virgil-crypto 2.3.0 → 3.6.2

data/ext/native/src/tests/test_cipher.cxx

@@ -175,12 +175,16 @@ TEST_CASE_ENCRYPT_DECRYPT(RSA_2048)
 
 TEST_CASE_ENCRYPT_DECRYPT(RSA_3072)
 
-TEST_CASE_ENCRYPT_DECRYPT(RSA_4096)
-
-TEST_CASE_ENCRYPT_DECRYPT(RSA_8192)
-
 #undef TEST_CASE_ENCRYPT_DECRYPT
 
+TEST_CASE("VirgilCipher: encrypt and decrypt with RSA_4096 keys", "[cipher]") {
+    test_encrypt_decrypt(VirgilKeyPair(
+            VirgilByteArrayUtils::stringToBytes(kRSA_4096_Public),
+            VirgilByteArrayUtils::stringToBytes(kRSA_4096_Private)),
+            VirgilByteArrayUtils::stringToBytes(kRSA_4096_Password)
+    );
+}
+
 TEST_CASE("VirgilCipher: encrypt and decrypt with RSA_8192 keys", "[cipher]") {
     test_encrypt_decrypt(VirgilKeyPair(
             VirgilByteArrayUtils::stringToBytes(kRSA_8192_Public),

data/ext/native/src/tests/test_contract_copy_move.cxx

@@ -118,11 +118,14 @@ TEST_CASE("Check contract: copy and move", "[copy/move]") {
     SECTION_CONTRACT_COPY_AND_MOVE(virgil::crypto::foundation::cms::VirgilCMSKeyTransRecipient);
     SECTION_CONTRACT_COPY_AND_MOVE(virgil::crypto::foundation::cms::VirgilCMSPasswordRecipient);
 
-#if defined(__GNUG__) && (__GNUC__ == 5 && __GNUC_MINOR__ >= 5 )
+#if ! defined(__GNUG__)
     // VirgilCryptoException contains field with type std::string,
     // GCC has bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58265, and it will be fixed in the version 5.5,
     // it means next condition can not by satisfied:
     //      static_assert(std::is_nothrow_move_assignable<VirgilCryptoException>::value, "Fail");
+    //  NOTE! Still fail on the gcc-5.5 on the Ubuntu Trusty!
+    //  NOTE! Still fail on the gcc-6.4 on the Ubuntu Trusty!
+    //  NOTE! Possible they use previous ABI.
     SECTION_CONTRACT_COPY_AND_MOVE(virgil::crypto::VirgilCryptoException);
     SECTION_CONTRACT_COPY_AND_MOVE(virgil::crypto::foundation::cms::VirgilCMSContentInfo);
     SECTION_CONTRACT_COPY_AND_MOVE(virgil::crypto::VirgilCustomParams);

data/ext/native/src/tests/test_key_pair.cxx

@@ -41,6 +41,7 @@
 
 #include "catch.hpp"
 #include "rsa_keys.h"
+#include "deterministic_keys.h"
 
 #include <virgil/crypto/VirgilByteArray.h>
 #include <virgil/crypto/VirgilByteArrayUtils.h>
@@ -204,7 +205,55 @@ TEST_CASE("Export Private Key", "[key-pair]") {
     }
 }
 
-TEST_CASE("Export keys RSA", "[key-pair][key-pair-rsa]") {
+TEST_CASE("Export keys RSA", "[key-pair]") {
+
+    SECTION("4096 encrypted") {
+
+        SECTION("to DER format") {
+            REQUIRE_NOTHROW(VirgilKeyPair::publicKeyToDER(
+                VirgilByteArrayUtils::stringToBytes(kRSA_4096_Public)
+            ));
+
+            REQUIRE_NOTHROW(VirgilKeyPair::privateKeyToDER(
+                VirgilByteArrayUtils::stringToBytes(kRSA_4096_Private),
+                VirgilByteArrayUtils::stringToBytes(kRSA_4096_Password)
+            ));
+        }
+
+        SECTION("to PEM format") {
+            REQUIRE_NOTHROW(VirgilKeyPair::publicKeyToPEM(
+                VirgilByteArrayUtils::stringToBytes(kRSA_4096_Public)
+            ));
+
+            REQUIRE_NOTHROW(VirgilKeyPair::privateKeyToPEM(
+                VirgilByteArrayUtils::stringToBytes(kRSA_4096_Private),
+                VirgilByteArrayUtils::stringToBytes(kRSA_4096_Password)
+            ));
+        }
+    }
+
+    SECTION("4096 plain") {
+
+        SECTION("to DER format") {
+            REQUIRE_NOTHROW(VirgilKeyPair::publicKeyToDER(
+                VirgilByteArrayUtils::stringToBytes(kRSA_4096_Public)
+            ));
+
+            REQUIRE_NOTHROW(VirgilKeyPair::privateKeyToDER(
+                VirgilByteArrayUtils::stringToBytes(kRSA_4096_Private_Plain)
+            ));
+        }
+
+        SECTION("to PEM format") {
+            REQUIRE_NOTHROW(VirgilKeyPair::publicKeyToPEM(
+                VirgilByteArrayUtils::stringToBytes(kRSA_4096_Public)
+            ));
+
+            REQUIRE_NOTHROW(VirgilKeyPair::privateKeyToPEM(
+                VirgilByteArrayUtils::stringToBytes(kRSA_4096_Private_Plain)
+            ));
+        }
+    }
 
