-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WasmThemis: Secure Message support #490
Conversation
Initial implementation of Secure Message wrapper. We export it as three objects: - "SecureMessage" providing encrypt/decrypt mode - "SecureMessageSign" and "SecureMessageVerify" providing sign/verify mode The reason for the split is to minimize possibility of API misuse. Encryption and decryption is likely to be bidirectional, therefore we require the users to specify both private and public keys. (Though it might make sense to allow specifying "null" for either of the keys in order to allow unidicational message flow.) Signing and verifying signatures requires only one part of the key pair, so these object accept a corresponding key. Note that we allow *only* PrivateKey or PublicKey instances. This ensures that we operate on valid keys every time. As JavaScript is dynamically typed, we allow several constructor syntax for SecureMessage. We can accept either a KeyPair (a single entity), or two arguments with keys (in any order, so that devs don't have to remember the correct one in absence of static typing and helpful IDE hints).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
this.privateKey = arguments[1] | ||
return | ||
} | ||
if (arg0isPrivateKey && arg1isPublicKey) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's so cute) you allow users to use any order of params))
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that's really cool, i hope it will improve usability, not add confusion :D
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool!
I suggest to add more unit tests using "wrong" types, and the clean up of allocated byte arrays in case of error (similar to #462 (review) ).
this.privateKey = arguments[1] | ||
return | ||
} | ||
if (arg0isPrivateKey && arg1isPublicKey) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that's really cool, i hope it will improve usability, not add confusion :D
let emptyArray = new Uint8Array() | ||
let testInput = new Uint8Array([1, 1, 2, 3, 5, 8, 13]) | ||
describe('encrypt/decrypt mode', function() { | ||
it('requires valid keys', function() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add check when SecureMessage is created with object other type than KeyPair
ok = new themis.SecureMessage(`string or array or null`)
throw new ThemisError(cryptosystem_name, ThemisErrorCode.NO_MEMORY) | ||
} | ||
|
||
libthemis.writeArrayToMemory(this.privateKey, private_key_ptr) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
clean up in case of error (this case and similar)
Memory zeroization and more unit tests for type checks are coming in separate PRs (linked above). |
Initial implementation of Secure Message wrapper. We export it as three objects:
SecureMessage
providing encrypt/decrypt modeSecureMessageSign
andSecureMessageVerify
providing sign/verify modeThe reason for the split is to minimize possibility of API misuse. Encryption and decryption is likely to be bidirectional, therefore we require the users to specify both private and public keys. (Though it might make sense to allow specifying
null
for either of the keys in order to allow unidirectional message flow.) Signing and verifying signatures requires only one part of the key pair, so these object accept a corresponding key.Note that we allow only PrivateKey or PublicKey instances. This ensures that we operate on valid keys every time.
As JavaScript is dynamically typed, we allow several constructor syntax for SecureMessage. We can accept either a KeyPair (a single entity), or two arguments with keys (in any order, so that devs don't have to remember the correct one in absence of static typing and helpful IDE hints).