diff --git a/.github/workflows/CI-Linux.yml b/.github/workflows/CI-Linux.yml index 21e5683..1016f87 100644 --- a/.github/workflows/CI-Linux.yml +++ b/.github/workflows/CI-Linux.yml @@ -23,7 +23,7 @@ jobs: - name: Install dependencies run: sudo apt-get update && sudo apt-get install -y cmake - name: Configure - run: cmake -S . -B build -DBUILD_TESTS=ON -DCMAKE_CXX_STANDARD=${{ matrix.std }} + run: cmake -S . -B build -DHMACCPP_BUILD_TESTS=ON -DCMAKE_CXX_STANDARD=${{ matrix.std }} - name: Build run: cmake --build build - name: Run tests @@ -38,7 +38,7 @@ jobs: ./vcpkg/bootstrap-vcpkg.sh ./vcpkg/vcpkg install gtest - name: Configure - run: cmake -S . -B build -DBUILD_TESTS=ON -DCMAKE_TOOLCHAIN_FILE=./vcpkg/scripts/buildsystems/vcpkg.cmake + run: cmake -S . -B build -DHMACCPP_BUILD_TESTS=ON -DCMAKE_TOOLCHAIN_FILE=./vcpkg/scripts/buildsystems/vcpkg.cmake - name: Build run: cmake --build build - name: Run tests diff --git a/.github/workflows/CI-Win.yml b/.github/workflows/CI-Win.yml index 528f119..416052e 100644 --- a/.github/workflows/CI-Win.yml +++ b/.github/workflows/CI-Win.yml @@ -30,7 +30,7 @@ jobs: mingw-w64-x86_64-make - name: Configure shell: msys2 {0} - run: cmake -S . -B build -DBUILD_TESTS=ON -DCMAKE_CXX_STANDARD=${{ matrix.std }} + run: cmake -S . -B build -DHMACCPP_BUILD_TESTS=ON -DCMAKE_CXX_STANDARD=${{ matrix.std }} - name: Build shell: msys2 {0} run: cmake --build build diff --git a/.github/workflows/CI-macOS.yml b/.github/workflows/CI-macOS.yml index 7429c80..8eafd35 100644 --- a/.github/workflows/CI-macOS.yml +++ b/.github/workflows/CI-macOS.yml @@ -26,7 +26,7 @@ jobs: brew uninstall --ignore-dependencies cmake || true brew install cmake - name: Configure - run: cmake -S . -B build -DBUILD_TESTS=ON -DCMAKE_CXX_STANDARD=${{ matrix.std }} + run: cmake -S . -B build -DHMACCPP_BUILD_TESTS=ON -DCMAKE_CXX_STANDARD=${{ matrix.std }} - name: Build run: cmake --build build - name: Run tests @@ -42,7 +42,7 @@ jobs: ./vcpkg/bootstrap-vcpkg.sh ./vcpkg/vcpkg install gtest - name: Configure - run: cmake -S . -B build -DBUILD_TESTS=ON -DCMAKE_TOOLCHAIN_FILE=./vcpkg/scripts/buildsystems/vcpkg.cmake + run: cmake -S . -B build -DHMACCPP_BUILD_TESTS=ON -DCMAKE_TOOLCHAIN_FILE=./vcpkg/scripts/buildsystems/vcpkg.cmake - name: Build run: cmake --build build - name: Run tests diff --git a/CMakeLists.txt b/CMakeLists.txt index 274faa1..f12dadd 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,5 +1,5 @@ cmake_minimum_required(VERSION 3.5) -project(hmac_cpp VERSION 0.3.0 LANGUAGES CXX) +project(hmac_cpp VERSION 0.4.0 LANGUAGES CXX) option(HMACCPP_BUILD_EXAMPLES "Build the example program" OFF) option(HMACCPP_BUILD_TESTS "Build the test suite" OFF) diff --git a/README.md b/README.md index 8bc24c1..70390ac 100644 --- a/README.md +++ b/README.md @@ -255,21 +255,21 @@ bool v2 = hmac::is_token_valid(t2, secret_key, fingerprint, 60); --- -### Encoding helpers +### Encoding utilities `hmac_cpp::encoding` provides simple