     SECTION("8192 encrypted") {
 
@@ -235,7 +284,7 @@ TEST_CASE("Export keys RSA", "[key-pair][key-pair-rsa]") {
 
         SECTION("to DER format") {
             REQUIRE_NOTHROW(VirgilKeyPair::publicKeyToDER(
-                VirgilByteArrayUtils::stringToBytes(kRSA_8192_Public_Plain)
+                VirgilByteArrayUtils::stringToBytes(kRSA_8192_Public)
             ));
 
             REQUIRE_NOTHROW(VirgilKeyPair::privateKeyToDER(
@@ -245,7 +294,7 @@ TEST_CASE("Export keys RSA", "[key-pair][key-pair-rsa]") {
 
         SECTION("to PEM format") {
             REQUIRE_NOTHROW(VirgilKeyPair::publicKeyToPEM(
-                VirgilByteArrayUtils::stringToBytes(kRSA_8192_Public_Plain)
+                VirgilByteArrayUtils::stringToBytes(kRSA_8192_Public)
             ));
 
             REQUIRE_NOTHROW(VirgilKeyPair::privateKeyToPEM(
@@ -254,3 +303,16 @@ TEST_CASE("Export keys RSA", "[key-pair][key-pair-rsa]") {
         }
     }
 }
+
+TEST_CASE("Generate Deterministic Key Pair", "[key-pair]") {
+    VirgilByteArray strongKeyMaterial = VirgilByteArrayUtils::hexToBytes(kDeterministic_KeyMaterial);
+
+    SECTION("check FAST_EC_ED25519") {
+        VirgilKeyPair keyPair(VirgilByteArray{}, VirgilByteArray{});
+
+        REQUIRE_NOTHROW(keyPair = VirgilKeyPair::generateFromKeyMaterial(
+                VirgilKeyPair::Algorithm::FAST_EC_ED25519, strongKeyMaterial));
+        REQUIRE(kDeterministic_FAST_EC_ED25519_Public == VirgilByteArrayUtils::bytesToString(keyPair.publicKey()));
+        REQUIRE(kDeterministic_FAST_EC_ED25519_Private == VirgilByteArrayUtils::bytesToString(keyPair.privateKey()));
+    }
+}

