Commit c0f2e8e2 authored by Drew's avatar Drew

Merge branch 'master' of code.sealedabstract.com:drewcrawford/NaOH

parents 3bb8ae54 bb369a23
......@@ -134,7 +134,19 @@ extension KeyImpl {
try self.init(readFromFile: file, userDataBytes: 0, userData: &data)
}
#if swift(>=3.0)
/**Constructs the key from the bytes.
- note: This zeroes the bytes, therefore they must be mutable
- warning: We cannot zero other copies of the data that may exist. Please be careful with key material.*/
convenience init (bytes: inout [UInt8]) {
let keySize = bytes.count
self.init(uninitializedSize: keySize)
bytes.withUnsafeMutableBytes { (ptr) -> () in
memcpy(addrAsVoid, ptr.baseAddress!, ptr.count)
sodium_memzero(ptr.baseAddress!, ptr.count)
}
try! self.lock()
}
/** Reads the key from the file indicated.
- note: This function ensures that the key is read from a file only readable by the user.
- warning: Using the keychain is probably better, but it isn't appropriate for certain applications.
......@@ -157,42 +169,11 @@ extension KeyImpl {
var localUserData = [UInt8](repeating: 0, count: userDataBytes)
localUserData.withUnsafeMutableBufferPointer { (ptr) -> () in
#if swift(>=3.0)
mutableData.getBytes(ptr.baseAddress!, range: NSRange(location: keySize, length: userDataBytes))
#else
mutableData.getBytes(ptr.baseAddress, range: NSRange(location: keySize, length: userDataBytes))
#endif
}
userData = localUserData
//zero out the data
sodium_memzero(mutableData.mutableBytes, mutableData.length)
try! self.lock()
}
#else
/** Reads the key from the file indicated.
- note: This function ensures that the key is read from a file only readable by the user.
- warning: Using the keychain is probably better, but it isn't appropriate for certain applications.
- parameter userDataBytes: Extra user data stored in this file that we don't consider part of the key. This is returned in the userData parameter.*/
convenience init (readFromFile file: String, userDataBytes: Int, inout userData: [UInt8]) throws {
//check attributes
let attributes = try FileManager.`default`.attributesOfItem(atPath: file)
guard let num = attributes[NSFilePosixPermissions] as? NSNumber else { fatalError("Weird; why isn't \(attributes[NSFilePosixPermissions]) an NSNumber?") }
if num.shortValue != 0o0600 {
throw NaOHError.FilePermissionsLookSuspicious
}
let mutableData = try NSMutableData(contentsOfFile: file, options: NSDataReadingOptions())
let keySize = mutableData.length - userDataBytes
self.init(uninitializedSize: keySize)
memcpy(addrAsVoid, mutableData.bytes, keySize)
var localUserData = [UInt8](repeating: 0, count: userDataBytes)
localUserData.withUnsafeMutableBufferPointer { (ptr) -> () in
mutableData.getBytes(ptr.baseAddress, range: NSRange(location: keySize, length: userDataBytes))
}
userData = localUserData
//zero out the data
sodium_memzero(mutableData.mutableBytes, mutableData.length)
try! self.lock()
}
#endif
}
......@@ -39,6 +39,13 @@ public struct CryptoBoxSecretKey : SecretKey {
self.keyImpl_ = try KeyImpl(readFromFile: readFromFile)
self.publicKey = CryptoBoxPublicKey(secretKeyImpl: self.keyImpl_ as! KeyImpl)
}
/**Construct a secret key from a set of bytes. The bytes must be mutable as they will be zeroed.
- warning: This will not zero other copies of the bytes which may exist. Please be careful when dealing with secret key data.*/
public init(bytes: inout [UInt8]) {
self.keyImpl_ = KeyImpl(bytes: &bytes)
self.publicKey = CryptoBoxPublicKey(secretKeyImpl: self.keyImpl_ as! KeyImpl)
}
}
@available(iOS 9.3, *, *)
public struct CryptoBoxPublicKey: PublicKey {
......
......@@ -42,6 +42,7 @@ func aliceBob() -> (CryptoBoxSecretKey, CryptoBoxSecretKey) {
var alicePath = "NaOHTests/alice.key"
var bobPath = "NaOHTests/bob.key"
#else
//this refers to the xcode-generated class
var alicePath = Bundle(for: CarolineEngineTests.self).path(forResource: "alice", ofType: "key")!
var bobPath = Bundle(for: CarolineEngineTests.self).path(forResource: "bob", ofType: "key")!