conversions: -* **Base64** — standard `+/` and URL-safe `-_` alphabets; `pad=true/false` toggles - `=` padding. `strict=true` rejects whitespace, mixed padding and `+`/`/` when - using the URL alphabet; `strict=false` ignores ASCII spaces, accepts these +* **Base64** (RFC 4648)—standard `+/` and URL-safe `-_` alphabets; `pad=true/false` + toggles `=` padding. `strict=true` rejects whitespace, mixed padding and `+`/`/` + when using the URL alphabet; `strict=false` ignores ASCII spaces, accepts these aliases and tolerates missing padding. -* **Base32** — RFC 4648 alphabet `A–Z2–7`; encoder emits upper-case. Decoder - with `strict=true` requires `=` padding and upper-case; with `strict=false` - it tolerates lower-case and whitespace. -* **Base36** — human‑friendly IDs using `0–9A–Z`; not a cryptographic format. +* **Base32** (RFC 4648)—alphabet `A–Z2–7`; encoder emits upper-case. Decoder with + `strict=true` requires `=` padding and upper-case; with `strict=false` it tolerates + lower-case and whitespace. +* **Base36**—fixed 2-char/byte scheme using `0–9A–Z`; not a cryptographic format. Leading zero bytes are preserved (e.g. `{0,0,1}` → `"001"`). -#### Encoding +#### Example ```cpp std::string b64 = hmac_cpp::base64_encode(buf.data(), buf.size(), @@ -283,28 +283,6 @@ hmac_cpp::base32_decode(b32, raw, /*require_padding=*/true, /*strict=*/false); std::string b36 = hmac_cpp::base36_encode(buf.data(), buf.size()); hmac_cpp::base36_decode(b36, raw); ``` - -Returned strings and buffers are not zeroized; if you store secrets, prefer -`secure_buffer` and wipe explicitly. Zeroization is a best‑effort and may be -removed by optimizations or the C++ runtime allocator. For higher resistance to -memory scans, use `secret_string` which obfuscates data in memory and optionally -pins buffers in RAM. - -```cpp -#include - -hmac_cpp::secret_string token("super-secret-token"); - -token.with_plaintext([](const uint8_t* p, size_t n){ - // p is only valid within this callback -}); - -// If needed (creates a copy): -std::string plain = token.reveal_copy(); - -token.clear(); -``` - --- ## 📦 MQL5 Compatibility @@ -387,6 +365,13 @@ cl /EHsc example.cpp /I _install\include /link /LIBPATH:_install\lib hmac_cpp.li --- +## 🔒 Security notes + +`secure_buffer` wipes its memory on destruction. It does not page‑lock buffers, +provide guard pages, or mitigate neighboring memory attacks. + +--- + ## ⚠️ Exceptions & Contracts * `pbkdf2`, `hkdf_*`, HOTP/TOTP, and time-token helpers validate parameters and throw diff --git a/include/hmac_cpp/version.hpp b/include/hmac_cpp/version.hpp index 2afb937..dd3083a 100644 --- a/include/hmac_cpp/version.hpp +++ b/include/hmac_cpp/version.hpp @@ -2,8 +2,8 @@ #define HMAC_CPP_VERSION_HPP #define HMAC_CPP_VERSION_MAJOR 0 -#define HMAC_CPP_VERSION_MINOR 3 +#define HMAC_CPP_VERSION_MINOR 4 #define HMAC_CPP_VERSION_PATCH 0 -#define HMAC_CPP_VERSION "0.3.0" +#define HMAC_CPP_VERSION "0.4.0" #endif // HMAC_CPP_VERSION_HPP