From 0652143f15275825f94d56657e5b10e5045b7093 Mon Sep 17 00:00:00 2001 From: WingZer0o Date: Sat, 8 Mar 2025 19:34:15 -0500 Subject: [PATCH 1/6] changes to ed25519 update --- Cargo.toml | 2 +- src/digital_signature.rs | 208 +++++++++++++++++++-------------- src/ed25519.rs | 170 ++++++++++++++++----------- src/password_hashers/argon2.rs | 8 +- src/password_hashers/bcrypt.rs | 2 +- src/password_hashers/scrypt.rs | 2 +- 6 files changed, 235 insertions(+), 157 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index a5e6dd9..f6a77ed 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,4 +14,4 @@ crate-type = ["dylib"] [dependencies] libc = "0.2.146" -cas-lib = "0.2.6" \ No newline at end of file +cas-lib = {path = "./../cas-lib"} \ No newline at end of file diff --git a/src/digital_signature.rs b/src/digital_signature.rs index 29bf0ab..b91cea9 100644 --- a/src/digital_signature.rs +++ b/src/digital_signature.rs @@ -18,9 +18,9 @@ pub struct SHARSADigitalSignatureResult { #[repr(C)] pub struct SHAED25519DalekDigitalSignatureResult { - pub public_key: *mut c_uchar, + pub public_key: *mut u8, pub public_key_length: usize, - pub signature_raw_ptr: *mut c_uchar, + pub signature_raw_ptr: *mut u8, pub signature_length: usize, } @@ -65,10 +65,11 @@ pub extern "C" fn sha_512_rsa_digital_signature_threadpool( if rsa_key_size != 1024 && rsa_key_size != 2048 && rsa_key_size != 4096 { panic!("Not a valid RSA key length"); } - let result = ::digital_signature_rsa_threadpool( - rsa_key_size as u32, - data_to_sign_slice, - ); + let result = + ::digital_signature_rsa_threadpool( + rsa_key_size as u32, + data_to_sign_slice, + ); let mut signed_data = result.signature; let capacity = signed_data.capacity(); signed_data.reserve_exact(capacity); @@ -123,10 +124,11 @@ pub extern "C" fn sha_256_rsa_digital_signature_threadpool( if rsa_key_size != 1024 && rsa_key_size != 2048 && rsa_key_size != 4096 { panic!("Not a valid RSA key length"); } - let result = ::digital_signature_rsa_threadpool( - rsa_key_size as u32, - data_to_sign_slice, - ); + let result = + ::digital_signature_rsa_threadpool( + rsa_key_size as u32, + data_to_sign_slice, + ); let mut signed_data = result.signature; let capacity = signed_data.capacity(); signed_data.reserve_exact(capacity); @@ -280,26 +282,29 @@ pub extern "C" fn sha512_ed25519_digital_signature( let data_to_sign_slice = unsafe { assert!(!data_to_sign.is_null()); std::slice::from_raw_parts(data_to_sign, data_length) - } - .to_vec(); + }; let result = ::digital_signature_ed25519( data_to_sign_slice, ); - let mut public_key = result.public_key; - let public_key_capacity = public_key.capacity(); - public_key.reserve_exact(public_key_capacity); - let mut signature = result.signature; - let signature_capacity = signature.capacity(); - signature.reserve_exact(signature_capacity); + let public_key = result.public_key; + let public_key_pair_ptr = unsafe { + let ptr = libc::malloc(public_key.len()) as *mut u8; + std::ptr::copy_nonoverlapping(public_key.as_ptr(), ptr, public_key.len()); + ptr + }; + let signature = result.signature; + let signature_ptr = unsafe { + let ptr = libc::malloc(signature.len()) as *mut u8; + std::ptr::copy_nonoverlapping(signature.as_ptr(), ptr, signature.len()); + ptr + }; let result = SHAED25519DalekDigitalSignatureResult { - public_key: public_key.as_mut_ptr(), + public_key: public_key_pair_ptr, public_key_length: public_key.len(), - signature_raw_ptr: signature.as_mut_ptr(), + signature_raw_ptr: signature_ptr, signature_length: signature.len(), }; - std::mem::forget(public_key); - std::mem::forget(signature); result } @@ -311,26 +316,29 @@ pub extern "C" fn sha512_ed25519_digital_signature_threadpool( let data_to_sign_slice = unsafe { assert!