data/ext/native/src/tests/test_pythia.cxx

@@ -0,0 +1,157 @@
+/**
+ * Copyright (C) 2015-2018 Virgil Security Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     (1) Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *
+ *     (2) Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *
+ *     (3) Neither the name of the copyright holder nor the names of its
+ *     contributors may be used to endorse or promote products derived from
+ *     this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Lead Maintainer: Virgil Security Inc. <support@virgilsecurity.com>
+ */
+
+/**
+ * @file test_pythia_c.cxx
+ * @brief Test C implementation of the Pythia algorithm
+ */
+
+#include "catch.hpp"
+
+#if VIRGIL_CRYPTO_FEATURE_PYTHIA
+
+#include <virgil/crypto/VirgilByteArray.h>
+#include <virgil/crypto/pythia/VirgilPythia.h>
+
+using virgil::crypto::bytes2hex;
+using virgil::crypto::hex2bytes;
+using virgil::crypto::str2bytes;
+using virgil::crypto::VirgilByteArray;
+using virgil::crypto::pythia::VirgilPythia;
+
+static const VirgilByteArray kDeblindedPassword = hex2bytes(
+        "13273238e3119262f86d3213b8eb6b99c093ef48737dfcfae96210f7350e096cbc7e6b992e4e6f705ac3f0a915"
+        "d1622c1644596408e3d16126ddfa9ce594e9f361b21ef9c82309e5714c09bcd7f7ec5c2666591134c645d45ed8"
+        "c9703e718ee005fe4b97fc40f69b424728831d0a889cd39be04683dd380daa0df67c38279e3b9fe32f6c407803"
+        "11f2dfbb6e89fc90ef15fb2c7958e387182dc7ef57f716fdd152a58ac1d3f0d19bfa2f789024333976c69fbe9e"
+        "24b58d6cd8fa49c5f4d642b00f8e390c199f37f7b3125758ef284ae10fd9c2da7ea280550baccd55dadd70873a"
+        "063bcfc9cac9079042af88a543a6cc09aaed6ba4954d6ee8ccc6e1145944328266616cd00f8a616f0e79e52ddd"
+        "2ef970c8ba8f8ffce35505dc643c8e2b6e430a1474a6d043a4daf9b62af87c1d45ca994d23f908f7898a3f44ca"
+        "7bb642122087ca819308b3d8afad17ca1f6148e8750870336ca68eb783c89b0dc9d92392f453c650e9f09232b9"
+        "fcffd1c2cad24b14d2b4952b7f54552295ce0e854996913c");
+
+static const VirgilByteArray kPassword = str2bytes("password");
+static const VirgilByteArray kTransformationKeyID = str2bytes("virgil.com");
+static const VirgilByteArray kTweek = str2bytes("alice");
+static const VirgilByteArray kPythiaSecret = str2bytes("master secret");
+static const VirgilByteArray kNewPythiaSecret = str2bytes("new master secret");
+static const VirgilByteArray kPythiaScopeSecret = str2bytes("server secret");
+static const VirgilByteArray kNewPythiaScopeSecret = str2bytes("new server secret");
+
+SCENARIO("VirgilPythia: init", "[pythia]") {
+    VirgilPythia pythia;
+}
+
+SCENARIO("VirgilPythia: blind / deblind", "[pythia]") {
+    VirgilPythia pythia;
+
+    auto blindResult = pythia.blind(kPassword);
+
+    auto transformationKeyPair = pythia.computeTransformationKeyPair(kTransformationKeyID, kPythiaSecret, kPythiaScopeSecret);
+
+    auto transformResult = pythia.transform(
+            blindResult.blindedPassword(), kTweek, transformationKeyPair.privateKey());
+
+    auto deblindResult =
+            pythia.deblind(transformResult.transformedPassword(), blindResult.blindingSecret());
+
+    REQUIRE(bytes2hex(kDeblindedPassword) == bytes2hex(deblindResult));
+}
+
+SCENARIO("VirgilPythia: prove / verify", "[pythia]") {
+    VirgilPythia pythia;
+
+    auto blindResult = pythia.blind(kPassword);
+
+    auto transformationKeyPair = pythia.computeTransformationKeyPair(kTransformationKeyID, kPythiaSecret, kPythiaScopeSecret);
+
+    auto transformResult = pythia.transform(
+            blindResult.blindedPassword(), kTweek, transformationKeyPair.privateKey());
+
+    auto proveResult = pythia.prove(
+            transformResult.transformedPassword(), blindResult.blindedPassword(),
+            transformResult.transformedTweak(), transformationKeyPair);
+
+    auto isVerified = pythia.verify(
+            transformResult.transformedPassword(), blindResult.blindedPassword(), kTweek,
+            transformationKeyPair.publicKey(), proveResult.proofValueC(),
+            proveResult.proofValueU());
+
+    REQUIRE(true == isVerified);
+}
+
+
+SCENARIO("VirgilPythia: update password token", "[pythia]") {
+    VirgilPythia pythia;
+
+    auto blindResult = pythia.blind(kPassword);
+
+    auto transformationKeyPair = pythia.computeTransformationKeyPair(kTransformationKeyID, kPythiaSecret, kPythiaScopeSecret);
+
+    auto transformResult = pythia.transform(
+            blindResult.blindedPassword(), kTweek, transformationKeyPair.privateKey());
+
+    auto deblindResult =
+            pythia.deblind(transformResult.transformedPassword(), blindResult.blindingSecret());
+
+    auto newTransformationKeyPair = pythia.computeTransformationKeyPair(kTransformationKeyID, kNewPythiaSecret, kNewPythiaScopeSecret);
+
+    auto passwordUpdateTokenResult = pythia.getPasswordUpdateToken(transformationKeyPair.privateKey(), newTransformationKeyPair.privateKey());
+
+    auto updatedDeblindPasswordResult = pythia.updateDeblindedWithToken(
+            deblindResult, passwordUpdateTokenResult);
+
+    auto newTransformResult = pythia.transform(
+            blindResult.blindedPassword(), kTweek, newTransformationKeyPair.privateKey());
+
+    auto newDeblindResult =
+            pythia.deblind(newTransformResult.transformedPassword(), blindResult.blindingSecret());
+
+    REQUIRE(bytes2hex(updatedDeblindPasswordResult) ==
+            bytes2hex(newDeblindResult));
+
+    auto proveResult = pythia.prove(
+            newTransformResult.transformedPassword(), blindResult.blindedPassword(),
+            newTransformResult.transformedTweak(), newTransformationKeyPair);
+
+    auto isVerified = pythia.verify(
+            newTransformResult.transformedPassword(), blindResult.blindedPassword(), kTweek,
+            newTransformationKeyPair.publicKey(), proveResult.proofValueC(),
+            proveResult.proofValueU());
+
+    REQUIRE(true == isVerified); }
+
+#endif // VIRGIL_CRYPTO_FEATURE_PYTHIA