#endif
......
......@@ -60,6 +60,21 @@ class CryptoBoxKey: CarolineTest {
}
}
class CryptoBoxFromBytes: CarolineTest {
func test() throws {
let temporaryFile = NSTemporaryDirectory() + "/\(NSUUID().uuidString)test.key"
let key1 = CryptoBoxSecretKey()
try key1.saveToFile(temporaryFile)
let bytes = try Data(contentsOf: URL(fileURLWithPath: temporaryFile))
var array = bytes.withUnsafeBytes {
[UInt8](UnsafeBufferPointer(start: $0, count: bytes.count))
}
let _ = CryptoBoxSecretKey(bytes: &array)
self.assert(array, equals: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])
}
}
class HumanReadable : CarolineTest {
func test() {
let a = CryptoBoxSecretKey().publicKey
......
......@@ -17,28 +17,29 @@
// This file is automatically generated by Caroline and should not be edited by hand.
import CarolineCore
let allTests: [CarolineTest] = [
BadDecrypt(),
ChaCha20(),
Crypto(),
CryptoBox(),
CryptoBoxFromBytes(),
CryptoBoxKey(),
CryptoBoxOpen(),
EncryptTest(),
DecryptTest(),
BadDecrypt(),
GenerateKey(),
DeriveKey(),
TestSign(),
TestVerify(),
TestBadVerify(),
ChaCha20(),
EncryptTest(),
GenerateKey(),
GenericHash(),
HumanReadable(),
Integer192BitTests(),
KeyLoadSave(),
PublicKeyLoadSave(),
KeyTest(),
ZeroImport(),
Crypto(),
MemCmpTest(),
OverwriteKey(),
CryptoBoxKey(),
HumanReadable(),
MemCmpTest()
PublicKeyLoadSave(),
TestBadVerify(),
TestSign(),
TestVerify(),
ZeroImport()
]
let engine = CarolineCoreEngine()
if !engine.testAll(allTests) {
......
......@@ -15,7 +15,7 @@
:payloads [
{
:key "git"
:used-commit "0c6f9c22bae64e08459b5bc3f249b89cd8985d18"
:used-commit "edd8aefef44717ecfa03c629100baf095fab983a"
:pin false
}
]
......@@ -25,7 +25,7 @@
:payloads [
{
:key "git"
:used-commit "53ef640390d549803cf2bed1ba2dba919345d513"
:used-commit "91eb559427a92a7eeeb3ecf84aa6060e0f58d170"
:pin false
}
]
......@@ -36,16 +36,16 @@
{
:key "core-osx-swift-3.0"
:pin false
:used-url "https://code.sealedabstract.com/drewcrawford/Caroline/uploads/6df0f0c819bbb8c0542c5d22be76356e/CarolineCore-1.0-osx.tar.xz"
:used-version "1.0"
:sha-sum "396215f522cd5959bbf396eef04c77eb8df2b215c7230cad9788287f6a40d607"
:used-url "https://code.sealedabstract.com/drewcrawford/Caroline/uploads/44c8505878428a4f2119988b691d5a24/CarolineCore-1.2-osx.tar.xz"
:used-version "1.2"
:sha-sum "5004e90a5418875b7c1c17d5bc398a52739041570bd23562310942eb435d97e5"
}
{
:key "core-ios-swift-3.0"
:pin false
:used-url "https://code.sealedabstract.com/drewcrawford/Caroline/uploads/47b677a2a212e0bb14fbd8cf9fb747d7/CarolineCore-1.0-ios.tar.xz"
:used-version "1.0"
:sha-sum "8fd7e284d6b9a1e839e037829457ca2ca0c5ef16840e0e42c34c1072cb345df4"
:used-url "https://code.sealedabstract.com/drewcrawford/Caroline/uploads/503d8c26c9b1831645280f7ec78315fd/CarolineCore-1.2-ios.tar.xz"
:used-version "1.2"
:sha-sum "5066ab2c7439998cb45055d4e4f7fbdb541649dbec97c65e16da33217fc685eb"
}
]
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment