like macros complete | Lint | ||
19.9 (req) | constraints on arguments of function-like macros | Lint | ||
19.10 (req) | macro parameters enclosed in parentheses | Lint | ||
19.11 (req) | do not use undefined defines | GCC, Lint | ||
19.12 (req) | use # and ## only once in macro | Lint | ||
19.13 (adv) | # and ## should not be used | Lint | ||
19.14 (req) | use # defined only in standard way | Lint | ||
19.15 (req) | multi-inclusion prevention for header files | Lint | ||
19.16 (req) | correct preprocessor directives in excluded code | Lint | ||
19.17 (req) | preprocessor directives complete in file | GCC, Lint | ||
20.1 (req) | conceptional deviation when using Autoconf | preserve reserved identifiers/keywords | Lint | |
20.2 (req) | no reuse of libc identifiers/names | Lint | ||
20.3 (req) | parameter checking before calling some libc functions | only memset, memcpy and memmove from libc used | Lint | |
20.4 (req) | no use of dynamic heap allocation | Lint | ||
20.5 (req) | no use of errno | Lint | ||
20.6 (req) | no use of macro offsetof | Lint | ||
20.7 (req) | no use of setjmp or longjmp | Lint | ||
20.8 (req) | no use of signal | Lint | ||
20.9 (req) | no use of <stdio.h> in production code | Lint | ||
20.10 (req) | no use of atof, atoi or atol | Lint | ||
20.11 (req) | no use of abort, exit, getenv or system | Lint | ||
20.12 (req) | no use of functions from <time.h> | Lint | ||
21.1 (req) | minimisation of run-time failures |
|