data/ext/native/src/utils/build.sh

@@ -55,31 +55,35 @@ function show_usage {
         echo -e "${COLOR_RED}[ERROR] $1${COLOR_RESET}"
     fi
     echo -e "This script helps to build crypto library for variety of languages and platforms."
-    echo -e "Common reuirements: CMake 3.0.5, Python, PyYaml, SWIG 3.0.7."
-    echo -e "${COLOR_BLUE}Usage: ${BASH_SOURCE[0]} [<target>] [<src_dir>] [<build_dir>] [<install_dir>]${COLOR_RESET}"
-    echo -e "  - <target> - (default = cpp) target to build wich contains two parts <name>[-<version>], where <name>:"
-    echo -e "    * cpp              - build C++ library;"
-    echo -e "    * macos            - build framework for Apple macOSX, requirements: OS X, Xcode;"
-    echo -e "    * ios              - build framework for Apple iOS, requirements: OS X, Xcode;"
-    echo -e "    * watchos          - build framework for Apple WatchOS, requirements: OS X, Xcode;"
-    echo -e "    * tvos             - build framework for Apple TVOS, requirements: OS X, Xcode;"
-    echo -e "    * php              - build PHP library, requirements: php-dev;"
-    echo -e "    * python           - build Python library;"
-    echo -e "    * ruby             - build Ruby library;"
-    echo -e "    * java             - build Java library, requirements: \$JAVA_HOME;"
-    echo -e "    * java_android     - build Java library under Android platform, requirements: \$ANDROID_NDK;"
-    echo -e "    * net              - build .NET library, requirements: .NET or Mono;"
-    echo -e "    * net_macos        - build .NET library under Apple macOSX platform, requirements: Mono, OS X, Xcode;"
-    echo -e "    * net_ios          - build .NET library under Apple iOS platform, requirements: Mono, OS X, Xcode;"
-    echo -e "    * net_applewatchos - build .NET library under WatchOS platform, requirements: Mono, OS X, Xcode;"
-    echo -e "    * net_appletvos    - build .NET library under TVOS platform, requirements: Mono, OS X, Xcode;"
-    echo -e "    * net_android      - build .NET library under Android platform, requirements: Mono, \$ANDROID_NDK;"
-    echo -e "    * asmjs            - build AsmJS library, requirements: \$EMSDK_HOME;"
-    echo -e "    * webasm           - build WebAssembly library, requirements: \$EMSDK_HOME;"
-    echo -e "    * nodejs           - build NodeJS module;"
-    echo -e "    * go               - build Golang library."
-    echo -e "  - <src_dir>     - (default = .) path to the directory where root CMakeLists.txt file is located"
-    echo -e "  - <build_dir>   - (default = build/<target>) path to the directory where temp files will be stored"
+    echo -e "Common reuirements: CMake 3.10, Python, PyYaml, SWIG 3.0.12."
+    echo -e "${COLOR_BLUE}Usage: ${BASH_SOURCE[0]} [--target=<target>] [--feature=<feature>] [--src=<src_dir>] [--build=<build_dir>] [--install=<install_dir>]${COLOR_RESET}"
+    echo -e "  - <target> - (default = cpp) target to build which contains two parts <name>[-<version>], where <name>:"
+    echo -e "      * cpp              - build C++ library;"
+    echo -e "      * macos            - build framework for Apple macOSX, requirements: OS X, Xcode;"
+    echo -e "      * ios              - build framework for Apple iOS, requirements: OS X, Xcode;"
+    echo -e "      * watchos          - build framework for Apple WatchOS, requirements: OS X, Xcode;"
+    echo -e "      * tvos             - build framework for Apple TVOS, requirements: OS X, Xcode;"
+    echo -e "      * php              - build PHP library, requirements: php-dev;"
+    echo -e "      * python           - build Python library;"
+    echo -e "      * ruby             - build Ruby library;"
+    echo -e "      * java             - build Java library, requirements: \$JAVA_HOME;"
+    echo -e "      * java_android     - build Java library under Android platform, requirements: \$ANDROID_NDK;"
+    echo -e "      * net              - build .NET library, requirements: .NET or Mono;"
+    echo -e "      * net_macos        - build .NET library under Apple macOSX platform, requirements: Mono, OS X, Xcode;"
+    echo -e "      * net_ios          - build .NET library under Apple iOS platform, requirements: Mono, OS X, Xcode;"
+    echo -e "      * net_applewatchos - build .NET library under WatchOS platform, requirements: Mono, OS X, Xcode;"
+    echo -e "      * net_appletvos    - build .NET library under TVOS platform, requirements: Mono, OS X, Xcode;"
+    echo -e "      * net_android      - build .NET library under Android platform, requirements: Mono, \$ANDROID_NDK;"
+    echo -e "      * asmjs            - build AsmJS library, requirements: \$EMSDK_HOME;"
+    echo -e "      * webasm           - build WebAssembly library, requirements: \$EMSDK_HOME;"
+    echo -e "      * nodejs           - build NodeJS module;"
+    echo -e "      * go               - build Golang library."
+    echo -e ""
+    echo -e "  - <feature> - available features:"
+    echo -e "      * pythia           - ask to enable feature Pythia. Some targets enable this feature by default."
+    echo -e ""
+    echo -e "  - <src_dir>     - (default = .) path to the directory where root CMakeLists.txt file is located."
+    echo -e "  - <build_dir>   - (default = build/<target>) path to the directory where temp files will be stored."
     echo -e "  - <install_dir> - (default = install/<target>) path to the directory where library files will be installed".
 
     exit ${2:0}
@@ -186,6 +190,8 @@ function make_fat_library {
 
     LIBMBEDTLS="libmbedcrypto.a"
     LIBED25519="libed25519.a"
+    LIBRELIC="librelic_s.a"
+    LIBPYTHIA="libpythia.a"
     LIBVIRGIL="libvirgil_crypto.a"
     if [ ! -z "${WRAPPER_NAME}" ]; then
         LIBVIRGIL_WRAPPER="virgil_crypto_${WRAPPER_NAME}.a"
@@ -200,6 +206,12 @@ function make_fat_library {
     # Find all archs of library ed25519
     LIBED25519_LIBS=$(find "${INDIR}" -name "${LIBED25519}" | tr '\n' ' ')
 
+    # Find all archs of library relic
+    LIBRELIC_LIBS=$(find "${INDIR}" -name "${LIBRELIC}" | tr '\n' ' ')
+
+    # Find all archs of library pythia
+    LIBPYTHIA_LIBS=$(find "${INDIR}" -name "${LIBPYTHIA}" | tr '\n' ' ')
+
     # Find all archs of library Virgil Crypto
     LIBVIRGIL_LIBS=$(find "${INDIR}" -name "${LIBVIRGIL}" | tr '\n' ' ')
 
