Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple changes #81

Merged
merged 96 commits into from
Jun 3, 2019
Merged

Multiple changes #81

merged 96 commits into from
Jun 3, 2019

Conversation

awnumar
Copy link
Owner

@awnumar awnumar commented Mar 22, 2019
edited
Loading

  • Refactoring of functionality into core package.
  • Addition of Enclave objects which store encrypted data.
  • Rewrite of signals handling. Should make implementing further data catching much easier.
  • Rewrite and simplification of the API.
  • Addition of examples package.
  • Patched data races in interrupt handling functionality.
  • Conceal mapped memory from core dumps on OpenBSD.
  • Additional functionality added such as safe panicking.
  • Disable core dumps by default. Users that want them can enable themselves.
  • Use local entropy pool for fast random bytes reading.
  • Use a variable sized canary value with 32 <= len(canary) <= ~pagesize.
  • Other optimisations and improvements.
  • ...

Awn and others added 30 commits April 29, 2018 14:53
dep: update dependencies (#63)
cac0cdf
Add a SafePanic function and utilise it internally. (#64)
3ae890c
dep: update dependencies (#66)
5ec962c
Security and performance optimisations. (#69)
d3bf118 
The drawbacks outweighed the pros.

Also, #59 has been modified given developments in the Go compiler.
Add subclave objects for internal handling of secure values. (#70)
9abde37
Update PGP key information. (#71)
8acaac0
breaking: rename container and buffer method (#67)
49bc077 
* Rename LockedBuffer to Enclave

* Rename container Buffer method to Bytes.
patch: use safepanic (#72)
2dba739
Encrypting secrets in memory (#73)
a49bd97
feature: add Grow function (#74)
b1d7783 
* Add resizing methods.

* Resizing methods are redundant. Keep functions.
Merge branch 'master' of github.com:awnumar/memguard into development
c29eede
dep: update dependencies
8c302f0
Attain mutex before copying data. (#76)
c1a6cc7
crypto: copy explicitly in memscr
dc5ad70
mutex: attain read-only locks where possible
abad9de
safety: destroy global prot vals on safe exit
6874d21
dep: update
76f2d94
patchset-1 (0.16.0)
11332a3
Rewrite and refactor. Core functionality moved to submodule. Many fix…
fbef9a3 
…es and improvements. Todo: re-write frontend
patch: fix logical errors in memcall package
7dea5a7
@awnumar
api: ported data representation api and implemented basic seal/open f…
a6ccf28 
…unctionality in frontend

Still need to write tests.
@awnumar
Missing stuff?
0fbce73
@awnumar
Update AppVeyor config to fix PATH issue
930aef5
@awnumar
Port a bunch more things. Still need to work on Enclaves and writing …
5583953 
…tests and examples and docs.
@awnumar
patch: remove unused arguments
9ab9bcc
@awnumar
Add enclave constructor
c08ed50
@awnumar
example: add socket system that passes around a key
ddc06e8
@awnumar
patch: add mutex around randomness source
5e31ccd
@awnumar
ci: fix not running tests on windows and run examples as part of test…
b3fa772 
… suite
@awnumar
refactor: move buffer related functions into method fold
5ec2b2f
@awnumar
Copy link
Owner Author

awnumar commented May 17, 2019

An important little change that was slipped in 61e6b4f is that NewBuffer returns a mutable container whereas NewBufferFromBytes and NewBufferRandom return immutable ones. Also Enclaves decrypt to immutable LockedBuffers.

@awnumar awnumar mentioned this pull request May 26, 2019
Closed
@awnumar
Copy link
Owner Author

awnumar commented May 30, 2019

I'm tentatively considering this ready to merge. Eyes on the code would be appreciated.

@capnspacehook
Copy link
Contributor

I can take a look at all the changes this weekend

@capnspacehook
Copy link
Contributor

Any reason you removed clone and resize?

@awnumar
Copy link
Owner Author

awnumar commented May 30, 2019
edited
Loading

Clone was removed because of API bloat and I don't want to encourage the duplication of sensitive information. It's fairly easy to recreate its functionality:

b := NewBuffer(8)
c := NewBuffer(b.Size())
c.Copy(b.Bytes())
c.Freeze() // optional

Resize required some important decisions to be made regarding mutability and data, decisions that the programmer should probably make themselves. Again the functionality is easy to recreate:

b := NewBuffer(8)
c := NewBuffer(new_size)
c.Copy(b.Bytes())
b.Destroy()

I'm thinking of a way to implement streaming into and out of Enclaves which should reduce the need for Resize. (Resize was posed as a solution to #68 originally.)

Do you consider these to be necessary components of the API?

@capnspacehook
Copy link
Contributor

I don't consider Clone or Resize to be necessary at all, the reasons you have for removing them are very good ones I think. I was just curious about your reasoning.

I do think while I wouldn't consider it essential, streaming would be nice to have.

Repository owner deleted a comment May 31, 2019
Repository owner deleted a comment May 31, 2019
Repository owner deleted a comment May 31, 2019
@awnumar awnumar merged commit 0799fe7 into master Jun 3, 2019
@awnumar awnumar deleted the development branch June 3, 2019 15:04
@nikoo28 nikoo28 mentioned this pull request Jul 19, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
api-change feature needs-review patch performance security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@awnumar @capnspacehook @cjsnitker