(!data_to_sign.is_null()); std::slice::from_raw_parts(data_to_sign, data_length) - } - .to_vec(); + }; let result = ::digital_signature_ed25519_threadpool( data_to_sign_slice, ); - let mut public_key = result.public_key; - let public_key_capacity = public_key.capacity(); - public_key.reserve_exact(public_key_capacity); - let mut signature = result.signature; - let signature_capacity = signature.capacity(); - signature.reserve_exact(signature_capacity); + let public_key = result.public_key; + let public_key_pair_ptr = unsafe { + let ptr = libc::malloc(public_key.len()) as *mut u8; + std::ptr::copy_nonoverlapping(public_key.as_ptr(), ptr, public_key.len()); + ptr + }; + let signature = result.signature; + let signature_ptr = unsafe { + let ptr = libc::malloc(signature.len()) as *mut u8; + std::ptr::copy_nonoverlapping(signature.as_ptr(), ptr, signature.len()); + ptr + }; let result = SHAED25519DalekDigitalSignatureResult { - public_key: public_key.as_mut_ptr(), + public_key: public_key_pair_ptr, public_key_length: public_key.len(), - signature_raw_ptr: signature.as_mut_ptr(), + signature_raw_ptr: signature_ptr, signature_length: signature.len(), }; - std::mem::forget(public_key); - std::mem::forget(signature); result } @@ -342,26 +350,29 @@ pub extern "C" fn sha256_ed25519_digital_signature( let data_to_sign_slice = unsafe { assert!(!data_to_sign.is_null()); std::slice::from_raw_parts(data_to_sign, data_length) - } - .to_vec(); + }; let result = ::digital_signature_ed25519( data_to_sign_slice, ); - let mut public_key = result.public_key; - let public_key_capacity = public_key.capacity(); - public_key.reserve_exact(public_key_capacity); - let mut signature = result.signature; - let signature_capacity = signature.capacity(); - signature.reserve_exact(signature_capacity); + let public_key = result.public_key; + let public_key_pair_ptr = unsafe { + let ptr = libc::malloc(public_key.len()) as *mut u8; + std::ptr::copy_nonoverlapping(public_key.as_ptr(), ptr, public_key.len()); + ptr + }; + let signature = result.signature; + let signature_ptr = unsafe { + let ptr = libc::malloc(signature.len()) as *mut u8; + std::ptr::copy_nonoverlapping(signature.as_ptr(), ptr, signature.len()); + ptr + }; let result = SHAED25519DalekDigitalSignatureResult { - public_key: public_key.as_mut_ptr(), + public_key: public_key_pair_ptr, public_key_length: public_key.len(), - signature_raw_ptr: signature.as_mut_ptr(), + signature_raw_ptr: signature_ptr, signature_length: signature.len(), }; - std::mem::forget(public_key); - std::mem::forget(signature); result } @@ -373,18 +384,13 @@ pub extern "C" fn sha256_ed25519_digital_signature_threadpool( let data_to_sign_slice = unsafe { assert!(!data_to_sign.is_null()); std::slice::from_raw_parts(data_to_sign, data_length) - } - .to_vec(); + }; let result = ::digital_signature_ed25519_threadpool( data_to_sign_slice, ); let mut public_key = result.public_key; - let public_key_capacity = public_key.capacity(); - public_key.reserve_exact(public_key_capacity); let mut signature = result.signature; - let signature_capacity = signature.capacity(); - signature.reserve_exact(signature_capacity); let result = SHAED25519DalekDigitalSignatureResult { public_key: public_key.as_mut_ptr(), public_key_length: public_key.len(), @@ -407,19 +413,24 @@ pub extern "C" fn sha512_ed25519_digital_signature_verify( ) -> bool { let public_key_slice = unsafe { assert!(!public_key.is_null()); - std::slice::from_raw_parts(public_key, public_key_length) - } - .to_vec(); + assert!(public_key_length == 32, "Public key must be 32 key bytes"); + let slice = std::slice::from_raw_parts(public_key, public_key_length); + let mut array = [0u8; 32]; + array.copy_from_slice(slice); + array + }; let data_to_verify_slice = unsafe { assert!(!data_to_verify.is_null()); std::slice::from_raw_parts(data_to_verify, data_to_verify_length) - } - .to_vec(); + }; let signature_slice = unsafe { assert!(!signature.is_null()); - std::slice::from_raw_parts(signature, signature_length) - } - .to_vec(); + assert!(public_key_length == 64, "Signature must be 64 key bytes"); + let slice = std::slice::from_raw_parts(signature, signature_length); + let mut array = [0u8; 64]; + array.copy_from_slice(slice); + array + }; let result = ::digital_signature_ed25519_verify(public_key_slice, data_to_verify_slice, signature_slice); result } @@ -435,19 +446,24 @@ pub extern "C" fn sha512_ed25519_digital_signature_verify_threadpool( ) -> bool { let public_key_slice = unsafe { assert!(!public_key.is_null()); - std::slice::from_raw_parts(public_key, public_key_length) - } - .to_vec(); + assert!