@@ -211,24 +223,82 @@ function make_fat_library {
     xcrun lipo -create ${LIBMBEDTLS_LIBS} -output "$OUTDIR/$LIBMBEDTLS"
     xcrun lipo -create ${LIBED25519_LIBS} -output "$OUTDIR/$LIBED25519"
     xcrun lipo -create ${LIBVIRGIL_LIBS} -output "$OUTDIR/$LIBVIRGIL"
+
+    if [ ! -z "${LIBRELIC_LIBS}" ]; then
+        LIBRELIC_FAT="$OUTDIR/$LIBRELIC"
+        xcrun lipo -create ${LIBRELIC_LIBS} -output "${LIBRELIC_FAT}"
+    fi
+
+    if [ ! -z "${LIBPYTHIA_LIBS}" ]; then
+        LIBPYTHIA_FAT="$OUTDIR/$LIBPYTHIA"
+        xcrun lipo -create ${LIBPYTHIA_LIBS} -output "${LIBPYTHIA_FAT}"
+    fi
+
     if [ ! -z "${LIBVIRGIL_WRAPPER_LIBS}" ]; then
         LIBVIRGIL_WRAPPER_FAT="$OUTDIR/$LIBVIRGIL_WRAPPER"
         xcrun lipo -create ${LIBVIRGIL_WRAPPER_LIBS} -output "$LIBVIRGIL_WRAPPER_FAT"
     fi
 
     # Merge several static libraries in one static library which will actually be framework
-    xcrun libtool -static -o "$OUTDIR/$LIB_FAT_NAME" \
-            "$OUTDIR/$LIBMBEDTLS" "$OUTDIR/$LIBED25519" "$OUTDIR/$LIBVIRGIL" "$LIBVIRGIL_WRAPPER_FAT"
+    # Note! Spaces in the filenames and paths are prohibited.
+    # Note! Quoting the paths leads to failed build.
+    xcrun libtool -static -o ${OUTDIR}/${LIB_FAT_NAME} \
+            ${OUTDIR}/${LIBMBEDTLS} ${OUTDIR}/${LIBED25519} ${LIBRELIC_FAT} ${LIBPYTHIA_FAT} \
+            ${OUTDIR}/${LIBVIRGIL} ${LIBVIRGIL_WRAPPER_FAT}
 
     # Cleanup
     rm -f "$OUTDIR/$LIBMBEDTLS"
     rm -f "$OUTDIR/$LIBED25519"
     rm -f "$OUTDIR/$LIBVIRGIL"
+
+    if [ -f "${LIBPYTHIA_FAT}" ]; then
+        rm -f "${LIBPYTHIA_FAT}"
+    fi
+
+    if [ -f "${LIBRELIC_FAT}" ]; then
+        rm -f "${LIBRELIC_FAT}"
+    fi
+
     if [ -f "${LIBVIRGIL_WRAPPER_FAT}" ]; then
         rm -f "${LIBVIRGIL_WRAPPER_FAT}"
     fi
 }
 
+# Parse arguments (https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash)
+FEATURES=()
+for arg in "$@"
+do
+case ${arg} in
+    --target=*)
+    TARGET="${arg#*=}"
+    shift
+    ;;
+    --feature=*)
+    FEATURES+=("${arg#*=}")
+    shift
+    ;;
+    --src=*)
+    SRC_DIR="${arg#*=}"
+    shift
+    ;;
+    --build=*)
+    BUILD_DIR="${arg#*=}"
+    shift
+    ;;
+    --install=*)
+    INSTALL_DIR="${arg#*=}"
+    shift
+    ;;
+    -h|--help)
+    show_usage
+    ;;
+    *)
+    show_usage "Unknown argument '${arg}', or it's value is not defined."
+    ;;
+esac
+done
+set -- "${POSITIONAL[@]}" # restore positional parameters
+
 # Define environment variables.
 SCRIPT_DIR=$(dirname "$(abspath "${BASH_SOURCE[0]}")")
 CURRENT_DIR=$(abspath .)
@@ -244,22 +314,17 @@ if [ "${SYSTEM_NAME}" == "linux" ]; then
 fi
 
 if [ -f "${SCRIPT_DIR}/env.sh" ]; then
+    show_info "Setting up additional build environment"
     source "${SCRIPT_DIR}/env.sh"
 fi
 
 # Check arguments
-if [ ! -z "$1" ]; then
-    if [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
-        show_usage
-    else
-        TARGET="$1"
-    fi
-else
+if [ -z "$TARGET" ]; then
     TARGET="cpp"
 fi
 show_info "<target> : ${TARGET}"
 
-target_arr=(${1//-/ })
+target_arr=(${TARGET//-/ })
 TARGET_NAME="${target_arr[0]}"
 TARGET_VERSION="${target_arr[1]}"
 
@@ -268,8 +333,8 @@ if [ ! -z "${TARGET_VERSION}" ]; then
     show_info "<target_version> : ${TARGET_VERSION}"
 fi
 
