ereOn / csodium

A standalone libsodium interface.
GNU General Public License v3.0
12 stars 1 forks source link

Secure Memory (Feature Request) #5

Open steamraven opened 7 years ago

steamraven commented 7 years ago

libsodium provides a mechanism for secure memory. However, they are expensive. They are much slower than a standard malloc. They also allocate 3-4 pages of memory (12kb-16kb) per call. Plus, most os have a limit on the amount of memory that can be locked.

Since secure memory is so expensive, I don't think we can use it for all allocations. One option is to pass output buffers to the functions:

def crypto_box_keypair(pk_out=None, sk_out=None):
    if pk_out is None:
        pk_out = bytearray(crypto_box_PUBLICKEYBYTES)
    else:
        _assert_len('pk_out', pk_out, crypto_box_PUBLICKEYBYTES)

But this would change the current API.

What are your thoughts? Is it worth it?

ereOn commented 7 years ago

@steamraven I like that idea.

A first idea would perhaps be to provide an alternate function that takes mandatory output parameters. The current functions could be changed to use the new ones internally and allocate secure memory by default.

A second idea could be to pass an allocator of some sort to the function (which would have a default value of bytearray) and use that allocator to create the output buffers.

Let me know what you think.

steamraven commented 7 years ago

There are a lot of functions, and I think creating new ones would unnecessarily bloat the API. I do like your idea of allocators though. Similar to the c++ Stdlib.

Currently, byte arrays are allocated, passed to libsodium, then converted to bytes. This means two methods. In addition, the key pair functions generate two buffers with very different requirements: a public key and a secret key.

So I see three methods for the interface:

Most functions would use .malloc(). The key pair would use malloc for the secret and public_malloc for the public key.

I can mock up some code and you can tell me what you think.

FYI, I have a couple more commits coming: Documentation for all functions Helper functions Key exchange (diffie helman) Password hashing