(public_key_length == 32, "Public key must be 32 key bytes"); + let slice = std::slice::from_raw_parts(public_key, public_key_length); + let mut array = [0u8; 32]; + array.copy_from_slice(slice); + array + }; let data_to_verify_slice = unsafe { assert!(!data_to_verify.is_null()); std::slice::from_raw_parts(data_to_verify, data_to_verify_length) - } - .to_vec(); + }; let signature_slice = unsafe { assert!(!signature.is_null()); - std::slice::from_raw_parts(signature, signature_length) - } - .to_vec(); + assert!(public_key_length == 64, "Signature must be 64 key bytes"); + let slice = std::slice::from_raw_parts(signature, signature_length); + let mut array = [0u8; 64]; + array.copy_from_slice(slice); + array + }; let result = ::digital_signature_ed25519_verify_threadpool(public_key_slice, data_to_verify_slice, signature_slice); result } @@ -463,19 +479,30 @@ pub extern "C" fn sha256_ed25519_digital_signature_verify( ) -> bool { let public_key_slice = unsafe { assert!(!public_key.is_null()); - std::slice::from_raw_parts(public_key, public_key_length) - } - .to_vec(); + assert!( + public_key_length == 32, + "Public key must be 32 byes in length" + ); + let slice = std::slice::from_raw_parts(public_key, public_key_length); + let mut array = [0u8; 32]; + array.copy_from_slice(slice); + array + }; let data_to_verify_slice = unsafe { assert!(!data_to_verify.is_null()); std::slice::from_raw_parts(data_to_verify, data_to_verify_length) - } - .to_vec(); + }; let signature_slice = unsafe { assert!(!signature.is_null()); - std::slice::from_raw_parts(signature, signature_length) - } - .to_vec(); + assert!( + signature_length == 64, + "Signature must be 64 byes in length" + ); + let slice = std::slice::from_raw_parts(signature, signature_length); + let mut array = [0u8; 64]; + array.copy_from_slice(slice); + array + }; let result = ::digital_signature_ed25519_verify(public_key_slice, data_to_verify_slice, signature_slice); result } @@ -491,19 +518,30 @@ pub extern "C" fn sha256_ed25519_digital_signature_verify_threadpool( ) -> bool { let public_key_slice = unsafe { assert!(!public_key.is_null()); - std::slice::from_raw_parts(public_key, public_key_length) - } - .to_vec(); + assert!( + public_key_length == 32, + "Public Key must be 32 bytes in length" + ); + let slice = std::slice::from_raw_parts(public_key, public_key_length); + let mut array = [0u8; 32]; + array.copy_from_slice(slice); + array + }; let data_to_verify_slice = unsafe { assert!(!data_to_verify.is_null()); std::slice::from_raw_parts(data_to_verify, data_to_verify_length) - } - .to_vec(); + }; let signature_slice = unsafe { assert!(!signature.is_null()); - std::slice::from_raw_parts(signature, signature_length) - } - .to_vec(); + assert!( + signature_length == 64, + "Signature must be 64 bytes in length" + ); + let slice = std::slice::from_raw_parts(signature, signature_length); + let mut array = [0u8; 64]; + array.copy_from_slice(slice); + array + }; let result = ::digital_signature_ed25519_verify_threadpool(public_key_slice, data_to_verify_slice, signature_slice); result -} \ No newline at end of file +} diff --git a/src/ed25519.rs b/src/ed25519.rs index 5625c33..e60c7b6 100644 --- a/src/ed25519.rs +++ b/src/ed25519.rs @@ -1,43 +1,49 @@ use cas_lib::signatures::ed25519::{ed25519_sign_with_key_pair, ed25519_sign_with_key_pair_threadpool, ed25519_verify_with_key_pair, ed25519_verify_with_key_pair_threadpool, ed25519_verify_with_public_key, ed25519_verify_with_public_key_threadpool, get_ed25519_key_pair, get_ed25519_key_pair_threadpool}; -use libc::c_uchar; +use libc::{c_uchar, printf}; #[repr(C)] pub struct Ed25519KeyPairBytesResult { - key_pair: *mut c_uchar, + key_pair: *mut u8, length: usize, } #[repr(C)] pub struct Ed25519ByteSignatureResult { - pub signature_byte_ptr: *mut c_uchar, + pub signature_byte_ptr: *mut u8, pub signature_length: usize, - pub public_key: *mut c_uchar, + pub public_key: *mut u8, pub public_key_length: usize, } #[no_mangle] pub extern "C" fn get_ed25519_key_pair_bytes() -> Ed25519KeyPairBytesResult { - let mut keypair = get_ed25519_key_pair(); - let capacity = keypair.capacity(); - keypair.reserve_exact(capacity); + let keypair = get_ed25519_key_pair(); + let len = keypair.len(); + let