Fix initial version of cardano-crypto-wallet#667
Conversation
10741b8 to
610e241
Compare
872ca24 to
b3d5405
Compare
|
@perturbing and @disassembler, this PR is ready for review |
disassembler
left a comment
There was a problem hiding this comment.
I integrated this and confirmed that I can migrate from pbkdf2-hmac-sha512 to argon2id-v2.
perturbing
left a comment
There was a problem hiding this comment.
A few remarks regarding names and testing.
Also, I think that there are 3 places where we do not properly clear private material in cardano-crypto-wallet/cbits/encrypted_sign.c
- in
add_left(); thezl8buffer contains the scalar material but is never cleared - Similarly in
add_left_public() xchacha20poly1305_decrypt(): An edge case that should not happen, but if decrypt succeeds butplen != UNENCRYPTED_KEY_SIZEit will error without clearingsecret_to_decrypt.
|
Fixed:
Fixed:
This one is not correct, since GHC's RTS will trigger libsodium functionality for memory clearing when
|
03a779d to
4aeaf67
Compare
|
@perturbing Addressed all comments |
…crypto_ to ccw_" This reverts commit cc5f867.
This properly fixes scoping and async exception handling for decrypting `KeyMaterial` Also rename `encryptedChangePass` -> `encryptedChangePassphrase` for consistency with `encryptedValidatePassphrase`
Also introduce a more descriptive `mkEncryptedKey` function that deprecates `encryptedKey`
Extracting `SecretKey` construction outside, makes resource allocation in `bracket` much cheaper, which is absolutely what we want for proper async exception handling
* `ekey` -> `skey` * `ENCRYPTED_KEY_SIZE` -> `UNENCRYPTED_KEY_SIZE` It was incorrectly named, since secret key in that structure is not encrypted
There was a totally unnecessary allocation of key material legacy struct
Also rename `encrypted_key` -> `key_material` f
There was need to make a copy of the full `KeyMaterial` into MLocked memory, which is scarce, just to validate public key against a secret key
We also need to make sure that tag is fully set to zero, since it doesn't look like the full overwrite is guaranteed.
4aeaf67 to
dac6117
Compare
Description
This is a PR that fixes initial version of
cardano-crypto-walletthat was added in #653 and reverts #666Collection of issues that is fixed:
integer overflows in multiple places
interface that promoted leakage of EncryptedKey and no guarantees for finalization
incorrect usage of
crypto_aead_xchacha20poly1305_ietf_encrypt. Libsodium API specified:while previous implementation assumed exact number of bytes, not at most
Reduction in number of redundant arguments passed to C
Remove redundant allocations
Improve type safety of the implementation
Ensure that the salt size is static at the type level and not customizable with
KdfParamsDrop duplicate values from the
EnvelopeExpose all safe parts of the implementation as public API
Reduce duplication in the test suite
Checklist
CHANGELOG.mdfor the affected packages.New section is never added with the code changes. (See RELEASING.md)
.cabalandCHANGELOG.mdfiles according to theversioning process.
.cabalfiles for all affected packages are updated.If you change the bounds in a cabal file, that package itself must have a version increase. (See RELEASING.md)