-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure Cell passphrase API: RbThemis #603
Conversation
Add "error_code" attribute that keeps the original error code returned by Themis Core. This should make debugging issues a bit easier. Use "invalid argument" as default value since that's the most common issue.
Add new classes implementing updated Secure Cell API and adding passphrase support for Seal mode: - ScellSeal - ScellSealPassphrase - ScellTokenProtect - ScellContextImprint This supercedes existing "Scell" class which is more or less deprecated. The new implementation checks key validity before encryption/decryption is attempted so new() methods may raise exceptions now. Token Protect API is now more reasonable and accepts encrypted message and authentication token as separate arguments for decryption. However, for compatibility with old API we accept them as a list as well. New passphrase API can be accessed via ScellSealPassphrase class.
First of all, update the tests to use new API and correctly distinguish between passphrases and master keys. Add some new tests to verify message integrity. Additionally, add compatibility tests which verify that old API is still supported.
Update existing tools to use new API and add a new tool to verify passphrase API across other languages.
Update code example to use new API. It's kinda dated and terse, bring it to the same informational level as other languages. Also, fix shebang to make the example executable directly. P.S. Those historical names are amusing: full, auto split, user split...
Since new Secure Cell API is compatible with the old one (except for initialization) we can remove all those swathes of code and replace them with new implementation. However, there are caveats due to how inheritance works in Ruby. Here we proxy encrypt/decrypt calls to the actual object. Alternative implementation could have looked like class Scell # Override "new" instead of "initialize" since that allows to # return a different instance, possibly even unrelated one. def self.new(key, mode) case mode when SEAL_MODE return ScellSeal.new(key) # ... end end end This approach is a bit more efficient because there is no indirection in encrypt/decrypt calls. However, this approach also makes it impossible for ScellSeal to inherit from Scell. We would like to keep the inheritance chain, just in case some code relies on the fact that all Secure Cells are "kind_of? Themis::Scell". Hence... this. Compatibility notwithstanding, Themis::Scell is considered deprecated from now on. Since we have compatibility tests, make sure these warnings are suppressed so that we are not annoyed by them in test output.
awesome |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
This function is used to convert a string into an FFI::MemoryPointer with string's bytes that we can pass to Themis Core. It's current implementation is... not ideal because it uses "force_encoding". This is problematic because it does not return a copy of a string with different encoding. It modifies the encoding of the string in-place. This is unexpected for client code *and* does not work for fronzen strings (e.g., literal constants). Update the implementation to use FFI::MemoryPointer.from_string which has the same behavior (returns a pointer into string's buffer) but does not change the encoding of the string. This function is used throughout RbThemis code, not only by Secure Cell. It should be enough to add encoding tests for Secure Cell only, for now.
Strange, but CircleCI build has failed while locally unit-test tests were fine. I did not run integration tests though, but they fail with the following error:
Debugging has uncovered a flaw in common
|
Add support of Secure Cell passphrase API to RbThemis. The API is described in RFC 3.4 (with corrections).
User notes
Passphrase-based interface of Secure Cell allows you to use short and memorable passphrases to secure your data. While symmetric keys are more secure, they are also longer and much harder for humans to remember.
Here is how you can use passphrases with Secure Cell:
Passphrase API accepts passphrases as relatively short strings, suitable for human memory. Master key API uses randomly generated, long binary keys, which are more suitable for machines to remember. However, they are also more efficient and generally more secure due to considerable length. You should prefer to use keys over passphrases if there are no humans involved. The interface is almost the same:
API compatibility
Themis::Scell is deprecated
Instead of
Themis::Scell
with run-time mode-setting you should instantiate an appropriate subclass:Themis::ScellSeal.new(key)
Themis::Scell.new(key, Themis::Scell::SEAL_MODE)
Themis::ScellSealPassphrase.new(passphrase)
Themis::ScellTokenProtect.new(key)
Themis::Scell.new(key, Themis::Scell::TOKEN_PROTECT_MODE)
Themis::ScellContextImprint.new(key
Themis::Scell.new(key, Themis::Scell::CONTEXT_IMPRINT_MODE)
New objects have compatible API and no further changes in the code base should be required. However, you may wish to revisit
decrypt
calls for Token Protect.Simpler Token Protect API
Token Protect mode now accepts encrypted data and token as separate arguments instead of requiring an array.
Unicode considerations
Master keys are always binary data. RbThemis ignores their encoding and always uses raw key bytes as is.
Passphrases are usually provided as text. In this case passphrase will be encoded in UTF-8 for compatibility with other Themis platforms. If you need a different encoding, please use
encoding:
optional argument, for example:Binary passphrases are also accepted. If the passphrase encoding is
BINARY
then it is used as is, without any conversion.Technical notes
Initially a slightly different syntax was planned:
It had a noble idea of maintaining similarity with other languages which do not have named arguments. However, after updating tests and examples this syntax came off as unnatural. It also does not provide any value (it's even longer!) and we are not constrained by compatibility, like in Python.
Furthermore, in Ruby you import the entire module so
Themis::SCellSealPassphrase
class is visible. Other languages may require an awkward import to useSCellSealPassphrase
name, but in Ruby you can use it right away.Checklist