key_pair_ptr = unsafe { + let ptr = libc::malloc(len) as *mut u8; + std::ptr::copy_nonoverlapping(keypair.as_ptr(), ptr, len); + ptr + }; let result = Ed25519KeyPairBytesResult { length: keypair.len(), - key_pair: keypair.as_mut_ptr(), + key_pair: key_pair_ptr, }; - std::mem::forget(keypair); result } #[no_mangle] pub extern "C" fn get_ed25519_key_pair_bytes_threadpool() -> Ed25519KeyPairBytesResult { - let mut keypair = get_ed25519_key_pair_threadpool(); - let capacity = keypair.capacity(); - keypair.reserve_exact(capacity); + let keypair = get_ed25519_key_pair_threadpool(); + let len = keypair.len(); + let key_pair_ptr = unsafe { + let ptr = libc::malloc(len) as *mut u8; + std::ptr::copy_nonoverlapping(keypair.as_ptr(), ptr, len); + ptr + }; let result = Ed25519KeyPairBytesResult { length: keypair.len(), - key_pair: keypair.as_mut_ptr(), + key_pair: key_pair_ptr, }; - std::mem::forget(keypair); result } @@ -58,29 +64,35 @@ pub extern "C" fn sign_with_key_pair_bytes( ) -> Ed25519ByteSignatureResult { let key_pair_slice = unsafe { assert!(!key_pair.is_null()); - std::slice::from_raw_parts(key_pair, key_pair_length) - } - .to_vec(); + assert!(key_pair_length == 32, "Key pair must be 32 bytes"); + let slice = std::slice::from_raw_parts(key_pair, key_pair_length); + let mut array = [0u8; 32]; + array.copy_from_slice(slice); + array + }; let message_to_sign_slice = unsafe { assert!(!message_to_sign.is_null()); std::slice::from_raw_parts(message_to_sign, message_to_sign_length) - } - .to_vec(); + }; let result = ed25519_sign_with_key_pair(key_pair_slice, message_to_sign_slice); - let mut public_key = result.public_key; - let public_key_capacity = public_key.capacity(); - public_key.reserve_exact(public_key_capacity); - let mut signature = result.signature; - let siganture_capacity = signature.capacity(); - signature.reserve_exact(siganture_capacity); + let public_key = result.public_key; + let signature = result.signature; + let public_key_pointer = unsafe { + let ptr = libc::malloc(public_key.len()) as *mut u8; + std::ptr::copy_nonoverlapping(public_key.as_ptr(), ptr, public_key.len()); + ptr + }; + let signature_pointer = unsafe { + let ptr = libc::malloc(signature.len()) as *mut u8; + std::ptr::copy_nonoverlapping(signature.as_ptr(), ptr, signature.len()); + ptr + }; let result = Ed25519ByteSignatureResult { - signature_byte_ptr: signature.as_mut_ptr(), + signature_byte_ptr: signature_pointer, signature_length: signature.len(), - public_key: public_key.as_mut_ptr(), + public_key: public_key_pointer, public_key_length: public_key.len(), }; - std::mem::forget(public_key); - std::mem::forget(signature); result } @@ -93,29 +105,25 @@ pub extern "C" fn sign_with_key_pair_bytes_threadpool( ) -> Ed25519ByteSignatureResult { let key_pair_slice = unsafe { assert!(!key_pair.is_null()); - std::slice::from_raw_parts(key_pair, key_pair_length) - } - .to_vec(); + assert!(key_pair_length == 32, "Key pair must be 32 bytes in length"); + let slice = std::slice::from_raw_parts(key_pair, key_pair_length); + let mut array = [0u8; 32]; + array.copy_from_slice(slice); + array + }; let message_to_sign_slice = unsafe { assert!(!message_to_sign.is_null()); std::slice::from_raw_parts(message_to_sign, message_to_sign_length) - } - .to_vec(); + }; let result = ed25519_sign_with_key_pair_threadpool(key_pair_slice, message_to_sign_slice); let mut public_key = result.public_key; - let public_key_capacity = public_key.capacity(); - public_key.reserve_exact(public_key_capacity); let mut signature = result.signature; - let siganture_capacity = signature.capacity(); - signature.reserve_exact(siganture_capacity); let result = Ed25519ByteSignatureResult { signature_byte_ptr: signature.as_mut_ptr(), signature_length: signature.len(), public_key: public_key.as_mut_ptr(), public_key_length: public_key.len(), }; - std::mem::forget(public_key); - std::mem::forget(signature); result } @@ -147,16 +155,24 @@ pub extern "C" fn verify_with_key_pair_bytes( ) -> bool { let key_pair_slice = unsafe { assert!(!key_pair.is_null()); - std::slice::from_raw_parts(key_pair, key_pair_length) - }.to_vec(); + assert!