seal box works

asimihsan · asimihsan · commit 9047a1a8b140 · 2020-06-20T22:15:37.000-07:00
diff --git a/example/lib/main.dart b/example/lib/main.dart
@@ -15,22 +15,39 @@ class MyApp extends StatefulWidget {
 
 class _MyAppState extends State<MyApp> {
   final wrapper = LibsodiumWrapper();
+  final String serverPublicKeyBase64Encoded = "lKSTP8K5YQoHMZOn2+mTLunP3yMgqN1O8GyaqRvHbQE=";
+  final plaintextController = TextEditingController();
 
   String _sodiumVersion = 'Unknown Sodium Version';
+  String _encryptedData = '';
 
   @override
   void initState() {
     super.initState();
     getSodiumVersion();
   }
 
+  @override
+  void dispose() {
+    plaintextController.dispose();
+    super.dispose();
+  }
+
   Future<void> getSodiumVersion() async {
     final sodiumVersion = await compute(getSodiumVersionString, wrapper);
     setState(() {
       _sodiumVersion = sodiumVersion;
     });
   }
 
+  Future<void> encryptData(final String plaintext) async {
+    final encryptedData = await compute(
+        cryptoBoxSeal, CryptoBoxSealCall(wrapper, serverPublicKeyBase64Encoded, plaintext));
+    setState(() {
+      _encryptedData = encryptedData;
+    });
+  }
+
   @override
   Widget build(BuildContext context) {
     return MaterialApp(
@@ -39,7 +56,35 @@ class _MyAppState extends State<MyApp> {
           title: const Text('Plugin example app'),
         ),
         body: Center(
-          child: Text('Using libsodium: $_sodiumVersion', key: Key('version')),
+          child: Column(
+            children: [
+              Text('Using libsodium: $_sodiumVersion', key: Key('version')),
+              TextField(
+                decoration: InputDecoration(
+                  border: OutlineInputBorder(),
+                  labelText: 'Text to encrypt',
+                ),
+                key: Key('plaintextTextField'),
+                controller: plaintextController,
+              ),
+              SelectableText('Encrypted data: $_encryptedData', key: Key('encryptedData')),
+              FlatButton(
+                color: Colors.blue,
+                textColor: Colors.white,
+                disabledColor: Colors.grey,
+                disabledTextColor: Colors.black,
+                padding: EdgeInsets.all(8.0),
+                splashColor: Colors.blueAccent,
+                onPressed: () async {
+                  encryptData(plaintextController.text);
+                },
+                child: Text(
+                  "Encrypt",
+                  style: TextStyle(fontSize: 20.0),
+                ),
+              )
+            ],
+          ),
         ),
       ),
     );
diff --git a/lib/libsodium_bindings.dart b/lib/libsodium_bindings.dart
@@ -26,3 +26,37 @@ typedef NativeVersionString = Pointer<Utf8> Function();
 typedef VersionString = Pointer<Utf8> Function();
 final VersionString sodiumVersionString =
     libsodium.lookupFunction<NativeVersionString, VersionString>('sodium_version_string');
+
+// IntPtr is sign-extended, but we know size_t is unsigned so that's OK
+// see: https://github.com/dart-lang/sdk/issues/39372
+// see: https://github.com/dart-lang/sdk/issues/36140
+// see: https://github.com/jedisct1/libsodium/blob/927dfe8/src/libsodium/crypto_secretbox/crypto_secretbox.c#L6
+// see: https://github.com/dart-lang/sdk/blob/48f7636798260bcf84bab46fd3c92102c508e959/runtime/tools/dartfuzz/dartfuzz_ffi_api.dart
+typedef NativeReturnSizeT = IntPtr Function();
+
+final int Function() crypto_box_SEALBYTES =
+    libsodium.lookup<NativeFunction<NativeReturnSizeT>>('crypto_box_sealbytes').asFunction();
+
+// libsodium uses canary pages, guard pages, memory locking, and fills malloc'd memory with a
+// specific byte pattern [1]. Whenever allocating memory in order to interact with libsodium
+// we prefer to use libsodium's sodium_malloc and sodium_free.
+//
+// [1] https://doc.libsodium.org/memory_management
+typedef Malloc = Pointer<Uint8> Function(int size);
+typedef NativeMalloc = Pointer<Uint8> Function(IntPtr size);
+final Malloc sodiumMalloc = libsodium.lookupFunction<NativeMalloc, Malloc>('sodium_malloc');
+
+// https://doc.libsodium.org/memory_management
+typedef Free = void Function(Pointer<Uint8> ptr);
+typedef NativeFree = Void Function(Pointer<Uint8> ptr);
+final Free sodiumFree = libsodium.lookupFunction<NativeFree, Free>('sodium_free');
+
+// https://doc.libsodium.org/public-key_cryptography/sealed_boxes
+//  int crypto_box_seal(unsigned char *c, const unsigned char *m,
+//                      unsigned long long mlen, const unsigned char *pk);
+typedef CryptoBoxSeal = int Function(
+    Pointer<Uint8> c, Pointer<Uint8> m, int mlen, Pointer<Uint8> pk);
+typedef NativeCryptoBoxSeal = Int32 Function(
+    Pointer<Uint8> c, Pointer<Uint8> m, Uint64 mlen, Pointer<Uint8> pk);
+final CryptoBoxSeal cryptoBoxSeal =
+    libsodium.lookupFunction<NativeCryptoBoxSeal, CryptoBoxSeal>('crypto_box_seal');
diff --git a/lib/libsodium_wrapper.dart b/lib/libsodium_wrapper.dart
@@ -1,3 +1,8 @@
+import 'dart:convert';
+import 'dart:ffi';
+import 'dart:io';
+import 'dart:typed_data';
+
 import 'package:ffi/ffi.dart';
 import 'package:flutter_libsodium/libsodium_bindings.dart' as bindings;
 
