Merge branch 'master' into internal_serde

NeitherSound · Jun 13, 2017 · 0ddc34c · 0ddc34c
2 parents 08ed7f7 + 015b149
commit 0ddc34c
Show file tree

Hide file tree

Showing 8 changed files with 46 additions and 15 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -5,3 +5,7 @@ indent_size = 8
 [Makefile]
 indent_style = tab
 indent_size = 8
+
+[*.yml]
+indent_style = space
+indent_size = 2
diff --git a/.travis.yml b/.travis.yml
@@ -0,0 +1,18 @@
+language: c
+
+os:
+  - linux
+  - osx
+
+compiler:
+  - clang
+  - gcc
+
+addons:
+  apt:
+    packages:
+      - valgrind
+
+script:
+  - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then export MEMCHECK="valgrind -q --leak-check=full --error-exitcode=1"; fi
+  - make && make test
diff --git a/Makefile b/Makefile
@@ -4,15 +4,18 @@ OBJS := ${SRCS:.c=.o}
 
 all: libsss.a
 
-libsss.a: $(OBJS)
+libsss.a: randombytes/librandombytes.a $(OBJS)
 	$(AR) -rcs libsss.a $^
 
+randombytes/librandombytes.a:
+	$(MAKE) -C randombytes librandombytes.a
+
 # Force unrolling loops on hazmat.c
 hazmat.o: CFLAGS += -funroll-loops
 
-%.out: %.o
+%.out: %.o randombytes/librandombytes.a
 	$(CC) -o $@ $(CFLAGS) $(LDFLAGS) $^ $(LOADLIBES) $(LDLIBS)
-	valgrind -q --leak-check=full --error-exitcode=1 ./$@
+	$(MEMCHECK) ./$@
 
 test_hazmat.out: $(filter-out hazmat.o,$(OBJS))
 test_sss.out: $(OBJS)
@@ -23,4 +26,5 @@ test: test_hazmat.out test_serialize.out test_sss.out
 
 .PHONY: clean
 clean:
+	$(MAKE) -C randombytes $@
 	$(RM) *.o *.gch *.a *.out
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 `sss` is a library that exposes an API to split secret data buffers into
 a number of different _shares_. With the posession of some or all of these
-shares, the original secret can be restored. It's basiscly a *double-key*
+shares, the original secret can be restored. It's essentially a *double-key*
 system, but then cryptograpically.
 
 An example use case is a beer brewery which has a vault which conains their
@@ -23,7 +23,9 @@ With this in mind, I have made this library to:
 - Secure secret with a MAC
 - Use the platform (OS) randomness source
 
-It should be safe to use this library in "the real world".
+It should be safe to use this library in "the real world", but note that until
+the release of version 1.0 the API may be changed without backward
+compatibility.
 
 ## Usage
 

diff --git a/hazmat.c b/hazmat.c
@@ -19,7 +19,6 @@
 
 
 #include "hazmat.h"
-#include "tweetnacl.h"
 #include <assert.h>
 #include <string.h>
 

diff --git a/sss.c b/sss.c
@@ -13,8 +13,10 @@
  */
 
 
+#include "randombytes/randombytes.h"
 #include "tweetnacl.h"
 #include "sss.h"
+#include "tweetnacl.h"
 #include <assert.h>
 #include <string.h>
 
@@ -39,15 +41,19 @@ static const unsigned char nonce[crypto_secretbox_NONCEBYTES] = { 0 };
  * Create `n` shares with theshold `k` and write them to `out`
  */
 void sss_create_shares(sss_Share *out, const unsigned char *data,
-	               uint8_t n, uint8_t k, const unsigned char key[32])
+                       uint8_t n, uint8_t k)
 {
+	unsigned char key[32];
 	unsigned char m[crypto_secretbox_ZEROBYTES + sss_MLEN] = { 0 };
 	unsigned long long mlen = sizeof(m); /* length includes zero-bytes */
 	unsigned char c[mlen];
 	int tmp;
 	sss_Keyshare keyshares[n];
 	size_t idx;
 
+	/* Generate a random encryption key */
+	randombytes(key, sizeof(key));
+
 	/* AEAD encrypt the data with the key */
 	memcpy(&m[crypto_secretbox_ZEROBYTES], data, sss_MLEN);
 	tmp = crypto_secretbox(c, m, mlen, nonce, key);

diff --git a/sss.h b/sss.h
@@ -50,8 +50,7 @@ typedef uint8_t sss_Share[sss_SHARE_LEN];
 void sss_create_shares(sss_Share *out,
                        const uint8_t *data,
                        uint8_t n,
-                       uint8_t k,
-                       const uint8_t random_bytes[32]);
+                       uint8_t k);
 
 
 /*

diff --git a/test_sss.c b/test_sss.c
@@ -4,30 +4,29 @@
 
 int main()
 {
-	uint8_t data[sss_MLEN] = { 42 }, restored[sss_MLEN];
-	uint8_t key[32] = { 0 };
+	unsigned char data[sss_MLEN] = { 42 }, restored[sss_MLEN];
 	sss_Share shares[256];
 	int tmp;
 
 	/* Normal operation */
-	sss_create_shares(shares, data, 1, 1, key);
+	sss_create_shares(shares, data, 1, 1);
 	tmp = sss_combine_shares(restored, shares, 1);
 	assert(tmp == 0);
 	assert(memcmp(restored, data, sss_MLEN) == 0);
 
 	/* A lot of shares */
-	sss_create_shares(shares, data, 255, 255, key);
+	sss_create_shares(shares, data, 255, 255);
 	tmp = sss_combine_shares(restored, shares, 255);
 	assert(tmp == 0);
 	assert(memcmp(restored, data, sss_MLEN) == 0);
 
 	/* Not enough shares to restore secret */
-	sss_create_shares(shares, data, 100, 100, key);
+	sss_create_shares(shares, data, 100, 100);
 	tmp = sss_combine_shares(restored, shares, 99);
 	assert(tmp == -1);
 
 	/* Too many secrets should also restore the secret */
-	sss_create_shares(shares, data, 200, 100, key);
+	sss_create_shares(shares, data, 200, 100);
 	tmp = sss_combine_shares(restored, shares, 200);
 	assert(tmp == 0);
 	assert(memcmp(restored, data, sss_MLEN) == 0);