(key_pair_length == 32, "Key pair length must be 32 bytes"); + let slice = std::slice::from_raw_parts(key_pair, key_pair_length); + let mut array = [0u8; 32]; + array.copy_from_slice(slice); + array + }; let signature_slice = unsafe { assert!(!signature.is_null()); - std::slice::from_raw_parts(signature, signature_length) - }.to_vec(); + assert!(signature_length == 64, "Key pair length must be 64 bytes"); + let slice = std::slice::from_raw_parts(signature, signature_length); + let mut array = [0u8; 64]; + array.copy_from_slice(slice); + array + }; let message_slice = unsafe { assert!(!message.is_null()); std::slice::from_raw_parts(message, message_length) - }.to_vec(); + }; return ed25519_verify_with_key_pair(key_pair_slice, signature_slice, message_slice); } @@ -169,18 +185,26 @@ pub extern "C" fn verify_with_key_pair_bytes_threadpool( message: *const c_uchar, message_length: usize, ) -> bool { - let key_pair_slice = unsafe { + let key_pair_slice: [u8; 32] = unsafe { assert!(!key_pair.is_null()); - std::slice::from_raw_parts(key_pair, key_pair_length) - }.to_vec(); + assert!(key_pair_length == 32, "Key pair length must be 32 bytes"); + let slice = std::slice::from_raw_parts(key_pair, key_pair_length); + let mut array = [0u8; 32]; + array.copy_from_slice(slice); + array + }; let signature_slice = unsafe { assert!(!signature.is_null()); - std::slice::from_raw_parts(signature, signature_length) - }.to_vec(); + assert!(key_pair_length == 64, "Signature length must be 64 bytes"); + let slice = std::slice::from_raw_parts(signature, signature_length); + let mut array = [0u8; 64]; + array.copy_from_slice(slice); + array + }; let message_slice = unsafe { assert!(!message.is_null()); std::slice::from_raw_parts(message, message_length) - }.to_vec(); + }; return ed25519_verify_with_key_pair_threadpool(key_pair_slice, signature_slice, message_slice); } @@ -214,18 +238,26 @@ pub extern "C" fn verify_with_public_key_bytes( message: *const c_uchar, message_length: usize, ) -> bool { - let public_key_slice = unsafe { + let public_key_slice: [u8; 32] = unsafe { assert!(!public_key.is_null()); - std::slice::from_raw_parts(public_key, public_key_length) - }.to_vec(); - let signature_slice = unsafe { + assert!(public_key_length == 32); + let slice = std::slice::from_raw_parts(public_key, public_key_length); + let mut array = [0u8; 32]; + array.copy_from_slice(slice); + array + }; + let signature_slice: [u8; 64] = unsafe { assert!(!signature.is_null()); - std::slice::from_raw_parts(signature, signature_length) - }.to_vec(); + assert!(signature_length == 64, "Signature slice must be 64 bytes"); + let slice = std::slice::from_raw_parts(signature, signature_length); + let mut array = [0u8; 64]; + array.copy_from_slice(slice); + array + }; let message_slice = unsafe { assert!(!message.is_null()); std::slice::from_raw_parts(message, message_length) - }.to_vec(); + }; return ed25519_verify_with_public_key(public_key_slice, signature_slice, message_slice); } @@ -238,18 +270,26 @@ pub extern "C" fn verify_with_public_key_bytes_threadpool( message: *const c_uchar, message_length: usize, ) -> bool { - let public_key_slice = unsafe { + let public_key_slice: [u8; 32] = unsafe { assert!(!public_key.is_null()); - std::slice::from_raw_parts(public_key, public_key_length) - }.to_vec(); - let signature_slice = unsafe { + assert!(public_key_length == 32, "Public key length must be 64 bytes"); + let slice = std::slice::from_raw_parts(public_key, public_key_length); + let mut array = [0u8; 32]; + array.copy_from_slice(slice); + array + }; + let signature_slice: [u8; 64] = unsafe { assert!(!signature.is_null()); - std::slice::from_raw_parts(signature, signature_length) - }.to_vec(); + assert!(public_key_length == 64, "Signature Slice must be 32 bytes"); + let slice = std::slice::from_raw_parts(signature, signature_length); + let mut array = [0u8; 64]; + array.copy_from_slice(slice); + array + }; let message_slice = unsafe { assert!(!message.is_null()); std::slice::from_raw_parts(message, message_length) - }.to_vec(); + }; return ed25519_verify_with_public_key_threadpool(public_key_slice, signature_slice, message_slice); } diff --git a/src/password_hashers/argon2.rs b/src/password_hashers/argon2.rs index d8dabd4..9847683 100644 --- a/src/password_hashers/argon2.rs +++ b/src/password_hashers/argon2.rs @@ -18,7 +18,7 @@ pub extern "C" fn argon2_verify(hashed_pass: *const c_char, password: *const c_c .to_str() .unwrap() .to_string(); - return ::verify_password(hashed_password, password_to_verify); + return CASArgon::verify_password(hashed_password, password_to_verify); } #[test] @@ -52,7 +52,7 @@ pub extern "C" fn argon2_verify_threadpool(hashed_pass: *const c_char, password: .to_str() .unwrap() .to_string(); - let result: bool = ::verify_password_threadpool(hashed_pass_string, password_string); + let result: bool = CASArgon::verify_password_threadpool(hashed_pass_string, password_string); result } @@ -79,7 +79,7 @@ pub extern "C" fn argon2_hash(pass_to_hash: *const c_char) -> *mut c_char { .to_str() .unwrap() .to_string(); - let new_hash = ::hash_password(password); + let new_hash = CASArgon::hash_password(password); let password_hash = CString::new(new_hash).unwrap().into_raw(); return password_hash; } @@ -105,7 +105,7 @@ pub extern "C" fn argon2_hash_threadpool(pass_to_hash: *const c_char) -> *mut c_ .to_str() .unwrap() .to_string(); - let new_hash = ::hash__password_threadpool(password); + let new_hash = CASArgon::hash_password_threadpool(password); let result = CString::new(new_hash).unwrap().into_raw(); result } diff --git a/src/password_hashers/bcrypt.rs b/src/password_hashers/bcrypt.rs index 2badb80..b49bd91 100644 --- a/src/password_hashers/bcrypt.rs +++ b/src/password_hashers/bcrypt.rs @@ -39,7 +39,7 @@ pub extern "C" fn bcrypt_hash_threadpool(pass_to_hash: *const c_char) -> *mut c_ .to_str() .unwrap() .to_string(); - let new_hash = ::hash__password_threadpool(string_pass); + let new_hash = ::hash_password_threadpool(string_pass); return CString::new(new_hash).unwrap().into_raw(); } diff --git a/src/password_hashers/scrypt.rs b/src/password_hashers/scrypt.rs index 2273222..ae25fb1 100644 --- a/src/password_hashers/scrypt.rs +++ b/src/password_hashers/scrypt.rs @@ -37,7 +37,7 @@ pub extern "C" fn scrypt_hash_threadpool(pass_to_hash: *const c_char) -> *mut c_ .to_str() .unwrap() .to_string(); - let new_hash = ::hash__password_threadpool(string_pass); + let new_hash = ::hash_password_threadpool(string_pass); return CString::new(new_hash).unwrap().into_raw(); } From 00e73b79fcee540244643f7440cf3d0a8d9a8ef3 Mon Sep 17 00:00:00 2001 From: Mike Mulchrone Date: Sat, 8 Mar 2025 20:15:38 -0500 Subject: [PATCH 2/6] version bump --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index f6a77ed..1387dc2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,4 +14,4 @@ crate-type = ["dylib"] [dependencies] libc = "0.2.146" -cas-lib = {path = "./../cas-lib"} \ No newline at end of file +cas-lib = "0.2.44" \ No newline at end of file From 5a2c30d36220fadd32fff238c90d7ee95c05c38e Mon Sep 17 00:00:00 2001 From: Mike Mulchrone Date: Sat, 8 Mar 2025 21:08:18 -0500 Subject: [PATCH 3/6] pointer fixes --- src/digital_signature.rs | 48 +++++++++++++++++++++++----------------- src/ed25519.rs | 22 +++++++++++++----- 2 files changed, 44 insertions(+), 26 deletions(-) diff --git a/src/digital_signature.rs b/src/digital_signature.rs index b91cea9..9de4105 100644 --- a/src/digital_signature.rs +++ b/src/digital_signature.rs @@ -355,18 +355,18 @@ pub extern "C" fn sha256_ed25519_digital_signature( ::digital_signature_ed25519( data_to_sign_slice, ); - let public_key = result.public_key; - let public_key_pair_ptr = unsafe { - let ptr = libc::malloc(public_key.len()) as *mut u8; - std::ptr::copy_nonoverlapping(public_key.as_ptr(), ptr, public_key.len()); - ptr - }; - let signature = result.signature; - let signature_ptr = unsafe { - let ptr = libc::malloc(signature.len()) as *mut u8; - std::ptr::copy_nonoverlapping(signature.as_ptr(), ptr, signature.len()); - ptr - }; + let public_key = result.public_key; + let public_key_pair_ptr = unsafe { + let ptr = libc::malloc(public_key.len()) as *mut u8; + std::ptr::copy_nonoverlapping(public_key.as_ptr(), ptr, public_key.len()); + ptr + }; + let signature = result.signature; + let signature_ptr = unsafe { + let ptr = libc::malloc(signature.len()) as *mut u8; + std::ptr::copy_nonoverlapping(signature.as_ptr(), ptr, signature.len()); + ptr + }; let result = SHAED25519DalekDigitalSignatureResult { public_key: public_key_pair_ptr, public_key_length: public_key.len(), @@ -389,16 +389,24 @@ pub extern "C" fn sha256_ed25519_digital_signature_threadpool( ::digital_signature_ed25519_threadpool( data_to_sign_slice, ); - let mut public_key = result.public_key; - let mut signature = result.signature; + let public_key = result.public_key; + let public_key_pair_ptr = unsafe { + let ptr = libc::malloc(public_key.len()) as *mut u8; + std::ptr::copy_nonoverlapping(public_key.as_ptr(), ptr, public_key.len()); + ptr + }; + let signature = result.signature; + let signature_ptr = unsafe { + let ptr = libc::malloc(signature.len()) as *mut u8; + std::ptr::copy_nonoverlapping(signature.as_ptr(), ptr, signature.len()); + ptr + }; let result = SHAED25519DalekDigitalSignatureResult { - public_key: public_key.as_mut_ptr(), + public_key: public_key_pair_ptr, public_key_length: public_key.len(), - signature_raw_ptr: signature.as_mut_ptr(), + signature_raw_ptr: signature_ptr, signature_length: signature.len(), }; - std::mem::forget(public_key); - std::mem::forget(signature); result } @@ -425,7 +433,7 @@ pub extern "C" fn sha512_ed25519_digital_signature_verify( }; let signature_slice = unsafe { assert!(!signature.is_null()); - assert!(public_key_length == 64, "Signature must be 64 key bytes"); + assert!(signature_length == 64, "Signature must be 64 key bytes"); let slice = std::slice::from_raw_parts(signature, signature_length); let mut array = [0u8; 64]; array.copy_from_slice(slice); @@ -458,7 +466,7 @@ pub extern "C" fn sha512_ed25519_digital_signature_verify_threadpool( }; let signature_slice = unsafe { assert!(!signature.is_null()); - assert!(public_key_length == 64, "Signature must be 64 key bytes"); + assert!(signature_length == 64, "Signature must be 64 key bytes"); let slice = std::slice::from_raw_parts(signature, signature_length); let mut array = [0u8; 64]; array.copy_from_slice(slice); diff --git a/src/ed25519.rs b/src/ed25519.rs index e60c7b6..a7012bf 100644 --- a/src/ed25519.rs +++ b/src/ed25519.rs @@ -116,12 +116,22 @@ pub extern "C" fn sign_with_key_pair_bytes_threadpool( std::slice::from_raw_parts(message_to_sign, message_to_sign_length) }; let result = ed25519_sign_with_key_pair_threadpool(key_pair_slice, message_to_sign_slice); - let mut public_key = result.public_key; - let mut signature = result.signature; + let public_key = result.public_key; + let signature = result.signature; + let public_key_pointer = unsafe { + let ptr = libc::malloc(public_key.len()) as *mut u8; + std::ptr::copy_nonoverlapping(public_key.as_ptr(), ptr, public_key.len()); + ptr + }; + let signature_pointer = unsafe { + let ptr = libc::malloc(signature.len()) as *mut u8; + std::ptr::copy_nonoverlapping(signature.as_ptr(), ptr, signature.len()); + ptr + }; let result = Ed25519ByteSignatureResult { - signature_byte_ptr: signature.as_mut_ptr(), + signature_byte_ptr: public_key_pointer, signature_length: signature.len(), - public_key: public_key.as_mut_ptr(), + public_key: signature_pointer, public_key_length: public_key.len(), }; result @@ -195,7 +205,7 @@ pub extern "C" fn verify_with_key_pair_bytes_threadpool( }; let signature_slice = unsafe { assert!(!signature.is_null()); - assert!(key_pair_length == 64, "Signature length must be 64 bytes"); + assert!(signature_length == 64, "Signature length must be 64 bytes"); let slice = std::slice::from_raw_parts(signature, signature_length); let mut array = [0u8; 64]; array.copy_from_slice(slice); @@ -280,7 +290,7 @@ pub extern "C" fn verify_with_public_key_bytes_threadpool( }; let signature_slice: [u8; 64] = unsafe { assert!(!signature.is_null()); - assert!(public_key_length == 64, "Signature Slice must be 32 bytes"); + assert!(signature_length == 64, "Signature Slice must be 32 bytes"); let slice = std::slice::from_raw_parts(signature, signature_length); let mut array = [0u8; 64]; array.copy_from_slice(slice); From f0a1ec641a0821f3bceac502ede172749716afc8 Mon Sep 17 00:00:00 2001 From: Mike Mulchrone Date: Sat, 8 Mar 2025 21:23:00 -0500 Subject: [PATCH 4/6] fixing ed25519 --- src/ed25519.