@@ -19,6 +24,75 @@ class LibsodiumWrapper {
   String sodiumVersionString() {
     return Utf8.fromUtf8(bindings.sodiumVersionString());
   }
+
+  // https://doc.libsodium.org/public-key_cryptography/sealed_boxes
+  String cryptoBoxSeal(final String recipientPublicKeyBase64Encoded, final String plaintext) {
+    final int cryptoBoxSealBytes = bindings.crypto_box_SEALBYTES();
+    final cLength = plaintext.length + cryptoBoxSealBytes;
+    final c = bindings.sodiumMalloc(cLength);
+    final m = plaintext.toUint8Pointer();
+    final Uint8List recipientPublicKey = base64.decode(recipientPublicKeyBase64Encoded);
+    final pk = recipientPublicKey.toPointer();
+    try {
+      bindings.cryptoBoxSeal(c, m, plaintext.length, pk);
+      final Uint8List result = c.toList(cLength);
+      return base64.encode(result);
+    } finally {
+      bindings.sodiumFree(c);
+      bindings.sodiumFree(m);
+      bindings.sodiumFree(pk);
+    }
+  }
 }
 
 String getSodiumVersionString(final LibsodiumWrapper wrapper) => wrapper.sodiumVersionString();
+
+// Can't pass more than one argument via compute, so use a custom object instead.
+//
+// See: https://github.com/flutter/flutter/issues/34540
+// See: https://stackoverflow.com/questions/54074857/send-multiple-arguments-to-the-compute-function-in-flutter
+class CryptoBoxSealCall {
+  final LibsodiumWrapper wrapper;
+  final String recipientPublicKeyBase64Encoded;
+  final String plaintext;
+
+  CryptoBoxSealCall(this.wrapper, this.recipientPublicKeyBase64Encoded, this.plaintext);
+}
+
+String cryptoBoxSeal(final CryptoBoxSealCall call) =>
+    call.wrapper.cryptoBoxSeal(call.recipientPublicKeyBase64Encoded, call.plaintext);
+
+extension Uint8PointerExtensions on Pointer<Uint8> {
+  Uint8List toList(int length) {
+    final builder = BytesBuilder();
+    for (int i = 0; i < length; i++) {
+      builder.addByte(this[i]);
+    }
+    return builder.takeBytes();
+  }
+}
+
+extension Uint8ListExtensions on Uint8List {
+  Pointer<Uint8> toPointer() {
+    if (this == null) {
+      return Pointer<Uint8>.fromAddress(0);
+    }
+    final p = bindings.sodiumMalloc(this.length);
+    final pList = p.asTypedList(this.length);
+    pList.setAll(0, this);
+    return p;
+  }
+}
+
+extension StringExtensions on String {
+  Pointer<Uint8> toUint8Pointer() {
+    if (this == null) {
+      return Pointer<Uint8>.fromAddress(0);
+    }
+    final units = utf8.encode(this);
+    final Pointer<Uint8> result = bindings.sodiumMalloc(units.length);
+    final Uint8List nativeString = result.asTypedList(units.length);
+    nativeString.setAll(0, units);
+    return result;
+  }
+}