-if [ ! -z "$2" ]; then
-    SRC_DIR=$(abspath "$2")
+if [ ! -z "${SRC_DIR}" ]; then
+    SRC_DIR=$(abspath "${SRC_DIR}")
 else
     SRC_DIR="${CURRENT_DIR}"
 fi
@@ -279,9 +344,9 @@ if [ ! -f "${SRC_DIR}/CMakeLists.txt" ]; then
     show_usage "Source directory does not contain root CMakeLists.txt file!" 1
 fi
 
-if [ ! -z "$3" ]; then
-    mkdir -p "$3"
-    BUILD_DIR=$(abspath "$3")
+if [ ! -z "${BUILD_DIR}" ]; then
+    mkdir -p "${BUILD_DIR}"
+    BUILD_DIR=$(abspath "${BUILD_DIR}")
 else
     BUILD_DIR="${CURRENT_DIR}/build/${TARGET_NAME}/${TARGET_VERSION}"
     mkdir -p "${BUILD_DIR}"
@@ -289,9 +354,9 @@ else
 fi
 show_info "<build_dir>: ${BUILD_DIR}"
 
-if [ ! -z "$4" ]; then
-    mkdir -p "$4"
-    INSTALL_DIR=$(abspath "$4")
+if [ ! -z "${INSTALL_DIR}" ]; then
+    mkdir -p "${INSTALL_DIR}"
+    INSTALL_DIR=$(abspath "${INSTALL_DIR}")
 else
     INSTALL_DIR="${CURRENT_DIR}/install/${TARGET_NAME}/${TARGET_VERSION}"
     mkdir -p "${INSTALL_DIR}"
@@ -299,6 +364,10 @@ else
 fi
 show_info "<install_dir>: ${INSTALL_DIR}"
 
+if [ ! -z "${FEATURES[*]}" ]; then
+    show_info "Requested features: ${FEATURES[*]}"
+fi
+
 # Define common build parameters
 CMAKE_ARGS="-DCMAKE_BUILD_TYPE=Release"
 
@@ -321,42 +390,95 @@ if [ ! -z "${INSTALL_DIR}" ]; then
     CMAKE_ARGS+=" -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR}"
 fi
 
+if [ ! -z "${FEATURES[*]}" ]; then
+    for feature in ${FEATURES[*]}; do
+        case ${feature} in
+            pythia)
+            feature_upper=$(echo "${feature}" | awk '{print toupper($0)}')
+            CMAKE_ARGS+=" -DVIRGIL_CRYPTO_FEATURE_${feature_upper}=ON"
+            ;;
+            *)
+            show_error "Undefined feature '${feature}'."
+            ;;
+        esac
+    done
+fi
+
+
 # Go to the build directory
 cd "${INSTALL_DIR}" && rm -fr ./*
 cd "${BUILD_DIR}" && rm -fr ./*
 
 # Build for native platforms
-if [[ ${TARGET_NAME} =~ ^(cpp|java|php|python|ruby|nodejs|go)$ ]]; then
+if [[ ${TARGET_NAME} =~ ^(cpp|java|net|php|python|ruby|nodejs|go)$ ]]; then
+    CMAKE_ARGS+=" -DVIRGIL_CRYPTO_FEATURE_PYTHIA=ON"
     cmake ${CMAKE_ARGS} -DLANG=${TARGET_NAME} -DPLATFORM_VERSION=${SYSTEM_KERNEL_RELEASE_VERSION} "${SRC_DIR}"
     make -j8 install
 fi
 
-# Build for Mono Unix/Linux
-if [ "${TARGET_NAME}" == "net" ] && [ "${SYSTEM_NAME}" != "darwin" ]; then
-    cmake ${CMAKE_ARGS} -DLANG=${TARGET_NAME} -DPLATFORM_VERSION=${SYSTEM_KERNEL_RELEASE_VERSION} "${SRC_DIR}"
+# Build framework for Apple iOS (with Pythia)
+if [ "${TARGET_NAME}" == "ios" ]; then
+
+    CMAKE_ARGS+=" -LANG=cpp"
+    CMAKE_ARGS+=" -DINSTALL_CORE_HEADERS=NO"
+    CMAKE_ARGS+=" -DINSTALL_EXT_LIBS=NO"
+    CMAKE_ARGS+=" -DINSTALL_EXT_HEADERS=NO"
+    CMAKE_ARGS+=" -DCMAKE_TOOLCHAIN_FILE='${SRC_DIR}/cmake/apple.cmake'"
+    CMAKE_ARGS+=" -DVIRGIL_CRYPTO_FEATURE_PYTHIA=ON"
+
+    # Build for device (Pythia is in a multi-thread mode!!!)
+    rm -fr -- *
+    cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=IOS \
+                        -DVIRGIL_CRYPTO_FEATURE_PYTHIA_MT=ON \
+                        -DINSTALL_LIB_DIR_NAME=lib/dev "${SRC_DIR}"
     make -j8 install
+
+    # Build for i386 simulator (Pythia is in a single-thread mode!!!)
+    rm -fr -- *
+    cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=IOS_SIM32 \
+                        -DVIRGIL_CRYPTO_FEATURE_PYTHIA_MT=OFF \
+                        -DINSTALL_LIB_DIR_NAME=lib/sim32 "${SRC_DIR}"
+    make -j8 install
+
+    # Build for x86_64 simulator (Pythia is in a multi-thread mode!!!)
+    rm -fr -- *
+    cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=IOS_SIM64 \
+                        -DVIRGIL_CRYPTO_FEATURE_PYTHIA_MT=ON \
+                        -DINSTALL_LIB_DIR_NAME=lib/sim64 "${SRC_DIR}"
+    make -j8 install
+
+    make_fat_framework VSCCrypto "${INSTALL_DIR}" "${INSTALL_DIR}"
+
+    rm -fr "${INSTALL_DIR:?}/include"
+    rm -fr "${INSTALL_DIR:?}/lib"
 fi
 