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ed25519.rs b/src/ed25519.rs index a7012bf..08b0e4c 100644 --- a/src/ed25519.rs +++ b/src/ed25519.rs @@ -129,9 +129,9 @@ pub extern "C" fn sign_with_key_pair_bytes_threadpool( ptr }; let result = Ed25519ByteSignatureResult { - signature_byte_ptr: public_key_pointer, + signature_byte_ptr: signature_pointer, signature_length: signature.len(), - public_key: signature_pointer, + public_key: public_key_pointer, public_key_length: public_key.len(), }; result From 7cb95bcf85a90feeb93f6670b6162de8573f0478 Mon Sep 17 00:00:00 2001 From: WingZer0o Date: Tue, 11 Mar 2025 19:50:51 -0400 Subject: [PATCH 5/6] argon2 key deriviation --- src/lib.rs | 1 + src/password_hashers/argon2.rs | 48 +++++++++++++++++++++++++++++++++- src/password_hashers/types.rs | 7 +++++ 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 src/password_hashers/types.rs diff --git a/src/lib.rs b/src/lib.rs index b9919a2..8b0f9a9 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -12,6 +12,7 @@ mod zstd; mod hpke; pub mod password_hashers { + mod types; pub mod argon2; pub mod scrypt; pub mod bcrypt; diff --git a/src/password_hashers/argon2.rs b/src/password_hashers/argon2.rs index 9847683..ad13a98 100644 --- a/src/password_hashers/argon2.rs +++ b/src/password_hashers/argon2.rs @@ -1,5 +1,51 @@ use std::ffi::{c_char, CStr, CString}; -use cas_lib::password_hashers::{argon2::CASArgon, cas_password_hasher::CASPasswordHasher}; +use cas_lib::password_hashers::argon2::CASArgon; + +use super::types::Argon2KDFAes128; + +#[no_mangle] +pub extern "C" fn argon2_derive_aes_128_key(hashed_password: *const c_char) -> [u8] { + let hashed_password_bytes = unsafe { + assert!(!hashed_password.is_null()); + CStr::from_ptr(hashed_password) + } + .to_str() + .unwrap() + .as_bytes(); + let key: [u8; 16] = CASArgon::derive_aes_128_key(hashed_password_bytes); + let key_ptr = unsafe { + let ptr = libc::malloc(key.len()) as *mut u8; + std::ptr::copy_nonoverlapping(key.as_ptr(), ptr, key.len()); + ptr + }; + let result = Argon2KDFAes128 { + key: key_ptr, + length: key.len() + }; + result +} + +#[no_mangle] +pub extern "C" fn argon2_derive_aes_256_key(hashed_password: *const c_char) -> Argon2KDFAes128 { + let hashed_password_bytes = unsafe { + assert!(!hashed_password.is_null()); + CStr::from_ptr(hashed_password) + } + .to_str() + .unwrap() + .as_bytes(); + let key: [u8; 32] = CASArgon::derive_aes_256_key(hashed_password_bytes); + let key_ptr = unsafe { + let ptr = libc::malloc(key.len()) as *mut u8; + std::ptr::copy_nonoverlapping(key.as_ptr(), ptr, key.len()); + ptr + }; + let result = Argon2KDFAes128 { + key: key_ptr, + length: key.len() + }; + result +} #[no_mangle] pub extern "C" fn argon2_verify(hashed_pass: *const c_char, password: *const c_char) -> bool { diff --git a/src/password_hashers/types.rs b/src/password_hashers/types.rs new file mode 100644 index 0000000..79d81be --- /dev/null +++ b/src/password_hashers/types.rs @@ -0,0 +1,7 @@ +use std::ffi::c_uchar; + +#[repr(C)] +pub struct Argon2KDFAes128 { + pub key: *mut c_uchar, + pub length: usize, +} \ No newline at end of file From c8e9049ebb60cae7ac20ef5f2d5c19014396ed11 Mon Sep 17 00:00:00 2001 From: Mike Mulchrone Date: Tue, 11 Mar 2025 19:54:32 -0400 Subject: [PATCH 6/6] argon2 key deriviation --- Cargo.toml | 2 +- src/password_hashers/argon2.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 1387dc2..5f7c271 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,4 +14,4 @@ crate-type = ["dylib"] [dependencies] libc = "0.2.146" -cas-lib = "0.2.44" \ No newline at end of file +cas-lib = "0.2.45" \ No newline at end of file diff --git a/src/password_hashers/argon2.rs b/src/password_hashers/argon2.rs index ad13a98..1bb9301 100644 --- a/src/password_hashers/argon2.rs +++ b/src/password_hashers/argon2.rs @@ -4,7 +4,7 @@ use cas_lib::password_hashers::argon2::CASArgon; use super::types::Argon2KDFAes128; #[no_mangle] -pub extern "C" fn argon2_derive_aes_128_key(hashed_password: *const c_char) -> [u8] { +pub extern "C" fn argon2_derive_aes_128_key(hashed_password: *const c_char) -> Argon2KDFAes128{ let hashed_password_bytes = unsafe { assert!(!hashed_password.is_null()); CStr::from_ptr(hashed_password)