WasmThemis: Secure Message support #490
Conversation
Initial implementation of Secure Message wrapper. We export it as
three objects:
- "SecureMessage" providing encrypt/decrypt mode
- "SecureMessageSign" and "SecureMessageVerify" providing
sign/verify mode
The reason for the split is to minimize possibility of API misuse.
Encryption and decryption is likely to be bidirectional, therefore
we require the users to specify both private and public keys.
(Though it might make sense to allow specifying "null" for either
of the keys in order to allow unidicational message flow.)
Signing and verifying signatures requires only one part of the key
pair, so these object accept a corresponding key.
Note that we allow *only* PrivateKey or PublicKey instances. This
ensures that we operate on valid keys every time.
As JavaScript is dynamically typed, we allow several constructor
syntax for SecureMessage. We can accept either a KeyPair (a single
entity), or two arguments with keys (in any order, so that devs
don't have to remember the correct one in absence of static typing
and helpful IDE hints).
| this.privateKey = arguments[1] | ||
| return | ||
| } | ||
| if (arg0isPrivateKey && arg1isPublicKey) { |
There was a problem hiding this comment.
it's so cute) you allow users to use any order of params))
There was a problem hiding this comment.
that's really cool, i hope it will improve usability, not add confusion :D
There was a problem hiding this comment.
Cool!
I suggest to add more unit tests using "wrong" types, and the clean up of allocated byte arrays in case of error (similar to #462 (review) ).
| this.privateKey = arguments[1] | ||
| return | ||
| } | ||
| if (arg0isPrivateKey && arg1isPublicKey) { |
There was a problem hiding this comment.
that's really cool, i hope it will improve usability, not add confusion :D
| let emptyArray = new Uint8Array() | ||
| let testInput = new Uint8Array([1, 1, 2, 3, 5, 8, 13]) | ||
| describe('encrypt/decrypt mode', function() { | ||
| it('requires valid keys', function() { |
There was a problem hiding this comment.
add check when SecureMessage is created with object other type than KeyPair
ok = new themis.SecureMessage(`string or array or null`)
| throw new ThemisError(cryptosystem_name, ThemisErrorCode.NO_MEMORY) | ||
| } | ||
|
|
||
| libthemis.writeArrayToMemory(this.privateKey, private_key_ptr) |
There was a problem hiding this comment.
clean up in case of error (this case and similar)
|
Memory zeroization and more unit tests for type checks are coming in separate PRs (linked above). |
Initial implementation of Secure Message wrapper. We export it as three objects:
SecureMessageproviding encrypt/decrypt modeSecureMessageSignandSecureMessageVerifyproviding sign/verify modeThe reason for the split is to minimize possibility of API misuse. Encryption and decryption is likely to be bidirectional, therefore we require the users to specify both private and public keys. (Though it might make sense to allow specifying
nullfor either of the keys in order to allow unidirectional message flow.) Signing and verifying signatures requires only one part of the key pair, so these object accept a corresponding key.Note that we allow only PrivateKey or PublicKey instances. This ensures that we operate on valid keys every time.
As JavaScript is dynamically typed, we allow several constructor syntax for SecureMessage. We can accept either a KeyPair (a single entity), or two arguments with keys (in any order, so that devs don't have to remember the correct one in absence of static typing and helpful IDE hints).