-# Build for Apple plaforms create Apple Framework
-if [ "${TARGET_NAME}" == "ios" ] || [ "${TARGET_NAME}" == "tvos" ] || \
-   [ "${TARGET_NAME}" == "watchos" ] || [ "${TARGET_NAME}" == "macos" ]; then
+# Build framework for Apple tvOS, watchOS, macOS (without Pythia)
+if [ "${TARGET_NAME}" == "tvos" ] || [ "${TARGET_NAME}" == "watchos" ] || [ "${TARGET_NAME}" == "macos" ]; then
 
-    APPLE_PLATFORM=$(echo "${TARGET_NAME}" | awk '{print toupper($0)}')
+    APPLE_PLATFORM_DEVICE=$(echo "${TARGET_NAME}" | awk '{print toupper($0)}')
+    APPLE_PLATFORM_SIMULATOR="${APPLE_PLATFORM_DEVICE}_SIM"
 
     CMAKE_ARGS+=" -LANG=cpp"
     CMAKE_ARGS+=" -DINSTALL_CORE_HEADERS=NO"
     CMAKE_ARGS+=" -DINSTALL_EXT_LIBS=NO"
     CMAKE_ARGS+=" -DINSTALL_EXT_HEADERS=NO"
     CMAKE_ARGS+=" -DCMAKE_TOOLCHAIN_FILE='${SRC_DIR}/cmake/apple.cmake'"
+    CMAKE_ARGS+=" -DVIRGIL_CRYPTO_FEATURE_PYTHIA=ON"
 
     # Build for device
-    cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=${APPLE_PLATFORM} -DINSTALL_LIB_DIR_NAME=lib/dev "${SRC_DIR}"
+    cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=${APPLE_PLATFORM_DEVICE} -DINSTALL_LIB_DIR_NAME=lib/dev "${SRC_DIR}"
     make -j8 install
 
     if [ "${TARGET_NAME}" != "macos" ]; then
         # Build for simulator
+
+        if [ "${TARGET_NAME}" == "watchos" ]; then
+            CMAKE_ARGS+=" -DVIRGIL_CRYPTO_FEATURE_PYTHIA_MT=OFF"
+        fi
+
         rm -fr ./*
-        cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=${APPLE_PLATFORM}_SIM -DINSTALL_LIB_DIR_NAME=lib/sim "${SRC_DIR}"
+        cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=${APPLE_PLATFORM_SIMULATOR} -DINSTALL_LIB_DIR_NAME=lib/sim "${SRC_DIR}"
         make -j8 install
     fi
 
@@ -370,6 +492,7 @@ if [[ "${TARGET_NAME}" == *"android"* ]]; then
     if [ ! -d "$ANDROID_NDK" ]; then
         show_usage "Enviroment \$ANDROID_NDK is not defined!" 1
     fi
+
     if [ "${TARGET_NAME}" == "java_android" ]; then
         CMAKE_ARGS+=" -DLANG=java"
     elif [ "${TARGET_NAME}" == "net_android" ]; then
@@ -377,25 +500,67 @@ if [[ "${TARGET_NAME}" == *"android"* ]]; then
     else
         show_usage "Unsupported target: ${TARGET_NAME}!"
     fi
+
+    CMAKE_ARGS+=" -DVIRGIL_CRYPTO_FEATURE_PYTHIA=ON"
+
     function build_android() {
         # Build architecture: $1
         rm -fr ./*
-        cmake ${CMAKE_ARGS} -DANDROID_ABI="$1" -DCMAKE_TOOLCHAIN_FILE="${SRC_DIR}/cmake/android.toolchain.cmake" "${SRC_DIR}"
+        cmake ${CMAKE_ARGS} -DANDROID_ABI="$1" -DCMAKE_TOOLCHAIN_FILE="${ANDROID_NDK}/build/cmake/android.toolchain.cmake" "${SRC_DIR}"
         make -j8 install
     }
+
     build_android x86
     build_android x86_64
-    build_android mips
-    build_android mips64
-    build_android armeabi
     build_android armeabi-v7a
     build_android arm64-v8a
 fi
 
-if [ "${TARGET_NAME}" == "net_ios" ] || [ "${TARGET_NAME}" == "net_tvos" ] || \
-   [ "${TARGET_NAME}" == "net_watchos" ] || [ "${TARGET_NAME}" == "net_macos" ]; then
+# Build for Mono iOS (with Pyhia)
+if [ "${TARGET_NAME}" == "net_ios" ]; then
+
+    CMAKE_ARGS+=" -DLANG=net"
+    CMAKE_ARGS+=" -DINSTALL_CORE_LIBS=ON"
+    CMAKE_ARGS+=" -DINSTALL_CORE_HEADERS=OFF"
+    CMAKE_ARGS+=" -DINSTALL_EXT_LIBS=ON"
+    CMAKE_ARGS+=" -DINSTALL_EXT_HEADERS=OFF"
+    CMAKE_ARGS+=" -DCMAKE_TOOLCHAIN_FILE='${SRC_DIR}/cmake/apple.cmake'"
+    CMAKE_ARGS+=" -DVIRGIL_CRYPTO_FEATURE_PYTHIA=ON"
+
+    # Build for device (Pythia is in a multi-thread mode!!!)
+    rm -fr -- *
+    cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=IOS \
+                        -DVIRGIL_CRYPTO_FEATURE_PYTHIA_MT=ON \
+                        -DINSTALL_LIB_DIR_NAME=lib/dev "${SRC_DIR}"
+    make -j8 install
+
+    # Build for i386 simulator (Pythia is in a single-thread mode!!!)
+    rm -fr -- *
+    cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=IOS_SIM32 \
+                        -DVIRGIL_CRYPTO_FEATURE_PYTHIA_MT=OFF \
+                        -DINSTALL_LIB_DIR_NAME=lib/sim32 "${SRC_DIR}"
+    make -j8 install
+
+    # Build for x86_64 simulator (Pythia is in a multi-thread mode!!!)
+    rm -fr -- *
+    cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=IOS_SIM64 \
+                        -DVIRGIL_CRYPTO_FEATURE_PYTHIA_MT=ON \
+                        -DINSTALL_LIB_DIR_NAME=lib/sim64 "${SRC_DIR}"
+    make -j8 install
+
+    # Create fat library
+    make_fat_library libVirgilCryptoNet.a "${INSTALL_DIR}" "${INSTALL_DIR}/libs" "net"
+    find "${INSTALL_DIR:?}" -name "*.dll" -exec cp -f {} "${INSTALL_DIR:?}/libs/" \;
+    rm -fr "${INSTALL_DIR:?}/include"
+    rm -fr "${INSTALL_DIR:?}/lib"
+    mv "${INSTALL_DIR:?}/libs" "${INSTALL_DIR:?}/lib"
+fi
+
+# Build for Mono tvOS and Mono watchOS (without Pythia)
+if [ "${TARGET_NAME}" == "net_tvos" ] || [ "${TARGET_NAME}" == "net_watchos" ]; then
 
-    APPLE_PLATFORM=$(echo "${TARGET_NAME/net_/}" | awk '{print toupper($0)}')
+    APPLE_PLATFORM_DEVICE=$(echo "${TARGET_NAME/net_/}" | awk '{print toupper($0)}')
+    APPLE_PLATFORM_SIMULATOR="${APPLE_PLATFORM_DEVICE}_SIM"
 
     CMAKE_ARGS+=" -DLANG=net"
     CMAKE_ARGS+=" -DINSTALL_CORE_LIBS=ON"
@@ -405,15 +570,13 @@ if [ "${TARGET_NAME}" == "net_ios" ] || [ "${TARGET_NAME}" == "net_tvos" ] || \
     CMAKE_ARGS+=" -DCMAKE_TOOLCHAIN_FILE='${SRC_DIR}/cmake/apple.cmake'"
 
     # Build for device
-    cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=${APPLE_PLATFORM} -DINSTALL_LIB_DIR_NAME=lib/dev "${SRC_DIR}"
+    cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=${APPLE_PLATFORM_DEVICE} -DINSTALL_LIB_DIR_NAME=lib/dev "${SRC_DIR}"
     make -j8 install
 
-    if [ "${TARGET_NAME}" != "net_macos" ]; then
-        # Build for simulator
-        rm -fr ./*
-        cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=${APPLE_PLATFORM}_SIM -DINSTALL_LIB_DIR_NAME=lib/sim "${SRC_DIR}"
-        make -j8 install
-    fi
+    # Build for simulator
+    rm -fr ./*
+    cmake ${CMAKE_ARGS} -DAPPLE_PLATFORM=${APPLE_PLATFORM_SIMULATOR} -DINSTALL_LIB_DIR_NAME=lib/sim "${SRC_DIR}"
+    make -j8 install
 
     # Create fat library
     make_fat_library libVirgilCryptoNet.a "${INSTALL_DIR}" "${INSTALL_DIR}/libs" "net"
@@ -429,13 +592,20 @@ if [[ "${TARGET_NAME}" =~ (asmjs|webasm) ]]; then
     fi
     source "${EMSDK_HOME}/emsdk_env.sh"
 
-    cmake ${CMAKE_ARGS} -DLANG=${TARGET_NAME} \
+    CMAKE_ARGS+=" -DVIRGIL_PACKAGE_NAME_FEATURES=ON"
+
+    cmake ${CMAKE_ARGS} \
+        -DLANG=${TARGET_NAME} \
         -DCMAKE_TOOLCHAIN_FILE="$EMSCRIPTEN/cmake/Modules/Platform/Emscripten.cmake" \
         -DCMAKE_CXX_FLAGS_RELEASE="-O3" \
         "${SRC_DIR}"
     make -j8 install
 fi
 
+if [ -z "$(ls -A ./)" ]; then
+    show_usage "Given target '${TARGET_NAME}' is not supported." 1
+fi
+
 if [[ ${TARGET_NAME} =~ (ios|tvos|watchos|macos|android) ]]; then
     ARCH_NAME=$(cat "${BUILD_DIR}/lib_name.txt")
 else